gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-18 00:17:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
559dfd02352485f89f41eea66591fb1a881bbdb0
Pulse/scripts
History
rcourtman 559dfd0235 Add HTTP mode support to sensor-proxy installer 
Implements complete HTTP mode installation workflow for external PVE hosts.

New installer features:
- `--http-mode` flag: Enable HTTP server mode for remote temperature monitoring
- `--http-addr <addr>` flag: Configure listen address (default :8443)
- Auto-generates self-signed TLS certificates (4096-bit RSA, 10-year validity)
- Registers with Pulse API and receives authentication token
- Configures systemd service with proper security hardening

Installation workflow (HTTP mode):
1. Validate --pulse-server parameter is provided
2. Generate TLS certificate with SAN (hostname + IPs)
3. Call Pulse API POST /api/temperature-proxy/register
4. Receive and store auth token securely (mode 600)
5. Append HTTP config to config.yaml
6. Update systemd service with TLS paths
7. Start service

TLS certificate generation:
- Uses openssl req with RSA 4096-bit keys
- 10-year validity period
- SubjectAltName includes hostname + all IPs
- Files stored in /etc/pulse-sensor-proxy/tls/
- Permissions: 640 root:pulse-sensor-proxy
- Logs SHA256 fingerprint for audit

API registration:
- Calls POST /api/temperature-proxy/register
- Payload: {"hostname": "...", "proxy_url": "https://..."}
- Response: {"token": "...", "pve_instance": "..."}
- Aborts installation on registration failure (fail-fast)
- Token stored in config.yaml

Systemd service updates:
- Adds ReadOnlyPaths=/etc/pulse-sensor-proxy/tls for HTTP mode
- RestrictAddressFamilies already includes AF_INET/AF_INET6
- Maintains all existing security hardening

Error handling:
- Validates required parameters before starting
- Aborts on TLS generation failure
- Aborts on API registration failure
- Provides actionable troubleshooting guidance
- Logs clear error messages

Security:
- Tokens stored with mode 600, owned by service user
- TLS keys protected with mode 640
- Service runs as unprivileged pulse-sensor-proxy user
- Full systemd hardening maintained

Usage example:
  curl -fsSL https://pulse-server/download/install-sensor-proxy.sh | \
    bash -s -- --http-mode --pulse-server https://pulse.example.com:7655

Related to #571
2025-11-13 16:33:12 +00:00
..
dev
Fix settings security tab navigation
2025-10-11 23:29:47 +00:00
lib
feat: add shared script library system and refactor docker-agent installer
2025-10-20 15:13:38 +00:00
systemd
Fix temperature monitoring on standalone Proxmox nodes (addresses #571)
2025-11-13 13:02:15 +00:00
tests
feat: add shared script library system and refactor docker-agent installer
2025-10-20 15:13:38 +00:00
.go-version
Fix settings security tab navigation
2025-10-11 23:29:47 +00:00
backup-claude-md.sh
Fix critical version embedding issues for 4.26 release
2025-11-06 11:42:52 +00:00
build-release.sh
Release workflow guardrails (related to #695)
2025-11-11 22:34:00 +00:00
bundle.manifest
feat: add shared script library system and refactor docker-agent installer
2025-10-20 15:13:38 +00:00
bundle.sh
feat: add shared script library system and refactor docker-agent installer
2025-10-20 15:13:38 +00:00
clean-mock-alerts.sh
Add guest agent caching and update doc hints (refs #560)
2025-10-16 08:15:49 +00:00
cleanup.sh
Refactor: Code cleanup and localStorage consolidation
2025-11-04 21:50:46 +00:00
codex-router.sh
Update Pulse install flow and related components
2025-10-21 19:58:53 +00:00
create-sensor-user.sh
security: complete Phase 1 sensor proxy hardening
2025-10-20 15:13:37 +00:00
docker-build.sh
security: complete Phase 1 sensor proxy hardening
2025-10-20 15:13:37 +00:00
generate-release-notes.sh
Polish release notes fallback
2025-11-13 09:10:43 +00:00
harden-sensor-proxy.sh
security: complete Phase 1 sensor proxy hardening
2025-10-20 15:13:37 +00:00
hot-dev.sh
chore: snapshot current changes
2025-11-02 22:47:55 +00:00
install-container-agent.sh
Add support for linux-386 and linux-armv6 architectures (related to #674)
2025-11-09 08:35:24 +00:00
install-docker-agent-v2.sh
Refactor: Code cleanup and localStorage consolidation
2025-11-04 21:50:46 +00:00
install-docker-agent.sh
Handle Snap Docker home restrictions (Related to #693)
2025-11-12 19:20:04 +00:00
install-docker.sh
Refactor: Code cleanup and localStorage consolidation
2025-11-04 21:50:46 +00:00
install-go-toolchain.sh
Fix settings security tab navigation
2025-10-11 23:29:47 +00:00
install-host-agent.ps1
Fix Windows host agent installer reliability (related to #654)
2025-11-07 22:55:03 +00:00
install-host-agent.sh
Fix SELinux compatibility in host agent installer
2025-11-11 21:13:33 +00:00
install-sensor-proxy.sh
Add HTTP mode support to sensor-proxy installer
2025-11-13 16:33:12 +00:00
package-helm-chart.sh
release: prepare v4.25.0
2025-10-22 10:46:18 +00:00
pulse-auto-update.sh
Refactor: Code cleanup and localStorage consolidation
2025-11-04 21:50:46 +00:00
pulse-proxy-rotate-keys.sh
refactor: Rename pulse-temp-proxy to pulse-sensor-proxy
2025-10-13 13:17:05 +00:00
pulse-sensor-cleanup.sh
Fix temperature monitoring for standalone Proxmox nodes and add multi-arch sensor proxy builds
2025-11-05 19:41:09 +00:00
pulse-sensor-proxy.service
Fix temperature monitoring for clustered and LXC Proxmox environments (addresses #571)
2025-11-13 13:25:27 +00:00
run-tests-mock.sh
Adopt multi-token auth across docs, UI, and tooling
2025-10-14 15:47:49 +00:00
secure-sensor-files.sh
security: complete Phase 1 sensor proxy hardening
2025-10-20 15:13:37 +00:00
setup-log-forwarding.sh
security: complete Phase 1 sensor proxy hardening
2025-10-20 15:13:37 +00:00
sync-production-config.sh
refactor: remove legacy DISABLE_AUTH flag and enhance authentication UX
2025-10-27 19:46:51 +00:00
test-vm-disk.sh
Update Proxmox guest agent permissions docs and tooling (refs #548)
2025-10-14 10:21:52 +00:00
toggle-mock.sh
refactor: remove legacy DISABLE_AUTH flag and enhance authentication UX
2025-10-27 19:46:51 +00:00
trigger-release.sh
Fix remote sync check in release trigger script
2025-11-13 11:43:36 +00:00
uninstall-host-agent.ps1
feat: add native Windows service support and expandable host details
2025-10-23 22:11:56 +00:00
uninstall-host-agent.sh
feat: enhance macOS/Linux agent installation to match Windows quality
2025-10-23 22:23:23 +00:00
validate-published-release.sh
Related to #698: harden installer release detection
2025-11-12 17:56:16 +00:00
validate-release.sh
Fix Windows/macOS host agent downloads for bare metal installs (related to #684)
2025-11-11 21:26:33 +00:00