From a1bb20799d4f3ff895acec8423f2541fc57a28d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= <adam@defguard.net>
Date: Tue, 26 Aug 2025 11:55:06 +0200
Subject: [PATCH 1/2] Better config parsing

---
 src/config.rs                  | 16 ++++++++++++++--
 src/enterprise/firewall/mod.rs |  1 +
 src/main.rs                    |  4 ++--
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index 87d42a5a..00445ffa 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -6,11 +6,20 @@ use toml;
 
 use crate::error::GatewayError;
 
+fn default_log_level() -> String {
+    String::from("info")
+}
+
+fn default_syslog_socket() -> PathBuf {
+    PathBuf::from("/var/run/log")
+}
+
 #[derive(Debug, Parser, Clone, Deserialize)]
 #[clap(about = "Defguard VPN gateway service")]
 #[command(version)]
 pub struct Config {
     #[arg(long, short = 'l', env = "DEFGUARD_LOG_LEVEL", default_value = "info")]
+    #[serde(default = "default_log_level")]
     pub log_level: String,
 
     /// Token received from Defguard after completing the network wizard
@@ -21,6 +30,7 @@ pub struct Config {
         env = "DEFGUARD_TOKEN",
         default_value = ""
     )]
+    #[serde(default)]
     pub token: String,
 
     #[arg(long, env = "DEFGUARD_GATEWAY_NAME")]
@@ -34,6 +44,7 @@ pub struct Config {
         env = "DEFGUARD_GRPC_URL",
         default_value = ""
     )]
+    #[serde(default)]
     pub grpc_url: String,
 
     /// Use userspace WireGuard implementation e.g. wireguard-go
@@ -66,6 +77,7 @@ pub struct Config {
 
     /// Syslog socket path
     #[arg(long, default_value = "/var/run/log")]
+    #[serde(default = "default_syslog_socket")]
     pub syslog_socket: PathBuf,
 
     /// Configuration file path
@@ -116,7 +128,7 @@ pub struct Config {
 impl Default for Config {
     fn default() -> Self {
         Self {
-            log_level: "info".to_string(),
+            log_level: "info".into(),
             token: "TOKEN".into(),
             name: None,
             grpc_url: "http://localhost:50051".into(),
@@ -150,7 +162,7 @@ pub fn get_config() -> Result<Config, GatewayError> {
     if let Some(config_path) = cli_config.config_path {
         let config_toml = fs::read_to_string(config_path)
             .map_err(|err| GatewayError::InvalidConfigFile(err.to_string()))?;
-        let file_config: Config = toml::from_str(&config_toml)
+        let file_config = toml::from_str(&config_toml)
             .map_err(|err| GatewayError::InvalidConfigFile(err.message().to_string()))?;
         return Ok(file_config);
     }
diff --git a/src/enterprise/firewall/mod.rs b/src/enterprise/firewall/mod.rs
index 4d93ad4c..e078af43 100644
--- a/src/enterprise/firewall/mod.rs
+++ b/src/enterprise/firewall/mod.rs
@@ -382,6 +382,7 @@ pub enum FirewallError {
 ///
 /// - In IPv4 this is the broadcast address.
 /// - In IPv6 this is just the last address in the network.
+#[must_use]
 pub fn max_address(network: &IpNetwork) -> IpAddr {
     match network {
         IpNetwork::V4(network) => {
diff --git a/src/main.rs b/src/main.rs
index def54a2e..b9149666 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -31,8 +31,8 @@ async fn main() -> Result<(), GatewayError> {
         }
     } else {
         let version = Version::parse(VERSION)?;
-        defguard_version::tracing::init(version, &config.log_level.to_string())?
-    };
+        defguard_version::tracing::init(version, &config.log_level)?;
+    }
 
     if let Some(pre_up) = &config.pre_up {
         log::info!("Executing specified PRE_UP command: {pre_up}");

From 2ce953901c02cd957968ae4444359a4159f1d4ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= <adam@defguard.net>
Date: Tue, 26 Aug 2025 12:40:12 +0200
Subject: [PATCH 2/2] Run cargo deny

---
 .github/workflows/ci.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ba41d349..629c753d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,7 +5,7 @@ on:
     branches:
       - main
       - dev
-      - 'release/**'
+      - "release/**"
     paths-ignore:
       - "*.md"
       - "LICENSE"
@@ -13,7 +13,7 @@ on:
     branches:
       - main
       - dev
-      - 'release/**'
+      - "release/**"
     paths-ignore:
       - "*.md"
       - "LICENSE"
@@ -30,25 +30,34 @@ jobs:
     steps:
       - name: Debug
         run: echo ${{ github.ref_name }}
+
       - name: Checkout
         uses: actions/checkout@v4
         with:
           submodules: recursive
+
       - name: Cache
         uses: Swatinem/rust-cache@v2
         with:
           key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
       - name: Install dependencies
         run: apt-get update && apt-get -y install protobuf-compiler libnftnl-dev libmnl-dev
+
       - name: Check format
         run: |
           rustup component add rustfmt
           cargo fmt -- --check
+
       - name: Run clippy linter
         run: |
           rustup component add clippy
           cargo clippy --all-targets --all-features -- -D warnings
+
       - name: Run cargo deny
-        uses: EmbarkStudios/cargo-deny-action@v2
+        run: |
+          cargo install cargo-deny
+          cargo deny check
+
       - name: Run tests
         run: cargo test --locked --no-fail-fast