Documentation
¶
Index ¶
- Variables
- func GenerateQR(content string, level qr.Level) (*ui.QRResult, error)
- func TOTPProvisioningQR(uri string) (*ui.QRResult, error)
- type BackupEntry
- type BackupManifest
- type CA
- type Context
- type Home
- type Service
- func (s *Service) Install(svc service.Service) error
- func (s *Service) MapError(err error, cmd string) error
- func (s *Service) Restart(svc service.Service) error
- func (s *Service) Start(svc service.Service) error
- func (s *Service) Status(svc service.Service) error
- func (s *Service) Stop(svc service.Service) error
- func (s *Service) Uninstall(svc service.Service) error
- type System
- type SystemConfig
Constants ¶
This section is empty.
Variables ¶
var BannerTmpl string
var ConfigTmpl string
var TplAdminHcl []byte
var TplWebHcl []byte
Functions ¶
func GenerateQR ¶
GenerateQR encodes content at the given ECC level and returns all three forms. This is a convenience function for backward compatibility.
Types ¶
type BackupEntry ¶
type BackupEntry struct {
OriginalPath string `json:"original_path"`
ArchivePath string `json:"archive_path"`
SHA256 string `json:"sha256"`
Size int64 `json:"size"`
Mode os.FileMode `json:"mode"`
}
BackupEntry holds metadata for one file inside a backup archive.
type BackupManifest ¶
type BackupManifest struct {
Version int `json:"version"`
Timestamp time.Time `json:"timestamp"`
OS string `json:"os"`
Arch string `json:"arch"`
Files []BackupEntry `json:"files"`
}
BackupManifest describes the contents of a backup archive. Version 1 archives store per-file SHA-256 hashes and an HMAC-SHA256 signature over the entire manifest so Restore can detect tampering.
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
func NewCAWithStore ¶
NewCAWithStore creates CA with provided store (for when you already have one)
func (*CA) IsInstalled ¶
func (*CA) PromptAndInstall ¶
type Context ¶
type Context struct {
Logger *ll.Logger
Interactive bool
Paths woos.RuntimePaths
IsRoot bool
Keeper *keeper.Keeper
TLSStore tlsstore.Store
}
func NewContext ¶
func (*Context) SetTLSStore ¶
type System ¶
type System struct {
// contains filtered or unexported fields
}
System implements backup, restore, and self-update operations. Backup, Restore, and Update each return an error so callers can decide whether to fatal or propagate. The CLI wrapper calls Fatal; tests inspect the returned error directly.
func NewSystem ¶
func NewSystem(cfg SystemConfig) *System
NewSystem constructs a System operator with the provided configuration.
func (*System) Backup ¶
Backup archives the configuration, certificates, and associated data files referenced by configPath into outPath. When password is non-empty the archive entries are AES-256 encrypted and an HMAC-SHA256 signature is stored so Restore can detect tampering.
Files outside agbero's own storage directories (e.g. TLS certificates managed by Let's Encrypt, error pages in /var/www) are included — they are legitimate — but listed as warnings so the operator can audit what will be restored and to which absolute paths.
func (*System) Restore ¶
Restore extracts and verifies files from a backup archive created by Backup. configPath is the live agbero config on this machine — it is used to build the set of trusted restore roots from actual configuration, not from the (potentially attacker-controlled) manifest. autoYes skips all confirmation prompts. force skips per-conflict overwrite prompts.
func (*System) Update ¶
Update fetches the latest release from GitHub, verifies the SHA-256 checksum from the release's checksums.txt, and applies the binary replacement atomically. force skips the version comparison. autoYes skips the confirmation prompt. SHA-256 verification is never skipped regardless of flags.
type SystemConfig ¶
SystemConfig carries all dependencies for the System operator. Only Logger is required for production callers. The unexported fields are test hooks that override network behaviour without real HTTP calls.
Source Files