diff --git a/scripts/README.md b/scripts/README.md index f45e066..bef210c 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -12,7 +12,7 @@ Takes a fresh Debian 13 server and deploys a complete Felhom homeserver stack: Docker, Traefik reverse proxy, Cloudflare Tunnel (optional), TLS certificates, FileBrowser, and the felhom-controller dashboard. -**Version:** 5.0.0 +**Version:** 6.0.0 ### Quick start diff --git a/scripts/docker-setup.sh b/scripts/docker-setup.sh index 5200afb..33dd305 100644 --- a/scripts/docker-setup.sh +++ b/scripts/docker-setup.sh @@ -31,6 +31,8 @@ # --cf-token TOKEN Cloudflare API token for DNS-01 TLS # --cf-tunnel-token TK Cloudflare Tunnel token (optional) # --customer ID Customer identifier (optional, set in web wizard) +# --hub-customer ID Download config from Felhom Hub: customer ID +# --hub-password PW Download config from Felhom Hub: retrieval password # --traefik-password PW Password for Traefik dashboard (default: auto-generated) # --self-signed-cert Generate self-signed wildcard certificate # --skip-filebrowser Skip FileBrowser installation @@ -42,6 +44,9 @@ # sudo ./docker-setup.sh --domain demo-felhom.eu --customer demo-felhom \ # --email certs@felhom.eu --cf-token cf-xxx # +# Hub mode example: +# sudo ./docker-setup.sh --hub-customer demo-felhom --hub-password +# #=============================================================================== set -euo pipefail @@ -137,6 +142,8 @@ SELF_SIGNED_CERT=false DEBUG_MODE=false CUSTOMER_ID="" CF_TUNNEL_TOKEN="" +HUB_CUSTOMER="" +HUB_PASSWORD="" # Directories DOCKER_DATA_DIR="/opt/docker" @@ -207,6 +214,8 @@ OPTIONS: --bootstrap Install sudo (run first on fresh Debian) --domain DOMAIN Base domain for services (required) --customer ID Customer identifier (optional, set in web wizard) + --hub-customer ID Download config from Felhom Hub: customer ID + --hub-password PW Download config from Felhom Hub: retrieval password --ip ADDRESS Static IP address --gateway ADDRESS Gateway (default: 192.168.0.1) --dns ADDRESS DNS servers, comma-separated (default: 1.1.1.1,8.8.8.8) @@ -259,6 +268,9 @@ EXAMPLES: sudo ./docker-setup.sh --domain demo-felhom.eu --customer demo-felhom \ --ip 192.168.0.50 --email certs@felhom.eu --cf-token cf-xxx \ --cf-tunnel-token eyJhIjoi... + + # Hub mode — download pre-configured controller.yaml from Felhom Hub + sudo ./docker-setup.sh --hub-customer demo-felhom --hub-password EOF } @@ -306,6 +318,12 @@ parse_args() { --cf-tunnel-token) require_arg "$1" "${2:-}" CF_TUNNEL_TOKEN="$2"; shift 2 ;; + --hub-customer) + require_arg "$1" "${2:-}" + HUB_CUSTOMER="$2"; shift 2 ;; + --hub-password) + require_arg "$1" "${2:-}" + HUB_PASSWORD="$2"; shift 2 ;; --self-signed-cert) SELF_SIGNED_CERT=true; shift ;; --skip-filebrowser) SKIP_FILEBROWSER=true; shift ;; --dry-run) DRY_RUN=true; shift ;; @@ -373,6 +391,22 @@ parse_args() { exit 1 fi fi + + # Validate hub mode: both flags must be used together + if [[ -n "$HUB_CUSTOMER" && -z "$HUB_PASSWORD" ]]; then + log_error "--hub-customer requires --hub-password" + exit 1 + fi + if [[ -n "$HUB_PASSWORD" && -z "$HUB_CUSTOMER" ]]; then + log_error "--hub-password requires --hub-customer" + exit 1 + fi + if [[ -n "$HUB_CUSTOMER" ]]; then + if [[ ! "$HUB_CUSTOMER" =~ ^[a-zA-Z0-9_-]+$ ]]; then + log_error "Hub customer ID must be alphanumeric (hyphens/underscores allowed): $HUB_CUSTOMER" + exit 1 + fi + fi } #------------------------------------------------------------------------------- @@ -1436,6 +1470,37 @@ CONTROLLER_DIR="/opt/docker/felhom-controller" generate_minimal_config() { local step_num=5 [[ "$SELF_SIGNED_CERT" == true ]] && ((step_num++)) + + mkdir -p "${CONTROLLER_DIR}" + + if [[ -n "$HUB_CUSTOMER" ]]; then + log_step "${step_num}/$(get_total_steps) - Downloading controller.yaml from Felhom Hub..." + + if [[ "$DRY_RUN" == true ]]; then + echo -e "${CYAN}[DRY-RUN]${NC} Would download controller.yaml from https://hub.felhom.eu/api/v1/config/${HUB_CUSTOMER}" + return + fi + + local hub_url="https://hub.felhom.eu/api/v1/config/${HUB_CUSTOMER}" + local http_code + http_code=$(curl -fsSL \ + -H "X-Retrieval-Password: ${HUB_PASSWORD}" \ + -o "${CONTROLLER_DIR}/controller.yaml" \ + -w "%{http_code}" \ + "${hub_url}" 2>&1) || true + + if [[ "$http_code" == "200" ]]; then + chmod 600 "${CONTROLLER_DIR}/controller.yaml" + log_success "controller.yaml downloaded from Felhom Hub (customer: ${HUB_CUSTOMER})" + else + log_error "Failed to download controller.yaml from Hub (HTTP ${http_code})" + log_error "URL: ${hub_url}" + log_error "Check the customer ID and retrieval password, then re-run." + exit 1 + fi + return + fi + log_step "${step_num}/$(get_total_steps) - Generating minimal controller.yaml..." if [[ "$DRY_RUN" == true ]]; then @@ -1443,8 +1508,6 @@ generate_minimal_config() { return fi - mkdir -p "${CONTROLLER_DIR}" - # Build optional customer.id line local customer_id_line="" if [[ -n "$CUSTOMER_ID" ]]; then @@ -1594,7 +1657,9 @@ print_summary() { echo "" echo -e "${BOLD}Server IP:${NC} ${server_ip}" echo -e "${BOLD}Domain:${NC} *.${BASE_DOMAIN}" - if [[ -n "$CUSTOMER_ID" ]]; then + if [[ -n "$HUB_CUSTOMER" ]]; then + echo -e "${BOLD}Customer:${NC} ${HUB_CUSTOMER} (from Hub)" + elif [[ -n "$CUSTOMER_ID" ]]; then echo -e "${BOLD}Customer:${NC} ${CUSTOMER_ID}" fi echo "" @@ -1683,14 +1748,22 @@ main() { if [[ "$SELF_SIGNED_CERT" == true ]]; then echo " 5. Generate self-signed certificate" fi - echo " - Generate minimal controller.yaml" + if [[ -n "$HUB_CUSTOMER" ]]; then + echo " - Download controller.yaml from Felhom Hub (customer: ${HUB_CUSTOMER})" + else + echo " - Generate minimal controller.yaml" + fi echo " - Install Cloudflare Tunnel: $([[ -n "$CF_TUNNEL_TOKEN" ]] && echo "yes" || echo "skip")" echo " - Install FileBrowser: $([[ "$SKIP_FILEBROWSER" == true ]] && echo "skip" || echo "yes (auto-discover drives)")" echo " - Deploy felhom-controller" echo " - Install helper tools (ctop, lazydocker, aliases)" echo "" echo " Domain: *.${BASE_DOMAIN}" - echo " Customer: ${CUSTOMER_ID:-}" + if [[ -n "$HUB_CUSTOMER" ]]; then + echo " Hub customer: ${HUB_CUSTOMER} (config downloaded from Hub)" + else + echo " Customer: ${CUSTOMER_ID:-}" + fi echo " Traefik password: ${TRAEFIK_PASSWORD}" if [[ -n "$ACME_EMAIL" && -n "$CF_DNS_API_TOKEN" ]]; then echo -e " TLS: ${GREEN}Let's Encrypt (Cloudflare DNS-01)${NC}"