The previous PR pinned `filebrowser/filebrowser:v2-alpine` to v2.63.13
but it crashlooped on:
Error: open /database/filebrowser.db: permission denied
The v2.63.13 image (debian-based default) runs as a non-root UID and
can't write to files on the PVC that were created by the v2-alpine
image (which ran as root). No `v2.63.13-alpine` tag exists upstream
(filebrowser stopped publishing per-version alpine variants), so we
can't trivially preserve the same runtime.
Quick recovery: revert to v2-alpine so filebrowser is usable again.
Proper fix (deferred): either an initContainer that `chown -R 1000:1000
/database /srv` or a `securityContext.fsGroup: 1000` on the pod spec
to let the non-root UID write to the existing PVC. Both require some
care since the chown is destructive if the UID is wrong.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- umami postgresql-latest -> postgresql-v1.38.0
- filebrowser v2-alpine -> v2.63.13
These two were "latest"-style moving tags that Renovate physically
cannot propose updates for. Pinning to current upstream versions so
future bumps go through the normal Renovate PR flow.
Note: Renovate operates from the homelab-manifests repo, not this one
yet — but felhom-system/* copies exist in homelab-manifests for
discoverability, and Renovate already tracks the pinned forms via a
new customManager for the umami `postgresql-vX.Y.Z` pattern (added in
homelab-manifests admin-system/renovate.yaml). For now, future bumps
will need to be applied to both repos until we consolidate the source
of truth.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace the hardcoded 60s meta-refresh with a JavaScript-based timer
and a toggle switch in the page header. The preference persists across
page loads via localStorage (enabled by default).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New infra_backup_versions table with GFS pruning (~14 versions per
customer). Recovery endpoint supports ?version=ID. New /versions API.
Dashboard shows collapsible backup history with app names and disk count.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Config form now shows Zone WAF:Edit requirement alongside DNS:Edit.
Hub README updated with permission note.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add Configuration page with "Refresh Assets" button
- Replace seedIfEmpty with seedOrUpdate (SHA-256 compare on startup)
- Translate all Hungarian text on Apps pages to English
- Add Configuration tab to all template navigation
- Expand isAssetFile to match favicon patterns
- Add felhom-logo.svg to website assets for the pipeline
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds "Telemetria törlése" button that deletes all telemetry records and
known issues for a specific app. Useful after major app updates when old
data is no longer representative.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add internal/assets package that manages app assets (logos, screenshots)
on Hub PVC with automatic seeding from baked-in image copy on first run.
Two new API endpoints: GET /assets/manifest (JSON with SHA-256 checksums)
and GET /assets/file/{name} for controllers to sync assets.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace 64-char hex retrieval passwords with 5-word Hungarian
passphrases (e.g. áldás-plazmid-palánta-süvítve-pócgém) for
better UX in disaster recovery scenarios. Embed 29K+ word list
via go:embed. API keys remain hex.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- New GET /api/v1/recovery/{customer_id}: returns generated controller.yaml
and infra backup in a single response for disaster recovery.
Auth via X-Retrieval-Password header.
- Report response now includes customer_blocked: true when customer
status is "blocked" — controllers use this to detect standing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
"Current version" → "Controller version", "Latest version" → "Registry latest"
to avoid confusion when running version is ahead of registry cache.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove extra "v" prefix from ControllerVersion display (was "vv0.21.1")
- Add monitoring.ping_uuids.* to volatile keys — skipped in config diff
- Update manifest to v0.3.3
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add hubVersion template function via closure in web.New(). Version is
passed from main.go (set via ldflags at build time) and displayed in
the footer of all 6 page templates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace broken SHA256 hash comparison with value-based YAML comparison.
Add "Show Diff" button showing per-key differences in a color-coded table.
Add "Pull Config" to import controller's current config into the Hub.
New endpoints: GET /customers/{id}/config-diff, POST /customers/{id}/pull-config.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
admin