nearxos/reterminal-dm4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement user authentication and admin features in eMMC provisioning dashboard: add SQLite database for user management, create admin log functionality, and enhance session handling. Update README to reflect new public and admin access levels, and improve deployment scripts to support cloud-init images and portal files management.

Browse Source
This commit is contained in:
nearxos
2026-02-19 15:17:47 +02:00
parent 987e71c36e
commit 39aa042dc9
9 changed files with 1167 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
chromium-setup/emmc-provisioning/dashboard/README.md
View File

@@ -1,41 +1,53 @@
# CM4 Provisioning Dashboard
Flask web UI to monitor the eMMC deployment process and show device connection steps.
Flask web UI for CM4 eMMC provisioning: **public home** (deploy only) and **admin** (login required) for images, cloud-init, portal files, and users.
- **Connection steps**: Numbered instructions for putting the reTerminal in boot mode and connecting it.
- **Live status**: Idle / Connecting (rpiboot) / Flashing / Backup / Done / Error, with optional progress.
- **Backup / Restore**: Toggle between **Flash** (deploy golden image) and **Backup** (save eMMC to a timestamped file when device is connected in boot mode). List and download saved backups. For each raw `.img` backup you can click **Shrink** (PiShrink) or **Compress** (shrink + xz) to reduce size.
- **Build cloud-init image**: Download the latest Raspberry Pi OS Lite (arm64) from the official repository and inject cloud-init NoCloud files so the image is ready for first-boot configuration. The result appears in the backups list; set it as golden to deploy. *Requires* loop devices and mount (if the dashboard runs in an LXC, the container may need privileged mode or loop support).
- **Recent log**: Tail of the flash log (from the host, via the shared bind mount).
## Public home (`/`)
The dashboard reads `/var/lib/cm4-provisioning/status.json` and `flash.log`, which the flash script (running on the Proxmox host) updates. When the dashboard runs inside the LXC, that directory is bind-mounted from the host, so it sees the same files.
- **No login.** Anyone can:
- See current status (idle / connecting / flashing / backup / done / error).
- **Deploy** or **Backup** when a device is connected (USB boot or network).
- See which image is set as **golden** (used for Deploy).
- View recent log and “How to connect” steps.
Layout: compact two columns (status + deploy on the left; golden info, log, and connect on the right).
## Admin (`/admin`)
**Login required.** First user: open `/login`, enter any username and a password (min 6 characters) to create the first admin account.
Admin can:
- **Backup images** (in `backups/`): upload, rename, delete, shrink/compress, **set as golden**, download.
- **Cloud-init images** (in `cloudinit-images/`): list, set as golden, rename, delete, download.
- **Build cloud-init image**: download latest Raspberry Pi OS (arm64), inject cloud-init, edit user-data/meta-data/network-config, use templates. Output goes to cloud-init images; optionally set as golden after build.
- **Portal files** (in `portal-files/`): upload files that are served at `/files/<name>` so cloud-init can `wget` or `curl` them on first boot (e.g. `curl -fsSL "http://SERVER/files/bootstrap.sh" -o /tmp/bootstrap.sh`).
- **Golden image**: any backup or cloud-init image can be set as golden (no single “golden file”; choose from either list).
- **Admin users**: add users, change password.
- **Activity logs**: view recent admin actions.
Backup images and cloud-init images live in **separate folders** (`backups/` and `cloudinit-images/`).
## Run locally (development)
```bash
cd dashboard
pip install flask # or use venv
pip install -r requirements.txt # Flask, werkzeug
python3 app.py
# Open http://localhost:5000
# Open http://localhost:5000 (home), http://localhost:5000/admin (login first)
```
## Run in LXC (Proxmox)
1. Copy the dashboard into the container (e.g. to `/opt/cm4-provisioning/dashboard`).
2. Install Flask if needed: `apt install -y python3-flask` or `pip install flask`.
3. Install the systemd unit and enable it:
```bash
cp /opt/cm4-provisioning/dashboard/cm4-dashboard.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable --now cm4-dashboard
```
4. Open `http://<LXC-IP>:5000` (or port-forward from the Proxmox host).
Deploy with `scripts/deploy-to-proxmox.sh`; it installs the dashboard and pushes `home.html`, `login.html`, `admin.html`. Optional: create `/opt/cm4-provisioning/dashboard.env` with `CM4_DASHBOARD_SECRET_KEY=<random>` so session logins persist across restarts (deploy script can create this automatically).
## Environment (optional)
- `CM4_STATUS_FILE` path to status JSON (default: `/var/lib/cm4-provisioning/status.json`).
- `CM4_LOG_FILE` path to flash log (default: `/var/lib/cm4-provisioning/flash.log`).
- `CM4_BACKUPS_DIR` path to backups directory (default: `…/backups`).
- `CM4_BUILD_STATUS_FILE` path to build-cloudinit status JSON (default: `…/build_cloudinit_status.json`).
- `CM4_PROVISIONING_DIR` base path (default: `/var/lib/cm4-provisioning`).
- `CM4_BACKUPS_DIR` backups directory (default: `…/backups`).
- `CM4_CLOUDINIT_IMAGES_DIR` cloud-init built images (default: `…/cloudinit-images`).
- `CM4_PORTAL_FILES_DIR` files served at `/files/` (default: `…/portal-files`).
- `CM4_GOLDEN_IMAGE` path to golden image (symlink to chosen backup or cloud-init image).
- `CM4_DASHBOARD_SECRET_KEY` secret for session cookies (set in production).
- `CM4_DASHBOARD_DB` SQLite path for admin users and logs (default: `…/dashboard.db`).
- `CM4_STATUS_FILE`, `CM4_LOG_FILE`, etc. as before for status and build.