restructured files, and updated for build outside

2026-02-13 19:10:35 +01:00
parent f72bb57eda
commit e9dde0a340
14 changed files with 347 additions and 151 deletions
@@ -0,0 +1,123 @@
+# =============================================================================
+# Felhom Controller Configuration
+# =============================================================================
+# Location: /opt/docker/felhom-controller/controller.yaml
+#
+# This file contains ONLY infrastructure and customer identity config.
+# Application-specific configuration (passwords, paths, etc.) is handled
+# interactively during first deployment via the dashboard UI and stored
+# per-app in /opt/docker/stacks/<app>/app.yaml
+#
+# Environment variable overrides: FELHOM_<SECTION>_<KEY>
+# (e.g., FELHOM_CUSTOMER_DOMAIN=example.hu)
+# =============================================================================
+
+# --- Customer identity ---
+customer:
+  id: "demo-felhom"                    # Unique customer identifier
+  name: "Demo Ügyfél"                  # Display name (shown on dashboard)
+  domain: "demo-felhom.eu"             # Base domain for all services
+  email: ""                            # Customer notification email (optional)
+  telegram_chat_id: ""                 # Telegram notifications (optional, future)
+
+# --- Infrastructure secrets ---
+infrastructure:
+  cf_tunnel_token: ""                  # Cloudflare Tunnel token
+  cf_api_token: ""                     # Cloudflare API token (DNS-01 challenge)
+
+# --- Paths (system-level only) ---
+paths:
+  stacks_dir: "/opt/docker/stacks"     # Where compose files live
+  data_dir: "/opt/docker/felhom-controller/data"
+  backup_dir: "/srv/backups"
+  db_dump_dir: "/srv/backups/db-dumps"
+
+# --- Web UI ---
+web:
+  listen: ":8080"
+  # Bcrypt hash. Empty = first-visit setup prompt.
+  password_hash: ""
+  session_secret: ""                   # Auto-generated on first start
+
+# --- Git synchronization ---
+git:
+  repo_url: "https://gitea.dooplex.hu/admin/app-catalog-felhom.eu.git"
+  branch: "main"
+  sync_interval: "15m"
+  username: ""
+  token: ""
+
+# --- Stack management ---
+stacks:
+  protected:
+    - "traefik"
+    - "cloudflared"
+    - "felhom-controller"
+  update_window: "03:00-05:00"
+  compose_command: ""
+
+# --- Backup ---
+backup:
+  enabled: true
+  restic_repo: "/srv/backups/restic-repo"
+  restic_password_file: "/opt/docker/felhom-controller/restic-password"
+  db_dump_schedule: "02:30"
+  restic_schedule: "03:00"
+  retention:
+    keep_daily: 7
+    keep_weekly: 4
+    keep_monthly: 6
+  prune_schedule: "weekly"
+
+# --- Monitoring ---
+monitoring:
+  enabled: true
+  healthchecks_base: "https://status.felhom.eu"
+  ping_uuids:
+    db_dump: "CHANGEME-uuid-for-db-dump"
+    backup: "CHANGEME-uuid-for-backup"
+    system_health: "CHANGEME-uuid-for-system-health"
+  health_check_schedule: "06:00"
+  thresholds:
+    disk_warn_percent: 80
+    disk_crit_percent: 90
+    backup_max_age_hours: 36
+    cpu_warn_percent: 90
+    memory_warn_percent: 85
+    temperature_warn_celsius: 75
+
+# --- Self-update ---
+self_update:
+  enabled: true
+  check_interval: "6h"
+  image: "gitea.dooplex.hu/admin/felhom-controller"
+  auto_update: false
+  health_timeout_seconds: 60
+
+# --- Notifications ---
+notifications:
+  customer_events:
+    - "disk_warning"
+    - "backup_failed"
+    - "update_available"
+    - "security_update"
+  operator_events:
+    - "disk_critical"
+    - "backup_failed"
+    - "self_update_failed"
+    - "container_unhealthy"
+
+# --- Logging ---
+logging:
+  level: "info"
+  file: ""
+  max_size_mb: 10
+  max_files: 3
+
+# --- Assets ---
+assets:
+  # App logos, screenshots, and descriptions are baked into the container
+  # image at build time (from the felhom.eu website assets).
+  # Served locally at /static/assets/ — no external dependency.
+  # The source URL is only used during image build, not at runtime.
+  source_url: "https://felhom.eu"
@@ -0,0 +1,106 @@
+# =============================================================================
+# .felhom.yml — App metadata for felhom-controller
+# =============================================================================
+# Place alongside docker-compose.yml in each stack directory:
+#   /opt/docker/stacks/paperless-ngx/.felhom.yml
+#
+# This file defines:
+#   1. Display info (name, description, icon)
+#   2. Deploy fields (what the user fills in during first deployment)
+#   3. Asset references (logos, screenshots loaded from felhom.eu)
+#   4. Resource hints (RAM, Pi compatibility)
+# =============================================================================
+
+# --- Display info (shown on dashboard) ---
+display_name: "Paperless-ngx"
+description: "Dokumentumok digitalizálása és rendszerezése"
+category: "productivity"              # productivity, media, finance, security, tools
+subdomain: "paperless"                # -> paperless.<domain>
+
+# --- Asset slug ---
+# Used to construct URLs for logo and screenshots from felhom.eu:
+#   Logo:        {assets.base_url}/assets/{slug}-logo.webp
+#   Screenshot:  {assets.base_url}/assets/{slug}-screenshot-{n}.webp
+#   App page:    {assets.base_url}/alkalmazasok#{slug}
+# Falls back to directory name if not set.
+slug: "paperless-ngx"
+
+# --- Resource hints (displayed on deploy screen) ---
+resources:
+  ram: "~500MB"
+  pi_compatible: true                  # Runs on Raspberry Pi 3B+
+  needs_hdd: true                      # Needs external storage for user data
+
+# --- Deploy fields ---
+# Shown to the user during first deployment.
+# After deployment, values are saved to app.yaml in the stack directory.
+#
+# Field types:
+#   domain    - Auto-filled from controller config, read-only
+#   secret    - Auto-generated, hidden (user sees "Generated ✓")
+#   password  - Auto-generated but shown, user can override
+#   path      - Filesystem path (validated for existence)
+#   text      - Free text input
+#   select    - Dropdown with predefined options
+#   boolean   - Toggle switch
+#
+# Generator types (for secret/password):
+#   password:N  - N chars alphanumeric
+#   hex:N       - N bytes hex-encoded
+#   static:VAL  - Fixed value
+
+deploy_fields:
+  - env_var: DOMAIN
+    label: "Domain"
+    type: domain
+    description: "A szerver domain neve"
+    locked_after_deploy: true
+
+  - env_var: DB_PASSWORD
+    label: "Adatbázis jelszó"
+    type: secret
+    generate: "password:24"
+    locked_after_deploy: true
+
+  - env_var: PAPERLESS_SECRET_KEY
+    label: "Titkosítási kulcs"
+    type: secret
+    generate: "hex:32"
+    locked_after_deploy: true
+
+  - env_var: PAPERLESS_ADMIN_USER
+    label: "Admin felhasználónév"
+    type: text
+    default: "admin"
+    locked_after_deploy: false
+
+  - env_var: PAPERLESS_ADMIN_PASSWORD
+    label: "Admin jelszó"
+    type: password
+    generate: "password:16"
+    description: "Első bejelentkezéshez. Utána a webes felületen módosítható."
+    locked_after_deploy: false
+
+  - env_var: HDD_PATH
+    label: "Adattárolási útvonal"
+    type: path
+    required: true
+    placeholder: "/mnt/hdd_1"
+    description: "A külső merevlemez elérési útja, ahol a dokumentumok tárolódnak"
+    locked_after_deploy: true
+
+  - env_var: PAPERLESS_OCR_LANGUAGE
+    label: "OCR nyelv"
+    type: select
+    default: "hun+eng"
+    options:
+      - value: "hun"
+        label: "Magyar"
+      - value: "eng"
+        label: "Angol"
+      - value: "hun+eng"
+        label: "Magyar + Angol"
+      - value: "deu+eng"
+        label: "Német + Angol"
+    description: "Dokumentum felismerés nyelve"
+    locked_after_deploy: false