4 Commits

Author SHA1 Message Date
librelad
3d0570de14 fix(rootless): make createTouch owner-by-location (app=dockerinstall, else manager)
Per the confirmed ownership model: files under /docker/containers/<app>/ are
app data owned by the docker install user; everything else is the manager-
owned control plane. createTouch now picks runFileOp vs runInstallOp by the
file's location and creates it directly as the right owner — no more
chown-to-another-user (which needs root the unprivileged runtime lacks).
The $2 user hint is now advisory. (Generator content-writes into
frontend/data still need converting to runFileWrite — next.)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 00:58:16 +01:00
librelad
ccbb2e1c47 harden(desudo): convert permission/touch helpers + network-mode processor
app_folder.sh, libreportal_folders.sh, create_touch.sh: chmod/find/chown/
touch on /docker dirs -> runFileOp (dropped nested -exec sudo chmod).
tags_processor_network_mode.sh: awk/tee/mv/cmp/rm/sqlite3 on compose+DB ->
runFileOp/runFileWrite; gluetun docker ps + compose up -> dockerCommandRun.
Deferred (read install-dir templates, need category-3 handling):
copy_file.sh, copy_files.sh, config_scan_variables.sh.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-23 23:38:24 +01:00
librelad
315c528306 refactor(webui): silence per-file touch/chown noise in data generators
The WebUI data snapshots (locations.json, dashboard.json, snapshots_*.json,
etc.) are regenerated on every wizard/config change. Each file emitted two
extra success lines via createTouch — "Touching <file>" and "Updating
<file> with <user> ownership" — which spammed the output around the genuinely
useful "... JSON regenerated" line.

Add an optional "silent" flag to createTouch (third arg; default keeps the
existing loud behaviour for interactive install flows) and pass it from every
WebUI data generator/task. Touch + chown still run; only the logging is
suppressed for these background regenerations.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-23 12:40:32 +01:00
librelad
875a60f90f LibrePortal v0.1.0 — initial release
A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys,
Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun
VPN routing, and a web dashboard to manage it all.

Free & open forever to self-host; optional paid hosted services fund it.
See PROMISE.md.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-21 20:37:54 +01:00