daniel/furtka
1
1
Fork 0
Code Issues 1 Pull requests Projects 1 Releases 13 Packages Wiki Activity Actions
furtka/README.md
Daniel Maksymilian Syrnicki 15b876c70a
Some checks failed
CI / lint (push) Failing after 25s
Details
CI / test (push) Successful in 31s
Details
CI / validate-json (push) Successful in 23s
Details
CI / markdown-links (push) Failing after 2s
Details
feat: webinstaller writes archinstall config + execs install, styled 
Wires the live-ISO wizard from "shows three screens" to "actually invokes
archinstall on the chosen disk", plus first-pass styling so it stops looking
like raw <h1>/<form>.

Webinstaller flow:
- S1 form gains username/password/password2/language with server-side
  validation (hostname/username regex, ≥8 char password, match check).
- /install/run writes user_configuration.json + user_credentials.json
  (creds 0600) to FURTKA_STATE_DIR (default /tmp/furtka), then execs
  `archinstall --config … --creds … --silent` as a backgrounded subprocess.
- /install/log renders the subprocess output via meta-refresh polling.
- FURTKA_DRY_RUN=1 short-circuits the exec for testing.
- archinstall flag names verified against `archinstall --help` in an
  archlinux container before committing.

Drive list:
- drives.py now filters via `lsblk … -o NAME,SIZE,TYPE` keeping TYPE=disk,
  so the live ISO's own squashfs (loop) and CD-ROM (rom) stop appearing
  as install targets.

Boot menu:
- iso/build.sh sed-rebrands "Arch Linux install medium" →
  "Furtka Live Installer" across grub/, syslinux/, and efiboot/loader/
  entries. Verified zero leftovers against the current releng profile.

Styling:
- static/style.css adopts the website's design tokens (palette,
  typography, gate-mark accent), with light + dark via prefers-color-scheme.
- New base.html with header (gate SVG + FURTKA·INSTALLER wordmark + step
  indicator) and footer; all install templates extend it.
- Drive picker uses radio cards with score chip; overview uses a summary
  table and a destructive "wipe drive" button.

Tests: 17 pass (4 new in test_app.py covering validation + config builders,
2 new in test_drives.py covering the lsblk filter). Ruff clean.

README roadmap updated to mark these done and explicitly defer the
26.0-alpha release until archinstall actually completes end-to-end on a VM.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 10:54:49 +02:00

9.3 KiB
Raw Blame History

Furtka

Open-source home server OS — simple enough for everyone. · furtka.org

"Furtka" is Polish for gate — a play on the gateway concept (reverse proxy + DNS as your home's front door).

Turn any x86 PC into a powerful, self-hosted home server with an app-store experience. No terminal skills required.

Vision

People are tired of big companies knowing everything about them. Synology NAS comes close to solving this, but it's expensive and still too complicated for most people.

Furtka aims to be:

  • As easy to install as Windows — boot from USB, click through a wizard, done
  • As easy to use as an app store — want Nextcloud? Click install, pick a name, wait a few minutes, and you have nextcloud.yourdomain.de
  • Container-based — everything runs in Docker, with sensible default configs
  • Built for normal people — your dad should be able to run his own cloud server
  • Fully open source — with an optional support/infrastructure subscription (Proxmox model)

Principles

  • Everything already exists — We're not inventing, we're connecting. Docker, reverse proxies, Let's Encrypt — it all works. We just wire it together with default configs and a simple wrapper.
  • Dogfooding — We build what we use ourselves. If we wouldn't run it at home, we don't ship it.
  • Two-tier UX — Dead simple for beginners (click Install, done), full control for advanced users (SSH in, edit configs, do whatever you want).

Architecture

+------------------+
|   Web UI         |  <- Simple admin panel / app store
+------------------+
|   Settings       |  <- UI/API wrapper that generates Docker configs
|   Wrapper        |     from simple user choices
+------------------+
|   Docker         |  <- Containers with sensible default configs
+------------------+
|   Gateway        |  <- Reverse proxy, SSL, DNS (self-hosted or managed)
+------------------+
|   Base OS        |  <- Minimal Linux (leaning Arch, Debian as fallback)
+------------------+
|   Any x86 HW     |  <- Old PC, mini PC, NUC, whatever
+------------------+

Key Decisions

Decision Status Notes
Base OS Leaning Arch Robert already has Arch running on Proxmox and is building custom images. Debian remains fallback (FAI, Proxmox ecosystem).
Containers Docker Lower overhead than VMs, easier default configs
Installation Web-based wizard Robert's webapp prototype (device reader + form → JSON) is working. Full spec: wizard-flow.md
Reverse proxy Caddy Automatic Let's Encrypt, simplest config of any reverse proxy
Identity provider Authentik Bundled SSO from day one — every app template auto-wires to it at install
Managed gateway DNS NS delegation to ns1.furtka.org User delegates once at registrar; we handle wildcard cert + subdomain creation
Local HTTPS Local CA One-click CA install → green padlock on every service, no browser warnings
Gateway Flexible Own reverse proxy OR managed through our infrastructure
UI approach UI-first Design the simplest possible UI, then build everything to match

Landscape (Existing Projects)

Project Type Apps Key Trait
CasaOS Layer on existing Linux ~100 Simplest install, runs on any distro
Umbrel Debian-based full OS ~300 Slick UI, crypto/privacy focus
Runtipi Docker-based, GPL-3.0 200+ Largest default app catalog
HomeDock OS Pseudo-OS layer Hundreds Desktop-style UX with window manager
Cosmos Server All-in-one platform Docker Built-in 2FA, anti-DDoS, security focus
YunoHost Debian-based OS (since 2012) 400+ Most mature, biggest catalog
TurnKey Linux Pre-built system images Hundreds One image per use case

Recent signals (from competitors.md)

  • Umbrel's license is the #1 r/selfhosted complaint. PolyForm Noncommercial 1.0.0 isn't OSI-approved; Citadel forked explicitly over this.
  • Umbrel has refused HTTPS on its local UI for 4+ years. Issue #546 open since Feb 2021. Community quote: "all it takes is one Umbrel vuln to bring down half of the lightning network."
  • CasaOS is in maintenance mode. IceWhale pivoted focus to ZimaOS (paid hardware). Users are openly asking if the project is still alive.

Where we differentiate

  1. Full OS + device-aware installer wizard — Boot USB, open https://proksi.local, wizard detects hardware and configures everything. No existing project does this — CasaOS/HomeDock are layers on existing Linux, Umbrel's x86 installer asks you to type a drive number, YunoHost runs stock Debian partitioning.
  2. Auto setup intelligence — Tests drive speeds, auto-assigns boot/LVM storage. Competitors just ask you to pick a drive.
  3. Gateway-as-a-service — No competitor offers managed reverse proxy + DNS + SSL as a service. Even YunoHost (best SSL story of the three) punts DNS setup to the user's registrar — that's the UX cliff where newbies quit.
  4. HTTPS + AGPL from day one — HTTPS on the local UI via a one-click local CA install (no browser warnings, unlike YunoHost's self-signed model). Fully AGPL-3.0 — the exact counter-position to Umbrel's non-OSI license complaints.

Gap we're targeting

None of these nail the "your dad can set this up" experience. The installer wizard + managed gateway + HTTPS-by-default is the strongest angle.

Resources

Inspiration

  • Azure Local — cluster management for enterprises, we want this for home users
  • Proxmox community-scripts — great base, but VM-focused (more overhead)
  • Synology DSM — closest to our UX goal, but proprietary and expensive
  • Home Assistant — app-store model for smart home, we want this for all services

Roadmap

  • Installer webapp prototype — device reader + form → JSON (Robert)
  • Arch running on Proxmox, custom image builds in progress (Robert)
  • Competitor analysis — see docs/competitors.md
  • Wizard flow spec — see docs/wizard-flow.md
  • Release process + CI — CalVer tags, conventional commits, Forgejo Actions (ruff, pytest, JSON, link checks), 26.0-alpha tagged
  • Forgejo runner live on Proxmox VM (forge-runner-01, Ubuntu 24.04, Docker + DinD sidecar) — setup captured in docs/runner-setup.md + ops/forgejo-runner/
  • Publish 26.0-alpha Forgejo Release — deferred. Walking-skeleton ISO boots but doesn't install yet; re-tag once archinstall actually completes end-to-end on a VM.
  • Walking-skeleton live ISOiso/build.sh produces a hybrid BIOS/UEFI Arch-based ISO that boots in a Proxmox VM, DHCP's onto the LAN, and serves the Flask webinstaller on :5000. Screens 13 work end-to-end. Build infra in iso/.
  • Drop loop/rom devices from drive listwebinstaller/drives.py now filters by lsblk TYPE=disk, so the live squashfs and CD-ROM no longer appear as install targets.
  • Rebrand GRUB menuiso/build.sh rewrites "Arch Linux install medium" → "Furtka Live Installer" across GRUB, syslinux, and systemd-boot configs.
  • S1 account form + overview → archinstall — S1 collects hostname/user/password/language with validation, S2 picks boot drive, overview confirms, /install/run writes user_configuration.json + user_credentials.json (0600) and execs archinstall --silent, log page polls output. FURTKA_DRY_RUN=1 skips the exec for testing.
  • Base OS post-install — what Furtka actually looks like after the wizard writes config + reboots: Caddy + Authentik + app store. Robert's area.
  • Installer wizard screens S3S7 — per-device purpose, network, domain, SSL, diagnostic. S5/S6 blocked on managed-gateway DNS infra not yet built.
  • https://proksi.local via mDNS + local CA (currently only raw-IP HTTP)
  • Caddy + Authentik wired into first-boot bootstrap
  • Managed gateway infrastructure — ns1/ns2.furtka.org + DNS-01 wildcard automation
  • First containerized service (Nextcloud?) with auto-SSO + auto-subdomain
  • Competitor hands-on testing on Proxmox — validate findings from docs/competitors.md
  • UI mockups / drafts (Robert)

Business Model

Furtka starts as a private/personal project. The long-term model follows Proxmox:

  • Free & open source — anyone can download, install, and use it
  • Paid support & managed infrastructure — for users who want hassle-free setup
  • Managed gateway option — the gateway (reverse proxy, SSL, DNS) can be self-hosted or run through our managed infrastructure (potential subscription revenue)

Team

  • Robert — Architecture, UI design, webapp installer prototype
  • Daniel — Infrastructure, testing, DevOps

License

AGPL-3.0 — open source, community-driven.