🔥 ⬆️ Home Panel v2 addon upgrade (#25)

* 🔨 First attempt with gitlab build

* 🔨 Move build

* ✏️ Fix typo

Co-Authored-By: Franck Nijhof <frenck@addons.community>

* 🔨 Update link

* 🔨 Update build

* 🔨 Update download

* 🔨 Update url

* ⬆️ Updates

home-panel/Dockerfile

@@ -13,19 +13,22 @@ RUN \
         yarn=1.16.0-r0 \
     \
     && apk add --no-cache \
-        nginx=1.16.0-r2 \
+        nginx=1.16.1-r0 \
         nodejs-current=12.4.0-r0 \
     \
+    # TODO: Replace with release tag
+    && git clone --branch "master" --depth=1 \
+        "https://github.com/timmo001/home-panel.git" /tmp/api \
+    && mv /tmp/api/api /opt/panel \
+    \
+    && mkdir -p /tmp/panel \
+    # TODO: Replace with actual download
     && curl -J -L -o /tmp/panel.zip \
-        "https://github.com/timmo001/home-panel/releases/download/v1.0.0/home-panel-built-v0.10.0.zip" \
-    && unzip -d /tmp /tmp/panel.zip \
-    && mv /tmp/build /opt/panel \
+        "https://gitlab.com/timmo/home-panel/-/jobs/284851910/artifacts/download" \
+    && unzip -d /tmp/panel /tmp/panel.zip \
+    && mv /tmp/panel/build/* /opt/panel/public \
     \
-    && git clone --branch "v1.0.0" --depth=1 \
-        "https://github.com/timmo001/home-panel.git" /tmp/panel \
-    && mv /tmp/panel/api /opt/api \
-    \
-    && cd /opt/api \
+    && cd /opt/panel \
     && yarn install \
     \
     && yarn cache clean \

home-panel/config.json

@@ -19,12 +19,10 @@
   "homeassistant_api": true,
   "ingress": false,
   "ports": {
-    "80/tcp": 8234,
-    "3234/tcp": 3234
+    "80/tcp": null
   },
   "ports_description": {
-    "80/tcp": "Web UI",
-    "3234/tcp": "API"
+    "80/tcp": "Web UI (Not required for Hass.io Ingress)"
   },
   "map": [
     "config:rw",
@@ -39,6 +37,7 @@
     "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)?",
     "ssl": "bool",
     "certfile": "str",
-    "keyfile": "str"
+    "keyfile": "str",
+    "leave_front_door_open": "bool?"
   }
 }

home-panel/rootfs/etc/cont-init.d/nginx.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/with-contenv bashio
 # ==============================================================================
-# Community Hass.io Add-ons: Matrix
-# Configures NGINX for use with Riot
+# Community Hass.io Add-ons: Home Panel
+# Configures NGINX for use with thelounge
 # ==============================================================================
 declare port
 declare certfile
@@ -16,8 +16,8 @@ if bashio::var.has_value "${port}"; then
         keyfile=$(bashio::config 'keyfile')
 
         mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
-        sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf
-        sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf
+        sed -i "s#%%certfile%%#${certfile}#g" /etc/nginx/servers/direct.conf
+        sed -i "s#%%keyfile%%#${keyfile}#g" /etc/nginx/servers/direct.conf
 
     else
         mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf

home-panel/rootfs/etc/cont-init.d/secrets.sh

@@ -4,4 +4,4 @@
 # This updates the internal auth secret for the API
 # ==============================================================================
 # shellcheck disable=2094,2016
-bashio::jq /etc/home-panel/default.json '.authentication.secret="$(openssl rand -base64 32)"' > /opt/api/config/default.json
+bashio::jq /opt/panel/config/default.json '.authentication.secret="$(openssl rand -base64 32)"' > /opt/panel/config/default.json

home-panel/rootfs/etc/home-panel/default.json

@@ -1,37 +0,0 @@
-{
-  "host": "localhost",
-  "port": 3234,
-  "public": "../public/",
-  "paginate": {
-    "default": 10,
-    "max": 50
-  },
-  "authentication": {
-    "secret": "API_AUTH_SECRET",
-    "strategies": ["jwt", "local"],
-    "path": "/authentication",
-    "service": "users",
-    "jwt": {
-      "header": {
-        "typ": "access"
-      },
-      "audience": "https://timmo.dev/home-panel",
-      "subject": "anonymous",
-      "issuer": "feathers",
-      "algorithm": "HS256",
-      "expiresIn": "1d"
-    },
-    "local": {
-      "entity": "user",
-      "usernameField": "username",
-      "passwordField": "password"
-    },
-    "cookie": {
-      "enabled": true,
-      "name": "feathers-jwt",
-      "httpOnly": false,
-      "secure": false
-    }
-  },
-  "nedb": "/data"
-}

home-panel/rootfs/etc/nginx/includes/proxy_params.conf

@@ -0,0 +1,15 @@
+proxy_http_version          1.1;
+proxy_ignore_client_abort   off;
+proxy_read_timeout          86400s;
+proxy_redirect              off;
+proxy_send_timeout          86400s;
+proxy_max_temp_file_size    0;
+
+proxy_set_header Accept-Encoding "gzip";
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-NginX-Proxy true;
+proxy_set_header X-Real-IP $remote_addr;

home-panel/rootfs/etc/nginx/includes/resolver.conf

@@ -1 +1 @@
-resolver 172.30.32.2;
+resolver 127.0.0.11;

home-panel/rootfs/etc/nginx/includes/server_params.conf

@@ -1,6 +1,6 @@
-root            /opt/panel;
+root            /dev/null;
 server_name     $hostname;
 
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-add_header X-Robots-Tag none;
+add_header "X-Content-Type-Options" "nosniff";
+add_header "X-XSS-Protection" "1; mode=block";
+add_header "X-Robots-Tag" "none";

home-panel/rootfs/etc/nginx/includes/upstream.conf

@@ -0,0 +1,3 @@
+upstream backend {
+    server 127.0.0.1:8234;
+}

home-panel/rootfs/etc/nginx/modules/ndk_http.conf

@@ -1 +0,0 @@
-load_module "/usr/lib/nginx/modules/ndk_http_module.so";

home-panel/rootfs/etc/nginx/nginx.conf

@@ -18,7 +18,9 @@ error_log /proc/1/fd/1 error;
 
 # Load allowed environment vars
 env HASSIO_TOKEN;
-env DISABLE_HA_AUTHENTICATION;
+
+# Load dynamic modules.
+include /etc/nginx/modules/*.conf;
 
 # Max num of simultaneous connections by a worker process.
 events {
@@ -48,6 +50,7 @@ http {
     }
 
     include /etc/nginx/includes/resolver.conf;
+    include /etc/nginx/includes/upstream.conf;
 
     include /etc/nginx/servers/*.conf;
 }

home-panel/rootfs/etc/nginx/servers/direct-ssl.disabled

@@ -3,8 +3,12 @@ server {
 
     include /etc/nginx/includes/server_params.conf;
     include /etc/nginx/includes/ssl_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
 
-    ssl on;
     ssl_certificate /ssl/%%certfile%%;
     ssl_certificate_key /ssl/%%keyfile%%;
+
+    location / {
+        proxy_pass http://backend;
+    }
 }

home-panel/rootfs/etc/nginx/servers/direct.disabled

@@ -2,4 +2,9 @@ server {
     listen 80 default_server;
 
     include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    location / {
+        proxy_pass http://backend;
+    }
 }

home-panel/rootfs/etc/nginx/servers/ingress.conf

@@ -0,0 +1,13 @@
+server {
+    listen %%interface%%:%%port%% default_server;
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    location / {
+        allow   172.30.32.2;
+        deny    all;
+
+        proxy_pass http://backend;
+    }
+}

home-panel/rootfs/etc/services.d/api/run

@@ -1,22 +0,0 @@
-#!/usr/bin/with-contenv bashio
-# ==============================================================================
-# Community Hass.io Add-ons: Home Panel
-# Starts server to serve the API
-# ==============================================================================
-bashio::log.info "Run API.."
-
-cd /opt/api \
-    || bashio::exit.nok "Could not change into API directory"
-
-LOG_LEVEL=$(bashio::config 'log_level')
-
-if bashio::config.true 'ssl'; then
-    SSL_PATH_CERT="/ssl/$(bashio::config 'certfile')"
-    SSL_PATH_KEY="/ssl/$(bashio::config 'keyfile')"
-fi
-
-export LOG_LEVEL
-export SSL_PATH_CERT
-export SSL_PATH_KEY
-
-exec node src/

home-panel/rootfs/etc/services.d/home-panel/run

@@ -0,0 +1,19 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: Home Panel
+# Starts server to serve the app
+# ==============================================================================
+bashio::log.info "Run Home Panel.."
+
+cd /opt/panel \
+    || bashio::exit.nok "Could not change into app directory"
+
+LOG_LEVEL=$(bashio::config 'log_level')
+SSL_SUPPRESS_WARNING="true"
+SUPPRESS_ADDRESS="true"
+
+export LOG_LEVEL
+export SSL_SUPPRESS_WARNING
+export SUPPRESS_ADDRESS
+
+exec node src/

home-panel/rootfs/etc/services.d/nginx/finish

@@ -1,7 +1,7 @@
 #!/usr/bin/execlineb -S0
 # ==============================================================================
 # Community Hass.io Add-ons: Home Panel
-# Take down the S6 supervision tree when NGINX fails
+# Take down the S6 supervision tree when Nginx fails
 # ==============================================================================
 if -n { s6-test $# -ne 0 }
 if -n { s6-test ${1} -eq 256 }

home-panel/rootfs/etc/services.d/nginx/run

@@ -1,15 +1,12 @@
 #!/usr/bin/with-contenv bashio
 # ==============================================================================
 # Community Hass.io Add-ons: Home Panel
-# Runs the NGINX daemon
+# Runs the Nginx daemon
 # ==============================================================================
-# Wait for the API to start
-bashio::net.wait_for 3234
 
-# Disable HA Authentication if front door is open
-if bashio::config.true 'leave_front_door_open'; then
-    export DISABLE_HA_AUTHENTICATION=true
-fi
+# Wait for Home Panel to become available
+bashio::net.wait_for 8234
+
+bashio::log.info "Starting NGinx..."
 
-bashio::log.info "Starting NGINX..."
 exec nginx