Skip to content

feat: input only proxy integration#88

Merged
MoeMahhouk merged 7 commits intomainfrom
moe/input-only-channel
Feb 4, 2026
Merged

feat: input only proxy integration#88
MoeMahhouk merged 7 commits intomainfrom
moe/input-only-channel

Conversation

@MoeMahhouk
Copy link
Copy Markdown
Member

@MoeMahhouk MoeMahhouk commented Jan 29, 2026
edited
Loading

This pull request introduces support for the new input-only-proxy service, updates firewall configurations to accommodate its network requirements, and extends the command-line interface to allow retrieval of its TLS certificate. These changes improve system modularity and security by isolating input channels and making certificate management more accessible.

Service Addition:

  • Added build instructions for the new Rust-based input-only-proxy package in bob-common/mkosi.build.
  • Introduced a new systemd service unit file for input-only-proxy, specifying startup dependencies, execution parameters, and restart policies in bob-common/mkosi.extra/etc/systemd/system/input-only-proxy.service.

Firewall Configuration Updates:

  • Split the previous SEARCHER_INPUT_PORT into separate UDP and TCP ports (SEARCHER_INPUT_UDP_PORT and SEARCHER_INPUT_TCP_PORT) in both L1 and L2 firewall config files (bob-l1/mkosi.extra/etc/bob/firewall-config, bob-l2/mkosi.extra/etc/bob/firewall-config).
  • Updated firewall rules to accept traffic on the new UDP and TCP input ports, specifically allowing TCP traffic for the new input-only-proxy service.

CLI Improvements:

  • Added a new input-cert command to bob-common/searchersh.c, enabling users to fetch the public TLS certificate used by the input-only-proxy for secure communication.

@MoeMahhouk MoeMahhouk changed the base branch from moe/refactor-toggle to ilya/wip-l2-bob February 3, 2026 17:39
@MoeMahhouk MoeMahhouk marked this pull request as draft February 3, 2026 20:09
alexhulbert
alexhulbert approved these changes Feb 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@alexhulbert alexhulbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@MoeMahhouk MoeMahhouk marked this pull request as ready for review February 4, 2026 14:12
@MoeMahhouk MoeMahhouk changed the base branch from ilya/wip-l2-bob to main February 4, 2026 14:13
@MoeMahhouk MoeMahhouk merged commit 5a0f6f5 into main Feb 4, 2026
@MoeMahhouk MoeMahhouk deleted the moe/input-only-channel branch February 4, 2026 15:17
alexhulbert pushed a commit that referenced this pull request Mar 6, 2026
@MoeMahhouk @alexhulbert
feat: input only proxy integration (#88)
91eadfd 
* feat: add input-only-proxy to the flashbox common module

* enhance security on other ports to block all protocols too

* chore: fix syntax issues and script permissions

* fix localhost network binding issue

* use the TLS version of input-only-proxy
@MoeMahhouk MoeMahhouk mentioned this pull request Mar 9, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexhulbert alexhulbert alexhulbert approved these changes

@niccoloraspa niccoloraspa Awaiting requested review from niccoloraspa

@Ruteri Ruteri Awaiting requested review from Ruteri

@ilyaluk ilyaluk Awaiting requested review from ilyaluk

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MoeMahhouk @alexhulbert