ae51276a03
Web console - Pairing/Library/Stats refactored into self-contained subsections that each own their own queries + mutations; a shared slot-based layout (view.tsx) is filled by the live page (containers) and Storybook (pure cards + fixtures) so the layout can't drift. - All paired devices in one list on Pairing with a protocol column (punktfunk/1 + Moonlight), routing each unpair to the right endpoint; the redundant Clients page is removed. - Library: overview grid split from the add/edit form into separate files. - Login screen links out to the docs. Docs - "Console login password" section on every host page (apt/RPM/Bazzite/SteamOS/Windows) plus a new "Forgot your Password?" troubleshooting page, linked from the login screen. - Console served as HTTP/1.1 over TLS (drop the unusable HTTP/3 advertising) across the Bun entry, launchers, systemd units, and packaging. Tooling - Biome now respects .gitignore (stops linting generated code), config migrated to 2.5.1; all lint issues fixed cleanly. Also includes this branch's in-progress host, Apple client, packaging, and CI changes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
33 lines
1.8 KiB
Bash
33 lines
1.8 KiB
Bash
# punktfunk web console — packaged config reference.
|
|
#
|
|
# On a `apt install punktfunk-web` install you DO NOT edit anything: the systemd --user units wire
|
|
# everything automatically —
|
|
# punktfunk-web.service sets PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990, NODE_TLS_REJECT_UNAUTHORIZED=0,
|
|
# PORT=3000, HOST=0.0.0.0, the PUNKTFUNK_UI_TLS_* cert paths + PUNKTFUNK_UI_SECURE=1, and sources:
|
|
# ~/.config/punktfunk/mgmt-token (written by the host's `serve` — the shared bearer token)
|
|
# ~/.config/punktfunk/web-password (written by punktfunk-web-init — the console login password)
|
|
# ~/.config/punktfunk/{cert,key}.pem (the host identity — the console serves HTTPS with it)
|
|
#
|
|
# This file documents the variables for a MANUAL deploy (running `bun .output/server/index.mjs`
|
|
# yourself — the console runs on bun: `Bun.serve` is a Bun API, node can't run it). The mgmt API is
|
|
# HTTPS with the host's self-signed loopback cert, so the proxy needs NODE_TLS_REJECT_UNAUTHORIZED=0
|
|
# (its only outbound TLS hop is that loopback connection).
|
|
PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990
|
|
NODE_TLS_REJECT_UNAUTHORIZED=0
|
|
PORT=3000
|
|
HOST=0.0.0.0
|
|
|
|
# Serve the console over HTTPS (HTTP/1.1 over TLS) with the host's own identity cert. BOTH paths
|
|
# set ⇒ HTTPS. (No HTTP/2 or HTTP/3: Bun.serve has no HTTP/2 server, and a browser won't speak
|
|
# HTTP/3/QUIC against this self-signed, no-SAN host cert — so HTTP/1.1 over TLS is what's offered.)
|
|
PUNKTFUNK_UI_TLS_CERT=%h/.config/punktfunk/cert.pem
|
|
PUNKTFUNK_UI_TLS_KEY=%h/.config/punktfunk/key.pem
|
|
# Mark the session cookie Secure (required once served over TLS):
|
|
PUNKTFUNK_UI_SECURE=1
|
|
|
|
# Match the host's ~/.config/punktfunk/mgmt-token (auto-generated by the host if unset):
|
|
PUNKTFUNK_MGMT_TOKEN=
|
|
|
|
# Console login password (fails closed if unset on the built server):
|
|
PUNKTFUNK_UI_PASSWORD=
|