Merge claude/1
This commit is contained in:
commit
8532aecb3f
@ -169,11 +169,11 @@ JSON
|
|||||||
# provided a cert.
|
# provided a cert.
|
||||||
|
|
||||||
if [[ $public == "true" ]]; then
|
if [[ $public == "true" ]]; then
|
||||||
result=$(sudo sed -i "s|allow_unencrypted_doh: false|allow_unencrypted_doh: true|g" "$containers_dir$app_name/conf/AdGuardHome.yaml")
|
result=$(runFileOp sed -i "s|allow_unencrypted_doh: false|allow_unencrypted_doh: true|g" "$containers_dir$app_name/conf/AdGuardHome.yaml")
|
||||||
checkSuccess "Setting allow_unencrypted_doh to false for Traefik"
|
checkSuccess "Setting allow_unencrypted_doh to false for Traefik"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
result=$(sudo sed -i "s|anonymize_client_ip: false: false|anonymize_client_ip: true|g" "$containers_dir$app_name/conf/AdGuardHome.yaml")
|
result=$(runFileOp sed -i "s|anonymize_client_ip: false: false|anonymize_client_ip: true|g" "$containers_dir$app_name/conf/AdGuardHome.yaml")
|
||||||
checkSuccess "Setting anonymize_client_ip to true for privacy reasons"
|
checkSuccess "Setting anonymize_client_ip to true for privacy reasons"
|
||||||
|
|
||||||
# Force the admin web bind back to 0.0.0.0:3000 inside the container.
|
# Force the admin web bind back to 0.0.0.0:3000 inside the container.
|
||||||
@ -185,10 +185,10 @@ JSON
|
|||||||
local adguard_yaml="$containers_dir$app_name/conf/AdGuardHome.yaml"
|
local adguard_yaml="$containers_dir$app_name/conf/AdGuardHome.yaml"
|
||||||
if [[ -f "$adguard_yaml" ]]; then
|
if [[ -f "$adguard_yaml" ]]; then
|
||||||
# New schema (v0.107+): single `address: 0.0.0.0:NN` line under `http:`.
|
# New schema (v0.107+): single `address: 0.0.0.0:NN` line under `http:`.
|
||||||
sudo sed -i 's|^\(\s*address:\s*\)0\.0\.0\.0:[0-9]\+|\10.0.0.0:3000|' "$adguard_yaml"
|
runFileOp sed -i 's|^\(\s*address:\s*\)0\.0\.0\.0:[0-9]\+|\10.0.0.0:3000|' "$adguard_yaml"
|
||||||
# Old schema fallback: separate `bind_host:` / `bind_port:` keys.
|
# Old schema fallback: separate `bind_host:` / `bind_port:` keys.
|
||||||
sudo sed -i 's|^\(\s*bind_host:\s*\).*|\10.0.0.0|' "$adguard_yaml"
|
runFileOp sed -i 's|^\(\s*bind_host:\s*\).*|\10.0.0.0|' "$adguard_yaml"
|
||||||
sudo sed -i 's|^\(\s*bind_port:\s*\)[0-9]\+|\13000|' "$adguard_yaml"
|
runFileOp sed -i 's|^\(\s*bind_port:\s*\)[0-9]\+|\13000|' "$adguard_yaml"
|
||||||
checkSuccess "Pinned AdGuardHome admin bind to 0.0.0.0:3000 (matches the compose port mapping)."
|
checkSuccess "Pinned AdGuardHome admin bind to 0.0.0.0:3000 (matches the compose port mapping)."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -58,18 +58,18 @@ uninstallCrowdsec()
|
|||||||
echo ""
|
echo ""
|
||||||
echo "---- $menu_number. Stopping CrowdSec host services."
|
echo "---- $menu_number. Stopping CrowdSec host services."
|
||||||
echo ""
|
echo ""
|
||||||
local result=$(sudo systemctl disable --now crowdsec-firewall-bouncer 2>&1)
|
local result=$(runSystem systemctl disable --now crowdsec-firewall-bouncer 2>&1)
|
||||||
checkSuccess "Disabling firewall bouncer"
|
checkSuccess "Disabling firewall bouncer"
|
||||||
local result=$(sudo systemctl disable --now crowdsec 2>&1)
|
local result=$(runSystem systemctl disable --now crowdsec 2>&1)
|
||||||
checkSuccess "Disabling agent"
|
checkSuccess "Disabling agent"
|
||||||
|
|
||||||
((menu_number++))
|
((menu_number++))
|
||||||
echo ""
|
echo ""
|
||||||
echo "---- $menu_number. Removing CrowdSec packages."
|
echo "---- $menu_number. Removing CrowdSec packages."
|
||||||
echo ""
|
echo ""
|
||||||
local result=$(sudo DEBIAN_FRONTEND=noninteractive apt-get purge -y -q crowdsec crowdsec-firewall-bouncer-nftables </dev/null 2>&1)
|
local result=$(runSystem DEBIAN_FRONTEND=noninteractive apt-get purge -y -q crowdsec crowdsec-firewall-bouncer-nftables </dev/null 2>&1)
|
||||||
checkSuccess "Purged packages"
|
checkSuccess "Purged packages"
|
||||||
local result=$(sudo DEBIAN_FRONTEND=noninteractive apt-get autoremove -y -q </dev/null 2>&1)
|
local result=$(runSystem DEBIAN_FRONTEND=noninteractive apt-get autoremove -y -q </dev/null 2>&1)
|
||||||
checkSuccess "Removed orphaned dependencies"
|
checkSuccess "Removed orphaned dependencies"
|
||||||
|
|
||||||
crowdsecToggleLibrePortalLogMounts off
|
crowdsecToggleLibrePortalLogMounts off
|
||||||
@ -81,9 +81,9 @@ uninstallCrowdsec()
|
|||||||
stopCrowdsec()
|
stopCrowdsec()
|
||||||
{
|
{
|
||||||
isNotice "Stopping CrowdSec host services..."
|
isNotice "Stopping CrowdSec host services..."
|
||||||
local result=$(sudo systemctl stop crowdsec-firewall-bouncer 2>&1)
|
local result=$(runSystem systemctl stop crowdsec-firewall-bouncer 2>&1)
|
||||||
checkSuccess "Stopped firewall bouncer"
|
checkSuccess "Stopped firewall bouncer"
|
||||||
local result=$(sudo systemctl stop crowdsec 2>&1)
|
local result=$(runSystem systemctl stop crowdsec 2>&1)
|
||||||
checkSuccess "Stopped agent"
|
checkSuccess "Stopped agent"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -93,8 +93,8 @@ stopCrowdsec()
|
|||||||
restartCrowdsec()
|
restartCrowdsec()
|
||||||
{
|
{
|
||||||
isNotice "Restarting CrowdSec host services..."
|
isNotice "Restarting CrowdSec host services..."
|
||||||
local result=$(sudo systemctl restart crowdsec 2>&1)
|
local result=$(runSystem systemctl restart crowdsec 2>&1)
|
||||||
checkSuccess "Restarted agent"
|
checkSuccess "Restarted agent"
|
||||||
local result=$(sudo systemctl restart crowdsec-firewall-bouncer 2>&1)
|
local result=$(runSystem systemctl restart crowdsec-firewall-bouncer 2>&1)
|
||||||
checkSuccess "Restarted firewall bouncer"
|
checkSuccess "Restarted firewall bouncer"
|
||||||
}
|
}
|
||||||
|
|||||||
@ -78,7 +78,7 @@ installTraefik()
|
|||||||
checkSuccess "Copy Traefik configuration file for $app_name"
|
checkSuccess "Copy Traefik configuration file for $app_name"
|
||||||
|
|
||||||
# Setup Debug Level
|
# Setup Debug Level
|
||||||
local result=$(sudo sed -i "s|DEBUGLEVEL|$CFG_TRAEFIK_LOGGING|g" "$containers_dir$app_name/etc/traefik.yml")
|
local result=$(runFileOp sed -i "s|DEBUGLEVEL|$CFG_TRAEFIK_LOGGING|g" "$containers_dir$app_name/etc/traefik.yml")
|
||||||
checkSuccess "Configured Traefik debug level with: $CFG_TRAEFIK_LOGGING for $app_name"
|
checkSuccess "Configured Traefik debug level with: $CFG_TRAEFIK_LOGGING for $app_name"
|
||||||
|
|
||||||
configSetupFileWithData $app_name "traefik.yml" "etc";
|
configSetupFileWithData $app_name "traefik.yml" "etc";
|
||||||
@ -92,26 +92,26 @@ installTraefik()
|
|||||||
|
|
||||||
case "$access" in
|
case "$access" in
|
||||||
local-only)
|
local-only)
|
||||||
sudo sed -i 's|^\(\s*insecure:\s*\).*$|\1true|' "$traefik_yml"
|
runFileOp sed -i 's|^\(\s*insecure:\s*\).*$|\1true|' "$traefik_yml"
|
||||||
# Bind PORT_1 mapping to 127.0.0.1 only. Idempotent — only
|
# Bind PORT_1 mapping to 127.0.0.1 only. Idempotent — only
|
||||||
# adds the prefix if it isn't already there.
|
# adds the prefix if it isn't already there.
|
||||||
sudo sed -i '/#LIBREPORTAL|PORTS_TAG_1|/ {
|
runFileOp sed -i '/#LIBREPORTAL|PORTS_TAG_1|/ {
|
||||||
/127\.0\.0\.1:/! s|"\([0-9]\+:[0-9]\+\)"|"127.0.0.1:\1"|
|
/127\.0\.0\.1:/! s|"\([0-9]\+:[0-9]\+\)"|"127.0.0.1:\1"|
|
||||||
}' "$compose_yml"
|
}' "$compose_yml"
|
||||||
checkSuccess "Dashboard access: local-only (loopback :8080 + auth-protected domain)"
|
checkSuccess "Dashboard access: local-only (loopback :8080 + auth-protected domain)"
|
||||||
;;
|
;;
|
||||||
domain-only)
|
domain-only)
|
||||||
sudo sed -i 's|^\(\s*insecure:\s*\).*$|\1false|' "$traefik_yml"
|
runFileOp sed -i 's|^\(\s*insecure:\s*\).*$|\1false|' "$traefik_yml"
|
||||||
# Drop the :8080 entrypoint entirely — nothing should listen
|
# Drop the :8080 entrypoint entirely — nothing should listen
|
||||||
# there if the dashboard is domain-only.
|
# there if the dashboard is domain-only.
|
||||||
sudo sed -i '/^\s*traefik:\s*$/,/^\s*address:\s*:8080\s*$/d' "$traefik_yml"
|
runFileOp sed -i '/^\s*traefik:\s*$/,/^\s*address:\s*:8080\s*$/d' "$traefik_yml"
|
||||||
checkSuccess "Dashboard access: domain-only (auth-protected via Host route only)"
|
checkSuccess "Dashboard access: domain-only (auth-protected via Host route only)"
|
||||||
;;
|
;;
|
||||||
public)
|
public)
|
||||||
sudo sed -i 's|^\(\s*insecure:\s*\).*$|\1true|' "$traefik_yml"
|
runFileOp sed -i 's|^\(\s*insecure:\s*\).*$|\1true|' "$traefik_yml"
|
||||||
# Strip any 127.0.0.1: prefix the compose port may have
|
# Strip any 127.0.0.1: prefix the compose port may have
|
||||||
# picked up from a previous local-only install.
|
# picked up from a previous local-only install.
|
||||||
sudo sed -i '/#LIBREPORTAL|PORTS_TAG_1|/ s|"127\.0\.0\.1:\([0-9]\+:[0-9]\+\)"|"\1"|' "$compose_yml"
|
runFileOp sed -i '/#LIBREPORTAL|PORTS_TAG_1|/ s|"127\.0\.0\.1:\([0-9]\+:[0-9]\+\)"|"\1"|' "$compose_yml"
|
||||||
checkSuccess "Dashboard access: public (unauthenticated :8080 on all interfaces — legacy)"
|
checkSuccess "Dashboard access: public (unauthenticated :8080 on all interfaces — legacy)"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -131,7 +131,7 @@ installTraefik()
|
|||||||
checkSuccess "Copy Traefik Dynamic config.yml configuration file for $app_name"
|
checkSuccess "Copy Traefik Dynamic config.yml configuration file for $app_name"
|
||||||
|
|
||||||
# Setup Error 404 Website
|
# Setup Error 404 Website
|
||||||
local result=$(sudo sed -i "s|ERRORWEBSITE|$CFG_TRAEFIK_404_SITE|g" "$containers_dir$app_name/etc/dynamic/config.yml")
|
local result=$(runFileOp sed -i "s|ERRORWEBSITE|$CFG_TRAEFIK_404_SITE|g" "$containers_dir$app_name/etc/dynamic/config.yml")
|
||||||
checkSuccess "Configured Traefik error website with URL: $CFG_TRAEFIK_404_SITE for $app_name"
|
checkSuccess "Configured Traefik error website with URL: $CFG_TRAEFIK_404_SITE for $app_name"
|
||||||
|
|
||||||
configSetupFileWithData $app_name "config.yml" "etc/dynamic";
|
configSetupFileWithData $app_name "config.yml" "etc/dynamic";
|
||||||
|
|||||||
@ -17,7 +17,7 @@ appDashyUpdateConf()
|
|||||||
# row, so dockerCheckAppInstalled would say not_installed and bail.
|
# row, so dockerCheckAppInstalled would say not_installed and bail.
|
||||||
# Look at the actual docker container instead — if the container
|
# Look at the actual docker container instead — if the container
|
||||||
# exists or the install dir is present, generate the conf.
|
# exists or the install dir is present, generate the conf.
|
||||||
if ! sudo docker ps -a --format '{{.Names}}' 2>/dev/null | grep -qE '^(dashy|dashy-service)$' \
|
if ! dockerCommandRun "docker ps -a --format '{{.Names}}'" "sudo" 2>/dev/null | grep -qE '^(dashy|dashy-service)$' \
|
||||||
&& [[ ! -d "${containers_dir}dashy" ]]; then
|
&& [[ ! -d "${containers_dir}dashy" ]]; then
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
@ -30,8 +30,8 @@ appDashyUpdateConf()
|
|||||||
# bootstrap and the full render — will overwrite this.
|
# bootstrap and the full render — will overwrite this.
|
||||||
_dashyWriteSkeleton() {
|
_dashyWriteSkeleton() {
|
||||||
local install_name="${CFG_INSTALL_NAME:-LibrePortal}"
|
local install_name="${CFG_INSTALL_NAME:-LibrePortal}"
|
||||||
sudo mkdir -p "$(dirname "$conf_file")"
|
runFileOp mkdir -p "$(dirname "$conf_file")"
|
||||||
sudo tee "$conf_file" >/dev/null <<EOF
|
runFileWrite "$conf_file" <<EOF
|
||||||
---
|
---
|
||||||
pageInfo:
|
pageInfo:
|
||||||
title: Dashy - LibrePortal - ${install_name}
|
title: Dashy - LibrePortal - ${install_name}
|
||||||
@ -47,7 +47,7 @@ appConfig:
|
|||||||
|
|
||||||
sections: []
|
sections: []
|
||||||
EOF
|
EOF
|
||||||
sudo chown "$docker_install_user:$docker_install_user" "$conf_file" 2>/dev/null || true
|
runFileOp chown "$docker_install_user:$docker_install_user" "$conf_file" 2>/dev/null || true
|
||||||
}
|
}
|
||||||
|
|
||||||
if ! command -v jq >/dev/null 2>&1; then
|
if ! command -v jq >/dev/null 2>&1; then
|
||||||
@ -63,9 +63,9 @@ EOF
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
local original_md5=""
|
local original_md5=""
|
||||||
[[ -f "$conf_file" ]] && original_md5=$(sudo md5sum "$conf_file" 2>/dev/null | awk '{print $1}')
|
[[ -f "$conf_file" ]] && original_md5=$(runFileOp md5sum "$conf_file" 2>/dev/null | awk '{print $1}')
|
||||||
|
|
||||||
sudo mkdir -p "$(dirname "$conf_file")"
|
runFileOp mkdir -p "$(dirname "$conf_file")"
|
||||||
|
|
||||||
# Build the selected-id set (empty CFG = include every URL).
|
# Build the selected-id set (empty CFG = include every URL).
|
||||||
local _selected_set=""
|
local _selected_set=""
|
||||||
@ -192,7 +192,7 @@ EOF
|
|||||||
[[ -z "$page_title" ]] && page_title="Dashy - LibrePortal - ${install_name}"
|
[[ -z "$page_title" ]] && page_title="Dashy - LibrePortal - ${install_name}"
|
||||||
[[ -z "$page_desc" ]] && page_desc="Welcome to your LibrePortal Dashy dashboard!"
|
[[ -z "$page_desc" ]] && page_desc="Welcome to your LibrePortal Dashy dashboard!"
|
||||||
|
|
||||||
sudo tee "$conf_file" >/dev/null <<EOF
|
runFileWrite "$conf_file" <<EOF
|
||||||
---
|
---
|
||||||
pageInfo:
|
pageInfo:
|
||||||
title: ${page_title}
|
title: ${page_title}
|
||||||
@ -232,7 +232,7 @@ EOF
|
|||||||
local cat
|
local cat
|
||||||
for cat in "${_cat_order[@]}"; do
|
for cat in "${_cat_order[@]}"; do
|
||||||
printf -- "- name: %s\n icon: fas fa-cube\n items:\n" "$cat" \
|
printf -- "- name: %s\n icon: fas fa-cube\n items:\n" "$cat" \
|
||||||
| sudo tee -a "$conf_file" >/dev/null
|
| runFileWrite -a "$conf_file"
|
||||||
local IFS_BAK="$IFS"
|
local IFS_BAK="$IFS"
|
||||||
local entry
|
local entry
|
||||||
while IFS= read -r entry; do
|
while IFS= read -r entry; do
|
||||||
@ -267,18 +267,18 @@ EOF
|
|||||||
fi
|
fi
|
||||||
printf -- " - title: %s\n description: %s\n icon: %s\n url: %s\n statusCheck: %s\n target: %s\n" \
|
printf -- " - title: %s\n description: %s\n icon: %s\n url: %s\n statusCheck: %s\n target: %s\n" \
|
||||||
"$tile_title" "$tile_desc" "$icon_ref" "$url" "$status_check" "$open_target" \
|
"$tile_title" "$tile_desc" "$icon_ref" "$url" "$status_check" "$open_target" \
|
||||||
| sudo tee -a "$conf_file" >/dev/null
|
| runFileWrite -a "$conf_file"
|
||||||
_total_items=$((_total_items + 1))
|
_total_items=$((_total_items + 1))
|
||||||
done <<< "${_cat_buckets[$cat]}"
|
done <<< "${_cat_buckets[$cat]}"
|
||||||
IFS="$IFS_BAK"
|
IFS="$IFS_BAK"
|
||||||
done
|
done
|
||||||
|
|
||||||
sudo chown "$docker_install_user:$docker_install_user" "$conf_file" 2>/dev/null || true
|
runFileOp chown "$docker_install_user:$docker_install_user" "$conf_file" 2>/dev/null || true
|
||||||
|
|
||||||
local updated_md5=$(sudo md5sum "$conf_file" 2>/dev/null | awk '{print $1}')
|
local updated_md5=$(runFileOp md5sum "$conf_file" 2>/dev/null | awk '{print $1}')
|
||||||
if [[ "$original_md5" != "$updated_md5" ]]; then
|
if [[ "$original_md5" != "$updated_md5" ]]; then
|
||||||
isNotice "Dashy config changed — restarting container..."
|
isNotice "Dashy config changed — restarting container..."
|
||||||
sudo docker restart dashy-service >/dev/null 2>&1 || sudo docker restart dashy >/dev/null 2>&1 || true
|
dockerCommandRun "docker restart dashy-service" "sudo" >/dev/null 2>&1 || dockerCommandRun "docker restart dashy" "sudo" >/dev/null 2>&1 || true
|
||||||
local _cat_label="categories"
|
local _cat_label="categories"
|
||||||
[[ ${#_cat_order[@]} -eq 1 ]] && _cat_label="category"
|
[[ ${#_cat_order[@]} -eq 1 ]] && _cat_label="category"
|
||||||
isSuccessful "Restarted dashy (${#_cat_order[@]} ${_cat_label}, ${_total_items} URL(s))."
|
isSuccessful "Restarted dashy (${#_cat_order[@]} ${_cat_label}, ${_total_items} URL(s))."
|
||||||
|
|||||||
@ -50,3 +50,18 @@ runFileWrite() {
|
|||||||
runSystem() {
|
runSystem() {
|
||||||
sudo "$@"
|
sudo "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Op on the manager install dir / shipped templates — the LibrePortal clone and
|
||||||
|
# its container templates, owned by the manager user that runs the runtime.
|
||||||
|
# rooted -> sudo <cmd> (install tree is root-owned; byte-identical)
|
||||||
|
# rootless -> <cmd> (the manager user already owns it — no privilege)
|
||||||
|
# For copies that read the install tree and write into /docker (two different
|
||||||
|
# owners in rootless), don't use this for the whole copy — read here and pipe
|
||||||
|
# into runFileWrite so each side runs as the correct owner.
|
||||||
|
runInstallOp() {
|
||||||
|
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
|
||||||
|
"$@"
|
||||||
|
else
|
||||||
|
sudo "$@"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user