wip: continue db refactor

Author: cilki

Cargo.lock

@@ -23,11 +23,11 @@ virtual and controlled by a corporation, like accounts on _github.com_. Others
 have a physical component as well, like a server in your closet, Raspberry Pi,
 or laptop.
 
-All of these entities are part of your _virtual estate_ and are often
-intricately connected in various ways. As an example, you might have an SSH key
-or API token on your machine that grants access to repositories (a kind of
-digital asset) on Github. And suppose your machine also has an authorized key
-installed that allows access from another machine:
+All of these entities are part of your _virtual estate_ and are intricately
+connected in various ways. As an example, you might have an SSH key or API token
+on your machine that grants access to repositories (a kind of digital asset) on
+Github. And suppose your machine also has an authorized key installed that
+allows access from another machine:
 
 ```
 ┌──────────┐  SSH Key  ┌──────────┐  API Token  ┌───────────────────┐
@@ -37,18 +37,18 @@ installed that allows access from another machine:
                                                 └───────────────────┘
 ```
 
-If you care about those repos, then Sandpolis can map out an attack surface that
-includes both `Machine A` and `Machine B`. If `Machine A` happens to have a weak
-password or one that's shared with another website, then the attack surface is
-consequently expanded with appropriate probabilities.
+If those private repos are worth protecting, then Sandpolis can map out an
+attack surface that includes both `Machine A` and `Machine B`. If `Machine A`
+happens to have a weak password or one that's shared with another website, then
+the attack surface is consequently expanded with appropriate probabilities.
 
 Mapping these relationships automatically is possible because Sandpolis runs an
-agent on `Machine A` and `Machine B` (and has API access to Github).
+agent on `Machine A` and `Machine B`.
 
 ## Security Warning
 
 Sandpolis is an extremely high-value attack target as it provides management
-access to your virtual estate. To compensate, strong security measures are
+capabilities on your virtual estate. To compensate, strong security measures are
 available:
 
 - All connections to a server use mTLS and require a valid client certificate.
@@ -87,7 +87,7 @@ Models online/offline accounts and their relationships to agent instances.
 Enables higher-order analysis of virtual estate like attack surface mapping and
 compromise tracing.
 
-### Alert
+### Audit
 
 Triggers user notifications when certain events are detected in the Sandpolis
 network. For example, if a user's status is currently _AWAY_, an unexpected SSH
@@ -100,13 +100,11 @@ Provides access to remote desktop capabilities.
 ### Filesystem
 
 Provides read/write access to agent filesystems. The Sandpolis client can also
-mount an agent's filesystem.
-
-### Logging
+mount an agent's filesystem with FUSE.
 
 ### Package
 
-Integrates with package managers to monitor package versions.
+Integrates with package managers to monitor software versions.
 
 ### Probe
 
@@ -119,11 +117,16 @@ the gateway instance remains online).
 
 ### Shell
 
-Provides an interactive remote shell.
+Provides an interactive remote shell. Also stores customizable shell "snippets"
+that can be executed on a schedule.
 
 ### Tunnel
 
-### User
+Establishes a permanent or ephemeral TCP tunnel between arbitrary instances.
+
+### Snapshot
+
+Create and apply _cold snapshots_ via a boot agent.
 
 ## Installation
 
@@ -163,9 +166,9 @@ perform any excluded functionality.
 ```yml
 # Docker compose
 services:
-	sandpolis-server:
-		image: sandpolis/server
-		restart: unless-stopped
+  sandpolis-server:
+    image: sandpolis/server
+    restart: unless-stopped
 ```
 
 #### Install client from DockerHub

README.md

@@ -11,10 +11,13 @@ built = { version = "0.8", features = ["git2", "chrono", "semver"] }
 [dependencies]
 anyhow = { workspace = true }
 validator = { workspace = true }
+native_db = { workspace = true }
+native_model = { workspace = true }
 serde = { workspace = true }
 sandpolis-core = { path = "../sandpolis-core", version = "0.0.1" }
 sandpolis-instance = { path = "../sandpolis-instance", version = "0.0.1" }
 sandpolis-database = { path = "../sandpolis-database", version = "0.0.1" }
+sandpolis-macros = { path = "../sandpolis-macros", version = "0.0.1" }
 
 [features]
 client = []

sandpolis-account/Cargo.toml

@@ -1,14 +1,33 @@
 //! This layer enables account-level management.
 
+use anyhow::Result;
+use native_db::*;
+use native_model::{Model, native_model};
 use sandpolis_core::InstanceId;
-use sandpolis_database::DatabaseLayer;
+use sandpolis_database::{Data, DataIdentifier, DatabaseLayer, Watch};
+use sandpolis_macros::Data;
 use serde::{Deserialize, Serialize};
 use validator::Validate;
 
+#[derive(Serialize, Deserialize, Clone, Default, PartialEq, Debug, Data)]
+#[native_model(id = 27, version = 1)]
+#[native_db]
+pub struct AccountLayerData {
+    #[primary_key]
+    pub _id: DataIdentifier,
+}
+
+#[derive(Clone)]
 pub struct AccountLayer {
     database: DatabaseLayer,
 }
 
+impl AccountLayer {
+    pub async fn new() -> Result<Self> {
+        Ok(Self { database: todo!() })
+    }
+}
+
 #[derive(Serialize, Deserialize, Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
 pub struct AccountId(u128);
 

sandpolis-account/src/lib.rs

@@ -15,6 +15,7 @@ tokio-cron-scheduler = { version = "0.14.0", optional = true }
 sandpolis-network = { path = "../sandpolis-network", version = "0.0.1" }
 sandpolis-database = { path = "../sandpolis-database", version = "0.0.1" }
 sandpolis-core = { path = "../sandpolis-core", version = "0.0.1" }
+sandpolis-macros = { path = "../sandpolis-macros", version = "0.0.1" }
 
 [features]
 agent = ["dep:tokio-cron-scheduler"]

sandpolis-agent/Cargo.toml

@@ -14,6 +14,7 @@ native_model = { workspace = true }
 sandpolis-instance = { path = "../sandpolis-instance", version = "0.0.1" }
 sandpolis-database = { path = "../sandpolis-database", version = "0.0.1" }
 sandpolis-core = { path = "../sandpolis-core", version = "0.0.1" }
+sandpolis-macros = { path = "../sandpolis-macros", version = "0.0.1" }
 
 [features]
 server = []

sandpolis-audit/Cargo.toml

@@ -86,7 +86,7 @@ impl DatabaseLayer {
 /// `Data` is what's stored in a database!
 pub trait Data
 where
-    Self: ToInput + Default + Clone + PartialEq + Send + Sync,
+    Self: ToInput + Clone + PartialEq + Send + Sync,
 {
     fn id(&self) -> DataIdentifier;
     fn set_id(&mut self, id: DataIdentifier);
@@ -191,7 +191,7 @@ impl<T: Data> Drop for Watch<T> {
     }
 }
 
-impl<T: Data + 'static> Watch<T> {
+impl<T: Data + Default + 'static> Watch<T> {
     /// Create a new `Watch` when there's only one row in the database.
     pub fn singleton(db: Arc<native_db::Database<'static>>) -> Result<Self> {
         let r = db.r_transaction()?;

sandpolis-database/src/lib.rs

@@ -12,6 +12,7 @@ os_info = { workspace = true }
 russh = { workspace = true, optional = true }
 sandpolis-core = { path = "../sandpolis-core", version = "0.0.1" }
 sandpolis-group = { path = "../sandpolis-group", version = "0.0.1" }
+sandpolis-macros = { path = "../sandpolis-macros", version = "0.0.1" }
 
 [features]
 agent = ["dep:russh"]

sandpolis-deploy/Cargo.toml

@@ -1,3 +1,4 @@
+use anyhow::Result;
 use axum::Router;
 
 pub(crate) mod messages;
@@ -11,4 +12,10 @@ pub mod client;
 #[derive(Clone)]
 pub struct DesktopLayer {}
 
+impl DesktopLayer {
+    pub async fn new() -> Result<Self> {
+        Ok(Self {})
+    }
+}
+
 // TODO agent lists available desktops for db

sandpolis-desktop/src/lib.rs

@@ -10,7 +10,7 @@ pub mod messages;
 pub struct FilesystemLayer {}
 
 impl FilesystemLayer {
-    pub fn new() -> Result<Self> {
+    pub async fn new() -> Result<Self> {
         Ok(Self {})
     }
 }