Gateways, domains, and new service interface (#3001)

* add support for inbound proxies * backend changes * fix file type * proxy -> tunnel, implement backend apis * wip start-tunneld * add domains and gateways, remove routers, fix docs links * dont show hidden actions * show and test dns * edit instead of chnage acme and change gateway * refactor: domains page * refactor: gateways page * domains and acme refactor * certificate authorities * refactor public/private gateways * fix fe types * domains mostly finished * refactor: add file control to form service * add ip util to sdk * domains api + migration * start service interface page, WIP * different options for clearnet domains * refactor: styles for interfaces page * minor * better placeholder for no addresses * start sorting addresses * best address logic * comments * fix unnecessary export * MVP of service interface page * domains preferred * fix: address comments * only translations left * wip: start-tunnel & fix build * forms for adding domain, rework things based on new ideas * fix: dns testing * public domain, max width, descriptions for dns * nix StartOS domains, implement public and private domains at interface scope * restart tor instead of reset * better icon for restart tor * dns * fix sort functions for public and private domains * with todos * update types * clean up tech debt, bump dependencies * revert to ts-rs v9 * fix all types * fix dns form * add missing translations * it builds * fix: comments (#3009) * fix: comments * undo default --------- Co-authored-by: Matt Hill <mattnine@protonmail.com> * fix: refactor legacy components (#3010) * fix: comments * fix: refactor legacy components * remove default again --------- Co-authored-by: Matt Hill <mattnine@protonmail.com> * more translations * wip * fix deadlock * coukd work * simple renaming * placeholder for empty service interfaces table * honor hidden form values * remove logs * reason instead of description * fix dns * misc fixes * implement toggling gateways for service interface * fix showing dns records * move status column in service list * remove unnecessary truthy check * refactor: refactor forms components and remove legacy Taiga UI package (#3012) * handle wh file uploads * wip: debugging tor * socks5 proxy working * refactor: fix multiple comments (#3013) * refactor: fix multiple comments * styling changes, add documentation to sidebar * translations for dns page * refactor: subtle colors * rearrange service page --------- Co-authored-by: Matt Hill <mattnine@protonmail.com> * fix file_stream and remove non-terminating test * clean up logs * support for sccache * fix gha sccache * more marketplace translations * install wizard clarity * stub hostnameInfo in migration * fix address info after setup, fix styling on SI page, new 040 release notes * remove tor logs from os * misc fixes * reset tor still not functioning... * update ts * minor styling and wording * chore: some fixes (#3015) * fix gateway renames * different handling for public domains * styling fixes * whole navbar should not be clickable on service show page * timeout getState request * remove links from changelog * misc fixes from pairing * use custom name for gateway in more places * fix dns parsing * closes #3003 * closes #2999 * chore: some fixes (#3017) * small copy change * revert hardcoded error for testing * dont require port forward if gateway is public * use old wan ip when not available * fix .const hanging on undefined * fix test * fix doc test * fix renames * update deps * allow specifying dependency metadata directly * temporarily make dependencies not cliackable in marketplace listings * fix socks bind * fix test --------- Co-authored-by: Aiden McClelland <me@drbonez.dev> Co-authored-by: waterplea <alexander@inkin.ru>
2026-03-31 04:23:40 +00:00 · 2025-09-09 21:43:51 -06:00
parent 1cc9a1a30b
commit add01ebc68
537 changed files with 19940 additions and 20551 deletions
--- a/core/startos/src/net/tunnel.rs
+++ b/core/startos/src/net/tunnel.rs
@@ -0,0 +1,138 @@
+use clap::Parser;
+use imbl_value::InternedString;
+use models::GatewayId;
+use patch_db::json_ptr::JsonPointer;
+use rpc_toolkit::{from_fn_async, Context, HandlerExt, ParentHandler};
+use serde::{Deserialize, Serialize};
+use tokio::process::Command;
+use ts_rs::TS;
+
+use crate::context::{CliContext, RpcContext};
+use crate::db::model::public::{NetworkInterfaceInfo, NetworkInterfaceType};
+use crate::prelude::*;
+use crate::util::io::{write_file_atomic, TmpDir};
+use crate::util::Invoke;
+
+pub fn tunnel_api<C: Context>() -> ParentHandler<C> {
+    ParentHandler::new()
+        .subcommand(
+            "add",
+            from_fn_async(add_tunnel)
+                .with_about("Add a new tunnel")
+                .with_call_remote::<CliContext>(),
+        )
+        .subcommand(
+            "remove",
+            from_fn_async(remove_tunnel)
+                .no_display()
+                .with_about("Remove a tunnel")
+                .with_call_remote::<CliContext>(),
+        )
+}
+
+#[derive(Debug, Clone, Deserialize, Serialize, Parser, TS)]
+#[ts(export)]
+pub struct AddTunnelParams {
+    name: InternedString,
+    config: String,
+    public: bool,
+}
+
+pub async fn add_tunnel(
+    ctx: RpcContext,
+    AddTunnelParams {
+        name,
+        config,
+        public,
+    }: AddTunnelParams,
+) -> Result<GatewayId, Error> {
+    let ifaces = ctx.net_controller.net_iface.watcher.subscribe();
+    let mut iface = GatewayId::from("wg0");
+    if !ifaces.send_if_modified(|i| {
+        for id in 1..256 {
+            if !i.contains_key(&iface) {
+                i.insert(
+                    iface.clone(),
+                    NetworkInterfaceInfo {
+                        name: Some(name),
+                        public: Some(public),
+                        secure: None,
+                        ip_info: None,
+                    },
+                );
+                return true;
+            }
+            iface = InternedString::from_display(&lazy_format!("wg{id}")).into();
+        }
+        false
+    }) {
+        return Err(Error::new(
+            eyre!("too many wireguard interfaces"),
+            ErrorKind::InvalidRequest,
+        ));
+    }
+
+    let mut sub = ctx
+        .db
+        .subscribe(
+            "/public/serverInfo/network/gateways"
+                .parse::<JsonPointer>()
+                .with_kind(ErrorKind::Database)?
+                .join_end(iface.as_str())
+                .join_end("ipInfo"),
+        )
+        .await;
+
+    let tmpdir = TmpDir::new().await?;
+    let conf = tmpdir.join(&iface).with_extension("conf");
+    write_file_atomic(&conf, &config).await?;
+    Command::new("nmcli")
+        .arg("connection")
+        .arg("import")
+        .arg("type")
+        .arg("wireguard")
+        .arg("file")
+        .arg(&conf)
+        .invoke(ErrorKind::Network)
+        .await?;
+    tmpdir.delete().await?;
+
+    sub.recv().await;
+
+    Ok(iface)
+}
+
+#[derive(Debug, Clone, Deserialize, Serialize, Parser, TS)]
+#[ts(export)]
+pub struct RemoveTunnelParams {
+    id: GatewayId,
+}
+pub async fn remove_tunnel(
+    ctx: RpcContext,
+    RemoveTunnelParams { id }: RemoveTunnelParams,
+) -> Result<(), Error> {
+    let Some(existing) = ctx
+        .db
+        .peek()
+        .await
+        .into_public()
+        .into_server_info()
+        .into_network()
+        .into_gateways()
+        .into_idx(&id)
+        .and_then(|e| e.into_ip_info().transpose())
+    else {
+        return Ok(());
+    };
+
+    if existing.as_device_type().de()? != Some(NetworkInterfaceType::Wireguard) {
+        return Err(Error::new(
+            eyre!("network interface {id} is not a proxy"),
+            ErrorKind::InvalidRequest,
+        ));
+    }
+
+    ctx.net_controller.net_iface.delete_iface(&id).await?;
+
+    Ok(())
+}