2026-06-22 16:06:57 +02:00
|
|
|
package networking
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"sync"
|
|
|
|
|
|
|
|
|
|
"nadir/internal/rbac"
|
|
|
|
|
|
|
|
|
|
"github.com/danielgtaylor/huma/v2"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const ModuleID = "networking"
|
|
|
|
|
|
|
|
|
|
type Module struct {
|
|
|
|
|
// be is the detected network backend (nmcli / networkd / ifupdown). nil when
|
|
|
|
|
// none was found: reads still work (they go through `ip`), writes return 501.
|
|
|
|
|
be backend
|
|
|
|
|
// pending holds the single in-flight change awaiting confirmation, for the
|
|
|
|
|
// timed auto-rollback. See rollback.go.
|
|
|
|
|
pending *pendingChange
|
|
|
|
|
mu sync.Mutex
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// New detects the host's network backend once at startup.
|
|
|
|
|
func New() *Module { return &Module{be: detect()} }
|
|
|
|
|
|
|
|
|
|
func (m *Module) ID() string { return ModuleID }
|
|
|
|
|
|
|
|
|
|
// Permissions: read to inspect interfaces/routes/DNS; write to reconfigure them
|
|
|
|
|
// (apply config, bring links up/down, confirm a pending change).
|
|
|
|
|
func (m *Module) Permissions() []rbac.Permission {
|
|
|
|
|
return []rbac.Permission{rbac.Read, rbac.Write}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *Module) Register(api huma.API) {
|
2026-06-23 17:16:01 +02:00
|
|
|
registerReads(api, m)
|
2026-06-22 16:06:57 +02:00
|
|
|
registerWrites(api, m)
|
|
|
|
|
registerHosts(api)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func op(permission string) map[string]any {
|
|
|
|
|
return map[string]any{"module": ModuleID, "permission": permission}
|
|
|
|
|
}
|
