Draft incorporating firewall - audit only mode #1

Closed
yume wants to merge 6 commits from nyuukyou into master
6 changed files with 2019 additions and 1 deletions
Showing only changes of commit 6e8add8f70 - Show all commits

View file

@ -11,5 +11,8 @@
"editor.codeActionsOnSave": { "editor.codeActionsOnSave": {
"source.fixAll": "explicit" "source.fixAll": "explicit"
}, },
"editor.formatOnSave": false "editor.formatOnSave": false,
"rust-analyzer.linkedProjects": [
"yume-mods/nyuukyou/Cargo.toml",
]
} }

View file

@ -1,4 +1,20 @@
services: services:
nyuukyou:
build: yume-mods/nyuukyou
restart: always
links:
- web
depends_on:
web:
condition: service_healthy
networks:
- internal_network
- external_network
ports:
- "3001:3001"
volumes:
- ./nyuukyou:/store
web: web:
build: . build: .
restart: always restart: always

1900
yume-mods/nyuukyou/Cargo.lock generated Normal file

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,12 @@
[package]
name = "nyuukyou"
version = "0.1.0"
edition = "2021"
[dependencies]
axum = "0.7"
clap = { version = "4.5.20", features = ["derive"] }
env_logger = "0.11.5"
fedivet = { git = "https://forge.yumechi.jp/yume/fedivet", tag = "testing-audit" }
serde = { version = "1.0.210", features = ["derive"] }
tokio = { version = "1" }

View file

@ -0,0 +1,24 @@
FROM archlinux AS builder
RUN pacman -Sy --noconfirm \
base-devel \
git
RUN curl -sSL https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
COPY . /src
RUN cd /src && bash -c '. $HOME/.cargo/env; cargo build --release' && \
mkdir -p /target/usr/local/bin && cp /src/target/release/nyuukyou /target/usr/local/bin/nyuukyou
FROM archlinux
COPY --from=builder /target/ /
RUN pacman -Sy --noconfirm curl && \
useradd -m -u 1000 -r nyuukyou
USER nyuukyou
ENTRYPOINT [ "/usr/local/bin/nyuukyou" ]

View file

@ -0,0 +1,63 @@
use std::path::PathBuf;
use std::sync::Arc;
use axum::response::IntoResponse;
use clap::Parser;
use fedivet::evaluate::chain::audit::AuditOptions;
use fedivet::evaluate::Evaluator;
use fedivet::model::error::MisskeyError;
use fedivet::serve;
use fedivet::BaseAppState;
use fedivet::HasAppState;
use serde::Serialize;
#[derive(Parser)]
pub struct Args {
#[clap(short, long, default_value = "127.0.0.1:3001")]
pub listen: String,
#[clap(short, long, default_value = "http://web:3000")]
pub backend: String,
#[clap(long)]
pub tls_cert: Option<String>,
#[clap(long)]
pub tls_key: Option<String>,
}
#[allow(clippy::unused_async)]
async fn build_state<E: IntoResponse + Clone + Serialize + Send + Sync + 'static>(
base: Arc<BaseAppState<E>>,
_args: &Args,
) -> impl HasAppState<E> + Evaluator<E> {
base.audited(AuditOptions::new(PathBuf::from("/store/log/audit/incoming")))
}
#[tokio::main]
async fn main() {
if std::env::var("RUST_LOG").is_err() {
std::env::set_var("RUST_LOG", "info");
}
env_logger::init();
let args = Args::parse();
let state = build_state::<MisskeyError>(
Arc::new(BaseAppState::new(
args.backend.parse().expect("Invalid backend URL"),
)),
&args,
)
.await;
serve::run(
state.clone(),
serve::start(
state,
&args.listen,
args.tls_cert.as_deref(),
args.tls_key.as_deref(),
)
.await,
)
.await;
}