admin/deploy-felhom-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated scripts

Browse Source
This commit is contained in:
authentik Default Admin
2026-02-22 11:18:38 +01:00
parent 1fb2ff0516
commit c085de45dd
3 changed files with 233 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/README.md
+44 -15
View File
@@ -28,10 +28,8 @@ sudo ./docker-setup.sh \
--cf-token "your-cloudflare-api-token" \
--customer "customer-1"
# Hub mode — download pre-configured controller.yaml from Felhom Hub
# Hub mode — one-liner: all infra settings (domain, email, CF tokens) come from Hub
sudo ./docker-setup.sh \
--domain example.com \
--email admin@example.com \
--hub-customer "customer-1" \
--hub-password "retrieval-password-from-hub"
```
@@ -94,26 +92,33 @@ The script supports three mutually exclusive TLS modes:
- Generates 10-year wildcard cert with custom CA
- CA cert copied to user home for manual device import
### Hub download mode
### Hub mode
When both `--hub-customer` and `--hub-password` are provided, the script downloads a
pre-configured `controller.yaml` from the Felhom Hub instead of running the interactive wizard:
pre-configured `controller.yaml` from the Felhom Hub **before any infra setup begins**,
then extracts the stored values to auto-configure everything — no additional flags needed:
```
GET https://hub.felhom.eu/api/v1/config/{customer_id}
Header: X-Retrieval-Password: {password}
```
On success:
- Saves downloaded YAML as `controller.yaml` (permissions 600)
- Extracts domain, email, CF tokens for use by subsequent setup steps (Traefik, Cloudflare Tunnel)
- Skips the interactive wizard entirely
The downloaded config is parsed early in the run and populates:
On failure:
- Logs a warning with HTTP status code
- Falls back to the interactive wizard
| Extracted field | Used for |
|-----------------|----------|
| `customer.domain` | Traefik routing, TLS cert SANs, DNS display |
| `customer.email` | Let's Encrypt ACME registration |
| `infrastructure.cf_api_token` | Traefik DNS-01 TLS challenge |
| `infrastructure.cf_tunnel_token` | Cloudflare Tunnel connector |
Hub credentials are created in the Hub web UI at `https://hub.felhom.eu/configs`.
CLI flags always take precedence — passing `--domain` overrides the hub value.
On failure (wrong credentials, network error):
- Script exits immediately with the HTTP status code and the failing URL
- Nothing is installed
Hub credentials are found in the Hub web UI under the customer's **Credentials** section.
### Configuration wizard
@@ -220,8 +225,8 @@ sudo ./felhom-wipe.sh --level full --yes
|-------|-----------------|
| `soft` | Controller state files only: `settings.json`, `metrics.db`, `setup-state.json`, `update-state.json`, `session-data.json`, `snapshot-history.json` |
| `controller` | Soft + all non-infra Docker containers, all Docker volumes (except `portainer_data`), all stack directories (skips protected stacks by default) |
| `full` | `controller`-level cleanup + `felhom-data/` on all storage drives (appdata, backups). Also removes old-style `appdata/` and `backups/` directories for pre-v0.26.0 compatibility. Infra containers (including felhom-controller) are **preserved**; controller is restarted after cleanup. |
| `nuclear` | Full + all infra containers (controller, traefik, cloudflared, portainer), DR markers (`.felhom-infra-backup/` on all drives), `docker system prune -af --volumes`, and all infra config directories (`/opt/docker/felhom-controller/`, `/opt/docker/traefik/`, `/opt/docker/cloudflared/`, `/opt/docker/stacks/`) |
| `full` | `controller`-level cleanup + `felhom-data/` on all storage drives (appdata, backups). Also removes old-style `appdata/` and `backups/` directories for pre-v0.26.0 compatibility. Removes `/mnt/.felhom-scan/` (stale DR scan dir). Infra containers (including felhom-controller) are **preserved**; controller is restarted after cleanup. |
| `nuclear` | Full + all infra containers (controller, traefik, cloudflared, portainer), DR markers (`.felhom-infra-backup/` on all drives), raw helper mounts (`/mnt/.felhom-raw/` — unmount bind+raw, strip fstab entries), `/mnt/.felhom-scan/`, `docker system prune -af --volumes`, and all infra config directories (`/opt/docker/felhom-controller/`, `/opt/docker/traefik/`, `/opt/docker/cloudflared/`, `/opt/docker/stacks/`) |
### CLI options
@@ -237,11 +242,35 @@ sudo ./felhom-wipe.sh --level full --yes
- Reads registered storage paths from `settings.json`
- Also scans `/mnt/*/` for `felhom-data/` or legacy `appdata/` directories not in the registry
### Raw helper mounts
The attach wizard creates a two-level mount structure for pre-formatted drives:
```
/dev/sdb1 (physical partition)
└─ /mnt/.felhom-raw/hdd_1/ ← raw mount (persists in fstab, backs the bind)
└─ felhom_data/
└─ /mnt/hdd_1/ ← bind mount (what apps actually use)
```
Both `fstab` entries survive reboots. On `nuclear` wipe, the script:
1. Unmounts bind mounts (e.g. `/mnt/hdd_1`) first
2. Unmounts raw mounts (e.g. `/mnt/.felhom-raw/hdd_1`)
3. Strips both `fstab` entries
4. Removes the now-empty `/mnt/.felhom-raw/` directory
The physical data on the drive partition is **not touched** — only the mount point
directories (empty after unmounting) are removed.
`/mnt/.felhom-scan/` is a separate ephemeral directory used only during the DR setup
wizard to temporarily inspect drives. It is cleaned up from `full` level onwards.
### What is preserved
- OS and system files
- Infrastructure containers and config (unless `nuclear`)
- User files: `Dokumentumok/`, `media/`, other non-felhom directories on drives
- Drive data — raw mounts are unmounted but partition contents are untouched
- DR markers on drives (unless `nuclear`)
### Safety