Merge branch 'private-master' into public-master

.gitignore

@@ -33,6 +33,7 @@ logs/*
 statuses/*
 tor/*
 app-data/*
+data/
 
 # Commit these files
 

deps/app-proxy/test/docker-compose.sse.yml

@@ -5,6 +5,7 @@ services:
         environment:
             APP_HOST: sse_server
             APP_PORT: 80
+            PROXY_AUTH_WHITELIST: "*"
     sse_server:
         image: getumbrel/sse-test-server
-        build: ./test/sse-test-server
+        build: ./sse-test-server

deps/app-proxy/utils/proxy.js

@@ -9,6 +9,12 @@ const CONSTANTS = require('../utils/const.js');
 const safeHandler = require("../utils/safe_handler.js");
 
 function onProxyReq(proxyReq, req, res, config) {
+	// "Value may be undefined if the socket is destroyed (for example, if the client disconnected)."
+	// More details here: https://nodejs.org/api/net.html#socketremoteaddress
+	if(req.socket.remoteAddress === undefined) {
+		return res.end();
+	}
+
 	// If we don't trust the upstream, we'll set the x-forwarded headers
 	// Upstream could be a proxy and therefore trusted
 	// So we'll accept the incoming x-forwarded headers
@@ -137,4 +143,4 @@ module.exports = {
 	whitelist,
 	blacklist,
 	apply
-}
+}

docker-compose.tor.yml

@@ -0,0 +1,14 @@
+version: '3.7'
+
+services:
+        tor_server:
+                container_name: tor_server
+                image: getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
+                user: "1000:1000"
+                # build: ./deps/tor
+                restart: on-failure
+                volumes:
+                    - ${PWD}/tor/torrc-server:/etc/tor/torrc:ro
+                    - ${PWD}/tor/data:/data
+                environment:
+                    HOME: "/tmp"

docker-compose.yml

@@ -2,9 +2,9 @@ version: '3.7'
 
 services:
         tor_proxy:
-                container_name: tor
-                image: lncm/tor:0.4.7.8@sha256:aab30ebb496aa25934d6096951d8b200347c3c3ce5db3493695229efa2601f7b
-                user: toruser
+                container_name: tor_proxy
+                image: getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
+                user: "1000:1000"
                 restart: on-failure
                 volumes:
                     - ${PWD}/tor/torrc-proxy:/etc/tor/torrc:ro
@@ -31,16 +31,15 @@ services:
                         ipv4_address: $NGINX_IP
         dashboard:
                 container_name: dashboard
-                image: getumbrel/dashboard:v0.5.4@sha256:413fa34aac4ab5cab1ccdf6fecacb6f69f6cbd774e35bee92ff4f2170783fee9
+                image: getumbrel/dashboard:v0.5.5@sha256:af5328c5a9c414d4348a90a20f00771fdf4ab6ea0fa2e19e8599bc5dde30c329
                 restart: on-failure
                 stop_grace_period: 1m30s
                 networks:
                     default:
                         ipv4_address: $DASHBOARD_IP
         manager:
                 container_name: manager
-                image: getumbrel/manager:v0.5.0@sha256:c780ffb2619ba32e392ed9343d0336867ad3b2e9f3f08b8b0c7f9083e2c44a26
-                depends_on: [ tor_proxy ]
+                image: getumbrel/manager:v0.5.2@sha256:084d9491a787a02136ba55b1cbb663a7c9294aa10aaff2a0ad53198db175a2c8
                 restart: on-failure
                 stop_grace_period: 5m30s
                 volumes:
@@ -63,8 +62,6 @@ services:
                     JWT_PRIVATE_KEY_FILE: "/jwt-private-key/jwt.key"
                     JWT_EXPIRATION: "3600"
                     DOCKER_COMPOSE_DIRECTORY: $PWD
-                    DEVICE_HOSTS: ${DEVICE_HOSTS:-"http://umbrel.local"}
-                    DEVICE_HOSTNAME: ${DEVICE_HOSTNAME:-""}
                     UMBREL_SEED_FILE: "/db/umbrel-seed/seed"
                     UMBREL_DASHBOARD_HIDDEN_SERVICE_FILE: "/var/lib/tor/web/hostname"
                     UMBREL_AUTH_SECRET: $UMBREL_AUTH_SECRET
@@ -87,8 +84,7 @@ services:
                     UPDATE_LOCK_FILE: "/statuses/update-in-progress"
                     BACKUP_STATUS_FILE: "/statuses/backup-status.json"
                     DEBUG_STATUS_FILE: "/statuses/debug-status.json"
-                    TOR_PROXY_IP: "${TOR_PROXY_IP}"
-                    TOR_PROXY_PORT: "${TOR_PROXY_PORT}"
+                    REPO_UPDATE_STATUS_FILE: "/statuses/repo-update-status.json"
                     TOR_HIDDEN_SERVICE_DIR: "/var/lib/tor"
                     IS_UMBREL_OS: ${IS_UMBREL_OS:-"false"}
                     UMBREL_APP_REPO_URL: "https://github.com/getumbrel/umbrel-apps.git"

events/triggers/reboot

@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-set -euo pipefail
 
 ./scripts/stop
 shutdown -r now

events/triggers/remote-tor-access

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)"
+USER_FILE="${UMBREL_ROOT}/db/user.json"
+STATUS_FILE="${UMBREL_ROOT}/statuses/remote-tor-access-status.json"
+SIGNAL_FILE="${UMBREL_ROOT}/events/signals/remote-tor-access"
+
+updateStatus() {
+  local -r state="${1}"
+  local -r progress="${2}"
+
+  cat <<EOF > "${STATUS_FILE}"
+{"state": "${state}", "progress": ${progress}}
+EOF
+}
+
+if [[ ! -f "${SIGNAL_FILE}" ]]; then
+  exit
+fi
+
+enabled=$(cat "${SIGNAL_FILE}")
+rm -f "${SIGNAL_FILE}"
+
+if [[ -f "${STATUS_FILE}" ]]; then
+  state=$(cat "${STATUS_FILE}" 2> /dev/null | jq -r 'if has("state") then .state else "" end' || true)
+
+  if [[ "${state}" == "running" ]]; then
+    >&2 echo "Error: Already running!"
+    exit 1
+  fi
+fi
+
+updateStatus "running" "20"
+
+echo "Stopping Umbrel..."
+"${UMBREL_ROOT}/scripts/stop" || true
+
+updateStatus "running" "50"
+
+echo
+echo "Saving 'remoteTorAccess' setting..."
+
+while ! (set -o noclobber; echo "$$" > "${USER_FILE}.lock") 2> /dev/null; do
+  echo "Waiting for JSON lock to be released for ${app} update..."
+  sleep 1
+done
+# This will cause the lock-file to be deleted in case of a
+# premature exit.
+trap "rm -f "${USER_FILE}.lock"; exit $?" INT TERM EXIT
+
+jq ".remoteTorAccess = ${enabled}" "${USER_FILE}" > /tmp/user.json
+mv /tmp/user.json "${USER_FILE}"
+
+rm -f "${USER_FILE}.lock"
+
+echo
+echo "Starting Umbrel..."
+"${UMBREL_ROOT}/scripts/start"
+
+updateStatus "complete" "100"

events/triggers/repo

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)"
+
+updateStatus() {
+  local -r state="${1}"
+  local -r description="${2}"
+  local -r url="${3}"
+
+  cat <<EOF > "$UMBREL_ROOT"/statuses/repo-update-status.json
+{"state": "${state}", "description": "${description}", "url": "${url}"}
+EOF
+}
+
+signal="${1}"
+command=${signal%%"-"*}
+signal_file="${UMBREL_ROOT}/events/signals/repo-${command}"
+if [[ ! -f "${signal_file}" ]]; then
+	exit
+fi
+
+url=$(cat "${signal_file}")
+rm -f "${signal_file}"
+
+updateStatus "running" "Updating local app repos" "${url}"
+
+"${UMBREL_ROOT}/scripts/repo" "${command}" "${url}"
+
+if [[ "${command}" == "add" ]]; then
+	"${UMBREL_ROOT}/scripts/repo" "update" "${url}"
+
+	# Check that the repo was cloned
+	repo_path=$("${UMBREL_ROOT}/scripts/repo" path "${url}")
+	if [[ -d "${repo_path}" ]]; then
+		updateStatus "success" "Successfully added: ${url}" "${url}"
+	else
+		updateStatus "error" "Failed to add: ${url}" "${url}"
+	fi
+elif [[ "${command}" == "remove" ]]; then
+	updateStatus "success" "Successfully removed: ${url}" "${url}"
+else
+	updateStatus "success" "" "${url}"
+fi

events/triggers/shutdown

@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-set -euo pipefail
 
 ./scripts/stop
 shutdown -h now

karen

@@ -62,6 +62,13 @@ fswatch -0 --event=PlatformSpecific $signal_dir | while read -d "" event; do
     trigger="$trigger_dir/app"
     args="${signal#$app_prefix}"
   fi
+
+  app_prefix="repo-"
+  if [[ "$signal" == "$app_prefix"* ]]; then
+    # This is an repo signal, let the repo trigger handle it
+    trigger="$trigger_dir/repo"
+    args="${signal#$app_prefix}"
+  fi
 
   if test -x "$trigger"; then
     echo "karen is getting triggered!"