admin/deploy-felhom-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix bugs from BUGHUNT.md: restore race conditions, infra backup, DR wiring, docker-setup.sh, restore.html

Browse Source
This commit is contained in:
authentik Default Admin
2026-02-19 14:06:42 +01:00
parent cdaa137118
commit 75ea9d73f0
7 changed files with 1058 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/docker-setup.sh
+43 -11
View File
@@ -1052,7 +1052,7 @@ services:
restart: unless-stopped
command: tunnel run
environment:
- TUNNEL_TOKEN=${WIZ_CF_TUNNEL_TOKEN}
- TUNNEL_TOKEN="${WIZ_CF_TUNNEL_TOKEN}"
dns:
- 1.1.1.1
- 8.8.8.8
@@ -1242,7 +1242,7 @@ install_filebrowser() {
# Skip hidden dirs and raw mount dirs
[[ "$name" == .* ]] && continue
[[ "$name" == .felhom-raw ]] && continue
volume_lines+=" - ${mp%/}:/srv/${name}"$'\n'
volume_lines+=" - \"${mp%/}:/srv/${name}\""$'\n'
mount_comment+=" # ${mp%/} → /srv/${name}"$'\n'
((found_mounts++))
done
@@ -1252,8 +1252,8 @@ install_filebrowser() {
if [[ -n "${WIZ_SYSTEM_DATA_PATH:-}" && -d "${WIZ_SYSTEM_DATA_PATH}" ]]; then
local sdp_name
sdp_name=$(basename "${WIZ_SYSTEM_DATA_PATH}")
if ! echo "$volume_lines" | grep -q "${WIZ_SYSTEM_DATA_PATH}"; then
volume_lines+=" - ${WIZ_SYSTEM_DATA_PATH}:/srv/${sdp_name}"$'\n'
if ! echo "$volume_lines" | grep -qF "${WIZ_SYSTEM_DATA_PATH}"; then
volume_lines+=" - \"${WIZ_SYSTEM_DATA_PATH}:/srv/${sdp_name}\""$'\n'
((found_mounts++))
fi
fi
@@ -1464,6 +1464,29 @@ run_config_wizard() {
echo -e "${BOLD}${CYAN}===========================================================${NC}"
echo ""
# In dry-run mode, skip all interactive prompts and set dummy values
if [[ "$DRY_RUN" == true ]]; then
echo -e "${CYAN}[DRY-RUN]${NC} Would run interactive wizard and generate controller.yaml"
WIZ_CUSTOMER_ID="${CUSTOMER_ID:-demo-felhom}"
WIZ_CUSTOMER_NAME="${WIZ_CUSTOMER_ID}"
WIZ_DOMAIN="${BASE_DOMAIN:-homeserver.local}"
WIZ_EMAIL="${ACME_EMAIL:-}"
WIZ_CF_TUNNEL_TOKEN=""
WIZ_CF_API_TOKEN="${CF_DNS_API_TOKEN:-}"
WIZ_SYSTEM_DATA_PATH="/mnt/sys_drive"
WIZ_PASSWORD_HASH='<would-be-generated>'
WIZ_SESSION_SECRET='<would-be-generated>'
WIZ_GIT_REPO="https://gitea.dooplex.hu/admin/app-catalog-felhom.eu.git"
WIZ_GIT_USERNAME=""
WIZ_GIT_TOKEN=""
WIZ_HC_HEARTBEAT=""
WIZ_HC_SYSTEM=""
WIZ_HC_DBDUMP=""
WIZ_HC_BACKUP=""
WIZ_HC_INTEGRITY=""
return
fi
# Pre-seed from CLI flags
local def_customer="${CUSTOMER_ID}"
local def_domain="${BASE_DOMAIN}"
@@ -1511,8 +1534,13 @@ run_config_wizard() {
if [[ -n "$wiz_password" ]]; then
# Hash with htpasswd (apache2-utils installed in step 1)
if command -v htpasswd &>/dev/null; then
WIZ_PASSWORD_HASH=$(htpasswd -bnBC 10 "" "$wiz_password" | tr -d ':\n')
elif command -v python3 &>/dev/null; then
WIZ_PASSWORD_HASH=$(htpasswd -bnBC 10 "" "$wiz_password" 2>/dev/null | cut -d: -f2)
if [[ ! "$WIZ_PASSWORD_HASH" =~ ^\$2[aby]\$ ]]; then
log_warn "htpasswd failed — trying Python fallback"
WIZ_PASSWORD_HASH=""
fi
fi
if [[ -z "$WIZ_PASSWORD_HASH" ]] && command -v python3 &>/dev/null; then
WIZ_PASSWORD_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b'${wiz_password}', bcrypt.gensalt(10)).decode())" 2>/dev/null || echo "")
fi
if [[ -z "$WIZ_PASSWORD_HASH" ]]; then
@@ -1549,13 +1577,17 @@ run_config_wizard() {
CF_DNS_API_TOKEN="${WIZ_CF_API_TOKEN}"
ACME_EMAIL="${WIZ_EMAIL}"
# --- Generate controller.yaml ---
if [[ "$DRY_RUN" == true ]]; then
echo -e "${CYAN}[DRY-RUN]${NC} Would generate ${CONTROLLER_DIR}/controller.yaml"
echo -e "${CYAN}[DRY-RUN]${NC} Customer: ${WIZ_CUSTOMER_ID}, Domain: ${WIZ_DOMAIN}"
return
# --- Validate required fields ---
if [[ -z "$WIZ_CUSTOMER_ID" ]] || [[ "$WIZ_CUSTOMER_ID" == "demo-felhom" ]]; then
log_error "Customer ID is required and cannot be the default 'demo-felhom'"
exit 1
fi
if [[ -z "$WIZ_DOMAIN" ]] || [[ "$WIZ_DOMAIN" == "homeserver.local" ]]; then
log_error "A real domain is required (not 'homeserver.local')"
exit 1
fi
# --- Generate controller.yaml ---
mkdir -p "${CONTROLLER_DIR}"
cat > "${CONTROLLER_DIR}/controller.yaml" << YAMLEOF