Kyle Isom
2185bbe563
- Add `passwd` CLI command to reset user passwords - Fix web UI templates: parse each page template with layout so blocks render correctly (was outputting empty pages) - Add login error logging for debugging auth failures - Update README with deploy workflow and container management commands - Update RUNBOOK for Docker-on-deimos deployment (replaces systemd refs) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
102 lines
3.1 KiB
Markdown
102 lines
3.1 KiB
Markdown
eng-pad-server
|
|
==============
|
|
|
|
Read-only sync and web viewer for [eng-pad](https://git.wntrmute.dev/kyle/eng-pad)
|
|
engineering notebooks.
|
|
|
|
The Android app pushes complete notebooks to this server via gRPC. The
|
|
server stores them and serves read-only views through a web UI with
|
|
SVG rendering. Shareable links allow unauthenticated access to specific
|
|
notebooks.
|
|
|
|
## Features
|
|
|
|
- **gRPC sync**: receive notebook data from the Android app over TLS
|
|
- **Web viewer**: browse notebooks, view pages as SVG, export JPG/PDF
|
|
- **Authentication**: password (Argon2id) + FIDO2/U2F security keys
|
|
- **Shareable links**: token-based URLs with optional expiry
|
|
|
|
## Quick Start
|
|
|
|
```bash
|
|
# Build
|
|
make eng-pad-server
|
|
|
|
# Generate example config
|
|
cp eng-pad-server.toml.example /srv/eng-pad-server/eng-pad-server.toml
|
|
# Edit configuration (TLS certs, database path, etc.)
|
|
|
|
# Initialize (creates database, prompts for admin user)
|
|
./eng-pad-server init -c /srv/eng-pad-server/eng-pad-server.toml
|
|
|
|
# Run
|
|
./eng-pad-server server -c /srv/eng-pad-server/eng-pad-server.toml
|
|
```
|
|
|
|
## Build
|
|
|
|
```bash
|
|
make all # vet → lint → test → build
|
|
make test # run tests
|
|
make lint # golangci-lint
|
|
make proto # regenerate gRPC code from .proto files
|
|
make proto-lint # buf lint + breaking change detection
|
|
```
|
|
|
|
## User Management
|
|
|
|
```bash
|
|
# Create initial user (interactive — prompts for username and password)
|
|
eng-pad-server init -c /srv/eng-pad-server/eng-pad-server.toml
|
|
|
|
# Reset a user's password
|
|
eng-pad-server passwd <username> -c /srv/eng-pad-server/eng-pad-server.toml
|
|
```
|
|
|
|
## Deployment (deimos.wntrmute.net)
|
|
|
|
The production instance runs as a Docker container on deimos behind nginx.
|
|
|
|
- **Web UI**: `https://pad.metacircular.net` (nginx → container:8080)
|
|
- **REST API**: `https://pad.metacircular.net:8443` (direct TLS)
|
|
- **gRPC sync**: `pad.metacircular.net:9443` (direct TLS, for Android app)
|
|
- **Data**: `/srv/eng-pad-server/` on deimos
|
|
- **TLS**: Let's Encrypt cert, shared by nginx and the container
|
|
|
|
### Deploy workflow
|
|
|
|
```bash
|
|
# From local machine:
|
|
rsync -az --exclude='.git' --exclude='srv/' . deimos.wntrmute.net:/tmp/eng-pad-server-build/
|
|
ssh deimos.wntrmute.net "cd /tmp/eng-pad-server-build && \
|
|
docker build -t eng-pad-server . && \
|
|
docker stop eng-pad-server && docker rm eng-pad-server && \
|
|
docker run -d --name eng-pad-server --restart unless-stopped \
|
|
-p 127.0.0.1:8090:8080 -p 8443:8443 -p 9443:9443 \
|
|
-v /srv/eng-pad-server:/srv/eng-pad-server eng-pad-server"
|
|
```
|
|
|
|
### Container management
|
|
|
|
```bash
|
|
# View logs
|
|
ssh deimos.wntrmute.net "docker logs eng-pad-server"
|
|
|
|
# Create/reset user
|
|
ssh -t deimos.wntrmute.net "docker exec -it eng-pad-server \
|
|
eng-pad-server passwd kyle -c /srv/eng-pad-server/eng-pad-server.toml"
|
|
|
|
# Renew TLS certs (after certbot renews)
|
|
ssh deimos.wntrmute.net "sudo cp /etc/letsencrypt/live/pad.metacircular.net/{fullchain,privkey}.pem \
|
|
/srv/eng-pad-server/certs/ && docker restart eng-pad-server"
|
|
```
|
|
|
|
## Documentation
|
|
|
|
- [ARCHITECTURE.md](ARCHITECTURE.md) — full system specification
|
|
- [CLAUDE.md](CLAUDE.md) — AI development context
|
|
|
|
## License
|
|
|
|
Private. All rights reserved.
|