Skip to content

118 bootstrap procedure #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
runleveldev merged 76 commits into from
Dec 3, 2025
Merged

118 bootstrap procedure #136

runleveldev merged 76 commits into from
Dec 3, 2025

Conversation

@runleveldev
Copy link
Collaborator

@runleveldev runleveldev commented Nov 21, 2025
edited
Loading

Required features:

  • 'Site' model (id PK, name, internalDomain, subnet, gateway, dnsForwarders). FRE configures (1, 'default', , , , )
  • 'Group' model (gidNumber PK, cn, isAdmin), FRE configures [(GID_MIN, 'sysadmins', True), (GID_MIN + 1, 'ldapusers', False)]
  • 'User' model, fields based on LDAP schemas (uidNumber PK, uid, gidNumber, homeDirectory, loginShell, cn, sn, givenName, mail, sshPublicKey, userPassword, status), FRE configures the first user using UID_MIN.
  • 'UserGroups' association model (uidNumber, gidNumber). Users get 'ldapusers' as primary group by default. 'sysadmins' denotes cluster superusers. The 'ldapusers' group will get SUDO on containers, but only 'sysadmins' will on Nodes and core infra containers
  • 'ExternalDomain' model (id, name, cloudflareApiKey)
  • Alter 'Service' model add externalDomainId to http services
  • Alter 'Container' model replace username with userId
  • Create dnsmasq.conf template
  • Some sort of acme configuration, lego
  • Node import
  • Container import
  • Implement API-backed container creation

@runleveldev runleveldev linked an issue Nov 21, 2025 that may be closed by this pull request
Bootstrap procedure #118
Closed
@runleveldev runleveldev marked this pull request as draft November 21, 2025 22:25
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 21, 2025
View reviewed changes
@runleveldev runleveldev force-pushed the 118-bootstrap-procedure branch from 611716f to 51fb6b2 Compare November 22, 2025 03:36
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 22, 2025
View reviewed changes
@runleveldev runleveldev force-pushed the 118-bootstrap-procedure branch 3 times, most recently from e937056 to 3dcb20a Compare November 24, 2025 21:52
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 25, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 25, 2025
View reviewed changes
@runleveldev runleveldev force-pushed the 118-bootstrap-procedure branch from 81888f4 to ca2615f Compare November 25, 2025 20:33
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 27, 2025
View reviewed changes
@runleveldev runleveldev force-pushed the 118-bootstrap-procedure branch from 8e9f285 to b8f8c99 Compare December 1, 2025 19:15
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 1, 2025
View reviewed changes
@runleveldev runleveldev force-pushed the 118-bootstrap-procedure branch from b8f8c99 to 7a28f49 Compare December 1, 2025 19:27
@runleveldev runleveldev marked this pull request as ready for review December 1, 2025 20:10
@runleveldev runleveldev force-pushed the 118-bootstrap-procedure branch 4 times, most recently from ffe02f7 to 11703ca Compare December 2, 2025 22:16
@cmyers-mieweb
Copy link
Collaborator

cmyers-mieweb commented Dec 3, 2025

Did we want to also include additional rate limiting for logins and registers inside /create-a-container/views/server.js?
Something similar to adding this const

  const authLimiter = RateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 10, // max 10 attempts per IP per window
    standardHeaders: true,
    legacyHeaders: false
  });

and then applying it to lines 116 and 117 app.use('/login', loginRouter); and app.use('/register', registerRouter);

  app.use('/login', authLimiter, loginRouter);
  app.use('/register', authLimiter, registerRouter);

@runleveldev
Copy link
Collaborator Author

runleveldev commented Dec 3, 2025

Did we want to also include additional rate limiting for logins and registers inside /create-a-container/views/server.js? Something similar to adding this const

  const authLimiter = RateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 10, // max 10 attempts per IP per window
    standardHeaders: true,
    legacyHeaders: false
  });

and then applying it to lines 116 and 117 app.use('/login', loginRouter); and app.use('/register', registerRouter);

  app.use('/login', authLimiter, loginRouter);
  app.use('/register', authLimiter, registerRouter);

The rate limit is actually applied globally. See line 73 of the server.js

@runleveldev runleveldev force-pushed the 118-bootstrap-procedure branch from 11703ca to 1c131d5 Compare December 3, 2025 15:17
@runleveldev
fix: dnsmasq doesn't re-read config on HUP
4a3029c
@runleveldev
feat: add Dockerfile and .dockerignore for container setup; update RE…
296b155 
…ADME for installation instructions
@runleveldev
fix lego certs and add todo comments
144e5f6
@runleveldev
fix service editing
2d61928
@runleveldev
feat: add ipv4Address field to Nodes model and update related views a…
ac59f91 
…nd API for network configuration
@runleveldev
fix ssrf vulns in proxmoxapi
9e8c032
@runleveldev
feat: add EAB fields to ExternalDomains model and update related view…
21917d1 
…s and API for ACME providers
@runleveldev
feat: improve ZeroSSL integration with managed EAB generation
5cfec15
@runleveldev
expand the explaination in the Dockerfile comments
530ec76
@runleveldev
fix untrusted url redirect codeql alert
9b3116e
@runleveldev
match zerossl domain directly to fix codeql alert
b94cf82
@runleveldev
fix codeql alert by utilizing dom api
4059eb0
@runleveldev
fix codeql alert by validation value before redirect
e8ae140
@runleveldev
remove obselete container creation tests
0c789d9
@runleveldev runleveldev force-pushed the 118-bootstrap-procedure branch from 1c131d5 to 0c789d9 Compare December 3, 2025 15:18
@runleveldev runleveldev linked an issue Dec 3, 2025 that may be closed by this pull request
Need a way to add ports to a container after its built #43
Closed
This was referenced Dec 3, 2025
Closed
Closed
This was linked to issues Dec 3, 2025
create-a-container: add a /containers/:id/edit route #54
Closed
create-a-container: Add port-forward request #46
Closed
This was referenced Dec 3, 2025
Closed
Closed
This was linked to issues Dec 3, 2025
Kill jump server? #15
Closed
Hardcoded IP. No good. Should be using a dns server name. #14
Closed
This was referenced Dec 3, 2025
Closed
Closed
@runleveldev runleveldev linked an issue Dec 3, 2025 that may be closed by this pull request
create-a-container: Remove shell-based mail command #51
Closed
cmyers-mieweb
cmyers-mieweb approved these changes Dec 3, 2025
View reviewed changes
Copy link
Collaborator

@cmyers-mieweb cmyers-mieweb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, we can work together on the merge

@runleveldev runleveldev merged commit 75f3dd1 into main Dec 3, 2025
3 checks passed
@runleveldev runleveldev deleted the 118-bootstrap-procedure branch December 3, 2025 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmyers-mieweb cmyers-mieweb cmyers-mieweb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

3 participants

@runleveldev @cmyers-mieweb