diff --git a/.env.production b/.env.production index a74d18c..37e423e 100644 --- a/.env.production +++ b/.env.production @@ -1,3 +1,3 @@ PUBLIC_RELAY_URL="https://relay.quic.video" -# Generate with: cargo run --bin moq-token -- --key root.jwk sign --root "demo" --publish "" -PUBLIC_RELAY_TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb290IjoiZGVtbyIsInB1YiI6IiIsInN1YiI6bnVsbCwiZXhwIjpudWxsLCJpYXQiOm51bGx9.vizGIT2tLZLnYWkov6XHrzwt5YoKpi0jS9oIskXxhqA" +# Generate with: cargo run --bin moq-token -- --key root.jwk sign --root "demo" --subscribe "" +PUBLIC_RELAY_TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyb290IjoiZGVtbyIsInB1YiI6bnVsbCwic3ViIjoiIiwiZXhwIjpudWxsLCJpYXQiOm51bGx9.g_iwc5vTOAgNtBqrzKQb2x-QZ05M55PBOFAsfj-aQjI" diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index 2044a3a..8f74aff 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -1,102 +1,94 @@ -# This file is maintained automatically by "terraform init". +# This file is maintained automatically by "tofu init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/hashicorp/google" { +provider "registry.opentofu.org/hashicorp/google" { version = "5.45.2" constraints = ">= 4.50.0, ~> 5.0, < 6.0.0" hashes = [ - "h1:iy2Q9VcnMu4z/bH3v/NmI/nEpgYY7bXgJmT/hVTAUS4=", - "zh:0d09c8f20b556305192cdbe0efa6d333ceebba963a8ba91f9f1714b5a20c4b7a", - "zh:117143fc91be407874568df416b938a6896f94cb873f26bba279cedab646a804", - "zh:16ccf77d18dd2c5ef9c0625f9cf546ebdf3213c0a452f432204c69feed55081e", - "zh:3e555cf22a570a4bd247964671f421ed7517970cd9765ceb46f335edc2c6f392", - "zh:688bd5b05a75124da7ae6e885b2b92bd29f4261808b2b78bd5f51f525c1052ca", - "zh:6db3ef37a05010d82900bfffb3261c59a0c247e0692049cb3eb8c2ef16c9d7bf", - "zh:70316fde75f6a15d72749f66d994ccbdde5f5ed4311b6d06b99850f698c9bbf9", - "zh:84b8e583771a4f2bd514e519d98ed7fd28dce5efe0634e973170e1cfb5556fb4", - "zh:9d4b8ef0a9b6677935c604d94495042e68ff5489932cfd1ec41052e094a279d3", - "zh:a2089dd9bd825c107b148dd12d6b286f71aa37dfd4ca9c35157f2dcba7bc19d8", - "zh:f03d795c0fd9721e59839255ee7ba7414173017dc530b4ce566daf3802a0d6dd", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "h1:YEQOp7Ou1+GtpcKyCX6Cr/mAGqKIogpi85MX51GuG4s=", + "zh:0931f08e81f220ae3132169cfa4ed8e9d8d2045f29ca914afd8ee9e3e9cf56e0", + "zh:31afa45a4c8a0fd4abff564ecff8b69a97ac1813ead61c12f5f0bf5d33cec7f1", + "zh:536979e437aad59ba41465c9398d8e3d7d3702bfe2a51d80571862d48c817959", + "zh:748e14614be32350ece4e9249e09bc1d20e54421983734ded3a0df6d6674ea71", + "zh:7c8fe641666603aad6693207c8eaac679b9be15246d77090c73a1a84326d6084", + "zh:8095a513a0662323d99c25466b5a291c80b2b0c1857c7c7a7b1159f25dbe4439", + "zh:9453db86d14611cab26dba30daf56d1cfef929918207e9e3e78b58299fc8c4fe", + "zh:adaa5df5d40060409b6b66136c0ac37b99fb35ac2cf554c584649c236a18d95b", + "zh:af2f659b4bd1f44e578f203830bdab829b5e635fcf2a59ffa7e997c16e6611ad", + "zh:b75184fe5c162821b0524fa941d6a934c452e815d82e62675bb21bbdc9046dfc", ] } -provider "registry.terraform.io/hashicorp/google-beta" { +provider "registry.opentofu.org/hashicorp/google-beta" { version = "5.45.2" constraints = ">= 4.50.0, < 6.0.0" hashes = [ - "h1:ME/cVZGNln4h166gyo9r7CuunzZ3FEqlIaNyQ0e9yjE=", - "zh:16b77bac5d1555b7f066ba8014f4fc8a6d0de64e252a1988d3fbb400984a4b19", - "zh:1b13f515c4809343840aed8265915cc4191f138bdab5a8c5e1f542fdfc69989f", - "zh:1dcce4309aeab7c88fd36aea664d57e620d8a413b967ce513a5a866e8de901f2", - "zh:24db65d7929f2a731e9cac1750c569cb4528b312ef182a5e2e8c0cf008d8a71b", - "zh:28c0b9e68d97570f03b2c4770607701580055bcba50069efd145954aa13b23e4", - "zh:3a898a1ad1569f6486a2bc20014087284c8cab919bc8f155833de5128ccd12eb", - "zh:4eed99cfb9daada70f813f2cedcf490d3097de1ccb9b391fc451ecc46509c067", - "zh:888c4cb1f13b23674ba1091835dd3f1bff5d8e7729ef302183d8d01233819e54", - "zh:8baae3b949f6e9505425f5fa4785de786e9cedc4c3f3ad906d8ed560bd2e39c6", - "zh:cf2c8928b764592fa2cd14a9f109d01cd0a92049a4fca9d0a74cf2fe588364e2", - "zh:edff09394f5bd0b278a4adc800a31b7f150249a1ea92ca273ccf4acd25be3f63", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "h1:D157MMCsE8DIpK60goSgECYMsWfJb+E2ZH7bDSLSVG4=", + "zh:2df6e40591ceee7ee77d429ea072c9d51fef2dd04015b2604ff332a2af4ac819", + "zh:4096af21991ba76ab81c8cb00c0eb0bd4f22619f7e491d60023fb10b8b33bfb1", + "zh:44ded286956fff5668f1acbf152b62ca8e6a03abc8df12c5c181bc2ca05b4df7", + "zh:7ae19e1b53a0e26bea0acb9a96b4b44038d7c182c3fdd496148fd20e40aa78e1", + "zh:81c9812823b78fd1b12bc0acd6dae35bc573944950e09eaf237b2e83b6b587d7", + "zh:9db6101421b53b9533807928c651e779f5b8129f4a57ff892bf256c84ba6ed29", + "zh:b779729cb08829f621a718ecdfdb503c310ef5411e694996c7cfda7227221134", + "zh:c43edb31aee354317a6181272a961965b93722fd18637f38c395af013aa65617", + "zh:dbb93970a85f2fe84f650b6a4da694ecb1023a99c3b9bbf6953dccd074fa49ce", + "zh:df9d13853269e98651d495571b4d58c883b4386247d0b9c5495c2e82ef721f45", ] } -provider "registry.terraform.io/hashicorp/random" { +provider "registry.opentofu.org/hashicorp/random" { version = "3.7.1" constraints = ">= 2.1.0" hashes = [ - "h1:t152MY0tQH4a8fLzTtEWx70ITd3azVOrFDn/pQblbto=", - "zh:3193b89b43bf5805493e290374cdda5132578de6535f8009547c8b5d7a351585", - "zh:3218320de4be943e5812ed3de995946056db86eb8d03aa3f074e0c7316599bef", - "zh:419861805a37fa443e7d63b69fb3279926ccf98a79d256c422d5d82f0f387d1d", - "zh:4df9bd9d839b8fc11a3b8098a604b9b46e2235eb65ef15f4432bde0e175f9ca6", - "zh:5814be3f9c9cc39d2955d6f083bae793050d75c572e70ca11ccceb5517ced6b1", - "zh:63c6548a06de1231c8ee5570e42ca09c4b3db336578ded39b938f2156f06dd2e", - "zh:697e434c6bdee0502cc3deb098263b8dcd63948e8a96d61722811628dce2eba1", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a0b8e44927e6327852bbfdc9d408d802569367f1e22a95bcdd7181b1c3b07601", - "zh:b7d3af018683ef22794eea9c218bc72d7c35a2b3ede9233b69653b3c782ee436", - "zh:d63b911d618a6fe446c65bfc21e793a7663e934b2fef833d42d3ccd38dd8d68d", - "zh:fa985cd0b11e6d651f47cff3055f0a9fd085ec190b6dbe99bf5448174434cdea", + "h1:mV0IpNNTXywcEHuCRfvvjsaaVPPDFRrH7YQmd7/FD24=", + "zh:1011387a5127d46e2bf0bd5124a8469506272b2110613d9eb80d178f94bd67a9", + "zh:28785c36d6dc331d49e8bf6a30d4ba21ae4378f5d98c43c0aeb42f51efb2e42f", + "zh:50fc0e52f0255950404681455420344a16263f91622bd481954606e6e3be9eb2", + "zh:563f22c53f40e41cfffdcfac32a9292292c10582183c3f1dd85770cf806bfce9", + "zh:586a5615898d369374d4bd7d70bc013cffe7553d3e14638f169a3f745665fee1", + "zh:6275f6e5697993048ac088715484a9a5e919682651e098a5ac31e567216bf102", + "zh:95a44bb3f012da1e036936d60df2d08f5942a96cb912fc23432d2ee050857527", + "zh:a5fe6b0e586645a88d98738739fec40fd7ad83dbc63fe66ff6327aee2dc07f11", + "zh:ea57886899b6baf466f3ff978f4482d2fd7fa049c42509cc819431375cddd5bd", + "zh:f021cfbe23bdb32738f170c1ae736ffb769a2fa3dcafd0f9906155c2e21377e4", ] } -provider "registry.terraform.io/hashicorp/tls" { +provider "registry.opentofu.org/hashicorp/tls" { version = "4.0.6" hashes = [ - "h1:n3M50qfWfRSpQV9Pwcvuse03pEizqrmYEryxKky4so4=", - "zh:10de0d8af02f2e578101688fd334da3849f56ea91b0d9bd5b1f7a243417fdda8", - "zh:37fc01f8b2bc9d5b055dc3e78bfd1beb7c42cfb776a4c81106e19c8911366297", - "zh:4578ca03d1dd0b7f572d96bd03f744be24c726bfd282173d54b100fd221608bb", - "zh:6c475491d1250050765a91a493ef330adc24689e8837a0f07da5a0e1269e11c1", - "zh:81bde94d53cdababa5b376bbc6947668be4c45ab655de7aa2e8e4736dfd52509", - "zh:abdce260840b7b050c4e401d4f75c7a199fafe58a8b213947a258f75ac18b3e8", - "zh:b754cebfc5184873840f16a642a7c9ef78c34dc246a8ae29e056c79939963c7a", - "zh:c928b66086078f9917aef0eec15982f2e337914c5c4dbc31dd4741403db7eb18", - "zh:cded27bee5f24de6f2ee0cfd1df46a7f88e84aaffc2ecbf3ff7094160f193d50", - "zh:d65eb3867e8f69aaf1b8bb53bd637c99c6b649ba3db16ded50fa9a01076d1a27", - "zh:ecb0c8b528c7a619fa71852bb3fb5c151d47576c5aab2bf3af4db52588722eeb", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "h1:0oXaBUFJ5bA0ED7OCajAOa9YSGTTpe8FyUFJP+zO6A4=", + "zh:4b53b372767e5068d9bbfc89199201c1ae4283dde2f0c301974f8abb4215791f", + "zh:5b4c308bd074c6d0bd560220e6ee10a9859ca9a1f29a59367b0477a740ff265e", + "zh:674dd6bc85597677e160ee601d88b21c5a974759a658769812d2904bd94bc042", + "zh:6ccc1c448349b56677ba66112aec7e0a58eb827f66209ca5f4077b81cce240fb", + "zh:8aa6e13a5d722b74230937ea21e8b4994e53340d95b5691cf6cf3518b9f38e6e", + "zh:8b27e55e4c7fa887774860113b95c8f7f68804b002fa47f0eb8e3a485997287e", + "zh:a430b5a3e8753d8f61784de49e538ac4abed19fb665fccd8a10b55402fe9f076", + "zh:b07c978c335ae9fc12f9c221629610775e4ae36691ed4e7ba258d275dd58a243", + "zh:bbec8cb1efc84ee3026c793956a4a4cd0ece20b89d2d4f7d954c68e7f6d596d0", + "zh:e684e247424188dc3b500a543b1a8046d1c0ec08c2a90aedca0c4f6bb56bedbd", ] } -provider "registry.terraform.io/vancluever/acme" { - version = "2.30.1" +provider "registry.opentofu.org/vancluever/acme" { + version = "2.34.0" constraints = "~> 2.0" hashes = [ - "h1:qaRhQGSgO3h8ElHnSU4i3s2hqomQ2Dd5LnOg25shKtU=", - "zh:02ee2fddb4a8afd90b7cb5fa44ee0ac40674d319dd31f754eab627c82b52fe42", - "zh:1e1b513f065bef7d242d75995c74b21274061352b90f137f047ff924b8307e1f", - "zh:3f6b95245b1c970d3bb33e4570c621d94ce37edb2ce11a9991eba6a9b7449909", - "zh:420f3957ba7e375340478c2c82c476fbfde2153ebd346119237ff94309c1deb7", - "zh:43a3a0a80d526b487fd30daaf1a6bc29feaf77426d77694263196c97e805705f", - "zh:560b861269018ecf9e195a3687a5635002cbca930f0e7386a1f02bbec8a828d7", - "zh:72c27405a7cd6970de410cb2d59df5848dd29d10ee7905372954cf9d0e5885d9", - "zh:794c7ef1d08716b59c1c87a468cfd7389c85119aa64abd2b6f6bd9b47c87841e", - "zh:c6105129827f2322e28c7aebf0a91eb7b08156c480ece93adfa647718ba06cd4", - "zh:d5b4dc8b69115aec777d6c21a0794b422feb7dc75477607b79e8f5fe27b3c099", - "zh:df22d4320930fe07c234337364994edfea7fb281fa7d39dfe27a7324534f0cc3", - "zh:e4ad5c74eefe4915dd08d5e9ff49f45a979153bef0a031c2e28c5567e57e53cb", - "zh:f749cc57a7c0381cfd42262a7d0820f911418198dac01be0ee5358935febcf31", + "h1:vdAZOh8B/0betvZVI6K8YosSFYXtWW6ieToULzAaPu4=", + "zh:05aa6ef3396f289bd5a02af8d4fdbff8c3d8753197a3da5539267c6c34398c45", + "zh:1bd9e282192633589e157c570ece83fe59ccb8d33f5c5f05099bf1ac32e9f53b", + "zh:245056f38759621164fed4adbbbab378ddff15563b0d2eb5a7e388cc7dda12c6", + "zh:29a3f390fbd803a71b6b6018b36e507065268ce8164f14e63e978d6a467607c1", + "zh:3b097f93081efc1a92d53715e4f1304777dfbff31b30fff1ad1a33a9ec487a27", + "zh:3e48fd49611ac97d87839534ee6763467ef3afdf959c124df015da3043f9e644", + "zh:4919d5b193309ec9460fc8bb5f4ceff358616957b38a269aa03c63bbe63a2d1d", + "zh:4bdcba536c5b626f96b2c91ae85fc2c0cbac9bc1c3c1d91d64ccfc6136c58565", + "zh:5ef97da03f9229b38fd63ebf03a158d63f040c590b8f82dd90cdec99952a45e8", + "zh:9e8b14add8ce6329fd103456a0890d34ce9cf7445bc7f8d31c87412f3f03983a", + "zh:b262b1b6b9e839b364f7ac3fd47fe18bbf7a077043c902a03215534c883050b6", + "zh:e9a4636292a29d2cb398fae5c362862e387c622af7b8020fa2b9506e37cbecba", + "zh:f5e5ee870fb58bedc08cd3e06b11fa26673f48c07cd669d62028590f75656ee4", ] } diff --git a/infra/input.tf b/infra/input.tf index dc9d5ee..019fb2c 100644 --- a/infra/input.tf +++ b/infra/input.tf @@ -1,51 +1,36 @@ variable "project" { description = "project id" + default = "quic-video" } variable "region" { description = "region" + default = "us-central1" } variable "zone" { description = "zone" + default = "us-central1-a" } variable "email" { description = "Your email address, used for LetsEncrypt" + default = "kixelated@gmail.com" } variable "domain" { description = "domain name" + default = "quic.video" } variable "docker_relay" { description = "Docker image for moq-relay" - default = "docker.io/kixelated/moq-relay:0.7.6" + default = "docker.io/kixelated/moq-relay:0.8.0" } variable "docker_hang" { description = "Docker image for hang" - default = "docker.io/kixelated/hang:0.1.8" -} - -# cargo run --bin moq-token -- --key root.jwk generate -variable "root_key" { - description = "root key" - sensitive = true -} - -# A token used to publish demo/bbb.hang -# This is very manual/crude, but I don't want someone to hijack the broadcast. -# cargo run --bin moq-token -- --key root.jwk sign --path "demo/bbb.hang" --publish "" > demo.jwt -variable "demo_token" { - description = "demo token" - sensitive = true -} - -# cargo run --bin moq-token -- --key root.jwk sign --publish "" --publish-secondary --subscribe "" --subscribe-primary > cluster.jwt -variable "cluster_token" { - description = "cluster token" - sensitive = true + default = "docker.io/kixelated/hang:0.2.0" } # Too complicated to specify via flags, so do it here. diff --git a/infra/pub.tf b/infra/pub.tf index 2bc1ea3..d3aca23 100644 --- a/infra/pub.tf +++ b/infra/pub.tf @@ -32,7 +32,8 @@ resource "google_compute_instance" "pub" { region = local.pub.region # A token used to publish demo/bbb.hang - demo_token = var.demo_token + # cargo run --bin moq-token -- --key root.jwk sign --root "demo" --publish "" > demo.jwt + demo_token = file("demo.jwt") }) } diff --git a/infra/pub.yml.tpl b/infra/pub.yml.tpl index b39cf26..73e7350 100644 --- a/infra/pub.yml.tpl +++ b/infra/pub.yml.tpl @@ -20,7 +20,7 @@ write_files: -e REGION=${region} \ --entrypoint hang-bbb \ ${docker_image} \ - publish "https://relay.quic.video/demo/bbb.hang?jwt=${demo_token}" + publish --url "https://relay.quic.video/demo?jwt=${demo_token}" --name "bbb" ExecStop=docker stop hang-bbb diff --git a/infra/relay.tf b/infra/relay.tf index fda7219..f59f7e1 100644 --- a/infra/relay.tf +++ b/infra/relay.tf @@ -48,8 +48,11 @@ resource "google_compute_instance" "relay" { cluster_root = "${local.root}.c.${var.project}.internal" # The root key and token, used to authenticate nodes - root_key = var.root_key - cluster_token = var.cluster_token + # cargo run --bin moq-token -- --key root.jwk generate > root.jwk + root_key = file("root.jwk") + + # cargo run --bin moq-token -- --key root.jwk sign --publish "" --subscribe "" --cluster > cluster.jwt + cluster_token = file("cluster.jwt") }) } diff --git a/infra/relay.yml.tpl b/infra/relay.yml.tpl index 641d21a..8aa3d2e 100644 --- a/infra/relay.yml.tpl +++ b/infra/relay.yml.tpl @@ -74,15 +74,7 @@ write_files: [auth] key = "/etc/moq/root.jwk" - - [auth.path.demo] - public = { read = true } - - [auth.path.anon] - key = "" - - [auth.path.hang] - key = "" + public = "anon" permissions: "0644" owner: root