21d404229a
feat: add hosts and params files, fix rules SECTION NEW header
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 44s
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 1m32s
2026-03-01 01:43:15 +01:00
15f28cb070
chore: bump container version to 0.007
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 1m3s
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 1m29s
2026-03-01 01:31:17 +01:00
686ce911bb
feat: rename masq to snat throughout, update generator to Shorewall 5 snat format
2026-03-01 01:30:19 +01:00
1b543ed44a
chore: remove OIDC debug logging
2026-03-01 01:24:45 +01:00
59d9b438a1
debug: decode and log raw ID token payload in OIDC callback
2026-03-01 01:24:06 +01:00
388e945343
chore: remove temporary OIDC debug logging
2026-03-01 01:21:22 +01:00
740983277f
debug: log userinfo keys and groups claim in OIDC callback
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 45s
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 1m31s
2026-03-01 01:17:12 +01:00
6b340f50cb
fix: remove passlib import from migration 0001, embed static hash
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 30s
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 1m29s
2026-03-01 01:10:17 +01:00
aaa6e7def4
Version bump to test sso
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 1m18s
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 1m36s
2026-03-01 01:02:44 +01:00
2b6cd29413
feat(sso): bump container version for SSO release
2026-03-01 00:55:19 +01:00
daabafc595
feat(sso): replace login form with SSO redirect button
2026-03-01 00:55:07 +01:00
1daa6f6e90
feat(sso): replace local auth with Keycloak OIDC callback flow
2026-03-01 00:51:14 +01:00
f28240c37f
feat(sso): update User model and schemas for Keycloak
2026-03-01 00:50:44 +01:00
95fbe99b61
feat(sso): migration — add keycloak_sub, make hashed_password nullable
2026-03-01 00:50:20 +01:00
ff4aa155d1
feat(sso): add KEYCLOAK_CLIENT_SECRET to secrets script and backend deployment
2026-03-01 00:45:37 +01:00
924e51ffaa
feat(sso): add Keycloak settings to database.py and Helm ConfigMap
2026-03-01 00:45:07 +01:00
58f0fd50d8
feat(sso): replace passlib/bcrypt with authlib + httpx
2026-03-01 00:44:18 +01:00
40113bc634
docs: add Keycloak SSO integration design
2026-03-01 00:37:49 +01:00
4c4cdf0a52
fix: route all traffic through nginx; remove direct /api->backend ingress rule
...
Traefik forwards /api/auth/login to the backend verbatim, causing 404.
Nginx already strips the /api prefix correctly via proxy_pass with trailing
slash. Routing everything through frontend/nginx avoids the double-routing
and the need for a StripPrefix middleware.
2026-03-01 00:12:33 +01:00
5ac2f931f8
URL changed - rebuild
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 43s
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 1m57s
2026-03-01 00:06:57 +01:00
bd229d52a1
fix: run postgres as uid 99/gid 100 to match Unraid NFS squash mapping
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 12s
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 1m9s
2026-03-01 00:02:12 +01:00
271fec8da5
fix: add JWT_SECRET_KEY to migrate init container; run postgres as uid 70 to avoid NFS chown failure
2026-02-28 23:53:03 +01:00
ee50261216
fix: set build_context to backend/ and frontend/ subdirectories
...
Build containers when image tags change / build-if-image-changed (backend, shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Successful in 1m20s
Build containers when image tags change / build-if-image-changed (frontend, shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Successful in 1m25s
Dockerfiles use COPY requirements.txt . and COPY package*.json ./ which
expect the build context to be their own subdirectory, not the repo root.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 23:36:02 +01:00
84fd1c8072
feat: complete Gitea Actions CI workflow for container builds
...
Build containers when image tags change / build-if-image-changed (., shorefront-backend, shorefront backend, backend/Dockerfile, git.baumann.gr/adebaumann/shorefront-backend, .backend.image) (push) Failing after 41s
Build containers when image tags change / build-if-image-changed (., shorefront-frontend, shorefront frontend, frontend/Dockerfile, git.baumann.gr/adebaumann/shorefront-frontend, .frontend.image) (push) Failing after 41s
- Fix trigger/env path: Helm/ -> helm/ (was wrong case)
- Add image_yq_path and dockerfile to matrix so each container uses its
own values.yaml key and Dockerfile path
- Fix yq paths: .django.image.* -> .frontend.image/.backend.image for
repo, .containers.version for tag (single source of truth)
- Add file: param to docker/build-push-action (Dockerfiles are in
frontend/ and backend/, not repo root)
- values.yaml: add registry prefix to image fields so k8s pulls from
git.baumann.gr; quote containers.version; drop per-component tag
fields (containers.version is now the single tag source)
- Deployment templates: use .containers.version for image tag
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 23:26:00 +01:00
cf837fb994
fix: add kubectl preflight check and clarify repo-root usage in comment
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 23:16:51 +01:00
92a8026bef
feat: add scripts/create-secrets.sh for bootstrapping k8s secrets
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 23:14:46 +01:00
3278ef63b3
feat: remove secrets block from Helm values
...
Remove the secrets: block from values.yaml so no plaintext credentials
live in the chart or git history. Update values-prod.yaml to replace the
--set secrets.* instructions with a pointer to the create-secrets.sh script.
2026-02-28 23:10:39 +01:00
a8e30fa7c4
feat: remove Helm-managed Secret template
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 22:47:57 +01:00
4968ea79d9
docs: add secrets management implementation plan
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 22:46:55 +01:00
5d23878736
docs: add secrets management design (kubectl bootstrap script)
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 22:45:43 +01:00
123e914f01
fix: pin bcrypt<4.0.0 to restore passlib compatibility
...
passlib 1.7.4 (unmaintained since 2020) is incompatible with bcrypt>=4.0:
- bcrypt 4.x removed bcrypt.__about__ (passlib version probe fails)
- bcrypt 4.x enforces 72-byte password limit strictly, crashing
passlib's detect_wrap_bug() compatibility test during context init
Pinning bcrypt<4.0.0 is the standard workaround until passlib is replaced.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 21:49:00 +01:00
3f5b0d1591
fix: set PYTHONPATH=/app so alembic can import app package
...
When the alembic console-script entry point runs, Python sets sys.path[0]
to the entry point directory (/usr/local/bin/), not the WORKDIR. Without
PYTHONPATH=/app, `from app.models import Base` in alembic/env.py fails
with ModuleNotFoundError. uvicorn is unaffected as it adds CWD to
sys.path itself.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 21:42:39 +01:00
853f26d326
fix: use double-cast to resolve TS2352/TS2322 type errors
...
Named interfaces without index signatures cannot be directly cast to
Record<string, unknown>. Use `as unknown as` double-cast to satisfy
TypeScript strict mode for the AnyEntity[] and Dispatch casts in
ConfigDetail.tsx, and the Config -> Record<string, unknown> cast in
ConfigList.tsx.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 21:34:51 +01:00
3a82801360
fix: import ReactNode, Dispatch, SetStateAction explicitly (React namespace not in scope)
2026-02-28 21:29:04 +01:00
57d666e759
fix: use npm install in Dockerfile (no package-lock.json yet)
2026-02-28 21:25:38 +01:00
488c385de3
fix: correct generate endpoint return type, migration server_default SQL, and auth loading propagation
2026-02-28 21:22:11 +01:00
1de7974921
docs: add README with quickstart and deployment instructions
2026-02-28 21:20:24 +01:00
be64d0bffd
feat: add Helm charts for Kubernetes deployment (Traefik + NFS Postgres)
2026-02-28 21:19:50 +01:00
1d5c98739b
feat: add Config Detail page with tabbed entity management
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 20:09:15 +01:00
627e6149fb
feat: add GenerateModal component
2026-02-28 20:07:34 +01:00
f7845c4c53
feat: add Config List page
2026-02-28 20:07:16 +01:00
667e4eefad
feat: add Login page
2026-02-28 20:07:02 +01:00
e23f1255fe
feat: add reusable DataTable and EntityForm components
2026-02-28 20:06:38 +01:00
f8a6e49038
feat: add Layout and ProtectedRoute components
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 20:06:08 +01:00
d0ee7d2f23
feat: add API client and auth store
2026-02-28 20:05:22 +01:00
b5c941c159
feat: add frontend entry point, theme, and router
2026-02-28 20:04:33 +01:00
1afc95fe8b
feat: add ShorewallGenerator (zones, interfaces, policy, rules, masq, json, zip)
2026-02-28 20:02:48 +01:00
77aded3918
feat: add nested resource routers for zones, interfaces, policies, rules, masq
2026-02-28 20:02:05 +01:00
099fd8307f
feat: add configs CRUD router with generate endpoint
2026-02-28 20:00:19 +01:00
ec6b9f6332
feat: add auth router (register/login/logout/me)
2026-02-28 19:59:33 +01:00
