One shared login (htpasswd) for all players, writable. Config is rendered from a template and mounted read-only, so git stays authoritative — the admin console loads but cannot save, by design. Filestash's OIDC/SAML middlewares are enterprise-only, so Keycloak SSO is out; FILES_AUTH keeps htpasswd/passthrough switchable for later. Auth-off (passthrough) is only valid once the host is off the public internet — render-config.sh warns loudly when rendering it. Three traps, all found by testing against the pinned image: - the `local` backend is admin-gated: without LOCAL_BACKEND_SECRET in the connection params every login fails with "backend error - Not Allowed" - the htpasswd plugin only accepts $2a$ bcrypt, so a $2y$ hash from `htpasswd -B` fails every login silently — use `openssl passwd -6`. render-config.sh rejects the wrong format rather than shipping it - APPLICATION_URL/ADMIN_PASSWORD env make filestash rewrite config.json at boot, which fails on the :ro mount — both live in the rendered config Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
41 lines
1.2 KiB
Plaintext
41 lines
1.2 KiB
Plaintext
.env
|
|
backups/
|
|
drasl/config/keycloak-client-secret
|
|
runtime/authlib-injector.jar
|
|
|
|
# rendered configs (from tooling/render-config.sh)
|
|
drasl/config/config.toml
|
|
nmsr/config.toml
|
|
# holds the admin bcrypt hash, the shared player hash, the session key and the
|
|
# local-backend secret — only the .tmpl is tracked
|
|
filestash/config.json
|
|
|
|
# server mod subset synced from the distribution repo by
|
|
# tooling/sync-server-mods.sh (source of truth is mods-sides.json + $DIST jars)
|
|
server-mods/
|
|
|
|
# vendored binaries
|
|
launcher/
|
|
|
|
# landing page: generated build output + deps
|
|
www/
|
|
landing/node_modules/
|
|
landing/.astro/
|
|
landing/dist/
|
|
|
|
# launcher download list: the custom-launcher build output launcher.json,
|
|
# synced from UlicraftLauncher/dist/launcher.json (launcher.example.json is
|
|
# committed as the documented shape)
|
|
landing/src/data/launcher.json
|
|
|
|
# mod catalogue + extracted logos: generated by tooling/build-modlist.py from
|
|
# the distribution forgemods (the .example.json is committed as the empty shape)
|
|
landing/src/data/mods.json
|
|
landing/public/mod-logos/
|
|
|
|
# compiled mc-status binary (built into the image; stray local `go build` output)
|
|
docker/mc-status/mc-status
|
|
|
|
# Let's Encrypt certs + private keys (issued by tooling/issue-letsencrypt.sh)
|
|
certs/
|