github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5408838189a42f1f06ea98d90feb15f973fb694a
firezone/rust/linux-client
History
Reactor Scram a10d76c525 chore(linux): revert /etc/resolv.conf on exit if we changed it to control DNS (#4148) 
This isn't really user-facing, so I marked it down from `feat` to
`chore`. Closes #3817

- If we exit gracefully, `/etc/resolv.conf` is reverted
- We always keep the `.before-firezone` backup in case we lose power and
the revert transaction is corrupted or rolled back
- We use a magic header to detect whether the last run was a crash or
not. If Firezone crashes and the user wants to modify their default DNS,
they need to delete that header so that Firezone won't accidentally
revert its backup and trash their change.
- All error variants for this module replaced with `anyhow::Error` since
they were never matched by callers.

I ran `cargo mutants` locally and it helped me validate the unit tests
and it picked up a `match` branch that I forgot to delete.

```[tasklist]
- [x] (Failed: Integration tests didn't like it) ~~Add the system default resolvers below Firezone's sentinels~~
- [x] `tracing::info` "Last run crashed" if we have to revert the file at startup
```

---------

Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
2024-03-18 16:29:25 +00:00
..
docs
docs(linux): document default DNS setup on Debian 12 and Ubuntu 20.04 (#3668)
2024-02-16 18:20:45 +00:00
src
chore(linux): revert /etc/resolv.conf on exit if we changed it to control DNS (#4148)
2024-03-18 16:29:25 +00:00
Cargo.toml
refactor(connlib): don't start a runtime as part of Session (#4119)
2024-03-14 00:06:29 +00:00
README.md
ci: document and fix a couple things for local Docker testing (#3672)
2024-02-17 16:16:39 +00:00

README.md

linux-client

This crate houses the Firezone linux client.

Building

Assuming you have Rust installed, you can build the Linux client from a Linux host with:

cargo build --release --bin firezone-linux-client

You should then find a binary in target/release/firezone-linux-client.

The releases on Github are built with musl. To build this way, use:

rustup target add x86_64-unknown-linux-musl
sudo apt-get install musl-tools
cargo build --release --bin firezone-linux-client --target x86_64-unknown-linux-musl

Running

To run the Linux client:

  1. Generate a new Service account token from the "Actors -> Service Accounts" section of the admin portal and save it in your secrets manager. The Firezone Linux client requires a service account at this time.
  2. Ensure the FIREZONE_TOKEN=<service_account_token> environment variable is set securely in your client's shell environment. The client requires this variable at startup.
  3. Set FIREZONE_ID to a unique string to identify this client in the portal, e.g. export FIREZONE_ID=$(uuidgen). The client requires this variable at startup.
  4. Set LOG_DIR to a suitable directory for writing logs 
    export LOG_DIR=/tmp/firezone-logs
mkdir $LOG_DIR
  5. Now, you can start the client with:
./firezone-linux-client

If you're running as an unprivileged user, you'll need the CAP_NET_ADMIN capability to open /dev/net/tun. You can add this to the client binary with:

sudo setcap 'cap_net_admin+eip' /path/to/firezone-linux-client
Reference in New Issue View Git Blame Copy Permalink