wip: multisite application feature with stateless and statefull application traits

Reviewed-on: #114

.gitattributes

@@ -2,3 +2,5 @@ bootx64.efi filter=lfs diff=lfs merge=lfs -text
 grubx64.efi filter=lfs diff=lfs merge=lfs -text
 initrd filter=lfs diff=lfs merge=lfs -text
 linux filter=lfs diff=lfs merge=lfs -text
+data/okd/bin/* filter=lfs diff=lfs merge=lfs -text
+data/okd/installer_image/* filter=lfs diff=lfs merge=lfs -text

.gitea/workflows/check.yml

@@ -9,7 +9,7 @@ jobs:
   check:
     runs-on: docker
     container:
-      image: hub.nationtech.io/harmony/harmony_composer:latest@sha256:eb0406fcb95c63df9b7c4b19bc50ad7914dd8232ce98e9c9abef628e07c69386
+      image: hub.nationtech.io/harmony/harmony_composer:latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

.gitea/workflows/harmony_composer.yaml

@@ -7,7 +7,7 @@ on:
 jobs:
   package_harmony_composer:
     container:
-      image: hub.nationtech.io/harmony/harmony_composer:latest@sha256:eb0406fcb95c63df9b7c4b19bc50ad7914dd8232ce98e9c9abef628e07c69386
+      image: hub.nationtech.io/harmony/harmony_composer:latest
     runs-on: dind
     steps:
       - name: Checkout code
@@ -45,14 +45,14 @@ jobs:
             -H "Authorization: token ${{ secrets.GITEATOKEN }}" \
             "https://git.nationtech.io/api/v1/repos/nationtech/harmony/releases/tags/snapshot-latest" \
             | jq -r '.id // empty')
-          
+
           if [ -n "$RELEASE_ID" ]; then
             # Delete existing release
             curl -X DELETE \
               -H "Authorization: token ${{ secrets.GITEATOKEN }}" \
               "https://git.nationtech.io/api/v1/repos/nationtech/harmony/releases/$RELEASE_ID"
           fi
-          
+
           # Create new release
           RESPONSE=$(curl -X POST \
             -H "Authorization: token ${{ secrets.GITEATOKEN }}" \
@@ -65,7 +65,7 @@ jobs:
               "prerelease": true
             }' \
             "https://git.nationtech.io/api/v1/repos/nationtech/harmony/releases")
-          
+
           echo "RELEASE_ID=$(echo $RESPONSE | jq -r '.id')" >> $GITHUB_ENV
 
       - name: Upload Linux binary

.gitignore

@@ -1,3 +1,26 @@
-target
-private_repos
-log/
+### General ###
+private_repos/
+
+### Harmony ###
+harmony.log
+data/okd/installation_files*
+
+### Helm ###
+# Chart dependencies
+**/charts/*.tgz
+
+### Rust ###
+# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+# MSVC Windows builds of rustc generate these, which store debugging information
+*.pdb

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "examples/try_rust_webapp/tryrust.org"]
+	path = examples/try_rust_webapp/tryrust.org
+	url = https://github.com/rust-dd/tryrust.org.git

.sqlx/query-2ea29df2326f7c84bd4100ad510a3fd4878dc2e217dc83f9bf45a402dfd62a91.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT host_id FROM host_role_mapping WHERE role = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "host_id",
+        "ordinal": 0,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "2ea29df2326f7c84bd4100ad510a3fd4878dc2e217dc83f9bf45a402dfd62a91"
+}

.sqlx/query-8d247918eca10a88b784ee353db090c94a222115c543231f2140cba27bd0f067.json

@@ -0,0 +1,32 @@
+{
+  "db_name": "SQLite",
+  "query": "\n        SELECT\n            p1.id,\n            p1.version_id,\n            p1.data as \"data: Json<PhysicalHost>\"\n        FROM\n            physical_hosts p1\n        INNER JOIN (\n            SELECT\n                id,\n                MAX(version_id) AS max_version\n            FROM\n                physical_hosts\n            GROUP BY\n                id\n        ) p2 ON p1.id = p2.id AND p1.version_id = p2.max_version\n        ",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "version_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "data: Json<PhysicalHost>",
+        "ordinal": 2,
+        "type_info": "Blob"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "8d247918eca10a88b784ee353db090c94a222115c543231f2140cba27bd0f067"
+}

.sqlx/query-934035c7ca6e064815393e4e049a7934b0a7fac04a4fe4b2a354f0443d630990.json

@@ -0,0 +1,32 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, version_id, data as \"data: Json<PhysicalHost>\" FROM physical_hosts WHERE id = ? ORDER BY version_id DESC LIMIT 1",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "version_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "data: Json<PhysicalHost>",
+        "ordinal": 2,
+        "type_info": "Null"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "934035c7ca6e064815393e4e049a7934b0a7fac04a4fe4b2a354f0443d630990"
+}

.sqlx/query-df7a7c9cfdd0972e2e0ce7ea444ba8bc9d708a4fb89d5593a0be2bbebde62aff.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n        INSERT INTO host_role_mapping (host_id, role)\n        VALUES (?, ?)\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "df7a7c9cfdd0972e2e0ce7ea444ba8bc9d708a4fb89d5593a0be2bbebde62aff"
+}

.sqlx/query-f10f615ee42129ffa293e46f2f893d65a237d31d24b74a29c6a8d8420d255ab8.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO physical_hosts (id, version_id, data) VALUES (?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "f10f615ee42129ffa293e46f2f893d65a237d31d24b74a29c6a8d8420d255ab8"
+}

Cargo.toml

@@ -12,6 +12,9 @@ members = [
   "harmony_cli",
   "k3d",
   "harmony_composer",
+  "harmony_inventory_agent",
+  "harmony_secret_derive",
+  "harmony_secret", "adr/agent_discovery/mdns",
 ]
 
 [workspace.package]
@@ -20,34 +23,48 @@ readme = "README.md"
 license = "GNU AGPL v3"
 
 [workspace.dependencies]
-log = "0.4.22"
-env_logger = "0.11.5"
-derive-new = "0.7.0"
-async-trait = "0.1.82"
-tokio = { version = "1.40.0", features = [
+log = { version = "0.4", features = ["kv"] }
+env_logger = "0.11"
+derive-new = "0.7"
+async-trait = "0.1"
+tokio = { version = "1.40", features = [
   "io-std",
   "fs",
   "macros",
   "rt-multi-thread",
 ] }
 cidr = { features = ["serde"], version = "0.2" }
-russh = "0.45.0"
-russh-keys = "0.45.0"
-rand = "0.8.5"
-url = "2.5.4"
-kube = "0.98.0"
-k8s-openapi = { version = "0.24.0", features = ["v1_30"] }
-serde_yaml = "0.9.34"
-serde-value = "0.7.0"
-http = "1.2.0"
-inquire = "0.7.5"
-convert_case = "0.8.0"
+russh = "0.45"
+russh-keys = "0.45"
+rand = "0.9"
+url = "2.5"
+kube = { version = "1.1.0", features = [
+  "config",
+  "client",
+  "runtime",
+  "rustls-tls",
+  "ws",
+  "jsonpatch",
+] }
+k8s-openapi = { version = "0.25", features = ["v1_30"] }
+serde_yaml = "0.9"
+serde-value = "0.7"
+http = "1.2"
+inquire = "0.7"
+convert_case = "0.8"
 chrono = "0.4"
-
-[workspace.dependencies.uuid]
-version = "1.11.0"
-features = [
-  "v4",                # Lets you generate random UUIDs
-  "fast-rng",          # Use a faster (but still sufficiently random) RNG
-  "macro-diagnostics", # Enable better diagnostics for compile-time UUIDs
-]
+similar = "2"
+uuid = { version = "1.11", features = ["v4", "fast-rng", "macro-diagnostics"] }
+pretty_assertions = "1.4.1"
+tempfile = "3.20.0"
+bollard = "0.19.1"
+base64 = "0.22.1"
+tar = "0.4.44"
+lazy_static = "1.5.0"
+directories = "6.0.0"
+thiserror = "2.0.14"
+serde = { version = "1.0.209", features = ["derive", "rc"] }
+serde_json = "1.0.127"
+askama = "0.14"
+sqlx = { version = "0.8", features = ["runtime-tokio", "sqlite" ] }
+reqwest = { version = "0.12", features = ["blocking", "stream", "rustls-tls", "http2", "json"], default-features = false }

Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/rust:1.87.0 AS build
+FROM docker.io/rust:1.89.0 AS build
 
 WORKDIR /app
 
@@ -6,13 +6,14 @@ COPY . .
 
 RUN cargo build --release --bin harmony_composer
 
-FROM docker.io/rust:1.87.0
+FROM docker.io/rust:1.89.0
 
 WORKDIR /app
 
 RUN rustup target add x86_64-pc-windows-gnu
 RUN rustup target add x86_64-unknown-linux-gnu
 RUN rustup component add rustfmt
+RUN rustup component add clippy
 
 RUN apt update
 
@@ -22,4 +23,4 @@ RUN apt install -y nodejs docker.io mingw-w64
 
 COPY --from=build /app/target/release/harmony_composer .
 
-ENTRYPOINT ["/app/harmony_composer"]
+ENTRYPOINT ["/app/harmony_composer"]

README.md

@@ -1,5 +1,6 @@
-# Harmony : Open-source infrastructure orchestration that treats your platform like first-class code.
-*By [NationTech](https://nationtech.io)*
+# Harmony : Open-source infrastructure orchestration that treats your platform like first-class code
+
+_By [NationTech](https://nationtech.io)_
 
 [![Build](https://git.nationtech.io/NationTech/harmony/actions/workflows/check.yml/badge.svg)](https://git.nationtech.io/nationtech/harmony)
 [![License](https://img.shields.io/badge/license-AGPLv3-blue?style=flat-square)](LICENSE)
@@ -23,11 +24,11 @@ From a **developer laptop** to a **global production cluster**, a single **sourc
 
 Infrastructure is essential, but it shouldn’t be your core business. Harmony is built on three guiding principles that make modern platforms reliable, repeatable, and easy to reason about.
 
-| Principle | What it means for you |
-|-----------|-----------------------|
-| **Infrastructure as Resilient Code** | Replace sprawling YAML and bash scripts with type-safe Rust. Test, refactor, and version your platform just like application code. |
-| **Prove It Works — Before You Deploy** | Harmony uses the compiler to verify that your application’s needs match the target environment’s capabilities at **compile-time**, eliminating an entire class of runtime outages. |
-| **One Unified Model** | Software and infrastructure are a single system. Harmony models them together, enabling deep automation—from bare-metal servers to Kubernetes workloads—with zero context switching. |
+| Principle                              | What it means for you                                                                                                                                                                |
+| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| **Infrastructure as Resilient Code**   | Replace sprawling YAML and bash scripts with type-safe Rust. Test, refactor, and version your platform just like application code.                                                   |
+| **Prove It Works — Before You Deploy** | Harmony uses the compiler to verify that your application’s needs match the target environment’s capabilities at **compile-time**, eliminating an entire class of runtime outages.   |
+| **One Unified Model**                  | Software and infrastructure are a single system. Harmony models them together, enabling deep automation—from bare-metal servers to Kubernetes workloads—with zero context switching. |
 
 These principles surface as simple, ergonomic Rust APIs that let teams focus on their product while trusting the platform underneath.
 
@@ -63,22 +64,20 @@ async fn main() {
         },
     };
 
-    // 2. Pick where it should run
-    let mut maestro = Maestro::<K8sAnywhereTopology>::initialize(
-        Inventory::autoload(),                // auto-detect hardware / kube-config
-        K8sAnywhereTopology::from_env(),      // local k3d, CI, staging, prod…
-    )
-    .await
-    .unwrap();
-
-    // 3. Enhance with extra scores (monitoring, CI/CD, …)
+    // 2. Enhance with extra scores (monitoring, CI/CD, …)
     let mut monitoring = MonitoringAlertingStackScore::new();
     monitoring.namespace = Some(lamp_stack.config.namespace.clone());
 
-    maestro.register_all(vec![Box::new(lamp_stack), Box::new(monitoring)]);
-
-    // 4. Launch an interactive CLI / TUI
-    harmony_cli::init(maestro, None).await.unwrap();
+    // 3. Run your scores on the desired topology & inventory
+    harmony_cli::run(
+        Inventory::autoload(),                // auto-detect hardware / kube-config
+        K8sAnywhereTopology::from_env(),      // local k3d, CI, staging, prod…
+        vec![
+          Box::new(lamp_stack),
+          Box::new(monitoring)
+        ],
+        None
+    ).await.unwrap();
 }
 ```
 
@@ -94,13 +93,13 @@ Harmony analyses the code, shows an execution plan in a TUI, and applies it once
 
 ## 3 · Core Concepts
 
-| Term | One-liner |
-|------|-----------|
-| **Score<T>** | Declarative description of the desired state (e.g., `LAMPScore`). |
-| **Interpret<T>** | Imperative logic that realises a `Score` on a specific environment. |
-| **Topology** | An environment (local k3d, AWS, bare-metal) exposing verified *Capabilities* (Kubernetes, DNS, …). |
-| **Maestro** | Orchestrator that compiles Scores + Topology, ensuring all capabilities line up **at compile-time**. |
-| **Inventory** | Optional catalogue of physical assets for bare-metal and edge deployments. |
+| Term             | One-liner                                                                                            |
+| ---------------- | ---------------------------------------------------------------------------------------------------- |
+| **Score<T>**     | Declarative description of the desired state (e.g., `LAMPScore`).                                    |
+| **Interpret<T>** | Imperative logic that realises a `Score` on a specific environment.                                  |
+| **Topology**     | An environment (local k3d, AWS, bare-metal) exposing verified _Capabilities_ (Kubernetes, DNS, …).   |
+| **Maestro**      | Orchestrator that compiles Scores + Topology, ensuring all capabilities line up **at compile-time**. |
+| **Inventory**    | Optional catalogue of physical assets for bare-metal and edge deployments.                           |
 
 A visual overview is in the diagram below.
 
@@ -112,9 +111,9 @@ A visual overview is in the diagram below.
 
 Prerequisites:
 
-* Rust 
-* Docker (if you deploy locally)
-* `kubectl` / `helm` for Kubernetes-based topologies
+- Rust
+- Docker (if you deploy locally)
+- `kubectl` / `helm` for Kubernetes-based topologies
 
 ```bash
 git clone https://git.nationtech.io/nationtech/harmony
@@ -126,15 +125,15 @@ cargo build --release          # builds the CLI, TUI and libraries
 
 ## 5 · Learning More
 
-* **Architectural Decision Records** – dive into the rationale  
-  - [ADR-001 · Why Rust](adr/001-rust.md)  
-  - [ADR-003 · Infrastructure Abstractions](adr/003-infrastructure-abstractions.md)  
-  - [ADR-006 · Secret Management](adr/006-secret-management.md)  
+- **Architectural Decision Records** – dive into the rationale
+  - [ADR-001 · Why Rust](adr/001-rust.md)
+  - [ADR-003 · Infrastructure Abstractions](adr/003-infrastructure-abstractions.md)
+  - [ADR-006 · Secret Management](adr/006-secret-management.md)
   - [ADR-011 · Multi-Tenant Cluster](adr/011-multi-tenant-cluster.md)
 
-* **Extending Harmony** – write new Scores / Interprets, add hardware like OPNsense firewalls, or embed Harmony in your own tooling (`/docs`).
+- **Extending Harmony** – write new Scores / Interprets, add hardware like OPNsense firewalls, or embed Harmony in your own tooling (`/docs`).
 
-* **Community** – discussions and roadmap live in [GitLab issues](https://git.nationtech.io/nationtech/harmony/-/issues). PRs, ideas, and feedback are welcome!
+- **Community** – discussions and roadmap live in [GitLab issues](https://git.nationtech.io/nationtech/harmony/-/issues). PRs, ideas, and feedback are welcome!
 
 ---
 
@@ -148,4 +147,4 @@ See [LICENSE](LICENSE) for the full text.
 
 ---
 
-*Made with ❤️ & 🦀 by the NationTech and the Harmony community*
+_Made with ❤️ & 🦀 by the NationTech and the Harmony community_

adr/013-monitoring-notifications.md

@@ -0,0 +1,78 @@
+# Architecture Decision Record: Monitoring Notifications
+
+Initial Author: Taha Hawa
+
+Initial Date: 2025-06-26
+
+Last Updated Date: 2025-06-26
+
+## Status
+
+Proposed
+
+## Context
+
+We need to send notifications (typically from AlertManager/Prometheus) and we need to receive said notifications on mobile devices for sure in some way, whether it's push messages, SMS, phone call, email, etc or all of the above.
+
+## Decision
+
+We should go with https://ntfy.sh except host it ourselves.
+
+`ntfy` is an open source solution written in Go that has the features we need.
+
+## Rationale
+
+`ntfy` has pretty much everything we need (push notifications, email forwarding, receives via webhook), and nothing/not much we don't. Good fit, lightweight.
+
+## Consequences
+
+Pros:
+
+- topics, with ACLs
+- lightweight
+- reliable
+- easy to configure
+- mobile app
+  - the mobile app can listen via websocket, poll, or receive via Firebase/GCM on Android, or similar on iOS.
+- Forward to email
+- Text-to-Speech phone call messages using Twilio integration
+- Operates based on simple HTTP requests/Webhooks, easily usable via AlertManager
+
+Cons:
+
+- No SMS pushes
+- SQLite DB, makes it harder to HA/scale
+
+## Alternatives considered
+
+[AWS SNS](https://aws.amazon.com/sns/):
+Pros:
+
+- highly reliable
+- no hosting needed
+
+Cons:
+
+- no control, not self hosted
+- costs (per usage)
+
+[Apprise](https://github.com/caronc/apprise):
+Pros:
+
+- Way more ways of sending notifications
+- Can use ntfy as one of the backends/ways of sending
+
+Cons:
+
+- Way too overkill for what we need in terms of features
+
+[Gotify](https://github.com/gotify/server):
+Pros:
+
+- simple, lightweight, golang, etc
+
+Cons:
+
+- Pushes topics are per-user
+
+## Additional Notes

adr/agent_discovery/mdns/Cargo.toml

@@ -0,0 +1,17 @@
+[package]
+name = "mdns"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+mdns-sd = "0.14"
+tokio = { version = "1", features = ["full"] }
+futures = "0.3"
+dmidecode = "0.2" # For getting the motherboard ID on the agent
+log.workspace=true
+env_logger.workspace=true
+clap = { version = "4.5.46", features = ["derive"] }
+get_if_addrs = "0.5.3"
+local-ip-address = "0.6.5"

adr/agent_discovery/mdns/src/advertise.rs

@@ -0,0 +1,60 @@
+// harmony-agent/src/main.rs
+
+use log::info;
+use mdns_sd::{ServiceDaemon, ServiceInfo};
+use std::collections::HashMap;
+
+use crate::SERVICE_TYPE;
+
+// The service we are advertising.
+const SERVICE_PORT: u16 = 43210; // A port for the service. It needs one, even if unused.
+
+pub async fn advertise() {
+    info!("Starting Harmony Agent...");
+
+    // Get a unique ID for this machine.
+    let motherboard_id = "some motherboard id";
+    let instance_name = format!("harmony-agent-{}", motherboard_id);
+    info!("This agent's instance name: {}", instance_name);
+    info!("Advertising with ID: {}", motherboard_id);
+
+    // Create a new mDNS daemon.
+    let mdns = ServiceDaemon::new().expect("Failed to create mDNS daemon");
+
+    // Create a TXT record HashMap to hold our metadata.
+    let mut properties = HashMap::new();
+    properties.insert("id".to_string(), motherboard_id.to_string());
+    properties.insert("version".to_string(), "1.0".to_string());
+
+    // Create the service information.
+    // The instance name should be unique on the network.
+    let local_ip = local_ip_address::local_ip().unwrap();
+    let service_info = ServiceInfo::new(
+        SERVICE_TYPE,
+        &instance_name,
+        "harmony-host.local.", // A hostname for the service
+        local_ip,
+        // "0.0.0.0",
+        SERVICE_PORT,
+        Some(properties),
+    )
+    .expect("Failed to create service info");
+
+    // Register our service with the daemon.
+    mdns.register(service_info)
+        .expect("Failed to register service");
+
+    info!(
+        "Service '{}' registered and now being advertised.",
+        instance_name
+    );
+    info!("Agent is running. Press Ctrl+C to exit.");
+
+    for iface in get_if_addrs::get_if_addrs().unwrap() {
+        println!("{:#?}", iface);
+    }
+
+    // Keep the agent running indefinitely.
+    tokio::signal::ctrl_c().await.unwrap();
+    info!("Shutting down agent.");
+}

adr/agent_discovery/mdns/src/discover.rs

@@ -0,0 +1,109 @@
+use mdns_sd::{ServiceDaemon, ServiceEvent};
+
+use crate::SERVICE_TYPE;
+
+pub async fn discover() {
+    println!("Starting Harmony Master and browsing for agents...");
+
+    // Create a new mDNS daemon.
+    let mdns = ServiceDaemon::new().expect("Failed to create mDNS daemon");
+
+    // Start browsing for the service type.
+    // The receiver will be a stream of events.
+    let receiver = mdns.browse(SERVICE_TYPE).expect("Failed to browse");
+
+    println!(
+        "Listening for mDNS events for '{}'. Press Ctrl+C to exit.",
+        SERVICE_TYPE
+    );
+
+    std::thread::spawn(move || {
+        while let Ok(event) = receiver.recv() {
+            match event {
+                ServiceEvent::ServiceData(resolved) => {
+                    println!("Resolved a new service: {}", resolved.fullname);
+                }
+                other_event => {
+                    println!("Received other event: {:?}", &other_event);
+                }
+            }
+        }
+    });
+
+    // Gracefully shutdown the daemon.
+    std::thread::sleep(std::time::Duration::from_secs(1000000));
+    mdns.shutdown().unwrap();
+
+    // Process events as they come in.
+    // while let Ok(event) = receiver.recv_async().await {
+    //     debug!("Received event {event:?}");
+    //     // match event {
+    //     //     ServiceEvent::ServiceFound(svc_type, fullname) => {
+    //     //         println!("\n--- Agent Discovered ---");
+    //     //         println!("  Service Name: {}", fullname());
+    //     //         // You can now resolve this service to get its IP, port, and TXT records
+    //     //         // The resolve operation is a separate network call.
+    //     //         let receiver = mdns.browse(info.get_fullname()).unwrap();
+    //     //         if let Ok(resolve_event) = receiver.recv_timeout(Duration::from_secs(2)) {
+    //     //              if let ServiceEvent::ServiceResolved(info) = resolve_event {
+    //     //                 let ip = info.get_addresses().iter().next().unwrap();
+    //     //                 let port = info.get_port();
+    //     //                 let motherboard_id = info.get_property("id").map_or("N/A", |v| v.val_str());
+    //     //
+    //     //                 println!("  IP: {}:{}", ip, port);
+    //     //                 println!("  Motherboard ID: {}", motherboard_id);
+    //     //                 println!("------------------------");
+    //     //
+    //     //                 // TODO: Add this agent to your central list of discovered hosts.
+    //     //              }
+    //     //         } else {
+    //     //             println!("Could not resolve service '{}' in time.", info.get_fullname());
+    //     //         }
+    //     //     }
+    //     //     ServiceEvent::ServiceRemoved(info) => {
+    //     //         println!("\n--- Agent Removed ---");
+    //     //         println!("  Service Name: {}", info.get_fullname());
+    //     //         println!("---------------------");
+    //     //         // TODO: Remove this agent from your list.
+    //     //     }
+    //     //     _ => {
+    //     //         // We don't care about other event types for this example
+    //     //     }
+    //     // }
+    // }
+}
+
+async fn _discover_example() {
+    use mdns_sd::{ServiceDaemon, ServiceEvent};
+
+    // Create a daemon
+    let mdns = ServiceDaemon::new().expect("Failed to create daemon");
+
+    // Use recently added `ServiceEvent::ServiceData`.
+    mdns.use_service_data(true)
+        .expect("Failed to use ServiceData");
+
+    // Browse for a service type.
+    let service_type = "_mdns-sd-my-test._udp.local.";
+    let receiver = mdns.browse(service_type).expect("Failed to browse");
+
+    // Receive the browse events in sync or async. Here is
+    // an example of using a thread. Users can call `receiver.recv_async().await`
+    // if running in async environment.
+    std::thread::spawn(move || {
+        while let Ok(event) = receiver.recv() {
+            match event {
+                ServiceEvent::ServiceData(resolved) => {
+                    println!("Resolved a new service: {}", resolved.fullname);
+                }
+                other_event => {
+                    println!("Received other event: {:?}", &other_event);
+                }
+            }
+        }
+    });
+
+    // Gracefully shutdown the daemon.
+    std::thread::sleep(std::time::Duration::from_secs(1));
+    mdns.shutdown().unwrap();
+}

adr/agent_discovery/mdns/src/main.rs

@@ -0,0 +1,31 @@
+use clap::{Parser, ValueEnum};
+
+mod advertise;
+mod discover;
+
+#[derive(Parser, Debug)]
+#[command(version, about, long_about = None)]
+struct Args {
+    #[arg(value_enum)]
+    profile: Profiles,
+}
+
+#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, ValueEnum)]
+enum Profiles {
+    Advertise,
+    Discover,
+}
+
+// The service type we are looking for.
+const SERVICE_TYPE: &str = "_harmony._tcp.local.";
+
+#[tokio::main]
+async fn main() {
+    env_logger::init();
+    let args = Args::parse();
+
+    match args.profile {
+        Profiles::Advertise => advertise::advertise().await,
+        Profiles::Discover => discover::discover().await,
+    }
+}

check.sh

@@ -1,5 +1,8 @@
 #!/bin/sh
 set -e
+
+rustc --version
 cargo check --all-targets --all-features --keep-going
 cargo fmt --check
+cargo clippy
 cargo test

data/okd/installer_image/scos-live-initramfs.x86_64.img

@@ -0,0 +1 @@
+scos-9.0.20250510-0-live-initramfs.x86_64.img

data/okd/installer_image/scos-live-kernel.x86_64

@@ -0,0 +1 @@
+scos-9.0.20250510-0-live-kernel.x86_64

data/okd/installer_image/scos-live-rootfs.x86_64.img

@@ -0,0 +1 @@
+scos-9.0.20250510-0-live-rootfs.x86_64.img

data/pxe/okd/README.md

@@ -0,0 +1,8 @@
+Here lies all the data files required for an OKD cluster PXE boot setup.
+
+This inclues ISO files, binary boot files, ipxe, etc.
+
+TODO as of august 2025 :
+
+- `harmony_inventory_agent` should be downloaded from official releases, this embedded version is practical for now though
+- The cluster ssh key should be generated and handled by harmony with the private key saved in a secret store

data/pxe/okd/http_files/.gitattributes

@@ -0,0 +1,9 @@
+harmony_inventory_agent filter=lfs diff=lfs merge=lfs -text
+os filter=lfs diff=lfs merge=lfs -text
+os/centos-stream-9 filter=lfs diff=lfs merge=lfs -text
+os/centos-stream-9/images filter=lfs diff=lfs merge=lfs -text
+os/centos-stream-9/initrd.img filter=lfs diff=lfs merge=lfs -text
+os/centos-stream-9/vmlinuz filter=lfs diff=lfs merge=lfs -text
+os/centos-stream-9/images/efiboot.img filter=lfs diff=lfs merge=lfs -text
+os/centos-stream-9/images/install.img filter=lfs diff=lfs merge=lfs -text
+os/centos-stream-9/images/pxeboot filter=lfs diff=lfs merge=lfs -text

data/pxe/okd/http_files/cluster_ssh_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBx6bDylvC68cVpjKfEFtLQJ/dOFi6PVS2vsIOqPDJIc jeangab@liliane2

demos/cncf-k8s-quebec-meetup-september-2025/storyline.md

@@ -0,0 +1,132 @@
+# Harmony, Orchestrateur d'infrastructure open-source
+
+**Target Duration:** 25 minutes\
+**Tone:** Friendly, expert-to-expert, inspiring.
+
+---
+
+#### **Slide 1: Title Slide**
+
+- **Visual:** Clean and simple. Your company logo (NationTech) and the Harmony logo.
+
+---
+
+#### **Slide 2: The YAML Labyrinth**
+
+**Goal:** Get every head in the room nodding in agreement. Start with their world, not yours.
+
+- **Visual:**
+  - Option A: "The Pull Request from Hell". A screenshot of a GitHub pull request for a seemingly minor change that touches dozens of YAML files across multiple directories. A sea of red and green diffs that is visually overwhelming.
+  - Option B: A complex flowchart connecting dozens of logos: Terraform, Ansible, K8s, Helm, etc.
+- **Narration:**\
+  [...ADD SOMETHING FOR INTRODUCTION...]\
+  "We love the power that tools like Kubernetes and the CNCF landscape have given us. But let's be honest... when did our infrastructure code start looking like _this_?"\
+  "We have GitOps, which is great. But it often means we're managing this fragile cathedral of YAML, Helm charts, and brittle scripts. We spend more time debugging indentation and tracing variables than we do building truly resilient systems."
+
+---
+
+#### **Slide 3: The Real Cost of Infrastructure**
+
+- **Visual:** "The Jenga Tower of Tools". A tall, precarious Jenga tower where each block is the logo of a different tool (Terraform, K8s, Helm, Ansible, Prometheus, ArgoCD, etc.). One block near the bottom is being nervously pulled out.
+- **Narration:**
+  "The real cost isn't just complexity; it's the constant need to choose, learn, integrate, and operate a dozen different tools, each with its own syntax and failure modes. It's the nagging fear that a tiny typo in a config file could bring everything down. Click-ops isn't the answer, but the current state of IaC feels like we've traded one problem for another."
+
+---
+
+#### **Slide 4: The Broken Promise of "Code"**
+
+**Goal:** Introduce the core idea before introducing the product. This makes the solution feel inevitable.
+
+- **(Initial Visual):** A two-panel slide.
+  - **Left Panel Title: "The Plan"** - A terminal showing a green, successful `terraform plan` output.
+  - **Right Panel Title: "The Reality"** - The _next_ screen in the terminal, showing the `terraform apply` failing with a cascade of red error text.
+- **Narration:**
+  "We call our discipline **Infrastructure as Code**. And we've all been here. Our 'compiler' is a `terraform plan` that says everything looks perfect. We get the green light."
+  (Pause for a beat)
+  "And then we `apply`, and reality hits. It fails halfway through, at runtime, when it's most expensive and painful to fix."
+
+**(Click to transition the slide)**
+
+- **(New Visual):** The entire slide is replaced by a clean screenshot of a code editor (like nvim 😉) showing Harmony's Rust DSL. A red squiggly line is under a config line. The error message is clear in the "Problems" panel: `error: Incompatible deployment. Production target 'gcp-prod-cluster' requires a StorageClass with 'snapshots' capability, but 'standard-sc' does not provide it.`
+- **Narration (continued):**
+  "In software development, we solved these problems years ago. We don't accept 'it compiled, but crashed on startup'. We have real tools, type systems, compilers, test frameworks, and IDEs that catch our mistakes before they ever reach production. **So, what if we could treat our entire infrastructure... like a modern, compiled application?**"
+  "What if your infrastructure code could get compile-time checks, straight into the editor... instead of runtime panics and failures at 3 AM in production?"
+
+---
+
+#### **Slide 5: Introducing Harmony**
+
+**Goal:** Introduce Harmony as the answer to the "What If?" question.
+
+- **Visual:** The Harmony logo, large and centered.
+- **Tagline:** `Infrastructure in type-safe Rust. No YAML required.`
+- **Narration:**
+  "This is Harmony. It's an open-source orchestrator that lets you define your entire stack — from a dev laptop to a multi-site bare-metal cluster—in a single, type-safe Rust codebase."
+
+---
+
+#### **Slide 6: Before & After**
+
+- **Visual:** A side-by-side comparison. Left side: A screen full of complex, nested YAML. Right side: 10-15 lines of clean, readable Harmony Rust DSL that accomplishes the same thing.
+- **Narration:**
+  "This is the difference. On the left, the fragile world of strings and templates. On the right, a portable, verifiable program that describes your apps, your infra, and your operations. We unify scaffolding, provisioning, and Day-2 ops, all verified by the Rust compiler. But enough slides... let's see it in action."
+
+---
+
+#### **Slide 7: Live Demo: Zero to Monitored App**
+
+**Goal:** Show, don't just tell. Make it look effortless. This is where you build the "dream."
+
+- **Visual:** Your terminal/IDE, ready to go.
+- **Narration Guide:**
+  "Okay, for this demo, we're going to take a standard web app from GitHub. Nothing special about it."
+  _(Show the repo)_
+  "Now, let's bring it into Harmony. This is the entire definition we need to describe the application and its needs."
+  _(Show the Rust DSL)_
+  "First, let's run it locally on k3d. The exact same definition for dev as for prod."
+  _(Deploy locally, show it works)_
+  "Cool. But a real app needs monitoring. In Harmony, that's just adding a feature to our code."
+  _(Uncomment one line: `.with_feature(Monitoring)` and redeploy)_
+  "And just like that, we have a fully configured Prometheus and Grafana stack, scraping our app. No YAML, no extra config."
+  "Finally, let's push this to our production staging cluster. We just change the target and specify our multi-site Ceph storage."
+  _(Deploy to the remote cluster)_
+  "And there it is. We've gone from a simple web app to a monitored, enterprise-grade service in minutes."
+
+---
+
+#### **Slide 8: Live Demo: Embracing Chaos**
+
+**Goal:** Prove the "predictable" and "resilient" claims in the most dramatic way possible.
+
+- **Visual:** A slide showing a map or diagram of your distributed infrastructure (the different data centers). Then switch back to your terminal.
+- **Narration Guide:**
+  "This is great when things are sunny. But production is chaos. So... let's break things. On purpose."
+  "First, a network failure." _(Kill a switch/link, show app is still up)_
+  "Now, let's power off a storage server." _(Force off a server, show Ceph healing and the app is unaffected)_
+  "How about a control plane node?" _(Force off a k8s control plane, show the cluster is still running)_
+  "Okay, for the grand finale. What if we have a cascading failure? I'm going to kill _another_ storage server. This should cause a total failure in this data center."
+  _(Force off the second server, narrate what's happening)_
+  "And there it is... Ceph has lost quorum in this site... and Harmony has automatically failed everything over to our other datacenter. The app is still running."
+
+---
+
+#### **Slide 9: The New Reality**
+
+**Goal:** Summarize the dream and tell the audience what you want them to do.
+
+- **Visual:** The clean, simple Harmony Rust DSL code from Slide 6. A summary of what was just accomplished is listed next to it: `✓ GitHub to Prod in minutes`, `✓ Type-Safe Validation`, `✓ Built-in Monitoring`, `✓ Automated Multi-Site Failover`.
+- **Narration:**
+  "So, in just a few minutes, we went from a simple web app to a multi-site, monitored, and chaos-proof production deployment. We did it with a small amount of code that is easy to read, easy to verify, and completely portable. This is our vision: to offload the complexity, and make infrastructure simple, predictable, and even fun again."
+
+---
+
+#### **Slide 10: Join Us**
+
+- **Visual:** A clean, final slide with QR codes and links.
+  - GitHub Repo (`github.com/nation-tech/harmony`)
+  - Website (`harmony.sh` or similar)
+  - Your contact info (`jg@nation.tech` / LinkedIn / Twitter)
+- **Narration:**
+  "Harmony is open-source, AGPLv3. We believe this is the future, but we're just getting started. We know this crowd has great infrastructure minds out there, and we need your feedback. Please, check out the project on GitHub. Star it if you like what you see. Tell us what's missing. Let's build this future together. Thank you."
+
+**(Open for Q&A)**

docs/OKD_Host_preparation.md

@@ -0,0 +1,8 @@
+## Bios settings
+
+1. CSM : Disabled (compatibility support to boot gpt formatted drives)
+2. Secure boot : disabled
+3. Boot order :
+    1. Local Hard drive
+    2. PXE IPv4
+4. System clock, make sure it is adjusted, otherwise you will get invalid certificates error

docs/pxe_test/README.md

@@ -0,0 +1,108 @@
+# OPNsense PXE Lab Environment
+
+This project contains a script to automatically set up a virtual lab environment for testing PXE boot services managed by an OPNsense firewall.
+
+## Overview
+
+The `pxe_vm_lab_setup.sh` script will create the following resources using libvirt/KVM:
+
+1.  **A Virtual Network**: An isolated network named `harmonylan` (`virbr1`) for the lab.
+2.  **Two Virtual Machines**:
+    *   `opnsense-pxe`: A firewall VM that will act as the gateway and PXE server.
+    *   `pxe-node-1`: A client VM configured to boot from the network.
+
+## Prerequisites
+
+Ensure you have the following software installed on your Arch Linux host:
+
+*   `libvirt`
+*   `qemu`
+*   `virt-install` (from the `virt-install` package)
+*   `curl`
+*   `bzip2`
+
+## Usage
+
+### 1. Create the Environment
+
+Run the `up` command to download the necessary images and create the network and VMs.
+
+```bash
+sudo ./pxe_vm_lab_setup.sh up
+```
+
+### 2. Install and Configure OPNsense
+
+The OPNsense VM is created but the OS needs to be installed manually via the console.
+
+1.  **Connect to the VM console**:
+    ```bash
+    sudo virsh console opnsense-pxe
+    ```
+
+2.  **Log in as the installer**:
+    *   Username: `installer`
+    *   Password: `opnsense`
+
+3.  **Follow the on-screen installation wizard**. When prompted to assign network interfaces (`WAN` and `LAN`):
+    *   Find the MAC address for the `harmonylan` interface by running this command in another terminal:
+        ```bash
+        virsh domiflist opnsense-pxe
+        # Example output:
+        # Interface   Type      Source       Model    MAC
+        # ---------------------------------------------------------
+        # vnet18      network   default      virtio   52:54:00:b5:c4:6d
+        # vnet19      network   harmonylan   virtio   52:54:00:21:f9:ba
+        ```
+    *   Assign the interface connected to `harmonylan` (e.g., `vtnet1` with MAC `52:54:00:21:f9:ba`) as your **LAN**.
+    *   Assign the other interface as your **WAN**.
+
+4.  After the installation is complete, **shut down** the VM from the console menu.
+
+5.  **Detach the installation media** by editing the VM's configuration:
+    ```bash
+    sudo virsh edit opnsense-pxe
+    ```
+    Find and **delete** the entire `<disk>` block corresponding to the `.img` file (the one with `<target ... bus='usb'/>`).
+
+6.  **Start the VM** to boot into the newly installed system:
+    ```bash
+    sudo virsh start opnsense-pxe
+    ```
+
+### 3. Connect to OPNsense from Your Host
+
+To configure OPNsense, you need to connect your host to the `harmonylan` network.
+
+1.  By default, OPNsense configures its LAN interface with the IP `192.168.1.1`.
+2.  Assign a compatible IP address to your host's `virbr1` bridge interface:
+    ```bash
+    sudo ip addr add 192.168.1.5/24 dev virbr1
+    ```
+3.  You can now access the OPNsense VM from your host:
+    *   **SSH**: `ssh root@192.168.1.1` (password: `opnsense`)
+    *   **Web UI**: `https://192.168.1.1`
+
+### 4. Configure PXE Services with Harmony
+
+With connectivity established, you can now use Harmony to configure the OPNsense firewall for PXE booting. Point your Harmony OPNsense scores to the firewall using these details:
+
+*   **Hostname/IP**: `192.168.1.1`
+*   **Credentials**: `root` / `opnsense`
+
+### 5. Boot the PXE Client
+
+Once your Harmony configuration has been applied and OPNsense is serving DHCP/TFTP, start the client VM. It will automatically attempt to boot from the network.
+
+```bash
+sudo virsh start pxe-node-1
+sudo virsh console pxe-node-1
+```
+
+## Cleanup
+
+To destroy all VMs and networks created by the script, run the `clean` command:
+
+```bash
+sudo ./pxe_vm_lab_setup.sh clean
+```

docs/pxe_test/pxe_vm_lab_setup.sh

@@ -0,0 +1,191 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# --- Configuration ---
+LAB_DIR="/var/lib/harmony_pxe_test"
+IMG_DIR="${LAB_DIR}/images"
+STATE_DIR="${LAB_DIR}/state"
+VM_OPN="opnsense-pxe"
+VM_PXE="pxe-node-1"
+NET_HARMONYLAN="harmonylan"
+
+# Network settings for the isolated LAN
+VLAN_CIDR="192.168.150.0/24"
+VLAN_GW="192.168.150.1"
+VLAN_MASK="255.255.255.0"
+
+# VM Specifications
+RAM_OPN="2048"
+VCPUS_OPN="2"
+DISK_OPN_GB="10"
+OS_VARIANT_OPN="freebsd14.0" # Updated to a more recent FreeBSD variant
+
+RAM_PXE="4096"
+VCPUS_PXE="2"
+DISK_PXE_GB="40"
+OS_VARIANT_LINUX="centos-stream9"
+
+OPN_IMG_URL="https://mirror.ams1.nl.leaseweb.net/opnsense/releases/25.7/OPNsense-25.7-serial-amd64.img.bz2"
+OPN_IMG_PATH="${IMG_DIR}/OPNsense-25.7-serial-amd64.img"
+CENTOS_ISO_URL="https://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/images/boot.iso"
+CENTOS_ISO_PATH="${IMG_DIR}/CentOS-Stream-9-latest-boot.iso"
+
+CONNECT_URI="qemu:///system"
+
+download_if_missing() {
+  local url="$1"
+  local dest="$2"
+  if [[ ! -f "$dest" ]]; then
+    echo "Downloading $url to $dest"
+    mkdir -p "$(dirname "$dest")"
+    local tmp
+    tmp="$(mktemp)"
+    curl -L --progress-bar "$url" -o "$tmp"
+    case "$url" in
+      *.bz2) bunzip2 -c "$tmp" > "$dest" && rm -f "$tmp" ;;
+      *) mv "$tmp" "$dest" ;;
+    esac
+  else
+    echo "Already present: $dest"
+  fi
+}
+
+# Ensures a libvirt network is defined and active
+ensure_network() {
+  local net_name="$1"
+  local net_xml_path="$2"
+  if virsh --connect "${CONNECT_URI}" net-info "${net_name}" >/dev/null 2>&1; then
+    echo "Network ${net_name} already exists."
+  else
+    echo "Defining network ${net_name} from ${net_xml_path}"
+    virsh --connect "${CONNECT_URI}" net-define "${net_xml_path}"
+  fi
+
+  if ! virsh --connect "${CONNECT_URI}" net-info "${net_name}" | grep "Active: *yes"; then
+    echo "Starting network ${net_name}..."
+    virsh --connect "${CONNECT_URI}" net-start "${net_name}"
+    virsh --connect "${CONNECT_URI}" net-autostart "${net_name}"
+  fi
+}
+
+# Destroys a VM completely
+destroy_vm() {
+  local vm_name="$1"
+  if virsh --connect "${CONNECT_URI}" dominfo "$vm_name" >/dev/null 2>&1; then
+    echo "Destroying and undefining VM: ${vm_name}"
+    virsh --connect "${CONNECT_URI}" destroy "$vm_name" || true
+    virsh --connect "${CONNECT_URI}" undefine "$vm_name" --nvram
+  fi
+}
+
+# Destroys a libvirt network
+destroy_network() {
+  local net_name="$1"
+  if virsh --connect "${CONNECT_URI}" net-info "$net_name" >/dev/null 2>&1; then
+    echo "Destroying and undefining network: ${net_name}"
+    virsh --connect "${CONNECT_URI}" net-destroy "$net_name" || true
+    virsh --connect "${CONNECT_URI}" net-undefine "$net_name"
+  fi
+}
+
+# --- Main Logic ---
+create_lab_environment() {
+  # Create network definition files
+  cat > "${STATE_DIR}/default.xml" <<EOF
+<network>
+  <name>default</name>
+  <forward mode='nat'/>
+  <bridge name='virbr0' stp='on' delay='0'/>
+  <ip address='192.168.122.1' netmask='255.255.255.0'>
+    <dhcp>
+      <range start='192.168.122.100' end='192.168.122.200'/>
+    </dhcp>
+  </ip>
+</network>
+EOF
+
+  cat > "${STATE_DIR}/${NET_HARMONYLAN}.xml" <<EOF
+<network>
+  <name>${NET_HARMONYLAN}</name>
+  <bridge name='virbr1' stp='on' delay='0'/>
+</network>
+EOF
+
+  # Ensure both networks exist and are active
+  ensure_network "default" "${STATE_DIR}/default.xml"
+  ensure_network "${NET_HARMONYLAN}" "${STATE_DIR}/${NET_HARMONYLAN}.xml"
+
+  # --- Create OPNsense VM (MODIFIED SECTION) ---
+  local disk_opn="${IMG_DIR}/${VM_OPN}.qcow2"
+  if [[ ! -f "$disk_opn" ]]; then
+    qemu-img create -f qcow2 "$disk_opn" "${DISK_OPN_GB}G"
+  fi
+
+  echo "Creating OPNsense VM using serial image..."
+  virt-install \
+    --connect "${CONNECT_URI}" \
+    --name "${VM_OPN}" \
+    --ram "${RAM_OPN}" \
+    --vcpus "${VCPUS_OPN}" \
+    --cpu host-passthrough \
+    --os-variant "${OS_VARIANT_OPN}" \
+    --graphics none \
+    --noautoconsole \
+    --disk path="${disk_opn}",device=disk,bus=virtio,boot.order=1 \
+    --disk path="${OPN_IMG_PATH}",device=disk,bus=usb,readonly=on,boot.order=2 \
+    --network network=default,model=virtio \
+    --network network="${NET_HARMONYLAN}",model=virtio \
+    --boot uefi,menu=on
+
+  echo "OPNsense VM created. Connect with: sudo virsh console ${VM_OPN}"
+  echo "The VM will boot from the serial installation image."
+  echo "Login with user 'installer' and password 'opnsense' to start the installation."
+  echo "Install onto the VirtIO disk (vtbd0)."
+  echo "After installation, shutdown the VM, then run 'sudo virsh edit ${VM_OPN}' and remove the USB disk block to boot from the installed system."
+
+  # --- Create PXE Client VM ---
+  local disk_pxe="${IMG_DIR}/${VM_PXE}.qcow2"
+  if [[ ! -f "$disk_pxe" ]]; then
+    qemu-img create -f qcow2 "$disk_pxe" "${DISK_PXE_GB}G"
+  fi
+
+  echo "Creating PXE client VM..."
+  virt-install \
+    --connect "${CONNECT_URI}" \
+    --name "${VM_PXE}" \
+    --ram "${RAM_PXE}" \
+    --vcpus "${VCPUS_PXE}" \
+    --cpu host-passthrough \
+    --os-variant "${OS_VARIANT_LINUX}" \
+    --graphics none \
+    --noautoconsole \
+    --disk path="${disk_pxe}",format=qcow2,bus=virtio \
+    --network network="${NET_HARMONYLAN}",model=virtio \
+    --pxe \
+    --boot uefi,menu=on
+
+  echo "PXE VM created. It will attempt to netboot on ${NET_HARMONYLAN}."
+}
+
+# --- Script Entrypoint ---
+case "${1:-}" in
+  up)
+    mkdir -p "${IMG_DIR}" "${STATE_DIR}"
+    download_if_missing "$OPN_IMG_URL" "$OPN_IMG_PATH"
+    download_if_missing "$CENTOS_ISO_URL" "$CENTOS_ISO_PATH"
+    create_lab_environment
+    echo "Lab setup complete. Use 'sudo virsh list --all' to see VMs."
+    ;;
+  clean)
+    destroy_vm "${VM_PXE}"
+    destroy_vm "${VM_OPN}"
+    destroy_network "${NET_HARMONYLAN}"
+    # Optionally destroy the default network if you want a full reset
+    # destroy_network "default"
+    echo "Cleanup complete."
+    ;;
+  *)
+    echo "Usage: sudo $0 {up|clean}"
+    exit 1
+    ;;
+esac

examples/application_monitoring_with_tenant/Cargo.toml

@@ -0,0 +1,15 @@
+[package]
+name = "example-application-monitoring-with-tenant"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+env_logger.workspace = true
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+logging = "0.1.0"
+tokio.workspace = true
+url.workspace = true

examples/application_monitoring_with_tenant/src/main.rs

@@ -0,0 +1,57 @@
+use std::{path::PathBuf, str::FromStr, sync::Arc};
+
+use harmony::{
+    inventory::Inventory,
+    modules::{
+        application::{ApplicationScore, RustWebFramework, RustWebapp, features::Monitoring},
+        monitoring::alert_channel::webhook_receiver::WebhookReceiver,
+        tenant::TenantScore,
+    },
+    topology::{K8sAnywhereTopology, tenant::TenantConfig},
+};
+use harmony_types::id::Id;
+use harmony_types::net::Url;
+
+#[tokio::main]
+async fn main() {
+    //TODO there is a bug where the application is deployed into the namespace matching the
+    //application name and the tenant is created in the namesapce matching the tenant name
+    //in order for the application to be deployed in the tenant namespace the application.name and
+    //the TenantConfig.name must match
+    let tenant = TenantScore {
+        config: TenantConfig {
+            id: Id::from_str("test-tenant-id").unwrap(),
+            name: "example-monitoring".to_string(),
+            ..Default::default()
+        },
+    };
+    let application = Arc::new(RustWebapp {
+        name: "example-monitoring".to_string(),
+        domain: Url::Url(url::Url::parse("https://rustapp.harmony.example.com").unwrap()),
+        project_root: PathBuf::from("./examples/rust/webapp"),
+        framework: Some(RustWebFramework::Leptos),
+        service_port: 3000,
+    });
+
+    let webhook_receiver = WebhookReceiver {
+        name: "sample-webhook-receiver".to_string(),
+        url: Url::Url(url::Url::parse("https://webhook-doesnt-exist.com").unwrap()),
+    };
+
+    let app = ApplicationScore {
+        features: vec![Box::new(Monitoring {
+            alert_receiver: vec![Box::new(webhook_receiver)],
+            application: application.clone(),
+        })],
+        application,
+    };
+
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(tenant), Box::new(app)],
+        None,
+    )
+    .await
+    .unwrap();
+}

examples/cli/src/main.rs

@@ -1,20 +1,27 @@
 use harmony::{
     inventory::Inventory,
-    maestro::Maestro,
-    modules::dummy::{ErrorScore, PanicScore, SuccessScore},
+    modules::{
+        dummy::{ErrorScore, PanicScore, SuccessScore},
+        inventory::LaunchDiscoverInventoryAgentScore,
+    },
     topology::LocalhostTopology,
 };
 
 #[tokio::main]
 async fn main() {
-    let inventory = Inventory::autoload();
-    let topology = LocalhostTopology::new();
-    let mut maestro = Maestro::initialize(inventory, topology).await.unwrap();
-
-    maestro.register_all(vec![
-        Box::new(SuccessScore {}),
-        Box::new(ErrorScore {}),
-        Box::new(PanicScore {}),
-    ]);
-    harmony_cli::init(maestro, None).await.unwrap();
+    harmony_cli::run(
+        Inventory::autoload(),
+        LocalhostTopology::new(),
+        vec![
+            Box::new(SuccessScore {}),
+            Box::new(ErrorScore {}),
+            Box::new(PanicScore {}),
+            Box::new(LaunchDiscoverInventoryAgentScore {
+                discovery_timeout: Some(10),
+            }),
+        ],
+        None,
+    )
+    .await
+    .unwrap();
 }

examples/kube-rs/Cargo.toml

@@ -14,8 +14,8 @@ harmony_macros = { path = "../../harmony_macros" }
 log = { workspace = true }
 env_logger = { workspace = true }
 url = { workspace = true }
-kube = "0.98.0"
-k8s-openapi = { version = "0.24.0", features = [ "v1_30" ] }
+kube = "1.1.0"
+k8s-openapi = { version = "0.25.0", features = ["v1_30"] }
 http = "1.2.0"
 serde_yaml = "0.9.34"
 inquire.workspace = true

examples/kube-rs/src/main.rs

@@ -125,40 +125,47 @@ spec:
                   name: nginx"#,
     )
     .unwrap();
-    return deployment;
+    deployment
 }
 fn nginx_deployment_2() -> Deployment {
-    let mut pod_template = PodTemplateSpec::default();
-    pod_template.metadata = Some(ObjectMeta {
-        labels: Some(BTreeMap::from([(
-            "app".to_string(),
-            "nginx-test".to_string(),
-        )])),
-        ..Default::default()
-    });
-    pod_template.spec = Some(PodSpec {
-        containers: vec![Container {
-            name: "nginx".to_string(),
-            image: Some("nginx".to_string()),
+    let pod_template = PodTemplateSpec {
+        metadata: Some(ObjectMeta {
+            labels: Some(BTreeMap::from([(
+                "app".to_string(),
+                "nginx-test".to_string(),
+            )])),
             ..Default::default()
-        }],
-        ..Default::default()
-    });
-    let mut spec = DeploymentSpec::default();
-    spec.template = pod_template;
-    spec.selector = LabelSelector {
-        match_expressions: None,
-        match_labels: Some(BTreeMap::from([(
-            "app".to_string(),
-            "nginx-test".to_string(),
-        )])),
+        }),
+        spec: Some(PodSpec {
+            containers: vec![Container {
+                name: "nginx".to_string(),
+                image: Some("nginx".to_string()),
+                ..Default::default()
+            }],
+            ..Default::default()
+        }),
     };
 
-    let mut deployment = Deployment::default();
-    deployment.spec = Some(spec);
-    deployment.metadata.name = Some("nginx-test".to_string());
+    let spec = DeploymentSpec {
+        template: pod_template,
+        selector: LabelSelector {
+            match_expressions: None,
+            match_labels: Some(BTreeMap::from([(
+                "app".to_string(),
+                "nginx-test".to_string(),
+            )])),
+        },
+        ..Default::default()
+    };
 
-    deployment
+    Deployment {
+        spec: Some(spec),
+        metadata: ObjectMeta {
+            name: Some("nginx-test".to_string()),
+            ..Default::default()
+        },
+        ..Default::default()
+    }
 }
 
 fn nginx_deployment() -> Deployment {

examples/lamp/src/main.rs

@@ -1,10 +1,10 @@
 use harmony::{
     data::Version,
     inventory::Inventory,
-    maestro::Maestro,
     modules::lamp::{LAMPConfig, LAMPScore},
-    topology::{K8sAnywhereTopology, Url},
+    topology::K8sAnywhereTopology,
 };
+use harmony_types::net::Url;
 
 #[tokio::main]
 async fn main() {
@@ -24,7 +24,7 @@ async fn main() {
         // This config can be extended as needed for more complicated configurations
         config: LAMPConfig {
             project_root: "./php".into(),
-            database_size: format!("4Gi").into(),
+            database_size: "4Gi".to_string().into(),
             ..Default::default()
         },
     };
@@ -43,15 +43,13 @@ async fn main() {
     // K8sAnywhereTopology as it is the most automatic one that enables you to easily deploy
     // locally, to development environment from a CI, to staging, and to production with settings
     // that automatically adapt to each environment grade.
-    let mut maestro = Maestro::<K8sAnywhereTopology>::initialize(
+    harmony_cli::run(
         Inventory::autoload(),
         K8sAnywhereTopology::from_env(),
+        vec![Box::new(lamp_stack)],
+        None,
     )
     .await
     .unwrap();
-
-    maestro.register_all(vec![Box::new(lamp_stack)]);
-    // Here we bootstrap the CLI, this gives some nice features if you need them
-    harmony_cli::init(maestro, None).await.unwrap();
 }
 // That's it, end of the infra as code.

examples/monitoring/Cargo.toml

@@ -6,7 +6,9 @@ readme.workspace = true
 license.workspace = true
 
 [dependencies]
-harmony = { version = "0.1.0", path = "../../harmony" }
-harmony_cli = { version = "0.1.0", path = "../../harmony_cli" }
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_macros = { path = "../../harmony_macros" }
+harmony_types = { path = "../../harmony_types" }
 tokio.workspace = true
 url.workspace = true

examples/monitoring/src/main.rs

@@ -1,11 +1,18 @@
+use std::collections::HashMap;
+
 use harmony::{
     inventory::Inventory,
-    maestro::Maestro,
     modules::{
         monitoring::{
             alert_channel::discord_alert_channel::DiscordWebhook,
             alert_rule::prometheus_alert_rule::AlertManagerRuleGroup,
-            kube_prometheus::helm_prometheus_alert_score::HelmPrometheusAlertingScore,
+            kube_prometheus::{
+                helm_prometheus_alert_score::HelmPrometheusAlertingScore,
+                types::{
+                    HTTPScheme, MatchExpression, Operator, Selector, ServiceMonitor,
+                    ServiceMonitorEndpoint,
+                },
+            },
         },
         prometheus::alerts::{
             infra::dell_server::{
@@ -15,8 +22,9 @@ use harmony::{
             k8s::pvc::high_pvc_fill_rate_over_two_days,
         },
     },
-    topology::{K8sAnywhereTopology, Url},
+    topology::K8sAnywhereTopology,
 };
+use harmony_types::net::Url;
 
 #[tokio::main]
 async fn main() {
@@ -41,17 +49,38 @@ async fn main() {
         ],
     );
 
+    let service_monitor_endpoint = ServiceMonitorEndpoint {
+        port: Some("80".to_string()),
+        path: Some("/metrics".to_string()),
+        scheme: Some(HTTPScheme::HTTP),
+        ..Default::default()
+    };
+
+    let service_monitor = ServiceMonitor {
+        name: "test-service-monitor".to_string(),
+        selector: Selector {
+            match_labels: HashMap::new(),
+            match_expressions: vec![MatchExpression {
+                key: "test".to_string(),
+                operator: Operator::In,
+                values: vec!["test-service".to_string()],
+            }],
+        },
+        endpoints: vec![service_monitor_endpoint],
+        ..Default::default()
+    };
     let alerting_score = HelmPrometheusAlertingScore {
         receivers: vec![Box::new(discord_receiver)],
         rules: vec![Box::new(additional_rules), Box::new(additional_rules2)],
+        service_monitors: vec![service_monitor],
     };
-    let mut maestro = Maestro::<K8sAnywhereTopology>::initialize(
+
+    harmony_cli::run(
         Inventory::autoload(),
         K8sAnywhereTopology::from_env(),
+        vec![Box::new(alerting_score)],
+        None,
     )
     .await
     .unwrap();
-
-    maestro.register_all(vec![Box::new(alerting_score)]);
-    harmony_cli::init(maestro, None).await.unwrap();
 }

examples/monitoring_with_tenant/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "example-monitoring-with-tenant"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+cidr.workspace = true
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+tokio.workspace = true
+url.workspace = true

examples/monitoring_with_tenant/src/main.rs

@@ -0,0 +1,90 @@
+use std::{collections::HashMap, str::FromStr};
+
+use harmony::{
+    inventory::Inventory,
+    modules::{
+        monitoring::{
+            alert_channel::discord_alert_channel::DiscordWebhook,
+            alert_rule::prometheus_alert_rule::AlertManagerRuleGroup,
+            kube_prometheus::{
+                helm_prometheus_alert_score::HelmPrometheusAlertingScore,
+                types::{
+                    HTTPScheme, MatchExpression, Operator, Selector, ServiceMonitor,
+                    ServiceMonitorEndpoint,
+                },
+            },
+        },
+        prometheus::alerts::k8s::pvc::high_pvc_fill_rate_over_two_days,
+        tenant::TenantScore,
+    },
+    topology::{
+        K8sAnywhereTopology,
+        tenant::{ResourceLimits, TenantConfig, TenantNetworkPolicy},
+    },
+};
+use harmony_types::id::Id;
+use harmony_types::net::Url;
+
+#[tokio::main]
+async fn main() {
+    let tenant = TenantScore {
+        config: TenantConfig {
+            id: Id::from_str("1234").unwrap(),
+            name: "test-tenant".to_string(),
+            resource_limits: ResourceLimits {
+                cpu_request_cores: 6.0,
+                cpu_limit_cores: 4.0,
+                memory_request_gb: 4.0,
+                memory_limit_gb: 4.0,
+                storage_total_gb: 10.0,
+            },
+            network_policy: TenantNetworkPolicy::default(),
+        },
+    };
+
+    let discord_receiver = DiscordWebhook {
+        name: "test-discord".to_string(),
+        url: Url::Url(url::Url::parse("https://discord.doesnt.exist.com").unwrap()),
+    };
+
+    let high_pvc_fill_rate_over_two_days_alert = high_pvc_fill_rate_over_two_days();
+
+    let additional_rules =
+        AlertManagerRuleGroup::new("pvc-alerts", vec![high_pvc_fill_rate_over_two_days_alert]);
+
+    let service_monitor_endpoint = ServiceMonitorEndpoint {
+        port: Some("80".to_string()),
+        path: Some("/metrics".to_string()),
+        scheme: Some(HTTPScheme::HTTP),
+        ..Default::default()
+    };
+
+    let service_monitor = ServiceMonitor {
+        name: "test-service-monitor".to_string(),
+        selector: Selector {
+            match_labels: HashMap::new(),
+            match_expressions: vec![MatchExpression {
+                key: "test".to_string(),
+                operator: Operator::In,
+                values: vec!["test-service".to_string()],
+            }],
+        },
+        endpoints: vec![service_monitor_endpoint],
+        ..Default::default()
+    };
+
+    let alerting_score = HelmPrometheusAlertingScore {
+        receivers: vec![Box::new(discord_receiver)],
+        rules: vec![Box::new(additional_rules)],
+        service_monitors: vec![service_monitor],
+    };
+
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(tenant), Box::new(alerting_score)],
+        None,
+    )
+    .await
+    .unwrap();
+}

examples/nanodc/Cargo.toml

@@ -13,6 +13,7 @@ harmony_types = { path = "../../harmony_types" }
 cidr = { workspace = true }
 tokio = { workspace = true }
 harmony_macros = { path = "../../harmony_macros" }
+harmony_secret = { path = "../../harmony_secret" }
 log = { workspace = true }
 env_logger = { workspace = true }
 url = { workspace = true }

examples/nanodc/src/main.rs

@@ -5,23 +5,25 @@ use std::{
 
 use cidr::Ipv4Cidr;
 use harmony::{
-    hardware::{FirewallGroup, HostCategory, Location, PhysicalHost, SwitchGroup},
+    config::secret::SshKeyPair,
+    data::{FileContent, FilePath},
+    hardware::{HostCategory, Location, PhysicalHost, SwitchGroup},
     infra::opnsense::OPNSenseManagementInterface,
     inventory::Inventory,
-    maestro::Maestro,
     modules::{
-        http::HttpScore,
-        ipxe::IpxeScore,
+        http::StaticFilesHttpScore,
         okd::{
             bootstrap_dhcp::OKDBootstrapDhcpScore,
             bootstrap_load_balancer::OKDBootstrapLoadBalancerScore, dhcp::OKDDhcpScore,
-            dns::OKDDnsScore,
+            dns::OKDDnsScore, ipxe::OKDIpxeScore,
         },
         tftp::TftpScore,
     },
-    topology::{LogicalHost, UnmanagedRouter, Url},
+    topology::{LogicalHost, UnmanagedRouter},
 };
 use harmony_macros::{ip, mac_address};
+use harmony_secret::SecretManager;
+use harmony_types::net::Url;
 
 #[tokio::main]
 async fn main() {
@@ -87,8 +89,7 @@ async fn main() {
     let inventory = Inventory {
         location: Location::new("I am mobile".to_string(), "earth".to_string()),
         switch: SwitchGroup::from([]),
-        firewall: FirewallGroup::from([PhysicalHost::empty(HostCategory::Firewall)
-            .management(Arc::new(OPNSenseManagementInterface::new()))]),
+        firewall_mgmt: Box::new(OPNSenseManagementInterface::new()),
         storage_host: vec![],
         worker_host: vec![
             PhysicalHost::empty(HostCategory::Server)
@@ -125,21 +126,43 @@ async fn main() {
     let load_balancer_score =
         harmony::modules::okd::load_balancer::OKDLoadBalancerScore::new(&topology);
 
+    let ssh_key = SecretManager::get_or_prompt::<SshKeyPair>().await.unwrap();
+
     let tftp_score = TftpScore::new(Url::LocalFolder("./data/watchguard/tftpboot".to_string()));
-    let http_score = HttpScore::new(Url::LocalFolder(
-        "./data/watchguard/pxe-http-files".to_string(),
-    ));
-    let ipxe_score = IpxeScore::new();
-    let mut maestro = Maestro::initialize(inventory, topology).await.unwrap();
-    maestro.register_all(vec![
-        Box::new(dns_score),
-        Box::new(bootstrap_dhcp_score),
-        Box::new(bootstrap_load_balancer_score),
-        Box::new(load_balancer_score),
-        Box::new(tftp_score),
-        Box::new(http_score),
-        Box::new(ipxe_score),
-        Box::new(dhcp_score),
-    ]);
-    harmony_tui::init(maestro).await.unwrap();
+    let http_score = StaticFilesHttpScore {
+        folder_to_serve: Some(Url::LocalFolder(
+            "./data/watchguard/pxe-http-files".to_string(),
+        )),
+        files: vec![],
+        remote_path: None,
+    };
+
+    let kickstart_filename = "inventory.kickstart".to_string();
+    let harmony_inventory_agent = "harmony_inventory_agent".to_string();
+
+    let ipxe_score = OKDIpxeScore {
+        kickstart_filename,
+        harmony_inventory_agent,
+        cluster_pubkey: FileContent {
+            path: FilePath::Relative("cluster_ssh_key.pub".to_string()),
+            content: ssh_key.public,
+        },
+    };
+
+    harmony_tui::run(
+        inventory,
+        topology,
+        vec![
+            Box::new(dns_score),
+            Box::new(bootstrap_dhcp_score),
+            Box::new(bootstrap_load_balancer_score),
+            Box::new(load_balancer_score),
+            Box::new(tftp_score),
+            Box::new(http_score),
+            Box::new(ipxe_score),
+            Box::new(dhcp_score),
+        ],
+    )
+    .await
+    .unwrap();
 }

examples/ntfy/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "example-ntfy"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+harmony = { version = "0.1.0", path = "../../harmony" }
+harmony_cli = { version = "0.1.0", path = "../../harmony_cli" }
+tokio.workspace = true
+url.workspace = true

examples/ntfy/src/main.rs

@@ -0,0 +1,18 @@
+use harmony::{
+    inventory::Inventory, modules::monitoring::ntfy::ntfy::NtfyScore, topology::K8sAnywhereTopology,
+};
+
+#[tokio::main]
+async fn main() {
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(NtfyScore {
+            namespace: "monitoring".to_string(),
+            host: "localhost".to_string(),
+        })],
+        None,
+    )
+    .await
+    .unwrap();
+}

examples/okd_installation/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "example-okd-install"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+publish = false
+
+[dependencies]
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+harmony_secret = { path = "../../harmony_secret" }
+harmony_secret_derive = { path = "../../harmony_secret_derive" }
+cidr = { workspace = true }
+tokio = { workspace = true }
+harmony_macros = { path = "../../harmony_macros" }
+log = { workspace = true }
+env_logger = { workspace = true }
+url = { workspace = true }
+serde.workspace = true

examples/okd_installation/env.sh

@@ -0,0 +1,4 @@
+export HARMONY_SECRET_NAMESPACE=example-vms
+export HARMONY_SECRET_STORE=file
+export HARMONY_DATABASE_URL=sqlite://harmony_vms.sqlite RUST_LOG=info 
+export RUST_LOG=info

examples/okd_installation/src/main.rs

@@ -0,0 +1,34 @@
+mod topology;
+
+use crate::topology::{get_inventory, get_topology};
+use harmony::{
+    config::secret::SshKeyPair,
+    data::{FileContent, FilePath},
+    modules::okd::{installation::OKDInstallationPipeline, ipxe::OKDIpxeScore},
+    score::Score,
+    topology::HAClusterTopology,
+};
+use harmony_secret::SecretManager;
+
+#[tokio::main]
+async fn main() {
+    let inventory = get_inventory();
+    let topology = get_topology().await;
+
+    let ssh_key = SecretManager::get_or_prompt::<SshKeyPair>().await.unwrap();
+
+    let mut scores: Vec<Box<dyn Score<HAClusterTopology>>> = vec![Box::new(OKDIpxeScore {
+        kickstart_filename: "inventory.kickstart".to_string(),
+        harmony_inventory_agent: "harmony_inventory_agent".to_string(),
+        cluster_pubkey: FileContent {
+            path: FilePath::Relative("cluster_ssh_key.pub".to_string()),
+            content: ssh_key.public,
+        },
+    })];
+
+    scores.append(&mut OKDInstallationPipeline::get_all_scores().await);
+
+    harmony_cli::run(inventory, topology, scores, None)
+        .await
+        .unwrap();
+}

examples/okd_installation/src/topology.rs

@@ -0,0 +1,77 @@
+use cidr::Ipv4Cidr;
+use harmony::{
+    hardware::{FirewallGroup, HostCategory, Location, PhysicalHost, SwitchGroup},
+    infra::opnsense::OPNSenseManagementInterface,
+    inventory::Inventory,
+    topology::{HAClusterTopology, LogicalHost, UnmanagedRouter},
+};
+use harmony_macros::{ip, ipv4};
+use harmony_secret::{Secret, SecretManager};
+use serde::{Deserialize, Serialize};
+use std::{net::IpAddr, sync::Arc};
+
+#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)]
+struct OPNSenseFirewallConfig {
+    username: String,
+    password: String,
+}
+
+pub async fn get_topology() -> HAClusterTopology {
+    let firewall = harmony::topology::LogicalHost {
+        ip: ip!("192.168.1.1"),
+        name: String::from("opnsense-1"),
+    };
+
+    let config = SecretManager::get_or_prompt::<OPNSenseFirewallConfig>().await;
+    let config = config.unwrap();
+
+    let opnsense = Arc::new(
+        harmony::infra::opnsense::OPNSenseFirewall::new(
+            firewall,
+            None,
+            &config.username,
+            &config.password,
+        )
+        .await,
+    );
+    let lan_subnet = ipv4!("192.168.1.0");
+    let gateway_ipv4 = ipv4!("192.168.1.1");
+    let gateway_ip = IpAddr::V4(gateway_ipv4);
+    harmony::topology::HAClusterTopology {
+        domain_name: "demo.harmony.mcd".to_string(),
+        router: Arc::new(UnmanagedRouter::new(
+            gateway_ip,
+            Ipv4Cidr::new(lan_subnet, 24).unwrap(),
+        )),
+        load_balancer: opnsense.clone(),
+        firewall: opnsense.clone(),
+        tftp_server: opnsense.clone(),
+        http_server: opnsense.clone(),
+        dhcp_server: opnsense.clone(),
+        dns_server: opnsense.clone(),
+        control_plane: vec![LogicalHost {
+            ip: ip!("192.168.1.20"),
+            name: "master".to_string(),
+        }],
+        bootstrap_host: LogicalHost {
+            ip: ip!("192.168.1.10"),
+            name: "bootstrap".to_string(),
+        },
+        workers: vec![],
+        switch: vec![],
+    }
+}
+
+pub fn get_inventory() -> Inventory {
+    Inventory {
+        location: Location::new(
+            "Some virtual machine or maybe a physical machine if you're cool".to_string(),
+            "testopnsense".to_string(),
+        ),
+        switch: SwitchGroup::from([]),
+        firewall_mgmt: Box::new(OPNSenseManagementInterface::new()),
+        storage_host: vec![],
+        worker_host: vec![],
+        control_plane_host: vec![],
+    }
+}

examples/okd_installation/ssh_example_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAcemw8pbwuvHFaYynxBbS0Cf3ThYuj1Utr7CDqjwySHAAAAJikacCNpGnA
+jQAAAAtzc2gtZWQyNTUxOQAAACAcemw8pbwuvHFaYynxBbS0Cf3ThYuj1Utr7CDqjwySHA
+AAAECiiKk4V6Q5cVs6axDM4sjAzZn/QCZLQekmYQXS9XbEYxx6bDylvC68cVpjKfEFtLQJ
+/dOFi6PVS2vsIOqPDJIcAAAAEGplYW5nYWJAbGlsaWFuZTIBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

examples/okd_installation/ssh_example_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBx6bDylvC68cVpjKfEFtLQJ/dOFi6PVS2vsIOqPDJIc jeangab@liliane2

examples/okd_pxe/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "example-pxe"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+publish = false
+
+[dependencies]
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+harmony_secret = { path = "../../harmony_secret" }
+harmony_secret_derive = { path = "../../harmony_secret_derive" }
+cidr = { workspace = true }
+tokio = { workspace = true }
+harmony_macros = { path = "../../harmony_macros" }
+log = { workspace = true }
+env_logger = { workspace = true }
+url = { workspace = true }
+serde.workspace = true

examples/okd_pxe/src/main.rs

@@ -0,0 +1,32 @@
+mod topology;
+
+use crate::topology::{get_inventory, get_topology};
+use harmony::{
+    config::secret::SshKeyPair,
+    data::{FileContent, FilePath},
+    modules::okd::ipxe::OKDIpxeScore,
+};
+use harmony_secret::SecretManager;
+
+#[tokio::main]
+async fn main() {
+    let inventory = get_inventory();
+    let topology = get_topology().await;
+
+    let kickstart_filename = "inventory.kickstart".to_string();
+    let harmony_inventory_agent = "harmony_inventory_agent".to_string();
+    let ssh_key = SecretManager::get_or_prompt::<SshKeyPair>().await.unwrap();
+
+    let ipxe_score = OKDIpxeScore {
+        kickstart_filename,
+        harmony_inventory_agent,
+        cluster_pubkey: FileContent {
+            path: FilePath::Relative("cluster_ssh_key.pub".to_string()),
+            content: ssh_key.public,
+        },
+    };
+
+    harmony_cli::run(inventory, topology, vec![Box::new(ipxe_score)], None)
+        .await
+        .unwrap();
+}

examples/okd_pxe/src/topology.rs

@@ -0,0 +1,71 @@
+use cidr::Ipv4Cidr;
+use harmony::{
+    config::secret::OPNSenseFirewallCredentials,
+    hardware::{Location, SwitchGroup},
+    infra::opnsense::OPNSenseManagementInterface,
+    inventory::Inventory,
+    topology::{HAClusterTopology, LogicalHost, UnmanagedRouter},
+};
+use harmony_macros::{ip, ipv4};
+use harmony_secret::SecretManager;
+use std::{net::IpAddr, sync::Arc};
+
+pub async fn get_topology() -> HAClusterTopology {
+    let firewall = harmony::topology::LogicalHost {
+        ip: ip!("192.168.1.1"),
+        name: String::from("opnsense-1"),
+    };
+
+    let config = SecretManager::get_or_prompt::<OPNSenseFirewallCredentials>().await;
+    let config = config.unwrap();
+
+    let opnsense = Arc::new(
+        harmony::infra::opnsense::OPNSenseFirewall::new(
+            firewall,
+            None,
+            &config.username,
+            &config.password,
+        )
+        .await,
+    );
+    let lan_subnet = ipv4!("192.168.1.0");
+    let gateway_ipv4 = ipv4!("192.168.1.1");
+    let gateway_ip = IpAddr::V4(gateway_ipv4);
+    harmony::topology::HAClusterTopology {
+        domain_name: "demo.harmony.mcd".to_string(),
+        router: Arc::new(UnmanagedRouter::new(
+            gateway_ip,
+            Ipv4Cidr::new(lan_subnet, 24).unwrap(),
+        )),
+        load_balancer: opnsense.clone(),
+        firewall: opnsense.clone(),
+        tftp_server: opnsense.clone(),
+        http_server: opnsense.clone(),
+        dhcp_server: opnsense.clone(),
+        dns_server: opnsense.clone(),
+        control_plane: vec![LogicalHost {
+            ip: ip!("10.100.8.20"),
+            name: "cp0".to_string(),
+        }],
+        bootstrap_host: LogicalHost {
+            ip: ip!("10.100.8.20"),
+            name: "cp0".to_string(),
+        },
+        workers: vec![],
+        switch: vec![],
+    }
+}
+
+pub fn get_inventory() -> Inventory {
+    Inventory {
+        location: Location::new(
+            "Some virtual machine or maybe a physical machine if you're cool".to_string(),
+            "testopnsense".to_string(),
+        ),
+        switch: SwitchGroup::from([]),
+        firewall_mgmt: Box::new(OPNSenseManagementInterface::new()),
+        storage_host: vec![],
+        worker_host: vec![],
+        control_plane_host: vec![],
+    }
+}

examples/okd_pxe/ssh_example_key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAcemw8pbwuvHFaYynxBbS0Cf3ThYuj1Utr7CDqjwySHAAAAJikacCNpGnA
+jQAAAAtzc2gtZWQyNTUxOQAAACAcemw8pbwuvHFaYynxBbS0Cf3ThYuj1Utr7CDqjwySHA
+AAAECiiKk4V6Q5cVs6axDM4sjAzZn/QCZLQekmYQXS9XbEYxx6bDylvC68cVpjKfEFtLQJ
+/dOFi6PVS2vsIOqPDJIcAAAAEGplYW5nYWJAbGlsaWFuZTIBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

examples/okd_pxe/ssh_example_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBx6bDylvC68cVpjKfEFtLQJ/dOFi6PVS2vsIOqPDJIc jeangab@liliane2

examples/opnsense/src/main.rs

@@ -5,20 +5,20 @@ use std::{
 
 use cidr::Ipv4Cidr;
 use harmony::{
-    hardware::{FirewallGroup, HostCategory, Location, PhysicalHost, SwitchGroup},
+    hardware::{HostCategory, Location, PhysicalHost, SwitchGroup},
     infra::opnsense::OPNSenseManagementInterface,
     inventory::Inventory,
-    maestro::Maestro,
     modules::{
         dummy::{ErrorScore, PanicScore, SuccessScore},
-        http::HttpScore,
+        http::StaticFilesHttpScore,
         okd::{dhcp::OKDDhcpScore, dns::OKDDnsScore, load_balancer::OKDLoadBalancerScore},
         opnsense::OPNsenseShellCommandScore,
         tftp::TftpScore,
     },
-    topology::{LogicalHost, UnmanagedRouter, Url},
+    topology::{LogicalHost, UnmanagedRouter},
 };
 use harmony_macros::{ip, mac_address};
+use harmony_types::net::Url;
 
 #[tokio::main]
 async fn main() {
@@ -63,8 +63,7 @@ async fn main() {
             "wk".to_string(),
         ),
         switch: SwitchGroup::from([]),
-        firewall: FirewallGroup::from([PhysicalHost::empty(HostCategory::Firewall)
-            .management(Arc::new(OPNSenseManagementInterface::new()))]),
+        firewall_mgmt: Box::new(OPNSenseManagementInterface::new()),
         storage_host: vec![],
         worker_host: vec![],
         control_plane_host: vec![
@@ -81,23 +80,32 @@ async fn main() {
     let load_balancer_score = OKDLoadBalancerScore::new(&topology);
 
     let tftp_score = TftpScore::new(Url::LocalFolder("./data/watchguard/tftpboot".to_string()));
-    let http_score = HttpScore::new(Url::LocalFolder(
-        "./data/watchguard/pxe-http-files".to_string(),
-    ));
-    let mut maestro = Maestro::initialize(inventory, topology).await.unwrap();
-    maestro.register_all(vec![
-        Box::new(dns_score),
-        Box::new(dhcp_score),
-        Box::new(load_balancer_score),
-        Box::new(tftp_score),
-        Box::new(http_score),
-        Box::new(OPNsenseShellCommandScore {
-            opnsense: opnsense.get_opnsense_config(),
-            command: "touch /tmp/helloharmonytouching".to_string(),
-        }),
-        Box::new(SuccessScore {}),
-        Box::new(ErrorScore {}),
-        Box::new(PanicScore {}),
-    ]);
-    harmony_tui::init(maestro).await.unwrap();
+    let http_score = StaticFilesHttpScore {
+        folder_to_serve: Some(Url::LocalFolder(
+            "./data/watchguard/pxe-http-files".to_string(),
+        )),
+        files: vec![],
+        remote_path: None,
+    };
+
+    harmony_tui::run(
+        inventory,
+        topology,
+        vec![
+            Box::new(dns_score),
+            Box::new(dhcp_score),
+            Box::new(load_balancer_score),
+            Box::new(tftp_score),
+            Box::new(http_score),
+            Box::new(OPNsenseShellCommandScore {
+                opnsense: opnsense.get_opnsense_config(),
+                command: "touch /tmp/helloharmonytouching".to_string(),
+            }),
+            Box::new(SuccessScore {}),
+            Box::new(ErrorScore {}),
+            Box::new(PanicScore {}),
+        ],
+    )
+    .await
+    .unwrap();
 }

examples/rhob_application_monitoring/Cargo.toml

@@ -0,0 +1,17 @@
+[package]
+name = "rhob-application-monitoring"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+harmony_macros = { path = "../../harmony_macros" }
+tokio = { workspace = true }
+log = { workspace = true }
+env_logger = { workspace = true }
+url = { workspace = true }
+base64.workspace = true

examples/rhob_application_monitoring/src/main.rs

@@ -0,0 +1,50 @@
+use std::{path::PathBuf, sync::Arc};
+
+use harmony::{
+    inventory::Inventory,
+    modules::{
+        application::{
+            ApplicationScore, RustWebFramework, RustWebapp,
+            features::rhob_monitoring::RHOBMonitoring,
+        },
+        monitoring::alert_channel::discord_alert_channel::DiscordWebhook,
+    },
+    topology::K8sAnywhereTopology,
+};
+use harmony_types::net::Url;
+
+#[tokio::main]
+async fn main() {
+    let application = Arc::new(RustWebapp {
+        name: "test-rhob-monitoring".to_string(),
+        domain: Url::Url(url::Url::parse("htps://some-fake-url").unwrap()),
+        project_root: PathBuf::from("./webapp"), // Relative from 'harmony-path' param
+        framework: Some(RustWebFramework::Leptos),
+        service_port: 3000,
+    });
+
+    let discord_receiver = DiscordWebhook {
+        name: "test-discord".to_string(),
+        url: Url::Url(url::Url::parse("https://discord.doesnt.exist.com").unwrap()),
+    };
+
+    let app = ApplicationScore {
+        features: vec![
+            Box::new(RHOBMonitoring {
+                application: application.clone(),
+                alert_receiver: vec![Box::new(discord_receiver)],
+            }),
+            // TODO add backups, multisite ha, etc
+        ],
+        application,
+    };
+
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(app)],
+        None,
+    )
+    .await
+    .unwrap();
+}

examples/rust/.gitignore

@@ -0,0 +1,3 @@
+Dockerfile.harmony
+.harmony_generated
+harmony

examples/rust/Cargo.toml

@@ -0,0 +1,15 @@
+[package]
+name = "example-rust"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+harmony_macros = { path = "../../harmony_macros" }
+tokio = { workspace = true }
+log = { workspace = true }
+env_logger = { workspace = true }
+url = { workspace = true }
+base64.workspace = true

examples/rust/src/main.rs

@@ -0,0 +1,60 @@
+use std::{path::PathBuf, sync::Arc};
+
+use harmony::{
+    inventory::Inventory,
+    modules::{
+        application::{
+            ApplicationScore, RustWebFramework, RustWebapp,
+            features::{ContinuousDelivery, Monitoring},
+        },
+        monitoring::alert_channel::{
+            discord_alert_channel::DiscordWebhook, webhook_receiver::WebhookReceiver,
+        },
+    },
+    topology::K8sAnywhereTopology,
+};
+use harmony_macros::hurl;
+
+#[tokio::main]
+async fn main() {
+    let application = Arc::new(RustWebapp {
+        name: "harmony-example-rust-webapp".to_string(),
+        domain: hurl!("https://rustapp.harmony.example.com"),
+        project_root: PathBuf::from("./webapp"),
+        framework: Some(RustWebFramework::Leptos),
+        service_port: 3000,
+    });
+
+    let discord_receiver = DiscordWebhook {
+        name: "test-discord".to_string(),
+        url: hurl!("https://discord.doesnt.exist.com"),
+    };
+
+    let webhook_receiver = WebhookReceiver {
+        name: "sample-webhook-receiver".to_string(),
+        url: hurl!("https://webhook-doesnt-exist.com"),
+    };
+
+    let app = ApplicationScore {
+        features: vec![
+            Box::new(ContinuousDelivery {
+                application: application.clone(),
+            }),
+            Box::new(Monitoring {
+                application: application.clone(),
+                alert_receiver: vec![Box::new(discord_receiver), Box::new(webhook_receiver)],
+            }),
+            // TODO add backups, multisite ha, etc
+        ],
+        application,
+    };
+
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(app)],
+        None,
+    )
+    .await
+    .unwrap();
+}

examples/rust/webapp/.gitignore

@@ -0,0 +1,14 @@
+# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+# MSVC Windows builds of rustc generate these, which store debugging information
+*.pdb

examples/rust/webapp/Cargo.toml

@@ -0,0 +1,93 @@
+[package]
+name = "harmony-example-rust-webapp"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+crate-type = ["cdylib", "rlib"]
+
+[workspace]
+
+[dependencies]
+actix-files = { version = "0.6", optional = true }
+actix-web = { version = "4", optional = true, features = ["macros"] }
+console_error_panic_hook = "0.1"
+http = { version = "1.0.0", optional = true }
+leptos = { version = "0.7.0" }
+leptos_meta = { version = "0.7.0" }
+leptos_actix = { version = "0.7.0", optional = true }
+leptos_router = { version = "0.7.0" }
+wasm-bindgen = "=0.2.100"
+
+[features]
+csr = ["leptos/csr"]
+hydrate = ["leptos/hydrate"]
+ssr = [
+  "dep:actix-files",
+  "dep:actix-web",
+  "dep:leptos_actix",
+  "leptos/ssr",
+  "leptos_meta/ssr",
+  "leptos_router/ssr",
+]
+
+# Defines a size-optimized profile for the WASM bundle in release mode
+[profile.wasm-release]
+inherits = "release"
+opt-level = 'z'
+lto = true
+codegen-units = 1
+panic = "abort"
+
+[package.metadata.leptos]
+# The name used by wasm-bindgen/cargo-leptos for the JS/WASM bundle. Defaults to the crate name
+output-name = "harmony-example-rust-webapp"
+# The site root folder is where cargo-leptos generate all output. WARNING: all content of this folder will be erased on a rebuild. Use it in your server setup.
+site-root = "target/site"
+# The site-root relative folder where all compiled output (JS, WASM and CSS) is written
+# Defaults to pkg
+site-pkg-dir = "pkg"
+# [Optional] The source CSS file. If it ends with .sass or .scss then it will be compiled by dart-sass into CSS. The CSS is optimized by Lightning CSS before being written to <site-root>/<site-pkg>/app.css
+style-file = "style/main.scss"
+# Assets source dir. All files found here will be copied and synchronized to site-root.
+# The assets-dir cannot have a sub directory with the same name/path as site-pkg-dir.
+#
+# Optional. Env: LEPTOS_ASSETS_DIR.
+assets-dir = "assets"
+# The IP and port (ex: 127.0.0.1:3000) where the server serves the content. Use it in your server setup.
+site-addr = "0.0.0.0:3000"
+# The port to use for automatic reload monitoring
+reload-port = 3001
+# [Optional] Command to use when running end2end tests. It will run in the end2end dir.
+#   [Windows] for non-WSL use "npx.cmd playwright test"
+#   This binary name can be checked in Powershell with Get-Command npx
+end2end-cmd = "npx playwright test"
+end2end-dir = "end2end"
+#  The browserlist query used for optimizing the CSS.
+browserquery = "defaults"
+# The environment Leptos will run in, usually either "DEV" or "PROD"
+env = "DEV"
+# The features to use when compiling the bin target
+#
+# Optional. Can be over-ridden with the command line parameter --bin-features
+bin-features = ["ssr"]
+
+# If the --no-default-features flag should be used when compiling the bin target
+#
+# Optional. Defaults to false.
+bin-default-features = false
+
+# The features to use when compiling the lib target
+#
+# Optional. Can be over-ridden with the command line parameter --lib-features
+lib-features = ["hydrate"]
+
+# If the --no-default-features flag should be used when compiling the lib target
+#
+# Optional. Defaults to false.
+lib-default-features = false
+
+# The profile to use for the lib target when compiling for release
+#
+# Optional. Defaults to "release".
+lib-profile-release = "wasm-release"

examples/rust/webapp/LICENSE

@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>

examples/rust/webapp/README.md

@@ -0,0 +1,72 @@
+<picture>
+    <source srcset="https://raw.githubusercontent.com/leptos-rs/leptos/main/docs/logos/Leptos_logo_Solid_White.svg" media="(prefers-color-scheme: dark)">
+    <img src="https://raw.githubusercontent.com/leptos-rs/leptos/main/docs/logos/Leptos_logo_RGB.svg" alt="Leptos Logo">
+</picture>
+
+# Leptos Starter Template
+
+This is a template for use with the [Leptos](https://github.com/leptos-rs/leptos) web framework and the [cargo-leptos](https://github.com/akesson/cargo-leptos) tool.
+
+## Creating your template repo
+
+If you don't have `cargo-leptos` installed you can install it with
+
+`cargo install cargo-leptos --locked`
+
+Then run
+
+`cargo leptos new --git leptos-rs/start-actix`
+
+to generate a new project template (you will be prompted to enter a project name).
+
+`cd {projectname}`
+
+to go to your newly created project.
+
+Of course, you should explore around the project structure, but the best place to start with your application code is in `src/app.rs`.
+
+## Running your project
+
+`cargo leptos watch`  
+By default, you can access your local project at `http://localhost:3000`
+
+## Installing Additional Tools
+
+By default, `cargo-leptos` uses `nightly` Rust, `cargo-generate`, and `sass`. If you run into any trouble, you may need to install one or more of these tools.
+
+1. `rustup toolchain install nightly --allow-downgrade` - make sure you have Rust nightly
+2. `rustup target add wasm32-unknown-unknown` - add the ability to compile Rust to WebAssembly
+3. `cargo install cargo-generate` - install `cargo-generate` binary (should be installed automatically in future)
+4. `npm install -g sass` - install `dart-sass` (should be optional in future)
+
+## Executing a Server on a Remote Machine Without the Toolchain
+After running a `cargo leptos build --release` the minimum files needed are:
+
+1. The server binary located in `target/server/release`
+2. The `site` directory and all files within located in `target/site`
+
+Copy these files to your remote server. The directory structure should be:
+```text
+leptos_start
+site/
+```
+Set the following environment variables (updating for your project as needed):
+```sh
+export LEPTOS_OUTPUT_NAME="leptos_start"
+export LEPTOS_SITE_ROOT="site"
+export LEPTOS_SITE_PKG_DIR="pkg"
+export LEPTOS_SITE_ADDR="127.0.0.1:3000"
+export LEPTOS_RELOAD_PORT="3001"
+```
+Finally, run the server binary.
+
+## Notes about CSR and Trunk:
+Although it is not recommended, you can also run your project without server integration using the feature `csr` and `trunk serve`:
+
+`trunk serve --open --features csr`
+
+This may be useful for integrating external tools which require a static site, e.g. `tauri`.
+
+## Licensing
+
+This template itself is released under the Unlicense. You should replace the LICENSE for your own application with an appropriate license if you plan to release it publicly.

examples/rust/webapp/end2end/package-lock.json

@@ -0,0 +1,112 @@
+{
+  "name": "end2end",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "end2end",
+      "version": "1.0.0",
+      "license": "ISC",
+      "devDependencies": {
+        "@playwright/test": "^1.44.1",
+        "@types/node": "^20.12.12",
+        "typescript": "^5.4.5"
+      }
+    },
+    "node_modules/@playwright/test": {
+      "version": "1.44.1",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.44.1.tgz",
+      "integrity": "sha512-1hZ4TNvD5z9VuhNJ/walIjvMVvYkZKf71axoF/uiAqpntQJXpG64dlXhoDXE3OczPuTuvjf/M5KWFg5VAVUS3Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright": "1.44.1"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/@types/node": {
+      "version": "20.12.12",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.12.tgz",
+      "integrity": "sha512-eWLDGF/FOSPtAvEqeRAQ4C8LSA7M1I7i0ky1I8U7kD1J5ITyW3AsRhQrKVoWf5pFKZ2kILsEGJhsI9r93PYnOw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~5.26.4"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/playwright": {
+      "version": "1.44.1",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.44.1.tgz",
+      "integrity": "sha512-qr/0UJ5CFAtloI3avF95Y0L1xQo6r3LQArLIg/z/PoGJ6xa+EwzrwO5lpNr/09STxdHuUoP2mvuELJS+hLdtgg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright-core": "1.44.1"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=16"
+      },
+      "optionalDependencies": {
+        "fsevents": "2.3.2"
+      }
+    },
+    "node_modules/playwright-core": {
+      "version": "1.44.1",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.44.1.tgz",
+      "integrity": "sha512-wh0JWtYTrhv1+OSsLPgFzGzt67Y7BE/ZS3jEqgGBlp2ppp1ZDj8c+9IARNW4dwf1poq5MgHreEM2KV/GuR4cFA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "playwright-core": "cli.js"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.4.5",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.5.tgz",
+      "integrity": "sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "5.26.5",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz",
+      "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==",
+      "dev": true,
+      "license": "MIT"
+    }
+  }
+}

examples/rust/webapp/end2end/package.json

@@ -0,0 +1,15 @@
+{
+  "name": "end2end",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {},
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "@playwright/test": "^1.44.1",
+    "@types/node": "^20.12.12",
+    "typescript": "^5.4.5"
+  }
+}

examples/rust/webapp/end2end/playwright.config.ts

@@ -0,0 +1,104 @@
+import { devices, defineConfig } from "@playwright/test";
+
+/**
+ * Read environment variables from file.
+ * https://github.com/motdotla/dotenv
+ */
+// require('dotenv').config();
+
+/**
+ * See https://playwright.dev/docs/test-configuration.
+ */
+export default defineConfig({
+  testDir: "./tests",
+  /* Maximum time one test can run for. */
+  timeout: 30 * 1000,
+  expect: {
+    /**
+     * Maximum time expect() should wait for the condition to be met.
+     * For example in `await expect(locator).toHaveText();`
+     */
+    timeout: 5000,
+  },
+  /* Run tests in files in parallel */
+  fullyParallel: true,
+  /* Fail the build on CI if you accidentally left test.only in the source code. */
+  forbidOnly: !!process.env.CI,
+  /* Retry on CI only */
+  retries: process.env.CI ? 2 : 0,
+  /* Opt out of parallel tests on CI. */
+  workers: process.env.CI ? 1 : undefined,
+  /* Reporter to use. See https://playwright.dev/docs/test-reporters */
+  reporter: "html",
+  /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
+  use: {
+    /* Maximum time each action such as `click()` can take. Defaults to 0 (no limit). */
+    actionTimeout: 0,
+    /* Base URL to use in actions like `await page.goto('/')`. */
+    // baseURL: 'http://localhost:3000',
+
+    /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
+    trace: "on-first-retry",
+  },
+
+  /* Configure projects for major browsers */
+  projects: [
+    {
+      name: "chromium",
+      use: {
+        ...devices["Desktop Chrome"],
+      },
+    },
+
+    {
+      name: "firefox",
+      use: {
+        ...devices["Desktop Firefox"],
+      },
+    },
+
+    {
+      name: "webkit",
+      use: {
+        ...devices["Desktop Safari"],
+      },
+    },
+
+    /* Test against mobile viewports. */
+    // {
+    //   name: 'Mobile Chrome',
+    //   use: {
+    //     ...devices['Pixel 5'],
+    //   },
+    // },
+    // {
+    //   name: 'Mobile Safari',
+    //   use: {
+    //     ...devices['iPhone 12'],
+    //   },
+    // },
+
+    /* Test against branded browsers. */
+    // {
+    //   name: 'Microsoft Edge',
+    //   use: {
+    //     channel: 'msedge',
+    //   },
+    // },
+    // {
+    //   name: 'Google Chrome',
+    //   use: {
+    //     channel: 'chrome',
+    //   },
+    // },
+  ],
+
+  /* Folder for test artifacts such as screenshots, videos, traces, etc. */
+  // outputDir: 'test-results/',
+
+  /* Run your local dev server before starting the tests */
+  // webServer: {
+  //   command: 'npm run start',
+  //   port: 3000,
+  // },
+});

examples/rust/webapp/end2end/tests/example.spec.ts

@@ -0,0 +1,9 @@
+import { test, expect } from "@playwright/test";
+
+test("homepage has title and links to intro page", async ({ page }) => {
+  await page.goto("http://localhost:3000/");
+
+  await expect(page).toHaveTitle("Welcome to Leptos");
+
+  await expect(page.locator("h1")).toHaveText("Welcome to Leptos!");
+});

examples/rust/webapp/end2end/tsconfig.json

@@ -0,0 +1,109 @@
+{
+  "compilerOptions": {
+    /* Visit https://aka.ms/tsconfig to read more about this file */
+
+    /* Projects */
+    // "incremental": true,                              /* Save .tsbuildinfo files to allow for incremental compilation of projects. */
+    // "composite": true,                                /* Enable constraints that allow a TypeScript project to be used with project references. */
+    // "tsBuildInfoFile": "./.tsbuildinfo",              /* Specify the path to .tsbuildinfo incremental compilation file. */
+    // "disableSourceOfProjectReferenceRedirect": true,  /* Disable preferring source files instead of declaration files when referencing composite projects. */
+    // "disableSolutionSearching": true,                 /* Opt a project out of multi-project reference checking when editing. */
+    // "disableReferencedProjectLoad": true,             /* Reduce the number of projects loaded automatically by TypeScript. */
+
+    /* Language and Environment */
+    "target": "es2016",                                  /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
+    // "lib": [],                                        /* Specify a set of bundled library declaration files that describe the target runtime environment. */
+    // "jsx": "preserve",                                /* Specify what JSX code is generated. */
+    // "experimentalDecorators": true,                   /* Enable experimental support for legacy experimental decorators. */
+    // "emitDecoratorMetadata": true,                    /* Emit design-type metadata for decorated declarations in source files. */
+    // "jsxFactory": "",                                 /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h'. */
+    // "jsxFragmentFactory": "",                         /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
+    // "jsxImportSource": "",                            /* Specify module specifier used to import the JSX factory functions when using 'jsx: react-jsx*'. */
+    // "reactNamespace": "",                             /* Specify the object invoked for 'createElement'. This only applies when targeting 'react' JSX emit. */
+    // "noLib": true,                                    /* Disable including any library files, including the default lib.d.ts. */
+    // "useDefineForClassFields": true,                  /* Emit ECMAScript-standard-compliant class fields. */
+    // "moduleDetection": "auto",                        /* Control what method is used to detect module-format JS files. */
+
+    /* Modules */
+    "module": "commonjs",                                /* Specify what module code is generated. */
+    // "rootDir": "./",                                  /* Specify the root folder within your source files. */
+    // "moduleResolution": "node10",                     /* Specify how TypeScript looks up a file from a given module specifier. */
+    // "baseUrl": "./",                                  /* Specify the base directory to resolve non-relative module names. */
+    // "paths": {},                                      /* Specify a set of entries that re-map imports to additional lookup locations. */
+    // "rootDirs": [],                                   /* Allow multiple folders to be treated as one when resolving modules. */
+    // "typeRoots": [],                                  /* Specify multiple folders that act like './node_modules/@types'. */
+    // "types": [],                                      /* Specify type package names to be included without being referenced in a source file. */
+    // "allowUmdGlobalAccess": true,                     /* Allow accessing UMD globals from modules. */
+    // "moduleSuffixes": [],                             /* List of file name suffixes to search when resolving a module. */
+    // "allowImportingTsExtensions": true,               /* Allow imports to include TypeScript file extensions. Requires '--moduleResolution bundler' and either '--noEmit' or '--emitDeclarationOnly' to be set. */
+    // "resolvePackageJsonExports": true,                /* Use the package.json 'exports' field when resolving package imports. */
+    // "resolvePackageJsonImports": true,                /* Use the package.json 'imports' field when resolving imports. */
+    // "customConditions": [],                           /* Conditions to set in addition to the resolver-specific defaults when resolving imports. */
+    // "resolveJsonModule": true,                        /* Enable importing .json files. */
+    // "allowArbitraryExtensions": true,                 /* Enable importing files with any extension, provided a declaration file is present. */
+    // "noResolve": true,                                /* Disallow 'import's, 'require's or '<reference>'s from expanding the number of files TypeScript should add to a project. */
+
+    /* JavaScript Support */
+    // "allowJs": true,                                  /* Allow JavaScript files to be a part of your program. Use the 'checkJS' option to get errors from these files. */
+    // "checkJs": true,                                  /* Enable error reporting in type-checked JavaScript files. */
+    // "maxNodeModuleJsDepth": 1,                        /* Specify the maximum folder depth used for checking JavaScript files from 'node_modules'. Only applicable with 'allowJs'. */
+
+    /* Emit */
+    // "declaration": true,                              /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
+    // "declarationMap": true,                           /* Create sourcemaps for d.ts files. */
+    // "emitDeclarationOnly": true,                      /* Only output d.ts files and not JavaScript files. */
+    // "sourceMap": true,                                /* Create source map files for emitted JavaScript files. */
+    // "inlineSourceMap": true,                          /* Include sourcemap files inside the emitted JavaScript. */
+    // "outFile": "./",                                  /* Specify a file that bundles all outputs into one JavaScript file. If 'declaration' is true, also designates a file that bundles all .d.ts output. */
+    // "outDir": "./",                                   /* Specify an output folder for all emitted files. */
+    // "removeComments": true,                           /* Disable emitting comments. */
+    // "noEmit": true,                                   /* Disable emitting files from a compilation. */
+    // "importHelpers": true,                            /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
+    // "importsNotUsedAsValues": "remove",               /* Specify emit/checking behavior for imports that are only used for types. */
+    // "downlevelIteration": true,                       /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
+    // "sourceRoot": "",                                 /* Specify the root path for debuggers to find the reference source code. */
+    // "mapRoot": "",                                    /* Specify the location where debugger should locate map files instead of generated locations. */
+    // "inlineSources": true,                            /* Include source code in the sourcemaps inside the emitted JavaScript. */
+    // "emitBOM": true,                                  /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
+    // "newLine": "crlf",                                /* Set the newline character for emitting files. */
+    // "stripInternal": true,                            /* Disable emitting declarations that have '@internal' in their JSDoc comments. */
+    // "noEmitHelpers": true,                            /* Disable generating custom helper functions like '__extends' in compiled output. */
+    // "noEmitOnError": true,                            /* Disable emitting files if any type checking errors are reported. */
+    // "preserveConstEnums": true,                       /* Disable erasing 'const enum' declarations in generated code. */
+    // "declarationDir": "./",                           /* Specify the output directory for generated declaration files. */
+    // "preserveValueImports": true,                     /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */
+
+    /* Interop Constraints */
+    // "isolatedModules": true,                          /* Ensure that each file can be safely transpiled without relying on other imports. */
+    // "verbatimModuleSyntax": true,                     /* Do not transform or elide any imports or exports not marked as type-only, ensuring they are written in the output file's format based on the 'module' setting. */
+    // "allowSyntheticDefaultImports": true,             /* Allow 'import x from y' when a module doesn't have a default export. */
+    "esModuleInterop": true,                             /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */
+    // "preserveSymlinks": true,                         /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
+    "forceConsistentCasingInFileNames": true,            /* Ensure that casing is correct in imports. */
+
+    /* Type Checking */
+    "strict": true,                                      /* Enable all strict type-checking options. */
+    // "noImplicitAny": true,                            /* Enable error reporting for expressions and declarations with an implied 'any' type. */
+    // "strictNullChecks": true,                         /* When type checking, take into account 'null' and 'undefined'. */
+    // "strictFunctionTypes": true,                      /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
+    // "strictBindCallApply": true,                      /* Check that the arguments for 'bind', 'call', and 'apply' methods match the original function. */
+    // "strictPropertyInitialization": true,             /* Check for class properties that are declared but not set in the constructor. */
+    // "noImplicitThis": true,                           /* Enable error reporting when 'this' is given the type 'any'. */
+    // "useUnknownInCatchVariables": true,               /* Default catch clause variables as 'unknown' instead of 'any'. */
+    // "alwaysStrict": true,                             /* Ensure 'use strict' is always emitted. */
+    // "noUnusedLocals": true,                           /* Enable error reporting when local variables aren't read. */
+    // "noUnusedParameters": true,                       /* Raise an error when a function parameter isn't read. */
+    // "exactOptionalPropertyTypes": true,               /* Interpret optional property types as written, rather than adding 'undefined'. */
+    // "noImplicitReturns": true,                        /* Enable error reporting for codepaths that do not explicitly return in a function. */
+    // "noFallthroughCasesInSwitch": true,               /* Enable error reporting for fallthrough cases in switch statements. */
+    // "noUncheckedIndexedAccess": true,                 /* Add 'undefined' to a type when accessed using an index. */
+    // "noImplicitOverride": true,                       /* Ensure overriding members in derived classes are marked with an override modifier. */
+    // "noPropertyAccessFromIndexSignature": true,       /* Enforces using indexed accessors for keys declared using an indexed type. */
+    // "allowUnusedLabels": true,                        /* Disable error reporting for unused labels. */
+    // "allowUnreachableCode": true,                     /* Disable error reporting for unreachable code. */
+
+    /* Completeness */
+    // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
+    "skipLibCheck": true                                 /* Skip type checking all .d.ts files. */
+  }
+}

examples/rust/webapp/src/app.rs

@@ -0,0 +1,66 @@
+use leptos::prelude::*;
+use leptos_meta::{provide_meta_context, Stylesheet, Title};
+use leptos_router::{
+    components::{Route, Router, Routes},
+    StaticSegment, WildcardSegment,
+};
+
+#[component]
+pub fn App() -> impl IntoView {
+    // Provides context that manages stylesheets, titles, meta tags, etc.
+    provide_meta_context();
+
+    view! {
+        // injects a stylesheet into the document <head>
+        // id=leptos means cargo-leptos will hot-reload this stylesheet
+        <Stylesheet id="leptos" href="/pkg/harmony-example-rust-webapp.css"/>
+
+        // sets the document title
+        <Title text="Welcome to Leptos"/>
+
+        // content for this welcome page
+        <Router>
+            <main>
+                <Routes fallback=move || "Not found.">
+                    <Route path=StaticSegment("") view=HomePage/>
+                    <Route path=WildcardSegment("any") view=NotFound/>
+                </Routes>
+            </main>
+        </Router>
+    }
+}
+
+/// Renders the home page of your application.
+#[component]
+fn HomePage() -> impl IntoView {
+    // Creates a reactive value to update the button
+    let count = RwSignal::new(0);
+    let on_click = move |_| *count.write() += 1;
+
+    view! {
+        <h1>"Welcome to Leptos!"</h1>
+        <button on:click=on_click>"Click Me: " {count}</button>
+    }
+}
+
+/// 404 - Not Found
+#[component]
+fn NotFound() -> impl IntoView {
+    // set an HTTP status code 404
+    // this is feature gated because it can only be done during
+    // initial server-side rendering
+    // if you navigate to the 404 page subsequently, the status
+    // code will not be set because there is not a new HTTP request
+    // to the server
+    #[cfg(feature = "ssr")]
+    {
+        // this can be done inline because it's synchronous
+        // if it were async, we'd use a server function
+        let resp = expect_context::<leptos_actix::ResponseOptions>();
+        resp.set_status(actix_web::http::StatusCode::NOT_FOUND);
+    }
+
+    view! {
+        <h1>"Not Found"</h1>
+    }
+}

examples/rust/webapp/src/lib.rs

@@ -0,0 +1,9 @@
+pub mod app;
+
+#[cfg(feature = "hydrate")]
+#[wasm_bindgen::prelude::wasm_bindgen]
+pub fn hydrate() {
+    use app::*;
+    console_error_panic_hook::set_once();
+    leptos::mount::hydrate_body(App);
+}

examples/rust/webapp/src/main.rs

@@ -0,0 +1,88 @@
+#[cfg(feature = "ssr")]
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
+    use actix_files::Files;
+    use actix_web::*;
+    use leptos::prelude::*;
+    use leptos::config::get_configuration;
+    use leptos_meta::MetaTags;
+    use leptos_actix::{generate_route_list, LeptosRoutes};
+    use harmony_example_rust_webapp::app::*;
+
+    let conf = get_configuration(None).unwrap();
+    let addr = conf.leptos_options.site_addr;
+
+    HttpServer::new(move || {
+        // Generate the list of routes in your Leptos App
+        let routes = generate_route_list(App);
+        let leptos_options = &conf.leptos_options;
+        let site_root = leptos_options.site_root.clone().to_string();
+
+        println!("listening on http://{}", &addr);
+
+        App::new()
+            // serve JS/WASM/CSS from `pkg`
+            .service(Files::new("/pkg", format!("{site_root}/pkg")))
+            // serve other assets from the `assets` directory
+            .service(Files::new("/assets", &site_root))
+            // serve the favicon from /favicon.ico
+            .service(favicon)
+            .leptos_routes(routes, {
+                let leptos_options = leptos_options.clone();
+                move || {
+                    view! {
+                        <!DOCTYPE html>
+                        <html lang="en">
+                            <head>
+                                <meta charset="utf-8"/>
+                                <meta name="viewport" content="width=device-width, initial-scale=1"/>
+                                <AutoReload options=leptos_options.clone() />
+                                <HydrationScripts options=leptos_options.clone()/>
+                                <MetaTags/>
+                            </head>
+                            <body>
+                                <App/>
+                            </body>
+                        </html>
+                    }
+                }
+            })
+            .app_data(web::Data::new(leptos_options.to_owned()))
+        //.wrap(middleware::Compress::default())
+    })
+    .bind(&addr)?
+    .run()
+    .await
+}
+
+#[cfg(feature = "ssr")]
+#[actix_web::get("favicon.ico")]
+async fn favicon(
+    leptos_options: actix_web::web::Data<leptos::config::LeptosOptions>,
+) -> actix_web::Result<actix_files::NamedFile> {
+    let leptos_options = leptos_options.into_inner();
+    let site_root = &leptos_options.site_root;
+    Ok(actix_files::NamedFile::open(format!(
+        "{site_root}/favicon.ico"
+    ))?)
+}
+
+#[cfg(not(any(feature = "ssr", feature = "csr")))]
+pub fn main() {
+    // no client-side main function
+    // unless we want this to work with e.g., Trunk for pure client-side testing
+    // see lib.rs for hydration function instead
+    // see optional feature `csr` instead
+}
+
+#[cfg(all(not(feature = "ssr"), feature = "csr"))]
+pub fn main() {
+    // a client-side main function is required for using `trunk serve`
+    // prefer using `cargo leptos serve` instead
+    // to run: `trunk serve --open --features csr`
+    use harmony_example_rust_webapp::app::*;
+
+    console_error_panic_hook::set_once();
+
+    leptos::mount_to_body(App);
+}

examples/rust/webapp/style/main.scss

@@ -0,0 +1,4 @@
+body {
+	font-family: sans-serif;
+	text-align: center;
+}

examples/tenant/src/main.rs

@@ -1,30 +1,30 @@
+use std::str::FromStr;
+
 use harmony::{
-    data::Id,
     inventory::Inventory,
-    maestro::Maestro,
     modules::tenant::TenantScore,
     topology::{K8sAnywhereTopology, tenant::TenantConfig},
 };
+use harmony_types::id::Id;
 
 #[tokio::main]
 async fn main() {
     let tenant = TenantScore {
         config: TenantConfig {
-            id: Id::from_str("test-tenant-id"),
+            id: Id::from_str("test-tenant-id").unwrap(),
             name: "testtenant".to_string(),
             ..Default::default()
         },
     };
 
-    let mut maestro = Maestro::<K8sAnywhereTopology>::initialize(
+    harmony_cli::run(
         Inventory::autoload(),
         K8sAnywhereTopology::from_env(),
+        vec![Box::new(tenant)],
+        None,
     )
     .await
     .unwrap();
-
-    maestro.register_all(vec![Box::new(tenant)]);
-    harmony_cli::init(maestro, None).await.unwrap();
 }
 
 // TODO write tests

examples/try_rust_webapp/Cargo.toml

@@ -0,0 +1,17 @@
+[package]
+name = "example-try-rust-webapp"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+harmony = { path = "../../harmony" }
+harmony_cli = { path = "../../harmony_cli" }
+harmony_types = { path = "../../harmony_types" }
+harmony_macros = { path = "../../harmony_macros" }
+tokio = { workspace = true }
+log = { workspace = true }
+env_logger = { workspace = true }
+url = { workspace = true }
+base64.workspace = true

examples/try_rust_webapp/src/main.rs

@@ -0,0 +1,52 @@
+use std::{path::PathBuf, sync::Arc};
+
+use harmony::{
+    inventory::Inventory,
+    modules::{
+        application::{
+            ApplicationScore, RustWebFramework, RustWebapp,
+            features::{ContinuousDelivery, Monitoring},
+        },
+        monitoring::alert_channel::discord_alert_channel::DiscordWebhook,
+    },
+    topology::K8sAnywhereTopology,
+};
+use harmony_types::net::Url;
+
+#[tokio::main]
+async fn main() {
+    let application = Arc::new(RustWebapp {
+        name: "harmony-example-tryrust".to_string(),
+        domain: Url::Url(url::Url::parse("https://tryrust.harmony.example.com").unwrap()),
+        project_root: PathBuf::from("./tryrust.org"),
+        framework: Some(RustWebFramework::Leptos),
+        service_port: 8080,
+    });
+
+    let discord_receiver = DiscordWebhook {
+        name: "test-discord".to_string(),
+        url: Url::Url(url::Url::parse("https://discord.doesnt.exist.com").unwrap()),
+    };
+
+    let app = ApplicationScore {
+        features: vec![
+            Box::new(ContinuousDelivery {
+                application: application.clone(),
+            }),
+            Box::new(Monitoring {
+                application: application.clone(),
+                alert_receiver: vec![Box::new(discord_receiver)],
+            }),
+        ],
+        application,
+    };
+
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(app)],
+        None,
+    )
+    .await
+    .unwrap();
+}

examples/tui/Cargo.toml

@@ -10,9 +10,9 @@ publish = false
 harmony = { path = "../../harmony" }
 harmony_tui = { path = "../../harmony_tui" }
 harmony_types = { path = "../../harmony_types" }
+harmony_macros = { path = "../../harmony_macros" }
 cidr = { workspace = true }
 tokio = { workspace = true }
-harmony_macros = { path = "../../harmony_macros" }
 log = { workspace = true }
 env_logger = { workspace = true }
 url = { workspace = true }

examples/tui/src/main.rs

@@ -2,7 +2,6 @@ use std::net::{SocketAddr, SocketAddrV4};
 
 use harmony::{
     inventory::Inventory,
-    maestro::Maestro,
     modules::{
         dns::DnsScore,
         dummy::{ErrorScore, PanicScore, SuccessScore},
@@ -10,24 +9,26 @@ use harmony::{
     },
     topology::{
         BackendServer, DummyInfra, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancerService,
+        SSL,
     },
 };
 use harmony_macros::ipv4;
 
 #[tokio::main]
 async fn main() {
-    let inventory = Inventory::autoload();
-    let topology = DummyInfra {};
-    let mut maestro = Maestro::initialize(inventory, topology).await.unwrap();
-
-    maestro.register_all(vec![
-        Box::new(SuccessScore {}),
-        Box::new(ErrorScore {}),
-        Box::new(PanicScore {}),
-        Box::new(DnsScore::new(vec![], None)),
-        Box::new(build_large_score()),
-    ]);
-    harmony_tui::init(maestro).await.unwrap();
+    harmony_tui::run(
+        Inventory::autoload(),
+        DummyInfra {},
+        vec![
+            Box::new(SuccessScore {}),
+            Box::new(ErrorScore {}),
+            Box::new(PanicScore {}),
+            Box::new(DnsScore::new(vec![], None)),
+            Box::new(build_large_score()),
+        ],
+    )
+    .await
+    .unwrap();
 }
 
 fn build_large_score() -> LoadBalancerScore {
@@ -47,6 +48,7 @@ fn build_large_score() -> LoadBalancerScore {
                 .to_string(),
             HttpMethod::GET,
             HttpStatusCode::Success2xx,
+            SSL::Disabled,
         )),
     };
     LoadBalancerScore {

examples/validate_ceph_cluster_health/Cargo.toml

@@ -0,0 +1,11 @@
+[package]
+name = "example_validate_ceph_cluster_health"
+edition = "2024"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+harmony = { version = "0.1.0", path = "../../harmony" }
+harmony_cli = { version = "0.1.0", path = "../../harmony_cli" }
+tokio.workspace = true