ca03e69637
Backend: * Migration 0009_networks: network_interfaces (ethernet|vlan|bond| bridge|wireguard, role wan|lan|dmz|mgmt|cluster, parent + vlan_id für VLANs) + ip_addresses (interface_id FK, address+prefix, is_vip + vip_priority für Cluster-Failover-VIPs). * Repos services/networkifs + services/ipaddresses + Models + Handler /api/v1/network-interfaces (CRUD + /:id/ip-addresses) und /api/v1/ip-addresses (CRUD). * /api/v1/system/interfaces refactored auf Go-natives net.Interfaces() statt `ip -j addr show` shell-out — die systemd-Sandbox blockt AF_NETLINK auch für Go's runtime, deswegen edgeguard-api.service RestrictAddressFamilies um AF_NETLINK ergänzt. Output-Shape bleibt identisch (ifindex, ifname, flags[], mtu, link_type, address, addr_info[]) — Frontend muss nicht angepasst werden. Frontend: * Networks-Page (/networks): "System-discovered Interfaces" read-only Tags-Card oben, deklarierte Interfaces unten als Tabelle mit Modal-CRUD; Type-Switch zeigt parent+vlan_id-Felder bei type=vlan; Role-Tags farbig (wan blau, lan grün, dmz orange, mgmt purple, cluster magenta). * IPAddresses-Page (/ip-addresses): Tabelle pro Interface, VIP- Toggle blendet vip_priority-Eingabe ein. Goldenes VIP-Tag in der Liste. * Sidebar erweitert um Networks + IP-Adressen + section-grouping. Design 1:1 von mail-gateway/management-ui/ übernommen: * enterprise.css verbatim (Inter-Font via Google CDN statt local woff2), Sidebar 240px dunkler Gradient #0B1426→#101D33→#0D1829, branding-accent #1677ff für Active-State, abgerundete Cards mit shadow-Token, Header weiß mit subtilem backdrop-filter. * AntD-Theme-Tokens: colorPrimary #0EA5E9, fontSize 13, fontFamily 'Inter', controlHeight 34, borderRadius 6. * Layout-Komponenten neu strukturiert: AppLayout/Sidebar/Header matchen mailguard-Klassen-Naming (.app-layout, .main-content, .sidebar-section, .sidebar-menu-item.active, .header-left, …). * Sidebar mit 4 Sektionen (Übersicht / Routing / Netzwerk / System) + Logo-Header + Versions-Footer. Live-deployed auf 89.163.205.6: Networks-Endpoint listet eth0 (89.163.205.6/24, MAC bc:24:11:64:29:e8) + lo, frontend zeigt sie als System-Tags in der Networks-Page. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
73 lines
3.1 KiB
SQL
73 lines
3.1 KiB
SQL
-- +goose Up
|
|
-- +goose StatementBegin
|
|
|
|
-- Network interfaces declared by the operator. The kernel-side
|
|
-- interfaces (eth0, eth1, ...) appear here via "discovery" — same
|
|
-- name as the OS device. VLAN/bond/bridge interfaces are operator-
|
|
-- created and the runtime renderer (Phase-3) will translate them
|
|
-- into /etc/systemd/network/*.network files.
|
|
--
|
|
-- role drives where the firewall/HAProxy generators expect this
|
|
-- interface to live: 'wan' = public-facing, 'lan' = internal,
|
|
-- 'dmz' = quarantined, 'mgmt' = admin-only, 'cluster' = peer-mTLS.
|
|
CREATE TABLE IF NOT EXISTS network_interfaces (
|
|
id BIGSERIAL PRIMARY KEY,
|
|
name TEXT NOT NULL,
|
|
type TEXT NOT NULL DEFAULT 'ethernet',
|
|
parent TEXT,
|
|
vlan_id INTEGER,
|
|
role TEXT NOT NULL DEFAULT 'lan',
|
|
mtu INTEGER,
|
|
active BOOLEAN NOT NULL DEFAULT TRUE,
|
|
description TEXT,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
CONSTRAINT network_interfaces_name_unique UNIQUE (name),
|
|
CONSTRAINT network_interfaces_type_check CHECK (type IN ('ethernet', 'vlan', 'bond', 'bridge', 'wireguard')),
|
|
CONSTRAINT network_interfaces_role_check CHECK (role IN ('wan', 'lan', 'dmz', 'mgmt', 'cluster')),
|
|
CONSTRAINT network_interfaces_vlan_check CHECK (
|
|
(type = 'vlan' AND vlan_id BETWEEN 1 AND 4094 AND parent IS NOT NULL)
|
|
OR (type <> 'vlan')
|
|
)
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_network_interfaces_role ON network_interfaces (role);
|
|
CREATE INDEX IF NOT EXISTS idx_network_interfaces_active ON network_interfaces (active) WHERE active;
|
|
|
|
-- IP addresses bound to a declared interface.
|
|
--
|
|
-- is_vip flags addresses that should follow the cluster's active
|
|
-- node (Phase-3 floating-IP / VRRP-via-hoster-API logic). vip_priority
|
|
-- gives the failover preference (higher wins); ignored for non-VIP
|
|
-- rows.
|
|
--
|
|
-- The same address can live on the same interface only once
|
|
-- (UNIQUE), but the same address may legitimately appear on
|
|
-- different interfaces (e.g. as anycast endpoint).
|
|
CREATE TABLE IF NOT EXISTS ip_addresses (
|
|
id BIGSERIAL PRIMARY KEY,
|
|
interface_id BIGINT NOT NULL REFERENCES network_interfaces(id) ON DELETE CASCADE,
|
|
address TEXT NOT NULL,
|
|
prefix INTEGER NOT NULL,
|
|
is_vip BOOLEAN NOT NULL DEFAULT FALSE,
|
|
vip_priority INTEGER,
|
|
description TEXT,
|
|
active BOOLEAN NOT NULL DEFAULT TRUE,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
CONSTRAINT ip_addresses_iface_addr_unique UNIQUE (interface_id, address),
|
|
CONSTRAINT ip_addresses_prefix_check CHECK (prefix BETWEEN 0 AND 128)
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_ip_addresses_iface ON ip_addresses (interface_id);
|
|
CREATE INDEX IF NOT EXISTS idx_ip_addresses_vip ON ip_addresses (is_vip) WHERE is_vip;
|
|
CREATE INDEX IF NOT EXISTS idx_ip_addresses_active ON ip_addresses (active) WHERE active;
|
|
|
|
-- +goose StatementEnd
|
|
|
|
-- +goose Down
|
|
-- +goose StatementBegin
|
|
DROP TABLE IF EXISTS ip_addresses;
|
|
DROP TABLE IF EXISTS network_interfaces;
|
|
-- +goose StatementEnd
|