Daniel Maksymilian Syrnicki
ff68dd5ae6
Addresses the four issues raised in the slice-3 audit before pushing. #1 (critical) — refuse to finish install when .env still contains placeholder secrets like "changeme". Without this, `furtka app install fileshare` would happily start an SMB server with a publicly-known password — the kind of default that ends up screenshotted on Hacker News. PLACEHOLDER_SECRETS lives in installer.py; new tests cover placeholder rejection, post-edit retry, and quoted values. #3 — reconciler now catches DockerError / FileNotFoundError / OSError per-app instead of letting a single broken app abort the whole boot-scan. Errors get surfaced as Action(kind="error", …) and has_errors() drives the CLI exit code so systemd still shows red, but the other apps actually got reconciled. #4 — chmod 0600 on .env after install so app secrets aren't world- readable on multi-user boxes. Done before the placeholder check so even the half-installed state is safe. #5 — load_manifest() got an optional expected_name. The scanner passes the folder name (filesystem source-of-truth contract); installer leaves it None so `furtka app install /tmp/some-fork/` works regardless of what the source folder is named. #2 — TODO comment on dperson/samba:latest. Switching to a digest needs a verified upstream release; left for the test-day pin. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
33 lines
1 KiB
YAML
33 lines
1 KiB
YAML
# Furtka fileshare — SMB share via dperson/samba.
|
|
#
|
|
# The volume `furtka_fileshare_files` is created by the Furtka reconciler
|
|
# from the manifest's "volumes" list before this compose file is brought up;
|
|
# it's referenced as `external: true` here so docker compose doesn't try
|
|
# to manage its lifecycle.
|
|
#
|
|
# TODO(image-pin): `:latest` is shaky for production — pin to a digest
|
|
# (`dperson/samba@sha256:...`) or a stable tag once we've verified one
|
|
# against the upstream registry. For the MVP run we accept the drift
|
|
# risk to keep the install reproducible against whatever the upstream
|
|
# image happens to be on test day; revisit before any non-developer
|
|
# touches this.
|
|
|
|
services:
|
|
smbd:
|
|
image: dperson/samba:latest
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
environment:
|
|
- USERID=1000
|
|
- GROUPID=1000
|
|
- TZ=Europe/Berlin
|
|
command: >
|
|
-u "${SMB_USER};${SMB_PASSWORD}"
|
|
-s "files;/mount;yes;no;no;${SMB_USER}"
|
|
-p
|
|
volumes:
|
|
- furtka_fileshare_files:/mount
|
|
|
|
volumes:
|
|
furtka_fileshare_files:
|
|
external: true
|