Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-03-26 18:31:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: Start9:fix/a20
Branches Tags
Start9:master Start9:next/major Start9:mcp Start9:fix/wifi Start9:bugfix/alpha.20 Start9:st/port-labels Start9:fix/docs_urls Start9:fix/a20 Start9:feat/preferred-port-design Start9:sdk-comments Start9:chore/ts-bindings Start9:claude Start9:feature/outbound-gateways Start9:fix/volume-mount-propagation Start9:fix/wifi-ssh Start9:bugfix/registry-info-short Start9:feature/agents Start9:chore/sdk-comments Start9:fix/fe-2 Start9:fix/service_load_order Start9:fix/arch Start9:feature/consolidate-setup Start9:feature/nvidia Start9:refactor/project-structure Start9:feat/random-sub Start9:feature/dev-qol Start9:refactor/ts-bindings Start9:tunel Start9:feature/iroh Start9:next/minor Start9:next/patch Start9:feature/secure-erase
Start9:v0.4.0-alpha.22 Start9:v0.4.0-alpha.21 Start9:v0.4.0-alpha.20 Start9:v0.4.0-alpha.19 Start9:v0.4.0-alpha.18 Start9:v0.4.0-alpha.17 Start9:v0.4.0-alpha.16 Start9:v0.4.0-alpha.15 Start9:v0.4.0-alpha.14 Start9:v0.4.0-alpha.13 Start9:v0.4.0-alpha.12 Start9:v0.4.0-alpha.11 Start9:v0.4.0-alpha.10 Start9:v0.4.0-alpha.9 Start9:v0.4.0-alpha.8 Start9:sdk Start9:v0.3.6-alpha.0 Start9:v0.3.5.1 Start9:v0.3.5 Start9:v0.3.4.4-hotfix Start9:v0.3.4.4 Start9:v0.3.4.3 Start9:v0.3.4.2 Start9:latest Start9:v0.3.4.1-custom Start9:v0.3.4.1-rc.1 Start9:v0.3.4.1 Start9:v0.3.4 Start9:v0.3.4-rc.2 Start9:v0.3.4-rc.1 Start9:v0.3.3 Start9:v0.3.2.1 Start9:v0.3.2 Start9:v0.3.1.1 Start9:v0.3.1 Start9:v0.3.0.3 Start9:v0.3.0.2 Start9:v0.3.0.1 Start9:v0.3.0 Start9:v0.2.17 Start9:v0.2.16 Start9:v0.2.15 Start9:v0.2.14 Start9:v0.2.13 Start9:v0.2.12 Start9:v0.2.11 Start9:v0.2.10 Start9:v0.2.9 Start9:v0.2.8 Start9:v0.2.7 Start9:v0.2.6
...
pull from: Start9:fix/docs_urls
Branches Tags
Start9:next/major Start9:mcp Start9:fix/wifi Start9:bugfix/alpha.20 Start9:st/port-labels Start9:fix/docs_urls Start9:fix/a20 Start9:feat/preferred-port-design Start9:sdk-comments Start9:chore/ts-bindings Start9:claude Start9:feature/outbound-gateways Start9:fix/volume-mount-propagation Start9:fix/wifi-ssh Start9:bugfix/registry-info-short Start9:feature/agents Start9:chore/sdk-comments Start9:fix/fe-2 Start9:fix/service_load_order Start9:fix/arch Start9:feature/consolidate-setup Start9:feature/nvidia Start9:refactor/project-structure Start9:feat/random-sub Start9:feature/dev-qol Start9:refactor/ts-bindings Start9:tunel Start9:feature/iroh Start9:next/minor Start9:master Start9:next/patch Start9:feature/secure-erase
Start9:v0.4.0-alpha.22 Start9:v0.4.0-alpha.21 Start9:v0.4.0-alpha.20 Start9:v0.4.0-alpha.19 Start9:v0.4.0-alpha.18 Start9:v0.4.0-alpha.17 Start9:v0.4.0-alpha.16 Start9:v0.4.0-alpha.15 Start9:v0.4.0-alpha.14 Start9:v0.4.0-alpha.13 Start9:v0.4.0-alpha.12 Start9:v0.4.0-alpha.11 Start9:v0.4.0-alpha.10 Start9:v0.4.0-alpha.9 Start9:v0.4.0-alpha.8 Start9:sdk Start9:v0.3.6-alpha.0 Start9:v0.3.5.1 Start9:v0.3.5 Start9:v0.3.4.4-hotfix Start9:v0.3.4.4 Start9:v0.3.4.3 Start9:v0.3.4.2 Start9:latest Start9:v0.3.4.1-custom Start9:v0.3.4.1-rc.1 Start9:v0.3.4.1 Start9:v0.3.4 Start9:v0.3.4-rc.2 Start9:v0.3.4-rc.1 Start9:v0.3.3 Start9:v0.3.2.1 Start9:v0.3.2 Start9:v0.3.1.1 Start9:v0.3.1 Start9:v0.3.0.3 Start9:v0.3.0.2 Start9:v0.3.0.1 Start9:v0.3.0 Start9:v0.2.17 Start9:v0.2.16 Start9:v0.2.15 Start9:v0.2.14 Start9:v0.2.13 Start9:v0.2.12 Start9:v0.2.11 Start9:v0.2.10 Start9:v0.2.9 Start9:v0.2.8 Start9:v0.2.7 Start9:v0.2.6

4 Commits
fix/a20 ... fix/docs_u

Author SHA1 Message Date
gStart9
6ec2feb230 Fix docs URLs in start-tunnel installer output 2026-03-11 13:36:22 -06:00
Alex Inkin
be921b7865 chore: update packages (#3132) 
* chore: update packages

* start tunnel messaging

* chore: standalone

* pbpaste instead

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>
 2026-03-09 09:53:47 -06:00
Matt Hill
a4bae73592 rpc/v1 for polling 2026-03-06 11:25:03 -07:00
Matt Hill
8b89f016ad task fix and keyboard fix (#3130) 
* task fix and keyboard fix

* fixes for build scripts

* passthrough feature

* feat: inline domain health checks and improve address UX

- addPublicDomain returns DNS query + port check results (AddPublicDomainRes)
  so frontend skips separate API calls after adding a domain
- addPrivateDomain returns check_dns result for the gateway
- Support multiple ports per domain in validation modal (deduplicated)
- Run port checks concurrently via futures::future::join_all
- Add note to add-domain dialog showing other interfaces on same host
- Add addXForwardedHeaders to knownProtocols in SDK Host.ts
- Add plugin filter kind, pluginId filter, matchesAny, and docs to
  getServiceInterface.ts
- Add PassthroughInfo type and passthroughs field to NetworkInfo
- Pluralize "port forwarding rules" in i18n dictionaries

* feat: add shared host note to private domain dialog with i18n

* fix: scope public domain to single binding and return single port check

Accept internalPort in AddPublicDomainParams to target a specific
binding. Disable the domain on all other bindings. Return a single
CheckPortRes instead of Vec. Revert multi-port UI to singular port
display from 0f8a66b35.

* better shared hostname approach,  and improve look-feel of addresses tables

* fix starttls

* preserve usb as top efi boot option

* fix race condition in wan ip check

* sdk beta.56

* various bug, improve smtp

* multiple bugs, better outbound gateway UX

* remove non option from smtp for better package compat

* bump sdk

---------

Co-authored-by: Aiden McClelland <me@drbonez.dev>
 2026-03-06 00:30:06 -07:00
136 changed files with 3949 additions and 2568 deletions
Expand all files Collapse all files

2
build/image-recipe/build.sh
View File

@@ -105,7 +105,7 @@ lb config \
--iso-preparer "START9 LABS; HTTPS://START9.COM" \
--iso-publisher "START9 LABS; HTTPS://START9.COM" \
--backports true \
--bootappend-live "boot=live noautologin" \
--bootappend-live "boot=live noautologin console=tty0" \
--bootloaders $BOOTLOADERS \
--cache false \
--mirror-bootstrap "https://deb.debian.org/debian/" \

17
build/lib/scripts/upgrade
View File

@@ -62,12 +62,27 @@ fi
chroot /media/startos/next bash -e << "EOF"
if [ -f /boot/grub/grub.cfg ]; then
grub-install --no-nvram /dev/$(eval $(lsblk -o MOUNTPOINT,PKNAME -P | grep 'MOUNTPOINT="/media/startos/root"') && echo $PKNAME)
grub-install /dev/$(eval $(lsblk -o MOUNTPOINT,PKNAME -P | grep 'MOUNTPOINT="/media/startos/root"') && echo $PKNAME)
update-grub
fi
EOF
# Promote the USB installer boot entry back to first in EFI boot order.
# The entry number was saved during initial OS install.
if [ -d /sys/firmware/efi ] && [ -f /media/startos/config/efi-installer-entry ]; then
USB_ENTRY=$(cat /media/startos/config/efi-installer-entry)
if [ -n "$USB_ENTRY" ]; then
CURRENT_ORDER=$(efibootmgr | grep BootOrder | sed 's/BootOrder: //')
OTHER_ENTRIES=$(echo "$CURRENT_ORDER" | tr ',' '\n' | grep -v "$USB_ENTRY" | tr '\n' ',' | sed 's/,$//')
if [ -n "$OTHER_ENTRIES" ]; then
efibootmgr -o "$USB_ENTRY,$OTHER_ENTRIES"
else
efibootmgr -o "$USB_ENTRY"
fi
fi
fi
sync
umount -Rl /media/startos/next

46
build/manage-release.sh
View File

@@ -11,10 +11,22 @@ START9_GPG_KEY="2D63C217"
ARCHES="aarch64 aarch64-nonfree aarch64-nvidia riscv64 riscv64-nonfree x86_64 x86_64-nonfree x86_64-nvidia"
CLI_ARCHES="aarch64 riscv64 x86_64"
parse_run_id() {
local val="$1"
if [[ "$val" =~ /actions/runs/([0-9]+) ]]; then
echo "${BASH_REMATCH[1]}"
else
echo "$val"
fi
}
require_version() {
if [ -z "$VERSION" ]; then
>&2 echo '$VERSION required'
exit 2
if [ -z "${VERSION:-}" ]; then
read -rp "VERSION: " VERSION
if [ -z "$VERSION" ]; then
>&2 echo '$VERSION required'
exit 2
fi
fi
}
@@ -75,6 +87,22 @@ resolve_gh_user() {
cmd_download() {
require_version
if [ -z "${RUN_ID:-}" ]; then
read -rp "RUN_ID (OS images, leave blank to skip): " RUN_ID
fi
RUN_ID=$(parse_run_id "${RUN_ID:-}")
if [ -z "${ST_RUN_ID:-}" ]; then
read -rp "ST_RUN_ID (start-tunnel, leave blank to skip): " ST_RUN_ID
fi
ST_RUN_ID=$(parse_run_id "${ST_RUN_ID:-}")
if [ -z "${CLI_RUN_ID:-}" ]; then
read -rp "CLI_RUN_ID (start-cli, leave blank to skip): " CLI_RUN_ID
fi
CLI_RUN_ID=$(parse_run_id "${CLI_RUN_ID:-}")
ensure_release_dir
if [ -n "$RUN_ID" ]; then
@@ -143,10 +171,14 @@ cmd_upload() {
enter_release_dir
for file in $(release_files); do
gh release upload -R $REPO "v$VERSION" "$file"
done
for file in *.iso *.squashfs; do
s3cmd put -P "$file" "$S3_BUCKET/v$VERSION/$file"
case "$file" in
*.iso|*.squashfs)
s3cmd put -P "$file" "$S3_BUCKET/v$VERSION/$file"
;;
*)
gh release upload -R $REPO "v$VERSION" "$file"
;;
esac
done
}

2
container-runtime/package-lock.json generated
View File

@@ -37,7 +37,7 @@
},
"../sdk/dist": {
"name": "@start9labs/start-sdk",
"version": "0.4.0-beta.55",
"version": "0.4.0-beta.58",
"license": "MIT",
"dependencies": {
"@iarna/toml": "^3.0.0",

1
core/CLAUDE.md
View File

@@ -25,3 +25,4 @@ cd sdk && make baseDist dist # Rebuild SDK after ts-bindings
- When adding i18n keys, add all 5 locales in `core/locales/i18n.yaml` (see [i18n-patterns.md](i18n-patterns.md))
- When using DB watches, follow the `TypedDbWatch<T>` patterns in [patchdb.md](patchdb.md)
- **Always use `.invoke(ErrorKind::...)` instead of `.status()` when running CLI commands** via `tokio::process::Command`. The `Invoke` trait (from `crate::util::Invoke`) captures stdout/stderr and checks exit codes properly. Using `.status()` leaks stderr directly to system logs, creating noise. For check-then-act patterns (e.g. `iptables -C`), use `.invoke(...).await.is_ok()` / `.is_err()` instead of `.status().await.map_or(false, |s| s.success())`.
- Always use file utils in util::io instead of tokio::fs when available

5
core/src/db/model/public.rs
View File

@@ -24,7 +24,7 @@ use crate::net::host::Host;
use crate::net::host::binding::{
AddSslOptions, BindInfo, BindOptions, Bindings, DerivedAddressInfo, NetInfo,
};
use crate::net::vhost::AlpnInfo;
use crate::net::vhost::{AlpnInfo, PassthroughInfo};
use crate::prelude::*;
use crate::progress::FullProgress;
use crate::system::{KeyboardOptions, SmtpValue};
@@ -121,6 +121,7 @@ impl Public {
},
dns: Default::default(),
default_outbound: None,
passthroughs: Vec::new(),
},
status_info: ServerStatus {
backup_progress: None,
@@ -233,6 +234,8 @@ pub struct NetworkInfo {
#[serde(default)]
#[ts(type = "string | null")]
pub default_outbound: Option<GatewayId>,
#[serde(default)]
pub passthroughs: Vec<PassthroughInfo>,
}
#[derive(Debug, Default, Deserialize, Serialize, HasModel, TS)]

10
core/src/net/acme.rs
View File

@@ -27,7 +27,7 @@ use crate::db::model::public::AcmeSettings;
use crate::db::{DbAccess, DbAccessByKey, DbAccessMut};
use crate::error::ErrorData;
use crate::net::ssl::should_use_cert;
use crate::net::tls::{SingleCertResolver, TlsHandler};
use crate::net::tls::{SingleCertResolver, TlsHandler, TlsHandlerAction};
use crate::net::web_server::Accept;
use crate::prelude::*;
use crate::util::FromStrParser;
@@ -173,7 +173,7 @@ where
&'a mut self,
hello: &'a ClientHello<'a>,
_: &'a <A as Accept>::Metadata,
) -> Option<ServerConfig> {
) -> Option<TlsHandlerAction> {
let domain = hello.server_name()?;
if hello
.alpn()
@@ -207,20 +207,20 @@ where
cfg.alpn_protocols = vec![ACME_TLS_ALPN_NAME.to_vec()];
tracing::info!("performing ACME auth challenge");
return Some(cfg);
return Some(TlsHandlerAction::Tls(cfg));
}
let domains: BTreeSet<InternedString> = [domain.into()].into_iter().collect();
let crypto_provider = self.crypto_provider.clone();
if let Some(cert) = self.get_cert(&domains).await {
return Some(
return Some(TlsHandlerAction::Tls(
ServerConfig::builder_with_provider(crypto_provider)
.with_safe_default_protocol_versions()
.log_err()?
.with_no_client_auth()
.with_cert_resolver(Arc::new(SingleCertResolver(Arc::new(cert)))),
);
));
}
None

21
core/src/net/gateway.rs
View File

@@ -174,11 +174,11 @@ async fn set_name(
#[derive(Debug, Clone, Deserialize, Serialize, Parser, TS)]
#[serde(rename_all = "camelCase")]
#[ts(export)]
struct CheckPortParams {
pub struct CheckPortParams {
#[arg(help = "help.arg.port")]
port: u16,
pub port: u16,
#[arg(help = "help.arg.gateway-id")]
gateway: GatewayId,
pub gateway: GatewayId,
}
#[derive(Debug, Clone, Deserialize, Serialize, TS)]
@@ -200,7 +200,7 @@ pub struct IfconfigPortRes {
pub reachable: bool,
}
async fn check_port(
pub async fn check_port(
ctx: RpcContext,
CheckPortParams { port, gateway }: CheckPortParams,
) -> Result<CheckPortRes, Error> {
@@ -276,12 +276,12 @@ async fn check_port(
#[derive(Debug, Clone, Deserialize, Serialize, Parser, TS)]
#[serde(rename_all = "camelCase")]
#[ts(export)]
struct CheckDnsParams {
pub struct CheckDnsParams {
#[arg(help = "help.arg.gateway-id")]
gateway: GatewayId,
pub gateway: GatewayId,
}
async fn check_dns(
pub async fn check_dns(
ctx: RpcContext,
CheckDnsParams { gateway }: CheckDnsParams,
) -> Result<bool, Error> {
@@ -1238,8 +1238,7 @@ async fn poll_ip_info(
device_type,
Some(NetworkInterfaceType::Bridge | NetworkInterfaceType::Loopback)
) {
*prev_attempt = Some(Instant::now());
match get_wan_ipv4(iface.as_str(), &ifconfig_url).await {
let res = match get_wan_ipv4(iface.as_str(), &ifconfig_url).await {
Ok(a) => a,
Err(e) => {
tracing::error!(
@@ -1253,7 +1252,9 @@ async fn poll_ip_info(
tracing::debug!("{e:?}");
None
}
}
};
*prev_attempt = Some(Instant::now());
res
} else {
None
};

112
core/src/net/host/address.rs
View File

@@ -12,6 +12,7 @@ use crate::context::{CliContext, RpcContext};
use crate::db::model::DatabaseModel;
use crate::hostname::ServerHostname;
use crate::net::acme::AcmeProvider;
use crate::net::gateway::{CheckDnsParams, CheckPortParams, CheckPortRes, check_dns, check_port};
use crate::net::host::{HostApiKind, all_hosts};
use crate::prelude::*;
use crate::util::serde::{HandlerExtSerde, display_serializable};
@@ -160,6 +161,7 @@ pub fn address_api<C: Context, Kind: HostApiKind>()
}
#[derive(Deserialize, Serialize, Parser, TS)]
#[serde(rename_all = "camelCase")]
#[ts(export)]
pub struct AddPublicDomainParams {
#[arg(help = "help.arg.fqdn")]
@@ -168,6 +170,17 @@ pub struct AddPublicDomainParams {
pub acme: Option<AcmeProvider>,
#[arg(help = "help.arg.gateway-id")]
pub gateway: GatewayId,
#[arg(help = "help.arg.internal-port")]
pub internal_port: u16,
}
#[derive(Debug, Clone, Deserialize, Serialize, TS)]
#[serde(rename_all = "camelCase")]
#[ts(export)]
pub struct AddPublicDomainRes {
#[ts(type = "string | null")]
pub dns: Option<Ipv4Addr>,
pub port: CheckPortRes,
}
pub async fn add_public_domain<Kind: HostApiKind>(
@@ -176,10 +189,12 @@ pub async fn add_public_domain<Kind: HostApiKind>(
fqdn,
acme,
gateway,
internal_port,
}: AddPublicDomainParams,
inheritance: Kind::Inheritance,
) -> Result<Option<Ipv4Addr>, Error> {
ctx.db
) -> Result<AddPublicDomainRes, Error> {
let ext_port = ctx
.db
.mutate(|db| {
if let Some(acme) = &acme {
if !db
@@ -195,21 +210,92 @@ pub async fn add_public_domain<Kind: HostApiKind>(
Kind::host_for(&inheritance, db)?
.as_public_domains_mut()
.insert(&fqdn, &PublicDomainConfig { acme, gateway })?;
.insert(
&fqdn,
&PublicDomainConfig {
acme,
gateway: gateway.clone(),
},
)?;
handle_duplicates(db)?;
let hostname = ServerHostname::load(db.as_public().as_server_info())?;
let gateways = db.as_public().as_server_info().as_network().as_gateways().de()?;
let ports = db.as_private().as_available_ports().de()?;
Kind::host_for(&inheritance, db)?.update_addresses(&hostname, &gateways, &ports)
let gateways = db
.as_public()
.as_server_info()
.as_network()
.as_gateways()
.de()?;
let available_ports = db.as_private().as_available_ports().de()?;
let host = Kind::host_for(&inheritance, db)?;
host.update_addresses(&hostname, &gateways, &available_ports)?;
// Find the external port for the target binding
let bindings = host.as_bindings().de()?;
let target_bind = bindings
.get(&internal_port)
.ok_or_else(|| Error::new(eyre!("binding not found for internal port {internal_port}"), ErrorKind::NotFound))?;
let ext_port = target_bind
.addresses
.available
.iter()
.find(|a| a.public && a.hostname == fqdn)
.and_then(|a| a.port)
.ok_or_else(|| Error::new(eyre!("no public address found for {fqdn} on port {internal_port}"), ErrorKind::NotFound))?;
// Disable the domain on all other bindings
host.as_bindings_mut().mutate(|b| {
for (&port, bind) in b.iter_mut() {
if port == internal_port {
continue;
}
let has_addr = bind
.addresses
.available
.iter()
.any(|a| a.public && a.hostname == fqdn);
if has_addr {
let other_ext = bind
.addresses
.available
.iter()
.find(|a| a.public && a.hostname == fqdn)
.and_then(|a| a.port)
.unwrap_or(ext_port);
bind.addresses.disabled.insert((fqdn.clone(), other_ext));
}
}
Ok(())
})?;
Ok(ext_port)
})
.await
.result?;
tokio::task::spawn_blocking(|| {
crate::net::dns::query_dns(ctx, crate::net::dns::QueryDnsParams { fqdn })
let ctx2 = ctx.clone();
let fqdn2 = fqdn.clone();
let (dns_result, port_result) = tokio::join!(
async {
tokio::task::spawn_blocking(move || {
crate::net::dns::query_dns(ctx2, crate::net::dns::QueryDnsParams { fqdn: fqdn2 })
})
.await
.with_kind(ErrorKind::Unknown)?
},
check_port(
ctx.clone(),
CheckPortParams {
port: ext_port,
gateway: gateway.clone(),
},
)
);
Ok(AddPublicDomainRes {
dns: dns_result?,
port: port_result?,
})
.await
.with_kind(ErrorKind::Unknown)?
}
#[derive(Deserialize, Serialize, Parser, TS)]
@@ -257,13 +343,13 @@ pub async fn add_private_domain<Kind: HostApiKind>(
ctx: RpcContext,
AddPrivateDomainParams { fqdn, gateway }: AddPrivateDomainParams,
inheritance: Kind::Inheritance,
) -> Result<(), Error> {
) -> Result<bool, Error> {
ctx.db
.mutate(|db| {
Kind::host_for(&inheritance, db)?
.as_private_domains_mut()
.upsert(&fqdn, || Ok(BTreeSet::new()))?
.mutate(|d| Ok(d.insert(gateway)))?;
.mutate(|d| Ok(d.insert(gateway.clone())))?;
handle_duplicates(db)?;
let hostname = ServerHostname::load(db.as_public().as_server_info())?;
let gateways = db
@@ -278,7 +364,7 @@ pub async fn add_private_domain<Kind: HostApiKind>(
.await
.result?;
Ok(())
check_dns(ctx, CheckDnsParams { gateway }).await
}
pub async fn remove_private_domain<Kind: HostApiKind>(

28
core/src/net/host/mod.rs
View File

@@ -249,6 +249,20 @@ impl Model<Host> {
port: Some(port),
metadata,
});
} else if opt.secure.map_or(false, |s| s.ssl)
&& opt.add_ssl.is_none()
&& available_ports.is_ssl(opt.preferred_external_port)
&& net.assigned_port != Some(opt.preferred_external_port)
{
// Service handles its own TLS and the preferred port is
// allocated as SSL — add an address for passthrough vhost.
available.insert(HostnameInfo {
ssl: true,
public: true,
hostname: domain,
port: Some(opt.preferred_external_port),
metadata,
});
}
}
@@ -293,6 +307,20 @@ impl Model<Host> {
gateways: domain_gateways,
},
});
} else if opt.secure.map_or(false, |s| s.ssl)
&& opt.add_ssl.is_none()
&& available_ports.is_ssl(opt.preferred_external_port)
&& net.assigned_port != Some(opt.preferred_external_port)
{
available.insert(HostnameInfo {
ssl: true,
public: true,
hostname: domain,
port: Some(opt.preferred_external_port),
metadata: HostnameMetadata::PrivateDomain {
gateways: domain_gateways,
},
});
}
}
bind.as_addresses_mut().as_available_mut().ser(&available)?;

68
core/src/net/net_controller.rs
View File

@@ -76,9 +76,22 @@ impl NetController {
],
)
.await?;
let passthroughs = db
.peek()
.await
.as_public()
.as_server_info()
.as_network()
.as_passthroughs()
.de()?;
Ok(Self {
db: db.clone(),
vhost: VHostController::new(db.clone(), net_iface.clone(), crypto_provider),
vhost: VHostController::new(
db.clone(),
net_iface.clone(),
crypto_provider,
passthroughs,
),
tls_client_config,
dns: DnsController::init(db, &net_iface.watcher).await?,
forward: InterfacePortForwardController::new(net_iface.watcher.subscribe()),
@@ -237,6 +250,7 @@ impl NetServiceData {
connect_ssl: connect_ssl
.clone()
.map(|_| ctrl.tls_client_config.clone()),
passthrough: false,
},
);
}
@@ -253,7 +267,9 @@ impl NetServiceData {
_ => continue,
}
let domain = &addr_info.hostname;
let domain_ssl_port = addr_info.port.unwrap_or(443);
let Some(domain_ssl_port) = addr_info.port else {
continue;
};
let key = (Some(domain.clone()), domain_ssl_port);
let target = vhosts.entry(key).or_insert_with(|| ProxyTarget {
public: BTreeSet::new(),
@@ -266,6 +282,7 @@ impl NetServiceData {
addr,
add_x_forwarded_headers: ssl.add_x_forwarded_headers,
connect_ssl: connect_ssl.clone().map(|_| ctrl.tls_client_config.clone()),
passthrough: false,
});
if addr_info.public {
for gw in addr_info.metadata.gateways() {
@@ -317,6 +334,53 @@ impl NetServiceData {
),
);
}
// Passthrough vhosts: if the service handles its own TLS
// (secure.ssl && no add_ssl) and a domain address is enabled on
// an SSL port different from assigned_port, add a passthrough
// vhost so the service's TLS endpoint is reachable on that port.
if bind.options.secure.map_or(false, |s| s.ssl) && bind.options.add_ssl.is_none() {
let assigned = bind.net.assigned_port;
for addr_info in &enabled_addresses {
if !addr_info.ssl {
continue;
}
let Some(pt_port) = addr_info.port.filter(|p| assigned != Some(*p)) else {
continue;
};
match &addr_info.metadata {
HostnameMetadata::PublicDomain { .. }
| HostnameMetadata::PrivateDomain { .. } => {}
_ => continue,
}
let domain = &addr_info.hostname;
let key = (Some(domain.clone()), pt_port);
let target = vhosts.entry(key).or_insert_with(|| ProxyTarget {
public: BTreeSet::new(),
private: BTreeSet::new(),
acme: None,
addr,
add_x_forwarded_headers: false,
connect_ssl: Err(AlpnInfo::Reflect),
passthrough: true,
});
if addr_info.public {
for gw in addr_info.metadata.gateways() {
target.public.insert(gw.clone());
}
} else {
for gw in addr_info.metadata.gateways() {
if let Some(info) = net_ifaces.get(gw) {
if let Some(ip_info) = &info.ip_info {
for subnet in &ip_info.subnets {
target.private.insert(subnet.addr());
}
}
}
}
}
}
}
}
// ── Phase 3: Reconcile ──

5
core/src/net/ssl.rs
View File

@@ -36,7 +36,7 @@ use crate::db::{DbAccess, DbAccessMut};
use crate::hostname::ServerHostname;
use crate::init::check_time_is_synchronized;
use crate::net::gateway::GatewayInfo;
use crate::net::tls::TlsHandler;
use crate::net::tls::{TlsHandler, TlsHandlerAction};
use crate::net::web_server::{Accept, ExtractVisitor, TcpMetadata, extract};
use crate::prelude::*;
use crate::util::serde::Pem;
@@ -620,7 +620,7 @@ where
&mut self,
hello: &ClientHello<'_>,
metadata: &<A as Accept>::Metadata,
) -> Option<ServerConfig> {
) -> Option<TlsHandlerAction> {
let hostnames: BTreeSet<InternedString> = hello
.server_name()
.map(InternedString::from)
@@ -684,5 +684,6 @@ where
)
}
.log_err()
.map(TlsHandlerAction::Tls)
}
}

99
core/src/net/tls.rs
View File

@@ -16,6 +16,14 @@ use tokio_rustls::rustls::sign::CertifiedKey;
use tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerConfig};
use visit_rs::{Visit, VisitFields};
/// Result of a TLS handler's decision about how to handle a connection.
pub enum TlsHandlerAction {
/// Complete the TLS handshake with this ServerConfig.
Tls(ServerConfig),
/// Don't complete TLS — rewind the BackTrackingIO and return the raw stream.
Passthrough,
}
use crate::net::http::handle_http_on_https;
use crate::net::web_server::{Accept, AcceptStream, MetadataVisitor};
use crate::prelude::*;
@@ -50,7 +58,7 @@ pub trait TlsHandler<'a, A: Accept> {
&'a mut self,
hello: &'a ClientHello<'a>,
metadata: &'a A::Metadata,
) -> impl Future<Output = Option<ServerConfig>> + Send + 'a;
) -> impl Future<Output = Option<TlsHandlerAction>> + Send + 'a;
}
#[derive(Clone)]
@@ -66,7 +74,7 @@ where
&'a mut self,
hello: &'a ClientHello<'a>,
metadata: &'a <A as Accept>::Metadata,
) -> Option<ServerConfig> {
) -> Option<TlsHandlerAction> {
if let Some(config) = self.0.get_config(hello, metadata).await {
return Some(config);
}
@@ -86,7 +94,7 @@ pub trait WrapTlsHandler<A: Accept> {
prev: ServerConfig,
hello: &'a ClientHello<'a>,
metadata: &'a <A as Accept>::Metadata,
) -> impl Future<Output = Option<ServerConfig>> + Send + 'a
) -> impl Future<Output = Option<TlsHandlerAction>> + Send + 'a
where
Self: 'a;
}
@@ -102,9 +110,12 @@ where
&'a mut self,
hello: &'a ClientHello<'a>,
metadata: &'a <A as Accept>::Metadata,
) -> Option<ServerConfig> {
let prev = self.inner.get_config(hello, metadata).await?;
self.wrapper.wrap(prev, hello, metadata).await
) -> Option<TlsHandlerAction> {
let action = self.inner.get_config(hello, metadata).await?;
match action {
TlsHandlerAction::Tls(cfg) => self.wrapper.wrap(cfg, hello, metadata).await,
other => Some(other),
}
}
}
@@ -203,34 +214,56 @@ where
}
};
let hello = mid.client_hello();
if let Some(cfg) = tls_handler.get_config(&hello, &metadata).await {
let buffered = mid.io.stop_buffering();
mid.io
.write_all(&buffered)
.await
.with_kind(ErrorKind::Network)?;
return Ok(match mid.into_stream(Arc::new(cfg)).await {
Ok(stream) => {
let s = stream.get_ref().1;
Some((
TlsMetadata {
inner: metadata,
tls_info: TlsHandshakeInfo {
sni: s.server_name().map(InternedString::intern),
alpn: s
.alpn_protocol()
.map(|a| MaybeUtf8String(a.to_vec())),
let sni = hello.server_name().map(InternedString::intern);
match tls_handler.get_config(&hello, &metadata).await {
Some(TlsHandlerAction::Tls(cfg)) => {
let buffered = mid.io.stop_buffering();
mid.io
.write_all(&buffered)
.await
.with_kind(ErrorKind::Network)?;
return Ok(match mid.into_stream(Arc::new(cfg)).await {
Ok(stream) => {
let s = stream.get_ref().1;
Some((
TlsMetadata {
inner: metadata,
tls_info: TlsHandshakeInfo {
sni: s
.server_name()
.map(InternedString::intern),
alpn: s
.alpn_protocol()
.map(|a| MaybeUtf8String(a.to_vec())),
},
},
},
Box::pin(stream) as AcceptStream,
))
}
Err(e) => {
tracing::trace!("Error completing TLS handshake: {e}");
tracing::trace!("{e:?}");
None
}
});
Box::pin(stream) as AcceptStream,
))
}
Err(e) => {
tracing::trace!("Error completing TLS handshake: {e}");
tracing::trace!("{e:?}");
None
}
});
}
Some(TlsHandlerAction::Passthrough) => {
let (dummy, _drop) = tokio::io::duplex(1);
let mut bt = std::mem::replace(
&mut mid.io,
BackTrackingIO::new(Box::pin(dummy) as AcceptStream),
);
drop(mid);
bt.rewind();
return Ok(Some((
TlsMetadata {
inner: metadata,
tls_info: TlsHandshakeInfo { sni, alpn: None },
},
Box::pin(bt) as AcceptStream,
)));
}
None => {}
}
Ok(None)

335
core/src/net/vhost.rs
View File

@@ -6,12 +6,13 @@ use std::sync::{Arc, Weak};
use std::task::{Poll, ready};
use async_acme::acme::ACME_TLS_ALPN_NAME;
use clap::Parser;
use color_eyre::eyre::eyre;
use futures::FutureExt;
use futures::future::BoxFuture;
use imbl::OrdMap;
use imbl_value::{InOMap, InternedString};
use rpc_toolkit::{Context, HandlerArgs, HandlerExt, ParentHandler, from_fn};
use rpc_toolkit::{Context, HandlerArgs, HandlerExt, ParentHandler, from_fn, from_fn_async};
use serde::{Deserialize, Serialize};
use tokio::net::{TcpListener, TcpStream};
use tokio_rustls::TlsConnector;
@@ -35,7 +36,7 @@ use crate::net::gateway::{
};
use crate::net::ssl::{CertStore, RootCaTlsHandler};
use crate::net::tls::{
ChainedHandler, TlsHandlerWrapper, TlsListener, TlsMetadata, WrapTlsHandler,
ChainedHandler, TlsHandlerAction, TlsHandlerWrapper, TlsListener, TlsMetadata, WrapTlsHandler,
};
use crate::net::utils::ipv6_is_link_local;
use crate::net::web_server::{Accept, AcceptStream, ExtractVisitor, TcpMetadata, extract};
@@ -46,68 +47,228 @@ use crate::util::serde::{HandlerExtSerde, MaybeUtf8String, display_serializable}
use crate::util::sync::{SyncMutex, Watch};
use crate::{GatewayId, ResultExt};
#[derive(Debug, Clone, Deserialize, Serialize, HasModel, TS)]
#[serde(rename_all = "camelCase")]
#[model = "Model<Self>"]
#[ts(export)]
pub struct PassthroughInfo {
#[ts(type = "string")]
pub hostname: InternedString,
pub listen_port: u16,
#[ts(type = "string")]
pub backend: SocketAddr,
#[ts(type = "string[]")]
pub public_gateways: BTreeSet<GatewayId>,
#[ts(type = "string[]")]
pub private_ips: BTreeSet<IpAddr>,
}
#[derive(Debug, Clone, Deserialize, Serialize, Parser)]
#[serde(rename_all = "kebab-case")]
struct AddPassthroughParams {
#[arg(long)]
pub hostname: InternedString,
#[arg(long)]
pub listen_port: u16,
#[arg(long)]
pub backend: SocketAddr,
#[arg(long)]
pub public_gateway: Vec<GatewayId>,
#[arg(long)]
pub private_ip: Vec<IpAddr>,
}
#[derive(Debug, Clone, Deserialize, Serialize, Parser)]
#[serde(rename_all = "kebab-case")]
struct RemovePassthroughParams {
#[arg(long)]
pub hostname: InternedString,
#[arg(long)]
pub listen_port: u16,
}
pub fn vhost_api<C: Context>() -> ParentHandler<C> {
ParentHandler::new().subcommand(
"dump-table",
from_fn(|ctx: RpcContext| Ok(ctx.net_controller.vhost.dump_table()))
.with_display_serializable()
.with_custom_display_fn(|HandlerArgs { params, .. }, res| {
use prettytable::*;
ParentHandler::new()
.subcommand(
"dump-table",
from_fn(dump_table)
.with_display_serializable()
.with_custom_display_fn(|HandlerArgs { params, .. }, res| {
use prettytable::*;
if let Some(format) = params.format {
display_serializable(format, res)?;
return Ok::<_, Error>(());
}
if let Some(format) = params.format {
display_serializable(format, res)?;
return Ok::<_, Error>(());
}
let mut table = Table::new();
table.add_row(row![bc => "FROM", "TO", "ACTIVE"]);
let mut table = Table::new();
table.add_row(row![bc => "FROM", "TO", "ACTIVE"]);
for (external, targets) in res {
for (host, targets) in targets {
for (idx, target) in targets.into_iter().enumerate() {
table.add_row(row![
format!(
"{}:{}",
host.as_ref().map(|s| &**s).unwrap_or("*"),
external.0
),
target,
idx == 0
]);
for (external, targets) in res {
for (host, targets) in targets {
for (idx, target) in targets.into_iter().enumerate() {
table.add_row(row![
format!(
"{}:{}",
host.as_ref().map(|s| &**s).unwrap_or("*"),
external.0
),
target,
idx == 0
]);
}
}
}
}
table.print_tty(false)?;
table.print_tty(false)?;
Ok(())
})
.with_call_remote::<CliContext>(),
)
Ok(())
})
.with_call_remote::<CliContext>(),
)
.subcommand(
"add-passthrough",
from_fn_async(add_passthrough)
.no_display()
.with_call_remote::<CliContext>(),
)
.subcommand(
"remove-passthrough",
from_fn_async(remove_passthrough)
.no_display()
.with_call_remote::<CliContext>(),
)
.subcommand(
"list-passthrough",
from_fn(list_passthrough)
.with_display_serializable()
.with_call_remote::<CliContext>(),
)
}
fn dump_table(
ctx: RpcContext,
) -> Result<BTreeMap<JsonKey<u16>, BTreeMap<JsonKey<Option<InternedString>>, EqSet<String>>>, Error>
{
Ok(ctx.net_controller.vhost.dump_table())
}
async fn add_passthrough(
ctx: RpcContext,
AddPassthroughParams {
hostname,
listen_port,
backend,
public_gateway,
private_ip,
}: AddPassthroughParams,
) -> Result<(), Error> {
let public_gateways: BTreeSet<GatewayId> = public_gateway.into_iter().collect();
let private_ips: BTreeSet<IpAddr> = private_ip.into_iter().collect();
ctx.net_controller.vhost.add_passthrough(
hostname.clone(),
listen_port,
backend,
public_gateways.clone(),
private_ips.clone(),
)?;
ctx.db
.mutate(|db| {
let pts = db
.as_public_mut()
.as_server_info_mut()
.as_network_mut()
.as_passthroughs_mut();
let mut vec: Vec<PassthroughInfo> = pts.de()?;
vec.retain(|p| !(p.hostname == hostname && p.listen_port == listen_port));
vec.push(PassthroughInfo {
hostname,
listen_port,
backend,
public_gateways,
private_ips,
});
pts.ser(&vec)
})
.await
.result?;
Ok(())
}
async fn remove_passthrough(
ctx: RpcContext,
RemovePassthroughParams {
hostname,
listen_port,
}: RemovePassthroughParams,
) -> Result<(), Error> {
ctx.net_controller
.vhost
.remove_passthrough(&hostname, listen_port);
ctx.db
.mutate(|db| {
let pts = db
.as_public_mut()
.as_server_info_mut()
.as_network_mut()
.as_passthroughs_mut();
let mut vec: Vec<PassthroughInfo> = pts.de()?;
vec.retain(|p| !(p.hostname == hostname && p.listen_port == listen_port));
pts.ser(&vec)
})
.await
.result?;
Ok(())
}
fn list_passthrough(ctx: RpcContext) -> Result<Vec<PassthroughInfo>, Error> {
Ok(ctx.net_controller.vhost.list_passthrough())
}
// not allowed: <=1024, >=32768, 5355, 5432, 9050, 6010, 9051, 5353
struct PassthroughHandle {
_rc: Arc<()>,
backend: SocketAddr,
public: BTreeSet<GatewayId>,
private: BTreeSet<IpAddr>,
}
pub struct VHostController {
db: TypedPatchDb<Database>,
interfaces: Arc<NetworkInterfaceController>,
crypto_provider: Arc<CryptoProvider>,
acme_cache: AcmeTlsAlpnCache,
servers: SyncMutex<BTreeMap<u16, VHostServer<VHostBindListener>>>,
passthrough_handles: SyncMutex<BTreeMap<(InternedString, u16), PassthroughHandle>>,
}
impl VHostController {
pub fn new(
db: TypedPatchDb<Database>,
interfaces: Arc<NetworkInterfaceController>,
crypto_provider: Arc<CryptoProvider>,
passthroughs: Vec<PassthroughInfo>,
) -> Self {
Self {
let controller = Self {
db,
interfaces,
crypto_provider,
acme_cache: Arc::new(SyncMutex::new(BTreeMap::new())),
servers: SyncMutex::new(BTreeMap::new()),
passthrough_handles: SyncMutex::new(BTreeMap::new()),
};
for pt in passthroughs {
if let Err(e) = controller.add_passthrough(
pt.hostname,
pt.listen_port,
pt.backend,
pt.public_gateways,
pt.private_ips,
) {
tracing::warn!("failed to restore passthrough: {e}");
}
}
controller
}
#[instrument(skip_all)]
pub fn add(
@@ -120,20 +281,7 @@ impl VHostController {
let server = if let Some(server) = writable.remove(&external) {
server
} else {
let bind_reqs = Watch::new(VHostBindRequirements::default());
let listener = VHostBindListener {
ip_info: self.interfaces.watcher.subscribe(),
port: external,
bind_reqs: bind_reqs.clone_unseen(),
listeners: BTreeMap::new(),
};
VHostServer::new(
listener,
bind_reqs,
self.db.clone(),
self.crypto_provider.clone(),
self.acme_cache.clone(),
)
self.create_server(external)
};
let rc = server.add(hostname, target);
writable.insert(external, server);
@@ -141,6 +289,75 @@ impl VHostController {
})
}
fn create_server(&self, port: u16) -> VHostServer<VHostBindListener> {
let bind_reqs = Watch::new(VHostBindRequirements::default());
let listener = VHostBindListener {
ip_info: self.interfaces.watcher.subscribe(),
port,
bind_reqs: bind_reqs.clone_unseen(),
listeners: BTreeMap::new(),
};
VHostServer::new(
listener,
bind_reqs,
self.db.clone(),
self.crypto_provider.clone(),
self.acme_cache.clone(),
)
}
pub fn add_passthrough(
&self,
hostname: InternedString,
port: u16,
backend: SocketAddr,
public: BTreeSet<GatewayId>,
private: BTreeSet<IpAddr>,
) -> Result<(), Error> {
let target = ProxyTarget {
public: public.clone(),
private: private.clone(),
acme: None,
addr: backend,
add_x_forwarded_headers: false,
connect_ssl: Err(AlpnInfo::Reflect),
passthrough: true,
};
let rc = self.add(Some(hostname.clone()), port, DynVHostTarget::new(target))?;
self.passthrough_handles.mutate(|h| {
h.insert(
(hostname, port),
PassthroughHandle {
_rc: rc,
backend,
public,
private,
},
);
});
Ok(())
}
pub fn remove_passthrough(&self, hostname: &InternedString, port: u16) {
self.passthrough_handles
.mutate(|h| h.remove(&(hostname.clone(), port)));
self.gc(Some(hostname.clone()), port);
}
pub fn list_passthrough(&self) -> Vec<PassthroughInfo> {
self.passthrough_handles.peek(|h| {
h.iter()
.map(|((hostname, port), handle)| PassthroughInfo {
hostname: hostname.clone(),
listen_port: *port,
backend: handle.backend,
public_gateways: handle.public.clone(),
private_ips: handle.private.clone(),
})
.collect()
})
}
pub fn dump_table(
&self,
) -> BTreeMap<JsonKey<u16>, BTreeMap<JsonKey<Option<InternedString>>, EqSet<String>>> {
@@ -330,6 +547,9 @@ pub trait VHostTarget<A: Accept>: std::fmt::Debug + Eq {
fn bind_requirements(&self) -> (BTreeSet<GatewayId>, BTreeSet<IpAddr>) {
(BTreeSet::new(), BTreeSet::new())
}
fn is_passthrough(&self) -> bool {
false
}
fn preprocess<'a>(
&'a self,
prev: ServerConfig,
@@ -349,6 +569,7 @@ pub trait DynVHostTargetT<A: Accept>: std::fmt::Debug + Any {
fn filter(&self, metadata: &<A as Accept>::Metadata) -> bool;
fn acme(&self) -> Option<&AcmeProvider>;
fn bind_requirements(&self) -> (BTreeSet<GatewayId>, BTreeSet<IpAddr>);
fn is_passthrough(&self) -> bool;
fn preprocess<'a>(
&'a self,
prev: ServerConfig,
@@ -373,6 +594,9 @@ impl<A: Accept, T: VHostTarget<A> + 'static> DynVHostTargetT<A> for T {
fn acme(&self) -> Option<&AcmeProvider> {
VHostTarget::acme(self)
}
fn is_passthrough(&self) -> bool {
VHostTarget::is_passthrough(self)
}
fn bind_requirements(&self) -> (BTreeSet<GatewayId>, BTreeSet<IpAddr>) {
VHostTarget::bind_requirements(self)
}
@@ -459,6 +683,7 @@ pub struct ProxyTarget {
pub addr: SocketAddr,
pub add_x_forwarded_headers: bool,
pub connect_ssl: Result<Arc<ClientConfig>, AlpnInfo>, // Ok: yes, connect using ssl, pass through alpn; Err: connect tcp, use provided strategy for alpn
pub passthrough: bool,
}
impl PartialEq for ProxyTarget {
fn eq(&self, other: &Self) -> bool {
@@ -466,6 +691,7 @@ impl PartialEq for ProxyTarget {
&& self.private == other.private
&& self.acme == other.acme
&& self.addr == other.addr
&& self.passthrough == other.passthrough
&& self.connect_ssl.as_ref().map(Arc::as_ptr)
== other.connect_ssl.as_ref().map(Arc::as_ptr)
}
@@ -480,6 +706,7 @@ impl fmt::Debug for ProxyTarget {
.field("addr", &self.addr)
.field("add_x_forwarded_headers", &self.add_x_forwarded_headers)
.field("connect_ssl", &self.connect_ssl.as_ref().map(|_| ()))
.field("passthrough", &self.passthrough)
.finish()
}
}
@@ -524,6 +751,9 @@ where
fn bind_requirements(&self) -> (BTreeSet<GatewayId>, BTreeSet<IpAddr>) {
(self.public.clone(), self.private.clone())
}
fn is_passthrough(&self) -> bool {
self.passthrough
}
async fn preprocess<'a>(
&'a self,
mut prev: ServerConfig,
@@ -677,7 +907,7 @@ where
prev: ServerConfig,
hello: &'a ClientHello<'a>,
metadata: &'a <A as Accept>::Metadata,
) -> Option<ServerConfig>
) -> Option<TlsHandlerAction>
where
Self: 'a,
{
@@ -687,7 +917,7 @@ where
.flatten()
.any(|a| a == ACME_TLS_ALPN_NAME)
{
return Some(prev);
return Some(TlsHandlerAction::Tls(prev));
}
let (target, rc) = self.0.peek(|m| {
@@ -700,11 +930,16 @@ where
.map(|(t, rc)| (t.clone(), rc.clone()))
})?;
let is_pt = target.0.is_passthrough();
let (prev, store) = target.into_preprocessed(rc, prev, hello, metadata).await?;
self.1 = Some(store);
Some(prev)
if is_pt {
Some(TlsHandlerAction::Passthrough)
} else {
Some(TlsHandlerAction::Tls(prev))
}
}
}

87
core/src/os_install/mod.rs
View File

@@ -27,6 +27,63 @@ use crate::util::serde::IoFormat;
mod gpt;
mod mbr;
/// Get the EFI BootCurrent entry number (the entry firmware used to boot).
/// Returns None on non-EFI systems or if BootCurrent is not set.
async fn get_efi_boot_current() -> Result<Option<String>, Error> {
let efi_output = String::from_utf8(
Command::new("efibootmgr")
.invoke(ErrorKind::Grub)
.await?,
)
.map_err(|e| Error::new(eyre!("efibootmgr output not valid UTF-8: {e}"), ErrorKind::Grub))?;
Ok(efi_output
.lines()
.find(|line| line.starts_with("BootCurrent:"))
.and_then(|line| line.strip_prefix("BootCurrent:"))
.map(|s| s.trim().to_string()))
}
/// Promote a specific boot entry to first in the EFI boot order.
async fn promote_efi_entry(entry: &str) -> Result<(), Error> {
let efi_output = String::from_utf8(
Command::new("efibootmgr")
.invoke(ErrorKind::Grub)
.await?,
)
.map_err(|e| Error::new(eyre!("efibootmgr output not valid UTF-8: {e}"), ErrorKind::Grub))?;
let current_order = efi_output
.lines()
.find(|line| line.starts_with("BootOrder:"))
.and_then(|line| line.strip_prefix("BootOrder:"))
.map(|s| s.trim())
.unwrap_or("");
if current_order.is_empty() || current_order.starts_with(entry) {
return Ok(());
}
let other_entries: Vec<&str> = current_order
.split(',')
.filter(|e| e.trim() != entry)
.collect();
let new_order = if other_entries.is_empty() {
entry.to_string()
} else {
format!("{},{}", entry, other_entries.join(","))
};
Command::new("efibootmgr")
.arg("-o")
.arg(&new_order)
.invoke(ErrorKind::Grub)
.await?;
Ok(())
}
/// Probe a squashfs image to determine its target architecture
async fn probe_squashfs_arch(squashfs_path: &Path) -> Result<InternedString, Error> {
let output = String::from_utf8(
@@ -359,7 +416,6 @@ pub async fn install_os_to(
"riscv64" => install.arg("--target=riscv64-efi"),
_ => &mut install,
};
install.arg("--no-nvram");
}
install
.arg(disk_path)
@@ -429,6 +485,21 @@ pub async fn install_os(
});
let use_efi = tokio::fs::metadata("/sys/firmware/efi").await.is_ok();
// Save the boot entry we booted from (the USB installer) before grub-install
// overwrites the boot order.
let boot_current = if use_efi {
match get_efi_boot_current().await {
Ok(entry) => entry,
Err(e) => {
tracing::warn!("Failed to get EFI BootCurrent: {e}");
None
}
}
} else {
None
};
let InstallOsResult { part_info, rootfs } = install_os_to(
"/run/live/medium/live/filesystem.squashfs",
&disk.logicalname,
@@ -440,6 +511,20 @@ pub async fn install_os(
)
.await?;
// grub-install prepends its new entry to the EFI boot order, overriding the
// USB-first priority. Promote the USB entry (identified by BootCurrent from
// when we booted the installer) back to first, and persist the entry number
// so the upgrade script can do the same.
if let Some(ref entry) = boot_current {
if let Err(e) = promote_efi_entry(entry).await {
tracing::warn!("Failed to restore EFI boot order: {e}");
}
let efi_entry_path = rootfs.path().join("config/efi-installer-entry");
if let Err(e) = tokio::fs::write(&efi_entry_path, entry).await {
tracing::warn!("Failed to save EFI installer entry number: {e}");
}
}
ctx.config
.mutate(|c| c.os_partitions = Some(part_info.clone()));

20
core/src/system/mod.rs
View File

@@ -1238,19 +1238,13 @@ pub async fn test_smtp(
.body("This is a test email sent from your StartOS Server".to_owned())?;
let transport = match security {
SmtpSecurity::Starttls => AsyncSmtpTransport::<Tokio1Executor>::relay(&host)?
.port(port)
.credentials(creds)
.build(),
SmtpSecurity::Tls => {
let tls = TlsParameters::new(host.clone())?;
AsyncSmtpTransport::<Tokio1Executor>::relay(&host)?
.port(port)
.tls(Tls::Wrapper(tls))
.credentials(creds)
.build()
}
};
SmtpSecurity::Starttls => AsyncSmtpTransport::<Tokio1Executor>::starttls_relay(&host)?,
SmtpSecurity::Tls => AsyncSmtpTransport::<Tokio1Executor>::relay(&host)?,
}
.port(port)
.tls(Tls::Wrapper(TlsParameters::new(host.clone())?))
.credentials(creds)
.build();
transport.send(message).await?;
Ok(())

28
core/src/tunnel/web.rs
View File

@@ -20,7 +20,7 @@ use ts_rs::TS;
use crate::context::CliContext;
use crate::hostname::ServerHostname;
use crate::net::ssl::{SANInfo, root_ca_start_time};
use crate::net::tls::TlsHandler;
use crate::net::tls::{TlsHandler, TlsHandlerAction};
use crate::net::web_server::Accept;
use crate::prelude::*;
use crate::tunnel::auth::SetPasswordParams;
@@ -59,7 +59,7 @@ where
&'a mut self,
_: &'a ClientHello<'a>,
_: &'a <A as Accept>::Metadata,
) -> Option<ServerConfig> {
) -> Option<TlsHandlerAction> {
let cert_info = self
.db
.peek()
@@ -88,7 +88,7 @@ where
.log_err()?;
cfg.alpn_protocols
.extend([b"http/1.1".into(), b"h2".into()]);
Some(cfg)
Some(TlsHandlerAction::Tls(cfg))
}
}
@@ -524,26 +524,26 @@ pub async fn init_web(ctx: CliContext) -> Result<(), Error> {
"To access your Web URL securely, trust your Root CA (displayed above) on your client device(s):\n",
" - MacOS\n",
" 1. Open the Terminal app\n",
" 2. Paste the following command (**DO NOT** click Return): pbcopy < ~/Desktop/ca.crt\n",
" 2. Type or copy/paste the following command (**DO NOT** click Enter/Return yet): pbpaste > ~/Desktop/tunnel-ca.crt\n",
" 3. Copy your Root CA (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)\n",
" 4. Back in Terminal, click Return. ca.crt is saved to your Desktop\n",
" 5. Complete by trusting your Root CA: https://docs.start9.com/device-guides/mac/ca.html\n",
" 4. Back in Terminal, click Enter/Return. tunnel-ca.crt is saved to your Desktop\n",
" 5. Complete by trusting your Root CA: https://docs.start9.com/start-os/0.4.0.x/user-manual/trust-ca.html?platform=Mac\n",
" - Linux\n",
" 1. Open gedit, nano, or any editor\n",
" 2. Copy/paste your Root CA (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)\n",
" 3. Name the file ca.crt and save as plaintext\n",
" 4. Complete by trusting your Root CA: https://docs.start9.com/device-guides/linux/ca.html\n",
" 3. Name the file tunnel-ca.crt and save as plaintext\n",
" 4. Complete by trusting your Root CA: https://docs.start9.com/start-os/0.4.0.x/user-manual/trust-ca.html?platform=Debian+%252F+Ubuntu\n",
" - Windows\n",
" 1. Open the Notepad app\n",
" 2. Copy/paste your Root CA (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)\n",
" 3. Name the file ca.crt and save as plaintext\n",
" 4. Complete by trusting your Root CA: https://docs.start9.com/device-guides/windows/ca.html\n",
" 3. Name the file tunnel-ca.crt and save as plaintext\n",
" 4. Complete by trusting your Root CA: https://docs.start9.com/start-os/0.4.0.x/user-manual/trust-ca.html?platform=Windows\n",
" - Android/Graphene\n",
" 1. Send the ca.crt file (created above) to yourself\n",
" 2. Complete by trusting your Root CA: https://docs.start9.com/device-guides/android/ca.html\n",
" 1. Send the tunnel-ca.crt file (created above) to yourself\n",
" 2. Complete by trusting your Root CA: https://docs.start9.com/start-os/0.4.0.x/user-manual/trust-ca.html?platform=Android+%252F+Graphene\n",
" - iOS\n",
" 1. Send the ca.crt file (created above) to yourself\n",
" 2. Complete by trusting your Root CA: https://docs.start9.com/device-guides/ios/ca.html\n",
" 1. Send the tunnel-ca.crt file (created above) to yourself\n",
" 2. Complete by trusting your Root CA: https://docs.start9.com/start-os/0.4.0.x/user-manual/trust-ca.html?platform=iOS\n",
));
return Ok(());

87
sdk/base/lib/actions/input/inputSpecConstants.ts
View File

@@ -1,41 +1,57 @@
import { SmtpValue } from '../../types'
import { GetSystemSmtp, Patterns } from '../../util'
import { InputSpec, InputSpecOf } from './builder/inputSpec'
import { InputSpec } from './builder/inputSpec'
import { Value } from './builder/value'
import { Variants } from './builder/variants'
const securityVariants = Variants.of({
tls: {
name: 'TLS',
spec: InputSpec.of({
port: Value.dynamicText(async () => ({
name: 'Port',
required: true,
default: '465',
disabled: 'Fixed for TLS',
})),
}),
},
starttls: {
name: 'STARTTLS',
spec: InputSpec.of({
port: Value.select({
name: 'Port',
default: '587',
values: { '25': '25', '587': '587', '2525': '2525' },
}),
}),
},
})
/**
* Creates an SMTP field spec with provider-specific defaults pre-filled.
*/
function smtpFields(
defaults: {
host?: string
port?: number
security?: 'starttls' | 'tls'
hostDisabled?: boolean
} = {},
): InputSpec<SmtpValue> {
return InputSpec.of<InputSpecOf<SmtpValue>>({
host: Value.text({
name: 'Host',
required: true,
default: defaults.host ?? null,
placeholder: 'smtp.example.com',
}),
port: Value.number({
name: 'Port',
required: true,
default: defaults.port ?? 587,
min: 1,
max: 65535,
integer: true,
}),
security: Value.select({
) {
const hostSpec = Value.text({
name: 'Host',
required: true,
default: defaults.host ?? null,
placeholder: 'smtp.example.com',
})
return InputSpec.of({
host: defaults.hostDisabled
? hostSpec.withDisabled('Fixed for this provider')
: hostSpec,
security: Value.union({
name: 'Connection Security',
default: defaults.security ?? 'starttls',
values: {
starttls: 'STARTTLS',
tls: 'TLS',
},
default: defaults.security ?? 'tls',
variants: securityVariants,
}),
from: Value.text({
name: 'From Address',
@@ -72,40 +88,39 @@ export const smtpProviderVariants = Variants.of({
name: 'Gmail',
spec: smtpFields({
host: 'smtp.gmail.com',
port: 587,
security: 'starttls',
security: 'tls',
hostDisabled: true,
}),
},
ses: {
name: 'Amazon SES',
spec: smtpFields({
host: 'email-smtp.us-east-1.amazonaws.com',
port: 587,
security: 'starttls',
security: 'tls',
}),
},
sendgrid: {
name: 'SendGrid',
spec: smtpFields({
host: 'smtp.sendgrid.net',
port: 587,
security: 'starttls',
security: 'tls',
hostDisabled: true,
}),
},
mailgun: {
name: 'Mailgun',
spec: smtpFields({
host: 'smtp.mailgun.org',
port: 587,
security: 'starttls',
security: 'tls',
hostDisabled: true,
}),
},
protonmail: {
name: 'Proton Mail',
spec: smtpFields({
host: 'smtp.protonmail.ch',
port: 587,
security: 'starttls',
security: 'tls',
hostDisabled: true,
}),
},
other: {
@@ -121,7 +136,7 @@ export const smtpProviderVariants = Variants.of({
export const systemSmtpSpec = InputSpec.of({
provider: Value.union({
name: 'Provider',
default: null as any,
default: 'gmail',
variants: smtpProviderVariants,
}),
})

10
sdk/base/lib/interfaces/Host.ts
View File

@@ -14,28 +14,34 @@ export const knownProtocols = {
defaultPort: 80,
withSsl: 'https',
alpn: { specified: ['http/1.1'] } as AlpnInfo,
addXForwardedHeaders: true,
},
https: {
secure: { ssl: true },
defaultPort: 443,
addXForwardedHeaders: true,
},
ws: {
secure: null,
defaultPort: 80,
withSsl: 'wss',
alpn: { specified: ['http/1.1'] } as AlpnInfo,
addXForwardedHeaders: true,
},
wss: {
secure: { ssl: true },
defaultPort: 443,
addXForwardedHeaders: true,
},
ssh: {
secure: { ssl: false },
defaultPort: 22,
addXForwardedHeaders: false,
},
dns: {
secure: { ssl: false },
defaultPort: 53,
addXForwardedHeaders: false,
},
} as const
@@ -136,7 +142,7 @@ export class MultiHost {
const sslProto = this.getSslProto(options)
const addSsl = sslProto
? {
addXForwardedHeaders: false,
addXForwardedHeaders: knownProtocols[sslProto].addXForwardedHeaders,
preferredExternalPort: knownProtocols[sslProto].defaultPort,
scheme: sslProto,
alpn: 'alpn' in protoInfo ? protoInfo.alpn : null,
@@ -148,7 +154,7 @@ export class MultiHost {
preferredExternalPort: 443,
scheme: sslProto,
alpn: null,
...('addSsl' in options ? options.addSsl : null),
...options.addSsl,
}
: null

1
sdk/base/lib/osBindings/AddPublicDomainParams.ts
View File

@@ -6,4 +6,5 @@ export type AddPublicDomainParams = {
fqdn: string
acme: AcmeProvider | null
gateway: GatewayId
internalPort: number
}

4
sdk/base/lib/osBindings/AddPublicDomainRes.ts Normal file
View File

@@ -0,0 +1,4 @@
// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
import type { CheckPortRes } from './CheckPortRes'
export type AddPublicDomainRes = { dns: string | null; port: CheckPortRes }

2
sdk/base/lib/osBindings/NetworkInfo.ts
View File

@@ -5,6 +5,7 @@ import type { DnsSettings } from './DnsSettings'
import type { GatewayId } from './GatewayId'
import type { Host } from './Host'
import type { NetworkInterfaceInfo } from './NetworkInterfaceInfo'
import type { PassthroughInfo } from './PassthroughInfo'
import type { WifiInfo } from './WifiInfo'
export type NetworkInfo = {
@@ -14,4 +15,5 @@ export type NetworkInfo = {
acme: { [key: AcmeProvider]: AcmeSettings }
dns: DnsSettings
defaultOutbound: string | null
passthroughs: Array<PassthroughInfo>
}

9
sdk/base/lib/osBindings/PassthroughInfo.ts Normal file
View File

@@ -0,0 +1,9 @@
// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
export type PassthroughInfo = {
hostname: string
listenPort: number
backend: string
publicGateways: string[]
privateIps: string[]
}

2
sdk/base/lib/osBindings/index.ts
View File

@@ -19,6 +19,7 @@ export { AddPackageSignerParams } from './AddPackageSignerParams'
export { AddPackageToCategoryParams } from './AddPackageToCategoryParams'
export { AddPrivateDomainParams } from './AddPrivateDomainParams'
export { AddPublicDomainParams } from './AddPublicDomainParams'
export { AddPublicDomainRes } from './AddPublicDomainRes'
export { AddressInfo } from './AddressInfo'
export { AddSslOptions } from './AddSslOptions'
export { AddTunnelParams } from './AddTunnelParams'
@@ -201,6 +202,7 @@ export { PackagePlugin } from './PackagePlugin'
export { PackageState } from './PackageState'
export { PackageVersionInfo } from './PackageVersionInfo'
export { PartitionInfo } from './PartitionInfo'
export { PassthroughInfo } from './PassthroughInfo'
export { PasswordType } from './PasswordType'
export { PathOrUrl } from './PathOrUrl'
export { Pem } from './Pem'

32
sdk/base/lib/types.ts
View File

@@ -1,25 +1,25 @@
export * as inputSpecTypes from './actions/input/inputSpecTypes'
export {
CurrentDependenciesResult,
OptionalDependenciesOf as OptionalDependencies,
RequiredDependenciesOf as RequiredDependencies,
} from './dependencies/setupDependencies'
export * from './osBindings'
export { SDKManifest } from './types/ManifestTypes'
export { Effects }
import { InputSpec as InputSpecClass } from './actions/input/builder/inputSpec'
import {
DependencyRequirement,
NamedHealthCheckResult,
Manifest,
ServiceInterface,
ActionId,
} from './osBindings'
import { Affine, StringObject, ToKebab } from './util'
import { Action, Actions } from './actions/setupActions'
import { Effects } from './Effects'
import { ExtendedVersion, VersionRange } from './exver'
export { Effects }
export * from './osBindings'
export { SDKManifest } from './types/ManifestTypes'
export {
RequiredDependenciesOf as RequiredDependencies,
OptionalDependenciesOf as OptionalDependencies,
CurrentDependenciesResult,
} from './dependencies/setupDependencies'
import {
ActionId,
DependencyRequirement,
Manifest,
NamedHealthCheckResult,
ServiceInterface,
} from './osBindings'
import { StringObject, ToKebab } from './util'
/** An object that can be built into a terminable daemon process. */
export type DaemonBuildable = {

111
sdk/base/lib/util/getServiceInterface.ts
View File

@@ -26,6 +26,18 @@ export const getHostname = (url: string): Hostname | null => {
return last
}
/**
* The kinds of hostnames that can be filtered on.
*
* - `'mdns'` — mDNS / Bonjour `.local` hostnames
* - `'domain'` — any os-managed domain name (matches both `'private-domain'` and `'public-domain'` metadata kinds)
* - `'ip'` — shorthand for both `'ipv4'` and `'ipv6'`
* - `'ipv4'` — IPv4 addresses only
* - `'ipv6'` — IPv6 addresses only
* - `'localhost'` — loopback addresses (`localhost`, `127.0.0.1`, `::1`)
* - `'link-local'` — IPv6 link-local addresses (fe80::/10)
* - `'plugin'` — hostnames provided by a plugin package
*/
type FilterKinds =
| 'mdns'
| 'domain'
@@ -34,10 +46,25 @@ type FilterKinds =
| 'ipv6'
| 'localhost'
| 'link-local'
| 'plugin'
/**
* Describes which hostnames to include (or exclude) when filtering a `Filled` address.
*
* Every field is optional — omitted fields impose no constraint.
* Filters are composable: the `.filter()` method intersects successive filters,
* and the `exclude` field inverts a nested filter.
*/
export type Filter = {
/** Keep only hostnames with the given visibility. `'public'` = externally reachable, `'private'` = LAN-only. */
visibility?: 'public' | 'private'
/** Keep only hostnames whose metadata kind matches. A single kind or array of kinds. `'ip'` expands to `['ipv4','ipv6']`, `'domain'` matches both `'private-domain'` and `'public-domain'`. */
kind?: FilterKinds | FilterKinds[]
/** Arbitrary predicate — hostnames for which this returns `false` are excluded. */
predicate?: (h: HostnameInfo) => boolean
/** Keep only plugin hostnames provided by this package. Implies `kind: 'plugin'`. */
pluginId?: PackageId
/** A nested filter whose matches are *removed* from the result (logical NOT). */
exclude?: Filter
}
@@ -65,9 +92,13 @@ type KindFilter<K extends FilterKinds> = K extends 'mdns'
?
| (HostnameInfo & { metadata: { kind: 'ipv6' } })
| KindFilter<Exclude<K, 'ipv6'>>
: K extends 'ip'
? KindFilter<Exclude<K, 'ip'> | 'ipv4' | 'ipv6'>
: never
: K extends 'plugin'
?
| (HostnameInfo & { metadata: { kind: 'plugin' } })
| KindFilter<Exclude<K, 'plugin'>>
: K extends 'ip'
? KindFilter<Exclude<K, 'ip'> | 'ipv4' | 'ipv6'>
: never
type FilterReturnTy<F extends Filter> = F extends {
visibility: infer V extends 'public' | 'private'
@@ -107,20 +138,62 @@ type FormatReturnTy<
? UrlString | FormatReturnTy<F, Exclude<Format, 'urlstring'>>
: never
/**
* A resolved address with its hostnames already populated, plus helpers
* for filtering, formatting, and converting hostnames to URLs.
*
* Filters are chainable and each call returns a new `Filled` narrowed to the
* matching subset of hostnames:
*
* ```ts
* addresses.nonLocal // exclude localhost & link-local
* addresses.public // only publicly-reachable hostnames
* addresses.filter({ kind: 'domain' }) // only domain-name hostnames
* addresses.filter({ visibility: 'private' }) // only LAN-reachable hostnames
* addresses.nonLocal.filter({ kind: 'ip' }) // chainable — non-local IPs only
* ```
*/
export type Filled<F extends Filter = {}> = {
/** The hostnames that survived all applied filters. */
hostnames: HostnameInfo[]
/** Convert a single hostname into a fully-formed URL string, applying the address's scheme, username, and suffix. */
toUrl: (h: HostnameInfo) => UrlString
/**
* Return every hostname in the requested format.
*
* - `'urlstring'` (default) — formatted URL strings
* - `'url'` — `URL` objects
* - `'hostname-info'` — raw `HostnameInfo` objects
*/
format: <Format extends Formats = 'urlstring'>(
format?: Format,
) => FormatReturnTy<{}, Format>[]
/**
* Apply an arbitrary {@link Filter} and return a new `Filled` containing only
* the hostnames that match. Filters compose: calling `.filter()` on an
* already-filtered `Filled` intersects the constraints.
*/
filter: <NewFilter extends Filter>(
filter: NewFilter,
) => Filled<NewFilter & Filter>
/**
* Apply multiple filters and return hostnames that match **any** of them (union / OR).
*
* ```ts
* addresses.matchesAny([{ kind: 'domain' }, { kind: 'mdns' }])
* ```
*/
matchesAny: <NewFilters extends Filter[]>(
filters: [...NewFilters],
) => Filled<NewFilters[number] & F>
/** Shorthand filter that excludes `localhost` and IPv6 link-local addresses — keeps only network-reachable hostnames. */
nonLocal: Filled<typeof nonLocalFilter & Filter>
/** Shorthand filter that keeps only publicly-reachable hostnames (those with `public: true`). */
public: Filled<typeof publicFilter & Filter>
}
export type FilledAddressInfo = AddressInfo & Filled
@@ -210,7 +283,16 @@ function filterRec(
['localhost', '127.0.0.1', '::1'].includes(h.hostname)) ||
(kind.has('link-local') &&
h.metadata.kind === 'ipv6' &&
IPV6_LINK_LOCAL.contains(IpAddress.parse(h.hostname)))),
IPV6_LINK_LOCAL.contains(IpAddress.parse(h.hostname))) ||
(kind.has('plugin') && h.metadata.kind === 'plugin')),
)
}
if (filter.pluginId) {
const id = filter.pluginId
hostnames = hostnames.filter(
(h) =>
invert !==
(h.metadata.kind === 'plugin' && h.metadata.packageId === id),
)
}
@@ -242,6 +324,14 @@ function enabledAddresses(addr: DerivedAddressInfo): HostnameInfo[] {
})
}
/**
* Filters out localhost and IPv6 link-local hostnames from a list.
* Equivalent to the `nonLocal` filter on `Filled` addresses.
*/
export function filterNonLocal(hostnames: HostnameInfo[]): HostnameInfo[] {
return filterRec(hostnames, nonLocalFilter, false)
}
export const filledAddress = (
host: Host,
addressInfo: AddressInfo,
@@ -280,6 +370,19 @@ export const filledAddress = (
filterRec(hostnames, filter, false),
)
},
matchesAny: <NewFilters extends Filter[]>(filters: [...NewFilters]) => {
const seen = new Set<HostnameInfo>()
const union: HostnameInfo[] = []
for (const f of filters) {
for (const h of filterRec(hostnames, f, false)) {
if (!seen.has(h)) {
seen.add(h)
union.push(h)
}
}
}
return filledAddressFromHostnames<NewFilters[number] & F>(union)
},
get nonLocal(): Filled<typeof nonLocalFilter & F> {
return getNonLocal()
},

1
sdk/base/lib/util/index.ts
View File

@@ -8,6 +8,7 @@ export {
GetServiceInterface,
getServiceInterface,
filledAddress,
filterNonLocal,
} from './getServiceInterface'
export { getServiceInterfaces } from './getServiceInterfaces'
export { once } from './once'

100
sdk/package/lib/StartSdk.ts
View File

@@ -141,6 +141,7 @@ export class StartSdk<Manifest extends T.SDKManifest> {
| 'getSystemSmtp'
| 'getOutboundGateway'
| 'getContainerIp'
| 'getStatus'
| 'getDataVersion'
| 'setDataVersion'
| 'getServiceManifest'
@@ -164,7 +165,6 @@ export class StartSdk<Manifest extends T.SDKManifest> {
getSslKey: (effects, ...args) => effects.getSslKey(...args),
shutdown: (effects, ...args) => effects.shutdown(...args),
getDependencies: (effects, ...args) => effects.getDependencies(...args),
getStatus: (effects, ...args) => effects.getStatus(...args),
setHealth: (effects, ...args) => effects.setHealth(...args),
}
@@ -342,6 +342,104 @@ export class StartSdk<Manifest extends T.SDKManifest> {
}
},
/**
* Get the service's current status with reactive subscription support.
*
* Returns an object with multiple read strategies: `const()` for a value
* that retries on change, `once()` for a single read, `watch()` for an async
* generator, `onChange()` for a callback, and `waitFor()` to block until a predicate is met.
*
* @param effects - The effects context
* @param options - Optional filtering options (e.g. `packageId`)
*/
getStatus: (
effects: T.Effects,
options: Omit<Parameters<T.Effects['getStatus']>[0], 'callback'> = {},
) => {
async function* watch(abort?: AbortSignal) {
const resolveCell = { resolve: () => {} }
effects.onLeaveContext(() => {
resolveCell.resolve()
})
abort?.addEventListener('abort', () => resolveCell.resolve())
while (effects.isInContext && !abort?.aborted) {
let callback: () => void = () => {}
const waitForNext = new Promise<void>((resolve) => {
callback = resolve
resolveCell.resolve = resolve
})
yield await effects.getStatus({ ...options, callback })
await waitForNext
}
}
return {
const: () =>
effects.getStatus({
...options,
callback:
effects.constRetry &&
(() => effects.constRetry && effects.constRetry()),
}),
once: () => effects.getStatus(options),
watch: (abort?: AbortSignal) => {
const ctrl = new AbortController()
abort?.addEventListener('abort', () => ctrl.abort())
return DropGenerator.of(watch(ctrl.signal), () => ctrl.abort())
},
onChange: (
callback: (
value: T.StatusInfo | null,
error?: Error,
) => { cancel: boolean } | Promise<{ cancel: boolean }>,
) => {
;(async () => {
const ctrl = new AbortController()
for await (const value of watch(ctrl.signal)) {
try {
const res = await callback(value)
if (res.cancel) {
ctrl.abort()
break
}
} catch (e) {
console.error(
'callback function threw an error @ getStatus.onChange',
e,
)
}
}
})()
.catch((e) => callback(null, e))
.catch((e) =>
console.error(
'callback function threw an error @ getStatus.onChange',
e,
),
)
},
waitFor: async (pred: (value: T.StatusInfo | null) => boolean) => {
const resolveCell = { resolve: () => {} }
effects.onLeaveContext(() => {
resolveCell.resolve()
})
while (effects.isInContext) {
let callback: () => void = () => {}
const waitForNext = new Promise<void>((resolve) => {
callback = resolve
resolveCell.resolve = resolve
})
const res = await effects.getStatus({ ...options, callback })
if (pred(res)) {
resolveCell.resolve()
return res
}
await waitForNext
}
return null
},
}
},
MultiHost: {
/**
* Create a new MultiHost instance for binding ports and exporting interfaces.

4
sdk/package/package-lock.json generated
View File

@@ -1,12 +1,12 @@
{
"name": "@start9labs/start-sdk",
"version": "0.4.0-beta.55",
"version": "0.4.0-beta.58",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@start9labs/start-sdk",
"version": "0.4.0-beta.55",
"version": "0.4.0-beta.58",
"license": "MIT",
"dependencies": {
"@iarna/toml": "^3.0.0",

2
sdk/package/package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@start9labs/start-sdk",
"version": "0.4.0-beta.55",
"version": "0.4.0-beta.58",
"description": "Software development kit to facilitate packaging services for StartOS",
"main": "./package/lib/index.js",
"types": "./package/lib/index.d.ts",

2498
web/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

53
web/package.json
View File

@@ -33,34 +33,33 @@
"format:check": "prettier --check projects/"
},
"dependencies": {
"@angular/animations": "^20.3.0",
"@angular/cdk": "^20.1.0",
"@angular/common": "^20.3.0",
"@angular/compiler": "^20.3.0",
"@angular/core": "^20.3.0",
"@angular/forms": "^20.3.0",
"@angular/platform-browser": "^20.3.0",
"@angular/platform-browser-dynamic": "^20.1.0",
"@angular/pwa": "^20.3.0",
"@angular/router": "^20.3.0",
"@angular/service-worker": "^20.3.0",
"@angular/animations": "^21.2.1",
"@angular/cdk": "^21.2.1",
"@angular/common": "^21.2.1",
"@angular/compiler": "^21.2.1",
"@angular/core": "^21.2.1",
"@angular/forms": "^21.2.1",
"@angular/platform-browser": "^21.2.1",
"@angular/pwa": "^21.2.1",
"@angular/router": "^21.2.1",
"@angular/service-worker": "^21.2.1",
"@materia-ui/ngx-monaco-editor": "^6.0.0",
"@noble/curves": "^1.4.0",
"@noble/hashes": "^1.4.0",
"@start9labs/argon2": "^0.3.0",
"@start9labs/start-sdk": "file:../sdk/baseDist",
"@taiga-ui/addon-charts": "4.66.0",
"@taiga-ui/addon-commerce": "4.66.0",
"@taiga-ui/addon-mobile": "4.66.0",
"@taiga-ui/addon-table": "4.66.0",
"@taiga-ui/cdk": "4.66.0",
"@taiga-ui/core": "4.66.0",
"@taiga-ui/addon-charts": "4.73.0",
"@taiga-ui/addon-commerce": "4.73.0",
"@taiga-ui/addon-mobile": "4.73.0",
"@taiga-ui/addon-table": "4.73.0",
"@taiga-ui/cdk": "4.73.0",
"@taiga-ui/core": "4.73.0",
"@taiga-ui/dompurify": "4.1.11",
"@taiga-ui/event-plugins": "4.7.0",
"@taiga-ui/experimental": "4.66.0",
"@taiga-ui/icons": "4.66.0",
"@taiga-ui/kit": "4.66.0",
"@taiga-ui/layout": "4.66.0",
"@taiga-ui/experimental": "4.73.0",
"@taiga-ui/icons": "4.73.0",
"@taiga-ui/kit": "4.73.0",
"@taiga-ui/layout": "4.73.0",
"@taiga-ui/polymorpheus": "4.9.0",
"ansi-to-html": "^0.7.2",
"base64-js": "^1.5.1",
@@ -80,7 +79,7 @@
"mime": "^4.0.3",
"monaco-editor": "^0.33.0",
"mustache": "^4.2.0",
"ng-qrcode": "^20.0.0",
"ng-qrcode": "^21.0.0",
"node-jose": "^2.2.0",
"patch-db-client": "file:../patch-db/client",
"pbkdf2": "^3.1.2",
@@ -92,10 +91,10 @@
},
"devDependencies": {
"@angular-experts/hawkeye": "^1.7.2",
"@angular/build": "^20.1.0",
"@angular/cli": "^20.1.0",
"@angular/compiler-cli": "^20.1.0",
"@angular/language-service": "^20.1.0",
"@angular/build": "^21.2.1",
"@angular/cli": "^21.2.1",
"@angular/compiler-cli": "^21.2.1",
"@angular/language-service": "^21.2.1",
"@types/dompurify": "3.0.5",
"@types/estree": "^0.0.51",
"@types/js-yaml": "^4.0.5",
@@ -107,7 +106,7 @@
"@types/uuid": "^8.3.1",
"husky": "^4.3.8",
"lint-staged": "^13.2.0",
"ng-packagr": "^20.1.0",
"ng-packagr": "^21.2.0",
"node-html-parser": "^5.3.3",
"postcss": "^8.4.21",
"prettier": "^3.5.3",

42
web/projects/marketplace/src/components/menu/menu.component.module.ts
View File

@@ -1,42 +0,0 @@
import { CommonModule } from '@angular/common'
import { NgModule } from '@angular/core'
import {
DocsLinkDirective,
i18nPipe,
SharedPipesModule,
} from '@start9labs/shared'
import {
TuiAppearance,
TuiButton,
TuiIcon,
TuiLoader,
TuiPopup,
} from '@taiga-ui/core'
import { TuiDrawer, TuiSkeleton } from '@taiga-ui/kit'
import { CategoriesModule } from '../../pages/list/categories/categories.module'
import { SearchModule } from '../../pages/list/search/search.module'
import { StoreIconComponentModule } from '../store-icon/store-icon.component.module'
import { MenuComponent } from './menu.component'
@NgModule({
imports: [
CommonModule,
SharedPipesModule,
SearchModule,
CategoriesModule,
TuiLoader,
TuiButton,
CategoriesModule,
StoreIconComponentModule,
TuiAppearance,
TuiIcon,
TuiSkeleton,
TuiDrawer,
TuiPopup,
i18nPipe,
DocsLinkDirective,
],
declarations: [MenuComponent],
exports: [MenuComponent],
})
export class MenuModule {}

22
web/projects/marketplace/src/components/menu/menu.component.ts
View File

@@ -1,3 +1,4 @@
import { CommonModule } from '@angular/common'
import {
ChangeDetectionStrategy,
Component,
@@ -6,16 +7,35 @@ import {
OnDestroy,
signal,
} from '@angular/core'
import { DocsLinkDirective, i18nPipe } from '@start9labs/shared'
import { TuiAppearance, TuiButton, TuiIcon, TuiPopup } from '@taiga-ui/core'
import { TuiDrawer, TuiSkeleton } from '@taiga-ui/kit'
import { Subject, takeUntil } from 'rxjs'
import { CategoriesComponent } from '../../pages/list/categories/categories.component'
import { SearchComponent } from '../../pages/list/search/search.component'
import { AbstractCategoryService } from '../../services/category.service'
import { StoreDataWithUrl } from '../../types'
import { StoreIconComponent } from '../store-icon.component'
@Component({
selector: 'menu',
templateUrl: './menu.component.html',
styleUrls: ['./menu.component.scss'],
imports: [
CommonModule,
SearchComponent,
CategoriesComponent,
TuiButton,
StoreIconComponent,
TuiAppearance,
TuiIcon,
TuiSkeleton,
TuiDrawer,
TuiPopup,
i18nPipe,
DocsLinkDirective,
],
changeDetection: ChangeDetectionStrategy.OnPush,
standalone: false,
})
export class MenuComponent implements OnDestroy {
@Input({ required: true })

4
web/projects/marketplace/src/components/registry.component.ts
View File

@@ -1,6 +1,6 @@
import { ChangeDetectionStrategy, Component, Input } from '@angular/core'
import { TuiIcon, TuiTitle } from '@taiga-ui/core'
import { StoreIconComponentModule } from './store-icon/store-icon.component.module'
import { StoreIconComponent } from './store-icon.component'
@Component({
selector: '[registry]',
@@ -17,7 +17,7 @@ import { StoreIconComponentModule } from './store-icon/store-icon.component.modu
}
`,
changeDetection: ChangeDetectionStrategy.OnPush,
imports: [StoreIconComponentModule, TuiIcon, TuiTitle],
imports: [StoreIconComponent, TuiIcon, TuiTitle],
})
export class MarketplaceRegistryComponent {
@Input()

1
web/projects/marketplace/src/components/store-icon/store-icon.component.ts → web/projects/marketplace/src/components/store-icon.component.ts
View File

@@ -21,7 +21,6 @@ import { knownRegistries, sameUrl } from '@start9labs/shared'
`,
styles: ':host { overflow: hidden; }',
changeDetection: ChangeDetectionStrategy.OnPush,
standalone: false,
})
export class StoreIconComponent {
@Input()

10
web/projects/marketplace/src/components/store-icon/store-icon.component.module.ts
View File

@@ -1,10 +0,0 @@
import { NgModule } from '@angular/core'
import { CommonModule } from '@angular/common'
import { StoreIconComponent } from './store-icon.component'
@NgModule({
declarations: [StoreIconComponent],
imports: [CommonModule],
exports: [StoreIconComponent],
})
export class StoreIconComponentModule {}

14
web/projects/marketplace/src/pages/list/categories/categories.component.ts
View File

@@ -1,3 +1,4 @@
import { CommonModule } from '@angular/common'
import {
ChangeDetectionStrategy,
Component,
@@ -5,7 +6,11 @@ import {
Input,
Output,
} from '@angular/core'
import { RouterModule } from '@angular/router'
import { LocalizePipe } from '@start9labs/shared'
import { T } from '@start9labs/start-sdk'
import { TuiAppearance, TuiIcon } from '@taiga-ui/core'
import { TuiSkeleton } from '@taiga-ui/kit'
const ICONS: Record<string, string> = {
all: '@tui.layout-grid',
@@ -26,8 +31,15 @@ const ICONS: Record<string, string> = {
selector: 'marketplace-categories',
templateUrl: 'categories.component.html',
styleUrls: ['categories.component.scss'],
imports: [
RouterModule,
CommonModule,
TuiAppearance,
TuiIcon,
TuiSkeleton,
LocalizePipe,
],
changeDetection: ChangeDetectionStrategy.OnPush,
standalone: false,
})
export class CategoriesComponent {
@Input()

15
web/projects/marketplace/src/pages/list/categories/categories.module.ts
View File

@@ -1,15 +0,0 @@
import { TuiIcon, TuiAppearance } from '@taiga-ui/core'
import { CommonModule } from '@angular/common'
import { NgModule } from '@angular/core'
import { TuiSkeleton } from '@taiga-ui/kit'
import { LocalizePipe } from '@start9labs/shared'
import { CategoriesComponent } from './categories.component'
import { RouterModule } from '@angular/router'
@NgModule({
imports: [RouterModule, CommonModule, TuiAppearance, TuiIcon, TuiSkeleton, LocalizePipe],
declarations: [CategoriesComponent],
exports: [CategoriesComponent],
})
export class CategoriesModule {}

5
web/projects/marketplace/src/pages/list/item/item.component.ts
View File

@@ -1,12 +1,15 @@
import { CommonModule } from '@angular/common'
import { ChangeDetectionStrategy, Component, Input } from '@angular/core'
import { RouterModule } from '@angular/router'
import { LocalizePipe, TickerComponent } from '@start9labs/shared'
import { MarketplacePkg } from '../../../types'
@Component({
selector: 'marketplace-item',
templateUrl: 'item.component.html',
styleUrls: ['item.component.scss'],
imports: [CommonModule, RouterModule, TickerComponent, LocalizePipe],
changeDetection: ChangeDetectionStrategy.OnPush,
standalone: false,
})
export class ItemComponent {
@Input({ required: true })

12
web/projects/marketplace/src/pages/list/item/item.module.ts
View File

@@ -1,12 +0,0 @@
import { CommonModule } from '@angular/common'
import { NgModule } from '@angular/core'
import { RouterModule } from '@angular/router'
import { LocalizePipe, SharedPipesModule, TickerComponent } from '@start9labs/shared'
import { ItemComponent } from './item.component'
@NgModule({
declarations: [ItemComponent],
exports: [ItemComponent],
imports: [CommonModule, RouterModule, SharedPipesModule, TickerComponent, LocalizePipe],
})
export class ItemModule {}

5
web/projects/marketplace/src/pages/list/search/search.component.ts
View File

@@ -1,3 +1,4 @@
import { CommonModule } from '@angular/common'
import {
ChangeDetectionStrategy,
Component,
@@ -5,13 +6,15 @@ import {
Input,
Output,
} from '@angular/core'
import { FormsModule } from '@angular/forms'
import { TuiIcon } from '@taiga-ui/core'
@Component({
selector: 'marketplace-search',
templateUrl: 'search.component.html',
styleUrls: ['search.component.scss'],
imports: [FormsModule, CommonModule, TuiIcon],
changeDetection: ChangeDetectionStrategy.OnPush,
standalone: false,
})
export class SearchComponent {
@Input()

12
web/projects/marketplace/src/pages/list/search/search.module.ts
View File

@@ -1,12 +0,0 @@
import { CommonModule } from '@angular/common'
import { NgModule } from '@angular/core'
import { FormsModule } from '@angular/forms'
import { TuiIcon } from '@taiga-ui/core'
import { SearchComponent } from './search.component'
@NgModule({
imports: [FormsModule, CommonModule, TuiIcon],
declarations: [SearchComponent],
exports: [SearchComponent],
})
export class SearchModule {}

19
web/projects/marketplace/src/pages/show/dependencies/dependency-item.component.ts
View File

@@ -1,7 +1,12 @@
import { KeyValue } from '@angular/common'
import { ChangeDetectionStrategy, Component, inject, Input } from '@angular/core'
import {
ChangeDetectionStrategy,
Component,
inject,
Input,
} from '@angular/core'
import { RouterModule } from '@angular/router'
import { ExverPipesModule, i18nPipe, i18nService } from '@start9labs/shared'
import { i18nPipe, i18nService } from '@start9labs/shared'
import { T } from '@start9labs/start-sdk'
import { TuiAvatar, TuiLineClamp } from '@taiga-ui/kit'
import { MarketplacePkgBase } from '../../../types'
@@ -20,9 +25,7 @@ import { MarketplacePkgBase } from '../../../types'
<tui-line-clamp [linesLimit]="2" [content]="titleContent" />
<ng-template #titleContent>
<div class="title">
<span>
{{ getTitle(dep.key) }}
</span>
<span>{{ getTitle(dep.key) }}</span>
<p>
@if (dep.value.optional) {
<span>({{ 'Optional' | i18n }})</span>
@@ -37,9 +40,7 @@ import { MarketplacePkgBase } from '../../../types'
[content]="descContent"
class="description"
/>
<ng-template #descContent>
{{ dep.value.description }}
</ng-template>
<ng-template #descContent>{{ dep.value.description }}</ng-template>
</div>
</div>
`,
@@ -94,7 +95,7 @@ import { MarketplacePkgBase } from '../../../types'
}
`,
changeDetection: ChangeDetectionStrategy.OnPush,
imports: [RouterModule, TuiAvatar, ExverPipesModule, TuiLineClamp, i18nPipe],
imports: [RouterModule, TuiAvatar, TuiLineClamp, i18nPipe],
})
export class MarketplaceDepItemComponent {
private readonly i18nService = inject(i18nService)

11
web/projects/marketplace/src/pages/show/flavors.component.ts
View File

@@ -1,6 +1,6 @@
import { ChangeDetectionStrategy, Component, Input } from '@angular/core'
import { RouterLink } from '@angular/router'
import { i18nPipe, SharedPipesModule } from '@start9labs/shared'
import { i18nPipe, TrustUrlPipe } from '@start9labs/shared'
import { TuiTitle } from '@taiga-ui/core'
import { TuiAvatar } from '@taiga-ui/kit'
import { TuiCell } from '@taiga-ui/layout'
@@ -47,14 +47,7 @@ import { MarketplacePkg } from '../../types'
}
`,
changeDetection: ChangeDetectionStrategy.OnPush,
imports: [
RouterLink,
TuiCell,
TuiTitle,
SharedPipesModule,
TuiAvatar,
i18nPipe,
],
imports: [RouterLink, TuiCell, TuiTitle, TrustUrlPipe, TuiAvatar, i18nPipe],
})
export class MarketplaceFlavorsComponent {
@Input()

4
web/projects/marketplace/src/pages/show/hero.component.ts
View File

@@ -1,5 +1,5 @@
import { ChangeDetectionStrategy, Component, Input } from '@angular/core'
import { SharedPipesModule, TickerComponent } from '@start9labs/shared'
import { TickerComponent } from '@start9labs/shared'
import { T } from '@start9labs/start-sdk'
@Component({
@@ -118,7 +118,7 @@ import { T } from '@start9labs/start-sdk'
}
`,
changeDetection: ChangeDetectionStrategy.OnPush,
imports: [SharedPipesModule, TickerComponent],
imports: [TickerComponent],
})
export class MarketplacePackageHeroComponent {
@Input({ required: true })

3
web/projects/marketplace/src/pages/show/versions.component.ts
View File

@@ -7,7 +7,7 @@ import {
TemplateRef,
} from '@angular/core'
import { FormsModule } from '@angular/forms'
import { DialogService, i18nPipe, SharedPipesModule } from '@start9labs/shared'
import { DialogService, i18nPipe } from '@start9labs/shared'
import { TuiButton, TuiDialogContext } from '@taiga-ui/core'
import { TuiRadioList } from '@taiga-ui/kit'
import { filter } from 'rxjs'
@@ -76,7 +76,6 @@ import { MarketplaceItemComponent } from './item.component'
imports: [
MarketplaceItemComponent,
TuiButton,
SharedPipesModule,
FormsModule,
TuiRadioList,
i18nPipe,

7
web/projects/marketplace/src/pipes/filter-packages.pipe.ts
View File

@@ -4,7 +4,6 @@ import Fuse from 'fuse.js'
@Pipe({
name: 'filterPackages',
standalone: false,
})
export class FilterPackagesPipe implements PipeTransform {
transform(
@@ -79,9 +78,3 @@ export class FilterPackagesPipe implements PipeTransform {
.map(a => ({ ...a }))
}
}
@NgModule({
declarations: [FilterPackagesPipe],
exports: [FilterPackagesPipe],
})
export class FilterPackagesPipeModule {}

8
web/projects/marketplace/src/public-api.ts
View File

@@ -3,11 +3,8 @@
*/
export * from './pages/list/categories/categories.component'
export * from './pages/list/categories/categories.module'
export * from './pages/list/item/item.component'
export * from './pages/list/item/item.module'
export * from './pages/list/search/search.component'
export * from './pages/list/search/search.module'
export * from './pages/show/link.component'
export * from './pages/show/item.component'
export * from './pages/show/links.component'
@@ -22,10 +19,7 @@ export * from './pages/show/release-notes.component'
export * from './pipes/filter-packages.pipe'
export * from './components/store-icon/store-icon.component'
export * from './components/store-icon/store-icon.component.module'
export * from './components/store-icon/store-icon.component'
export * from './components/menu/menu.component.module'
export * from './components/store-icon.component'
export * from './components/menu/menu.component'
export * from './components/registry.component'

10
web/projects/setup-wizard/src/app/app.component.ts
View File

@@ -1,15 +1,17 @@
import { Component, inject, DOCUMENT } from '@angular/core'
import { Router } from '@angular/router'
import { Component, DOCUMENT, inject, OnInit } from '@angular/core'
import { Router, RouterOutlet } from '@angular/router'
import { ErrorService } from '@start9labs/shared'
import { TuiRoot } from '@taiga-ui/core'
import { ApiService } from './services/api.service'
import { StateService } from './services/state.service'
@Component({
selector: 'app-root',
template: '<tui-root tuiTheme="dark"><router-outlet /></tui-root>',
standalone: false,
imports: [TuiRoot, RouterOutlet],
})
export class AppComponent {
export class AppComponent implements OnInit {
private readonly api = inject(ApiService)
private readonly errorService = inject(ErrorService)
private readonly router = inject(Router)

53
web/projects/setup-wizard/src/app/app.module.ts → web/projects/setup-wizard/src/app/app.config.ts
View File

@@ -3,9 +3,20 @@ import {
withFetch,
withInterceptorsFromDi,
} from '@angular/common/http'
import { inject, NgModule, provideAppInitializer } from '@angular/core'
import { BrowserAnimationsModule } from '@angular/platform-browser/animations'
import { PreloadAllModules, RouterModule } from '@angular/router'
import {
ApplicationConfig,
inject,
provideAppInitializer,
provideZoneChangeDetection,
signal,
} from '@angular/core'
import { provideAnimations } from '@angular/platform-browser/animations'
import {
PreloadAllModules,
provideRouter,
withDisabledInitialNavigation,
withPreloading,
} from '@angular/router'
import { WA_LOCATION } from '@ng-web-apis/common'
import initArgon from '@start9labs/argon2'
import {
@@ -15,13 +26,16 @@ import {
VERSION,
WorkspaceConfig,
} from '@start9labs/shared'
import { tuiButtonOptionsProvider, TuiRoot } from '@taiga-ui/core'
import { NG_EVENT_PLUGINS } from '@taiga-ui/event-plugins'
import {
tuiButtonOptionsProvider,
tuiTextfieldOptionsProvider,
} from '@taiga-ui/core'
import { provideEventPlugins } from '@taiga-ui/event-plugins'
import { ROUTES } from './app.routes'
import { ApiService } from './services/api.service'
import { LiveApiService } from './services/live-api.service'
import { MockApiService } from './services/mock-api.service'
import { AppComponent } from './app.component'
import { ROUTES } from './app.routes'
const {
useMocks,
@@ -30,18 +44,16 @@ const {
const version = require('../../../../package.json').version
@NgModule({
declarations: [AppComponent],
imports: [
BrowserAnimationsModule,
RouterModule.forRoot(ROUTES, {
preloadingStrategy: PreloadAllModules,
initialNavigation: 'disabled',
}),
TuiRoot,
],
export const APP_CONFIG: ApplicationConfig = {
providers: [
NG_EVENT_PLUGINS,
provideZoneChangeDetection(),
provideAnimations(),
provideEventPlugins(),
provideRouter(
ROUTES,
withDisabledInitialNavigation(),
withPreloading(PreloadAllModules),
),
I18N_PROVIDERS,
provideSetupLogsService(ApiService),
tuiButtonOptionsProvider({ size: 'm' }),
@@ -64,7 +76,6 @@ const version = require('../../../../package.json').version
initArgon({ module_or_path })
}),
tuiTextfieldOptionsProvider({ cleaner: signal(false) }),
],
bootstrap: [AppComponent],
})
export class AppModule {}
}

1
web/projects/setup-wizard/src/app/components/preserve-overwrite.dialog.ts
View File

@@ -5,7 +5,6 @@ import { TuiDialogContext } from '@taiga-ui/core'
import { injectContext } from '@taiga-ui/polymorpheus'
@Component({
standalone: true,
imports: [TuiButton, i18nPipe],
template: `
<p>{{ 'This drive contains existing StartOS data.' | i18n }}</p>

1
web/projects/setup-wizard/src/app/components/remove-media.dialog.ts
View File

@@ -4,7 +4,6 @@ import { TuiButton, TuiDialogContext } from '@taiga-ui/core'
import { injectContext } from '@taiga-ui/polymorpheus'
@Component({
standalone: true,
imports: [TuiButton, i18nPipe],
template: `
<div class="animation-container">

1
web/projects/setup-wizard/src/app/components/select-network-backup.dialog.ts
View File

@@ -11,7 +11,6 @@ interface Data {
}
@Component({
standalone: true,
imports: [FormsModule, TuiTextfield, TuiSelect, TuiDataListWrapper, i18nPipe],
template: `
<p>{{ 'Multiple backups found. Select which one to restore.' | i18n }}</p>

1
web/projects/setup-wizard/src/app/components/unlock-password.dialog.ts
View File

@@ -11,7 +11,6 @@ import { TuiPassword } from '@taiga-ui/kit'
import { injectContext } from '@taiga-ui/polymorpheus'
@Component({
standalone: true,
imports: [
FormsModule,
TuiButton,

246
web/projects/setup-wizard/src/app/pages/drives.page.ts
View File

@@ -34,110 +34,121 @@ import { PreserveOverwriteDialog } from '../components/preserve-overwrite.dialog
@Component({
template: `
@if (!shuttingDown) {
<section tuiCardLarge="compact">
<header tuiHeader>
<h2 tuiTitle>{{ 'Select Drives' | i18n }}</h2>
</header>
<section tuiCardLarge="compact">
<header tuiHeader>
<h2 tuiTitle>{{ 'Select Drives' | i18n }}</h2>
</header>
@if (loading) {
<tui-loader />
} @else if (drives.length === 0) {
<p class="no-drives">
{{
'No drives found. Please connect a drive and click Refresh.' | i18n
}}
</p>
} @else {
<tui-textfield [stringify]="stringify">
<label tuiLabel>{{ 'OS Drive' | i18n }}</label>
@if (mobile) {
<select
tuiSelect
[(ngModel)]="selectedOsDrive"
[items]="drives"
></select>
} @else {
<input tuiSelect [(ngModel)]="selectedOsDrive" />
}
@if (!mobile) {
<tui-data-list-wrapper
new
*tuiTextfieldDropdown
[items]="drives"
[itemContent]="driveContent"
/>
}
<tui-icon [tuiTooltip]="osDriveTooltip" />
</tui-textfield>
<tui-textfield [stringify]="stringify">
<label tuiLabel>{{ 'Data Drive' | i18n }}</label>
@if (mobile) {
<select
tuiSelect
[(ngModel)]="selectedDataDrive"
(ngModelChange)="onDataDriveChange($event)"
[items]="drives"
></select>
} @else {
<input
tuiSelect
[(ngModel)]="selectedDataDrive"
(ngModelChange)="onDataDriveChange($event)"
/>
}
@if (!mobile) {
<tui-data-list-wrapper
new
*tuiTextfieldDropdown
[items]="drives"
[itemContent]="driveContent"
/>
}
@if (preserveData === true) {
<tui-icon
icon="@tui.database"
style="color: var(--tui-status-positive); pointer-events: none"
/>
}
@if (preserveData === false) {
<tui-icon
icon="@tui.database-zap"
style="color: var(--tui-status-negative); pointer-events: none"
/>
}
<tui-icon [tuiTooltip]="dataDriveTooltip" />
</tui-textfield>
<ng-template #driveContent let-drive>
<div class="drive-item">
<span class="drive-name">
{{ drive.vendor || ('Unknown' | i18n) }}
{{ drive.model || ('Drive' | i18n) }}
</span>
<small>
{{ formatCapacity(drive.capacity) }} · {{ drive.logicalname }}
</small>
</div>
</ng-template>
}
<footer>
@if (drives.length === 0) {
<button tuiButton appearance="secondary" (click)="refresh()">
{{ 'Refresh' | i18n }}
</button>
@if (loading) {
<tui-loader />
} @else if (drives.length === 0) {
<p class="no-drives">
{{
'No drives found. Please connect a drive and click Refresh.'
| i18n
}}
</p>
} @else {
<button
tuiButton
[disabled]="!selectedOsDrive || !selectedDataDrive"
(click)="continue()"
<tui-textfield
[stringify]="stringify"
[disabledItemHandler]="osDisabled"
>
{{ 'Continue' | i18n }}
</button>
<label tuiLabel>{{ 'OS Drive' | i18n }}</label>
@if (mobile) {
<select
tuiSelect
[ngModel]="selectedOsDrive"
(ngModelChange)="onOsDriveChange($event)"
[items]="drives"
></select>
} @else {
<input
tuiSelect
[ngModel]="selectedOsDrive"
(ngModelChange)="onOsDriveChange($event)"
/>
}
@if (!mobile) {
<tui-data-list-wrapper
new
*tuiTextfieldDropdown
[items]="drives"
[itemContent]="driveContent"
/>
}
<tui-icon [tuiTooltip]="osDriveTooltip" />
</tui-textfield>
<tui-textfield
[stringify]="stringify"
[disabledItemHandler]="dataDisabled"
>
<label tuiLabel>{{ 'Data Drive' | i18n }}</label>
@if (mobile) {
<select
tuiSelect
[(ngModel)]="selectedDataDrive"
(ngModelChange)="onDataDriveChange($event)"
[items]="drives"
></select>
} @else {
<input
tuiSelect
[(ngModel)]="selectedDataDrive"
(ngModelChange)="onDataDriveChange($event)"
/>
}
@if (!mobile) {
<tui-data-list-wrapper
new
*tuiTextfieldDropdown
[items]="drives"
[itemContent]="driveContent"
/>
}
@if (preserveData === true) {
<tui-icon
icon="@tui.database"
style="color: var(--tui-status-positive); pointer-events: none"
/>
}
@if (preserveData === false) {
<tui-icon
icon="@tui.database-zap"
style="color: var(--tui-status-negative); pointer-events: none"
/>
}
<tui-icon [tuiTooltip]="dataDriveTooltip" />
</tui-textfield>
<ng-template #driveContent let-drive>
<div class="drive-item">
<span class="drive-name">
{{ driveName(drive) }}
</span>
<small>
{{ formatCapacity(drive.capacity) }} · {{ drive.logicalname }}
</small>
</div>
</ng-template>
}
</footer>
</section>
<footer>
@if (drives.length === 0) {
<button tuiButton appearance="secondary" (click)="refresh()">
{{ 'Refresh' | i18n }}
</button>
} @else {
<button
tuiButton
[disabled]="!selectedOsDrive || !selectedDataDrive"
(click)="continue()"
>
{{ 'Continue' | i18n }}
</button>
}
</footer>
</section>
}
`,
styles: `
@@ -198,6 +209,10 @@ export default class DrivesPage {
'The drive where your StartOS data (services, settings, etc.) will be stored. This can be the same as the OS drive or a separate drive.',
)
private readonly MIN_OS = 18 * 2 ** 30 // 18 GiB
private readonly MIN_DATA = 20 * 2 ** 30 // 20 GiB
private readonly MIN_BOTH = 38 * 2 ** 30 // 38 GiB
drives: DiskInfo[] = []
loading = true
shuttingDown = false
@@ -206,10 +221,17 @@ export default class DrivesPage {
selectedDataDrive: DiskInfo | null = null
preserveData: boolean | null = null
readonly osDisabled = (drive: DiskInfo): boolean =>
drive.capacity < this.MIN_OS
dataDisabled = (drive: DiskInfo): boolean => drive.capacity < this.MIN_DATA
readonly driveName = (drive: DiskInfo): string =>
[drive.vendor, drive.model].filter(Boolean).join(' ') ||
this.i18n.transform('Unknown Drive')
readonly stringify = (drive: DiskInfo | null) =>
drive
? `${drive.vendor || this.i18n.transform('Unknown')} ${drive.model || this.i18n.transform('Drive')}`
: ''
drive ? this.driveName(drive) : ''
formatCapacity(bytes: number): string {
const gb = bytes / 1e9
@@ -231,6 +253,22 @@ export default class DrivesPage {
await this.loadDrives()
}
onOsDriveChange(osDrive: DiskInfo | null) {
this.selectedOsDrive = osDrive
this.dataDisabled = (drive: DiskInfo) => {
if (osDrive && drive.logicalname === osDrive.logicalname) {
return drive.capacity < this.MIN_BOTH
}
return drive.capacity < this.MIN_DATA
}
// Clear data drive if it's now invalid
if (this.selectedDataDrive && this.dataDisabled(this.selectedDataDrive)) {
this.selectedDataDrive = null
this.preserveData = null
}
}
onDataDriveChange(drive: DiskInfo | null) {
this.preserveData = null
@@ -400,7 +438,7 @@ export default class DrivesPage {
private async loadDrives() {
try {
this.drives = await this.api.getDisks()
this.drives = (await this.api.getDisks()).filter(d => d.capacity > 0)
} catch (e: any) {
this.errorService.handleError(e)
} finally {

17
web/projects/setup-wizard/src/app/pages/keyboard.page.ts
View File

@@ -1,5 +1,4 @@
import { Component, inject, signal } from '@angular/core'
import { Router } from '@angular/router'
import { FormsModule } from '@angular/forms'
import {
getAllKeyboardsSorted,
@@ -72,7 +71,6 @@ import { StateService } from '../services/state.service'
],
})
export default class KeyboardPage {
private readonly router = inject(Router)
private readonly api = inject(ApiService)
private readonly stateService = inject(StateService)
@@ -103,22 +101,9 @@ export default class KeyboardPage {
})
this.stateService.keyboard = this.selected.layout
await this.navigateToNextStep()
await this.stateService.navigateAfterLocale()
} finally {
this.saving.set(false)
}
}
private async navigateToNextStep() {
if (this.stateService.dataDriveGuid) {
if (this.stateService.attach) {
this.stateService.setupType = 'attach'
await this.router.navigate(['/password'])
} else {
await this.router.navigate(['/home'])
}
} else {
await this.router.navigate(['/drives'])
}
}
}

8
web/projects/setup-wizard/src/app/pages/language.page.ts
View File

@@ -141,8 +141,12 @@ export default class LanguagePage {
try {
await this.api.setLanguage({ language: this.selected.name })
// Always go to keyboard selection
await this.router.navigate(['/keyboard'])
if (this.stateService.kiosk) {
await this.router.navigate(['/keyboard'])
} else {
await this.stateService.navigateAfterLocale()
}
} finally {
this.saving.set(false)
}

2
web/projects/setup-wizard/src/app/pages/success.page.ts
View File

@@ -286,7 +286,7 @@ export default class SuccessPage implements AfterViewInit {
while (attempts < maxAttempts) {
try {
await this.api.echo({ message: 'ping' }, this.lanAddress)
await this.api.echo({ message: 'ping' }, `${this.lanAddress}/rpc/v1`)
return
} catch {
await new Promise(resolve => setTimeout(resolve, 5000))

113
web/projects/setup-wizard/src/app/services/mock-api.service.ts
View File

@@ -191,7 +191,118 @@ export class MockApiService extends ApiService {
}
}
const GiB = 2 ** 30
const MOCK_DISKS: DiskInfo[] = [
// 0 capacity - should be hidden entirely
{
logicalname: '/dev/sdd',
vendor: 'Generic',
model: 'Card Reader',
partitions: [],
capacity: 0,
guid: null,
},
// 10 GiB - too small for OS and data; also tests both vendor+model null
{
logicalname: '/dev/sde',
vendor: null,
model: null,
partitions: [
{
logicalname: '/dev/sde1',
label: null,
capacity: 10 * GiB,
used: null,
startOs: {},
guid: null,
},
],
capacity: 10 * GiB,
guid: null,
},
// 18 GiB - exact OS boundary; tests vendor null with model present
{
logicalname: '/dev/sdf',
vendor: null,
model: 'SATA Flash Drive',
partitions: [
{
logicalname: '/dev/sdf1',
label: null,
capacity: 18 * GiB,
used: null,
startOs: {},
guid: null,
},
],
capacity: 18 * GiB,
guid: null,
},
// 20 GiB - exact data boundary; tests vendor present with model null
{
logicalname: '/dev/sdg',
vendor: 'PNY',
model: null,
partitions: [
{
logicalname: '/dev/sdg1',
label: null,
capacity: 20 * GiB,
used: null,
startOs: {},
guid: null,
},
],
capacity: 20 * GiB,
guid: null,
},
// 30 GiB - OK for OS or data alone, too small for both (< 38 GiB)
{
logicalname: '/dev/sdh',
vendor: 'SanDisk',
model: 'Ultra',
partitions: [
{
logicalname: '/dev/sdh1',
label: null,
capacity: 30 * GiB,
used: null,
startOs: {},
guid: null,
},
],
capacity: 30 * GiB,
guid: null,
},
// 30 GiB with existing StartOS data - tests preserve/overwrite + capacity constraint
{
logicalname: '/dev/sdi',
vendor: 'Kingston',
model: 'A400',
partitions: [
{
logicalname: '/dev/sdi1',
label: null,
capacity: 30 * GiB,
used: null,
startOs: {
'small-server-id': {
hostname: 'small-server',
version: '0.3.6',
timestamp: new Date().toISOString(),
passwordHash:
'$argon2d$v=19$m=1024,t=1,p=1$YXNkZmFzZGZhc2RmYXNkZg$Ceev1I901G6UwU+hY0sHrFZ56D+o+LNJ',
wrappedKey: null,
},
},
guid: 'small-existing-guid',
},
],
capacity: 30 * GiB,
guid: 'small-existing-guid',
},
// 500 GB - large, always OK
{
logicalname: '/dev/sda',
vendor: 'Samsung',
@@ -209,6 +320,7 @@ const MOCK_DISKS: DiskInfo[] = [
capacity: 500000000000,
guid: null,
},
// 1 TB with existing StartOS data
{
logicalname: '/dev/sdb',
vendor: 'Crucial',
@@ -235,6 +347,7 @@ const MOCK_DISKS: DiskInfo[] = [
capacity: 1000000000000,
guid: 'existing-guid',
},
// 2 TB
{
logicalname: '/dev/sdc',
vendor: 'WD',

19
web/projects/setup-wizard/src/app/services/state.service.ts
View File

@@ -1,4 +1,5 @@
import { inject, Injectable } from '@angular/core'
import { Router } from '@angular/router'
import { T } from '@start9labs/start-sdk'
import { ApiService } from './api.service'
@@ -29,6 +30,7 @@ export type RecoverySource =
})
export class StateService {
private readonly api = inject(ApiService)
private readonly router = inject(Router)
// Determined at app init
kiosk = false
@@ -45,6 +47,23 @@ export class StateService {
setupType?: SetupType
recoverySource?: RecoverySource
/**
* Navigate to the appropriate step after language/keyboard selection.
* Keyboard selection is only needed in kiosk mode.
*/
async navigateAfterLocale(): Promise<void> {
if (this.dataDriveGuid) {
if (this.attach) {
this.setupType = 'attach'
await this.router.navigate(['/password'])
} else {
await this.router.navigate(['/home'])
}
} else {
await this.router.navigate(['/drives'])
}
}
/**
* Called for attach flow (existing data drive)
*/

12
web/projects/setup-wizard/src/main.ts
View File

@@ -1,13 +1,11 @@
import { enableProdMode } from '@angular/core'
import { platformBrowserDynamic } from '@angular/platform-browser-dynamic'
import { AppModule } from './app/app.module'
import { environment } from './environments/environment'
import { bootstrapApplication } from '@angular/platform-browser'
import { AppComponent } from 'src/app/app.component'
import { APP_CONFIG } from 'src/app/app.config'
import { environment } from 'src/environments/environment'
if (environment.production) {
enableProdMode()
}
platformBrowserDynamic()
.bootstrapModule(AppModule)
.catch(err => console.error(err))
bootstrapApplication(AppComponent, APP_CONFIG).catch(console.error)

1
web/projects/shared/assets/icons/letsencrypt.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path d="M22.7 17.21h-3.83v-1.975c0-1.572-1.3-2.86-2.86-2.86s-2.86 1.3-2.86 2.86v1.975H9.33v-1.975c0-3.708 3.023-6.7 6.7-6.7 3.708 0 6.7 3.023 6.7 6.7z" fill="#ffa400"/><path d="M24.282 17.21H7.758a1.27 1.27 0 0 0-1.29 1.29V30.7A1.27 1.27 0 0 0 7.758 32h16.524a1.27 1.27 0 0 0 1.29-1.29V18.5c-.04-.725-.605-1.3-1.3-1.3zm-7.456 8.02v1.652c0 .443-.363.846-.846.846-.443 0-.846-.363-.846-.846V25.23c-.524-.282-.846-.846-.846-1.49 0-.927.766-1.693 1.693-1.693s1.693.766 1.693 1.693c.04.645-.322 1.21-.846 1.49z" fill="#003a70"/><path d="M6.066 15.395h-4a1.17 1.17 0 0 1-1.169-1.169 1.17 1.17 0 0 1 1.169-1.169h4a1.17 1.17 0 0 1 1.169 1.169 1.17 1.17 0 0 1-1.169 1.169zm2.82-6.287a1.03 1.03 0 0 1-.725-.282l-3.144-2.58c-.484-.403-.564-1.128-.16-1.652.403-.484 1.128-.564 1.652-.16l3.144 2.58c.484.403.564 1.128.16 1.652-.282.282-.605.443-.927.443zm7.134-2.74a1.17 1.17 0 0 1-1.169-1.169V1.17A1.17 1.17 0 0 1 16.02 0a1.17 1.17 0 0 1 1.169 1.169V5.2a1.17 1.17 0 0 1-1.169 1.169zm7.093 2.74c-.322 0-.685-.16-.887-.443-.403-.484-.322-1.25.16-1.652l3.144-2.58c.484-.403 1.25-.322 1.652.16s.322 1.25-.16 1.652l-3.144 2.58a1.13 1.13 0 0 1-.766.282zm6.81 6.287h-4.03a1.17 1.17 0 0 1-1.169-1.169 1.17 1.17 0 0 1 1.169-1.169h4.03a1.17 1.17 0 0 1 1.169 1.169 1.17 1.17 0 0 1-1.169 1.169z" fill="#ffa400"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

2
web/projects/shared/src/directives/docs-link.directive.ts
View File

@@ -16,7 +16,7 @@ export const VERSION = new InjectionToken<string>('VERSION')
host: {
target: '_blank',
rel: 'noreferrer',
'[href]': 'url()',
'[attr.href]': 'url()',
},
})
export class DocsLinkDirective {

15
web/projects/shared/src/i18n/dictionaries/de.ts
View File

@@ -360,7 +360,6 @@ export default {
377: 'StartOS-Sicherungen erkannt',
378: 'Keine StartOS-Sicherungen erkannt',
379: 'StartOS-Version',
381: 'SMTP-Zugangsdaten',
382: 'Test-E-Mail senden',
383: 'Senden',
384: 'E-Mail wird gesendet',
@@ -644,7 +643,6 @@ export default {
706: 'Beibehalten',
707: 'Überschreiben',
708: 'Entsperren',
709: 'Laufwerk',
710: 'Übertragen',
711: 'Die Liste ist leer',
712: 'Jetzt neu starten',
@@ -659,8 +657,6 @@ export default {
721: 'Gateway für ausgehenden Datenverkehr auswählen',
722: 'Der Typ des Gateways',
723: 'Nur ausgehend',
724: 'Als Standard für ausgehenden Verkehr festlegen',
725: 'Gesamten ausgehenden Datenverkehr über dieses Gateway leiten',
726: 'WireGuard-Konfigurationsdatei',
727: 'Eingehend/Ausgehend',
728: 'StartTunnel (Eingehend/Ausgehend)',
@@ -669,7 +665,6 @@ export default {
731: 'Öffentliche Domain',
732: 'Private Domain',
733: 'Ausblenden',
734: 'Standard ausgehend',
735: 'Zertifikat',
736: 'Selbstsigniert',
737: 'Portweiterleitung',
@@ -704,4 +699,14 @@ export default {
774: 'Der Portstatus kann nicht ermittelt werden, solange der Dienst nicht läuft',
775: 'Diese Adresse funktioniert nicht aus Ihrem lokalen Netzwerk aufgrund einer Router-Hairpinning-Einschränkung',
776: 'Aktion nicht gefunden',
777: 'Diese Domain wird auch gelten für',
778: 'Plugin',
779: 'Öffentlich',
780: 'Privat',
781: 'Lokal',
782: 'Unbekanntes Laufwerk',
783: 'Muss eine gültige E-Mail-Adresse sein',
786: 'Automatisch',
787: 'Ausgehender Datenverkehr',
788: 'Gateway verwenden',
} satisfies i18n

15
web/projects/shared/src/i18n/dictionaries/en.ts
View File

@@ -359,7 +359,6 @@ export const ENGLISH: Record<string, number> = {
'StartOS backups detected': 377,
'No StartOS backups detected': 378,
'StartOS Version': 379,
'SMTP Credentials': 381,
'Send test email': 382,
'Send': 383,
'Sending email': 384,
@@ -644,7 +643,6 @@ export const ENGLISH: Record<string, number> = {
'Preserve': 706,
'Overwrite': 707,
'Unlock': 708,
'Drive': 709, // the noun, a storage device
'Transfer': 710, // the verb
'The list is empty': 711,
'Restart now': 712,
@@ -659,8 +657,6 @@ export const ENGLISH: Record<string, number> = {
'Select the gateway for outbound traffic': 721,
'The type of gateway': 722,
'Outbound Only': 723,
'Set as default outbound': 724,
'Route all outbound traffic through this gateway': 725,
'WireGuard Config File': 726,
'Inbound/Outbound': 727,
'StartTunnel (Inbound/Outbound)': 728,
@@ -669,7 +665,6 @@ export const ENGLISH: Record<string, number> = {
'Public Domain': 731,
'Private Domain': 732,
'Hide': 733,
'default outbound': 734,
'Certificate': 735,
'Self signed': 736,
'Port Forwarding': 737,
@@ -704,4 +699,14 @@ export const ENGLISH: Record<string, number> = {
'Port status cannot be determined while service is not running': 774,
'This address will not work from your local network due to a router hairpinning limitation': 775,
'Action not found': 776,
'This domain will also apply to': 777,
'Plugin': 778,
'Public': 779, // as in, publicly accessible
'Private': 780, // as in, privately accessible
'Local': 781, // as in, locally accessible
'Unknown Drive': 782,
'Must be a valid email address': 783,
'Auto': 786,
'Outbound Traffic': 787,
'Use gateway': 788,
}

15
web/projects/shared/src/i18n/dictionaries/es.ts
View File

@@ -360,7 +360,6 @@ export default {
377: 'Copias de seguridad de StartOS detectadas',
378: 'No se detectaron copias de seguridad de StartOS',
379: 'Versión de StartOS',
381: 'Credenciales SMTP',
382: 'Enviar correo de prueba',
383: 'Enviar',
384: 'Enviando correo',
@@ -644,7 +643,6 @@ export default {
706: 'Conservar',
707: 'Sobrescribir',
708: 'Desbloquear',
709: 'Unidad',
710: 'Transferir',
711: 'La lista está vacía',
712: 'Reiniciar ahora',
@@ -659,8 +657,6 @@ export default {
721: 'Selecciona la puerta de enlace para el tráfico saliente',
722: 'El tipo de puerta de enlace',
723: 'Solo saliente',
724: 'Establecer como saliente predeterminado',
725: 'Enrutar todo el tráfico saliente a través de esta puerta de enlace',
726: 'Archivo de configuración WireGuard',
727: 'Entrante/Saliente',
728: 'StartTunnel (Entrante/Saliente)',
@@ -669,7 +665,6 @@ export default {
731: 'Dominio público',
732: 'Dominio privado',
733: 'Ocultar',
734: 'saliente predeterminado',
735: 'Certificado',
736: 'Autofirmado',
737: 'Reenvío de puertos',
@@ -704,4 +699,14 @@ export default {
774: 'El estado del puerto no se puede determinar mientras el servicio no está en ejecución',
775: 'Esta dirección no funcionará desde tu red local debido a una limitación de hairpinning del router',
776: 'Acción no encontrada',
777: 'Este dominio también se aplicará a',
778: 'Plugin',
779: 'Público',
780: 'Privado',
781: 'Local',
782: 'Unidad desconocida',
783: 'Debe ser una dirección de correo electrónico válida',
786: 'Automático',
787: 'Tráfico saliente',
788: 'Usar gateway',
} satisfies i18n

15
web/projects/shared/src/i18n/dictionaries/fr.ts
View File

@@ -360,7 +360,6 @@ export default {
377: 'Sauvegardes StartOS détectées',
378: 'Aucune sauvegarde StartOS détectée',
379: 'Version de StartOS',
381: 'Identifiants SMTP',
382: 'Envoyer un email de test',
383: 'Envoyer',
384: 'Envoi de lemail',
@@ -644,7 +643,6 @@ export default {
706: 'Conserver',
707: 'Écraser',
708: 'Déverrouiller',
709: 'Disque',
710: 'Transférer',
711: 'La liste est vide',
712: 'Redémarrer maintenant',
@@ -659,8 +657,6 @@ export default {
721: 'Sélectionnez la passerelle pour le trafic sortant',
722: 'Le type de passerelle',
723: 'Sortant uniquement',
724: 'Définir comme sortant par défaut',
725: 'Acheminer tout le trafic sortant via cette passerelle',
726: 'Fichier de configuration WireGuard',
727: 'Entrant/Sortant',
728: 'StartTunnel (Entrant/Sortant)',
@@ -669,7 +665,6 @@ export default {
731: 'Domaine public',
732: 'Domaine privé',
733: 'Masquer',
734: 'sortant par défaut',
735: 'Certificat',
736: 'Auto-signé',
737: 'Redirection de ports',
@@ -704,4 +699,14 @@ export default {
774: "L'état du port ne peut pas être déterminé tant que le service n'est pas en cours d'exécution",
775: "Cette adresse ne fonctionnera pas depuis votre réseau local en raison d'une limitation de hairpinning du routeur",
776: 'Action introuvable',
777: "Ce domaine s'appliquera également à",
778: 'Plugin',
779: 'Public',
780: 'Privé',
781: 'Local',
782: 'Lecteur inconnu',
783: 'Doit être une adresse e-mail valide',
786: 'Automatique',
787: 'Trafic sortant',
788: 'Utiliser la passerelle',
} satisfies i18n

15
web/projects/shared/src/i18n/dictionaries/pl.ts
View File

@@ -360,7 +360,6 @@ export default {
377: 'Wykryto kopie zapasowe StartOS',
378: 'Nie wykryto kopii zapasowych StartOS',
379: 'Wersja StartOS',
381: 'Dane logowania SMTP',
382: 'Wyślij e-mail testowy',
383: 'Wyślij',
384: 'Wysyłanie e-maila',
@@ -644,7 +643,6 @@ export default {
706: 'Zachowaj',
707: 'Nadpisz',
708: 'Odblokuj',
709: 'Dysk',
710: 'Przenieś',
711: 'Lista jest pusta',
712: 'Uruchom ponownie teraz',
@@ -659,8 +657,6 @@ export default {
721: 'Wybierz bramę dla ruchu wychodzącego',
722: 'Typ bramy',
723: 'Tylko wychodzący',
724: 'Ustaw jako domyślne wychodzące',
725: 'Kieruj cały ruch wychodzący przez tę bramę',
726: 'Plik konfiguracyjny WireGuard',
727: 'Przychodzący/Wychodzący',
728: 'StartTunnel (Przychodzący/Wychodzący)',
@@ -669,7 +665,6 @@ export default {
731: 'Domena publiczna',
732: 'Domena prywatna',
733: 'Ukryj',
734: 'domyślne wychodzące',
735: 'Certyfikat',
736: 'Samopodpisany',
737: 'Przekierowanie portów',
@@ -704,4 +699,14 @@ export default {
774: 'Status portu nie może być określony, gdy usługa nie jest uruchomiona',
775: 'Ten adres nie będzie działać z Twojej sieci lokalnej z powodu ograniczenia hairpinning routera',
776: 'Nie znaleziono akcji',
777: 'Ta domena będzie również dotyczyć',
778: 'Wtyczka',
779: 'Publiczny',
780: 'Prywatny',
781: 'Lokalny',
782: 'Nieznany dysk',
783: 'Musi być prawidłowy adres e-mail',
786: 'Automatycznie',
787: 'Ruch wychodzący',
788: 'Użyj bramy',
} satisfies i18n

22
web/projects/shared/src/pipes/convert-bytes.pipe.ts Normal file
View File

@@ -0,0 +1,22 @@
import { Pipe, PipeTransform } from '@angular/core'
// converts bytes to gigabytes
@Pipe({
name: 'convertBytes',
})
export class ConvertBytesPipe implements PipeTransform {
transform(bytes: number): string {
return convertBytes(bytes)
}
}
export function convertBytes(bytes: number): string {
if (bytes === 0) return '0 Bytes'
const k = 1024
const i = Math.floor(Math.log(bytes) / Math.log(k))
return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + ' ' + sizes[i]
}
const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB']

6
web/projects/shared/src/pipes/shared/empty.pipe.ts → web/projects/shared/src/pipes/empty.pipe.ts
View File

@@ -1,13 +1,11 @@
import { Pipe, PipeTransform } from '@angular/core'
import { isEmptyObject } from '../../util/misc.util'
import { isEmptyObject } from '../util/misc.util'
@Pipe({
name: 'empty',
standalone: false,
})
export class EmptyPipe implements PipeTransform {
transform(val: object | [] = {}): boolean {
if (Array.isArray(val)) return !val.length
return isEmptyObject(val)
return Array.isArray(val) ? !val.length : isEmptyObject(val)
}
}

23
web/projects/shared/src/pipes/exver/exver.pipe.ts → web/projects/shared/src/pipes/exver-compares.pipe.ts
View File

@@ -1,28 +1,11 @@
import { Pipe, PipeTransform } from '@angular/core'
import { Exver } from '../../services/exver.service'
@Pipe({
name: 'satisfiesExver',
standalone: false,
})
export class ExverSatisfiesPipe implements PipeTransform {
constructor(private readonly exver: Exver) {}
transform(versionUnderTest?: string, range?: string): boolean {
return (
!!versionUnderTest &&
!!range &&
this.exver.satisfies(versionUnderTest, range)
)
}
}
import { inject, Pipe, PipeTransform } from '@angular/core'
import { Exver } from '../services/exver.service'
@Pipe({
name: 'compareExver',
standalone: false,
})
export class ExverComparesPipe implements PipeTransform {
constructor(private readonly exver: Exver) {}
private readonly exver = inject(Exver)
transform(first: string, second: string): SemverResult {
try {

8
web/projects/shared/src/pipes/exver/exver.module.ts
View File

@@ -1,8 +0,0 @@
import { NgModule } from '@angular/core'
import { ExverComparesPipe, ExverSatisfiesPipe } from './exver.pipe'
@NgModule({
declarations: [ExverComparesPipe, ExverSatisfiesPipe],
exports: [ExverComparesPipe, ExverSatisfiesPipe],
})
export class ExverPipesModule {}

11
web/projects/shared/src/pipes/shared/includes.pipe.ts
View File

@@ -1,11 +0,0 @@
import { Pipe, PipeTransform } from '@angular/core'
@Pipe({
name: 'includes',
standalone: false,
})
export class IncludesPipe implements PipeTransform {
transform<T>(list: T[], val: T): boolean {
return list.includes(val)
}
}

10
web/projects/shared/src/pipes/shared/shared.module.ts
View File

@@ -1,10 +0,0 @@
import { NgModule } from '@angular/core'
import { IncludesPipe } from './includes.pipe'
import { EmptyPipe } from './empty.pipe'
import { TrustUrlPipe } from './trust.pipe'
@NgModule({
declarations: [IncludesPipe, EmptyPipe, TrustUrlPipe],
exports: [IncludesPipe, EmptyPipe, TrustUrlPipe],
})
export class SharedPipesModule {}

35
web/projects/shared/src/pipes/shared/sort.pipe.ts
View File

@@ -1,35 +0,0 @@
import { Pipe, PipeTransform } from '@angular/core'
@Pipe({
name: 'sort',
standalone: false,
})
export class SortPipe implements PipeTransform {
transform(
value: any[],
column: string = '',
direction: string = 'asc',
): any[] {
// If the value is not an array or is empty, return the original value
if (!Array.isArray(value) || value.length === 0) {
return value
}
// Clone the array to avoid modifying the original value
const sortedValue = [...value]
// Define the sorting function based on the column and direction parameters
const sortingFn = (a: any, b: any): number => {
if (a[column] < b[column]) {
return direction === 'asc' ? -1 : 1
} else if (a[column] > b[column]) {
return direction === 'asc' ? 1 : -1
} else {
return 0
}
}
// Sort the array and return the result
return sortedValue.sort(sortingFn)
}
}

5
web/projects/shared/src/pipes/shared/trust.pipe.ts → web/projects/shared/src/pipes/trust.pipe.ts
View File

@@ -1,12 +1,11 @@
import { Pipe, PipeTransform } from '@angular/core'
import { inject, Pipe, PipeTransform } from '@angular/core'
import { DomSanitizer, SafeResourceUrl } from '@angular/platform-browser'
@Pipe({
name: 'trustUrl',
standalone: false,
})
export class TrustUrlPipe implements PipeTransform {
constructor(private readonly sanitizer: DomSanitizer) {}
private readonly sanitizer = inject(DomSanitizer)
transform(base64Icon: string): SafeResourceUrl {
return this.sanitizer.bypassSecurityTrustResourceUrl(base64Icon)

8
web/projects/shared/src/pipes/unit-conversion/unit-conversion.module.ts
View File

@@ -1,8 +0,0 @@
import { NgModule } from '@angular/core'
import { ConvertBytesPipe, DurationToSecondsPipe } from './unit-conversion.pipe'
@NgModule({
declarations: [ConvertBytesPipe, DurationToSecondsPipe],
exports: [ConvertBytesPipe, DurationToSecondsPipe],
})
export class UnitConversionPipesModule {}

49
web/projects/shared/src/pipes/unit-conversion/unit-conversion.pipe.ts
View File

@@ -1,49 +0,0 @@
import { Pipe, PipeTransform } from '@angular/core'
// converts bytes to gigabytes
@Pipe({
name: 'convertBytes',
standalone: false,
})
export class ConvertBytesPipe implements PipeTransform {
transform(bytes: number): string {
return convertBytes(bytes)
}
}
export function convertBytes(bytes: number): string {
if (bytes === 0) return '0 Bytes'
const k = 1024
const i = Math.floor(Math.log(bytes) / Math.log(k))
return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + ' ' + sizes[i]
}
@Pipe({
name: 'durationToSeconds',
standalone: false,
})
export class DurationToSecondsPipe implements PipeTransform {
transform(duration?: string | null): number {
if (!duration) return 0
const regex = /^([0-9]*(\.[0-9]+)?)(ns|µs|ms|s|m|d)$/
const [, num, , unit] = duration.match(regex) || []
const multiplier = (unit && unitsToSeconds[unit]) || NaN
return unit ? Number(num) * multiplier : NaN
}
}
const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB']
const unitsToSeconds: Record<string, number> = {
ns: 1e-9,
µs: 1e-6,
ms: 0.001,
s: 1,
m: 60,
h: 3600,
d: 86400,
}

12
web/projects/shared/src/public-api.ts
View File

@@ -20,14 +20,10 @@ export * from './i18n/i18n.providers'
export * from './i18n/i18n.service'
export * from './i18n/localize.pipe'
export * from './pipes/exver/exver.module'
export * from './pipes/exver/exver.pipe'
export * from './pipes/shared/shared.module'
export * from './pipes/shared/empty.pipe'
export * from './pipes/shared/includes.pipe'
export * from './pipes/shared/trust.pipe'
export * from './pipes/unit-conversion/unit-conversion.module'
export * from './pipes/unit-conversion/unit-conversion.pipe'
export * from './pipes/exver-compares.pipe'
export * from './pipes/empty.pipe'
export * from './pipes/trust.pipe'
export * from './pipes/convert-bytes.pipe'
export * from './pipes/markdown.pipe'
export * from './services/copy.service'

5
web/projects/ui/src/app/app.component.ts
View File

@@ -1,14 +1,18 @@
import { Component, inject } from '@angular/core'
import { takeUntilDestroyed } from '@angular/core/rxjs-interop'
import { RouterOutlet } from '@angular/router'
import { i18nService } from '@start9labs/shared'
import { TuiRoot } from '@taiga-ui/core'
import { PatchDB } from 'patch-db-client'
import { merge } from 'rxjs'
import { ToastContainerComponent } from 'src/app/components/toast-container.component'
import { PatchDataService } from './services/patch-data.service'
import { DataModel } from './services/patch-db/data-model'
import { PatchMonitorService } from './services/patch-monitor.service'
@Component({
selector: 'app-root',
imports: [TuiRoot, RouterOutlet, ToastContainerComponent],
template: `
<tui-root tuiTheme="dark">
<router-outlet />
@@ -26,7 +30,6 @@ import { PatchMonitorService } from './services/patch-monitor.service'
font-family: 'Proxima Nova', system-ui;
}
`,
standalone: false,
})
export class AppComponent {
private readonly i18n = inject(i18nService)

199
web/projects/ui/src/app/app.config.ts Normal file
View File

@@ -0,0 +1,199 @@
import {
provideHttpClient,
withFetch,
withInterceptorsFromDi,
} from '@angular/common/http'
import {
ApplicationConfig,
inject,
provideAppInitializer,
provideZoneChangeDetection,
} from '@angular/core'
import { UntypedFormBuilder } from '@angular/forms'
import { provideAnimations } from '@angular/platform-browser/animations'
import {
ActivationStart,
PreloadAllModules,
provideRouter,
Router,
withComponentInputBinding,
withDisabledInitialNavigation,
withInMemoryScrolling,
withPreloading,
withRouterConfig,
} from '@angular/router'
import { provideServiceWorker } from '@angular/service-worker'
import { WA_LOCATION } from '@ng-web-apis/common'
import initArgon from '@start9labs/argon2'
import {
AbstractCategoryService,
FilterPackagesPipe,
} from '@start9labs/marketplace'
import {
I18N_PROVIDERS,
I18N_STORAGE,
i18nService,
Languages,
RELATIVE_URL,
VERSION,
WorkspaceConfig,
} from '@start9labs/shared'
import { tuiObfuscateOptionsProvider } from '@taiga-ui/cdk'
import {
TUI_DATE_FORMAT,
TUI_DIALOGS_CLOSE,
TUI_MEDIA,
tuiAlertOptionsProvider,
tuiButtonOptionsProvider,
tuiDropdownOptionsProvider,
tuiNumberFormatProvider,
} from '@taiga-ui/core'
import { provideEventPlugins } from '@taiga-ui/event-plugins'
import {
TUI_DATE_TIME_VALUE_TRANSFORMER,
TUI_DATE_VALUE_TRANSFORMER,
} from '@taiga-ui/kit'
import { PatchDB } from 'patch-db-client'
import { filter, identity, merge, of, pairwise } from 'rxjs'
import { FilterUpdatesPipe } from 'src/app/routes/portal/routes/updates/filter-updates.pipe'
import { ApiService } from 'src/app/services/api/embassy-api.service'
import { LiveApiService } from 'src/app/services/api/embassy-live-api.service'
import { MockApiService } from 'src/app/services/api/embassy-mock-api.service'
import { AuthService } from 'src/app/services/auth.service'
import { CategoryService } from 'src/app/services/category.service'
import { ClientStorageService } from 'src/app/services/client-storage.service'
import { ConfigService } from 'src/app/services/config.service'
import { DateTransformerService } from 'src/app/services/date-transformer.service'
import { DatetimeTransformerService } from 'src/app/services/datetime-transformer.service'
import {
PATCH_CACHE,
PatchDbSource,
} from 'src/app/services/patch-db/patch-db-source'
import { StateService } from 'src/app/services/state.service'
import { StorageService } from 'src/app/services/storage.service'
import { environment } from 'src/environments/environment'
import { ROUTES } from './app.routes'
const {
useMocks,
ui: { api },
} = require('../../../../config.json') as WorkspaceConfig
export const APP_CONFIG: ApplicationConfig = {
providers: [
provideZoneChangeDetection(),
provideAnimations(),
provideEventPlugins(),
provideHttpClient(withInterceptorsFromDi(), withFetch()),
provideRouter(
ROUTES,
withDisabledInitialNavigation(),
withComponentInputBinding(),
withPreloading(PreloadAllModules),
withInMemoryScrolling({ scrollPositionRestoration: 'enabled' }),
withRouterConfig({ paramsInheritanceStrategy: 'always' }),
),
provideServiceWorker('ngsw-worker.js', {
enabled: environment.useServiceWorker,
// Register the ServiceWorker as soon as the application is stable
// or after 30 seconds (whichever comes first).
registrationStrategy: 'registerWhenStable:30000',
}),
I18N_PROVIDERS,
FilterPackagesPipe,
FilterUpdatesPipe,
UntypedFormBuilder,
tuiNumberFormatProvider({ decimalSeparator: '.', thousandSeparator: '' }),
tuiButtonOptionsProvider({ size: 'm' }),
tuiDropdownOptionsProvider({ appearance: 'start-os' }),
tuiAlertOptionsProvider({
autoClose: appearance => (appearance === 'negative' ? 0 : 3000),
}),
{
provide: TUI_DATE_FORMAT,
useValue: of({
mode: 'MDY',
separator: '/',
}),
},
{
provide: TUI_DATE_VALUE_TRANSFORMER,
useClass: DateTransformerService,
},
{
provide: TUI_DATE_TIME_VALUE_TRANSFORMER,
useClass: DatetimeTransformerService,
},
{
provide: ApiService,
useClass: useMocks ? MockApiService : LiveApiService,
},
{
provide: PatchDB,
deps: [PatchDbSource, PATCH_CACHE],
useClass: PatchDB,
},
provideAppInitializer(() => {
const i18n = inject(i18nService)
const origin = inject(WA_LOCATION).origin
const module_or_path = new URL('/assets/argon2_bg.wasm', origin)
initArgon({ module_or_path })
inject(StorageService).migrate036()
inject(AuthService).init()
inject(ClientStorageService).init()
inject(Router).initialNavigation()
i18n.setLanguage(i18n.language || 'english')
}),
{
provide: RELATIVE_URL,
useValue: `/${api.url}/${api.version}`,
},
{
provide: AbstractCategoryService,
useClass: CategoryService,
},
{
provide: TUI_DIALOGS_CLOSE,
useFactory: () =>
merge(
inject(Router).events.pipe(filter(e => e instanceof ActivationStart)),
inject(StateService).pipe(
pairwise(),
filter(
([prev, curr]) =>
prev === 'running' &&
(curr === 'error' || curr === 'initializing'),
),
),
),
},
{
provide: I18N_STORAGE,
useFactory: () => {
const api = inject(ApiService)
return (language: Languages) => api.setLanguage({ language })
},
},
{
provide: VERSION,
useFactory: () => inject(ConfigService).version,
},
tuiObfuscateOptionsProvider({
recipes: {
mask: ({ length }) => '•'.repeat(length),
none: identity,
},
}),
{
provide: TUI_MEDIA,
useValue: {
mobile: 1000,
desktopSmall: 1280,
desktopLarge: Infinity,
},
},
],
}

36
web/projects/ui/src/app/app.module.ts
View File

@@ -1,36 +0,0 @@
import {
provideHttpClient,
withFetch,
withInterceptorsFromDi,
} from '@angular/common/http'
import { NgModule } from '@angular/core'
import { BrowserModule } from '@angular/platform-browser'
import { ServiceWorkerModule } from '@angular/service-worker'
import { TuiRoot } from '@taiga-ui/core'
import { ToastContainerComponent } from 'src/app/components/toast-container.component'
import { environment } from '../environments/environment'
import { AppComponent } from './app.component'
import { APP_PROVIDERS } from './app.providers'
import { RoutingModule } from './routing.module'
@NgModule({
declarations: [AppComponent],
imports: [
BrowserModule,
RoutingModule,
ToastContainerComponent,
TuiRoot,
ServiceWorkerModule.register('ngsw-worker.js', {
enabled: environment.useServiceWorker,
// Register the ServiceWorker as soon as the application is stable
// or after 30 seconds (whichever comes first).
registrationStrategy: 'registerWhenStable:30000',
}),
],
providers: [
APP_PROVIDERS,
provideHttpClient(withInterceptorsFromDi(), withFetch()),
],
bootstrap: [AppComponent],
})
export class AppModule {}

157
web/projects/ui/src/app/app.providers.ts
View File

@@ -1,157 +0,0 @@
import { inject, provideAppInitializer } from '@angular/core'
import { UntypedFormBuilder } from '@angular/forms'
import { provideAnimations } from '@angular/platform-browser/animations'
import { ActivationStart, Router } from '@angular/router'
import { WA_LOCATION } from '@ng-web-apis/common'
import initArgon from '@start9labs/argon2'
import {
AbstractCategoryService,
FilterPackagesPipe,
} from '@start9labs/marketplace'
import {
I18N_PROVIDERS,
I18N_STORAGE,
i18nService,
Languages,
RELATIVE_URL,
VERSION,
WorkspaceConfig,
} from '@start9labs/shared'
import { tuiObfuscateOptionsProvider } from '@taiga-ui/cdk'
import {
TUI_DATE_FORMAT,
TUI_DIALOGS_CLOSE,
TUI_MEDIA,
tuiAlertOptionsProvider,
tuiButtonOptionsProvider,
tuiDropdownOptionsProvider,
tuiNumberFormatProvider,
} from '@taiga-ui/core'
import { provideEventPlugins } from '@taiga-ui/event-plugins'
import {
TUI_DATE_TIME_VALUE_TRANSFORMER,
TUI_DATE_VALUE_TRANSFORMER,
} from '@taiga-ui/kit'
import { PatchDB } from 'patch-db-client'
import { filter, identity, merge, of, pairwise } from 'rxjs'
import { ConfigService } from 'src/app/services/config.service'
import {
PATCH_CACHE,
PatchDbSource,
} from 'src/app/services/patch-db/patch-db-source'
import { StateService } from 'src/app/services/state.service'
import { FilterUpdatesPipe } from './routes/portal/routes/updates/filter-updates.pipe'
import { ApiService } from './services/api/embassy-api.service'
import { LiveApiService } from './services/api/embassy-live-api.service'
import { MockApiService } from './services/api/embassy-mock-api.service'
import { AuthService } from './services/auth.service'
import { CategoryService } from './services/category.service'
import { ClientStorageService } from './services/client-storage.service'
import { DateTransformerService } from './services/date-transformer.service'
import { DatetimeTransformerService } from './services/datetime-transformer.service'
import { StorageService } from './services/storage.service'
const {
useMocks,
ui: { api },
} = require('../../../../config.json') as WorkspaceConfig
export const APP_PROVIDERS = [
provideAnimations(),
provideEventPlugins(),
I18N_PROVIDERS,
FilterPackagesPipe,
FilterUpdatesPipe,
UntypedFormBuilder,
tuiNumberFormatProvider({ decimalSeparator: '.', thousandSeparator: '' }),
tuiButtonOptionsProvider({ size: 'm' }),
tuiDropdownOptionsProvider({ appearance: 'start-os' }),
tuiAlertOptionsProvider({
autoClose: appearance => (appearance === 'negative' ? 0 : 3000),
}),
{
provide: TUI_DATE_FORMAT,
useValue: of({
mode: 'MDY',
separator: '/',
}),
},
{
provide: TUI_DATE_VALUE_TRANSFORMER,
useClass: DateTransformerService,
},
{
provide: TUI_DATE_TIME_VALUE_TRANSFORMER,
useClass: DatetimeTransformerService,
},
{
provide: ApiService,
useClass: useMocks ? MockApiService : LiveApiService,
},
{
provide: PatchDB,
deps: [PatchDbSource, PATCH_CACHE],
useClass: PatchDB,
},
provideAppInitializer(() => {
const i18n = inject(i18nService)
const origin = inject(WA_LOCATION).origin
const module_or_path = new URL('/assets/argon2_bg.wasm', origin)
initArgon({ module_or_path })
inject(StorageService).migrate036()
inject(AuthService).init()
inject(ClientStorageService).init()
inject(Router).initialNavigation()
i18n.setLanguage(i18n.language || 'english')
}),
{
provide: RELATIVE_URL,
useValue: `/${api.url}/${api.version}`,
},
{
provide: AbstractCategoryService,
useClass: CategoryService,
},
{
provide: TUI_DIALOGS_CLOSE,
useFactory: () =>
merge(
inject(Router).events.pipe(filter(e => e instanceof ActivationStart)),
inject(StateService).pipe(
pairwise(),
filter(
([prev, curr]) =>
prev === 'running' &&
(curr === 'error' || curr === 'initializing'),
),
),
),
},
{
provide: I18N_STORAGE,
useFactory: () => {
const api = inject(ApiService)
return (language: Languages) => api.setLanguage({ language })
},
},
{
provide: VERSION,
useFactory: () => inject(ConfigService).version,
},
tuiObfuscateOptionsProvider({
recipes: {
mask: ({ length }) => '•'.repeat(length),
none: identity,
},
}),
{
provide: TUI_MEDIA,
useValue: {
mobile: 1000,
desktopSmall: 1280,
desktopLarge: Infinity,
},
},
]

25
web/projects/ui/src/app/routing.module.ts → web/projects/ui/src/app/app.routes.ts
View File

@@ -1,14 +1,14 @@
import { NgModule } from '@angular/core'
import { PreloadAllModules, RouterModule, Routes } from '@angular/router'
import { AuthGuard } from 'src/app/guards/auth.guard'
import { UnauthGuard } from 'src/app/guards/unauth.guard'
import { stateNot } from 'src/app/services/state.service'
import { AuthGuard } from './guards/auth.guard'
import { UnauthGuard } from './guards/unauth.guard'
const routes: Routes = [
export const ROUTES: Routes = [
{
path: 'diagnostic',
canActivate: [stateNot(['initializing', 'running'])],
loadChildren: () => import('./routes/diagnostic/diagnostic.module'),
loadChildren: () => import('./routes/diagnostic/diagnostic.routes'),
},
{
path: 'initializing',
@@ -18,8 +18,7 @@ const routes: Routes = [
{
path: 'login',
canActivate: [UnauthGuard, stateNot(['error', 'initializing'])],
loadChildren: () =>
import('./routes/login/login.module').then(m => m.LoginPageModule),
loadComponent: () => import('./routes/login/login.page'),
},
{
path: '',
@@ -32,17 +31,3 @@ const routes: Routes = [
pathMatch: 'full',
},
]
@NgModule({
imports: [
RouterModule.forRoot(routes, {
scrollPositionRestoration: 'enabled',
paramsInheritanceStrategy: 'always',
preloadingStrategy: PreloadAllModules,
initialNavigation: 'disabled',
bindToComponentInputs: true,
}),
],
exports: [RouterModule],
})
export class RoutingModule {}

19
web/projects/ui/src/app/routes/diagnostic/diagnostic.module.ts
View File

@@ -1,19 +0,0 @@
import { NgModule } from '@angular/core'
import { RouterModule, Routes } from '@angular/router'
const ROUTES: Routes = [
{
path: '',
loadChildren: () =>
import('./home/home.module').then(m => m.HomePageModule),
},
{
path: 'logs',
loadComponent: () => import('./logs.component'),
},
]
@NgModule({
imports: [RouterModule.forChild(ROUTES)],
})
export default class DiagnosticModule {}

12
web/projects/ui/src/app/routes/diagnostic/diagnostic.routes.ts Normal file
View File

@@ -0,0 +1,12 @@
import { Routes } from '@angular/router'
export default [
{
path: '',
loadComponent: () => import('./home/home.page'),
},
{
path: 'logs',
loadComponent: () => import('./logs.component'),
},
] satisfies Routes

19
web/projects/ui/src/app/routes/diagnostic/home/home.module.ts
View File

@@ -1,19 +0,0 @@
import { TuiButton } from '@taiga-ui/core'
import { NgModule } from '@angular/core'
import { CommonModule } from '@angular/common'
import { RouterModule, Routes } from '@angular/router'
import { HomePage } from './home.page'
import { i18nPipe } from '@start9labs/shared'
const ROUTES: Routes = [
{
path: '',
component: HomePage,
},
]
@NgModule({
imports: [CommonModule, TuiButton, RouterModule.forChild(ROUTES), i18nPipe],
declarations: [HomePage],
})
export class HomePageModule {}

14
web/projects/ui/src/app/routes/diagnostic/home/home.page.ts
View File

@@ -1,6 +1,14 @@
import { CommonModule } from '@angular/common'
import { Component, Inject } from '@angular/core'
import { RouterLink } from '@angular/router'
import { WA_WINDOW } from '@ng-web-apis/common'
import { DialogService, i18nKey, LoadingService } from '@start9labs/shared'
import {
DialogService,
i18nKey,
i18nPipe,
LoadingService,
} from '@start9labs/shared'
import { TuiButton } from '@taiga-ui/core'
import { filter } from 'rxjs'
import { ApiService } from 'src/app/services/api/embassy-api.service'
import { ConfigService } from 'src/app/services/config.service'
@@ -9,9 +17,9 @@ import { ConfigService } from 'src/app/services/config.service'
selector: 'diagnostic-home',
templateUrl: 'home.component.html',
styleUrls: ['home.page.scss'],
standalone: false,
imports: [CommonModule, TuiButton, i18nPipe, RouterLink],
})
export class HomePage {
export default class HomePage {
restarted = false
error?: {
code: number

4
web/projects/ui/src/app/routes/initializing/initializing.page.ts
View File

@@ -20,9 +20,7 @@ import { ApiService } from 'src/app/services/api/embassy-api.service'
import { StateService } from 'src/app/services/state.service'
@Component({
template: `
<app-initializing [progress]="progress()" />
`,
template: '<app-initializing [progress]="progress()" />',
providers: [provideSetupLogsService(ApiService)],
styles: ':host { height: 100%; }',
imports: [InitializingComponent],

37
web/projects/ui/src/app/routes/login/login.module.ts
View File

@@ -1,37 +0,0 @@
import { CommonModule } from '@angular/common'
import { NgModule } from '@angular/core'
import { FormsModule } from '@angular/forms'
import { RouterModule, Routes } from '@angular/router'
import { i18nPipe } from '@start9labs/shared'
import { TuiAutoFocus } from '@taiga-ui/cdk'
import { TuiButton, TuiError, TuiIcon, TuiTextfield } from '@taiga-ui/core'
import { TuiPassword } from '@taiga-ui/kit'
import { TuiCardLarge } from '@taiga-ui/layout'
import { CAWizardComponent } from './ca-wizard/ca-wizard.component'
import { LoginPage } from './login.page'
const routes: Routes = [
{
path: '',
component: LoginPage,
},
]
@NgModule({
imports: [
CommonModule,
FormsModule,
CAWizardComponent,
TuiButton,
TuiCardLarge,
...TuiTextfield,
TuiIcon,
TuiPassword,
TuiAutoFocus,
TuiError,
RouterModule.forChild(routes),
i18nPipe,
],
declarations: [LoginPage],
})
export class LoginPageModule {}

29
web/projects/ui/src/app/routes/login/login.page.ts
View File

@@ -1,19 +1,38 @@
import { Router } from '@angular/router'
import { CommonModule } from '@angular/common'
import { Component, DestroyRef, DOCUMENT, inject, Inject } from '@angular/core'
import { takeUntilDestroyed } from '@angular/core/rxjs-interop'
import { Component, Inject, DestroyRef, inject, DOCUMENT } from '@angular/core'
import { FormsModule } from '@angular/forms'
import { Router } from '@angular/router'
import { i18nKey, i18nPipe, LoadingService } from '@start9labs/shared'
import { TuiAutoFocus } from '@taiga-ui/cdk'
import { TuiButton, TuiError, TuiIcon, TuiTextfield } from '@taiga-ui/core'
import { TuiPassword } from '@taiga-ui/kit'
import { TuiCardLarge } from '@taiga-ui/layout'
import { CAWizardComponent } from 'src/app/routes/login/ca-wizard/ca-wizard.component'
import { ApiService } from 'src/app/services/api/embassy-api.service'
import { AuthService } from 'src/app/services/auth.service'
import { ConfigService } from 'src/app/services/config.service'
import { i18nKey, LoadingService } from '@start9labs/shared'
@Component({
selector: 'login',
templateUrl: './login.component.html',
styleUrls: ['./login.page.scss'],
imports: [
CommonModule,
FormsModule,
CAWizardComponent,
TuiButton,
TuiCardLarge,
TuiTextfield,
TuiIcon,
TuiPassword,
TuiAutoFocus,
TuiError,
i18nPipe,
],
providers: [],
standalone: false,
})
export class LoginPage {
export default class LoginPage {
password = ''
error: i18nKey | null = null

11
web/projects/ui/src/app/routes/portal/components/form.component.ts
View File

@@ -31,6 +31,7 @@ export interface FormContext<T> {
buttons: ActionButton<T>[]
value?: T
operations?: Operation[]
note?: string
}
@Component({
@@ -43,6 +44,9 @@ export interface FormContext<T> {
(tuiValueChanges)="markAsDirty()"
>
<form-group [spec]="spec" />
@if (note) {
<p class="note">{{ note }}</p>
}
<footer>
<ng-content />
@for (button of buttons; track $index) {
@@ -70,6 +74,12 @@ export interface FormContext<T> {
</form>
`,
styles: `
.note {
color: var(--tui-text-secondary);
font: var(--tui-font-text-s);
margin-top: 1rem;
}
footer {
position: sticky;
bottom: 0;
@@ -106,6 +116,7 @@ export class FormComponent<T extends Record<string, any>> implements OnInit {
@Input() buttons = this.context?.data.buttons || []
@Input() operations = this.context?.data.operations || []
@Input() value?: T = this.context?.data.value
@Input() note = this.context?.data.note || ''
form = new FormGroup({})

4
web/projects/ui/src/app/routes/portal/components/header/header.component.ts
View File

@@ -36,6 +36,7 @@ import { HeaderStatusComponent } from './status.component'
height: 2.75rem;
border-radius: var(--bumper);
margin: var(--bumper);
clip-path: inset(0 round var(--bumper));
overflow: hidden;
filter: grayscale(1) brightness(0.75);
@@ -107,7 +108,8 @@ import { HeaderStatusComponent } from './status.component'
&:has([data-status='success']) {
--status: transparent;
filter: none;
// "none" breaks border radius in Firefox
filter: grayscale(0.001);
}
}

14
web/projects/ui/src/app/routes/portal/components/header/menu.component.ts
View File

@@ -45,7 +45,7 @@ import { ABOUT } from './about.component'
}
<tui-data-list [style.width.rem]="13">
<tui-opt-group>
<button tuiOption iconStart="@tui.info" (click)="about()">
<button tuiOption iconStart="@tui.info" new (click)="about()">
{{ 'About this server' | i18n }}
</button>
</tui-opt-group>
@@ -53,13 +53,15 @@ import { ABOUT } from './about.component'
<a
tuiOption
docsLink
iconStart="@tui.book-open"
path="/start-os/user-manual/index.html"
new
iconStart="@tui.book-open-text"
path="/start-os/user-manual"
>
{{ 'User manual' | i18n }}
</a>
<a
tuiOption
new
iconStart="@tui.headphones"
href="https://start9.com/contact"
>
@@ -67,6 +69,7 @@ import { ABOUT } from './about.component'
</a>
<a
tuiOption
new
iconStart="@tui.dollar-sign"
href="https://donate.start9.com"
>
@@ -76,6 +79,7 @@ import { ABOUT } from './about.component'
<tui-opt-group label="">
<a
tuiOption
new
iconStart="@tui.settings"
routerLink="/system"
(click)="open = false"
@@ -86,6 +90,7 @@ import { ABOUT } from './about.component'
<tui-opt-group label="">
<button
tuiOption
new
iconStart="@tui.refresh-cw"
(click)="promptPower('restart')"
>
@@ -93,12 +98,13 @@ import { ABOUT } from './about.component'
</button>
<button
tuiOption
new
iconStart="@tui.power"
(click)="promptPower('shutdown')"
>
{{ 'Shutdown' | i18n }}
</button>
<button tuiOption iconStart="@tui.log-out" (click)="logout()">
<button tuiOption new iconStart="@tui.log-out" (click)="logout()">
{{ 'Logout' | i18n }}
</button>
</tui-opt-group>

26
web/projects/ui/src/app/routes/portal/components/interfaces/addresses/actions.component.ts
View File

@@ -30,19 +30,6 @@ import { DomainHealthService } from './domain-health.service'
selector: 'td[actions]',
template: `
<div class="desktop">
@if (address().ui) {
<a
tuiIconButton
appearance="flat-grayscale"
iconStart="@tui.external-link"
target="_blank"
rel="noreferrer"
[attr.href]="address().enabled ? address().url : null"
[class.disabled]="!address().enabled"
>
{{ 'Open UI' | i18n }}
</a>
}
@if (address().deletable) {
<button
tuiIconButton
@@ -87,6 +74,19 @@ import { DomainHealthService } from './domain-health.service'
{{ 'Address Requirements' | i18n }}
</button>
}
@if (address().ui) {
<a
tuiIconButton
appearance="flat-grayscale"
iconStart="@tui.external-link"
target="_blank"
rel="noreferrer"
[attr.href]="address().enabled ? address().url : null"
[class.disabled]="!address().enabled"
>
{{ 'Open UI' | i18n }}
</a>
}
<button
tuiIconButton
appearance="flat-grayscale"

46
web/projects/ui/src/app/routes/portal/components/interfaces/addresses/addresses.component.ts
View File

@@ -37,7 +37,7 @@ import { InterfaceAddressItemComponent } from './item.component'
selector: 'section[gatewayGroup]',
template: `
<header>
{{ gatewayGroup().gatewayName }}
{{ 'Gateway' | i18n }}: {{ gatewayGroup().gatewayName }}
<button
tuiDropdown
tuiButton
@@ -57,7 +57,14 @@ import { InterfaceAddressItemComponent } from './item.component'
</button>
</header>
<table
[appTable]="['Enabled', 'Type', 'Certificate Authority', 'URL', null]"
[appTable]="[
null,
'Access',
'Type',
'Certificate Authority',
'URL',
null,
]"
>
@for (address of gatewayGroup().addresses; track $index) {
<tr
@@ -69,7 +76,7 @@ import { InterfaceAddressItemComponent } from './item.component'
></tr>
} @empty {
<tr>
<td colspan="5">
<td colspan="6">
<app-placeholder icon="@tui.list-x">
{{ 'No addresses' | i18n }}
</app-placeholder>
@@ -132,6 +139,7 @@ export class InterfaceAddressesComponent {
}),
}),
),
note: this.getSharedHostNote(),
buttons: [
{
text: this.i18n.transform('Save')!,
@@ -190,6 +198,7 @@ export class InterfaceAddressesComponent {
size: 's',
data: {
spec: await configBuilderToSpec(addSpec),
note: this.getSharedHostNote(),
buttons: [
{
text: this.i18n.transform('Save')!,
@@ -207,18 +216,22 @@ export class InterfaceAddressesComponent {
const loader = this.loader.open('Saving').subscribe()
try {
let configured: boolean
if (this.packageId()) {
await this.api.pkgAddPrivateDomain({
configured = await this.api.pkgAddPrivateDomain({
fqdn,
gateway: gatewayId,
package: this.packageId(),
host: iface?.addressInfo.hostId || '',
})
} else {
await this.api.osUiAddPrivateDomain({ fqdn, gateway: gatewayId })
configured = await this.api.osUiAddPrivateDomain({
fqdn,
gateway: gatewayId,
})
}
await this.domainHealth.checkPrivateDomain(gatewayId)
await this.domainHealth.checkPrivateDomain(gatewayId, configured)
return true
} catch (e: any) {
@@ -229,6 +242,13 @@ export class InterfaceAddressesComponent {
}
}
private getSharedHostNote(): string {
const names = this.value()?.sharedHostNames
if (!names?.length) return ''
return `${this.i18n.transform('This domain will also apply to')} ${names.join(', ')}`
}
private async savePublicDomain(
fqdn: string,
authority?: 'local' | string,
@@ -241,26 +261,22 @@ export class InterfaceAddressesComponent {
fqdn,
gateway: gatewayId,
acme: !authority || authority === 'local' ? null : authority,
internalPort: iface?.addressInfo.internalPort || 80,
}
try {
let res
if (this.packageId()) {
await this.api.pkgAddPublicDomain({
res = await this.api.pkgAddPublicDomain({
...params,
package: this.packageId(),
host: iface?.addressInfo.hostId || '',
})
} else {
await this.api.osUiAddPublicDomain(params)
res = await this.api.osUiAddPublicDomain(params)
}
const port = this.gatewayGroup().addresses.find(
a => a.access === 'public' && a.hostnameInfo.port !== null,
)?.hostnameInfo.port
if (port !== undefined && port !== null) {
await this.domainHealth.checkPublicDomain(fqdn, gatewayId, port)
}
await this.domainHealth.checkPublicDomain(fqdn, gatewayId, res)
return true
} catch (e: any) {

49
web/projects/ui/src/app/routes/portal/components/interfaces/addresses/domain-health.service.ts
View File

@@ -19,21 +19,34 @@ export class DomainHealthService {
async checkPublicDomain(
fqdn: string,
gatewayId: string,
port: number,
portOrRes: number | T.AddPublicDomainRes,
): Promise<void> {
try {
const gateway = await this.getGatewayData(gatewayId)
if (!gateway) return
const [dnsPass, portResult] = await Promise.all([
this.api
.queryDns({ fqdn })
.then(ip => ip === gateway.ipInfo.wanIp)
.catch(() => false),
this.api
.checkPort({ gateway: gatewayId, port })
.catch((): null => null),
])
let dnsPass: boolean
let port: number
let portResult: T.CheckPortRes | null
if (typeof portOrRes === 'number') {
port = portOrRes
const [dns, portRes] = await Promise.all([
this.api
.queryDns({ fqdn })
.then(ip => ip === gateway.ipInfo.wanIp)
.catch(() => false),
this.api
.checkPort({ gateway: gatewayId, port: portOrRes })
.catch((): null => null),
])
dnsPass = dns
portResult = portRes
} else {
dnsPass = portOrRes.dns === gateway.ipInfo.wanIp
port = portOrRes.port.port
portResult = portOrRes.port
}
const portOk =
!!portResult?.openInternally &&
@@ -55,14 +68,17 @@ export class DomainHealthService {
}
}
async checkPrivateDomain(gatewayId: string): Promise<void> {
async checkPrivateDomain(
gatewayId: string,
prefetchedConfigured?: boolean,
): Promise<void> {
try {
const gateway = await this.getGatewayData(gatewayId)
if (!gateway) return
const configured = await this.api
.checkDns({ gateway: gatewayId })
.catch(() => false)
const configured =
prefetchedConfigured ??
(await this.api.checkDns({ gateway: gatewayId }).catch(() => false))
if (!configured) {
setTimeout(
@@ -150,7 +166,10 @@ export class DomainHealthService {
fqdn: string,
gateway: DnsGateway,
port: number,
initialResults?: { dnsPass: boolean; portResult: T.CheckPortRes | null },
initialResults?: {
dnsPass: boolean
portResult: T.CheckPortRes | null
},
) {
this.dialog
.openComponent(DOMAIN_VALIDATION, {

114
web/projects/ui/src/app/routes/portal/components/interfaces/addresses/item.component.ts
View File

@@ -10,7 +10,7 @@ import { ErrorService, i18nPipe, LoadingService } from '@start9labs/shared'
import { TuiObfuscatePipe } from '@taiga-ui/cdk'
import { TuiButton, TuiIcon } from '@taiga-ui/core'
import { FormsModule } from '@angular/forms'
import { TuiSwitch } from '@taiga-ui/kit'
import { TuiBadge, TuiSwitch } from '@taiga-ui/kit'
import { ApiService } from 'src/app/services/api/embassy-api.service'
import { GatewayAddress, MappedServiceInterface } from '../interface.service'
import { AddressActionsComponent } from './actions.component'
@@ -36,22 +36,51 @@ import { DomainHealthService } from './domain-health.service'
(ngModelChange)="onToggleEnabled()"
/>
</td>
<td class="type">
<td class="access">
<tui-icon
[icon]="address.access === 'public' ? '@tui.globe' : '@tui.house'"
/>
{{ address.type }}
<span>
{{ (address.access === 'public' ? 'Public' : 'Local') | i18n }}
</span>
</td>
<td class="type">
<tui-badge
size="s"
[appearance]="typeAppearance(address.hostnameInfo.metadata.kind)"
>
{{ address.type }}
</tui-badge>
</td>
<td>
{{ address.certificate }}
<div class="cert">
@if (address.certificate === 'Root CA') {
<img src="assets/icons/favicon.svg" alt="" class="cert-icon" />
} @else if (address.certificate.startsWith("Let's Encrypt")) {
<img src="assets/icons/letsencrypt.svg" alt="" class="cert-icon" />
} @else if (
address.certificate !== '-' && address.certificate !== 'Self signed'
) {
<tui-icon icon="@tui.shield" class="cert-icon" />
}
{{ address.certificate }}
</div>
</td>
<td>
<div class="url">
<span
[title]="address.masked && currentlyMasked() ? '' : address.url"
>
{{ address.url | tuiObfuscate: recipe() }}
</span>
@if (address.masked && currentlyMasked()) {
<span>{{ address.url | tuiObfuscate: 'mask' }}</span>
} @else {
<span [title]="address.url">
@if (urlParts(); as parts) {
{{ parts.prefix }}
<b>{{ parts.hostname }}</b>
{{ parts.suffix }}
} @else {
{{ address.url }}
}
</span>
}
@if (address.masked) {
<button
tuiIconButton
@@ -81,12 +110,28 @@ import { DomainHealthService } from './domain-health.service'
grid-template-columns: fit-content(10rem) 1fr 2rem 2rem;
}
.type tui-icon {
.access tui-icon {
font-size: 1.3rem;
margin-right: 0.7rem;
vertical-align: middle;
}
.cert {
display: flex;
align-items: center;
gap: 0.5rem;
}
.cert-icon {
height: 1.25rem;
width: 1.25rem;
flex-shrink: 0;
}
tui-icon.cert-icon {
font-size: 1.25rem;
}
.url {
display: flex;
align-items: center;
@@ -104,6 +149,7 @@ import { DomainHealthService } from './domain-health.service'
:host-context(tui-root._mobile) {
padding-inline-start: 0.75rem !important;
row-gap: 0.25rem;
&::before {
content: '';
@@ -129,18 +175,32 @@ import { DomainHealthService } from './domain-health.service'
display: none;
}
td:nth-child(2) {
.access {
padding-right: 0;
font: var(--tui-font-text-m);
font-weight: bold;
tui-icon {
display: none;
}
}
.type {
font: var(--tui-font-text-m);
font-weight: bold;
color: var(--tui-text-primary);
padding-inline-end: 0.5rem;
}
td:nth-child(3) {
td:nth-child(4) {
grid-area: 2 / 1 / 2 / 3;
.cert-icon {
display: none;
}
}
td:nth-child(4) {
td:nth-child(5) {
grid-area: 3 / 1 / 3 / 3;
}
@@ -154,6 +214,7 @@ import { DomainHealthService } from './domain-health.service'
imports: [
i18nPipe,
AddressActionsComponent,
TuiBadge,
TuiButton,
TuiIcon,
TuiObfuscatePipe,
@@ -180,6 +241,33 @@ export class InterfaceAddressItemComponent {
this.address()?.masked && this.currentlyMasked() ? 'mask' : 'none',
)
readonly urlParts = computed(() => {
const { url, hostnameInfo } = this.address()
const idx = url.indexOf(hostnameInfo.hostname)
if (idx === -1) return null
return {
prefix: url.slice(0, idx),
hostname: hostnameInfo.hostname,
suffix: url.slice(idx + hostnameInfo.hostname.length),
}
})
typeAppearance(kind: string): string {
switch (kind) {
case 'public-domain':
case 'private-domain':
return 'info'
case 'mdns':
return 'positive'
case 'ipv4':
return 'warning'
case 'ipv6':
return 'neutral'
default:
return 'neutral'
}
}
async onToggleEnabled() {
const addr = this.address()
const iface = this.value()

2
web/projects/ui/src/app/routes/portal/components/interfaces/addresses/plugin.component.ts
View File

@@ -32,7 +32,7 @@ import {
@if (pluginGroup().pluginPkgInfo; as pkgInfo) {
<img [src]="pkgInfo.icon" alt="" class="plugin-icon" />
}
{{ pluginGroup().pluginName }}
{{ 'Plugin' | i18n }}: {{ pluginGroup().pluginName }}
@if (pluginGroup().tableAction; as action) {
<button
tuiButton

Some files were not shown because too many files have changed in this diff Show More