coder
diff --git a/‎agent/agent.go
Lines changed: 1 addition & 1 deletion b/‎agent/agent.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎agent/api.go
Lines changed: 1 addition & 0 deletions b/‎agent/api.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎agent/health.go
Lines changed: 31 additions & 0 deletions b/‎agent/health.go
Lines changed: 31 additions & 0 deletions
diff --git a/‎cli/cliui/agent.go
Lines changed: 55 additions & 0 deletions b/‎cli/cliui/agent.go
Lines changed: 55 additions & 0 deletions
diff --git a/‎cli/cliui/agent_test.go
Lines changed: 129 additions & 0 deletions b/‎cli/cliui/agent_test.go
Lines changed: 129 additions & 0 deletions
diff --git a/‎cli/dotfiles.go
Lines changed: 4 additions & 8 deletions b/‎cli/dotfiles.go
Lines changed: 4 additions & 8 deletions
diff --git a/‎cli/dotfiles_test.go
Lines changed: 35 additions & 0 deletions b/‎cli/dotfiles_test.go
Lines changed: 35 additions & 0 deletions
@@ -1787,7 +1787,7 @@ func (a *agent) HandleHTTPDebugLogs(w http.ResponseWriter, r *http.Request) {
 	}
 	defer f.Close()
 
-	// Limit to 10MB.
+	// Limit to 10MiB.
 	w.WriteHeader(http.StatusOK)
 	_, err = io.Copy(w, io.LimitReader(f, 10*1024*1024))
 	if err != nil && !errors.Is(err, io.EOF) {
 
@@ -37,6 +37,7 @@ func (a *agent) apiHandler() http.Handler {
 	}
 	promHandler := PrometheusMetricsHandler(a.prometheusRegistry, a.logger)
 	r.Get("/api/v0/listening-ports", lp.handler)
+	r.Get("/api/v0/netcheck", a.HandleNetcheck)
 	r.Get("/debug/logs", a.HandleHTTPDebugLogs)
 	r.Get("/debug/magicsock", a.HandleHTTPDebugMagicsock)
 	r.Get("/debug/magicsock/debug-logging/{state}", a.HandleHTTPMagicsockDebugLoggingState)
 
@@ -0,0 +1,31 @@
+package agent
+
+import (
+	"net/http"
+
+	"github.com/coder/coder/v2/coderd/healthcheck/health"
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
+)
+
+func (a *agent) HandleNetcheck(rw http.ResponseWriter, r *http.Request) {
+	ni := a.TailnetConn().GetNetInfo()
+
+	ifReport, err := healthsdk.RunInterfacesReport()
+	if err != nil {
+		httpapi.Write(r.Context(), rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to run interfaces report",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	httpapi.Write(r.Context(), rw, http.StatusOK, healthsdk.AgentNetcheckReport{
+		BaseReport: healthsdk.BaseReport{
+			Severity: health.SeverityOK,
+		},
+		NetInfo:    ni,
+		Interfaces: ifReport,
+	})
+}
@@ -10,8 +10,11 @@ import (
 
 	"github.com/google/uuid"
 	"golang.org/x/xerrors"
+	"tailscale.com/tailcfg"
 
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/coder/v2/tailnet"
 )
 
@@ -346,3 +349,55 @@ func PeerDiagnostics(w io.Writer, d tailnet.PeerDiagnostics) {
 		_, _ = fmt.Fprint(w, "✘ Wireguard is not connected\n")
 	}
 }
+
+type ConnDiags struct {
+	ConnInfo        *workspacesdk.AgentConnectionInfo
+	PingP2P         bool
+	DisableDirect   bool
+	LocalNetInfo    *tailcfg.NetInfo
+	LocalInterfaces *healthsdk.InterfacesReport
+	AgentNetcheck   *healthsdk.AgentNetcheckReport
+	// TODO: More diagnostics
+}
+
+func ConnDiagnostics(w io.Writer, d ConnDiags) {
+	if d.AgentNetcheck != nil {
+		for _, msg := range d.AgentNetcheck.Interfaces.Warnings {
+			_, _ = fmt.Fprintf(w, "❗ Agent: %s\n", msg.Message)
+		}
+	}
+
+	if d.LocalInterfaces != nil {
+		for _, msg := range d.LocalInterfaces.Warnings {
+			_, _ = fmt.Fprintf(w, "❗ Client: %s\n", msg.Message)
+		}
+	}
+
+	if d.PingP2P {
+		_, _ = fmt.Fprint(w, "✔ You are connected directly (p2p)\n")
+		return
+	}
+	_, _ = fmt.Fprint(w, "❗ You are connected via a DERP relay, not directly (p2p)\n")
+
+	if d.DisableDirect {
+		_, _ = fmt.Fprint(w, "❗ Direct connections are disabled locally, by `--disable-direct` or `CODER_DISABLE_DIRECT`\n")
+		return
+	}
+
+	if d.ConnInfo != nil && d.ConnInfo.DisableDirectConnections {
+		_, _ = fmt.Fprint(w, "❗ Your Coder administrator has blocked direct connections\n")
+		return
+	}
+
+	if d.ConnInfo != nil && d.ConnInfo.DERPMap != nil && !d.ConnInfo.DERPMap.HasSTUN() {
+		_, _ = fmt.Fprint(w, "✘ The DERP map is not configured to use STUN, which will prevent direct connections from starting outside of local networks\n")
+	}
+
+	if d.LocalNetInfo != nil && d.LocalNetInfo.MappingVariesByDestIP.EqualBool(true) {
+		_, _ = fmt.Fprint(w, "❗ Client is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers\n")
+	}
+
+	if d.AgentNetcheck != nil && d.AgentNetcheck.NetInfo != nil && d.AgentNetcheck.NetInfo.MappingVariesByDestIP.EqualBool(true) {
+		_, _ = fmt.Fprint(w, "❗ Agent is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers\n")
+	}
+}
@@ -20,8 +20,11 @@ import (
 
 	"github.com/coder/coder/v2/cli/clitest"
 	"github.com/coder/coder/v2/cli/cliui"
+	"github.com/coder/coder/v2/coderd/healthcheck/health"
 	"github.com/coder/coder/v2/coderd/util/ptr"
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/coder/v2/tailnet"
 	"github.com/coder/coder/v2/testutil"
 	"github.com/coder/serpent"
@@ -672,3 +675,129 @@ func TestPeerDiagnostics(t *testing.T) {
 		})
 	}
 }
+
+func TestConnDiagnostics(t *testing.T) {
+	t.Parallel()
+	testCases := []struct {
+		name  string
+		diags cliui.ConnDiags
+		want  []string
+	}{
+		{
+			name: "Direct",
+			diags: cliui.ConnDiags{
+				ConnInfo:     &workspacesdk.AgentConnectionInfo{},
+				PingP2P:      true,
+				LocalNetInfo: &tailcfg.NetInfo{},
+			},
+			want: []string{
+				`✔ You are connected directly (p2p)`,
+			},
+		},
+		{
+			name: "DirectBlocked",
+			diags: cliui.ConnDiags{
+				ConnInfo: &workspacesdk.AgentConnectionInfo{
+					DisableDirectConnections: true,
+				},
+			},
+			want: []string{
+				`❗ You are connected via a DERP relay, not directly (p2p)`,
+				`❗ Your Coder administrator has blocked direct connections`,
+			},
+		},
+		{
+			name: "NoStun",
+			diags: cliui.ConnDiags{
+				ConnInfo: &workspacesdk.AgentConnectionInfo{
+					DERPMap: &tailcfg.DERPMap{},
+				},
+				LocalNetInfo: &tailcfg.NetInfo{},
+			},
+			want: []string{
+				`❗ You are connected via a DERP relay, not directly (p2p)`,
+				`✘ The DERP map is not configured to use STUN, which will prevent direct connections from starting outside of local networks`,
+			},
+		},
+		{
+			name: "ClientHardNat",
+			diags: cliui.ConnDiags{
+				LocalNetInfo: &tailcfg.NetInfo{
+					MappingVariesByDestIP: "true",
+				},
+			},
+			want: []string{
+				`❗ You are connected via a DERP relay, not directly (p2p)`,
+				`❗ Client is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers`,
+			},
+		},
+		{
+			name: "AgentHardNat",
+			diags: cliui.ConnDiags{
+				ConnInfo:     &workspacesdk.AgentConnectionInfo{},
+				PingP2P:      false,
+				LocalNetInfo: &tailcfg.NetInfo{},
+				AgentNetcheck: &healthsdk.AgentNetcheckReport{
+					NetInfo: &tailcfg.NetInfo{MappingVariesByDestIP: "true"},
+				},
+			},
+			want: []string{
+				`❗ You are connected via a DERP relay, not directly (p2p)`,
+				`❗ Agent is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers`,
+			},
+		},
+		{
+			name: "AgentInterfaceWarnings",
+			diags: cliui.ConnDiags{
+				PingP2P: true,
+				AgentNetcheck: &healthsdk.AgentNetcheckReport{
+					Interfaces: healthsdk.InterfacesReport{
+						BaseReport: healthsdk.BaseReport{
+							Warnings: []health.Message{
+								health.Messagef(health.CodeInterfaceSmallMTU, "network interface eth0 has MTU 1280, (less than 1378), which may cause problems with direct connections"),
+							},
+						},
+					},
+				},
+			},
+			want: []string{
+				`❗ Agent: network interface eth0 has MTU 1280, (less than 1378), which may cause problems with direct connections`,
+				`✔ You are connected directly (p2p)`,
+			},
+		},
+		{
+			name: "LocalInterfaceWarnings",
+			diags: cliui.ConnDiags{
+				PingP2P: true,
+				LocalInterfaces: &healthsdk.InterfacesReport{
+					BaseReport: healthsdk.BaseReport{
+						Warnings: []health.Message{
+							health.Messagef(health.CodeInterfaceSmallMTU, "network interface eth1 has MTU 1310, (less than 1378), which may cause problems with direct connections"),
+						},
+					},
+				},
+			},
+			want: []string{
+				`❗ Client: network interface eth1 has MTU 1310, (less than 1378), which may cause problems with direct connections`,
+				`✔ You are connected directly (p2p)`,
+			},
+		},
+	}
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			r, w := io.Pipe()
+			go func() {
+				defer w.Close()
+				cliui.ConnDiagnostics(w, tc.diags)
+			}()
+			bytes, err := io.ReadAll(r)
+			require.NoError(t, err)
+			output := string(bytes)
+			for _, want := range tc.want {
+				require.Contains(t, output, want)
+			}
+		})
+	}
+}
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"io/fs"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -184,7 +183,7 @@ func (r *RootCmd) dotfiles() *serpent.Command {
 				}
 			}
 
-			script := findScript(installScriptSet, files)
+			script := findScript(installScriptSet, dotfilesDir)
 			if script != "" {
 				_, err = cliui.Prompt(inv, cliui.PromptOptions{
 					Text:      fmt.Sprintf("Running install script %s.\n\n  Continue?", script),
@@ -361,15 +360,12 @@ func dirExists(name string) (bool, error) {
 }
 
 // findScript will find the first file that matches the script set.
-func findScript(scriptSet []string, files []fs.DirEntry) string {
+func findScript(scriptSet []string, directory string) string {
 	for _, i := range scriptSet {
-		for _, f := range files {
-			if f.Name() == i {
-				return f.Name()
-			}
+		if _, err := os.Stat(filepath.Join(directory, i)); err == nil {
+			return i
 		}
 	}
-
 	return ""
 }
 
 
@@ -142,6 +142,41 @@ func TestDotfiles(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, string(b), "wow\n")
 	})
+
+	t.Run("NestedInstallScript", func(t *testing.T) {
+		t.Parallel()
+		if runtime.GOOS == "windows" {
+			t.Skip("install scripts on windows require sh and aren't very practical")
+		}
+		_, root := clitest.New(t)
+		testRepo := testGitRepo(t, root)
+
+		scriptPath := filepath.Join("script", "setup")
+		err := os.MkdirAll(filepath.Join(testRepo, "script"), 0o750)
+		require.NoError(t, err)
+		// nolint:gosec
+		err = os.WriteFile(filepath.Join(testRepo, scriptPath), []byte("#!/bin/bash\necho wow > "+filepath.Join(string(root), ".bashrc")), 0o750)
+		require.NoError(t, err)
+
+		c := exec.Command("git", "add", scriptPath)
+		c.Dir = testRepo
+		err = c.Run()
+		require.NoError(t, err)
+
+		c = exec.Command("git", "commit", "-m", `"add script"`)
+		c.Dir = testRepo
+		err = c.Run()
+		require.NoError(t, err)
+
+		inv, _ := clitest.New(t, "dotfiles", "--global-config", string(root), "--symlink-dir", string(root), "-y", testRepo)
+		err = inv.Run()
+		require.NoError(t, err)
+
+		b, err := os.ReadFile(filepath.Join(string(root), ".bashrc"))
+		require.NoError(t, err)
+		require.Equal(t, string(b), "wow\n")
+	})
+
 	t.Run("InstallScriptChangeBranch", func(t *testing.T) {
 		t.Parallel()
 		if runtime.GOOS == "windows" {
Original file line number	Diff line number	Diff line change
`@@ -1787,7 +1787,7 @@ func (a agent) HandleHTTPDebugLogs(w http.ResponseWriter, r http.Request) {`
`1787`	`1787`	`}`
`1788`	`1788`	`defer f.Close()`
`1789`	`1789`
`1790`		`- // Limit to 10MB.`
	`1790`	`+ // Limit to 10MiB.`
`1791`	`1791`	`w.WriteHeader(http.StatusOK)`
`1792`	`1792`	`_, err = io.Copy(w, io.LimitReader(f, 1010241024))`
`1793`	`1793`	`if err != nil && !errors.Is(err, io.EOF) {`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ func (a *agent) apiHandler() http.Handler {`
`37`	`37`	`}`
`38`	`38`	`promHandler := PrometheusMetricsHandler(a.prometheusRegistry, a.logger)`
`39`	`39`	`r.Get("/api/v0/listening-ports", lp.handler)`
	`40`	`+ r.Get("/api/v0/netcheck", a.HandleNetcheck)`
`40`	`41`	`r.Get("/debug/logs", a.HandleHTTPDebugLogs)`
`41`	`42`	`r.Get("/debug/magicsock", a.HandleHTTPDebugMagicsock)`
`42`	`43`	`r.Get("/debug/magicsock/debug-logging/{state}", a.HandleHTTPMagicsockDebugLoggingState)`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ import (`
`4`	`4`	`"bytes"`
`5`	`5`	`"errors"`
`6`	`6`	`"fmt"`
`7`		`- "io/fs"`
`8`	`7`	`"os"`
`9`	`8`	`"os/exec"`
`10`	`9`	`"path/filepath"`
`@@ -184,7 +183,7 @@ func (r RootCmd) dotfiles() serpent.Command {`
`184`	`183`	`}`
`185`	`184`	`}`
`186`	`185`
`187`		`- script := findScript(installScriptSet, files)`
	`186`	`+ script := findScript(installScriptSet, dotfilesDir)`
`188`	`187`	`if script != "" {`
`189`	`188`	`_, err = cliui.Prompt(inv, cliui.PromptOptions{`
`190`	`189`	`Text: fmt.Sprintf("Running install script %s.\n\n Continue?", script),`
`@@ -361,15 +360,12 @@ func dirExists(name string) (bool, error) {`
`361`	`360`	`}`
`362`	`361`
`363`	`362`	`// findScript will find the first file that matches the script set.`
`364`		`-func findScript(scriptSet []string, files []fs.DirEntry) string {`
	`363`	`+func findScript(scriptSet []string, directory string) string {`
`365`	`364`	`for _, i := range scriptSet {`
`366`		`- for _, f := range files {`
`367`		`- if f.Name() == i {`
`368`		`- return f.Name()`
`369`		`- }`
	`365`	`+ if _, err := os.Stat(filepath.Join(directory, i)); err == nil {`
	`366`	`+ return i`
`370`	`367`	`}`
`371`	`368`	`}`
`372`		`-`
`373`	`369`	`return ""`
`374`	`370`	`}`
`375`	`371`