LibrePortal/scripts/instance/instance_create.sh
librelad 376610cd11 feat(apps): scoped multi-instance support (run two of an app)
Lets a *multi-instance-capable* app run as several fully isolated instances
on one box (e.g. two Bookstack/WordPress sites, or a "family" + "work"
Nextcloud) — distinct data, DB, subdomain, backups and update cadence.

Design: an instance is just another app. It gets its own slug (<type>_<id>),
its own CFG_<SLUG>_* namespace, deployed dir, DB row, IP/port allocation and
host, so the entire existing pipeline (scan, install, services, routing,
updater, backups) treats it like any app with zero changes. All
instance-specific rewriting is confined to a clone of the type's template;
the shipped template and the core engine are untouched.

Gating: opt-in per app via CFG_<TYPE>_MULTI_INSTANCE=true. Only Bookstack
carries it for now (the validated reference). The other 31 apps are
unaffected — the feature is invisible unless the flag is present.

- scripts/instance/instance_create.sh — clone + re-namespace config, rewrite
  compose identity (container_name / Traefik routers / backup labels) and
  per-app tools, set a hostname-safe subdomain (PORT field 10), then hand off
  to dockerInstallApp. Plus instanceList / instanceRemove.
- libreportal instance create|remove|list — new CLI category; mutations route
  through the task system (no new mutating API endpoint).
- WebUI: "instance of <type>" badge + a "New instance" card action on capable
  apps, and a create modal (name + domain# + subdomain, live host preview)
  that dispatches the standard task. Capability/instance-of read straight off
  the already-exposed app config.

Known follow-ups (documented): flip the flag on more apps after a compose
identity check (Nextcloud next); per-app tools are best-effort isolated.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-06-04 23:34:52 +01:00

240 lines
10 KiB
Bash

#!/bin/bash
# Multi-instance support.
#
# Some apps are worth running more than once on a single box — e.g. two
# WordPress/Bookstack sites, or a "family" and a "work" Nextcloud kept in
# separate trust/blast-radius/backup domains. Internal multi-tenancy answers
# logical separation; this answers instance-level isolation (independent data,
# version cadence, admin, restore granularity).
#
# The model: an instance is just another app. It gets its own slug
# (<type>_<id>), its own CFG_<SLUG>_* namespace, its own deployed dir, DB row,
# IP/port allocation, subdomain and backups — so the entire downstream pipeline
# (scan, install, services, routing, updater, backups) treats it like any other
# app with ZERO changes. Everything instance-specific happens here, on a cloned
# copy of the type's template, leaving the shipped template and the core engine
# untouched.
#
# Only apps that opt in via CFG_<TYPE>_MULTI_INSTANCE=true can be instanced;
# structurally-singleton apps (Traefik, DNS, VPN, the *arr stack, LibrePortal
# itself) never get the flag.
# Read a CFG_<TYPE>_<KEY> value straight from a type's template config, without
# relying on it already being sourced.
instanceTypeCfg() {
local type="$1" key="$2"
local cfg="${install_containers_dir%/}/$type/$type.config"
[[ -f "$cfg" ]] || return 1
local line
line=$(grep -E "^CFG_${type^^}_${key}=" "$cfg" | head -n1)
[[ -z "$line" ]] && return 1
line="${line#*=}"
line="${line//$'\r'/}"
line="${line#\"}"
line="${line%\"}"
printf '%s' "$line"
}
# Turn a user-supplied instance name into the <id> half of the slug. App configs
# are SOURCED, so the slug (uppercased) must be a valid shell identifier — that
# means [a-z0-9] only (underscores are fine, hyphens are not). Hostname-safety is
# handled separately by the subdomain, which may contain hyphens.
instanceIdPart() {
local raw="${1,,}"
raw="${raw//[^a-z0-9]/}"
printf '%s' "$raw"
}
# Upsert a single CFG line in a config file (append if absent, else update).
_instanceSetCfg() {
local key="$1" val="$2" file="$3"
if grep -qE "^${key}=" "$file"; then
updateConfigOption "$key" "$val" "$file" >/dev/null
else
echo "${key}=\"${val}\"" >> "$file"
fi
}
# Rewrite field 10 (the subdomain column) of the instance's primary webui port so
# the instance routes to its own host instead of inheriting the type's. Empty
# subdomain would otherwise resolve to <slug>.<domain> — and the slug carries an
# underscore, which isn't valid in a hostname.
_instanceSetSubdomain() {
local slug_u="$1" subdomain="$2" file="$3"
local key="CFG_${slug_u}_PORT_1"
local line
line=$(grep -E "^${key}=" "$file" | head -n1)
[[ -z "$line" ]] && return 0
local val="${line#*=}"
val="${val//$'\r'/}"
val="${val#\"}"
val="${val%\"}"
local IFS='|'
local -a f=($val)
while [[ ${#f[@]} -lt 11 ]]; do f+=(""); done
f[10]="$subdomain"
local newval="${f[*]}"
updateConfigOption "$key" "$newval" "$file" >/dev/null
}
# Rewrite identity-bearing tokens in the cloned compose so the instance's
# containers, Traefik routers and backup labels are unique. image: lines are
# deliberately left untouched (rule 2/3 anchor on their line prefix; the
# *-service / *_db tokens never appear in an image path).
_instanceRewriteCompose() {
local type="$1" slug="$2" dir="$3"
local f="$dir/docker-compose.yml"
[[ -f "$f" ]] || return 0
# 1. Traefik router/service names (<type>-service) and the db container/host
# (<type>_db) — these tokens are unambiguous, rewrite everywhere.
sed -i -E "s/\b${type}-service\b/${slug}-service/g; s/\b${type}_db\b/${slug}_db/g" "$f"
# 2. The standalone app container (container_name: <type>) — anchored so the
# image: line ending in <type> is never touched.
sed -i -E "s/(container_name:[[:space:]]*)${type}\b/\1${slug}/g" "$f"
# 3. The files-backup label's container ref (libreportal.backup.files: "<type>:/...").
sed -i -E "s/(libreportal\.backup\.files:[[:space:]]*\")${type}\b/\1${slug}/g" "$f"
}
# Clone + prefix-rename the per-app tools/scripts so an instance's helpers target
# its own container and don't collide (by function name) with the type's. This is
# best-effort: it keeps the tool tree internally consistent, but apps with unusual
# tool wiring may need review before their flag is flipped.
_instanceRewriteTools() {
local type="$1" slug="$2" dir="$3"
local d f base
for d in "$dir/tools" "$dir/scripts"; do
[[ -d "$d" ]] || continue
for f in "$d/${type}_"*.sh "$d/${type}.tools.json"; do
[[ -e "$f" ]] || continue
base="$(basename "$f")"
mv "$f" "$d/${base/#${type}/${slug}}"
done
for f in "$d"/*.sh "$d"/*.json; do
[[ -e "$f" ]] || continue
# Uniform lowercase-prefix rename keeps file names, function defs and
# tools.json ids consistent; then fix container-exec + config refs.
sed -i -E "s/\b${type}_/${slug}_/g" "$f"
sed -i -E "s/(docker[[:space:]]+(exec|logs|restart|stop|start|inspect)[[:space:]]+)${type}\b/\1${slug}/g" "$f"
sed -i -E "s/\b${type}\.config\b/${slug}.config/g" "$f"
done
done
}
# Provision and install a new instance of a multi-instance-capable app.
# instanceCreate <type> <name> [domain_index] [subdomain]
instanceCreate() {
local type="$1" rawname="$2" domain_idx="$3" subdomain="$4"
local type_dir="${install_containers_dir%/}/$type"
if [[ -z "$type" || ! -d "$type_dir" || ! -f "$type_dir/$type.config" ]]; then
isError "Instance create: unknown app type '$type'."
return 1
fi
local capable
capable=$(instanceTypeCfg "$type" "MULTI_INSTANCE")
if [[ "$capable" != "true" ]]; then
isError "App type '$type' is not multi-instance-capable. Set CFG_${type^^}_MULTI_INSTANCE=true on a reviewed app to allow it."
return 1
fi
local id
id=$(instanceIdPart "$rawname")
if [[ -z "$id" ]]; then
isError "Instance create: '$rawname' has no usable letters/digits for an instance name."
return 1
fi
local slug="${type}_${id}"
local slug_u="${slug^^}"
if [[ -d "${install_containers_dir%/}/$slug" || -d "${containers_dir%/}/$slug" ]]; then
isError "An app or instance named '$slug' already exists. Pick a different name."
return 1
fi
# Default the host to a hyphen-safe form of the slug; let the caller override.
[[ -z "$subdomain" ]] && subdomain="${slug//_/-}"
isNotice "Creating new '$type' instance '$id' (slug: $slug, host: ${subdomain}.<domain>)"
# 1. Clone the type's template tree into a new instance template.
local inst_dir="${install_containers_dir%/}/$slug"
cp -r "$type_dir" "$inst_dir"
if [[ ! -d "$inst_dir" ]]; then
isError "Instance create: failed to clone template for '$slug'."
return 1
fi
# 2. Rename the files that are keyed by the type slug.
[[ -f "$inst_dir/$type.config" ]] && mv "$inst_dir/$type.config" "$inst_dir/$slug.config"
[[ -f "$inst_dir/$type.svg" ]] && cp "$inst_dir/$type.svg" "$inst_dir/$slug.svg"
[[ -f "$inst_dir/$type.png" ]] && cp "$inst_dir/$type.png" "$inst_dir/$slug.png"
local cfg="$inst_dir/$slug.config"
# 3. Re-namespace the config (CFG_<TYPE>_* -> CFG_<SLUG>_*) then stamp the
# instance metadata. Secrets keep their RANDOMIZED* placeholders so the
# install-time scanner mints fresh ones — instances never share secrets.
sed -i -E "s/CFG_${type^^}_/CFG_${slug_u}_/g" "$cfg"
local type_title
type_title=$(instanceTypeCfg "$type" "TITLE")
[[ -z "$type_title" ]] && type_title="$type"
_instanceSetCfg "CFG_${slug_u}_INSTANCE_OF" "$type" "$cfg"
_instanceSetCfg "CFG_${slug_u}_MULTI_INSTANCE" "false" "$cfg"
_instanceSetCfg "CFG_${slug_u}_TITLE" "${type_title} · ${id}" "$cfg"
[[ -n "$domain_idx" ]] && _instanceSetCfg "CFG_${slug_u}_DOMAIN" "$domain_idx" "$cfg"
_instanceSetSubdomain "$slug_u" "$subdomain" "$cfg"
# 4. Make the cloned compose + tools target the instance's own identity.
_instanceRewriteCompose "$type" "$slug" "$inst_dir"
_instanceRewriteTools "$type" "$slug" "$inst_dir"
isSuccessful "Instance template ready: $slug (instance of $type)"
# 5. Hand off to the standard installer — from here it's just another app.
if ! declare -F dockerInstallApp >/dev/null 2>&1; then
isError "dockerInstallApp unavailable; instance template created but not installed."
return 1
fi
dockerInstallApp "$slug" "" "false"
}
# List instances, optionally filtered to one type. An instance is any app whose
# config declares CFG_<SLUG>_INSTANCE_OF.
instanceList() {
local want_type="$1"
local dir folder slug instance_of
for dir in "${install_containers_dir%/}"/*/; do
folder="$(basename "$dir")"
[[ -f "$dir/$folder.config" ]] || continue
instance_of=$(grep -E "^CFG_${folder^^}_INSTANCE_OF=" "$dir/$folder.config" 2>/dev/null | head -n1)
[[ -z "$instance_of" ]] && continue
instance_of="${instance_of#*=}"; instance_of="${instance_of//\"/}"; instance_of="${instance_of//$'\r'/}"
[[ -n "$want_type" && "$instance_of" != "$want_type" ]] && continue
echo "$folder (instance of $instance_of)"
done
}
# Remove an instance: standard uninstall (deployed dir + DB + compose down) then
# drop the instance's template clone. Refuses to touch a non-instance app.
instanceRemove() {
local slug="$1"
local cfg="${install_containers_dir%/}/$slug/$slug.config"
if [[ ! -f "$cfg" ]]; then
isError "Instance remove: no such instance '$slug'."
return 1
fi
if ! grep -qE "^CFG_${slug^^}_INSTANCE_OF=" "$cfg"; then
isError "'$slug' is a base app, not an instance — uninstall it via 'libreportal app uninstall $slug'."
return 1
fi
if declare -F dockerUninstallApp >/dev/null 2>&1; then
dockerUninstallApp "$slug" "false" "false"
fi
rm -rf "${install_containers_dir%/}/$slug"
isSuccessful "Removed instance '$slug'."
}