@calltelemetry/cli 0.5.18 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/certs.d.ts +16 -2
- package/dist/lib/certs.d.ts.map +1 -1
- package/dist/lib/certs.js +80 -8
- package/dist/lib/certs.js.map +1 -1
- package/dist/lib/identity.d.ts +38 -0
- package/dist/lib/identity.d.ts.map +1 -0
- package/dist/lib/identity.js +85 -0
- package/dist/lib/identity.js.map +1 -0
- package/dist/lib/prefs.d.ts +4 -0
- package/dist/lib/prefs.d.ts.map +1 -1
- package/dist/lib/prefs.js.map +1 -1
- package/dist/lib/secrets.d.ts +2 -1
- package/dist/lib/secrets.d.ts.map +1 -1
- package/dist/lib/secrets.js +9 -9
- package/dist/lib/secrets.js.map +1 -1
- package/dist/lib/time.d.ts +57 -0
- package/dist/lib/time.d.ts.map +1 -0
- package/dist/lib/time.js +200 -0
- package/dist/lib/time.js.map +1 -0
- package/dist/lib/users.d.ts.map +1 -1
- package/dist/lib/users.js +13 -5
- package/dist/lib/users.js.map +1 -1
- package/dist/lib/version.d.ts +1 -1
- package/dist/lib/version.d.ts.map +1 -1
- package/dist/lib/version.js +1 -1
- package/dist/lib/version.js.map +1 -1
- package/dist/shell/commands/config.d.ts +3 -0
- package/dist/shell/commands/config.d.ts.map +1 -1
- package/dist/shell/commands/config.js +76 -3
- package/dist/shell/commands/config.js.map +1 -1
- package/dist/shell/commands/diag.d.ts.map +1 -1
- package/dist/shell/commands/diag.js +73 -0
- package/dist/shell/commands/diag.js.map +1 -1
- package/dist/shell/commands/registry.d.ts.map +1 -1
- package/dist/shell/commands/registry.js +16 -2
- package/dist/shell/commands/registry.js.map +1 -1
- package/dist/shell/commands/secrets.js +2 -2
- package/dist/shell/commands/secrets.js.map +1 -1
- package/dist/shell/commands/show.js +2 -2
- package/dist/shell/commands/show.js.map +1 -1
- package/dist/shell/network-onboarding.d.ts +40 -10
- package/dist/shell/network-onboarding.d.ts.map +1 -1
- package/dist/shell/network-onboarding.js +638 -177
- package/dist/shell/network-onboarding.js.map +1 -1
- package/dist/ui/views/SecretsSetupView.js +2 -2
- package/dist/ui/views/SecretsSetupView.js.map +1 -1
- package/dist/ui/views/SecretsStatusView.js +1 -1
- package/dist/ui/views/SecretsStatusView.js.map +1 -1
- package/dist/ui/views/SetupWizardView.js +1 -1
- package/dist/ui/views/SetupWizardView.js.map +1 -1
- package/package.json +1 -1
package/dist/lib/certs.d.ts
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
-
export declare function generateSelfSignedCerts(): Promise<void>;
|
|
2
|
-
export declare function resetCerts(): Promise<void>;
|
|
1
|
+
export declare function generateSelfSignedCerts(hostnameOverride?: string, ip?: string): Promise<void>;
|
|
2
|
+
export declare function resetCerts(hostnameOverride?: string, ip?: string): Promise<void>;
|
|
3
|
+
/** Generate a CSR (Certificate Signing Request) for CA signing. Returns CSR PEM string. */
|
|
4
|
+
export declare function generateCsr(hostnameOverride: string): Promise<string>;
|
|
5
|
+
/** Import a CA-signed certificate + key. Validates cert/key match before copying. */
|
|
6
|
+
export declare function importCert(certPath: string, keyPath: string): Promise<{
|
|
7
|
+
ok: boolean;
|
|
8
|
+
error?: string;
|
|
9
|
+
}>;
|
|
10
|
+
/** Get current certificate info (CN, SAN, expiry, issuer). */
|
|
11
|
+
export declare function getCertInfo(): {
|
|
12
|
+
cn: string;
|
|
13
|
+
san: string[];
|
|
14
|
+
expiry: string;
|
|
15
|
+
issuer: string;
|
|
16
|
+
} | null;
|
|
3
17
|
//# sourceMappingURL=certs.d.ts.map
|
package/dist/lib/certs.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../../src/lib/certs.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../../src/lib/certs.ts"],"names":[],"mappings":"AASA,wBAAsB,uBAAuB,CAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BnG;AAED,wBAAsB,UAAU,CAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAQtF;AAED,2FAA2F;AAC3F,wBAAsB,WAAW,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAgB3E;AAED,qFAAqF;AACrF,wBAAsB,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA2B5G;AAED,8DAA8D;AAC9D,wBAAgB,WAAW,IAAI;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAwBlG"}
|
package/dist/lib/certs.js
CHANGED
|
@@ -1,29 +1,101 @@
|
|
|
1
|
-
import { existsSync } from 'node:fs';
|
|
1
|
+
import { existsSync, readFileSync } from 'node:fs';
|
|
2
2
|
import { join } from 'node:path';
|
|
3
|
+
import { execSync } from 'node:child_process';
|
|
4
|
+
import { hostname } from 'node:os';
|
|
3
5
|
import { exec } from './exec.js';
|
|
4
6
|
import { getPaths } from './paths.js';
|
|
5
7
|
import { mkdirSafe } from './fs.js';
|
|
6
|
-
|
|
8
|
+
// Keep backward compat — no-args version uses system hostname
|
|
9
|
+
export async function generateSelfSignedCerts(hostnameOverride, ip) {
|
|
7
10
|
const { certsDir } = getPaths();
|
|
8
11
|
const certFile = join(certsDir, 'appliance.crt');
|
|
9
12
|
const keyFile = join(certsDir, 'appliance_key.pem');
|
|
10
|
-
if (existsSync(certFile) && existsSync(keyFile)) {
|
|
11
|
-
return;
|
|
13
|
+
if (existsSync(certFile) && existsSync(keyFile) && !hostnameOverride) {
|
|
14
|
+
return; // Don't regenerate if certs exist and no hostname override
|
|
12
15
|
}
|
|
13
16
|
await mkdirSafe(certsDir);
|
|
17
|
+
const cn = hostnameOverride || hostname() || 'appliance.calltelemetry.internal';
|
|
18
|
+
// Build SAN extension for IP + hostname
|
|
19
|
+
const sanParts = [`DNS:${cn}`];
|
|
20
|
+
if (ip)
|
|
21
|
+
sanParts.push(`IP:${ip}`);
|
|
22
|
+
const sanExt = `subjectAltName=${sanParts.join(',')}`;
|
|
14
23
|
await exec('openssl', [
|
|
15
|
-
'req', '-x509', '-nodes', '-days', '
|
|
24
|
+
'req', '-x509', '-nodes', '-days', '3650',
|
|
16
25
|
'-newkey', 'rsa:2048',
|
|
17
26
|
'-keyout', keyFile,
|
|
18
27
|
'-out', certFile,
|
|
19
|
-
'-subj',
|
|
28
|
+
'-subj', `/CN=${cn}`,
|
|
29
|
+
'-addext', sanExt,
|
|
20
30
|
]);
|
|
21
31
|
}
|
|
22
|
-
export async function resetCerts() {
|
|
32
|
+
export async function resetCerts(hostnameOverride, ip) {
|
|
23
33
|
const { certsDir } = getPaths();
|
|
24
34
|
if (existsSync(certsDir)) {
|
|
25
35
|
await exec('sudo', ['rm', '-rf', certsDir]);
|
|
26
36
|
}
|
|
27
|
-
await generateSelfSignedCerts();
|
|
37
|
+
await generateSelfSignedCerts(hostnameOverride, ip);
|
|
38
|
+
}
|
|
39
|
+
/** Generate a CSR (Certificate Signing Request) for CA signing. Returns CSR PEM string. */
|
|
40
|
+
export async function generateCsr(hostnameOverride) {
|
|
41
|
+
const { certsDir } = getPaths();
|
|
42
|
+
await mkdirSafe(certsDir);
|
|
43
|
+
const csrFile = join(certsDir, 'appliance.csr');
|
|
44
|
+
const keyFile = join(certsDir, 'appliance_csr_key.pem');
|
|
45
|
+
await exec('openssl', [
|
|
46
|
+
'req', '-new', '-nodes',
|
|
47
|
+
'-newkey', 'rsa:2048',
|
|
48
|
+
'-keyout', keyFile,
|
|
49
|
+
'-out', csrFile,
|
|
50
|
+
'-subj', `/CN=${hostnameOverride}`,
|
|
51
|
+
]);
|
|
52
|
+
return readFileSync(csrFile, 'utf-8');
|
|
53
|
+
}
|
|
54
|
+
/** Import a CA-signed certificate + key. Validates cert/key match before copying. */
|
|
55
|
+
export async function importCert(certPath, keyPath) {
|
|
56
|
+
if (!existsSync(certPath))
|
|
57
|
+
return { ok: false, error: `Certificate file not found: ${certPath}` };
|
|
58
|
+
if (!existsSync(keyPath))
|
|
59
|
+
return { ok: false, error: `Key file not found: ${keyPath}` };
|
|
60
|
+
// Verify cert and key match by comparing modulus
|
|
61
|
+
try {
|
|
62
|
+
const certMod = execSync(`openssl x509 -noout -modulus -in "${certPath}"`, { encoding: 'utf-8' }).trim();
|
|
63
|
+
const keyMod = execSync(`openssl rsa -noout -modulus -in "${keyPath}"`, { encoding: 'utf-8' }).trim();
|
|
64
|
+
if (certMod !== keyMod) {
|
|
65
|
+
return { ok: false, error: 'Certificate and key do not match (modulus mismatch)' };
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
catch {
|
|
69
|
+
return { ok: false, error: 'Failed to verify certificate/key pair — check PEM format' };
|
|
70
|
+
}
|
|
71
|
+
const { certsDir } = getPaths();
|
|
72
|
+
await mkdirSafe(certsDir);
|
|
73
|
+
const destCert = join(certsDir, 'appliance.crt');
|
|
74
|
+
const destKey = join(certsDir, 'appliance_key.pem');
|
|
75
|
+
await exec('sudo', ['cp', certPath, destCert]);
|
|
76
|
+
await exec('sudo', ['cp', keyPath, destKey]);
|
|
77
|
+
await exec('sudo', ['chmod', '644', destCert]);
|
|
78
|
+
await exec('sudo', ['chmod', '600', destKey]);
|
|
79
|
+
return { ok: true };
|
|
80
|
+
}
|
|
81
|
+
/** Get current certificate info (CN, SAN, expiry, issuer). */
|
|
82
|
+
export function getCertInfo() {
|
|
83
|
+
const { certsDir } = getPaths();
|
|
84
|
+
const certFile = join(certsDir, 'appliance.crt');
|
|
85
|
+
if (!existsSync(certFile))
|
|
86
|
+
return null;
|
|
87
|
+
try {
|
|
88
|
+
const text = execSync(`openssl x509 -in "${certFile}" -noout -subject -enddate -issuer -ext subjectAltName`, { encoding: 'utf-8' });
|
|
89
|
+
const cn = text.match(/subject=.*?CN\s*=\s*([^\n/]+)/)?.[1]?.trim() ?? 'unknown';
|
|
90
|
+
const expiry = text.match(/notAfter=(.+)/)?.[1]?.trim() ?? 'unknown';
|
|
91
|
+
const issuer = text.match(/issuer=.*?CN\s*=\s*([^\n/]+)/)?.[1]?.trim() ?? 'unknown';
|
|
92
|
+
const sanMatch = text.match(/DNS:([^\s,]+)/g) ?? [];
|
|
93
|
+
const ipMatch = text.match(/IP Address:([^\s,]+)/g) ?? [];
|
|
94
|
+
const san = [...sanMatch, ...ipMatch].map(s => s.replace(/^(DNS:|IP Address:)/, ''));
|
|
95
|
+
return { cn, san, expiry, issuer };
|
|
96
|
+
}
|
|
97
|
+
catch {
|
|
98
|
+
return null;
|
|
99
|
+
}
|
|
28
100
|
}
|
|
29
101
|
//# sourceMappingURL=certs.js.map
|
package/dist/lib/certs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certs.js","sourceRoot":"","sources":["../../src/lib/certs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"certs.js","sourceRoot":"","sources":["../../src/lib/certs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEpC,8DAA8D;AAC9D,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,gBAAyB,EAAE,EAAW;IAClF,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;IAEpD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrE,OAAO,CAAC,2DAA2D;IACrE,CAAC;IAED,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE1B,MAAM,EAAE,GAAG,gBAAgB,IAAI,QAAQ,EAAE,IAAI,kCAAkC,CAAC;IAEhF,wCAAwC;IACxC,MAAM,QAAQ,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC/B,IAAI,EAAE;QAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,kBAAkB,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IAEtD,MAAM,IAAI,CAAC,SAAS,EAAE;QACpB,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM;QACzC,SAAS,EAAE,UAAU;QACrB,SAAS,EAAE,OAAO;QAClB,MAAM,EAAE,QAAQ;QAChB,OAAO,EAAE,OAAO,EAAE,EAAE;QACpB,SAAS,EAAE,MAAM;KAClB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,gBAAyB,EAAE,EAAW;IACrE,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;IAEhC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,uBAAuB,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;AACtD,CAAC;AAED,2FAA2F;AAC3F,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,gBAAwB;IACxD,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;IAChC,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE1B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IAExD,MAAM,IAAI,CAAC,SAAS,EAAE;QACpB,KAAK,EAAE,MAAM,EAAE,QAAQ;QACvB,SAAS,EAAE,UAAU;QACrB,SAAS,EAAE,OAAO;QAClB,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,OAAO,gBAAgB,EAAE;KACnC,CAAC,CAAC;IAEH,OAAO,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,qFAAqF;AACrF,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,OAAe;IAChE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,QAAQ,EAAE,EAAE,CAAC;IAClG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,OAAO,EAAE,EAAE,CAAC;IAExF,iDAAiD;IACjD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,QAAQ,CAAC,qCAAqC,QAAQ,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACzG,MAAM,MAAM,GAAG,QAAQ,CAAC,oCAAoC,OAAO,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACtG,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qDAAqD,EAAE,CAAC;QACrF,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,0DAA0D,EAAE,CAAC;IAC1F,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;IAChC,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE1B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;IAEpD,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC/C,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7C,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC/C,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAE9C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,WAAW;IACzB,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAEjD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,QAAQ,CACnB,qBAAqB,QAAQ,wDAAwD,EACrF,EAAE,QAAQ,EAAE,OAAO,EAAE,CACtB,CAAC;QAEF,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;QACjF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;QACrE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;QAEpF,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC,CAAC;QAErF,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Hostname, admin password, and system identity helpers.
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Get the current static hostname via hostnamectl.
|
|
6
|
+
* Falls back to 'ct-appliance' on error.
|
|
7
|
+
*/
|
|
8
|
+
export declare function getHostname(): string;
|
|
9
|
+
/**
|
|
10
|
+
* Validate a hostname per RFC 1123.
|
|
11
|
+
* Alphanumeric + hyphens, 1-63 chars, no leading/trailing hyphen, no dots.
|
|
12
|
+
*/
|
|
13
|
+
export declare function isValidHostname(h: string): boolean;
|
|
14
|
+
/**
|
|
15
|
+
* Build a fully qualified domain name from hostname and search domain.
|
|
16
|
+
* Returns just the hostname if the domain is empty.
|
|
17
|
+
*/
|
|
18
|
+
export declare function buildFqdn(hostname: string, searchDomain: string): string;
|
|
19
|
+
/**
|
|
20
|
+
* Apply a hostname to the system via hostnamectl.
|
|
21
|
+
* Returns true if the command succeeds.
|
|
22
|
+
*/
|
|
23
|
+
export declare function applyHostname(h: string): boolean;
|
|
24
|
+
/**
|
|
25
|
+
* Validate password strength.
|
|
26
|
+
* Requires minimum 12 characters, uppercase, lowercase, and digit.
|
|
27
|
+
*/
|
|
28
|
+
export declare function isStrongPassword(pw: string): {
|
|
29
|
+
valid: boolean;
|
|
30
|
+
reason?: string;
|
|
31
|
+
};
|
|
32
|
+
/**
|
|
33
|
+
* Apply a new admin (root) password via chpasswd.
|
|
34
|
+
* IMPORTANT: never log the password.
|
|
35
|
+
* Returns true if the command succeeds.
|
|
36
|
+
*/
|
|
37
|
+
export declare function applyAdminPassword(pw: string): boolean;
|
|
38
|
+
//# sourceMappingURL=identity.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/lib/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;;GAGG;AACH,wBAAgB,WAAW,IAAI,MAAM,CAMpC;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAElD;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAKxE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAShD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAchF;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAUtD"}
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Hostname, admin password, and system identity helpers.
|
|
3
|
+
*/
|
|
4
|
+
import { execSync, spawnSync } from 'node:child_process';
|
|
5
|
+
/**
|
|
6
|
+
* Get the current static hostname via hostnamectl.
|
|
7
|
+
* Falls back to 'ct-appliance' on error.
|
|
8
|
+
*/
|
|
9
|
+
export function getHostname() {
|
|
10
|
+
try {
|
|
11
|
+
return execSync('hostnamectl --static', { encoding: 'utf-8' }).trim();
|
|
12
|
+
}
|
|
13
|
+
catch {
|
|
14
|
+
return 'ct-appliance';
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Validate a hostname per RFC 1123.
|
|
19
|
+
* Alphanumeric + hyphens, 1-63 chars, no leading/trailing hyphen, no dots.
|
|
20
|
+
*/
|
|
21
|
+
export function isValidHostname(h) {
|
|
22
|
+
return /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?$/.test(h);
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Build a fully qualified domain name from hostname and search domain.
|
|
26
|
+
* Returns just the hostname if the domain is empty.
|
|
27
|
+
*/
|
|
28
|
+
export function buildFqdn(hostname, searchDomain) {
|
|
29
|
+
if (searchDomain && searchDomain.trim().length > 0) {
|
|
30
|
+
return `${hostname}.${searchDomain.trim()}`;
|
|
31
|
+
}
|
|
32
|
+
return hostname;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Apply a hostname to the system via hostnamectl.
|
|
36
|
+
* Returns true if the command succeeds.
|
|
37
|
+
*/
|
|
38
|
+
export function applyHostname(h) {
|
|
39
|
+
try {
|
|
40
|
+
const result = spawnSync('sudo', ['hostnamectl', 'set-hostname', h], {
|
|
41
|
+
stdio: 'pipe',
|
|
42
|
+
});
|
|
43
|
+
return result.status === 0;
|
|
44
|
+
}
|
|
45
|
+
catch {
|
|
46
|
+
return false;
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Validate password strength.
|
|
51
|
+
* Requires minimum 12 characters, uppercase, lowercase, and digit.
|
|
52
|
+
*/
|
|
53
|
+
export function isStrongPassword(pw) {
|
|
54
|
+
if (pw.length < 12) {
|
|
55
|
+
return { valid: false, reason: 'Too short (min 12 characters)' };
|
|
56
|
+
}
|
|
57
|
+
if (!/[A-Z]/.test(pw)) {
|
|
58
|
+
return { valid: false, reason: 'Must contain at least one uppercase letter' };
|
|
59
|
+
}
|
|
60
|
+
if (!/[a-z]/.test(pw)) {
|
|
61
|
+
return { valid: false, reason: 'Must contain at least one lowercase letter' };
|
|
62
|
+
}
|
|
63
|
+
if (!/[0-9]/.test(pw)) {
|
|
64
|
+
return { valid: false, reason: 'Must contain at least one digit' };
|
|
65
|
+
}
|
|
66
|
+
return { valid: true };
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Apply a new admin (root) password via chpasswd.
|
|
70
|
+
* IMPORTANT: never log the password.
|
|
71
|
+
* Returns true if the command succeeds.
|
|
72
|
+
*/
|
|
73
|
+
export function applyAdminPassword(pw) {
|
|
74
|
+
try {
|
|
75
|
+
const result = spawnSync('sudo', ['chpasswd'], {
|
|
76
|
+
input: `root:${pw}`,
|
|
77
|
+
stdio: 'pipe',
|
|
78
|
+
});
|
|
79
|
+
return result.status === 0;
|
|
80
|
+
}
|
|
81
|
+
catch {
|
|
82
|
+
return false;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
//# sourceMappingURL=identity.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/lib/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAEzD;;;GAGG;AACH,MAAM,UAAU,WAAW;IACzB,IAAI,CAAC;QACH,OAAO,QAAQ,CAAC,sBAAsB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,cAAc,CAAC;IACxB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,CAAS;IACvC,OAAO,+CAA+C,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,YAAoB;IAC9D,IAAI,YAAY,IAAI,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnD,OAAO,GAAG,QAAQ,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,CAAS;IACrC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE;YACnE,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,EAAU;IACzC,IAAI,EAAE,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACnB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;IAChF,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;IAChF,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC;IACrE,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,EAAU;IAC3C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,EAAE;YAC7C,KAAK,EAAE,QAAQ,EAAE,EAAE;YACnB,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
package/dist/lib/prefs.d.ts
CHANGED
|
@@ -6,6 +6,10 @@ export interface Preferences {
|
|
|
6
6
|
deploymentMode: 'docker-compose' | 'k3s';
|
|
7
7
|
k8sNamespace: string;
|
|
8
8
|
k8sEnvironment: 'ct-dev' | 'ct-prod' | 'ct-test';
|
|
9
|
+
timezone?: string;
|
|
10
|
+
ntpServers?: string[];
|
|
11
|
+
hostname?: string;
|
|
12
|
+
location?: string;
|
|
9
13
|
}
|
|
10
14
|
/**
|
|
11
15
|
* Load preferences from ~/.ct/preferences.json.
|
package/dist/lib/prefs.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prefs.d.ts","sourceRoot":"","sources":["../../src/lib/prefs.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,cAAc,EAAE,gBAAgB,GAAG,KAAK,CAAC;IACzC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"prefs.d.ts","sourceRoot":"","sources":["../../src/lib/prefs.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,cAAc,EAAE,gBAAgB,GAAG,KAAK,CAAC;IACzC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IACjD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAeD;;;GAGG;AACH,wBAAgB,SAAS,IAAI,WAAW,GAAG,IAAI,CAU9C;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI,CAQlD;AAED;;GAEG;AACH,wBAAgB,QAAQ,IAAI,WAAW,CAEtC"}
|
package/dist/lib/prefs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prefs.js","sourceRoot":"","sources":["../../src/lib/prefs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"prefs.js","sourceRoot":"","sources":["../../src/lib/prefs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAgBjC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC;AACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;AAEvD,MAAM,QAAQ,GAAgB;IAC5B,UAAU,EAAE,KAAK;IACjB,IAAI,EAAE,KAAK;IACX,IAAI,EAAE,KAAK;IACX,KAAK,EAAE,KAAK;IACZ,cAAc,EAAE,gBAAgB;IAChC,YAAY,EAAE,IAAI;IAClB,cAAc,EAAE,QAAQ;CACzB,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QACzC,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,OAAO,EAAE,GAAG,QAAQ,EAAE,GAAG,MAAM,EAAE,CAAC;IACpC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,KAAK,CAAC,+BAA+B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,KAAkB;IAC1C,IAAI,CAAC;QACH,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1E,KAAK,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,KAAK,CAAC,+BAA+B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ;IACtB,OAAO,SAAS,EAAE,IAAI,QAAQ,CAAC;AACjC,CAAC"}
|
package/dist/lib/secrets.d.ts
CHANGED
|
@@ -2,7 +2,8 @@ export interface SecretDef {
|
|
|
2
2
|
key: string;
|
|
3
3
|
label: string;
|
|
4
4
|
group: 'PostgreSQL' | 'NATS' | 'S3 Storage';
|
|
5
|
-
|
|
5
|
+
/** Default value for non-sensitive config. Omit for sensitive secrets to force generation. */
|
|
6
|
+
defaultValue?: string;
|
|
6
7
|
sensitive: boolean;
|
|
7
8
|
required: boolean;
|
|
8
9
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/lib/secrets.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,YAAY,GAAG,MAAM,GAAG,YAAY,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/lib/secrets.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,YAAY,GAAG,MAAM,GAAG,YAAY,CAAC;IAC5C,8FAA8F;IAC9F,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,eAAO,MAAM,cAAc,EAAE,SAAS,EAOrC,CAAC;AAEF,eAAO,MAAM,aAAa,+CAAgD,CAAC;AAC3E,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,wBAAgB,cAAc,IAAI,MAAM,CAEvC;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAwBpE;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CA4BnD;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAMtC;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,MAAM,CAGvC;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAkChF;AAED;;GAEG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC,CAmBzD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,SAAK,GAAG,MAAM,CAEpD;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAQxE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMjF"}
|
package/dist/lib/secrets.js
CHANGED
|
@@ -5,12 +5,12 @@ import { getPaths } from './paths.js';
|
|
|
5
5
|
import { writeFileSafe } from './fs.js';
|
|
6
6
|
import { composeExec, compose } from './compose.js';
|
|
7
7
|
export const SECRET_CATALOG = [
|
|
8
|
-
{ key: 'POSTGRES_PASSWORD', label: 'PostgreSQL Password', group: 'PostgreSQL',
|
|
8
|
+
{ key: 'POSTGRES_PASSWORD', label: 'PostgreSQL Password', group: 'PostgreSQL', sensitive: true, required: true },
|
|
9
9
|
{ key: 'POSTGRES_USER', label: 'PostgreSQL User', group: 'PostgreSQL', defaultValue: 'calltelemetry', sensitive: false, required: true },
|
|
10
10
|
{ key: 'POSTGRES_DB', label: 'PostgreSQL Database', group: 'PostgreSQL', defaultValue: 'calltelemetry_prod', sensitive: false, required: true },
|
|
11
|
-
{ key: 'NATS_PASSWORD', label: 'NATS Password', group: 'NATS',
|
|
11
|
+
{ key: 'NATS_PASSWORD', label: 'NATS Password', group: 'NATS', sensitive: true, required: false },
|
|
12
12
|
{ key: 'S3_ROOT_USER', label: 'S3 Root User', group: 'S3 Storage', defaultValue: 'minioadmin', sensitive: false, required: false },
|
|
13
|
-
{ key: 'S3_ROOT_PASSWORD', label: 'S3 Root Password', group: 'S3 Storage',
|
|
13
|
+
{ key: 'S3_ROOT_PASSWORD', label: 'S3 Root Password', group: 'S3 Storage', sensitive: true, required: false },
|
|
14
14
|
];
|
|
15
15
|
export const SECRET_GROUPS = ['PostgreSQL', 'NATS', 'S3 Storage'];
|
|
16
16
|
export function getEnvFilePath() {
|
|
@@ -48,9 +48,9 @@ export function parseEnvFile(content) {
|
|
|
48
48
|
*/
|
|
49
49
|
export function getSecrets() {
|
|
50
50
|
const secrets = {};
|
|
51
|
-
// 1. Start with defaults
|
|
51
|
+
// 1. Start with defaults (sensitive secrets without defaults get empty string)
|
|
52
52
|
for (const def of SECRET_CATALOG) {
|
|
53
|
-
secrets[def.key] = def.defaultValue;
|
|
53
|
+
secrets[def.key] = def.defaultValue ?? '';
|
|
54
54
|
}
|
|
55
55
|
// 2. Load .env file (if exists)
|
|
56
56
|
const envPath = getEnvFilePath();
|
|
@@ -87,7 +87,7 @@ export function isCustomized() {
|
|
|
87
87
|
*/
|
|
88
88
|
export function countOverrides() {
|
|
89
89
|
const secrets = getSecrets();
|
|
90
|
-
return SECRET_CATALOG.filter(def => secrets[def.key] !== def.defaultValue).length;
|
|
90
|
+
return SECRET_CATALOG.filter(def => secrets[def.key] !== (def.defaultValue ?? '')).length;
|
|
91
91
|
}
|
|
92
92
|
/**
|
|
93
93
|
* Write secrets to .env file with 0600 permissions.
|
|
@@ -108,7 +108,7 @@ export async function writeEnvFile(values) {
|
|
|
108
108
|
'',
|
|
109
109
|
];
|
|
110
110
|
for (const def of SECRET_CATALOG) {
|
|
111
|
-
const value = values[def.key] ?? def.defaultValue;
|
|
111
|
+
const value = values[def.key] ?? def.defaultValue ?? '';
|
|
112
112
|
if (value) {
|
|
113
113
|
lines.push(`${def.key}=${value}`);
|
|
114
114
|
}
|
|
@@ -133,7 +133,7 @@ export async function writeSecretsOverlay() {
|
|
|
133
133
|
services:
|
|
134
134
|
db:
|
|
135
135
|
environment:
|
|
136
|
-
POSTGRES_PASSWORD: \${POSTGRES_PASSWORD
|
|
136
|
+
POSTGRES_PASSWORD: \${POSTGRES_PASSWORD}
|
|
137
137
|
POSTGRES_USER: \${POSTGRES_USER:-calltelemetry}
|
|
138
138
|
POSTGRES_DB: \${POSTGRES_DB:-calltelemetry_prod}
|
|
139
139
|
nats:
|
|
@@ -142,7 +142,7 @@ services:
|
|
|
142
142
|
seaweedfs:
|
|
143
143
|
environment:
|
|
144
144
|
S3_ROOT_USER: \${S3_ROOT_USER:-minioadmin}
|
|
145
|
-
S3_ROOT_PASSWORD: \${S3_ROOT_PASSWORD
|
|
145
|
+
S3_ROOT_PASSWORD: \${S3_ROOT_PASSWORD}
|
|
146
146
|
`;
|
|
147
147
|
await writeFileSafe(secretsOverlayFile, content);
|
|
148
148
|
}
|
package/dist/lib/secrets.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/lib/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/lib/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAYpD,MAAM,CAAC,MAAM,cAAc,GAAgB;IACzC,EAAE,GAAG,EAAE,mBAAmB,EAAE,KAAK,EAAE,qBAAqB,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;IAChH,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,EAAE,iBAAiB,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE;IACxI,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,EAAE,qBAAqB,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,oBAAoB,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC/I,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE;IACjG,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE;IAClI,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE;CAC9G,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,YAAY,EAAE,MAAM,EAAE,YAAY,CAAU,CAAC;AAG3E,MAAM,UAAU,cAAc;IAC5B,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,OAAe;IAC1C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAE5C,kCAAkC;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEnE,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,SAAS;QAE3B,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE7C,wBAAwB;QACxB,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACnD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,IAAI,GAAG;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAC/B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,+EAA+E;IAC/E,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IAC5C,CAAC;IAED,gCAAgC;IAChC,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QACrC,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;YACjC,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBAClC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACrC,OAAO,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,OAAO,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;AAC5F,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAA8B;IAC/D,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IAEjC,+CAA+C;IAC/C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,IAAI,SAAS,GAAuB,EAAE,CAAC;IACvC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAC9D,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,KAAK,GAAG;QACZ,yDAAyD;QACzD,mBAAmB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC7C,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;QACxD,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,MAAM,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,EAAE,kBAAkB,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAG;;;;;;;;;;;;;;;CAejB,CAAC;IACA,MAAM,aAAa,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAM,GAAG,EAAE;IAC1C,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AACpE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,WAAmB;IACvD,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC;IACnC,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAChD,MAAM,WAAW,CAAC,IAAI,EAAE;QACtB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW;QAC7C,IAAI,EAAE,cAAc,IAAI,cAAc,OAAO,IAAI;KAClD,EAAE,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,WAAmB;IAChE,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,OAAO,CAAC,gBAAgB,GAAG,WAAW,CAAC;IACvC,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC5B,MAAM,mBAAmB,EAAE,CAAC;IAC5B,MAAM,OAAO,CAAC,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC;AAC1C,CAAC"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Timezone and NTP system helpers using timedatectl and systemd-timesyncd.
|
|
3
|
+
*/
|
|
4
|
+
export interface TimezoneEntry {
|
|
5
|
+
value: string;
|
|
6
|
+
label: string;
|
|
7
|
+
offset: string;
|
|
8
|
+
note?: string;
|
|
9
|
+
}
|
|
10
|
+
export interface TimezoneRegion {
|
|
11
|
+
name: string;
|
|
12
|
+
zones: TimezoneEntry[];
|
|
13
|
+
}
|
|
14
|
+
export declare const TIMEZONE_REGIONS: TimezoneRegion[];
|
|
15
|
+
export declare const DEFAULT_NTP: string[];
|
|
16
|
+
/**
|
|
17
|
+
* Get the current system timezone via timedatectl.
|
|
18
|
+
* Falls back to 'UTC' on error.
|
|
19
|
+
*/
|
|
20
|
+
export declare function getSystemTimezone(): string;
|
|
21
|
+
/**
|
|
22
|
+
* Search available timezones by query string.
|
|
23
|
+
* Returns up to 10 matches with label/offset metadata when available.
|
|
24
|
+
*/
|
|
25
|
+
export declare function searchTimezones(query: string): TimezoneEntry[];
|
|
26
|
+
/**
|
|
27
|
+
* Check if a timezone string is valid according to the system.
|
|
28
|
+
*/
|
|
29
|
+
export declare function isValidTimezone(tz: string): boolean;
|
|
30
|
+
/**
|
|
31
|
+
* Apply a timezone to the system via timedatectl.
|
|
32
|
+
* Returns true if the command succeeds.
|
|
33
|
+
*/
|
|
34
|
+
export declare function applyTimezone(tz: string): boolean;
|
|
35
|
+
/**
|
|
36
|
+
* Compute the current UTC offset for a given IANA timezone.
|
|
37
|
+
* Returns a string like 'UTC-6' or 'UTC+9'.
|
|
38
|
+
*/
|
|
39
|
+
export declare function getUtcOffset(tz: string): string;
|
|
40
|
+
/**
|
|
41
|
+
* Get NTP synchronization status from timedatectl.
|
|
42
|
+
*/
|
|
43
|
+
export declare function getNtpSyncStatus(): {
|
|
44
|
+
synced: boolean;
|
|
45
|
+
server?: string;
|
|
46
|
+
};
|
|
47
|
+
/**
|
|
48
|
+
* Apply custom NTP servers by writing a timesyncd drop-in config
|
|
49
|
+
* and restarting the service.
|
|
50
|
+
* Returns true if both the write and restart succeed.
|
|
51
|
+
*/
|
|
52
|
+
export declare function applyNtpServers(server1: string, server2?: string): boolean;
|
|
53
|
+
/**
|
|
54
|
+
* Check if NTP is currently synchronized.
|
|
55
|
+
*/
|
|
56
|
+
export declare function checkNtpSync(): boolean;
|
|
57
|
+
//# sourceMappingURL=time.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"time.d.ts","sourceRoot":"","sources":["../../src/lib/time.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,aAAa,EAAE,CAAC;CACxB;AAED,eAAO,MAAM,gBAAgB,EAAE,cAAc,EA4C5C,CAAC;AAEF,eAAO,MAAM,WAAW,UAAuC,CAAC;AAKhE;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAQ1C;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,EAAE,CAoB9D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAQnD;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CASjD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAgB/C;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAkBvE;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CA0B1E;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAEtC"}
|