Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
cfb93a3
commit 4429207
Showing
48 changed files
with
13,248 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
{ | ||
"presets": [ | ||
"@babel/preset-env" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
.dockerignore | ||
node_modules | ||
npm-debug.log | ||
logs | ||
README.md | ||
.git | ||
.gitignore | ||
.env.default | ||
.idea | ||
Dockerfile | ||
pre-commit | ||
.eslintrc | ||
test/ | ||
.eslintignore | ||
coverage | ||
.nyc_output | ||
*.env | ||
db/ | ||
.github |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
coverage |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: Docker build on push | ||
env: | ||
DOCKER_CLI_EXPERIMENTAL: enabled | ||
|
||
on: push | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-18.04 | ||
name: Build and push manager image | ||
steps: | ||
- name: Set env variables | ||
run: echo "BRANCH=$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//-/g')" >> $GITHUB_ENV | ||
- name: Show set env variables | ||
run: | | ||
printf " BRANCH: %s\n" "$BRANCH" | ||
- name: Login to Docker Hub | ||
run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin | ||
- name: Checkout project | ||
uses: actions/checkout@v2 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v1 | ||
id: qemu | ||
|
||
- name: Setup Docker buildx action | ||
uses: docker/setup-buildx-action@v1 | ||
id: buildx | ||
|
||
- name: Cache Docker layers | ||
uses: actions/cache@v2 | ||
id: cache | ||
with: | ||
path: /tmp/.buildx-cache | ||
key: ${{ runner.os }}-buildx-${{ github.sha }} | ||
restore-keys: | | ||
${{ runner.os }}-buildx- | ||
- name: Show available buildx platforms | ||
run: echo ${{ steps.buildx.outputs.platforms }} | ||
- name: Run Docker buildx | ||
run: | | ||
docker buildx build \ | ||
--cache-from "type=local,src=/tmp/.buildx-cache" \ | ||
--cache-to "type=local,dest=/tmp/.buildx-cache" \ | ||
--platform linux/amd64,linux/arm64,linux/arm/v7 \ | ||
--tag ${{ secrets.DOCKER_HUB_USER }}/manager:$BRANCH \ | ||
--output "type=registry" ./ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
name: Docker build on tag | ||
env: | ||
DOCKER_CLI_EXPERIMENTAL: enabled | ||
TAG_FMT: '^refs/tags/(((.?[0-9]+){3,4}))$' | ||
|
||
on: | ||
push: | ||
tags: | ||
- v[0-9]+.[0-9]+.[0-9]+ | ||
- v[0-9]+.[0-9]+.[0-9]+-* | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-18.04 | ||
name: Build and push manager image | ||
steps: | ||
- name: Set env variables | ||
run: echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | ||
|
||
- name: Show set environment variables | ||
run: | | ||
printf " TAG: %s\n" "$TAG" | ||
- name: Login to Docker for building | ||
run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin | ||
|
||
- name: Checkout project | ||
uses: actions/checkout@v2 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v1 | ||
id: qemu | ||
|
||
- name: Setup Docker buildx action | ||
uses: docker/setup-buildx-action@v1 | ||
id: buildx | ||
|
||
- name: Available platforms | ||
run: echo ${{ steps.buildx.outputs.platforms }} | ||
|
||
- name: Cache Docker layers | ||
uses: actions/cache@v2 | ||
id: cache | ||
with: | ||
path: /tmp/.buildx-cache | ||
key: ${{ runner.os }}-buildx-${{ github.sha }} | ||
restore-keys: | | ||
${{ runner.os }}-buildx- | ||
- name: Run Docker buildx against tag | ||
run: | | ||
docker buildx build \ | ||
--cache-from "type=local,src=/tmp/.buildx-cache" \ | ||
--cache-to "type=local,dest=/tmp/.buildx-cache" \ | ||
--platform linux/amd64,linux/arm64,linux/arm/v7 \ | ||
--tag ${{ secrets.DOCKER_HUB_USER }}/manager:$TAG \ | ||
--output "type=registry" ./ | ||
- name: Run Docker buildx against latest | ||
run: | | ||
docker buildx build \ | ||
--cache-from "type=local,src=/tmp/.buildx-cache" \ | ||
--cache-to "type=local,dest=/tmp/.buildx-cache" \ | ||
--platform linux/amd64,linux/arm64,linux/arm/v7 \ | ||
--tag ${{ secrets.DOCKER_HUB_USER }}/manager:latest \ | ||
--output "type=registry" ./ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
node_modules/ | ||
npm-debug.log | ||
/.idea/ | ||
/tls.cert | ||
*.log | ||
*.env | ||
logs/ | ||
package-lock.json | ||
*.bak | ||
lb_settings.json | ||
.nyc_output | ||
coverage | ||
db/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# Build Stage | ||
FROM node:12-buster-slim as umbrel-manager-builder | ||
|
||
# Install tools | ||
RUN apt-get update && apt-get install -y build-essential libffi-dev libssl-dev python3 | ||
|
||
# Create app directory | ||
WORKDIR /app | ||
|
||
# Copy 'yarn.lock' and 'package.json' | ||
COPY yarn.lock package.json ./ | ||
|
||
# Install dependencies | ||
RUN yarn install --production | ||
|
||
# Copy project files and folders to the current working directory (i.e. '/app') | ||
COPY . . | ||
|
||
# Final image | ||
FROM node:12-buster-slim AS umbrel-manager | ||
|
||
# Copy built code from build stage to '/app' directory | ||
COPY --from=umbrel-manager-builder /app /app | ||
|
||
# Change directory to '/app' | ||
WORKDIR /app | ||
|
||
EXPOSE 3006 | ||
CMD [ "yarn", "start" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
The MIT License | ||
|
||
Copyright (c) 2018-2019 Casa, Inc. https://keys.casa/ | ||
Copyright (c) 2020 Umbrel. https://getumbrel.com/ | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
[![Umbrel Manager](https://static.getumbrel.com/github/github-banner-umbrel-manager.svg)](https://github.com/getumbrel/umbrel-manager) | ||
|
||
[![Version](https://img.shields.io/github/v/release/getumbrel/umbrel-manager?color=%235351FB&label=version)](https://github.com/getumbrel/umbrel-manager/releases) | ||
[![Docker Build](https://img.shields.io/github/workflow/status/getumbrel/umbrel-manager/Docker%20build%20on%20push?color=%235351FB)](https://github.com/getumbrel/umbrel-manager/actions?query=workflow%3A"Docker+build+on+push") | ||
[![Docker Pulls](https://img.shields.io/docker/pulls/getumbrel/manager?color=%235351FB)](https://hub.docker.com/repository/registry-1.docker.io/getumbrel/manager/tags?page=1) | ||
[![Community Chat](https://img.shields.io/badge/community%20chat-telegram-%235351FB)](https://t.me/getumbrel) | ||
[![Developer Chat](https://img.shields.io/badge/dev%20chat-keybase-%235351FB)](https://keybase.io/team/getumbrel) | ||
|
||
[![Twitter](https://img.shields.io/twitter/follow/getumbrel?style=social)](https://twitter.com/getumbrel) | ||
[![Reddit](https://img.shields.io/reddit/subreddit-subscribers/getumbrel?label=Subscribe%20%2Fr%2Fgetumbrel&style=social)](https://reddit.com/r/getumbrel) | ||
|
||
|
||
# ☂️ manager | ||
|
||
Manager runs by-default on [Umbrel OS](https://github.com/getumbrel/umbrel-os) as a containerized service. It provides a low-level system API that handles: | ||
- User authentication using JWT | ||
- Encryption/decryption of sensitive information, such as the lightning wallet's seed | ||
- CRUD operations | ||
- Lifecycle-management of all other containerized services | ||
|
||
## 🚀 Getting started | ||
|
||
If you are looking to run Umbrel on your hardware, you do not need to run this service on it's own. Just download [Umbrel OS](https://github.com/getumbrel/umbrel-os/releases) and you're good to go. | ||
|
||
## 🛠 Running manager | ||
|
||
### Step 1. Install dependencies | ||
```sh | ||
yarn | ||
``` | ||
|
||
### Step 2. Set environment variables | ||
Set the following environment variables directly or by placing them in `.env` file of project's root. | ||
|
||
| Variable | Description | Default | | ||
| ------------- | ------------- | ------------- | | ||
| `PORT` | Port where manager should listen for requests | `3006` | | ||
| `DEVICE_HOSTS` | Comma separated list of IPs or domain names to whitelist for CORS | `http://umbrel.local` | | ||
| `USER_FILE` | Path to the user's data file (automatically created on user registration) | `/db/user.json` | | ||
| `SHUTDOWN_SIGNAL_FILE` | Path to write a file to signal a system shutdown | `/signals/shutdown` | | ||
| `REBOOT_SIGNAL_FILE` | Path to write a file to signal a system reboot | `/signals/reboot` | | ||
| `MIDDLEWARE_API_URL` | IP or domain where [`umbrel-middleware`](https://github.com/getumbrel/umbrel-middleware) is listening | `http://localhost` | | ||
| `MIDDLEWARE_API_PORT` | Port where [`umbrel-middleware`](https://github.com/getumbrel/umbrel-middleware) is listening | `3005` | | ||
| `JWT_PUBLIC_KEY_FILE` | Path to the JWT public key (automatically created) | `/db/jwt-public-key/jwt.pem` | | ||
| `JWT_PRIVATE_KEY_FILE` | Path to the JWT private key (automatically created) | `/db/jwt-public-key/jwt.key` | | ||
| `JWT_EXPIRATION` | JWT expiration in miliseconds | `3600` | | ||
| `UMBREL_SEED_FILE` | Path to the seed used to deterministically generate entropy | `'/db/umbrel-seed/seed'` | | ||
| `UMBREL_DASHBOARD_HIDDEN_SERVICE_FILE` | Path to Tor hostname of [`umbrel-dashboard`](https://github.com/getumbrel/umbrel-dashboard) | `/var/lib/tor/dashboard/hostname` | | ||
| `ELECTRUM_HIDDEN_SERVICE_FILE` | Path to Electrum hidden service hostname | `/var/lib/tor/electrum/hostname` | | ||
| `ELECTRUM_PORT` | Port the Electrum server is listening on | `50001` | | ||
| `BITCOIN_P2P_HIDDEN_SERVICE_FILE` | Path to P2P hidden service hostname of `bitcoin` | `/var/lib/tor/bitcoin-p2p/hostname` | | ||
| `BITCOIN_P2P_PORT` | P2P port of `bitcoin` | `8333` | | ||
| `BITCOIN_RPC_HIDDEN_SERVICE_FILE` | Path to RPC hidden service hostname of `bitcoin` | `/var/lib/tor/bitcoin-rpc/hostname` | | ||
| `BITCOIN_RPC_PORT` | RPC port of `bitcoin` | `8332` | | ||
| `BITCOIN_RPC_USER` | RPC user for `bitcoin` | `umbrel` | | ||
| `BITCOIN_RPC_PASSWORD` | RPC password for `bitcoin` | `moneyprintergobrrr` | | ||
| `GITHUB_REPO` | GitHub repository of Umbrel | `getumbrel/umbrel` | | ||
| `UMBREL_VERSION_FILE` | Path to the Umbrel's version file | `/info.json` | | ||
| `UPDATE_STATUS_FILE` | Path to update status file | `/statuses/update-status.json` | | ||
| `UPDATE_SIGNAL_FILE` | Path to write the update signal file | `/signals/update` | | ||
| `UPDATE_LOCK_FILE` | Path to the update lock file | `/statuses/update-in-progress` | | ||
| `BACKUP_STATUS_FILE` | Path to backup status file | `/statuses/backup-status.json` | | ||
| `TOR_PROXY_IP` | IP or domain where Tor proxy is listening | `192.168.0.1` | | ||
| `TOR_PROXY_PORT` | Port where Tor proxy is listening | `9050` | | ||
| `APP_DATA_DIR` | Path to the 'app-data' directory | `/app-data` | | ||
| `REPOS_DIR` | Path to the 'repos' directory | `/repos` | | ||
| `SESSIONS_DIR` | Path to the file-based sessions directory | `/db/sessions` | | ||
| `UMBREL_AUTH_SECRET` | A shared secret to sign (using hmac) the auth cookie | `undefined` | | ||
| `UMBREL_APP_REPO_URL` | Umbrel's remote app repo git url | `https://github.com/getumbrel/umbrel-apps.git` | | ||
|
||
### Step 3. Run manager | ||
```sh | ||
yarn start | ||
``` | ||
|
||
You can browse through the available API endpoints [here](https://github.com/getumbrel/umbrel-manager/tree/master/routes/v1). | ||
|
||
--- | ||
|
||
### ⚡️ Don't be too reckless | ||
|
||
> Umbrel is still in an early stage and things are expected to break every now and then. We **DO NOT** recommend running it on the mainnet with real money just yet, unless you want to be really *#reckless*. | ||
## ❤️ Contributing | ||
|
||
We welcome and appreciate new contributions! | ||
|
||
If you're a developer looking to help but not sure where to begin, check out [these issues](https://github.com/getumbrel/umbrel-manager/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) that have specifically been marked as being friendly to new contributors. | ||
|
||
If you're looking for a bigger challenge, before opening a pull request please [create an issue](https://github.com/getumbrel/umbrel-manager/issues/new/choose) or [join our community chat](https://t.me/getumbrel) to get feedback, discuss the best way to tackle the challenge, and to ensure that there's no duplication of work. | ||
|
||
## 🙏 Acknowledgements | ||
|
||
Umbrel Manager is inspired by and built upon the work done by [Casa](https://github.com/casa) on its open-source [Node Manager API](https://github.com/Casa/V2-Casa-Node-Manager). | ||
|
||
--- | ||
|
||
[![License](https://img.shields.io/github/license/getumbrel/umbrel-manager?color=%235351FB)](https://github.com/getumbrel/umbrel-manager/blob/master/LICENSE) | ||
|
||
[getumbrel.com](https://getumbrel.com) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
require('module-alias/register'); | ||
require('module-alias').addPath('.'); | ||
require('dotenv').config(); | ||
|
||
const express = require('express'); | ||
const path = require('path'); | ||
const morgan = require('morgan'); | ||
const bodyParser = require('body-parser'); | ||
const cookieParser = require('cookie-parser'); | ||
const passport = require('passport'); | ||
|
||
// Keep requestCorrelationId middleware as the first middleware. Otherwise we risk losing logs. | ||
const requestCorrelationMiddleware = require('middlewares/requestCorrelationId.js'); // eslint-disable-line id-length | ||
const camelCaseReqMiddleware = require('middlewares/camelCaseRequest.js').camelCaseRequest; | ||
const errorHandleMiddleware = require('middlewares/errorHandling.js'); | ||
require('middlewares/auth.js'); | ||
|
||
const logger = require('utils/logger.js'); | ||
|
||
const ping = require('routes/ping.js'); | ||
const account = require('routes/v1/account.js'); | ||
const system = require('routes/v1/system.js'); | ||
const external = require('routes/v1/external.js'); | ||
const apps = require('routes/v1/apps.js'); | ||
const communityAppStores = require('routes/v1/community-app-stores.js'); | ||
const constants = require('utils/const.js'); | ||
|
||
const app = express(); | ||
|
||
// Define custom response method for setting | ||
// the Umbrel auth/session cookie | ||
app.response.umbrelSessionCookie = function (token) { | ||
return this.cookie(constants.UMBREL_COOKIE_NAME, token, { | ||
httpOnly: true, | ||
signed: true, | ||
sameSite: "lax" | ||
}); | ||
}; | ||
|
||
app.use(cookieParser(constants.UMBREL_AUTH_SECRET)); | ||
app.use(bodyParser.json()); | ||
app.use(bodyParser.urlencoded({ extended: true })); | ||
app.use(express.static(path.join(__dirname, 'public'))); | ||
app.use(passport.initialize()); | ||
app.use(passport.session()); | ||
|
||
app.use(requestCorrelationMiddleware); | ||
app.use(camelCaseReqMiddleware); | ||
app.use(morgan(logger.morganConfiguration)); | ||
|
||
app.use('/ping', ping); | ||
app.use('/v1/account', account); | ||
app.use('/v1/system', system); | ||
app.use('/v1/external', external); | ||
app.use('/v1/apps', apps); | ||
app.use('/v1/community-app-stores', communityAppStores); | ||
|
||
app.use(errorHandleMiddleware); | ||
app.use((req, res) => { | ||
res.status(404).json(); // eslint-disable-line no-magic-numbers | ||
}); | ||
|
||
module.exports = app; |
Oops, something went wrong.