enabling support for wireguard and firewall (#2713)

* wip: enabling support for wireguard and firewall * wip * wip * wip * wip * wip * implement some things * fix warning * wip * alpha.23 * misc fixes * remove ufw since no longer required * remove debug info * add cli bindings * debugging * fixes * individualized acme and privacy settings for domains and bindings * sdk version bump * migration * misc fixes * refactor Host::update * debug info * refactor webserver * misc fixes * misc fixes * refactor port forwarding * recheck interfaces every 5 min if no dbus event * misc fixes and cleanup * misc fixes
2026-04-04 14:29:45 +00:00 · 2025-01-09 16:34:34 -07:00
parent 45ca9405d3
commit 29e8210782
144 changed files with 4878 additions and 2398 deletions
--- a/core/startos/src/util/actor/background.rs
+++ b/core/startos/src/util/actor/background.rs
@@ -15,8 +15,13 @@ impl BackgroundJobQueue {
            },
        )
    }
-    pub fn add_job(&self, fut: impl Future<Output = ()> + Send + 'static) {
-        let _ = self.0.send(fut.boxed());
+    pub fn add_job(&self, fut: impl Future + Send + 'static) {
+        let _ = self.0.send(
+            async {
+                fut.await;
+            }
+            .boxed(),
+        );
    }
 }

--- a/core/startos/src/util/future.rs
+++ b/core/startos/src/util/future.rs
@@ -1,11 +1,13 @@
 use std::pin::Pin;
 use std::task::{Context, Poll};

-use futures::future::abortable;
-use futures::stream::{AbortHandle, Abortable};
-use futures::Future;
+use futures::future::{abortable, pending, BoxFuture, FusedFuture};
+use futures::stream::{AbortHandle, Abortable, BoxStream};
+use futures::{Future, FutureExt, Stream, StreamExt};
 use tokio::sync::watch;

+use crate::prelude::*;
+
 #[pin_project::pin_project(PinnedDrop)]
 pub struct DropSignaling<F> {
    #[pin]
@@ -102,6 +104,60 @@ impl CancellationHandle {
    }
 }

+#[derive(Default)]
+pub struct Until<'a> {
+    streams: Vec<BoxStream<'a, Result<(), Error>>>,
+    async_fns: Vec<Box<dyn FnMut() -> BoxFuture<'a, Result<(), Error>> + Send + 'a>>,
+}
+impl<'a> Until<'a> {
+    pub fn new() -> Self {
+        Self::default()
+    }
+
+    pub fn with_stream(
+        mut self,
+        stream: impl Stream<Item = Result<(), Error>> + Send + 'a,
+    ) -> Self {
+        self.streams.push(stream.boxed());
+        self
+    }
+
+    pub fn with_async_fn<F, Fut>(mut self, mut f: F) -> Self
+    where
+        F: FnMut() -> Fut + Send + 'a,
+        Fut: Future<Output = Result<(), Error>> + FusedFuture + Send + 'a,
+    {
+        self.async_fns.push(Box::new(move || f().boxed()));
+        self
+    }
+
+    pub async fn run<Fut: Future<Output = Result<(), Error>> + Send>(
+        &mut self,
+        fut: Fut,
+    ) -> Result<(), Error> {
+        let (res, _, _) = futures::future::select_all(
+            self.streams
+                .iter_mut()
+                .map(|s| {
+                    async {
+                        s.next().await.transpose()?.ok_or_else(|| {
+                            Error::new(eyre!("stream is empty"), ErrorKind::Cancelled)
+                        })
+                    }
+                    .boxed()
+                })
+                .chain(self.async_fns.iter_mut().map(|f| f()))
+                .chain([async {
+                    fut.await?;
+                    pending().await
+                }
+                .boxed()]),
+        )
+        .await;
+        res
+    }
+}
+
 #[tokio::test]
 async fn test_cancellable() {
    use std::sync::Arc;
--- a/core/startos/src/util/io.rs
+++ b/core/startos/src/util/io.rs
@@ -15,7 +15,7 @@ use futures::future::{BoxFuture, Fuse};
 use futures::{AsyncSeek, FutureExt, Stream, TryStreamExt};
 use helpers::NonDetachingJoinHandle;
 use nix::unistd::{Gid, Uid};
-use tokio::fs::File;
+use tokio::fs::{File, OpenOptions};
 use tokio::io::{
    duplex, AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt, DuplexStream, ReadBuf, WriteHalf,
 };
@@ -460,18 +460,30 @@ impl<T> BackTrackingIO<T> {
            }
        }
    }
-    pub fn rewind(&mut self) -> Vec<u8> {
+    pub fn rewind<'a>(&'a mut self) -> (Vec<u8>, &'a [u8]) {
        match std::mem::take(&mut self.buffer) {
            BTBuffer::Buffering { read, write } => {
                self.buffer = BTBuffer::Rewound {
                    read: Cursor::new(read),
                };
-                write
+                (
+                    write,
+                    match &self.buffer {
+                        BTBuffer::Rewound { read } => read.get_ref(),
+                        _ => unreachable!(),
+                    },
+                )
            }
-            BTBuffer::NotBuffering => Vec::new(),
+            BTBuffer::NotBuffering => (Vec::new(), &[]),
            BTBuffer::Rewound { read } => {
                self.buffer = BTBuffer::Rewound { read };
-                Vec::new()
+                (
+                    Vec::new(),
+                    match &self.buffer {
+                        BTBuffer::Rewound { read } => read.get_ref(),
+                        _ => unreachable!(),
+                    },
+                )
            }
        }
    }
@@ -529,7 +541,6 @@ impl<T: std::io::Read> std::io::Read for BackTrackingIO<T> {
            }
            BTBuffer::NotBuffering => self.io.read(buf),
            BTBuffer::Rewound { read } => {
-                let mut ready = false;
                if (read.position() as usize) < read.get_ref().len() {
                    let n = std::io::Read::read(read, buf)?;
                    if n != 0 {
@@ -923,6 +934,21 @@ pub async fn create_file(path: impl AsRef<Path>) -> Result<File, Error> {
        .with_ctx(|_| (ErrorKind::Filesystem, lazy_format!("create {path:?}")))
 }

+pub async fn append_file(path: impl AsRef<Path>) -> Result<File, Error> {
+    let path = path.as_ref();
+    if let Some(parent) = path.parent() {
+        tokio::fs::create_dir_all(parent)
+            .await
+            .with_ctx(|_| (ErrorKind::Filesystem, lazy_format!("mkdir -p {parent:?}")))?;
+    }
+    OpenOptions::new()
+        .create(true)
+        .append(true)
+        .open(path)
+        .await
+        .with_ctx(|_| (ErrorKind::Filesystem, lazy_format!("create {path:?}")))
+}
+
 pub async fn delete_file(path: impl AsRef<Path>) -> Result<(), Error> {
    let path = path.as_ref();
    tokio::fs::remove_file(path)
--- a/core/startos/src/util/logger.rs
+++ b/core/startos/src/util/logger.rs
@@ -1,13 +1,62 @@
-use std::io;
+use std::fs::File;
+use std::io::{self, Write};
+use std::sync::{Arc, Mutex, MutexGuard};

+use lazy_static::lazy_static;
 use tracing::Subscriber;
+use tracing_subscriber::fmt::MakeWriter;
 use tracing_subscriber::util::SubscriberInitExt;

-#[derive(Clone)]
-pub struct EmbassyLogger {}
+lazy_static! {
+    pub static ref LOGGER: StartOSLogger = StartOSLogger::init();
+}

-impl EmbassyLogger {
-    fn base_subscriber() -> impl Subscriber {
+#[derive(Clone)]
+pub struct StartOSLogger {
+    logfile: LogFile,
+}
+
+#[derive(Clone, Default)]
+struct LogFile(Arc<Mutex<Option<File>>>);
+impl<'a> MakeWriter<'a> for LogFile {
+    type Writer = Box<dyn Write + 'a>;
+    fn make_writer(&'a self) -> Self::Writer {
+        let f = self.0.lock().unwrap();
+        if f.is_some() {
+            struct TeeWriter<'a>(MutexGuard<'a, Option<File>>);
+            impl<'a> Write for TeeWriter<'a> {
+                fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
+                    let n = if let Some(f) = &mut *self.0 {
+                        f.write(buf)?
+                    } else {
+                        buf.len()
+                    };
+                    io::stderr().write_all(&buf[..n])?;
+                    Ok(n)
+                }
+                fn flush(&mut self) -> io::Result<()> {
+                    if let Some(f) = &mut *self.0 {
+                        f.flush()?;
+                    }
+                    Ok(())
+                }
+            }
+            Box::new(TeeWriter(f))
+        } else {
+            drop(f);
+            Box::new(io::stderr())
+        }
+    }
+}
+
+impl StartOSLogger {
+    pub fn enable(&self) {}
+
+    pub fn set_logfile(&self, logfile: Option<File>) {
+        *self.logfile.0.lock().unwrap() = logfile;
+    }
+
+    fn base_subscriber(logfile: LogFile) -> impl Subscriber {
        use tracing_error::ErrorLayer;
        use tracing_subscriber::prelude::*;
        use tracing_subscriber::{fmt, EnvFilter};
@@ -24,7 +73,7 @@ impl EmbassyLogger {
            .add_directive("tokio=trace".parse().unwrap())
            .add_directive("runtime=trace".parse().unwrap());
        let fmt_layer = fmt::layer()
-            .with_writer(io::stderr)
+            .with_writer(logfile)
            .with_line_number(true)
            .with_file(true)
            .with_target(true);
@@ -39,11 +88,12 @@ impl EmbassyLogger {

        sub
    }
-    pub fn init() -> Self {
-        Self::base_subscriber().init();
+    fn init() -> Self {
+        let logfile = LogFile::default();
+        Self::base_subscriber(logfile.clone()).init();
        color_eyre::install().unwrap_or_else(|_| tracing::warn!("tracing too many times"));

-        EmbassyLogger {}
+        StartOSLogger { logfile }
    }
 }

--- a/core/startos/src/util/rpc.rs
+++ b/core/startos/src/util/rpc.rs
@@ -3,7 +3,6 @@ use std::path::Path;
 use clap::Parser;
 use rpc_toolkit::{from_fn_async, Context, HandlerExt, ParentHandler};
 use serde::{Deserialize, Serialize};
-use url::Url;

 use crate::context::CliContext;
 use crate::prelude::*;
--- a/core/startos/src/util/rpc_client.rs
+++ b/core/startos/src/util/rpc_client.rs
@@ -47,7 +47,7 @@ impl RpcClient {
                let mut lines = BufReader::new(reader).lines();
                while let Some(line) = lines.next_line().await.transpose() {
                    match line.map_err(Error::from).and_then(|l| {
-                        serde_json::from_str::<RpcResponse>(dbg!(&l))
+                        serde_json::from_str::<RpcResponse>(crate::dbg!(&l))
                            .with_kind(ErrorKind::Deserialization)
                    }) {
                        Ok(l) => {
@@ -114,7 +114,7 @@ impl RpcClient {
            let (send, recv) = oneshot::channel();
            w.lock().await.insert(id.clone(), send);
            self.writer
-                .write_all((dbg!(serde_json::to_string(&request))? + "\n").as_bytes())
+                .write_all((crate::dbg!(serde_json::to_string(&request))? + "\n").as_bytes())
                .await
                .map_err(|e| {
                    let mut err = rpc_toolkit::yajrc::INTERNAL_ERROR.clone();
@@ -154,7 +154,7 @@ impl RpcClient {
            params,
        };
        self.writer
-            .write_all((dbg!(serde_json::to_string(&request))? + "\n").as_bytes())
+            .write_all((crate::dbg!(serde_json::to_string(&request))? + "\n").as_bytes())
            .await
            .map_err(|e| {
                let mut err = rpc_toolkit::yajrc::INTERNAL_ERROR.clone();
--- a/core/startos/src/util/sync.rs
+++ b/core/startos/src/util/sync.rs
@@ -1,3 +1,4 @@
+#[derive(Debug, Default)]
 pub struct SyncMutex<T>(std::sync::Mutex<T>);
 impl<T> SyncMutex<T> {
    pub fn new(t: T) -> Self {