Why:
* There was a small bug that was preventing form errors from being shown
while entering the configuration data for OIDC/Google IDPs. It was due
to a nested changeset not having an `action` set.
Closes#3048
Why:
* When navigating around the portal, the title in the browser tab would
not show the accurate title of the current page. This commit adds
`page_title` to all pages. The value of the page title has been
choosen to correspond with the portal's left hand nav menu.
Additional:
* Along with the page titles, the `vertical_table` component was updated
to make the left hand headers use a class of `w-1/5` for consistency
across pages and to move the info a little further left on each page to
try and align it closer with other info on the page.
Here's an example of before and after:
<img width="1060" alt="before"
src="https://github.com/firezone/firezone/assets/2646332/6c56b550-98a5-4331-b1d3-c65ed9e24330">
<img width="1058" alt="after"
src="https://github.com/firezone/firezone/assets/2646332/c4753fee-ddea-4c67-9d5e-5b924260ea20">
the way we were checking for subdomains in the gateways completely
broke, didn't detect it before because the deployed staging version for
gateways is too old.
~~Added a few CI tests so this doesn't' happen again.~~ seems like
github runners [doesn't support pinging the outside
world](https://github.com/actions/runner-images/issues/1519) so I'm
putting that off for now.
- [x] make sure that session cookie for client is stored separately from
session cookie for the portal (will close#2647 and #2032)
- [x] #2622
- [ ] #2501
- [ ] show identity tokens and allow rotating/deleting them (#2138)
- [ ] #2042
- [ ] use Tokens context for Relays and Gateways to remove duplication
- [x] #2823
- [ ] Expire LiveView sockets when subject is expired
- [ ] Service Accounts UI is ambiguous now because of token identity and
actual token shown
- [ ] Limit subject permissions based on token type
Closes#2924. Now we extend the lifetime for client tokens, but not for
browsers.
- Fix permissions and caps on each start
- Fixes incompatibility with some systemd versions that barf at the
inline `ExecStartPre`
- Fixes erroneous error printed by iptables
- Fixes masquerading not working for wireless interfaces
- Single-step systemd copy-paste command
- Fixes#2944
- Fixes#3124
- Fixes#3112
Tested on CentOS 7 and Ubuntu 22.04
Why:
* The previous font being used in the portal (Source Sans Pro) did not
have multiple weights available, which meant that the `font-*` classes
on all html tags were not being used. Switching to Source Sans 3
allows all but 1 (`font-thin` or `100` is not present) of the Tailwind
font sizes to be used.
Closes#2893
* Remove PostHog from product
* Remove PostHog from website
* Add Mixpanel to website
Why? PostHog is a bit too much overhead for simple analytics for us for
now, and some of the bugs we hit prevented us from using certain
workflows.
We are still tracking `ping` events from legacy instances in PostHog.
Bumps [flowbite](https://github.com/themesberg/flowbite) from 2.2.0 to
2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/themesberg/flowbite/releases">flowbite's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<ul>
<li>relased new <a
href="https://flowbite.com/docs/forms/phone-input/">phone number
input</a> component</li>
<li>relased new <a
href="https://flowbite.com/docs/components/chat-bubble/">chat bubble</a>
component</li>
<li>updated <code>z-index</code> of the datepicker to allow usage with
modals and drawers</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21eb96b27e"><code>21eb96b</code></a>
chore(version): update to <code>v2.2.1</code></li>
<li><a
href="161b22a470"><code>161b22a</code></a>
docs(README): add new chat bubble component</li>
<li><a
href="59ced565f7"><code>59ced56</code></a>
Merge branch 'main' of <a
href="https://github.com/themesberg/flowbite">https://github.com/themesberg/flowbite</a>
into main</li>
<li><a
href="4af7a11b81"><code>4af7a11</code></a>
Fix background color on:hover for action button</li>
<li><a
href="2257c750de"><code>2257c75</code></a>
docs(chat bubble): add descriptions</li>
<li><a
href="1f4fe5c97d"><code>1f4fe5c</code></a>
Merge pull request <a
href="https://redirect.github.com/themesberg/flowbite/issues/725">#725</a>
from Manal-el/chat-bubble</li>
<li><a
href="74795781ba"><code>7479578</code></a>
docs(chat bubble): component preview example heights</li>
<li><a
href="7ffe541f2f"><code>7ffe541</code></a>
docs(chat bubble): add description to the URL sharing example</li>
<li><a
href="7d14d6b5f6"><code>7d14d6b</code></a>
feat(chat bubble): finish URL sharing example</li>
<li><a
href="fabb602b12"><code>fabb602</code></a>
docs(chat bubble): update heading titles</li>
<li>Additional commits viewable in <a
href="https://github.com/themesberg/flowbite/compare/v2.2.0...v2.2.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Why:
* When a new user and/or identity is created using the Email provider,
there is currently no way to notify the new user/identity automatically.
With this commit an email will now be sent to the newly added
user/identity upon successful creation. This will only be done for
identities created with the 'Email' provider.
<img width="621" alt="new_user_email"
src="https://github.com/firezone/firezone/assets/2646332/2e50baf0-34cf-4615-b7f9-30500aa58920">
---------
Signed-off-by: Brian Manifold <bmanifold@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Docker-based gateways won't have working IPv6 (good point @AndrewDryga),
so I started testing the systemd gateways more and found some issues I
fixed.
* Update default tab order for Deploy gateways page to prefer systemd
* Update unit file to run gateway as unprivileged user
* Remove dependency on `wget` in unit file
* Fix iptables logic so rules as re-created on reboot
* Use `/var/lib/firezone` instead of `/etc/firezone` for writing runtime
files (`/etc/` is often mounted read-only on hardened systems)
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
* Sort clients list by `last_seen_at` desc. This handles the `online?`
case too. Before, they were sorted by `asc` which made it hard to see
which recent clients were connected
* Scope the client log filename by account slug and actor name so it's
easier to find.
- Added google workspace docs at `/kb/authenticate/google`
- Updated in-product Provider creation form with more details and a link
to docs
- Fixed bg-color for unauthenticated layouts
---------
Co-authored-by: Brian Manifold <bmanifold@gmail.com>
* Fix numerous typos and grammar
* Align all next/continue action buttons to the right side of the form
* Rework the Gateway deploy page to be more readable and use consistent
colors
* Link to `Troubleshooting` guide for gateway deployments
* Add spacing between `:sections` so they stand out more
* Move help paragraphs into `:help`s
* Make links consistent to `text-accent-500` to match website/docs
(buttons unchanged)
* Add `warning` style button
More to come in further PRs
---------
Co-authored-by: Brian Manifold <bmanifold@gmail.com>
This PR changes the protocol and adds support for DNS subdomains, now
when a DNS resource is added all its subdomains are automatically
tunneled too. Later we will add support for `*.domain` or `?.domain` but
currently there is an Apple split tunnel implementation limitation which
is too labor-intensive to fix right away.
Fixes#2661
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Updated portal to make sure we use primary/accent/neutral in as many
places as possible.
Updated our neutral color palette to only have grayscale colors.
Also aliased the main colors (i.e. red/green/blue/yellow/orange) to use
an `fz_` prefix to allow for easier find/replace if needed, as well as
allowing easy customization of the colors later if needed.
