AppDir/etc/daemon.yml

@@ -64,7 +64,7 @@ storage:
   # Capacity declares how many gigabytes can be stored in each allocation, and
   # is required. It must be a multiple of 100.
   #
-  # The ports are all required and must all be unique within and across
+  # The various ports are all required and must all be unique within and across
   # allocations.
   allocations:
 
@@ -73,4 +73,4 @@ storage:
     #  capacity: 1200
     #  api_port: 3900
     #  rpc_port: 3901
-    #  admin_port: 3902
+    #  web_port: 3902

docs/operator/contributing-storage.md

@@ -36,6 +36,7 @@ storage:
       capacity: 1200
       api_port: 3900
       rpc_port: 3901
+      web_port: 3902
 
     # 100 GB (the minimum) are being shared from drive2
     - data_path: /mnt/drive2/cryptic-net/data
@@ -43,6 +44,7 @@ storage:
       capacity: 100
       api_port: 3910
       rpc_port: 3911
+      web_port: 3912
 ```
 
 ## Setup Firewall

go-workspace/src/bootstrap/bootstrap.go

@@ -32,7 +32,6 @@ type Bootstrap struct {
 	NebulaHostCert nebula.HostCert
 
 	GarageRPCSecret                    string
-	GarageAdminToken                   string
 	GarageGlobalBucketS3APICredentials garage.S3APICredentials
 }
 
@@ -66,7 +65,6 @@ func FromFS(bootstrapFS fs.FS) (Bootstrap, error) {
 		{&b.NebulaHostCert.HostCert, nebulaCertsHostCertPath},
 		{&b.NebulaHostCert.HostKey, nebulaCertsHostKeyPath},
 		{&b.GarageRPCSecret, garageRPCSecretPath},
-		{&b.GarageAdminToken, garageAdminTokenPath},
 	}
 
 	for _, f := range filesToLoadAsString {
@@ -117,7 +115,6 @@ func (b Bootstrap) WriteTo(into io.Writer) error {
 		{b.NebulaHostCert.HostCert, nebulaCertsHostCertPath},
 		{b.NebulaHostCert.HostKey, nebulaCertsHostKeyPath},
 		{b.GarageRPCSecret, garageRPCSecretPath},
-		{b.GarageAdminToken, garageAdminTokenPath},
 	}
 
 	for _, f := range filesToWriteAsString {

go-workspace/src/bootstrap/garage.go

@@ -7,9 +7,8 @@ import (
 
 // Paths within the bootstrap FS related to garage.
 const (
-	garageRPCSecretPath          = "garage/rpc-secret.txt"
-	garageAdminTokenPath         = "garage/admin-token.txt"
 	garageGlobalBucketKeyYmlPath = "garage/cryptic-net-global-bucket-key.yml"
+	garageRPCSecretPath          = "garage/rpc-secret.txt"
 )
 
 // GaragePeers returns a Peer for each known garage instance in the network.

go-workspace/src/bootstrap/hosts.go

@@ -24,6 +24,7 @@ type NebulaHost struct {
 type GarageHostInstance struct {
 	RPCPort   int `yaml:"rpc_port"`
 	S3APIPort int `yaml:"s3_api_port"`
+	WebPort   int `yaml:"web_port"`
 }
 
 // GarageHost describes the garage configuration of a Host which is relevant for

go-workspace/src/cmd/entrypoint/admin.go

@@ -4,21 +4,11 @@ import (
 	"cryptic-net/admin"
 	"cryptic-net/bootstrap"
 	"cryptic-net/nebula"
-	"crypto/rand"
-	"encoding/hex"
 	"errors"
 	"fmt"
 	"os"
 )
 
-func randStr(l int) string {
-	b := make([]byte, l)
-	if _, err := rand.Read(b); err != nil {
-		panic(err)
-	}
-	return hex.EncodeToString(b)
-}
-
 func readAdmin(path string) (admin.Admin, error) {
 
 	if path == "-" {
@@ -104,7 +94,6 @@ var subCmdAdminMakeBootstrap = subCmd{
 			NebulaHostCert: nebulaHostCert,
 
 			GarageRPCSecret:                    adm.GarageRPCSecret,
-			GarageAdminToken:                   randStr(32),
 			GarageGlobalBucketS3APICredentials: adm.GarageGlobalBucketS3APICredentials,
 		}
 

go-workspace/src/cmd/entrypoint/daemon_util.go

@@ -60,6 +60,7 @@ func mergeDaemonIntoBootstrap(env *crypticnet.Env) error {
 			host.Garage.Instances = append(host.Garage.Instances, bootstrap.GarageHostInstance{
 				RPCPort:   alloc.RPCPort,
 				S3APIPort: alloc.S3APIPort,
+				WebPort:   alloc.WebPort,
 			})
 		}
 	}
@@ -155,12 +156,11 @@ func garageWriteChildConf(
 		MetaPath: alloc.MetaPath,
 		DataPath: alloc.DataPath,
 
-		RPCSecret:  env.Bootstrap.GarageRPCSecret,
-		AdminToken: env.Bootstrap.GarageAdminToken,
+		RPCSecret: env.Bootstrap.GarageRPCSecret,
 
-		RPCAddr:   net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.RPCPort)),
-		APIAddr:   net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.S3APIPort)),
-		AdminAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.AdminPort)),
+		RPCAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.RPCPort)),
+		APIAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.S3APIPort)),
+		WebAddr: net.JoinHostPort(thisHost.Nebula.IP, strconv.Itoa(alloc.WebPort)),
 
 		BootstrapPeers: env.Bootstrap.GarageRPCPeerAddrs(),
 	})

go-workspace/src/cmd/nebula-entrypoint/main.go

@@ -102,6 +102,11 @@ func Main() {
 				Proto: "tcp",
 				Host:  "any",
 			},
+			crypticnet.ConfigFirewallRule{
+				Port:  strconv.Itoa(alloc.WebPort),
+				Proto: "tcp",
+				Host:  "any",
+			},
 		)
 	}
 

go-workspace/src/daemon_yml.go

@@ -31,9 +31,9 @@ type DaemonYmlStorageAllocation struct {
 	DataPath  string `yaml:"data_path"`
 	MetaPath  string `yaml:"meta_path"`
 	Capacity  int    `yaml:"capacity"`
-	S3APIPort int    `yaml:"s3_api_port"`
+	S3APIPort int    `yaml:"api_port"` // TODO fix field name here
 	RPCPort   int    `yaml:"rpc_port"`
-	AdminPort int    `yaml:"admin_port"`
+	WebPort   int    `yaml:"web_port"`
 }
 
 // DaemonYml describes the structure of the daemon.yml file.

go-workspace/src/garage/tpl.go

@@ -13,12 +13,11 @@ type GarageTomlData struct {
 	MetaPath string
 	DataPath string
 
-	RPCSecret  string
-	AdminToken string
+	RPCSecret string
 
-	RPCAddr   string
-	APIAddr   string
-	AdminAddr string
+	RPCAddr string
+	APIAddr string
+	WebAddr string
 
 	BootstrapPeers []string
 }
@@ -42,9 +41,9 @@ bootstrap_peers = [{{- range .BootstrapPeers }}
 api_bind_addr = "{{ .APIAddr }}"
 s3_region = "garage"
 
-[admin]
-api_bind_addr = "{{ .AdminAddr }}"
-admin_token = "{{ .AdminToken }}"
+[s3_web]
+bind_addr = "{{ .WebAddr }}"
+root_domain = ".example.com"
 
 `))