fosrl/docs
1
0
Fork 0
mirror of https://github.com/fosrl/docs.git synced 2025-05-12 13:20:43 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

standarize code block formatting with prettier

Browse source
This commit is contained in:
miloschwartz 2025-04-10 21:56:12 -04:00
parent 8d980307e0
commit e301452e0d
No known key found for this signature in database
42 changed files with 832 additions and 813 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
packages/docusaurus/.prettierrc
View file

@ -1,5 +1,5 @@
{ {
"tabWidth": 4, "tabWidth": 2,
"printWidth": 80, "printWidth": 80,
"trailingComma": "none" "trailingComma": "none"
} }

24
packages/docusaurus/docs/01-overview.md
View file

@ -30,32 +30,26 @@ Note that these guides may be out of date, as the project is still in active dev
Fossorial has a couple major components: Fossorial has a couple major components:
### [**Pangolin**](https://github.com/fosrl/pangolin) (Management Application & Central Server) ### [**Pangolin**](https://github.com/fosrl/pangolin) (Management Application & Central Server)
The central hub for managing the application. Pangolin includes:
- Most business logic. The central hub for managing the application. Pangolin includes: - Most business logic. - External facing rest API. - WebSocket server for managing Newt sites. - Internal facing rest API for communication between components on the VPS. - Frontend server for the web interface. - Main database for storing data. - Authentication system.
- External facing rest API.
- WebSocket server for managing Newt sites.
- Internal facing rest API for communication between components on the VPS.
- Frontend server for the web interface.
- Main database for storing data.
- Authentication system.
### [**Gerbil**](https://github.com/fosrl/gerbil) (WireGuard Interface Management) ### [**Gerbil**](https://github.com/fosrl/gerbil) (WireGuard Interface Management)
Acts as the intermediary for managing WireGuard configurations. It creates and maintains the secure tunnels between sites and the Pangolin server.
Acts as the intermediary for managing WireGuard configurations. It creates and maintains the secure tunnels between sites and the Pangolin server.
### [**Traefik**](https://github.com/traefik/traefik) (Reverse Proxy) ### [**Traefik**](https://github.com/traefik/traefik) (Reverse Proxy)
A high-performance, modular reverse proxy that routes requests to private resources. Traefik is widely adopted, and its plugin system allows further customization and security enhancements. For example:
- Out-of-the-box compatibility with plugins like [Fail2Ban](https://plugins.traefik.io/plugins/628c9ebcffc0cd18356a979f/fail2-ban) or [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin). A high-performance, modular reverse proxy that routes requests to private resources. Traefik is widely adopted, and its plugin system allows further customization and security enhancements. For example: - Out-of-the-box compatibility with plugins like [Fail2Ban](https://plugins.traefik.io/plugins/628c9ebcffc0cd18356a979f/fail2-ban) or [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin). - Enhanced security via our custom Traefik plugin Badger, which acts as an authentication bouncer.
- Enhanced security via our custom Traefik plugin Badger, which acts as an authentication bouncer.
### [**Badger**](https://github.com/fosrl/badger) (Traefik Plugin Middleware): ### [**Badger**](https://github.com/fosrl/badger) (Traefik Plugin Middleware):
A custom Traefik plugin that acts as an authentication bouncer. Badger: A custom Traefik plugin that acts as an authentication bouncer. Badger:
- Intercepts requests to the Traefik reverse proxy. - Intercepts requests to the Traefik reverse proxy.
- Redirects unauthenticated requests to the Pangolin server for authentication. - Redirects unauthenticated requests to the Pangolin server for authentication.
### [**Newt**](https://github.com/fosrl/newt) (Minimal User Space WireGuard Client) ### [**Newt**](https://github.com/fosrl/newt) (Minimal User Space WireGuard Client)
A lightweight client designed to run on the private network. Newt:
- Connects to the Pangolin server via WebSocket and Gerbil via fully user space WireGuard A lightweight client designed to run on the private network. Newt: - Connects to the Pangolin server via WebSocket and Gerbil via fully user space WireGuard - Facilitates networking through its connection to Gerbil and creating TCP proxies
- Facilitates networking through its connection to Gerbil and creating TCP proxies
## System Diagram ## System Diagram

13
packages/docusaurus/docs/02-Getting Started/02-dns-networking.md
View file

@ -45,7 +45,6 @@ Docker automatically creates iptables NAT rules when container ports are publish
::: :::
Following ports should be exposed on Operating system level. Following ports should be exposed on Operating system level.
### TCP 80 ### TCP 80
@ -78,9 +77,9 @@ By default the config defaults to using the bellow settings:
```yaml ```yaml
gerbil: gerbil:
block_size: 24 block_size: 24
site_block_size: 30 site_block_size: 30
subnet_group: 100.89.137.0/20 subnet_group: 100.89.137.0/20
``` ```
This means that Gerbil will choose the first /24 subnet in the `100.89.137.0/20` range to operate its network. `100.89.137.0/20` is in the CGNAT range which should avoid overlap with most private networks, but if it does please make sure to change this in your config **before** registering your first Gerbil. This means that Gerbil will choose the first /24 subnet in the `100.89.137.0/20` range to operate its network. `100.89.137.0/20` is in the CGNAT range which should avoid overlap with most private networks, but if it does please make sure to change this in your config **before** registering your first Gerbil.
@ -109,7 +108,7 @@ Since Cloudflare proxy obscures the destination IP of the host, you will also ne
```yaml ```yaml
gerbil: gerbil:
start_port: 51820 start_port: 51820
# highlight-next-line # highlight-next-line
base_endpoint: "104.21.16.1" # Replace with your VPS IP base_endpoint: "104.21.16.1" # Replace with your VPS IP
``` ```

48
packages/docusaurus/docs/02-Getting Started/03-quick-install.md
View file

@ -5,13 +5,13 @@ import WgetQuickInstaller from "@site/src/components/WgetQuickInstaller";
## Prerequisites ## Prerequisites
- A Linux system with root access and a public IP address - A Linux system with root access and a public IP address
- We recommend Ubuntu or Debian based systems - We recommend Ubuntu or Debian based systems
- [A domain name pointed to your server's IP address](./02-dns-networking.md) - [A domain name pointed to your server's IP address](./02-dns-networking.md)
- [TCP ports 80, 443, and UDP port 51820 exposed to your Linux instance.](./02-dns-networking.md) - [TCP ports 80, 443, and UDP port 51820 exposed to your Linux instance.](./02-dns-networking.md)
- **Note:** Dockers NAT-based port publishing feature automatically exposes all ports defined in `docker-compose` file. This behavior can bypass your host firewall settings, potentially exposing services that you did not intend to make public. It is important to review and manage these port configurations to minimize security risks. - **Note:** Dockers NAT-based port publishing feature automatically exposes all ports defined in `docker-compose` file. This behavior can bypass your host firewall settings, potentially exposing services that you did not intend to make public. It is important to review and manage these port configurations to minimize security risks.
- An email address for Let's Encrypt certificate registration - An email address for Let's Encrypt certificate registration
- (Optionally) a SMTP server - (Optionally) a SMTP server
## Using a VPS ## Using a VPS
@ -58,11 +58,11 @@ You'll need to configure the admin user. This is the first user in the system. Y
1. **Admin Email**: Defaults to `admin@yourdomain.com` but can be customized 1. **Admin Email**: Defaults to `admin@yourdomain.com` but can be customized
2. **Admin Password**: Must meet these requirements: 2. **Admin Password**: Must meet these requirements:
- At least 8 characters - At least 8 characters
- At least one uppercase letter - At least one uppercase letter
- At least one lowercase letter - At least one lowercase letter
- At least one digit - At least one digit
- At least one special character - At least one special character
### 4. Security Settings ### 4. Security Settings
@ -77,11 +77,11 @@ Decide whether to enable email functionality. This allows Pangolin to send trans
If enabled, you'll need to provide: If enabled, you'll need to provide:
- SMTP host - SMTP host
- SMTP port (defaults to 587) - SMTP port (defaults to 587)
- SMTP username - SMTP username
- SMTP password - SMTP password
- No-reply email address. This is the sender email address that Pangolin will email from. Many times this should be the same as the username. - No-reply email address. This is the sender email address that Pangolin will email from. Many times this should be the same as the username.
### 6. Docker Installation ### 6. Docker Installation
@ -93,11 +93,11 @@ If Docker isn't already installed, the installer will:
Supported distributions: Supported distributions:
- Ubuntu/Debian - Ubuntu/Debian
- Fedora - Fedora
- OpenSUSE - OpenSUSE
- RHEL - RHEL
- Amazon Linux - Amazon Linux
### 7. Container Deployment ### 7. Container Deployment
@ -117,5 +117,5 @@ After successful installation:
## Notes ## Notes
- The installer checks for an existing configuration and won't overwrite it if found - The installer checks for an existing configuration and won't overwrite it if found
- Docker installation is optional if already present - Docker installation is optional if already present

8
packages/docusaurus/docs/02-Getting Started/05-quick-setup.md
View file

@ -57,7 +57,7 @@ For example on a Linux client, you can write your copied config to a wg0.conf fi
1. Head to the **Resources** tab and select the `Add Resource` button (or use the tab in the setup workflow) 1. Head to the **Resources** tab and select the `Add Resource` button (or use the tab in the setup workflow)
2. Give your resource a name like "Bitwarden" 2. Give your resource a name like "Bitwarden"
3. Choose a subdomain for this resource. The subdomain must be ***globally unique** across all orgs and sites 3. Choose a subdomain for this resource. The subdomain must be **\*globally unique** across all orgs and sites
4. Choose the site that this resource is at. The resource target must be accessible behind the tunnel attached to this site. 4. Choose the site that this resource is at. The resource target must be accessible behind the tunnel attached to this site.
5. Press `Create Resource` 5. Press `Create Resource`
@ -68,9 +68,9 @@ For example on a Linux client, you can write your copied config to a wg0.conf fi
1. You should now be on the **Connectivity** page under your new resource 1. You should now be on the **Connectivity** page under your new resource
2. If you would like to secure this site with https, leave the `Enable SSL` toggle enabled 2. If you would like to secure this site with https, leave the `Enable SSL` toggle enabled
3. Add a target for this resource. If your resource is accessible on your internal network at `http://192.168.1.24:8080` for example, then choose the following 3. Add a target for this resource. If your resource is accessible on your internal network at `http://192.168.1.24:8080` for example, then choose the following
Method: HTTP Method: HTTP
IP Address: 192.168.1.24 IP Address: 192.168.1.24
Port: 8080 Port: 8080
4. Press `Add Target` and you will see the target added to the list and enabled. 4. Press `Add Target` and you will see the target added to the list and enabled.
5. Press `Save Changes` 5. Press `Save Changes`
6. Try to access your resource by clicking the url at the top 6. Try to access your resource by clicking the url at the top

69
packages/docusaurus/docs/03-Pangolin/01-overview.md
View file

@ -10,45 +10,45 @@ _Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected
### Reverse Proxy Through WireGuard Tunnel ### Reverse Proxy Through WireGuard Tunnel
- Expose private resources on your network **without opening ports** (firewall punching). - Expose private resources on your network **without opening ports** (firewall punching).
- Secure and easy to configure site-to-site connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt). - Secure and easy to configure site-to-site connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
- Built-in support for any WireGuard client. - Built-in support for any WireGuard client.
- Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/). - Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/).
- Support for HTTP/HTTPS and **raw TCP/UDP services**. - Support for HTTP/HTTPS and **raw TCP/UDP services**.
- Load balancing. - Load balancing.
### Identity & Access Management ### Identity & Access Management
- Centralized authentication system using platform SSO. **Users will only have to manage one login.** - Centralized authentication system using platform SSO. **Users will only have to manage one login.**
- **Define access control rules for IPs, IP ranges, and URL paths per resource.** - **Define access control rules for IPs, IP ranges, and URL paths per resource.**
- TOTP with backup codes for two-factor authentication. - TOTP with backup codes for two-factor authentication.
- Create organizations, each with multiple sites, users, and roles. - Create organizations, each with multiple sites, users, and roles.
- **Role-based access control** to manage resource access permissions. - **Role-based access control** to manage resource access permissions.
- Additional authentication options include: - Additional authentication options include:
- Email whitelisting with **one-time passcodes.** - Email whitelisting with **one-time passcodes.**
- **Temporary, self-destructing share links.** - **Temporary, self-destructing share links.**
- Resource specific pin codes. - Resource specific pin codes.
- Resource specific passwords. - Resource specific passwords.
### Simple Dashboard UI ### Simple Dashboard UI
- Manage sites, users, and roles with a clean and intuitive UI. - Manage sites, users, and roles with a clean and intuitive UI.
- Monitor site usage and connectivity. - Monitor site usage and connectivity.
- Light and dark mode options. - Light and dark mode options.
- Mobile friendly. - Mobile friendly.
### Easy Deployment ### Easy Deployment
- Run on any cloud provider or on-premises. - Run on any cloud provider or on-premises.
- **Docker Compose based setup** for simplified deployment. - **Docker Compose based setup** for simplified deployment.
- Future-proof installation script for streamlined setup and feature additions. - Future-proof installation script for streamlined setup and feature additions.
- Use any WireGuard client to connect, or use **Newt, our custom user space client** for the best experience. - Use any WireGuard client to connect, or use **Newt, our custom user space client** for the best experience.
### Modular Design ### Modular Design
- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](https://github.com/PascalMinder/geoblock). - Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](https://github.com/PascalMinder/geoblock).
- **Automatically install and configure Crowdsec via Pangolin's installer script.** - **Automatically install and configure Crowdsec via Pangolin's installer script.**
- Attach as many sites to the central server as you wish. - Attach as many sites to the central server as you wish.
<img src={require("./img/collage.png").default} alt="Collage"/> <img src={require("./img/collage.png").default} alt="Collage"/>
@ -60,19 +60,19 @@ _Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected
2. **Domain Configuration**: 2. **Domain Configuration**:
- Point your domain name to the VPS and configure Pangolin with your preferred settings. - Point your domain name to the VPS and configure Pangolin with your preferred settings.
You can [buy a cheap domain at Namecheap](https://namecheap.pxf.io/c/6099916/386170/5618) You can [buy a cheap domain at Namecheap](https://namecheap.pxf.io/c/6099916/386170/5618)
3. **Connect Private Sites**: 3. **Connect Private Sites**:
- Install Newt or use another WireGuard client on private sites. - Install Newt or use another WireGuard client on private sites.
- Automatically establish a connection from these sites to the central server. - Automatically establish a connection from these sites to the central server.
4. **Expose Resources**: 4. **Expose Resources**:
- Add resources to the central server and configure access control rules. - Add resources to the central server and configure access control rules.
- Access these resources securely from anywhere. - Access these resources securely from anywhere.
**Use Case Example - Bypassing Port Restrictions in Home Lab**: **Use Case Example - Bypassing Port Restrictions in Home Lab**:
Imagine private sites where the ISP restricts port forwarding. By connecting these sites to Pangolin via WireGuard, you can securely expose HTTP and HTTPS resources on the private network without any networking complexity. Imagine private sites where the ISP restricts port forwarding. By connecting these sites to Pangolin via WireGuard, you can securely expose HTTP and HTTPS resources on the private network without any networking complexity.
@ -80,7 +80,6 @@ You can [buy a cheap domain at Namecheap](https://namecheap.pxf.io/c/6099916/386
**Use Case Example - IoT Networks**: **Use Case Example - IoT Networks**:
IoT networks are often fragmented and difficult to manage. By deploying Pangolin on a central server, you can connect all your IoT sites via Newt or another WireGuard client. This creates a simple, secure, and centralized way to access IoT resources without the need for intricate networking setups. IoT networks are often fragmented and difficult to manage. By deploying Pangolin on a central server, you can connect all your IoT sites via Newt or another WireGuard client. This creates a simple, secure, and centralized way to access IoT resources without the need for intricate networking setups.
<img src={require("./img/resources.png").default} alt="Resources"/> <img src={require("./img/resources.png").default} alt="Resources"/>
_Resources page of Pangolin dashboard (dark mode) showing HTTPS and TCP resources with access control rules._ _Resources page of Pangolin dashboard (dark mode) showing HTTPS and TCP resources with access control rules._
@ -88,10 +87,10 @@ _Resources page of Pangolin dashboard (dark mode) showing HTTPS and TCP resource
## Similar Projects and Inspirations ## Similar Projects and Inspirations
**Cloudflare Tunnels**: **Cloudflare Tunnels**:
A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure. A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.
**Authentik and Authelia**: **Authentik and Authelia**:
These projects inspired Pangolins centralized authentication system for proxies, enabling robust user and role management. These projects inspired Pangolins centralized authentication system for proxies, enabling robust user and role management.
## Project Development / Roadmap ## Project Development / Roadmap

288
packages/docusaurus/docs/03-Pangolin/02-Configuration/02-config.md
View file

@ -7,72 +7,72 @@ Pangolin is configured using a `config.yml` file. The file is expected to be mou
### `app` ### `app`
- `dashboard_url`: string - `dashboard_url`: string
- Example: `https://example.com` or `https://pangolin.example.com` - Example: `https://example.com` or `https://pangolin.example.com`
- The url where the application is hosted. This is used for many things, including generating links. - The url where the application is hosted. This is used for many things, including generating links.
- You can run Pangolin on a subdomain or root domain. Users will be redirected to this url to complete the auth step. - You can run Pangolin on a subdomain or root domain. Users will be redirected to this url to complete the auth step.
- `log_level`: string - `log_level`: string
- Options: `debug`, `info`, `warn`, `error` - Options: `debug`, `info`, `warn`, `error`
- The log level for the application. - The log level for the application.
- `save_logs`: boolean - `save_logs`: boolean
- Whether to save logs to a file. Logs are saved to `config/logs/`. - Whether to save logs to a file. Logs are saved to `config/logs/`.
- Logs rotate - Logs rotate
- Max size: 20MB - Max size: 20MB
- Max files: 7 days - Max files: 7 days
- `log_failed_attempts` (optional): boolean - `log_failed_attempts` (optional): boolean
- Whether to log failed authentication attempts. This is useful for security tools like Crowdsec and Fail2ban. - Whether to log failed authentication attempts. This is useful for security tools like Crowdsec and Fail2ban.
### `server` ### `server`
- `external_port`: int - `external_port`: int
- The port the external facing (public) API will listen on. - The port the external facing (public) API will listen on.
- `internal_port`: int - `internal_port`: int
- The port the internal private facing (private) API will listen on. - The port the internal private facing (private) API will listen on.
- `next_port`: int - `next_port`: int
- The port the frontend server will listen on. - The port the frontend server will listen on.
- `internal_hostname`: string - `internal_hostname`: string
- Example: `pangolin` - Example: `pangolin`
- The hostname of the Pangolin container. This is used for internal communication between the components. - The hostname of the Pangolin container. This is used for internal communication between the components.
- If running with Docker Compose, this should be the name of the container, which is likely `pangolin`. - If running with Docker Compose, this should be the name of the container, which is likely `pangolin`.
- `session_cookie_name`: string - `session_cookie_name`: string
- Example: `p_session_token` - Example: `p_session_token`
- The name of the session cookie. This is used to store the session token for the main application. - The name of the session cookie. This is used to store the session token for the main application.
- `resource_access_token_param`: string - `resource_access_token_param`: string
- Example: `p_token` - Example: `p_token`
- Pass access token in this query parameter in each request for authentication. - Pass access token in this query parameter in each request for authentication.
- `resource_access_token_headers`: object - `resource_access_token_headers`: object
- Pass access token in these headers in each request for authentication. - Pass access token in these headers in each request for authentication.
- `id`: string - `id`: string
- Example: `P-Access-Token-Id` - Example: `P-Access-Token-Id`
- The name of the header used to pass the access token ID. - The name of the header used to pass the access token ID.
- `token`: string - `token`: string
- Example: `P-Access-Token` - Example: `P-Access-Token`
- The name of the header used to pass the access token. - The name of the header used to pass the access token.
- `resource_session_request_param`: string - `resource_session_request_param`: string
- Example: `p_session_request` - Example: `p_session_request`
- The query parameter used to pass the session request token to be exchanged for a real session token in Badger. - The query parameter used to pass the session request token to be exchanged for a real session token in Badger.
- `cors`: object (optional) - `cors`: object (optional)
- Configuration for Cross-Origin Resource Sharing (CORS). - Configuration for Cross-Origin Resource Sharing (CORS).
- `origins`: array of strings (optional) - `origins`: array of strings (optional)
- Example: `["https://pangolin.example.com"]` - Example: `["https://pangolin.example.com"]`
- List of allowed origins for cross-origin requests. - List of allowed origins for cross-origin requests.
- `methods`: array of strings (optional) - `methods`: array of strings (optional)
- Example: `["GET", "POST", "PUT", "DELETE", "PATCH"]` - Example: `["GET", "POST", "PUT", "DELETE", "PATCH"]`
- HTTP methods allowed for CORS requests. - HTTP methods allowed for CORS requests.
- `allowed_headers`: array of strings (optional) - `allowed_headers`: array of strings (optional)
- Example: `["X-CSRF-Token", "Content-Type"]` - Example: `["X-CSRF-Token", "Content-Type"]`
- HTTP headers allowed in CORS requests. - HTTP headers allowed in CORS requests.
- `credentials`: boolean (optional) - `credentials`: boolean (optional)
- Whether to allow credentials. - Whether to allow credentials.
- Default: true - Default: true
- `trust_proxy`: boolean (optional) - `trust_proxy`: boolean (optional)
- Whether to trust the proxy headers (e.g., `X-Forwarded-For`) for determining the client IP address. - Whether to trust the proxy headers (e.g., `X-Forwarded-For`) for determining the client IP address.
- Default: `true` - Default: `true`
- `dashboard_session_length_hours`: int (optional) - `dashboard_session_length_hours`: int (optional)
- The length of time in hours that the dashboard session will last after logging in. - The length of time in hours that the dashboard session will last after logging in.
- Default: `720` - Default: `720`
- `resource_session_length_hours`: int (optional) - `resource_session_length_hours`: int (optional)
- The length of time in hours that a session for each resource will last after logging in. - The length of time in hours that a session for each resource will last after logging in.
- Default: `720` - Default: `720`
### `domains` ### `domains`
@ -81,27 +81,27 @@ Pangolin is configured using a `config.yml` file. The file is expected to be mou
At least one domain must be configured. At least one domain must be configured.
- `<domain_key>`: string - `<domain_key>`: string
- The unique key for the domain configuration. This can be anything you want. - The unique key for the domain configuration. This can be anything you want.
- `base_domain`: string - `base_domain`: string
- Example: `example.com` - Example: `example.com`
- `cert_resolver`: string - `cert_resolver`: string
- Example: `letsencrypt` - Example: `letsencrypt`
- The name of the Traefik certificate resolver to use for this domain. This must match the name of the certificate resolver in the Traefik configuration. - The name of the Traefik certificate resolver to use for this domain. This must match the name of the certificate resolver in the Traefik configuration.
- `prefer_wildcard_cert`: boolean - `prefer_wildcard_cert`: boolean
- Example: `true` - Example: `true`
- Whether to prefer a wildcard certificate when generating certificates. This is useful if you want to use a wildcard certificate for the base domain and all subdomains. - Whether to prefer a wildcard certificate when generating certificates. This is useful if you want to use a wildcard certificate for the base domain and all subdomains.
### `traefik` ### `traefik`
- `http_entrypoint`: string - `http_entrypoint`: string
- Example: `web` - Example: `web`
- The name of the Traefik entrypoint for HTTP traffic. This must match the name of the entrypoint in the Traefik configuration. - The name of the Traefik entrypoint for HTTP traffic. This must match the name of the entrypoint in the Traefik configuration.
- `https_entrypoint`: string - `https_entrypoint`: string
- Example: `websecure` - Example: `websecure`
- The name of the Traefik entrypoint for HTTPS traffic. This must match the name of the entrypoint in the Traefik configuration. - The name of the Traefik entrypoint for HTTPS traffic. This must match the name of the entrypoint in the Traefik configuration.
- `additional_middlewares`: array of strings (optional) - `additional_middlewares`: array of strings (optional)
- Example: `["middleware1", "middleware2"]` - Example: `["middleware1", "middleware2"]`
- Additional middlewares to apply to the resource router generated at runtime. These must be defined in another Traefik configuration provider like the dynamic file provider. - Additional middlewares to apply to the resource router generated at runtime. These must be defined in another Traefik configuration provider like the dynamic file provider.
### `gerbil` ### `gerbil`
@ -121,67 +121,67 @@ At least one domain must be configured.
### `rate_limits` ### `rate_limits`
- `global`: object - `global`: object
- The global rate limit configuration for all requests to the external Pangolin API. - The global rate limit configuration for all requests to the external Pangolin API.
- `window_minutes`: int - `window_minutes`: int
- Example: `1` - Example: `1`
- The window in minutes for the rate limit. - The window in minutes for the rate limit.
- `max_requests`: int - `max_requests`: int
- Example: `100` - Example: `100`
- The maximum number of requests allowed in the window. - The maximum number of requests allowed in the window.
### `email` (optional) ### `email` (optional)
- `smtp_host` (optional): string - `smtp_host` (optional): string
- The SMTP host for sending emails. - The SMTP host for sending emails.
- `smtp_port` (optional): int - `smtp_port` (optional): int
- The SMTP port for sending emails. - The SMTP port for sending emails.
- `smtp_user` (optional): string - `smtp_user` (optional): string
- The SMTP username for sending emails. - The SMTP username for sending emails.
- `smtp_pass` (optional): string - `smtp_pass` (optional): string
- The SMTP password for sending emails. - The SMTP password for sending emails.
- `smtp_secure` (optional): boolean - `smtp_secure` (optional): boolean
- Whether to use a secure connection when sending emails. Use this if you're using port 465. - Whether to use a secure connection when sending emails. Use this if you're using port 465.
- Default: `false` - Default: `false`
- `no_reply` (optional): string - `no_reply` (optional): string
- Example: `no-reply@example.com` - Example: `no-reply@example.com`
- The address to send emails from. This can be any email address. Most often this will be the same as the `smtp_user`. - The address to send emails from. This can be any email address. Most often this will be the same as the `smtp_user`.
- `smtp_tls_reject_unauthorized` (optional): boolean - `smtp_tls_reject_unauthorized` (optional): boolean
- Do not fail if the server certificate cannot be verified. - Do not fail if the server certificate cannot be verified.
- Default: `false` - Default: `false`
### `users` ### `users`
- `server_admin`: object - `server_admin`: object
- The server admin who can always create new organizations. This user will always be created on startup. - The server admin who can always create new organizations. This user will always be created on startup.
- `email`: string - `email`: string
- Env: USERS_SERVERADMIN_EMAIL - Env: USERS_SERVERADMIN_EMAIL
- The email address of the server admin. - The email address of the server admin.
- `password`: string - `password`: string
- Env: USERS_SERVERADMIN_PASSWORD - Env: USERS_SERVERADMIN_PASSWORD
- The password of the server admin. - The password of the server admin.
- This password will always overwrite the password in the database on startup. This is useful for resetting the password. - This password will always overwrite the password in the database on startup. This is useful for resetting the password.
- The password must meet the following requirements: - The password must meet the following requirements:
- At least 8 characters - At least 8 characters
- At least one uppercase letter - At least one uppercase letter
- At least one lowercase letter - At least one lowercase letter
- At least one digit - At least one digit
- At least one special character - At least one special character
### `flags` (optional) ### `flags` (optional)
- `require_email_verification` (optional): boolean - `require_email_verification` (optional): boolean
- Whether to require email verification for new users. If set to `true`, new users will need to verify their email address before they can log in. - Whether to require email verification for new users. If set to `true`, new users will need to verify their email address before they can log in.
- Only turn this on if you have email configured. - Only turn this on if you have email configured.
- `disable_signup_without_invite` (optional): boolean - `disable_signup_without_invite` (optional): boolean
- Whether to allow users to sign up without an explicit invite. If set to `true`, the "Sign Up" button will be removed from the login form. - Whether to allow users to sign up without an explicit invite. If set to `true`, the "Sign Up" button will be removed from the login form.
- Users will still be able to sign up if they have a valid invite. - Users will still be able to sign up if they have a valid invite.
- `disable_user_create_org` (optional): boolean - `disable_user_create_org` (optional): boolean
- Whether to allow users to create new organizations. If set to `true`, users will not be able to create new organizations. - Whether to allow users to create new organizations. If set to `true`, users will not be able to create new organizations.
- The server admin can always create new organizations. - The server admin can always create new organizations.
- `allow_raw_resources` (optional): boolean - `allow_raw_resources` (optional): boolean
- Whether to allow users to create raw TCP/UDP resources. If set to `false`, users will only be able to create http/https resources. - Whether to allow users to create raw TCP/UDP resources. If set to `false`, users will only be able to create http/https resources.
- `allow_base_domain_resources` (optional): boolean - `allow_base_domain_resources` (optional): boolean
- Whether to allow users to create resources on the base domain. If set to `false`, users will only be able to create resources on subdomains. - Whether to allow users to create resources on the base domain. If set to `false`, users will only be able to create resources on subdomains.
## Example Configuration File ## Example Configuration File
@ -189,62 +189,62 @@ This is just an example and is not meant to be used as is. It is not complete. Y
```yaml ```yaml
app: app:
dashboard_url: "https://example.com" dashboard_url: "https://example.com"
log_level: "info" log_level: "info"
save_logs: false save_logs: false
domains: domains:
domain1: domain1:
base_domain: "example.com" base_domain: "example.com"
cert_resolver: "letsencrypt" cert_resolver: "letsencrypt"
prefer_wildcard_cert: false prefer_wildcard_cert: false
server: server:
external_port: 3000 external_port: 3000
internal_port: 3001 internal_port: 3001
next_port: 3002 next_port: 3002
internal_hostname: "pangolin" internal_hostname: "pangolin"
session_cookie_name: "p_session_token" session_cookie_name: "p_session_token"
resource_access_token_param: "p_token" resource_access_token_param: "p_token"
resource_access_token_headers: resource_access_token_headers:
id: "P-Access-Token-Id" id: "P-Access-Token-Id"
token: "P-Access-Token" token: "P-Access-Token"
resource_session_request_param: "p_session_request" resource_session_request_param: "p_session_request"
traefik: traefik:
cert_resolver: "letsencrypt" cert_resolver: "letsencrypt"
http_entrypoint: "web" http_entrypoint: "web"
https_entrypoint: "websecure" https_entrypoint: "websecure"
gerbil: gerbil:
start_port: 51820 start_port: 51820
base_endpoint: "example.com" base_endpoint: "example.com"
use_subdomain: false use_subdomain: false
block_size: 24 block_size: 24
site_block_size: 30 site_block_size: 30
subnet_group: 100.89.137.0/20 subnet_group: 100.89.137.0/20
rate_limits: rate_limits:
global: global:
window_minutes: 1 window_minutes: 1
max_requests: 100 max_requests: 100
email: email:
smtp_host: "host.hoster.net" smtp_host: "host.hoster.net"
smtp_port: 587 smtp_port: 587
smtp_user: "no-reply@example.com" smtp_user: "no-reply@example.com"
smtp_pass: "aaaaaaaaaaaaaaaaaa" smtp_pass: "aaaaaaaaaaaaaaaaaa"
no_reply: "no-reply@example.com" no_reply: "no-reply@example.com"
users: users:
server_admin: server_admin:
email: "admin@example.com" email: "admin@example.com"
password: "Password123!" password: "Password123!"
flags: flags:
require_email_verification: true require_email_verification: true
disable_signup_without_invite: true disable_signup_without_invite: true
disable_user_create_org: true disable_user_create_org: true
allow_raw_resources: true allow_raw_resources: true
allow_base_domain_resources: true allow_base_domain_resources: true
``` ```

3
packages/docusaurus/docs/03-Pangolin/02-Configuration/03-wildcard-certs.md
View file

@ -16,7 +16,9 @@ It is highly reccommended that you read the [official Traefik documentation](htt
1. Wildcard certificates allow you to secure your all subdomains with a single certificate. This reduces the number of certificates you need to manage. 1. Wildcard certificates allow you to secure your all subdomains with a single certificate. This reduces the number of certificates you need to manage.
2. You can add new subdomains to resources without needing to generate a new certificate each time. Without a wildcard certificate, you would need to wait (up to a few minutes usually) for a new certificate to be generated and loaded by Traefik. 2. You can add new subdomains to resources without needing to generate a new certificate each time. Without a wildcard certificate, you would need to wait (up to a few minutes usually) for a new certificate to be generated and loaded by Traefik.
- For example: A wildcard cert `*.example.com` could protect `api.example.com`, `blog.example.com`, and another `*.subdomain.example.com` could protect `api.subdomain.example.com`, `blog.subdomain.example.com`, etc. - For example: A wildcard cert `*.example.com` could protect `api.example.com`, `blog.example.com`, and another `*.subdomain.example.com` could protect `api.subdomain.example.com`, `blog.subdomain.example.com`, etc.
3. The [rate limits](https://letsencrypt.org/docs/rate-limits/) for Let's Encrypt are per domain. Using a wildcard certificate reduces the number of domains you have, which can help you avoid hitting these limits. 3. The [rate limits](https://letsencrypt.org/docs/rate-limits/) for Let's Encrypt are per domain. Using a wildcard certificate reduces the number of domains you have, which can help you avoid hitting these limits.
## Setting Up Wildcard Certificates ## Setting Up Wildcard Certificates
@ -24,6 +26,7 @@ It is highly reccommended that you read the [official Traefik documentation](htt
1. Make sure the stack is not running. 1. Make sure the stack is not running.
2. Update the Traefik configuration to use the DNS-01 challenge instead of the HTTP-01 challenge. This tells Traefik to use your DNS provider to create the DNS records needed for the challenge. 2. Update the Traefik configuration to use the DNS-01 challenge instead of the HTTP-01 challenge. This tells Traefik to use your DNS provider to create the DNS records needed for the challenge.
3. Set the `prefer_wildcard_cert` flag to `true` in the Pangolin configuration file for your domain. 3. Set the `prefer_wildcard_cert` flag to `true` in the Pangolin configuration file for your domain.
- This settings will try to encourage Traefik to request one wildcard certificate for each level of the domain used by your existing resources. - This settings will try to encourage Traefik to request one wildcard certificate for each level of the domain used by your existing resources.
- For example: If you have two resources `blog.example.com` and `blog.subdomain.example.com`, Traefik should try to request a wildcard certificate for `*.example.com` and `*.subdomain.example.com` automatically for you. - For example: If you have two resources `blog.example.com` and `blog.subdomain.example.com`, Traefik should try to request a wildcard certificate for `*.example.com` and `*.subdomain.example.com` automatically for you.

2
packages/docusaurus/docs/03-Pangolin/03-without-tunneling.md
View file

@ -8,7 +8,7 @@ You can also use "local" sites to expose resources on the same VPS as Pangolin i
::: :::
You can use Pangolin without Gerbil and tunneling. In this configuration Pangolin is essentially acting as a normal reverse proxy and authentication manager and can be deployed on the *local* network in order to provide access to resources. You can use Pangolin without Gerbil and tunneling. In this configuration Pangolin is essentially acting as a normal reverse proxy and authentication manager and can be deployed on the _local_ network in order to provide access to resources.
All setup remains the same, except Pangolin and Traefik must now be on the same network you want to proxy targets to and you do not need to install Gerbil. All setup remains the same, except Pangolin and Traefik must now be on the same network you want to proxy targets to and you do not need to install Gerbil.

2
packages/docusaurus/docs/03-Pangolin/04-api-documentation.md
View file

@ -3,6 +3,7 @@
Initial API documentation for pangolin. This documentation includes public endpoints, request/response formats, usage examples, and any limitations or constraints. This document is not complete but will be added to over time to compass more of the API. Initial API documentation for pangolin. This documentation includes public endpoints, request/response formats, usage examples, and any limitations or constraints. This document is not complete but will be added to over time to compass more of the API.
### Base URL ### Base URL
``` ```
https://pangolin.yourdomain.com/api/v1/ https://pangolin.yourdomain.com/api/v1/
``` ```
@ -93,6 +94,7 @@ https://pangolin.yourdomain.com/api/v1/
### 1.3 Resource Management ### 1.3 Resource Management
- **Create Resource** - **Create Resource**
- **Endpoint:** `PUT /org/{orgId}/site/{siteId}/resource` - **Endpoint:** `PUT /org/{orgId}/site/{siteId}/resource`
- **Description:** Creates a new resource for a specific organization and site. - **Description:** Creates a new resource for a specific organization and site.
- **Authentication:** Session cookie required - **Authentication:** Session cookie required

50
packages/docusaurus/docs/03-Pangolin/05-tcp-udp.md
View file

@ -28,13 +28,13 @@ If you are using the standard install with a Docker network you will need to exp
```yaml ```yaml
gerbil: gerbil:
ports: ports:
- 51820:51820/udp # LEAVE ALONE: For Wireguard - 51820:51820/udp # LEAVE ALONE: For Wireguard
- 443:443 # LEAVE ALONE: For HTTPS - 443:443 # LEAVE ALONE: For HTTPS
- 80:80 # LEAVE ALONE: For HTTP - 80:80 # LEAVE ALONE: For HTTP
- 1704:1704/udp # ADDED - 1704:1704/udp # ADDED
- 1602:1602 # ADDED - 1602:1602 # ADDED
``` ```
## Configuring Traefik ## Configuring Traefik
@ -45,10 +45,10 @@ But this is pretty simple! All you need to do is edit your static Traefik config
```yaml ```yaml
entryPoints: entryPoints:
udp-1704: udp-1704:
address: ":1704/udp" address: ":1704/udp"
tcp-1602: tcp-1602:
address: ":1602/tcp" address: ":1602/tcp"
``` ```
:::info :::info
@ -61,20 +61,20 @@ Now, the whole entry points section would look something like this:
```yaml ```yaml
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
websecure: websecure:
address: ":443" address: ":443"
http: http:
tls: tls:
certResolver: letsencrypt certResolver: letsencrypt
transport: transport:
respondingTimeouts: respondingTimeouts:
readTimeout: 30m readTimeout: 30m
tcp-1602: tcp-1602:
address: ":1602/tcp" address: ":1602/tcp"
udp-1704: udp-1704:
address: ":1704/udp" address: ":1704/udp"
``` ```
## Update Config ## Update Config
@ -83,7 +83,7 @@ Make sure that the `allow_raw_resources` flag in your `/config/config.yml` is se
```yaml ```yaml
flags: flags:
allow_raw_resources: true allow_raw_resources: true
``` ```
## Restart The Stack ## Restart The Stack

62
packages/docusaurus/docs/03-Pangolin/06-bypass-rules.md
View file

@ -6,37 +6,37 @@ Rules allow you to either "allow" and bypass the Pangolin auth system (no pin, l
This table compiles paths that need to be allowed for various apps to work with Pangolin authentication. This table compiles paths that need to be allowed for various apps to work with Pangolin authentication.
| App | Required Bypass Rules | | App | Required Bypass Rules |
|-----|------------------------| | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Media Management** | | | **Media Management** | |
| Radarr | `/api/*` | | Radarr | `/api/*` |
| Sonarr | `/api/*` | | Sonarr | `/api/*` |
| Lidarr | `/api/*` | | Lidarr | `/api/*` |
| Jellyfin (iOS) | `/system/info/public` | | Jellyfin (iOS) | `/system/info/public` |
| Jellyfin (Roku) | `/System/Info/Public`<br />`/Users/AuthenticateByName`<br />`/Users/Public`<br />`/QuickConnect/Initiate`<br />`/QuickConnect/Connect`<br />`/Users/AuthenticateWithQuickConnect` | | Jellyfin (Roku) | `/System/Info/Public`<br />`/Users/AuthenticateByName`<br />`/Users/Public`<br />`/QuickConnect/Initiate`<br />`/QuickConnect/Connect`<br />`/Users/AuthenticateWithQuickConnect` |
| **Management & Monitoring** | | | **Management & Monitoring** | |
| Tautulli | `/api/*` | | Tautulli | `/api/*` |
| Harbour | `/api/*` | | Harbour | `/api/*` |
| Hoarder App | `/api/*` | | Hoarder App | `/api/*` |
| Uptime Kuma Manager | `/api/*`<br />`/socket.io/*` | | Uptime Kuma Manager | `/api/*`<br />`/socket.io/*` |
| MeshCentral | `/api/*`<br />`/meshrelay.ashx`<br />`/agent.ashx` | | MeshCentral | `/api/*`<br />`/meshrelay.ashx`<br />`/agent.ashx` |
| **Security & Privacy** | | | **Security & Privacy** | |
| AdGuard Home | `/api/*` | | AdGuard Home | `/api/*` |
| Vaultwarden/Bitwarden | `/api/*`<br />`/identity/*`<br />`/wl/*`<br />Always Deny - Path - `/admin/*` | | Vaultwarden/Bitwarden | `/api/*`<br />`/identity/*`<br />`/wl/*`<br />Always Deny - Path - `/admin/*` |
| **Cloud & Sync** | | | **Cloud & Sync** | |
| Nextcloud | `/` (Main interface)<br />`/index.php` (Core handler)<br />`/remote.php` (Remote access)<br />`/status.php` (Status checks)<br />`/ocs` (Collaboration Services API)<br />`/apps` (Applications)<br />`/remote.php/webdav` (WebDAV endpoint)<br />`/remote.php/dav` (CalDAV/CardDAV)<br />`/remote.php/caldav` (Calendar sync)<br />`/remote.php/carddav` (Contacts sync)<br />`/ocs/v1.php` (API endpoints)<br />`/ocs/v2.php` (API v2 endpoints)<br />`/login` (Authentication)<br />`/.well-known/*` (Service discovery)<br />`/.well-known/webfinger` (WebFinger protocol)<br />`/s/*` (Shared files/folders) | | Nextcloud | `/` (Main interface)<br />`/index.php` (Core handler)<br />`/remote.php` (Remote access)<br />`/status.php` (Status checks)<br />`/ocs` (Collaboration Services API)<br />`/apps` (Applications)<br />`/remote.php/webdav` (WebDAV endpoint)<br />`/remote.php/dav` (CalDAV/CardDAV)<br />`/remote.php/caldav` (Calendar sync)<br />`/remote.php/carddav` (Contacts sync)<br />`/ocs/v1.php` (API endpoints)<br />`/ocs/v2.php` (API v2 endpoints)<br />`/login` (Authentication)<br />`/.well-known/*` (Service discovery)<br />`/.well-known/webfinger` (WebFinger protocol)<br />`/s/*` (Shared files/folders) |
| **Photo Management** | | | **Photo Management** | |
| Immich | `/api/*`<br />`/.well-known/immich` | | Immich | `/api/*`<br />`/.well-known/immich` |
| **File Management** | | | **File Management** | |
| Filebrowser | `/static/*`<br />`/share/*` <br/> `/api/public/dl/*` | | Filebrowser | `/static/*`<br />`/share/*` <br/> `/api/public/dl/*` |
| **Notes & Knowledge Management** | | | **Notes & Knowledge Management** | |
| Joplin Notes Server | `/api/*`<br />`/shares/*`<br />`/css/*`<br />`/images/*`<br />Always Deny - Path - `/login/*` (optional) | | Joplin Notes Server | `/api/*`<br />`/shares/*`<br />`/css/*`<br />`/images/*`<br />Always Deny - Path - `/login/*` (optional) |
| Erugo | `/api/*`<br />`/shares/*`<br />`/build/*`<br />`/get-logo` | | Erugo | `/api/*`<br />`/shares/*`<br />`/build/*`<br />`/get-logo` |
| **Communication** | | | **Communication** | |
| Matrix/Synapse (Clients) | `/_matrix/*`<br />`/_synapse/client/*` | | Matrix/Synapse (Clients) | `/_matrix/*`<br />`/_synapse/client/*` |
| Matrix/Synapse (Federation) | `/_matrix/*` | | Matrix/Synapse (Federation) | `/_matrix/*` |
| **Notifications** | | | **Notifications** | |
| Gotify | `/version`<br />`/message`<br />`/application`<br />`/client`<br />`/stream`<br />`/plugin`<br />`/health` | | Gotify | `/version`<br />`/message`<br />`/application`<br />`/client`<br />`/stream`<br />`/plugin`<br />`/health` |
## Types of Rules ## Types of Rules

6
packages/docusaurus/docs/04-Newt/01-overview.md
View file

@ -64,9 +64,9 @@ services:
container_name: newt container_name: newt
restart: unless-stopped restart: unless-stopped
command: command:
- --id 31frd0uzbjvp721 - --id 31frd0uzbjvp721
- --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 - --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6
- --endpoint https://example.com - --endpoint https://example.com
``` ```
:::note :::note

32
packages/docusaurus/docs/04-Newt/02-install.md
View file

@ -74,28 +74,28 @@ You can also run it with Docker compose. For example, a service in your `docker-
```yaml ```yaml
services: services:
newt: newt:
image: fosrl/newt image: fosrl/newt
container_name: newt container_name: newt
restart: unless-stopped restart: unless-stopped
environment: environment:
- PANGOLIN_ENDPOINT=https://example.com - PANGOLIN_ENDPOINT=https://example.com
- NEWT_ID=2ix2t8xk22ubpfy - NEWT_ID=2ix2t8xk22ubpfy
- NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2 - NEWT_SECRET=nnisrfsdfc7prqsp9ewo1dvtvci50j5uiqotez00dgap0ii2
``` ```
You can also pass the CLI args to the container: You can also pass the CLI args to the container:
```yaml ```yaml
services: services:
newt: newt:
image: fosrl/newt image: fosrl/newt
container_name: newt container_name: newt
restart: unless-stopped restart: unless-stopped
command: command:
- --id 31frd0uzbjvp721 - --id 31frd0uzbjvp721
- --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6 - --secret h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6
- --endpoint https://example.com - --endpoint https://example.com
``` ```
### Unraid ### Unraid

45
packages/docusaurus/docs/04-Newt/04-homeassistant.md
View file

@ -10,7 +10,6 @@ This Home Assistant add-on allows you to easily run **Newt** directly in Home As
## Features ## Features
- Easy installation via Home Assistant Add-on Store - Easy installation via Home Assistant Add-on Store
- Automated setup and execution of the Newt container - Automated setup and execution of the Newt container
- Supports `amd64`, `armv7`, `armhf`, and `aarch64` architectures - Supports `amd64`, `armv7`, `armhf`, and `aarch64` architectures
@ -18,39 +17,33 @@ This Home Assistant add-on allows you to easily run **Newt** directly in Home As
## Installation ## Installation
### **1. Add the GitHub Repository as an Add-on Source** ### **1. Add the GitHub Repository as an Add-on Source**
- Go to **Settings → Add-ons → Add-on Store**. - Go to **Settings → Add-ons → Add-on Store**.
- Click the menu (three dots in the top right) and select **Repositories**. - Click the menu (three dots in the top right) and select **Repositories**.
- Add the following URL: - Add the following URL:
```
``` https://github.com/Ferdinand99/home-assistant-newt-addon
https://github.com/Ferdinand99/home-assistant-newt-addon ```
``` or
or ```
https://git.opland.net/Ferdinand99/home-assistant-newt-addon/
``` ```
https://git.opland.net/Ferdinand99/home-assistant-newt-addon/
```
1. Click **Add** and wait for the repository to load. 1. Click **Add** and wait for the repository to load.
### **2. Install and Start the Add-on** ### **2. Install and Start the Add-on**
1. Find **Newt Add-on** in the list and click **Install**. 1. Find **Newt Add-on** in the list and click **Install**.
2. Go to the **Configuration** tab and enter your values for: 2. Go to the **Configuration** tab and enter your values for:
- **PANGOLIN_ENDPOINT** (e.g., `https://example.com`) - **PANGOLIN_ENDPOINT** (e.g., `https://example.com`)
- **NEWT_ID** - **NEWT_ID**
- **NEWT_SECRET** - **NEWT_SECRET**
3. Click **Save** and then **Start**. 3. Click **Save** and then **Start**.
4. Check the **Logs** tab to verify that everything is running correctly. 4. Check the **Logs** tab to verify that everything is running correctly.
## **Configuration** ## **Configuration**
After installation, you can configure the add-on via the Home Assistant UI: After installation, you can configure the add-on via the Home Assistant UI:
```yaml ```yaml
@ -69,7 +62,6 @@ The following environment variables are passed to the `Newt` container:
## Troubleshooting ## Troubleshooting
#### **Add-on does not start?** #### **Add-on does not start?**
- Check the logs in Home Assistant (`Settings → Add-ons → Newt → Logs`). - Check the logs in Home Assistant (`Settings → Add-ons → Newt → Logs`).
@ -80,22 +72,19 @@ The following environment variables are passed to the `Newt` container:
- Restart the add-on after making changes. - Restart the add-on after making changes.
- Try removing the container manually: - Try removing the container manually:
```shell ```shell
docker stop newt docker stop newt
docker rm newt docker rm newt
``` ```
- Then start the add-on again. - Then start the add-on again.
#### **Docker not available?** #### **Docker not available?**
- Home Assistant OS manages Docker automatically, but check if the system has access to Docker by running: - Home Assistant OS manages Docker automatically, but check if the system has access to Docker by running:
```shell
```shell docker info
docker info ```
```
If this fails, there may be a restriction in Home Assistant OS. If this fails, there may be a restriction in Home Assistant OS.

8
packages/docusaurus/docs/05-Gerbil/01-overview.md
View file

@ -59,10 +59,10 @@ services:
container_name: gerbil container_name: gerbil
restart: unless-stopped restart: unless-stopped
command: command:
- --reachableAt=http://gerbil:3003 - --reachableAt=http://gerbil:3003
- --generateAndSaveKeyTo=/var/config/key - --generateAndSaveKeyTo=/var/config/key
- --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config
- --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
``` ```
:::tip :::tip

22
packages/docusaurus/docs/05-Gerbil/02-developer-guide.md
View file

@ -7,12 +7,15 @@ This guide provides essential information for developers working on the Gerbil p
To get started with the Gerbil project, follow these setup instructions: To get started with the Gerbil project, follow these setup instructions:
### Prerequisites ### Prerequisites
- **Go**: Ensure that you have Go installed on your system. The project uses Go version 1.23.1 or later. You can download it from [golang.org](https://golang.org/dl/). - **Go**: Ensure that you have Go installed on your system. The project uses Go version 1.23.1 or later. You can download it from [golang.org](https://golang.org/dl/).
- **Docker**: Install Docker to build and run the application in a containerized environment. - **Docker**: Install Docker to build and run the application in a containerized environment.
- **Git**: Make sure Git is installed to clone the repository. - **Git**: Make sure Git is installed to clone the repository.
### Installation Steps ### Installation Steps
1. **Clone the Repository**: 1. **Clone the Repository**:
```bash ```bash
git clone https://github.com/fosrl/gerbil.git git clone https://github.com/fosrl/gerbil.git
cd gerbil cd gerbil
@ -20,12 +23,14 @@ To get started with the Gerbil project, follow these setup instructions:
2. **Install Dependencies**: 2. **Install Dependencies**:
Run the following command to download all required Go dependencies: Run the following command to download all required Go dependencies:
```bash ```bash
go mod download go mod download
``` ```
3. **Build the Application**: 3. **Build the Application**:
You can build the application using Docker or directly using Go: You can build the application using Docker or directly using Go:
- **Using Docker**: - **Using Docker**:
```bash ```bash
docker build -t gerbil . docker build -t gerbil .
@ -37,13 +42,13 @@ To get started with the Gerbil project, follow these setup instructions:
4. **Run the Application**: 4. **Run the Application**:
To run the application, execute: To run the application, execute:
```bash ```bash
./gerbil \ ./gerbil \
--reachableAt=http://gerbil:3003 \ --reachableAt=http://gerbil:3003 \
--generateAndSaveKeyTo=/var/config/key \ --generateAndSaveKeyTo=/var/config/key \
--remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config \ --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config \
--reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth
``` ```
## 2. Project Structure Overview ## 2. Project Structure Overview
@ -75,6 +80,7 @@ gerbil/
The development workflow for contributing to Gerbil involves several key steps: The development workflow for contributing to Gerbil involves several key steps:
1. **Branching**: Create a new branch for your feature or bug fix. 1. **Branching**: Create a new branch for your feature or bug fix.
```bash ```bash
git checkout -b feature/my-feature-name git checkout -b feature/my-feature-name
``` ```
@ -84,11 +90,13 @@ The development workflow for contributing to Gerbil involves several key steps:
3. **Testing Locally**: Run tests locally to ensure your changes do not break existing functionality. 3. **Testing Locally**: Run tests locally to ensure your changes do not break existing functionality.
4. **Committing Changes**: Commit your changes with a descriptive message. 4. **Committing Changes**: Commit your changes with a descriptive message.
```bash ```bash
git commit -m "Add feature X" git commit -m "Add feature X"
``` ```
5. **Pushing Changes**: Push your branch to the remote repository. 5. **Pushing Changes**: Push your branch to the remote repository.
```bash ```bash
git push origin feature/my-feature-name git push origin feature/my-feature-name
``` ```

5
packages/docusaurus/docs/05-Gerbil/03-system-architecture-documentation.md
View file

@ -7,6 +7,7 @@ This document outlines the system architecture of the Gerbil project, a Go appli
The Gerbil project is structured around a central application that interacts with the WireGuard VPN service to create, manage, and configure tunnels. The application is built using Go and leverages various libraries for logging, networking, and configuration management. The Gerbil project is structured around a central application that interacts with the WireGuard VPN service to create, manage, and configure tunnels. The application is built using Go and leverages various libraries for logging, networking, and configuration management.
### Key Features: ### Key Features:
- **WireGuard Management**: Create and manage WireGuard interfaces and peers. - **WireGuard Management**: Create and manage WireGuard interfaces and peers.
- **Logging**: Centralized logging functionality to track application behavior. - **Logging**: Centralized logging functionality to track application behavior.
- **Configuration**: JSON-based configuration management for easy setup and modification. - **Configuration**: JSON-based configuration management for easy setup and modification.
@ -21,6 +22,7 @@ The main components of the Gerbil project include:
- **Dockerfile**: Defines how to build and run the application in a containerized environment. - **Dockerfile**: Defines how to build and run the application in a containerized environment.
### Interaction Flow: ### Interaction Flow:
1. The main application starts and initializes the logger. 1. The main application starts and initializes the logger.
2. It reads configuration from `config_example.json` or an equivalent file or a remote http api hosted in Pangolin. 2. It reads configuration from `config_example.json` or an equivalent file or a remote http api hosted in Pangolin.
3. Based on the configuration, it interacts with the WireGuard API using the `wgctrl` library and netlink to set up tunnels and peers. 3. Based on the configuration, it interacts with the WireGuard API using the `wgctrl` library and netlink to set up tunnels and peers.
@ -53,6 +55,7 @@ The main components of the Gerbil project include:
``` ```
### Description: ### Description:
- **Configuration**: The application reads from a configuration file that specifies settings like private keys, listen ports, and peers. - **Configuration**: The application reads from a configuration file that specifies settings like private keys, listen ports, and peers.
- **Main Application**: Orchestrates the flow by initializing components and executing commands based on user input. - **Main Application**: Orchestrates the flow by initializing components and executing commands based on user input.
- **Logger**: Captures events during execution for later review. - **Logger**: Captures events during execution for later review.
@ -61,6 +64,7 @@ The main components of the Gerbil project include:
## 4. Design Decisions and Rationale ## 4. Design Decisions and Rationale
### Key Design Decisions: ### Key Design Decisions:
- **Use of Go**: Chosen for its performance, concurrency support, and ease of deployment. - **Use of Go**: Chosen for its performance, concurrency support, and ease of deployment.
- **JSON Configuration**: Provides a human-readable format that is easy to modify without requiring recompilation. - **JSON Configuration**: Provides a human-readable format that is easy to modify without requiring recompilation.
- **Modular Logging**: Encapsulated logging functionality allows for consistent logging practices across different parts of the application. - **Modular Logging**: Encapsulated logging functionality allows for consistent logging practices across different parts of the application.
@ -68,5 +72,6 @@ The main components of the Gerbil project include:
## 5. System Constraints and Limitations ## 5. System Constraints and Limitations
### Constraints: ### Constraints:
- **Platform Dependency**: The application relies on Linux-based systems due to its use of netlink sockets for network management. - **Platform Dependency**: The application relies on Linux-based systems due to its use of netlink sockets for network management.
- **Privileged Operations**: Requires elevated permissions to create network interfaces and modify routing tables. - **Privileged Operations**: Requires elevated permissions to create network interfaces and modify routing tables.

4
packages/docusaurus/docs/07-Modules/01-overview.md
View file

@ -14,6 +14,7 @@ When installing Crowdsec via the Pangolin installer, the Crowdsec Traefik Bounce
The CrowdSec Bouncer plugin for Traefik integrates CrowdSecs security engine to block malicious traffic in real time. It runs as middleware within a Traefik container and enforces decisions based on CrowdSecs threat intelligence. This helps protect services from bots, attackers, and abusive IPs dynamically. The CrowdSec Bouncer plugin for Traefik integrates CrowdSecs security engine to block malicious traffic in real time. It runs as middleware within a Traefik container and enforces decisions based on CrowdSecs threat intelligence. This helps protect services from bots, attackers, and abusive IPs dynamically.
For additional information, consult the following resources: For additional information, consult the following resources:
- [Traefik Plugin Catalog](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) - [Traefik Plugin Catalog](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin)
- [Github Repository](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin) - [Github Repository](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin)
@ -22,6 +23,7 @@ For additional information, consult the following resources:
The GeoBlock plugin for Traefik is a middleware that restricts access based on the clients geographic location. It runs within a Traefik container and uses IP-based geolocation to allow or block traffic from specific countries. This is useful for security, compliance, or access control in Traefik-managed services. The GeoBlock plugin for Traefik is a middleware that restricts access based on the clients geographic location. It runs within a Traefik container and uses IP-based geolocation to allow or block traffic from specific countries. This is useful for security, compliance, or access control in Traefik-managed services.
For more details, please refer to the following resources: For more details, please refer to the following resources:
- [Github Repository](https://github.com/PascalMinder/geoblock) - [Github Repository](https://github.com/PascalMinder/geoblock)
## Metrics ## Metrics
@ -33,6 +35,7 @@ Currently you can claim metric data from Traefik and Crowdsec with Prometheus an
Prometheus is an open-source monitoring and alerting toolkit designed for collecting and querying time-series metrics. It runs as a Docker container and uses a pull-based model to scrape data from configured endpoints. Prometheus integrates well with Grafana for visualization and Alertmanager for alert handling. Prometheus is an open-source monitoring and alerting toolkit designed for collecting and querying time-series metrics. It runs as a Docker container and uses a pull-based model to scrape data from configured endpoints. Prometheus integrates well with Grafana for visualization and Alertmanager for alert handling.
For more details, please refer to the following resources: For more details, please refer to the following resources:
- [Homepage](https://prometheus.io/) - [Homepage](https://prometheus.io/)
- [Github Repository](https://github.com/prometheus/prometheus) - [Github Repository](https://github.com/prometheus/prometheus)
@ -41,5 +44,6 @@ For more details, please refer to the following resources:
Grafana is an open-source analytics and visualization platform used to monitor and display time-series data. It runs as a Docker container and supports multiple data sources, including Prometheus, InfluxDB, and MySQL. Grafana provides interactive dashboards, alerting, and extensive customization options for data visualization. Grafana is an open-source analytics and visualization platform used to monitor and display time-series data. It runs as a Docker container and supports multiple data sources, including Prometheus, InfluxDB, and MySQL. Grafana provides interactive dashboards, alerting, and extensive customization options for data visualization.
For more details, please refer to the following resources: For more details, please refer to the following resources:
- [Homepage](https://grafana.com/) - [Homepage](https://grafana.com/)
- [Github Repository](https://github.com/grafana/grafana) - [Github Repository](https://github.com/grafana/grafana)

23
packages/docusaurus/docs/07-Modules/02-crowdsec.md
View file

@ -15,6 +15,7 @@ By default, Crowdsec is installed with a basic configuration, which includes the
#### Syslog #### Syslog
For systems utilizing Syslog, the following volumes should be added to the `docker-compose.yml` file: For systems utilizing Syslog, the following volumes should be added to the `docker-compose.yml` file:
```yaml ```yaml
service: service:
crowdsec: crowdsec:
@ -24,10 +25,11 @@ service:
``` ```
Create a `syslog.yaml` file under `/config/crowdsec/acquis.d` with the following content: Create a `syslog.yaml` file under `/config/crowdsec/acquis.d` with the following content:
```yaml ```yaml
filenames: filenames:
- /var/log/auth.log - /var/log/auth.log
- /var/log/syslog - /var/log/syslog
labels: labels:
type: syslog type: syslog
``` ```
@ -35,11 +37,13 @@ labels:
#### Journalctl #### Journalctl
To log iptables to journalctl, execute the following command on your host system: To log iptables to journalctl, execute the following command on your host system:
```bash ```bash
iptables -A INPUT -j LOG --log-prefix "iptables: " iptables -A INPUT -j LOG --log-prefix "iptables: "
``` ```
Update the `docker-compose.yml` file as follows: Update the `docker-compose.yml` file as follows:
```yaml ```yaml
service: service:
crowdsec: crowdsec:
@ -54,6 +58,7 @@ service:
``` ```
Create a `journalctl.yaml` file under `/config/crowdsec/acquis.d` with the following content: Create a `journalctl.yaml` file under `/config/crowdsec/acquis.d` with the following content:
```yaml ```yaml
source: journalctl source: journalctl
journalctl_filter: journalctl_filter:
@ -67,31 +72,37 @@ labels:
By default, only Traefik requests are secured through the Crowdsec bouncer. To extend protection to your host system (e.g., SSH), follow these steps to add a firewall bouncer: By default, only Traefik requests are secured through the Crowdsec bouncer. To extend protection to your host system (e.g., SSH), follow these steps to add a firewall bouncer:
1. Install the Crowdsec repositories. Refer to the [installation documentation](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec/#install-our-repositories): 1. Install the Crowdsec repositories. Refer to the [installation documentation](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec/#install-our-repositories):
```bash ```bash
curl -s https://install.crowdsec.net | sudo sh curl -s https://install.crowdsec.net | sudo sh
``` ```
2. Install the firewall bouncer. For Debian/Ubuntu systems using IPTables, refer to the [documentation](https://docs.crowdsec.net/u/bouncers/firewall/): 2. Install the firewall bouncer. For Debian/Ubuntu systems using IPTables, refer to the [documentation](https://docs.crowdsec.net/u/bouncers/firewall/):
```bash ```bash
sudo apt install crowdsec-firewall-bouncer-iptables sudo apt install crowdsec-firewall-bouncer-iptables
``` ```
3. Create an API key for the firewall bouncer to communicate with your CrowdSec Docker container. ("vps-firewall" is a placeholder name for the key): 3. Create an API key for the firewall bouncer to communicate with your CrowdSec Docker container. ("vps-firewall" is a placeholder name for the key):
```bash ```bash
docker exec -it crowdsec cscli bouncers add vps-firewall docker exec -it crowdsec cscli bouncers add vps-firewall
``` ```
4. Copy the dispalyed API key and insert it into the bouncer's configuration file: 4. Copy the dispalyed API key and insert it into the bouncer's configuration file:
```bash ```bash
nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
``` ```
5. Restart the firewall bouncer: 5. Restart the firewall bouncer:
```bash ```bash
systemctl restart crowdsec-firewall-bouncer systemctl restart crowdsec-firewall-bouncer
``` ```
6. Update the `docker-compose.yml` file to expose communication port `8080` for the CrowdSec container and restart the container: 6. Update the `docker-compose.yml` file to expose communication port `8080` for the CrowdSec container and restart the container:
```yaml ```yaml
service: service:
crowdsec: crowdsec:
@ -101,11 +112,13 @@ service:
``` ```
7. Verify communication between the firewall bouncer and the CrowdSec container by running: 7. Verify communication between the firewall bouncer and the CrowdSec container by running:
```bash ```bash
docker exec crowdsec cscli metrics docker exec crowdsec cscli metrics
``` ```
The output should look like this: The output should look like this:
```bash ```bash
+------------------------------------------------------------------+ +------------------------------------------------------------------+
| Local API Bouncers Metrics | | Local API Bouncers Metrics |
@ -123,11 +136,13 @@ The output should look like this:
To display a custom ban page to attackers, follow these steps: To display a custom ban page to attackers, follow these steps:
1. Place a `ban.html` page in the `/config/traefik` directory. If you prefer not to create your own, you can download the official example: 1. Place a `ban.html` page in the `/config/traefik` directory. If you prefer not to create your own, you can download the official example:
```bash ```bash
wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/ban.html wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/ban.html
``` ```
2. Update the `/config/traefik/dynamic_config.yml` file to include the following: 2. Update the `/config/traefik/dynamic_config.yml` file to include the following:
```yaml ```yaml
http: http:
middlewares: middlewares:
@ -142,11 +157,13 @@ http:
To use a custom captcha page, follow these steps: To use a custom captcha page, follow these steps:
1. Place a `captcha.html` page in the `/config/traefik` directory. If you don't want to create your own, you can download the official example: 1. Place a `captcha.html` page in the `/config/traefik` directory. If you don't want to create your own, you can download the official example:
```bash ```bash
wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/captcha.html wget https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/captcha.html
``` ```
2. Update the `/config/traefik/dynamic_config.yml` file with the following configuration, replacing `<SERVICE>` with your captcha provider (e.g. hCaptcha, reCaptcha, Turnstile), and `<KEY>` with the appropriate site and secret keys: 2. Update the `/config/traefik/dynamic_config.yml` file with the following configuration, replacing `<SERVICE>` with your captcha provider (e.g. hCaptcha, reCaptcha, Turnstile), and `<KEY>` with the appropriate site and secret keys:
```yaml ```yaml
http: http:
middlewares: middlewares:
@ -165,11 +182,13 @@ http:
You can test your configuration by adding a temporary ban or captcha for your IP. The ban will last for one minute. You can test your configuration by adding a temporary ban or captcha for your IP. The ban will last for one minute.
To add a ban: To add a ban:
```bash ```bash
docker exec crowdsec cscli decisions add --ip <YOUR IP> -d 1m --type ban docker exec crowdsec cscli decisions add --ip <YOUR IP> -d 1m --type ban
``` ```
To trigger a captcha challenge: To trigger a captcha challenge:
```bash ```bash
docker exec crowdsec cscli decisions add --ip <YOUR IP> -d 1m --type captcha docker exec crowdsec cscli decisions add --ip <YOUR IP> -d 1m --type captcha
``` ```

10
packages/docusaurus/docs/07-Modules/03-geoblock.md
View file

@ -7,6 +7,7 @@ GeoBlock is a Traefik middleware that uses IP-based geolocation to allow or bloc
To integrate GeoBlock into your Traefik setup, follow the steps below: To integrate GeoBlock into your Traefik setup, follow the steps below:
1. Add the following configuration to your `/config/traefik/traefik_config.yml` file: 1. Add the following configuration to your `/config/traefik/traefik_config.yml` file:
```yaml ```yaml
entryPoints: entryPoints:
websecure: websecure:
@ -22,6 +23,7 @@ experimental:
``` ```
2. Add the following configuration to your `/config/traefik/dynamic_config.yml` file. Setting `blackListMode: false` enables GeoBlock in whitelist mode, allowing only the specified countries. Remember to add the appropriate countries when traveling. A list of country codes can be found in the [documentation](https://github.com/PascalMinder/geoblock#full-plugin-sample-configuration). 2. Add the following configuration to your `/config/traefik/dynamic_config.yml` file. Setting `blackListMode: false` enables GeoBlock in whitelist mode, allowing only the specified countries. Remember to add the appropriate countries when traveling. A list of country codes can be found in the [documentation](https://github.com/PascalMinder/geoblock#full-plugin-sample-configuration).
```yaml ```yaml
http: http:
middlewares: middlewares:
@ -45,6 +47,7 @@ http:
``` ```
3. Restart Traefik to apply the changes: 3. Restart Traefik to apply the changes:
```bash ```bash
docker restart traefik docker restart traefik
``` ```
@ -52,8 +55,9 @@ docker restart traefik
## Testing ## Testing
To monitor GeoBlock activities in the Traefik logs, enable logging by setting the following options to `true`: To monitor GeoBlock activities in the Traefik logs, enable logging by setting the following options to `true`:
```yaml ```yaml
logLocalRequests: true logLocalRequests: true
logAllowedRequests: true logAllowedRequests: true
logApiRequests: true logApiRequests: true
``` ```

18
packages/docusaurus/docs/07-Modules/04-metrics.md
View file

@ -19,9 +19,9 @@ For claiming metrics from Traefik we have to adjust some configuration files.
```yaml ```yaml
service: service:
gerbil: gerbil:
ports: ports:
- 8082:8082 - 8082:8082
``` ```
2. Update the `/config/traefik/traefik_config.yml` file to include the following: 2. Update the `/config/traefik/traefik_config.yml` file to include the following:
@ -29,7 +29,7 @@ service:
```yaml ```yaml
entryPoints: entryPoints:
metrics: metrics:
address: ':8082' address: ":8082"
metrics: metrics:
prometheus: prometheus:
@ -58,9 +58,9 @@ For claiming metrics from Crowdsec we have to adjust the docker compose files.
```yaml ```yaml
service: service:
crowdsec: crowdsec:
ports: ports:
- 6060:6060 - 6060:6060
``` ```
2. Restart the Crowdsec container to apply the changes: 2. Restart the Crowdsec container to apply the changes:
@ -102,11 +102,11 @@ scrape_configs:
- job_name: traefik - job_name: traefik
static_configs: static_configs:
- targets: ['172.17.0.1:8082'] - targets: ["172.17.0.1:8082"]
- job_name: crowdsec - job_name: crowdsec
static_configs: static_configs:
- targets: ['172.17.0.1:6060'] - targets: ["172.17.0.1:6060"]
``` ```
3. Create a folder `data` in `/config/prometheus` and change the ower and owning group: 3. Create a folder `data` in `/config/prometheus` and change the ower and owning group:

342
packages/docusaurus/docusaurus.config.ts
View file

@ -5,186 +5,186 @@ import type * as Preset from "@docusaurus/preset-classic";
// This runs in Node.js - Don't use client-side code here (browser APIs, JSX...) // This runs in Node.js - Don't use client-side code here (browser APIs, JSX...)
const config: Config = { const config: Config = {
title: "Fossorial Docs", title: "Fossorial Docs",
tagline: "Adapted for use in burrowing", tagline: "Adapted for use in burrowing",
favicon: "img/favicon.ico", favicon: "img/favicon.ico",
// Set the production url of your site here // Set the production url of your site here
url: "https://docs.fossorial.io", url: "https://docs.fossorial.io",
// Set the /<baseUrl>/ pathname under which your site is served // Set the /<baseUrl>/ pathname under which your site is served
// For GitHub pages deployment, it is often '/<projectName>/' // For GitHub pages deployment, it is often '/<projectName>/'
baseUrl: "/", baseUrl: "/",
// GitHub pages deployment config. // GitHub pages deployment config.
// If you aren't using GitHub pages, you don't need these. // If you aren't using GitHub pages, you don't need these.
organizationName: "Fossorial", // Usually your GitHub org/user name. organizationName: "Fossorial", // Usually your GitHub org/user name.
projectName: "docs", // Usually your repo name. projectName: "docs", // Usually your repo name.
onBrokenLinks: "throw", onBrokenLinks: "throw",
onBrokenMarkdownLinks: "warn", onBrokenMarkdownLinks: "warn",
// Even if you don't use internationalization, you can use this field to set // Even if you don't use internationalization, you can use this field to set
// useful metadata like html lang. For example, if your site is Chinese, you // useful metadata like html lang. For example, if your site is Chinese, you
// may want to replace "en" with "zh-Hans". // may want to replace "en" with "zh-Hans".
i18n: { i18n: {
defaultLocale: "en", defaultLocale: "en",
locales: ["en"] locales: ["en"]
}, },
presets: [ presets: [
[ [
"classic", "classic",
{ {
docs: { docs: {
sidebarCollapsed: false, sidebarCollapsed: false,
sidebarPath: "./sidebars.ts", sidebarPath: "./sidebars.ts",
routeBasePath: "/" routeBasePath: "/"
// Please change this to your repo. // Please change this to your repo.
// Remove this to remove the "edit this page" links. // Remove this to remove the "edit this page" links.
// editUrl: // editUrl:
// 'https://github.com/facebook/docusaurus/tree/main/packages/create-docusaurus/templates/shared/', // 'https://github.com/facebook/docusaurus/tree/main/packages/create-docusaurus/templates/shared/',
},
blog: false,
// blog: {
// showReadingTime: true,
// feedOptions: {
// type: ['rss', 'atom'],
// xslt: true,
// },
// // Please change this to your repo.
// // Remove this to remove the "edit this page" links.
// // editUrl:
// // 'https://github.com/facebook/docusaurus/tree/main/packages/create-docusaurus/templates/shared/',
// // Useful options to enforce blogging best practices
// onInlineTags: 'warn',
// onInlineAuthors: 'warn',
// onUntruncatedBlogPosts: 'warn',
// },
theme: {
customCss: "./src/css/custom.css"
}
} satisfies Preset.Options
]
],
themeConfig: {
// Replace with your project's social card
image: "img/docusaurus-social-card.jpg",
colorMode: {
defaultMode: "light",
disableSwitch: false,
respectPrefersColorScheme: true
}, },
// announcementBar: { blog: false,
// id: "support_us", // blog: {
// content: // showReadingTime: true,
// 'If you like Pangolin, please <a target="_blank" rel="noopener noreferrer" href="https://github.com/fosrl/pangolin">star us on GitHub!</a>', // feedOptions: {
// isCloseable: false // type: ['rss', 'atom'],
// xslt: true,
// },
// // Please change this to your repo.
// // Remove this to remove the "edit this page" links.
// // editUrl:
// // 'https://github.com/facebook/docusaurus/tree/main/packages/create-docusaurus/templates/shared/',
// // Useful options to enforce blogging best practices
// onInlineTags: 'warn',
// onInlineAuthors: 'warn',
// onUntruncatedBlogPosts: 'warn',
// }, // },
algolia: { theme: {
// The application ID provided by Algolia customCss: "./src/css/custom.css"
appId: "CVXQS7OHYA",
// Public API key: it is safe to commit it
apiKey: "37f86a9f9a04ab1c0f17339c86566ce5",
indexName: "fossorial",
contextualSearch: false
},
navbar: {
title: "Fossorial",
logo: {
alt: "Fossorial Logo",
src: "img/pangolin_orange.svg"
},
items: [
// {
// type: "docSidebar",
// sidebarId: "tutorialSidebar",
// position: "left",
// label: "Docs",
// },
// {to: '/blog', label: 'Blog', position: 'left'},
{
href: "https://fossorial.io",
label: "fossorial.io",
position: "left"
},
{
href: "https://discord.gg/HCJR8Xhme4",
label: "Discord",
position: "left"
},
{
href: "https://github.com/fosrl",
position: "right",
className: "header-github-link",
"aria-label": "GitHub repository"
}
]
},
// footer: {
// style: "dark",
// links: [
// {
// title: "Docs",
// items: [
// {
// label: "Docs",
// to: "/overview",
// },
// ],
// },
// {
// title: "Community",
// items: [
// // {
// // label: 'Stack Overflow',
// // href: 'https://stackoverflow.com/questions/tagged/docusaurus',
// // },
// {
// label: "Discord",
// href: "https://discord.gg/HCJR8Xhme4",
// },
// // {
// // label: 'X',
// // href: 'https://x.com/docusaurus',
// // },
// ],
// },
// {
// title: "More",
// items: [
// // {
// // label: 'Blog',
// // to: '/blog',
// // },
// {
// label: "GitHub",
// href: "https://github.com/fosrl",
// },
// ],
// },
// ],
// copyright: `${new Date().getFullYear()} Built by Fossorial`,
// },
prism: {
theme: prismThemes.oneLight,
darkTheme: prismThemes.oneDark
} }
} satisfies Preset.ThemeConfig, } satisfies Preset.Options
plugins: [
[
"@dipakparmar/docusaurus-plugin-umami",
/** @type {import('@dipakparmar/docusaurus-plugin-umami').Options} */
{
websiteID: "d9a3a131-d2f4-4f8f-922b-80d668e96640", // Required
analyticsDomain: "umami.dev.fossorial.io", // Required
dataAutoTrack: false, // Optional
dataDoNotTrack: false, // Optional
dataCache: true, // Optional
dataDomains: "docs.fossorial.io" // comma separated list of domains, *Recommended*
}
]
] ]
],
themeConfig: {
// Replace with your project's social card
image: "img/docusaurus-social-card.jpg",
colorMode: {
defaultMode: "light",
disableSwitch: false,
respectPrefersColorScheme: true
},
// announcementBar: {
// id: "support_us",
// content:
// 'If you like Pangolin, please <a target="_blank" rel="noopener noreferrer" href="https://github.com/fosrl/pangolin">star us on GitHub!</a>',
// isCloseable: false
// },
algolia: {
// The application ID provided by Algolia
appId: "CVXQS7OHYA",
// Public API key: it is safe to commit it
apiKey: "37f86a9f9a04ab1c0f17339c86566ce5",
indexName: "fossorial",
contextualSearch: false
},
navbar: {
title: "Fossorial",
logo: {
alt: "Fossorial Logo",
src: "img/pangolin_orange.svg"
},
items: [
// {
// type: "docSidebar",
// sidebarId: "tutorialSidebar",
// position: "left",
// label: "Docs",
// },
// {to: '/blog', label: 'Blog', position: 'left'},
{
href: "https://fossorial.io",
label: "fossorial.io",
position: "left"
},
{
href: "https://discord.gg/HCJR8Xhme4",
label: "Discord",
position: "left"
},
{
href: "https://github.com/fosrl",
position: "right",
className: "header-github-link",
"aria-label": "GitHub repository"
}
]
},
// footer: {
// style: "dark",
// links: [
// {
// title: "Docs",
// items: [
// {
// label: "Docs",
// to: "/overview",
// },
// ],
// },
// {
// title: "Community",
// items: [
// // {
// // label: 'Stack Overflow',
// // href: 'https://stackoverflow.com/questions/tagged/docusaurus',
// // },
// {
// label: "Discord",
// href: "https://discord.gg/HCJR8Xhme4",
// },
// // {
// // label: 'X',
// // href: 'https://x.com/docusaurus',
// // },
// ],
// },
// {
// title: "More",
// items: [
// // {
// // label: 'Blog',
// // to: '/blog',
// // },
// {
// label: "GitHub",
// href: "https://github.com/fosrl",
// },
// ],
// },
// ],
// copyright: `${new Date().getFullYear()} Built by Fossorial`,
// },
prism: {
theme: prismThemes.oneLight,
darkTheme: prismThemes.oneDark
}
} satisfies Preset.ThemeConfig,
plugins: [
[
"@dipakparmar/docusaurus-plugin-umami",
/** @type {import('@dipakparmar/docusaurus-plugin-umami').Options} */
{
websiteID: "d9a3a131-d2f4-4f8f-922b-80d668e96640", // Required
analyticsDomain: "umami.dev.fossorial.io", // Required
dataAutoTrack: false, // Optional
dataDoNotTrack: false, // Optional
dataCache: true, // Optional
dataDomains: "docs.fossorial.io" // comma separated list of domains, *Recommended*
}
]
]
}; };
export default config; export default config;

4
packages/docusaurus/sidebars.ts
View file

@ -1,4 +1,4 @@
import type {SidebarsConfig} from '@docusaurus/plugin-content-docs'; import type { SidebarsConfig } from "@docusaurus/plugin-content-docs";
// This runs in Node.js - Don't use client-side code here (browser APIs, JSX...) // This runs in Node.js - Don't use client-side code here (browser APIs, JSX...)
@ -14,7 +14,7 @@ import type {SidebarsConfig} from '@docusaurus/plugin-content-docs';
*/ */
const sidebars: SidebarsConfig = { const sidebars: SidebarsConfig = {
// By default, Docusaurus generates a sidebar from the docs folder structure // By default, Docusaurus generates a sidebar from the docs folder structure
tutorialSidebar: [{type: 'autogenerated', dirName: '.'}], tutorialSidebar: [{ type: "autogenerated", dirName: "." }]
// But you can create a sidebar manually // But you can create a sidebar manually
/* /*

22
packages/docusaurus/src/components/DockerCompose.tsx
View file

@ -3,15 +3,15 @@ import React, { useEffect, useState } from "react";
import { fetchLatestRelease } from "../lib/fetchLatestRelease"; import { fetchLatestRelease } from "../lib/fetchLatestRelease";
const DockerCompose: React.FC = () => { const DockerCompose: React.FC = () => {
const [text, setText] = useState<string>(""); const [text, setText] = useState<string>("");
useEffect(() => { useEffect(() => {
(async () => { (async () => {
const pangolinVersion = await fetchLatestRelease("fosrl/pangolin"); const pangolinVersion = await fetchLatestRelease("fosrl/pangolin");
const gerbilVersion = await fetchLatestRelease("fosrl/gerbil"); const gerbilVersion = await fetchLatestRelease("fosrl/gerbil");
setText( setText(
`services: `services:
pangolin: pangolin:
image: fosrl/pangolin:${pangolinVersion} image: fosrl/pangolin:${pangolinVersion}
container_name: pangolin container_name: pangolin
@ -63,11 +63,11 @@ networks:
default: default:
driver: bridge driver: bridge
name: pangolin` name: pangolin`
); );
})(); })();
}, []); }, []);
return <CodeBlock language="yml">{text}</CodeBlock>; return <CodeBlock language="yml">{text}</CodeBlock>;
}; };
export default DockerCompose; export default DockerCompose;

12
packages/docusaurus/src/components/DynamicTraefikConfig.tsx
View file

@ -1,9 +1,9 @@
import CodeBlock from '@theme/CodeBlock'; import CodeBlock from "@theme/CodeBlock";
const DynamicTraefikConfig: React.FC = () => { const DynamicTraefikConfig: React.FC = () => {
return ( return (
<CodeBlock language="yml"> <CodeBlock language="yml">
{`http: {`http:
middlewares: middlewares:
redirect-to-https: redirect-to-https:
redirectScheme: redirectScheme:
@ -57,8 +57,8 @@ const DynamicTraefikConfig: React.FC = () => {
servers: servers:
- url: "http://pangolin:3000" # API/WebSocket server - url: "http://pangolin:3000" # API/WebSocket server
`} `}
</CodeBlock> </CodeBlock>
); );
}; };
export default DynamicTraefikConfig; export default DynamicTraefikConfig;

22
packages/docusaurus/src/components/StaticTraefikConfig.tsx
View file

@ -1,15 +1,15 @@
import CodeBlock from '@theme/CodeBlock'; import CodeBlock from "@theme/CodeBlock";
import React, { useEffect, useState } from "react"; import React, { useEffect, useState } from "react";
import { fetchLatestRelease } from "../lib/fetchLatestRelease"; import { fetchLatestRelease } from "../lib/fetchLatestRelease";
const StaticTraefikConfig: React.FC = () => { const StaticTraefikConfig: React.FC = () => {
const [text, setText] = useState<string>(""); const [text, setText] = useState<string>("");
useEffect(() => { useEffect(() => {
(async () => { (async () => {
const badgerVersion = await fetchLatestRelease("fosrl/badger"); const badgerVersion = await fetchLatestRelease("fosrl/badger");
setText(`api: setText(`api:
insecure: true insecure: true
dashboard: true dashboard: true
@ -53,14 +53,10 @@ entryPoints:
serversTransport: serversTransport:
insecureSkipVerify: true`); insecureSkipVerify: true`);
})(); })();
}, []); }, []);
return ( return <CodeBlock language="yml">{text}</CodeBlock>;
<CodeBlock language="yml">
{text}
</CodeBlock>
);
}; };
export default StaticTraefikConfig; export default StaticTraefikConfig;

16
packages/docusaurus/src/components/UpdatingVersionsYaml.tsx
View file

@ -3,22 +3,22 @@ import React, { useEffect, useState } from "react";
import { fetchLatestRelease } from "../lib/fetchLatestRelease"; import { fetchLatestRelease } from "../lib/fetchLatestRelease";
const UpdatingVersionsYaml: React.FC = () => { const UpdatingVersionsYaml: React.FC = () => {
const [text, setText] = useState<string>(""); const [text, setText] = useState<string>("");
useEffect(() => { useEffect(() => {
(async () => { (async () => {
const pangolinVersion = await fetchLatestRelease("fosrl/pangolin"); const pangolinVersion = await fetchLatestRelease("fosrl/pangolin");
setText(`services: setText(`services:
pangolin: pangolin:
image: fosrl/pangolin:${pangolinVersion} # increase the tag to the latest version number, or use "latest" image: fosrl/pangolin:${pangolinVersion} # increase the tag to the latest version number, or use "latest"
container_name: pangolin container_name: pangolin
restart: unless-stopped restart: unless-stopped
...`); ...`);
})(); })();
}, []); }, []);
return <CodeBlock language="yml">{text}</CodeBlock>; return <CodeBlock language="yml">{text}</CodeBlock>;
}; };
export default UpdatingVersionsYaml; export default UpdatingVersionsYaml;

20
packages/docusaurus/src/components/WgetNewtInstaller.tsx
View file

@ -3,19 +3,19 @@ import React, { useEffect, useState } from "react";
import { fetchLatestRelease } from "../lib/fetchLatestRelease"; import { fetchLatestRelease } from "../lib/fetchLatestRelease";
const WgetNewtInstaller: React.FC = () => { const WgetNewtInstaller: React.FC = () => {
const [text, setText] = useState<string>(""); const [text, setText] = useState<string>("");
useEffect(() => { useEffect(() => {
(async () => { (async () => {
const newtVersion = await fetchLatestRelease("fosrl/newt"); const newtVersion = await fetchLatestRelease("fosrl/newt");
setText( setText(
`wget -O newt "https://github.com/fosrl/newt/releases/download/${newtVersion}/newt_linux_amd64" && chmod +x ./newt` `wget -O newt "https://github.com/fosrl/newt/releases/download/${newtVersion}/newt_linux_amd64" && chmod +x ./newt`
); );
})(); })();
}, []); }, []);
return <CodeBlock language="bash">{text}</CodeBlock>; return <CodeBlock language="bash">{text}</CodeBlock>;
}; };
export default WgetNewtInstaller; export default WgetNewtInstaller;

20
packages/docusaurus/src/components/WgetQuickInstaller.tsx
View file

@ -3,18 +3,18 @@ import React, { useEffect, useState } from "react";
import { fetchLatestRelease } from "../lib/fetchLatestRelease"; import { fetchLatestRelease } from "../lib/fetchLatestRelease";
const WgetQuickInstall: React.FC = () => { const WgetQuickInstall: React.FC = () => {
const [text, setText] = useState<string>(""); const [text, setText] = useState<string>("");
useEffect(() => { useEffect(() => {
(async () => { (async () => {
const release = await fetchLatestRelease("fosrl/pangolin"); const release = await fetchLatestRelease("fosrl/pangolin");
setText( setText(
`wget -O installer "https://github.com/fosrl/pangolin/releases/download/${release}/installer_linux_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')" && chmod +x ./installer` `wget -O installer "https://github.com/fosrl/pangolin/releases/download/${release}/installer_linux_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')" && chmod +x ./installer`
); );
})(); })();
}, []); }, []);
return <CodeBlock language="bash">{text}</CodeBlock>; return <CodeBlock language="bash">{text}</CodeBlock>;
}; };
export default WgetQuickInstall; export default WgetQuickInstall;

16
packages/docusaurus/src/components/WithoutTunnelingCompose.tsx
View file

@ -3,13 +3,13 @@ import React, { useEffect, useState } from "react";
import { fetchLatestRelease } from "../lib/fetchLatestRelease"; import { fetchLatestRelease } from "../lib/fetchLatestRelease";
const WithoutTunnelingCompose: React.FC = () => { const WithoutTunnelingCompose: React.FC = () => {
const [text, setText] = useState<string>(""); const [text, setText] = useState<string>("");
useEffect(() => { useEffect(() => {
(async () => { (async () => {
const pangolinVersion = await fetchLatestRelease("fosrl/pangolin"); const pangolinVersion = await fetchLatestRelease("fosrl/pangolin");
setText(`services: setText(`services:
pangolin: pangolin:
image: fosrl/pangolin:${pangolinVersion} image: fosrl/pangolin:${pangolinVersion}
container_name: pangolin container_name: pangolin
@ -38,10 +38,10 @@ const WithoutTunnelingCompose: React.FC = () => {
- ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
- ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
`); `);
})(); })();
}, []); }, []);
return <CodeBlock language="yml">{text}</CodeBlock>; return <CodeBlock language="yml">{text}</CodeBlock>;
}; };
export default WithoutTunnelingCompose; export default WithoutTunnelingCompose;

201
packages/docusaurus/src/css/custom.css
View file

@ -8,194 +8,193 @@
/* You can override the default Infima variables here. */ /* You can override the default Infima variables here. */
:root { :root {
/* Primary colors converted from HSL to hex */ /* Primary colors converted from HSL to hex */
--ifm-color-primary: hsl(24.6, 95%, 53.1%); --ifm-color-primary: hsl(24.6, 95%, 53.1%);
--ifm-color-primary-dark: hsl(24.6, 95%, 48%); --ifm-color-primary-dark: hsl(24.6, 95%, 48%);
--ifm-color-primary-darker: hsl(24.6, 95%, 43%); --ifm-color-primary-darker: hsl(24.6, 95%, 43%);
--ifm-color-primary-darkest: hsl(24.6, 95%, 38%); --ifm-color-primary-darkest: hsl(24.6, 95%, 38%);
--ifm-color-primary-light: hsl(24.6, 95%, 58%); --ifm-color-primary-light: hsl(24.6, 95%, 58%);
--ifm-color-primary-lighter: hsl(24.6, 95%, 63%); --ifm-color-primary-lighter: hsl(24.6, 95%, 63%);
--ifm-color-primary-lightest: hsl(24.6, 95%, 68%); --ifm-color-primary-lightest: hsl(24.6, 95%, 68%);
/* Additional custom variables */ /* Additional custom variables */
--ifm-background-color: #FFFFFF; --ifm-background-color: #ffffff;
--ifm-font-color-base: hsl(20, 0%, 10%); --ifm-font-color-base: hsl(20, 0%, 10%);
--ifm-code-font-size: 85%; --ifm-code-font-size: 85%;
--docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.1); --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.1);
/* Chart colors */ /* Chart colors */
--chart-color-1: hsl(12, 76%, 61%); --chart-color-1: hsl(12, 76%, 61%);
--chart-color-2: hsl(173, 58%, 39%); --chart-color-2: hsl(173, 58%, 39%);
--chart-color-3: hsl(197, 37%, 24%); --chart-color-3: hsl(197, 37%, 24%);
--chart-color-4: hsl(43, 74%, 66%); --chart-color-4: hsl(43, 74%, 66%);
--chart-color-5: hsl(27, 87%, 67%); --chart-color-5: hsl(27, 87%, 67%);
--ifm-global-shadow-lw: none; --ifm-global-shadow-lw: none;
--ifm-font-family-base: "Inter"; --ifm-font-family-base: "Inter";
--ifm-breadcrumb-item-background-active: --ifm-background-color; --ifm-breadcrumb-item-background-active: --ifm-background-color;
} }
/* For readability concerns, you should choose a lighter palette in dark mode. */ /* For readability concerns, you should choose a lighter palette in dark mode. */
[data-theme="dark"] { [data-theme="dark"] {
/* Primary colors for dark mode */ /* Primary colors for dark mode */
--ifm-color-primary: hsl(20.5, 90.2%, 48.2%); --ifm-color-primary: hsl(20.5, 90.2%, 48.2%);
--ifm-color-primary-dark: hsl(20.5, 90.2%, 43%); --ifm-color-primary-dark: hsl(20.5, 90.2%, 43%);
--ifm-color-primary-darker: hsl(20.5, 90.2%, 38%); --ifm-color-primary-darker: hsl(20.5, 90.2%, 38%);
--ifm-color-primary-darkest: hsl(20.5, 90.2%, 33%); --ifm-color-primary-darkest: hsl(20.5, 90.2%, 33%);
--ifm-color-primary-light: hsl(20.5, 90.2%, 53%); --ifm-color-primary-light: hsl(20.5, 90.2%, 53%);
--ifm-color-primary-lighter: hsl(20.5, 90.2%, 58%); --ifm-color-primary-lighter: hsl(20.5, 90.2%, 58%);
--ifm-color-primary-lightest: hsl(20.5, 90.2%, 63%); --ifm-color-primary-lightest: hsl(20.5, 90.2%, 63%);
--ifm-background-color: #1A1A1A; --ifm-background-color: #1a1a1a;
/* Additional custom variables for dark mode */ /* Additional custom variables for dark mode */
--ifm-font-color-base: hsl(60, 9.1%, 97.8%); --ifm-font-color-base: hsl(60, 9.1%, 97.8%);
--docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.3); --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.3);
/* Chart colors for dark mode */ /* Chart colors for dark mode */
--chart-color-1: hsl(220, 70%, 50%); --chart-color-1: hsl(220, 70%, 50%);
--chart-color-2: hsl(160, 60%, 45%); --chart-color-2: hsl(160, 60%, 45%);
--chart-color-3: hsl(30, 80%, 55%); --chart-color-3: hsl(30, 80%, 55%);
--chart-color-4: hsl(280, 65%, 60%); --chart-color-4: hsl(280, 65%, 60%);
--chart-color-5: hsl(340, 75%, 55%); --chart-color-5: hsl(340, 75%, 55%);
--ifm-navbar-background-color: #1A1A1A; --ifm-navbar-background-color: #1a1a1a;
} }
.main { .main {
font-family: "Comic Sans MS", sans-serif; font-family: "Comic Sans MS", sans-serif;
} }
.header-github-link:hover { .header-github-link:hover {
opacity: 0.6; opacity: 0.6;
} }
.header-github-link:before { .header-github-link:before {
content: ""; content: "";
width: 24px; width: 24px;
height: 24px; height: 24px;
display: flex; display: flex;
background: url("data:image/svg+xml,%3Csvg viewBox='0 0 24 24' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M12 .297c-6.63 0-12 5.373-12 12 0 5.303 3.438 9.8 8.205 11.385.6.113.82-.258.82-.577 0-.285-.01-1.04-.015-2.04-3.338.724-4.042-1.61-4.042-1.61C4.422 18.07 3.633 17.7 3.633 17.7c-1.087-.744.084-.729.084-.729 1.205.084 1.838 1.236 1.838 1.236 1.07 1.835 2.809 1.305 3.495.998.108-.776.417-1.305.76-1.605-2.665-.3-5.466-1.332-5.466-5.93 0-1.31.465-2.38 1.235-3.22-.135-.303-.54-1.523.105-3.176 0 0 1.005-.322 3.3 1.23.96-.267 1.98-.399 3-.405 1.02.006 2.04.138 3 .405 2.28-1.552 3.285-1.23 3.285-1.23.645 1.653.24 2.873.12 3.176.765.84 1.23 1.91 1.23 3.22 0 4.61-2.805 5.625-5.475 5.92.42.36.81 1.096.81 2.22 0 1.606-.015 2.896-.015 3.286 0 .315.21.69.825.57C20.565 22.092 24 17.592 24 12.297c0-6.627-5.373-12-12-12'/%3E%3C/svg%3E") background: url("data:image/svg+xml,%3Csvg viewBox='0 0 24 24' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M12 .297c-6.63 0-12 5.373-12 12 0 5.303 3.438 9.8 8.205 11.385.6.113.82-.258.82-.577 0-.285-.01-1.04-.015-2.04-3.338.724-4.042-1.61-4.042-1.61C4.422 18.07 3.633 17.7 3.633 17.7c-1.087-.744.084-.729.084-.729 1.205.084 1.838 1.236 1.838 1.236 1.07 1.835 2.809 1.305 3.495.998.108-.776.417-1.305.76-1.605-2.665-.3-5.466-1.332-5.466-5.93 0-1.31.465-2.38 1.235-3.22-.135-.303-.54-1.523.105-3.176 0 0 1.005-.322 3.3 1.23.96-.267 1.98-.399 3-.405 1.02.006 2.04.138 3 .405 2.28-1.552 3.285-1.23 3.285-1.23.645 1.653.24 2.873.12 3.176.765.84 1.23 1.91 1.23 3.22 0 4.61-2.805 5.625-5.475 5.92.42.36.81 1.096.81 2.22 0 1.606-.015 2.896-.015 3.286 0 .315.21.69.825.57C20.565 22.092 24 17.592 24 12.297c0-6.627-5.373-12-12-12'/%3E%3C/svg%3E")
no-repeat; no-repeat;
} }
html[data-theme="dark"] .header-github-link:before { html[data-theme="dark"] .header-github-link:before {
background: url("data:image/svg+xml,%3Csvg viewBox='0 0 24 24' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath fill='white' d='M12 .297c-6.63 0-12 5.373-12 12 0 5.303 3.438 9.8 8.205 11.385.6.113.82-.258.82-.577 0-.285-.01-1.04-.015-2.04-3.338.724-4.042-1.61-4.042-1.61C4.422 18.07 3.633 17.7 3.633 17.7c-1.087-.744.084-.729.084-.729 1.205.084 1.838 1.236 1.838 1.236 1.07 1.835 2.809 1.305 3.495.998.108-.776.417-1.305.76-1.605-2.665-.3-5.466-1.332-5.466-5.93 0-1.31.465-2.38 1.235-3.22-.135-.303-.54-1.523.105-3.176 0 0 1.005-.322 3.3 1.23.96-.267 1.98-.399 3-.405 1.02.006 2.04.138 3 .405 2.28-1.552 3.285-1.23 3.285-1.23.645 1.653.24 2.873.12 3.176.765.84 1.23 1.91 1.23 3.22 0 4.61-2.805 5.625-5.475 5.92.42.36.81 1.096.81 2.22 0 1.606-.015 2.896-.015 3.286 0 .315.21.69.825.57C20.565 22.092 24 17.592 24 12.297c0-6.627-5.373-12-12-12'/%3E%3C/svg%3E") background: url("data:image/svg+xml,%3Csvg viewBox='0 0 24 24' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath fill='white' d='M12 .297c-6.63 0-12 5.373-12 12 0 5.303 3.438 9.8 8.205 11.385.6.113.82-.258.82-.577 0-.285-.01-1.04-.015-2.04-3.338.724-4.042-1.61-4.042-1.61C4.422 18.07 3.633 17.7 3.633 17.7c-1.087-.744.084-.729.084-.729 1.205.084 1.838 1.236 1.838 1.236 1.07 1.835 2.809 1.305 3.495.998.108-.776.417-1.305.76-1.605-2.665-.3-5.466-1.332-5.466-5.93 0-1.31.465-2.38 1.235-3.22-.135-.303-.54-1.523.105-3.176 0 0 1.005-.322 3.3 1.23.96-.267 1.98-.399 3-.405 1.02.006 2.04.138 3 .405 2.28-1.552 3.285-1.23 3.285-1.23.645 1.653.24 2.873.12 3.176.765.84 1.23 1.91 1.23 3.22 0 4.61-2.805 5.625-5.475 5.92.42.36.81 1.096.81 2.22 0 1.606-.015 2.896-.015 3.286 0 .315.21.69.825.57C20.565 22.092 24 17.592 24 12.297c0-6.627-5.373-12-12-12'/%3E%3C/svg%3E")
no-repeat; no-repeat;
} }
.navbar { .navbar {
border-bottom: 0px solid rgb(218, 221, 225); border-bottom: 0px solid rgb(218, 221, 225);
max-width: 1600px; /* Limits the content width */ max-width: 1600px; /* Limits the content width */
width: 100%; /* Ensures it scales responsively */ width: 100%; /* Ensures it scales responsively */
margin: 0 auto; /* Centers the inner content */ margin: 0 auto; /* Centers the inner content */
padding: 0 20px; /* Optional: Adds padding to prevent content from touching edges */ padding: 0 20px; /* Optional: Adds padding to prevent content from touching edges */
box-sizing: border-box; box-sizing: border-box;
} }
html[data-theme="dark"] .navbar { html[data-theme="dark"] .navbar {
border-bottom: 0px solid #444950; border-bottom: 0px solid #444950;
} }
.main-wrapper { .main-wrapper {
max-width: 1600px; max-width: 1600px;
width: 100%; /* Ensures responsiveness */ width: 100%; /* Ensures responsiveness */
margin: 0 auto; /* Centers the container */ margin: 0 auto; /* Centers the container */
box-sizing: border-box; /* Ensures padding doesnt affect max-width */ box-sizing: border-box; /* Ensures padding doesnt affect max-width */
} }
article { article {
max-width: 800px; max-width: 800px;
margin-left: auto; margin-left: auto;
margin-right: auto; margin-right: auto;
} }
aside { aside {
font-size: 0.9rem; font-size: 0.9rem;
} }
.theme-doc-sidebar-container { .theme-doc-sidebar-container {
border-right: 0px !important; border-right: 0px !important;
} }
.theme-admonition { .theme-admonition {
border: 0px solid rgb(218, 221, 225); border: 0px solid rgb(218, 221, 225);
} }
.prism-code { .prism-code {
border: 1px solid rgb(218, 221, 225); border: 1px solid rgb(218, 221, 225);
} }
html[data-theme="dark"] .theme-admonition { html[data-theme="dark"] .theme-admonition {
border: 0px solid #333333; border: 0px solid #333333;
} }
html[data-theme="dark"] .prism-code { html[data-theme="dark"] .prism-code {
border: 1px solid #333333; border: 1px solid #333333;
background-color: #242424 !important; /* Darker background for code blocks */ background-color: #242424 !important; /* Darker background for code blocks */
} }
div[class^="announcementBarContent"] a { div[class^="announcementBarContent"] a {
color: var(--ifm-link-color); color: var(--ifm-link-color);
text-decoration: inherit; text-decoration: inherit;
} }
div[class^="announcementBarContent"] a:hover { div[class^="announcementBarContent"] a:hover {
color: var(--ifm-link-color); color: var(--ifm-link-color);
text-decoration: underline; text-decoration: underline;
} }
.navbar .navbar__items { .navbar .navbar__items {
flex: auto; flex: auto;
} }
.dropdown__link { .dropdown__link {
font-size: inherit; font-size: inherit;
} }
@media screen and (max-width: 996px) { @media screen and (max-width: 996px) {
:root { :root {
--ifm-font-size-base: 16px; --ifm-font-size-base: 16px;
} }
article header h1 { article header h1 {
font-size: 1.5rem !important; font-size: 1.5rem !important;
} }
.hero .hero__title { .hero .hero__title {
font-size: 2.5rem; font-size: 2.5rem;
} }
} }
@media screen and (min-width: 997px) { @media screen and (min-width: 997px) {
:root { :root {
--ifm-font-size-base: 16px; --ifm-font-size-base: 16px;
} }
article header h1 { article header h1 {
font-size: 2rem !important; font-size: 2rem !important;
} }
} }
.pagination-nav__label::before { .pagination-nav__label::before {
display: none; display: none;
} }
.pagination-nav__label::after { .pagination-nav__label::after {
display: none; display: none;
} }
.table-of-contents { .table-of-contents {
border: 0px; border: 0px;
} }
/* Default (mobile styles remain unchanged) */ /* Default (mobile styles remain unchanged) */
.breadcrumbs li:first-child { .breadcrumbs li:first-child {
display: none; display: none;
} }
.breadcrumbs li:nth-child(2) .breadcrumbs__link{ .breadcrumbs li:nth-child(2) .breadcrumbs__link {
padding-left: 0px !important; padding-left: 0px !important;
} }
html[data-theme="dark"] { html[data-theme="dark"] {
background-color: #1A1A1A !important; background-color: #1a1a1a !important;
} }

26
packages/docusaurus/src/lib/fetchLatestRelease.ts
View file

@ -1,17 +1,15 @@
export async function fetchLatestRelease(repo: string) { export async function fetchLatestRelease(repo: string) {
try { try {
const response = await fetch( const response = await fetch(
`https://api.github.com/repos/${repo}/releases/latest` `https://api.github.com/repos/${repo}/releases/latest`
); );
if (!response.ok) { if (!response.ok) {
throw new Error( throw new Error(`Failed to fetch release info: ${response.statusText}`);
`Failed to fetch release info: ${response.statusText}`
);
}
const data = await response.json();
const latestVersion = data.tag_name;
return latestVersion;
} catch (error) {
console.error("Error fetching latest release:", error);
} }
const data = await response.json();
const latestVersion = data.tag_name;
return latestVersion;
} catch (error) {
console.error("Error fetching latest release:", error);
}
} }

18
packages/docusaurus/tsconfig.json
View file

@ -1,11 +1,11 @@
{ {
// This file is not used in compilation. It is here just for a nice editor experience. // This file is not used in compilation. It is here just for a nice editor experience.
"extends": "@docusaurus/tsconfig", "extends": "@docusaurus/tsconfig",
"compilerOptions": { "compilerOptions": {
"baseUrl": ".", "baseUrl": ".",
"paths": { "paths": {
"@/*": ["./*"] "@/*": ["./*"]
} }
}, },
"exclude": [".docusaurus", "build"] "exclude": [".docusaurus", "build"]
} }

2
sst.config.ts
View file

@ -10,5 +10,5 @@ export default {
}, },
stacks(app) { stacks(app) {
app.stack(DocusaurusStack); app.stack(DocusaurusStack);
} },
} satisfies SSTConfig; } satisfies SSTConfig;

66
stacks/DocusaurusStack.ts
View file

@ -3,40 +3,40 @@ import * as route53 from "aws-cdk-lib/aws-route53";
import { ViewerProtocolPolicy } from "aws-cdk-lib/aws-cloudfront"; import { ViewerProtocolPolicy } from "aws-cdk-lib/aws-cloudfront";
export function DocusaurusStack({ stack }: StackContext) { export function DocusaurusStack({ stack }: StackContext) {
const hostedZone = route53.HostedZone.fromLookup(stack, "HostedZone", { const hostedZone = route53.HostedZone.fromLookup(stack, "HostedZone", {
domainName: "fossorial.io", domainName: "fossorial.io",
}); });
const site = new StaticSite(stack, "DocusaurusSite", { const site = new StaticSite(stack, "DocusaurusSite", {
path: "packages/docusaurus", path: "packages/docusaurus",
buildOutput: "build", buildOutput: "build",
buildCommand: "npm run build", buildCommand: "npm run build",
customDomain: { customDomain: {
domainName: "docs.fossorial.io", domainName: "docs.fossorial.io",
hostedZone: hostedZone.zoneName, hostedZone: hostedZone.zoneName,
isExternalDomain: false, isExternalDomain: false,
},
cdk: {
distribution: {
defaultBehavior: {
viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
compress: true,
}, },
cdk: { errorResponses: [
distribution: { {
defaultBehavior: { httpStatus: 403,
viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS, responseHttpStatus: 200,
compress: true, responsePagePath: "/index.html",
}, },
errorResponses: [ {
{ httpStatus: 404,
httpStatus: 403, responseHttpStatus: 200,
responseHttpStatus: 200, responsePagePath: "/index.html",
responsePagePath: "/index.html", },
}, ],
{ },
httpStatus: 404, },
responseHttpStatus: 200, });
responsePagePath: "/index.html",
},
],
},
},
});
stack.addOutputs({}); stack.addOutputs({});
} }