From 0221ce26f901ccb35a810b01d982426f15d473c9 Mon Sep 17 00:00:00 2001
From: mathieu <mathieubourbon49@gmail.com>
Date: Sat, 16 May 2026 02:11:52 +0200
Subject: [PATCH] feat(seeds): add port catalog and host port assignments to
 dev seed

Adds 25 common ports (SSH, HTTP/S, SMTP, PostgreSQL, etc.) to the ports
catalog and assigns realistic open ports to each seeded host based on its
role (web server, database, NAS, VPN gateway, etc.).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 seeds/postgres/dev_seed.sql | 133 ++++++++++++++++++++++++++++++++++++
 seeds/sqlite/dev_seed.sql   | 112 ++++++++++++++++++++++++++++++
 2 files changed, 245 insertions(+)

diff --git a/seeds/postgres/dev_seed.sql b/seeds/postgres/dev_seed.sql
index 8fde0f9..a75e948 100644
--- a/seeds/postgres/dev_seed.sql
+++ b/seeds/postgres/dev_seed.sql
@@ -60,3 +60,136 @@ FROM (VALUES
     ('vpn-client-02',  '172.16.1.11')
 ) AS t(name, ip)
 WHERE NOT EXISTS (SELECT 1 FROM hosts WHERE hosts.name = t.name AND hosts.ip = t.ip);
+
+-- ── Ports catalog ─────────────────────────────────────────────────────────────
+
+INSERT INTO ports (number, description) VALUES
+    (22,   'SSH'),
+    (25,   'SMTP'),
+    (53,   'DNS'),
+    (80,   'HTTP'),
+    (143,  'IMAP'),
+    (161,  'SNMP'),
+    (443,  'HTTPS'),
+    (445,  'SMB'),
+    (465,  'SMTPS'),
+    (500,  'IKE / IPSec'),
+    (514,  'Syslog'),
+    (587,  'SMTP Submission'),
+    (873,  'rsync'),
+    (993,  'IMAPS'),
+    (1194, 'OpenVPN'),
+    (2049, 'NFS'),
+    (3000, 'Grafana'),
+    (3389, 'RDP'),
+    (4500, 'IPSec NAT-T'),
+    (5044, 'Logstash Beats'),
+    (5432, 'PostgreSQL'),
+    (5601, 'Kibana'),
+    (9090, 'Prometheus'),
+    (9100, 'JetDirect'),
+    (9200, 'Elasticsearch')
+ON CONFLICT (number) DO NOTHING;
+
+-- ── Host ports ────────────────────────────────────────────────────────────────
+
+-- gateway: SSH, DNS, HTTP, HTTPS
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 53, 80, 443]) p
+WHERE h.name = 'gateway' AND h.ip = '192.168.1.1'
+ON CONFLICT DO NOTHING;
+
+-- workstation-01: SSH, RDP
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 3389]) p
+WHERE h.name = 'workstation-01' AND h.ip = '192.168.1.10'
+ON CONFLICT DO NOTHING;
+
+-- workstation-02: SSH, RDP
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 3389]) p
+WHERE h.name = 'workstation-02' AND h.ip = '192.168.1.11'
+ON CONFLICT DO NOTHING;
+
+-- workstation-03: SSH, RDP
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 3389]) p
+WHERE h.name = 'workstation-03' AND h.ip = '192.168.1.12'
+ON CONFLICT DO NOTHING;
+
+-- nas-01: SSH, HTTP, HTTPS, SMB, NFS
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 80, 443, 445, 2049]) p
+WHERE h.name = 'nas-01' AND h.ip = '192.168.1.20'
+ON CONFLICT DO NOTHING;
+
+-- printer-01: HTTP, HTTPS, JetDirect
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[80, 443, 9100]) p
+WHERE h.name = 'printer-01' AND h.ip = '192.168.1.50'
+ON CONFLICT DO NOTHING;
+
+-- web-server-01: SSH, HTTP, HTTPS
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 80, 443]) p
+WHERE h.name = 'web-server-01' AND h.ip = '192.168.10.10'
+ON CONFLICT DO NOTHING;
+
+-- web-server-02: SSH, HTTP, HTTPS
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 80, 443]) p
+WHERE h.name = 'web-server-02' AND h.ip = '192.168.10.11'
+ON CONFLICT DO NOTHING;
+
+-- db-server-01: SSH, PostgreSQL
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 5432]) p
+WHERE h.name = 'db-server-01' AND h.ip = '192.168.10.20'
+ON CONFLICT DO NOTHING;
+
+-- mail-server-01: SSH, SMTP, IMAP, SMTPS, Submission, IMAPS
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 25, 143, 465, 587, 993]) p
+WHERE h.name = 'mail-server-01' AND h.ip = '192.168.10.30'
+ON CONFLICT DO NOTHING;
+
+-- core-switch-01: SSH, SNMP
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 161]) p
+WHERE h.name = 'core-switch-01' AND h.ip = '10.0.0.1'
+ON CONFLICT DO NOTHING;
+
+-- monitoring-01: SSH, HTTP, HTTPS, Grafana, Prometheus
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 80, 443, 3000, 9090]) p
+WHERE h.name = 'monitoring-01' AND h.ip = '10.0.1.10'
+ON CONFLICT DO NOTHING;
+
+-- backup-server-01: SSH, SMB, rsync
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 445, 873]) p
+WHERE h.name = 'backup-server-01' AND h.ip = '10.0.1.20'
+ON CONFLICT DO NOTHING;
+
+-- log-server-01: SSH, Syslog, Logstash Beats, Elasticsearch, Kibana
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 514, 5044, 9200, 5601]) p
+WHERE h.name = 'log-server-01' AND h.ip = '10.0.1.30'
+ON CONFLICT DO NOTHING;
+
+-- vpn-gateway-01: SSH, IKE, OpenVPN, IPSec NAT-T
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, p FROM hosts h, unnest(ARRAY[22, 500, 1194, 4500]) p
+WHERE h.name = 'vpn-gateway-01' AND h.ip = '172.16.0.1'
+ON CONFLICT DO NOTHING;
+
+-- vpn clients: SSH only
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, 22 FROM hosts h
+WHERE h.name = 'vpn-client-01' AND h.ip = '172.16.1.10'
+ON CONFLICT DO NOTHING;
+
+INSERT INTO host_ports (host_id, port_number)
+SELECT h.id, 22 FROM hosts h
+WHERE h.name = 'vpn-client-02' AND h.ip = '172.16.1.11'
+ON CONFLICT DO NOTHING;
diff --git a/seeds/sqlite/dev_seed.sql b/seeds/sqlite/dev_seed.sql
index 23a9cc7..dbadea2 100644
--- a/seeds/sqlite/dev_seed.sql
+++ b/seeds/sqlite/dev_seed.sql
@@ -40,3 +40,115 @@ INSERT INTO hosts (name, ip, network_id) SELECT 'log-server-01',    '10.0.1.30',
 INSERT INTO hosts (name, ip, network_id) SELECT 'vpn-gateway-01', '172.16.0.1',  id FROM networks WHERE cidr = '172.16.0.0/16'    AND NOT EXISTS (SELECT 1 FROM hosts WHERE name = 'vpn-gateway-01' AND ip = '172.16.0.1');
 INSERT INTO hosts (name, ip, network_id) SELECT 'vpn-client-01',  '172.16.1.10', id FROM networks WHERE cidr = '172.16.0.0/16'    AND NOT EXISTS (SELECT 1 FROM hosts WHERE name = 'vpn-client-01'  AND ip = '172.16.1.10');
 INSERT INTO hosts (name, ip, network_id) SELECT 'vpn-client-02',  '172.16.1.11', id FROM networks WHERE cidr = '172.16.0.0/16'    AND NOT EXISTS (SELECT 1 FROM hosts WHERE name = 'vpn-client-02'  AND ip = '172.16.1.11');
+
+-- ── Ports catalog ─────────────────────────────────────────────────────────────
+
+INSERT OR IGNORE INTO ports (number, description) VALUES
+    (22,   'SSH'),
+    (25,   'SMTP'),
+    (53,   'DNS'),
+    (80,   'HTTP'),
+    (143,  'IMAP'),
+    (161,  'SNMP'),
+    (443,  'HTTPS'),
+    (445,  'SMB'),
+    (465,  'SMTPS'),
+    (500,  'IKE / IPSec'),
+    (514,  'Syslog'),
+    (587,  'SMTP Submission'),
+    (873,  'rsync'),
+    (993,  'IMAPS'),
+    (1194, 'OpenVPN'),
+    (2049, 'NFS'),
+    (3000, 'Grafana'),
+    (3389, 'RDP'),
+    (4500, 'IPSec NAT-T'),
+    (5044, 'Logstash Beats'),
+    (5432, 'PostgreSQL'),
+    (5601, 'Kibana'),
+    (9090, 'Prometheus'),
+    (9100, 'JetDirect'),
+    (9200, 'Elasticsearch');
+
+-- ── Host ports ────────────────────────────────────────────────────────────────
+-- INSERT OR IGNORE is safe: host_ports has a composite PRIMARY KEY (host_id, port_number).
+-- Host IDs are resolved by subquery on (name, ip) to stay independent of auto-increment values.
+
+-- gateway: SSH, DNS, HTTP (admin UI), HTTPS (admin UI)
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22  FROM hosts WHERE name = 'gateway'        AND ip = '192.168.1.1';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 53  FROM hosts WHERE name = 'gateway'        AND ip = '192.168.1.1';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 80  FROM hosts WHERE name = 'gateway'        AND ip = '192.168.1.1';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 443 FROM hosts WHERE name = 'gateway'        AND ip = '192.168.1.1';
+
+-- workstations: SSH, RDP
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'workstation-01' AND ip = '192.168.1.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 3389 FROM hosts WHERE name = 'workstation-01' AND ip = '192.168.1.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'workstation-02' AND ip = '192.168.1.11';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 3389 FROM hosts WHERE name = 'workstation-02' AND ip = '192.168.1.11';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'workstation-03' AND ip = '192.168.1.12';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 3389 FROM hosts WHERE name = 'workstation-03' AND ip = '192.168.1.12';
+
+-- nas-01: SSH, HTTP (web UI), HTTPS, SMB, NFS
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'nas-01'         AND ip = '192.168.1.20';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 80   FROM hosts WHERE name = 'nas-01'         AND ip = '192.168.1.20';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 443  FROM hosts WHERE name = 'nas-01'         AND ip = '192.168.1.20';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 445  FROM hosts WHERE name = 'nas-01'         AND ip = '192.168.1.20';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 2049 FROM hosts WHERE name = 'nas-01'         AND ip = '192.168.1.20';
+
+-- printer-01: HTTP (web UI), HTTPS, JetDirect
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 80   FROM hosts WHERE name = 'printer-01'     AND ip = '192.168.1.50';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 443  FROM hosts WHERE name = 'printer-01'     AND ip = '192.168.1.50';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 9100 FROM hosts WHERE name = 'printer-01'     AND ip = '192.168.1.50';
+
+-- web servers: SSH, HTTP, HTTPS
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22  FROM hosts WHERE name = 'web-server-01'  AND ip = '192.168.10.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 80  FROM hosts WHERE name = 'web-server-01'  AND ip = '192.168.10.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 443 FROM hosts WHERE name = 'web-server-01'  AND ip = '192.168.10.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22  FROM hosts WHERE name = 'web-server-02'  AND ip = '192.168.10.11';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 80  FROM hosts WHERE name = 'web-server-02'  AND ip = '192.168.10.11';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 443 FROM hosts WHERE name = 'web-server-02'  AND ip = '192.168.10.11';
+
+-- db-server-01: SSH, PostgreSQL
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'db-server-01'   AND ip = '192.168.10.20';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 5432 FROM hosts WHERE name = 'db-server-01'   AND ip = '192.168.10.20';
+
+-- mail-server-01: SSH, SMTP, IMAP, SMTPS, SMTP Submission, IMAPS
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22  FROM hosts WHERE name = 'mail-server-01' AND ip = '192.168.10.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 25  FROM hosts WHERE name = 'mail-server-01' AND ip = '192.168.10.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 143 FROM hosts WHERE name = 'mail-server-01' AND ip = '192.168.10.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 465 FROM hosts WHERE name = 'mail-server-01' AND ip = '192.168.10.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 587 FROM hosts WHERE name = 'mail-server-01' AND ip = '192.168.10.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 993 FROM hosts WHERE name = 'mail-server-01' AND ip = '192.168.10.30';
+
+-- core-switch-01: SSH, SNMP
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22  FROM hosts WHERE name = 'core-switch-01'   AND ip = '10.0.0.1';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 161 FROM hosts WHERE name = 'core-switch-01'   AND ip = '10.0.0.1';
+
+-- monitoring-01: SSH, HTTP, HTTPS, Prometheus, Grafana
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'monitoring-01'    AND ip = '10.0.1.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 80   FROM hosts WHERE name = 'monitoring-01'    AND ip = '10.0.1.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 443  FROM hosts WHERE name = 'monitoring-01'    AND ip = '10.0.1.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 3000 FROM hosts WHERE name = 'monitoring-01'    AND ip = '10.0.1.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 9090 FROM hosts WHERE name = 'monitoring-01'    AND ip = '10.0.1.10';
+
+-- backup-server-01: SSH, SMB, rsync
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22  FROM hosts WHERE name = 'backup-server-01' AND ip = '10.0.1.20';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 445 FROM hosts WHERE name = 'backup-server-01' AND ip = '10.0.1.20';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 873 FROM hosts WHERE name = 'backup-server-01' AND ip = '10.0.1.20';
+
+-- log-server-01: SSH, Syslog, Logstash Beats, Elasticsearch, Kibana
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'log-server-01'    AND ip = '10.0.1.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 514  FROM hosts WHERE name = 'log-server-01'    AND ip = '10.0.1.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 5044 FROM hosts WHERE name = 'log-server-01'    AND ip = '10.0.1.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 9200 FROM hosts WHERE name = 'log-server-01'    AND ip = '10.0.1.30';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 5601 FROM hosts WHERE name = 'log-server-01'    AND ip = '10.0.1.30';
+
+-- vpn-gateway-01: SSH, IKE, IPSec NAT-T, OpenVPN
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'vpn-gateway-01' AND ip = '172.16.0.1';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 500  FROM hosts WHERE name = 'vpn-gateway-01' AND ip = '172.16.0.1';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 1194 FROM hosts WHERE name = 'vpn-gateway-01' AND ip = '172.16.0.1';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 4500 FROM hosts WHERE name = 'vpn-gateway-01' AND ip = '172.16.0.1';
+
+-- vpn clients: SSH only
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22 FROM hosts WHERE name = 'vpn-client-01'  AND ip = '172.16.1.10';
+INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22 FROM hosts WHERE name = 'vpn-client-02'  AND ip = '172.16.1.11';