diff --git a/configs/features/.category b/configs/features/.category deleted file mode 100755 index e2c1a54..0000000 --- a/configs/features/.category +++ /dev/null @@ -1,5 +0,0 @@ -TITLE=Features -DESCRIPTION=Toggle system components and features -ICON=features -ORDER=5 -SUBCATEGORY_ORDER=features_core,features_security,features_terminal diff --git a/configs/features/features_core b/configs/features/features_core deleted file mode 100755 index 999f5f2..0000000 --- a/configs/features/features_core +++ /dev/null @@ -1,18 +0,0 @@ -# ================================================================================ -# Core Features - Essential LibrePortal functionality and core services -# ================================================================================ -CFG_REQUIREMENT_CONFIG=true # Configuration Management - Enable configuration management system for LibrePortal settings -CFG_REQUIREMENT_COMMAND=true # Command Line Tool - Install the libreportal command line tool for system management -CFG_REQUIREMENT_WEBUI=true # Web Interface - Install and manage the LibrePortal web based management interface -CFG_REQUIREMENT_WEBUI_SERVICE=true # Web Task Service - Install the task management systemd service for the web interface -CFG_REQUIREMENT_DATABASE=true # Database Support - Install and configure database support for application data storage -CFG_REQUIREMENT_PASSWORDS=true # Password Management - Enable password generation and management features -CFG_REQUIREMENT_DOCKER_CE=true # Docker CE - Install Docker Community Edition instead of the default Docker version -CFG_REQUIREMENT_DOCKER_COMPOSE=true # Docker Compose - Install Docker Compose for multi container application management -CFG_REQUIREMENT_DOCKER_NETWORK=true # Docker Network - Create and manage Docker network for container communication -CFG_REQUIREMENT_UFW=true # Firewall Protection - Install and configure the Uncomplicated Firewall for system security -CFG_REQUIREMENT_UFWD=true # Docker Firewall - Install UFW Docker for container aware firewall management which is rooted Docker specific -CFG_REQUIREMENT_SSLCERTS=true # SSL Certificates - Generate and manage SSL certificates for secure HTTPS connections -CFG_REQUIREMENT_CRONTAB=true # Scheduled Tasks - Setup scheduled tasks and automated maintenance jobs -CFG_REQUIREMENT_WHITELIST_PORT_UPDATER=true # Auto Port Management - Automatically update port whitelist when applications are installed or removed -CFG_REQUIREMENT_BCRYPT_SAVE=true # Password Encryption - Encrypt saved passwords using bcrypt for enhanced security diff --git a/configs/features/features_security b/configs/features/features_security deleted file mode 100755 index ba079dd..0000000 --- a/configs/features/features_security +++ /dev/null @@ -1,7 +0,0 @@ -# ================================================================================ -# Security and Authentication - SSH access and security configuration -# ================================================================================ -CFG_REQUIREMENT_SSHKEY_DOWNLOADER=false # SSH Key Downloader - Enable SSH key download functionality for remote access -CFG_REQUIREMENT_SSH_DISABLE_PASSWORDS=false # SSH Password Disable - Disable password authentication for SSH requiring key based access only -CFG_REQUIREMENT_GLUETUN_FOR_ALL=false # Gluetun For All Apps - Allow routing through Gluetun VPN for every app (default: only curated categories) - diff --git a/configs/features/features_terminal b/configs/features/features_terminal deleted file mode 100755 index fd23d3b..0000000 --- a/configs/features/features_terminal +++ /dev/null @@ -1,12 +0,0 @@ -# ================================================================================ -# Terminal Only - Advanced terminal based features and utilities **ADVANCED** -# ================================================================================ -CFG_REQUIREMENT_SUGGEST_INSTALLS=false # Install Suggestions - Enable application suggestions and recommendations during installation -CFG_REQUIREMENT_SUGGEST_METRICS=true # Metrics Suggestions - Offer Prometheus and Grafana during first install (requires Install Suggestions enabled) -CFG_REQUIREMENT_CONTINUE_PROMPT=false # Continue Prompts - Show continue prompts during installation for user confirmation -CFG_REQUIREMENT_CONFIGS_CHECK=true # Config Validation - Validate configuration files on startup for errors and consistency -CFG_REQUIREMENT_CONFIGS_AUTO_UPDATE=true # Auto Config Updates - Add new config options from the template (non-interactive) -CFG_REQUIREMENT_CONFIGS_AUTO_DELETE=true # Auto Config Deletes - Remove config options no longer present in the template -CFG_REQUIREMENT_MISSING_IPS=false # IP Configuration Check - Check for and alert about missing IP configurations -CFG_REQUIREMENT_DOCKER_NETWORK_PRUNE=true # Docker Network Cleanup - Enable automatic cleanup of unused Docker networks -CFG_REQUIREMENT_DOCKER_SWITCHER=true # Docker Switcher - Install Docker version switching utility for managing multiple Docker versions diff --git a/configs/general/general_install b/configs/general/general_install index 987b49e..66e853b 100755 --- a/configs/general/general_install +++ b/configs/general/general_install @@ -10,3 +10,11 @@ CFG_GIT_USER=changeme # Git Username - Git us CFG_GIT_KEY=changeme # Git Access Key - SSH key or API key for Git repository access CFG_GIT_UPDATES=true # Auto Check Updates - Check for updates automatically CFG_GIT_AUTO_UPDATES=true # Auto Apply Updates - Automatically apply updates when available +CFG_REQUIREMENT_CONFIG=true # Configuration Management - Install the configuration management system. Disabling this on an existing install will brick the system. **ADVANCED** **DEV** +CFG_REQUIREMENT_COMMAND=true # Command Line Tool - Install the libreportal command line tool. Disabling this on an existing install will brick the system. **ADVANCED** **DEV** +CFG_REQUIREMENT_WEBUI=true # Web Interface - Install the LibrePortal WebUI. Disabling this on an existing install will brick the system. **ADVANCED** **DEV** +CFG_REQUIREMENT_WEBUI_SERVICE=true # Web Task Service - Install the task-processor systemd service that backs the WebUI. Disabling this on an existing install will brick the system. **ADVANCED** **DEV** +CFG_REQUIREMENT_DATABASE=true # Database Support - Install and configure database support for application data storage. Install-time choice only — flipping post-install will not retrofit. **ADVANCED** **DEV** +CFG_REQUIREMENT_PASSWORDS=true # Password Management - Enable password generation and management features. Install-time choice only. **ADVANCED** **DEV** +CFG_REQUIREMENT_DOCKER_CE=true # Docker CE - Install Docker Community Edition instead of the distro default. Install-time choice only — flipping post-install does not swap Docker. **ADVANCED** **DEV** +CFG_REQUIREMENT_DOCKER_COMPOSE=true # Docker Compose - Install Docker Compose for multi-container application management. Install-time choice only. **ADVANCED** **DEV** diff --git a/configs/general/general_terminal b/configs/general/general_terminal index 6ed31a1..4f6821d 100755 --- a/configs/general/general_terminal +++ b/configs/general/general_terminal @@ -7,3 +7,11 @@ CFG_GENERATED_PASS_LENGTH=14 # Password Length - Len CFG_GENERATED_USER_LENGTH=8 # Username Length - Length for auto generated usernames CFG_UFW_LOGGING=off # Firewall Logging - UFW firewall logging level [off|low|medium|high|full] CFG_TEXT_EDITOR=nano # Text Editor - Default text editor for system operations [nano|vim] +CFG_REQUIREMENT_CRONTAB=true # Scheduled Tasks - Install scheduled tasks and automated maintenance jobs +CFG_REQUIREMENT_CONFIGS_CHECK=true # Config Validation - Validate configuration files on startup for errors and consistency +CFG_REQUIREMENT_CONFIGS_AUTO_UPDATE=true # Auto Config Updates - Add new config options from the template (non-interactive) +CFG_REQUIREMENT_CONFIGS_AUTO_DELETE=true # Auto Config Deletes - Remove config options no longer present in the template +CFG_REQUIREMENT_MISSING_IPS=false # IP Configuration Check - Check for and alert about missing IP configurations +CFG_REQUIREMENT_CONTINUE_PROMPT=false # Continue Prompts - Show continue prompts during installation for user confirmation +CFG_REQUIREMENT_SUGGEST_INSTALLS=false # Install Suggestions - Enable application suggestions and recommendations during installation +CFG_REQUIREMENT_SUGGEST_METRICS=true # Metrics Suggestions - Offer Prometheus and Grafana during first install (requires Install Suggestions enabled) diff --git a/configs/network/.category b/configs/network/.category index a9d2fff..5ad49ae 100755 --- a/configs/network/.category +++ b/configs/network/.category @@ -2,4 +2,4 @@ TITLE=Network DESCRIPTION=Network configuration and domain management ICON=network ORDER=4 -SUBCATEGORY_ORDER=network_domains,network_whitelist,network_dns,network_docker,network_rootless,network_ports,network_headscale +SUBCATEGORY_ORDER=network_domains,network_whitelist,network_firewall,network_dns,network_docker,network_rootless,network_ports,network_headscale diff --git a/configs/network/network_docker b/configs/network/network_docker index 9eaf31f..cedf78c 100755 --- a/configs/network/network_docker +++ b/configs/network/network_docker @@ -5,3 +5,6 @@ CFG_NETWORK_NAME=vpn # Network Name - Docker network name for container communication CFG_NETWORK_SUBNET=10.100.0.0/16 # Network Subnet - Subnet range for Docker network CFG_NETWORK_MTU=1500 # Network MTU - Maximum transmission unit for network packets +CFG_REQUIREMENT_DOCKER_NETWORK=true # Docker Network - Create and manage the Docker network for container communication +CFG_REQUIREMENT_DOCKER_NETWORK_PRUNE=true # Network Cleanup - Automatically prune unused Docker networks +CFG_REQUIREMENT_DOCKER_SWITCHER=true # Docker Switcher - Install the Docker version switching utility diff --git a/configs/network/network_domains b/configs/network/network_domains index 9a87300..9651e9f 100755 --- a/configs/network/network_domains +++ b/configs/network/network_domains @@ -10,3 +10,4 @@ CFG_DOMAIN_6= # Domain 6 - Domain slo CFG_DOMAIN_7= # Domain 7 - Domain slot 7 for a Traefik CFG_DOMAIN_8= # Domain 8 - Domain slot 8 for a Traefik CFG_DOMAIN_9= # Domain 9 - Domain slot 9 for a Traefik +CFG_REQUIREMENT_SSLCERTS=true # SSL Certificates - Generate and manage SSL certificates for secure HTTPS connections **ADVANCED** diff --git a/configs/network/network_firewall b/configs/network/network_firewall new file mode 100644 index 0000000..cbcaa06 --- /dev/null +++ b/configs/network/network_firewall @@ -0,0 +1,6 @@ +# ================================================================================ +# Firewall - Host firewall and port-whitelist automation **ADVANCED** +# ================================================================================ +CFG_REQUIREMENT_UFW=true # Firewall Protection - Install and configure the Uncomplicated Firewall (UFW) for system security +CFG_REQUIREMENT_UFWD=true # Docker Firewall - Install UFW-Docker for container-aware firewall management (rooted Docker only) +CFG_REQUIREMENT_WHITELIST_PORT_UPDATER=true # Auto Port Whitelisting - Update the port whitelist automatically when applications are installed or removed diff --git a/configs/security/.category b/configs/security/.category index dab1646..f593b12 100644 --- a/configs/security/.category +++ b/configs/security/.category @@ -2,4 +2,4 @@ TITLE=Security DESCRIPTION=Intrusion prevention, bouncers, and host firewall configuration ICON=security ORDER=5 -SUBCATEGORY_ORDER=security_logins +SUBCATEGORY_ORDER=security_logins,security_ssh diff --git a/configs/security/security_ssh b/configs/security/security_ssh new file mode 100644 index 0000000..b066457 --- /dev/null +++ b/configs/security/security_ssh @@ -0,0 +1,7 @@ +# ================================================================================ +# SSH & Access Hardening - Secure remote access and auth-storage toggles **ADVANCED** +# ================================================================================ +CFG_REQUIREMENT_SSHKEY_DOWNLOADER=false # SSH Key Downloader - Enable SSH key download functionality for remote access +CFG_REQUIREMENT_SSH_DISABLE_PASSWORDS=false # Disable SSH Passwords - Disable password authentication for SSH (requires key-based access only) +CFG_REQUIREMENT_BCRYPT_SAVE=true # Password Encryption - Encrypt saved passwords using bcrypt for enhanced security +CFG_REQUIREMENT_GLUETUN_FOR_ALL=false # Gluetun For All Apps - Allow routing through Gluetun VPN for every app (default: only curated categories) diff --git a/containers/libreportal/frontend/css/themes.css b/containers/libreportal/frontend/css/themes.css index fc25e2b..19e2cc4 100644 --- a/containers/libreportal/frontend/css/themes.css +++ b/containers/libreportal/frontend/css/themes.css @@ -47,22 +47,6 @@ font-style: italic; } -/* Header-only variant used as a page-level banner (e.g. config?=features). - Without inner content below the header, the header's bottom margin - is wasted whitespace, and the section needs its own bottom margin - to separate from whatever follows. */ -.danger-zone-section--header-only { - margin-bottom: 24px; -} - -.danger-zone-section--header-only .danger-zone-header { - margin-bottom: 0; -} - -.danger-zone-section--header-only .danger-zone-header p { - margin-top: 4px; -} - /* Inline variant — same recipe as .danger-zone-section, smaller padding. */ .danger-zone-banner { background: rgba(var(--status-danger-rgb), 0.10); diff --git a/containers/libreportal/frontend/js/components/config/config-manager.js b/containers/libreportal/frontend/js/components/config/config-manager.js index 7028904..f79ed84 100755 --- a/containers/libreportal/frontend/js/components/config/config-manager.js +++ b/containers/libreportal/frontend/js/components/config/config-manager.js @@ -176,19 +176,6 @@ if (typeof window.ConfigManager === 'undefined') { var formHTML = ''; var self = this; // Preserve 'this' context - // Features page is system-level — add a Danger Zone header at the - // top so it's visually obvious before the user touches anything. - // Reuses the same `.danger-zone-section` / `.danger-zone-header` - // styling used elsewhere, but without the advanced/unused toggle - // tickboxes that live inside the normal danger zone — this is just - // the heading. - if (category === 'features') { - formHTML += '

⚠️ Danger Zone

These options are for advanced users and may affect system stability

'; - // Divider below the features Danger Zone banner, separating it from - // the feature fields — same rule used elsewhere in the config form. - formHTML += '
'; - } - //console.log('ConfigManager: About to process configData entries:', Object.keys(configData)); // Filter subcategories by type diff --git a/scripts/checks/check_requirements.sh b/scripts/checks/check_requirements.sh index fbde027..7e6b6fd 100755 --- a/scripts/checks/check_requirements.sh +++ b/scripts/checks/check_requirements.sh @@ -4,7 +4,6 @@ checkRequirements() { isHeader "Checking Requirements" isNotice "Requirements are about to be installed." - isNotice "Edit the features config if you want to disable anything." echo "" checkRootRequirement;