Merge branch 'main' into logs-database

server/db/sqlite/index.ts

@@ -1,5 +1,6 @@
 export * from "./driver";
 export * from "./logsDriver";
+export * from "./safeRead";
 export * from "./schema/schema";
 export * from "./schema/privateSchema";
 export * from "./migrate";

server/db/sqlite/safeRead.ts

@@ -0,0 +1,11 @@
+import { db } from "./driver";
+
+/**
+ * Runs a read query. For SQLite there is no replica/primary distinction,
+ * so the query is executed once against the database.
+ */
+export async function safeRead<T>(
+    query: (d: typeof db) => Promise<T>
+): Promise<T> {
+    return query(db);
+}

server/db/sqlite/schema/schema.ts

@@ -257,7 +257,11 @@ export const siteResources = sqliteTable("siteResources", {
     udpPortRangeString: text("udpPortRangeString").notNull().default("*"),
     disableIcmp: integer("disableIcmp", { mode: "boolean" })
         .notNull()
-        .default(false)
+        .default(false),
+    authDaemonPort: integer("authDaemonPort").default(22123),
+    authDaemonMode: text("authDaemonMode")
+        .$type<"site" | "remote">()
+        .default("site")
 });
 
 export const clientSiteResources = sqliteTable("clientSiteResources", {
@@ -679,7 +683,13 @@ export const roles = sqliteTable("roles", {
     description: text("description"),
     requireDeviceApproval: integer("requireDeviceApproval", {
         mode: "boolean"
-    }).default(false)
+    }).default(false),
+    sshSudoMode: text("sshSudoMode").default("none"), // "none" | "full" | "commands"
+    sshSudoCommands: text("sshSudoCommands").default("[]"),
+    sshCreateHomeDir: integer("sshCreateHomeDir", { mode: "boolean" }).default(
+        true
+    ),
+    sshUnixGroups: text("sshUnixGroups").default("[]")
 });
 
 export const roleActions = sqliteTable("roleActions", {