Compare commits

...

2 Commits

Author SHA1 Message Date
librelad
fba4d80bea Merge claude/2 2026-05-31 01:05:16 +01:00
librelad
afe0ef1c7e chore: drop duplicate doc files + fix wrong/stale comments
- docs: remove the docs/README.md index and docs/CONTRIBUTING.md pointer
  (duplicate filenames); the canonical contributing guide stays at
  docs/contributing/contributing.md. Clean tree, no name collisions.
- scripts/system/*: 6 helper headers + host_access.sh said the helpers
  install to /usr/local/sbin, but init.sh installs all of them to
  /usr/local/lib/libreportal/ (verified via initRootHelpers + the sudoers
  Cmnd_Alias). Corrected. The only remaining /usr/local/sbin is the legit
  PATH export in the task processor.
- frontend kernel: drop migration-era comments that are now false post-
  modularization (feature-registry 'passive/phase 0/unused', lifecycle
  'ctx.services lands with Phase 2', manifest 'scan generator lands') —
  describe current behaviour instead.

Comment-only edits to scripts/system/* — no footprint_version bump (no
behavioural change; bumping would force needless reinstalls).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-31 01:05:16 +01:00
12 changed files with 16 additions and 42 deletions

View File

@ -1,6 +1,6 @@
{
"version": 1,
"note": "Phase-0 hand-committed manifest (to be replaced by the generated /data/webui/generated/features.json once the scan generator lands — see docs/architecture/webui-architecture.md). 'module' is the feature's self-registering index.js; the kernel loads these from here so they no longer need <script> tags in index.html. 'handler' names the LibrePortalSPAClean method kept as the fallback during the strangler migration; 'navId' is the topbar element id for active-state highlighting.",
"note": "Hand-committed page manifest — the authoritative source of pages (feature-registry tries /api/features/list first, then falls back here; that live scan endpoint is deferred — see docs/architecture/webui-architecture.md). 'module' is the feature's self-registering index.js; the kernel loads these from here so they no longer need <script> tags in index.html. 'handler' names the LibrePortalSPAClean method kept as the fallback during the strangler migration; 'navId' is the topbar element id for active-state highlighting.",
"features": [
{
"id": "dashboard",

View File

@ -8,17 +8,16 @@
// 3. system-loader.js's component registry,
// 4. config-manager.js's renderConfig() category if-chain.
//
// In this first phase it is deliberately *passive*: it loads a checked-in
// manifest describing today's pages and exposes a routes Map. spa.js consults
// it for routing; rendering still happens in the existing handleX() bodies.
// Later phases replace handlers with self-registering feature modules that call
// LP.features.register({...}) — the runtime registry below already supports it.
// It loads a checked-in manifest describing the pages and exposes a routes Map
// plus the runtime registry. Each page's index.js calls LP.features.register({...})
// at load time and the kernel drives its mount()/unmount(); a page that only has
// a legacy handleX() method falls back to that (strangler coexistence).
(function () {
const LP = (window.LP = window.LP || {});
LP.features = {
// Runtime registrations (feature index.js files call register()). Unused in
// phase 0 — present so later phases can land without touching this file.
// Runtime registrations — each page's index.js calls register() at load time;
// buildRouteTable()/get() consume them to drive the kernel lifecycle.
_modules: new Map(),
// The parsed manifest (the generated/checked-in description of all pages).

View File

@ -6,8 +6,8 @@
// shell (so rendering is byte-identical to the legacy handlers), plus a teardown
// ledger: any listener registered via ctx.on() or subscription via ctx.sub() is
// auto-released on unmount, so a feature can't leak document listeners or live
// streams across navigations. Shared-service injection (ctx.services) lands with
// the Phase 2 DI container.
// streams across navigations. Shared services are injected as ctx.services
// (kernel/js/services.js).
(function () {
const LP = (window.LP = window.LP || {});

View File

@ -1,6 +0,0 @@
# Contributing
The contributing guide lives at **[contributing/contributing.md](contributing/contributing.md)**.
(This pointer stays at `docs/` so the forge surfaces it in the new-issue/PR flow;
the full guide and the rest of the docs are sorted under [docs/](README.md).)

View File

@ -1,19 +0,0 @@
# LibrePortal docs
Sorted by audience. Start with **guide/** if you're running LibrePortal,
**contributing/** if you're hacking on it.
## guide/ — using LibrePortal
- [install-and-use.md](guide/install-and-use.md) — install, place data on separate disks, update, back up, uninstall.
- [promise.md](guide/promise.md) — the LibrePortal Promise: free/open, no paywalls, no telemetry, in plain language.
## contributing/ — working on LibrePortal
- [contributing.md](contributing/contributing.md) — how to contribute (DCO sign-off, no CLA).
- [development.md](contributing/development.md) — run a dev copy, cut stable/edge releases, test before publishing.
## architecture/ — how it's built
- [system-footprint.md](architecture/system-footprint.md) — everything LibrePortal places outside its data roots, and who owns it.
- [webui-architecture.md](architecture/webui-architecture.md) — the WebUI component-module system (as-built).
## roadmap/ — where it's going
- [updates-and-distribution.md](roadmap/updates-and-distribution.md) — vision for hotfixes, the "Updates & Improvements" front door, and registry-not-marketplace distribution.

View File

@ -7,7 +7,7 @@
# brings their own public key; we never handle their private key.
#
# All the privileged work (editing ~/.ssh and /etc/ssh/sshd_config) lives in the
# root-owned helper /usr/local/sbin/libreportal-ssh-access (runSshAccess), which
# root-owned helper /usr/local/lib/libreportal/libreportal-ssh-access (runSshAccess), which
# also enforces the lockout guards in the trust boundary. These functions are the
# manager-side CLI/WebUI front for it: they shape arguments and print the UX.

View File

@ -1,7 +1,7 @@
#!/bin/bash
# LibrePortal app-config helper — root-privileged edits of specific app config
# files owned by in-container UIDs (AdGuard yaml, ownCloud config.php) or host
# /etc (CrowdSec bouncer). Installed root:root 0755 to /usr/local/sbin by
# /etc (CrowdSec bouncer). Installed root:root 0755 to /usr/local/lib/libreportal/ by
# init.sh. Self-contained; each action edits a FIXED path with strictly-validated
# arguments, so the scoped sudoers needn't grant blanket sudo awk/sed/tee/cp/mv
# on those trees. Faithful ports of the original transforms.

View File

@ -2,7 +2,7 @@
# LibrePortal backup-engine installer helper — the only root-privileged install of
# the restic/kopia binaries the manager may trigger (they're installed on demand
# when a backup location is first set up). Installed root:root 0755 to
# /usr/local/sbin by init.sh. Self-contained: it does the WHOLE install itself
# /usr/local/lib/libreportal/ by init.sh. Self-contained: it does the WHOLE install itself
# (package manager or signed-release download) for a FIXED, validated engine name,
# so the scoped sudoers needn't grant blanket `sudo apt-get`/`sudo install`
# (both root-equivalent — install writes anywhere, apt runs maintainer scripts).

View File

@ -1,6 +1,6 @@
#!/bin/bash
# LibrePortal DNS helper — the only root-privileged edit of /etc/resolv.conf the
# manager may trigger. Installed root:root 0755 to /usr/local/sbin by init.sh.
# manager may trigger. Installed root:root 0755 to /usr/local/lib/libreportal/ by init.sh.
# Self-contained (sources no manager code). Operates ONLY on /etc/resolv.conf and
# only with strictly-validated IP arguments, so the scoped sudoers can allow it
# wholesale instead of a blanket `sudo sed`/`sudo tee` (which would be root).

View File

@ -1,7 +1,7 @@
#!/bin/bash
# LibrePortal docker-socket permission helper — the only root-privileged chmod of
# the docker sockets the manager may trigger (the type switcher hides/exposes the
# inactive/active mode's socket). Installed root:root 0755 to /usr/local/sbin by
# inactive/active mode's socket). Installed root:root 0755 to /usr/local/lib/libreportal/ by
# init.sh. Self-contained; the socket paths are computed here (never caller-
# supplied), so the scoped sudoers can allow it instead of blanket `sudo chmod`.
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
# LibrePortal host-SSH-access helper — the only root-privileged management of the
# admin's authorized_keys and sshd PasswordAuthentication the manager may trigger.
# Installed root:root 0755 to /usr/local/sbin by init.sh. Self-contained (sources
# Installed root:root 0755 to /usr/local/lib/libreportal/ by init.sh. Self-contained (sources
# no manager code) so the scoped sudoers can allow it instead of blanket
# `sudo tee`/`sudo sed`/`sudo cp` on /etc/ssh + the admin's ~/.ssh (root). The
# lockout guards live HERE, in the trust boundary, so a compromised manager can't

View File

@ -1,7 +1,7 @@
#!/bin/bash
# LibrePortal task-processor systemd helper — the only root-privileged management
# of the libreportal.service unit the manager may trigger. Installed root:root
# 0755 to /usr/local/sbin by init.sh. Self-contained: it GENERATES the unit from
# 0755 to /usr/local/lib/libreportal/ by init.sh. Self-contained: it GENERATES the unit from
# config (mode + install-user uid + the baked manager name + fixed script paths)
# — it does NOT accept unit content from the caller (that would be root: an
# arbitrary systemd unit runs anything as root). So the scoped sudoers can allow