Commit Graph

  • d310249ce1 fix(rootless): own the WebUI dir as the container user on fresh install librelad 2026-05-24 13:37:42 +01:00
  • 69d89c9e63 Merge claude/1 librelad 2026-05-24 13:26:24 +01:00
  • e7659926db feat(switcher): hands-off data migration across a docker mode switch librelad 2026-05-24 13:26:24 +01:00
  • 5cb8b7c95a Merge claude/1 librelad 2026-05-24 13:17:00 +01:00
  • a7542fe716 fix(switcher): pass 'rooted' not 'root' when switching to rootless librelad 2026-05-24 13:17:00 +01:00
  • 0faff182f8 Merge claude/1 librelad 2026-05-24 13:10:52 +01:00
  • bb3e560cb2 style(switcher): split the docker-mode-switch warning across notices librelad 2026-05-24 13:10:52 +01:00
  • 0a246d043d Merge claude/1 librelad 2026-05-24 13:09:33 +01:00
  • 85ff76b519 refactor(perms): trim ownership-reconcile success line to just the mode librelad 2026-05-24 13:09:33 +01:00
  • 93778d03af Merge claude/1 librelad 2026-05-24 13:09:21 +01:00
  • 7b7e6e06fb fix(compose): always emit a status line when downing an app librelad 2026-05-24 13:09:21 +01:00
  • a7b30a4bf1 Merge claude/1 librelad 2026-05-24 13:05:24 +01:00
  • 99460cb05e fix(rooted): run dockerCommandRun via bash -c so pipes/redirects work librelad 2026-05-24 13:05:24 +01:00
  • 42a96b909b Merge claude/1 librelad 2026-05-24 13:02:44 +01:00
  • ee4f7cedbf fix(rootless): run docker ps inside the install-user shell when restarting all containers librelad 2026-05-24 13:02:44 +01:00
  • 2a4e81025f Merge claude/1 librelad 2026-05-24 12:59:41 +01:00
  • a361c5bb9e fix(rootless): show a message when .bashrc is already configured librelad 2026-05-24 12:59:41 +01:00
  • 016f11882e Merge claude/1 librelad 2026-05-24 02:23:00 +01:00
  • 03afcfa4f1 fix(switcher): read rootless install user authoritatively from config, not the mode-polluted global librelad 2026-05-24 02:23:00 +01:00
  • ad902c6478 Merge claude/1 librelad 2026-05-24 02:03:11 +01:00
  • 474ba55764 fix(switcher): bulletproof reconcile var/path resolution + diagnostics librelad 2026-05-24 02:03:11 +01:00
  • 96300d5f6b Merge claude/1 librelad 2026-05-24 01:51:39 +01:00
  • eab9565c49 fix(switcher): reconcile uses CFG_DOCKER_INSTALL_USER (lowercase var empty in CLI ctx) librelad 2026-05-24 01:51:39 +01:00
  • b2d57b2774 Merge claude/1 librelad 2026-05-24 01:40:58 +01:00
  • 10af56b9c4 refactor(desudo): rooted ops run as the manager user, not sudo->root librelad 2026-05-24 01:40:58 +01:00
  • 82411f00f4 Merge claude/1 librelad 2026-05-24 01:36:29 +01:00
  • 3f7622d9e3 fix(switcher): control plane is libreportal in BOTH modes (root was never intended) librelad 2026-05-24 01:36:29 +01:00
  • 9ec95657b7 Merge claude/1 librelad 2026-05-24 01:28:56 +01:00
  • e9bea13d3b fix(switcher): reconcile also flips the WebUI's own (0:0) dir so it survives a switch librelad 2026-05-24 01:28:56 +01:00
  • 068db94320 Merge claude/1 librelad 2026-05-24 01:16:49 +01:00
  • 1dc915f642 feat(switcher): reconcileDockerOwnership — safe owner-only control-plane reconcile on mode switch librelad 2026-05-24 01:16:49 +01:00
  • e7b55be73a Merge claude/1 librelad 2026-05-24 00:58:16 +01:00
  • 3d0570de14 fix(rootless): make createTouch owner-by-location (app=dockerinstall, else manager) librelad 2026-05-24 00:58:16 +01:00
  • 007b39ea14 Merge claude/1 librelad 2026-05-24 00:23:37 +01:00
  • affd96fb42 fix(rootless): don't disable userland-proxy (breaks rootless bridge on Debian) librelad 2026-05-24 00:23:37 +01:00
  • fa2df5dffe Merge claude/1 librelad 2026-05-24 00:12:06 +01:00
  • 68110d199c fix(rootless): slirp4netns default, manager-vs-container helper split, sysctl path librelad 2026-05-24 00:12:06 +01:00
  • 4b17efd1b3 Merge claude/1 librelad 2026-05-23 23:51:01 +01:00
  • f1ce5e3822 harden(desudo): fix docker-cmd helper bug; convert jitsi/authelia/reset_git librelad 2026-05-23 23:51:01 +01:00
  • 5741fe6ee9 Merge claude/1 librelad 2026-05-23 23:48:23 +01:00
  • 43779a992b harden(desudo): backup engines (restic/kopia/borg) + crowdsec host helpers librelad 2026-05-23 23:48:23 +01:00
  • 1d6e838349 Merge claude/1 librelad 2026-05-23 23:46:58 +01:00
  • d7c0d12314 harden(desudo): funnel firewall/ssh/socket/systemd system ops through runSystem librelad 2026-05-23 23:46:58 +01:00
  • 8532aecb3f Merge claude/1 librelad 2026-05-23 23:45:42 +01:00
  • 0c719b5912 harden(desudo): add runInstallOp helper + convert adguard/traefik/crowdsec/dashy librelad 2026-05-23 23:45:42 +01:00
  • 8813ced29e Merge claude/1 librelad 2026-05-23 23:38:24 +01:00
  • ccbb2e1c47 harden(desudo): convert permission/touch helpers + network-mode processor librelad 2026-05-23 23:38:24 +01:00
  • fe01a1947b Merge claude/1 librelad 2026-05-23 23:36:13 +01:00
  • 582664aadf harden(desudo): convert crontab daemon, db-scan, port-allocation subsystems librelad 2026-05-23 23:36:13 +01:00
  • 6e0dc04dd7 Merge claude/1 librelad 2026-05-23 23:33:51 +01:00
  • a8248ccf7f harden(desudo): convert monitoring subsystem + global log-append idiom librelad 2026-05-23 23:33:51 +01:00
  • 03d7a7b969 Merge claude/1 librelad 2026-05-23 23:26:13 +01:00
  • bdd73b4686 harden(desudo): append-capable runFileWrite + convert config-to-container librelad 2026-05-23 23:26:13 +01:00
  • a5cdbc4656 Merge claude/1 librelad 2026-05-23 23:22:46 +01:00
  • 82839abea6 harden(desudo): arg-safe runFileOp + convert DNS subsystem off raw sudo librelad 2026-05-23 23:22:46 +01:00
  • 5e8e28f33d Merge claude/1 librelad 2026-05-23 22:59:18 +01:00
  • 0bf9c41c51 harden(rootless): offset userns surface with kptr/ptrace/bpf-jit sysctls librelad 2026-05-23 22:59:18 +01:00
  • 6d781b66a8 Merge claude/1 librelad 2026-05-23 22:54:55 +01:00
  • f65ecfc5ed refactor(config): move CFG_ROOTLESS_NET to its own advanced network_rootless file librelad 2026-05-23 22:54:55 +01:00
  • 5bf2011b1a Merge claude/1 librelad 2026-05-23 22:52:44 +01:00
  • 829816b826 feat(rootless): default to pasta+implicit, disable userland-proxy, make net driver switchable librelad 2026-05-23 22:52:44 +01:00
  • caa197f2fa Merge claude/2 librelad 2026-05-23 22:24:43 +01:00
  • f6a51f9a19 fix(rootless): run WebUI container as userns-root with socket gid 0 librelad 2026-05-23 22:24:43 +01:00
  • e52938bba5 Merge claude/2 librelad 2026-05-23 22:02:42 +01:00
  • 049d5de6a8 fix(rootless): start daemon with slirp4netns, not invalid pasta+builtin librelad 2026-05-23 22:02:42 +01:00
  • 7a277384f0 Merge claude/2 librelad 2026-05-23 21:42:29 +01:00
  • 49c1a23221 fix(rootless): run install-user commands via sudo -u, not SSH librelad 2026-05-23 21:42:29 +01:00
  • 67cda1c955 Merge claude/2 librelad 2026-05-23 21:23:12 +01:00
  • 90584f0b30 fix(rootless): actually create the docker install user librelad 2026-05-23 21:23:12 +01:00
  • 8f6f4c65ed Merge claude/2 librelad 2026-05-23 20:56:56 +01:00
  • 48d9bd0a13 fix(init): never clobber live config values on deploy/reinstall librelad 2026-05-23 20:56:56 +01:00
  • 8f21fe5fdf Merge claude/2 librelad 2026-05-23 20:45:28 +01:00
  • d5acb7e169 refactor(backup): route /docker ops through mode-aware helper librelad 2026-05-23 20:45:28 +01:00
  • e89ce25a19 Merge claude/2 librelad 2026-05-23 20:35:18 +01:00
  • 5c928fe9c0 feat(privilege): mode-aware privileged-op helper librelad 2026-05-23 20:35:18 +01:00
  • 14efcc579b Merge claude/2 librelad 2026-05-23 20:31:52 +01:00
  • 9104c1770e chore: regen source arrays to include files_ssh.sh librelad 2026-05-23 20:31:52 +01:00
  • 6a2ba02647 security(init): manage manager-user sudo via validated sudoers.d drop-in librelad 2026-05-23 20:26:43 +01:00
  • 812e09c044 Merge claude/2 librelad 2026-05-23 20:16:13 +01:00
  • c8e3a152a6 security: default fresh installs to rootless Docker librelad 2026-05-23 20:16:13 +01:00
  • 7e7a7f524c Merge claude/1 librelad 2026-05-23 19:03:54 +01:00
  • a103aa6864 refactor(webui): path-based URLs for apps, app, tasks, backup librelad 2026-05-23 19:03:54 +01:00
  • a511ed9e8d Merge claude/1 librelad 2026-05-23 18:36:06 +01:00
  • fab6997cd7 refactor(webui): path-based Admin routing (/admin/config/<x>, /admin/tools/ssh-access) librelad 2026-05-23 18:36:06 +01:00
  • 8315a58226 Merge claude/2 librelad 2026-05-23 18:27:28 +01:00
  • 036f72d3c2 fix(backup): verify against snapshot restorability, not the live dir librelad 2026-05-23 18:27:28 +01:00
  • 3d7fc0a3f6 Merge claude/2 librelad 2026-05-23 18:23:03 +01:00
  • 3a1cd8464e fix(backup): make captured file staging readable by the backup user librelad 2026-05-23 18:23:03 +01:00
  • c460f7afcb Merge claude/1 librelad 2026-05-23 18:19:25 +01:00
  • 23a15345fb refactor(admin): sidebar Config/Tools groups, per-group breadcrumbs, SSH matches config layout librelad 2026-05-23 18:19:25 +01:00
  • b1c84a9b3c Merge claude/2 librelad 2026-05-23 18:15:53 +01:00
  • 94c9e83c42 feat(backup): container-side capture of private app files librelad 2026-05-23 18:15:53 +01:00
  • 0d7cab8c97 Merge claude/1 librelad 2026-05-23 17:57:21 +01:00
  • b5107e30cc feat(admin): Admin Overview landing + unified Admin page headers librelad 2026-05-23 17:57:21 +01:00
  • 193206cbf5 Merge claude/1 librelad 2026-05-23 17:31:26 +01:00
  • 4fd043a852 refactor(webui): fold SSH Access into an Admin area librelad 2026-05-23 17:31:26 +01:00
  • 403b7055c8 Merge claude/2 librelad 2026-05-23 17:18:00 +01:00
  • d0ec43e3ca fix(focalboard): chown data dir to runtime uid so db persists librelad 2026-05-23 17:18:00 +01:00
  • 9e4ebdf360 Merge claude/2 librelad 2026-05-23 17:12:09 +01:00
  • d0a53d4c7a fix(focalboard): persist database + enable live backup librelad 2026-05-23 17:12:09 +01:00