refactor: standardize component names for certificates and DNS

- Rename service names to component names: - postgres -> tables - minio -> drive - redis -> cache - qdrant -> vectordb - mail -> email - Update bootstrap certificate generation with new hostnames - Update CoreDNS zone file with component-based DNS entries - Update CA service certificates to use component names - Update CA directory creation to use component names All certificates include 127.0.0.1 as SAN for IP-based mTLS access
2025-12-07 10:42:02 -03:00 · 2025-12-07 10:42:02 -03:00 · 59f3bb8c7e
commit 59f3bb8c7e
parent b225d7e83c
2 changed files with 37 additions and 25 deletions
--- a/src/core/bootstrap/mod.rs
+++ b/src/core/bootstrap/mod.rs
@ -543,7 +543,7 @@ meet.botserver.local {{

        fs::write(dns_config, corefile)?;

-        // Create initial zone file
+        // Create initial zone file with component names
        let zone = r#"$ORIGIN botserver.local.
 $TTL 60
@       IN      SOA     ns1.botserver.local. admin.botserver.local. (
@ -556,12 +556,21 @@ $TTL 60
        IN      NS      ns1.botserver.local.
 ns1     IN      A       127.0.0.1

-; Static entries
-api     IN      A       127.0.0.1
-auth    IN      A       127.0.0.1
-llm     IN      A       127.0.0.1
-mail    IN      A       127.0.0.1
-meet    IN      A       127.0.0.1
+; Core services
+api         IN      A       127.0.0.1
+tables      IN      A       127.0.0.1
+drive       IN      A       127.0.0.1
+cache       IN      A       127.0.0.1
+vectordb    IN      A       127.0.0.1
+vault       IN      A       127.0.0.1
+
+; Application services
+llm         IN      A       127.0.0.1
+embedding   IN      A       127.0.0.1
+directory   IN      A       127.0.0.1
+auth        IN      A       127.0.0.1
+email       IN      A       127.0.0.1
+meet        IN      A       127.0.0.1

 ; Dynamic entries will be added below
 "#;
@ -1272,6 +1281,7 @@ log_level = "info"
        }

        // Services that need certificates - Vault FIRST
+        // Using component names: tables (postgres), drive (minio), cache (redis), vectordb (qdrant)
        let services = vec![
            ("vault", vec!["localhost", "127.0.0.1", "vault.botserver.local"]),
            ("api", vec!["localhost", "127.0.0.1", "api.botserver.local"]),
@ -1281,20 +1291,20 @@ log_level = "info"
                vec!["localhost", "127.0.0.1", "embedding.botserver.local"],
            ),
            (
-                "qdrant",
-                vec!["localhost", "127.0.0.1", "qdrant.botserver.local"],
+                "vectordb",
+                vec!["localhost", "127.0.0.1", "vectordb.botserver.local"],
            ),
            (
-                "postgres",
-                vec!["localhost", "127.0.0.1", "postgres.botserver.local"],
+                "tables",
+                vec!["localhost", "127.0.0.1", "tables.botserver.local"],
            ),
            (
-                "redis",
-                vec!["localhost", "127.0.0.1", "redis.botserver.local"],
+                "cache",
+                vec!["localhost", "127.0.0.1", "cache.botserver.local"],
            ),
            (
-                "minio",
-                vec!["localhost", "127.0.0.1", "minio.botserver.local"],
+                "drive",
+                vec!["localhost", "127.0.0.1", "drive.botserver.local"],
            ),
            (
                "directory",
@ -1310,7 +1320,7 @@ log_level = "info"
                vec![
                    "localhost",
                    "127.0.0.1",
-                    "mail.botserver.local",
+                    "email.botserver.local",
                    "smtp.botserver.local",
                    "imap.botserver.local",
                ],
--- a/src/security/ca.rs
+++ b/src/security/ca.rs
@ -350,15 +350,16 @@ impl CaManager {
    }

    /// Issue certificates for all services
+    /// Using component names: tables (postgres), drive (minio), cache (redis), vectordb (qdrant)
    pub fn issue_service_certificates(&self) -> Result<()> {
        let services = vec![
-            ("api", vec!["localhost", "botserver", "127.0.0.1"]),
+            ("api", vec!["localhost", "api", "127.0.0.1"]),
            ("llm", vec!["localhost", "llm", "127.0.0.1"]),
            ("embedding", vec!["localhost", "embedding", "127.0.0.1"]),
-            ("qdrant", vec!["localhost", "qdrant", "127.0.0.1"]),
-            ("postgres", vec!["localhost", "postgres", "127.0.0.1"]),
-            ("redis", vec!["localhost", "redis", "127.0.0.1"]),
-            ("minio", vec!["localhost", "minio", "127.0.0.1"]),
+            ("vectordb", vec!["localhost", "vectordb", "127.0.0.1"]),
+            ("tables", vec!["localhost", "tables", "127.0.0.1"]),
+            ("cache", vec!["localhost", "cache", "127.0.0.1"]),
+            ("drive", vec!["localhost", "drive", "127.0.0.1"]),
            ("directory", vec!["localhost", "directory", "127.0.0.1"]),
            ("email", vec!["localhost", "email", "127.0.0.1"]),
            ("meet", vec!["localhost", "meet", "127.0.0.1"]),
@ -410,6 +411,7 @@ impl CaManager {
    }

    /// Create CA directory structure
+    /// Using component names: tables, drive, cache, vectordb
    fn create_ca_directories(&self) -> Result<()> {
        let ca_dir = self
            .config
@ -421,10 +423,10 @@ impl CaManager {
        fs::create_dir_all("certs/api")?;
        fs::create_dir_all("certs/llm")?;
        fs::create_dir_all("certs/embedding")?;
-        fs::create_dir_all("certs/qdrant")?;
-        fs::create_dir_all("certs/postgres")?;
-        fs::create_dir_all("certs/redis")?;
-        fs::create_dir_all("certs/minio")?;
+        fs::create_dir_all("certs/vectordb")?;
+        fs::create_dir_all("certs/tables")?;
+        fs::create_dir_all("certs/cache")?;
+        fs::create_dir_all("certs/drive")?;
        fs::create_dir_all("certs/directory")?;
        fs::create_dir_all("certs/email")?;
        fs::create_dir_all("certs/meet")?;