Home Panel v2 addon upgrade

home-panel/Dockerfile

@@ -13,19 +13,22 @@ RUN \
         yarn=1.16.0-r0 \
     \
     && apk add --no-cache \
-        nginx=1.16.0-r2 \
+        nginx=1.16.1-r0 \
         nodejs-current=12.4.0-r0 \
     \
-    && curl -J -L -o /tmp/panel.zip \
-        "https://github.com/timmo001/home-panel/releases/download/v1.0.0/home-panel-built-v0.10.0.zip" \
-    && unzip -d /tmp /tmp/panel.zip \
-    && mv /tmp/build /opt/panel \
+    # TODO: Replace with release tag
+    && git clone --branch "master" --depth=1 \
+        "https://github.com/timmo001/home-panel.git" /tmp/api \
+    && mv /tmp/api/api /opt/panel \
     \
-    && git clone --branch "v1.0.0" --depth=1 \
-        "https://github.com/timmo001/home-panel.git" /tmp/panel \
-    && mv /tmp/panel/api /opt/api \
+    && mkdir -p /tmp/panel \
+    # TODO: Replace with actual download
+    && curl -J -L -o /tmp/panel.zip \
+        "https://gitlab.com/timmo/home-panel/-/jobs/284851910/artifacts/download" \
+    && unzip -d /tmp/panel /tmp/panel.zip \
+    && mv /tmp/panel/build/* /opt/panel/public \
     \
-    && cd /opt/api \
+    && cd /opt/panel \
     && yarn install \
     \
     && yarn cache clean \

home-panel/config.json

@@ -19,12 +19,10 @@
   "homeassistant_api": true,
   "ingress": false,
   "ports": {
-    "80/tcp": 8234,
-    "3234/tcp": 3234
+    "80/tcp": null
   },
   "ports_description": {
-    "80/tcp": "Web UI",
-    "3234/tcp": "API"
+    "80/tcp": "Web UI (Not required for Hass.io Ingress)"
   },
   "map": [
     "config:rw",
@@ -39,6 +37,7 @@
     "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)?",
     "ssl": "bool",
     "certfile": "str",
-    "keyfile": "str"
+    "keyfile": "str",
+    "leave_front_door_open": "bool?"
   }
 }

home-panel/rootfs/etc/cont-init.d/nginx.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/with-contenv bashio
 # ==============================================================================
-# Community Hass.io Add-ons: Matrix
-# Configures NGINX for use with Riot
+# Community Hass.io Add-ons: Home Panel
+# Configures NGINX for use with thelounge
 # ==============================================================================
 declare port
 declare certfile
@@ -16,8 +16,8 @@ if bashio::var.has_value "${port}"; then
         keyfile=$(bashio::config 'keyfile')
 
         mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
-        sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf
-        sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf
+        sed -i "s#%%certfile%%#${certfile}#g" /etc/nginx/servers/direct.conf
+        sed -i "s#%%keyfile%%#${keyfile}#g" /etc/nginx/servers/direct.conf
 
     else
         mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf

home-panel/rootfs/etc/cont-init.d/secrets.sh

@@ -4,4 +4,4 @@
 # This updates the internal auth secret for the API
 # ==============================================================================
 # shellcheck disable=2094,2016
-bashio::jq /etc/home-panel/default.json '.authentication.secret="$(openssl rand -base64 32)"' > /opt/api/config/default.json
+bashio::jq /opt/panel/config/default.json '.authentication.secret="$(openssl rand -base64 32)"' > /opt/panel/config/default.json

home-panel/rootfs/etc/nginx/includes/proxy_params.conf

@@ -0,0 +1,15 @@
+proxy_http_version          1.1;
+proxy_ignore_client_abort   off;
+proxy_read_timeout          86400s;
+proxy_redirect              off;
+proxy_send_timeout          86400s;
+proxy_max_temp_file_size    0;
+
+proxy_set_header Accept-Encoding "gzip";
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-NginX-Proxy true;
+proxy_set_header X-Real-IP $remote_addr;

home-panel/rootfs/etc/nginx/includes/resolver.conf

@@ -1 +1 @@
-resolver 172.30.32.2;
+resolver 127.0.0.11;

home-panel/rootfs/etc/nginx/includes/server_params.conf

@@ -1,6 +1,6 @@
-root            /opt/panel;
+root            /dev/null;
 server_name     $hostname;
 
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-add_header X-Robots-Tag none;
+add_header "X-Content-Type-Options" "nosniff";
+add_header "X-XSS-Protection" "1; mode=block";
+add_header "X-Robots-Tag" "none";

home-panel/rootfs/etc/nginx/includes/upstream.conf

@@ -0,0 +1,3 @@
+upstream backend {
+    server 127.0.0.1:8234;
+}

home-panel/rootfs/etc/nginx/nginx.conf

@@ -18,7 +18,9 @@ error_log /proc/1/fd/1 error;
 
 # Load allowed environment vars
 env HASSIO_TOKEN;
-env DISABLE_HA_AUTHENTICATION;
+
+# Load dynamic modules.
+include /etc/nginx/modules/*.conf;
 
 # Max num of simultaneous connections by a worker process.
 events {
@@ -48,6 +50,7 @@ http {
     }
 
     include /etc/nginx/includes/resolver.conf;
+    include /etc/nginx/includes/upstream.conf;
 
     include /etc/nginx/servers/*.conf;
 }

home-panel/rootfs/etc/nginx/servers/direct-ssl.disabled

@@ -3,8 +3,12 @@ server {
 
     include /etc/nginx/includes/server_params.conf;
     include /etc/nginx/includes/ssl_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
 
-    ssl on;
     ssl_certificate /ssl/%%certfile%%;
     ssl_certificate_key /ssl/%%keyfile%%;
+
+    location / {
+        proxy_pass http://backend;
+    }
 }

home-panel/rootfs/etc/nginx/servers/direct.disabled

@@ -2,4 +2,9 @@ server {
     listen 80 default_server;
 
     include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    location / {
+        proxy_pass http://backend;
+    }
 }

home-panel/rootfs/etc/nginx/servers/ingress.conf

@@ -0,0 +1,13 @@
+server {
+    listen %%interface%%:%%port%% default_server;
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    location / {
+        allow   172.30.32.2;
+        deny    all;
+
+        proxy_pass http://backend;
+    }
+}

home-panel/rootfs/etc/services.d/home-panel/run

@@ -0,0 +1,19 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: Home Panel
+# Starts server to serve the app
+# ==============================================================================
+bashio::log.info "Run Home Panel.."
+
+cd /opt/panel \
+    || bashio::exit.nok "Could not change into app directory"
+
+LOG_LEVEL=$(bashio::config 'log_level')
+SSL_SUPPRESS_WARNING="true"
+SUPPRESS_ADDRESS="true"
+
+export LOG_LEVEL
+export SSL_SUPPRESS_WARNING
+export SUPPRESS_ADDRESS
+
+exec node src/

home-panel/rootfs/etc/services.d/nginx/finish

@@ -1,7 +1,7 @@
 #!/usr/bin/execlineb -S0
 # ==============================================================================
 # Community Hass.io Add-ons: Home Panel
-# Take down the S6 supervision tree when NGINX fails
+# Take down the S6 supervision tree when Nginx fails
 # ==============================================================================
 if -n { s6-test $# -ne 0 }
 if -n { s6-test ${1} -eq 256 }

home-panel/rootfs/etc/services.d/nginx/run

@@ -1,15 +1,12 @@
 #!/usr/bin/with-contenv bashio
 # ==============================================================================
 # Community Hass.io Add-ons: Home Panel
-# Runs the NGINX daemon
+# Runs the Nginx daemon
 # ==============================================================================
-# Wait for the API to start
-bashio::net.wait_for 3234
 
-# Disable HA Authentication if front door is open
-if bashio::config.true 'leave_front_door_open'; then
-    export DISABLE_HA_AUTHENTICATION=true
-fi
+# Wait for Home Panel to become available
+bashio::net.wait_for 8234
+
+bashio::log.info "Starting NGinx..."
 
-bashio::log.info "Starting NGINX..."
 exec nginx