861da54066
apple / swift (push) Successful in 1m6s
apple / screenshots (push) Has been cancelled
ci / rust (push) Has been cancelled
ci / web (push) Has been cancelled
ci / docs-site (push) Has been cancelled
ci / bench (push) Has been cancelled
android-screenshots / screenshots (push) Successful in 50s
android / android (push) Successful in 3m25s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 33s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 4s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 4s
windows-host / package (push) Successful in 6m28s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 52s
windows-msix / package (arm64, C:\Users\Public\ffmpeg-arm64, aarch64-pc-windows-msvc, C:\t-a64) (push) Successful in 1m3s
windows-msix / package (x64, C:\Users\Public\ffmpeg, x86_64-pc-windows-msvc, C:\t) (push) Successful in 1m5s
linux-client-screenshots / screenshots (push) Successful in 2m9s
release / apple (push) Successful in 9m25s
docker / deploy-docs (push) Successful in 20s
web-screenshots / screenshots (push) Successful in 2m33s
deb / build-publish (push) Successful in 3m19s
decky / build-publish (push) Successful in 19s
flatpak / build-publish (push) Successful in 5m9s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Successful in 9m21s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Successful in 8m38s
Port 3000 collides with half the dev-server ecosystem; 47992 sits next to the mgmt API (47990) in the punktfunk port family. Updates the run scripts, systemd/scheduled-task units, Dockerfile, Windows firewall rule + installer, packaging, and every doc that referenced :3000. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
38 lines
1.9 KiB
Desktop File
38 lines
1.9 KiB
Desktop File
# punktfunk management web console — systemd USER unit (Nitro SSR on bun, port 47992, HTTPS).
|
|
#
|
|
# Installed by the punktfunk-web .deb to /usr/lib/systemd/user/. AUTO-WIRED — no env editing:
|
|
# it sources the host's mgmt token + the generated login password, serves HTTPS (HTTP/1.1 over TLS)
|
|
# with the host's own identity cert (~/.config/punktfunk/{cert,key}.pem), and points the /api proxy
|
|
# at the host's loopback HTTPS mgmt API (self-signed cert → NODE_TLS_REJECT_UNAUTHORIZED for the
|
|
# proxy's only outbound hop, which is loopback). Enable per user:
|
|
# systemctl --user enable --now punktfunk-web
|
|
[Unit]
|
|
Description=punktfunk management web console
|
|
# web-init generates the login password; the host writes the mgmt token. Order after both.
|
|
After=punktfunk-web-init.service punktfunk-host.service
|
|
Wants=punktfunk-web-init.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
# Both are KEY=VALUE files. mgmt-token is REQUIRED (written by the host's `serve`); if absent the
|
|
# unit fails + Restart retries until the host has created it. web-password is '-' optional (web-init
|
|
# creates it first, but a manual operator may inject PUNKTFUNK_UI_PASSWORD another way).
|
|
EnvironmentFile=%h/.config/punktfunk/mgmt-token
|
|
EnvironmentFile=-%h/.config/punktfunk/web-password
|
|
Environment=PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990
|
|
Environment=NODE_TLS_REJECT_UNAUTHORIZED=0
|
|
Environment=PORT=47992
|
|
Environment=HOST=0.0.0.0
|
|
# Serve HTTPS (HTTP/1.1 over TLS) with the host's own identity cert; mark the
|
|
# session cookie Secure. The host's `serve` writes these PEMs; if absent at start the unit fails and
|
|
# Restart retries (same as the mgmt-token wait above) rather than silently serving plain HTTP.
|
|
Environment=PUNKTFUNK_UI_TLS_CERT=%h/.config/punktfunk/cert.pem
|
|
Environment=PUNKTFUNK_UI_TLS_KEY=%h/.config/punktfunk/key.pem
|
|
Environment=PUNKTFUNK_UI_SECURE=1
|
|
ExecStart=/usr/bin/punktfunk-web-server
|
|
Restart=on-failure
|
|
RestartSec=2
|
|
|
|
[Install]
|
|
WantedBy=default.target
|