Merge branch 'trunk' into gitbook

atsign-foundation · Sep 26, 2024 · 30bbb08 · 30bbb08
2 parents 54fa814 + 97f599c
commit 30bbb08
Show file tree

Hide file tree

Showing 24 changed files with 171 additions and 77 deletions.
diff --git a/.github/workflows/c_release.yml b/.github/workflows/c_release.yml
@@ -21,7 +21,7 @@ jobs:
       contents: write # Needed to create workflow branch
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Create action branch
         run: |
           git config --global user.name 'Atsign Robot'
@@ -71,7 +71,7 @@ jobs:
     #            ext: '.exe'
     #            bundle: 'windows'
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: c_release-${{github.run_number}}
       # compile binaries
@@ -121,7 +121,7 @@ jobs:
     #          - platform: linux/riscv64
     #            output-name: sshnpd-linux-riscv64
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: c_release-${{github.run_number}}
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
@@ -159,7 +159,7 @@ jobs:
           - platform: linux/riscv64
             output-name: sshnpd-linux-riscv64-musl
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: c_release-${{github.run_number}}
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
@@ -182,7 +182,7 @@ jobs:
     name: Generate source tarball
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: c_release-${{github.run_number}}
       - name: Create tarball

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -46,11 +46,11 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml
@@ -20,7 +20,7 @@ jobs:
       run:
         working-directory: ./packages/c
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Cppcheck
         run: |
           sudo apt install -y cppcheck

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
diff --git a/.github/workflows/dockerhub_sshnpd.yml b/.github/workflows/dockerhub_sshnpd.yml
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Ensure pubspec.yaml matches git ref (if current git ref is a version tag)
         shell: bash
         if: startsWith(github.ref, 'refs/tags/v')

diff --git a/.github/workflows/end2end_tests.yaml b/.github/workflows/end2end_tests.yaml
@@ -61,7 +61,7 @@ jobs:
           echo "np: ${{ matrix.np }}"
           echo "npd: ${{ matrix.npd }}"
 
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Setup Devicename
         # First two guarantee a unique # per workflow call
@@ -221,7 +221,7 @@ jobs:
           echo "np: ${{ matrix.np }}"
           echo "npd: ${{ matrix.npd }}"
 
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Setup Devicename
         # First two guarantee a unique # per workflow call
@@ -360,7 +360,7 @@ jobs:
     if: ${{ github.event.pull_request.head.repo.fork == false && github.actor != 'dependabot[bot]'}}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Setup Devicename
         # First two guarantee a unique # per workflow call

diff --git a/.github/workflows/gitbook.yaml b/.github/workflows/gitbook.yaml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Authenticate GitHub CLI
         run: |

diff --git a/.github/workflows/multibuild.yaml b/.github/workflows/multibuild.yaml
@@ -21,7 +21,7 @@ jobs:
       contents: write # Needed to create workflow branch
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Create action branch
         run: |
           git config --global user.name 'Atsign Robot'
@@ -70,7 +70,7 @@ jobs:
             ext: ".exe"
             bundle: "windows"
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: multibuild-${{github.run_number}}
       - uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5
@@ -191,7 +191,7 @@ jobs:
             output-name: sshnp-linux-riscv64
     steps:
       - if: ${{ ! inputs.main_build_only }}
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: multibuild-${{github.run_number}}
       - if: ${{ ! inputs.main_build_only }}
@@ -220,7 +220,7 @@ jobs:
         working-directory: ./packages/dart/sshnoports/bundles
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - run: |
           write_metadata() {
             start_line="# SCRIPT METADATA"
@@ -247,7 +247,7 @@ jobs:
         working-directory: ./packages/dart/sshnoports/bundles
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: universal.ps1-${{github.ref_name}}-${{github.run_number}}-${{github.run_attempt}}
@@ -267,7 +267,7 @@ jobs:
       attestations: write
     steps:
       - name: Checkout pubspec.lock
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           sparse-checkout: packages/dart/sshnoports/pubspec.lock
           sparse-checkout-cone-mode: false
@@ -330,7 +330,7 @@ jobs:
     permissions:
       contents: write # Needed to delete workflow branch
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: multibuild-${{github.run_number}}
       - name: Delete workflow branch

diff --git a/.github/workflows/prod_tests.yaml b/.github/workflows/prod_tests.yaml
@@ -42,7 +42,7 @@ jobs:
         run: |
           echo "rvd: ${{ matrix.rvd }}"
 
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Setup NP/NPD key env
         run: |

diff --git a/.github/workflows/python-sshnpd-build-publish.yml b/.github/workflows/python-sshnpd-build-publish.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout this repo
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
     - name: Set up Python
       uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
@@ -116,7 +116,7 @@ jobs:
       attestations: write
     steps:
     - name: Checkout requirements.txt
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       with:
         sparse-checkout: packages/python/sshnpd/requirements.txt
         sparse-checkout-cone-mode: false

diff --git a/.github/workflows/python_tests.yaml b/.github/workflows/python_tests.yaml
@@ -11,7 +11,7 @@ jobs:
   ruff:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: chartboost/ruff-action@e18ae971ccee1b2d7bbef113930f00c670b78da4 # v1.0.0
         with:
           src: './packages/python'
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           persist-credentials: false
 
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/unit_tests.yaml b/.github/workflows/unit_tests.yaml
@@ -18,7 +18,7 @@ jobs:
   cli_tags:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: ./.github/composite/verify_cli_tags
   noports_core-unit_tests:
     runs-on: ubuntu-latest
@@ -27,7 +27,7 @@ jobs:
       matrix:
         dart-channel: [stable,beta]
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: dart-lang/setup-dart@0a8a0fc875eb934c15d08629302413c671d3f672 # v1.6.5
         with:
           sdk: ${{ matrix.dart-channel}}

diff --git a/.github/workflows/update_python_requirements.yml b/.github/workflows/update_python_requirements.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
     - name: Checkout this repo
       if: ${{ github.actor == 'dependabot[bot]' }}
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       with:
         fetch-depth: 0
         ref: ${{ github.event.pull_request.head.ref }}

diff --git a/apps/admin/admin_api/README.md b/apps/admin/admin_api/README.md
@@ -1,2 +1,89 @@
-A sample command-line application with an entrypoint in `bin/`, library code
-in `lib/`, and example unit test in `test/`.
+# NoPorts Admin API
+
+## Status
+
+The Admin API is currently in alpha, and we are working hard to make it
+sufficiently robust for production usage
+
+## Howto
+
+0. Download a NoPorts release that contains the policy alpha binaries
+(e.g. v5.7.0-alpha-6)
+
+1. Run the policy service (using a different atSign to any daemons connecting
+to the policy service): `npp_atserver -a @policy`
+
+2. Start the policy admin API: `np_admin -a @policy -n sshnp`
+
+3. Manage policy at: `http://localhost:3000`. In the UI, double-click on a
+field to edit it. Changes save immediately they are done.
+
+4. Connect one or more NoPorts daemons with `-p @policy`.
+
+## Systemd unit files
+
+`noports-policy.service`:
+
+```ini
+[Unit]
+Description=NoPorts Policy Service
+After=network-online.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=3
+
+# Configuration of NoPorts Policy service
+# This unit script is a template for the sshnpd background service.
+# You can configure the service by editing the variables below.
+
+# MANDATORY: User to run the daemon as
+User=noports
+
+# MANDATORY: Policy manager address (atSign)
+Environment=policy_atsign="@policy"
+
+# Comment to disable verbose logging
+Environment=v="-v"
+
+# The line below runs the noports policy service, with the options set above.
+# You can edit this line to further customize the service to your needs.
+ExecStart=/home/noports/sshnp/npp_atserver -a "$policy_atsign" "$v"
+```
+
+`noports-policy-admin.service`:
+
+```ini
+[Unit]
+Description=NoPorts Policy Admin Service
+After=network-online.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=3
+
+# Configuration of NoPorts Policy Admin service
+# This unit script is a template for the sshnpd background service.
+# You can configure the service by editing the variables below.
+
+# MANDATORY: User to run the daemon as
+User=noports
+
+# MANDATORY: Policy manager address (atSign)
+Environment=policy_atsign="@policy"
+
+# Comment to disable verbose logging
+Environment=v="-v"
+
+# The line below runs the noports policy service, with the options set above.
+# You can edit this line to further customize the service to your needs.
+ExecStart=/home/noports/sshnp/np_admin -a "$policy_atsign" -n sshnp "$v"
+```