janpeter/Ops-dashboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Ops-dashboard. deployen van repos naar docker
24 commits 9 branches 0 tags 336 KiB
Find a file
Scrum4Me Agent bdc24b57ba feat(flows): add YAML flow format, flow-runner, and /agent/v1/flow endpoint 
- ops-agent/src/lib/flow-runner.ts: loads YAML flows, validates all steps
  against the command whitelist, executes sequentially; supports dry_run
  (emits WOULD RUN lines) and on_failure: abort|continue per step
- ops-agent/src/routes/flow.ts: POST /agent/v1/flow { flow_key, dry_run }
  streams step_start/stdout/stderr/step_done/done SSE events
- ops-agent/src/index.ts: register flow route, add FLOWS_PATH env var
- ops-agent/flows.example/: three flow definitions — update_scrum4me_web,
  update_mcp_worker, update_caddy_config; deploy to /etc/ops-agent/flows/
- ops-agent/commands.yml.example: add curl_smoke_scrum4me_web and
  docker_compose_ps_worker smoke-test commands
- app/api/flows/run/route.ts: Next.js proxy — creates FlowRun/FlowStep
  DB records per step, forwards SSE stream to browser
- hooks/useFlowRun.ts: add startFlow(flowKey, dryRun) method; handle
  step_start events to display step headers in the terminal
- components/StreamingTerminal.tsx: add 'info' line type (sky-400) for
  step headers

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 19:22:34 +02:00
app feat(flows): add YAML flow format, flow-runner, and /agent/v1/flow endpoint 2026-05-13 19:22:34 +02:00
components feat(flows): add YAML flow format, flow-runner, and /agent/v1/flow endpoint 2026-05-13 19:22:34 +02:00
deploy feat(deploy): add sudoers config + setup.sh integration for systemctl_restart 2026-05-13 17:53:09 +02:00
hooks feat(flows): add YAML flow format, flow-runner, and /agent/v1/flow endpoint 2026-05-13 19:22:34 +02:00
lib feat(caddy): add caddy_list_certs whitelist entry and cert parser 2026-05-13 17:48:41 +02:00
ops-agent feat(flows): add YAML flow format, flow-runner, and /agent/v1/flow endpoint 2026-05-13 19:22:34 +02:00
prisma feat(audit): truncate stdout/stderr to 64KB + index FlowRun(user_id, started_at desc) 2026-05-13 18:03:06 +02:00
public feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00
.dockerignore feat: Dockerfile, deploy configs en Caddy-block voor ops.jp-visser.nl 2026-05-13 17:12:37 +02:00
.env.example feat(systemd): unit overview + journal viewer pages 2026-05-13 17:41:54 +02:00
.gitignore feat: Prisma schema, migrations en seed voor auth en audit-log 2026-05-13 17:04:27 +02:00
AGENTS.md feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00
CLAUDE.md feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00
components.json feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00
Dockerfile feat: Dockerfile, deploy configs en Caddy-block voor ops.jp-visser.nl 2026-05-13 17:12:37 +02:00
next.config.ts feat: Dockerfile, deploy configs en Caddy-block voor ops.jp-visser.nl 2026-05-13 17:12:37 +02:00
package-lock.json feat(ui): add action buttons to Docker, Git, systemd, and Caddy modules 2026-05-13 19:14:49 +02:00
package.json feat(caddy): add caddy_list_certs whitelist entry and cert parser 2026-05-13 17:48:41 +02:00
postcss.config.mjs feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00
prisma.config.ts feat: Prisma schema, migrations en seed voor auth en audit-log 2026-05-13 17:04:27 +02:00
proxy.ts feat: login page, session management, auth API routes en proxy guard 2026-05-13 17:10:07 +02:00
README.md feat(auth): shared-secret auth web-app → ops-agent 2026-05-13 17:22:37 +02:00
tsconfig.json fix(tsconfig): exclude ops-agent from Next.js TypeScript check 2026-05-13 17:28:55 +02:00

README.md

Ops Dashboard

Single-user ops dashboard voor jp-visser.nl.

See docs/runbooks/ for setup, deployment, and operational procedures.

Ops-agent auth

The web-app communicates with the ops-agent via a shared secret stored in /etc/ops-agent/secret (mode 0640, owner root:ops-agent).

  • The ops-agent reads the secret at startup via OPS_AGENT_SECRET_PATH.
  • Every request from the web-app carries Authorization: Bearer <secret>.
  • The agent validates using a constant-time comparison to prevent timing attacks.
  • The web-app reads the secret value from the OPS_AGENT_SECRET environment variable.

Secret rotation procedure

  1. Generate a new secret on the server: 
    openssl rand -hex 32 | sudo tee /etc/ops-agent/secret
sudo chown root:ops-agent /etc/ops-agent/secret
sudo chmod 0640 /etc/ops-agent/secret
  2. Update OPS_AGENT_SECRET in the web-app's environment file (/srv/ops/ops-dashboard.env) with the new value.
  3. Restart both services: 
    sudo systemctl restart ops-agent
sudo docker compose -f /srv/ops/docker-compose.ops-dashboard.yml restart ops-dashboard
  4. Verify the dashboard is operational and that systemctl status ops-agent shows the service running without errors.