From 109c7751eb3a874d7c69f845dade267e80771527 Mon Sep 17 00:00:00 2001
From: CodeMaster4711 <cedi27@t-online.de>
Date: Wed, 11 Mar 2026 20:21:20 +0100
Subject: [PATCH 1/3] fix: new test version

---
 nixos-node/modules/server-configuration.nix | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/nixos-node/modules/server-configuration.nix b/nixos-node/modules/server-configuration.nix
index 1508dde..0d51f59 100644
--- a/nixos-node/modules/server-configuration.nix
+++ b/nixos-node/modules/server-configuration.nix
@@ -63,7 +63,6 @@ in
     enable = true;
     package = csf.agentPackage;
     apiGateway = "http://localhost:8000";
-    registrationToken = "csf-bootstrap.change_me";
     heartbeatInterval = 60;
     logLevel = "info";
   };
@@ -158,7 +157,7 @@ services:
     restart: unless-stopped
 
   api-gateway:
-    image: ghcr.io/cs-foundry/csf-ce-api-gateway:0.2.2-alpha.361
+    image: ghcr.io/cs-foundry/csf-ce-api-gateway:0.2.2-alpha.367
     container_name: csf-api-gateway
     environment:
       DATABASE_URL: postgres://csf:csfpassword@patroni:5432/csf_core
@@ -186,7 +185,7 @@ services:
       start_period: 30s
 
   registry:
-    image: ghcr.io/cs-foundry/csf-ce-registry:0.2.2-alpha.361
+    image: ghcr.io/cs-foundry/csf-ce-registry:0.2.2-alpha.367
     container_name: csf-registry
     environment:
       DATABASE_URL: postgres://csf:csfpassword@patroni:5432/csf_core
@@ -202,7 +201,7 @@ services:
     restart: unless-stopped
 
   scheduler:
-    image: ghcr.io/cs-foundry/csf-ce-scheduler:0.2.2-alpha.361
+    image: ghcr.io/cs-foundry/csf-ce-scheduler:0.2.2-alpha.367
     container_name: csf-scheduler
     environment:
       DATABASE_URL: postgres://csf:csfpassword@patroni:5432/csf_core
@@ -217,7 +216,7 @@ services:
     restart: unless-stopped
 
   volume-manager:
-    image: ghcr.io/cs-foundry/csf-ce-volume-manager:0.2.2-alpha.361
+    image: ghcr.io/cs-foundry/csf-ce-volume-manager:0.2.2-alpha.367
     container_name: csf-volume-manager
     environment:
       DATABASE_URL: postgres://csf:csfpassword@patroni:5432/csf_core
@@ -234,7 +233,7 @@ services:
     restart: unless-stopped
 
   failover-controller:
-    image: ghcr.io/cs-foundry/csf-ce-failover-controller:0.2.2-alpha.361
+    image: ghcr.io/cs-foundry/csf-ce-failover-controller:0.2.2-alpha.367
     container_name: csf-failover-controller
     environment:
       DATABASE_URL: postgres://csf:csfpassword@patroni:5432/csf_core
@@ -250,7 +249,7 @@ services:
     restart: unless-stopped
 
   sdn-controller:
-    image: ghcr.io/cs-foundry/csf-ce-sdn-controller:0.2.2-alpha.361
+    image: ghcr.io/cs-foundry/csf-ce-sdn-controller:0.2.2-alpha.367
     container_name: csf-sdn-controller
     environment:
       DATABASE_URL: postgres://csf:csfpassword@patroni:5432/csf_core

From b09048e54df3c4e815f1c095e2af43cd71fc5eb2 Mon Sep 17 00:00:00 2001
From: CodeMaster4711 <cedi27@t-online.de>
Date: Wed, 11 Mar 2026 20:42:33 +0100
Subject: [PATCH 2/3] fix: agent

---
 agent/src/client.rs               | 3 ++-
 nixos-node/modules/csf-daemon.nix | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/agent/src/client.rs b/agent/src/client.rs
index 58722ef..ab6bcbf 100644
--- a/agent/src/client.rs
+++ b/agent/src/client.rs
@@ -178,7 +178,8 @@ impl ApiClient {
             });
 
         if let Some(ref cert_pem) = self.cert_pem {
-            req = req.header("X-Client-Cert", cert_pem.as_str());
+            let encoded = cert_pem.replace('\n', "\\n");
+            req = req.header("X-Client-Cert", encoded);
         }
 
         let resp = req.send().await.context("Failed to send heartbeat")?;
diff --git a/nixos-node/modules/csf-daemon.nix b/nixos-node/modules/csf-daemon.nix
index ea86b10..e81152e 100644
--- a/nixos-node/modules/csf-daemon.nix
+++ b/nixos-node/modules/csf-daemon.nix
@@ -55,8 +55,9 @@ in
 
     systemd.services.csf-daemon = {
       description = "CSF Local Daemon Agent";
-      after = [ "network-online.target" ];
+      after = [ "network-online.target" "csf-control-plane.service" ];
       wants = [ "network-online.target" ];
+      requires = [ "csf-control-plane.service" ];
       wantedBy = [ "multi-user.target" ];
 
       environment = {

From f544e36724fcdef4408c7c93ddd40c98bf3ffcc6 Mon Sep 17 00:00:00 2001
From: CodeMaster4711 <cedi27@t-online.de>
Date: Wed, 11 Mar 2026 20:49:48 +0100
Subject: [PATCH 3/3] fix: cert issue

---
 control-plane/registry/src/db/certificates.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/control-plane/registry/src/db/certificates.rs b/control-plane/registry/src/db/certificates.rs
index 46a5008..f6e2dc9 100644
--- a/control-plane/registry/src/db/certificates.rs
+++ b/control-plane/registry/src/db/certificates.rs
@@ -102,10 +102,11 @@ pub async fn verify_client_cert(
     agent_id: Uuid,
     cert_pem: &str,
 ) -> Result<bool> {
+    let normalized = cert_pem.replace("\\n", "\n");
     let cert = agent_certificates::Entity::find()
         .filter(agent_certificates::Column::AgentId.eq(agent_id))
         .filter(agent_certificates::Column::IsActive.eq(true))
-        .filter(agent_certificates::Column::CertificatePem.eq(cert_pem))
+        .filter(agent_certificates::Column::CertificatePem.eq(normalized))
         .one(db)
         .await?;