chore: Move opnsense credential secret from example into domain. There is an architectural problem around secrets still but its definitely something we want to manage for the user

Cargo.lock

@@ -2298,6 +2298,7 @@ dependencies = [
  "futures-util",
  "harmony_inventory_agent",
  "harmony_macros",
+ "harmony_secret",
  "harmony_secret_derive",
  "harmony_types",
  "helm-wrapper-rs",

examples/okd_pxe/src/topology.rs

@@ -1,28 +1,22 @@
 use cidr::Ipv4Cidr;
 use harmony::{
-    hardware::{FirewallGroup, HostCategory, Location, PhysicalHost, SwitchGroup},
+    config::secret::OPNSenseFirewallCredentials,
+    hardware::{Location, SwitchGroup},
     infra::opnsense::OPNSenseManagementInterface,
     inventory::Inventory,
     topology::{HAClusterTopology, LogicalHost, UnmanagedRouter},
 };
 use harmony_macros::{ip, ipv4};
-use harmony_secret::{Secret, SecretManager};
+use harmony_secret::SecretManager;
-use serde::{Deserialize, Serialize};
 use std::{net::IpAddr, sync::Arc};
 
-#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)]
-struct OPNSenseFirewallConfig {
-    username: String,
-    password: String,
-}
-
 pub async fn get_topology() -> HAClusterTopology {
     let firewall = harmony::topology::LogicalHost {
         ip: ip!("192.168.1.1"),
         name: String::from("opnsense-1"),
     };
 
-    let config = SecretManager::get::<OPNSenseFirewallConfig>().await;
+    let config = SecretManager::get::<OPNSenseFirewallCredentials>().await;
     let config = config.unwrap();
 
     let opnsense = Arc::new(

harmony/Cargo.toml

@@ -67,7 +67,8 @@ base64.workspace = true
 thiserror.workspace = true
 once_cell = "1.21.3"
 harmony_inventory_agent = { path = "../harmony_inventory_agent" }
-harmony_secret_derive = { version = "0.1.0", path = "../harmony_secret_derive" }
+harmony_secret_derive = { path = "../harmony_secret_derive" }
+harmony_secret = { path = "../harmony_secret" }
 askama.workspace = true
 sqlx.workspace = true
 inquire.workspace = true

harmony/src/domain/config/mod.rs

@@ -1,3 +1,5 @@
+pub mod secret;
+
 use lazy_static::lazy_static;
 use std::path::PathBuf;
 

harmony/src/domain/config/secret.rs

@@ -0,0 +1,16 @@
+use harmony_secret_derive::Secret;
+use serde::{Deserialize, Serialize};
+
+#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)]
+pub struct OPNSenseFirewallCredentials {
+    pub username: String,
+    pub password: String,
+}
+
+// TODO we need a better way to handle multiple "instances" of the same secret structure.
+#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)]
+pub struct SshKeyPair {
+    pub private: String,
+    pub public: String,
+}
+

harmony/src/modules/dhcp.rs

@@ -23,6 +23,7 @@ pub struct DhcpScore {
     pub filename64: Option<String>,
     pub filenameipxe: Option<String>,
     pub dhcp_range: (IpAddress, IpAddress),
+    pub domain: Option<String>,
 }
 
 impl<T: Topology + DhcpServer> Score<T> for DhcpScore {
@@ -114,6 +115,7 @@ impl<T: Topology + DhcpServer> Interpret<T> for DhcpInterpret {
 
         DhcpHostBindingScore {
             host_binding: self.score.host_binding.clone(),
+            domain: self.score.domain.clone(),
         }
         .interpret(inventory, topology)
         .await?;

harmony/src/modules/okd/dhcp.rs

@@ -71,6 +71,7 @@ impl OKDDhcpScore {
                     topology.router.get_gateway()
                 )),
                 dhcp_range: (IpAddress::from(start), IpAddress::from(end)),
+                domain: Some(topology.domain_name.clone()),
             },
         }
     }

harmony/src/modules/okd/installation.rs

@@ -428,7 +428,7 @@ impl OKDSetup02BootstrapInterpret {
 
         DhcpHostBindingScore {
             host_binding: vec![binding],
-            domain: Some(topology.domain_name),
+            domain: Some(topology.domain_name.clone()),
         }
         .interpret(inventory, topology)
         .await?;
@@ -457,7 +457,9 @@ impl OKDSetup02BootstrapInterpret {
         inventory: &Inventory,
         topology: &HAClusterTopology,
     ) -> Result<(), InterpretError> {
-        todo!("OKD loadbalancer score already exists, just call it here probably? 6443 22623, 80 and 443 \n\nhttps://docs.okd.io/latest/installing/installing_bare_metal/upi/installing-bare-metal.html#installation-load-balancing-user-infra_installing-bare-metal");
+        todo!(
+            "OKD loadbalancer score already exists, just call it here probably? 6443 22623, 80 and 443 \n\nhttps://docs.okd.io/latest/installing/installing_bare_metal/upi/installing-bare-metal.html#installation-load-balancing-user-infra_installing-bare-metal"
+        );
     }
 
     async fn reboot_target(&self) -> Result<(), InterpretError> {
@@ -499,7 +501,8 @@ impl Interpret<HAClusterTopology> for OKDSetup02BootstrapInterpret {
         self.configure_host_binding(inventory, topology).await?;
         self.prepare_ignition_files(inventory, topology).await?;
         self.render_per_mac_pxe(inventory, topology).await?;
-        self.setup_bootstrap_load_balancer(inventory, topology).await?;
+        self.setup_bootstrap_load_balancer(inventory, topology)
+            .await?;
 
         // TODO https://docs.okd.io/latest/installing/installing_bare_metal/upi/installing-bare-metal.html#installation-user-provisioned-validating-dns_installing-bare-metal
         // self.validate_dns_config(inventory, topology).await?;

harmony/src/modules/okd/ipxe.rs

@@ -59,6 +59,7 @@ impl<T: Topology + DhcpServer + TftpServer + HttpServer + Router> Interpret<T> f
         let scores: Vec<Box<dyn Score<T>>> = vec![
             Box::new(DhcpScore {
                 host_binding: vec![],
+                domain: None,
                 next_server: Some(topology.get_gateway()),
                 boot_filename: None,
                 filename: Some("undionly.kpxe".to_string()),