firezone

github-personal/firezone

Fork 0

mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00

Commit Graph

Author	SHA1	Message	Date
Thomas Eizinger	f98c4dd428	fix(gateway): declare hard-dependency on systemd (#10803 ) Several aspects of the Gateway's Debian package depend on `systemd` being present. Without it, we don't have the necessary users and files in place for the Gateway to function. With that specified, we can fail the `postinst` script (and therefore the installation) if anything in there goes wrong.	2025-11-07 14:33:30 +00:00
Thomas Eizinger	89f0af3fd7	fix(gateway): remove exclamation mark from sysusers.conf (#10802 )	2025-11-07 12:21:32 +11:00
Thomas Eizinger	0d2ddd8497	feat(gateway): create debian package (#10537 ) With this PR we add `cargo-deb` to our CI pipeline and build a debian package for the Gateway. The debian package comes with several configuration files that make it easy for admins to start and maintain a Gateway installation: - The embedded systemd unit file is essentially the same one as what we currently install with the install script with some minor modifications. - The token is read from `/etc/firezone/gateway-token` and passed as a systemd credential. This allows us to set the permissions for this file to `0400` and have it owned by `root:root`. - The configuration is read from `/etc/firezone/gateway-env`. - Both of these changes basically mean the user should never need to touch the unit file itself. - The `sysusers` configuration file ensures the `firezone` user and group are present on the system. - The `tmpfiles` configuration file ensures the necessary directories are present. All of the above is automatically installed and configured using the post-installation script which is called by `apt` once the package is installed. In addition to the Gateway, we also package a first version of the `firezone-cli`. Right now, `firezone-cli` (installed as `firezone`) has three subcommands: - `gateway authenticate`: Asks for the Gateway's token and installs it at `/etc/firezone/gateway-token`. The user doesn't have to know how we manage this token and can trust that we are using safe defaults. - `gateway enable`: Enables and starts the systemd service. - `gateway disable`: Disables the systemd service. Right now, the `.deb` file is only uploaded to the preview APT repository and not attached to the release. It should therefore not yet be user-visible unless somebody pokes around a lot, meaning we can defer documentation to a later PR and start testing it from the preview repository for our own purposes. Related: #10598 Resolves: #8484 Resolves: #10681	2025-10-24 05:14:58 +00:00

Author

SHA1

Message

Date

Thomas Eizinger

f98c4dd428

fix(gateway): declare hard-dependency on systemd (#10803 )

Several aspects of the Gateway's Debian package depend on `systemd`
being present. Without it, we don't have the necessary users and files
in place for the Gateway to function. With that specified, we can fail
the `postinst` script (and therefore the installation) if anything in
there goes wrong.

2025-11-07 14:33:30 +00:00

Thomas Eizinger

89f0af3fd7

fix(gateway): remove exclamation mark from sysusers.conf (#10802 )

2025-11-07 12:21:32 +11:00

Thomas Eizinger

0d2ddd8497

feat(gateway): create debian package (#10537 )

With this PR we add `cargo-deb` to our CI pipeline and build a debian
package for the Gateway. The debian package comes with several
configuration files that make it easy for admins to start and maintain a
Gateway installation:

- The embedded systemd unit file is essentially the same one as what we
currently install with the install script with some minor modifications.
- The token is read from `/etc/firezone/gateway-token` and passed as a
systemd credential. This allows us to set the permissions for this file
to `0400` and have it owned by `root:root`.
	- The configuration is read from `/etc/firezone/gateway-env`.
- Both of these changes basically mean the user should never need to
touch the unit file itself.
- The `sysusers` configuration file ensures the `firezone` user and
group are present on the system.
- The `tmpfiles` configuration file ensures the necessary directories
are present.

All of the above is automatically installed and configured using the
post-installation script which is called by `apt` once the package is
installed.

In addition to the Gateway, we also package a first version of the
`firezone-cli`. Right now, `firezone-cli` (installed as `firezone`) has
three subcommands:

- `gateway authenticate`: Asks for the Gateway's token and installs it
at `/etc/firezone/gateway-token`. The user doesn't have to know how we
manage this token and can trust that we are using safe defaults.
- `gateway enable`: Enables and starts the systemd service.
- `gateway disable`: Disables the systemd service.

Right now, the `.deb` file is only uploaded to the preview APT
repository and not attached to the release. It should therefore not yet
be user-visible unless somebody pokes around a lot, meaning we can defer
documentation to a later PR and start testing it from the preview
repository for our own purposes.

Related: #10598
Resolves: #8484 
Resolves: #10681

2025-10-24 05:14:58 +00:00

3 Commits