cloudnative-coop · zachmandeville · May 8, 2023 · Mar 24, 2023 · Mar 27, 2023 · Mar 27, 2023
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,5 @@
+# Ignore everything
+*
+
+# Allow the tunnel binary
+!/build/tunneld
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -57,7 +57,31 @@ jobs:
           go mod download
 
           make clean
-          make -j build/tunneld build/tunneld.tag
+          GOOS=darwin GOARCH=arm64 make build
+          mv build/tunneld tunneld-darwin-arm64
+          mv build/tunnel tunnel-darwin-arm64
+          make clean
+          GOOS=darwin GOARCH=amd64 make build
+          mv build/tunneld tunneld-darwin-amd64
+          mv build/tunnel tunnel-darwin-amd64
+          make clean
+          GOOS=linux GOARCH=arm GOARM=7 make build
+          mv build/tunneld tunneld-linux-armv7
+          mv build/tunnel tunnel-linux-armv7
+          make clean
+          GOOS=linux GOARCH=arm64 make build
+          mv build/tunneld tunneld-linux-arm64
+          mv build/tunnel tunnel-linux-arm64
+          make clean
+          GOOS=linux GOARCH=amd64 make build
+          mv build/tunneld tunneld-linux-amd64
+          mv build/tunnel tunnel-linux-amd64
+          make clean
+          GOOS=windows GOARCH=amd64 make build
+          mv build/tunneld tunneld-windows-amd64
+          mv build/tunnel tunnel-linux-amd64
+          make clean
+          make -j tunneld build/tunneld.tag
 
           image_tag=$(cat build/tunneld.tag)
           if [[ "$image_tag" == "" ]]; then
@@ -67,17 +91,17 @@ jobs:
 
           echo "docker_tag=${image_tag}" >> $GITHUB_OUTPUT
 
-      - name: Push Docker image
-        if: ${{ !github.event.inputs.dry_run && !github.event.inputs.snapshot }}
-        run: |
-          set -euxo pipefail
+      # - name: Push Docker image
+      #   if: ${{ !github.event.inputs.dry_run && !github.event.inputs.snapshot }}
+      #   run: |
+      #     set -euxo pipefail
 
-          image_tag="${{ steps.build.outputs.docker_tag }}"
-          docker push "$image_tag"
+      #     image_tag="${{ steps.build.outputs.docker_tag }}"
+      #     docker push "$image_tag"
 
-          latest_tag="ghcr.io/coder/wgtunnel/tunneld:latest"
-          docker tag "$image_tag" "$latest_tag"
-          docker push "$latest_tag"
+      #     latest_tag="ghcr.io/coder/wgtunnel/tunneld:latest"
+      #     docker tag "$image_tag" "$latest_tag"
+      #     docker push "$latest_tag"
 
       - name: ls build
         run: ls -lh build
@@ -86,7 +110,7 @@ jobs:
         if: ${{ !github.event.inputs.dry_run && !github.event.inputs.snapshot }}
         uses: ncipollo/release-action@v1
         with:
-          artifacts: "build/tunneld"
+          artifacts: "tunnel-*-*"
           body: "Docker image: `${{ steps.build.outputs.docker_tag }}`"
           token: ${{ secrets.GITHUB_TOKEN }}
 
@@ -96,5 +120,11 @@ jobs:
         with:
           name: release-artifacts
           path: |
-            ./build/tunneld
+            ./tunnel-darwin-amd64
+            ./tunnel-darwin-arm64
+            ./tunnel-linux-arm64
+            ./tunnel-linux-amd64
+            ./tunnel-linux-armv7
+            ./tunnel-windows-arm64
+            ./tunnel-windows-amd64
           retention-days: 7
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -211,7 +211,6 @@ linters:
     - asciicheck
     - bidichk
     - bodyclose
-    - deadcode
     - dogsled
     - errcheck
     - errname
@@ -255,4 +254,3 @@ linters:
     - typecheck
     - unconvert
     - unused
-    - varcheck
diff --git a/Dockerfile b/Dockerfile
@@ -11,6 +11,6 @@ LABEL \
 RUN adduser -D -u 1000 tunneld
 USER tunneld
 
-COPY tunneld /
+COPY ./build/tunneld /
 
 CMD ["/tunneld"]
diff --git a/Makefile b/Makefile
@@ -49,17 +49,12 @@ build/tunneld.tag: build/tunneld
 	version="$(VERSION)"
 	tag="ghcr.io/coder/wgtunnel/tunneld:$${version//+/-}"
 
-	# make a temp directory, copy the binary into it, and build the image.
-	temp_dir=$$(mktemp -d)
-	cp build/tunneld "$$temp_dir"
-
 	docker build \
 		--file Dockerfile \
 		--build-arg "WGTUNNEL_VERSION=$(VERSION)" \
 		--tag "$$tag" \
-		"$$temp_dir"
+		.
 
-	rm -rf "$$temp_dir"
 	echo "$$tag" > "$@"
 
 test:

diff --git a/cmd/tunneld/main.go b/cmd/tunneld/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"errors"
 	"io"
 	"log"
 	"net/http"
@@ -121,6 +122,11 @@ func main() {
 				Usage:   "The Honeycomb team ID to send tracing data to. If not specified, tracing will not be shipped anywhere.",
 				EnvVars: []string{"TUNNELD_TRACING_HONEYCOMB_TEAM"},
 			},
+			&cli.StringFlag{
+				Name:    "tracing-instance-id",
+				Usage:   "The instance ID to annotate all traces with that uniquely identifies this deployment.",
+				EnvVars: []string{"TUNNELD_TRACING_INSTANCE_ID"},
+			},
 		},
 		Action: runApp,
 	}
@@ -146,6 +152,7 @@ func runApp(ctx *cli.Context) error {
 		realIPHeader           = ctx.String("real-ip-header")
 		pprofListenAddress     = ctx.String("pprof-listen-address")
 		tracingHoneycombTeam   = ctx.String("tracing-honeycomb-team")
+		tracingInstanceID      = ctx.String("tracing-instance-id")
 	)
 	if baseURL == "" {
 		return xerrors.New("base-url is required. See --help for more information.")
@@ -173,12 +180,12 @@ func runApp(ctx *cli.Context) error {
 	if tracingHoneycombTeam != "" {
 		exp, err := newHoneycombExporter(ctx.Context, tracingHoneycombTeam)
 		if err != nil {
-			return xerrors.Errorf("failed to create honeycomb telemetry exporter: %w", err)
+			return xerrors.Errorf("create honeycomb telemetry exporter: %w", err)
 		}
 
 		// Create a new tracer provider with a batch span processor and the otlp
 		// exporter.
-		tp := newTraceProvider(exp)
+		tp := newTraceProvider(exp, tracingInstanceID)
 		otel.SetTracerProvider(tp)
 		otel.SetTextMapPropagator(
 			propagation.NewCompositeTextMapPropagator(
@@ -210,7 +217,7 @@ func runApp(ctx *cli.Context) error {
 
 	if wireguardKeyFile != "" {
 		_, err = os.Stat(wireguardKeyFile)
-		if xerrors.Is(err, os.ErrNotExist) {
+		if errors.Is(err, os.ErrNotExist) {
 			logger.Info(ctx.Context, "generating private key to file", slog.F("path", wireguardKeyFile))
 			key, err := tunnelsdk.GeneratePrivateKey()
 			if err != nil {

diff --git a/cmd/tunneld/tracing.go b/cmd/tunneld/tracing.go
@@ -7,8 +7,10 @@ import (
 	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc"
 	"go.opentelemetry.io/otel/sdk/resource"
 	sdktrace "go.opentelemetry.io/otel/sdk/trace"
-	semconv "go.opentelemetry.io/otel/semconv/v1.4.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.11.0"
 	"google.golang.org/grpc/credentials"
+
+	"github.com/coder/wgtunnel/buildinfo"
 )
 
 func newHoneycombExporter(ctx context.Context, teamID string) (*otlptrace.Exporter, error) {
@@ -24,10 +26,12 @@ func newHoneycombExporter(ctx context.Context, teamID string) (*otlptrace.Export
 	return otlptrace.New(ctx, client)
 }
 
-func newTraceProvider(exp *otlptrace.Exporter) *sdktrace.TracerProvider {
+func newTraceProvider(exp *otlptrace.Exporter, instanceID string) *sdktrace.TracerProvider {
 	rsc := resource.NewWithAttributes(
 		semconv.SchemaURL,
 		semconv.ServiceNameKey.String("WireguardTunnel"),
+		semconv.ServiceInstanceIDKey.String(instanceID),
+		semconv.ServiceVersionKey.String(buildinfo.Version()),
 	)
 
 	return sdktrace.NewTracerProvider(

diff --git a/compose/.env.example b/compose/.env.example
@@ -0,0 +1,2 @@
+CLOUDFLARE_TOKEN=
+HONEYCOMB_TEAM=
diff --git a/compose/.gitignore b/compose/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/compose/Makefile b/compose/Makefile
@@ -0,0 +1,17 @@
+# Use a single bash shell for each job, and immediately exit on failure
+SHELL := bash
+.SHELLFLAGS := -ceu
+.ONESHELL:
+
+# Don't print the commands in the file unless you specify VERBOSE. This is
+# essentially the same as putting "@" at the start of each line.
+ifndef VERBOSE
+.SILENT:
+endif
+
+up:
+	pushd ..
+		make -B build
+	popd
+	docker compose -p wgtunnel up --build
+.PHONY: up
diff --git a/compose/caddy/Dockerfile b/compose/caddy/Dockerfile
@@ -0,0 +1,12 @@
+ARG CADDY_VERSION=2.6.4
+FROM caddy:${CADDY_VERSION}-builder AS builder
+
+RUN xcaddy build \
+    --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
+    --with github.com/caddy-dns/cloudflare
+
+FROM caddy:${CADDY_VERSION}
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+
+CMD ["caddy", "docker-proxy"]
diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml
@@ -0,0 +1,47 @@
+version: "3.9"
+services:
+  caddy:
+    build: ./caddy
+    ports:
+      - 8080:80
+      - 4443:443
+    environment:
+      - CADDY_INGRESS_NETWORKS=caddy
+    networks:
+      - caddy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - caddy_data:/data
+    restart: unless-stopped
+
+  tunnel:
+    build: ..
+    restart: always
+    ports:
+      - 55551:55551/udp
+    networks:
+      - caddy
+    environment:
+      TUNNELD_LISTEN_ADDRESS: "0.0.0.0:8080"
+      TUNNELD_BASE_URL: "https://local.try.coder.app:4443"
+      TUNNELD_WIREGUARD_ENDPOINT: "local.try.coder.app:55551"
+      TUNNELD_WIREGUARD_PORT: "55551"
+      TUNNELD_WIREGUARD_KEY_FILE: "/home/tunneld/wg.key"
+      TUNNELD_WIREGUARD_MTU: "1280"
+      TUNNELD_WIREGUARD_SERVER_IP: "fcca::1"
+      TUNNELD_WIREGUARD_NETWORK_PREFIX: "fcca::/16"
+      TUNNELD_REAL_IP_HEADER: "X-Forwarded-For"
+      TUNNELD_PPROF_LISTEN_ADDRESS: "127.0.0.1:6060"
+      TUNNELD_TRACING_HONEYCOMB_TEAM: "${HONEYCOMB_TEAM}"
+      TUNNELD_TRACING_INSTANCE_ID: "local"
+    labels:
+      caddy: "local.try.coder.app, *.local.try.coder.app"
+      caddy.reverse_proxy: "{{upstreams 8080}}"
+      caddy.tls.dns: cloudflare ${CLOUDFLARE_TOKEN}
+
+networks:
+  caddy:
+    external: true
+
+volumes:
+  caddy_data: {}
diff --git a/go.mod b/go.mod
@@ -4,8 +4,10 @@ go 1.20
 
 require (
 	cdr.dev/slog v1.4.1
-	github.com/go-chi/chi v1.5.4
+	github.com/go-chi/chi/v5 v5.0.8
+	github.com/go-chi/hostrouter v0.2.0
 	github.com/go-chi/httprate v0.7.1
+	github.com/riandyrn/otelchi v0.5.1
 	github.com/stretchr/testify v1.8.1
 	github.com/urfave/cli/v2 v2.24.4
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.36.4
@@ -17,7 +19,7 @@ require (
 	golang.org/x/mod v0.8.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
-	golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675
+	golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230215201556-9c5414ab4bde
 	google.golang.org/grpc v1.53.0
 )
@@ -44,12 +46,13 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib v1.0.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.1 // indirect
 	go.opentelemetry.io/otel/metric v0.33.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	golang.org/x/crypto v0.6.0 // indirect
 	golang.org/x/net v0.7.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/sys v0.5.1-0.20230222185716-a3b23cc77e89 // indirect
 	golang.org/x/term v0.5.0 // indirect
 	golang.org/x/text v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect