@muhammedaksam/easiarr 1.0.0 → 1.1.0

package/src/apps/registry.ts

@@ -148,7 +148,7 @@ export const APPS: Record<AppId, AppDefinition> = {
       generateIfMissing: true,
     },
     prowlarrCategoryIds: [7030], // Comics
-    homepage: { icon: "mylar.png" },
+    homepage: { icon: "mylar.png", widget: "mylar" },
     // Note: Mylar3 is NOT an *arr app - has different API format (?cmd=<endpoint>)
     // Root folder is configured via Web UI settings, not API
   },
@@ -191,6 +191,7 @@ export const APPS: Record<AppId, AppDefinition> = {
       `${root}/data/media/podcasts:/podcasts`,
       `${root}/data/media/audiobookshelf-metadata:/metadata`,
     ],
+    homepage: { icon: "audiobookshelf.png", widget: "audiobookshelf" },
   },
 
   // === INDEXERS ===
@@ -229,6 +230,7 @@ export const APPS: Record<AppId, AppDefinition> = {
       parser: "json",
       selector: "APIKey",
     },
+    homepage: { icon: "jackett.png", widget: "jackett" },
   },
 
   flaresolverr: {
@@ -320,6 +322,11 @@ export const APPS: Record<AppId, AppDefinition> = {
       selector: 'PlexOnlineToken="([^"]+)"',
     },
     homepage: { icon: "plex.png", widget: "plex" },
+    autoSetup: {
+      type: "full",
+      description: "Claim server with token, create media libraries",
+      envVars: ["PLEX_CLAIM"],
+    },
   },
 
   jellyfin: {
@@ -352,6 +359,11 @@ export const APPS: Record<AppId, AppDefinition> = {
       selector: "api_key\\s*=\\s*(.+)",
     },
     homepage: { icon: "tautulli.png", widget: "tautulli" },
+    autoSetup: {
+      type: "partial",
+      description: "Connect to Plex, enable API",
+      requires: ["plex"],
+    },
   },
 
   tdarr: {
@@ -370,6 +382,7 @@ export const APPS: Record<AppId, AppDefinition> = {
       `${root}/data/media:/data`,
     ],
     environment: { serverIP: "0.0.0.0", internalNode: "true" },
+    homepage: { icon: "tdarr.png", widget: "tdarr" },
   },
 
   // === REQUEST MANAGEMENT ===
@@ -390,6 +403,11 @@ export const APPS: Record<AppId, AppDefinition> = {
       selector: "main.apiKey",
     },
     homepage: { icon: "overseerr.png", widget: "overseerr" },
+    autoSetup: {
+      type: "full",
+      description: "Connect to Plex, configure Radarr/Sonarr",
+      requires: ["plex"],
+    },
   },
 
   jellyseerr: {
@@ -427,6 +445,7 @@ export const APPS: Record<AppId, AppDefinition> = {
       `${root}/config/homarr/data:/data`,
       "/var/run/docker.sock:/var/run/docker.sock",
     ],
+    homepage: { icon: "homarr.png" }, // No widget, just icon (it's a dashboard itself)
   },
 
   heimdall: {
@@ -439,6 +458,7 @@ export const APPS: Record<AppId, AppDefinition> = {
     puid: 0,
     pgid: 13000,
     volumes: (root) => [`${root}/config/heimdall:/config`],
+    homepage: { icon: "heimdall.png" }, // No widget, just icon (it's a dashboard itself)
   },
 
   homepage: {
@@ -673,6 +693,11 @@ export const APPS: Record<AppId, AppDefinition> = {
     pgid: 13000,
     volumes: (root) => [`${root}/config/grafana:/var/lib/grafana`],
     homepage: { icon: "grafana.png", widget: "grafana" },
+    autoSetup: {
+      type: "full",
+      description: "Setup admin user, configure Prometheus datasource",
+      requires: ["prometheus"],
+    },
   },
 
   prometheus: {
@@ -685,7 +710,7 @@ export const APPS: Record<AppId, AppDefinition> = {
     puid: 0,
     pgid: 13000,
     volumes: (root) => [`${root}/config/prometheus:/prometheus`],
-    homepage: { icon: "prometheus.png" }, // No widget, just icon
+    homepage: { icon: "prometheus.png", widget: "prometheus" },
   },
 
   dozzle: {
@@ -714,6 +739,10 @@ export const APPS: Record<AppId, AppDefinition> = {
     pgid: 0,
     volumes: (root) => [`${root}/config/uptime-kuma:/app/data`, "/var/run/docker.sock:/var/run/docker.sock"],
     homepage: { icon: "uptime-kuma.png", widget: "uptimekuma" },
+    autoSetup: {
+      type: "full",
+      description: "Create admin user, add monitors for enabled apps",
+    },
   },
 
   // === INFRASTRUCTURE ===
@@ -773,6 +802,7 @@ export const APPS: Record<AppId, AppDefinition> = {
         mask: true,
       },
     ],
+    homepage: { icon: "cloudflare-zero-trust.png", widget: "cloudflared" },
   },
 
   "traefik-certs-dumper": {

package/src/config/homepage-config.ts

@@ -30,7 +30,7 @@ interface HomepageService {
   ping?: string
   widget?: {
     type: string
-    url: string
+    url?: string // Optional - cloudflared doesn't need url
     key?: string
     [key: string]: unknown
   }
@@ -56,7 +56,11 @@ export async function generateServicesYaml(config: EasiarrConfig): Promise<strin
     if (appDef.id === "homepage") continue
 
     const port = appConfig.port ?? appDef.defaultPort
+    const internalPort = appDef.internalPort ?? port
+    // External URL for user browser access (href, ping)
     const baseUrl = `http://${localIp}:${port}`
+    // Internal Docker URL for container-to-container API calls (widgets)
+    const dockerUrl = `http://${appDef.id}:${internalPort}`
 
     const service: HomepageService = {
       href: baseUrl,
@@ -74,55 +78,95 @@ export async function generateServicesYaml(config: EasiarrConfig): Promise<strin
     // Add ping for monitoring
     service.ping = baseUrl
 
-    // Add widget if defined and has API key
+    // Add widget if defined
     if (appDef.homepage?.widget) {
       const apiKey = env[`API_KEY_${appDef.id.toUpperCase()}`]
 
-      service.widget = {
-        type: appDef.homepage.widget,
-        url: baseUrl,
+      // Some widgets require specific config - skip if not available
+      const widgetType = appDef.homepage.widget
+
+      // Cloudflared requires accountid and tunnelid
+      if (appDef.id === "cloudflared") {
+        const accountId = env["CLOUDFLARE_ACCOUNT_ID"]
+        const tunnelId = env["CLOUDFLARE_TUNNEL_ID"]
+        const apiToken = env["CLOUDFLARE_API_TOKEN"]
+
+        if (accountId && tunnelId && apiToken) {
+          service.widget = {
+            type: widgetType,
+            accountid: accountId,
+            tunnelid: tunnelId,
+            key: apiToken,
+          }
+        }
+        // Skip widget entirely if missing required params
       }
-
-      if (apiKey) {
-        service.widget.key = apiKey
+      // Headscale requires API key
+      else if (appDef.id === "headscale") {
+        const headscaleKey = env["API_KEY_HEADSCALE"]
+        if (headscaleKey) {
+          service.widget = {
+            type: widgetType,
+            url: dockerUrl,
+            key: headscaleKey,
+          }
+        }
+        // Skip widget if no API key
       }
+      // Most widgets need API key - only add if available
+      else if (apiKey || ["qbittorrent", "gluetun", "traefik"].includes(appDef.id)) {
+        service.widget = {
+          type: widgetType,
+          url: dockerUrl,
+        }
 
-      // Add widget-specific credentials from env
-      if (appDef.id === "qbittorrent") {
-        const username = env["USERNAME_QBITTORRENT"]
-        const password = env["PASSWORD_QBITTORRENT"]
-        if (username) service.widget.username = username
-        if (password) service.widget.password = password
-      }
+        if (apiKey) {
+          service.widget.key = apiKey
+        }
 
-      if (appDef.id === "portainer") {
-        // Try to auto-detect Portainer environment ID
-        // User can override with PORTAINER_ENV in .env file
-        if (env["PORTAINER_ENV"]) {
-          service.widget.env = env["PORTAINER_ENV"]
-        } else {
-          // Auto-detect from Portainer API
-          const portainerPort = appConfig.port ?? appDef.defaultPort
-          const portainerClient = new PortainerApiClient(localIp, portainerPort)
-          const apiKey = env["API_KEY_PORTAINER"]
-          if (apiKey) {
-            portainerClient.setApiKey(apiKey)
-          }
-          const localEnvId = await portainerClient.getLocalEnvironmentId()
-          const envIdStr = localEnvId?.toString() ?? "1"
-          service.widget.env = envIdStr
+        // Add widget-specific credentials from env
+        if (appDef.id === "qbittorrent") {
+          const username = env["USERNAME_QBITTORRENT"]
+          const password = env["PASSWORD_QBITTORRENT"]
+          if (username) service.widget.username = username
+          if (password) service.widget.password = password
+        }
+
+        // Traefik widget needs the dashboard/API port (8080 internal)
+        if (appDef.id === "traefik") {
+          service.widget.url = `http://traefik:8080`
+        }
+
+        if (appDef.id === "portainer") {
+          // Try to auto-detect Portainer environment ID
+          // User can override with PORTAINER_ENV in .env file
+          if (env["PORTAINER_ENV"]) {
+            service.widget.env = env["PORTAINER_ENV"]
+          } else {
+            // Auto-detect from Portainer API
+            const portainerPort = appConfig.port ?? appDef.defaultPort
+            const portainerClient = new PortainerApiClient(localIp, portainerPort)
+            const portainerApiKey = env["API_KEY_PORTAINER"]
+            if (portainerApiKey) {
+              portainerClient.setApiKey(portainerApiKey)
+            }
+            const localEnvId = await portainerClient.getLocalEnvironmentId()
+            const envIdStr = localEnvId?.toString() ?? "1"
+            service.widget.env = envIdStr
 
-          // Persist the detected env ID to .env for future use
-          if (localEnvId) {
-            await updateEnv({ PORTAINER_ENV: envIdStr })
+            // Persist the detected env ID to .env for future use
+            if (localEnvId) {
+              await updateEnv({ PORTAINER_ENV: envIdStr })
+            }
           }
         }
-      }
 
-      // Add any custom widget fields
-      if (appDef.homepage.widgetFields) {
-        Object.assign(service.widget, appDef.homepage.widgetFields)
+        // Add any custom widget fields
+        if (appDef.homepage.widgetFields) {
+          Object.assign(service.widget, appDef.homepage.widgetFields)
+        }
       }
+      // If widget requires API key and none is set, skip widget but keep ping/icon
     }
 
     // Add to category group

package/src/config/schema.ts

@@ -206,6 +206,20 @@ export interface AppDefinition {
   minPasswordLength?: number
   /** Homepage dashboard configuration */
   homepage?: HomepageMeta
+  /** Auto-setup capability metadata */
+  autoSetup?: AutoSetupCapability
+}
+
+/** Auto-setup capability for an app */
+export interface AutoSetupCapability {
+  /** Type of auto-setup support: full (complete config), partial (basic config), manual (user must configure) */
+  type: "full" | "partial" | "manual"
+  /** Human-readable description of what gets configured */
+  description: string
+  /** Other apps that must be set up first */
+  requires?: AppId[]
+  /** Environment variables required for setup */
+  envVars?: string[]
 }
 
 /** Homepage dashboard widget/service configuration */

package/src/ui/screens/CloudflaredSetup.ts

@@ -15,7 +15,7 @@ import { saveConfig } from "../../config"
 import { saveCompose } from "../../compose"
 import { CloudflareApi, setupCloudflaredTunnel } from "../../api/cloudflare-api"
 
-type SetupStep = "api_token" | "domain" | "confirm" | "progress" | "done"
+type SetupStep = "api_token" | "domain" | "vpn" | "confirm" | "progress" | "done"
 
 export class CloudflaredSetup extends BoxRenderable {
   private cliRenderer: CliRenderer
@@ -29,6 +29,8 @@ export class CloudflaredSetup extends BoxRenderable {
   private domain = ""
   private tunnelName = "easiarr"
   private accessEmail = "" // Optional: email for Cloudflare Access protection
+  private enableVpn = false // Enable Zero Trust VPN access
+  private privateNetworkCidr = "" // e.g., 192.168.1.0/24
 
   // Status
   private statusMessages: string[] = []
@@ -85,6 +87,9 @@ export class CloudflaredSetup extends BoxRenderable {
       case "domain":
         this.renderDomainStep(content)
         break
+      case "vpn":
+        this.renderVpnStep(content)
+        break
       case "confirm":
         this.renderConfirmStep(content)
         break
@@ -100,13 +105,15 @@ export class CloudflaredSetup extends BoxRenderable {
   private getStepInfo(): string {
     switch (this.step) {
       case "api_token":
-        return "Step 1/4: Enter Cloudflare API Token"
+        return "Step 1/5: Enter Cloudflare API Token"
       case "domain":
-        return "Step 2/4: Configure Domain"
+        return "Step 2/5: Configure Domain"
+      case "vpn":
+        return "Step 3/5: Zero Trust VPN (Optional)"
       case "confirm":
-        return "Step 3/4: Confirm Settings"
+        return "Step 4/5: Confirm Settings"
       case "progress":
-        return "Step 4/4: Setting up tunnel..."
+        return "Step 5/5: Setting up tunnel..."
       case "done":
         return "Setup Complete!"
       default:
@@ -139,6 +146,12 @@ export class CloudflaredSetup extends BoxRenderable {
         fg: "#50fa7b",
       })
     )
+    content.add(
+      new TextRenderable(this.cliRenderer, {
+        content: "  • Account:Zero Trust:Edit (for VPN access)",
+        fg: "#50fa7b",
+      })
+    )
     content.add(
       new TextRenderable(this.cliRenderer, {
         content: "  • Account:Access: Apps and Policies:Edit (optional)",
@@ -378,7 +391,14 @@ export class CloudflaredSetup extends BoxRenderable {
         this.renderContent()
       } else if (index === 1) {
         if (!this.domain.trim()) return
-        this.step = "confirm"
+        // Auto-detect private network CIDR from local IP
+        const env = readEnvSync()
+        const localIp = env["LOCAL_DOCKER_IP"] || "192.168.1.1"
+        const parts = localIp.split(".")
+        if (parts.length === 4) {
+          this.privateNetworkCidr = `${parts[0]}.${parts[1]}.${parts[2]}.0/24`
+        }
+        this.step = "vpn"
         this.renderContent()
       } else {
         this.cleanup()
@@ -408,6 +428,121 @@ export class CloudflaredSetup extends BoxRenderable {
     this.cliRenderer.keyInput.on("keypress", this.keyHandler)
   }
 
+  private renderVpnStep(content: BoxRenderable): void {
+    content.add(
+      new TextRenderable(this.cliRenderer, {
+        content: "Zero Trust VPN Access (Optional)",
+        fg: "#4a9eff",
+      })
+    )
+    content.add(new TextRenderable(this.cliRenderer, { content: " " }))
+
+    content.add(
+      new TextRenderable(this.cliRenderer, {
+        content: "Enable this to access your private network from anywhere using",
+        fg: "#888888",
+      })
+    )
+    content.add(
+      new TextRenderable(this.cliRenderer, {
+        content: "the Cloudflare WARP client on your phone, laptop, etc.",
+        fg: "#888888",
+      })
+    )
+    content.add(new TextRenderable(this.cliRenderer, { content: " " }))
+
+    // Enable VPN toggle display
+    content.add(
+      new TextRenderable(this.cliRenderer, {
+        content: `Enable VPN Access: ${this.enableVpn ? "✓ Yes" : "✗ No"}`,
+        fg: this.enableVpn ? "#50fa7b" : "#888888",
+      })
+    )
+    content.add(new TextRenderable(this.cliRenderer, { content: " " }))
+
+    // CIDR input (only shown if VPN enabled)
+    if (this.enableVpn) {
+      const cidrRow = new BoxRenderable(this.cliRenderer, {
+        width: "100%",
+        height: 1,
+        flexDirection: "row",
+      })
+      cidrRow.add(
+        new TextRenderable(this.cliRenderer, {
+          content: "Private Network CIDR: ",
+          fg: "#aaaaaa",
+        })
+      )
+      const cidrInput = new InputRenderable(this.cliRenderer, {
+        id: "cf-cidr",
+        width: 20,
+        placeholder: "192.168.1.0/24",
+        value: this.privateNetworkCidr,
+      })
+      cidrInput.onPaste = (v) => {
+        this.privateNetworkCidr = v.text.replace(/[\r\n]/g, "")
+        cidrInput.value = this.privateNetworkCidr
+      }
+      cidrInput.on(InputRenderableEvents.CHANGE, (v) => (this.privateNetworkCidr = v))
+      cidrRow.add(cidrInput)
+      content.add(cidrRow)
+
+      content.add(new TextRenderable(this.cliRenderer, { content: " " }))
+      content.add(
+        new TextRenderable(this.cliRenderer, {
+          content: "This allows access to all devices in your network via WARP.",
+          fg: "#888888",
+        })
+      )
+    }
+
+    content.add(new TextRenderable(this.cliRenderer, { content: " " }))
+
+    // Navigation
+    const nav = new SelectRenderable(this.cliRenderer, {
+      id: "cf-vpn-nav",
+      width: "100%",
+      height: 10,
+      options: [
+        { name: this.enableVpn ? "✗ Disable VPN" : "✓ Enable VPN", description: "Toggle VPN access" },
+        { name: "◀ Back", description: "Go back to domain settings" },
+        { name: "➡️  Continue", description: "Proceed to confirmation" },
+        { name: "✕ Cancel", description: "Return to main menu" },
+      ],
+    })
+
+    nav.on(SelectRenderableEvents.ITEM_SELECTED, (index) => {
+      if (index === 0) {
+        // Toggle VPN
+        this.enableVpn = !this.enableVpn
+        this.renderContent()
+      } else if (index === 1) {
+        // Back
+        this.step = "domain"
+        this.renderContent()
+      } else if (index === 2) {
+        // Continue
+        this.step = "confirm"
+        this.renderContent()
+      } else {
+        // Cancel
+        this.cleanup()
+        this.onBack()
+      }
+    })
+
+    content.add(nav)
+    nav.focus()
+
+    this.keyHandler = (key: KeyEvent) => {
+      if (key.name === "escape") {
+        this.step = "domain"
+        this.renderContent()
+      }
+    }
+    this.cliRenderer.keyInput.on("keypress", this.keyHandler)
+  }
+
   private renderConfirmStep(content: BoxRenderable): void {
     content.add(
       new TextRenderable(this.cliRenderer, {
@@ -475,6 +610,14 @@ export class CloudflaredSetup extends BoxRenderable {
         })
       )
     }
+    if (this.enableVpn) {
+      content.add(
+        new TextRenderable(this.cliRenderer, {
+          content: `  ${this.accessEmail.trim() ? "6" : "5"}. Enable VPN access for: ${this.privateNetworkCidr}`,
+          fg: "#50fa7b",
+        })
+      )
+    }
 
     content.add(new TextRenderable(this.cliRenderer, { content: " " }))
 
@@ -633,7 +776,7 @@ export class CloudflaredSetup extends BoxRenderable {
       this.statusMessages.push("Creating/updating Cloudflare Tunnel...")
       this.renderContent()
 
-      const result = await setupCloudflaredTunnel(this.apiToken, this.domain, this.tunnelName)
+      const result = await setupCloudflaredTunnel(this.apiToken, this.domain, this.tunnelName, this.enableVpn)
 
       this.statusMessages.pop()
       this.statusMessages.push(`✓ Tunnel created: ${this.tunnelName}`)
@@ -648,6 +791,8 @@ export class CloudflaredSetup extends BoxRenderable {
       await updateEnv({
         CLOUDFLARE_API_TOKEN: this.apiToken,
         CLOUDFLARE_TUNNEL_TOKEN: result.tunnelToken,
+        CLOUDFLARE_TUNNEL_ID: result.tunnelId,
+        CLOUDFLARE_ACCOUNT_ID: result.accountId,
         CLOUDFLARE_DNS_ZONE: this.domain,
       })
 
@@ -688,10 +833,37 @@ export class CloudflaredSetup extends BoxRenderable {
         this.renderContent()
 
         const api = new CloudflareApi(this.apiToken)
-        await api.setupAccessProtection(this.domain, [this.accessEmail.trim()], "easiarr")
+
+        // Auto-detect public IP for bypass policy
+        let publicIp: string | undefined
+        try {
+          // Try Cloudflare trace (most reliable)
+          const res = await fetch("https://1.1.1.1/cdn-cgi/trace")
+          const text = await res.text()
+          const match = text.match(/ip=(.+)/)
+          if (match && match[1]) {
+            publicIp = `${match[1].trim()}/32`
+          } else {
+            // Fallback to ifconfig.me
+            const res2 = await fetch("https://ifconfig.me/ip")
+            const ip = await res2.text()
+            if (ip.trim()) {
+              publicIp = `${ip.trim()}/32`
+            }
+          }
+        } catch {
+          // Ignore - IP bypass is optional
+        }
+
+        await api.setupAccessProtection(this.domain, [this.accessEmail.trim()], "easiarr", publicIp)
 
         this.statusMessages.pop()
-        this.statusMessages.push(`✓ Cloudflare Access created for: ${this.accessEmail}`)
+        if (publicIp) {
+          this.statusMessages.push(`✓ Cloudflare Access created for: ${this.accessEmail}`)
+          this.statusMessages.push(`✓ Bypass policy added for home IP: ${publicIp}`)
+        } else {
+          this.statusMessages.push(`✓ Cloudflare Access created for: ${this.accessEmail}`)
+        }
         this.renderContent()
       } else {
         // No Cloudflare Access - enable basic auth with global credentials
@@ -729,6 +901,50 @@ export class CloudflaredSetup extends BoxRenderable {
         }
       }
 
+      // Step 5: Optional VPN setup
+      if (this.enableVpn && this.privateNetworkCidr.trim()) {
+        this.statusMessages.push("Setting up Zero Trust VPN access...")
+        this.renderContent()
+
+        try {
+          const api = new CloudflareApi(this.apiToken)
+
+          // Check if route already exists
+          const existingRoute = await api.getTunnelRouteForNetwork(this.privateNetworkCidr)
+          if (existingRoute) {
+            this.statusMessages.pop()
+            this.statusMessages.push(`✓ VPN route already exists for: ${this.privateNetworkCidr}`)
+          } else {
+            // Add tunnel route for private network
+            await api.addTunnelRoute(result.tunnelId, this.privateNetworkCidr)
+
+            // Save to .env
+            await updateEnv({
+              CLOUDFLARE_PRIVATE_NETWORK: this.privateNetworkCidr,
+            })
+
+            this.statusMessages.pop()
+            this.statusMessages.push(`✓ VPN access enabled for: ${this.privateNetworkCidr}`)
+          }
+
+          // Create device enrollment policy if access email is set
+          if (this.accessEmail.trim()) {
+            this.statusMessages.push("Creating device enrollment policy...")
+            this.renderContent()
+
+            await api.setupDeviceEnrollment([this.accessEmail.trim()], this.privateNetworkCidr)
+
+            this.statusMessages.pop()
+            this.statusMessages.push(`✓ Device enrollment policy created for: ${this.accessEmail}`)
+          }
+        } catch (vpnErr) {
+          this.statusMessages.pop()
+          this.statusMessages.push(`⚠️ VPN setup failed: ${(vpnErr as Error).message}`)
+          this.statusMessages.push("   (Tunnel still works, VPN requires Zero Trust permission)")
+        }
+        this.renderContent()
+      }
+
       // Done!
       this.step = "done"
       this.renderContent()