Let's build a tunnel to California!
User story
I am the new owner of a Librem 5 phone. When I switch it on for the first time, I want to enter my Librem One credentials, so that I can activate my Librem Tunnel service.
Proposed workflow
- Start device, connect to WLAN
- Select "Librem One" from "Online Accounts"
- Enter Librem One credentials (address + passphrase)
- Default tunnel appears in VPN list
- Activate tunnel
Edge cases
- No WLAN
- No tunnel service (Basic account, or Tunnel not activated)
Proposed implementation steps
Online Accounts: Store Librem One credentials
-
Librem One must appear in "Initial Setup" / "Online Accounts"
- Find resources in https://source.puri.sm/liberty/ldh_gui_suite
-
Prompt for credentials
Librem One address
andPassphrase
-
Store credentials in GNOME Online Accounts as primary Librem One account
-
Trigger creation of default tunnel
Liberty CLI: Create default tunnel
Requires internet access
-
Invoke
liberty setup tunnel
-
Retrieve credentials of primary Librem One account from GNOME Keyring
-
Use credentials to retrieve default tunnel file and tunnel credentials
-
Add default tunnel to VPN list
Shell: Activate tunnel
Requires internet access
-
Click on VPN list.
-
Activate default tunnel.
Notes
-
If there is no internet access OR the attempt to setup the default tunnel fails, the credentials must still be stored. The default tunnel cannot appear in the VPN list.
-
We will provide an alternate GUI to set up the default tunnel after initial setup. Both the CLI and GUI will be extended to add additional tunnel endpoints.
-
We should be able to store multiple credentials in GOA. Only one set of credentials can be the primary (default) account.