diff --git a/VERSION b/VERSION index 78a3e6e..ed453e6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.55 +1.0.56 diff --git a/cmd/edgeguard-api/main.go b/cmd/edgeguard-api/main.go index 2982543..ad8b589 100644 --- a/cmd/edgeguard-api/main.go +++ b/cmd/edgeguard-api/main.go @@ -48,7 +48,7 @@ import ( wgsvc "git.netcell-it.de/projekte/edgeguard-native/internal/services/wireguard" ) -var version = "1.0.55" +var version = "1.0.56" func main() { addr := os.Getenv("EDGEGUARD_API_ADDR") diff --git a/cmd/edgeguard-ctl/main.go b/cmd/edgeguard-ctl/main.go index ed0b094..bfc6dc8 100644 --- a/cmd/edgeguard-ctl/main.go +++ b/cmd/edgeguard-ctl/main.go @@ -9,7 +9,7 @@ import ( "os" ) -var version = "1.0.55" +var version = "1.0.56" const usage = `edgeguard-ctl — EdgeGuard CLI diff --git a/cmd/edgeguard-scheduler/main.go b/cmd/edgeguard-scheduler/main.go index fd7901c..0a881d0 100644 --- a/cmd/edgeguard-scheduler/main.go +++ b/cmd/edgeguard-scheduler/main.go @@ -24,7 +24,7 @@ import ( "git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts" ) -var version = "1.0.55" +var version = "1.0.56" const ( // renewTickInterval — how often we re-evaluate expiring certs. diff --git a/internal/haproxy/haproxy.cfg.tpl b/internal/haproxy/haproxy.cfg.tpl index aa86b86..09ded16 100644 --- a/internal/haproxy/haproxy.cfg.tpl +++ b/internal/haproxy/haproxy.cfg.tpl @@ -98,6 +98,6 @@ backend eg_backend_{{$b.ID}} http-check send meth GET uri {{$b.HealthCheckPath}} {{- end}} {{- range $s := $b.Servers}} - server {{$s.Name | safeID}} {{$s.Address}}:{{$s.Port}}{{if eq $b.Scheme "https"}} ssl verify none alpn h2,http/1.1{{end}}{{if $b.HealthCheckPath}} check inter 5s{{end}} weight {{$s.Weight}}{{if $s.Backup}} backup{{end}} + server {{$s.Name | safeID}} {{$s.Address}}:{{$s.Port}}{{if eq $b.Scheme "https"}} ssl verify none alpn h2,http/1.1{{end}}{{if $b.HealthCheckPath}} check inter 5s{{if eq $b.Scheme "https"}} check-alpn http/1.1{{end}}{{end}} weight {{$s.Weight}}{{if $s.Backup}} backup{{end}} {{- end}} {{- end}} diff --git a/internal/haproxy/haproxy_test.go b/internal/haproxy/haproxy_test.go index 91a7aa5..b526817 100644 --- a/internal/haproxy/haproxy_test.go +++ b/internal/haproxy/haproxy_test.go @@ -102,6 +102,48 @@ func TestRender_HealthCheckPathAddsCheckInter(t *testing.T) { } } +func TestRender_HTTPSHealthcheckPinsAlpnHTTP1(t *testing.T) { + // L7TOUT-Bug: ohne `check-alpn http/1.1` handelt der Check h2 + // aus (vom server-Stmt geerbt) und hängt, weil option httpchk + // HTTP/1.x sendet. Test stellt sicher dass HTTPS+Healthcheck + // das ALPN für den Check pinnt. + hcp := "/" + v := View{ + Backends: []BackendView{ + { + Backend: models.Backend{ID: 9, Name: "tls-app", Scheme: "https", + LBAlgorithm: "roundrobin", HealthCheckPath: &hcp, Active: true}, + Servers: []models.BackendServer{ + {BackendID: 9, Name: "tls-1", Address: "10.0.0.30", Port: 8443, Weight: 100, Active: true}, + }, + }, + { + // Gegenprobe: HTTP-Backend mit Healthcheck darf KEIN + // check-alpn bekommen (ALPN gibt's nur bei SSL). + Backend: models.Backend{ID: 10, Name: "plain-app", Scheme: "http", + LBAlgorithm: "roundrobin", HealthCheckPath: &hcp, Active: true}, + Servers: []models.BackendServer{ + {BackendID: 10, Name: "plain-1", Address: "10.0.0.31", Port: 80, Weight: 100, Active: true}, + }, + }, + }, + } + out := renderView(t, v) + idxTLS := strings.Index(out, "backend eg_backend_9") + idxPlain := strings.Index(out, "backend eg_backend_10") + if idxTLS < 0 || idxPlain < 0 { + t.Fatalf("backend sections missing:\n%s", out) + } + tlsBlock := out[idxTLS:idxPlain] + plainBlock := out[idxPlain:] + if !strings.Contains(tlsBlock, "check-alpn http/1.1") { + t.Errorf("HTTPS+healthcheck soll check-alpn http/1.1 pinnen:\n%s", tlsBlock) + } + if strings.Contains(plainBlock, "check-alpn") { + t.Errorf("HTTP-Backend darf KEIN check-alpn bekommen:\n%s", plainBlock) + } +} + func TestRender_WebSocketEmitsTunnelTimeout(t *testing.T) { v := View{ Backends: []BackendView{ diff --git a/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL0UUMJng.woff2 b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL0UUMJng.woff2 new file mode 100644 index 0000000..dc5ca24 Binary files /dev/null and b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL0UUMJng.woff2 differ diff --git a/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL1UUMJng.woff2 b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL1UUMJng.woff2 new file mode 100644 index 0000000..61f564f Binary files /dev/null and b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL1UUMJng.woff2 differ diff --git a/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL2UUMJng.woff2 b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL2UUMJng.woff2 new file mode 100644 index 0000000..375ea9b Binary files /dev/null and b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL2UUMJng.woff2 differ diff --git a/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL3UUMJng.woff2 b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL3UUMJng.woff2 new file mode 100644 index 0000000..ebbb0f3 Binary files /dev/null and b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL3UUMJng.woff2 differ diff --git a/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL5UUM.woff2 b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL5UUM.woff2 new file mode 100644 index 0000000..35c9ff4 Binary files /dev/null and b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL5UUM.woff2 differ diff --git a/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL6UUMJng.woff2 b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL6UUMJng.woff2 new file mode 100644 index 0000000..4993e8e Binary files /dev/null and b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL6UUMJng.woff2 differ diff --git a/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL9UUMJng.woff2 b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL9UUMJng.woff2 new file mode 100644 index 0000000..54c5df5 Binary files /dev/null and b/management-ui/public/fonts/UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL9UUMJng.woff2 differ diff --git a/management-ui/public/fonts/UcCo3FwrK3iLTcvhYwYL8g.woff2 b/management-ui/public/fonts/UcCo3FwrK3iLTcvhYwYL8g.woff2 new file mode 100644 index 0000000..12f574a Binary files /dev/null and b/management-ui/public/fonts/UcCo3FwrK3iLTcvhYwYL8g.woff2 differ diff --git a/management-ui/public/fonts/UcCo3FwrK3iLTcviYwY.woff2 b/management-ui/public/fonts/UcCo3FwrK3iLTcviYwY.woff2 new file mode 100644 index 0000000..b0d0e2e Binary files /dev/null and b/management-ui/public/fonts/UcCo3FwrK3iLTcviYwY.woff2 differ diff --git a/management-ui/public/fonts/UcCo3FwrK3iLTcvmYwYL8g.woff2 b/management-ui/public/fonts/UcCo3FwrK3iLTcvmYwYL8g.woff2 new file mode 100644 index 0000000..fff3b01 Binary files /dev/null and b/management-ui/public/fonts/UcCo3FwrK3iLTcvmYwYL8g.woff2 differ diff --git a/management-ui/public/fonts/UcCo3FwrK3iLTcvsYwYL8g.woff2 b/management-ui/public/fonts/UcCo3FwrK3iLTcvsYwYL8g.woff2 new file mode 100644 index 0000000..a0125fa Binary files /dev/null and b/management-ui/public/fonts/UcCo3FwrK3iLTcvsYwYL8g.woff2 differ diff --git a/management-ui/public/fonts/UcCo3FwrK3iLTcvtYwYL8g.woff2 b/management-ui/public/fonts/UcCo3FwrK3iLTcvtYwYL8g.woff2 new file mode 100644 index 0000000..79ac1ef Binary files /dev/null and b/management-ui/public/fonts/UcCo3FwrK3iLTcvtYwYL8g.woff2 differ diff --git a/management-ui/public/fonts/UcCo3FwrK3iLTcvuYwYL8g.woff2 b/management-ui/public/fonts/UcCo3FwrK3iLTcvuYwYL8g.woff2 new file mode 100644 index 0000000..d5d43af Binary files /dev/null and b/management-ui/public/fonts/UcCo3FwrK3iLTcvuYwYL8g.woff2 differ diff --git a/management-ui/public/fonts/UcCo3FwrK3iLTcvvYwYL8g.woff2 b/management-ui/public/fonts/UcCo3FwrK3iLTcvvYwYL8g.woff2 new file mode 100644 index 0000000..cc9d563 Binary files /dev/null and b/management-ui/public/fonts/UcCo3FwrK3iLTcvvYwYL8g.woff2 differ diff --git a/management-ui/public/fonts/inter.css b/management-ui/public/fonts/inter.css new file mode 100644 index 0000000..14df3fa --- /dev/null +++ b/management-ui/public/fonts/inter.css @@ -0,0 +1,252 @@ +/* cyrillic-ext */ +@font-face { + font-family: 'Inter'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL0UUMJng.woff2) format('woff2'); + unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F; +} +/* cyrillic */ +@font-face { + font-family: 'Inter'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL9UUMJng.woff2) format('woff2'); + unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116; +} +/* greek-ext */ +@font-face { + font-family: 'Inter'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL1UUMJng.woff2) format('woff2'); + unicode-range: U+1F00-1FFF; +} +/* greek */ +@font-face { + font-family: 'Inter'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL6UUMJng.woff2) format('woff2'); + unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF; +} +/* vietnamese */ +@font-face { + font-family: 'Inter'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL2UUMJng.woff2) format('woff2'); + unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB; +} +/* latin-ext */ +@font-face { + font-family: 'Inter'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL3UUMJng.woff2) format('woff2'); + unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF; +} +/* latin */ +@font-face { + font-family: 'Inter'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(UcC53FwrK3iLTcvneQg7B5iqpJlhKnPCkaL5UUM.woff2) format('woff2'); + unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD; +} +/* cyrillic-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(UcCo3FwrK3iLTcvvYwYL8g.woff2) format('woff2'); + unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F; +} +/* cyrillic */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(UcCo3FwrK3iLTcvmYwYL8g.woff2) format('woff2'); + unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116; +} +/* greek-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(UcCo3FwrK3iLTcvuYwYL8g.woff2) format('woff2'); + unicode-range: U+1F00-1FFF; +} +/* greek */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(UcCo3FwrK3iLTcvhYwYL8g.woff2) format('woff2'); + unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF; +} +/* vietnamese */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(UcCo3FwrK3iLTcvtYwYL8g.woff2) format('woff2'); + unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB; +} +/* latin-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(UcCo3FwrK3iLTcvsYwYL8g.woff2) format('woff2'); + unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF; +} +/* latin */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(UcCo3FwrK3iLTcviYwY.woff2) format('woff2'); + unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD; +} +/* cyrillic-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 500; + font-display: swap; + src: url(UcCo3FwrK3iLTcvvYwYL8g.woff2) format('woff2'); + unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F; +} +/* cyrillic */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 500; + font-display: swap; + src: url(UcCo3FwrK3iLTcvmYwYL8g.woff2) format('woff2'); + unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116; +} +/* greek-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 500; + font-display: swap; + src: url(UcCo3FwrK3iLTcvuYwYL8g.woff2) format('woff2'); + unicode-range: U+1F00-1FFF; +} +/* greek */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 500; + font-display: swap; + src: url(UcCo3FwrK3iLTcvhYwYL8g.woff2) format('woff2'); + unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF; +} +/* vietnamese */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 500; + font-display: swap; + src: url(UcCo3FwrK3iLTcvtYwYL8g.woff2) format('woff2'); + unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB; +} +/* latin-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 500; + font-display: swap; + src: url(UcCo3FwrK3iLTcvsYwYL8g.woff2) format('woff2'); + unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF; +} +/* latin */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 500; + font-display: swap; + src: url(UcCo3FwrK3iLTcviYwY.woff2) format('woff2'); + unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD; +} +/* cyrillic-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(UcCo3FwrK3iLTcvvYwYL8g.woff2) format('woff2'); + unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F; +} +/* cyrillic */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(UcCo3FwrK3iLTcvmYwYL8g.woff2) format('woff2'); + unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116; +} +/* greek-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(UcCo3FwrK3iLTcvuYwYL8g.woff2) format('woff2'); + unicode-range: U+1F00-1FFF; +} +/* greek */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(UcCo3FwrK3iLTcvhYwYL8g.woff2) format('woff2'); + unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF; +} +/* vietnamese */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(UcCo3FwrK3iLTcvtYwYL8g.woff2) format('woff2'); + unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB; +} +/* latin-ext */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(UcCo3FwrK3iLTcvsYwYL8g.woff2) format('woff2'); + unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF; +} +/* latin */ +@font-face { + font-family: 'Inter'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(UcCo3FwrK3iLTcviYwY.woff2) format('woff2'); + unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD; +} diff --git a/management-ui/src/components/Layout/Sidebar.tsx b/management-ui/src/components/Layout/Sidebar.tsx index 76f560a..9d2de20 100644 --- a/management-ui/src/components/Layout/Sidebar.tsx +++ b/management-ui/src/components/Layout/Sidebar.tsx @@ -77,7 +77,7 @@ const NAV: NavSection[] = [ }, ] -const VERSION = '1.0.55' +const VERSION = '1.0.56' export default function Sidebar({ isOpen, onClose }: SidebarProps) { const { t } = useTranslation() diff --git a/management-ui/src/styles/enterprise.css b/management-ui/src/styles/enterprise.css index 34b763b..64ce237 100644 --- a/management-ui/src/styles/enterprise.css +++ b/management-ui/src/styles/enterprise.css @@ -1,8 +1,11 @@ /* EdgeGuard — Enterprise Light Theme (übernommen 1:1 aus mail-gateway). */ -/* Inter via Google Fonts CDN. mail-gateway hostet woff2 lokal in - * public/fonts/; EdgeGuard nutzt CDN um keine Font-Binaries zu shippen. */ -@import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap'); +/* Inter lokal gehostet (public/fonts/) — kein Drittland-Transfer zu + * fonts.googleapis.com/fonts.gstatic.com, kein DNS+TLS-Roundtrip auf + * fremde Origins, reproducible builds, offline-Dev. Subsets identisch + * zum Google-CDN-Build (latin, latin-ext, cyrillic, greek, vietnamese; + * Weights 400/500/600/700 + italic-400). */ +@import url('/fonts/inter.css'); /* ── Design tokens ──────────────────────────────────────────────────────────── */ :root {