Firewall added & some fixes

2026-04-13 12:40:49 +03:00
parent 7eaa9750b0
commit 8c35022483
22 changed files with 1659 additions and 134 deletions
--- a/network/config.go
+++ b/network/config.go
@@ -13,6 +13,7 @@ const ConfigFile = "/etc/network/interfaces"
 // InterfaceConfig represents one stanza in /etc/network/interfaces.
 type InterfaceConfig struct {
 	Name    string            `json:"name"`
+	Label   string            `json:"label,omitempty"` // display name, stored in config.yaml only
 	Auto   bool              `json:"auto"`
 	Mode    string            `json:"mode"`              // dhcp, static, loopback, manual
 	Address string            `json:"address,omitempty"` // static only
@@ -154,12 +155,18 @@ func WriteConfig(configs map[string]*InterfaceConfig) error {
 	}
 	defer f.Close()

-	// loopback first
+	// loopback first, then physical interfaces, then VLANs (sorted within each group)
 	if lo, ok := configs["lo"]; ok {
 		writeStanza(f, lo)
 	}
 	for name, cfg := range configs {
-		if name == "lo" {
+		if name == "lo" || IsVLAN(name) {
+			continue
+		}
+		writeStanza(f, cfg)
+	}
+	for name, cfg := range configs {
+		if !IsVLAN(name) {
 			continue
 		}
 		writeStanza(f, cfg)
@@ -188,6 +195,12 @@ func writeStanza(f *os.File, c *InterfaceConfig) {
 			fmt.Fprintf(f, "\tdns-nameservers %s\n", strings.Join(c.DNS, " "))
 		}
 	}
+	// VLAN interfaces need vlan-raw-device unless already in Extra
+	if IsVLAN(c.Name) {
+		if _, ok := c.Extra["vlan-raw-device"]; !ok {
+			fmt.Fprintf(f, "\tvlan-raw-device %s\n", VLANParent(c.Name))
+		}
+	}
 	for k, v := range c.Extra {
 		fmt.Fprintf(f, "\t%s %s\n", k, v)
 	}