mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

wip: more firezone clients

Browse source
This commit is contained in:
oddlama 2025-02-07 03:44:29 +01:00
parent bbb76ae5ec
commit e918a6d581
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
14 changed files with 1174 additions and 141 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pkgs/default.nix
View file

@ -22,6 +22,10 @@ _inputs: [
firezone-server-domain = prev.callPackage ./firezone-server-domain/package.nix { };
firezone-server-web = prev.callPackage ./firezone-server-web/package.nix { };
firezone-server-api = prev.callPackage ./firezone-server-api/package.nix { };
firezone-gateway = prev.callPackage ./firezone-gateway/package.nix { };
firezone-relay = prev.callPackage ./firezone-relay/package.nix { };
firezone-gui-client = prev.callPackage ./firezone-gui-client/package.nix { };
firezone-headless-client = prev.callPackage ./firezone-headless-client/package.nix { };
mdns-repeater = prev.callPackage ./mdns-repeater.nix { };

39
pkgs/firezone-gateway/package.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
rustPlatform,
fetchFromGitHub,
nix-update-script,
}:
rustPlatform.buildRustPackage rec {
pname = "firezone-gateway";
version = "1.4.2";
src = fetchFromGitHub {
owner = "oddlama";
repo = "firezone";
rev = "feat/configurable-gateway-interface";
hash = "sha256-dsGQubRs/ZHdAd6MHpa+3K4vGm4OnCdf1yMlGG1AIJk=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-odrexu5mBGmvHNF4cUu9PDIEdxZC451lWV7dsLYT/Sg=";
sourceRoot = "${src.name}/rust";
buildAndTestSubdir = "gateway";
# Required to remove profiling arguments which conflict with this builder
postPatch = ''
rm .cargo/config.toml
'';
passthru.updateScript = nix-update-script { };
meta = {
description = "WireGuard tunnel server for the Firezone zero-trust access platform";
homepage = "https://github.com/firezone/firezone";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [
oddlama
patrickdag
];
mainProgram = "firezone-gateway";
};
}

281
pkgs/firezone-gui-client/0000-add-hyper-tls-dependency.patch Normal file
View file

@ -0,0 +1,281 @@
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
index 9645ee069..558339b1f 100644
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -951,7 +951,7 @@ dependencies = [
"cocoa-foundation 0.1.2",
"core-foundation 0.9.4",
"core-graphics 0.23.2",
- "foreign-types",
+ "foreign-types 0.5.0",
"libc",
"objc",
]
@@ -967,7 +967,7 @@ dependencies = [
"cocoa-foundation 0.2.0",
"core-foundation 0.10.0",
"core-graphics 0.24.0",
- "foreign-types",
+ "foreign-types 0.5.0",
"libc",
"objc",
]
@@ -1173,7 +1173,7 @@ dependencies = [
"bitflags 1.3.2",
"core-foundation 0.9.4",
"core-graphics-types 0.1.3",
- "foreign-types",
+ "foreign-types 0.5.0",
"libc",
]
@@ -1186,7 +1186,7 @@ dependencies = [
"bitflags 2.6.0",
"core-foundation 0.10.0",
"core-graphics-types 0.2.0",
- "foreign-types",
+ "foreign-types 0.5.0",
"libc",
]
@@ -1999,6 +1999,7 @@ dependencies = [
"firezone-logging",
"firezone-telemetry",
"futures",
+ "hyper-tls",
"native-dialog",
"nix 0.29.0",
"rand 0.8.5",
@@ -2281,6 +2282,15 @@ version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f81ec6369c545a7d40e4589b5597581fa1c441fe1cce96dd1de43159910a36a2"
+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared 0.1.1",
+]
+
[[package]]
name = "foreign-types"
version = "0.5.0"
@@ -2288,7 +2298,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965"
dependencies = [
"foreign-types-macros",
- "foreign-types-shared",
+ "foreign-types-shared 0.3.1",
]
[[package]]
@@ -2302,6 +2312,12 @@ dependencies = [
"syn 2.0.87",
]
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
[[package]]
name = "foreign-types-shared"
version = "0.3.1"
@@ -3035,6 +3051,22 @@ dependencies = [
"tower-service",
]
+[[package]]
+name = "hyper-tls"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
+dependencies = [
+ "bytes",
+ "http-body-util",
+ "hyper",
+ "hyper-util",
+ "native-tls",
+ "tokio",
+ "tokio-native-tls",
+ "tower-service",
+]
+
[[package]]
name = "hyper-util"
version = "0.1.9"
@@ -3723,6 +3755,23 @@ dependencies = [
"winapi",
]
+[[package]]
+name = "native-tls"
+version = "0.2.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466"
+dependencies = [
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework",
+ "security-framework-sys",
+ "tempfile",
+]
+
[[package]]
name = "ndk"
version = "0.9.0"
@@ -4286,6 +4335,50 @@ dependencies = [
"pathdiff",
]
+[[package]]
+name = "openssl"
+version = "0.10.68"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5"
+dependencies = [
+ "bitflags 2.6.0",
+ "cfg-if",
+ "foreign-types 0.3.2",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.87",
+]
+
+[[package]]
+name = "openssl-probe"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+
+[[package]]
+name = "openssl-sys"
+version = "0.9.104"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
[[package]]
name = "opentelemetry"
version = "0.26.0"
@@ -5385,6 +5478,15 @@ dependencies = [
"winapi-util",
]
+[[package]]
+name = "schannel"
+version = "0.1.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
[[package]]
name = "schemars"
version = "0.8.21"
@@ -5474,6 +5576,29 @@ dependencies = [
"zbus",
]
+[[package]]
+name = "security-framework"
+version = "2.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
+dependencies = [
+ "bitflags 2.6.0",
+ "core-foundation 0.9.4",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
[[package]]
name = "selectors"
version = "0.22.0"
@@ -5947,7 +6072,7 @@ dependencies = [
"bytemuck",
"cfg_aliases",
"core-graphics 0.24.0",
- "foreign-types",
+ "foreign-types 0.5.0",
"js-sys",
"log",
"objc2",
@@ -6786,6 +6911,16 @@ dependencies = [
"syn 2.0.87",
]
+[[package]]
+name = "tokio-native-tls"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
+dependencies = [
+ "native-tls",
+ "tokio",
+]
+
[[package]]
name = "tokio-rustls"
version = "0.26.0"
@@ -7395,6 +7530,12 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
[[package]]
name = "version-compare"
version = "0.2.0"
diff --git a/rust/gui-client/src-tauri/Cargo.toml b/rust/gui-client/src-tauri/Cargo.toml
index 32ca56197..f0475e6bf 100644
--- a/rust/gui-client/src-tauri/Cargo.toml
+++ b/rust/gui-client/src-tauri/Cargo.toml
@@ -25,6 +25,7 @@ firezone-headless-client = { workspace = true }
firezone-logging = { workspace = true }
firezone-telemetry = { workspace = true }
futures = { workspace = true }
+hyper-tls = "0.6.0"
native-dialog = { workspace = true }
rand = { workspace = true }
rustls = { workspace = true }

153
pkgs/firezone-gui-client/package.nix Normal file
View file

@ -0,0 +1,153 @@
{
lib,
rustPlatform,
fetchFromGitHub,
nix-update-script,
pkg-config,
dbus,
openssl,
zenity,
cargo-tauri,
gdk-pixbuf,
glib,
gobject-introspection,
gtk3,
kdialog,
libsoup_3,
libayatana-appindicator,
webkitgtk_4_1,
wrapGAppsHook3,
stdenvNoCC,
git,
pnpm_9,
nodejs,
}:
let
version = "1.4.0";
src = fetchFromGitHub {
owner = "firezone";
repo = "firezone";
tag = "gui-client-${version}";
hash = "sha256-gwlkHTFVd1gHwOOIar+5+LEP2ovoyEIMmLfPxYb/OCs=";
# FIXME: remove once https://github.com/firezone/firezone/pull/7808 is released
# FIXME: somehow still required...
postFetch = ''
${lib.getExe git} -C $out apply ${./0000-add-hyper-tls-dependency.patch}
'';
};
frontend = stdenvNoCC.mkDerivation rec {
pname = "firezone-gui-client-frontend";
inherit version src;
pnpmDeps = pnpm_9.fetchDeps {
inherit pname version;
src = "${src}/rust/gui-client";
hash = "sha256-Gc+X4mbpHa8b/Ol6Fee7VFpTPG25LksoAEjFww1WH5I=";
};
pnpmRoot = "rust/gui-client";
nativeBuildInputs = [
pnpm_9.configHook
nodejs
];
buildPhase = ''
runHook preBuild
cd $pnpmRoot
cp node_modules/flowbite/dist/flowbite.min.js src/
pnpm tailwindcss -i src/input.css -o src/output.css
node --max_old_space_size=1024000 ./node_modules/vite/bin/vite.js build
runHook postBuild
'';
installPhase = ''
runHook preInstall
cp -r dist $out
runHook postInstall
'';
};
in
rustPlatform.buildRustPackage rec {
pname = "firezone-gui-client";
inherit version src;
useFetchCargoVendor = true;
cargoHash = "sha256-eqkYwP14kca7Q/P9wc+CvTBmKETTmbd06EBNx3MKLro=";
sourceRoot = "${src.name}/rust";
buildAndTestSubdir = "gui-client";
nativeBuildInputs = [
cargo-tauri.hook
pkg-config
wrapGAppsHook3
];
buildInputs = [
openssl
dbus
gdk-pixbuf
glib
gobject-introspection
gtk3
libsoup_3
libayatana-appindicator
webkitgtk_4_1
];
# Required to remove profiling arguments which conflict with this builder
postPatch = ''
rm .cargo/config.toml
ln -s ${frontend} gui-client/dist
'';
# Required to run tests
preCheck = ''
export XDG_RUNTIME_DIR=$(mktemp -d)
'';
checkFlags = [
# Requires network access
"--skip=notifiers"
];
preFixup = ''
gappsWrapperArgs+=(
# Otherwise blank screen, see https://github.com/tauri-apps/tauri/issues/9304
--set WEBKIT_DISABLE_DMABUF_RENDERER 1
--prefix PATH ":" ${
lib.makeBinPath [
zenity
kdialog
]
}
--prefix LD_LIBRARY_PATH ":" ${
lib.makeLibraryPath [
libayatana-appindicator
]
}
)
'';
passthru = {
inherit frontend;
updateScript = nix-update-script { };
};
meta = {
description = "GUI client for the Firezone zero-trust access platform";
homepage = "https://github.com/firezone/firezone";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [
oddlama
patrickdag
];
mainProgram = "firezone-gui-client";
};
}

44
pkgs/firezone-headless-client/package.nix Normal file
View file

@ -0,0 +1,44 @@
{
lib,
rustPlatform,
fetchFromGitHub,
nix-update-script,
}:
rustPlatform.buildRustPackage rec {
pname = "firezone-headless-client";
version = "1.4.0";
src = fetchFromGitHub {
owner = "oddlama";
repo = "firezone";
rev = "feat/configurable-gateway-interface";
hash = "sha256-dsGQubRs/ZHdAd6MHpa+3K4vGm4OnCdf1yMlGG1AIJk=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-odrexu5mBGmvHNF4cUu9PDIEdxZC451lWV7dsLYT/Sg=";
sourceRoot = "${src.name}/rust";
buildAndTestSubdir = "headless-client";
# Required to remove profiling arguments which conflict with this builder
postPatch = ''
rm .cargo/config.toml
'';
# Required to run tests
preCheck = ''
export XDG_RUNTIME_DIR=$(mktemp -d)
'';
passthru.updateScript = nix-update-script { };
meta = {
description = "CLI client for the Firezone zero-trust access platform";
homepage = "https://github.com/firezone/firezone";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [
oddlama
patrickdag
];
mainProgram = "firezone-headless-client";
};
}

39
pkgs/firezone-relay/package.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
rustPlatform,
fetchFromGitHub,
nix-update-script,
}:
rustPlatform.buildRustPackage rec {
pname = "firezone-relay";
version = "unstable-2025-01-19";
src = fetchFromGitHub {
owner = "firezone";
repo = "firezone";
rev = "8c9427b7b133e5050be34c2ac0e831c12c08f02c";
hash = "sha256-yccplADHRJQQiKrmHcJ5rvouswHrbx4K6ysnIAoZJR0=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-WpJL5ALFMvyYv3QI5gMazAj6BVr4oyGq+zOo40rxqOE=";
sourceRoot = "${src.name}/rust";
buildAndTestSubdir = "relay";
# Required to remove profiling arguments which conflict with this builder
postPatch = ''
rm .cargo/config.toml
'';
passthru.updateScript = nix-update-script { };
meta = {
description = "STUN/TURN server for the Firezone zero-trust access platform";
homepage = "https://github.com/firezone/firezone";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [
oddlama
patrickdag
];
mainProgram = "firezone-relay";
};
}

60
pkgs/firezone-server-domain/0000-add-healthz-port.patch Normal file
View file

@ -0,0 +1,60 @@
diff --git a/apps/domain/lib/domain/config/definitions.ex b/apps/domain/lib/domain/config/definitions.ex
index 8cd2e8d0f..de55c8e8f 100644
--- a/apps/domain/lib/domain/config/definitions.ex
+++ b/apps/domain/lib/domain/config/definitions.ex
@@ -120,6 +120,7 @@ defmodule Domain.Config.Definitions do
]},
{"Instrumentation",
[
+ :healthz_port,
:instrumentation_client_logs_enabled,
:instrumentation_client_logs_bucket,
:telemetry_metrics_reporter,
@@ -474,6 +475,19 @@ defmodule Domain.Config.Definitions do
## Telemetry
##############################################
+ @doc """
+ The port for the internal healthz endpoint.
+ """
+ defconfig(:healthz_port, :integer,
+ default: 4000,
+ changeset: fn changeset, key ->
+ Ecto.Changeset.validate_number(changeset, key,
+ greater_than: 0,
+ less_than_or_equal_to: 65_535
+ )
+ end
+ )
+
@doc """
Enable or disable the Firezone telemetry collection.
diff --git a/apps/domain/lib/domain/telemetry.ex b/apps/domain/lib/domain/telemetry.ex
index af430358d..d154282b4 100644
--- a/apps/domain/lib/domain/telemetry.ex
+++ b/apps/domain/lib/domain/telemetry.ex
@@ -13,7 +13,7 @@ defmodule Domain.Telemetry do
children = [
# We start a /healthz endpoint that is used for liveness probes
- {Bandit, plug: Telemetry.HealthzPlug, scheme: :http, port: 4000},
+ {Bandit, plug: Telemetry.HealthzPlug, scheme: :http, port: Keyword.get(config, :healthz_port)},
# Telemetry poller will execute the given period measurements
# every 10_000ms. Learn more here: https://hexdocs.pm/telemetry_metrics
diff --git a/config/runtime.exs b/config/runtime.exs
index 7817942fa..c6dfe9c31 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -211,7 +211,9 @@ if config_env() == :prod do
otlp_endpoint: System.get_env("OTLP_ENDPOINT")
end
- config :domain, Domain.Telemetry, metrics_reporter: compile_config!(:telemetry_metrics_reporter)
+ config :domain, Domain.Telemetry,
+ healthz_port: compile_config!(:healthz_port),
+ metrics_reporter: compile_config!(:telemetry_metrics_reporter)
if telemetry_metrics_reporter = compile_config!(:telemetry_metrics_reporter) do
config :domain, telemetry_metrics_reporter, compile_config!(:telemetry_metrics_reporter_opts)

100
pkgs/firezone-server-domain/0001-postgres-socket.patch Normal file
View file

@ -0,0 +1,100 @@
diff --git a/apps/domain/lib/domain/config.ex b/apps/domain/lib/domain/config.ex
index 11fdcc3a1..9254f210d 100644
--- a/apps/domain/lib/domain/config.ex
+++ b/apps/domain/lib/domain/config.ex
@@ -42,6 +42,24 @@ defmodule Domain.Config do
end
end
+ @doc """
+ Similar to `compile_config/2` but returns nil if the configuration is invalid.
+
+ This function does not resolve values from the database because it's intended use is during
+ compilation and before application boot (in `config/runtime.exs`).
+
+ If you need to resolve values from the database, use `fetch_config/1` or `fetch_config!/1`.
+ """
+ def compile_config(module \\ Definitions, key, env_config \\ System.get_env()) do
+ case Fetcher.fetch_source_and_config(module, key, %{}, env_config) do
+ {:ok, _source, value} ->
+ value
+
+ {:error, reason} ->
+ nil
+ end
+ end
+
def config_changeset(changeset, schema_key, config_key \\ nil) do
config_key = config_key || schema_key
diff --git a/apps/domain/lib/domain/config/definitions.ex b/apps/domain/lib/domain/config/definitions.ex
index 8cd2e8d0f..f27d67c69 100644
--- a/apps/domain/lib/domain/config/definitions.ex
+++ b/apps/domain/lib/domain/config/definitions.ex
@@ -61,6 +61,7 @@ defmodule Domain.Config.Definitions do
{"Database",
[
:database_host,
+ :database_socket_dir,
:database_port,
:database_name,
:database_user,
@@ -255,6 +256,11 @@ defmodule Domain.Config.Definitions do
"""
defconfig(:database_host, :string, default: "postgres")
+ @doc """
+ PostgreSQL socket directory (takes precedence over hostname).
+ """
+ defconfig(:database_socket_dir, :string, default: nil)
+
@doc """
PostgreSQL port.
"""
diff --git a/config/runtime.exs b/config/runtime.exs
index 7817942fa..14cbe182f 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -1,22 +1,31 @@
import Config
if config_env() == :prod do
- import Domain.Config, only: [compile_config!: 1]
+ import Domain.Config, only: [compile_config!: 1, compile_config: 1]
###############################
##### Domain ##################
###############################
- config :domain, Domain.Repo,
- database: compile_config!(:database_name),
- username: compile_config!(:database_user),
- hostname: compile_config!(:database_host),
- port: compile_config!(:database_port),
- password: compile_config!(:database_password),
- pool_size: compile_config!(:database_pool_size),
- ssl: compile_config!(:database_ssl_enabled),
- ssl_opts: compile_config!(:database_ssl_opts),
- parameters: compile_config!(:database_parameters)
+ config :domain,
+ Domain.Repo,
+ [
+ {:database, compile_config!(:database_name)},
+ {:username, compile_config!(:database_user)},
+ {:port, compile_config!(:database_port)},
+ {:pool_size, compile_config!(:database_pool_size)},
+ {:ssl, compile_config!(:database_ssl_enabled)},
+ {:ssl_opts, compile_config!(:database_ssl_opts)},
+ {:parameters, compile_config!(:database_parameters)}
+ ] ++
+ if(compile_config(:database_password),
+ do: [{:password, compile_config!(:database_password)}],
+ else: []
+ ) ++
+ if(compile_config(:database_socket_dir),
+ do: [{:socket_dir, compile_config!(:database_socket_dir)}],
+ else: [{:hostname, compile_config!(:database_host)}]
+ )
config :domain, Domain.Tokens,
key_base: compile_config!(:tokens_key_base),

110
pkgs/firezone-server-domain/a.patch → pkgs/firezone-server-domain/0002-add-mua.patch
View file

@ -1,28 +1,8 @@
diff --git a/apps/domain/lib/domain/config/definitions.ex b/apps/domain/lib/domain/config/definitions.ex
index 8cd2e8d0f..92e18b10b 100644
index 8cd2e8d0f..2e6ca054b 100644
--- a/apps/domain/lib/domain/config/definitions.ex
+++ b/apps/domain/lib/domain/config/definitions.ex
@@ -61,6 +61,7 @@ defmodule Domain.Config.Definitions do
{"Database",
[
:database_host,
+ :database_socket_dir,
:database_port,
:database_name,
:database_user,
@@ -255,6 +256,11 @@ defmodule Domain.Config.Definitions do
"""
defconfig(:database_host, :string, default: "postgres")
+ @doc """
+ PostgreSQL socket directory (takes precedence over hostname).
+ """
+ defconfig(:database_socket_dir, :string, default: nil)
+
@doc """
PostgreSQL port.
"""
@@ -584,6 +590,7 @@ defmodule Domain.Config.Definitions do
@@ -584,6 +584,7 @@ defmodule Domain.Config.Definitions do
Swoosh.Adapters.Mailgun,
Swoosh.Adapters.Mailjet,
Swoosh.Adapters.Mandrill,
@ -30,21 +10,8 @@ index 8cd2e8d0f..92e18b10b 100644
Swoosh.Adapters.Postmark,
Swoosh.Adapters.ProtonBridge,
Swoosh.Adapters.SMTP,
diff --git a/apps/domain/lib/domain/telemetry.ex b/apps/domain/lib/domain/telemetry.ex
index af430358d..a544e706e 100644
--- a/apps/domain/lib/domain/telemetry.ex
+++ b/apps/domain/lib/domain/telemetry.ex
@@ -13,7 +13,7 @@ defmodule Domain.Telemetry do
children = [
# We start a /healthz endpoint that is used for liveness probes
- {Bandit, plug: Telemetry.HealthzPlug, scheme: :http, port: 4000},
+ {Bandit, plug: Telemetry.HealthzPlug, scheme: :http, port: System.get_env("HEALTHZ_PORT") |> String.to_integer()},
# Telemetry poller will execute the given period measurements
# every 10_000ms. Learn more here: https://hexdocs.pm/telemetry_metrics
diff --git a/apps/web/lib/web/live/sign_up.ex b/apps/web/lib/web/live/sign_up.ex
index c4e06bc58..89533fb81 100644
index dfbc94d9b..638e3b373 100644
--- a/apps/web/lib/web/live/sign_up.ex
+++ b/apps/web/lib/web/live/sign_up.ex
@@ -1,5 +1,6 @@
@ -54,65 +21,44 @@ index c4e06bc58..89533fb81 100644
alias Domain.{Auth, Accounts, Actors, Config}
alias Web.Registration
@@ -358,7 +359,8 @@ defmodule Web.SignUp do
@@ -358,7 +359,9 @@ defmodule Web.SignUp do
{:noreply, assign(socket, form: to_form(changeset))}
- {:error, :send_email, _reason, _effects_so_far} ->
+ {:error, :send_email, reason, _effects_so_far} ->
+ Logger.info("failed to send email", reason: inspect(reason))
+ Logger.warning("Failed to send sign_up email", reason: inspect(reason))
+
changeset =
Ecto.Changeset.add_error(
changeset,
diff --git a/config/runtime.exs b/config/runtime.exs
index 15037e0a3..475c4ddfb 100644
index 7817942fa..8704ccde5 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -8,15 +8,17 @@ if config_env() == :prod do
###############################
config :domain, Domain.Repo,
- database: compile_config!(:database_name),
- username: compile_config!(:database_user),
- hostname: compile_config!(:database_host),
- port: compile_config!(:database_port),
- password: compile_config!(:database_password),
- pool_size: compile_config!(:database_pool_size),
- ssl: compile_config!(:database_ssl_enabled),
- ssl_opts: compile_config!(:database_ssl_opts),
- parameters: compile_config!(:database_parameters)
+ [
+ {:database, compile_config!(:database_name)},
+ {:username, compile_config!(:database_user)},
+ {:port, compile_config!(:database_port)},
+ {:pool_size, compile_config!(:database_pool_size)},
+ {:ssl, compile_config!(:database_ssl_enabled)},
+ {:ssl_opts, compile_config!(:database_ssl_opts)},
+ {:parameters, compile_config!(:database_parameters)}
+ ]
+ ++ (if System.get_env("DATABASE_PASSWORD"), do: [{:password, compile_config!(:database_password)}], else: [])
+ ++ (if System.get_env("DATABASE_SOCKET_DIR"), do: [{:socket_dir, compile_config!(:database_socket_dir)}], else: [{:hostname, compile_config!(:database_host)}])
config :domain, Domain.Tokens,
key_base: compile_config!(:tokens_key_base),
@@ -226,8 +228,15 @@ if config_env() == :prod do
config :domain,
Domain.Mailer,
@@ -228,7 +228,21 @@ if config_env() == :prod do
[
- adapter: compile_config!(:outbound_email_adapter),
- from_email: compile_config!(:outbound_email_from)
+ adapter: compile_config!(:outbound_email_adapter),
+ from_email: compile_config!(:outbound_email_from),
+ protocol: String.to_atom(System.get_env("OUTBOUND_EMAIL_SMTP_PROTOCOL")),
+ relay: System.get_env("OUTBOUND_EMAIL_SMTP_HOST"),
+ port: String.to_integer(System.get_env("OUTBOUND_EMAIL_SMTP_PORT")),
+ auth: [
+ username: System.get_env("OUTBOUND_EMAIL_SMTP_USERNAME"),
+ password: System.get_env("OUTBOUND_EMAIL_SMTP_PASSWORD")
+ ]
] ++ compile_config!(:outbound_email_adapter_opts)
adapter: compile_config!(:outbound_email_adapter),
from_email: compile_config!(:outbound_email_from)
- ] ++ compile_config!(:outbound_email_adapter_opts)
+ ] ++
+ (if System.get_env("OUTBOUND_EMAIL_ADAPTER") == "Elixir.Swoosh.Adapters.Mua" do
+ [
+ protocol: String.to_atom(System.get_env("OUTBOUND_EMAIL_SMTP_PROTOCOL")),
+ relay: System.get_env("OUTBOUND_EMAIL_SMTP_HOST"),
+ port: String.to_integer(System.get_env("OUTBOUND_EMAIL_SMTP_PORT")),
+ auth: [
+ username: System.get_env("OUTBOUND_EMAIL_SMTP_USERNAME"),
+ password: System.get_env("OUTBOUND_EMAIL_SMTP_PASSWORD")
+ ]
+ ]
+ else
+ []
+ end) ++
+ compile_config!(:outbound_email_adapter_opts)
config :workos, WorkOS.Client,
api_key: compile_config!(:workos_api_key),
diff --git a/mix.exs b/mix.exs
index 12782d631..dee1245d2 100644
--- a/mix.exs
@ -129,7 +75,7 @@ index 12782d631..dee1245d2 100644
end
diff --git a/mix.lock b/mix.lock
index 8c4b65959..3d2f9faca 100644
index 757829003..47775677d 100644
--- a/mix.lock
+++ b/mix.lock
@@ -50,11 +50,13 @@

6
pkgs/firezone-server-domain/generic.nix
View file

@ -24,7 +24,11 @@ beamPackages.mixRelease rec {
hash = "sha256-yccplADHRJQQiKrmHcJ5rvouswHrbx4K6ysnIAoZJR0=";
}
}/elixir";
patches = [ ./a.patch ];
patches = [
./0000-add-healthz-port.patch
./0001-postgres-socket.patch
./0002-add-mua.patch
];
pnpmDeps = pnpm_9.fetchDeps {
inherit pname version;