From c18e6b0e8e10b8a1e3c657abcb3349bca9e0df5a Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Wed, 19 Jun 2024 12:23:37 +0200 Subject: [PATCH 01/29] embed ui into the binary --- Cargo.lock | 36 ++++++++++++++++++++++++++++++++++++ Cargo.toml | 2 ++ src/lib.rs | 22 +++++++++++----------- src/web.rs | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 86 insertions(+), 11 deletions(-) create mode 100644 src/web.rs diff --git a/Cargo.lock b/Cargo.lock index 2224fd62ae..3e14795b3c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -986,6 +986,7 @@ dependencies = [ "lettre", "matches", "md4", + "mime_guess", "model_derive", "openidconnect", "otpauth", @@ -997,6 +998,7 @@ dependencies = [ "regex", "reqwest", "rsa", + "rust-embed", "rust-ini", "secp256k1", "secrecy", @@ -3469,6 +3471,40 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rust-embed" +version = "8.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19549741604902eb99a7ed0ee177a0663ee1eda51a29f71401f166e47e77806a" +dependencies = [ + "rust-embed-impl", + "rust-embed-utils", + "walkdir", +] + +[[package]] +name = "rust-embed-impl" +version = "8.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb9f96e283ec64401f30d3df8ee2aaeb2561f34c824381efa24a35f79bf40ee4" +dependencies = [ + "proc-macro2", + "quote", + "rust-embed-utils", + "syn 2.0.60", + "walkdir", +] + +[[package]] +name = "rust-embed-utils" +version = "8.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38c74a686185620830701348de757fd36bef4aa9680fd23c49fc539ddcc1af32" +dependencies = [ + "sha2", + "walkdir", +] + [[package]] name = "rust-ini" version = "0.20.0" diff --git a/Cargo.toml b/Cargo.toml index 810ad3d1b8..07245ce656 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -93,6 +93,8 @@ webauthn-rs = { version = "0.4", features = [ ] } webauthn-rs-proto = "0.4" x25519-dalek = { version = "2.0", features = ["static_secrets"] } +rust-embed = "8.4.0" +mime_guess = "2.0.4" [dev-dependencies] bytes = "1.5" diff --git a/src/lib.rs b/src/lib.rs index 85155852d1..4567397815 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -6,7 +6,6 @@ use std::{ use anyhow::anyhow; use axum::{ - handler::HandlerWithoutStateExt, http::{Request, StatusCode}, routing::{delete, get, patch, post, put}, serve, Extension, Router, @@ -30,12 +29,10 @@ use tokio::{ OnceCell, }, }; -use tower_http::{ - services::{ServeDir, ServeFile}, - trace::{DefaultOnResponse, TraceLayer}, -}; +use tower_http::trace::{DefaultOnResponse, TraceLayer}; use tracing::Level; use uaparser::UserAgentParser; +use web::{index, static_file}; use self::{ appstate::AppState, @@ -122,6 +119,7 @@ pub(crate) mod random; pub mod secret; pub mod support; pub mod templates; +mod web; pub mod wg_config; pub mod wireguard_peer_disconnect; pub mod wireguard_stats_purge; @@ -164,10 +162,14 @@ pub fn build_webapp( user_agent_parser: Arc, failed_logins: Arc>, ) -> Router { - let serve_web_dir = ServeDir::new("web/dist").fallback(ServeFile::new("web/dist/index.html")); - let serve_images = - ServeDir::new("web/src/shared/images/svg").not_found_service(handle_404.into_service()); - let webapp = Router::new().nest( + let webapp: Router = Router::new() + .route("/", get(index)) + .route("/*path", get(index)) + .route("/fonts/*path", get(static_file)) + .route("/assets/*path", get(static_file)) + .fallback_service(get(handle_404)); + + let webapp = webapp.nest( "/api/v1", Router::new() .route("/health", get(health_check)) @@ -343,8 +345,6 @@ pub fn build_webapp( ); webapp - .nest_service("/svg", serve_images) - .nest_service("/", serve_web_dir) .with_state(AppState::new( pool, webhook_tx, diff --git a/src/web.rs b/src/web.rs new file mode 100644 index 0000000000..db65d44738 --- /dev/null +++ b/src/web.rs @@ -0,0 +1,37 @@ +use axum::{ + http::{header, StatusCode, Uri}, + response::{IntoResponse, Response}, +}; +use rust_embed::Embed; + +pub async fn static_file(uri: Uri) -> impl IntoResponse { + let path = uri.path().trim_start_matches('/').to_string(); + StaticFile(path) +} + +pub async fn index() -> impl IntoResponse { + static_file(Uri::from_static("/index.html")).await +} + +#[derive(Embed)] +#[folder = "web/dist/"] +struct Asset; + +pub struct StaticFile(pub T); + +impl IntoResponse for StaticFile +where + T: Into, +{ + fn into_response(self) -> Response { + let path = self.0.into(); + + match Asset::get(path.as_str()) { + Some(content) => { + let mime = mime_guess::from_path(path).first_or_octet_stream(); + ([(header::CONTENT_TYPE, mime.as_ref())], content.data).into_response() + } + None => (StatusCode::NOT_FOUND, "404 Not Found").into_response(), + } + } +} From edc455ceff8de293530549ad505fa6e2920e9e95 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Wed, 19 Jun 2024 14:10:43 +0200 Subject: [PATCH 02/29] make sure all required files are embedded --- Cargo.lock | 1 + Cargo.toml | 4 ++-- src/{web.rs => assets.rs} | 23 +++++++++++++++++------ src/headers.rs | 3 ++- src/lib.rs | 9 +++++---- 5 files changed, 27 insertions(+), 13 deletions(-) rename src/{web.rs => assets.rs} (50%) diff --git a/Cargo.lock b/Cargo.lock index 3e14795b3c..60085dcafa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3501,6 +3501,7 @@ version = "8.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "38c74a686185620830701348de757fd36bef4aa9680fd23c49fc539ddcc1af32" dependencies = [ + "globset", "sha2", "walkdir", ] diff --git a/Cargo.toml b/Cargo.toml index 07245ce656..a9a340f921 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -69,6 +69,8 @@ ssh-key = "0.6" struct-patch = "0.4" tera = "1.19" thiserror = "1.0" +rust-embed = { version = "8.4.0", features = ["include-exclude"] } +mime_guess = "2.0.4" # match axum-extra -> cookies time = { version = "0.3", default-features = false } tiny-keccak = { version = "2.0", features = ["keccak"] } @@ -93,8 +95,6 @@ webauthn-rs = { version = "0.4", features = [ ] } webauthn-rs-proto = "0.4" x25519-dalek = { version = "2.0", features = ["static_secrets"] } -rust-embed = "8.4.0" -mime_guess = "2.0.4" [dev-dependencies] bytes = "1.5" diff --git a/src/web.rs b/src/assets.rs similarity index 50% rename from src/web.rs rename to src/assets.rs index db65d44738..0ae3ddc743 100644 --- a/src/web.rs +++ b/src/assets.rs @@ -4,18 +4,29 @@ use axum::{ }; use rust_embed::Embed; -pub async fn static_file(uri: Uri) -> impl IntoResponse { - let path = uri.path().trim_start_matches('/').to_string(); +pub async fn web_asset(uri: Uri) -> impl IntoResponse { + let mut path = uri.path().trim_start_matches('/').to_string(); + // Rewrite the path to match the structure of the embedded files + path.insert_str(0, "dist/"); StaticFile(path) } pub async fn index() -> impl IntoResponse { - static_file(Uri::from_static("/index.html")).await + web_asset(Uri::from_static("/index.html")).await +} + +pub async fn svg(uri: Uri) -> impl IntoResponse { + let mut path = uri.path().trim_start_matches('/').to_string(); + // Rewrite the path to match the structure of the embedded files + path.insert_str(0, "src/shared/images/"); + StaticFile(path) } #[derive(Embed)] -#[folder = "web/dist/"] -struct Asset; +#[folder = "web/"] +#[include = "dist/*"] +#[include = "src/shared/images/*"] +struct WebAsset; pub struct StaticFile(pub T); @@ -26,7 +37,7 @@ where fn into_response(self) -> Response { let path = self.0.into(); - match Asset::get(path.as_str()) { + match WebAsset::get(path.as_str()) { Some(content) => { let mime = mime_guess::from_path(path).first_or_octet_stream(); ([(header::CONTENT_TYPE, mime.as_ref())], content.data).into_response() diff --git a/src/headers.rs b/src/headers.rs index 8dc6ace92a..e20a816bc0 100644 --- a/src/headers.rs +++ b/src/headers.rs @@ -12,9 +12,10 @@ use crate::{ #[must_use] pub fn create_user_agent_parser() -> Arc { + let regexes = include_bytes!("../user_agent_header_regexes.yaml"); Arc::new( UserAgentParser::builder() - .build_from_yaml("user_agent_header_regexes.yaml") + .build_from_bytes(regexes) .expect("Parser creation failed"), ) } diff --git a/src/lib.rs b/src/lib.rs index 4567397815..275d08d498 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -11,6 +11,7 @@ use axum::{ serve, Extension, Router, }; +use assets::{index, svg, web_asset}; use handlers::ssh_authorized_keys::{ add_authentication_key, delete_authentication_key, fetch_authentication_keys, }; @@ -32,7 +33,6 @@ use tokio::{ use tower_http::trace::{DefaultOnResponse, TraceLayer}; use tracing::Level; use uaparser::UserAgentParser; -use web::{index, static_file}; use self::{ appstate::AppState, @@ -105,6 +105,7 @@ use self::{ }; pub mod appstate; +pub mod assets; pub mod auth; pub mod config; pub mod db; @@ -119,7 +120,6 @@ pub(crate) mod random; pub mod secret; pub mod support; pub mod templates; -mod web; pub mod wg_config; pub mod wireguard_peer_disconnect; pub mod wireguard_stats_purge; @@ -165,8 +165,9 @@ pub fn build_webapp( let webapp: Router = Router::new() .route("/", get(index)) .route("/*path", get(index)) - .route("/fonts/*path", get(static_file)) - .route("/assets/*path", get(static_file)) + .route("/fonts/*path", get(web_asset)) + .route("/assets/*path", get(web_asset)) + .route("/svg/*path", get(svg)) .fallback_service(get(handle_404)); let webapp = webapp.nest( From 42533a35330bd1b5b24da9d7a4650bb5533e8b68 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 09:23:59 +0200 Subject: [PATCH 03/29] make the packaging actually work --- .fpm | 6 +++++ Cargo.lock | 58 +++++++++++++++++++++++++++++++++++++++++++ Cargo.toml | 5 +++- defguard-core.service | 23 +++++++++++++++++ src/assets.rs | 2 +- 5 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 .fpm create mode 100644 defguard-core.service diff --git a/.fpm b/.fpm new file mode 100644 index 0000000000..8e75b234f2 --- /dev/null +++ b/.fpm @@ -0,0 +1,6 @@ +-s dir +--name defguard-core +--architecture x86_64 +--description "defguard core service" +--url "https://defguard.net/" +--maintainer "teonite" \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index 60085dcafa..4b776d1639 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1096,6 +1096,27 @@ dependencies = [ "subtle", ] +[[package]] +name = "dirs" +version = "5.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44c45a9d03d6676652bcb5e724c7e988de1acad23a711b5217ab9cbecbec2225" +dependencies = [ + "dirs-sys", +] + +[[package]] +name = "dirs-sys" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c" +dependencies = [ + "libc", + "option-ext", + "redox_users", + "windows-sys 0.48.0", +] + [[package]] name = "displaydoc" version = "0.2.4" @@ -2254,6 +2275,16 @@ version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" +[[package]] +name = "libredox" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" +dependencies = [ + "bitflags 2.5.0", + "libc", +] + [[package]] name = "libsqlite3-sys" version = "0.27.0" @@ -2684,6 +2715,12 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "option-ext" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" + [[package]] name = "ordered-float" version = "2.10.1" @@ -3285,6 +3322,17 @@ dependencies = [ "bitflags 1.3.2", ] +[[package]] +name = "redox_users" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891" +dependencies = [ + "getrandom", + "libredox", + "thiserror", +] + [[package]] name = "regex" version = "1.10.4" @@ -3491,6 +3539,7 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", + "shellexpand", "syn 2.0.60", "walkdir", ] @@ -3974,6 +4023,15 @@ dependencies = [ "lazy_static", ] +[[package]] +name = "shellexpand" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da03fa3b94cc19e3ebfc88c4229c49d8f08cdbd1228870a45f0ffdf84988e14b" +dependencies = [ + "dirs", +] + [[package]] name = "signature" version = "2.2.0" diff --git a/Cargo.toml b/Cargo.toml index a9a340f921..74f8a24149 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -69,7 +69,10 @@ ssh-key = "0.6" struct-patch = "0.4" tera = "1.19" thiserror = "1.0" -rust-embed = { version = "8.4.0", features = ["include-exclude"] } +rust-embed = { version = "8.4.0", features = [ + "include-exclude", + "interpolate-folder-path", +] } mime_guess = "2.0.4" # match axum-extra -> cookies time = { version = "0.3", default-features = false } diff --git a/defguard-core.service b/defguard-core.service new file mode 100644 index 0000000000..1671de4961 --- /dev/null +++ b/defguard-core.service @@ -0,0 +1,23 @@ +[Unit] +Description=defguard core service +Documentation=https://defguard.gitbook.io/defguard/ +Wants=network-online.target +After=network-online.target + +[Service] +DynamicUser=yes +User=defguard +ExecReload=/bin/kill -HUP $MAINPID +EnvironmentFile=/etc/defguard/core.env +ExecStart=/usr/bin/defguard-core +KillMode=process +KillSignal=SIGINT +LimitNOFILE=65536 +LimitNPROC=infinity +Restart=on-failure +RestartSec=2 +TasksMax=infinity +OOMScoreAdjust=-1000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/src/assets.rs b/src/assets.rs index 0ae3ddc743..dd3f717b0b 100644 --- a/src/assets.rs +++ b/src/assets.rs @@ -23,7 +23,7 @@ pub async fn svg(uri: Uri) -> impl IntoResponse { } #[derive(Embed)] -#[folder = "web/"] +#[folder = "$CARGO_MANIFEST_DIR/web/"] #[include = "dist/*"] #[include = "src/shared/images/*"] struct WebAsset; From 1fd3d340e74a0c44526626d48c8d6c6b68af522c Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 09:49:17 +0200 Subject: [PATCH 04/29] add newlines --- .fpm | 2 +- defguard-core.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.fpm b/.fpm index 8e75b234f2..1ab4106f85 100644 --- a/.fpm +++ b/.fpm @@ -3,4 +3,4 @@ --architecture x86_64 --description "defguard core service" --url "https://defguard.net/" ---maintainer "teonite" \ No newline at end of file +--maintainer "teonite" diff --git a/defguard-core.service b/defguard-core.service index 1671de4961..5ad5fe72a8 100644 --- a/defguard-core.service +++ b/defguard-core.service @@ -20,4 +20,4 @@ TasksMax=infinity OOMScoreAdjust=-1000 [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target From 6b052496b1e9fbea1780954d5a01b61e6183e17b Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 09:54:46 +0200 Subject: [PATCH 05/29] prepare workflow file for testing --- .github/workflows/release.yml | 86 +++++++++++++++++------------------ 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d32fa66253..9d85442bc2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,49 +5,49 @@ on: - v*.*.* jobs: - publish-docker: - runs-on: [self-hosted, Linux] - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ghcr.io/DefGuard/defguard - tags: | - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=sha - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker BuildX - uses: docker/setup-buildx-action@v3 - with: - buildkitd-config-inline: | - [registry."docker.io"] - mirrors = ["dockerhub-proxy.teonite.net"] - - name: Login to GitHub container registry - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build container - uses: docker/build-push-action@v5 - with: - context: . - platforms: linux/amd64 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + # publish-docker: + # runs-on: [self-hosted, Linux] + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # submodules: recursive + # - name: Docker meta + # id: meta + # uses: docker/metadata-action@v5 + # with: + # images: | + # ghcr.io/DefGuard/defguard + # tags: | + # type=raw,value=latest + # type=semver,pattern={{version}} + # type=semver,pattern={{major}}.{{minor}} + # type=sha + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + # - name: Set up Docker BuildX + # uses: docker/setup-buildx-action@v3 + # with: + # buildkitd-config-inline: | + # [registry."docker.io"] + # mirrors = ["dockerhub-proxy.teonite.net"] + # - name: Login to GitHub container registry + # if: github.event_name != 'pull_request' + # uses: docker/login-action@v3 + # with: + # registry: ghcr.io + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + # - name: Build container + # uses: docker/build-push-action@v5 + # with: + # context: . + # platforms: linux/amd64 + # push: ${{ github.event_name != 'pull_request' }} + # tags: ${{ steps.meta.outputs.tags }} + # labels: ${{ steps.meta.outputs.labels }} + # cache-from: type=gha + # cache-to: type=gha,mode=max create-release: name: create-release From 711c5defccaf625f4942310f7bc70075dea77a15 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:02:44 +0200 Subject: [PATCH 06/29] add packaging step for .deb --- .github/workflows/release.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9d85442bc2..8a12ef3740 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -139,3 +139,21 @@ jobs: asset_path: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz asset_name: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz asset_content_type: application/octet-stream + + - name: Build DEB package + if: matrix.build == 'linux' + uses: bpicode/github-action-fpm@master + with: + fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/sbin/defguard defguard-core.service=/usr/lib/systemd/system/defguard-core.service .env=/etc/defguard/core.env" + fpm_opts: "--debug --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.deb" + + - name: Upload DEB + if: matrix.build == 'linux' + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb + asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb + asset_content_type: application/octet-stream \ No newline at end of file From b25a40b8a74939405de95dce3be950238c2e9f4b Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:06:09 +0200 Subject: [PATCH 07/29] defguard-core -> defguard --- .fpm | 2 +- .github/workflows/release.yml | 2 +- defguard-core.service => defguard.service | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename defguard-core.service => defguard.service (93%) diff --git a/.fpm b/.fpm index 1ab4106f85..b982fd8328 100644 --- a/.fpm +++ b/.fpm @@ -1,5 +1,5 @@ -s dir ---name defguard-core +--name defguard --architecture x86_64 --description "defguard core service" --url "https://defguard.net/" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8a12ef3740..61b6fee0ad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -144,7 +144,7 @@ jobs: if: matrix.build == 'linux' uses: bpicode/github-action-fpm@master with: - fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/sbin/defguard defguard-core.service=/usr/lib/systemd/system/defguard-core.service .env=/etc/defguard/core.env" + fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/sbin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env=/etc/defguard/core.env" fpm_opts: "--debug --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.deb" - name: Upload DEB diff --git a/defguard-core.service b/defguard.service similarity index 93% rename from defguard-core.service rename to defguard.service index 5ad5fe72a8..aed049ca4a 100644 --- a/defguard-core.service +++ b/defguard.service @@ -9,7 +9,7 @@ DynamicUser=yes User=defguard ExecReload=/bin/kill -HUP $MAINPID EnvironmentFile=/etc/defguard/core.env -ExecStart=/usr/bin/defguard-core +ExecStart=/usr/bin/defguard KillMode=process KillSignal=SIGINT LimitNOFILE=65536 From 09f22c9257cbc0bef465ea94fef8e02719afcaa4 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 11:02:16 +0200 Subject: [PATCH 08/29] place the binary in /usr/bin --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 61b6fee0ad..59b9fa5f66 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -144,7 +144,7 @@ jobs: if: matrix.build == 'linux' uses: bpicode/github-action-fpm@master with: - fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/sbin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env=/etc/defguard/core.env" + fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env=/etc/defguard/core.env" fpm_opts: "--debug --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.deb" - name: Upload DEB @@ -156,4 +156,4 @@ jobs: upload_url: ${{ needs.create-release.outputs.upload_url }} asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb - asset_content_type: application/octet-stream \ No newline at end of file + asset_content_type: application/octet-stream From 01a8d7cc4287c90525522b25badf99868d220953 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 12:15:54 +0200 Subject: [PATCH 09/29] try without path interpolation --- Cargo.lock | 58 --------------------------------------------------- Cargo.toml | 5 +---- src/assets.rs | 2 +- 3 files changed, 2 insertions(+), 63 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4b776d1639..60085dcafa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1096,27 +1096,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "dirs" -version = "5.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44c45a9d03d6676652bcb5e724c7e988de1acad23a711b5217ab9cbecbec2225" -dependencies = [ - "dirs-sys", -] - -[[package]] -name = "dirs-sys" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c" -dependencies = [ - "libc", - "option-ext", - "redox_users", - "windows-sys 0.48.0", -] - [[package]] name = "displaydoc" version = "0.2.4" @@ -2275,16 +2254,6 @@ version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" -[[package]] -name = "libredox" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" -dependencies = [ - "bitflags 2.5.0", - "libc", -] - [[package]] name = "libsqlite3-sys" version = "0.27.0" @@ -2715,12 +2684,6 @@ dependencies = [ "vcpkg", ] -[[package]] -name = "option-ext" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" - [[package]] name = "ordered-float" version = "2.10.1" @@ -3322,17 +3285,6 @@ dependencies = [ "bitflags 1.3.2", ] -[[package]] -name = "redox_users" -version = "0.4.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891" -dependencies = [ - "getrandom", - "libredox", - "thiserror", -] - [[package]] name = "regex" version = "1.10.4" @@ -3539,7 +3491,6 @@ dependencies = [ "proc-macro2", "quote", "rust-embed-utils", - "shellexpand", "syn 2.0.60", "walkdir", ] @@ -4023,15 +3974,6 @@ dependencies = [ "lazy_static", ] -[[package]] -name = "shellexpand" -version = "3.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da03fa3b94cc19e3ebfc88c4229c49d8f08cdbd1228870a45f0ffdf84988e14b" -dependencies = [ - "dirs", -] - [[package]] name = "signature" version = "2.2.0" diff --git a/Cargo.toml b/Cargo.toml index 74f8a24149..a9a340f921 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -69,10 +69,7 @@ ssh-key = "0.6" struct-patch = "0.4" tera = "1.19" thiserror = "1.0" -rust-embed = { version = "8.4.0", features = [ - "include-exclude", - "interpolate-folder-path", -] } +rust-embed = { version = "8.4.0", features = ["include-exclude"] } mime_guess = "2.0.4" # match axum-extra -> cookies time = { version = "0.3", default-features = false } diff --git a/src/assets.rs b/src/assets.rs index dd3f717b0b..0ae3ddc743 100644 --- a/src/assets.rs +++ b/src/assets.rs @@ -23,7 +23,7 @@ pub async fn svg(uri: Uri) -> impl IntoResponse { } #[derive(Embed)] -#[folder = "$CARGO_MANIFEST_DIR/web/"] +#[folder = "web/"] #[include = "dist/*"] #[include = "src/shared/images/*"] struct WebAsset; From 4d06df6e21995d3cd2153ad00836f695a24048c0 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 13:07:34 +0200 Subject: [PATCH 10/29] try without cross compilation --- .github/workflows/release.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 59b9fa5f66..b24879ae11 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -71,20 +71,21 @@ jobs: strategy: fail-fast: false matrix: - build: [ linux, linux-arm, linux-arm64, freebsd ] + # build: [ linux, linux-arm, linux-arm64, freebsd ] + build: [ linux ] include: - build: linux os: Linux target: x86_64-unknown-linux-gnu - - build: linux-arm - os: Linux - target: armv7-unknown-linux-gnueabihf - - build: linux-arm64 - os: Linux - target: aarch64-unknown-linux-gnu - - build: freebsd - os: Linux - target: x86_64-unknown-freebsd + # - build: linux-arm + # os: Linux + # target: armv7-unknown-linux-gnueabihf + # - build: linux-arm64 + # os: Linux + # target: aarch64-unknown-linux-gnu + # - build: freebsd + # os: Linux + # target: x86_64-unknown-freebsd steps: # Store the version, stripping any v-prefix - name: Write release version @@ -115,7 +116,7 @@ jobs: - name: Build release binary uses: actions-rs/cargo@v1 with: - use-cross: true + # use-cross: true command: build args: --locked --release --target ${{ matrix.target }} From de4c490b988c2cd9b026d97d012bdbba3217e621 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 13:31:25 +0200 Subject: [PATCH 11/29] try with env passthrough --- .github/workflows/release.yml | 2 +- Cross.toml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b24879ae11..6e6b2e3589 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -116,7 +116,7 @@ jobs: - name: Build release binary uses: actions-rs/cargo@v1 with: - # use-cross: true + use-cross: true command: build args: --locked --release --target ${{ matrix.target }} diff --git a/Cross.toml b/Cross.toml index 2f0e1f5147..ca8ac561ec 100644 --- a/Cross.toml +++ b/Cross.toml @@ -1,5 +1,5 @@ [build.env] -passthrough = ["SQLX_OFFLINE=true"] +passthrough = ["SQLX_OFFLINE=true", "CARGO_MANIFEST_DIR"] [target.x86_64-unknown-linux-gnu] image = "ghcr.io/defguard/cross:x86_64-unknown-linux-gnu" @@ -7,7 +7,7 @@ pre-build = [ "apt-get update && apt-get install --assume-yes libssl-dev unzip", "PB_REL='https://github.com/protocolbuffers/protobuf/releases'", "PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", - "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr" + "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr", ] [target.armv7-unknown-linux-gnueabihf] @@ -17,7 +17,7 @@ pre-build = [ "apt-get update && apt-get install --assume-yes libssl-dev libssl-dev:$CROSS_DEB_ARCH unzip", "PB_REL='https://github.com/protocolbuffers/protobuf/releases'", "PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", - "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr" + "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr", ] [target.aarch64-unknown-linux-gnu] @@ -27,7 +27,7 @@ pre-build = [ "apt-get update && apt-get install --assume-yes libssl-dev libssl-dev:$CROSS_DEB_ARCH unzip", "PB_REL='https://github.com/protocolbuffers/protobuf/releases'", "PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", - "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr" + "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr", ] @@ -37,5 +37,5 @@ pre-build = [ "apt-get update && apt-get install --assume-yes libssl-dev unzip", "PB_REL='https://github.com/protocolbuffers/protobuf/releases'", "PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", - "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr" + "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr", ] From c3f44370c693e01bbbaf2281c9ca1f8cf94666f1 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 13:32:40 +0200 Subject: [PATCH 12/29] env -> conf --- .github/workflows/release.yml | 2 +- defguard.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6e6b2e3589..335af69ad2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -145,7 +145,7 @@ jobs: if: matrix.build == 'linux' uses: bpicode/github-action-fpm@master with: - fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env=/etc/defguard/core.env" + fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env=/etc/defguard/core.conf" fpm_opts: "--debug --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.deb" - name: Upload DEB diff --git a/defguard.service b/defguard.service index aed049ca4a..49e5721234 100644 --- a/defguard.service +++ b/defguard.service @@ -8,7 +8,7 @@ After=network-online.target DynamicUser=yes User=defguard ExecReload=/bin/kill -HUP $MAINPID -EnvironmentFile=/etc/defguard/core.env +EnvironmentFile=/etc/defguard/core.conf ExecStart=/usr/bin/defguard KillMode=process KillSignal=SIGINT From 6108196756d0d05899921352cf01ca6b93c2aea3 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 13:58:28 +0200 Subject: [PATCH 13/29] add frontend building step --- .github/workflows/ci.yml | 4 ++-- .github/workflows/release.yml | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4bb06a295b..91f4a1a72f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,14 +4,14 @@ on: push: branches: - main - - dev + # - dev paths-ignore: - "*.md" - "LICENSE" pull_request: branches: - main - - dev + # - dev paths-ignore: - "*.md" - "LICENSE" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 335af69ad2..2a4a144b92 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -113,6 +113,25 @@ jobs: [registry."docker.io"] mirrors = ["dockerhub-proxy.teonite.net"] + - name: Install pnpm + uses: pnpm/action-setup@v4 + with: + version: 9 + + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node-version }} + cache: 'pnpm' + + - name: Install frontend dependencies + run: pnpm install + working-directory: web + + - name: Build frontend + run: pnpm build + working-directory: web + - name: Build release binary uses: actions-rs/cargo@v1 with: From 391b76cf07669c4fa9bf81aa7e8efed299d78779 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 14:04:19 +0200 Subject: [PATCH 14/29] set node version --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2a4a144b92..e5402d3843 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -86,6 +86,7 @@ jobs: # - build: freebsd # os: Linux # target: x86_64-unknown-freebsd + node-version: [20] steps: # Store the version, stripping any v-prefix - name: Write release version From 198ca8817e6b912e4cc3876d8b4d20bc8a599291 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 14:27:45 +0200 Subject: [PATCH 15/29] add cache dependency path --- .github/workflows/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e5402d3843..ccc2380d25 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -119,11 +119,12 @@ jobs: with: version: 9 - - name: Use Node.js ${{ matrix.node-version }} + - name: Use Node.js 20 uses: actions/setup-node@v4 with: - node-version: ${{ matrix.node-version }} + node-version: 20 cache: 'pnpm' + cache-dependency-path: web/pnpm-lock.json - name: Install frontend dependencies run: pnpm install From e8c13166b65fc48aa7715ac0cbbea88c7513ae60 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 14:28:43 +0200 Subject: [PATCH 16/29] remove node version from matrix --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ccc2380d25..80417b6e4e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -86,7 +86,6 @@ jobs: # - build: freebsd # os: Linux # target: x86_64-unknown-freebsd - node-version: [20] steps: # Store the version, stripping any v-prefix - name: Write release version From b2f6a37d73e54820aacf55cbca8d9a11cf96357a Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 14:32:25 +0200 Subject: [PATCH 17/29] fix path --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 80417b6e4e..09ad7b3887 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,7 +123,7 @@ jobs: with: node-version: 20 cache: 'pnpm' - cache-dependency-path: web/pnpm-lock.json + cache-dependency-path: ./web/pnpm-lock.yaml - name: Install frontend dependencies run: pnpm install From f30b25fa7f198cb347b1c49d550f73f84ba90f71 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 14:42:08 +0200 Subject: [PATCH 18/29] frozen lockfile --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 09ad7b3887..b058c4fc20 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -126,7 +126,7 @@ jobs: cache-dependency-path: ./web/pnpm-lock.yaml - name: Install frontend dependencies - run: pnpm install + run: pnpm install --ignore-scripts --frozen-lockfile working-directory: web - name: Build frontend From f96f1a70f7b7ed2e4f7bb2af50a0110e08a6427d Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 21 Jun 2024 14:48:08 +0200 Subject: [PATCH 19/29] build rpm --- .github/workflows/release.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b058c4fc20..7656df57c1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -178,3 +178,21 @@ jobs: asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb asset_content_type: application/octet-stream + + - name: Build RPM package + if: matrix.build == 'linux' + uses: bpicode/github-action-fpm@master + with: + fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env=/etc/defguard/core.conf" + fpm_opts: "--debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm" + + - name: Upload RPM + if: matrix.build == 'linux' + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm + asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm + asset_content_type: application/octet-stream \ No newline at end of file From 8e70feb61136ea6b90325fd233232fd9dc3b456a Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 10:35:21 +0200 Subject: [PATCH 20/29] cleanup and fix docker --- Cross.toml | 2 +- Dockerfile | 30 +++++++++++++++--------------- Dockerfile.ci | 1 - 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/Cross.toml b/Cross.toml index ca8ac561ec..499cd583a9 100644 --- a/Cross.toml +++ b/Cross.toml @@ -1,5 +1,5 @@ [build.env] -passthrough = ["SQLX_OFFLINE=true", "CARGO_MANIFEST_DIR"] +passthrough = ["SQLX_OFFLINE=true"] [target.x86_64-unknown-linux-gnu] image = "ghcr.io/defguard/cross:x86_64-unknown-linux-gnu" diff --git a/Dockerfile b/Dockerfile index e25ee8b1dc..6de604ecdd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,15 @@ +FROM node:20.5-alpine3.17 as web + +WORKDIR /app +COPY web/package.json . +COPY web/pnpm-lock.yaml . +COPY web/.npmrc . +RUN npm i -g pnpm +RUN pnpm install --ignore-scripts --frozen-lockfile +COPY web/ . +RUN pnpm run generate-translation-types +RUN pnpm build + FROM rust:1.77 as chef WORKDIR /build @@ -20,6 +32,9 @@ COPY --from=planner /build/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json # build project +COPY --from=web /app/dist ./web/dist +COPY web/src/shared/images/svg ./web/src/shared/images/svg +COPY user_agent_header_regexes.yaml /build/user_agent_header_regexes.yaml RUN apt-get update && apt-get -y install protobuf-compiler libprotobuf-dev COPY Cargo.toml Cargo.lock build.rs ./ COPY .sqlx .sqlx @@ -30,26 +45,11 @@ COPY proto proto COPY migrations migrations RUN cargo install --locked --path . --root /build -FROM node:20.5-alpine3.17 as web - -WORKDIR /app -COPY web/package.json . -COPY web/pnpm-lock.yaml . -COPY web/.npmrc . -RUN npm i -g pnpm -RUN pnpm install --ignore-scripts --frozen-lockfile -COPY web/ . -RUN pnpm run generate-translation-types -RUN pnpm build - # run FROM debian:bookworm-slim as runtime RUN apt-get update -y && \ apt-get install --no-install-recommends -y ca-certificates libssl-dev && \ rm -rf /var/lib/apt/lists/* -COPY user_agent_header_regexes.yaml /app/user_agent_header_regexes.yaml WORKDIR /app COPY --from=builder /build/bin/defguard . -COPY --from=web /app/dist ./web/dist -COPY web/src/shared/images/svg ./web/src/shared/images/svg ENTRYPOINT ["./defguard"] diff --git a/Dockerfile.ci b/Dockerfile.ci index 0f77ae45b9..5aa26f2683 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -13,6 +13,5 @@ RUN apt-get update -y && \ apt-get install --no-install-recommends -y ca-certificates && \ rm -rf /var/lib/apt/lists/* COPY build/bin/defguard . -COPY --from=web /app/dist ./web USER 1000 ENTRYPOINT ["./defguard"] From 886605fca274fac0de5bacc687541cd688ba01ec Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 11:15:41 +0200 Subject: [PATCH 21/29] fix .env file --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 344ede6fcd..60c27c65ab 100644 --- a/.env +++ b/.env @@ -13,7 +13,7 @@ DEFGUARD_DEFAULT_ADMIN_PASSWORD=pass123 ### Proxy configuration ### # Optional. URL of proxy gRPC server -# DEFGUARD_PROXY_URL: http://localhost:50051 +# DEFGUARD_PROXY_URL=http://localhost:50051 ### LDAP configuration ### DEFGUARD_LDAP_URL=ldap://localhost:389 From 713908975ba60e11cfb34f5c550f237eb3179e44 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 12:08:33 +0200 Subject: [PATCH 22/29] remove possibly unnecessary step --- Dockerfile.ci | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/Dockerfile.ci b/Dockerfile.ci index 5aa26f2683..f9385259a2 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -1,13 +1,3 @@ -FROM node:20.5-alpine3.17 as web -WORKDIR /app -COPY web/package.json . -COPY web/pnpm-lock.yaml . -COPY web/.npmrc . -RUN npm i -g pnpm -RUN pnpm i --frozen-lockfile --ignore-scripts -COPY web/ . -RUN pnpm build - FROM debian:bullseye-slim RUN apt-get update -y && \ apt-get install --no-install-recommends -y ca-certificates && \ From b29daf4bfb29edd790618c2908833233c6121961 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 12:11:58 +0200 Subject: [PATCH 23/29] cleanup --- .github/workflows/ci.yml | 4 ++-- .github/workflows/release.yml | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 91f4a1a72f..4bb06a295b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,14 +4,14 @@ on: push: branches: - main - # - dev + - dev paths-ignore: - "*.md" - "LICENSE" pull_request: branches: - main - # - dev + - dev paths-ignore: - "*.md" - "LICENSE" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7656df57c1..f5276cfcf5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -71,21 +71,20 @@ jobs: strategy: fail-fast: false matrix: - # build: [ linux, linux-arm, linux-arm64, freebsd ] - build: [ linux ] + build: [ linux, linux-arm, linux-arm64, freebsd ] include: - build: linux os: Linux target: x86_64-unknown-linux-gnu - # - build: linux-arm - # os: Linux - # target: armv7-unknown-linux-gnueabihf - # - build: linux-arm64 - # os: Linux - # target: aarch64-unknown-linux-gnu - # - build: freebsd - # os: Linux - # target: x86_64-unknown-freebsd + - build: linux-arm + os: Linux + target: armv7-unknown-linux-gnueabihf + - build: linux-arm64 + os: Linux + target: aarch64-unknown-linux-gnu + - build: freebsd + os: Linux + target: x86_64-unknown-freebsd steps: # Store the version, stripping any v-prefix - name: Write release version From f6b1cd0cf5794e54af5a9cd223b1809ac1121fcf Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 12:44:36 +0200 Subject: [PATCH 24/29] cleanup 2 --- .github/workflows/release.yml | 86 +++++++++++++++++------------------ 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f5276cfcf5..4f54c414de 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,49 +5,49 @@ on: - v*.*.* jobs: - # publish-docker: - # runs-on: [self-hosted, Linux] - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # submodules: recursive - # - name: Docker meta - # id: meta - # uses: docker/metadata-action@v5 - # with: - # images: | - # ghcr.io/DefGuard/defguard - # tags: | - # type=raw,value=latest - # type=semver,pattern={{version}} - # type=semver,pattern={{major}}.{{minor}} - # type=sha - # - name: Set up QEMU - # uses: docker/setup-qemu-action@v3 - # - name: Set up Docker BuildX - # uses: docker/setup-buildx-action@v3 - # with: - # buildkitd-config-inline: | - # [registry."docker.io"] - # mirrors = ["dockerhub-proxy.teonite.net"] - # - name: Login to GitHub container registry - # if: github.event_name != 'pull_request' - # uses: docker/login-action@v3 - # with: - # registry: ghcr.io - # username: ${{ github.actor }} - # password: ${{ secrets.GITHUB_TOKEN }} - # - name: Build container - # uses: docker/build-push-action@v5 - # with: - # context: . - # platforms: linux/amd64 - # push: ${{ github.event_name != 'pull_request' }} - # tags: ${{ steps.meta.outputs.tags }} - # labels: ${{ steps.meta.outputs.labels }} - # cache-from: type=gha - # cache-to: type=gha,mode=max + publish-docker: + runs-on: [self-hosted, Linux] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/DefGuard/defguard + tags: | + type=raw,value=latest + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker BuildX + uses: docker/setup-buildx-action@v3 + with: + buildkitd-config-inline: | + [registry."docker.io"] + mirrors = ["dockerhub-proxy.teonite.net"] + - name: Login to GitHub container registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build container + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max create-release: name: create-release From ad3c132cd81b8fec4111109a44ff6bd9c1c657f4 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 16:12:20 +0200 Subject: [PATCH 25/29] sort cargo toml --- Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a9a340f921..c16c5d99e4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,6 +35,7 @@ jsonwebtoken = "9.2" ldap3 = { version = "0.11", default-features = false, features = ["tls"] } lettre = { version = "0.11", features = ["tokio1", "tokio1-native-tls"] } md4 = "0.10" +mime_guess = "2.0" otpauth = "0.4" openidconnect = { version = "3.4", default-features = false, optional = true } pulldown-cmark = "0.9" @@ -45,6 +46,7 @@ rand_core = { version = "0.6", default-features = false, features = [ ] } reqwest = { version = "0.11", features = ["json"] } rsa = { version = "0.9", features = ["pem"] } +rust-embed = { version = "8.4", features = ["include-exclude"] } rust-ini = "0.20" secp256k1 = { version = "0.28", features = [ "recovery", @@ -69,8 +71,6 @@ ssh-key = "0.6" struct-patch = "0.4" tera = "1.19" thiserror = "1.0" -rust-embed = { version = "8.4.0", features = ["include-exclude"] } -mime_guess = "2.0.4" # match axum-extra -> cookies time = { version = "0.3", default-features = false } tiny-keccak = { version = "2.0", features = ["keccak"] } From 08207a6a1406d87463a0d5100a9dba15bdc986fe Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 16:23:30 +0200 Subject: [PATCH 26/29] add new lines --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4f54c414de..26ce3bb53c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -194,4 +194,4 @@ jobs: upload_url: ${{ needs.create-release.outputs.upload_url }} asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm - asset_content_type: application/octet-stream \ No newline at end of file + asset_content_type: application/octet-stream From a5cafa238d79966c4ee0b9262a4977a007cd5d88 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 16:46:29 +0200 Subject: [PATCH 27/29] change dockerfile --- Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6de604ecdd..8762ea0045 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,7 @@ -FROM node:20.5-alpine3.17 as web +FROM node:20-alpine as web WORKDIR /app -COPY web/package.json . -COPY web/pnpm-lock.yaml . -COPY web/.npmrc . +COPY web/package.json web/pnpm-lock.yaml web/.npmrc . RUN npm i -g pnpm RUN pnpm install --ignore-scripts --frozen-lockfile COPY web/ . From e9ff165d823d6fbe0697948262a94c85a3995129 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 24 Jun 2024 16:56:38 +0200 Subject: [PATCH 28/29] sort whole file --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c16c5d99e4..03dffaa5fb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,7 +9,6 @@ repository = "https://github.com/DefGuard/defguard" [workspace] [dependencies] -model_derive = { path = "model-derive" } anyhow = "1.0" argon2 = { version = "0.5", features = ["std"] } axum = { version = "0.7" } @@ -36,10 +35,11 @@ ldap3 = { version = "0.11", default-features = false, features = ["tls"] } lettre = { version = "0.11", features = ["tokio1", "tokio1-native-tls"] } md4 = "0.10" mime_guess = "2.0" -otpauth = "0.4" +model_derive = { path = "model-derive" } openidconnect = { version = "3.4", default-features = false, optional = true } -pulldown-cmark = "0.9" +otpauth = "0.4" prost = "0.12" +pulldown-cmark = "0.9" rand = "0.8" rand_core = { version = "0.6", default-features = false, features = [ "getrandom", From faf4f248c222a497fe47060a976055b513ec823b Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Tue, 25 Jun 2024 09:35:23 +0200 Subject: [PATCH 29/29] remove unused file --- Dockerfile.ci | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 Dockerfile.ci diff --git a/Dockerfile.ci b/Dockerfile.ci deleted file mode 100644 index f9385259a2..0000000000 --- a/Dockerfile.ci +++ /dev/null @@ -1,7 +0,0 @@ -FROM debian:bullseye-slim -RUN apt-get update -y && \ - apt-get install --no-install-recommends -y ca-certificates && \ - rm -rf /var/lib/apt/lists/* -COPY build/bin/defguard . -USER 1000 -ENTRYPOINT ["./defguard"]