Remove wireguard feature flag and pass runtime enabled flag

.github/workflows/ci-build-upload-binaries.yml

@@ -62,10 +62,6 @@ jobs:
           echo 'RUSTFLAGS="--cfg tokio_unstable"' >> $GITHUB_ENV
         if: github.event_name == 'workflow_dispatch' && inputs.add_tokio_unstable == true
 
-      - name: Set CARGO_FEATURES
-        run: |
-          echo 'CARGO_FEATURES=--features wireguard' >> $GITHUB_ENV
-
       - name: Install Rust stable
         uses: actions-rs/toolchain@v1
         with:

.github/workflows/ci-build.yml

@@ -73,40 +73,38 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: build
-          # Enable wireguard by default on linux only
-          args: --workspace --features wireguard
 
       - name: Build all examples
         if: matrix.os == 'custom-linux'
         uses: actions-rs/cargo@v1
         with:
           command: build
-          args: --workspace --examples --features wireguard
+          args: --workspace --examples
 
       - name: Run all tests
         if: matrix.os == 'custom-linux'
         uses: actions-rs/cargo@v1
         with:
           command: test
-          args: --workspace --features wireguard
+          args: --workspace
 
       - name: Run expensive tests
         if: (github.ref == 'refs/heads/develop' || github.event.pull_request.base.ref == 'develop' || github.event.pull_request.base.ref == 'master') && matrix.os == 'custom-linux'
         uses: actions-rs/cargo@v1
         with:
           command: test
-          args: --workspace --features wireguard -- --ignored
+          args: --workspace -- --ignored
 
       - name: Annotate with clippy checks
         if: matrix.os == 'custom-linux'
         uses: actions-rs/clippy-check@v1
         continue-on-error: true
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          args: --workspace --features wireguard
+          args: --workspace
 
       - name: Clippy
         uses: actions-rs/cargo@v1
         with:
           command: clippy
-          args: --workspace --all-targets --features wireguard -- -D warnings
+          args: --workspace --all-targets  -- -D warnings

.github/workflows/publish-nym-binaries.yml

@@ -51,10 +51,6 @@ jobs:
           echo 'RUSTFLAGS="--cfg tokio_unstable"' >> $GITHUB_ENV
         if: github.event_name == 'workflow_dispatch' && inputs.add_tokio_unstable == true
 
-      - name: Set CARGO_FEATURES
-        run: |
-          echo 'CARGO_FEATURES=--features wireguard' >> $GITHUB_ENV
-
       - name: Install Rust stable
         uses: actions-rs/toolchain@v1
         with:

common/gateway-storage/Cargo.toml

@@ -10,8 +10,8 @@ license.workspace = true
 
 [dependencies]
 async-trait = { workspace = true }
-bincode = { workspace = true, optional = true }
-defguard_wireguard_rs = { workspace = true, optional = true }
+bincode = { workspace = true }
+defguard_wireguard_rs = { workspace = true }
 log = { workspace = true }
 sqlx = { workspace = true, features = [
     "runtime-tokio-rustls",
@@ -36,6 +36,3 @@ sqlx = { workspace = true, features = [
     "macros",
     "migrate",
 ] }
-
-[features]
-wireguard = ["defguard_wireguard_rs", "bincode"]

common/gateway-storage/src/lib.rs

@@ -25,7 +25,6 @@ mod inboxes;
 pub(crate) mod models;
 mod shared_keys;
 mod tickets;
-#[cfg(feature = "wireguard")]
 mod wireguard_peers;
 
 #[async_trait]
@@ -217,7 +216,6 @@ pub trait Storage: Send + Sync {
     ///
     /// * `peer`: wireguard peer data to be stored
     /// * `suspended`: if peer exists, but it's currently suspended
-    #[cfg(feature = "wireguard")]
     async fn insert_wireguard_peer(
         &self,
         peer: &defguard_wireguard_rs::host::Peer,
@@ -229,22 +227,19 @@ pub trait Storage: Send + Sync {
     /// # Arguments
     ///
     /// * `peer_public_key`: wireguard public key of the peer to be retrieved.
-    #[cfg(feature = "wireguard")]
     async fn get_wireguard_peer(
         &self,
         peer_public_key: &str,
     ) -> Result<Option<WireguardPeer>, StorageError>;
 
     /// Retrieves all wireguard peers.
-    #[cfg(feature = "wireguard")]
     async fn get_all_wireguard_peers(&self) -> Result<Vec<WireguardPeer>, StorageError>;
 
     /// Remove a wireguard peer from the storage.
     ///
     /// # Arguments
     ///
     /// * `peer_public_key`: wireguard public key of the peer to be removed.
-    #[cfg(feature = "wireguard")]
     async fn remove_wireguard_peer(&self, peer_public_key: &str) -> Result<(), StorageError>;
 }
 
@@ -255,7 +250,6 @@ pub struct PersistentStorage {
     inbox_manager: InboxManager,
     bandwidth_manager: BandwidthManager,
     ticket_manager: TicketStorageManager,
-    #[cfg(feature = "wireguard")]
     wireguard_peer_manager: wireguard_peers::WgPeerManager,
 }
 
@@ -300,7 +294,6 @@ impl PersistentStorage {
 
         // the cloning here are cheap as connection pool is stored behind an Arc
         Ok(PersistentStorage {
-            #[cfg(feature = "wireguard")]
             wireguard_peer_manager: wireguard_peers::WgPeerManager::new(connection_pool.clone()),
             shared_key_manager: SharedKeysManager::new(connection_pool.clone()),
             inbox_manager: InboxManager::new(connection_pool.clone(), message_retrieval_limit),
@@ -620,7 +613,6 @@ impl Storage for PersistentStorage {
         Ok(self.ticket_manager.get_epoch_signers(epoch_id).await?)
     }
 
-    #[cfg(feature = "wireguard")]
     async fn insert_wireguard_peer(
         &self,
         peer: &defguard_wireguard_rs::host::Peer,
@@ -632,7 +624,6 @@ impl Storage for PersistentStorage {
         Ok(())
     }
 
-    #[cfg(feature = "wireguard")]
     async fn get_wireguard_peer(
         &self,
         peer_public_key: &str,
@@ -644,13 +635,11 @@ impl Storage for PersistentStorage {
         Ok(peer)
     }
 
-    #[cfg(feature = "wireguard")]
     async fn get_all_wireguard_peers(&self) -> Result<Vec<WireguardPeer>, StorageError> {
         let ret = self.wireguard_peer_manager.retrieve_all_peers().await?;
         Ok(ret)
     }
 
-    #[cfg(feature = "wireguard")]
     async fn remove_wireguard_peer(&self, peer_public_key: &str) -> Result<(), StorageError> {
         self.wireguard_peer_manager
             .remove_peer(peer_public_key)

common/gateway-storage/src/models.rs

@@ -72,7 +72,6 @@ impl TryFrom<UnverifiedTicketData> for ClientTicket {
     }
 }
 
-#[cfg(feature = "wireguard")]
 #[derive(Debug, Clone, FromRow)]
 pub struct WireguardPeer {
     pub public_key: String,
@@ -87,7 +86,6 @@ pub struct WireguardPeer {
     pub suspended: bool,
 }
 
-#[cfg(feature = "wireguard")]
 impl From<defguard_wireguard_rs::host::Peer> for WireguardPeer {
     fn from(value: defguard_wireguard_rs::host::Peer) -> Self {
         WireguardPeer {
@@ -120,7 +118,6 @@ impl From<defguard_wireguard_rs::host::Peer> for WireguardPeer {
     }
 }
 
-#[cfg(feature = "wireguard")]
 impl TryFrom<WireguardPeer> for defguard_wireguard_rs::host::Peer {
     type Error = crate::error::StorageError;
 

common/wireguard/Cargo.toml

@@ -23,7 +23,7 @@ x25519-dalek = { workspace = true }
 ip_network = { workspace = true }
 log.workspace = true
 nym-crypto = { path = "../crypto", features = ["asymmetric"] }
-nym-gateway-storage = { path = "../gateway-storage", features = ["wireguard"] }
+nym-gateway-storage = { path = "../gateway-storage" }
 nym-network-defaults = { path = "../network-defaults" }
 nym-task = { path = "../task" }
 nym-wireguard-types = { path = "../wireguard-types" }

gateway/Cargo.toml

@@ -93,10 +93,10 @@ nym-types = { path = "../common/types" }
 nym-validator-client = { path = "../common/client-libs/validator-client" }
 nym-ip-packet-router = { path = "../service-providers/ip-packet-router" }
 
-nym-wireguard = { path = "../common/wireguard", optional = true }
+nym-wireguard = { path = "../common/wireguard" }
 nym-wireguard-types = { path = "../common/wireguard-types", default-features = false }
 
-defguard_wireguard_rs = { workspace = true, optional = true }
+defguard_wireguard_rs = { workspace = true }
 
 
 [build-dependencies]
@@ -109,11 +109,6 @@ sqlx = { workspace = true, features = [
 ] }
 
 [features]
-wireguard = [
-    "nym-wireguard",
-    "defguard_wireguard_rs",
-    "nym-gateway-storage/wireguard",
-]
 bin-deps = ["clap", 'nym-bin-common/output_format']
 
 [package.metadata.deb]

gateway/src/error.rs

@@ -199,13 +199,11 @@ pub enum GatewayError {
     #[error("the current multisig contract is not using 'AbsolutePercentage' threshold!")]
     InvalidMultisigThreshold,
 
-    #[cfg(all(feature = "wireguard", target_os = "linux"))]
     #[error("failed to remove wireguard interface: {0}")]
     WireguardInterfaceError(#[from] defguard_wireguard_rs::error::WireguardInterfaceError),
 
-    #[cfg(all(feature = "wireguard", target_os = "linux"))]
-    #[error("wireguard not set")]
-    WireguardNotSet,
+    #[error("internal wireguard error {0}")]
+    InternalWireguardError(String),
 
     #[error("failed to start authenticator: {source}")]
     AuthenticatorStartError {

gateway/src/node/mod.rs

@@ -50,7 +50,6 @@ struct StartedNetworkRequester {
 // TODO: should this struct live here?
 #[allow(unused)]
 struct StartedAuthenticator {
-    #[cfg(feature = "wireguard")]
     wg_api: Arc<nym_wireguard::WgApiWrapper>,
 
     /// Handle to interact with the local authenticator
@@ -145,7 +144,6 @@ pub struct Gateway<St = PersistentStorage> {
 
     storage: St,
 
-    #[cfg(all(feature = "wireguard", target_os = "linux"))]
     wireguard_data: Option<nym_wireguard::WireguardData>,
 
     run_http_server: bool,
@@ -168,7 +166,6 @@ impl<St> Gateway<St> {
             network_requester_opts,
             ip_packet_router_opts,
             authenticator_opts: None,
-            #[cfg(all(feature = "wireguard", target_os = "linux"))]
             wireguard_data: None,
             run_http_server: true,
             task_client: None,
@@ -192,7 +189,6 @@ impl<St> Gateway<St> {
             identity_keypair,
             sphinx_keypair,
             storage,
-            #[cfg(all(feature = "wireguard", target_os = "linux"))]
             wireguard_data: None,
             run_http_server: true,
             task_client: None,
@@ -207,7 +203,6 @@ impl<St> Gateway<St> {
         self.task_client = Some(task_client)
     }
 
-    #[cfg(all(feature = "wireguard", target_os = "linux"))]
     pub fn set_wireguard_data(&mut self, wireguard_data: nym_wireguard::WireguardData) {
         self.wireguard_data = Some(wireguard_data)
     }
@@ -245,7 +240,7 @@ impl<St> Gateway<St> {
         mixnet_handling::Listener::new(listening_address, shutdown).start(connection_handler);
     }
 
-    #[cfg(all(feature = "wireguard", target_os = "linux"))]
+    #[cfg(target_os = "linux")]
     async fn start_authenticator(
         &mut self,
         forwarding_channel: MixForwardingSender,
@@ -317,11 +312,13 @@ impl<St> Gateway<St> {
                 handle: LocalEmbeddedClientHandle::new(start_data.address, auth_mix_sender),
             })
         } else {
-            Err(Box::new(GatewayError::WireguardNotSet))
+            Err(Box::new(GatewayError::InternalWireguardError(
+                "wireguard not set".to_string(),
+            )))
         }
     }
 
-    #[cfg(all(feature = "wireguard", not(target_os = "linux")))]
+    #[cfg(not(target_os = "linux"))]
     async fn start_authenticator(
         &self,
         _forwarding_channel: MixForwardingSender,
@@ -654,14 +651,15 @@ impl<St> Gateway<St> {
             info!("embedded ip packet router is disabled");
         };
 
-        #[cfg(feature = "wireguard")]
-        let _wg_api = {
+        let _wg_api = if self.wireguard_data.is_some() {
             let embedded_auth = self
                 .start_authenticator(mix_forwarding_channel, shutdown.fork("authenticator"))
                 .await
                 .map_err(|source| GatewayError::AuthenticatorStartError { source })?;
             active_clients_store.insert_embedded(embedded_auth.handle);
             Some(embedded_auth.wg_api)
+        } else {
+            None
         };
 
         if self.run_http_server {

nym-node/Cargo.toml

@@ -17,7 +17,7 @@ license = "GPL-3.0"
 anyhow.workspace = true
 bip39 = { workspace = true, features = ["zeroize"] }
 bs58.workspace = true
-celes = { workspace = true } # country codes
+celes = { workspace = true }                                  # country codes
 colored = { workspace = true }
 clap = { workspace = true, features = ["cargo", "env"] }
 humantime-serde = { workspace = true }
@@ -39,7 +39,10 @@ semver = { workspace = true }
 cupid = { workspace = true }
 sysinfo = { workspace = true }
 
-nym-bin-common = { path = "../common/bin-common", features = ["basic_tracing", "output_format"] }
+nym-bin-common = { path = "../common/bin-common", features = [
+    "basic_tracing",
+    "output_format",
+] }
 nym-client-core-config-types = { path = "../common/client-core/config-types" }
 nym-config = { path = "../common/config" }
 nym-crypto = { path = "../common/crypto", features = ["asymmetric", "rand"] }
@@ -62,6 +65,3 @@ nym-ip-packet-router = { path = "../service-providers/ip-packet-router" }
 [build-dependencies]
 # temporary bonding information v1 (to grab and parse nym-mixnode and nym-gateway package versions)
 cargo_metadata = { workspace = true }
-
-[features]
-wireguard = ["nym-gateway/wireguard"]

nym-node/src/node/mod.rs

@@ -580,8 +580,9 @@ impl NymNode {
         );
         entry_gateway.disable_http_server();
         entry_gateway.set_task_client(task_client);
-        #[cfg(all(feature = "wireguard", target_os = "linux"))]
-        entry_gateway.set_wireguard_data(self.wireguard.into());
+        if self.config.wireguard.enabled {
+            entry_gateway.set_wireguard_data(self.wireguard.into());
+        }
 
         tokio::spawn(async move {
             if let Err(err) = entry_gateway.run().await {
@@ -608,8 +609,9 @@ impl NymNode {
         );
         exit_gateway.disable_http_server();
         exit_gateway.set_task_client(task_client);
-        #[cfg(all(feature = "wireguard", target_os = "linux"))]
-        exit_gateway.set_wireguard_data(self.wireguard.into());
+        if self.config.wireguard.enabled {
+            exit_gateway.set_wireguard_data(self.wireguard.into());
+        }
 
         tokio::spawn(async move {
             if let Err(err) = exit_gateway.run().await {