Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/firezone/firezone

Enterprise-ready zero-trust access platform built on WireGuard®.
https://github.com/firezone/firezone

cloud devsecops elixir elixir-lang firewall liveview network network-security networking phoenix privacy rust-lang security self-hosted virtual-network vpn vpn-server wireguard wireguard-ui wireguard-vpn

Last synced: 2 days ago
JSON representation

Enterprise-ready zero-trust access platform built on WireGuard®.

Host: GitHub
URL: https://github.com/firezone/firezone
Owner: firezone
License: apache-2.0
Created: 2020-04-22T04:05:12.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2024-11-29T20:36:24.000Z (13 days ago)
Last Synced: 2024-11-30T13:51:33.039Z (12 days ago)
Topics: cloud, devsecops, elixir, elixir-lang, firewall, liveview, network, network-security, networking, phoenix, privacy, rust-lang, security, self-hosted, virtual-network, vpn, vpn-server, wireguard, wireguard-ui, wireguard-vpn
Language: Elixir
Homepage: https://www.firezone.dev
Size: 166 MB
Stars: 6,878
Watchers: 41
Forks: 287
Open Issues: 354
Metadata Files:
- Readme: .github/README_CI.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: docs/CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: docs/SECURITY.md

Awesome Lists containing this project

fucking-awesome-elixir - Firezone - Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable. (Networking)
awesome-wireguard - Firezone - An open-source WireGuard-based VPN server alternative to OpenVPN Access Server. You can self-host this. (Projects / Deployment)
awesome-repositories - firezone/firezone - Enterprise-ready zero-trust access platform built on WireGuard®. (Elixir)
awesome-starred - firezone/firezone - WireGuard®-based scalable remote access platform (self-hosted)
awesome-networking - Firezone - Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable. (VPN / SD-WAN)
awesome-elixir - Firezone - Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable. (Networking)
StarryDivineSky - firezone/firezone
awesome-rainmana - firezone/firezone - Enterprise-ready zero-trust access platform built on WireGuard®. (Elixir)
awesome-technostructure - firezone/firezone - based zero-trust access platform with OIDC auth, identity sync, and NAT traversal. ([💾 sysadmin-devops](https://github.com/stars/ketsapiwiq/lists/sysadmin-devops))
awesome-technostructure - firezone/firezone - based zero-trust access platform with OIDC auth, identity sync, and NAT traversal. ([💾 sysadmin-devops](https://github.com/stars/ketsapiwiq/lists/sysadmin-devops))

README

        # CI Tips and Tricks

## Rotating signing secrets

- Apple: see [../swift/apple/README.md](../swift/apple/README.md)

- Android: see [../kotlin/android/README.md](../kotlin/android/README.md)

- Windows: see [../rust/gui-client/README.md](../rust/gui-client/README.md)

## Batch-deleting workflow runs

Manually disable the workflows to be cleaned up, then run this:

```bash

org=firezone

repo=firezone

# Get workflow IDs with status "disabled_manually"

workflow_ids=($(gh api repos/$org/$repo/actions/workflows --paginate | jq '.workflows[] | select(.["state"] | contains("disabled_manually")) | .id'))

for workflow_id in "${workflow_ids[@]}"

do

  echo "Listing runs for the workflow ID $workflow_id"

  run_ids=( $(gh api repos/$org/$repo/actions/workflows/$workflow_id/runs --paginate | jq '.workflow_runs[].id') )

  for run_id in "${run_ids[@]}"

  do

    echo "Deleting Run ID $run_id"

    gh api repos/$org/$repo/actions/runs/$run_id -X DELETE >/dev/null

  done

done

```

## Adding a new repository to Google Cloud workload identity

We are using a separate Google Cloud project for GitHub Actions workload

federation, if you need `auth` action to work from a new repo - it needs to be

added to the principal set of a GitHub Actions service account:

```

export REPO="firezone/firezone"

gcloud iam service-accounts add-iam-policy-binding "[email protected]" \

  --project="github-iam-387915" \

  --role="roles/iam.workloadIdentityUser" \

  --member="principalSet://iam.googleapis.com/projects/397012414171/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/${REPO}"

```

for more details see https://github.com/google-github-actions/auth.

## Busting the GCP Docker layer cache

If you find yourself hitting strange Docker image issues like Rust binaries

failing to start inside Docker images, you may need to bust the GCP layer cache.

To do so:

- Login to [GCP](console.cloud.google.com)

- Ensure `firezone-staging` project is selected

- Navigate to the artifact registry service

- Delete all image versions for the appropriate `cache/` image repository