enricobuehler
ba39b08e09
apple / swift (push) Successful in 1m6s
ci / rust (push) Successful in 5m51s
android / android (push) Successful in 6m21s
ci / web (push) Successful in 49s
ci / docs-site (push) Successful in 58s
windows-host / package (push) Successful in 8m6s
release / apple (push) Successful in 8m17s
deb / build-publish (push) Successful in 3m26s
decky / build-publish (push) Successful in 25s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
ci / bench (push) Successful in 4m42s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 30s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m36s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m17s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 19s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 51s
apple / screenshots (push) Successful in 5m45s
docker / deploy-docs (push) Successful in 22s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 22s
Web console - Pairing/Library/Stats refactored into self-contained subsections that each own their own queries + mutations; a shared slot-based layout (view.tsx) is filled by the live page (containers) and Storybook (pure cards + fixtures) so the layout can't drift. - All paired devices in one list on Pairing with a protocol column (punktfunk/1 + Moonlight), routing each unpair to the right endpoint; the redundant Clients page is removed. - Library: overview grid split from the add/edit form into separate files. - Login screen links out to the docs. Docs - "Console login password" section on every host page (apt/RPM/Bazzite/SteamOS/Windows) plus a new "Forgot your Password?" troubleshooting page, linked from the login screen. - Console served as HTTP/1.1 over TLS (drop the unusable HTTP/3 advertising) across the Bun entry, launchers, systemd units, and packaging. Tooling - Biome now respects .gitignore (stops linting generated code), config migrated to 2.5.1; all lint issues fixed cleanly. Also includes this branch's in-progress host, Apple client, packaging, and CI changes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
45 lines
2.4 KiB
Bash
45 lines
2.4 KiB
Bash
# punktfunk web — management console (Nitro server on bun) configuration.
|
|
# Copy to `.env` (gitignored) or set these in the environment of `bun .output/server/index.mjs`.
|
|
# NOTE: on a packaged install (the punktfunk-web .deb) you edit NOTHING — the systemd --user units
|
|
# auto-wire these from the host's ~/.config/punktfunk/{mgmt-token,web-password,cert.pem,key.pem}.
|
|
# See web.env.example.
|
|
|
|
# REQUIRED in production: the shared login password for the console. The built Nitro
|
|
# server fails CLOSED (503 on every request) if this is unset, so a LAN-exposed server
|
|
# never admits anyone by accident.
|
|
PUNKTFUNK_UI_PASSWORD=change-me
|
|
|
|
# Management API the console proxies to. It serves HTTPS (the host's own identity cert) and
|
|
# requires auth (mTLS or the bearer below). Keep this loopback — the login-gated web server is
|
|
# the only path to it.
|
|
PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990
|
|
|
|
# REQUIRED: bearer token for the management API, injected server-side by the /api proxy (never
|
|
# sent to the browser). Must match the host's `--mgmt-token` / PUNKTFUNK_MGMT_TOKEN — otherwise
|
|
# the proxy gets 401.
|
|
PUNKTFUNK_MGMT_TOKEN=
|
|
|
|
# REQUIRED with the HTTPS mgmt API: the host presents a SELF-SIGNED identity cert on loopback,
|
|
# which the proxy's fetch would otherwise reject (→ 502). The web server makes no other outbound
|
|
# TLS calls, so disabling verification here only affects the loopback hop to the host's own cert.
|
|
NODE_TLS_REJECT_UNAUTHORIZED=0
|
|
|
|
# OPTIONAL: explicit cookie-sealing secret (>= 32 chars). If unset, a stable key is derived
|
|
# from PUNKTFUNK_UI_PASSWORD (changing the password then invalidates sessions).
|
|
# PUNKTFUNK_UI_SECRET=
|
|
|
|
# TLS: serve the console over HTTPS (HTTP/1.1 over TLS) using the HOST's own identity cert (the cert
|
|
# native clients already pin). Point these at the host's PEM files; BOTH set ⇒ HTTPS. Unset ⇒ plain
|
|
# HTTP (local dev only). (No HTTP/2 or HTTP/3: Bun.serve has no HTTP/2 server, and a browser won't
|
|
# speak HTTP/3/QUIC against this self-signed, no-SAN host cert.)
|
|
PUNKTFUNK_UI_TLS_CERT=/home/you/.config/punktfunk/cert.pem
|
|
PUNKTFUNK_UI_TLS_KEY=/home/you/.config/punktfunk/key.pem
|
|
|
|
# REQUIRED when serving over TLS: mark the session cookie Secure (browsers drop a Secure cookie over
|
|
# plain http://, so it is OFF by default; turn it ON whenever PUNKTFUNK_UI_TLS_* is set).
|
|
PUNKTFUNK_UI_SECURE=1
|
|
|
|
# The Bun server binds these (standard Nitro env):
|
|
# PORT=3000
|
|
# HOST=0.0.0.0
|