Remove discovery endpoint

Author: arjunkomath

agent/cmd/agent/main.go

@@ -54,11 +54,6 @@ func main() {
 	}
 
 	var logsEndpoint string
-	if logsEndpointFlag != "" {
-		logsEndpoint = logsEndpointFlag
-	} else {
-		logsEndpoint = fetchLogsEndpoint(controlPlaneURL)
-	}
 
 	if isProxy && runtime.GOOS != "linux" {
 		log.Fatal("--proxy flag is only supported on Linux")
@@ -112,6 +107,12 @@ func main() {
 
 		log.Printf("Loaded config: serverID=%s, subnetId=%d, wireguardIP=%s", config.ServerID, config.SubnetID, config.WireGuardIP)
 
+		if logsEndpointFlag != "" {
+			logsEndpoint = logsEndpointFlag
+		} else if config.LoggingEndpoint != "" {
+			logsEndpoint = config.LoggingEndpoint
+		}
+
 		if err := container.EnsureNetwork(config.SubnetID); err != nil {
 			log.Printf("Warning: Failed to ensure container network: %v", err)
 		}
@@ -152,12 +153,39 @@ func main() {
 			log.Fatalf("Failed to register: %v", err)
 		}
 
+		var respLoggingEndpoint string
+		if resp.LoggingEndpoint != nil {
+			respLoggingEndpoint = *resp.LoggingEndpoint
+		}
+
+		var registryURL, registryUsername, registryPassword string
+		if resp.RegistryURL != nil {
+			registryURL = *resp.RegistryURL
+		}
+		if resp.RegistryUsername != nil {
+			registryUsername = *resp.RegistryUsername
+		}
+		if resp.RegistryPassword != nil {
+			registryPassword = *resp.RegistryPassword
+		}
+
 		config = &agent.Config{
-			ServerID:      resp.ServerID,
-			SubnetID:      resp.SubnetID,
-			WireGuardIP:   resp.WireGuardIP,
-			EncryptionKey: resp.EncryptionKey,
-			IsProxy:       isProxy,
+			ServerID:         resp.ServerID,
+			SubnetID:         resp.SubnetID,
+			WireGuardIP:      resp.WireGuardIP,
+			EncryptionKey:    resp.EncryptionKey,
+			IsProxy:          isProxy,
+			LoggingEndpoint:  respLoggingEndpoint,
+			RegistryURL:      registryURL,
+			RegistryUsername: registryUsername,
+			RegistryPassword: registryPassword,
+			RegistryInsecure: resp.RegistryInsecure,
+		}
+
+		if logsEndpointFlag != "" {
+			logsEndpoint = logsEndpointFlag
+		} else if respLoggingEndpoint != "" {
+			logsEndpoint = respLoggingEndpoint
 		}
 
 		if err := saveConfig(configPath, config); err != nil {
@@ -201,6 +229,13 @@ func main() {
 		}
 	}
 
+	if config.RegistryURL != "" && config.RegistryUsername != "" {
+		log.Printf("[registry] attempting login to %s", config.RegistryURL)
+		if err := container.Login(config.RegistryURL, config.RegistryUsername, config.RegistryPassword, config.RegistryInsecure); err != nil {
+			log.Printf("[registry] warning: failed to login to registry: %v", err)
+		}
+	}
+
 	reconciler := reconcile.NewReconciler(config.EncryptionKey, dataDir)
 	client := agenthttp.NewClient(controlPlaneURL, config.ServerID, signingKeyPair, dataDir)
 
@@ -331,35 +366,3 @@ func getPrivateIP() string {
 
 	return ""
 }
-
-type discoverResponse struct {
-	LoggingEndpoint *string `json:"loggingEndpoint"`
-	Version         int     `json:"version"`
-}
-
-func fetchLogsEndpoint(controlPlaneURL string) string {
-	client := &http.Client{Timeout: 10 * time.Second}
-	resp, err := client.Get(controlPlaneURL + "/api/v1/agent/discover")
-	if err != nil {
-		log.Printf("Failed to fetch discovery endpoint: %v", err)
-		return ""
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		log.Printf("Discovery endpoint returned status %d", resp.StatusCode)
-		return ""
-	}
-
-	var discovery discoverResponse
-	if err := json.NewDecoder(resp.Body).Decode(&discovery); err != nil {
-		log.Printf("Failed to decode discovery response: %v", err)
-		return ""
-	}
-
-	if discovery.LoggingEndpoint == nil {
-		return ""
-	}
-
-	return *discovery.LoggingEndpoint
-}

agent/internal/agent/agent.go

@@ -36,11 +36,16 @@ func (s AgentState) String() string {
 }
 
 type Config struct {
-	ServerID      string `json:"serverId"`
-	SubnetID      int    `json:"subnetId"`
-	WireGuardIP   string `json:"wireguardIp"`
-	EncryptionKey string `json:"encryptionKey"`
-	IsProxy       bool   `json:"isProxy"`
+	ServerID         string `json:"serverId"`
+	SubnetID         int    `json:"subnetId"`
+	WireGuardIP      string `json:"wireguardIp"`
+	EncryptionKey    string `json:"encryptionKey"`
+	IsProxy          bool   `json:"isProxy"`
+	LoggingEndpoint  string `json:"loggingEndpoint,omitempty"`
+	RegistryURL      string `json:"registryUrl,omitempty"`
+	RegistryUsername string `json:"registryUsername,omitempty"`
+	RegistryPassword string `json:"registryPassword,omitempty"`
+	RegistryInsecure bool   `json:"registryInsecure"`
 }
 
 type ActualState struct {

agent/internal/api/client.go

@@ -33,10 +33,15 @@ type RegisterRequest struct {
 }
 
 type RegisterResponse struct {
-	ServerID      string `json:"serverId"`
-	SubnetID      int    `json:"subnetId"`
-	WireGuardIP   string `json:"wireguardIp"`
-	EncryptionKey string `json:"encryptionKey"`
+	ServerID         string  `json:"serverId"`
+	SubnetID         int     `json:"subnetId"`
+	WireGuardIP      string  `json:"wireguardIp"`
+	EncryptionKey    string  `json:"encryptionKey"`
+	LoggingEndpoint  *string `json:"loggingEndpoint"`
+	RegistryURL      *string `json:"registryUrl"`
+	RegistryUsername *string `json:"registryUsername"`
+	RegistryPassword *string `json:"registryPassword"`
+	RegistryInsecure bool    `json:"registryInsecure"`
 }
 
 func (c *Client) Register(token, wireguardPublicKey, signingPublicKey, publicIP, privateIP string, isProxy bool) (*RegisterResponse, error) {

agent/internal/container/runtime_darwin.go

@@ -417,6 +417,25 @@ func CheckPrerequisites() error {
 	return nil
 }
 
+func Login(registryURL, username, password string, insecure bool) error {
+	if registryURL == "" || username == "" {
+		return nil
+	}
+
+	log.Printf("[docker:login] logging in to registry %s", registryURL)
+
+	args := []string{"login", "-u", username, "-p", password, registryURL}
+
+	cmd := exec.Command("docker", args...)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("failed to login to registry: %s: %w", string(output), err)
+	}
+
+	log.Printf("[docker:login] successfully logged in to registry %s", registryURL)
+	return nil
+}
+
 func ImagePrune() {
 	exec.Command("docker", "image", "prune", "-f").Run()
 }

agent/internal/container/runtime_linux.go

@@ -418,6 +418,29 @@ func CheckPrerequisites() error {
 	return nil
 }
 
+func Login(registryURL, username, password string, insecure bool) error {
+	if registryURL == "" || username == "" {
+		return nil
+	}
+
+	log.Printf("[podman:login] logging in to registry %s", registryURL)
+
+	args := []string{"login"}
+	if insecure {
+		args = append(args, "--tls-verify=false")
+	}
+	args = append(args, "-u", username, "-p", password, registryURL)
+
+	cmd := exec.Command("podman", args...)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("failed to login to registry: %s: %w", string(output), err)
+	}
+
+	log.Printf("[podman:login] successfully logged in to registry %s", registryURL)
+	return nil
+}
+
 func ImagePrune() {
 	exec.Command("podman", "image", "prune", "-f").Run()
 }

compose.yml

@@ -0,0 +1,40 @@
+# Domain Configuration
+ROOT_DOMAIN=example.com
+
+# Let's Encrypt
+ACME_EMAIL=admin@example.com
+
+# PostgreSQL
+POSTGRES_USER=techulus
+POSTGRES_PASSWORD=your-secure-password
+POSTGRES_DB=techulus
+
+# Database URL (uses Docker service name)
+DATABASE_URL=postgres://techulus:your-secure-password@postgres:5432/techulus
+
+# Authentication
+BETTER_AUTH_SECRET=your-secret-key-here
+
+# Encryption (32 bytes as 64-character hex string)
+ENCRYPTION_KEY=your-64-character-hex-string
+
+# Victoria Logs Authentication
+VL_USERNAME=admin
+VL_PASSWORD=your-secure-logs-password
+VL_RETENTION=7d
+
+# Registry Authentication (htpasswd format for registry server)
+# Generate with: htpasswd -nB admin
+# Escape $ as $$ in the value
+REGISTRY_AUTH=admin:$$2y$$05$$your-bcrypt-hash-here
+
+# Registry Credentials (for agents to pull images)
+REGISTRY_URL=
+REGISTRY_USERNAME=
+REGISTRY_PASSWORD=
+REGISTRY_INSECURE=true
+
+# GitHub App Integration (optional)
+GITHUB_APP_ID=
+GITHUB_APP_PRIVATE_KEY=
+GITHUB_WEBHOOK_SECRET=

deployment/.env.example

@@ -0,0 +1,37 @@
+# Production Deployment
+
+Docker Compose setup with Traefik for SSL termination via Let's Encrypt.
+
+## Quick Start
+
+```bash
+cp .env.example .env
+# Edit .env with your values
+
+docker compose -f compose.production.yml up -d --build
+```
+
+## Services
+
+| Service | Endpoint |
+|---------|----------|
+| Web | `https://${ROOT_DOMAIN}` |
+| Registry | `https://registry.${ROOT_DOMAIN}` |
+| Logs | `https://logs.${ROOT_DOMAIN}` |
+| PostgreSQL | Internal only |
+
+## Environment Setup
+
+Generate registry auth:
+```bash
+htpasswd -nB admin
+# Escape $ as $$ in .env
+```
+
+## Commands
+
+```bash
+docker compose -f compose.production.yml ps
+docker compose -f compose.production.yml logs -f
+docker compose -f compose.production.yml down
+```