Add host-mode heartbeat: vetting-agent host + last-seen badge

vetting-agent gains a `host` subcommand that runs as a systemd service installed by the quick-register one-liner, POSTing every 30s to /api/v1/hosts/{mac}/heartbeat so the dashboard tile shows "online" or "Nm ago" without waiting on WoL. Ships dormant client code for the Phase 2 reboot_for_vetting command so the server can flip it on later without a binary redeploy. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 23:34:15 -04:00
parent d24207427f
commit a0c0fb114f
28 changed files with 1106 additions and 165 deletions
@@ -25,30 +25,36 @@
 set -euo pipefail

 BINARY=""
+AGENT_BINARY=""
 CONFIG_DIR="/etc/vetting"
 STATE_DIR="/var/lib/vetting"
 LOG_DIR="/var/log/vetting"
+ASSET_DIR="/var/lib/vetting/assets"
 SERVICE_USER="vetting"

 usage() {
    cat <<EOF
-Usage: $0 [--binary PATH] [--config-dir DIR]
+Usage: $0 [--binary PATH] [--agent-binary PATH] [--config-dir DIR]

-  --binary PATH       Path to a pre-built vetting binary (default:
-                      auto-detect ../bin/vetting-linux-amd64 relative to
-                      this script).
-  --config-dir DIR    Where to install vetting.yaml + systemd unit drop
-                      (default: /etc/vetting).
-  -h, --help          Print this message.
+  --binary PATH        Path to a pre-built vetting binary (default:
+                       auto-detect ../bin/vetting-linux-amd64 relative to
+                       this script).
+  --agent-binary PATH  Path to a pre-built vetting-agent linux-amd64 binary
+                       served at /assets/vetting-agent-linux-amd64 for the
+                       quick-register one-liner (default: auto-detect).
+  --config-dir DIR     Where to install vetting.yaml + systemd unit drop
+                       (default: /etc/vetting).
+  -h, --help           Print this message.
 EOF
 }

 while [[ $# -gt 0 ]]; do
    case "$1" in
-        --binary)     BINARY="$2"; shift 2 ;;
-        --config-dir) CONFIG_DIR="$2"; shift 2 ;;
-        -h|--help)    usage; exit 0 ;;
-        *)            echo "unknown arg: $1" >&2; usage; exit 2 ;;
+        --binary)       BINARY="$2"; shift 2 ;;
+        --agent-binary) AGENT_BINARY="$2"; shift 2 ;;
+        --config-dir)   CONFIG_DIR="$2"; shift 2 ;;
+        -h|--help)      usage; exit 0 ;;
+        *)              echo "unknown arg: $1" >&2; usage; exit 2 ;;
    esac
 done

@@ -73,6 +79,19 @@ if [[ -z "${BINARY}" || ! -x "${BINARY}" ]]; then
    exit 1
 fi

+if [[ -z "${AGENT_BINARY}" ]]; then
+    for cand in \
+        "${REPO_ROOT}/bin/vetting-agent.linux-amd64" \
+        "${REPO_ROOT}/bin/vetting-agent-linux-amd64" \
+        "${SCRIPT_DIR}/vetting-agent-linux-amd64"; do
+        if [[ -x "${cand}" ]]; then AGENT_BINARY="${cand}"; break; fi
+    done
+fi
+if [[ -z "${AGENT_BINARY}" || ! -x "${AGENT_BINARY}" ]]; then
+    echo "could not find a vetting-agent binary; pass --agent-binary PATH or run 'make agent-linux' first" >&2
+    exit 1
+fi
+
 echo "==> installing runtime dependencies"
 export DEBIAN_FRONTEND=noninteractive
 apt-get update -qq
@@ -90,10 +109,12 @@ fi
 echo "==> preparing directories"
 install -d -m 0755 -o "${SERVICE_USER}" -g "${SERVICE_USER}" "${STATE_DIR}"
 install -d -m 0755 -o "${SERVICE_USER}" -g "${SERVICE_USER}" "${LOG_DIR}"
+install -d -m 0755 -o "${SERVICE_USER}" -g "${SERVICE_USER}" "${ASSET_DIR}"
 install -d -m 0755 "${CONFIG_DIR}"

 echo "==> installing binary"
 install -m 0755 "${BINARY}" /usr/local/bin/vetting
+install -m 0755 "${AGENT_BINARY}" "${ASSET_DIR}/vetting-agent-linux-amd64"

 echo "==> installing config and systemd unit"
 # vetting.production.yaml uses absolute /var/lib/vetting + /var/log/vetting