Draft incorporating firewall - audit only mode #1
6 changed files with 2019 additions and 1 deletions
5
.vscode/settings.json
vendored
5
.vscode/settings.json
vendored
|
@ -11,5 +11,8 @@
|
|||
"editor.codeActionsOnSave": {
|
||||
"source.fixAll": "explicit"
|
||||
},
|
||||
"editor.formatOnSave": false
|
||||
"editor.formatOnSave": false,
|
||||
"rust-analyzer.linkedProjects": [
|
||||
"yume-mods/nyuukyou/Cargo.toml",
|
||||
]
|
||||
}
|
||||
|
|
|
@ -1,4 +1,20 @@
|
|||
services:
|
||||
nyuukyou:
|
||||
build: yume-mods/nyuukyou
|
||||
restart: always
|
||||
links:
|
||||
- web
|
||||
depends_on:
|
||||
web:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- internal_network
|
||||
- external_network
|
||||
ports:
|
||||
- "3001:3001"
|
||||
volumes:
|
||||
- ./nyuukyou:/store
|
||||
|
||||
web:
|
||||
build: .
|
||||
restart: always
|
||||
|
|
1900
yume-mods/nyuukyou/Cargo.lock
generated
Normal file
1900
yume-mods/nyuukyou/Cargo.lock
generated
Normal file
File diff suppressed because it is too large
Load diff
12
yume-mods/nyuukyou/Cargo.toml
Normal file
12
yume-mods/nyuukyou/Cargo.toml
Normal file
|
@ -0,0 +1,12 @@
|
|||
[package]
|
||||
name = "nyuukyou"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
axum = "0.7"
|
||||
clap = { version = "4.5.20", features = ["derive"] }
|
||||
env_logger = "0.11.5"
|
||||
fedivet = { git = "https://forge.yumechi.jp/yume/fedivet", tag = "testing-audit" }
|
||||
serde = { version = "1.0.210", features = ["derive"] }
|
||||
tokio = { version = "1" }
|
24
yume-mods/nyuukyou/Dockerfile
Normal file
24
yume-mods/nyuukyou/Dockerfile
Normal file
|
@ -0,0 +1,24 @@
|
|||
FROM archlinux AS builder
|
||||
|
||||
RUN pacman -Sy --noconfirm \
|
||||
base-devel \
|
||||
git
|
||||
|
||||
RUN curl -sSL https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
|
||||
|
||||
COPY . /src
|
||||
|
||||
RUN cd /src && bash -c '. $HOME/.cargo/env; cargo build --release' && \
|
||||
mkdir -p /target/usr/local/bin && cp /src/target/release/nyuukyou /target/usr/local/bin/nyuukyou
|
||||
|
||||
FROM archlinux
|
||||
|
||||
COPY --from=builder /target/ /
|
||||
|
||||
RUN pacman -Sy --noconfirm curl && \
|
||||
useradd -m -u 1000 -r nyuukyou
|
||||
|
||||
USER nyuukyou
|
||||
|
||||
ENTRYPOINT [ "/usr/local/bin/nyuukyou" ]
|
||||
|
63
yume-mods/nyuukyou/src/main.rs
Normal file
63
yume-mods/nyuukyou/src/main.rs
Normal file
|
@ -0,0 +1,63 @@
|
|||
|
||||
use std::path::PathBuf;
|
||||
use std::sync::Arc;
|
||||
|
||||
use axum::response::IntoResponse;
|
||||
use clap::Parser;
|
||||
use fedivet::evaluate::chain::audit::AuditOptions;
|
||||
use fedivet::evaluate::Evaluator;
|
||||
use fedivet::model::error::MisskeyError;
|
||||
use fedivet::serve;
|
||||
use fedivet::BaseAppState;
|
||||
use fedivet::HasAppState;
|
||||
use serde::Serialize;
|
||||
|
||||
#[derive(Parser)]
|
||||
pub struct Args {
|
||||
#[clap(short, long, default_value = "127.0.0.1:3001")]
|
||||
pub listen: String,
|
||||
#[clap(short, long, default_value = "http://web:3000")]
|
||||
pub backend: String,
|
||||
#[clap(long)]
|
||||
pub tls_cert: Option<String>,
|
||||
#[clap(long)]
|
||||
pub tls_key: Option<String>,
|
||||
}
|
||||
|
||||
#[allow(clippy::unused_async)]
|
||||
async fn build_state<E: IntoResponse + Clone + Serialize + Send + Sync + 'static>(
|
||||
base: Arc<BaseAppState<E>>,
|
||||
_args: &Args,
|
||||
) -> impl HasAppState<E> + Evaluator<E> {
|
||||
base.audited(AuditOptions::new(PathBuf::from("/store/log/audit/incoming")))
|
||||
}
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() {
|
||||
if std::env::var("RUST_LOG").is_err() {
|
||||
std::env::set_var("RUST_LOG", "info");
|
||||
}
|
||||
env_logger::init();
|
||||
|
||||
let args = Args::parse();
|
||||
|
||||
let state = build_state::<MisskeyError>(
|
||||
Arc::new(BaseAppState::new(
|
||||
args.backend.parse().expect("Invalid backend URL"),
|
||||
)),
|
||||
&args,
|
||||
)
|
||||
.await;
|
||||
|
||||
serve::run(
|
||||
state.clone(),
|
||||
serve::start(
|
||||
state,
|
||||
&args.listen,
|
||||
args.tls_cert.as_deref(),
|
||||
args.tls_key.as_deref(),
|
||||
)
|
||||
.await,
|
||||
)
|
||||
.await;
|
||||
}
|
Loading…
Reference in a new issue