Kyle Isom
aeb12d9f50
The web UI was linking to /v1/ REST API paths that aren't served through nginx. Added SVG/JPG/PDF rendering and share link endpoints directly to the web server so everything works through port 443. - Add render.go with SVG, JPG, PDF handlers for auth and share paths - Register render routes and share management routes in web server - Update template links from /v1/... to /notebooks/... paths - Add share link creation, display, and revocation to notebook view Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
eng-pad-server
Read-only sync and web viewer for eng-pad engineering notebooks.
The Android app pushes complete notebooks to this server via gRPC. The server stores them and serves read-only views through a web UI with SVG rendering. Shareable links allow unauthenticated access to specific notebooks.
Features
- gRPC sync: receive notebook data from the Android app over TLS
- Web viewer: browse notebooks, view pages as SVG, export JPG/PDF
- Authentication: password (Argon2id) + FIDO2/U2F security keys
- Shareable links: token-based URLs with optional expiry
Quick Start
# Build
make eng-pad-server
# Generate example config
cp eng-pad-server.toml.example /srv/eng-pad-server/eng-pad-server.toml
# Edit configuration (TLS certs, database path, etc.)
# Initialize (creates database, prompts for admin user)
./eng-pad-server init -c /srv/eng-pad-server/eng-pad-server.toml
# Run
./eng-pad-server server -c /srv/eng-pad-server/eng-pad-server.toml
Build
make all # vet → lint → test → build
make test # run tests
make lint # golangci-lint
make proto # regenerate gRPC code from .proto files
make proto-lint # buf lint + breaking change detection
User Management
# Create initial user (interactive — prompts for username and password)
eng-pad-server init -c /srv/eng-pad-server/eng-pad-server.toml
# Reset a user's password
eng-pad-server passwd <username> -c /srv/eng-pad-server/eng-pad-server.toml
Deployment (deimos.wntrmute.net)
The production instance runs as a Docker container on deimos behind nginx.
- Web UI:
https://pad.metacircular.net(nginx → container:8080) - REST API:
https://pad.metacircular.net:8443(direct TLS) - gRPC sync:
pad.metacircular.net:9443(direct TLS, for Android app) - Data:
/srv/eng-pad-server/on deimos - TLS: Let's Encrypt cert, shared by nginx and the container
Deploy workflow
# From local machine:
rsync -az --exclude='.git' --exclude='srv/' . deimos.wntrmute.net:/tmp/eng-pad-server-build/
ssh deimos.wntrmute.net "cd /tmp/eng-pad-server-build && \
docker build -t eng-pad-server . && \
docker stop eng-pad-server && docker rm eng-pad-server && \
docker run -d --name eng-pad-server --restart unless-stopped \
-p 127.0.0.1:8090:8080 -p 8443:8443 -p 9443:9443 \
-v /srv/eng-pad-server:/srv/eng-pad-server eng-pad-server"
Container management
# View logs
ssh deimos.wntrmute.net "docker logs eng-pad-server"
# Create/reset user
ssh -t deimos.wntrmute.net "docker exec -it eng-pad-server \
eng-pad-server passwd kyle -c /srv/eng-pad-server/eng-pad-server.toml"
# Renew TLS certs (after certbot renews)
ssh deimos.wntrmute.net "sudo cp /etc/letsencrypt/live/pad.metacircular.net/{fullchain,privkey}.pem \
/srv/eng-pad-server/certs/ && docker restart eng-pad-server"
Documentation
- ARCHITECTURE.md — full system specification
- CLAUDE.md — AI development context
License
Private. All rights reserved.