refactor(config): disperse Features section into category Advanced groups
The Features section was a grab-bag of ~27 toggles, most of which are
either category-specific (firewall, SSL, Docker network, SSH hardening)
or install-time choices that brick the box if flipped on a live
install (the WebUI / config / CLI / Docker requirements). One page
made auditing easier but flattened the risk hierarchy.
Reorganised so each toggle lives where it conceptually belongs, and
the dangerous install-time set is double-gated:
network_docker (Advanced) DOCKER_NETWORK, DOCKER_NETWORK_PRUNE,
DOCKER_SWITCHER
network_firewall (Advanced) UFW, UFWD, WHITELIST_PORT_UPDATER [new]
network_domains (field-Adv) SSLCERTS
security_ssh (Advanced) SSHKEY_DOWNLOADER, SSH_DISABLE_PASSWORDS,
BCRYPT_SAVE, GLUETUN_FOR_ALL [new]
general_terminal (Advanced) CRONTAB, CONFIGS_CHECK,
CONFIGS_AUTO_UPDATE, CONFIGS_AUTO_DELETE,
MISSING_IPS, CONTINUE_PROMPT,
SUGGEST_INSTALLS, SUGGEST_METRICS
general_install (Adv+DEV) CONFIG, COMMAND, WEBUI, WEBUI_SERVICE,
DATABASE, PASSWORDS, DOCKER_CE,
DOCKER_COMPOSE
The install-time eight are marked **ADVANCED** **DEV** — invisible
unless Developer Mode is on AND "Show Advanced Options" is expanded.
Each field's description was updated to note "Disabling on an existing
install will brick the system" / "install-time choice only" so a user
who does get to the toggle understands the gun before pulling the
trigger.
Other cleanup that fell out:
- Removed `configs/features/` directory entirely.
- Added the two new subcategories to SUBCATEGORY_ORDER in
network/.category and security/.category.
- Dropped the `category === 'features'` Danger Zone header special-case
in config-manager.js and its .danger-zone-section--header-only CSS
variant (sole user).
- Trimmed an obsolete "Edit the features config" notice in
check_requirements.sh.
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
eac81abdbc
commit
8a3bf505c3
@ -1,5 +0,0 @@
|
||||
TITLE=Features
|
||||
DESCRIPTION=Toggle system components and features
|
||||
ICON=features
|
||||
ORDER=5
|
||||
SUBCATEGORY_ORDER=features_core,features_security,features_terminal
|
||||
@ -1,18 +0,0 @@
|
||||
# ================================================================================
|
||||
# Core Features - Essential LibrePortal functionality and core services
|
||||
# ================================================================================
|
||||
CFG_REQUIREMENT_CONFIG=true # Configuration Management - Enable configuration management system for LibrePortal settings
|
||||
CFG_REQUIREMENT_COMMAND=true # Command Line Tool - Install the libreportal command line tool for system management
|
||||
CFG_REQUIREMENT_WEBUI=true # Web Interface - Install and manage the LibrePortal web based management interface
|
||||
CFG_REQUIREMENT_WEBUI_SERVICE=true # Web Task Service - Install the task management systemd service for the web interface
|
||||
CFG_REQUIREMENT_DATABASE=true # Database Support - Install and configure database support for application data storage
|
||||
CFG_REQUIREMENT_PASSWORDS=true # Password Management - Enable password generation and management features
|
||||
CFG_REQUIREMENT_DOCKER_CE=true # Docker CE - Install Docker Community Edition instead of the default Docker version
|
||||
CFG_REQUIREMENT_DOCKER_COMPOSE=true # Docker Compose - Install Docker Compose for multi container application management
|
||||
CFG_REQUIREMENT_DOCKER_NETWORK=true # Docker Network - Create and manage Docker network for container communication
|
||||
CFG_REQUIREMENT_UFW=true # Firewall Protection - Install and configure the Uncomplicated Firewall for system security
|
||||
CFG_REQUIREMENT_UFWD=true # Docker Firewall - Install UFW Docker for container aware firewall management which is rooted Docker specific
|
||||
CFG_REQUIREMENT_SSLCERTS=true # SSL Certificates - Generate and manage SSL certificates for secure HTTPS connections
|
||||
CFG_REQUIREMENT_CRONTAB=true # Scheduled Tasks - Setup scheduled tasks and automated maintenance jobs
|
||||
CFG_REQUIREMENT_WHITELIST_PORT_UPDATER=true # Auto Port Management - Automatically update port whitelist when applications are installed or removed
|
||||
CFG_REQUIREMENT_BCRYPT_SAVE=true # Password Encryption - Encrypt saved passwords using bcrypt for enhanced security
|
||||
@ -1,7 +0,0 @@
|
||||
# ================================================================================
|
||||
# Security and Authentication - SSH access and security configuration
|
||||
# ================================================================================
|
||||
CFG_REQUIREMENT_SSHKEY_DOWNLOADER=false # SSH Key Downloader - Enable SSH key download functionality for remote access
|
||||
CFG_REQUIREMENT_SSH_DISABLE_PASSWORDS=false # SSH Password Disable - Disable password authentication for SSH requiring key based access only
|
||||
CFG_REQUIREMENT_GLUETUN_FOR_ALL=false # Gluetun For All Apps - Allow routing through Gluetun VPN for every app (default: only curated categories)
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
# ================================================================================
|
||||
# Terminal Only - Advanced terminal based features and utilities **ADVANCED**
|
||||
# ================================================================================
|
||||
CFG_REQUIREMENT_SUGGEST_INSTALLS=false # Install Suggestions - Enable application suggestions and recommendations during installation
|
||||
CFG_REQUIREMENT_SUGGEST_METRICS=true # Metrics Suggestions - Offer Prometheus and Grafana during first install (requires Install Suggestions enabled)
|
||||
CFG_REQUIREMENT_CONTINUE_PROMPT=false # Continue Prompts - Show continue prompts during installation for user confirmation
|
||||
CFG_REQUIREMENT_CONFIGS_CHECK=true # Config Validation - Validate configuration files on startup for errors and consistency
|
||||
CFG_REQUIREMENT_CONFIGS_AUTO_UPDATE=true # Auto Config Updates - Add new config options from the template (non-interactive)
|
||||
CFG_REQUIREMENT_CONFIGS_AUTO_DELETE=true # Auto Config Deletes - Remove config options no longer present in the template
|
||||
CFG_REQUIREMENT_MISSING_IPS=false # IP Configuration Check - Check for and alert about missing IP configurations
|
||||
CFG_REQUIREMENT_DOCKER_NETWORK_PRUNE=true # Docker Network Cleanup - Enable automatic cleanup of unused Docker networks
|
||||
CFG_REQUIREMENT_DOCKER_SWITCHER=true # Docker Switcher - Install Docker version switching utility for managing multiple Docker versions
|
||||
@ -10,3 +10,11 @@ CFG_GIT_USER=changeme # Git Username - Git us
|
||||
CFG_GIT_KEY=changeme # Git Access Key - SSH key or API key for Git repository access
|
||||
CFG_GIT_UPDATES=true # Auto Check Updates - Check for updates automatically
|
||||
CFG_GIT_AUTO_UPDATES=true # Auto Apply Updates - Automatically apply updates when available
|
||||
CFG_REQUIREMENT_CONFIG=true # Configuration Management - Install the configuration management system. Disabling this on an existing install will brick the system. **ADVANCED** **DEV**
|
||||
CFG_REQUIREMENT_COMMAND=true # Command Line Tool - Install the libreportal command line tool. Disabling this on an existing install will brick the system. **ADVANCED** **DEV**
|
||||
CFG_REQUIREMENT_WEBUI=true # Web Interface - Install the LibrePortal WebUI. Disabling this on an existing install will brick the system. **ADVANCED** **DEV**
|
||||
CFG_REQUIREMENT_WEBUI_SERVICE=true # Web Task Service - Install the task-processor systemd service that backs the WebUI. Disabling this on an existing install will brick the system. **ADVANCED** **DEV**
|
||||
CFG_REQUIREMENT_DATABASE=true # Database Support - Install and configure database support for application data storage. Install-time choice only — flipping post-install will not retrofit. **ADVANCED** **DEV**
|
||||
CFG_REQUIREMENT_PASSWORDS=true # Password Management - Enable password generation and management features. Install-time choice only. **ADVANCED** **DEV**
|
||||
CFG_REQUIREMENT_DOCKER_CE=true # Docker CE - Install Docker Community Edition instead of the distro default. Install-time choice only — flipping post-install does not swap Docker. **ADVANCED** **DEV**
|
||||
CFG_REQUIREMENT_DOCKER_COMPOSE=true # Docker Compose - Install Docker Compose for multi-container application management. Install-time choice only. **ADVANCED** **DEV**
|
||||
|
||||
@ -7,3 +7,11 @@ CFG_GENERATED_PASS_LENGTH=14 # Password Length - Len
|
||||
CFG_GENERATED_USER_LENGTH=8 # Username Length - Length for auto generated usernames
|
||||
CFG_UFW_LOGGING=off # Firewall Logging - UFW firewall logging level [off|low|medium|high|full]
|
||||
CFG_TEXT_EDITOR=nano # Text Editor - Default text editor for system operations [nano|vim]
|
||||
CFG_REQUIREMENT_CRONTAB=true # Scheduled Tasks - Install scheduled tasks and automated maintenance jobs
|
||||
CFG_REQUIREMENT_CONFIGS_CHECK=true # Config Validation - Validate configuration files on startup for errors and consistency
|
||||
CFG_REQUIREMENT_CONFIGS_AUTO_UPDATE=true # Auto Config Updates - Add new config options from the template (non-interactive)
|
||||
CFG_REQUIREMENT_CONFIGS_AUTO_DELETE=true # Auto Config Deletes - Remove config options no longer present in the template
|
||||
CFG_REQUIREMENT_MISSING_IPS=false # IP Configuration Check - Check for and alert about missing IP configurations
|
||||
CFG_REQUIREMENT_CONTINUE_PROMPT=false # Continue Prompts - Show continue prompts during installation for user confirmation
|
||||
CFG_REQUIREMENT_SUGGEST_INSTALLS=false # Install Suggestions - Enable application suggestions and recommendations during installation
|
||||
CFG_REQUIREMENT_SUGGEST_METRICS=true # Metrics Suggestions - Offer Prometheus and Grafana during first install (requires Install Suggestions enabled)
|
||||
|
||||
@ -2,4 +2,4 @@ TITLE=Network
|
||||
DESCRIPTION=Network configuration and domain management
|
||||
ICON=network
|
||||
ORDER=4
|
||||
SUBCATEGORY_ORDER=network_domains,network_whitelist,network_dns,network_docker,network_rootless,network_ports,network_headscale
|
||||
SUBCATEGORY_ORDER=network_domains,network_whitelist,network_firewall,network_dns,network_docker,network_rootless,network_ports,network_headscale
|
||||
|
||||
@ -5,3 +5,6 @@
|
||||
CFG_NETWORK_NAME=vpn # Network Name - Docker network name for container communication
|
||||
CFG_NETWORK_SUBNET=10.100.0.0/16 # Network Subnet - Subnet range for Docker network
|
||||
CFG_NETWORK_MTU=1500 # Network MTU - Maximum transmission unit for network packets
|
||||
CFG_REQUIREMENT_DOCKER_NETWORK=true # Docker Network - Create and manage the Docker network for container communication
|
||||
CFG_REQUIREMENT_DOCKER_NETWORK_PRUNE=true # Network Cleanup - Automatically prune unused Docker networks
|
||||
CFG_REQUIREMENT_DOCKER_SWITCHER=true # Docker Switcher - Install the Docker version switching utility
|
||||
|
||||
@ -10,3 +10,4 @@ CFG_DOMAIN_6= # Domain 6 - Domain slo
|
||||
CFG_DOMAIN_7= # Domain 7 - Domain slot 7 for a Traefik
|
||||
CFG_DOMAIN_8= # Domain 8 - Domain slot 8 for a Traefik
|
||||
CFG_DOMAIN_9= # Domain 9 - Domain slot 9 for a Traefik
|
||||
CFG_REQUIREMENT_SSLCERTS=true # SSL Certificates - Generate and manage SSL certificates for secure HTTPS connections **ADVANCED**
|
||||
|
||||
6
configs/network/network_firewall
Normal file
6
configs/network/network_firewall
Normal file
@ -0,0 +1,6 @@
|
||||
# ================================================================================
|
||||
# Firewall - Host firewall and port-whitelist automation **ADVANCED**
|
||||
# ================================================================================
|
||||
CFG_REQUIREMENT_UFW=true # Firewall Protection - Install and configure the Uncomplicated Firewall (UFW) for system security
|
||||
CFG_REQUIREMENT_UFWD=true # Docker Firewall - Install UFW-Docker for container-aware firewall management (rooted Docker only)
|
||||
CFG_REQUIREMENT_WHITELIST_PORT_UPDATER=true # Auto Port Whitelisting - Update the port whitelist automatically when applications are installed or removed
|
||||
@ -2,4 +2,4 @@ TITLE=Security
|
||||
DESCRIPTION=Intrusion prevention, bouncers, and host firewall configuration
|
||||
ICON=security
|
||||
ORDER=5
|
||||
SUBCATEGORY_ORDER=security_logins
|
||||
SUBCATEGORY_ORDER=security_logins,security_ssh
|
||||
|
||||
7
configs/security/security_ssh
Normal file
7
configs/security/security_ssh
Normal file
@ -0,0 +1,7 @@
|
||||
# ================================================================================
|
||||
# SSH & Access Hardening - Secure remote access and auth-storage toggles **ADVANCED**
|
||||
# ================================================================================
|
||||
CFG_REQUIREMENT_SSHKEY_DOWNLOADER=false # SSH Key Downloader - Enable SSH key download functionality for remote access
|
||||
CFG_REQUIREMENT_SSH_DISABLE_PASSWORDS=false # Disable SSH Passwords - Disable password authentication for SSH (requires key-based access only)
|
||||
CFG_REQUIREMENT_BCRYPT_SAVE=true # Password Encryption - Encrypt saved passwords using bcrypt for enhanced security
|
||||
CFG_REQUIREMENT_GLUETUN_FOR_ALL=false # Gluetun For All Apps - Allow routing through Gluetun VPN for every app (default: only curated categories)
|
||||
@ -47,22 +47,6 @@
|
||||
font-style: italic;
|
||||
}
|
||||
|
||||
/* Header-only variant used as a page-level banner (e.g. config?=features).
|
||||
Without inner content below the header, the header's bottom margin
|
||||
is wasted whitespace, and the section needs its own bottom margin
|
||||
to separate from whatever follows. */
|
||||
.danger-zone-section--header-only {
|
||||
margin-bottom: 24px;
|
||||
}
|
||||
|
||||
.danger-zone-section--header-only .danger-zone-header {
|
||||
margin-bottom: 0;
|
||||
}
|
||||
|
||||
.danger-zone-section--header-only .danger-zone-header p {
|
||||
margin-top: 4px;
|
||||
}
|
||||
|
||||
/* Inline variant — same recipe as .danger-zone-section, smaller padding. */
|
||||
.danger-zone-banner {
|
||||
background: rgba(var(--status-danger-rgb), 0.10);
|
||||
|
||||
@ -176,19 +176,6 @@ if (typeof window.ConfigManager === 'undefined') {
|
||||
var formHTML = '';
|
||||
var self = this; // Preserve 'this' context
|
||||
|
||||
// Features page is system-level — add a Danger Zone header at the
|
||||
// top so it's visually obvious before the user touches anything.
|
||||
// Reuses the same `.danger-zone-section` / `.danger-zone-header`
|
||||
// styling used elsewhere, but without the advanced/unused toggle
|
||||
// tickboxes that live inside the normal danger zone — this is just
|
||||
// the heading.
|
||||
if (category === 'features') {
|
||||
formHTML += '<div class="danger-zone-section danger-zone-section--header-only"><div class="danger-zone-header"><h3>⚠️ Danger Zone</h3><p>These options are for advanced users and may affect system stability</p></div></div>';
|
||||
// Divider below the features Danger Zone banner, separating it from
|
||||
// the feature fields — same rule used elsewhere in the config form.
|
||||
formHTML += '<div class="config-divider"></div>';
|
||||
}
|
||||
|
||||
//console.log('ConfigManager: About to process configData entries:', Object.keys(configData));
|
||||
|
||||
// Filter subcategories by type
|
||||
|
||||
@ -4,7 +4,6 @@ checkRequirements()
|
||||
{
|
||||
isHeader "Checking Requirements"
|
||||
isNotice "Requirements are about to be installed."
|
||||
isNotice "Edit the features config if you want to disable anything."
|
||||
echo ""
|
||||
|
||||
checkRootRequirement;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user