librelad 32b2840d73 refactor(migrate)!: rewrite kernel — discover/preflight/apply with JSON progress
Phase 0 of the migration-system refresh. Replaces the 77-line
scripts/migrate/ with a properly-shaped kernel that Phase 1 (WebUI) and
Phase 3 (direct peer SSH) can both build on.

New module layout (6 files):
  migrate_progress.sh   — migrateEmit JSON-per-line helper; opt-in via
                          MIGRATE_JSON_PROGRESS=1, writes to fd 3 if open
                          (clean WebUI streaming channel) else stdout.
  migrate_discover.sh   — migrateDiscoverHosts / migrateDiscoverApps /
                          migrateDiscoverAppDetail (JSON {snapshots, latest_*}).
                          Old migrateDiscoverAppsForHost kept as back-compat.
  migrate_preflight.sh  — migratePreflight emits one JSON object with
                          snapshot{id,date}, destination{installed,running,
                          disk_free_kb}, collision{occurs,default_action,
                          pre_backup_default}, url_rewrite{default_action,
                          per_app_opt_out}, warnings[], errors[].
                          Exit 0 on usable preflight, 1 on hard error.
  migrate_url_rewrite.sh— Host-bound CFG_<APP>_* fields (URL/HOST/DOMAIN/
                          DOMAIN_PREFIX/HOSTNAME/PUBLIC_URL) get rewritten
                          from the destination's install-template after
                          restore — so a moved app stops claiming the
                          source's hostnames. Per-app opt-out via
                          CFG_<APP>_MIGRATE_URL_REWRITE=false. All other
                          fields (DB passwords, API keys, prefs) carry
                          over from the source unchanged.
  migrate_pre_backup.sh — migratePreBackupDestination takes a snapshot of
                          the destination's existing <app> (tagged
                          pre-migrate=<UTC timestamp>) before the wipe.
                          Default ON; opt-out with --no-pre-backup. Safety
                          net for the always-replace collision policy.
  migrate_apply.sh      — migrateApplyApp / migrateApplySystem. Parses
                          --no-pre-backup / --keep-urls / --json-progress
                          opts, runs preflight → pre-backup → restoreAppStart
                          (existing flow) → URL rewrite → re-deploy compose.
                          migrateApp / migrateSystem kept as shims so the
                          old CLI surface still works.

CLI dispatcher (cli_restore_commands.sh + cli_restore_header.sh):
  Existing 'restore migrate app/system/discover' calls all still work.
  New verbs:
    restore migrate list <host> [loc_idx]
    restore migrate preflight <host> <app> [loc_idx]   ← JSON, for the WebUI

Design choices baked in (per the spec):
  - Always-replace collision (no multi-install of an app), safety net is the
    on-by-default pre-migrate backup.
  - URL rewrite by host-bound suffix list, not per-field allowlist — works
    out-of-the-box for new apps without extra config.
  - migrateEmit fd-3 contract is what Phase 1's WebUI will stream; falls
    back to stdout in interactive CLI so dev/debug just works.
  - Transport-agnostic: nothing in this kernel knows whether the backup
    location is local/SSH/S3/Connect — engineSnapshotsJson + engineBackupApp
    do that, so Connect (the future blind-relay) plugs in as 'just another
    location kind' with zero kernel changes.

Smoke-tested: all 13 public functions register; JSON emit produces correct
escaping (quoted strings vs bare numerics) and respects MIGRATE_JSON_PROGRESS.

Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-26 17:22:54 +01:00
2026-05-21 20:37:54 +01:00

LibrePortal

Your own private corner of the internet — free, open, and yours.

LibrePortal is a self-hosted platform for running the apps you rely on, on your own server: one-click installs, a reverse proxy with automatic SSL, rootless Docker, optional VPN routing, and a clean web dashboard to manage it all.

⚠️ v0.1.0 — early days. Expect rough edges while things settle.

Why LibrePortal

Too many services today treat your data as theirs to take — quietly overstepping boundaries that should never have been crossed. LibrePortal grew out of frustration with that: it's a way to run the apps you depend on on your own server, where your data stays yours. Privacy here isn't a feature to toggle — it's the whole point.

Free & open — forever

The entire platform is free software under the GNU AGPLv3. Self-host it and you get everything — every feature, no paywalls, no telemetry. See our Promise for exactly what that means.

What you get

  • 📦 One-click self-hosted apps (Nextcloud, Vaultwarden, Jellyfin, Gitea, …)
  • 🔀 Traefik reverse proxy + automatic Let's Encrypt SSL
  • 🔒 Rootless Docker, CrowdSec, sane security defaults
  • 🛡️ Optional VPN routing (gluetun) for any app
  • 🖥️ A web dashboard to install, configure, back up, and monitor everything

Quick start

curl -fsSL https://get.libreportal.org/install.sh | sudo bash

This installs a versioned, checksum-verified release (Debian/Ubuntu, root). Put data on separate disks with --system-dir= / --containers-dir= / --backups-dir=.

The get.libreportal.org host is still being set up — until it's live, build a release and install from it locally (see the docs below).

Documentation

  • docs/USER.md — install, place data on separate disks/drives, update, back up, uninstall.
  • docs/DEVELOPMENT.md — run a dev copy, cut stable/edge releases, and test them before publishing.

LibrePortal Connect (optional)

Self-hosting is free and complete. If you'd rather not fiddle with the tricky parts — like reaching your server from your phone, or keeping off-site backups — LibrePortal Connect will handle them for you. Here's the catch that makes us different: we work like a courier carrying a sealed box. We move your data between your devices and store backup copies, but it stays locked and you hold the only key — we can't open it, and we never run your apps for you. Everything we offer, you can also set up yourself for free. Our Promise spells out exactly where that line sits.

Contributing

PRs welcome — see CONTRIBUTING.md. We use a lightweight DCO sign-off (git commit -s), no CLA.

Acknowledgments

LibrePortal has been built from scratch since 2023. Its spark of inspiration was a small installer script from Brian McGonagill (OpenSourceIsAwesome): gitlab.com/bmcgonag/docker_installs. From that seed it grew start to finish — refined, extended, and refactored into the platform it is today.

License

GNU AGPLv3. What's open stays open.

Description
No description provided
Readme AGPL-3.0 12 MiB
Languages
Shell 45.2%
JavaScript 38.5%
CSS 11.6%
TypeScript 3.1%
HTML 1.5%