Compare commits

...

8 Commits

Author SHA1 Message Date
Brian Picciano
644d2bab23 Rename to domani 2023-06-25 13:35:59 +02:00
Brian Picciano
fcab32e0f7 Refactor TaskStack some more, allow for deferred syncronous tasks 2023-06-21 17:16:49 +02:00
Brian Picciano
d0f601a9f7 Make TaskStack cancel each task individually, not all at once 2023-06-21 14:29:47 +02:00
Brian Picciano
5e89d21ce3 Fix formatting in domain manager 2023-06-21 14:05:28 +02:00
Brian Picciano
505015a4bd Removed usage of sync::Arc where possible 2023-06-21 14:02:42 +02:00
Brian Picciano
289a185d42 Make domain manager do cert resolving for tls 2023-06-21 13:47:04 +02:00
Brian Picciano
51cb6aadce use Box for origin::Store 2023-06-21 13:24:00 +02:00
Brian Picciano
7dd52839b1 Use TaskStack to clean up startup/shutdown logic significantly 2023-06-21 13:15:42 +02:00
22 changed files with 263 additions and 269 deletions

View File

@ -1,6 +1,6 @@
export DOMIPLY_HTTP_DOMAIN=localhost export DOMANI_HTTP_DOMAIN=localhost
export DOMIPLY_PASSPHRASE=foobar export DOMANI_PASSPHRASE=foobar
export DOMIPLY_ORIGIN_STORE_GIT_DIR_PATH=/tmp/domiply_dev_env/origin/git export DOMANI_ORIGIN_STORE_GIT_DIR_PATH=/tmp/domani_dev_env/origin/git
export DOMIPLY_DOMAIN_CHECKER_TARGET_A=127.0.0.1 export DOMANI_DOMAIN_CHECKER_TARGET_A=127.0.0.1
export DOMIPLY_DOMAIN_CONFIG_STORE_DIR_PATH=/tmp/domiply_dev_env/domain/config export DOMANI_DOMAIN_CONFIG_STORE_DIR_PATH=/tmp/domani_dev_env/domain/config
export DOMIPLY_DOMAIN_ACME_STORE_DIR_PATH=/tmp/domiply_dev_env/domain/acme export DOMANI_DOMAIN_ACME_STORE_DIR_PATH=/tmp/domani_dev_env/domain/acme

2
Cargo.lock generated
View File

@ -444,7 +444,7 @@ dependencies = [
] ]
[[package]] [[package]]
name = "domiply" name = "domani"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"acme2", "acme2",

View File

@ -1,5 +1,5 @@
[package] [package]
name = "domiply" name = "domani"
version = "0.1.0" version = "0.1.0"
edition = "2021" edition = "2021"

View File

@ -1,15 +1,15 @@
# Domiply # Domani
Domiply is a self-hosted rust service which connects a DNS hostname to a data Domani is a self-hosted rust service which connects a DNS hostname to a data
backend (e.g. a git repository), all with no account needed. The user only backend (e.g. a git repository), all with no account needed. The user only
inputs their domain name, their desired backend, and then adds two entries to inputs their domain name, their desired backend, and then adds two entries to
their DNS server. their DNS server.
[Demo which may or may not be live](https://domiply.mediocregopher.com) [Demo which may or may not be live](https://domani.mediocregopher.com)
## Build ## Build
Domiply uses nix flakes for building and setting up the development environment. Domani uses nix flakes for building and setting up the development environment.
In order to create a release binary: In order to create a release binary:
@ -21,38 +21,38 @@ A statically compiled binary will be placed in the `result` directory.
## Configuration ## Configuration
Domiply is configured via command-line arguments or environment variables: Domani is configured via command-line arguments or environment variables:
``` ```
--http-domain <HTTP_DOMAIN> --http-domain <HTTP_DOMAIN>
[env: DOMIPLY_HTTP_DOMAIN=] [env: DOMANI_HTTP_DOMAIN=]
--http-listen-addr <HTTP_LISTEN_ADDR> --http-listen-addr <HTTP_LISTEN_ADDR>
[env: DOMIPLY_HTTP_LISTEN_ADDR=] [default: [::]:3030] [env: DOMANI_HTTP_LISTEN_ADDR=] [default: [::]:3030]
--https-listen-addr <HTTPS_LISTEN_ADDR> --https-listen-addr <HTTPS_LISTEN_ADDR>
E.g. '[::]:443', if given then SSL certs will automatically be retrieved for all domains using LetsEncrypt [env: DOMIPLY_HTTPS_LISTEN_ADDR=] E.g. '[::]:443', if given then SSL certs will automatically be retrieved for all domains using LetsEncrypt [env: DOMANI_HTTPS_LISTEN_ADDR=]
--passphrase <PASSPHRASE> --passphrase <PASSPHRASE>
[env: DOMIPLY_PASSPHRASE=] [env: DOMANI_PASSPHRASE=]
--origin-store-git-dir-path <ORIGIN_STORE_GIT_DIR_PATH> --origin-store-git-dir-path <ORIGIN_STORE_GIT_DIR_PATH>
[env: DOMIPLY_ORIGIN_STORE_GIT_DIR_PATH=] [env: DOMANI_ORIGIN_STORE_GIT_DIR_PATH=]
--domain-checker-target-a <DOMAIN_CHECKER_TARGET_A> --domain-checker-target-a <DOMAIN_CHECKER_TARGET_A>
[env: DOMIPLY_DOMAIN_CHECKER_TARGET_A=] [env: DOMANI_DOMAIN_CHECKER_TARGET_A=]
--domain-checker-resolver-addr <DOMAIN_CHECKER_RESOLVER_ADDR> --domain-checker-resolver-addr <DOMAIN_CHECKER_RESOLVER_ADDR>
[env: DOMIPLY_DOMAIN_CHECKER_RESOLVER_ADDR=] [default: 1.1.1.1:53] [env: DOMANI_DOMAIN_CHECKER_RESOLVER_ADDR=] [default: 1.1.1.1:53]
--domain-config-store-dir-path <DOMAIN_CONFIG_STORE_DIR_PATH> --domain-config-store-dir-path <DOMAIN_CONFIG_STORE_DIR_PATH>
[env: DOMIPLY_DOMAIN_CONFIG_STORE_DIR_PATH=] [env: DOMANI_DOMAIN_CONFIG_STORE_DIR_PATH=]
--domain-acme-store-dir-path <DOMAIN_ACME_STORE_DIR_PATH> --domain-acme-store-dir-path <DOMAIN_ACME_STORE_DIR_PATH>
[env: DOMIPLY_DOMAIN_ACME_STORE_DIR_PATH=] [env: DOMANI_DOMAIN_ACME_STORE_DIR_PATH=]
--domain-acme-contact-email <DOMAIN_ACME_CONTACT_EMAIL> --domain-acme-contact-email <DOMAIN_ACME_CONTACT_EMAIL>
[env: DOMIPLY_DOMAIN_ACME_CONTACT_EMAIL=] [env: DOMANI_DOMAIN_ACME_CONTACT_EMAIL=]
-h, --help -h, --help
Print help Print help
@ -63,8 +63,8 @@ Domiply is configured via command-line arguments or environment variables:
### HTTPS Support ### HTTPS Support
Domiply will automatically handle setting up HTTPS via LetsEncrypt for both the Domani will automatically handle setting up HTTPS via LetsEncrypt for both the
domiply frontend site and all domains which it has been configured to serve. domani frontend site and all domains which it has been configured to serve.
By default HTTPS is not enabled, but can be easily enabled by setting the By default HTTPS is not enabled, but can be easily enabled by setting the
following arguments: following arguments:
@ -81,7 +81,7 @@ secured as best as possible.
## Development ## Development
Domiply uses nix flakes for building and setting up the development environment. Domani uses nix flakes for building and setting up the development environment.
In order to open a shell with all necessary tooling (expected rust toolchain In order to open a shell with all necessary tooling (expected rust toolchain
versions, etc...) simply do: versions, etc...) simply do:

3
TODO
View File

@ -1,3 +0,0 @@
- make domain_manager implement rusttls cert resolver
- Try to switch from Arc to Box where possible
- maybe build TaskSet into some kind of defer-like replacement

View File

@ -1,5 +1,4 @@
pub mod manager; pub mod manager;
pub mod resolver;
pub mod store; pub mod store;
mod private_key; mod private_key;

View File

@ -1,11 +1,13 @@
use std::{future, pin, sync, time}; use std::{future, pin, sync, time};
use crate::domain::acme::{Certificate, PrivateKey};
use crate::domain::{self, acme}; use crate::domain::{self, acme};
use crate::error::unexpected::{self, Intoable, Mappable}; use crate::error::unexpected::{self, Intoable, Mappable};
const LETS_ENCRYPT_URL: &str = "https://acme-v02.api.letsencrypt.org/directory"; const LETS_ENCRYPT_URL: &str = "https://acme-v02.api.letsencrypt.org/directory";
pub type GetHttp01ChallengeKeyError = acme::store::GetHttp01ChallengeKeyError; pub type GetHttp01ChallengeKeyError = acme::store::GetHttp01ChallengeKeyError;
pub type GetCertificateError = acme::store::GetCertificateError;
#[mockall::automock] #[mockall::automock]
pub trait Manager: Sync + Send { pub trait Manager: Sync + Send {
@ -14,17 +16,23 @@ pub trait Manager: Sync + Send {
domain: domain::Name, domain: domain::Name,
) -> pin::Pin<Box<dyn future::Future<Output = Result<(), unexpected::Error>> + Send + 'mgr>>; ) -> pin::Pin<Box<dyn future::Future<Output = Result<(), unexpected::Error>> + Send + 'mgr>>;
fn get_http01_challenge_key(&self, token: &str) -> Result<String, GetHttp01ChallengeKeyError>; fn get_http01_challenge_key(&self, token: &str) -> Result<String, GetHttp01ChallengeKeyError>;
/// Returned vec is guaranteed to have len > 0
fn get_certificate(
&self,
domain: &str,
) -> Result<(PrivateKey, Vec<Certificate>), GetCertificateError>;
} }
struct ManagerImpl { struct ManagerImpl {
store: sync::Arc<dyn acme::store::Store>, store: Box<dyn acme::store::Store>,
account: sync::Arc<acme2::Account>, account: sync::Arc<acme2::Account>,
} }
pub async fn new( pub async fn new(
store: sync::Arc<dyn acme::store::Store>, store: Box<dyn acme::store::Store>,
contact_email: &str, contact_email: &str,
) -> Result<sync::Arc<dyn Manager>, unexpected::Error> { ) -> Result<Box<dyn Manager>, unexpected::Error> {
let dir = acme2::DirectoryBuilder::new(LETS_ENCRYPT_URL.to_string()) let dir = acme2::DirectoryBuilder::new(LETS_ENCRYPT_URL.to_string())
.build() .build()
.await .await
@ -53,6 +61,7 @@ pub async fn new(
.build() .build()
.await .await
.or_unexpected_while("building account")?; .or_unexpected_while("building account")?;
let account_key: acme::PrivateKey = account let account_key: acme::PrivateKey = account
.private_key() .private_key()
.as_ref() .as_ref()
@ -63,7 +72,7 @@ pub async fn new(
.set_account_key(&account_key) .set_account_key(&account_key)
.or_unexpected_while("storing account key")?; .or_unexpected_while("storing account key")?;
Ok(sync::Arc::new(ManagerImpl { store, account })) Ok(Box::new(ManagerImpl { store, account }))
} }
impl Manager for ManagerImpl { impl Manager for ManagerImpl {
@ -282,4 +291,12 @@ impl Manager for ManagerImpl {
fn get_http01_challenge_key(&self, token: &str) -> Result<String, GetHttp01ChallengeKeyError> { fn get_http01_challenge_key(&self, token: &str) -> Result<String, GetHttp01ChallengeKeyError> {
self.store.get_http01_challenge_key(token) self.store.get_http01_challenge_key(token)
} }
/// Returned vec is guaranteed to have len > 0
fn get_certificate(
&self,
domain: &str,
) -> Result<(PrivateKey, Vec<Certificate>), GetCertificateError> {
self.store.get_certificate(domain)
}
} }

View File

@ -1,44 +0,0 @@
use crate::domain::acme::store;
use crate::error::unexpected::Mappable;
use std::sync;
struct CertResolver(sync::Arc<dyn store::Store>);
pub fn new(
store: sync::Arc<dyn store::Store>,
) -> sync::Arc<dyn rustls::server::ResolvesServerCert> {
return sync::Arc::new(CertResolver(store));
}
impl rustls::server::ResolvesServerCert for CertResolver {
fn resolve(
&self,
client_hello: rustls::server::ClientHello<'_>,
) -> Option<sync::Arc<rustls::sign::CertifiedKey>> {
let domain = client_hello.server_name()?;
match self.0.get_certificate(domain) {
Err(store::GetCertificateError::NotFound) => {
log::warn!("No cert found for domain {domain}");
Ok(None)
}
Err(store::GetCertificateError::Unexpected(err)) => Err(err),
Ok((key, cert)) => {
match rustls::sign::any_supported_type(&key.into()).or_unexpected() {
Err(err) => Err(err),
Ok(key) => Ok(Some(sync::Arc::new(rustls::sign::CertifiedKey {
cert: cert.into_iter().map(|cert| cert.into()).collect(),
key,
ocsp: None,
sct_list: None,
}))),
}
}
}
.unwrap_or_else(|err| {
log::error!("Unexpected error getting cert for domain {domain}: {err}");
None
})
}
}

View File

@ -1,6 +1,6 @@
use std::io::{Read, Write}; use std::io::{Read, Write};
use std::str::FromStr; use std::str::FromStr;
use std::{fs, path, sync}; use std::{fs, path};
use crate::domain::acme::{Certificate, PrivateKey}; use crate::domain::acme::{Certificate, PrivateKey};
use crate::error::unexpected::{self, Mappable}; use crate::error::unexpected::{self, Mappable};
@ -70,7 +70,7 @@ struct FSStore {
dir_path: path::PathBuf, dir_path: path::PathBuf,
} }
pub fn new(dir_path: &path::Path) -> Result<sync::Arc<dyn Store>, unexpected::Error> { pub fn new(dir_path: &path::Path) -> Result<Box<dyn Store>, unexpected::Error> {
vec![ vec![
dir_path, dir_path,
dir_path.join("http01_challenge_keys").as_ref(), dir_path.join("http01_challenge_keys").as_ref(),
@ -82,7 +82,7 @@ pub fn new(dir_path: &path::Path) -> Result<sync::Arc<dyn Store>, unexpected::Er
}) })
.try_collect()?; .try_collect()?;
Ok(sync::Arc::new(FSStore { Ok(Box::new(FSStore {
dir_path: dir_path.into(), dir_path: dir_path.into(),
})) }))
} }

View File

@ -90,7 +90,7 @@ impl DNSChecker {
// check that the TXT record with the challenge token is correctly installed on the domain // check that the TXT record with the challenge token is correctly installed on the domain
{ {
let domain = Name::from_str("_domiply_challenge") let domain = Name::from_str("_domani_challenge")
.or_unexpected_while("parsing TXT name")? .or_unexpected_while("parsing TXT name")?
.append_domain(domain) .append_domain(domain)
.or_unexpected_while("appending domain to TXT")?; .or_unexpected_while("appending domain to TXT")?;

View File

@ -1,6 +1,6 @@
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::str::FromStr; use std::str::FromStr;
use std::{fs, io, sync}; use std::{fs, io};
use crate::error::unexpected::{self, Intoable, Mappable}; use crate::error::unexpected::{self, Intoable, Mappable};
use crate::{domain, origin}; use crate::{domain, origin};
@ -49,9 +49,9 @@ struct FSStore {
dir_path: PathBuf, dir_path: PathBuf,
} }
pub fn new(dir_path: &Path) -> io::Result<sync::Arc<dyn Store>> { pub fn new(dir_path: &Path) -> io::Result<Box<dyn Store>> {
fs::create_dir_all(dir_path)?; fs::create_dir_all(dir_path)?;
Ok(sync::Arc::new(FSStore { Ok(Box::new(FSStore {
dir_path: dir_path.into(), dir_path: dir_path.into(),
})) }))
} }

View File

@ -1,6 +1,7 @@
use crate::domain::{self, acme, checker, config}; use crate::domain::{self, acme, checker, config};
use crate::error::unexpected::{self, Mappable}; use crate::error::unexpected::{self, Mappable};
use crate::origin; use crate::origin;
use crate::util;
use std::{future, pin, sync}; use std::{future, pin, sync};
use tokio_util::sync::CancellationToken; use tokio_util::sync::CancellationToken;
@ -116,8 +117,8 @@ impl From<config::SetError> for SyncWithConfigError {
pub type GetAcmeHttp01ChallengeKeyError = acme::manager::GetHttp01ChallengeKeyError; pub type GetAcmeHttp01ChallengeKeyError = acme::manager::GetHttp01ChallengeKeyError;
#[mockall::automock] //#[mockall::automock]
pub trait Manager: Sync + Send { pub trait Manager: Sync + Send + rustls::server::ResolvesServerCert {
fn get_config(&self, domain: &domain::Name) -> Result<config::Config, GetConfigError>; fn get_config(&self, domain: &domain::Name) -> Result<config::Config, GetConfigError>;
fn get_origin( fn get_origin(
@ -144,17 +145,18 @@ pub trait Manager: Sync + Send {
fn all_domains(&self) -> Result<Vec<domain::Name>, unexpected::Error>; fn all_domains(&self) -> Result<Vec<domain::Name>, unexpected::Error>;
} }
pub struct ManagerImpl { struct ManagerImpl {
origin_store: sync::Arc<dyn origin::store::Store>, origin_store: Box<dyn origin::store::Store>,
domain_config_store: sync::Arc<dyn config::Store>, domain_config_store: Box<dyn config::Store>,
domain_checker: checker::DNSChecker, domain_checker: checker::DNSChecker,
acme_manager: Option<sync::Arc<dyn acme::manager::Manager>>, acme_manager: Option<Box<dyn acme::manager::Manager>>,
canceller: CancellationToken,
origin_sync_handler: tokio::task::JoinHandle<()>,
} }
fn sync_origins(origin_store: &dyn origin::store::Store) { async fn sync_origins(origin_store: &dyn origin::store::Store, canceller: CancellationToken) {
let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(20 * 60));
loop {
tokio::select! {
_ = interval.tick() => {
match origin_store.all_descrs() { match origin_store.all_descrs() {
Ok(iter) => iter.into_iter(), Ok(iter) => iter.into_iter(),
Err(err) => { Err(err) => {
@ -168,46 +170,32 @@ fn sync_origins(origin_store: &dyn origin::store::Store) {
return; return;
} }
}); });
} },
pub fn new(
origin_store: sync::Arc<dyn origin::store::Store>,
domain_config_store: sync::Arc<dyn config::Store>,
domain_checker: checker::DNSChecker,
acme_manager: Option<sync::Arc<dyn acme::manager::Manager>>,
) -> ManagerImpl {
let canceller = CancellationToken::new();
let origin_sync_handler = {
let origin_store = origin_store.clone();
let canceller = canceller.clone();
tokio::spawn(async move {
let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(20 * 60));
loop {
tokio::select! {
_ = interval.tick() => sync_origins(origin_store.as_ref()),
_ = canceller.cancelled() => return, _ = canceller.cancelled() => return,
} }
} }
}) }
};
ManagerImpl { pub fn new(
task_stack: &mut util::TaskStack<unexpected::Error>,
origin_store: Box<dyn origin::store::Store>,
domain_config_store: Box<dyn config::Store>,
domain_checker: checker::DNSChecker,
acme_manager: Option<Box<dyn acme::manager::Manager>>,
) -> sync::Arc<dyn Manager> {
let manager = sync::Arc::new(ManagerImpl {
origin_store, origin_store,
domain_config_store, domain_config_store,
domain_checker, domain_checker,
acme_manager, acme_manager,
canceller, });
origin_sync_handler,
}
}
impl ManagerImpl { task_stack.push_spawn(|canceller| {
pub fn stop(self) -> tokio::task::JoinHandle<()> { let manager = manager.clone();
self.canceller.cancel(); async move { Ok(sync_origins(manager.origin_store.as_ref(), canceller).await) }
self.origin_sync_handler });
}
manager
} }
impl Manager for ManagerImpl { impl Manager for ManagerImpl {
@ -283,3 +271,35 @@ impl Manager for ManagerImpl {
self.domain_config_store.all_domains() self.domain_config_store.all_domains()
} }
} }
impl rustls::server::ResolvesServerCert for ManagerImpl {
fn resolve(
&self,
client_hello: rustls::server::ClientHello<'_>,
) -> Option<sync::Arc<rustls::sign::CertifiedKey>> {
let domain = client_hello.server_name()?;
match self.acme_manager.as_ref()?.get_certificate(domain) {
Err(acme::manager::GetCertificateError::NotFound) => {
log::warn!("No cert found for domain {domain}");
Ok(None)
}
Err(acme::manager::GetCertificateError::Unexpected(err)) => Err(err),
Ok((key, cert)) => {
match rustls::sign::any_supported_type(&key.into()).or_unexpected() {
Err(err) => Err(err),
Ok(key) => Ok(Some(sync::Arc::new(rustls::sign::CertifiedKey {
cert: cert.into_iter().map(|cert| cert.into()).collect(),
key,
ocsp: None,
sct_list: None,
}))),
}
}
}
.unwrap_or_else(|err| {
log::error!("Unexpected error getting cert for domain {domain}: {err}");
None
})
}
}

View File

@ -103,6 +103,28 @@ impl<T, E: error::Error> Mappable<T> for Result<T, E> {
} }
} }
static OPTION_NONE_ERROR: &'static str = "expected Some but got None";
impl<T> Mappable<T> for Option<T> {
fn or_unexpected(self) -> Result<T, Error> {
self.ok_or(Error::from(OPTION_NONE_ERROR)).or_unexpected()
}
fn or_unexpected_while<D: fmt::Display>(self, prefix: D) -> Result<T, Error> {
self.ok_or(Error::from(OPTION_NONE_ERROR))
.or_unexpected_while(prefix)
}
fn map_unexpected_while<F, D>(self, f: F) -> Result<T, Error>
where
F: FnOnce() -> D,
D: fmt::Display,
{
self.ok_or(Error::from(OPTION_NONE_ERROR))
.map_unexpected_while(f)
}
}
pub trait Intoable { pub trait Intoable {
fn into_unexpected(self) -> Error; fn into_unexpected(self) -> Error;

View File

@ -1,70 +1,65 @@
#![feature(trait_upcasting)]
use clap::Parser; use clap::Parser;
use futures::stream::StreamExt; use futures::stream::StreamExt;
use signal_hook_tokio::Signals; use signal_hook_tokio::Signals;
use std::net::SocketAddr; use std::net::SocketAddr;
use std::path;
use std::str::FromStr; use std::str::FromStr;
use std::{path, sync};
#[derive(Parser, Debug)] #[derive(Parser, Debug)]
#[command(version)] #[command(version)]
#[command(about = "A domiply to another dimension")] #[command(about = "A domani to another dimension")]
struct Cli { struct Cli {
#[arg( #[arg(
long, long,
help = "OFF, ERROR, WARN, INFO, DEBUG, or TRACE", help = "OFF, ERROR, WARN, INFO, DEBUG, or TRACE",
default_value_t = log::LevelFilter::Info, default_value_t = log::LevelFilter::Info,
env = "DOMIPLY_LOG_LEVEL" env = "DOMANI_LOG_LEVEL"
)] )]
log_level: log::LevelFilter, log_level: log::LevelFilter,
#[arg(long, default_value_t = false, env = "DOMIPLY_LOG_TIMESTAMP")] #[arg(long, default_value_t = false, env = "DOMANI_LOG_TIMESTAMP")]
log_timestamp: bool, log_timestamp: bool,
#[arg(long, required = true, env = "DOMIPLY_HTTP_DOMAIN")] #[arg(long, required = true, env = "DOMANI_HTTP_DOMAIN")]
http_domain: domiply::domain::Name, http_domain: domani::domain::Name,
#[arg(long, default_value_t = SocketAddr::from_str("[::]:3030").unwrap(), env = "DOMIPLY_HTTP_LISTEN_ADDR")] #[arg(long, default_value_t = SocketAddr::from_str("[::]:3030").unwrap(), env = "DOMANI_HTTP_LISTEN_ADDR")]
http_listen_addr: SocketAddr, http_listen_addr: SocketAddr,
#[arg( #[arg(
long, long,
help = "E.g. '[::]:443', if given then SSL certs will automatically be retrieved for all domains using LetsEncrypt", help = "E.g. '[::]:443', if given then SSL certs will automatically be retrieved for all domains using LetsEncrypt",
env = "DOMIPLY_HTTPS_LISTEN_ADDR", env = "DOMANI_HTTPS_LISTEN_ADDR",
requires = "domain_acme_contact_email", requires = "domain_acme_contact_email",
requires = "domain_acme_store_dir_path" requires = "domain_acme_store_dir_path"
)] )]
https_listen_addr: Option<SocketAddr>, https_listen_addr: Option<SocketAddr>,
#[arg(long, required = true, env = "DOMIPLY_PASSPHRASE")] #[arg(long, required = true, env = "DOMANI_PASSPHRASE")]
passphrase: String, passphrase: String,
#[arg(long, required = true, env = "DOMIPLY_ORIGIN_STORE_GIT_DIR_PATH")] #[arg(long, required = true, env = "DOMANI_ORIGIN_STORE_GIT_DIR_PATH")]
origin_store_git_dir_path: path::PathBuf, origin_store_git_dir_path: path::PathBuf,
#[arg(long, required = true, env = "DOMIPLY_DOMAIN_CHECKER_TARGET_A")] #[arg(long, required = true, env = "DOMANI_DOMAIN_CHECKER_TARGET_A")]
domain_checker_target_a: std::net::Ipv4Addr, domain_checker_target_a: std::net::Ipv4Addr,
#[arg(long, default_value_t = String::from("1.1.1.1:53"), env = "DOMIPLY_DOMAIN_CHECKER_RESOLVER_ADDR")] #[arg(long, default_value_t = String::from("1.1.1.1:53"), env = "DOMANI_DOMAIN_CHECKER_RESOLVER_ADDR")]
domain_checker_resolver_addr: String, domain_checker_resolver_addr: String,
#[arg(long, required = true, env = "DOMIPLY_DOMAIN_CONFIG_STORE_DIR_PATH")] #[arg(long, required = true, env = "DOMANI_DOMAIN_CONFIG_STORE_DIR_PATH")]
domain_config_store_dir_path: path::PathBuf, domain_config_store_dir_path: path::PathBuf,
#[arg(long, env = "DOMIPLY_DOMAIN_ACME_STORE_DIR_PATH")] #[arg(long, env = "DOMANI_DOMAIN_ACME_STORE_DIR_PATH")]
domain_acme_store_dir_path: Option<path::PathBuf>, domain_acme_store_dir_path: Option<path::PathBuf>,
#[arg(long, env = "DOMIPLY_DOMAIN_ACME_CONTACT_EMAIL")] #[arg(long, env = "DOMANI_DOMAIN_ACME_CONTACT_EMAIL")]
domain_acme_contact_email: Option<String>, domain_acme_contact_email: Option<String>,
} }
#[derive(Clone)]
struct HTTPSParams {
https_listen_addr: SocketAddr,
domain_acme_store: sync::Arc<dyn domiply::domain::acme::store::Store>,
domain_acme_manager: sync::Arc<dyn domiply::domain::acme::manager::Manager>,
}
#[tokio::main] #[tokio::main]
async fn main() { async fn main() {
let config = Cli::parse(); let config = Cli::parse();
@ -78,98 +73,81 @@ async fn main() {
) )
.init(); .init();
let canceller = tokio_util::sync::CancellationToken::new(); let origin_store = domani::origin::store::git::new(config.origin_store_git_dir_path)
{
let canceller = canceller.clone();
tokio::spawn(async move {
let mut signals = Signals::new(signal_hook::consts::TERM_SIGNALS)
.expect("initializing signals failed");
if (signals.next().await).is_some() {
log::info!("Gracefully shutting down...");
canceller.cancel();
}
if (signals.next().await).is_some() {
log::warn!("Forcefully shutting down");
std::process::exit(1);
};
});
}
let origin_store = domiply::origin::store::git::new(config.origin_store_git_dir_path)
.expect("git origin store initialization failed"); .expect("git origin store initialization failed");
let domain_checker = domiply::domain::checker::new( let domain_checker = domani::domain::checker::new(
config.domain_checker_target_a, config.domain_checker_target_a,
&config.domain_checker_resolver_addr, &config.domain_checker_resolver_addr,
) )
.await .await
.expect("domain checker initialization failed"); .expect("domain checker initialization failed");
let domain_config_store = domiply::domain::config::new(&config.domain_config_store_dir_path) let domain_config_store = domani::domain::config::new(&config.domain_config_store_dir_path)
.expect("domain config store initialization failed"); .expect("domain config store initialization failed");
let https_params = if let Some(https_listen_addr) = config.https_listen_addr { let domain_acme_manager = if config.https_listen_addr.is_some() {
let domain_acme_store_dir_path = config.domain_acme_store_dir_path.unwrap(); let domain_acme_store_dir_path = config.domain_acme_store_dir_path.unwrap();
let domain_acme_store = domiply::domain::acme::store::new(&domain_acme_store_dir_path) let domain_acme_store = domani::domain::acme::store::new(&domain_acme_store_dir_path)
.expect("domain acme store initialization failed"); .expect("domain acme store initialization failed");
// if https_listen_addr is set then domain_acme_contact_email is required, see the Cli/clap // if https_listen_addr is set then domain_acme_contact_email is required, see the Cli/clap
// settings. // settings.
let domain_acme_contact_email = config.domain_acme_contact_email.unwrap(); let domain_acme_contact_email = config.domain_acme_contact_email.unwrap();
let domain_acme_manager = domiply::domain::acme::manager::new( Some(
domain_acme_store.clone(), domani::domain::acme::manager::new(domain_acme_store, &domain_acme_contact_email)
&domain_acme_contact_email,
)
.await .await
.expect("domain acme manager initialization failed"); .expect("domain acme manager initialization failed"),
)
Some(HTTPSParams {
https_listen_addr,
domain_acme_store,
domain_acme_manager,
})
} else { } else {
None None
}; };
let domain_manager = domiply::domain::manager::new( let mut task_stack = domani::util::TaskStack::new();
let domain_manager = domani::domain::manager::new(
&mut task_stack,
origin_store, origin_store,
domain_config_store, domain_config_store,
domain_checker, domain_checker,
https_params.as_ref().map(|p| p.domain_acme_manager.clone()), domain_acme_manager,
); );
let domain_manager = sync::Arc::new(domain_manager); let _ = domani::service::http::new(
&mut task_stack,
{
let (http_service, http_service_task_set) = domiply::service::http::new(
domain_manager.clone(), domain_manager.clone(),
config.domain_checker_target_a, config.domain_checker_target_a,
config.passphrase, config.passphrase,
config.http_listen_addr.clone(), config.http_listen_addr.clone(),
config.http_domain.clone(), config.http_domain.clone(),
https_params.map(|p| domiply::service::http::HTTPSParams { config
listen_addr: p.https_listen_addr, .https_listen_addr
cert_resolver: domiply::domain::acme::resolver::new(p.domain_acme_store), .map(|listen_addr| domani::service::http::HTTPSParams {
listen_addr,
cert_resolver: domain_manager.clone(),
}), }),
); );
canceller.cancelled().await; let mut signals =
Signals::new(signal_hook::consts::TERM_SIGNALS).expect("initializing signals failed");
domiply::service::http::stop(http_service, http_service_task_set).await; if (signals.next().await).is_some() {
log::info!("Gracefully shutting down...");
} }
sync::Arc::into_inner(domain_manager) tokio::spawn(async move {
.unwrap() if (signals.next().await).is_some() {
log::warn!("Forcefully shutting down");
std::process::exit(1);
};
});
task_stack
.stop() .stop()
.await .await
.expect("domain manager failed to shutdown cleanly"); .expect("failed to stop all background tasks");
log::info!("Graceful shutdown complete"); log::info!("Graceful shutdown complete");
} }

View File

@ -71,9 +71,9 @@ struct Store {
origins: sync::RwLock<collections::HashMap<origin::Descr, sync::Arc<Origin>>>, origins: sync::RwLock<collections::HashMap<origin::Descr, sync::Arc<Origin>>>,
} }
pub fn new(dir_path: PathBuf) -> io::Result<sync::Arc<dyn super::Store>> { pub fn new(dir_path: PathBuf) -> io::Result<Box<dyn super::Store>> {
fs::create_dir_all(&dir_path)?; fs::create_dir_all(&dir_path)?;
Ok(sync::Arc::new(Store { Ok(Box::new(Store {
dir_path, dir_path,
sync_guard: sync::Mutex::new(collections::HashMap::new()), sync_guard: sync::Mutex::new(collections::HashMap::new()),
origins: sync::RwLock::new(collections::HashMap::new()), origins: sync::RwLock::new(collections::HashMap::new()),

View File

@ -27,13 +27,14 @@ pub struct HTTPSParams {
} }
pub fn new( pub fn new(
task_stack: &mut util::TaskStack<unexpected::Error>,
domain_manager: sync::Arc<dyn domain::manager::Manager>, domain_manager: sync::Arc<dyn domain::manager::Manager>,
target_a: net::Ipv4Addr, target_a: net::Ipv4Addr,
passphrase: String, passphrase: String,
http_listen_addr: net::SocketAddr, http_listen_addr: net::SocketAddr,
http_domain: domain::Name, http_domain: domain::Name,
https_params: Option<HTTPSParams>, https_params: Option<HTTPSParams>,
) -> (sync::Arc<Service>, util::TaskSet<unexpected::Error>) { ) -> sync::Arc<Service> {
let service = sync::Arc::new(Service { let service = sync::Arc::new(Service {
domain_manager: domain_manager.clone(), domain_manager: domain_manager.clone(),
target_a, target_a,
@ -42,9 +43,7 @@ pub fn new(
handlebars: tpl::get(), handlebars: tpl::get(),
}); });
let task_set = util::TaskSet::new(); task_stack.push_spawn(|canceller| {
task_set.spawn(|canceller| {
tasks::listen_http( tasks::listen_http(
service.clone(), service.clone(),
canceller, canceller,
@ -54,7 +53,7 @@ pub fn new(
}); });
if let Some(https_params) = https_params { if let Some(https_params) = https_params {
task_set.spawn(|canceller| { task_stack.push_spawn(|canceller| {
tasks::listen_https( tasks::listen_https(
service.clone(), service.clone(),
canceller, canceller,
@ -64,21 +63,12 @@ pub fn new(
) )
}); });
task_set.spawn(|canceller| { task_stack.push_spawn(|canceller| {
tasks::cert_refresher(domain_manager.clone(), canceller, http_domain.clone()) tasks::cert_refresher(domain_manager.clone(), canceller, http_domain.clone())
}); });
} }
return (service, task_set); return service;
}
pub async fn stop(service: sync::Arc<Service>, task_set: util::TaskSet<unexpected::Error>) {
task_set
.stop()
.await
.iter()
.for_each(|e| log::error!("error while shutting down http service: {e}"));
sync::Arc::into_inner(service).expect("service didn't get cleaned up");
} }
#[derive(Serialize)] #[derive(Serialize)]
@ -388,7 +378,7 @@ impl<'svc> Service {
return self.serve_origin(domain, req.uri().path()); return self.serve_origin(domain, req.uri().path());
} }
// Serve main domiply site // Serve main domani site
if method == Method::GET && path.starts_with("/static/") { if method == Method::GET && path.starts_with("/static/") {
return self.render(200, path, ()); return self.render(200, path, ());

View File

@ -6,7 +6,7 @@
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<title>Domiply - The universal, zero-authentication hosting service</title> <title>Domani - The universal, zero-authentication hosting service</title>
<meta name="viewport" content="width=device-width,initial-scale=1" /> <meta name="viewport" content="width=device-width,initial-scale=1" />
@ -28,7 +28,7 @@
<body> <body>
<header> <header>
<h1><a href="/">Domiply</a></h1> <h1><a href="/">Domani</a></h1>
<blockquote>The universal, zero-authentication hosting service</blockquote> <blockquote>The universal, zero-authentication hosting service</blockquote>
</header> </header>

View File

@ -5,19 +5,19 @@
{{# if data.config }} {{# if data.config }}
<p>Your domain <code>{{ data.domain }}</code> is already configured with <p>Your domain <code>{{ data.domain }}</code> is already configured with
Domiply. You can see the existing configuration below. If you modify any values Domani. You can see the existing configuration below. If you modify any values
you will need to hit the "Next" button to complete the update.</p> you will need to hit the "Next" button to complete the update.</p>
{{ else }} {{ else }}
<p>Your domain <code>{{ data.domain }}</code> is not yet configured with Domiply. <p>Your domain <code>{{ data.domain }}</code> is not yet configured with Domani.
To get started, please input the details of a public git repo which will be used To get started, please input the details of a public git repo which will be used
to serve your domain. When you update the given branch, your domain will be to serve your domain. When you update the given branch, your domain will be
automatically updated too!</p> automatically updated too!</p>
{{/if}} {{/if}}
<p><em>In the future Domiply will support more backends than just git <p><em>In the future Domani will support more backends than just git
repos.</em></p> repos.</em></p>
<form method="GET" action="/domain_init.html"> <form method="GET" action="/domain_init.html">

View File

@ -1,6 +1,6 @@
<h2>Configure DNS</h2> <h2>Configure DNS</h2>
<p>Next you will need to configure your DNS server to point to Domiply. There <p>Next you will need to configure your DNS server to point to Domani. There
are two entries you will need to add:</p> are two entries you will need to add:</p>
<ul> <ul>
@ -9,7 +9,7 @@ are two entries you will need to add:</p>
<code>{{ data.target_a }}</code> <code>{{ data.target_a }}</code>
</li> </li>
<li> <li>
A <code>TXT _domiply_challenge.{{ data.domain }}</code> entry with the value A <code>TXT _domani_challenge.{{ data.domain }}</code> entry with the value
<code>{{ data.challenge_token }}</code> <code>{{ data.challenge_token }}</code>
</li> </li>
</ul> </ul>

View File

@ -1,6 +1,6 @@
<h2>All Domains</h2> <h2>All Domains</h2>
<p>Below are listed all domains which this Domiply instance is currently <p>Below are listed all domains which this Domani instance is currently
serving</p> serving</p>
<ul> <ul>

View File

@ -1,11 +1,11 @@
<p>Domiply connects your domain to whatever you want to host on it, all with no <p>Domani connects your domain to whatever you want to host on it, all with no
account needed. Just input your desired backend, add two entries to your DNS account needed. Just input your desired backend, add two entries to your DNS
server, and you're done!</p> server, and you're done!</p>
<p><strong>YOU SHOULD NOT USE THIS FOR ANYTHING YOU CARE ABOUT AT THIS <p><strong>YOU SHOULD NOT USE THIS FOR ANYTHING YOU CARE ABOUT AT THIS
TIME.</strong></p> TIME.</strong></p>
<p>Domiply is currently only a proof-of-concept with limited features, <p>Domani is currently only a proof-of-concept with limited features,
but will continue to be expanded as development time permits.</p> but will continue to be expanded as development time permits.</p>
<h2>Get Started</h2> <h2>Get Started</h2>
@ -30,20 +30,20 @@ been set up.</p>
<ul> <ul>
<li><a href="/domains.html">List all existing domains</a></li> <li><a href="/domains.html">List all existing domains</a></li>
<li><a href="https://code.betamike.com/cryptic-io/domiply">View the Source Code</a></li> <li><a href="https://code.betamike.com/cryptic-io/domani">View the Source Code</a></li>
<li><a href="mailto:me@mediocregopher.com">Report a Bug</a></li> <li><a href="mailto:me@mediocregopher.com">Report a Bug</a></li>
</ul> </ul>
<h2>About</h2> <h2>About</h2>
<p>Domiply is an open-source project which is designed to be hosted by <p>Domani is an open-source project which is designed to be hosted by
individuals for their community of friends and family. By making it super easy individuals for their community of friends and family. By making it super easy
to set up a domain we can help our non-technical folk own their own slice of to set up a domain we can help our non-technical folk own their own slice of
the internet, the way it was always intended.</p> the internet, the way it was always intended.</p>
<h2>Roadmap</h2> <h2>Roadmap</h2>
<p>Domiply is very much a work in progress. The following functionality is <p>Domani is very much a work in progress. The following functionality is
planned but not yet implemented:</p> planned but not yet implemented:</p>
<ul> <ul>

View File

@ -1,6 +1,5 @@
use std::{error, fs, io, path}; use std::{error, fs, io, path, pin};
use futures::stream::futures_unordered::FuturesUnordered;
use tokio_util::sync::CancellationToken; use tokio_util::sync::CancellationToken;
pub fn open_file(path: &path::Path) -> io::Result<Option<fs::File>> { pub fn open_file(path: &path::Path) -> io::Result<Option<fs::File>> {
@ -13,44 +12,60 @@ pub fn open_file(path: &path::Path) -> io::Result<Option<fs::File>> {
} }
} }
pub struct TaskSet<E> type StaticFuture<O> = pin::Pin<Box<dyn futures::Future<Output = O> + Send + 'static>>;
pub struct TaskStack<E>
where where
E: error::Error + Send + 'static, E: error::Error + Send + 'static,
{ {
canceller: CancellationToken, wait_group: Vec<StaticFuture<Result<(), E>>>,
wait_group: FuturesUnordered<tokio::task::JoinHandle<Result<(), E>>>,
} }
impl<E> TaskSet<E> impl<E> TaskStack<E>
where where
E: error::Error + Send + 'static, E: error::Error + Send + 'static,
{ {
pub fn new() -> TaskSet<E> { pub fn new() -> TaskStack<E> {
TaskSet { TaskStack {
canceller: CancellationToken::new(), wait_group: Vec::new(),
wait_group: FuturesUnordered::new(),
} }
} }
pub fn spawn<F, Fut>(&self, mut f: F) /// push adds the given Future to the stack, to be executed once stop is called.
pub fn push<Fut>(&mut self, f: Fut)
where
Fut: futures::Future<Output = Result<(), E>> + Send + 'static,
{
self.wait_group.push(Box::pin(f))
}
/// push_spawn will spawn the given closure in a tokio task. Once the CancellationToken is
/// cancelled the closure is expected to return.
pub fn push_spawn<F, Fut>(&mut self, mut f: F)
where where
Fut: futures::Future<Output = Result<(), E>> + Send + 'static, Fut: futures::Future<Output = Result<(), E>> + Send + 'static,
F: FnMut(CancellationToken) -> Fut, F: FnMut(CancellationToken) -> Fut,
{ {
let canceller = self.canceller.clone(); let canceller = CancellationToken::new();
let handle = tokio::spawn(f(canceller)); let handle = tokio::spawn(f(canceller.clone()));
self.wait_group.push(handle); self.push(async move {
canceller.cancel();
handle.await.expect("failed to join task")
});
} }
pub async fn stop(self) -> Vec<E> { /// stop will process all operations which have been pushed onto the stack in the reverse order
self.canceller.cancel(); /// they were pushed.
pub async fn stop(mut self) -> Result<(), E> {
// reverse wait_group in place, so we stop the most recently added first. Since this method
// consumes self this is fine.
self.wait_group.reverse();
let mut res = Vec::new(); for fut in self.wait_group {
for f in self.wait_group { if let Err(err) = fut.await {
if let Err(err) = f.await.expect("task failed") { return Err(err);
res.push(err);
} }
} }
res Ok(())
} }
} }