The Features section was a grab-bag of ~27 toggles, most of which are
either category-specific (firewall, SSL, Docker network, SSH hardening)
or install-time choices that brick the box if flipped on a live
install (the WebUI / config / CLI / Docker requirements). One page
made auditing easier but flattened the risk hierarchy.
Reorganised so each toggle lives where it conceptually belongs, and
the dangerous install-time set is double-gated:
network_docker (Advanced) DOCKER_NETWORK, DOCKER_NETWORK_PRUNE,
DOCKER_SWITCHER
network_firewall (Advanced) UFW, UFWD, WHITELIST_PORT_UPDATER [new]
network_domains (field-Adv) SSLCERTS
security_ssh (Advanced) SSHKEY_DOWNLOADER, SSH_DISABLE_PASSWORDS,
BCRYPT_SAVE, GLUETUN_FOR_ALL [new]
general_terminal (Advanced) CRONTAB, CONFIGS_CHECK,
CONFIGS_AUTO_UPDATE, CONFIGS_AUTO_DELETE,
MISSING_IPS, CONTINUE_PROMPT,
SUGGEST_INSTALLS, SUGGEST_METRICS
general_install (Adv+DEV) CONFIG, COMMAND, WEBUI, WEBUI_SERVICE,
DATABASE, PASSWORDS, DOCKER_CE,
DOCKER_COMPOSE
The install-time eight are marked **ADVANCED** **DEV** — invisible
unless Developer Mode is on AND "Show Advanced Options" is expanded.
Each field's description was updated to note "Disabling on an existing
install will brick the system" / "install-time choice only" so a user
who does get to the toggle understands the gun before pulling the
trigger.
Other cleanup that fell out:
- Removed `configs/features/` directory entirely.
- Added the two new subcategories to SUBCATEGORY_ORDER in
network/.category and security/.category.
- Dropped the `category === 'features'` Danger Zone header special-case
in config-manager.js and its .danger-zone-section--header-only CSS
variant (sole user).
- Trimmed an obsolete "Edit the features config" notice in
check_requirements.sh.
Signed-off-by: librelad <librelad@digitalangels.vip>
58 lines
1.8 KiB
Bash
Executable File
58 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
checkRequirements()
|
|
{
|
|
isHeader "Checking Requirements"
|
|
isNotice "Requirements are about to be installed."
|
|
echo ""
|
|
|
|
checkRootRequirement;
|
|
checkCommandRequirement;
|
|
checkInstallTypeRequirement;
|
|
checkConfigRequirement;
|
|
checkPasswordsRequirement;
|
|
checkDatabaseRequirement;
|
|
checkDockerRequirement;
|
|
checkDockerComposeRequirement;
|
|
checkDockerRootlessRequirement;
|
|
checkDockerNetworkRequirement;
|
|
checkUFWRequirement;
|
|
checkUFWDRequirement;
|
|
checkSSLCertsRequirement;
|
|
checkSwapfileRequirement;
|
|
checkCrontabRequirement;
|
|
checkWebUISystemdRequirement;
|
|
checkSuggestInstallsRequirement;
|
|
checkLibrePortalWebUIImageRequirement;
|
|
checkLibrePortalWebUIAppRequirement;
|
|
checkTraefikRequirement;
|
|
checkDockerSwitcherRequirement;
|
|
|
|
# `startPreInstall` already runs `startScan` at the end of its flow, so
|
|
# only call it again on the no-preinstall path. Otherwise every
|
|
# `libreportal run` that touches preinstall fires `webuiLibrePortalUpdate`
|
|
# twice (the lock file is removed at the end of each invocation, so the
|
|
# second call doesn't short-circuit — it does the full regen again).
|
|
if [[ "$preinstallneeded" -ne 0 ]]; then
|
|
startPreInstall;
|
|
else
|
|
startScan;
|
|
fi
|
|
|
|
# After load here
|
|
if [[ "$initial_command2" == "install" ]]; then
|
|
# Clear the install spam so the credentials are the first thing the
|
|
# user sees. The full transcript is preserved in $install_log_path.
|
|
# Stdout is teed to a log file (start.sh `exec > >(tee …)`), so we
|
|
# write the clear sequence straight to /dev/tty instead of relying
|
|
# on `[ -t 1 ]`, which is false under that redirect.
|
|
if [ -e /dev/tty ] && [ -t 0 ]; then
|
|
clear >/dev/tty 2>/dev/null || printf '\033c' >/dev/tty 2>/dev/null
|
|
fi
|
|
webuiDisplayLogins;
|
|
fi
|
|
|
|
if [[ "$initial_command2" == "terminal" ]]; then
|
|
resetToMenu;
|
|
fi
|
|
} |