Merge claude/1

This commit is contained in:
librelad 2026-05-23 23:45:42 +01:00
commit 8532aecb3f
5 changed files with 48 additions and 33 deletions

View File

@ -169,11 +169,11 @@ JSON
# provided a cert. # provided a cert.
if [[ $public == "true" ]]; then if [[ $public == "true" ]]; then
result=$(sudo sed -i "s|allow_unencrypted_doh: false|allow_unencrypted_doh: true|g" "$containers_dir$app_name/conf/AdGuardHome.yaml") result=$(runFileOp sed -i "s|allow_unencrypted_doh: false|allow_unencrypted_doh: true|g" "$containers_dir$app_name/conf/AdGuardHome.yaml")
checkSuccess "Setting allow_unencrypted_doh to false for Traefik" checkSuccess "Setting allow_unencrypted_doh to false for Traefik"
fi fi
result=$(sudo sed -i "s|anonymize_client_ip: false: false|anonymize_client_ip: true|g" "$containers_dir$app_name/conf/AdGuardHome.yaml") result=$(runFileOp sed -i "s|anonymize_client_ip: false: false|anonymize_client_ip: true|g" "$containers_dir$app_name/conf/AdGuardHome.yaml")
checkSuccess "Setting anonymize_client_ip to true for privacy reasons" checkSuccess "Setting anonymize_client_ip to true for privacy reasons"
# Force the admin web bind back to 0.0.0.0:3000 inside the container. # Force the admin web bind back to 0.0.0.0:3000 inside the container.
@ -185,10 +185,10 @@ JSON
local adguard_yaml="$containers_dir$app_name/conf/AdGuardHome.yaml" local adguard_yaml="$containers_dir$app_name/conf/AdGuardHome.yaml"
if [[ -f "$adguard_yaml" ]]; then if [[ -f "$adguard_yaml" ]]; then
# New schema (v0.107+): single `address: 0.0.0.0:NN` line under `http:`. # New schema (v0.107+): single `address: 0.0.0.0:NN` line under `http:`.
sudo sed -i 's|^\(\s*address:\s*\)0\.0\.0\.0:[0-9]\+|\10.0.0.0:3000|' "$adguard_yaml" runFileOp sed -i 's|^\(\s*address:\s*\)0\.0\.0\.0:[0-9]\+|\10.0.0.0:3000|' "$adguard_yaml"
# Old schema fallback: separate `bind_host:` / `bind_port:` keys. # Old schema fallback: separate `bind_host:` / `bind_port:` keys.
sudo sed -i 's|^\(\s*bind_host:\s*\).*|\10.0.0.0|' "$adguard_yaml" runFileOp sed -i 's|^\(\s*bind_host:\s*\).*|\10.0.0.0|' "$adguard_yaml"
sudo sed -i 's|^\(\s*bind_port:\s*\)[0-9]\+|\13000|' "$adguard_yaml" runFileOp sed -i 's|^\(\s*bind_port:\s*\)[0-9]\+|\13000|' "$adguard_yaml"
checkSuccess "Pinned AdGuardHome admin bind to 0.0.0.0:3000 (matches the compose port mapping)." checkSuccess "Pinned AdGuardHome admin bind to 0.0.0.0:3000 (matches the compose port mapping)."
fi fi

View File

@ -58,18 +58,18 @@ uninstallCrowdsec()
echo "" echo ""
echo "---- $menu_number. Stopping CrowdSec host services." echo "---- $menu_number. Stopping CrowdSec host services."
echo "" echo ""
local result=$(sudo systemctl disable --now crowdsec-firewall-bouncer 2>&1) local result=$(runSystem systemctl disable --now crowdsec-firewall-bouncer 2>&1)
checkSuccess "Disabling firewall bouncer" checkSuccess "Disabling firewall bouncer"
local result=$(sudo systemctl disable --now crowdsec 2>&1) local result=$(runSystem systemctl disable --now crowdsec 2>&1)
checkSuccess "Disabling agent" checkSuccess "Disabling agent"
((menu_number++)) ((menu_number++))
echo "" echo ""
echo "---- $menu_number. Removing CrowdSec packages." echo "---- $menu_number. Removing CrowdSec packages."
echo "" echo ""
local result=$(sudo DEBIAN_FRONTEND=noninteractive apt-get purge -y -q crowdsec crowdsec-firewall-bouncer-nftables </dev/null 2>&1) local result=$(runSystem DEBIAN_FRONTEND=noninteractive apt-get purge -y -q crowdsec crowdsec-firewall-bouncer-nftables </dev/null 2>&1)
checkSuccess "Purged packages" checkSuccess "Purged packages"
local result=$(sudo DEBIAN_FRONTEND=noninteractive apt-get autoremove -y -q </dev/null 2>&1) local result=$(runSystem DEBIAN_FRONTEND=noninteractive apt-get autoremove -y -q </dev/null 2>&1)
checkSuccess "Removed orphaned dependencies" checkSuccess "Removed orphaned dependencies"
crowdsecToggleLibrePortalLogMounts off crowdsecToggleLibrePortalLogMounts off
@ -81,9 +81,9 @@ uninstallCrowdsec()
stopCrowdsec() stopCrowdsec()
{ {
isNotice "Stopping CrowdSec host services..." isNotice "Stopping CrowdSec host services..."
local result=$(sudo systemctl stop crowdsec-firewall-bouncer 2>&1) local result=$(runSystem systemctl stop crowdsec-firewall-bouncer 2>&1)
checkSuccess "Stopped firewall bouncer" checkSuccess "Stopped firewall bouncer"
local result=$(sudo systemctl stop crowdsec 2>&1) local result=$(runSystem systemctl stop crowdsec 2>&1)
checkSuccess "Stopped agent" checkSuccess "Stopped agent"
} }
@ -93,8 +93,8 @@ stopCrowdsec()
restartCrowdsec() restartCrowdsec()
{ {
isNotice "Restarting CrowdSec host services..." isNotice "Restarting CrowdSec host services..."
local result=$(sudo systemctl restart crowdsec 2>&1) local result=$(runSystem systemctl restart crowdsec 2>&1)
checkSuccess "Restarted agent" checkSuccess "Restarted agent"
local result=$(sudo systemctl restart crowdsec-firewall-bouncer 2>&1) local result=$(runSystem systemctl restart crowdsec-firewall-bouncer 2>&1)
checkSuccess "Restarted firewall bouncer" checkSuccess "Restarted firewall bouncer"
} }

View File

@ -78,7 +78,7 @@ installTraefik()
checkSuccess "Copy Traefik configuration file for $app_name" checkSuccess "Copy Traefik configuration file for $app_name"
# Setup Debug Level # Setup Debug Level
local result=$(sudo sed -i "s|DEBUGLEVEL|$CFG_TRAEFIK_LOGGING|g" "$containers_dir$app_name/etc/traefik.yml") local result=$(runFileOp sed -i "s|DEBUGLEVEL|$CFG_TRAEFIK_LOGGING|g" "$containers_dir$app_name/etc/traefik.yml")
checkSuccess "Configured Traefik debug level with: $CFG_TRAEFIK_LOGGING for $app_name" checkSuccess "Configured Traefik debug level with: $CFG_TRAEFIK_LOGGING for $app_name"
configSetupFileWithData $app_name "traefik.yml" "etc"; configSetupFileWithData $app_name "traefik.yml" "etc";
@ -92,26 +92,26 @@ installTraefik()
case "$access" in case "$access" in
local-only) local-only)
sudo sed -i 's|^\(\s*insecure:\s*\).*$|\1true|' "$traefik_yml" runFileOp sed -i 's|^\(\s*insecure:\s*\).*$|\1true|' "$traefik_yml"
# Bind PORT_1 mapping to 127.0.0.1 only. Idempotent — only # Bind PORT_1 mapping to 127.0.0.1 only. Idempotent — only
# adds the prefix if it isn't already there. # adds the prefix if it isn't already there.
sudo sed -i '/#LIBREPORTAL|PORTS_TAG_1|/ { runFileOp sed -i '/#LIBREPORTAL|PORTS_TAG_1|/ {
/127\.0\.0\.1:/! s|"\([0-9]\+:[0-9]\+\)"|"127.0.0.1:\1"| /127\.0\.0\.1:/! s|"\([0-9]\+:[0-9]\+\)"|"127.0.0.1:\1"|
}' "$compose_yml" }' "$compose_yml"
checkSuccess "Dashboard access: local-only (loopback :8080 + auth-protected domain)" checkSuccess "Dashboard access: local-only (loopback :8080 + auth-protected domain)"
;; ;;
domain-only) domain-only)
sudo sed -i 's|^\(\s*insecure:\s*\).*$|\1false|' "$traefik_yml" runFileOp sed -i 's|^\(\s*insecure:\s*\).*$|\1false|' "$traefik_yml"
# Drop the :8080 entrypoint entirely — nothing should listen # Drop the :8080 entrypoint entirely — nothing should listen
# there if the dashboard is domain-only. # there if the dashboard is domain-only.
sudo sed -i '/^\s*traefik:\s*$/,/^\s*address:\s*:8080\s*$/d' "$traefik_yml" runFileOp sed -i '/^\s*traefik:\s*$/,/^\s*address:\s*:8080\s*$/d' "$traefik_yml"
checkSuccess "Dashboard access: domain-only (auth-protected via Host route only)" checkSuccess "Dashboard access: domain-only (auth-protected via Host route only)"
;; ;;
public) public)
sudo sed -i 's|^\(\s*insecure:\s*\).*$|\1true|' "$traefik_yml" runFileOp sed -i 's|^\(\s*insecure:\s*\).*$|\1true|' "$traefik_yml"
# Strip any 127.0.0.1: prefix the compose port may have # Strip any 127.0.0.1: prefix the compose port may have
# picked up from a previous local-only install. # picked up from a previous local-only install.
sudo sed -i '/#LIBREPORTAL|PORTS_TAG_1|/ s|"127\.0\.0\.1:\([0-9]\+:[0-9]\+\)"|"\1"|' "$compose_yml" runFileOp sed -i '/#LIBREPORTAL|PORTS_TAG_1|/ s|"127\.0\.0\.1:\([0-9]\+:[0-9]\+\)"|"\1"|' "$compose_yml"
checkSuccess "Dashboard access: public (unauthenticated :8080 on all interfaces — legacy)" checkSuccess "Dashboard access: public (unauthenticated :8080 on all interfaces — legacy)"
;; ;;
*) *)
@ -131,7 +131,7 @@ installTraefik()
checkSuccess "Copy Traefik Dynamic config.yml configuration file for $app_name" checkSuccess "Copy Traefik Dynamic config.yml configuration file for $app_name"
# Setup Error 404 Website # Setup Error 404 Website
local result=$(sudo sed -i "s|ERRORWEBSITE|$CFG_TRAEFIK_404_SITE|g" "$containers_dir$app_name/etc/dynamic/config.yml") local result=$(runFileOp sed -i "s|ERRORWEBSITE|$CFG_TRAEFIK_404_SITE|g" "$containers_dir$app_name/etc/dynamic/config.yml")
checkSuccess "Configured Traefik error website with URL: $CFG_TRAEFIK_404_SITE for $app_name" checkSuccess "Configured Traefik error website with URL: $CFG_TRAEFIK_404_SITE for $app_name"
configSetupFileWithData $app_name "config.yml" "etc/dynamic"; configSetupFileWithData $app_name "config.yml" "etc/dynamic";

View File

@ -17,7 +17,7 @@ appDashyUpdateConf()
# row, so dockerCheckAppInstalled would say not_installed and bail. # row, so dockerCheckAppInstalled would say not_installed and bail.
# Look at the actual docker container instead — if the container # Look at the actual docker container instead — if the container
# exists or the install dir is present, generate the conf. # exists or the install dir is present, generate the conf.
if ! sudo docker ps -a --format '{{.Names}}' 2>/dev/null | grep -qE '^(dashy|dashy-service)$' \ if ! dockerCommandRun "docker ps -a --format '{{.Names}}'" "sudo" 2>/dev/null | grep -qE '^(dashy|dashy-service)$' \
&& [[ ! -d "${containers_dir}dashy" ]]; then && [[ ! -d "${containers_dir}dashy" ]]; then
return 0 return 0
fi fi
@ -30,8 +30,8 @@ appDashyUpdateConf()
# bootstrap and the full render — will overwrite this. # bootstrap and the full render — will overwrite this.
_dashyWriteSkeleton() { _dashyWriteSkeleton() {
local install_name="${CFG_INSTALL_NAME:-LibrePortal}" local install_name="${CFG_INSTALL_NAME:-LibrePortal}"
sudo mkdir -p "$(dirname "$conf_file")" runFileOp mkdir -p "$(dirname "$conf_file")"
sudo tee "$conf_file" >/dev/null <<EOF runFileWrite "$conf_file" <<EOF
--- ---
pageInfo: pageInfo:
title: Dashy - LibrePortal - ${install_name} title: Dashy - LibrePortal - ${install_name}
@ -47,7 +47,7 @@ appConfig:
sections: [] sections: []
EOF EOF
sudo chown "$docker_install_user:$docker_install_user" "$conf_file" 2>/dev/null || true runFileOp chown "$docker_install_user:$docker_install_user" "$conf_file" 2>/dev/null || true
} }
if ! command -v jq >/dev/null 2>&1; then if ! command -v jq >/dev/null 2>&1; then
@ -63,9 +63,9 @@ EOF
fi fi
local original_md5="" local original_md5=""
[[ -f "$conf_file" ]] && original_md5=$(sudo md5sum "$conf_file" 2>/dev/null | awk '{print $1}') [[ -f "$conf_file" ]] && original_md5=$(runFileOp md5sum "$conf_file" 2>/dev/null | awk '{print $1}')
sudo mkdir -p "$(dirname "$conf_file")" runFileOp mkdir -p "$(dirname "$conf_file")"
# Build the selected-id set (empty CFG = include every URL). # Build the selected-id set (empty CFG = include every URL).
local _selected_set="" local _selected_set=""
@ -192,7 +192,7 @@ EOF
[[ -z "$page_title" ]] && page_title="Dashy - LibrePortal - ${install_name}" [[ -z "$page_title" ]] && page_title="Dashy - LibrePortal - ${install_name}"
[[ -z "$page_desc" ]] && page_desc="Welcome to your LibrePortal Dashy dashboard!" [[ -z "$page_desc" ]] && page_desc="Welcome to your LibrePortal Dashy dashboard!"
sudo tee "$conf_file" >/dev/null <<EOF runFileWrite "$conf_file" <<EOF
--- ---
pageInfo: pageInfo:
title: ${page_title} title: ${page_title}
@ -232,7 +232,7 @@ EOF
local cat local cat
for cat in "${_cat_order[@]}"; do for cat in "${_cat_order[@]}"; do
printf -- "- name: %s\n icon: fas fa-cube\n items:\n" "$cat" \ printf -- "- name: %s\n icon: fas fa-cube\n items:\n" "$cat" \
| sudo tee -a "$conf_file" >/dev/null | runFileWrite -a "$conf_file"
local IFS_BAK="$IFS" local IFS_BAK="$IFS"
local entry local entry
while IFS= read -r entry; do while IFS= read -r entry; do
@ -267,18 +267,18 @@ EOF
fi fi
printf -- " - title: %s\n description: %s\n icon: %s\n url: %s\n statusCheck: %s\n target: %s\n" \ printf -- " - title: %s\n description: %s\n icon: %s\n url: %s\n statusCheck: %s\n target: %s\n" \
"$tile_title" "$tile_desc" "$icon_ref" "$url" "$status_check" "$open_target" \ "$tile_title" "$tile_desc" "$icon_ref" "$url" "$status_check" "$open_target" \
| sudo tee -a "$conf_file" >/dev/null | runFileWrite -a "$conf_file"
_total_items=$((_total_items + 1)) _total_items=$((_total_items + 1))
done <<< "${_cat_buckets[$cat]}" done <<< "${_cat_buckets[$cat]}"
IFS="$IFS_BAK" IFS="$IFS_BAK"
done done
sudo chown "$docker_install_user:$docker_install_user" "$conf_file" 2>/dev/null || true runFileOp chown "$docker_install_user:$docker_install_user" "$conf_file" 2>/dev/null || true
local updated_md5=$(sudo md5sum "$conf_file" 2>/dev/null | awk '{print $1}') local updated_md5=$(runFileOp md5sum "$conf_file" 2>/dev/null | awk '{print $1}')
if [[ "$original_md5" != "$updated_md5" ]]; then if [[ "$original_md5" != "$updated_md5" ]]; then
isNotice "Dashy config changed — restarting container..." isNotice "Dashy config changed — restarting container..."
sudo docker restart dashy-service >/dev/null 2>&1 || sudo docker restart dashy >/dev/null 2>&1 || true dockerCommandRun "docker restart dashy-service" "sudo" >/dev/null 2>&1 || dockerCommandRun "docker restart dashy" "sudo" >/dev/null 2>&1 || true
local _cat_label="categories" local _cat_label="categories"
[[ ${#_cat_order[@]} -eq 1 ]] && _cat_label="category" [[ ${#_cat_order[@]} -eq 1 ]] && _cat_label="category"
isSuccessful "Restarted dashy (${#_cat_order[@]} ${_cat_label}, ${_total_items} URL(s))." isSuccessful "Restarted dashy (${#_cat_order[@]} ${_cat_label}, ${_total_items} URL(s))."

View File

@ -50,3 +50,18 @@ runFileWrite() {
runSystem() { runSystem() {
sudo "$@" sudo "$@"
} }
# Op on the manager install dir / shipped templates — the LibrePortal clone and
# its container templates, owned by the manager user that runs the runtime.
# rooted -> sudo <cmd> (install tree is root-owned; byte-identical)
# rootless -> <cmd> (the manager user already owns it — no privilege)
# For copies that read the install tree and write into /docker (two different
# owners in rootless), don't use this for the whole copy — read here and pipe
# into runFileWrite so each side runs as the correct owner.
runInstallOp() {
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
"$@"
else
sudo "$@"
fi
}