GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests Projects Releases 323 Packages Wiki Activity Actions

refactor: standardize component names for certificates and DNS

Browse source 
- Rename service names to component names:
  - postgres -> tables
  - minio -> drive
  - redis -> cache
  - qdrant -> vectordb
  - mail -> email

- Update bootstrap certificate generation with new hostnames
- Update CoreDNS zone file with component-based DNS entries
- Update CA service certificates to use component names
- Update CA directory creation to use component names

All certificates include 127.0.0.1 as SAN for IP-based mTLS access
This commit is contained in:
Rodrigo Rodriguez (Pragmatismo) 2025-12-07 10:42:02 -03:00
parent b225d7e83c
commit 59f3bb8c7e
2 changed files with 37 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
src/core/bootstrap/mod.rs
View file

@ -543,7 +543,7 @@ meet.botserver.local {{
fs::write(dns_config, corefile)?; fs::write(dns_config, corefile)?;
// Create initial zone file // Create initial zone file with component names
let zone = r#"$ORIGIN botserver.local. let zone = r#"$ORIGIN botserver.local.
$TTL 60 $TTL 60
@ IN SOA ns1.botserver.local. admin.botserver.local. ( @ IN SOA ns1.botserver.local. admin.botserver.local. (
@ -556,12 +556,21 @@ $TTL 60
IN NS ns1.botserver.local. IN NS ns1.botserver.local.
ns1 IN A 127.0.0.1 ns1 IN A 127.0.0.1
; Static entries ; Core services
api IN A 127.0.0.1 api IN A 127.0.0.1
auth IN A 127.0.0.1 tables IN A 127.0.0.1
llm IN A 127.0.0.1 drive IN A 127.0.0.1
mail IN A 127.0.0.1 cache IN A 127.0.0.1
meet IN A 127.0.0.1 vectordb IN A 127.0.0.1
vault IN A 127.0.0.1
; Application services
llm IN A 127.0.0.1
embedding IN A 127.0.0.1
directory IN A 127.0.0.1
auth IN A 127.0.0.1
email IN A 127.0.0.1
meet IN A 127.0.0.1
; Dynamic entries will be added below ; Dynamic entries will be added below
"#; "#;
@ -1272,6 +1281,7 @@ log_level = "info"
} }
// Services that need certificates - Vault FIRST // Services that need certificates - Vault FIRST
// Using component names: tables (postgres), drive (minio), cache (redis), vectordb (qdrant)
let services = vec![ let services = vec![
("vault", vec!["localhost", "127.0.0.1", "vault.botserver.local"]), ("vault", vec!["localhost", "127.0.0.1", "vault.botserver.local"]),
("api", vec!["localhost", "127.0.0.1", "api.botserver.local"]), ("api", vec!["localhost", "127.0.0.1", "api.botserver.local"]),
@ -1281,20 +1291,20 @@ log_level = "info"
vec!["localhost", "127.0.0.1", "embedding.botserver.local"], vec!["localhost", "127.0.0.1", "embedding.botserver.local"],
), ),
( (
"qdrant", "vectordb",
vec!["localhost", "127.0.0.1", "qdrant.botserver.local"], vec!["localhost", "127.0.0.1", "vectordb.botserver.local"],
), ),
( (
"postgres", "tables",
vec!["localhost", "127.0.0.1", "postgres.botserver.local"], vec!["localhost", "127.0.0.1", "tables.botserver.local"],
), ),
( (
"redis", "cache",
vec!["localhost", "127.0.0.1", "redis.botserver.local"], vec!["localhost", "127.0.0.1", "cache.botserver.local"],
), ),
( (
"minio", "drive",
vec!["localhost", "127.0.0.1", "minio.botserver.local"], vec!["localhost", "127.0.0.1", "drive.botserver.local"],
), ),
( (
"directory", "directory",
@ -1310,7 +1320,7 @@ log_level = "info"
vec![ vec![
"localhost", "localhost",
"127.0.0.1", "127.0.0.1",
"mail.botserver.local", "email.botserver.local",
"smtp.botserver.local", "smtp.botserver.local",
"imap.botserver.local", "imap.botserver.local",
], ],

20
src/security/ca.rs
View file

@ -350,15 +350,16 @@ impl CaManager {
} }
/// Issue certificates for all services /// Issue certificates for all services
/// Using component names: tables (postgres), drive (minio), cache (redis), vectordb (qdrant)
pub fn issue_service_certificates(&self) -> Result<()> { pub fn issue_service_certificates(&self) -> Result<()> {
let services = vec![ let services = vec![
("api", vec!["localhost", "botserver", "127.0.0.1"]), ("api", vec!["localhost", "api", "127.0.0.1"]),
("llm", vec!["localhost", "llm", "127.0.0.1"]), ("llm", vec!["localhost", "llm", "127.0.0.1"]),
("embedding", vec!["localhost", "embedding", "127.0.0.1"]), ("embedding", vec!["localhost", "embedding", "127.0.0.1"]),
("qdrant", vec!["localhost", "qdrant", "127.0.0.1"]), ("vectordb", vec!["localhost", "vectordb", "127.0.0.1"]),
("postgres", vec!["localhost", "postgres", "127.0.0.1"]), ("tables", vec!["localhost", "tables", "127.0.0.1"]),
("redis", vec!["localhost", "redis", "127.0.0.1"]), ("cache", vec!["localhost", "cache", "127.0.0.1"]),
("minio", vec!["localhost", "minio", "127.0.0.1"]), ("drive", vec!["localhost", "drive", "127.0.0.1"]),
("directory", vec!["localhost", "directory", "127.0.0.1"]), ("directory", vec!["localhost", "directory", "127.0.0.1"]),
("email", vec!["localhost", "email", "127.0.0.1"]), ("email", vec!["localhost", "email", "127.0.0.1"]),
("meet", vec!["localhost", "meet", "127.0.0.1"]), ("meet", vec!["localhost", "meet", "127.0.0.1"]),
@ -410,6 +411,7 @@ impl CaManager {
} }
/// Create CA directory structure /// Create CA directory structure
/// Using component names: tables, drive, cache, vectordb
fn create_ca_directories(&self) -> Result<()> { fn create_ca_directories(&self) -> Result<()> {
let ca_dir = self let ca_dir = self
.config .config
@ -421,10 +423,10 @@ impl CaManager {
fs::create_dir_all("certs/api")?; fs::create_dir_all("certs/api")?;
fs::create_dir_all("certs/llm")?; fs::create_dir_all("certs/llm")?;
fs::create_dir_all("certs/embedding")?; fs::create_dir_all("certs/embedding")?;
fs::create_dir_all("certs/qdrant")?; fs::create_dir_all("certs/vectordb")?;
fs::create_dir_all("certs/postgres")?; fs::create_dir_all("certs/tables")?;
fs::create_dir_all("certs/redis")?; fs::create_dir_all("certs/cache")?;
fs::create_dir_all("certs/minio")?; fs::create_dir_all("certs/drive")?;
fs::create_dir_all("certs/directory")?; fs::create_dir_all("certs/directory")?;
fs::create_dir_all("certs/email")?; fs::create_dir_all("certs/email")?;
fs::create_dir_all("certs/meet")?; fs::create_dir_all("certs/meet")?;