Merge pull request #11 from Cyber-Mint/00-deploy-improvements

00 deploy improvements

.circleci/config.yml

@@ -91,51 +91,77 @@ jobs:
           command: |
             docker run -v ~/repo:/path zricethezav/gitleaks:latest detect --source="/path" -v
 
-  linting:
+  flake8:
     docker:
       - image: python@sha256:364ee1a9e029fb7b60102ae56ff52153ccc929ceab9aa387402fe738432d24cc
     resource_class: small
     working_directory: ~/repo
     steps:
       - checkout
+      - restore_cache:
+          key: deps1-{{ .Environment.CACHE_VERSION }}
       - run:
-          name: Install Ubuntu packages
+          name: Install Python
           command: |
-            export DEBIAN_FRONTEND='noninteractive'
-            apt-get update
-            apt-get install -y yamllint
+            python3 -m venv .venv
+            . .venv/bin/activate
+            pip install flake8
+      - save_cache:
+          key: deps1-{{ .Environment.CACHE_VERSION }}
+          paths:
+            - ".venv"
+      - run:
+          name: Lint BackEnd with flake8
+          command: |
+            python3 -m venv .venv
+            . .venv/bin/activate
+            cd ~/repo/backend/src
+            flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics
+            flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+
+  ansible-lint:
+    docker:
+      - image: python@sha256:364ee1a9e029fb7b60102ae56ff52153ccc929ceab9aa387402fe738432d24cc
+    resource_class: small
+    working_directory: ~/repo
+    steps:
+      - checkout
       - restore_cache:
           key: deps1-{{ .Environment.CACHE_VERSION }}
       - run:
           name: Install Python
           command: |
             python3 -m venv .venv
             . .venv/bin/activate
-            pip install ansible ansible-lint flake8
+            pip install ansible ansible-lint
       - save_cache:
           key: deps1-{{ .Environment.CACHE_VERSION }}
           paths:
             - ".venv"
       - run:
           name: Lint playbook with ansible lint
           command: |
-            python3 -m venv .venv
             . .venv/bin/activate
-            ansible-lint --version
             cd ~/repo/playbook/
             ansible-lint
+
+  yamllint:
+    docker:
+      - image: python@sha256:364ee1a9e029fb7b60102ae56ff52153ccc929ceab9aa387402fe738432d24cc
+    resource_class: small
+    working_directory: ~/repo
+    steps:
+      - checkout
       - run:
-          name: Lint repo with yamllint
+          name: Install Ubuntu packages
           command: |
-            yamllint -c .yamllint.conf .
+            export DEBIAN_FRONTEND='noninteractive'
+            apt-get update
+            apt-get install -y yamllint
       - run:
-          name: Lint BackEnd with flake8
+          name: Lint repo with yamllint
           command: |
-            python3 -m venv .venv
-            . .venv/bin/activate
-            cd ~/repo/backend/src
-            flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics
-            flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+            yamllint -c .yamllint.conf .
 
   publish-wg-vpn:
     machine:
@@ -161,7 +187,9 @@ workflows:
   version: 2
   untagged_build_test:
     jobs:
-      - linting
+      - ansible-lint
+      - flake8
+      - yamllint
       - integration-tests
       - git-leaks
       - checkov

backend/Dockerfile

@@ -1,5 +1,5 @@
 # Build from Python 3.10
-FROM python:3.10-alpine
+FROM python:3.12-alpine
 
 # Set working directory to /code/
 WORKDIR /code

backend/quickstart/docker-compose.yml

@@ -11,8 +11,8 @@ services:
       - /home/wg-vpn/commandpipe:/home/wg-vpn/commandpipe
     environment:
       - WG_VPN_REGISTRATION_TOKEN=${WG_VPN_REGISTRATION_TOKEN}
-      - WG_VPN_ENDPOINT=${WG_VPN_ENDPOINT}
-      - WG_VPN_ALLOWED_IPS=${WG_VPN_ALLOWED_IPS}
+      - WG_VPN_ENDPOINT=${WG_VPN_ENDPOINT:-127.0.0.1}  # Used for building client wg0.conf files
+      - WG_VPN_ALLOWED_IPS=${WG_VPN_ALLOWED_IPS}       # Used for building client wg0.conf files
       - WG_VPN_SERVER_PUBLIC_KEY=${WG_VPN_SERVER_PUBLIC_KEY}
       - WG_VPN_SERVER_INTERFACE=10.8.0.1
       - WG_VPN_PACKAGE_PATH=.wireguard

backend/quickstart/test.sh

@@ -13,7 +13,7 @@ sigterm_handler() {
 trap 'trap " " SIGINT SIGTERM SIGHUP; kill 0; wait; sigterm_handler' SIGINT SIGTERM SIGHUP
 
 # Bring down containers in compose file
-docker compose down --remove-orphans
+docker-compose down --remove-orphans
 
 # Bring up containers in compose file
-docker compose up --build
+docker-compose up --build

backend/src/main.py

@@ -210,3 +210,23 @@ async def validation_exception_handler(request, exc):
     return templates.TemplateResponse(
         "400_error_message.html", context={"request": request}, headers=headers
     )
+
+
+@app.exception_handler(404)
+async def custom_http_exception_handler(request, exc):
+    """
+    Exception handler for HTTPException.
+
+    Args:
+        request: The incoming request object.
+        exc: The raised HTTPException.
+
+    Returns:
+        TemplateResponse: A template response rendering the error message with the appropriate headers and status code.
+
+    """
+    headers = getattr(exc, "headers", None)
+    return templates.TemplateResponse(
+        "404_error_page.html", context={"request": request}, headers=headers, status_code=exc.status_code
+    )
+

backend/src/requirements.txt

@@ -1,7 +1,8 @@
-fastapi==0.99.1
-jinja2==3.1.2
-pydantic==1.10.11
+fastapi==0.109.2
+Jinja2==3.1.3
+pydantic==2.6.1
+pydantic-settings==2.1.0
 requests==2.31.0
-typing_extensions==4.7.1
-urllib3==2.0.3
-uvicorn==0.22.0
+typing_extensions==4.9.0
+urllib3==2.2.0
+uvicorn==0.27.0.post1

backend/src/settings.py

@@ -1,13 +1,14 @@
 import os
 import logging
 
-import pydantic
+from pydantic_settings import BaseSettings
+
 
 logging.config.fileConfig('logging.conf', disable_existing_loggers=False)
 logger = logging.getLogger(__name__)
 
 
-class Settings(pydantic.BaseSettings):
+class Settings(BaseSettings):
     WG_VPN_REGISTRATION_TOKEN: str = os.getenv('WG_VPN_REGISTRATION_TOKEN')
     WG_VPN_ENDPOINT: str = os.getenv('WG_VPN_ENDPOINT')
     WG_VPN_ALLOWED_IPS: str = os.getenv('WG_VPN_ALLOWED_IPS')

backend/src/static/styles.css

@@ -112,6 +112,7 @@ body {
     height: 30px;
     background-color: #999999;
     padding: 0 20px;
+    border-radius: 5px;
     color: white;
     font-size: 15px;
 }
@@ -156,6 +157,7 @@ body {
     font-size: 15px;
     padding: 0 20px;
     display: flex;
+    border-radius: 5px;
     align-items: center;
  }
 

backend/src/templates/404_error_page.html

@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>VPN Server</title>
+    <link rel="stylesheet" href="../static/styles.css" />
+    <link rel="icon" type="image/x-icon" href="../static/favicon.ico">
+  </head>
+  <body>
+    <div class="error-wrapper">
+      <div class="error">
+        The token you provided was incorrect! Try again.
+        <span class="hide-error">&times;</span>
+      </div>
+    </div>
+    <div id="app">
+      <div class="main">
+        <div class="title-generate-wrapper">
+          <img src="../static/images/wg-logo.jpeg" alt="wg-logo" />
+          <div class="title-generate-block">
+            <div class="title-block">
+              <div class="title">WireGuard-VPN</div>
+              <div class="title-description">
+                A no-nonsense self-provisioning VPN server for dev teams
+              </div>
+              <div >
+                <h1>Page not found</h1>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div class="copyright">
+        <div class="github">
+          <img src="../static/images/github.png" alt="github" />
+          <a 
+            class="github-link" 
+            href="https://github.com/cyber-mint/wg-vpn" 
+            rel="noopener noreferrer" 
+            target="_blank"
+          >
+            https://github.com/cyber-mint/wg-vpn
+          </a>
+        </div>
+        <div class="cyber-mint">
+          Copyright &#169; 2023, Cyber-Mint (Pty) Ltd, Provided under MIT
+          License
+          <img src="../static/images/cm-logo-whitespace.png" alt="cyber-mint" />
+        </div>
+      </div>
+    </div>
+  </body>
+</html>

backend/src/templates/index.html

@@ -5,6 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>VPN Server</title>
     <link rel="stylesheet" href="../static/styles.css" />
+    <link rel="icon" type="image/x-icon" href="../static/favicon.ico">
   </head>
   <body>
     <div class="error-wrapper">
@@ -21,7 +22,7 @@
             <div class="title-block">
               <div class="title">WireGuard-VPN</div>
               <div class="title-description">
-                A no-nosense self-provisioning VPN server for dev teams
+                A no-nonsense self-provisioning VPN server for dev teams
               </div>
             </div>
             <div class="generate-block">

playbook/roles/deploy/tasks/setup-compose.yml

@@ -1,64 +1,22 @@
 ---
-- name: Copy over Backend Docker-compose file
-  become: true
-  ansible.builtin.copy:
-    src: docker-compose/docker-compose.yml
-    dest: /home/docker-compose.yml
-    owner: root
-    group: root
-    mode: '0644'
-
-- name: Generate wireguard server token
+- name: Generate wireguard server token, and read into var
   ansible.builtin.shell:
     cmd: set -o pipefail && tr -dc A-Za-z0-9 </dev/urandom | head -c 25; echo ''
     executable: /bin/bash
   register: vpn_registration_token
   changed_when: true
 
-- name: Write WG_VPN_REGISTRATION_TOKEN to docker-compose
-  become: true
-  ansible.builtin.replace:
-    path: /home/docker-compose.yml
-    regexp: ^(      - WG_VPN_REGISTRATION_TOKEN=).*
-    replace: \g<1>{{ vpn_registration_token.stdout }}
-
-- name: Write WG_VPN_ENDPOINT to docker-compose
-  become: true
-  ansible.builtin.replace:
-    path: /home/docker-compose.yml
-    regexp: ^(      - WG_VPN_ENDPOINT=).*
-    replace: \g<1>{{ vpn_endpoint }}
-
-- name: Write WG_VPN_ALLOWED_IPS to docker-compose
-  become: true
-  ansible.builtin.replace:
-    path: /home/docker-compose.yml
-    regexp: ^(      - WG_VPN_ALLOWED_IPS=).*
-    replace: \g<1>{{ vpn_allowed_ips }}
-
 - name: Read remote Public key into var
   become: true
   ansible.builtin.slurp:
     src: /etc/wireguard/public.key
   register: public_key
 
-- name: Write WG_VPN_SERVER_PUBLIC_KEY to docker-compose
-  become: true
-  ansible.builtin.replace:
-    path: /home/docker-compose.yml
-    regexp: ^(      - WG_VPN_SERVER_PUBLIC_KEY=).*
-    replace: \g<1>{{ public_key['content'] | b64decode }}
-
-- name: Write WG_VPN_SERVER_HOST to docker-compose
-  become: true
-  ansible.builtin.replace:
-    path: /home/docker-compose.yml
-    regexp: ^(      - WG_VPN_SERVER_HOST=).*
-    replace: \g<1>{{ vpn_server_host }}
-
-- name: Write WG_VPN_VERSION to docker-compose
+- name: Copy over Backend Docker-compose file
   become: true
-  ansible.builtin.replace:
-    path: /home/docker-compose.yml
-    regexp: 'WG_VPN_VERSION'
-    replace: '{{ vpn_version }}'
+  ansible.builtin.template:
+    src: templates/docker-compose.yml.j2
+    dest: /home/docker-compose.yml
+    owner: root
+    group: root
+    mode: '0644'