feat(post-install): moteur de profils + bootstrap + identité/réseau (tâche 2 SJ-8)

- templates custom/bootstrap-root + identity-network (sortie structurée parsable,
  sauvegardes, échec contrôlé, jamais de coupure réseau sans reconnexion)
- postInstall: registre de manifestes (champs typés + defaults/defaultFrom),
  validateProfileValues + maskSecretValues + buildPostInstallResult (TDD),
  renderProfile/previewProfile (masquage secrets), runPostInstall (SSH)
- execute: RunActionOpts.profileId/values + branche post_install (bloc postInstall)
- action_requests: post_install accepté, payload profileId/values transmis à approve
- routes: GET /profiles, POST .../preview (script masqué + validation),
  POST .../run (action_request si requiresConfirmation, sinon direct)

Champs = formulaire (pas de question SSH interactive) ; secrets jamais sérialisés ;
identity_network exige confirmation. tsc 0 · 101 tests · build OK · boot OK.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-06-06 08:02:32 +02:00
parent faa654c95a
commit e6f4ae470b
10 changed files with 566 additions and 3 deletions
+2
View File
@@ -6,6 +6,7 @@ import { actionRequestsRoutes } from "./actionRequests.js";
import { dockerRoutes } from "./docker.js";
import { dbRoutes } from "./db.js";
import { settingsRoutes } from "./settings.js";
import { postInstallRoutes } from "./postInstall.js";
import { getServerCapabilities } from "../services/capabilities.js";
import { getSystemMetrics, getSystemStatus } from "../services/system.js";
@@ -19,3 +20,4 @@ api.route("/machines", machinesRoutes);
api.route("/machines", actionsRoutes);
api.route("/machines", dockerRoutes);
api.route("/", actionRequestsRoutes);
api.route("/", postInstallRoutes);