enabling support for wireguard and firewall (#2713)

* wip: enabling support for wireguard and firewall * wip * wip * wip * wip * wip * implement some things * fix warning * wip * alpha.23 * misc fixes * remove ufw since no longer required * remove debug info * add cli bindings * debugging * fixes * individualized acme and privacy settings for domains and bindings * sdk version bump * migration * misc fixes * refactor Host::update * debug info * refactor webserver * misc fixes * misc fixes * refactor port forwarding * recheck interfaces every 5 min if no dbus event * misc fixes and cleanup * misc fixes
2026-03-30 12:11:56 +00:00 · 2025-01-09 16:34:34 -07:00
parent 45ca9405d3
commit 29e8210782
144 changed files with 4878 additions and 2398 deletions
--- a/core/startos/src/bins/container_cli.rs
+++ b/core/startos/src/bins/container_cli.rs
@@ -4,7 +4,7 @@ use rpc_toolkit::CliApp;
 use serde_json::Value;

 use crate::service::cli::{ContainerCliContext, ContainerClientConfig};
-use crate::util::logger::EmbassyLogger;
+use crate::util::logger::LOGGER;
 use crate::version::{Current, VersionT};

 lazy_static::lazy_static! {
@@ -12,7 +12,7 @@ lazy_static::lazy_static! {
 }

 pub fn main(args: impl IntoIterator<Item = OsString>) {
-    EmbassyLogger::init();
+    LOGGER.enable();
    if let Err(e) = CliApp::new(
        |cfg: ContainerClientConfig| Ok(ContainerCliContext::init(cfg)),
        crate::service::effects::handler(),
--- a/core/startos/src/bins/registry.rs
+++ b/core/startos/src/bins/registry.rs
@@ -1,20 +1,20 @@
 use std::ffi::OsString;

 use clap::Parser;
-use futures::FutureExt;
+use futures::{FutureExt};
 use tokio::signal::unix::signal;
 use tracing::instrument;

-use crate::net::web_server::WebServer;
+use crate::net::web_server::{Acceptor, WebServer};
 use crate::prelude::*;
 use crate::registry::context::{RegistryConfig, RegistryContext};
-use crate::util::logger::EmbassyLogger;
+use crate::util::logger::LOGGER;

 #[instrument(skip_all)]
 async fn inner_main(config: &RegistryConfig) -> Result<(), Error> {
    let server = async {
        let ctx = RegistryContext::init(config).await?;
-        let mut server = WebServer::new(ctx.listen);
+        let mut server = WebServer::new(Acceptor::bind([ctx.listen]).await?);
        server.serve_registry(ctx.clone());

        let mut shutdown_recv = ctx.shutdown.subscribe();
@@ -63,7 +63,7 @@ async fn inner_main(config: &RegistryConfig) -> Result<(), Error> {
 }

 pub fn main(args: impl IntoIterator<Item = OsString>) {
-    EmbassyLogger::init();
+    LOGGER.enable();

    let config = RegistryConfig::parse_from(args).load().unwrap();

--- a/core/startos/src/bins/start_cli.rs
+++ b/core/startos/src/bins/start_cli.rs
@@ -5,7 +5,7 @@ use serde_json::Value;

 use crate::context::config::ClientConfig;
 use crate::context::CliContext;
-use crate::util::logger::EmbassyLogger;
+use crate::util::logger::LOGGER;
 use crate::version::{Current, VersionT};

 lazy_static::lazy_static! {
@@ -13,7 +13,8 @@ lazy_static::lazy_static! {
 }

 pub fn main(args: impl IntoIterator<Item = OsString>) {
-    EmbassyLogger::init();
+    LOGGER.enable();
+
    if let Err(e) = CliApp::new(
        |cfg: ClientConfig| Ok(CliContext::init(cfg.load()?)?),
        crate::expanded_api(),
--- a/core/startos/src/bins/start_init.rs
+++ b/core/startos/src/bins/start_init.rs
@@ -1,3 +1,4 @@
+use std::path::Path;
 use std::sync::Arc;

 use tokio::process::Command;
@@ -11,16 +12,16 @@ use crate::disk::main::DEFAULT_PASSWORD;
 use crate::disk::REPAIR_DISK_PATH;
 use crate::firmware::{check_for_firmware_update, update_firmware};
 use crate::init::{InitPhases, InitResult, STANDBY_MODE_PATH};
-use crate::net::web_server::WebServer;
+use crate::net::web_server::{UpgradableListener, WebServer};
 use crate::prelude::*;
 use crate::progress::FullProgressTracker;
 use crate::shutdown::Shutdown;
 use crate::util::Invoke;
-use crate::PLATFORM;
+use crate::{DATA_DIR, PLATFORM};

 #[instrument(skip_all)]
 async fn setup_or_init(
-    server: &mut WebServer,
+    server: &mut WebServer<UpgradableListener>,
    config: &ServerConfig,
 ) -> Result<Result<(RpcContext, FullProgressTracker), Shutdown>, Error> {
    if let Some(firmware) = check_for_firmware_update()
@@ -111,7 +112,7 @@ async fn setup_or_init(
        .await
        .is_err()
    {
-        let ctx = SetupContext::init(config)?;
+        let ctx = SetupContext::init(server, config)?;

        server.serve_setup(ctx.clone());

@@ -156,7 +157,7 @@ async fn setup_or_init(
            let disk_guid = Arc::new(String::from(guid_string.trim()));
            let requires_reboot = crate::disk::main::import(
                &**disk_guid,
-                config.datadir(),
+                DATA_DIR,
                if tokio::fs::metadata(REPAIR_DISK_PATH).await.is_ok() {
                    RepairStrategy::Aggressive
                } else {
@@ -178,18 +179,26 @@ async fn setup_or_init(
            tracing::info!("Loaded Disk");

            if requires_reboot.0 {
+                tracing::info!("Rebooting...");
                let mut reboot_phase = handle.add_phase("Rebooting".into(), Some(1));
                reboot_phase.start();
                return Ok(Err(Shutdown {
-                    export_args: Some((disk_guid, config.datadir().to_owned())),
+                    export_args: Some((disk_guid, Path::new(DATA_DIR).to_owned())),
                    restart: true,
                }));
            }

-            let InitResult { net_ctrl } = crate::init::init(config, init_phases).await?;
+            let InitResult { net_ctrl } =
+                crate::init::init(&server.acceptor_setter(), config, init_phases).await?;

-            let rpc_ctx =
-                RpcContext::init(config, disk_guid, Some(net_ctrl), rpc_ctx_phases).await?;
+            let rpc_ctx = RpcContext::init(
+                &server.acceptor_setter(),
+                config,
+                disk_guid,
+                Some(net_ctrl),
+                rpc_ctx_phases,
+            )
+            .await?;

            Ok::<_, Error>(Ok((rpc_ctx, handle)))
        }
@@ -203,7 +212,7 @@ async fn setup_or_init(

 #[instrument(skip_all)]
 pub async fn main(
-    server: &mut WebServer,
+    server: &mut WebServer<UpgradableListener>,
    config: &ServerConfig,
 ) -> Result<Result<(RpcContext, FullProgressTracker), Shutdown>, Error> {
    if &*PLATFORM == "raspberrypi" && tokio::fs::metadata(STANDBY_MODE_PATH).await.is_ok() {
--- a/core/startos/src/bins/startd.rs
+++ b/core/startos/src/bins/startd.rs
@@ -1,6 +1,6 @@
 use std::cmp::max;
 use std::ffi::OsString;
-use std::net::{Ipv6Addr, SocketAddr};
+use std::net::IpAddr;
 use std::sync::Arc;

 use clap::Parser;
@@ -12,21 +12,26 @@ use tracing::instrument;
 use crate::context::config::ServerConfig;
 use crate::context::rpc::InitRpcContextPhases;
 use crate::context::{DiagnosticContext, InitContext, RpcContext};
-use crate::net::web_server::WebServer;
+use crate::net::utils::ipv6_is_local;
+use crate::net::web_server::{Acceptor, UpgradableListener, WebServer};
 use crate::shutdown::Shutdown;
 use crate::system::launch_metrics_task;
-use crate::util::logger::EmbassyLogger;
+use crate::util::io::append_file;
+use crate::util::logger::LOGGER;
 use crate::{Error, ErrorKind, ResultExt};

 #[instrument(skip_all)]
 async fn inner_main(
-    server: &mut WebServer,
+    server: &mut WebServer<UpgradableListener>,
    config: &ServerConfig,
 ) -> Result<Option<Shutdown>, Error> {
    let rpc_ctx = if !tokio::fs::metadata("/run/startos/initialized")
        .await
        .is_ok()
    {
+        LOGGER.set_logfile(Some(
+            append_file("/run/startos/init.log").await?.into_std().await,
+        ));
        let (ctx, handle) = match super::start_init::main(server, &config).await? {
            Err(s) => return Ok(Some(s)),
            Ok(ctx) => ctx,
@@ -34,6 +39,7 @@ async fn inner_main(
        tokio::fs::write("/run/startos/initialized", "").await?;

        server.serve_main(ctx.clone());
+        LOGGER.set_logfile(None);
        handle.complete();

        ctx
@@ -44,6 +50,7 @@ async fn inner_main(
        server.serve_init(init_ctx);

        let ctx = RpcContext::init(
+            &server.acceptor_setter(),
            config,
            Arc::new(
                tokio::fs::read_to_string("/media/startos/config/disk.guid") // unique identifier for volume group - keeps track of the disk that goes with your embassy
@@ -131,7 +138,7 @@ async fn inner_main(
 }

 pub fn main(args: impl IntoIterator<Item = OsString>) {
-    EmbassyLogger::init();
+    LOGGER.enable();

    let config = ServerConfig::parse_from(args).load().unwrap();

@@ -142,7 +149,18 @@ pub fn main(args: impl IntoIterator<Item = OsString>) {
            .build()
            .expect("failed to initialize runtime");
        rt.block_on(async {
-            let mut server = WebServer::new(SocketAddr::new(Ipv6Addr::UNSPECIFIED.into(), 80));
+            let addrs = crate::net::utils::all_socket_addrs_for(80).await?;
+            let mut server = WebServer::new(
+                Acceptor::bind_upgradable(addrs.into_iter().filter(|addr| match addr.ip() {
+                    IpAddr::V4(ip4) => {
+                        ip4.is_loopback()
+                        || (ip4.is_private() && !ip4.octets().starts_with(&[10, 59])) // reserving 10.59 for public wireguard configurations
+                        || ip4.is_link_local()
+                    }
+                    IpAddr::V6(ip6) => ipv6_is_local(ip6),
+                }))
+                .await?,
+            );
            match inner_main(&mut server, &config).await {
                Ok(a) => {
                    server.shutdown().await;