enricobuehler
b2e5878711
android / android (push) Failing after 21s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Failing after 0s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Failing after 1s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 1s
ci / rust (push) Failing after 2m27s
ci / web (push) Failing after 10s
ci / docs-site (push) Failing after 0s
ci / bench (push) Failing after 1s
deb / build-publish (push) Failing after 0s
decky / build-publish (push) Failing after 1s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Failing after 0s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Failing after 0s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Failing after 0s
docker / deploy-docs (push) Has been skipped
flatpak / build-publish (push) Failing after 0s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 0s
apple / swift (push) Successful in 53s
The mgmt API already always serves HTTPS (the host identity cert), but on a loopback bind with no token it ran unauthenticated — any local process could drive it. Make auth required ALWAYS: - new mgmt_token::load_or_generate(): token precedence is --mgmt-token > env PUNKTFUNK_MGMT_TOKEN > persisted ~/.config/punktfunk/mgmt-token > freshly generated 32-byte hex, persisted 0600 in KEY=VALUE form (so the bundled web console can source it directly as a systemd EnvironmentFile — one source of truth). config_dir() made pub(crate). - parse_serve() resolves the token via load_or_generate() when unset, so a bare `serve` Just Works with auth on and no operator step. - mgmt::run() drops the loopback no-token exemption and requires a token; require_auth()'s unauthenticated fallback now returns 401. The paired-cert (mTLS) branch is unchanged — Apple client + library auth unaffected. - web /api proxy: 503 (legible) instead of forwarding an empty bearer. - tests: test_app/test_app_native default a token, send() auto-attaches the bearer; blank-token test asserts the new "no token" refusal. 80 pass. - docs: mgmt module doc + host.env.example reflect always-on auth + auto-gen. Compiles, clippy/fmt clean, openapi no drift. Part B (bundle the web console into apt, auto-wired to this token) follows. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
56 lines
3.3 KiB
Bash
56 lines
3.3 KiB
Bash
# punktfunk host configuration (~/.config/punktfunk/host.env) — consumed by punktfunk-host.service.
|
|
#
|
|
# The compositor + input backend are AUTO-DETECTED per connect from the live session (the host
|
|
# probes which compositor is actually running and retargets WAYLAND_DISPLAY/XDG_CURRENT_DESKTOP/
|
|
# DBUS at it), so a box that flips between Steam Gaming Mode and a KDE/GNOME desktop is followed
|
|
# automatically. The blocks below are OPTIONAL OVERRIDES — uncomment one only to force a backend
|
|
# (this also skips the per-connect env retargeting). The anchors XDG_RUNTIME_DIR + DBUS stay.
|
|
|
|
# Session / compositor environment (headless KWin example).
|
|
XDG_RUNTIME_DIR=/run/user/1000
|
|
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
|
|
WAYLAND_DISPLAY=wayland-kde
|
|
XDG_CURRENT_DESKTOP=KDE
|
|
|
|
# Video source: `virtual` creates a per-client virtual output at the client's exact
|
|
# resolution+refresh (the flagship mode); `portal` captures an existing monitor.
|
|
PUNKTFUNK_VIDEO_SOURCE=virtual
|
|
|
|
# GPU zero-copy capture (EGL/Vulkan → CUDA → NVENC). Falls back to CPU automatically.
|
|
PUNKTFUNK_ZEROCOPY=1
|
|
|
|
# --- Bazzite / SteamOS-like host: host-managed Steam-Deck-UI session -----------------------
|
|
# The host LAUNCHES gamescope-session-plus headless AT THE CLIENT'S mode (so games see the
|
|
# client's exact resolution + refresh, not the box's TV), and relaunches it when the mode
|
|
# changes. Requires the headless-appliance prereqs (linger + multi-user.target — see
|
|
# punktfunk-steam-session.service header) and NO physical gaming session running.
|
|
#PUNKTFUNK_COMPOSITOR=gamescope
|
|
#PUNKTFUNK_GAMESCOPE_SESSION=steam # host owns a gamescope-session-plus session at the client mode
|
|
#PUNKTFUNK_INPUT_BACKEND=gamescope
|
|
# Mutually exclusive with the above: ATTACH to a gamescope session something ELSE owns (fixed mode):
|
|
#PUNKTFUNK_GAMESCOPE_NODE=auto # discover + capture a running gamescope (do NOT combine with SESSION)
|
|
|
|
# --- GNOME / Mutter host (e.g. an Ubuntu desktop) -----------------------------------------
|
|
# Attach to a running GNOME (Wayland) session — its default socket is wayland-0, not wayland-kde.
|
|
# Mutter creates the per-client virtual output via its `RecordVirtual` D-Bus API (a virtual
|
|
# monitor alongside any real one), and input goes through the RemoteDesktop portal (libei). On a
|
|
# real desktop the host runs as the logged-in user; headless GNOME also works (gnome-shell
|
|
# --headless). Needs GNOME ≥ 48 for the zero-copy RecordVirtual path.
|
|
#WAYLAND_DISPLAY=wayland-0
|
|
#XDG_CURRENT_DESKTOP=GNOME
|
|
#PUNKTFUNK_COMPOSITOR=mutter
|
|
#PUNKTFUNK_VIDEO_SOURCE=virtual
|
|
#PUNKTFUNK_INPUT_BACKEND=libei
|
|
|
|
# Optional overrides (apps.json is the primary mechanism for per-app settings):
|
|
#PUNKTFUNK_COMPOSITOR=kwin # kwin | mutter | gamescope | wlroots
|
|
#PUNKTFUNK_GAMESCOPE_APP=vkcube # nested command for ad-hoc bare-gamescope sessions
|
|
#PUNKTFUNK_INPUT_BACKEND=libei # wlr | libei | gamescope | uinput
|
|
#PUNKTFUNK_FEC_PCT=20 # video FEC overhead percent
|
|
#PUNKTFUNK_PERF=1 # per-stage timing logs
|
|
#RUST_LOG=info
|
|
# Management API bearer token. The mgmt API is HTTPS + token-authenticated ALWAYS (even on
|
|
# loopback); if unset it is auto-generated + persisted to ~/.config/punktfunk/mgmt-token (which the
|
|
# bundled web console sources). Set here only to pin a specific token.
|
|
#PUNKTFUNK_MGMT_TOKEN=
|