Feature/start tunnel (#3037)

* fix live-build resolv.conf

* improved debuggability

* wip: start-tunnel

* fixes for trixie and tor

* non-free-firmware on trixie

* wip

* web server WIP

* wip: tls refactor

* FE patchdb, mocks, and most endpoints

* fix editing records and patch mocks

* refactor complete

* finish api

* build and formatter update

* minor change toi viewing addresses and fix build

* fixes

* more providers

* endpoint for getting config

* fix tests

* api fixes

* wip: separate port forward controller into parts

* simplify iptables rules

* bump sdk

* misc fixes

* predict next subnet and ip, use wan ips, and form validation

* refactor: break big components apart and address todos (#3043)

* refactor: break big components apart and address todos

* starttunnel readme, fix pf mocks, fix adding tor domain in startos

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>

* better tui

* tui tweaks

* fix: address comments

* better regex for subnet

* fixes

* better validation

* handle rpc errors

* build fixes

* fix: address comments (#3044)

* fix: address comments

* fix unread notification mocks

* fix row click for notification

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>

* fix raspi build

* fix build

* fix build

* fix build

* fix build

* try to fix build

* fix tests

* fix tests

* fix rsync tests

* delete useless effectful test

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>

core/startos/src/db/model/public.rs

@@ -1,5 +1,6 @@
 use std::collections::{BTreeMap, BTreeSet, VecDeque};
-use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr};
+use std::net::{IpAddr, Ipv4Addr, SocketAddr};
+use std::sync::Arc;
 
 use chrono::{DateTime, Utc};
 use exver::{Version, VersionRange};
@@ -8,7 +9,6 @@ use imbl_value::InternedString;
 use ipnet::IpNet;
 use isocountry::CountryCode;
 use itertools::Itertools;
-use lazy_static::lazy_static;
 use models::{GatewayId, PackageId};
 use openssl::hash::MessageDigest;
 use patch_db::{HasModel, Value};
@@ -16,11 +16,12 @@ use serde::{Deserialize, Serialize};
 use ts_rs::TS;
 
 use crate::account::AccountInfo;
+use crate::db::DbAccessByKey;
+use crate::db::model::Database;
 use crate::db::model::package::AllPackageData;
 use crate::net::acme::AcmeProvider;
-use crate::net::forward::START9_BRIDGE_IFACE;
-use crate::net::host::binding::{AddSslOptions, BindInfo, BindOptions, NetInfo};
 use crate::net::host::Host;
+use crate::net::host::binding::{AddSslOptions, BindInfo, BindOptions, NetInfo};
 use crate::net::utils::ipv6_is_local;
 use crate::net::vhost::AlpnInfo;
 use crate::prelude::*;
@@ -30,7 +31,7 @@ use crate::util::cpupower::Governor;
 use crate::util::lshw::LshwDevice;
 use crate::util::serde::MaybeUtf8String;
 use crate::version::{Current, VersionT};
-use crate::{ARCH, HOST_IP, PLATFORM};
+use crate::{ARCH, PLATFORM};
 
 #[derive(Debug, Deserialize, Serialize, HasModel, TS)]
 #[serde(rename_all = "camelCase")]
@@ -122,11 +123,20 @@ impl Public {
                 kiosk,
             },
             package_data: AllPackageData::default(),
-            ui: serde_json::from_str(include_str!(concat!(
-                env!("CARGO_MANIFEST_DIR"),
-                "/../../web/patchdb-ui-seed.json"
-            )))
-            .with_kind(ErrorKind::Deserialization)?,
+            ui: {
+                #[cfg(feature = "startd")]
+                {
+                    serde_json::from_str(include_str!(concat!(
+                        env!("CARGO_MANIFEST_DIR"),
+                        "/../../web/patchdb-ui-seed.json"
+                    )))
+                    .with_kind(ErrorKind::Deserialization)?
+                }
+                #[cfg(not(feature = "startd"))]
+                {
+                    Value::Null
+                }
+            },
         })
     }
 }
@@ -216,64 +226,9 @@ pub struct NetworkInterfaceInfo {
     pub name: Option<InternedString>,
     pub public: Option<bool>,
     pub secure: Option<bool>,
-    pub ip_info: Option<IpInfo>,
+    pub ip_info: Option<Arc<IpInfo>>,
 }
 impl NetworkInterfaceInfo {
-    pub fn loopback() -> (&'static GatewayId, &'static Self) {
-        lazy_static! {
-            static ref LO: GatewayId = GatewayId::from(InternedString::intern("lo"));
-            static ref LOOPBACK: NetworkInterfaceInfo = NetworkInterfaceInfo {
-                name: Some(InternedString::from_static("Loopback")),
-                public: Some(false),
-                secure: Some(true),
-                ip_info: Some(IpInfo {
-                    name: "lo".into(),
-                    scope_id: 1,
-                    device_type: None,
-                    subnets: [
-                        IpNet::new(Ipv4Addr::LOCALHOST.into(), 8).unwrap(),
-                        IpNet::new(Ipv6Addr::LOCALHOST.into(), 128).unwrap(),
-                    ]
-                    .into_iter()
-                    .collect(),
-                    lan_ip: [
-                        IpAddr::from(Ipv4Addr::LOCALHOST),
-                        IpAddr::from(Ipv6Addr::LOCALHOST)
-                    ]
-                    .into_iter()
-                    .collect(),
-                    wan_ip: None,
-                    ntp_servers: Default::default(),
-                    dns_servers: Default::default(),
-                }),
-            };
-        }
-        (&*LO, &*LOOPBACK)
-    }
-    pub fn lxc_bridge() -> (&'static GatewayId, &'static Self) {
-        lazy_static! {
-            static ref LXCBR0: GatewayId =
-                GatewayId::from(InternedString::intern(START9_BRIDGE_IFACE));
-            static ref LXC_BRIDGE: NetworkInterfaceInfo = NetworkInterfaceInfo {
-                name: Some(InternedString::from_static("LXC Bridge Interface")),
-                public: Some(false),
-                secure: Some(true),
-                ip_info: Some(IpInfo {
-                    name: START9_BRIDGE_IFACE.into(),
-                    scope_id: 0,
-                    device_type: None,
-                    subnets: [IpNet::new(HOST_IP.into(), 24).unwrap()]
-                        .into_iter()
-                        .collect(),
-                    lan_ip: [IpAddr::from(HOST_IP)].into_iter().collect(),
-                    wan_ip: None,
-                    ntp_servers: Default::default(),
-                    dns_servers: Default::default(),
-                }),
-            };
-        }
-        (&*LXCBR0, &*LXC_BRIDGE)
-    }
     pub fn public(&self) -> bool {
         self.public.unwrap_or_else(|| {
             !self.ip_info.as_ref().map_or(true, |ip_info| {
@@ -308,7 +263,7 @@ impl NetworkInterfaceInfo {
         self.secure.unwrap_or_else(|| {
             self.ip_info.as_ref().map_or(false, |ip_info| {
                 ip_info.device_type == Some(NetworkInterfaceType::Wireguard)
-            })
+            }) && !self.public()
         })
     }
 }
@@ -333,13 +288,15 @@ pub struct IpInfo {
     pub dns_servers: OrdSet<IpAddr>,
 }
 
-#[derive(Clone, Copy, Debug, PartialEq, Eq, Deserialize, Serialize, TS)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Deserialize, Serialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "kebab-case")]
 pub enum NetworkInterfaceType {
     Ethernet,
     Wireless,
+    Bridge,
     Wireguard,
+    Loopback,
 }
 
 #[derive(Debug, Deserialize, Serialize, HasModel, TS)]
@@ -349,6 +306,19 @@ pub enum NetworkInterfaceType {
 pub struct AcmeSettings {
     pub contact: Vec<String>,
 }
+impl DbAccessByKey<AcmeSettings> for Database {
+    type Key<'a> = &'a AcmeProvider;
+    fn access_by_key<'a>(
+        db: &'a Model<Self>,
+        key: Self::Key<'_>,
+    ) -> Option<&'a Model<AcmeSettings>> {
+        db.as_public()
+            .as_server_info()
+            .as_network()
+            .as_acme()
+            .as_idx(key)
+    }
+}
 
 #[derive(Debug, Deserialize, Serialize, HasModel, TS)]
 #[serde(rename_all = "camelCase")]