From 8c8d5ea2653fbacd7eccfe43a6104a20f586da0c Mon Sep 17 00:00:00 2001
From: Jamil Bou Kheir <jamil@elbii.com>
Date: Sun, 5 Sep 2021 07:13:48 +0000
Subject: [PATCH] nftables working

---
 apps/fz_http/lib/fz_http/release.ex                       | 2 ++
 config/releases.exs                                       | 5 +++--
 omnibus/cookbooks/firezone/recipes/phoenix.rb             | 4 +++-
 .../cookbooks/firezone/templates/phoenix.nginx.conf.erb   | 8 ++++++++
 omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb   | 8 ++++----
 omnibus/cookbooks/firezone/templates/sv-phoenix-t.erb     | 4 ++++
 .../cookbooks/firezone/templates/sv-postgresql-run.erb    | 2 +-
 7 files changed, 25 insertions(+), 8 deletions(-)
 create mode 100644 omnibus/cookbooks/firezone/templates/sv-phoenix-t.erb

diff --git a/apps/fz_http/lib/fz_http/release.ex b/apps/fz_http/lib/fz_http/release.ex
index 0b0690c32..bdc8e3311 100644
--- a/apps/fz_http/lib/fz_http/release.ex
+++ b/apps/fz_http/lib/fz_http/release.ex
@@ -28,6 +28,8 @@ defmodule FzHttp.Release do
 
   # App should be loaded at this point; call with `rpc` not `eval`
   def create_admin_user do
+    load_app()
+
     if Repo.exists?(from u in User, where: u.email == ^email()) do
       change_password(email(), default_password())
     else
diff --git a/config/releases.exs b/config/releases.exs
index f1d7c6342..91ba834e2 100644
--- a/config/releases.exs
+++ b/config/releases.exs
@@ -66,7 +66,7 @@ config :fz_http, FzHttp.Vault,
 config :fz_http, FzHttpWeb.Endpoint,
   http: [ip: {0, 0, 0, 0}, port: port],
   server: true,
-  url: [host: url_host, scheme: "https"],
+  url: [host: url_host, scheme: "http"],
   secret_key_base: secret_key_base,
   live_view: [
     signing_salt: live_view_signing_salt
@@ -82,4 +82,5 @@ config :fz_vpn,
   wireguard_private_key: private_key
 
 config :fz_http,
-  admin_email: admin_email
+  admin_email: admin_email,
+  default_admin_password: default_admin_password
diff --git a/omnibus/cookbooks/firezone/recipes/phoenix.rb b/omnibus/cookbooks/firezone/recipes/phoenix.rb
index 23c3bf652..1e1043f59 100644
--- a/omnibus/cookbooks/firezone/recipes/phoenix.rb
+++ b/omnibus/cookbooks/firezone/recipes/phoenix.rb
@@ -1,4 +1,5 @@
-#
+# frozen_string_literal: true
+
 # Cookbook:: firezone
 # Recipe:: phoenix
 #
@@ -50,6 +51,7 @@ end
 if node['firezone']['phoenix']['enable']
   component_runit_service 'phoenix' do
     package 'firezone'
+    control ['t']
     action :enable
     subscribes :restart, 'file[environment-variables]'
   end
diff --git a/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb b/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb
index e5ad8e05c..4e8478e25 100644
--- a/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb
+++ b/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb
@@ -100,6 +100,14 @@ server {
   }
 <% end -%>
 
+  location ~ ^/live {
+    proxy_pass http://phoenix;
+    proxy_http_version 1.1;
+    proxy_set_header Host $host;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+
   location / {
     proxy_set_header HOST $host;
     proxy_set_header X-Real-IP $remote_addr;
diff --git a/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb b/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb
index 7363abdd6..135d3e203 100644
--- a/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb
+++ b/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb
@@ -12,7 +12,7 @@ export HOME=$DIR
 cd $DIR
 
 exec <%= node['runit']['chpst_bin'] %> \
-  -P \
-  -U <%= node['firezone']['user'] %> \
-  -u <%= node['firezone']['user'] %> \
-  bin/firezone start
+      -P \
+      -U <%= node['firezone']['user'] %>:<%= node['firezone']['group'] %> \
+      -u <%= node['firezone']['user'] %>:<%= node['firezone']['group'] %> \
+      bin/firezone start
diff --git a/omnibus/cookbooks/firezone/templates/sv-phoenix-t.erb b/omnibus/cookbooks/firezone/templates/sv-phoenix-t.erb
new file mode 100644
index 000000000..7fb09d8b2
--- /dev/null
+++ b/omnibus/cookbooks/firezone/templates/sv-phoenix-t.erb
@@ -0,0 +1,4 @@
+#!/bin/sh
+echo "received TERM from runit, sending to process group (-PID)"
+pid=$(<%= node['firezone']['app_directory'] %>/bin/firezone pid)
+kill -- -$pid
diff --git a/omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb b/omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb
index 251a713b3..e20c17fc0 100644
--- a/omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb
+++ b/omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb
@@ -1,6 +1,6 @@
 #!/bin/sh
 exec 2>&1
-exec chpst \
+exec <%= node['runit']['chpst_bin'] %> \
        -P \
        -U <%= node['firezone']['postgresql']['username'] %> \
        -u <%= node['firezone']['postgresql']['username'] %> \