admin
5e2012728f
- Add geo-restriction section to customer detail page (status, countries, per-app overrides, sync state, errors) - Add "Összes geo-korlátozás eltávolítása" button that directly calls Cloudflare API to delete [felhom-geo] WAF rules (bypasses blocked tunnel) - Background retry to notify controller to disable geo in settings - New internal/cloudflare/unblock.go — minimal CF client for rule deletion - Remove legacy Monitoring UUIDs from config form, buildConfigJSON, handlePullConfig, volatileKeys, and controller.yaml.default Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
135 lines
4.2 KiB
Plaintext
135 lines
4.2 KiB
Plaintext
# =============================================================================
|
|
# Felhom Controller Configuration
|
|
# =============================================================================
|
|
# Location: /opt/docker/felhom-controller/controller.yaml
|
|
#
|
|
# This file contains ONLY infrastructure and customer identity config.
|
|
# Application-specific configuration (passwords, paths, etc.) is handled
|
|
# interactively during first deployment via the dashboard UI and stored
|
|
# per-app in /opt/docker/stacks/<app>/app.yaml
|
|
#
|
|
# Environment variable overrides: FELHOM_<SECTION>_<KEY>
|
|
# (e.g., FELHOM_CUSTOMER_DOMAIN=example.hu)
|
|
# =============================================================================
|
|
|
|
# --- Customer identity ---
|
|
customer:
|
|
id: "demo-felhom" # Unique customer identifier
|
|
name: "Demo Ügyfél" # Display name (shown on dashboard)
|
|
domain: "demo-felhom.eu" # Base domain for all services
|
|
email: "" # Customer notification email (optional)
|
|
telegram_chat_id: "" # Telegram notifications (optional, future)
|
|
|
|
# --- Infrastructure secrets ---
|
|
infrastructure:
|
|
cf_tunnel_token: "" # Cloudflare Tunnel token
|
|
cf_api_token: "" # Cloudflare API token (DNS-01 challenge)
|
|
|
|
# --- Paths (system-level only) ---
|
|
paths:
|
|
stacks_dir: "/opt/docker/stacks" # Where compose files live
|
|
data_dir: "/opt/docker/felhom-controller/data"
|
|
system_data_path: "/mnt/sys_drive" # Mount point of user-data partition on system drive (e.g., /mnt/sys_drive)
|
|
|
|
# --- System ---
|
|
system:
|
|
reserved_memory_mb: 384 # Memory reserved for OS (excluded from app budget)
|
|
|
|
# --- Web UI ---
|
|
web:
|
|
listen: ":8080"
|
|
# Bcrypt hash. Empty = first-visit setup prompt.
|
|
password_hash: ""
|
|
session_secret: "" # Auto-generated on first start
|
|
|
|
# --- Git synchronization ---
|
|
git:
|
|
repo_url: "https://gitea.dooplex.hu/admin/app-catalog-felhom.eu.git"
|
|
branch: "main"
|
|
sync_interval: "15m"
|
|
username: ""
|
|
token: ""
|
|
|
|
# --- Stack management ---
|
|
stacks:
|
|
protected:
|
|
- "traefik"
|
|
- "cloudflared"
|
|
- "felhom-controller"
|
|
- "filebrowser"
|
|
update_window: "03:00-05:00"
|
|
compose_command: ""
|
|
|
|
# --- Backup ---
|
|
# Per-drive backup paths are computed automatically:
|
|
# <drive>/backups/primary/restic/ — restic repo per drive
|
|
# <drive>/backups/primary/<app>/db-dumps/ — DB dumps per app
|
|
# <drive>/backups/secondary/ — cross-drive rsync + restic
|
|
backup:
|
|
enabled: true
|
|
restic_password_file: "/opt/docker/felhom-controller/data/restic-password"
|
|
db_dump_schedule: "02:30"
|
|
restic_schedule: "03:00"
|
|
retention:
|
|
keep_daily: 7
|
|
keep_weekly: 4
|
|
keep_monthly: 6
|
|
prune_schedule: "weekly"
|
|
|
|
# --- Monitoring ---
|
|
monitoring:
|
|
enabled: true
|
|
healthchecks_base: "https://status.felhom.eu"
|
|
system_health_interval: "5m"
|
|
health_check_schedule: "06:00"
|
|
thresholds:
|
|
disk_warn_percent: 80
|
|
disk_crit_percent: 90
|
|
backup_max_age_hours: 36
|
|
cpu_warn_percent: 90
|
|
memory_warn_percent: 85
|
|
temperature_warn_celsius: 75
|
|
|
|
# --- Central hub (operator dashboard) ---
|
|
hub:
|
|
enabled: true # Enable central reporting
|
|
url: "https://hub.felhom.eu" # Hub API endpoint
|
|
api_key: "" # Per-customer API key
|
|
push_interval: "15m" # How often to push reports
|
|
|
|
# --- Self-update ---
|
|
self_update:
|
|
enabled: true
|
|
check_interval: "6h"
|
|
image: "gitea.dooplex.hu/admin/felhom-controller"
|
|
auto_update: false
|
|
health_timeout_seconds: 60
|
|
|
|
# --- Notifications ---
|
|
notifications:
|
|
customer_events:
|
|
- "disk_warning"
|
|
- "backup_failed"
|
|
- "update_available"
|
|
- "security_update"
|
|
operator_events:
|
|
- "disk_critical"
|
|
- "backup_failed"
|
|
- "self_update_failed"
|
|
- "container_unhealthy"
|
|
|
|
# --- Logging ---
|
|
logging:
|
|
level: "info"
|
|
file: ""
|
|
max_size_mb: 10
|
|
max_files: 3
|
|
|
|
# --- Assets ---
|
|
assets:
|
|
# App logos, screenshots, and descriptions are baked into the container
|
|
# image at build time (from the felhom.eu website assets).
|
|
# Served locally at /static/assets/ — no external dependency.
|
|
# The source URL is only used during image build, not at runtime.
|
|
source_url: "https://felhom.eu"
|