feat(configgen): Phase 2 Config-Generator + nginx → HAProxy-only Pivot

Architektur-Pivot: nginx fällt komplett weg. HAProxy 2.8+ übernimmt TLS-Termination, L7-Routing per Host-Header und LB. ACME-Webroot und Management-UI werden von edgeguard-api ausgeliefert (Phase 3 implementiert die zugehörigen Handler); HAProxy proxied /.well-known/acme-challenge/* und Management-FQDN-Traffic an 127.0.0.1:9443. Eine Distro-Abhängigkeit weniger, ein Renderer weniger, sauberere Trennung. Renderer (alle mit Embed-Templates + Tests): * internal/configgen/ — atomic write + systemctl reload helpers * internal/haproxy/ — :80 + :443, ACME-ACL, Host-Header-Routing, Stats-Frontend, api_backend Fallback * internal/firewall/ — default-deny input, stateful baseline, SSH-Rate-Limit, :80/:443 accept, Cluster-Peer-Set für mTLS :8443, Custom-Rules aus PG * internal/{squid,wireguard,unbound}/ — Stubs (ErrNotImplemented) Orchestrator + CLI: * internal/services/configorch/ — fester Reihenfolge-Run, Stubs sind soft-skip statt fatal * cmd/edgeguard-ctl render-config [--no-reload] [--only=svc1,svc2] Packaging: * postinst: /etc/edgeguard/nginx raus, /var/lib/edgeguard/acme rein, self-signed _default.pem via openssl req (damit HAProxy startet bevor certbot etwas issuet hat) * control: Depends nginx raus, openssl rein * edgeguard-ui: dependency auf nginx weg, "Served by edgeguard-api gin StaticFS" Live-Smoke: render-config gegen lokale PG schreibt /etc/edgeguard/ haproxy/haproxy.cfg + nftables.d/ruleset.nft korrekt; CRUD-Test aus Phase 2 läuft weiter unverändert. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-09 10:59:52 +02:00
parent 0a6f81beaa
commit 914538eed1
26 changed files with 1002 additions and 44 deletions
--- a/internal/configgen/configgen_test.go
+++ b/internal/configgen/configgen_test.go
@@ -0,0 +1,63 @@
+package configgen
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestAtomicWrite_CreatesAndChmods(t *testing.T) {
+	dir := t.TempDir()
+	target := filepath.Join(dir, "sub", "out.conf")
+	data := []byte("hello config\n")
+	if err := AtomicWrite(target, data, 0o644); err != nil {
+		t.Fatalf("AtomicWrite: %v", err)
+	}
+	got, err := os.ReadFile(target)
+	if err != nil {
+		t.Fatalf("read back: %v", err)
+	}
+	if string(got) != string(data) {
+		t.Errorf("content mismatch: %q", got)
+	}
+	st, err := os.Stat(target)
+	if err != nil {
+		t.Fatalf("stat: %v", err)
+	}
+	if st.Mode().Perm() != 0o644 {
+		t.Errorf("mode: %v", st.Mode().Perm())
+	}
+}
+
+func TestAtomicWrite_OverwritesExisting(t *testing.T) {
+	dir := t.TempDir()
+	target := filepath.Join(dir, "out.conf")
+	if err := os.WriteFile(target, []byte("old\n"), 0o600); err != nil {
+		t.Fatalf("seed: %v", err)
+	}
+	if err := AtomicWrite(target, []byte("new\n"), 0o640); err != nil {
+		t.Fatalf("AtomicWrite: %v", err)
+	}
+	got, _ := os.ReadFile(target)
+	if string(got) != "new\n" {
+		t.Errorf("expected 'new\\n', got %q", got)
+	}
+	st, _ := os.Stat(target)
+	if st.Mode().Perm() != 0o640 {
+		t.Errorf("mode: %v", st.Mode().Perm())
+	}
+}
+
+func TestAtomicWrite_NoTempLeak(t *testing.T) {
+	dir := t.TempDir()
+	target := filepath.Join(dir, "out.conf")
+	if err := AtomicWrite(target, []byte("x"), 0o644); err != nil {
+		t.Fatalf("AtomicWrite: %v", err)
+	}
+	entries, _ := os.ReadDir(dir)
+	for _, e := range entries {
+		if e.Name() != "out.conf" {
+			t.Errorf("unexpected leftover: %s", e.Name())
+		}
+	}
+}