feat: network config

Add network configuration management UI and backend:

Backend:
- Add network_config module with support for static IP and DHCP configuration
- Implement network rollback mechanism with 90-second timeout
- Add API endpoint for setting network configuration with validation
- Refactor certificate management to use DeviceServiceClient reference
- Move certificate creation to server startup after service client initialization
- Remove certificate regeneration from network rollback flow
- Add server restart channel for handling network changes
- Cancel pending rollback on successful authentication

Frontend:
- Add Network page with network settings UI
- Add NetworkSettings component for editing network configuration
- Add NetworkActions component for network-related actions
- Add useWaitForNewIp composable for handling IP changes
- Update DeviceNetworks component to show network details
- Refactor DeviceActions to use composable pattern
- Update Vuetify and Biome configurations
- Add route for /network page

Dependencies:
- Add rust-ini for network config file management
- Add serde_valid for request validation
- Add trait-variant for async trait support
- Add actix-cors for CORS support
- Bump version to 1.1.0

Signed-off-by: Jan Zachmann <50990105+JanZachmann@users.noreply.github.com>

Author: JanZachmann

Cargo.lock

@@ -7,17 +7,18 @@ license = "MIT OR Apache-2.0"
 name = "omnect-ui"
 readme = "README.md"
 repository = "git@github.com:omnect/omnect-ui.git"
-version = "1.0.5"
+version = "1.1.0"
 build = "src/build.rs"
 
 [dependencies]
+actix-cors = { version = "0.7", default-features = false }
 actix-files = { version = "0.6", default-features = false }
 actix-multipart = { version = "0.7", default-features = false, features = [
   "tempfile",
   "derive"
-]}
-actix-session = { version = "0.10", features = ["cookie-session"] }
+] }
 actix-server = { version = "2.6", default-features = false }
+actix-session = { version = "0.10", features = ["cookie-session"] }
 actix-web = { version = "4.11", default-features = false, features = [
   "macros",
   "rustls-0_23",
@@ -37,6 +38,7 @@ log-panics = { version = "2.1", default-features = false, features = [
 mockall = { version = "0.13", optional = true, default-features = false }
 rand_core = { version = "0.9", default-features = false, features = ["std"] }
 reqwest = { version = "0.12.23", default-features = false, features = ["json", "rustls-tls"] }
+rust-ini = { version = "0.21", default-features = false }
 rustls = { version = "0.23", default-features = false, features = [
   "aws_lc_rs",
   "std",
@@ -51,11 +53,13 @@ serde_json = { version = "1.0", default-features = false, features = [
   "raw_value",
 ] }
 serde_repr = { version = "0.1", default-features = false }
+serde_valid = { version = "1.0", default-features = false }
 tokio = { version = "1.45", default-features = false, features = [
   "macros",
   "net",
   "process",
 ] }
+trait-variant = { version = "0.1" }
 uuid = { version = "1.17", default-features = false, features = [
   "v4",
 ] }
@@ -66,5 +70,5 @@ mock = ["dep:mockall"]
 [dev-dependencies]
 actix-http = "3.11"
 actix-service = "2.0"
-tempfile = "3.20"
 mockall_double = "0.3"
+tempfile = "3.20"

Cargo.toml

@@ -1,5 +1,5 @@
 {
-	"$schema": "https://biomejs.dev/schemas/1.9.4/schema.json",
+	"$schema": "https://biomejs.dev/schemas/2.2.4/schema.json",
 	"linter": {
 		"enabled": true,
 		"rules": {
@@ -10,23 +10,32 @@
 			},
 			"style": {
 				"noParameterAssign": "off",
-				"useImportType": "off"
+				"useImportType": "off",
+				"useAsConstAssertion": "error",
+				"useDefaultParameterLast": "error",
+				"useEnumInitializers": "error",
+				"useSelfClosingElements": "error",
+				"useSingleVarDeclarator": "error",
+				"noUnusedTemplateLiteral": "error",
+				"useNumberNamespace": "error",
+				"noInferrableTypes": "error",
+				"noUselessElse": "error"
 			},
 			"complexity": {
 				"noStaticOnlyClass": "off",
 				"useLiteralKeys": "off",
 				"noForEach": "off"
 			}
 		},
-		"ignore": []
+		"includes": ["**"]
 	},
 	"formatter": {
 		"enabled": true,
 		"formatWithErrors": false,
 		"indentStyle": "tab",
 		"indentWidth": 2,
 		"lineWidth": 150,
-		"ignore": []
+		"includes": ["**"]
 	},
 	"javascript": {
 		"formatter": {
@@ -39,7 +48,7 @@
 		}
 	},
 	"files": {
-		"ignore": ["./.vscode*"],
+		"includes": ["**", "!.vscode*"],
 		"maxSize": 31457280
 	}
 }

biome.json

@@ -18,6 +18,7 @@ docker run --rm \
   -v $(pwd)/temp:/cert \
   -v /tmp:/socket \
   -v $(pwd)/temp/data:/data \
+  -v $(pwd)/temp/network:/network \
   -u $(id -u):$(id -g) \
   -e RUST_LOG=debug \
   -e UI_PORT=1977 \

build-and-run-image.sh

@@ -5,6 +5,7 @@ use crate::{
     },
     keycloak_client::SingleSignOnProvider,
     middleware::TOKEN_EXPIRE_HOURS,
+    network_config::{self, NetworkConfig},
     omnect_device_service_client::{DeviceServiceClient, FactoryReset, LoadUpdate, RunUpdate},
 };
 use actix_files::NamedFile;
@@ -18,6 +19,7 @@ use argon2::{
 };
 use log::{debug, error};
 use serde::Deserialize;
+use serde_valid::Validate;
 use std::sync::OnceLock;
 use std::{
     fs::{self, File},
@@ -161,6 +163,7 @@ where
     pub async fn token(session: Session) -> impl Responder {
         debug!("token() called");
 
+        network_config::cancel_rollback();
         Self::session_token(session)
     }
 
@@ -289,6 +292,30 @@ where
         HttpResponse::Ok().finish()
     }
 
+    pub async fn set_network_config(
+        network_config: web::Json<NetworkConfig>,
+        api: web::Data<Self>,
+    ) -> impl Responder {
+        debug!("set_network_config() called");
+
+        if let Err(e) = network_config.validate() {
+            error!("set_network_config() failed: {e:#}");
+            return HttpResponse::BadRequest().body(format!("{e:#}"));
+        }
+
+        if let Err(e) =
+            network_config::apply_network_config(&api.service_client, &network_config).await
+        {
+            error!("set_network_config() failed: {e:#}");
+            if let Err(err) = network_config::rollback_network_config(&network_config) {
+                error!("Failed to restore network config: {err:#}");
+            }
+            return HttpResponse::InternalServerError().body(format!("{e:#}"));
+        }
+
+        HttpResponse::Ok().finish()
+    }
+
     async fn validate_token_and_claims(&self, token: &str) -> Result<()> {
         let claims = self.single_sign_on.verify_token(token).await?;
         let Some(tenant_list) = &claims.tenant_list else {

src/api.rs

@@ -3,7 +3,7 @@
 use crate::{
     common::handle_http_response,
     http_client::HttpClientFactory,
-    omnect_device_service_client::{DeviceServiceClient, OmnectDeviceServiceClient},
+    omnect_device_service_client::{DeviceServiceClient},
 };
 use anyhow::{Context, Result};
 use log::info;
@@ -47,9 +47,12 @@ pub async fn create_module_certificate() -> Result<()> {
 }
 
 #[cfg(not(feature = "mock"))]
-pub async fn create_module_certificate() -> Result<()> {
+pub async fn create_module_certificate<T>(service_client: &T) -> Result<()>
+where
+    T: DeviceServiceClient,
+{
     info!("create module certificate");
-    let ods_client = OmnectDeviceServiceClient::new(false).await?;
+
     let id = std::env::var("IOTEDGE_MODULEID")
         .context("failed to read IOTEDGE_MODULEID environment variable")?;
     let gen_id = std::env::var("IOTEDGE_MODULEGENERATIONID")
@@ -60,7 +63,7 @@ pub async fn create_module_certificate() -> Result<()> {
         .context("failed to read IOTEDGE_WORKLOADURI environment variable")?;
 
     let payload = CreateCertPayload {
-        common_name: ods_client.ip_address().await?,
+        common_name: service_client.ip_address().await?,
     };
 
     let path = format!("/modules/{id}/genid/{gen_id}/certificate/server?api-version={api_version}");

src/certificate.rs

@@ -5,6 +5,7 @@ use jwt_simple::prelude::{RS256PublicKey, RSAPublicKeyLike};
 #[cfg(feature = "mock")]
 use mockall::automock;
 use serde::{Deserialize, Serialize};
+use trait_variant::make;
 
 #[derive(Debug, Deserialize, Serialize, Clone)]
 pub struct TokenClaims {
@@ -26,9 +27,9 @@ macro_rules! keycloak_url {
     }};
 }
 
+#[make(Send + Sync)]
 #[cfg_attr(feature = "mock", automock)]
-#[allow(async_fn_in_trait)]
-pub trait SingleSignOnProvider: Send + Sync {
+pub trait SingleSignOnProvider {
     async fn verify_token(&self, token: &str) -> anyhow::Result<TokenClaims>;
 }
 

src/keycloak_client.rs

@@ -1,7 +1,9 @@
 pub mod api;
 pub mod auth;
+pub mod certificate;
 pub mod common;
 pub mod http_client;
 pub mod keycloak_client;
 pub mod middleware;
+pub mod network_config;
 pub mod omnect_device_service_client;

src/lib.rs

@@ -5,15 +5,18 @@ mod common;
 mod http_client;
 mod keycloak_client;
 mod middleware;
+mod network_config;
 mod omnect_device_service_client;
 
 use crate::{
     api::Api,
     certificate::create_module_certificate,
     common::{centrifugo_config, config_path},
     keycloak_client::KeycloakProvider,
+    network_config::init_server_restart_channel,
     omnect_device_service_client::{DeviceServiceClient, OmnectDeviceServiceClient},
 };
+use actix_cors::Cors;
 use actix_files::Files;
 use actix_multipart::form::MultipartFormConfig;
 use actix_server::ServerHandle;
@@ -35,6 +38,7 @@ use std::{fs, io::Write};
 use tokio::{
     process::{Child, Command},
     signal::unix::{SignalKind, signal},
+    sync::broadcast,
 };
 
 const UPLOAD_LIMIT_BYTES: usize = 250 * 1024 * 1024;
@@ -68,31 +72,59 @@ async fn main() {
         env!("GIT_SHORT_REV")
     );
 
-    create_module_certificate()
-        .await
-        .expect("failed to create module certificate");
+    // Create restart signal channel
+    let (restart_tx, mut restart_rx) = broadcast::channel(1);
+    init_server_restart_channel(restart_tx).expect("failed to set restart channel");
 
     let mut sigterm = signal(SignalKind::terminate()).expect("failed to install SIGTERM handler");
+
+    CryptoProvider::install_default(default_provider()).expect("failed to install crypto provider");
+
+    while run_until_shutdown(&mut restart_rx, &mut sigterm).await {
+        info!("restarting server...");
+    }
+
+    debug!("good bye");
+}
+
+async fn run_until_shutdown(
+    restart_rx: &mut broadcast::Receiver<()>,
+    sigterm: &mut tokio::signal::unix::Signal,
+) -> bool {
     let mut centrifugo = run_centrifugo();
     let (server_handle, server_task, service_client) = run_server().await;
 
-    tokio::select! {
+    let should_restart = tokio::select! {
         _ = tokio::signal::ctrl_c() => {
             debug!("ctrl-c received");
+            false
         },
         _ = sigterm.recv() => {
             debug!("SIGTERM received");
+            false
+        },
+        _ = restart_rx.recv() => {
+            debug!("server restart requested");
+            true
         },
-        _ = server_task => {
-            debug!("server stopped unexpectedly");
+        result = server_task => {
+            match result {
+                Ok(Ok(())) => debug!("server stopped normally"),
+                Ok(Err(e)) => debug!("server stopped with error: {e}"),
+                Err(e) => debug!("server task panicked: {e}"),
+            }
+            false
         },
         _ = centrifugo.wait() => {
             debug!("centrifugo stopped unexpectedly");
+            false
         }
-    }
+    };
 
     // Unified cleanup sequence - ensures consistent shutdown regardless of exit reason
-    info!("shutting down...");
+    if !should_restart {
+        info!("shutting down...");
+    }
 
     // 1. Shutdown service client first (unregister from omnect-device-service)
     if let Err(e) = service_client.shutdown().await {
@@ -101,22 +133,26 @@ async fn main() {
 
     // 2. Stop the server gracefully
     server_handle.stop(true).await;
-    info!("server stopped");
+    if !should_restart {
+        info!("server stopped");
+    }
 
     // 3. Kill centrifugo
     if let Err(e) = centrifugo.kill().await {
         error!("failed to kill centrifugo: {e:#}");
     }
-    info!("centrifugo stopped");
+    if !should_restart {
+        info!("centrifugo stopped");
+    }
+
+    should_restart
 }
 
 async fn run_server() -> (
     ServerHandle,
     tokio::task::JoinHandle<Result<(), std::io::Error>>,
     OmnectDeviceServiceClient,
 ) {
-    CryptoProvider::install_default(default_provider()).expect("failed to install crypto provider");
-
     let Ok(true) = fs::exists("/data") else {
         panic!("failed to find required data directory: /data is missing");
     };
@@ -137,6 +173,19 @@ async fn run_server() -> (
         .await
         .expect("failed to create api");
 
+    create_module_certificate(&service_client)
+        .await
+        .expect("failed to create module certificate");
+
+    tokio::spawn({
+        let service_client = service_client.clone();
+        async move {
+            if let Err(e) = network_config::process_pending_rollback(&service_client).await {
+                error!("failed to check pending rollback: {e:#}");
+            }
+        }
+    });
+
     let mut tls_certs = std::io::BufReader::new(
         std::fs::File::open(certificate::cert_path()).expect("failed to read certificate file"),
     );
@@ -173,6 +222,14 @@ async fn run_server() -> (
 
     let server = HttpServer::new(move || {
         App::new()
+            .wrap(
+                Cors::default()
+                    .allow_any_origin()
+                    .allow_any_header()
+                    .allowed_methods(vec!["GET"])
+                    .supports_credentials()
+                    .max_age(3600),
+            )
             .wrap(
                 SessionMiddleware::builder(CookieSessionStore::default(), session_key.clone())
                     .cookie_name(String::from("omnect-ui-session"))
@@ -240,6 +297,7 @@ async fn run_server() -> (
             .route("/version", web::get().to(UiApi::version))
             .route("/logout", web::post().to(UiApi::logout))
             .route("/healthcheck", web::get().to(UiApi::healthcheck))
+            .route("/network", web::post().to(UiApi::set_network_config))
             .service(Files::new(
                 "/static",
                 std::fs::canonicalize("static").expect("failed to find static folder"),