Drop the floating fleet header; every Overview tab now renders its heading
inside the pane, under the tab strip, in the per-app detail .config-title
format (emoji + title + description) — matching the Migrate tab.
Introduces a small modular system so the area can't drift:
- OV_TAB_META is the single source of truth for each tab's icon/title/blurb.
- renderHeader(id) is the only thing that turns it into markup; renderTab()
prepends it for the string tabs and mountMigrate() injects it once for the
static Migrate pane. Body renderers now only ever produce the body.
Retires the now-dead floating-header plumbing: updateHeader(), the
ov-backups-active/ov-migrate-active hide toggles + CSS, and the .overview-header
rules. The tabbed interface owns the top padding the header used to provide.
Backups is the documented exception — it embeds the full BackupPage, which
supplies its own header.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Give the fleet Overview › Migrate tab the same in-content header + sub-tab
styling the per-app detail tabs use:
- Add a .config-title header (icon + title + description) inside the Migrate
pane, above the Restore/Peers sub-tabs, and hide the generic floating fleet
header for Migrate (mirrors how Backups already supplies its own heading).
- Make the .tab-button icon↔label gap explicit (flex + 6px gap) so sub-tabs
render identically whether or not the markup has whitespace between the
emoji and name spans; align the Backups sub-tab strip gap to match.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
installDebianUbuntu ran apt (bare on line 14, via sudo on 17/20) during
the startPreInstall pass. Under the hardened de-sudo model the runtime is
the manager (libreportal, non-root) and the LP_SYSTEM sudoers allowlist
scopes systemctl/ufw/sysctl/loginctl/service but NOT apt — so every apt
call failed (exit 100, 'Updating System Operating system.').
Detect privilege once: run apt directly when root (the install-time path,
which also bootstraps sudo on a bare box), and skip cleanly with a notice
when we're the unprivileged manager. OS/security updates are a host /
install-time concern there, deliberately kept out of the manager's reach.
Also routes the trailing sysctl mkdir/touch through the same prefix.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The Beginner/Advanced experience cards are tap targets, but had no
user-select guard. Rapid clicking — notably the Advanced card's 10-tap
dev-mode unlock — selected the card title/description text as a side
effect. Add user-select: none to .setup-level-card.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
Surfaces network_status.json in the WebUI, attention-only: a rose badge
+ dashboard banner appear ONLY when conflicts_found, with a details panel
listing the stranded apps and a 'Heal now' button that runs the heal
through the task pipeline (libreportal system network heal). Re-reads on
task completion via taskRefresh.
Cloned from update-notifier; the badge anchors just after the update
badge so the two coexist in a stable order. New --page-network hue.
Wired into system-loader scripts[], topbar onTopbarReady, and index.html.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Closes the gap behind the vpn-recreate bug: when the shared network is
recreated with a different /24, every app's stored static IP is left
outside it and adoptDockerSubnet only realigns CFG, not the apps.
- networkScanConflicts (network_conflicts.sh): read-only scan diffing each
active network_resources IP against docker's real subnet (via ipInSubnet).
Per-service routing-aware — skips gateway-routed services whose ipv4 is
commented out in the deployed compose, so gluetun apps don't false-positive.
Distinguishes 'daemon down' (benign) from 'network missing' (real).
- webuiSystemNetworkCheck (webui_system_network.sh): self-throttled generator
that writes frontend/data/system/network_status.json (modelled on
verify_status.json). Wired into webuiSystemUpdate AND run unconditionally
every ~60s from the task-processor poll (regen webui is mtime-gated and
would never fire on drift, which touches no source file).
- networkHealConflicts (network_heal.sh) + 'libreportal system network
check|heal [app]': the heal adopts docker's subnet in-process, then re-IPs
stranded apps with reset_network=ip (ports preserved), gluetun first.
Mutating path runs only through the task system (dual-mode, like update
apply); read-only check runs inline.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Foundations for network-drift healing:
- ipInSubnet(ip, cidr): prefix-aware CIDR membership (pure bash), so
stored IPs can be checked against docker's real subnet. Honours the
actual prefix, so a healthy /16-subnet + /24-ip-range install is not
mistaken for drift.
- dockerInstallApp now accepts reset_network="ip": re-roll the static IP
from the current subnet but PRESERVE published host ports (clears only
IP rows; LIBREPORTAL_RESET_IP_ONLY keeps port_allocate reusing existing
ports). This is the heal path — a subnet move strands the IP, not the
port, so we don't churn bookmarks/forwards/proxy upstreams. reset="true"
still re-rolls both.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Two latent issues uncovered while designing network-drift detection:
- adoptDockerSubnet's comment claimed apps' IPs stay inside docker's
subnet after adoption. False: IPs are pinned to the old subnet's first
three octets, so adopting a different /24 base strands every app IP
out-of-subnet. Document the real behaviour + the heal paths.
- ipAllocation fell through from the existing-row branch to the
unconditional INSERT, which would violate UNIQUE(app,type,service).
Unreachable on today's reset path (rows are deleted first) but a hazard
for any direct caller; add an explicit return after reuse/reset.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
installDockerNetwork errored with 'network with name <x> already exists'
on re-runs: the requirement check sets DOCKER_NETWORK_SETUP_NEEDED=true
whenever 'docker network inspect' returns non-zero, but that also happens
when the rootless daemon socket isn't reachable yet — indistinguishable
from the network being genuinely absent. A prior install also leaves the
network behind, so the flag fires on every re-install.
Re-check existence right before creating and converge: if the network is
already there, leave it in place and adopt its real subnet into CFG rather
than erroring. This also stops the spurious subnet randomization (and the
resulting CFG drift) that ran before the doomed create.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The 'Installing System Requirements' step ran apt-get install with no
output until checkSuccess reported afterwards, so it looked frozen
while packages were being fetched. Print a notice up front.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Restore empty-state 'Open Locations' now deep-links to the backup center's
Locations sub-tab: the embedded center honors /overview/backups/<sub> and
switchTab()s to it after mount (was landing on Dashboard).
- PeersPage.notify + MigratePage.notify use the real window.notificationSystem
(were calling a never-defined window.showNotification → console-only).
- Remove the now-dead Admin config-manager peers branch (Peers left Admin).
- Trim the dead migrate.json/peers fetch + hostnameToPeerName from BackupPage
(no consumer after the migrate removal).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Remove the Admin sidebar Peers entry; /peers and /admin/tools/peers now
redirect to /overview/migrate/peers (its new home next to cross-host Restore).
- Re-skin the embedded Backups center's sub-tab strip from pills to the per-app
Config .tabs-list/.tab-button segmented look (full-width bar, accent underline)
so every nested sub-tab row is consistent.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The embedded backup center's lazy bundle still listed backup-migrate.js, which
was just removed — its 404 failed the whole load chain. Drop it.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Migrate now lives at Overview › Migrate › Restore (standalone MigratePage). Strip
it out of BackupPage: drop the migrate sidebar item/panel/modal from the
fragment, the 'migrate' tab from the allowed set / titleFor / subtitleFor /
iconFor, the renderMigrate() call, and the migrate-host/app/confirm click
handlers; delete the now-orphaned backup-migrate.js. The backup center is now
Dashboard/Backups/Locations/Configuration.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
New 5th Overview tab 'Migrate' with a nested segmented sub-tab row reusing the
per-app Config-tab .tabs-list/.tab-button design:
- Restore: a standalone MigratePage (cross-host migrate moved out of BackupPage
into its own controller + fragment + modal; own data fetch + task dispatch).
- Peers: reuses the existing PeersPage (container-parameterized) + its template.
Both lazy-loaded on first open and disposed on apps-feature unmount. Additive —
migrate is still in the backup center and Peers still in Admin until the next
commits remove the duplicates.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- BackupPage task-refresh run-guard is instance-relative now (window.backupPage
OR window.overviewBackupPage), so the embedded center's own auto-refresh works
instead of relying on OverviewManager's overlapping coverage.
- _ensureBackupAssets no longer memoizes a rejected promise — a transient
script-load failure no longer bricks the backup center until reload; the next
open retries.
- spaClean.loadScript removes the failed <script> element on error so the
getElementById dedupe can't make a retry resolve without re-fetching.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The 'already mounted?' guard checked #backup-section, but the per-app Backups
tab also defines that id — detect the prior mount via the pane's own
.backup-layout instead so the check is correct, not coincidental.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Instead of a glance + 'Open backup center' button, the Backups tab now mounts
the real BackupPage (dashboard/snapshots/locations/migrate/configuration) inline,
with its sidebar restyled as a nested tab strip and its own header taking over.
- BackupPage gains an embedded mode (opts.embedded): no /backup URL coupling, so
sub-tabs switch in-page under /overview/backups. Backward compatible.
- OverviewManager lazy-loads the backup bundle + fragment on first open, news a
BackupPage({embedded:true}), and disposes it on apps-feature unmount. Colliding
ids (#sidebar/#mobile-overlay) are stripped on inject.
- Revert the Admin backup-config surface — the embedded center (incl.
Configuration) is now the single home for backup settings.
- The updater needs no equivalent: its sections were already unpacked into the
Overview/Updates/Improvements tabs + the per-row expander.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- HIGH: renderAppDetail gated the Roll back button on last_snapshot* fields no
generator emits, so it never rendered. Derive recoverability from update
history (updater_apply always snapshots first) so the affordance is reachable.
- MED: per-app Updates tab now repaints on update/rollback/check/hotfix task
completion (mirrors the backups card) instead of going stale until re-click.
- MED: in-page tab switches now sync spaClean.currentRoute, so the sidebar
Overview entry no longer no-ops after switching tabs.
- LOW: keyboard activation (Enter/Space) for the role=button expander heads,
backup tiles, and sidebar Overview entry.
- LOW: preserve ALL expanded Updates rows across a background repaint, not just
the single ?app= deep-link (split toggle into _openDetail/_closeDetail).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The fleet Overview area (Overview · Updates · Improvements · Backups) and the
backup center now live under App Center, so the standalone top-nav items are
redundant. Top nav is now Dashboard · App Center · Admin · Tasks.
- Remove the Backups and Updates anchors from topbar.html.
- Remove the nav{} blocks from updater/backup feature.json + manifest (so they
don't resurface when the nav kernel lands).
- Highlight App Center for /overview and /backup; drop the dead /updater branch.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- _legacyRedirect: /updater[/tab] -> /overview[/tab] (security/recovery/history
fold into the Updates expander -> /overview/updates). /backup is intentionally
NOT redirected — it stays the operational backup center (locations/migrate/
snapshots), reached from Overview › Backups.
- Re-point the per-app hotfix chip to /overview/improvements.
- Unhide the existing backup config category in the Admin sidebar so
engine/schedule/retention config lives under Admin (same generated category
the backup center binds, so edits stay in sync).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
New 'Updates' tab in the app detail page, beside Backups. Reuses the headless
UpdaterPage + renderAppDetail() scoped to the single app, so the per-app and
fleet views share one data/render path. UpdaterPage is added to the apps script
bundle so it's available on app pages; the tab is disabled while a task runs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Open the per-app row named by ?app=<name> on load/repaint and write it back on
toggle, so an expanded Updates row is a shareable URL — mirrors the Tasks page's
?task=<id> pattern.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Introduce a per-fleet Overview area inside the apps shell, reachable from a new
'Overview' entry pinned above the apps sidebar search. Selecting it renders a
top-tabbed view in the main pane — Overview · Updates · Improvements · Backups —
mirroring the per-app tabbed layout, with the apps sidebar persistent.
- TabController: generic root-scoped show/hide tab host (core/ui-state).
- OverviewManager: drives the 4 tabs. Reuses a headless UpdaterPage for all
update/CVE/improvement data + rendering (its renderX() are pure HTML
producers) and reads backup/dashboard.json directly for backup health.
- Overview tab: combined update + backup health cards.
- Updates tab: per-app expander table (CVEs/recovery/history inline via the new
UpdaterPage.renderAppDetail) + All/Updates/Security filter chips.
- Improvements tab: reuses the updater's signed-hotfix renderer.
- Backups tab: fleet backup-health tiles; actions deep-link per app.
- Additive only: /overview* routes on the apps feature; old /updater and
/backup pages untouched. Cleanup (redirects, nav, Admin config move) is next.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>