Files

Jean-Gabriel Gill-Couture 50f62b6437 chore: warning sweep — auto-fix pass + scoped allows for generated code

Workspace warning count: 408 → 105.

Three buckets cleared:

* Auto-fixable (`cargo fix` + `cargo clippy --fix`): unused imports
  removed, unused variables prefixed with `_`, deprecated method
  calls updated. Applied across harmony, harmony-k8s, harmony-agent,
  harmony_inventory_agent, the fleet/ workspace, and ~15 examples.
* Generated code (opnsense-api/src/generated/): 269 snake_case
  warnings + ~10 unreachable-pattern warnings come from
  CamelCase-preserving bindings to OPNsense's HAProxy/Caddy XML
  schemas. Scoped a single `#[allow(non_snake_case,
  unreachable_patterns)]` at `pub mod generated;` rather than
  fighting the codegen — renaming would break serde round-trips
  and the codegen would regenerate them anyway.
* opnsense-codegen parser's defensive `let...else` guards on
  `XmlNode` (currently single-variant): file-level
  `#![allow(irrefutable_let_patterns)]` with a comment explaining
  why we keep the `else` arms (they re-arm if the IR grows a
  second variant).

`harmony_inventory_agent::local_presence::{DiscoveryEvent,
discover_agents}` re-exports were stripped twice by the auto-fix
passes (consumers live in another crate, so the local crate looks
"unused" to lint). Anchored with explicit `pub use` + an
`#[allow(unused_imports)]` annotation noting why.

All 151 harmony lib tests still pass. Remaining ~105 warnings are
mostly real dead code in non-fleet modules + a handful of
unused-imports/variables clippy couldn't auto-resolve; cleared in
the next pass.

2026-05-06 22:51:44 -04:00

src

chore: warning sweep — auto-fix pass + scoped allows for generated code

2026-05-06 22:51:44 -04:00

Cargo.toml

feat: scaffold IoT walking skeleton — podman module, operator, and agent

2026-04-17 20:15:10 -04:00

README.md

docs: fix pair integration subnet in diagram, add to examples index

2026-03-31 12:29:35 -04:00

README.md

OPNsense Firewall Pair Integration Example

Boots two OPNsense VMs, bootstraps both with automated SSH/API setup, then configures a CARP HA firewall pair using FirewallPairTopology and CarpVipScore. Fully automated, CI-friendly.

Quick start

# Prerequisites (same as single-VM example)
./examples/opnsense_vm_integration/setup-libvirt.sh

# Boot + bootstrap + pair test (fully unattended)
cargo run -p opnsense-pair-integration -- --full

What it does

Creates a shared LAN network + 2 OPNsense VMs (2 NICs each: LAN + WAN)
Bootstraps both VMs sequentially using NIC link control to avoid IP conflicts:
- Disables backup's LAN NIC
- Bootstraps primary on .1 (login, SSH, webgui port 9443)
- Changes primary's LAN IP from .1 to .2
- Swaps NICs (disable primary, enable backup)
- Bootstraps backup on .1
- Changes backup's LAN IP from .1 to .3
- Re-enables all NICs
Applies pair scores via FirewallPairTopology:
- CarpVipScore — CARP VIP at .1 (primary advskew=0, backup advskew=100)
- VlanScore — VLAN 100 on both
- FirewallRuleScore — ICMP allow on both
Verifies CARP VIPs and VLANs via REST API on both firewalls

Network topology

Host (192.168.1.10)
 |
 +--- virbr-pair (192.168.1.0/24, NAT)
 |         |              |
 |    fw-primary       fw-backup
 |    vtnet0=.2        vtnet0=.3
 |    (CARP VIP: .1)
 |
 +--- virbr0 (default, DHCP)
           |              |
      fw-primary       fw-backup
      vtnet1=dhcp      vtnet1=dhcp (WAN)

Both VMs boot with OPNsense's default LAN IP of 192.168.1.1. The NIC juggling sequence ensures only one VM has its LAN NIC active at a time during bootstrap, avoiding address conflicts.

Requirements

Same as the single-VM example: Linux with KVM, libvirt, ~20 GB disk space, ~20 minutes first run.

Commands

Command	Description
`--check`	Verify prerequisites
`--boot`	Boot + bootstrap both VMs
(default)	Run pair integration test
`--full`	Boot + bootstrap + test (CI mode)
`--status`	Show both VMs' status
`--clean`	Destroy both VMs and networks