Conversation
Add web UI SSH access management for the pi account
* fix(aggregators): surface unmanaged FlightAware/Flightradar24 installs A manually-installed aggregator the webconfig does not manage now reports external_install/managed_install in status, so the UI shows a read-only "Unmanaged" card with the action buttons disabled instead of buttons that just error on click. Flightradar24 gains the ownership guards FlightAware already had, and enable/disable now refuse on an unmanaged install. * Label the conflict Remove button as the airplanes.live copy Spell out that Remove clears only our managed copy, never the third-party install, so the enabled button on the unmanaged card can't be read as deleting the user's own feeder.
A keymap mismatch on a freshly-flashed Pi (e.g. Y/Z swapped) can make a typed password differ from what the user intended, locking them out of a credential they set blind. Every webconfig password field now offers an inline reveal toggle so the typed value can be verified. Extracts the existing Wi-Fi PSK toggle into a shared helper.
Add `apl-wifi export`/`import` so the webconfig can back up and restore saved Wi-Fi networks (including PSKs) for a combined feeder backup. Import is non-disruptive — it writes keyfiles and never rewrites the active connection.
Add /api/backup export + restore and a public first-run restore on the setup screen. One file captures identity, feed settings, aggregator credentials, saved Wi-Fi, and the admin password; restore streams per-section progress and skips sections it can't apply.
Add the Backup & restore panel (export download + restore) and a first-run restore option on the setup screen, with a per-section checklist streamed live from the restore endpoint. Omit the identity section from an export when the feeder is unclaimed.
…import/export Adds a "Rotate secret" action to the revealed claim-secret view, backed by a new POST /api/claim/rotate and a pinned sudoers wrapper around apl-feed claim rotate. Rotation runs on a background context so a browser disconnect cannot interrupt it mid-write; an unfinished rotation is reported as resumable and an unconfirmed one prompts a re-check. Removes the standalone identity export/import UI and endpoints: the combined device backup/restore now covers identity portability, and it reuses the same privileged wrappers, so those are retained. Recovery flows now point at Backup & restore.
The Backup & restore page now has a checkbox per section. On export, only the ticked sections are assembled (a secret you exclude is never read), and a note flags that a password-less backup cannot complete a fresh-flash setup. On restore, after uploading you pick which of the sections present in the file to apply; the admin password defaults off so a routine restore does not replace the login or log you out unless you ask. First-run restore keeps the password mandatory.
…elpers Adding or removing a webconfig wrapper that a sudoers grant invokes also needs a matching managed_paths entry in airplanes-live/image, or it works on a fresh flash but breaks on an in-place overlay update. Record the gotcha next to the sudoers-parity note so the next person updates both halves; the image repo's sudoers-managed-check gate is the enforcement.
Restoring a backup made on a feeder with no third-party aggregators reported the aggregators section as failed and raised a "some items couldn't be restored" warning, even though the restore succeeded. The import helper rejects an empty set with the same code it uses for real errors, so an empty set now short-circuits to a skip before the helper runs. Malformed or non-empty sections still go through the helper.
Stacked cards on the Backup & restore and Claim activity pages touched with no gap. Route card spacing through a single --wc-card-gap so the column gap, stacked-card gap, and the gap below the dashboard split are all the same value horizontally and vertically.
The aggregator page carried its own back-up/restore card and a pair of export/import endpoints. The combined device backup already captures and restores the aggregator sign-in details (sharing keys included) as one of its sections via the same helper verbs, so the standalone path was a redundant second route to the same data. Remove the card, its two routes and handlers, and their tests; the helper argv, sudoers grant, and argv parity stay because the combined backup still uses them.
The decoder reachability probe did a bare connect+close on readsb's BEAST output, leaving queued bytes unread so readsb logged a broken-pipe error on every dashboard poll. Probe via nc -N (graceful shutdown+drain); fall back to the bare connect when nc lacks -N.
The fr24 enable/reset gates hardcoded 127.0.0.1:30005 in the decoder_unavailable message while the probe checks AGG_DECODER_ADDR and the piaware path already names it. Use the variable so the message reflects what was actually probed.
fr24feed.ini hardcoded host=127.0.0.1:30005 while the reachability probe checks AGG_DECODER_ADDR (which the piaware path already honors). Pass the probed address into the ini writer so fr24 feeds from exactly the decoder that was verified.
…onfigured
A restored identity is seeded disabled, so it reports not_installed with
configured=true and rendered as "Not set up" — identical to a never-touched
adapter, making a successful restore look like a no-op. Map that state to a
distinct "Ready to enable" badge, and have the restore summary note that
identities were restored and need enabling to resume feeding.
Also trim the aggregator backup section to {kind, schema_version, aggregators},
dropping the RPC envelope fields (result, protocol_version) that leaked in via
verbatim embedding. Mirrors the Wi-Fi reshape; the lenient importer keeps older
backups loadable.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Promotes the current dev branch to main for the next on-device webconfig release.
Highlights for feeder owners: