-
Notifications
You must be signed in to change notification settings - Fork 154
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
17 changed files
with
164 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# nfpm configuration file | ||
# | ||
# check https://nfpm.goreleaser.com/configuration for detailed usage | ||
# | ||
name: openziti-router | ||
arch: ${GOARCH} | ||
platform: linux | ||
version: ${ZITI_VERSION} | ||
maintainer: ${ZITI_MAINTAINER} | ||
description: > | ||
Provides a system service for running an OpenZiti Router | ||
vendor: ${ZITI_VENDOR} | ||
homepage: ${ZITI_HOMEPAGE} | ||
license: Apache-2.0 | ||
# Contents to add to the package. | ||
contents: | ||
- dst: /lib/systemd/system/ | ||
src: ./dist/dist-packages/linux/openziti-router/ziti-router.service | ||
|
||
- dst: /opt/openziti/etc/router | ||
type: dir | ||
file_info: | ||
mode: 0755 | ||
|
||
- dst: /opt/openziti/etc/router/ | ||
src: ./dist/dist-packages/linux/openziti-router/env | ||
type: config|noreplace | ||
|
||
- dst: /opt/openziti/etc/router/ | ||
src: ./dist/dist-packages/linux/openziti-router/bootstrap.bash | ||
|
||
- dst: /opt/openziti/etc/router/ | ||
src: ./dist/dist-packages/linux/openziti-router/entrypoint.bash | ||
depends: | ||
- openziti # ziti CLI |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# | ||
# this is a systemd env file allowing simple assignments for ziti-controller.service environment | ||
# | ||
|
||
# disable JSON logging | ||
PFXLOG_NO_JSON=true | ||
|
||
# | ||
# for "ziti create config router edge" commands in bootstrap.bash | ||
# | ||
|
||
# address and port of the controller (required) | ||
ZITI_CTRL_ADVERTISED_ADDRESS= | ||
ZITI_CTRL_ADVERTISED_PORT= | ||
|
||
# set identity filenames (default: hostname -s) | ||
ZITI_ROUTER_NAME= | ||
# the advertised address of the router is a domain name that can be resolved by all devices (default: hostname -f) | ||
ZITI_ROUTER_ADVERTISED_ADDRESS= | ||
# the advertised and listening port of the router (default: 80) | ||
ZITI_ROUTER_ADVERTISED_PORT= | ||
# the interface address on which to listen (default: 0.0.0.0) | ||
ZITI_ROUTER_BIND_ADDRESS= | ||
# where to listen for DNS requests in tproxy mode (default: udp://127.0.0.1:53) | ||
ZITI_ROUTER_TPROXY_RESOLVER= | ||
# type of router (default: edge, options: edge, fabric) | ||
ZITI_ROUTER_TYPE=edge | ||
|
||
# the mode of the router (default: host) requires that the router is administratively created with flag | ||
# --tunneler-enabled | ||
ZITI_ROUTER_MODE=host | ||
|
||
# create a config file unless it exists if "true", set "force" to overwrite | ||
ZITI_BOOTSTRAP_CONFIG=true | ||
|
||
# enroll unless already enrolled if "true", set "force" to overwrite key and cert (requires new enrollment token) | ||
ZITI_BOOTSTRAP_ENROLLMENT=true | ||
# for better security, leave this assignment empty and create a file readable only by root containing the | ||
# token and set "LoadCredential=ZITI_ENROLL_TOKEN:/opt/openziti/etc/router/.token" in | ||
# /lib/systemd/system/ziti-router.service | ||
ZITI_ENROLL_TOKEN= |
41 changes: 41 additions & 0 deletions
41
dist/dist-packages/linux/openziti-router/ziti-router.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
[Unit] | ||
Description=OpenZiti Router | ||
After=network-online.target | ||
|
||
[Service] | ||
# "ziti router run" is the main process managed by this service and replaces entrypoint.bash | ||
Type=simple | ||
|
||
# manage the user and permissions for the service automatically | ||
DynamicUser=yes | ||
|
||
# allow binding low ports, e.g., 443/tcp | ||
AmbientCapabilities=CAP_NET_BIND_SERVICE | ||
# required when ZITI_ROUTER_MODE=tproxy | ||
AmbientCapabilities=CAP_NET_ADMIN | ||
|
||
|
||
# load enrollment token from a file readable only by root for better security | ||
LoadCredential=ZITI_ENROLL_TOKEN:/opt/openziti/etc/router/.token | ||
# or set one-time enrollment token as literal string | ||
# SetCredential=ZITI_ENROLL_TOKEN:<jwt string here> | ||
|
||
UMask=0007 | ||
Restart=always | ||
RestartSec=3 | ||
LimitNOFILE=65535 | ||
|
||
# relative to /var/lib | ||
StateDirectory=ziti-router | ||
|
||
# absolute path where service will be run | ||
WorkingDirectory=/var/lib/ziti-router | ||
|
||
# used by bootstrap.bash to look up /run/credentials/$UNIT_NAME/$CREDENTIAL_NAME | ||
Environment=UNIT_NAME=ziti-router.service | ||
EnvironmentFile=/opt/openziti/etc/router/env | ||
|
||
ExecStart=/opt/openziti/etc/router/entrypoint.bash run config.yml | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters