enabling support for wireguard and firewall (#2713)

* wip: enabling support for wireguard and firewall

* wip

* wip

* wip

* wip

* wip

* implement some things

* fix warning

* wip

* alpha.23

* misc fixes

* remove ufw since no longer required

* remove debug info

* add cli bindings

* debugging

* fixes

* individualized acme and privacy settings for domains and bindings

* sdk version bump

* migration

* misc fixes

* refactor Host::update

* debug info

* refactor webserver

* misc fixes

* misc fixes

* refactor port forwarding

* recheck interfaces every 5 min if no dbus event

* misc fixes and cleanup

* misc fixes

core/startos/src/service/effects/callbacks.rs

@@ -294,7 +294,7 @@ impl CallbackHandler {
         }
     }
     pub async fn call(mut self, args: Vector<Value>) -> Result<(), Error> {
-        dbg!(eyre!("callback fired: {}", self.handle.is_active()));
+        crate::dbg!(eyre!("callback fired: {}", self.handle.is_active()));
         if let Some(seed) = self.seed.upgrade() {
             seed.persistent_container
                 .callback(self.handle.take(), args)

core/startos/src/service/effects/dependency.rs

@@ -17,11 +17,11 @@ use crate::db::model::package::{
 use crate::disk::mount::filesystem::bind::Bind;
 use crate::disk::mount::filesystem::idmapped::IdMapped;
 use crate::disk::mount::filesystem::{FileSystem, MountType};
-use crate::rpc_continuations::Guid;
 use crate::service::effects::prelude::*;
 use crate::status::health_check::NamedHealthCheckResult;
 use crate::util::Invoke;
 use crate::volume::data_dir;
+use crate::DATA_DIR;
 
 #[derive(Debug, Clone, Serialize, Deserialize, TS)]
 #[ts(export)]
@@ -55,7 +55,7 @@ pub async fn mount(
     let context = context.deref()?;
     let subpath = subpath.unwrap_or_default();
     let subpath = subpath.strip_prefix("/").unwrap_or(&subpath);
-    let source = data_dir(&context.seed.ctx.datadir, &package_id, &volume_id).join(subpath);
+    let source = data_dir(DATA_DIR, &package_id, &volume_id).join(subpath);
     if tokio::fs::metadata(&source).await.is_err() {
         tokio::fs::create_dir_all(&source).await?;
     }

core/startos/src/service/effects/mod.rs

@@ -130,10 +130,6 @@ pub fn handler<C: Context>() -> ParentHandler<C> {
             "get-host-info",
             from_fn_async(net::host::get_host_info).no_cli(),
         )
-        .subcommand(
-            "get-primary-url",
-            from_fn_async(net::host::get_primary_url).no_cli(),
-        )
         .subcommand(
             "get-container-ip",
             from_fn_async(net::info::get_container_ip).no_cli(),

core/startos/src/service/effects/net/bind.rs

@@ -1,6 +1,6 @@
 use models::{HostId, PackageId};
 
-use crate::net::host::binding::{BindId, BindOptions, LanInfo};
+use crate::net::host::binding::{BindId, BindOptions, NetInfo};
 use crate::net::host::HostKind;
 use crate::service::effects::prelude::*;
 
@@ -53,15 +53,36 @@ pub struct GetServicePortForwardParams {
     #[ts(optional)]
     package_id: Option<PackageId>,
     host_id: HostId,
-    internal_port: u32,
+    internal_port: u16,
 }
 pub async fn get_service_port_forward(
     context: EffectContext,
-    data: GetServicePortForwardParams,
-) -> Result<LanInfo, Error> {
-    let internal_port = data.internal_port as u16;
-
+    GetServicePortForwardParams {
+        package_id,
+        host_id,
+        internal_port,
+    }: GetServicePortForwardParams,
+) -> Result<NetInfo, Error> {
     let context = context.deref()?;
-    let net_service = context.seed.persistent_container.net_service.lock().await;
-    net_service.get_lan_port(data.host_id, internal_port)
+
+    let package_id = package_id.unwrap_or_else(|| context.seed.id.clone());
+
+    Ok(context
+        .seed
+        .ctx
+        .db
+        .peek()
+        .await
+        .as_public()
+        .as_package_data()
+        .as_idx(&package_id)
+        .or_not_found(&package_id)?
+        .as_hosts()
+        .as_idx(&host_id)
+        .or_not_found(&host_id)?
+        .as_bindings()
+        .de()?
+        .get(&internal_port)
+        .or_not_found(lazy_format!("binding for port {internal_port}"))?
+        .net)
 }

core/startos/src/service/effects/net/host.rs

@@ -1,35 +1,10 @@
 use models::{HostId, PackageId};
 
-use crate::net::host::address::HostAddress;
 use crate::net::host::Host;
 use crate::service::effects::callbacks::CallbackHandler;
 use crate::service::effects::prelude::*;
 use crate::service::rpc::CallbackId;
 
-#[derive(Debug, Clone, Serialize, Deserialize, TS)]
-#[ts(export)]
-#[serde(rename_all = "camelCase")]
-pub struct GetPrimaryUrlParams {
-    #[ts(optional)]
-    package_id: Option<PackageId>,
-    host_id: HostId,
-    #[ts(optional)]
-    callback: Option<CallbackId>,
-}
-pub async fn get_primary_url(
-    context: EffectContext,
-    GetPrimaryUrlParams {
-        package_id,
-        host_id,
-        callback,
-    }: GetPrimaryUrlParams,
-) -> Result<Option<HostAddress>, Error> {
-    let context = context.deref()?;
-    let package_id = package_id.unwrap_or_else(|| context.seed.id.clone());
-
-    Ok(None) // TODO
-}
-
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export)]

core/startos/src/service/effects/net/interface.rs

@@ -15,7 +15,6 @@ pub struct ExportServiceInterfaceParams {
     id: ServiceInterfaceId,
     name: String,
     description: String,
-    has_primary: bool,
     masked: bool,
     address_info: AddressInfo,
     r#type: ServiceInterfaceType,
@@ -26,7 +25,6 @@ pub async fn export_service_interface(
         id,
         name,
         description,
-        has_primary,
         masked,
         address_info,
         r#type,
@@ -39,7 +37,6 @@ pub async fn export_service_interface(
         id: id.clone(),
         name,
         description,
-        has_primary,
         masked,
         address_info,
         interface_type: r#type,

core/startos/src/service/effects/net/ssl.rs

@@ -51,10 +51,16 @@ pub async fn get_ssl_certificate(
                 .iter()
                 .map(|(_, m)| m.as_hosts().as_entries())
                 .flatten_ok()
-                .map_ok(|(_, m)| m.as_addresses().de())
+                .map_ok(|(_, m)| {
+                    Ok(m.as_onions()
+                        .de()?
+                        .iter()
+                        .map(InternedString::from_display)
+                        .chain(m.as_domains().keys()?)
+                        .collect::<Vec<_>>())
+                })
                 .map(|a| a.and_then(|a| a))
                 .flatten_ok()
-                .map_ok(|a| InternedString::from_display(&a))
                 .try_collect::<_, BTreeSet<_>, _>()?;
             for hostname in &hostnames {
                 if let Some(internal) = hostname
@@ -135,10 +141,16 @@ pub async fn get_ssl_key(
                 .into_iter()
                 .map(|m| m.as_hosts().as_entries())
                 .flatten_ok()
-                .map_ok(|(_, m)| m.as_addresses().de())
+                .map_ok(|(_, m)| {
+                    Ok(m.as_onions()
+                        .de()?
+                        .iter()
+                        .map(InternedString::from_display)
+                        .chain(m.as_domains().keys()?)
+                        .collect::<Vec<_>>())
+                })
                 .map(|a| a.and_then(|a| a))
                 .flatten_ok()
-                .map_ok(|a| InternedString::from_display(&a))
                 .try_collect::<_, BTreeSet<_>, _>()?;
             for hostname in &hostnames {
                 if let Some(internal) = hostname

core/startos/src/service/effects/store.rs

@@ -26,7 +26,7 @@ pub async fn get_store(
         callback,
     }: GetStoreParams,
 ) -> Result<Value, Error> {
-    dbg!(&callback);
+    crate::dbg!(&callback);
     let context = context.deref()?;
     let peeked = context.seed.ctx.db.peek().await;
     let package_id = package_id.unwrap_or(context.seed.id.clone());