Files
57_Wolve 7faa9098de feat: unified launcher, multi-OS hardening, login alerts & auto-updates
Restructure around a single entry point (automations.sh) with a Gum wizard and
a self-extracting bundle for repo-less installs. Add scripts/oslib.sh so the
provisioning scripts (setup-host, harden-ssh, harden-jumphost, sshuser) run on
Alpine/Debian/Alma; seed root keys from globals/.

- ntfy SSH-login alerts (user, source IP, key, region, jump target) via pam_exec
- daily auto-updates with AUTO_REBOOT=idle (reboots only when no SSH active) and
  opt-in Alpine stable-branch upgrades
- generic + per-deployment cloud-init; Gitea release workflow on tag
- README/LICENSE/.gitignore/.gitattributes (force LF); repo URLs -> Gitea
2026-06-12 14:56:02 -05:00

17 lines
498 B
Bash

# Copy to .env and fill in. docker compose picks .env up automatically.
# Apex domain to serve from (no scheme). Caddy auto-issues an LE cert.
BASE_DOMAIN=example.com
# OIDC issuer URL for WebFinger discovery (your pocket-id deployment).
ISSUER_URL=https://auth.example.com
# Where to send any non-WebFinger request (preserves path + query).
REDIRECT_URL=https://your-redirect-target.example.com
# Let's Encrypt registration email.
ACME_EMAIL=admin@example.com
# Image tag.
CADDY_TAG=2-alpine