Fix/website mdx (#2433)

.github/workflows/ci.yml

@@ -55,12 +55,12 @@ jobs:
             target: runtime
             context: rust
             build-args: |
-              PACKAGE=relay
+              PACKAGE=firezone-relay
           - image_name: client
             target: runtime
             context: rust
             build-args: |
-              PACKAGE=firezone-headless-client
+              PACKAGE=firezone-linux-client
           - image_name: elixir
             target: compiler
             context: elixir

.github/workflows/rust.yml

@@ -47,9 +47,9 @@ jobs:
         # TODO: https://github.com/rust-lang/cargo/issues/5220
         include:
           - runs-on: ubuntu-20.04
-            packages: -p firezone-headless-client -p firezone-gateway -p connlib-client-android
+            packages: -p firezone-linux-client -p firezone-gateway -p connlib-client-android
           - runs-on: ubuntu-22.04
-            packages: -p firezone-headless-client -p firezone-gateway -p connlib-client-android
+            packages: -p firezone-linux-client -p firezone-gateway -p connlib-client-android
           - runs-on: macos-12
             packages: -p connlib-client-apple
           - runs-on: macos-13

docker-compose.yml

@@ -113,8 +113,8 @@ services:
 
   client:
     environment:
-      FZ_URL: "ws://api:8081/"
-      FZ_SECRET: "SFMyNTY.g2gDaAN3CGlkZW50aXR5bQAAACQ3ZGE3ZDFjZC0xMTFjLTQ0YTctYjVhYy00MDI3YjlkMjMwZTVtAAAAIBn8Xu1jtFlxZxp4ZvAz0f0QEN2PZThA-7awHMPxn_tHbgYAbLRvQokBYgHhM38.pM-prhb7uvvCVKf51-tAUMEtMzLPZk1n3nLsY44dGFA"
+      PORTAL_URL: "ws://api:8081/"
+      PORTAL_TOKEN: "SFMyNTY.g2gDaAN3CGlkZW50aXR5bQAAACQ3ZGE3ZDFjZC0xMTFjLTQ0YTctYjVhYy00MDI3YjlkMjMwZTVtAAAAIBn8Xu1jtFlxZxp4ZvAz0f0QEN2PZThA-7awHMPxn_tHbgYAbLRvQokBYgHhM38.pM-prhb7uvvCVKf51-tAUMEtMzLPZk1n3nLsY44dGFA"
       RUST_LOG: firezone_headless_client=trace,connlib_client_shared=trace,firezone_tunnel=trace,connlib_shared=trace,warn
     build:
       context: rust
@@ -122,7 +122,7 @@ services:
       cache_from:
         - type=registry,ref=us-east1-docker.pkg.dev/firezone-staging/firezone/cache/client:main
       args:
-        PACKAGE: firezone-headless-client
+        PACKAGE: firezone-linux-client
     image: us-east1-docker.pkg.dev/firezone-staging/firezone/client:${VERSION:-main}
     dns:
       - 100.100.111.1
@@ -148,8 +148,8 @@ services:
     healthcheck:
       test: ["CMD-SHELL", "ip link | grep tun-firezone"]
     environment:
-      FZ_URL: "ws://api:8081/"
-      FZ_SECRET: "SFMyNTY.g2gDaAJtAAAAJDNjZWYwNTY2LWFkZmQtNDhmZS1hMGYxLTU4MDY3OTYwOGY2Zm0AAABAamp0enhSRkpQWkdCYy1vQ1o5RHkyRndqd2FIWE1BVWRwenVScjJzUnJvcHg3NS16bmhfeHBfNWJUNU9uby1yYm4GAEC0b0KJAWIAAVGA.9Oirn9t8rvQpfOhW7hwGBFVzeMm9di0xYGTlwf9cFFk"
+      PORTAL_URL: "ws://api:8081/"
+      PORTAL_TOKEN: "SFMyNTY.g2gDaAJtAAAAJDNjZWYwNTY2LWFkZmQtNDhmZS1hMGYxLTU4MDY3OTYwOGY2Zm0AAABAamp0enhSRkpQWkdCYy1vQ1o5RHkyRndqd2FIWE1BVWRwenVScjJzUnJvcHg3NS16bmhfeHBfNWJUNU9uby1yYm4GAEC0b0KJAWIAAVGA.9Oirn9t8rvQpfOhW7hwGBFVzeMm9di0xYGTlwf9cFFk"
       RUST_LOG: firezone_gateway=trace,connlib_gateway_shared=trace,firezone_tunnel=trace,connlib_shared=trace,warn
       ENABLE_MASQUERADE: 1
     build:
@@ -199,7 +199,7 @@ services:
       PUBLIC_IP6_ADDR: fcff:3990:3990::101
       LOWEST_PORT: 55555
       HIGHEST_PORT: 55666
-      PORTAL_WS_URL: "ws://api:8081/"
+      PORTAL_URL: "ws://api:8081/"
       PORTAL_TOKEN: "SFMyNTY.g2gDaAJtAAAAJDcyODZiNTNkLTA3M2UtNGM0MS05ZmYxLWNjODQ1MWRhZDI5OW0AAABARVg3N0dhMEhLSlVWTGdjcE1yTjZIYXRkR25mdkFEWVFyUmpVV1d5VHFxdDdCYVVkRVUzbzktRmJCbFJkSU5JS24GAFSzb0KJAWIAAVGA.waeGE26tbgkgIcMrWyck0ysv9SHIoHr0zqoM3wao84M"
       RUST_LOG: "debug"
       RUST_BACKTRACE: 1
@@ -209,10 +209,10 @@ services:
       cache_from:
         - type=registry,ref=us-east1-docker.pkg.dev/firezone-staging/firezone/cache/relay:main
       args:
-        PACKAGE: relay
+        PACKAGE: firezone-relay
     image: us-east1-docker.pkg.dev/firezone-staging/firezone/relay:${VERSION:-main}
     healthcheck:
-      test: ["CMD-SHELL", "lsof -i UDP | grep relay"]
+      test: ["CMD-SHELL", "lsof -i UDP | grep firezone-relay"]
       start_period: 20s
       interval: 30s
       retries: 5

rust/Cargo.lock

@@ -1275,7 +1275,7 @@ dependencies = [
 ]
 
 [[package]]
-name = "firezone-headless-client"
+name = "firezone-linux-client"
 version = "1.20231001.0"
 dependencies = [
  "anyhow",
@@ -1287,6 +1287,48 @@ dependencies = [
  "tracing-subscriber",
 ]
 
+[[package]]
+name = "firezone-relay"
+version = "1.20231001.0"
+dependencies = [
+ "anyhow",
+ "axum",
+ "base64 0.21.4",
+ "bytecodec",
+ "bytes",
+ "clap",
+ "derive_more",
+ "difference",
+ "env_logger",
+ "futures",
+ "hex",
+ "hex-literal",
+ "once_cell",
+ "opentelemetry",
+ "opentelemetry-otlp",
+ "opentelemetry_api",
+ "phoenix-channel",
+ "proptest",
+ "rand",
+ "redis",
+ "secrecy",
+ "serde",
+ "sha2",
+ "socket2 0.5.4",
+ "stun_codec",
+ "test-strategy",
+ "tokio",
+ "tracing",
+ "tracing-core",
+ "tracing-opentelemetry 0.21.0",
+ "tracing-stackdriver",
+ "tracing-subscriber",
+ "trackable 1.3.0",
+ "url",
+ "uuid",
+ "webrtc",
+]
+
 [[package]]
 name = "firezone-tunnel"
 version = "1.20231001.0"
@@ -2816,48 +2858,6 @@ version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da"
 
-[[package]]
-name = "relay"
-version = "1.20231001.0"
-dependencies = [
- "anyhow",
- "axum",
- "base64 0.21.4",
- "bytecodec",
- "bytes",
- "clap",
- "derive_more",
- "difference",
- "env_logger",
- "futures",
- "hex",
- "hex-literal",
- "once_cell",
- "opentelemetry",
- "opentelemetry-otlp",
- "opentelemetry_api",
- "phoenix-channel",
- "proptest",
- "rand",
- "redis",
- "secrecy",
- "serde",
- "sha2",
- "socket2 0.5.4",
- "stun_codec",
- "test-strategy",
- "tokio",
- "tracing",
- "tracing-core",
- "tracing-opentelemetry 0.21.0",
- "tracing-stackdriver",
- "tracing-subscriber",
- "trackable 1.3.0",
- "url",
- "uuid",
- "webrtc",
-]
-
 [[package]]
 name = "reqwest"
 version = "0.11.22"

rust/Cargo.toml

@@ -6,7 +6,7 @@ members = [
   "connlib/shared",
   "connlib/tunnel",
   "gateway",
-  "headless-client",
+  "linux-client",
   "headless-utils",
   "phoenix-channel",
   "relay",
@@ -27,7 +27,7 @@ connlib-client-android = { path = "connlib/clients/android"}
 connlib-client-apple = { path = "connlib/clients/apple"}
 connlib-client-shared = { path = "connlib/clients/shared"}
 firezone-gateway = { path = "gateway"}
-firezone-headless-client = { path = "headless-client"}
+firezone-linux-client = { path = "linux-client"}
 headless-utils = { path = "headless-utils"}
 connlib-shared = { path = "connlib/shared"}
 firezone-tunnel = { path = "connlib/tunnel"}

rust/gateway/README.md

@@ -0,0 +1,32 @@
+# gateway
+
+This crate houses the Firezone gateway.
+
+## Building
+
+You can build the gateway using: `cargo build --release --bin firezone-gateway`
+
+You should then find a binary in `target/release/firezone-gateway`.
+
+## Running
+
+To run the gateway:
+
+```
+firezone-gateway --portal_token <portal_token>
+```
+
+where `portal_token` is the token shown when creating a gateway group in the
+Firezone admin portal.
+
+If you're running as an unprivileged user, you'll need the `CAP_NET_ADMIN`
+capability to open `/dev/net/tun`. You can add this to the gateway binary with:
+
+```
+sudo setcap 'cap_net_admin+eip' /path/to/firezone-gateway
+```
+
+### Ports
+
+The gateway requires no open ports. Connections automatically traverse NAT with
+STUN/TURN via the [relay](../relay).

rust/gateway/src/main.rs

@@ -24,8 +24,8 @@ async fn main() -> Result<()> {
 
     let (connect_url, private_key) = login_url(
         Mode::Gateway,
-        cli.common.url,
-        SecretString::new(cli.common.secret),
+        cli.common.portal_url,
+        SecretString::new(cli.common.portal_token),
         get_device_id(),
     )?;
     let tunnel = Arc::new(Tunnel::new(private_key, CallbackHandler).await?);

rust/headless-utils/src/lib.rs

@@ -21,13 +21,18 @@ where
     tracing::subscriber::set_global_default(subscriber).expect("Could not set global default");
 }
 
-/// Arguments common to all headless FZ apps.
+/// Arguments common to all Firezone binaries.
 #[derive(Args, Clone)]
 pub struct CommonArgs {
-    /// Portal's websocket url
-    #[arg(short, long, env = "FZ_URL")]
-    pub url: Url,
-    /// Service token
-    #[arg(short, long, env = "FZ_SECRET")]
-    pub secret: String,
+    /// Firezone admin portal websocket URL
+    #[arg(
+        short,
+        long,
+        env = "PORTAL_URL",
+        default_value = "wss://api.firezone.dev"
+    )]
+    pub portal_url: Url,
+    /// Token generated by the portal to authorize websocket connection.
+    #[arg(short, long, env = "PORTAL_TOKEN")]
+    pub portal_token: String,
 }

rust/linux-client/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "firezone-headless-client"
+name = "firezone-linux-client"
 # mark:automatic-version
 version = "1.20231001.0"
 edition = "2021"

rust/linux-client/README.md

@@ -0,0 +1,28 @@
+# linux-client
+
+This crate houses the Firezone linux client.
+
+## Building
+
+You can build the linux client using:
+`cargo build --release --bin firezone-linux-client`
+
+You should then find a binary in `target/release/firezone-linux-client`.
+
+## Running
+
+To run the linux client:
+
+```
+firezone-linux-client --portal_token <portal_token>
+```
+
+where `portal_token` is the token shown when creating a client group in the
+Firezone admin portal.
+
+If you're running as an unprivileged user, you'll need the `CAP_NET_ADMIN`
+capability to open `/dev/net/tun`. You can add this to the client binary with:
+
+```
+sudo setcap 'cap_net_admin+eip' /path/to/firezone-linux-client
+```

rust/linux-client/src/main.rs

@@ -14,8 +14,8 @@ fn main() -> Result<()> {
     let device_id = get_device_id();
 
     let mut session = Session::connect(
-        cli.common.url,
-        SecretString::from(cli.common.secret),
+        cli.common.portal_url,
+        SecretString::from(cli.common.portal_token),
         device_id,
         CallbackHandler { handle },
     )

rust/relay/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "relay"
+name = "firezone-relay"
 # mark:automatic-version
 version = "1.20231001.0"
 edition = "2021"

rust/relay/README.md

@@ -16,28 +16,48 @@ Relaying of data through other means such as DATA frames is not supported.
 
 ## Building
 
-You can build the server using: `cargo build --release --bin relay`
+You can build the relay using: `cargo build --release --bin firezone-relay`
+
+You should then find a binary in `target/release/firezone-relay`.
 
 ## Running
 
-For an up-to-date documentation on the available configurations options and a detailed help text, run `cargo run --bin relay -- --help`.
-All command-line options can be overridden using environment variables.
-Those variables are listed in the `--help` output at the bottom of each command.
+To run the relay:
 
-The relay listens on port `3478`.
-This is the standard port for STUN/TURN and not configurable.
-Additionally, the relay needs to have access to the port range `49152` - `65535` for the allocations.
+```
+firezone-relay --portal_token <portal_token>
+```
 
-## Portal connection
+where `portal_token` is the token shown when creating a Relay in the Firezone
+admin portal.
 
-When given a portal endpoint, the relay will connect to it and wait for an `init` message before commencing relay operations.
+For an up-to-date documentation on the available configurations options and a
+detailed help text, run `cargo run --bin relay -- --help`. All command-line
+options can be overridden using environment variables. Those variables are
+listed in the `--help` output at the bottom of each command.
+
+### Ports
+
+The relay listens on port `3478`. This is the standard port for STUN/TURN and
+not configurable. Additionally, the relay needs to have access to the port range
+`49152` - `65535` for the allocations.
+
+### Portal Connection
+
+When given a `portal_token`, the relay will connect to the Firezone portal
+(default `wss://api.firezone.dev`) and wait for an `init` message before
+commencing relay operations.
 
 ## Design
 
-The relay is designed in a sans-IO fashion, meaning the core components do not cause side effects but operate as pure, synchronous state machines.
-They take in data and emit commands: wake me at this point in time, send these bytes to this peer, etc.
+The relay is designed in a sans-IO fashion, meaning the core components do not
+cause side effects but operate as pure, synchronous state machines. They take in
+data and emit commands: wake me at this point in time, send these bytes to this
+peer, etc.
 
-This allows us to very easily unit-test all kinds of scenarios because all inputs are simple values.
+This allows us to very easily unit-test all kinds of scenarios because all
+inputs are simple values.
 
-The main server runs in a single task and spawns one additional task for each allocation.
-Incoming data that needs to be relayed is forwarded to the main task where it gets authenticated and relayed on success.
+The main server runs in a single task and spawns one additional task for each
+allocation. Incoming data that needs to be relayed is forwarded to the main task
+where it gets authenticated and relayed on success.

rust/relay/run_smoke_test.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-cargo build --package relay --bin relay --example client --example gateway
+cargo build --package firezone-relay --bin firezone-relay --example client --example gateway
 
 cleanup() {
   pkill -P $$ || true # Kill all child-processes of the current process.
@@ -19,11 +19,11 @@ NC=$(echo -e '\033[0m')
 target_directory=$(cargo metadata --format-version 1 | jq -r '.target_directory')
 client="$target_directory/debug/examples/client"
 gateway="$target_directory/debug/examples/gateway"
-relay="$target_directory/debug/relay"
+relay="$target_directory/debug/firezone-relay"
 
 export PUBLIC_IP4_ADDR=127.0.0.1;
 export RNG_SEED=0;
-export RUST_LOG=relay=debug;
+export RUST_LOG=firezone-relay=debug;
 
 # Client and relay run in the background.
 $client 2>&1 | sed "s/^/${RED}[ client]${NC} /" &

rust/relay/src/main.rs

@@ -1,5 +1,9 @@
 use anyhow::{anyhow, bail, Context, Result};
 use clap::Parser;
+use firezone_relay::{
+    AddressFamily, Allocation, AllocationId, Command, IpStack, Server, Sleep, SocketAddrExt,
+    UdpSocket,
+};
 use futures::channel::mpsc;
 use futures::{future, FutureExt, SinkExt, StreamExt};
 use opentelemetry::{sdk, KeyValue};
@@ -7,10 +11,6 @@ use opentelemetry_otlp::WithExportConfig;
 use phoenix_channel::{Error, Event, PhoenixChannel, SecureUrl};
 use rand::rngs::StdRng;
 use rand::{Rng, SeedableRng};
-use relay::{
-    AddressFamily, Allocation, AllocationId, Command, IpStack, Server, Sleep, SocketAddrExt,
-    UdpSocket,
-};
 use secrecy::{Secret, SecretString};
 use std::collections::hash_map::Entry;
 use std::collections::HashMap;
@@ -45,9 +45,9 @@ struct Args {
     /// The highest port used for TURN allocations.
     #[arg(long, env, default_value = "65535")]
     highest_port: u16,
-    /// The websocket URL of the portal server to connect to.
+    /// Firezone admin portal websocket URL
     #[arg(long, env, default_value = "wss://api.firezone.dev")]
-    portal_ws_url: Url,
+    portal_url: Url,
     /// Token generated by the portal to authorize websocket connection.
     ///
     /// If omitted, we won't connect to the portal on startup.
@@ -107,7 +107,7 @@ async fn main() -> Result<()> {
     );
 
     let channel = if let Some(token) = args.portal_token.as_ref() {
-        let base_url = args.portal_ws_url.clone();
+        let base_url = args.portal_url.clone();
         let stamp_secret = server.auth_secret();
 
         let span = tracing::error_span!("connect_to_portal", config_url = %base_url);
@@ -123,7 +123,7 @@ async fn main() -> Result<()> {
 
     let mut eventloop = Eventloop::new(server, channel, public_addr)?;
 
-    tokio::spawn(relay::health_check::serve(args.health_check_addr));
+    tokio::spawn(firezone_relay::health_check::serve(args.health_check_addr));
 
     tracing::info!("Listening for incoming traffic on UDP port 3478");
 

rust/relay/tests/regression.rs

@@ -1,9 +1,9 @@
 use bytecodec::{DecodeExt, EncodeExt};
-use rand::rngs::mock::StepRng;
-use relay::{
+use firezone_relay::{
     AddressFamily, Allocate, AllocationId, Attribute, Binding, ChannelBind, ChannelData,
     ClientMessage, Command, IpStack, Refresh, Server,
 };
+use rand::rngs::mock::StepRng;
 use secrecy::SecretString;
 use std::collections::HashMap;
 use std::iter;
@@ -21,7 +21,7 @@ use Output::{CreateAllocation, FreeAllocation, Wake};
 
 #[proptest]
 fn can_answer_stun_request_from_ip4_address(
-    #[strategy(relay::proptest::binding())] request: Binding,
+    #[strategy(firezone_relay::proptest::binding())] request: Binding,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
 ) {
@@ -41,13 +41,13 @@ fn can_answer_stun_request_from_ip4_address(
 
 #[proptest]
 fn deallocate_once_time_expired(
-    #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let mut server = TestServer::new(public_relay_addr).with_nonce(nonce);
     let secret = server.auth_secret();
@@ -82,12 +82,12 @@ fn deallocate_once_time_expired(
 
 #[proptest]
 fn unauthenticated_allocate_triggers_authentication(
-    #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
 ) {
     // Nonces are generated randomly and we control the randomness in the test, thus this is deterministic.
     let first_nonce = Uuid::from_u128(0x0);
@@ -132,15 +132,15 @@ fn unauthenticated_allocate_triggers_authentication(
 
 #[proptest]
 fn when_refreshed_in_time_allocation_does_not_expire(
-    #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
-    #[strategy(relay::proptest::transaction_id())] refresh_transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime,
-    #[strategy(relay::proptest::allocation_lifetime())] refresh_lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::transaction_id())] refresh_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] refresh_lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let mut server = TestServer::new(public_relay_addr).with_nonce(nonce);
     let secret = server.auth_secret().to_owned();
@@ -209,14 +209,14 @@ fn when_refreshed_in_time_allocation_does_not_expire(
 }
 #[proptest]
 fn when_receiving_lifetime_0_for_existing_allocation_then_delete(
-    #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
-    #[strategy(relay::proptest::transaction_id())] refresh_transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::transaction_id())] refresh_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] allocate_lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let mut server = TestServer::new(public_relay_addr).with_nonce(nonce);
     let secret = server.auth_secret().to_owned();
@@ -288,18 +288,19 @@ fn when_receiving_lifetime_0_for_existing_allocation_then_delete(
 
 #[proptest]
 fn ping_pong_relay(
-    #[strategy(relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
-    #[strategy(relay::proptest::transaction_id())] channel_bind_transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
-    #[strategy(relay::proptest::channel_number())] channel: ChannelNumber,
+    #[strategy(firezone_relay::proptest::transaction_id())] allocate_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::transaction_id())]
+    channel_bind_transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::channel_number())] channel: ChannelNumber,
     source: SocketAddrV4,
     peer: SocketAddrV4,
     public_relay_addr: Ipv4Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
     peer_to_client_ping: [u8; 32],
     client_to_peer_ping: [u8; 32],
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let _ = env_logger::try_init();
 
@@ -377,14 +378,14 @@ fn ping_pong_relay(
 
 #[proptest]
 fn can_make_ipv6_allocation(
-    #[strategy(relay::proptest::transaction_id())] transaction_id: TransactionId,
-    #[strategy(relay::proptest::allocation_lifetime())] lifetime: Lifetime,
-    #[strategy(relay::proptest::username_salt())] username_salt: String,
+    #[strategy(firezone_relay::proptest::transaction_id())] transaction_id: TransactionId,
+    #[strategy(firezone_relay::proptest::allocation_lifetime())] lifetime: Lifetime,
+    #[strategy(firezone_relay::proptest::username_salt())] username_salt: String,
     source: SocketAddrV4,
     public_relay_ip4_addr: Ipv4Addr,
     public_relay_ip6_addr: Ipv6Addr,
-    #[strategy(relay::proptest::now())] now: SystemTime,
-    #[strategy(relay::proptest::nonce())] nonce: Uuid,
+    #[strategy(firezone_relay::proptest::now())] now: SystemTime,
+    #[strategy(firezone_relay::proptest::nonce())] nonce: Uuid,
 ) {
     let mut server =
         TestServer::new((public_relay_ip4_addr, public_relay_ip6_addr)).with_nonce(nonce);

terraform/modules/relay-app/main.tf

@@ -43,7 +43,7 @@ locals {
       value = var.portal_token
     },
     {
-      name  = "PORTAL_WS_URL"
+      name  = "PORTAL_URL"
       value = var.portal_websocket_url
     }
   ], var.application_environment_variables)

website/mdx-components.js

@@ -1,9 +0,0 @@
-// This file is required to use @next/mdx in the `app` directory.
-export function useMDXComponents(components) {
-  return components;
-  // Allows customizing built-in components, e.g. to add styling.
-  // return {
-  //   h1: ({ children }) => <h1 style={{ fontSize: "100px" }}>{children}</h1>,
-  //   ...components,
-  // }
-}

website/mdx-components.tsx

@@ -0,0 +1,7 @@
+import type { MDXComponents } from "mdx/types";
+
+export function useMDXComponents(components: MDXComponents): MDXComponents {
+  return {
+    ...components,
+  };
+}

website/next.config.mjs

@@ -2,7 +2,6 @@
 import nextMDX from "@next/mdx";
 import remarkGfm from "remark-gfm";
 import remarkParse from "remark-parse";
-import remarkRehype from "remark-rehype";
 import rehypeStringify from "rehype-stringify";
 import rehypeHighlight from "rehype-highlight";
 
@@ -41,7 +40,7 @@ const nextConfig = {
       },
     ];
   },
-  pageExtensions: ["js", "jsx", "ts", "tsx", "md", "mdx"],
+  pageExtensions: ["js", "jsx", "md", "mdx", "ts", "tsx"],
   images: {
     dangerouslyAllowSVG: true,
     remotePatterns: [
@@ -64,7 +63,7 @@ const nextConfig = {
 const withMDX = nextMDX({
   extension: /\.mdx?$/,
   options: {
-    remarkPlugins: [remarkGfm, remarkParse, remarkRehype],
+    remarkPlugins: [remarkGfm, remarkParse],
     rehypePlugins: [
       rehypeSlug,
       [

website/package.json

@@ -10,27 +10,27 @@
     "lint": "next lint"
   },
   "dependencies": {
-    "@docsearch/react": "^3.5.1",
+    "@docsearch/react": "^3.5.2",
     "@mdx-js/loader": "^2.3.0",
     "@mdx-js/react": "^2.3.0",
-    "@next/mdx": "^13.4.12",
-    "@types/mdx": "^2.0.5",
+    "@next/mdx": "~13.4.19",
+    "@types/mdx": "^2.0.9",
     "@types/node": "20.2.3",
     "@types/react": "18.2.6",
     "@types/react-dom": "18.2.13",
-    "@types/react-syntax-highlighter": "^15.5.7",
-    "asciinema-player": "^3.5.0",
+    "@types/react-syntax-highlighter": "^15.5.9",
+    "asciinema-player": "^3.6.3",
     "autoprefixer": "10.4.14",
     "fast-xml-parser": "^4.3.2",
     "flowbite": "^1.8.1",
     "flowbite-react": "^0.4.11",
     "highlight.js": "^11.9.0",
     "md5": "^2.3.0",
-    "next": "13.5.5",
+    "next": "~13.4.19",
     "next-hubspot": "^1.1.6",
-    "next-sitemap": "^4.1.8",
+    "next-sitemap": "^4.2.3",
     "postcss": "8.4.31",
-    "posthog-js": "^1.75.2",
+    "posthog-js": "^1.84.0",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "react-fast-marquee": "^1.6.2",
@@ -38,13 +38,12 @@
     "react-markdown": "^8.0.7",
     "react-syntax-highlighter": "^15.5.0",
     "rehype-autolink-headings": "^6.1.1",
-    "rehype-highlight": "^7.0.0",
-    "rehype-slug": "^6.0.0",
-    "rehype-stringify": "^9.0.3",
+    "rehype-highlight": "^6.0.0",
+    "rehype-slug": "^5.1.0",
+    "rehype-stringify": "^10.0.0",
     "remark-gfm": "^3.0.1",
-    "remark-parse": "^11.0.0",
-    "remark-rehype": "^11.0.0",
-    "tailwindcss": "3.3.3"
+    "remark-parse": "^10.0.2",
+    "tailwindcss": "3.3.2"
   },
   "devDependencies": {
     "flowbite-typography": "^1.0.3",