b307a7b1f7
Initialer Schema-Set (8 Migrationen, 13 Tabellen) für EdgeGuard v1: users + audit_log + system_settings, ha_nodes, backends/domains/ routing_rules/tls_certs, forward_proxy_acls, wireguard_peers, firewall_rules, dns_zones/dns_records, licenses. Migrations liegen in internal/database/migrations/ (analog mail-gateway) und werden per //go:embed ins Binary gepackt — keine separate SQL-Dateien im .deb. ValidateMigrations + Test schützen vor Duplicate-Versionen (mail-gateway 2026-05-08-Vorfall). GORM-Models für alle Tabellen, sensible Felder (password_hash, private_key_enc) sind json:"-". Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
36 lines
1.2 KiB
SQL
36 lines
1.2 KiB
SQL
-- +goose Up
|
|
-- +goose StatementBegin
|
|
|
|
-- Cluster peers. Populated by edgeguard-ctl cluster-join. Used by:
|
|
-- * internal/proxy → resolve current PG primary URL (also via KeyDB)
|
|
-- * internal/aggregator → fan-out reads to peer APIs
|
|
-- * internal/unbound → generate eg.cluster local-zone records
|
|
-- * internal/firewall → open peer-internal ports per IP
|
|
--
|
|
-- id is a stable UUID (not BIGSERIAL) so a node keeps its identity
|
|
-- across re-joins / re-images. fqdn is the externally addressable
|
|
-- name; api_url is its 9443 endpoint via mTLS.
|
|
CREATE TABLE IF NOT EXISTS ha_nodes (
|
|
id TEXT PRIMARY KEY,
|
|
name TEXT NOT NULL,
|
|
fqdn TEXT NOT NULL,
|
|
api_url TEXT NOT NULL,
|
|
public_ip INET,
|
|
internal_ip INET,
|
|
role TEXT NOT NULL DEFAULT 'peer',
|
|
last_seen TIMESTAMPTZ,
|
|
joined_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
CONSTRAINT ha_nodes_fqdn_unique UNIQUE (fqdn)
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_ha_nodes_last_seen ON ha_nodes (last_seen DESC);
|
|
|
|
-- +goose StatementEnd
|
|
|
|
-- +goose Down
|
|
-- +goose StatementBegin
|
|
DROP TABLE IF EXISTS ha_nodes;
|
|
-- +goose StatementEnd
|