Daniel Maksymilian Syrnicki
c6ed7a8159
Adds the management UI Daniel asked for end-of-session. Goes beyond
the original MVP scope (plan punted UI to v2) but the architecture
already supports it cleanly: stdlib http.server only, no new deps.
- furtka.api: minimal HTTP server. GET / serves a self-contained
HTML page (dark-mode card list, vanilla JS, no build step). GET
/api/apps + /api/bundled return JSON. POST /api/apps/{install,
remove} accept {"name": "..."} and call the same installer +
reconciler the CLI uses, so the placeholder-secret refusal and
per-app reconcile isolation flow through unchanged.
- furtka.cli: new `furtka serve` subcommand. Imports api lazily so
`furtka app list` / `reconcile` startup stays zero-cost.
- webinstaller: new furtka-api.service (Type=simple, restart on
failure, after reconcile). Caddyfile gets two new handle blocks
to reverse-proxy /api and /apps to localhost:7000. Landing page's
"App store coming soon" tile becomes a real "Manage installed apps
→" link to /apps.
- Bound to 127.0.0.1 by default; Caddy makes it LAN-reachable. The
UI shouts a "no auth, anyone on your LAN can install/remove" warning
at the top — Authentik integration is the proper fix later.
UX wrinkle worth noting: a placeholder-rejected install leaves the
app in /var/lib/furtka/apps/<name>/ (so the user can edit .env in
place). To re-trigger after editing, the Installed list now shows
both Reinstall and Remove buttons.
10 new tests: helper functions (list_installed, list_bundled with
hide-already-installed), install/remove endpoints with the no_docker
fixture, and two real-socket urllib smoke tests that boot the actual
HTTPServer on an ephemeral port and round-trip GET / + POST.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
191 lines
6.8 KiB
Python
191 lines
6.8 KiB
Python
from app import (
|
|
build_archinstall_config,
|
|
build_archinstall_creds,
|
|
validate_step1,
|
|
)
|
|
|
|
|
|
def test_validate_step1_accepts_good_input():
|
|
errors, values = validate_step1(
|
|
{
|
|
"hostname": "furtka",
|
|
"username": "daniel",
|
|
"password": "topsecretpw",
|
|
"password2": "topsecretpw",
|
|
"language": "de",
|
|
}
|
|
)
|
|
assert errors == []
|
|
assert values == {
|
|
"hostname": "furtka",
|
|
"username": "daniel",
|
|
"password": "topsecretpw",
|
|
"language": "de",
|
|
}
|
|
|
|
|
|
def test_validate_step1_collects_all_errors():
|
|
errors, _ = validate_step1(
|
|
{
|
|
"hostname": "BAD!",
|
|
"username": "1bad",
|
|
"password": "short",
|
|
"password2": "mismatch",
|
|
"language": "xx",
|
|
}
|
|
)
|
|
assert len(errors) == 5
|
|
|
|
|
|
def test_build_archinstall_config_uses_selected_locale(monkeypatch):
|
|
# build_disk_config imports archinstall lazily; archinstall isn't
|
|
# installed in CI (only runs on the live ISO), so stub it out.
|
|
import app as app_module
|
|
|
|
monkeypatch.setattr(app_module, "build_disk_config", lambda d: {"stubbed_device": d})
|
|
|
|
cfg = build_archinstall_config(
|
|
{
|
|
"hostname": "h",
|
|
"username": "u",
|
|
"password": "pw12345678",
|
|
"language": "pl",
|
|
"boot_drive": "/dev/sda",
|
|
}
|
|
)
|
|
assert cfg["disk_config"] == {"stubbed_device": "/dev/sda"}
|
|
assert cfg["hostname"] == "h"
|
|
assert cfg["locale_config"]["locale"] == "pl_PL.UTF-8"
|
|
# Users moved out of config into creds once we adopted archinstall 4.x's
|
|
# `!password` sentinel; config only carries a gpasswd in custom_commands
|
|
# so the user lands in the docker group after docker is pacstrapped.
|
|
assert "users" not in cfg
|
|
assert cfg["custom_commands"][0] == "gpasswd -a u docker"
|
|
|
|
|
|
def test_build_archinstall_config_includes_post_install_bootstrap(monkeypatch):
|
|
# The installed system should come up with a Furtka landing page at
|
|
# http://<hostname>.local. That means caddy + avahi pacstrapped, the
|
|
# matching services enabled, a Caddyfile + index.html written into the
|
|
# target rootfs, and nss-mdns spliced into nsswitch.conf.
|
|
import app as app_module
|
|
|
|
monkeypatch.setattr(app_module, "build_disk_config", lambda d: {"stubbed_device": d})
|
|
|
|
cfg = build_archinstall_config(
|
|
{
|
|
"hostname": "heimserver",
|
|
"username": "u",
|
|
"password": "pw12345678",
|
|
"language": "en",
|
|
"boot_drive": "/dev/sda",
|
|
}
|
|
)
|
|
|
|
for pkg in ("caddy", "avahi", "nss-mdns"):
|
|
assert pkg in cfg["packages"]
|
|
# Packaged units go in `services` (enabled before custom_commands runs);
|
|
# our own units don't exist at that point, so they must be enabled from
|
|
# within custom_commands after the unit files land on disk.
|
|
for svc in ("caddy", "avahi-daemon"):
|
|
assert svc in cfg["services"]
|
|
assert "furtka-welcome" not in cfg["services"]
|
|
assert "furtka-status.timer" not in cfg["services"]
|
|
|
|
joined = "\n".join(cfg["custom_commands"])
|
|
assert "systemctl enable furtka-welcome.service furtka-status.timer" in joined
|
|
for path in (
|
|
"/etc/caddy/Caddyfile",
|
|
"/srv/furtka/www/index.html",
|
|
"/srv/furtka/www/style.css",
|
|
"/srv/furtka/www/status.json",
|
|
"/usr/local/bin/furtka-status",
|
|
"/usr/local/bin/furtka-welcome",
|
|
"/etc/systemd/system/furtka-status.service",
|
|
"/etc/systemd/system/furtka-status.timer",
|
|
"/etc/systemd/system/furtka-welcome.service",
|
|
):
|
|
assert path in joined, f"expected {path} to be written by custom_commands"
|
|
|
|
assert "mdns_minimal" in joined
|
|
assert "nsswitch.conf" in joined
|
|
# The chosen hostname is pinned into the static HTML at install-time.
|
|
assert "s/__HOSTNAME__/heimserver/g" in joined
|
|
|
|
|
|
def test_resource_manager_payload_landed_when_present(monkeypatch, tmp_path):
|
|
# When iso/build.sh has staged the resource-manager tarball, the
|
|
# post-install commands should untar it, drop the `furtka` wrapper, and
|
|
# write the reconcile systemd unit. Without the tarball the install still
|
|
# succeeds — the resource manager is just absent (covered implicitly by
|
|
# the default test environment, which has no payload).
|
|
import app as app_module
|
|
|
|
fake_payload = tmp_path / "furtka-resource-manager.tar.gz"
|
|
fake_payload.write_bytes(b"\x1f\x8b\x08\x00fake-tarball-bytes")
|
|
monkeypatch.setattr(app_module, "RESOURCE_MANAGER_PAYLOAD", fake_payload)
|
|
monkeypatch.setattr(app_module, "build_disk_config", lambda d: {"stubbed_device": d})
|
|
|
|
cfg = build_archinstall_config(
|
|
{
|
|
"hostname": "heimserver",
|
|
"username": "u",
|
|
"password": "pw12345678",
|
|
"language": "en",
|
|
"boot_drive": "/dev/sda",
|
|
}
|
|
)
|
|
joined = "\n".join(cfg["custom_commands"])
|
|
|
|
# Tarball expansion happens.
|
|
assert "tar -xzf - -C /opt/furtka" in joined
|
|
# `furtka` CLI wrapper lands on the target.
|
|
assert "/usr/local/bin/furtka" in joined
|
|
# systemd units are written and conditionally enabled.
|
|
assert "/etc/systemd/system/furtka-reconcile.service" in joined
|
|
assert "/etc/systemd/system/furtka-api.service" in joined
|
|
assert "furtka-reconcile.service" in joined
|
|
assert "furtka-api.service" in joined
|
|
# python is pacstrapped so the wrapper has an interpreter.
|
|
assert "python" in cfg["packages"]
|
|
|
|
|
|
def test_resource_manager_absent_without_payload(monkeypatch, tmp_path):
|
|
# Dev box / CI without an ISO build: payload doesn't exist. We should NOT
|
|
# emit untar / wrapper / unit commands, but the rest of post-install must
|
|
# still be generated normally.
|
|
import app as app_module
|
|
|
|
monkeypatch.setattr(app_module, "RESOURCE_MANAGER_PAYLOAD", tmp_path / "does-not-exist.tar.gz")
|
|
monkeypatch.setattr(app_module, "build_disk_config", lambda d: {"stubbed_device": d})
|
|
|
|
cfg = build_archinstall_config(
|
|
{
|
|
"hostname": "heimserver",
|
|
"username": "u",
|
|
"password": "pw12345678",
|
|
"language": "en",
|
|
"boot_drive": "/dev/sda",
|
|
}
|
|
)
|
|
joined = "\n".join(cfg["custom_commands"])
|
|
|
|
assert "tar -xzf - -C /opt/furtka" not in joined
|
|
# The conditional enable line still mentions the units (gated by [ -e ]).
|
|
assert "furtka-reconcile.service" in joined
|
|
assert "furtka-api.service" in joined
|
|
# The base system bootstrap (caddy etc) is unaffected.
|
|
assert "/etc/caddy/Caddyfile" in joined
|
|
|
|
|
|
def test_build_archinstall_creds_uses_archinstall_sentinel_keys():
|
|
creds = build_archinstall_creds({"username": "u", "password": "pw12345678"})
|
|
assert creds["!root-password"] == "pw12345678"
|
|
assert creds["users"] == [
|
|
{
|
|
"username": "u",
|
|
"!password": "pw12345678",
|
|
"sudo": True,
|
|
"groups": [],
|
|
}
|
|
]
|