# CM4 Provisioning Dashboard

Flask web UI for CM4 eMMC provisioning: **public home** (deploy only) and **admin** (login required) for images, cloud-init, portal files, and users.

## Public home (`/`)

- **No login.** Anyone can:
  - See current status (idle / connecting / flashing / backup / done / error).
  - **Deploy** or **Backup** when a device is connected (USB boot or network).
  - See which image is set as **golden** (used for Deploy).
  - View recent log and “How to connect” steps.

Layout: compact two columns (status + deploy on the left; golden info, log, and connect on the right).

## Admin (`/admin`)

**Login required.** First user: open `/login`, enter any username and a password (min 6 characters) to create the first admin account.

Admin can:

- **Backup images** (in `backups/`): upload, rename, delete, shrink/compress, **set as golden**, download.
- **Cloud-init images** (in `cloudinit-images/`): list, set as golden, rename, delete, download.
- **Build cloud-init image**: download latest Raspberry Pi OS (arm64), inject cloud-init, edit user-data/meta-data/network-config, use templates. Output goes to cloud-init images; optionally set as golden after build.
- **Portal files** (in `portal-files/`): upload files that are served at `/files/<name>` so cloud-init can `wget` or `curl` them on first boot (e.g. `curl -fsSL "http://SERVER/files/bootstrap.sh" -o /tmp/bootstrap.sh`).
- **Golden image**: any backup or cloud-init image can be set as golden (no single “golden file”; choose from either list).
- **Admin users**: add users, change password.
- **Activity logs**: view recent admin actions.

Backup images and cloud-init images live in **separate folders** (`backups/` and `cloudinit-images/`).

## Run locally (development)

```bash
cd dashboard
pip install -r requirements.txt   # Flask, werkzeug
python3 app.py
# Open http://localhost:5000 (home), http://localhost:5000/admin (login first)
```

## Run in LXC (Proxmox)

Deploy with `scripts/deploy-to-proxmox.sh`; it installs the dashboard and pushes `home.html`, `login.html`, `admin.html`. Optional: create `/opt/cm4-provisioning/dashboard.env` with `CM4_DASHBOARD_SECRET_KEY=<random>` so session logins persist across restarts (deploy script can create this automatically).

## Environment (optional)

- `CM4_PROVISIONING_DIR` – base path (default: `/var/lib/cm4-provisioning`).
- `CM4_BACKUPS_DIR` – backups directory (default: `…/backups`).
- `CM4_CLOUDINIT_IMAGES_DIR` – cloud-init built images (default: `…/cloudinit-images`).
- `CM4_PORTAL_FILES_DIR` – files served at `/files/` (default: `…/portal-files`).
- `CM4_GOLDEN_IMAGE` – path to golden image (symlink to chosen backup or cloud-init image).
- `CM4_DASHBOARD_SECRET_KEY` – secret for session cookies (set in production).
- `CM4_DASHBOARD_DB` – SQLite path for admin users and logs (default: `…/dashboard.db`).
- `CM4_STATUS_FILE`, `CM4_LOG_FILE`, etc. – as before for status and build.