@simplens/onboard 1.0.5 → 1.0.7

package/src/services.ts

@@ -19,6 +19,15 @@ async function execDockerCompose(args: string[], cwd: string): Promise<void> {
     }
 }
 
+type ComposeFile = 'docker-compose.yaml' | 'docker-compose.infra.yaml';
+
+function withComposeFile(args: string[], composeFile?: ComposeFile): string[] {
+    if (!composeFile) {
+        return args;
+    }
+    return ['-f', composeFile, ...args];
+}
+
 /**
  * Prompts user whether to start the services immediately after setup.
  *
@@ -125,6 +134,69 @@ export async function startAppServices(targetDir: string): Promise<void> {
     }
 }
 
+export function getSslManualCommands(options: {
+    composeFile: ComposeFile;
+    domain: string;
+    email: string;
+}): string[] {
+    const composeFlag = options.composeFile === 'docker-compose.infra.yaml'
+        ? '-f docker-compose.infra.yaml '
+        : '';
+
+    return [
+        `docker compose ${composeFlag}up -d nginx certbot certbot-renew`,
+        `docker compose ${composeFlag}exec -T certbot certbot certonly --webroot -w /var/www/certbot --email ${options.email} --agree-tos --no-eff-email -d ${options.domain} --non-interactive`,
+        `docker compose ${composeFlag}exec -T nginx nginx -s reload`,
+        `docker compose ${composeFlag}up -d certbot-renew`,
+    ];
+}
+
+export async function setupSslCertificates(targetDir: string, options: {
+    composeFile: ComposeFile;
+    domain: string;
+    email: string;
+}): Promise<void> {
+    logInfo(`Setting up SSL certificate for ${options.domain}...`);
+
+    const s = spinner();
+    const composeArgs = (args: string[]) => withComposeFile(args, options.composeFile);
+
+    s.start('Ensuring nginx/certbot services are running...');
+    await execDockerCompose(composeArgs(['up', '-d', 'nginx', 'certbot']), targetDir);
+    s.stop('Nginx and certbot services are running');
+
+    s.start('Requesting initial certificate from Let\'s Encrypt...');
+    await execDockerCompose(
+        composeArgs([
+            'exec',
+            '-T',
+            'certbot',
+            'certbot',
+            'certonly',
+            '--webroot',
+            '-w',
+            '/var/www/certbot',
+            '--email',
+            options.email,
+            '--agree-tos',
+            '--no-eff-email',
+            '-d',
+            options.domain,
+            '--non-interactive',
+        ]),
+        targetDir
+    );
+    s.stop('Initial certificate issued');
+
+    s.start('Reloading nginx to apply certificates...');
+    await execDockerCompose(composeArgs(['exec', '-T', 'nginx', 'nginx', '-s', 'reload']), targetDir);
+    s.stop('Nginx reloaded');
+
+    s.start('Starting automatic certificate renewal service...');
+    await execDockerCompose(composeArgs(['up', '-d', 'certbot-renew']), targetDir);
+    s.stop('Certificate auto-renewal service started');
+}
+
 /**
  * Display service status and URLs
  */
@@ -170,8 +242,8 @@ export async function displayServiceStatus(): Promise<void> {
         console.log('');
 
         printCommandHints('Helpful commands', [
-            'docker-compose logs -f',
-            'docker-compose down',
+            'docker compose logs -f',
+            'docker compose down',
         ]);
         console.log(`${divider('green', '═')}\n`);
     } catch (error) {

package/src/templates.ts

@@ -127,8 +127,11 @@ export const APP_COMPOSE_TEMPLATE = `services:
       - 3000:3000
     env_file:
       - .env
+    environment:
+      SIMPLENS_CONFIG_PATH: \${SIMPLENS_CONFIG_PATH:-/app/simplens.config.yaml}
     volumes:
       - plugin-data:/app/.plugins
+      - logs-data:/app/logs
       - ./simplens.config.yaml:/app/simplens.config.yaml:ro
     command: [ "node", "dist/api/server.js" ]
     restart: unless-stopped
@@ -143,6 +146,8 @@ export const APP_COMPOSE_TEMPLATE = `services:
     image: ghcr.io/simplenotificationsystem/simplens-core:\${CORE_VERSION:-latest}
     env_file:
       - .env
+    volumes:
+      - logs-data:/app/logs
     command: [ "node", "dist/workers/worker.js" ]
     restart: unless-stopped
 
@@ -150,8 +155,11 @@ export const APP_COMPOSE_TEMPLATE = `services:
     image: ghcr.io/simplenotificationsystem/simplens-core:\${CORE_VERSION:-latest}
     env_file:
       - .env
+    environment:
+      SIMPLENS_CONFIG_PATH: \${SIMPLENS_CONFIG_PATH:-/app/simplens.config.yaml}
     volumes:
       - plugin-data:/app/.plugins
+      - logs-data:/app/logs
       - ./simplens.config.yaml:/app/simplens.config.yaml:ro
     command: [ "node", "dist/processors/unified/unified.processor.js" ]
     depends_on:
@@ -163,6 +171,8 @@ export const APP_COMPOSE_TEMPLATE = `services:
     image: ghcr.io/simplenotificationsystem/simplens-core:\${CORE_VERSION:-latest}
     env_file:
       - .env
+    volumes:
+      - logs-data:/app/logs
     command: [ "node", "dist/processors/delayed/delayed.processor.js" ]
     restart: unless-stopped
 
@@ -170,6 +180,8 @@ export const APP_COMPOSE_TEMPLATE = `services:
     image: ghcr.io/simplenotificationsystem/simplens-core:\${CORE_VERSION:-latest}
     env_file:
       - .env
+    volumes:
+      - logs-data:/app/logs
     command: [ "node", "dist/workers/recovery/recovery.service.js" ]
     restart: unless-stopped
 
@@ -189,6 +201,7 @@ export const APP_COMPOSE_TEMPLATE = `services:
 
 volumes:
   plugin-data:
+  logs-data:
 
 networks:
   default:
@@ -206,3 +219,60 @@ export const APP_NGINX_SERVICE_TEMPLATE = `  nginx:
       - api
       - dashboard
     restart: unless-stopped`;
+
+export const APP_NGINX_SSL_SERVICE_TEMPLATE = `  nginx:
+    image: nginx:alpine
+    container_name: nginx
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./nginx.conf:/etc/nginx/conf.d/default.conf:ro"
+      - certbot-etc:/etc/letsencrypt
+      - certbot-www:/var/www/certbot
+    depends_on:
+      - api
+      - dashboard
+    restart: unless-stopped`;
+
+export const APP_CERTBOT_SERVICES_TEMPLATE = `  certbot:
+    image: certbot/certbot:latest
+    container_name: certbot
+    volumes:
+      - certbot-etc:/etc/letsencrypt
+      - certbot-www:/var/www/certbot
+    command: sh -c "trap exit TERM; while :; do sleep 86400; done"
+    restart: unless-stopped
+
+  certbot-renew:
+    image: docker:cli
+    container_name: certbot-renew
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    depends_on:
+      - certbot
+      - nginx
+    command: sh -c "while :; do sleep 12h; docker exec certbot certbot renew --webroot -w /var/www/certbot --quiet && docker exec nginx nginx -s reload || true; done"
+    restart: unless-stopped`;
+
+export const INFRA_CERTBOT_SERVICES_TEMPLATE = `  certbot:
+    image: certbot/certbot:latest
+    container_name: certbot
+    volumes:
+      - certbot-etc:/etc/letsencrypt
+      - certbot-www:/var/www/certbot
+    command: sh -c "trap exit TERM; while :; do sleep 86400; done"
+    restart: unless-stopped
+
+  certbot-renew:
+    image: docker:cli
+    container_name: certbot-renew
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    depends_on:
+      - certbot
+      - nginx
+    command: sh -c "while :; do sleep 12h; docker exec certbot certbot renew --webroot -w /var/www/certbot --quiet && docker exec nginx nginx -s reload || true; done"
+    restart: unless-stopped`;
+
+export const INFRA_CERTBOT_VOLUMES = ['certbot-etc', 'certbot-www'] as const;

package/src/types/domain.ts

@@ -52,6 +52,12 @@ export interface SetupOptions {
     targetDir: string;
     /** Dashboard base path (empty string means root) */
     basePath: string;
+    /** Whether SSL automation with Certbot is enabled */
+    enableSsl?: boolean;
+    /** Public domain for SSL certificate */
+    sslDomain?: string;
+    /** Registration email for Let's Encrypt */
+    sslEmail?: string;
 }
 
 /**

package/src/validators.ts

@@ -10,6 +10,57 @@ import { VALIDATION } from './config/constants.js';
 
 export type OSType = 'windows' | 'linux' | 'darwin';
 
+/**
+ * Validate a public domain used for ACME/Certbot.
+ * Accepts FQDN only (no protocol, path, query, port, or wildcard).
+ */
+export function validatePublicDomain(input: string): true | string {
+    const value = input.trim().toLowerCase();
+
+    if (!value) {
+        return 'Domain is required';
+    }
+
+    if (
+        value.includes('://') ||
+        value.includes('/') ||
+        value.includes('?') ||
+        value.includes('#') ||
+        value.includes(':') ||
+        value.includes('*')
+    ) {
+        return 'Enter only a domain name (example: app.example.com)';
+    }
+
+    // RFC-ish practical FQDN validation
+    const domainRegex =
+        /^(?=.{1,253}$)(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,63}$/;
+
+    if (!domainRegex.test(value)) {
+        return 'Invalid domain format (example: app.example.com)';
+    }
+
+    return true;
+}
+
+/**
+ * Validate email format for Let's Encrypt registration.
+ */
+export function validateEmailAddress(input: string): true | string {
+    const value = input.trim();
+
+    if (!value) {
+        return 'Email is required';
+    }
+
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!emailRegex.test(value)) {
+        return 'Invalid email format (example: admin@example.com)';
+    }
+
+    return true;
+}
+
 /**
  * Checks if Docker is installed on the system by running `docker --version`.
  *