npm - @le-space/rootfs - Versions diffs - 0.1.4 → 0.1.6 - Mend

@le-space/rootfs 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/reference/uc-go-peer/rootfs/uc-go-peer-autotls-refresh.py ADDED Viewed

@@ -0,0 +1,144 @@
+#!/usr/bin/env python3
+import os
+import re
+import subprocess
+import time
+from typing import Iterable
+ENV_FILE = os.environ.get("ENV_FILE", "/etc/default/uc-go-peer")
+READY_FILE = os.environ.get("READY_FILE", "/etc/default/uc-go-peer.ready")
+AUTOTLS_READY_FILE = os.environ.get("AUTOTLS_READY_FILE", "/etc/default/uc-go-peer.autotls-ready")
+AUTOTLS_ZONE_FILE = os.environ.get("AUTOTLS_ZONE_FILE", "/etc/default/uc-go-peer.autotls-zone")
+AUTOTLS_HOSTS_FILE = os.environ.get("AUTOTLS_HOSTS_FILE", "/etc/default/uc-go-peer.autotls-hosts")
+SERVICE_NAME = os.environ.get("SERVICE_NAME", "uc-go-peer.service")
+WAIT_TIMEOUT_SECONDS = int(os.environ.get("AUTOTLS_WAIT_TIMEOUT_SECONDS", "900"))
+WAIT_INTERVAL_SECONDS = float(os.environ.get("AUTOTLS_WAIT_INTERVAL_SECONDS", "5"))
+WS_BACKEND_PORT = os.environ.get("WS_BACKEND_PORT", "9097").strip()
+def parse_env_file(path: str) -> dict[str, str]:
+    values: dict[str, str] = {}
+    if not os.path.exists(path):
+        return values
+    with open(path, encoding="utf-8") as handle:
+        for line in handle:
+            stripped = line.strip()
+            if not stripped or stripped.startswith("#") or "=" not in stripped:
+                continue
+            key, value = stripped.split("=", 1)
+            values[key.strip()] = value.strip()
+    return values
+def write_env_var(path: str, key: str, value: str) -> None:
+    lines: list[str] = []
+    replaced = False
+    if os.path.exists(path):
+        with open(path, encoding="utf-8") as handle:
+            lines = handle.readlines()
+    with open(path, "w", encoding="utf-8") as handle:
+        for line in lines:
+            stripped = line.lstrip()
+            if stripped.startswith(f"{key}=") or stripped.startswith(f"#{key}="):
+                handle.write(f"{key}={value}\n")
+                replaced = True
+            else:
+                handle.write(line)
+        if not replaced:
+            handle.write(f"{key}={value}\n")
+def dedupe(sequence: Iterable[str]) -> list[str]:
+    seen: set[str] = set()
+    values: list[str] = []
+    for item in sequence:
+        if item and item not in seen:
+            seen.add(item)
+            values.append(item)
+    return values
+def wait_for_exact_hosts(ws_port: str) -> tuple[str, list[str], list[str]]:
+    deadline = time.monotonic() + WAIT_TIMEOUT_SECONDS
+    regex = re.compile(rf"(/(?:ip4|ip6)/[^ ]+/tcp/{re.escape(ws_port)}/tls/sni/([^/]+)/ws)")
+    zone_regex = re.compile(r'identifier": "\\*\.([^"]+)"')
+    last_error = "AutoTLS websocket hostnames not advertised yet"
+    while time.monotonic() < deadline:
+        result = subprocess.run(
+            ["journalctl", "-u", SERVICE_NAME, "-n", "400", "--no-pager"],
+            capture_output=True,
+            text=True,
+            check=False,
+        )
+        output = result.stdout
+        pairs = regex.findall(output)
+        addrs = dedupe([pair[0] for pair in pairs])
+        hosts = dedupe([pair[1] for pair in pairs])
+        zone_match = zone_regex.search(output)
+        zone = zone_match.group(1) if zone_match else ""
+        if zone and hosts:
+            return zone, hosts, addrs
+        if hosts:
+            return "", hosts, addrs
+        if result.stderr.strip():
+            last_error = result.stderr.strip()
+        time.sleep(WAIT_INTERVAL_SECONDS)
+    raise RuntimeError(last_error)
+def main() -> None:
+    if not os.path.exists(READY_FILE):
+        raise SystemExit(f"missing ready file: {READY_FILE}")
+    env_values = parse_env_file(ENV_FILE)
+    ws_port = env_values.get("GO_PEER_WSS_PORT", "").strip() or WS_BACKEND_PORT
+    if not ws_port:
+        raise RuntimeError("missing GO_PEER_WSS_PORT in environment file")
+    proxy_hostname = env_values.get("PROXY_HOSTNAME", "").strip()
+    zone, exact_hosts, exact_logged_addrs = wait_for_exact_hosts(ws_port)
+    if not exact_hosts:
+        raise RuntimeError("no AutoTLS websocket hostnames found in logs")
+    existing = [entry.strip() for entry in env_values.get("LIBP2P_ANNOUNCE_ADDRS", "").split(",") if entry.strip()]
+    wildcard_filtered = [entry for entry in existing if "/tls/sni/*." not in entry]
+    exact_announces: list[str] = list(exact_logged_addrs)
+    if proxy_hostname:
+        exact_announces.append(f"/dns4/{proxy_hostname}/tcp/443/tls/ws")
+        exact_announces.append(f"/dns6/{proxy_hostname}/tcp/443/tls/ws")
+    merged = dedupe(wildcard_filtered + exact_announces)
+    announce_value = ",".join(merged)
+    write_env_var(ENV_FILE, "LIBP2P_ANNOUNCE_ADDRS", announce_value)
+    if zone:
+        write_env_var(ENV_FILE, "AUTOTLS_SERVING_ZONE", zone)
+    with open(AUTOTLS_HOSTS_FILE, "w", encoding="utf-8") as handle:
+        for host in exact_hosts:
+            handle.write(f"{host}\n")
+    if zone:
+        with open(AUTOTLS_ZONE_FILE, "w", encoding="utf-8") as handle:
+            handle.write(f"{zone}\n")
+    service_restarted = False
+    if env_values.get("LIBP2P_ANNOUNCE_ADDRS", "") != announce_value:
+        subprocess.run(["systemctl", "restart", SERVICE_NAME], check=True)
+        service_restarted = True
+    open(AUTOTLS_READY_FILE, "a", encoding="utf-8").close()
+    print(f"Updated LIBP2P_ANNOUNCE_ADDRS={announce_value}")
+    if service_restarted:
+        print(f"Restarted {SERVICE_NAME} after AutoTLS hostname refresh")
+if __name__ == "__main__":
+    main()

package/reference/uc-go-peer/rootfs/uc-go-peer-autotls-refresh.service ADDED Viewed

@@ -0,0 +1,23 @@
+[Unit]
+Description=Persist AutoTLS secure announce addresses for uc-go-peer
+After=uc-go-peer.service
+Wants=uc-go-peer.service
+ConditionPathExists=/etc/default/uc-go-peer.ready
+ConditionPathExists=!/etc/default/uc-go-peer.autotls-ready
+[Service]
+Type=oneshot
+Environment=ENV_FILE=/etc/default/uc-go-peer
+Environment=READY_FILE=/etc/default/uc-go-peer.ready
+Environment=AUTOTLS_READY_FILE=/etc/default/uc-go-peer.autotls-ready
+Environment=AUTOTLS_ZONE_FILE=/etc/default/uc-go-peer.autotls-zone
+Environment=AUTOTLS_HOSTS_FILE=/etc/default/uc-go-peer.autotls-hosts
+Environment=AUTOTLS_CADDY_READY_FILE=/etc/default/uc-go-peer.caddy-ready
+Environment=SERVICE_NAME=uc-go-peer.service
+Environment=WS_BACKEND_PORT=9097
+ExecStart=/usr/bin/python3 /usr/local/sbin/uc-go-peer-autotls-refresh.py
+StandardOutput=journal
+StandardError=journal
+[Install]
+WantedBy=multi-user.target

package/reference/uc-go-peer/rootfs/uc-go-peer-bootstrap.service ADDED Viewed

@@ -0,0 +1,17 @@
+[Unit]
+Description=Temporary universal-connectivity go-peer setup endpoint
+Wants=network-online.target
+After=network-online.target
+ConditionPathExists=!/etc/default/uc-go-peer.ready
+[Service]
+Environment=ENV_FILE=/etc/default/uc-go-peer
+Environment=READY_FILE=/etc/default/uc-go-peer.ready
+ExecStart=/usr/bin/python3 /usr/local/sbin/uc-go-peer-setup-server.py
+StandardOutput=journal
+StandardError=journal
+Restart=on-failure
+RestartSec=2s
+[Install]
+WantedBy=multi-user.target

package/reference/uc-go-peer/rootfs/uc-go-peer-bootstrap.sh ADDED Viewed

@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+set -euo pipefail
+set -x
+INSTALL_DIR="${INSTALL_DIR:-/opt/go-peer}"
+SERVICE_USER="${SERVICE_USER:-uc-go-peer}"
+DATA_DIR="${DATA_DIR:-/var/lib/uc-go-peer}"
+ENV_FILE="${ENV_FILE:-/etc/default/uc-go-peer}"
+READY_FILE="${READY_FILE:-/etc/default/uc-go-peer.ready}"
+AUTOTLS_READY_FILE="${AUTOTLS_READY_FILE:-/etc/default/uc-go-peer.autotls-ready}"
+AUTOTLS_ZONE_FILE="${AUTOTLS_ZONE_FILE:-/etc/default/uc-go-peer.autotls-zone}"
+AUTOTLS_HOSTS_FILE="${AUTOTLS_HOSTS_FILE:-/etc/default/uc-go-peer.autotls-hosts}"
+AUTOTLS_CADDY_READY_FILE="${AUTOTLS_CADDY_READY_FILE:-/etc/default/uc-go-peer.caddy-ready}"
+APP_BINARY="${APP_BINARY:-/usr/local/bin/universal-chat-go}"
+PHASE="${1:-all}"
+if [ ! -d "${INSTALL_DIR}" ]; then
+  echo "Missing ${INSTALL_DIR}; the rootfs build did not create the relay support directory."
+  exit 1
+fi
+echo "[uc-go-peer-bootstrap] starting"
+echo "[uc-go-peer-bootstrap] support dir: ${INSTALL_DIR}"
+echo "[uc-go-peer-bootstrap] data dir: ${DATA_DIR}"
+echo "[uc-go-peer-bootstrap] env file: ${ENV_FILE}"
+echo "[uc-go-peer-bootstrap] app binary: ${APP_BINARY}"
+run_phase_base() {
+  export DEBIAN_FRONTEND=noninteractive
+  echo "[uc-go-peer-bootstrap] phase=base"
+  echo "[uc-go-peer-bootstrap] running apt-get update"
+  apt-get update
+  echo "[uc-go-peer-bootstrap] installing base packages"
+  apt-get install -y ca-certificates curl caddy
+  rm -rf /var/lib/apt/lists/*
+}
+run_phase_build() {
+  echo "[uc-go-peer-bootstrap] phase=build"
+  if [ ! -x "${APP_BINARY}" ]; then
+    echo "[uc-go-peer-bootstrap] missing application binary: ${APP_BINARY}"
+    exit 1
+  fi
+  echo "[uc-go-peer-bootstrap] application binary already provisioned"
+}
+run_phase_finalize() {
+  echo "[uc-go-peer-bootstrap] phase=finalize"
+  echo "[uc-go-peer-bootstrap] creating runtime directories"
+  mkdir -p "${DATA_DIR}" "$(dirname "${ENV_FILE}")"
+  if ! id "${SERVICE_USER}" >/dev/null 2>&1; then
+    echo "[uc-go-peer-bootstrap] creating service user ${SERVICE_USER}"
+    useradd --system --home "${DATA_DIR}" --create-home --shell /usr/sbin/nologin "${SERVICE_USER}"
+  fi
+  echo "[uc-go-peer-bootstrap] fixing ownership"
+  chown -R "${SERVICE_USER}:${SERVICE_USER}" "${DATA_DIR}" "${INSTALL_DIR}"
+  echo "[uc-go-peer-bootstrap] preparing environment file"
+  touch "${ENV_FILE}"
+  chmod 0640 "${ENV_FILE}"
+  chown "root:${SERVICE_USER}" "${ENV_FILE}"
+  rm -f "${READY_FILE}" "${AUTOTLS_READY_FILE}" "${AUTOTLS_ZONE_FILE}" "${AUTOTLS_HOSTS_FILE}" "${AUTOTLS_CADDY_READY_FILE}"
+  mkdir -p /etc/caddy /etc/systemd/system/caddy.service.d
+  cat > /etc/systemd/system/caddy.service.d/uc-go-peer.conf <<EOF
+[Unit]
+ConditionPathExists=${AUTOTLS_CADDY_READY_FILE}
+EOF
+}
+write_env_var() {
+  local key="$1"
+  local value="$2"
+  if grep -Eq "^[#[:space:]]*${key}=" "${ENV_FILE}"; then
+    sed -i "s|^[#[:space:]]*${key}=.*|${key}=${value}|" "${ENV_FILE}"
+  else
+    printf '%s=%s\n' "${key}" "${value}" >> "${ENV_FILE}"
+  fi
+}
+seed_env() {
+  write_env_var "GO_PEER_DATA_DIR" "${DATA_DIR}"
+  write_env_var "GO_PEER_TCP_PORT" "9095"
+  write_env_var "GO_PEER_WS_PORT" "9096"
+  write_env_var "GO_PEER_WSS_PORT" "9097"
+  write_env_var "GO_PEER_IDENTITY_PATH" "${DATA_DIR}/identity.key"
+  write_env_var "GO_PEER_WS_BACKEND_PORT" "9096"
+  write_env_var "GO_PEER_AUTOTLS_CERT_DIR" "${DATA_DIR}/p2p-forge-certs"
+  write_env_var "LIBP2P_AUTO_PUBLIC_IP" "0"
+}
+case "${PHASE}" in
+  base)
+    run_phase_base
+    ;;
+  build)
+    run_phase_build
+    ;;
+  finalize)
+    run_phase_finalize
+    seed_env
+    ;;
+  all)
+    run_phase_base
+    run_phase_build
+    run_phase_finalize
+    seed_env
+    ;;
+  *)
+    echo "Unknown phase: ${PHASE}" >&2
+    exit 1
+    ;;
+esac
+echo "[uc-go-peer-bootstrap] completed phase ${PHASE}"

package/reference/uc-go-peer/rootfs/uc-go-peer-configure.sh ADDED Viewed

@@ -0,0 +1,204 @@
+#!/usr/bin/env bash
+set -euo pipefail
+ENV_FILE="${ENV_FILE:-/etc/default/uc-go-peer}"
+READY_FILE="${READY_FILE:-/etc/default/uc-go-peer.ready}"
+AUTOTLS_READY_FILE="${AUTOTLS_READY_FILE:-/etc/default/uc-go-peer.autotls-ready}"
+AUTOTLS_ZONE_FILE="${AUTOTLS_ZONE_FILE:-/etc/default/uc-go-peer.autotls-zone}"
+AUTOTLS_HOSTS_FILE="${AUTOTLS_HOSTS_FILE:-/etc/default/uc-go-peer.autotls-hosts}"
+AUTOTLS_CADDY_READY_FILE="${AUTOTLS_CADDY_READY_FILE:-/etc/default/uc-go-peer.caddy-ready}"
+SERVICE_NAME="${SERVICE_NAME:-uc-go-peer.service}"
+AUTOTLS_REFRESH_SERVICE="${AUTOTLS_REFRESH_SERVICE:-uc-go-peer-autotls-refresh.service}"
+CADDY_SERVICE="${CADDY_SERVICE:-caddy.service}"
+CADDYFILE="${CADDYFILE:-/etc/caddy/Caddyfile}"
+BOOTSTRAP_SERVICE="${BOOTSTRAP_SERVICE:-uc-go-peer-bootstrap.service}"
+P2P_FORGE_DOMAIN="${P2P_FORGE_DOMAIN:-libp2p.direct}"
+PUBLIC_IPV4=""
+PUBLIC_IPV6=""
+TCP_PORT="9095"
+WS_PORT="9097"
+WS_BACKEND_PORT="9096"
+PROXY_HOSTNAME=""
+UDP_PORT=""
+START_SERVICE=1
+usage() {
+  cat <<'EOF'
+Usage:
+  uc-go-peer-configure.sh \
+    --public-ipv4 <ip> \
+    [--public-ipv6 <ipv6>] \
+    [--proxy-hostname <hostname>] \
+    [--tcp-port <host-port>] \
+    [--ws-port <host-port>] \
+    [--udp-port <host-port>] \
+    [--quic-port <host-port>] \
+    [--webtransport-port <host-port>] \
+    [--webrtc-port <host-port>] \
+    [--no-start]
+EOF
+}
+write_env_var() {
+  local key="$1"
+  local value="$2"
+  if grep -Eq "^[#[:space:]]*${key}=" "${ENV_FILE}"; then
+    sed -i "s|^[#[:space:]]*${key}=.*|${key}=${value}|" "${ENV_FILE}"
+  else
+    printf '%s=%s\n' "${key}" "${value}" >> "${ENV_FILE}"
+  fi
+}
+render_proxy_caddyfile() {
+  local proxy_hostname="$1"
+  cat <<EOF
+{
+    auto_https disable_redirects
+}
+https://${proxy_hostname} {
+    tls {
+        issuer acme {
+            disable_http_challenge
+        }
+    }
+    reverse_proxy http://127.0.0.1:${WS_BACKEND_PORT}
+}
+EOF
+}
+while [ "$#" -gt 0 ]; do
+  case "$1" in
+    --public-ipv4)
+      PUBLIC_IPV4="${2:-}"
+      shift 2
+      ;;
+    --public-ipv6)
+      PUBLIC_IPV6="${2:-}"
+      shift 2
+      ;;
+    --tcp-port)
+      TCP_PORT="${2:-}"
+      shift 2
+      ;;
+    --ws-port)
+      WS_PORT="${2:-}"
+      shift 2
+      ;;
+    --udp-port)
+      UDP_PORT="${2:-}"
+      shift 2
+      ;;
+    --proxy-hostname)
+      PROXY_HOSTNAME="${2:-}"
+      shift 2
+      ;;
+    --quic-port)
+      UDP_PORT="${2:-}"
+      shift 2
+      ;;
+    --webtransport-port)
+      UDP_PORT="${2:-}"
+      shift 2
+      ;;
+    --webrtc-port)
+      UDP_PORT="${2:-}"
+      shift 2
+      ;;
+    --no-start)
+      START_SERVICE=0
+      shift
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "Unknown argument: $1" >&2
+      usage >&2
+      exit 1
+      ;;
+  esac
+done
+if [ -z "${PUBLIC_IPV4}" ]; then
+  usage >&2
+  exit 1
+fi
+touch "${ENV_FILE}"
+rm -f "${AUTOTLS_READY_FILE}" "${AUTOTLS_ZONE_FILE}" "${AUTOTLS_HOSTS_FILE}" "${AUTOTLS_CADDY_READY_FILE}"
+announce=(
+  "/ip4/${PUBLIC_IPV4}/tcp/${TCP_PORT}"
+)
+if [ -n "${WS_PORT}" ]; then
+  announce+=("/ip4/${PUBLIC_IPV4}/tcp/${WS_PORT}/tls/sni/*.${P2P_FORGE_DOMAIN}/ws")
+fi
+if [ -n "${UDP_PORT}" ]; then
+  announce+=(
+    "/ip4/${PUBLIC_IPV4}/udp/${UDP_PORT}/quic-v1"
+    "/ip4/${PUBLIC_IPV4}/udp/${UDP_PORT}/quic-v1/webtransport"
+    "/ip4/${PUBLIC_IPV4}/udp/${UDP_PORT}/webrtc-direct"
+  )
+fi
+if [ -n "${PUBLIC_IPV6}" ]; then
+  announce+=("/ip6/${PUBLIC_IPV6}/tcp/${TCP_PORT}")
+  if [ -n "${WS_PORT}" ]; then
+    announce+=("/ip6/${PUBLIC_IPV6}/tcp/${WS_PORT}/tls/sni/*.${P2P_FORGE_DOMAIN}/ws")
+  fi
+  if [ -n "${UDP_PORT}" ]; then
+    announce+=(
+      "/ip6/${PUBLIC_IPV6}/udp/${UDP_PORT}/quic-v1"
+      "/ip6/${PUBLIC_IPV6}/udp/${UDP_PORT}/quic-v1/webtransport"
+      "/ip6/${PUBLIC_IPV6}/udp/${UDP_PORT}/webrtc-direct"
+    )
+  fi
+fi
+announce_value="$(IFS=,; printf '%s' "${announce[*]}")"
+write_env_var "PUBLIC_IPV4" "${PUBLIC_IPV4}"
+if [ -n "${PUBLIC_IPV6}" ]; then
+  write_env_var "PUBLIC_IPV6" "${PUBLIC_IPV6}"
+fi
+write_env_var "EXTERNAL_RELAY_TCP_PORT" "${TCP_PORT}"
+write_env_var "EXTERNAL_RELAY_WS_PORT" "${WS_PORT}"
+write_env_var "GO_PEER_WSS_PORT" "${GO_PEER_WSS_PORT:-9097}"
+if [ -n "${PROXY_HOSTNAME}" ]; then
+  write_env_var "PROXY_HOSTNAME" "${PROXY_HOSTNAME}"
+  mkdir -p "$(dirname "${CADDYFILE}")"
+  render_proxy_caddyfile "${PROXY_HOSTNAME}" > "${CADDYFILE}"
+  touch "${AUTOTLS_CADDY_READY_FILE}"
+else
+  write_env_var "PROXY_HOSTNAME" ""
+  rm -f "${AUTOTLS_CADDY_READY_FILE}"
+fi
+if [ -n "${UDP_PORT}" ]; then
+  write_env_var "EXTERNAL_RELAY_UDP_PORT" "${UDP_PORT}"
+  write_env_var "EXTERNAL_RELAY_QUIC_PORT" "${UDP_PORT}"
+  write_env_var "EXTERNAL_RELAY_WEBTRANSPORT_PORT" "${UDP_PORT}"
+  write_env_var "EXTERNAL_RELAY_WEBRTC_PORT" "${UDP_PORT}"
+fi
+write_env_var "LIBP2P_ANNOUNCE_ADDRS" "${announce_value}"
+touch "${READY_FILE}"
+if [ "${START_SERVICE}" -eq 1 ]; then
+  systemctl daemon-reload
+  systemctl enable "${SERVICE_NAME}"
+  systemctl restart "${SERVICE_NAME}"
+  systemctl enable "${AUTOTLS_REFRESH_SERVICE}"
+  if [ -n "${PROXY_HOSTNAME}" ]; then
+    systemctl enable "${CADDY_SERVICE}"
+    systemctl restart "${CADDY_SERVICE}"
+  else
+    systemctl stop "${CADDY_SERVICE}" || true
+  fi
+  systemctl restart --no-block "${AUTOTLS_REFRESH_SERVICE}"
+fi
+printf 'Configured LIBP2P_ANNOUNCE_ADDRS=%s\n' "${announce_value}"
+printf 'Ready file: %s\n' "${READY_FILE}"