@ c03rad0r

CW 17 and CW 18 review

Aside from some administrative stuff, most of this weeks energy went into side-quests that were meant to quickly improve the tooling that we use, but ended up taking a lot of time instead.

I worked on - deploying a local git workflow runner for publishing packages without relying on github - modularizing the tollgate-basic repository - the janitor module

The janitor module

Now that our build pipeline is dockerized it takes us just a few minutes to package our code an publish it with NIP-94 events rather than 30 to 90 minutes of waiting for dependencies to download and compile. However, there are still multiple manual interactive steps with interruptions pauses in-between when deploying code changes to a router. This is where TollGate's janitor module comes in.

The janitor module is responsible for automating the update process of the OpenWRT package on the device. It listens for NIP-94 events on specified relays, verifies the events are signed by trusted maintainers, and downloads and installs suitable packages if they are newer than the currently installed version. The module ensures the integrity and security of the installation process by comparing the downloaded package's checksum with the file hash from the NIP-94 event. After installation, it updates the configuration files in such a way that the changes are minimally invasive in the user's interaction with the router.

I started off quickly thanks to roo code and the waterfall method. It took me just a few minutes of answering questions to create a rough outline of what needed to be built. Once I had the high level design document, I just typed test in a new roo code session and it implemented the whole thing with test cases in just one or two commits. However, it still had logic errors and it didn't build yet. Hence, my interest in the side quest.

Deploying local git workflow runner

Pushing to github just to find that there is a syntax error can be time consuming. What if we just trigger an actions runner (act) with a post-commit hook to package the code locally and publish it in parallel while we work?

It turns out that act is buggy and it only runs in specific docker containers. We use a bunch of different composite actions for uploading to blossom, generating NIP-94 events, publishing them and verifying that they were published successfully. It turns out that a lot of this stuff needs to be tweaked before it will run locally in the local container. I got quite far, but started regressing and ditched the branch at one point to refocus on the janitor which still needed attention.

Side side-quest

While struggling with the local workflow runner, I found myself putting go.mod files all over the place and I ended up treating files that were previously imported directly into main.go as separate modules. I thought this was neat and turned all the sub-directories of src/ into go modules before ditching the branch to re-focus on the janitor.

The janitor is ready!

Now I'm about half way through CW-18 and the janitor is merged into main. Abandoned branches that might include something worth salvaging include janitor and just_janitor. Perhaps we can still salvage something useful out of these branches.

Janitor demo

Lets push some changes to a branch called multiple_mints: ``` c03rad0r@CobradorRomblonMimaropa:~/TG/tollgate-module-basic-go$ git commit -m "deploy new version (0.0.17)" [multiple_mints 8739654] deploy new version (0.0.17) 2 files changed, 218 deletions(-) delete mode 100644 src/janitor/HLDD.md delete mode 100644 src/janitor/LLDD.md c03rad0r@CobradorRomblonMimaropa:~/TG/tollgate-module-basic-go$ git push logged in as c03rad0r push: github.com/OpenTollGate/tollgate-module-basic-go.git over https... remote: push: a75cb40..8739654 multiple_mints -> multiple_mints push: Writing objects: 100% (4/4) 0.90 KiB | 0.00 MiB/s, done. To nostr://npub1c03rad0r6q833vh57kyd3ndu2jry30nkr0wepqfpsm05vq7he25slryrnw/nos.lol/tollgate-module-basic-go a75cb40..8739654 multiple_mints -> multiple_mints

```

As you can see, our tollgate is configured to listen for new NIP-94 events on the multiple_mints branch: root@OpenWrt:~# cat /etc/tollgate/config.json { "accepted_mint": "https://mint.minibits.cash/Bitcoin", "bragging": { "enabled": true, "fields": [ "amount", "mint", "duration" ] }, "min_payment": 1, "mint_fee": 0, "package_info": { "arch": "aarch64_cortex-a53", "branch": "multiple_mints", "timestamp": 1746094039, "version": "0.0.16+a75cb40" }, "price_per_minute": 1, "relays": [ "wss://relay.damus.io", "wss://nos.lol", "wss://nostr.mom" ], "tollgate_private_key": "8a45d0add1c7ddf668f9818df550edfa907ae8ea59d6581a4ca07473d468d663", "trusted_maintainers": [ "5075e61f0b048148b60105c1dd72bbeae1957336ae5824087e52efa374f8416a" ] }

As you can see here, the package has just been built and uploaded to blossom with a corresponding NIP-94 event published to the relays: ``` Verifying event d75a2ce307188bb5b8d6d17757876de64fdb1ae6855fc7400b2545cb6b916180 on relays: ['wss://relay.damus.io', ' wss://nos.lol', ' wss://nostr.mom/']

Checking relay: wss://relay.damus.io ✓ Event found on wss://relay.damus.io!

Event details:

{ "id": "d75a2ce307188bb5b8d6d17757876de64fdb1ae6855fc7400b2545cb6b916180", "pubkey": "5075e61f0b048148b60105c1dd72bbeae1957336ae5824087e52efa374f8416a", "created_at": 1746095500, "kind": 1063, "content": "TollGate Module Package: basic for gl-mt3000", "tags": [ [ "url", "https://blossom.swissdash.site/64dd86e18d9a71b7850b5ec70d18124528fafba51b5cc601812137d93a7fabec.ipk" ], [ "m", "application/octet-stream" ], [ "x", "64dd86e18d9a71b7850b5ec70d18124528fafba51b5cc601812137d93a7fabec" ], [ "ox", "64dd86e18d9a71b7850b5ec70d18124528fafba51b5cc601812137d93a7fabec" ], [ "filename", "basic-gl-mt3000-aarch64_cortex-a53.ipk" ], [ "arch", "aarch64_cortex-a53" ], [ "version", "0.0.17+8739654" ], [ "branch", "multiple_mints" ], [ "id", "glinet_mt3000" ] ] } ```

As we can see in the tollgate's logs, the janitor downloaded version 0.0.17 and placed the package in /tmp/. for a cronjob to install: Thu May 1 10:26:54 2025 daemon.info tollgate-basic[5244]: Starting Tollgate - TIP-01 Thu May 1 10:26:54 2025 daemon.info tollgate-basic[5244]: Listening on all interfaces on port :2121 Thu May 1 10:26:54 2025 daemon.err tollgate-basic[5244]: 2025/05/01 10:26:54.075883 Registering handlers... Thu May 1 10:26:54 2025 daemon.err tollgate-basic[5244]: 2025/05/01 10:26:54.076023 Starting HTTP server on all interfaces... Thu May 1 10:26:54 2025 daemon.info tollgate-basic[5244]: Connected to relay: wss://nos.lol Thu May 1 10:26:54 2025 daemon.info tollgate-basic[5244]: Subscription successful on relay wss://nos.lol Thu May 1 10:26:54 2025 daemon.info tollgate-basic[5244]: Subscribed to NIP-94 events on relay wss://nos.lol Thu May 1 10:26:54 2025 daemon.info tollgate-basic[5244]: Connected to relay: wss://nostr.mom Thu May 1 10:26:54 2025 daemon.info tollgate-basic[5244]: Subscription successful on relay wss://nostr.mom Thu May 1 10:26:54 2025 daemon.info tollgate-basic[5244]: Subscribed to NIP-94 events on relay wss://nostr.mom Thu May 1 10:26:55 2025 daemon.info tollgate-basic[5244]: Connected to relay: wss://relay.damus.io Thu May 1 10:26:55 2025 daemon.info tollgate-basic[5244]: Subscription successful on relay wss://relay.damus.io Thu May 1 10:26:55 2025 daemon.info tollgate-basic[5244]: Subscribed to NIP-94 events on relay wss://relay.damus.io Thu May 1 10:31:42 2025 daemon.info tollgate-basic[5244]: Started the timer Thu May 1 10:31:42 2025 daemon.info tollgate-basic[5244]: Started the timer, NIP-94 timestamp: 1746095500, config timestamp: 1746094039 Thu May 1 10:31:42 2025 daemon.info tollgate-basic[5244]: Current timestamp 1746094039, current version 0.0.16+a75cb40 Thu May 1 10:31:42 2025 daemon.info tollgate-basic[5244]: Intersection: [basic-gl-mt3000-aarch64_cortex-a53.ipk-0.0.17+8739654] Thu May 1 10:31:42 2025 daemon.info tollgate-basic[5244]: Right Time Keys: [basic-gl-mt3000-aarch64_cortex-a53.ipk-0.0.16+a75cb40 basic-gl-mt3000-aarch64_cortex-a53.ipk-0.0.17+8739654] Thu May 1 10:31:42 2025 daemon.info tollgate-basic[5244]: Right Branch Keys: [basic-gl-mt3000-aarch64_cortex-a53.ipk-0.0.16+a75cb40 basic-gl-mt3000-aarch64_cortex-a53.ipk-0.0.17+8739654] Thu May 1 10:31:42 2025 daemon.info tollgate-basic[5244]: Right Arch Keys count: 98 Thu May 1 10:31:42 2025 daemon.info tollgate-basic[5244]: Right Version Keys: [basic-gl-mt3000-aarch64_cortex-a53.ipk-0.0.17+8739654] Thu May 1 10:31:52 2025 daemon.err tollgate-basic[5244]: 2025/05/01 10:31:52.497802 Timeout reached, checking for new versions Thu May 1 10:31:52 2025 daemon.info tollgate-basic[5244]: Sorted Qualifying Events Keys: [basic-gl-mt3000-aarch64_cortex-a53.ipk-0.0.17+8739654] Thu May 1 10:31:52 2025 daemon.info tollgate-basic[5244]: Newer package version available: 0.0.17+8739654 Thu May 1 10:31:52 2025 daemon.info tollgate-basic[5244]: Downloading package from https://blossom.swissdash.site/64dd86e18d9a71b7850b5ec70d18124528fafba51b5cc601812137d93a7fabec.ipk to /tmp/64dd86e18d9a71b7850b5ec70d18124528fafba51b5cc601812137d93a7fabec.ipk Thu May 1 10:32:12 2025 daemon.info tollgate-basic[5244]: Package downloaded successfully to /tmp/ Thu May 1 10:32:12 2025 daemon.err tollgate-basic[5244]: 2025/05/01 10:32:12.994157 Verifying package checksum Thu May 1 10:32:13 2025 daemon.err tollgate-basic[5244]: 2025/05/01 10:32:13.003639 Package checksum verified successfully Thu May 1 10:32:13 2025 daemon.info tollgate-basic[5244]: New package version 0.0.17+8739654 is ready to be installed by cronjob

Now the config file reflects that we are running version 0.0.17: root@OpenWrt:~# cat /etc/tollgate/config.json { "accepted_mint": "https://mint.minibits.cash/Bitcoin", "bragging": { "enabled": true, "fields": [ "amount", "mint", "duration" ] }, "min_payment": 1, "mint_fee": 0, "package_info": { "arch": "aarch64_cortex-a53", "branch": "multiple_mints", "timestamp": 1746095417, "version": "0.0.17+8739654" }, "price_per_minute": 1, "relays": [ "wss://relay.damus.io", "wss://nos.lol", "wss://nostr.mom" ], "tollgate_private_key": "8a45d0add1c7ddf668f9818df550edfa907ae8ea59d6581a4ca07473d468d663", "trusted_maintainers": [ "5075e61f0b048148b60105c1dd72bbeae1957336ae5824087e52efa374f8416a" ], "update_path": null }

Now that can deploy new versions easily, lets use this tooling to deploy features that users requested :)