Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 2c717c0ebd |
@@ -9,7 +9,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout Repository
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Build Environment
|
||||
run: sudo apt-get update && sudo apt-get install -y make dpkg-dev
|
||||
@@ -25,14 +25,14 @@ jobs:
|
||||
echo "file2=$(ls nym-vpn*.deb)" >> $GITHUB_ENV
|
||||
|
||||
- name: Upload nym-repo-setup
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ env.file1 }}
|
||||
path: ppa/packages/nym-repo-setup*.deb
|
||||
retention-days: 10
|
||||
|
||||
- name: Upload nym-vpn
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ env.file2 }}
|
||||
path: ppa/packages/nym-vpn*.deb
|
||||
|
||||
@@ -10,7 +10,7 @@ jobs:
|
||||
run:
|
||||
working-directory: documentation/docs
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install Dependencies (Linux)
|
||||
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git python3 && sudo apt-get update --fix-missing
|
||||
- name: Install pip3
|
||||
@@ -21,16 +21,16 @@ jobs:
|
||||
run: sudo apt-get install -y rsync
|
||||
- uses: rlespinasse/github-slug-action@v3.x
|
||||
- name: Setup pnpm
|
||||
uses: pnpm/action-setup@v4.2.0
|
||||
uses: pnpm/action-setup@v4.1.0
|
||||
with:
|
||||
version: 9
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: 20
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
- name: Build all binaries
|
||||
uses: actions-rs/cargo@v1
|
||||
with:
|
||||
|
||||
@@ -37,16 +37,16 @@ jobs:
|
||||
|
||||
runs-on: ${{ matrix.platform }}
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Dependencies (Linux)
|
||||
run: sudo apt-get update && sudo apt-get -y install jq vim libwebkit2gtk-4.0-dev build-essential curl wget libssl-dev libgtk-3-dev libudev-dev squashfs-tools
|
||||
continue-on-error: true
|
||||
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
|
||||
- name: Branch name
|
||||
run: echo running on branch ${GITHUB_REF##*/}
|
||||
|
||||
@@ -12,7 +12,7 @@ jobs:
|
||||
build:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install rsync
|
||||
run: sudo apt-get install rsync
|
||||
continue-on-error: true
|
||||
|
||||
@@ -28,7 +28,7 @@ jobs:
|
||||
CARGO_TERM_COLOR: always
|
||||
RUSTUP_PERMIT_COPY_RENAME: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Prepare build output directory
|
||||
shell: bash
|
||||
@@ -46,10 +46,10 @@ jobs:
|
||||
run: |
|
||||
echo "RUSTFLAGS=--cfg tokio_unstable" >> $GITHUB_ENV
|
||||
echo "CARGO_FEATURES=--features tokio-console" >> $GITHUB_ENV
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
|
||||
- name: Build all binaries
|
||||
uses: actions-rs/cargo@v1
|
||||
@@ -71,7 +71,7 @@ jobs:
|
||||
|
||||
- name: Upload Artifact
|
||||
if: github.event_name == 'workflow_dispatch'
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: nym-binaries-artifacts
|
||||
path: |
|
||||
|
||||
@@ -15,13 +15,13 @@ jobs:
|
||||
RUSTUP_PERMIT_COPY_RENAME: 1
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Rust toolchain
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
target: wasm32-unknown-unknown
|
||||
override: true
|
||||
components: rustfmt, clippy
|
||||
|
||||
@@ -54,13 +54,13 @@ jobs:
|
||||
if: contains(matrix.os, 'linux')
|
||||
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install rust toolchain
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
override: true
|
||||
components: rustfmt, clippy
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ jobs:
|
||||
- licenses bans sources
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
- uses: EmbarkStudios/cargo-deny-action@v2
|
||||
with:
|
||||
log-level: warn
|
||||
|
||||
@@ -13,10 +13,10 @@ jobs:
|
||||
runs-on: arc-linux-latest-dind
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/Cargo.toml
|
||||
|
||||
@@ -10,13 +10,13 @@ env:
|
||||
|
||||
jobs:
|
||||
check-if-tag-exists:
|
||||
runs-on: arc-linux-latest-dind
|
||||
runs-on: arc-ubuntu-22.04-dind
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/Cargo.toml
|
||||
|
||||
@@ -16,12 +16,12 @@ jobs:
|
||||
CARGO_TERM_COLOR: always
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Rust toolchain
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
|
||||
- name: Generate the schema
|
||||
run: make contract-schema
|
||||
|
||||
@@ -17,7 +17,7 @@ jobs:
|
||||
env:
|
||||
CARGO_TERM_COLOR: always
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Prepare build output directory
|
||||
shell: bash
|
||||
|
||||
@@ -22,7 +22,7 @@ jobs:
|
||||
CARGO_TERM_COLOR: always
|
||||
RUSTUP_PERMIT_COPY_RENAME: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup rust
|
||||
uses: actions-rs/toolchain@v1
|
||||
|
||||
@@ -17,7 +17,7 @@ jobs:
|
||||
run:
|
||||
working-directory: documentation/docs
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install Dependencies (Linux)
|
||||
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler git python3 && sudo apt-get update --fix-missing
|
||||
- name: Install pip3
|
||||
@@ -28,16 +28,16 @@ jobs:
|
||||
run: sudo apt-get install -y rsync
|
||||
- uses: rlespinasse/github-slug-action@v3.x
|
||||
- name: Setup pnpm
|
||||
uses: pnpm/action-setup@v4.2.0
|
||||
uses: pnpm/action-setup@v4.1.0
|
||||
with:
|
||||
version: 9
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: 20
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
- name: Build all binaries
|
||||
uses: actions-rs/cargo@v1
|
||||
with:
|
||||
|
||||
@@ -17,7 +17,7 @@ jobs:
|
||||
env:
|
||||
RUSTUP_PERMIT_COPY_RENAME: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
- uses: rlespinasse/github-slug-action@v3.x
|
||||
|
||||
- uses: actions/setup-node@v4
|
||||
@@ -27,10 +27,10 @@ jobs:
|
||||
- name: Setup yarn
|
||||
run: npm install -g yarn
|
||||
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
|
||||
- name: Install wasm-pack
|
||||
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
|
||||
|
||||
@@ -25,13 +25,13 @@ jobs:
|
||||
continue-on-error: true
|
||||
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install rust toolchain
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
override: true
|
||||
components: rustfmt, clippy
|
||||
|
||||
|
||||
@@ -8,9 +8,9 @@ on:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: arc-linux-latest-dind
|
||||
runs-on: arc-linux-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install rsync
|
||||
run: sudo apt-get install rsync
|
||||
@@ -25,10 +25,10 @@ jobs:
|
||||
- name: Setup yarn
|
||||
run: npm install -g yarn
|
||||
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
|
||||
- name: Install wasm-pack
|
||||
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
|
||||
|
||||
@@ -16,7 +16,7 @@ jobs:
|
||||
CARGO_TERM_COLOR: always
|
||||
RUSTUP_PERMIT_COPY_RENAME: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
@@ -25,13 +25,13 @@ jobs:
|
||||
- uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
target: wasm32-unknown-unknown
|
||||
override: true
|
||||
components: rustfmt, clippy
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v6
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: "1.24.6"
|
||||
|
||||
|
||||
@@ -10,10 +10,10 @@ jobs:
|
||||
name: SonarQube
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
- name: SonarQube Scan
|
||||
uses: SonarSource/sonarqube-scan-action@v7
|
||||
uses: SonarSource/sonarqube-scan-action@v5
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
|
||||
@@ -30,11 +30,11 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
- name: Setup Pages
|
||||
uses: actions/configure-pages@v5
|
||||
- name: Upload artifact
|
||||
uses: actions/upload-pages-artifact@v4
|
||||
uses: actions/upload-pages-artifact@v3
|
||||
with:
|
||||
# Upload entire repository
|
||||
path: './ppa'
|
||||
|
||||
@@ -8,6 +8,6 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/first-interaction@v3
|
||||
with:
|
||||
repo_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
issue_message: 'Thank you for raising this issue'
|
||||
pr_message: 'Thank you for making this first PR'
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
issue-message: 'Thank you for raising this issue'
|
||||
pr-message: 'Thank you for making this first PR'
|
||||
|
||||
@@ -19,7 +19,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Dependencies (Linux)
|
||||
run: sudo apt-get update && sudo apt-get install -y build-essential curl wget libssl-dev libudev-dev squashfs-tools protobuf-compiler
|
||||
@@ -101,7 +101,7 @@ jobs:
|
||||
- name: Collect jobs status
|
||||
uses: technote-space/workflow-conclusion-action@v3
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
- name: install npm
|
||||
uses: actions/setup-node@v4
|
||||
if: env.WORKFLOW_CONCLUSION == 'failure'
|
||||
|
||||
@@ -15,7 +15,7 @@ jobs:
|
||||
output1: ${{ steps.step2.outputs.latest_release }}
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Set output variable to latest release branch
|
||||
@@ -28,7 +28,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Setup git user
|
||||
@@ -47,7 +47,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Setup git user
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Dependencies (Linux)
|
||||
run: sudo apt-get update && sudo apt-get install -y libwebkit2gtk-4.0-dev build-essential curl wget libssl-dev libgtk-3-dev squashfs-tools
|
||||
@@ -28,7 +28,7 @@ jobs:
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
override: true
|
||||
components: rustfmt, clippy
|
||||
|
||||
@@ -63,7 +63,7 @@ jobs:
|
||||
- name: Collect jobs status
|
||||
uses: technote-space/workflow-conclusion-action@v3
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
- name: install npm
|
||||
uses: actions/setup-node@v4
|
||||
if: env.WORKFLOW_CONCLUSION == 'failure'
|
||||
|
||||
@@ -8,11 +8,11 @@ jobs:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
- name: Install rust toolchain
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
- name: Install cargo deny
|
||||
run: cargo install --locked cargo-deny
|
||||
- name: Run cargo deny
|
||||
@@ -20,7 +20,7 @@ jobs:
|
||||
find . -name Cargo.toml -exec cargo deny --manifest-path {} check \
|
||||
advisories -A advisory-not-detected --hide-inclusion-graph \; &> \
|
||||
>(uniq &> .github/workflows/support-files/notifications/deny.message )
|
||||
- uses: actions/upload-artifact@v6
|
||||
- uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: report
|
||||
path: .github/workflows/support-files/notifications/deny.message
|
||||
@@ -29,9 +29,9 @@ jobs:
|
||||
runs-on: custom-linux
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
- name: Download report from previous job
|
||||
uses: actions/download-artifact@v7
|
||||
uses: actions/download-artifact@v5
|
||||
with:
|
||||
name: report
|
||||
path: .github/workflows/support-files/notifications
|
||||
|
||||
@@ -15,12 +15,12 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Rust
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
override: true
|
||||
|
||||
- name: Install dependencies
|
||||
|
||||
@@ -42,7 +42,7 @@ jobs:
|
||||
cli_version: ${{ steps.binary-versions.outputs.cli_version }}
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Dependencies (Linux)
|
||||
run: sudo apt-get update && sudo apt-get -y install ripgrep libwebkit2gtk-4.0-dev build-essential curl wget libssl-dev libgtk-3-dev libudev-dev squashfs-tools
|
||||
@@ -53,10 +53,10 @@ jobs:
|
||||
echo 'RUSTFLAGS="--cfg tokio_unstable"' >> $GITHUB_ENV
|
||||
if: github.event_name == 'workflow_dispatch' && inputs.add_tokio_unstable == true
|
||||
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: 1.88.0
|
||||
override: true
|
||||
|
||||
- name: Build all binaries
|
||||
@@ -66,7 +66,7 @@ jobs:
|
||||
args: --workspace --release ${{ env.CARGO_FEATURES }}
|
||||
|
||||
- name: Upload Artifact
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: my-artifact
|
||||
path: |
|
||||
|
||||
@@ -9,12 +9,11 @@ jobs:
|
||||
if: ${{ (startsWith(github.ref, 'refs/tags/nym-contracts-') && github.event_name == 'release') || github.event_name == 'workflow_dispatch' }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
target: wasm32-unknown-unknown
|
||||
override: true
|
||||
|
||||
@@ -27,14 +26,14 @@ jobs:
|
||||
run: make contracts
|
||||
|
||||
- name: Upload Mixnet Contract Artifact
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: mixnet_contract.wasm
|
||||
path: contracts/target/wasm32-unknown-unknown/release/mixnet_contract.wasm
|
||||
retention-days: 5
|
||||
|
||||
- name: Upload Vesting Contract Artifact
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: vesting_contract.wasm
|
||||
path: contracts/target/wasm32-unknown-unknown/release/vesting_contract.wasm
|
||||
|
||||
@@ -21,17 +21,17 @@ jobs:
|
||||
release_tag: ${{ github.ref_name }}
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Node
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: 21
|
||||
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
|
||||
- name: Add Rust target for x86_64-apple-darwin
|
||||
run: rustup target add x86_64-apple-darwin
|
||||
@@ -108,7 +108,7 @@ jobs:
|
||||
cd -
|
||||
|
||||
- name: Upload Artifact
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: nym-wallet.app.tar.gz
|
||||
path: nym-wallet/target/x86_64-apple-darwin/release/bundle/macos/nym-wallet.app.tar.gz
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
release_tag: ${{ github.ref_name }}
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install system dependencies
|
||||
run: |
|
||||
@@ -33,10 +33,10 @@ jobs:
|
||||
node-version: 21
|
||||
cache: 'yarn'
|
||||
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
|
||||
- name: Install project dependencies
|
||||
shell: bash
|
||||
@@ -97,7 +97,7 @@ jobs:
|
||||
fi
|
||||
|
||||
- name: Upload Artifact
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: nym-wallet-appimage.tar.gz
|
||||
path: |
|
||||
|
||||
@@ -27,12 +27,12 @@ jobs:
|
||||
release_tag: ${{ github.ref_name }}
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Rust toolchain
|
||||
- name: Install Rust stable
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
|
||||
- name: Setup MSBuild.exe
|
||||
uses: microsoft/setup-msbuild@v2
|
||||
@@ -128,7 +128,7 @@ jobs:
|
||||
find . -name "*.msi" -type f
|
||||
|
||||
- name: Upload Artifact
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: nym-wallet.msi
|
||||
path: |
|
||||
|
||||
@@ -22,7 +22,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install Java
|
||||
uses: actions/setup-java@v5
|
||||
@@ -76,7 +76,7 @@ jobs:
|
||||
apk/nyms5-arch64-release.apk
|
||||
|
||||
- name: Upload APKs
|
||||
uses: actions/upload-artifact@v6
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: nyms5-apk-arch64
|
||||
path: |
|
||||
@@ -89,9 +89,9 @@ jobs:
|
||||
runs-on: custom-linux
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
- name: Download binary artifact
|
||||
uses: actions/download-artifact@v7
|
||||
uses: actions/download-artifact@v5
|
||||
with:
|
||||
name: nyms5-apk-arch64
|
||||
path: apk
|
||||
|
||||
@@ -6,7 +6,7 @@ jobs:
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Node
|
||||
uses: actions/setup-node@v4
|
||||
@@ -21,7 +21,7 @@ jobs:
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: ${{ vars.REQUIRED_RUSTC_VERSION }}
|
||||
toolchain: stable
|
||||
override: true
|
||||
components: rustfmt, clippy
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
git config --global user.name "Lawrence Stalder"
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/nym-credential-proxy/Cargo.toml
|
||||
|
||||
@@ -8,7 +8,7 @@ env:
|
||||
|
||||
jobs:
|
||||
build-container:
|
||||
runs-on: arc-linux-latest-dind
|
||||
runs-on: arc-ubuntu-22.04-dind
|
||||
steps:
|
||||
- name: Login to Harbor
|
||||
uses: docker/login-action@v3
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
git config --global user.name "Lawrence Stalder"
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/Cargo.toml
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
git config --global user.name "Lawrence Stalder"
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/nym-network-monitor/Cargo.toml
|
||||
|
||||
@@ -25,7 +25,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
|
||||
@@ -24,7 +24,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
git config --global user.name "Lawrence Stalder"
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/nym-api/Cargo.toml
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
git config --global user.name "Lawrence Stalder"
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/Cargo.toml
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
git config --global user.name "Lawrence Stalder"
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/Cargo.toml
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
git config --global user.name "Lawrence Stalder"
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/Cargo.toml
|
||||
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
password: ${{ secrets.HARBOR_ROBOT_SECRET }}
|
||||
|
||||
- name: Checkout repo
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure git identity
|
||||
run: |
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
git config --global user.name "Lawrence Stalder"
|
||||
|
||||
- name: Get version from cargo.toml
|
||||
uses: mikefarah/yq@v4.50.1
|
||||
uses: mikefarah/yq@v4.47.1
|
||||
id: get_version
|
||||
with:
|
||||
cmd: yq -oy '.package.version' ${{ env.WORKING_DIRECTORY }}/Cargo.toml
|
||||
|
||||
@@ -20,7 +20,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v6
|
||||
uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: 20
|
||||
@@ -30,7 +30,7 @@ jobs:
|
||||
with:
|
||||
release-tag-or-name-or-id: ${{ inputs.release_tag }}
|
||||
|
||||
- uses: actions/upload-artifact@v6
|
||||
- uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: Asset Hashes
|
||||
path: hashes.json
|
||||
|
||||
@@ -63,5 +63,3 @@ nym-api/redocly/formatted-openapi.json
|
||||
|
||||
**/settings.sql
|
||||
**/enter_db.sh
|
||||
|
||||
*.profraw
|
||||
@@ -4,28 +4,6 @@ Post 1.0.0 release, the changelog format is based on [Keep a Changelog](https://
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
## [2025.21-mozzarella] (2025-11-25)
|
||||
|
||||
- [bugfix] Tunnel not waiting on MixnetClient to shut down cleanly ([#6225])
|
||||
- bugfix: fix credential proxy upgrade mode attestation url arg ([#6202])
|
||||
- HTTP API resilience enable & domain rotation conditions ([#6200])
|
||||
- Remove debug feature from http-macro spec in gateway probe ([#6195])
|
||||
- DNS relibility and troubleshooting ([#6179])
|
||||
- [bugfix] Distinguish authenticator errors by credential spent ([#6176])
|
||||
- Typescript SDK 1.4.1 ([#6146])
|
||||
- Enable URL rotation and retries for mixnet gateway init ([#6126])
|
||||
- Feature/credential proxy jwt ([#5957])
|
||||
|
||||
[#6225]: https://github.com/nymtech/nym/pull/6225
|
||||
[#6202]: https://github.com/nymtech/nym/pull/6202
|
||||
[#6200]: https://github.com/nymtech/nym/pull/6200
|
||||
[#6195]: https://github.com/nymtech/nym/pull/6195
|
||||
[#6179]: https://github.com/nymtech/nym/pull/6179
|
||||
[#6176]: https://github.com/nymtech/nym/pull/6176
|
||||
[#6146]: https://github.com/nymtech/nym/pull/6146
|
||||
[#6126]: https://github.com/nymtech/nym/pull/6126
|
||||
[#5957]: https://github.com/nymtech/nym/pull/5957
|
||||
|
||||
## [2025.20-leerdammer] (2025-11-12)
|
||||
|
||||
- Max/tweak ts sdk actions ([#6185])
|
||||
|
||||
Generated
+417
-523
File diff suppressed because it is too large
Load Diff
+6
-11
@@ -18,6 +18,7 @@ resolver = "2"
|
||||
members = [
|
||||
"clients/native",
|
||||
"clients/native/websocket-requests",
|
||||
"clients/rtt-tester",
|
||||
"clients/socks5",
|
||||
"common/async-file-watcher",
|
||||
"common/authenticator-requests",
|
||||
@@ -87,9 +88,7 @@ members = [
|
||||
"common/nymsphinx/params",
|
||||
"common/nymsphinx/routing",
|
||||
"common/nymsphinx/types",
|
||||
"common/nyxd-scraper-sqlite",
|
||||
"common/nyxd-scraper-psql",
|
||||
"common/nyxd-scraper-shared",
|
||||
"common/nyxd-scraper",
|
||||
"common/pemstore",
|
||||
"common/registration",
|
||||
"common/serde-helpers",
|
||||
@@ -126,7 +125,6 @@ members = [
|
||||
"nym-credential-proxy/nym-credential-proxy",
|
||||
"nym-credential-proxy/nym-credential-proxy-requests",
|
||||
"nym-credential-proxy/vpn-api-lib-wasm",
|
||||
"nym-data-observatory",
|
||||
"nym-ip-packet-client",
|
||||
"nym-network-monitor",
|
||||
"nym-node",
|
||||
@@ -266,10 +264,9 @@ futures = "0.3.31"
|
||||
futures-util = "0.3"
|
||||
generic-array = "0.14.7"
|
||||
getrandom = "0.2.10"
|
||||
glob = "0.3"
|
||||
handlebars = "3.5.5"
|
||||
hex = "0.4.3"
|
||||
hickory-resolver = "0.25.2"
|
||||
hickory-resolver = "0.25"
|
||||
hkdf = "0.12.3"
|
||||
hmac = "0.12.1"
|
||||
http = "1"
|
||||
@@ -351,11 +348,11 @@ tokio-tungstenite = { version = "0.20.1" }
|
||||
tokio-util = "0.7.15"
|
||||
toml = "0.8.22"
|
||||
tower = "0.5.2"
|
||||
tower-http = "0.6.6"
|
||||
tower-http = "0.5.2"
|
||||
tracing = "0.1.41"
|
||||
tracing-log = "0.2"
|
||||
tracing-opentelemetry = "0.19.0"
|
||||
tracing-subscriber = "0.3.20"
|
||||
tracing-subscriber = "0.3.19"
|
||||
tracing-tree = "0.2.2"
|
||||
tracing-indicatif = "0.3.9"
|
||||
tracing-test = "0.2.5"
|
||||
@@ -402,9 +399,7 @@ cw-multi-test = "=2.3.2"
|
||||
bip32 = { version = "0.5.3", default-features = false }
|
||||
|
||||
|
||||
cosmrs = { version = "0.22.0" }
|
||||
cosmos-sdk-proto = { version = "0.27.0" }
|
||||
ibc-proto = { version = "0.52.0" }
|
||||
cosmrs = { version = "0.21.1" }
|
||||
tendermint = "0.40.4"
|
||||
tendermint-rpc = "0.40.4"
|
||||
prost = { version = "0.13", default-features = false }
|
||||
|
||||
@@ -1,191 +0,0 @@
|
||||
# config file for ansible -- http://ansible.com/
|
||||
# ==============================================
|
||||
|
||||
# nearly all parameters can be overridden in ansible-playbook
|
||||
# or with command line flags. ansible will read ANSIBLE_CONFIG,
|
||||
# ansible.cfg in the current working directory, .ansible.cfg in
|
||||
# the home directory or /etc/ansible/ansible.cfg, whichever it
|
||||
# finds first
|
||||
|
||||
[defaults]
|
||||
# some basic default values...
|
||||
|
||||
inventory = inventory/all
|
||||
#library = /usr/share/my_modules/
|
||||
remote_tmp = $HOME/.ansible/tmp
|
||||
pattern = *
|
||||
forks = 5
|
||||
poll_interval = 15
|
||||
transport = smart
|
||||
remote_port = 22
|
||||
module_lang = C
|
||||
|
||||
# plays will gather facts by default, which contain information about
|
||||
# the remote system.
|
||||
#
|
||||
# smart - gather by default, but don't regather if already gathered
|
||||
# implicit - gather by default, turn off with gather_facts: False
|
||||
# explicit - do not gather by default, must say gather_facts: True
|
||||
gathering = implicit
|
||||
|
||||
# additional paths to search for roles in, colon separated
|
||||
roles_path = ../roles
|
||||
|
||||
# uncomment this to disable SSH key host checking
|
||||
host_key_checking = False
|
||||
|
||||
# what flags to pass to sudo
|
||||
#sudo_flags = -H
|
||||
|
||||
# SSH timeout
|
||||
timeout = 100
|
||||
|
||||
# default user to use for playbooks if user is not specified
|
||||
# (/usr/bin/ansible will use current user as default)
|
||||
#remote_user = root
|
||||
|
||||
# logging is off by default unless this path is defined
|
||||
# if so defined, consider logrotate
|
||||
#log_path = /var/log/ansible.log
|
||||
|
||||
# default module name for /usr/bin/ansible
|
||||
#module_name = command
|
||||
|
||||
# use this shell for commands executed under sudo
|
||||
# you may need to change this to bin/bash in rare instances
|
||||
# if sudo is constrained
|
||||
#executable = /bin/sh
|
||||
|
||||
# if inventory variables overlap, does the higher precedence one win
|
||||
# or are hash values merged together? The default is 'replace' but
|
||||
# this can also be set to 'merge'.
|
||||
#hash_behaviour = replace
|
||||
|
||||
# list any Jinja2 extensions to enable here:
|
||||
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
|
||||
|
||||
# if set, always use this private key file for authentication, same as
|
||||
# if passing --private -key to ansible or ansible-playbook
|
||||
#private_key_file = /path/to/file
|
||||
|
||||
# format of string {{ ansible_managed }} available within Jinja2
|
||||
# templates indicates to users editing templates files will be replaced.
|
||||
# replacing {file}, {host} and {uid} and strftime codes with proper values.
|
||||
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
|
||||
|
||||
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
|
||||
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
|
||||
# messages. NOTE: the task header will still be shown regardless of whether or not the
|
||||
# task is skipped.
|
||||
#display_skipped_hosts = True
|
||||
|
||||
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
|
||||
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
|
||||
# to revert the behavior to pre-1.3.
|
||||
#error_on_undefined_vars = False
|
||||
|
||||
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
|
||||
# system running ansible itself. This may include warnings about 3rd party packages or
|
||||
# other conditions that should be resolved if possible.
|
||||
# to disable these warnings, set the following value to False:
|
||||
#system_warnings = True
|
||||
|
||||
# by default (as of 1.4), Ansible may display deprecation warnings for language
|
||||
# features that should no longer be used and will be removed in future versions.
|
||||
# to disable these warnings, set the following value to False:
|
||||
#deprecation_warnings = True
|
||||
|
||||
# (as of 1.8), Ansible can optionally warn when usage of the shell and
|
||||
# command module appear to be simplified by using a default Ansible module
|
||||
# instead. These warnings can be silenced by adjusting the following
|
||||
# setting or adding warn=yes or warn=no to the end of the command line
|
||||
# parameter string. This will for example suggest using the git module
|
||||
# instead of shelling out to the git command.
|
||||
# command_warnings = False
|
||||
|
||||
|
||||
# set plugin path directories here, separate with colons
|
||||
action_plugins = ../../other/plugins/action
|
||||
callback_plugins = ../../other/plugins/callback
|
||||
connection_plugins = ../../other/plugins/connection
|
||||
lookup_plugins = ../../other/plugins/lookup
|
||||
vars_plugins = ../../other/plugins/vars
|
||||
filter_plugins = ../../other/plugins/filter
|
||||
|
||||
# by default callbacks are not loaded for /bin/ansible, enable this if you
|
||||
# want, for example, a notification or logging callback to also apply to
|
||||
# /bin/ansible runs
|
||||
#bin_ansible_callbacks = False
|
||||
|
||||
|
||||
# don't like cows? that's unfortunate.
|
||||
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
|
||||
#nocows = 1
|
||||
|
||||
# don't like colors either?
|
||||
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
|
||||
#nocolor = 1
|
||||
|
||||
# the CA certificate path used for validating SSL certs. This path
|
||||
# should exist on the controlling node, not the target nodes
|
||||
# common locations:
|
||||
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
|
||||
# Fedora : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
|
||||
# Ubuntu : /usr/share/ca-certificates/cacert.org/cacert.org.crt
|
||||
#ca_file_path =
|
||||
|
||||
# the http user-agent string to use when fetching urls. Some web server
|
||||
# operators block the default urllib user agent as it is frequently used
|
||||
# by malicious attacks/scripts, so we set it to something unique to
|
||||
# avoid issues.
|
||||
#http_user_agent = ansible-agent
|
||||
|
||||
# if set to a persistant type (not 'memory', for example 'redis') fact values
|
||||
# from previous runs in Ansible will be stored. This may be useful when
|
||||
# wanting to use, for example, IP information from one group of servers
|
||||
# without having to talk to them in the same playbook run to get their
|
||||
# current IP information.
|
||||
fact_caching = memory
|
||||
|
||||
[paramiko_connection]
|
||||
|
||||
# uncomment this line to cause the paramiko connection plugin to not record new host
|
||||
# keys encountered. Increases performance on new host additions. Setting works independently of the
|
||||
# host key checking setting above.
|
||||
#record_host_keys=False
|
||||
|
||||
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
|
||||
# line to disable this behaviour.
|
||||
#pty=False
|
||||
|
||||
[ssh_connection]
|
||||
|
||||
# ssh arguments to use
|
||||
# Leaving off ControlPersist will result in poor performance, so use
|
||||
# paramiko on older platforms rather than removing it
|
||||
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
|
||||
|
||||
# The path to use for the ControlPath sockets. This defaults to
|
||||
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
|
||||
# very long hostnames or very long path names (caused by long user names or
|
||||
# deeply nested home directories) this can exceed the character limit on
|
||||
# file socket names (108 characters for most platforms). In that case, you
|
||||
# may wish to shorten the string below.
|
||||
#
|
||||
# Example:
|
||||
# control_path = %(directory)s/%%h-%%r
|
||||
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
|
||||
|
||||
# Enabling pipelining reduces the number of SSH operations required to
|
||||
# execute a module on the remote server. This can result in a significant
|
||||
# performance improvement when enabled, however when using "sudo:" you must
|
||||
# first disable 'requiretty' in /etc/sudoers
|
||||
#
|
||||
# By default, this option is disabled to preserve compatibility with
|
||||
# sudoers configurations that have requiretty (the default on many distros).
|
||||
#
|
||||
#pipelining = False
|
||||
|
||||
# if True, make ansible use scp if the connection type is ssh
|
||||
# (default is sftp)
|
||||
scp_if_ssh = True
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
- name: Nym node bonding / post-installation
|
||||
hosts: all # or a specific host/group
|
||||
gather_facts: false
|
||||
serial: 1
|
||||
|
||||
roles:
|
||||
- role: postinstall
|
||||
@@ -1,10 +0,0 @@
|
||||
---
|
||||
- name: "Deploy Nym node"
|
||||
hosts: all # or a specific host/group
|
||||
become: true
|
||||
roles:
|
||||
- base
|
||||
- nym
|
||||
- nginx
|
||||
- tunnel # comment out for mixnode
|
||||
- quic # comment out for mixnode or non-wireguard gateway
|
||||
@@ -1,44 +0,0 @@
|
||||
---
|
||||
ansible_ssh_private_key_file: ~/.ssh/<SSH_KEY>
|
||||
|
||||
# nym_version: "v2025.21-mozzarella"
|
||||
#
|
||||
# NOTE:
|
||||
# if you want to pin Nym to a specific version instead of using the
|
||||
# latest release from GitHub in /tasks/main.yml then
|
||||
# uncomment the line above and set the tag
|
||||
|
||||
cli_url: "https://github.com/nymtech/nym/releases/download/nym-binaries-{{ nym_version }}/nym-cli"
|
||||
tunnel_manager_url: "https://github.com/nymtech/nym/raw/refs/heads/develop/scripts/nym-node-setup/network-tunnel-manager.sh"
|
||||
quic_bridge_deployment_url: "https://raw.githubusercontent.com/nymtech/nym/refs/heads/develop/scripts/nym-node-setup/quic_bridge_deployment.sh"
|
||||
|
||||
# NOTE: These values will be used globally unless overwritten per node in inventory/all
|
||||
ansible_user: root # used for ssh, like `ssh root@nym-exit.ch-1.mynodes.net`
|
||||
email: "<EMAIL>" # used in certbot, description.toml and landing page
|
||||
website: "<WEBSITE>" # it is used in the description.toml
|
||||
description: "<NODE_PUBLIC_DESCRIPTION>" # or define per node in inventory/all
|
||||
|
||||
# NOTE: Set these vars if you want them globally for all nodes
|
||||
# Per node changes in inventory/all will overwrite these global ones:
|
||||
hostname: "" # this is a fallback, keep it and setup hostname per node in inventory/all
|
||||
# moniker: "<MONIKER>" # if not setup here not in inventory/all it get's derived from the hostname
|
||||
# mode: <MODE> # entry-gateway/exit-gateway/mixnode
|
||||
# wireguard_enabled: <WIREGUARD_ENABLED> # true/false
|
||||
|
||||
# NOTE: Possible vars to incule on landing page, etc.
|
||||
# operator_name: "<OPERATOR_NAME>"
|
||||
|
||||
packages:
|
||||
- tmux
|
||||
- speedtest-cli
|
||||
- nano
|
||||
- htop
|
||||
- git
|
||||
- zip
|
||||
- nala
|
||||
- curl
|
||||
- neovim
|
||||
- ca-certificates
|
||||
- jq
|
||||
- wget
|
||||
- ufw
|
||||
@@ -1,34 +0,0 @@
|
||||
[nym_nodes]
|
||||
# READ CONFIGURATION GUIDE:
|
||||
# https://nym.com//docs/operators/orchestration/ansible#configuration
|
||||
|
||||
# VARIABLES INFO
|
||||
# required vars to set values per node:
|
||||
# `ansible_host`, `hostname`, `location`
|
||||
|
||||
# global vars can be set in the group_vars/all.yml, for example:
|
||||
# `email`, `ansible_user`, `moniker`, `description`, `mode`, `wireguard_enabled`
|
||||
# othersise they must be set per node!
|
||||
|
||||
############
|
||||
# TEMPLATE #
|
||||
############
|
||||
# node1 ansible_host=<YOUR_SERVER_IP> ansible_user=<USER> hostname=<HOSTNAME> location=<LOCATION> email=<EMAIL> mode=<MODE> wireguard_enabled=<true/false> moniker=<MONIKER> description=<DESCRIPTION>
|
||||
|
||||
# remove all comments and exchange the <VARIABLES> with your real values for each node
|
||||
# without <> brackets
|
||||
|
||||
# PRIORITY ORDER
|
||||
# anything setup globaly can be overwritten in this file per node
|
||||
# if provided here, it takes priority over the global setting
|
||||
|
||||
# EXAMPLES
|
||||
# exit + wireguard gateway:
|
||||
# node2 ansible_host=11.12.13.14 hostname=nym-exit.ch-1.mydomain.net mode=exit-gateway location=CH wireguard_enabled=true
|
||||
|
||||
# entry gateway, no wireguard:
|
||||
# node3 ansible_host=12.13.14.15 hostname=nym-entry.ch-2.mydomain.net mode=entry-gateway location=CH wireguard_enabled=false
|
||||
|
||||
# NOTE:
|
||||
# all examples above don't have defined user, email nor description as we use the definition from group_vars/main.yml without an attempt of overwriting it
|
||||
# all examples above don't have moniker defined as there is a function in /templates/description.toml.j2 deriving it from the hostname
|
||||
@@ -1,9 +0,0 @@
|
||||
---
|
||||
- name: "Upgrade Nym node"
|
||||
hosts: all # or a specific host/group or limit via -l on CLI (ansible-playbook playbooks/upgrade.yml -l mynode1)
|
||||
become: true
|
||||
serial: 1
|
||||
|
||||
roles:
|
||||
- base
|
||||
- upgrade
|
||||
@@ -1,22 +0,0 @@
|
||||
- name: Set hostname
|
||||
hostname:
|
||||
name: "{{ hostname }}"
|
||||
when: hostname is defined and hostname | length > 0
|
||||
|
||||
- name: Install aptitude
|
||||
apt:
|
||||
name: aptitude
|
||||
update_cache: yes
|
||||
state: present
|
||||
force_apt_get: yes
|
||||
|
||||
- name: Update packages
|
||||
apt:
|
||||
update_cache: yes
|
||||
upgrade: yes
|
||||
|
||||
- name: Install essential packages
|
||||
package:
|
||||
name: "{{ packages }}"
|
||||
state: latest
|
||||
update_cache: yes
|
||||
@@ -1,61 +0,0 @@
|
||||
- name: Install nginx and certbot
|
||||
apt:
|
||||
name:
|
||||
- nginx
|
||||
- certbot
|
||||
- python3-certbot-nginx
|
||||
state: present
|
||||
|
||||
- name: Create web root directory
|
||||
file:
|
||||
path: "/var/www/{{ hostname }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Create landing page template
|
||||
tags: landing
|
||||
template:
|
||||
src: landing.html.j2
|
||||
dest: "/var/www/{{ hostname }}/index.html"
|
||||
|
||||
- name: Remove default nginx site
|
||||
file:
|
||||
path: /etc/nginx/sites-enabled/default
|
||||
state: absent
|
||||
|
||||
- name: Add bare-bones nginx template
|
||||
template:
|
||||
src: nginx-site.conf.j2
|
||||
dest: "/etc/nginx/sites-available/{{ hostname }}"
|
||||
|
||||
- name: Enable nginx config
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ hostname }}"
|
||||
dest: "/etc/nginx/sites-enabled/{{ hostname }}"
|
||||
state: link
|
||||
|
||||
- name: Validate nginx configuration
|
||||
command: nginx -t
|
||||
changed_when: false
|
||||
|
||||
- name: Obtain SSL certificate
|
||||
command:
|
||||
cmd: "certbot --nginx --non-interactive --agree-tos --redirect -m {{ email }} -d {{ hostname }}"
|
||||
|
||||
- name: Add wss config from nginx template
|
||||
template:
|
||||
src: wss-config.conf.j2
|
||||
dest: "/etc/nginx/sites-available/nym-wss-config"
|
||||
|
||||
- name: Enable WSS config
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/nym-wss-config"
|
||||
dest: "/etc/nginx/sites-enabled/nym-wss-config"
|
||||
state: link
|
||||
|
||||
- name: Validate nginx config after wss
|
||||
command: nginx -t
|
||||
changed_when: false
|
||||
|
||||
- name: Restart nginx to apply changes
|
||||
service: name=nginx state=restarted enabled=yes
|
||||
@@ -1,218 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en-US">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>This is a NYM Exit Gateway</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link rel="icon" type="image/png" href="">
|
||||
|
||||
<style>
|
||||
:root {
|
||||
/* font + theme tokens */
|
||||
font-family: Consolas, "Ubuntu Mono", Menlo, "DejaVu Sans Mono", monospace;
|
||||
--background-color: #242B2D;
|
||||
--text-color: #FFFFFF;
|
||||
--link-color: #07ff94;
|
||||
--title-color: #07ff94;
|
||||
}
|
||||
|
||||
html {
|
||||
background: var(--background-color);
|
||||
}
|
||||
|
||||
body {
|
||||
margin-left: auto;
|
||||
margin-right: auto;
|
||||
padding-left: 5vw;
|
||||
padding-right: 5vw;
|
||||
max-width: 1000px;
|
||||
color: var(--text-color); /* default text color */
|
||||
}
|
||||
|
||||
h1 {
|
||||
font-size: 55px;
|
||||
text-align: center;
|
||||
color: var(--title-color);
|
||||
}
|
||||
|
||||
p {
|
||||
color: var(--text-color);
|
||||
}
|
||||
|
||||
p, a {
|
||||
font-size: 20px;
|
||||
}
|
||||
|
||||
a {
|
||||
color: var(--link-color);
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
a:hover {
|
||||
filter: brightness(.8);
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
.links {
|
||||
display: flex;
|
||||
flex-wrap: wrap;
|
||||
justify-content: space-evenly;
|
||||
}
|
||||
|
||||
.links > a {
|
||||
margin: 10px;
|
||||
white-space: nowrap;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<main>
|
||||
<h1>This is a NYM Exit Gateway</h1>
|
||||
|
||||
|
||||
<p>
|
||||
You are most likely accessing this website because you've had some issue with
|
||||
the traffic coming from this IP. This router is part of the <a
|
||||
href="https://nym.com/">NYM project</a>, which is
|
||||
dedicated to <a href="https://nym.com/about/mission">create</a> outstanding
|
||||
privacy software that is legally compliant without sacrificing integrity or
|
||||
having any backdoors.
|
||||
This router IP should be generating no other traffic, unless it has been
|
||||
compromised.
|
||||
</p>
|
||||
|
||||
<p><strong>
|
||||
If you are a representative of a company who feels that this router is being
|
||||
used to violate the DMCA, please be aware that this machine does not host or
|
||||
contain any illegal content. Also be aware that network infrastructure
|
||||
maintainers are not liable for the type of content that passes over their
|
||||
equipment, in accordance with <a
|
||||
href="https://www.law.cornell.edu/uscode/text/17/512">DMCA
|
||||
"safe harbor" provisions</a>. In other words, you will have just as much luck
|
||||
sending a takedown notice to the Internet backbone providers.
|
||||
</strong></p>
|
||||
|
||||
<p>
|
||||
Nym Network is operated by a decentralised community of node operators
|
||||
and stakers. Nym Network is trustless, meaning that no parts of the system
|
||||
nor its operators have access to information that might compromise the privacy
|
||||
of users. Nym software enacts a strict principle of data minimisation and has
|
||||
no back doors. The Nym mixnet works by encrypting packets in several layers
|
||||
and relaying those through a multi-layered network called a mixnet, eventually
|
||||
letting the traffic exit the Nym mixnet through an exit gateway like this one.
|
||||
This design makes it impossible for a service to know which user is connecting to it,
|
||||
since it can only see the IP-address of the Nym exit gateway:
|
||||
</p>
|
||||
|
||||
<p style="text-align:center;margin:40px 0">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="500" viewBox="0 0 490.28 293.73" style="width:100%;max-width:600px" role="img" aria-label="Diagram of how a user connects through the Nym network">
|
||||
<desc>Illustration showing how a user might connect to a service through the Nym Network. The user first sends their data through three daisy-chained encrypted Nym nodes that exist on three different continents. Then the last Nym node in the chain connects to the target service over the normal internet.</desc>
|
||||
<defs>
|
||||
<style>
|
||||
.t {
|
||||
fill: var(--text-color);
|
||||
stroke: var(--text-color);
|
||||
}
|
||||
</style>
|
||||
</defs>
|
||||
<!-- (SVG content left unchanged) -->
|
||||
<path fill="#6fc8b7" d="M257.89 69.4c-6.61-6.36-10.62-7.73-18.36-8.62-7.97-1.83-20.06-7.99-24.17-.67-3.29 5.85-18.2 12.3-16.87 2.08.92-7.03 11.06-13.28 17-17.37 8.69-5.99 24.97-2.87 26.1-10.28 1.04-6.86-8.33-13.22-8.55-2.3-.38 12.84-19.62 2.24-8.73-6.2 8.92-6.9 16.05-9.02 25.61-6.15 12.37 4.83 25.58-2.05 33.73-.71 12.37-2.01 24.69-5.25 37.39-3.96 13 .43 24.08-.14 37.06.63 9.8 1.58 16.5 2.87 26.37 3.6 6.6.48 17.68-.82 24.3 1.9 8.3 4.24.44 10.94-6.89 11.8-8.79 1.05-23.59-1.19-26.6 1.86-5.8 7.41 10.75 5.68 11.27 14.54.57 9.45-5.42 9.38-8.72 16-2.7 4.2.3 13.93-1.18 18.45-1.85 5.64-19.64 4.47-14.7 14.4 4.16 8.34 1.17 19.14-10.33 12.02-5.88-3.65-9.85-22.04-15.66-21.9-11.06.27-11.37 13.18-12.7 17.52-1.3 4.27-3.79 2.33-6-.63-3.54-4.76-7.75-14.22-12.01-17.32-6.12-4.46-10.75-1.17-15.55 2.83-5.63 4.69-8.78 7.82-7.46 16.5.78 9.1-12.9 15.84-14.98 24.09-2.61 10.32-2.57 22.12-8.81 31.47-4 5.98-14.03 20.12-21.27 14.97-7.5-5.34-7.22-14.6-9.56-23.08-2.5-9.02.6-17.35-2.57-26.2-2.45-6.82-6.23-14.54-13.01-13.24-6.5.92-15.08 1.38-19.23-2.97-5.65-5.93-6-10.1-6.61-18.56 1.65-6.94 5.79-12.64 10.38-18.63 3.4-4.42 17.45-10.39 25.26-7.83 10.35 3.38 17.43 10.5 28.95 8.57 3.12-.53 9.14-4.65 7.1-6.62zm-145.6 37.27c-4.96-1.27-11.57 1.13-11.8 6.94-1.48 5.59-4.82 10.62-5.8 16.32.56 6.42 4.34 12.02 8.18 16.97 3.72 3.85 8.58 7.37 9.3 13.1 1.24 5.88 1.6 11.92 2.28 17.87.34 9.37.95 19.67 7.29 27.16 4.26 3.83 8.4-2.15 6.52-6.3-.54-4.54-.6-9.11 1.01-13.27 4.2-6.7 7.32-10.57 12.44-16.64 5.6-7.16 12.74-11.75 14-20.9.56-4.26 5.72-13.86 1.7-16.72-3.14-2.3-15.83-4-18.86-6.49-2.36-1.71-3.86-9.2-9.86-12.07-4.91-3.1-10.28-6.73-16.4-5.97zm11.16-49.42c6.13-2.93 10.58-4.77 14.61-10.25 3.5-4.28 2.46-12.62-2.59-15.45-7.27-3.22-13.08 5.78-18.81 8.71-5.96 4.2-12.07-5.48-6.44-10.6 5.53-4.13.38-9.2-5.66-8.48-6.12.8-12.48-1.45-18.6-1.73-5.3-.7-10.13-1-15.45-1.37-5.37-.05-16.51-2.23-25.13.87-5.42 1.79-12.5 5.3-16.73 9.06-4.85 4.2.2 7.56 5.54 7.45 5.3-.22 16.8-5.36 20.16.98 3.68 8.13-5.82 18.29-5.2 26.69.1 6.2 3.37 11 4.74 16.98 1.62 5.94 6.17 10.45 10 15.14 4.7 5.06 13.06 6.3 19.53 8.23 7.46.14 3.34-9.23 3.01-14.11 1.77-7.15 8.49-7.82 12.68-13.5 7.14-7.72 16.41-13.4 24.34-18.62zM190.88 3.1c-4.69 0-13.33.04-18.17-.34-7.65.12-13.1-.62-19.48-1.09-3.67.39-9.09 3.34-5.28 7.04 3.8.94 7.32 4.92 7.1 9.31 1.32 4.68 1.2 11.96 6.53 13.88 4.76-.2 7.12-7.6 11.93-8.25 6.85-2.05 12.5-4.58 17.87-9.09 2.48-2.76 7.94-6.38 5.26-10.33-1.55-1.31-2.18-.64-5.76-1.13zm178.81 157.37c-2.66 10.08-5.88 24.97 9.4 15.43 7.97-5.72 12.58-2.02 17.47 1.15.5.43 2.65 9.2 7.19 8.53 5.43-2.1 11.55-5.1 14.96-11.2 2.6-4.62 3.6-12.39 2.76-13.22-3.18-3.43-6.24-11.03-7.7-15.1-.76-2.14-2.24-2.6-2.74-.4-2.82 12.85-6.04 1.22-10.12-.05-8.2-1.67-29.62 7.17-31.22 14.86z"/>
|
||||
<g fill="none">
|
||||
<path stroke="#cf63a6" stroke-linecap="round" stroke-width="2.76" d="M135.2 140.58c61.4-3.82 115.95-118.83 151.45-103.33"/>
|
||||
<path stroke="#cf63a6" stroke-linecap="round" stroke-width="2.76" d="M74.43 46.66c38.15 8.21 64.05 42.26 60.78 93.92M286.65 37.25c-9.6 39.44-3.57 57.12-35.64 91.98"/>
|
||||
<path stroke="#e4c101" stroke-dasharray="9.06,2.265" stroke-width="2.27" d="M397.92 162.52c-31.38 1.26-90.89-53.54-148.3-36.17"/>
|
||||
<path stroke="#cf63a6" stroke-linecap="round" stroke-width="2.77" d="M17.6 245.88c14.35 0 14.4.05 28-.03"/>
|
||||
<path stroke="#e3bf01" stroke-dasharray="9.06,2.265" stroke-width="2.27" d="M46.26 274.14c-17.52-.12-16.68.08-30.34.07"/>
|
||||
</g>
|
||||
<g transform="translate(120.8 -35.81)">
|
||||
<circle cx="509.78" cy="68.74" r="18.12" fill="#240a3b" transform="translate(-93.3 38.03) scale(.50637)"/>
|
||||
<circle cx="440.95" cy="251.87" r="18.12" fill="#240a3b" transform="translate(-93.3 38.03) scale(.50637)"/>
|
||||
<circle cx="212.62" cy="272.19" r="18.12" fill="#240a3b" transform="translate(-93.3 38.03) scale(.50637)"/>
|
||||
<circle cx="92.12" cy="87.56" r="18.12" fill="#240a3b" transform="translate(-93.3 38.03) scale(.50637)"/>
|
||||
<circle cx="730.88" cy="315.83" r="18.12" fill="#67727b" transform="translate(-93.3 38.03) scale(.50637)"/>
|
||||
<circle cx="-102.85" cy="282.18" r="9.18" fill="#240a3b"/>
|
||||
<circle cx="-102.85" cy="309.94" r="9.18" fill="#67727b"/>
|
||||
</g>
|
||||
<g class="t">
|
||||
<text xml:space="preserve" x="-24.76" y="10.37" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="-24.76" y="10.37">The user</tspan></text>
|
||||
<text xml:space="preserve" x="150.63" y="196.62" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="150.63" y="196.62">This server</tspan></text>
|
||||
<text xml:space="preserve" x="346.39" y="202.63" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="346.39" y="202.63">Your service</tspan></text>
|
||||
<text xml:space="preserve" x="34.52" y="249.07" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="34.52" y="249.07">Nym network link</tspan></text>
|
||||
<text xml:space="preserve" x="34.13" y="276.05" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="34.13" y="276.05">Unencrypted link</tspan></text>
|
||||
<path fill="none" stroke-linecap="round" stroke-width="1.67" d="M222.6 184.1c-2.6-15.27 8.95-23.6 18.43-38.86m186.75 45.61c-.68-10.17-9.4-17.68-18.08-23.49"/>
|
||||
<path fill="none" stroke-linecap="round" stroke-width="1.67" d="M240.99 153.41c.35-3.41 1.19-6.17.04-8.17m-7.15 5.48c1.83-2.8 4.58-4.45 7.15-5.48"/>
|
||||
<path fill="none" stroke-linecap="round" stroke-width="1.67" d="M412.43 173.21c-2.2-3.15-2.54-3.85-2.73-5.85m0 0c2.46-.65 3.85.01 6.67 1.24M61.62 40.8C48.89 36.98 36.45 27.54 36.9 18.96M61.62 40.8c.05-2.58-3.58-4.8-5.25-5.26m-2.65 6.04c1.8.54 6.8 1.31 7.9-.78"/>
|
||||
<path fill="none" stroke-linecap="round" stroke-linejoin="round" stroke-width="2.44" d="M1.22 229.4h247.74v63.1H1.22z"/>
|
||||
</g>
|
||||
</svg>
|
||||
</p>
|
||||
|
||||
<p><a href="https://nym.com/about/mixnet">Read more about how Nym works.</a></p>
|
||||
|
||||
<p>
|
||||
Nym relies on a growing ecosystem of users, developers and researcher partners
|
||||
aligned with the mission to make sure Nym software is running, remains usable
|
||||
and solves real problems. While Nym is not designed for malicious computer
|
||||
users, it is true that they can use the network for malicious ends. This
|
||||
is largely because criminals and hackers have significantly better access to
|
||||
privacy and anonymity than do the regular users whom they prey upon. Criminals
|
||||
can and do build, sell, and trade far larger and more powerful networks than
|
||||
Nym on a daily basis. Thus, in the mind of this operator, the social need for
|
||||
easily accessible censorship-resistant private, anonymous communication trumps
|
||||
the risk of unskilled bad actors, who are almost always more easily uncovered
|
||||
by traditional police work than by extensive monitoring and surveillance anyway.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
In terms of applicable law, the best way to understand Nym is to consider it a
|
||||
network of routers operating as common carriers, much like the Internet
|
||||
backbone. However, unlike the Internet backbone routers, Nym mixnodes do not
|
||||
contain identifiable routing information about the source of a packet and do
|
||||
mix the user internet traffic with that of other users, making communications
|
||||
private and protecting not just the user content but the metadata
|
||||
(user's IP address, who the user talks to, when, where, from what device and
|
||||
more) and no single Nym node can determine both the origin and destination
|
||||
of a given transmission.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
As such, there is nothing the operator of this Exit Gateway can do to help you
|
||||
track the connection further. This Exit Gateway maintains no logs of any of the
|
||||
Nym Network, so there is little that can be done to trace either legitimate or
|
||||
illegitimate traffic and most importantly the operator cannot tell apart one from
|
||||
the other because of the cryptography design making such selection impossible
|
||||
for the operator. Attempts to seize this router will accomplish nothing.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
To decentralise and enable privacy for a broad range of services, this
|
||||
Exit Gateway adopts an <a href="https://nymtech.net/.wellknown/network-requester/exit-policy.txt">Exit Policy</a>
|
||||
serving as a safeguard.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
That being said, if you still have a complaint about the router, you may email the
|
||||
<a href="mailto:{{ email }}">maintainer</a>. If complaints are related to a particular service that is being abused,
|
||||
the maintainer will submit that to the NYM Operators Community in order to add it to the Exit Policy cited above.
|
||||
The community governance can only blacklist entire IP:port destinations across the entire network.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
You also have the option of blocking this IP address and others on the Nym network if you so desire.
|
||||
The Nym project provides a <a href="https://nym.com/explorer">
|
||||
web service</a> to fetch a list of all IP addresses of Nym Gateway Exit nodes that allow exiting to a
|
||||
specified IP:port combination. Please be considerate when using these options.
|
||||
</p>
|
||||
<p style="text-align:center">
|
||||
<img
|
||||
class="logo"
|
||||
src="https://raw.githubusercontent.com/nymtech/websites/main/www/nym.com/public/images/Nym_meta_Image.png"
|
||||
alt=""
|
||||
style="max-width:320px;width:100%;height:auto"
|
||||
onerror="this.onerror=null;this.src='/images/nym_logo.png';"
|
||||
/>
|
||||
</p>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,13 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ hostname }};
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
@@ -1,35 +0,0 @@
|
||||
server {
|
||||
listen 9001 ssl http2;
|
||||
listen [::]:9001 ssl http2;
|
||||
|
||||
server_name {{ hostname }};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ hostname }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ hostname }}/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
location /favicon.ico {
|
||||
return 204;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, HEAD' always;
|
||||
add_header 'Access-Control-Allow-Headers' '*' always;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
proxy_pass http://localhost:9000;
|
||||
proxy_intercept_errors on;
|
||||
}
|
||||
}
|
||||
@@ -1,40 +0,0 @@
|
||||
---
|
||||
# Where binaries live
|
||||
nym_install_dir: /root/nym-binaries
|
||||
|
||||
# nym-node run arguments (defaults, can be overridden per host/group)
|
||||
http_bind_address: "0.0.0.0:8080" # maps to --http-bind-address
|
||||
mixnet_bind_address: "0.0.0.0:1789" # maps to --mixnet-bind-address
|
||||
|
||||
|
||||
# WireGuard boolean
|
||||
wireguard_enabled: "{{ wireguard_enabled | default(false) | bool }}"
|
||||
|
||||
# Landing page base dir, hostname is appended in the task
|
||||
landing_page_assets_base_dir: "/var/www"
|
||||
|
||||
# Flag toggles
|
||||
# accept_operator_terms: true # controls --accept-operator-terms-and-conditions
|
||||
nym_write_flag: true # controls -w
|
||||
nym_init_only_flag: true # controls --init-only
|
||||
wss_port: 9001 # controlls --announce-wss-port
|
||||
|
||||
# Optional: extra flags if you want to append more later
|
||||
nym_extra_flags: ""
|
||||
|
||||
# CLI URL (nym_version can be set elsewhere / via GitHub API)
|
||||
nym_cli_url: "https://github.com/nymtech/nym/releases/download/{{ nym_version }}/nym-cli"
|
||||
|
||||
# UFW
|
||||
nym_ufw_enable: true
|
||||
|
||||
nym_ufw_rules:
|
||||
- { port: 22, proto: tcp }
|
||||
- { port: 80, proto: tcp }
|
||||
- { port: 443, proto: tcp }
|
||||
- { port: 1789, proto: tcp }
|
||||
- { port: 1790, proto: tcp }
|
||||
- { port: 8080, proto: tcp }
|
||||
- { port: 9000, proto: tcp }
|
||||
- { port: 9001, proto: tcp }
|
||||
- { port: 51822, proto: udp }
|
||||
@@ -1 +0,0 @@
|
||||
#!/bin/bash
|
||||
@@ -1,3 +0,0 @@
|
||||
- name: Reload systemd
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
@@ -1,38 +0,0 @@
|
||||
---
|
||||
# Useful when the host is behind a NAT
|
||||
- name: Fetch the public IP address
|
||||
command: "curl -4 canhazip.com"
|
||||
register: ipv4
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: Set public IP address
|
||||
set_fact:
|
||||
public_ip: "{{ ipv4.stdout | default(ansible_default_ipv4.address) }}"
|
||||
|
||||
- name: Initialize nym node
|
||||
# Delete the part from --hostname onward if you run mode=mixnode only
|
||||
command:
|
||||
cmd: >
|
||||
{{ nym_install_dir }}/nym-node run
|
||||
--mode {{ mode }}
|
||||
--public-ips {{ public_ip }}
|
||||
--http-bind-address {{ http_bind_address }}
|
||||
--mixnet-bind-address {{ mixnet_bind_address }}
|
||||
--location {{ location }}
|
||||
{% if accept_operator_terms %}--accept-operator-terms-and-conditions{% endif %}
|
||||
|
||||
{{ nym_extra_flags }}
|
||||
|
||||
--hostname {{ hostname }}
|
||||
--wireguard-enabled {{ wireguard_enabled }}
|
||||
--landing-page-assets-path {{ landing_page_assets_base_dir }}/{{ hostname }}/
|
||||
{% if nym_write_flag %}-w{% endif %}
|
||||
{% if nym_init_only_flag %}--init-only{% endif %}
|
||||
--announce-wss-port {{ wss_port }}
|
||||
|
||||
|
||||
- name: Update nym description
|
||||
template:
|
||||
src: description.toml.j2
|
||||
dest: /root/.nym/nym-nodes/default-nym-node/data/description.toml
|
||||
@@ -1,25 +0,0 @@
|
||||
- name: Configure UFW rules
|
||||
ufw:
|
||||
rule: allow
|
||||
port: "{{ item.port }}"
|
||||
proto: "{{ item.proto }}"
|
||||
comment: "{{ item.comment | default(omit) }}"
|
||||
loop: "{{ nym_ufw_rules }}"
|
||||
loop_control:
|
||||
label: "{{ item.port }}/{{ item.proto }}"
|
||||
when:
|
||||
- nym_ufw_enable
|
||||
- item.when | default(true)
|
||||
|
||||
- name: Allow bandwidth/topup rule inside WG tunnel
|
||||
command: >
|
||||
ufw allow in on nymwg to any port 51830 proto tcp comment 'bandwidth queries/topup'
|
||||
when:
|
||||
- nym_ufw_enable
|
||||
- (wireguard_enabled | bool)
|
||||
|
||||
- name: Enable UFW
|
||||
ufw:
|
||||
state: enabled
|
||||
when:
|
||||
nym_ufw_enable
|
||||
@@ -1,34 +0,0 @@
|
||||
---
|
||||
- name: Create nym directory
|
||||
file:
|
||||
path: "{{ nym_install_dir }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Get latest Nym release metadata
|
||||
uri:
|
||||
url: https://api.github.com/repos/nymtech/nym/releases/latest
|
||||
return_content: yes
|
||||
register: latest_release
|
||||
when: nym_version is not defined or nym_version == 'latest'
|
||||
|
||||
- name: Set nym_version from GitHub API
|
||||
set_fact:
|
||||
nym_version: "{{ latest_release.json.tag_name }}"
|
||||
when: nym_version is not defined or nym_version == 'latest'
|
||||
|
||||
- name: Set binary URL
|
||||
set_fact:
|
||||
binary_url: "https://github.com/nymtech/nym/releases/download/{{ nym_version }}/nym-node"
|
||||
|
||||
- name: Download nym-node binary
|
||||
get_url:
|
||||
url: "{{ binary_url }}"
|
||||
dest: "{{ nym_install_dir }}/nym-node"
|
||||
mode: "0755"
|
||||
|
||||
- name: Download nym-cli binary
|
||||
get_url:
|
||||
url: "{{ nym_cli_url }}"
|
||||
dest: "{{ nym_install_dir }}/nym-cli"
|
||||
mode: "0755"
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
- name: Install Nym binaries
|
||||
import_tasks: install.yml
|
||||
|
||||
- name: Configure Nym node
|
||||
import_tasks: config.yml
|
||||
|
||||
- name: Configure firewall for Nym
|
||||
import_tasks: firewall.yml
|
||||
|
||||
- name: Configure and start Nym service
|
||||
import_tasks: service.yml
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
- name: Template systemd service
|
||||
tags: systemctl
|
||||
template:
|
||||
src: nym-node.service.j2
|
||||
dest: /etc/systemd/system/nym-node.service
|
||||
notify: Reload systemd
|
||||
|
||||
- name: Enable and start nym service
|
||||
tags: systemctl
|
||||
systemd:
|
||||
name: nym-node
|
||||
enabled: yes
|
||||
state: started
|
||||
daemon_reload: yes
|
||||
@@ -1,20 +0,0 @@
|
||||
{# Priority:
|
||||
1. Use moniker if provided in inventory
|
||||
2. Else strip "nym-exit." prefix if hostname starts with it
|
||||
3. Else use hostname unchanged
|
||||
#}
|
||||
|
||||
{% if moniker is defined and moniker | length > 0 %}
|
||||
{% set moniker_final = moniker %}
|
||||
{% else %}
|
||||
{% if hostname is defined and hostname.startswith('nym-exit.') %}
|
||||
{% set moniker_final = hostname | regex_replace('^nym-exit\\.', '') %}
|
||||
{% else %}
|
||||
{% set moniker_final = hostname %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
moniker = "{{ moniker_final }}"
|
||||
website = " {{ website }}"
|
||||
security_contact = "{{ email }}"
|
||||
details = "{{ description }}"
|
||||
@@ -1,15 +0,0 @@
|
||||
[Unit]
|
||||
Description=Nym Node
|
||||
StartLimitInterval=350
|
||||
StartLimitBurst=10
|
||||
|
||||
[Service]
|
||||
User={{ ansible_user }}
|
||||
LimitNOFILE=65536
|
||||
ExecStart=/root/nym-binaries/nym-node run --mode {{ mode }} --accept-operator-terms-and-conditions --wireguard-enabled {{ wireguard_enabled }}
|
||||
KillSignal=SIGINT
|
||||
Restart=on-failure
|
||||
RestartSec=30
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,49 +0,0 @@
|
||||
- name: Show which node is being bonded
|
||||
tags: bonding
|
||||
debug:
|
||||
msg: "Bonding Nym node: {{ hostname }}"
|
||||
|
||||
- name: Get bonding details
|
||||
tags: bonding
|
||||
command: "/root/nym-binaries/nym-node bonding-information"
|
||||
register: bondinfo
|
||||
changed_when: false
|
||||
|
||||
- name: Display bonding info
|
||||
tags: bonding
|
||||
debug:
|
||||
msg: "{{ item }}"
|
||||
loop: "{{ bondinfo.stdout_lines }}"
|
||||
|
||||
|
||||
- name: Prompt operator to generate contract message in wallet
|
||||
tags: bonding
|
||||
pause:
|
||||
prompt: |
|
||||
** Using the bonding information above:
|
||||
|
||||
1. Open your wallet
|
||||
2. Go to Bonding section
|
||||
3. Fill Hostname and Identity key from the message printed above
|
||||
4. Copy the CONTRACT MESSAGE that your wallet displays
|
||||
5. Paste it below and press Enter
|
||||
|
||||
Paste CONTRACT MESSAGE here:
|
||||
register: contract_msg_input
|
||||
|
||||
- name: Sign bonding contract message on the node
|
||||
tags: bonding
|
||||
command:
|
||||
argv:
|
||||
- /root/nym-binaries/nym-node
|
||||
- sign
|
||||
- --contract-msg
|
||||
- "{{ contract_msg_input.user_input }}"
|
||||
- --output
|
||||
- json
|
||||
register: sign_output
|
||||
|
||||
- name: Display full signed message exactly as returned
|
||||
tags: bonding
|
||||
debug:
|
||||
msg: "{{ sign_output.stdout }}"
|
||||
@@ -1,16 +0,0 @@
|
||||
- name: Download quic_bridge_deployment.sh
|
||||
tags: quic bridge deployment
|
||||
get_url:
|
||||
url: "{{ quic_bridge_deployment_url }}"
|
||||
dest: "/root/nym-binaries/quic_bridge_deployment.sh"
|
||||
mode: "0755"
|
||||
|
||||
- name: Configure tunnel manager
|
||||
tags: quic bridge deployment
|
||||
become: true
|
||||
command:
|
||||
cmd: "/root/nym-binaries/quic_bridge_deployment.sh {{ item }}"
|
||||
environment:
|
||||
NONINTERACTIVE: "1"
|
||||
loop:
|
||||
- full_bridge_setup
|
||||
@@ -1,14 +0,0 @@
|
||||
- name: Download network-tunnel-manager.sh
|
||||
tags: network tunnel manager
|
||||
get_url:
|
||||
url: "{{ tunnel_manager_url }}"
|
||||
dest: "/root/nym-binaries/network-tunnel-manager.sh"
|
||||
mode: "0755"
|
||||
|
||||
- name: Configure tunnel manager
|
||||
tags: network tunnel manager
|
||||
become: true
|
||||
command:
|
||||
cmd: "/root/nym-binaries/network-tunnel-manager.sh {{ item }}"
|
||||
loop:
|
||||
- complete_networking_configuration
|
||||
@@ -1,10 +0,0 @@
|
||||
nym_binary_dir: /root/nym-binaries
|
||||
nym_binary_path: "{{ nym_binary_dir }}/nym-node"
|
||||
nym_backup_dir: "{{ nym_binary_dir }}/bak"
|
||||
nym_backup_path: "{{ nym_backup_dir }}/nym-node"
|
||||
nym_service_name: nym-node
|
||||
|
||||
# nym_version: "v2025.21-mozzarella"
|
||||
# Optional: set this to pin a specific release tag in (e.g. v2025.21-mozzarella)
|
||||
# otherwise the GitHub “latest” release is used
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
- name: Get latest Nym release metadata
|
||||
uri:
|
||||
url: https://api.github.com/repos/nymtech/nym/releases/latest
|
||||
return_content: yes
|
||||
register: latest_release
|
||||
when: nym_version is not defined and not ansible_check_mode
|
||||
|
||||
- name: Set nym_version from GitHub API
|
||||
set_fact:
|
||||
nym_version: "{{ latest_release.json.tag_name }}"
|
||||
when: nym_version is not defined and not ansible_check_mode
|
||||
|
||||
- name: Show target Nym version tag
|
||||
debug:
|
||||
msg: "Target Nym release tag: {{ nym_version | default('latest (check-mode)') }}"
|
||||
|
||||
- name: Generate binary_url from version
|
||||
set_fact:
|
||||
binary_url: >-
|
||||
https://github.com/nymtech/nym/releases/download/{{ nym_version }}/nym-node
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Download nym-node binary
|
||||
get_url:
|
||||
url: "{{ binary_url }}"
|
||||
dest: "{{ nym_binary_path }}"
|
||||
mode: "0755"
|
||||
register: download_result
|
||||
failed_when: false
|
||||
when: not ansible_check_mode
|
||||
@@ -1,122 +0,0 @@
|
||||
# run --version on the new binary
|
||||
- name: Check new nym-node version
|
||||
command:
|
||||
argv:
|
||||
- "{{ nym_binary_path }}"
|
||||
- --version
|
||||
register: nym_new_version_cmd
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
when: not ansible_check_mode
|
||||
|
||||
# show the full stdout so we don’t depend on regex parsing at all
|
||||
# show full upgraded version output, line by line
|
||||
- name: Show upgraded nym-node version info
|
||||
debug:
|
||||
msg: >-
|
||||
{{
|
||||
[
|
||||
"New nym-node --version rc: " ~ (nym_new_version_cmd.rc | default('unset') | string),
|
||||
"New nym-node --version output:"
|
||||
]
|
||||
+ (nym_new_version_cmd.stdout_lines | default([]))
|
||||
}}
|
||||
when: not ansible_check_mode
|
||||
|
||||
# decide if upgrade is successful
|
||||
# success means: the binary executed without an error (rc == 0)
|
||||
- name: Determine if upgrade is successful
|
||||
set_fact:
|
||||
upgrade_ok: "{{ (nym_new_version_cmd.rc | default(1)) == 0 }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
# show the decision for debugging
|
||||
- name: Debug upgrade_ok decision
|
||||
debug:
|
||||
msg:
|
||||
- "upgrade_ok: {{ upgrade_ok }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
#########
|
||||
# success
|
||||
#########
|
||||
|
||||
# show the full version output to the user, line-by-line
|
||||
- name: Show upgraded nym-node version info
|
||||
debug:
|
||||
msg:
|
||||
- "Upgraded nym-node version output:"
|
||||
- "{{ nym_new_version_cmd.stdout_lines | default([]) }}"
|
||||
when: not ansible_check_mode and upgrade_ok | default(false)
|
||||
|
||||
|
||||
# remove backup
|
||||
- name: Remove backup after successful upgrade
|
||||
file:
|
||||
path: "{{ nym_backup_path }}"
|
||||
state: absent
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- upgrade_ok | default(false)
|
||||
- nym_node_bin.stat.exists | default(false)
|
||||
|
||||
# restart service
|
||||
- name: Restart nym-node service after successful upgrade
|
||||
systemd:
|
||||
name: "{{ nym_service_name }}"
|
||||
state: restarted
|
||||
when: not ansible_check_mode and upgrade_ok | default(false)
|
||||
|
||||
# report success
|
||||
- name: Report successful upgrade
|
||||
debug:
|
||||
msg: >-
|
||||
Upgrade successful. nym-node binary executed correctly and the service has been restarted.
|
||||
when: not ansible_check_mode and upgrade_ok | default(false)
|
||||
|
||||
#########
|
||||
# failure
|
||||
#########
|
||||
|
||||
- name: Restore previous nym-node binary after failed upgrade
|
||||
copy:
|
||||
src: "{{ nym_backup_path }}"
|
||||
dest: "{{ nym_binary_path }}"
|
||||
mode: "0755"
|
||||
remote_src: true
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- (upgrade_ok | default(false)) == false
|
||||
- nym_node_bin.stat.exists | default(false)
|
||||
|
||||
- name: Remove backup after rollback
|
||||
file:
|
||||
path: "{{ nym_backup_path }}"
|
||||
state: absent
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- (upgrade_ok | default(false)) == false
|
||||
- nym_node_bin.stat.exists | default(false)
|
||||
|
||||
# always restart the service with the restored binary
|
||||
- name: Restart nym-node service with previous version after failed upgrade
|
||||
systemd:
|
||||
name: "{{ nym_service_name }}"
|
||||
state: restarted
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- (upgrade_ok | default(false)) == false
|
||||
- nym_node_bin.stat.exists | default(false)
|
||||
|
||||
- name: Report failed upgrade and rollback
|
||||
debug:
|
||||
msg: >-
|
||||
Upgrade NOT successful. The previous nym-node binary has been restored
|
||||
and the nym-node service has been restarted with the old version.
|
||||
when: not ansible_check_mode and (upgrade_ok | default(false)) == false
|
||||
|
||||
# optional: hard-fail the play for CI environments
|
||||
#- name: Fail the play to signal upgrade failure
|
||||
# fail:
|
||||
# msg: "nym-node upgrade failed; rolled back to previous binary."
|
||||
# when: not ansible_check_mode and (upgrade_ok | default(false)) == false
|
||||
@@ -1,8 +0,0 @@
|
||||
- name: Prepare for nym-node upgrade (backup, stop service)
|
||||
include_tasks: prepare.yml
|
||||
|
||||
- name: Fetch and install latest nym-node binary
|
||||
include_tasks: fetch_latest.yml
|
||||
|
||||
- name: Verify new nym-node and finalize (restart or rollback)
|
||||
include_tasks: finalize.yml
|
||||
@@ -1,69 +0,0 @@
|
||||
# stop service before touching the binary
|
||||
- name: Stop nym-node service
|
||||
systemd:
|
||||
name: "{{ nym_service_name }}"
|
||||
state: stopped
|
||||
when: not ansible_check_mode
|
||||
|
||||
# check if the current binary exists
|
||||
- name: Check existing nym-node binary
|
||||
stat:
|
||||
path: "{{ nym_binary_path }}"
|
||||
register: nym_node_bin
|
||||
|
||||
# capture current nym-node version (if present)
|
||||
- name: Capture current nym-node version (if present)
|
||||
command:
|
||||
argv:
|
||||
- "{{ nym_binary_path }}"
|
||||
- --version
|
||||
register: nym_current_version_cmd
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
when:
|
||||
- nym_node_bin.stat.exists
|
||||
- not ansible_check_mode
|
||||
|
||||
# show full current version output instead of trying to parse it
|
||||
# show full current version output, line by line
|
||||
- name: Show current nym-node version info
|
||||
debug:
|
||||
msg: >-
|
||||
{{
|
||||
[
|
||||
"Current nym-node --version rc: " ~ (nym_current_version_cmd.rc | default('unset') | string),
|
||||
"Current nym-node --version output:"
|
||||
]
|
||||
+ (nym_current_version_cmd.stdout_lines | default([]))
|
||||
}}
|
||||
when:
|
||||
- nym_node_bin.stat.exists
|
||||
- not ansible_check_mode
|
||||
|
||||
# ensure backup directory exists
|
||||
- name: Ensure backup directory exists
|
||||
file:
|
||||
path: "{{ nym_backup_dir }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
# backup existing nym-node binary
|
||||
- name: Backup existing nym-node binary
|
||||
copy:
|
||||
src: "{{ nym_binary_path }}"
|
||||
dest: "{{ nym_backup_path }}"
|
||||
remote_src: true
|
||||
mode: "0755"
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- nym_node_bin.stat.exists
|
||||
|
||||
# remove current nym-node binary
|
||||
- name: Remove current nym-node binary
|
||||
file:
|
||||
path: "{{ nym_binary_path }}"
|
||||
state: absent
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- nym_node_bin.stat.exists
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "nym-client"
|
||||
version = "1.1.67"
|
||||
version = "1.1.66"
|
||||
authors = ["Dave Hrycyszyn <futurechimp@users.noreply.github.com>", "Jędrzej Stuczyński <andrew@nymtech.net>"]
|
||||
description = "Implementation of the Nym Client"
|
||||
edition = "2021"
|
||||
|
||||
@@ -2594,9 +2594,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/node-forge": {
|
||||
"version": "1.3.2",
|
||||
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.2.tgz",
|
||||
"integrity": "sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw==",
|
||||
"version": "1.3.0",
|
||||
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.0.tgz",
|
||||
"integrity": "sha512-08ARB91bUi6zNKzVmaj3QO7cr397uiDT2nJ63cHjyNtCTWIgvS47j3eT0WfzUwS9+6Z5YshRaoasFkXCKrIYbA==",
|
||||
"dev": true,
|
||||
"engines": {
|
||||
"node": ">= 6.13.0"
|
||||
@@ -6494,9 +6494,9 @@
|
||||
}
|
||||
},
|
||||
"node-forge": {
|
||||
"version": "1.3.2",
|
||||
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.2.tgz",
|
||||
"integrity": "sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw==",
|
||||
"version": "1.3.0",
|
||||
"resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.0.tgz",
|
||||
"integrity": "sha512-08ARB91bUi6zNKzVmaj3QO7cr397uiDT2nJ63cHjyNtCTWIgvS47j3eT0WfzUwS9+6Z5YshRaoasFkXCKrIYbA==",
|
||||
"dev": true
|
||||
},
|
||||
"node-releases": {
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
[package]
|
||||
name = "nym-client-rtt-tester"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
description = "RTT testing client built using nym-client-core"
|
||||
license.workspace = true
|
||||
|
||||
[[bin]]
|
||||
name = "nym-client-rtt-tester"
|
||||
path = "src/main.rs"
|
||||
|
||||
[dependencies]
|
||||
tokio = { workspace = true, features = ["full"] }
|
||||
tracing = { workspace = true }
|
||||
nym-client-core = { path = "../../common/client-core" }
|
||||
nym-network-defaults = { path = "../../common/network-defaults" }
|
||||
nym-sphinx = { path = "../../common/nymsphinx" }
|
||||
nym-topology = { path = "../../common/topology" }
|
||||
nym-config = { path = "../../common/config" }
|
||||
nym-task = { path = "../../common/task" }
|
||||
nym-crypto = { path = "../../common/crypto" }
|
||||
nym-sdk = { path = "../../sdk/rust/nym-sdk" }
|
||||
@@ -0,0 +1,466 @@
|
||||
use nym_sdk::mixnet;
|
||||
use nym_sdk::mixnet::MixnetMessageSender;
|
||||
|
||||
use nym_client_core::client::rtt_analyzer::{RttAnalyzer, RttConfig, RttEvent, RttPattern};
|
||||
use nym_sdk::DebugConfig;
|
||||
use tokio::io::{self, AsyncBufReadExt};
|
||||
use tokio::time::{sleep, Duration};
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() {
|
||||
// ============================================================
|
||||
// 1. Start RTT Analyzer + background worker
|
||||
// ============================================================
|
||||
let _analyzer = RttAnalyzer::new();
|
||||
|
||||
let tx = RttAnalyzer::producer().expect("Analyzer was not initialized!");
|
||||
|
||||
// ============================================================
|
||||
// 2. Build mixnet client
|
||||
// ============================================================
|
||||
let mut debug = DebugConfig::default();
|
||||
|
||||
// Disable ALL Poisson & cover streams
|
||||
debug.traffic.disable_main_poisson_packet_distribution = true;
|
||||
debug.cover_traffic.disable_loop_cover_traffic_stream = false;
|
||||
|
||||
let client = mixnet::MixnetClientBuilder::new_ephemeral()
|
||||
.debug_config(debug)
|
||||
.build()
|
||||
.unwrap();
|
||||
|
||||
let client = client.connect_to_mixnet().await.unwrap();
|
||||
|
||||
let our_address = client.nym_address();
|
||||
println!("Our client nym address is: {our_address}");
|
||||
|
||||
// ============================================================
|
||||
// 3. Ask the user for RTT TEST configuration
|
||||
// ============================================================
|
||||
let config = ask_user_for_rtt_config().await;
|
||||
|
||||
println!("\nStarting RTT test with:");
|
||||
println!(" packets_per_route = {}", config.packets_per_route);
|
||||
println!(" pattern = {:?}", config.pattern);
|
||||
println!(" delay (ms) = {}", config.inter_route_delay_ms);
|
||||
|
||||
// START THE TEST
|
||||
let _ = client
|
||||
.send_rtt_test(*our_address, None, tx.clone(), config)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
// ============================================================
|
||||
// 4. Background listener for incoming messages
|
||||
// ============================================================
|
||||
tokio::spawn({
|
||||
let mut client = client;
|
||||
async move {
|
||||
loop {
|
||||
if client.wait_for_messages().await.is_some() {
|
||||
//I should do something here to shutdown
|
||||
}
|
||||
sleep(Duration::from_millis(10)).await;
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
// ============================================================
|
||||
// 5. Main input loop
|
||||
// ============================================================
|
||||
let stdin = io::BufReader::new(io::stdin());
|
||||
let mut lines = stdin.lines();
|
||||
|
||||
println!("Type 'menu' to show RTT commands.");
|
||||
|
||||
loop {
|
||||
if let Ok(Some(input)) = lines.next_line().await {
|
||||
let input = input.trim().to_lowercase();
|
||||
|
||||
if input == "menu" {
|
||||
show_menu_and_handle_choice(&tx).await;
|
||||
}
|
||||
}
|
||||
|
||||
sleep(Duration::from_millis(50)).await;
|
||||
}
|
||||
}
|
||||
|
||||
// =====================================================================
|
||||
// ASK USER FOR RTT TEST SETTINGS AT PROGRAM START
|
||||
// =====================================================================
|
||||
async fn ask_user_for_rtt_config() -> RttConfig {
|
||||
let stdin = io::BufReader::new(io::stdin());
|
||||
let mut lines = stdin.lines();
|
||||
|
||||
println!("\n========== RTT TEST CONFIGURATION ==========");
|
||||
|
||||
// -----------------------------
|
||||
// Ask for packets per route
|
||||
// -----------------------------
|
||||
println!("Enter number of packets per route: ");
|
||||
let packets = read_u32_from_stdin(&mut lines).await;
|
||||
|
||||
// -----------------------------
|
||||
// Ask for pattern: Burst / RR
|
||||
// -----------------------------
|
||||
println!("Choose pattern:");
|
||||
println!(" 1) Burst");
|
||||
println!(" 2) Round Robin");
|
||||
let pattern = loop {
|
||||
let input = read_string(&mut lines).await;
|
||||
|
||||
match input.as_str() {
|
||||
"1" => break RttPattern::Burst,
|
||||
"2" => break RttPattern::RoundRobin,
|
||||
_ => println!("Invalid choice! Please type 1 or 2:"),
|
||||
}
|
||||
};
|
||||
|
||||
// -----------------------------
|
||||
// Ask for delay between packets
|
||||
// -----------------------------
|
||||
println!("Enter delay between packets (ms): ");
|
||||
let delay = read_u64_from_stdin(&mut lines).await;
|
||||
|
||||
// Build Config
|
||||
RttConfig {
|
||||
packets_per_route: packets,
|
||||
pattern,
|
||||
inter_route_delay_ms: delay,
|
||||
}
|
||||
}
|
||||
|
||||
// =====================================================================
|
||||
// Util functions for reading typed input
|
||||
// =====================================================================
|
||||
async fn read_string(lines: &mut tokio::io::Lines<io::BufReader<io::Stdin>>) -> String {
|
||||
loop {
|
||||
if let Ok(Some(line)) = lines.next_line().await {
|
||||
let trimmed = line.trim().to_string();
|
||||
if !trimmed.is_empty() {
|
||||
return trimmed;
|
||||
}
|
||||
}
|
||||
println!("Please type a value:");
|
||||
}
|
||||
}
|
||||
|
||||
async fn read_u32_from_stdin(lines: &mut tokio::io::Lines<io::BufReader<io::Stdin>>) -> u32 {
|
||||
loop {
|
||||
if let Ok(Some(line)) = lines.next_line().await {
|
||||
if let Ok(num) = line.trim().parse::<u32>() {
|
||||
return num;
|
||||
}
|
||||
}
|
||||
println!("Invalid number, try again:");
|
||||
}
|
||||
}
|
||||
|
||||
async fn read_u64_from_stdin(lines: &mut tokio::io::Lines<io::BufReader<io::Stdin>>) -> u64 {
|
||||
loop {
|
||||
if let Ok(Some(line)) = lines.next_line().await {
|
||||
if let Ok(num) = line.trim().parse::<u64>() {
|
||||
return num;
|
||||
}
|
||||
}
|
||||
println!("Invalid number, try again:");
|
||||
}
|
||||
}
|
||||
// =====================================================================
|
||||
// MENU HANDLER (FULL VERSION WITH HELP / DOCS)
|
||||
// =====================================================================
|
||||
async fn show_menu_and_handle_choice(tx: &tokio::sync::mpsc::Sender<RttEvent>) {
|
||||
println!("\n======================== RTT MENU ========================");
|
||||
println!("1) Print global RTT statistics");
|
||||
println!("2) Write statistics to CSV file");
|
||||
println!("3) Print route details by ROUTE INDEX");
|
||||
println!("4) Print route details by ROUTE NODES STRING");
|
||||
println!("5) Print routes with AVG RTT above threshold");
|
||||
println!("6) Print routes with ANY RTT above threshold");
|
||||
println!("7) Help (Show all commands & how to use them)");
|
||||
println!("8) Write CSV and generate RTT histogram(s) with Python");
|
||||
println!("9) Show overall experiment completion percentage");
|
||||
println!("===========================================================");
|
||||
print!("Select option: ");
|
||||
|
||||
use std::io::Write;
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut input = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut input);
|
||||
let choice = input.trim();
|
||||
|
||||
match choice {
|
||||
// -------------------- 1. PRINT GLOBAL STATS --------------------
|
||||
"1" => {
|
||||
let _ = tx.send(RttEvent::PrintStats).await;
|
||||
}
|
||||
|
||||
// -------------------- 2. WRITE STATS ---------------------------
|
||||
"2" => {
|
||||
print!("Enter file path: ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut path = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut path);
|
||||
|
||||
let path = path.trim().to_string();
|
||||
let _ = tx.send(RttEvent::WriteStats { path }).await;
|
||||
}
|
||||
|
||||
// -------------------- 3. PRINT ROUTE DETAILS -------------------
|
||||
"3" => {
|
||||
print!("Enter route index (0-based): ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut s = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut s);
|
||||
|
||||
if let Ok(index) = s.trim().parse::<usize>() {
|
||||
let _ = tx
|
||||
.send(RttEvent::PrintRouteDetail { route_index: index })
|
||||
.await;
|
||||
} else {
|
||||
println!("Invalid index.");
|
||||
}
|
||||
}
|
||||
|
||||
// -------------------- 4. PRINT STATS BY NODE STRING -----------
|
||||
"4" => {
|
||||
println!("Enter Node String EXACTLY as stored.");
|
||||
println!("Example format:");
|
||||
println!(" <base58_node1> > <base58_node2> > <base58_node3>");
|
||||
print!("Nodes: ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut nodes = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut nodes);
|
||||
|
||||
let nodes = nodes.trim().to_string();
|
||||
let _ = tx.send(RttEvent::PrintRouteStatsByNodes { nodes }).await;
|
||||
}
|
||||
|
||||
// -------------------- 5. AVG ABOVE THRESHOLD ------------------
|
||||
"5" => {
|
||||
print!("Enter threshold in ms: ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut s = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut s);
|
||||
|
||||
if let Ok(th) = s.trim().parse::<u128>() {
|
||||
let _ = tx
|
||||
.send(RttEvent::PrintRoutesWithAvgAbove { threshold_ms: th })
|
||||
.await;
|
||||
} else {
|
||||
println!("Invalid number.");
|
||||
}
|
||||
}
|
||||
|
||||
// -------------------- 6. ANY ABOVE THRESHOLD ------------------
|
||||
"6" => {
|
||||
print!("Enter threshold in ms: ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut s = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut s);
|
||||
|
||||
if let Ok(th) = s.trim().parse::<u128>() {
|
||||
let _ = tx
|
||||
.send(RttEvent::PrintRoutesWithAnyAbove { threshold_ms: th })
|
||||
.await;
|
||||
} else {
|
||||
println!("Invalid number.");
|
||||
}
|
||||
}
|
||||
|
||||
// -------------------- 7. HELP --------------------------------
|
||||
"7" => {
|
||||
print_help();
|
||||
}
|
||||
"8" => {
|
||||
// Ask for CSV path
|
||||
print!("Enter CSV output path (e.g. rtt_stats.csv): ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut path = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut path);
|
||||
let path = path.trim().to_string();
|
||||
|
||||
// Sub-menu for histogram mode
|
||||
println!("\nHistogram mode:");
|
||||
println!(" 1) One plot with ALL RTT samples (including outliers)");
|
||||
println!(" 2) One plot with INLIERS only (RTT <= cutoff)");
|
||||
println!(" 3) TWO plots: one for INLIERS and one for OUTLIERS");
|
||||
print!("Select mode: ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut mode_input = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut mode_input);
|
||||
let mode_choice = mode_input.trim();
|
||||
|
||||
let outlier_mode = match mode_choice {
|
||||
// 1) All RTTs
|
||||
"1" => "all".to_string(),
|
||||
|
||||
// 2) Only inliers, ask for cutoff in seconds
|
||||
"2" => {
|
||||
print!("Enter cutoff in seconds (e.g. 1.0 for 1 second): ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut c = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut c);
|
||||
let cutoff = c.trim();
|
||||
cutoff.to_string() // e.g. "1.0"
|
||||
}
|
||||
|
||||
// 3) Two plots: inliers + outliers (both)
|
||||
"3" => {
|
||||
print!("Enter cutoff in seconds (e.g. 1.0 for 1 second): ");
|
||||
std::io::stdout().flush().unwrap();
|
||||
|
||||
let mut c = String::new();
|
||||
let _ = std::io::stdin().read_line(&mut c);
|
||||
let cutoff = c.trim();
|
||||
// Encode as 'both:<cutoff>' so Python can understand it
|
||||
format!("both:{cutoff}")
|
||||
}
|
||||
|
||||
_ => {
|
||||
println!("Invalid mode, aborting histogram generation.");
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
let _ = tx
|
||||
.send(RttEvent::WriteStatsAndPlot { path, outlier_mode })
|
||||
.await;
|
||||
}
|
||||
|
||||
"9" => {
|
||||
// Send an event to the RTT analyzer to compute and print progress
|
||||
let _ = tx.send(RttEvent::PrintExperimentProgress).await;
|
||||
}
|
||||
|
||||
_ => println!("Invalid selection."),
|
||||
}
|
||||
}
|
||||
|
||||
fn print_help() {
|
||||
println!("\n======================== RTT HELP ========================\n");
|
||||
|
||||
println!("This tool allows you to perform detailed RTT analysis over all mixnet routes.");
|
||||
println!("The client sends RTT probe traffic through every candidate route,");
|
||||
println!("and the RTT analyzer collects per-route statistics in the background.\n");
|
||||
|
||||
println!("Main commands (from the RTT menu):\n");
|
||||
|
||||
println!(" 1) Print global RTT statistics");
|
||||
println!(" Prints one summary line per route:");
|
||||
println!(" - route index");
|
||||
println!(" - packets sent (including retransmissions)");
|
||||
println!(" - number of ACKs");
|
||||
println!(" - number of timeouts");
|
||||
println!(" - average RTT (computed over all stored RTT samples, in ms)");
|
||||
println!();
|
||||
|
||||
println!(" 2) Write stats to CSV file");
|
||||
println!(" Writes one line per route to a CSV file on disk.");
|
||||
println!(" Current CSV columns:");
|
||||
println!(" route,sent,acks,timeouts,avg_rtt");
|
||||
println!(" route : numeric route index");
|
||||
println!(" sent : how many FragmentSent events were recorded");
|
||||
println!(" acks : how many FragmentAckReceived events were recorded");
|
||||
println!(" timeouts : how many FragmentAckExpired events were recorded");
|
||||
println!(" avg_rtt : average RTT (in milliseconds) from all RTT samples");
|
||||
println!();
|
||||
|
||||
println!(" 3) Print route details BY ROUTE INDEX");
|
||||
println!(" Input: a 0-based route index.");
|
||||
println!(" Output for that route:");
|
||||
println!(" - node list (base58 identities) in order: Node1 > Node2 > Node3");
|
||||
println!(" - ALL RTT samples recorded for that route (each sample shown in ms)");
|
||||
println!(" This is useful when you already know the route index and");
|
||||
println!(" want to inspect exactly how it behaves packet by packet.");
|
||||
println!();
|
||||
|
||||
println!(" 4) Print route details BY NODE STRING");
|
||||
println!(" Input format must match exactly what the analyzer stored, for example:");
|
||||
println!(" <node1_base58> > <node2_base58> > <node3_base58>");
|
||||
println!(" If a route with that node sequence exists, the tool will:");
|
||||
println!(" - print the matching route index");
|
||||
println!(" - print the full per-route detail (same as option 3).");
|
||||
println!(" This is useful when you have a specific mixnode combination");
|
||||
println!(" (e.g. a slow or suspicious path) and want its statistics.");
|
||||
println!();
|
||||
|
||||
println!(" 5) Print routes with AVERAGE RTT ABOVE a threshold");
|
||||
println!(" You provide a threshold in milliseconds (e.g. 150).");
|
||||
println!(" The tool will:");
|
||||
println!(" - compute avg RTT for each route");
|
||||
println!(" - select only routes where avg RTT > threshold");
|
||||
println!(" - print detailed info for each matching route (nodes + RTT samples).");
|
||||
println!(" Use this to quickly find generally slow routes.");
|
||||
println!();
|
||||
|
||||
println!(" 6) Print routes with ANY RTT ABOVE a threshold");
|
||||
println!(" You provide a threshold in milliseconds (e.g. 500).");
|
||||
println!(" For each route, if at least one RTT sample exceeds the threshold,");
|
||||
println!(" that route is printed with full details.");
|
||||
println!(" Use this to find routes that occasionally spike very high,");
|
||||
println!(" even if their average RTT is still acceptable.");
|
||||
println!();
|
||||
|
||||
println!(" 7) Show experiment progress (percentage completed)");
|
||||
println!(" Uses the stored experiment configuration (total_routes, packets_per_route)");
|
||||
println!(" plus the number of RTT samples recorded so far to estimate:");
|
||||
println!(" completion = received_samples / (total_routes * packets_per_route)");
|
||||
println!(" The result is printed as a percentage (0%–100%).");
|
||||
println!(" This tells you roughly how far the RTT experiment has progressed.");
|
||||
println!();
|
||||
|
||||
println!(" 8) Write stats AND generate histogram(s) via Python");
|
||||
println!(" This command will:");
|
||||
println!(" 1) Write the current route statistics to a CSV file (same as option 2).");
|
||||
println!(" 2) Call the Python script 'rtt_histogram.py' to visualize RTTs.");
|
||||
println!();
|
||||
println!(" When prompted, you will provide two things:");
|
||||
println!(" - CSV file path (where to save the stats)");
|
||||
println!(" - outlier_mode string, which controls which histograms are generated:");
|
||||
println!();
|
||||
println!(" • \"all\"");
|
||||
println!(" Use ALL avg_rtt values from the CSV.");
|
||||
println!(
|
||||
" Result: a single histogram containing every route's avg RTT (in seconds)."
|
||||
);
|
||||
println!();
|
||||
println!(" • \"<cutoff>\" (numeric, in seconds, e.g. \"1.0\")");
|
||||
println!(" Only keep avg_rtt <= cutoff.");
|
||||
println!(" Result: a single histogram with INLIERS only (values <= cutoff).");
|
||||
println!(
|
||||
" Example: \"1.0\" keeps everything at or below 1.0s and drops slower routes."
|
||||
);
|
||||
println!();
|
||||
println!(" • \"both:<cutoff>\" (e.g. \"both:1.0\")");
|
||||
println!(" Split the data into two sets:");
|
||||
println!(" - inliers : avg_rtt <= cutoff");
|
||||
println!(" - outliers : avg_rtt > cutoff");
|
||||
println!(" Result: TWO histograms are generated:");
|
||||
println!(" 1) Distribution of inliers");
|
||||
println!(" 2) Distribution of outliers");
|
||||
println!(
|
||||
" This helps visually compare the \"normal\" routes and the very slow ones."
|
||||
);
|
||||
println!();
|
||||
|
||||
println!("Helpful notes:");
|
||||
println!(" • RTT samples are computed when a FragmentReceived event arrives.");
|
||||
println!(" For each fragment that may be retransmitted, the analyzer stores");
|
||||
println!(" multiple send times and receive times, and pairs them in order");
|
||||
println!(" to compute multiple RTT values for that fragment if needed.");
|
||||
println!(" • \"sent\" in the stats includes retransmissions as well, so it may be");
|
||||
println!(" higher than packets_per_route for unstable routes.");
|
||||
|
||||
println!("===========================================================\n");
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "nym-socks5-client"
|
||||
version = "1.1.67"
|
||||
version = "1.1.66"
|
||||
authors = ["Dave Hrycyszyn <futurechimp@users.noreply.github.com>"]
|
||||
description = "A SOCKS5 localhost proxy that converts incoming messages to Sphinx and sends them to a Nym address"
|
||||
edition = "2021"
|
||||
|
||||
@@ -29,6 +29,8 @@ time = { workspace = true }
|
||||
tokio = { workspace = true, features = ["sync", "macros"] }
|
||||
tracing = { workspace = true }
|
||||
zeroize = { workspace = true }
|
||||
once_cell = "1.19"
|
||||
|
||||
|
||||
# internal
|
||||
nym-id = { path = "../nym-id" }
|
||||
|
||||
+2
-2
@@ -6,14 +6,14 @@
|
||||
{
|
||||
"name": "exists",
|
||||
"ordinal": 0,
|
||||
"type_info": "Integer"
|
||||
"type_info": "Int"
|
||||
}
|
||||
],
|
||||
"parameters": {
|
||||
"Right": 1
|
||||
},
|
||||
"nullable": [
|
||||
false
|
||||
null
|
||||
]
|
||||
},
|
||||
"hash": "06e743d143fcc4be20ca2af5e99b19f15d22fff72490473587a14cdc046fda32"
|
||||
|
||||
+44
@@ -0,0 +1,44 @@
|
||||
{
|
||||
"db_name": "SQLite",
|
||||
"query": "SELECT * FROM remote_gateway_details WHERE gateway_id_bs58 = ?",
|
||||
"describe": {
|
||||
"columns": [
|
||||
{
|
||||
"name": "gateway_id_bs58",
|
||||
"ordinal": 0,
|
||||
"type_info": "Text"
|
||||
},
|
||||
{
|
||||
"name": "gateway_owner_address",
|
||||
"ordinal": 1,
|
||||
"type_info": "Text"
|
||||
},
|
||||
{
|
||||
"name": "gateway_listener",
|
||||
"ordinal": 2,
|
||||
"type_info": "Text"
|
||||
},
|
||||
{
|
||||
"name": "derived_aes128_ctr_blake3_hmac_keys_bs58",
|
||||
"ordinal": 3,
|
||||
"type_info": "Text"
|
||||
},
|
||||
{
|
||||
"name": "derived_aes256_gcm_siv_key",
|
||||
"ordinal": 4,
|
||||
"type_info": "Blob"
|
||||
}
|
||||
],
|
||||
"parameters": {
|
||||
"Right": 1
|
||||
},
|
||||
"nullable": [
|
||||
false,
|
||||
true,
|
||||
false,
|
||||
true,
|
||||
true
|
||||
]
|
||||
},
|
||||
"hash": "0e85ec18da67cf4e3df04ad80136571f6e920eb2290f20b1b8c5b0ab4b489985"
|
||||
}
|
||||
+12
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"db_name": "SQLite",
|
||||
"query": "\n UPDATE remote_gateway_details\n SET\n derived_aes128_ctr_blake3_hmac_keys_bs58 = ?,\n derived_aes256_gcm_siv_key = ?\n WHERE gateway_id_bs58 = ?\n ",
|
||||
"describe": {
|
||||
"columns": [],
|
||||
"parameters": {
|
||||
"Right": 3
|
||||
},
|
||||
"nullable": []
|
||||
},
|
||||
"hash": "0f1dfb89f1eb39f4a58787af0f53a7a93afb7e4d2e54e2d38fd79d31c8575a54"
|
||||
}
|
||||
-38
@@ -1,38 +0,0 @@
|
||||
{
|
||||
"db_name": "SQLite",
|
||||
"query": "SELECT\n rgd.gateway_id_bs58,\n derived_aes256_gcm_siv_key,\n gateway_listener,\n fallback_listener\n FROM\n remote_gateway_details AS rgd\n INNER JOIN\n remote_gateway_shared_keys AS rgsk\n ON\n rgd.gateway_id_bs58 = rgsk.gateway_id_bs58\n WHERE\n rgd.gateway_id_bs58 = ?",
|
||||
"describe": {
|
||||
"columns": [
|
||||
{
|
||||
"name": "gateway_id_bs58",
|
||||
"ordinal": 0,
|
||||
"type_info": "Text"
|
||||
},
|
||||
{
|
||||
"name": "derived_aes256_gcm_siv_key",
|
||||
"ordinal": 1,
|
||||
"type_info": "Blob"
|
||||
},
|
||||
{
|
||||
"name": "gateway_listener",
|
||||
"ordinal": 2,
|
||||
"type_info": "Text"
|
||||
},
|
||||
{
|
||||
"name": "fallback_listener",
|
||||
"ordinal": 3,
|
||||
"type_info": "Text"
|
||||
}
|
||||
],
|
||||
"parameters": {
|
||||
"Right": 1
|
||||
},
|
||||
"nullable": [
|
||||
false,
|
||||
false,
|
||||
false,
|
||||
true
|
||||
]
|
||||
},
|
||||
"hash": "4b739e12ea8d917cb17580337caeabb05f0e3ddbec04fdfa111d0fc86ba75505"
|
||||
}
|
||||
-12
@@ -1,12 +0,0 @@
|
||||
{
|
||||
"db_name": "SQLite",
|
||||
"query": "\n INSERT INTO remote_gateway_shared_keys(gateway_id_bs58, derived_aes256_gcm_siv_key)\n VALUES (?, ?)\n ",
|
||||
"describe": {
|
||||
"columns": [],
|
||||
"parameters": {
|
||||
"Right": 2
|
||||
},
|
||||
"nullable": []
|
||||
},
|
||||
"hash": "700a75acbcd90c74baa7823c40739a8ff8a26400c1d2bd45a689970bf1ba0e66"
|
||||
}
|
||||
+2
-2
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"db_name": "SQLite",
|
||||
"query": "\n INSERT INTO registered_gateway(gateway_id_bs58, registration_timestamp, gateway_type)\n VALUES (?, ?, ?)\n ",
|
||||
"query": "\n INSERT INTO registered_gateway(gateway_id_bs58, registration_timestamp, gateway_type) \n VALUES (?, ?, ?)\n ",
|
||||
"describe": {
|
||||
"columns": [],
|
||||
"parameters": {
|
||||
@@ -8,5 +8,5 @@
|
||||
},
|
||||
"nullable": []
|
||||
},
|
||||
"hash": "727598e516090da6d26e36d09062b60ccb76d6468f359891428c0bfb96ddd7ef"
|
||||
"hash": "8909fd329e7e5fb16c4989b15b3d3a12bba1569520e01f6f074178e23d6ee89e"
|
||||
}
|
||||
-12
@@ -1,12 +0,0 @@
|
||||
{
|
||||
"db_name": "SQLite",
|
||||
"query": "\n INSERT INTO remote_gateway_details(gateway_id_bs58, gateway_listener, fallback_listener)\n VALUES (?, ?, ?)\n ",
|
||||
"describe": {
|
||||
"columns": [],
|
||||
"parameters": {
|
||||
"Right": 3
|
||||
},
|
||||
"nullable": []
|
||||
},
|
||||
"hash": "a64a557ba87d4b2c7457857afa7ebc7d4f895fc4991da18ec02c9e250bea0fe0"
|
||||
}
|
||||
+12
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"db_name": "SQLite",
|
||||
"query": "\n INSERT INTO remote_gateway_details(gateway_id_bs58, derived_aes128_ctr_blake3_hmac_keys_bs58, derived_aes256_gcm_siv_key, gateway_owner_address, gateway_listener)\n VALUES (?, ?, ?, ?, ?)\n ",
|
||||
"describe": {
|
||||
"columns": [],
|
||||
"parameters": {
|
||||
"Right": 5
|
||||
},
|
||||
"nullable": []
|
||||
},
|
||||
"hash": "a6939bea03b10cde810a9a099bd597b4f51092e30a41c4085a8f8668f039f7c0"
|
||||
}
|
||||
+2
-2
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"db_name": "SQLite",
|
||||
"query": "\n INSERT INTO custom_gateway_details(gateway_id_bs58, data)\n VALUES (?, ?)\n ",
|
||||
"query": "\n INSERT INTO custom_gateway_details(gateway_id_bs58, data) \n VALUES (?, ?)\n ",
|
||||
"describe": {
|
||||
"columns": [],
|
||||
"parameters": {
|
||||
@@ -8,5 +8,5 @@
|
||||
},
|
||||
"nullable": []
|
||||
},
|
||||
"hash": "2c113b37864f9fec7e64c0f8fdd38edcdf149acfd38c56a4db3bbf97bdb13210"
|
||||
"hash": "b059bc3688b6b7f83f47048db9897720fd4e6f3211bf74030a9638f7bf6738e4"
|
||||
}
|
||||
@@ -9,6 +9,7 @@ rust-version.workspace = true
|
||||
|
||||
[dependencies]
|
||||
async-trait.workspace = true
|
||||
cosmrs.workspace = true
|
||||
serde = { workspace = true, features = ["derive"] }
|
||||
thiserror.workspace = true
|
||||
time.workspace = true
|
||||
@@ -19,7 +20,6 @@ zeroize = { workspace = true, features = ["zeroize_derive"] }
|
||||
|
||||
nym-crypto = { path = "../../crypto", features = ["asymmetric"] }
|
||||
nym-gateway-requests = { path = "../../gateway-requests" }
|
||||
nym-gateway-client = { path = "../../client-libs/gateway-client" }
|
||||
|
||||
[target."cfg(not(target_arch = \"wasm32\"))".dependencies.sqlx]
|
||||
workspace = true
|
||||
|
||||
-22
@@ -1,22 +0,0 @@
|
||||
/*
|
||||
* Copyright 2025 - Nym Technologies SA <contact@nymtech.net>
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
||||
CREATE TABLE remote_gateway_details_temp
|
||||
(
|
||||
gateway_id_bs58 TEXT NOT NULL UNIQUE PRIMARY KEY REFERENCES registered_gateway (gateway_id_bs58),
|
||||
derived_aes256_gcm_siv_key BLOB NOT NULL,
|
||||
gateway_listener TEXT NOT NULL,
|
||||
fallback_listener TEXT,
|
||||
expiration_timestamp DATETIME NOT NULL
|
||||
);
|
||||
|
||||
-- keep only registrations with a non null aes256 key
|
||||
INSERT INTO remote_gateway_details_temp SELECT gateway_id_bs58, derived_aes256_gcm_siv_key, gateway_listener, NULL, datetime(0, 'unixepoch') FROM remote_gateway_details WHERE derived_aes256_gcm_siv_key IS NOT NULL;
|
||||
|
||||
DROP TABLE remote_gateway_details;
|
||||
ALTER TABLE remote_gateway_details_temp RENAME TO remote_gateway_details;
|
||||
|
||||
-- delete registrations with no key
|
||||
DELETE FROM registered_gateway WHERE gateway_id_bs58 NOT IN ( SELECT gateway_id_bs58 FROM remote_gateway_details);
|
||||
@@ -6,7 +6,6 @@ use crate::{
|
||||
types::{
|
||||
RawActiveGateway, RawCustomGatewayDetails, RawRegisteredGateway, RawRemoteGatewayDetails,
|
||||
},
|
||||
RawGatewayPublishedData,
|
||||
};
|
||||
use sqlx::{
|
||||
sqlite::{SqliteAutoVacuum, SqliteSynchronous},
|
||||
@@ -145,11 +144,13 @@ impl StorageManager {
|
||||
&self,
|
||||
gateway_id: &str,
|
||||
) -> Result<RawRemoteGatewayDetails, sqlx::Error> {
|
||||
// query_as! macro doesn't use fromRow
|
||||
sqlx::query_as("SELECT * FROM remote_gateway_details WHERE gateway_id_bs58 = ?")
|
||||
.bind(gateway_id)
|
||||
.fetch_one(&self.connection_pool)
|
||||
.await
|
||||
sqlx::query_as!(
|
||||
RawRemoteGatewayDetails,
|
||||
"SELECT * FROM remote_gateway_details WHERE gateway_id_bs58 = ?",
|
||||
gateway_id
|
||||
)
|
||||
.fetch_one(&self.connection_pool)
|
||||
.await
|
||||
}
|
||||
|
||||
pub(crate) async fn set_remote_gateway_details(
|
||||
@@ -158,36 +159,41 @@ impl StorageManager {
|
||||
) -> Result<(), sqlx::Error> {
|
||||
sqlx::query!(
|
||||
r#"
|
||||
INSERT INTO remote_gateway_details(gateway_id_bs58, derived_aes256_gcm_siv_key, gateway_listener, fallback_listener, expiration_timestamp)
|
||||
INSERT INTO remote_gateway_details(gateway_id_bs58, derived_aes128_ctr_blake3_hmac_keys_bs58, derived_aes256_gcm_siv_key, gateway_owner_address, gateway_listener)
|
||||
VALUES (?, ?, ?, ?, ?)
|
||||
"#,
|
||||
remote.gateway_id_bs58,
|
||||
remote.derived_aes128_ctr_blake3_hmac_keys_bs58,
|
||||
remote.derived_aes256_gcm_siv_key,
|
||||
remote.published_data.gateway_listener,
|
||||
remote.published_data.fallback_listener,
|
||||
remote.published_data.expiration_timestamp
|
||||
remote.gateway_owner_address,
|
||||
remote.gateway_listener,
|
||||
)
|
||||
.execute(&self.connection_pool)
|
||||
.await?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub(crate) async fn update_remote_gateway_published_data(
|
||||
pub(crate) async fn update_remote_gateway_key(
|
||||
&self,
|
||||
gateway_id_bs58: &str,
|
||||
published_data: &RawGatewayPublishedData,
|
||||
derived_aes128_ctr_blake3_hmac_keys_bs58: Option<&str>,
|
||||
derived_aes256_gcm_siv_key: Option<&[u8]>,
|
||||
) -> Result<(), sqlx::Error> {
|
||||
sqlx::query!(
|
||||
r#"
|
||||
UPDATE remote_gateway_details SET gateway_listener = ?, fallback_listener = ?, expiration_timestamp = ? WHERE gateway_id_bs58 = ?
|
||||
UPDATE remote_gateway_details
|
||||
SET
|
||||
derived_aes128_ctr_blake3_hmac_keys_bs58 = ?,
|
||||
derived_aes256_gcm_siv_key = ?
|
||||
WHERE gateway_id_bs58 = ?
|
||||
"#,
|
||||
published_data.gateway_listener,
|
||||
published_data.fallback_listener,
|
||||
published_data.expiration_timestamp,
|
||||
derived_aes128_ctr_blake3_hmac_keys_bs58,
|
||||
derived_aes256_gcm_siv_key,
|
||||
gateway_id_bs58
|
||||
)
|
||||
.execute(&self.connection_pool)
|
||||
.await?;
|
||||
.execute(&self.connection_pool)
|
||||
.await?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
||||
@@ -2,16 +2,18 @@
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use crate::{
|
||||
ActiveGateway, BadGateway, GatewayDetails, GatewayPublishedData, GatewayRegistration,
|
||||
GatewayType, GatewaysDetailsStore, StorageError,
|
||||
ActiveGateway, BadGateway, GatewayDetails, GatewayRegistration, GatewayType,
|
||||
GatewaysDetailsStore, StorageError,
|
||||
};
|
||||
use async_trait::async_trait;
|
||||
use manager::StorageManager;
|
||||
use nym_crypto::asymmetric::ed25519;
|
||||
use nym_gateway_requests::SharedSymmetricKey;
|
||||
use std::path::Path;
|
||||
|
||||
pub mod error;
|
||||
mod manager;
|
||||
mod models;
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct OnDiskGatewaysDetails {
|
||||
@@ -132,15 +134,16 @@ impl GatewaysDetailsStore for OnDiskGatewaysDetails {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn update_gateway_published_data(
|
||||
async fn upgrade_stored_remote_gateway_key(
|
||||
&self,
|
||||
gateway_id: &ed25519::PublicKey,
|
||||
published_data: &GatewayPublishedData,
|
||||
gateway_id: ed25519::PublicKey,
|
||||
updated_key: &SharedSymmetricKey,
|
||||
) -> Result<(), Self::StorageError> {
|
||||
self.manager
|
||||
.update_remote_gateway_published_data(
|
||||
.update_remote_gateway_key(
|
||||
&gateway_id.to_base58_string(),
|
||||
&published_data.into(),
|
||||
None,
|
||||
Some(updated_key.as_bytes()),
|
||||
)
|
||||
.await?;
|
||||
Ok(())
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
// Copyright 2024 - Nym Technologies SA <contact@nymtech.net>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
@@ -2,9 +2,10 @@
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use crate::types::{ActiveGateway, GatewayRegistration};
|
||||
use crate::{BadGateway, GatewayDetails, GatewayPublishedData, GatewaysDetailsStore};
|
||||
use crate::{BadGateway, GatewayDetails, GatewaysDetailsStore};
|
||||
use async_trait::async_trait;
|
||||
use nym_crypto::asymmetric::ed25519;
|
||||
use nym_crypto::asymmetric::ed25519::PublicKey;
|
||||
use nym_gateway_requests::{SharedGatewayKey, SharedSymmetricKey};
|
||||
use std::collections::HashMap;
|
||||
use std::sync::Arc;
|
||||
use thiserror::Error;
|
||||
@@ -95,17 +96,26 @@ impl GatewaysDetailsStore for InMemGatewaysDetails {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn update_gateway_published_data(
|
||||
async fn upgrade_stored_remote_gateway_key(
|
||||
&self,
|
||||
gateway_id: &ed25519::PublicKey,
|
||||
published_data: &GatewayPublishedData,
|
||||
gateway_id: PublicKey,
|
||||
updated_key: &SharedSymmetricKey,
|
||||
) -> Result<(), Self::StorageError> {
|
||||
let mut guard = self.inner.write().await;
|
||||
if let Some(gateway) = guard.gateways.get_mut(&gateway_id.to_base58_string()) {
|
||||
if let GatewayDetails::Remote(ref mut remote_details) = gateway.details {
|
||||
remote_details.published_data = published_data.clone();
|
||||
}
|
||||
|
||||
#[allow(clippy::unwrap_used)]
|
||||
if let Some(target) = guard.gateways.get_mut(&gateway_id.to_string()) {
|
||||
let GatewayDetails::Remote(details) = &mut target.details else {
|
||||
return Ok(());
|
||||
};
|
||||
assert_eq!(Arc::strong_count(&details.shared_key), 1);
|
||||
|
||||
// eh. that's nasty, but it's only ever used for ephemeral clients so should be fine for now...
|
||||
details.shared_key = Arc::new(SharedGatewayKey::Current(
|
||||
SharedSymmetricKey::try_from_bytes(updated_key.as_bytes()).unwrap(),
|
||||
))
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
||||
@@ -18,6 +18,16 @@ pub enum BadGateway {
|
||||
source: Ed25519RecoveryError,
|
||||
},
|
||||
|
||||
#[error("the account owner of gateway {gateway_id} ({raw_owner}) is malformed: {source}")]
|
||||
MalformedGatewayOwnerAccountAddress {
|
||||
gateway_id: String,
|
||||
|
||||
raw_owner: String,
|
||||
|
||||
#[source]
|
||||
source: cosmrs::ErrorReport,
|
||||
},
|
||||
|
||||
#[error("the shared keys provided for gateway {gateway_id} are malformed: {source}")]
|
||||
MalformedSharedKeys {
|
||||
gateway_id: String,
|
||||
@@ -40,12 +50,4 @@ pub enum BadGateway {
|
||||
#[source]
|
||||
source: url::ParseError,
|
||||
},
|
||||
|
||||
#[error("the listening address ({raw_listener}) is malformed: {source}")]
|
||||
MalformedListenerNoId {
|
||||
raw_listener: String,
|
||||
|
||||
#[source]
|
||||
source: url::ParseError,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
|
||||
use async_trait::async_trait;
|
||||
use nym_crypto::asymmetric::ed25519;
|
||||
use nym_gateway_requests::SharedSymmetricKey;
|
||||
use std::error::Error;
|
||||
|
||||
pub mod backend;
|
||||
@@ -59,11 +60,10 @@ pub trait GatewaysDetailsStore {
|
||||
details: &GatewayRegistration,
|
||||
) -> Result<(), Self::StorageError>;
|
||||
|
||||
/// Update the gateway details
|
||||
async fn update_gateway_published_data(
|
||||
async fn upgrade_stored_remote_gateway_key(
|
||||
&self,
|
||||
gateway_id: &ed25519::PublicKey,
|
||||
published_data: &GatewayPublishedData,
|
||||
gateway_id: ed25519::PublicKey,
|
||||
updated_key: &SharedSymmetricKey,
|
||||
) -> Result<(), Self::StorageError>;
|
||||
|
||||
/// Remove given gateway details from the underlying store.
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user