From e98637321d6740f7c0f8bc434ce670e8d8cf82fe Mon Sep 17 00:00:00 2001 From: MacRimi Date: Fri, 13 Feb 2026 18:17:32 +0100 Subject: [PATCH 01/21] Update auto_post_install.sh --- scripts/post_install/auto_post_install.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/scripts/post_install/auto_post_install.sh b/scripts/post_install/auto_post_install.sh index 108e01d6..2b575398 100644 --- a/scripts/post_install/auto_post_install.sh +++ b/scripts/post_install/auto_post_install.sh @@ -238,8 +238,12 @@ Seal=no Compress=yes SystemMaxUse=64M RuntimeMaxUse=60M -MaxLevelStore=warning -MaxLevelSyslog=warning +# MaxLevelStore=info allows ProxMenux Monitor to display system logs correctly. +# Using "warning" causes the log viewer to show nearly identical entries across +# all date ranges (1d/3d/7d) because most activity is info-level. +# It also prevents Fail2Ban from detecting SSH/Proxmox auth failures via journal. +MaxLevelStore=info +MaxLevelSyslog=info MaxLevelKMsg=warning MaxLevelConsole=notice MaxLevelWall=crit @@ -787,8 +791,10 @@ Compress=yes SystemMaxUse=${USE_MB}M SystemKeepFree=${KEEP_MB}M RuntimeMaxUse=${RUNTIME_MB}M -MaxLevelStore=warning -MaxLevelSyslog=warning +# MaxLevelStore=info: required for ProxMenux Monitor log display and Fail2Ban detection. +# Using "warning" silently discards most system logs making date filters useless. +MaxLevelStore=info +MaxLevelSyslog=info MaxLevelKMsg=warning MaxLevelConsole=notice MaxLevelWall=crit From 4228177920dc114c1f1b2bfec0000d6257b81312 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Fri, 13 Feb 2026 18:21:28 +0100 Subject: [PATCH 02/21] Update auto_post_install.sh --- AppImage/components/system-logs.tsx | 41 +++++++++++++++++++++++----- AppImage/scripts/flask_server.py | 42 +++++++++++++++++++++++++++-- 2 files changed, 74 insertions(+), 9 deletions(-) diff --git a/AppImage/components/system-logs.tsx b/AppImage/components/system-logs.tsx index ce3f308e..41621522 100644 --- a/AppImage/components/system-logs.tsx +++ b/AppImage/components/system-logs.tsx @@ -550,8 +550,33 @@ export function SystemLogs() { if (loading && logs.length === 0 && events.length === 0) { return ( -
- +
+
+ {[...Array(4)].map((_, i) => ( + + +
+
+
+ + + ))} +
+ + +
+
+
+ {[...Array(8)].map((_, i) => ( +
+
+
+
+
+ ))} +
+ +
) } @@ -559,11 +584,13 @@ export function SystemLogs() { return (
{loading && (logs.length > 0 || events.length > 0) && ( -
-
- -
Loading logs selected...
-
Please wait while we fetch the logs
+
+
+
+
+
+
+
Loading logs...
)} diff --git a/AppImage/scripts/flask_server.py b/AppImage/scripts/flask_server.py index abde8d9c..93bf0ece 100644 --- a/AppImage/scripts/flask_server.py +++ b/AppImage/scripts/flask_server.py @@ -5160,7 +5160,9 @@ def api_logs(): days = int(since_days) # Cap at 90 days to prevent excessive queries days = min(days, 90) - cmd = ['journalctl', '--since', f'{days} days ago', '-n', '10000', '--output', 'json', '--no-pager'] + # No -n limit when using --since: the time range already bounds the query. + # A hard -n 10000 was masking differences between date ranges on busy servers. + cmd = ['journalctl', '--since', f'{days} days ago', '--output', 'json', '--no-pager'] except ValueError: cmd = ['journalctl', '-n', limit, '--output', 'json', '--no-pager'] else: @@ -5174,7 +5176,9 @@ def api_logs(): # We filter after fetching since journalctl doesn't have a direct SYSLOG_IDENTIFIER flag service_filter = service - result = subprocess.run(cmd, capture_output=True, text=True, timeout=30) + # Longer timeout for date-range queries which may return many entries + query_timeout = 60 if since_days else 30 + result = subprocess.run(cmd, capture_output=True, text=True, timeout=query_timeout) if result.returncode == 0: logs = [] @@ -6720,6 +6724,40 @@ if __name__ == '__main__': cli = sys.modules['flask.cli'] cli.show_server_banner = lambda *x: None + # ── Ensure journald stores info-level messages ── + # Proxmox defaults MaxLevelStore=warning which drops info/notice entries. + # This causes System Logs to show almost identical counts across date ranges + # (since most log activity is info-level and gets silently discarded). + # We create a drop-in to raise the level to info so logs are properly stored. + try: + journald_conf = "/etc/systemd/journald.conf" + dropin_dir = "/etc/systemd/journald.conf.d" + dropin_file = f"{dropin_dir}/proxmenux-loglevel.conf" + + if os.path.isfile(journald_conf) and not os.path.isfile(dropin_file): + # Read current MaxLevelStore + current_max = "" + with open(journald_conf, 'r') as f: + for line in f: + line = line.strip() + if line.startswith("MaxLevelStore="): + current_max = line.split("=", 1)[1].strip().lower() + + restrictive_levels = {"emerg", "alert", "crit", "err", "warning"} + if current_max in restrictive_levels: + os.makedirs(dropin_dir, exist_ok=True) + with open(dropin_file, 'w') as f: + f.write("# ProxMenux: Allow info-level messages for proper log display\n") + f.write("# Proxmox default MaxLevelStore=warning drops most system logs\n") + f.write("[Journal]\n") + f.write("MaxLevelStore=info\n") + f.write("MaxLevelSyslog=info\n") + subprocess.run(["systemctl", "restart", "systemd-journald"], + capture_output=True, timeout=10) + print("[ProxMenux] Fixed journald MaxLevelStore (was too restrictive for log display)") + except Exception as e: + print(f"[ProxMenux] journald check skipped: {e}") + # Check for SSL configuration ssl_ctx = None try: From 9b48c498f51ea13ec55da0de776f47c2e653b2e4 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Fri, 13 Feb 2026 19:07:24 +0100 Subject: [PATCH 03/21] new modal temperature --- AppImage/components/system-overview.tsx | 57 ++++- .../components/temperature-detail-modal.tsx | 241 ++++++++++++++++++ AppImage/scripts/flask_server.py | 186 ++++++++++++++ 3 files changed, 476 insertions(+), 8 deletions(-) create mode 100644 AppImage/components/temperature-detail-modal.tsx diff --git a/AppImage/components/system-overview.tsx b/AppImage/components/system-overview.tsx index 9d8318bc..b1ea978a 100644 --- a/AppImage/components/system-overview.tsx +++ b/AppImage/components/system-overview.tsx @@ -7,10 +7,17 @@ import { Badge } from "./ui/badge" import { Cpu, MemoryStick, Thermometer, Server, Zap, AlertCircle, HardDrive, Network } from "lucide-react" import { NodeMetricsCharts } from "./node-metrics-charts" import { NetworkTrafficChart } from "./network-traffic-chart" +import { TemperatureDetailModal } from "./temperature-detail-modal" import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "./ui/select" import { fetchApi } from "../lib/api-config" import { formatNetworkTraffic, getNetworkUnit } from "../lib/format-network" import { formatStorage } from "../lib/utils" +import { Area, AreaChart, ResponsiveContainer } from "recharts" + +interface TempDataPoint { + timestamp: number + value: number +} interface SystemData { cpu_usage: number @@ -18,6 +25,7 @@ interface SystemData { memory_total: number memory_used: number temperature: number + temperature_sparkline?: TempDataPoint[] uptime: string load_average: number[] hostname: string @@ -178,6 +186,7 @@ export function SystemOverview() { const [networkTimeframe, setNetworkTimeframe] = useState("day") const [networkTotals, setNetworkTotals] = useState<{ received: number; sent: number }>({ received: 0, sent: 0 }) const [networkUnit, setNetworkUnit] = useState<"Bytes" | "Bits">("Bytes") // Added networkUnit state + const [tempModalOpen, setTempModalOpen] = useState(false) useEffect(() => { const fetchAllData = async () => { @@ -458,27 +467,59 @@ export function SystemOverview() { - + 0 ? "cursor-pointer hover:border-primary/50 transition-colors" : ""}`} + onClick={() => systemData.temperature > 0 && setTempModalOpen(true)} + > Temperature -
- {systemData.temperature === 0 ? "N/A" : `${systemData.temperature}°C`} -
-
+
+ + {systemData.temperature === 0 ? "N/A" : `${Math.round(systemData.temperature * 10) / 10}°C`} + {tempStatus.status}
-

- {systemData.temperature === 0 ? "No sensor available" : "Live temperature reading"} -

+ {systemData.temperature > 0 && systemData.temperature_sparkline && systemData.temperature_sparkline.length > 1 ? ( +
+ + + + + = 75 ? "#ef4444" : systemData.temperature >= 60 ? "#f59e0b" : "#22c55e"} stopOpacity={0.3} /> + = 75 ? "#ef4444" : systemData.temperature >= 60 ? "#f59e0b" : "#22c55e"} stopOpacity={0} /> + + + = 75 ? "#ef4444" : systemData.temperature >= 60 ? "#f59e0b" : "#22c55e"} + strokeWidth={1.5} + fill="url(#tempSparkGradient)" + dot={false} + isAnimationActive={false} + /> + + +
+ ) : ( +

+ {systemData.temperature === 0 ? "No sensor available" : "Collecting data..."} +

+ )}
+ +
diff --git a/AppImage/components/temperature-detail-modal.tsx b/AppImage/components/temperature-detail-modal.tsx new file mode 100644 index 00000000..3ddd744b --- /dev/null +++ b/AppImage/components/temperature-detail-modal.tsx @@ -0,0 +1,241 @@ +"use client" + +import { useState, useEffect } from "react" +import { Dialog, DialogContent, DialogHeader, DialogTitle } from "./ui/dialog" +import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "./ui/select" +import { Badge } from "./ui/badge" +import { Thermometer, TrendingDown, TrendingUp, Minus } from "lucide-react" +import { AreaChart, Area, XAxis, YAxis, CartesianGrid, Tooltip, ResponsiveContainer } from "recharts" +import { useIsMobile } from "../hooks/use-mobile" +import { fetchApi } from "@/lib/api-config" + +const TIMEFRAME_OPTIONS = [ + { value: "hour", label: "1 Hour" }, + { value: "day", label: "24 Hours" }, + { value: "week", label: "7 Days" }, + { value: "month", label: "30 Days" }, +] + +interface TempHistoryPoint { + timestamp: number + value: number + min?: number + max?: number +} + +interface TempStats { + min: number + max: number + avg: number + current: number +} + +interface TemperatureDetailModalProps { + open: boolean + onOpenChange: (open: boolean) => void +} + +const CustomTooltip = ({ active, payload, label }: any) => { + if (active && payload && payload.length) { + return ( +
+

{label}

+
+ {payload.map((entry: any, index: number) => ( +
+
+ {entry.name}: + {entry.value}°C +
+ ))} +
+
+ ) + } + return null +} + +const getStatusColor = (temp: number) => { + if (temp >= 75) return "#ef4444" + if (temp >= 60) return "#f59e0b" + return "#22c55e" +} + +const getStatusInfo = (temp: number) => { + if (temp === 0) return { status: "N/A", color: "bg-gray-500/10 text-gray-500 border-gray-500/20" } + if (temp < 60) return { status: "Normal", color: "bg-green-500/10 text-green-500 border-green-500/20" } + if (temp < 75) return { status: "Warm", color: "bg-yellow-500/10 text-yellow-500 border-yellow-500/20" } + return { status: "Hot", color: "bg-red-500/10 text-red-500 border-red-500/20" } +} + +export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetailModalProps) { + const [timeframe, setTimeframe] = useState("hour") + const [data, setData] = useState([]) + const [stats, setStats] = useState({ min: 0, max: 0, avg: 0, current: 0 }) + const [loading, setLoading] = useState(true) + const isMobile = useIsMobile() + + useEffect(() => { + if (open) { + fetchHistory() + } + }, [open, timeframe]) + + const fetchHistory = async () => { + setLoading(true) + try { + const result = await fetchApi<{ data: TempHistoryPoint[]; stats: TempStats }>( + `/api/temperature/history?timeframe=${timeframe}` + ) + if (result && result.data) { + setData(result.data) + setStats(result.stats) + } + } catch (err) { + console.error("[v0] Failed to fetch temperature history:", err) + } finally { + setLoading(false) + } + } + + const formatTime = (timestamp: number) => { + const date = new Date(timestamp * 1000) + if (timeframe === "hour") { + return date.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" }) + } else if (timeframe === "day") { + return date.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" }) + } else { + return date.toLocaleDateString([], { month: "short", day: "numeric", hour: "2-digit", minute: "2-digit" }) + } + } + + const chartData = data.map((d) => ({ + ...d, + time: formatTime(d.timestamp), + })) + + const currentStatus = getStatusInfo(stats.current) + const chartColor = getStatusColor(stats.current) + + // Calculate Y axis domain with some padding + const values = data.map((d) => d.value) + const yMin = values.length > 0 ? Math.max(0, Math.floor(Math.min(...values) - 5)) : 0 + const yMax = values.length > 0 ? Math.ceil(Math.max(...values) + 5) : 100 + + return ( + + + +
+ + + CPU Temperature + + +
+ + + {/* Stats bar */} +
+
+
Current
+
+ {stats.current}°C + + {currentStatus.status} + +
+
+
+
+ Min +
+
{stats.min}°C
+
+
+
+ Avg +
+
{stats.avg}°C
+
+
+
+ Max +
+
{stats.max}°C
+
+
+ + {/* Chart */} +
+ {loading ? ( +
+
+
+
+
+
+ ) : chartData.length === 0 ? ( +
+
+ +

No temperature data available for this period

+

Data is collected every 60 seconds

+
+
+ ) : ( + + + + + + + + + + + `${v}°`} + width={isMobile ? 35 : 45} + /> + } /> + + + + )} +
+ +
+ ) +} diff --git a/AppImage/scripts/flask_server.py b/AppImage/scripts/flask_server.py index 93bf0ece..c04bdd68 100644 --- a/AppImage/scripts/flask_server.py +++ b/AppImage/scripts/flask_server.py @@ -16,9 +16,11 @@ import re import select import shutil import socket +import sqlite3 import subprocess import sys import time +import threading import urllib.parse import hardware_monitor import xml.etree.ElementTree as ET @@ -348,6 +350,160 @@ def get_cpu_temperature(): pass return temp +# ── Temperature History (SQLite) ────────────────────────────────────────────── +# Stores CPU temperature readings every 60s in a lightweight SQLite database. +# Data is persisted in /usr/local/share/proxmenux/ alongside config.json. +# Retention: 30 days max, cleaned up every hour. + +TEMP_DB_DIR = "/usr/local/share/proxmenux" +TEMP_DB_PATH = os.path.join(TEMP_DB_DIR, "monitor.db") + +def _get_temp_db(): + """Get a SQLite connection with WAL mode for concurrent reads.""" + conn = sqlite3.connect(TEMP_DB_PATH, timeout=5) + conn.execute("PRAGMA journal_mode=WAL") + conn.execute("PRAGMA synchronous=NORMAL") + return conn + +def init_temperature_db(): + """Create the temperature_history table if it doesn't exist.""" + try: + os.makedirs(TEMP_DB_DIR, exist_ok=True) + conn = _get_temp_db() + conn.execute(""" + CREATE TABLE IF NOT EXISTS temperature_history ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + timestamp INTEGER NOT NULL, + value REAL NOT NULL + ) + """) + conn.execute(""" + CREATE INDEX IF NOT EXISTS idx_temp_timestamp + ON temperature_history(timestamp) + """) + conn.commit() + conn.close() + return True + except Exception as e: + print(f"[ProxMenux] Temperature DB init failed: {e}") + return False + +def _record_temperature(): + """Insert a single temperature reading into the DB.""" + try: + temp = get_cpu_temperature() + if temp and temp > 0: + conn = _get_temp_db() + conn.execute( + "INSERT INTO temperature_history (timestamp, value) VALUES (?, ?)", + (int(time.time()), round(temp, 1)) + ) + conn.commit() + conn.close() + except Exception: + pass + +def _cleanup_old_temperature_data(): + """Remove temperature records older than 30 days.""" + try: + cutoff = int(time.time()) - (30 * 24 * 3600) + conn = _get_temp_db() + conn.execute("DELETE FROM temperature_history WHERE timestamp < ?", (cutoff,)) + conn.commit() + conn.close() + except Exception: + pass + +def get_temperature_sparkline(minutes=60): + """Get recent temperature data for the overview sparkline.""" + try: + since = int(time.time()) - (minutes * 60) + conn = _get_temp_db() + cursor = conn.execute( + "SELECT timestamp, value FROM temperature_history WHERE timestamp >= ? ORDER BY timestamp ASC", + (since,) + ) + rows = cursor.fetchall() + conn.close() + return [{"timestamp": r[0], "value": r[1]} for r in rows] + except Exception: + return [] + +def get_temperature_history(timeframe="hour"): + """Get temperature history with downsampling for longer timeframes.""" + try: + now = int(time.time()) + if timeframe == "hour": + since = now - 3600 + interval = None # All points (~60) + elif timeframe == "day": + since = now - 86400 + interval = 300 # 5 min avg (288 points) + elif timeframe == "week": + since = now - 7 * 86400 + interval = 1800 # 30 min avg (336 points) + elif timeframe == "month": + since = now - 30 * 86400 + interval = 7200 # 2h avg (360 points) + else: + since = now - 3600 + interval = None + + conn = _get_temp_db() + + if interval is None: + cursor = conn.execute( + "SELECT timestamp, value FROM temperature_history WHERE timestamp >= ? ORDER BY timestamp ASC", + (since,) + ) + rows = cursor.fetchall() + data = [{"timestamp": r[0], "value": r[1]} for r in rows] + else: + # Downsample: average value per interval bucket + cursor = conn.execute( + """SELECT (timestamp / ?) * ? as bucket, + ROUND(AVG(value), 1) as avg_val, + ROUND(MIN(value), 1) as min_val, + ROUND(MAX(value), 1) as max_val + FROM temperature_history + WHERE timestamp >= ? + GROUP BY bucket + ORDER BY bucket ASC""", + (interval, interval, since) + ) + rows = cursor.fetchall() + data = [{"timestamp": r[0], "value": r[1], "min": r[2], "max": r[3]} for r in rows] + + conn.close() + + # Compute stats + if data: + values = [d["value"] for d in data] + stats = { + "min": round(min(values), 1), + "max": round(max(values), 1), + "avg": round(sum(values) / len(values), 1), + "current": values[-1] + } + else: + stats = {"min": 0, "max": 0, "avg": 0, "current": 0} + + return {"data": data, "stats": stats} + except Exception as e: + return {"data": [], "stats": {"min": 0, "max": 0, "avg": 0, "current": 0}} + +def _temperature_collector_loop(): + """Background thread: collect temperature every 60s, cleanup every hour.""" + cleanup_counter = 0 + while True: + _record_temperature() + cleanup_counter += 1 + if cleanup_counter >= 60: # Every 60 iterations = 60 minutes + _cleanup_old_temperature_data() + cleanup_counter = 0 + time.sleep(60) + + def get_uptime(): """Get system uptime in a human-readable format.""" try: @@ -4803,12 +4959,16 @@ def api_system(): # Get available updates available_updates = get_available_updates() + # Get temperature sparkline (last 1h) for overview mini chart + temp_sparkline = get_temperature_sparkline(60) + return jsonify({ 'cpu_usage': round(cpu_usage, 1), 'memory_usage': round(memory_usage_percent, 1), 'memory_total': round(memory_total_gb, 1), 'memory_used': round(memory_used_gb, 1), 'temperature': temp, + 'temperature_sparkline': temp_sparkline, 'uptime': uptime, 'load_average': list(load_avg), 'hostname': socket.gethostname(), @@ -4826,6 +4986,20 @@ def api_system(): pass return jsonify({'error': str(e)}), 500 +@app.route('/api/temperature/history', methods=['GET']) +@require_auth +def api_temperature_history(): + """Get temperature history for charts. Timeframe: hour, day, week, month""" + try: + timeframe = request.args.get('timeframe', 'hour') + if timeframe not in ('hour', 'day', 'week', 'month'): + timeframe = 'hour' + result = get_temperature_history(timeframe) + return jsonify(result) + except Exception as e: + return jsonify({'data': [], 'stats': {'min': 0, 'max': 0, 'avg': 0, 'current': 0}}), 500 + + @app.route('/api/storage', methods=['GET']) @require_auth def api_storage(): @@ -6758,6 +6932,18 @@ if __name__ == '__main__': except Exception as e: print(f"[ProxMenux] journald check skipped: {e}") + # ── Temperature history collector ── + # Initialize SQLite DB and start background thread to record CPU temp every 60s + if init_temperature_db(): + # Record initial reading immediately + _record_temperature() + # Start background collector thread + temp_thread = threading.Thread(target=_temperature_collector_loop, daemon=True) + temp_thread.start() + print("[ProxMenux] Temperature history collector started (60s interval, 30d retention)") + else: + print("[ProxMenux] Temperature history disabled (DB init failed)") + # Check for SSL configuration ssl_ctx = None try: From e4a57b97b78f2c9c8bd7a559082650a1a51939c8 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Fri, 13 Feb 2026 19:40:22 +0100 Subject: [PATCH 04/21] Update modal temperature --- AppImage/components/system-overview.tsx | 2 +- .../components/temperature-detail-modal.tsx | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/AppImage/components/system-overview.tsx b/AppImage/components/system-overview.tsx index b1ea978a..8d5f239f 100644 --- a/AppImage/components/system-overview.tsx +++ b/AppImage/components/system-overview.tsx @@ -476,7 +476,7 @@ export function SystemOverview() { -
+
{systemData.temperature === 0 ? "N/A" : `${Math.round(systemData.temperature * 10) / 10}°C`} diff --git a/AppImage/components/temperature-detail-modal.tsx b/AppImage/components/temperature-detail-modal.tsx index 3ddd744b..9a8d4312 100644 --- a/AppImage/components/temperature-detail-modal.tsx +++ b/AppImage/components/temperature-detail-modal.tsx @@ -126,7 +126,7 @@ export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetail -
+
CPU Temperature @@ -148,11 +148,11 @@ export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetail {/* Stats bar */}
-
-
Current
-
- {stats.current}°C - +
+
Current
+
+ {stats.current}°C + {currentStatus.status}
@@ -206,7 +206,8 @@ export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetail `${v}°`} From fe3963dfe2245933d6d6a369bdad6a61ca713fe2 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Fri, 13 Feb 2026 19:58:57 +0100 Subject: [PATCH 05/21] Update temperature-detail-modal.tsx --- AppImage/components/temperature-detail-modal.tsx | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/AppImage/components/temperature-detail-modal.tsx b/AppImage/components/temperature-detail-modal.tsx index 9a8d4312..7f758dd8 100644 --- a/AppImage/components/temperature-detail-modal.tsx +++ b/AppImage/components/temperature-detail-modal.tsx @@ -147,15 +147,10 @@ export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetail {/* Stats bar */} -
-
-
Current
-
- {stats.current}°C - - {currentStatus.status} - -
+
+
+
Current
+
{stats.current}°C
@@ -203,7 +198,7 @@ export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetail - + Date: Fri, 13 Feb 2026 20:09:50 +0100 Subject: [PATCH 06/21] Update modal temperature --- AppImage/components/system-overview.tsx | 1 + AppImage/components/temperature-detail-modal.tsx | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/AppImage/components/system-overview.tsx b/AppImage/components/system-overview.tsx index 8d5f239f..d8361817 100644 --- a/AppImage/components/system-overview.tsx +++ b/AppImage/components/system-overview.tsx @@ -518,6 +518,7 @@ export function SystemOverview() { diff --git a/AppImage/components/temperature-detail-modal.tsx b/AppImage/components/temperature-detail-modal.tsx index 7f758dd8..3271cac3 100644 --- a/AppImage/components/temperature-detail-modal.tsx +++ b/AppImage/components/temperature-detail-modal.tsx @@ -33,6 +33,7 @@ interface TempStats { interface TemperatureDetailModalProps { open: boolean onOpenChange: (open: boolean) => void + liveTemperature?: number } const CustomTooltip = ({ active, payload, label }: any) => { @@ -68,7 +69,7 @@ const getStatusInfo = (temp: number) => { return { status: "Hot", color: "bg-red-500/10 text-red-500 border-red-500/20" } } -export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetailModalProps) { +export function TemperatureDetailModal({ open, onOpenChange, liveTemperature }: TemperatureDetailModalProps) { const [timeframe, setTimeframe] = useState("hour") const [data, setData] = useState([]) const [stats, setStats] = useState({ min: 0, max: 0, avg: 0, current: 0 }) @@ -114,8 +115,10 @@ export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetail time: formatTime(d.timestamp), })) - const currentStatus = getStatusInfo(stats.current) - const chartColor = getStatusColor(stats.current) + // Use live temperature from the overview card (real-time) instead of last DB record + const currentTemp = liveTemperature && liveTemperature > 0 ? Math.round(liveTemperature * 10) / 10 : stats.current + const currentStatus = getStatusInfo(currentTemp) + const chartColor = getStatusColor(currentTemp) // Calculate Y axis domain with some padding const values = data.map((d) => d.value) @@ -150,7 +153,7 @@ export function TemperatureDetailModal({ open, onOpenChange }: TemperatureDetail
Current
-
{stats.current}°C
+
{currentTemp}°C
From 229ac5006be763b60545cacdd5018d69b7922670 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Fri, 13 Feb 2026 20:23:56 +0100 Subject: [PATCH 07/21] Update temperature-detail-modal.tsx --- AppImage/components/temperature-detail-modal.tsx | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/AppImage/components/temperature-detail-modal.tsx b/AppImage/components/temperature-detail-modal.tsx index 3271cac3..695b894c 100644 --- a/AppImage/components/temperature-detail-modal.tsx +++ b/AppImage/components/temperature-detail-modal.tsx @@ -127,7 +127,7 @@ export function TemperatureDetailModal({ open, onOpenChange, liveTemperature }: return ( - +
@@ -194,7 +194,7 @@ export function TemperatureDetailModal({ open, onOpenChange, liveTemperature }:
) : ( - + @@ -204,21 +204,19 @@ export function TemperatureDetailModal({ open, onOpenChange, liveTemperature }: `${v}°`} - width={isMobile ? 35 : 45} + width={isMobile ? 40 : 45} /> } /> Date: Fri, 13 Feb 2026 20:34:09 +0100 Subject: [PATCH 08/21] Update system-overview.tsx --- AppImage/components/system-overview.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AppImage/components/system-overview.tsx b/AppImage/components/system-overview.tsx index d8361817..d8f6cb5e 100644 --- a/AppImage/components/system-overview.tsx +++ b/AppImage/components/system-overview.tsx @@ -468,7 +468,7 @@ export function SystemOverview() { 0 ? "cursor-pointer hover:border-primary/50 transition-colors" : ""}`} + className={`bg-card border-border ${systemData.temperature > 0 ? "cursor-pointer hover:bg-white/5 transition-colors" : ""}`} onClick={() => systemData.temperature > 0 && setTempModalOpen(true)} > From 782eaef4404a5b485e554130d7455179185c9bc3 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 11:12:54 +0100 Subject: [PATCH 09/21] Update flask_server.py --- AppImage/scripts/flask_server.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/AppImage/scripts/flask_server.py b/AppImage/scripts/flask_server.py index c04bdd68..aaa3e1c8 100644 --- a/AppImage/scripts/flask_server.py +++ b/AppImage/scripts/flask_server.py @@ -479,9 +479,17 @@ def get_temperature_history(timeframe="hour"): # Compute stats if data: values = [d["value"] for d in data] + # For downsampled data, use actual min/max from each bucket + # (not min/max of the averages, which would be wrong) + if interval is not None and "min" in data[0]: + actual_min = min(d["min"] for d in data) + actual_max = max(d["max"] for d in data) + else: + actual_min = min(values) + actual_max = max(values) stats = { - "min": round(min(values), 1), - "max": round(max(values), 1), + "min": round(actual_min, 1), + "max": round(actual_max, 1), "avg": round(sum(values) / len(values), 1), "current": values[-1] } From 6647a3b0838a7209302ab6743f8318c2ae668888 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 12:07:51 +0100 Subject: [PATCH 10/21] Update security.tsx --- AppImage/components/security.tsx | 104 ++++++++++++++++++++------ AppImage/scripts/flask_auth_routes.py | 43 ++++++++++- 2 files changed, 122 insertions(+), 25 deletions(-) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index 6d692db8..f9adb354 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -174,6 +174,7 @@ export function Security() { const [proxmoxCertInfo, setProxmoxCertInfo] = useState<{subject?: string; expires?: string; issuer?: string; is_self_signed?: boolean} | null>(null) const [loadingSsl, setLoadingSsl] = useState(true) const [configuringSsl, setConfiguringSsl] = useState(false) + const [sslRestarting, setSslRestarting] = useState(false) const [showCustomCertForm, setShowCustomCertForm] = useState(false) const [customCertPath, setCustomCertPath] = useState("") const [customKeyPath, setCustomKeyPath] = useState("") @@ -1256,13 +1257,49 @@ ${(report.sections && report.sections.length > 0) ? ` } } + // Wait for the monitor service to come back on the new protocol, then redirect + const waitForServiceAndRedirect = async (newProtocol: "https" | "http") => { + const host = window.location.hostname + const port = window.location.port || "8008" + const newUrl = `${newProtocol}://${host}:${port}${window.location.pathname}` + + // Wait for service to restart (try up to 30 seconds) + const maxAttempts = 15 + for (let i = 0; i < maxAttempts; i++) { + await new Promise(r => setTimeout(r, 2000)) + try { + const controller = new AbortController() + const timeout = setTimeout(() => controller.abort(), 3000) + const resp = await fetch(`${newProtocol}://${host}:${port}/api/ssl/status`, { + signal: controller.signal, + // For self-signed certs, we need to handle rejection + mode: "no-cors" + }).catch(() => null) + clearTimeout(timeout) + + // For HTTPS with self-signed certs, even a failed CORS request means the server is up + if (resp || newProtocol === "https") { + // Give it one more second to fully stabilize + await new Promise(r => setTimeout(r, 1000)) + window.location.href = newUrl + return + } + } catch { + // Server not ready yet, keep waiting + } + } + + // Fallback: redirect anyway after timeout + window.location.href = newUrl + } + const handleEnableSsl = async (source: "proxmox" | "custom", certPath?: string, keyPath?: string) => { setConfiguringSsl(true) setError("") setSuccess("") try { - const body: Record = { source } + const body: Record = { source, auto_restart: true } if (source === "custom" && certPath && keyPath) { body.cert_path = certPath body.key_path = keyPath @@ -1275,25 +1312,27 @@ ${(report.sections && report.sections.length > 0) ? ` }) if (data.success) { - setSuccess(data.message || "SSL configured successfully. Restart the monitor service to apply.") setSslEnabled(true) setSslSource(source) setShowCustomCertForm(false) setCustomCertPath("") setCustomKeyPath("") - loadSslStatus() + setConfiguringSsl(false) + setSslRestarting(true) + setSuccess("SSL enabled. Restarting service and switching to HTTPS...") + await waitForServiceAndRedirect("https") } else { setError(data.message || "Failed to configure SSL") + setConfiguringSsl(false) } } catch (err) { setError(err instanceof Error ? err.message : "Failed to configure SSL") - } finally { setConfiguringSsl(false) } } const handleDisableSsl = async () => { - if (!confirm("Are you sure you want to disable HTTPS? The monitor will revert to HTTP after restart.")) { + if (!confirm("Are you sure you want to disable HTTPS? The monitor will switch to HTTP.")) { return } @@ -1302,21 +1341,27 @@ ${(report.sections && report.sections.length > 0) ? ` setSuccess("") try { - const data = await fetchApi("/api/ssl/disable", { method: "POST" }) + const data = await fetchApi("/api/ssl/disable", { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ auto_restart: true }), + }) if (data.success) { - setSuccess(data.message || "SSL disabled. Restart the monitor service to apply.") setSslEnabled(false) setSslSource("none") setSslCertPath("") setSslKeyPath("") - loadSslStatus() + setConfiguringSsl(false) + setSslRestarting(true) + setSuccess("SSL disabled. Restarting service and switching to HTTP...") + await waitForServiceAndRedirect("http") } else { setError(data.message || "Failed to disable SSL") + setConfiguringSsl(false) } } catch (err) { setError(err instanceof Error ? err.message : "Failed to disable SSL") - } finally { setConfiguringSsl(false) } } @@ -1683,10 +1728,10 @@ ${(report.sections && report.sections.length > 0) ? ` onClick={handleDisableSsl} variant="outline" size="sm" - disabled={configuringSsl} + disabled={configuringSsl || sslRestarting} className="mt-2 text-red-500 border-red-500/30 hover:bg-red-500/10 bg-transparent" > - {configuringSsl ? "Disabling..." : "Disable HTTPS"} + {configuringSsl ? "Disabling..." : sslRestarting ? "Restarting..." : "Disable HTTPS"}
)} @@ -1722,7 +1767,7 @@ ${(report.sections && report.sections.length > 0) ? ` @@ -1817,14 +1862,27 @@ ${(report.sections && report.sections.length > 0) ? `
)} - {/* Info note about restart */} -
- -

- Changes to SSL configuration require a monitor service restart to take effect. - The service will automatically use HTTPS on port 8008 when enabled. -

-
+ {/* Restarting overlay or info note */} + {sslRestarting ? ( +
+
+
+

+ Restarting monitor service... +

+

+ The page will automatically redirect to the new address. +

+
+
+ ) : ( +
+ +

+ SSL changes will automatically restart the monitor service and redirect to the new address. +

+
+ )} )} diff --git a/AppImage/scripts/flask_auth_routes.py b/AppImage/scripts/flask_auth_routes.py index c7a8c7f3..5a40d6df 100644 --- a/AppImage/scripts/flask_auth_routes.py +++ b/AppImage/scripts/flask_auth_routes.py @@ -4,6 +4,11 @@ Provides REST API endpoints for authentication management """ import logging +import os +import signal +import sys +import threading +import time from flask import Blueprint, jsonify, request import auth_manager import jwt @@ -73,12 +78,29 @@ def ssl_status(): return jsonify({"success": False, "message": str(e)}), 500 +def _schedule_service_restart(delay=1.5): + """Schedule a self-restart of the Flask server after a short delay. + This gives time for the HTTP response to reach the client before the process exits. + The process will be restarted by the parent (systemd, AppRun, or manual).""" + def _do_restart(): + time.sleep(delay) + print("[ProxMenux] Restarting monitor service to apply SSL changes...") + # Send SIGTERM to our own process - this triggers a clean shutdown. + # If running under systemd with Restart=always, it will auto-restart. + # If running directly, the process exits (user must restart manually as fallback). + os.kill(os.getpid(), signal.SIGTERM) + + t = threading.Thread(target=_do_restart, daemon=True) + t.start() + + @auth_bp.route('/api/ssl/configure', methods=['POST']) def ssl_configure(): """Configure SSL with Proxmox or custom certificates""" try: data = request.json or {} source = data.get("source", "proxmox") + auto_restart = data.get("auto_restart", True) if source == "proxmox": cert_path = auth_manager.PROXMOX_CERT_PATH @@ -92,7 +114,14 @@ def ssl_configure(): success, message = auth_manager.configure_ssl(cert_path, key_path, source) if success: - return jsonify({"success": True, "message": message, "requires_restart": True}) + if auto_restart: + _schedule_service_restart() + return jsonify({ + "success": True, + "message": "SSL enabled. The service is restarting...", + "restarting": auto_restart, + "new_protocol": "https" + }) else: return jsonify({"success": False, "message": message}), 400 except Exception as e: @@ -103,10 +132,20 @@ def ssl_configure(): def ssl_disable(): """Disable SSL and return to HTTP""" try: + data = request.json or {} + auto_restart = data.get("auto_restart", True) + success, message = auth_manager.disable_ssl() if success: - return jsonify({"success": True, "message": message, "requires_restart": True}) + if auto_restart: + _schedule_service_restart() + return jsonify({ + "success": True, + "message": "SSL disabled. The service is restarting...", + "restarting": auto_restart, + "new_protocol": "http" + }) else: return jsonify({"success": False, "message": message}), 400 except Exception as e: From 40c40f81fc358c334872a0259e8f19c158db8e58 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 12:23:08 +0100 Subject: [PATCH 11/21] Update flask_auth_routes.py --- AppImage/scripts/flask_auth_routes.py | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/AppImage/scripts/flask_auth_routes.py b/AppImage/scripts/flask_auth_routes.py index 5a40d6df..254cb76b 100644 --- a/AppImage/scripts/flask_auth_routes.py +++ b/AppImage/scripts/flask_auth_routes.py @@ -5,8 +5,7 @@ Provides REST API endpoints for authentication management import logging import os -import signal -import sys +import subprocess import threading import time from flask import Blueprint, jsonify, request @@ -79,16 +78,23 @@ def ssl_status(): def _schedule_service_restart(delay=1.5): - """Schedule a self-restart of the Flask server after a short delay. - This gives time for the HTTP response to reach the client before the process exits. - The process will be restarted by the parent (systemd, AppRun, or manual).""" + """Schedule a restart of the monitor service via systemctl after a short delay. + This gives time for the HTTP response to reach the client before the process restarts.""" def _do_restart(): time.sleep(delay) print("[ProxMenux] Restarting monitor service to apply SSL changes...") - # Send SIGTERM to our own process - this triggers a clean shutdown. - # If running under systemd with Restart=always, it will auto-restart. - # If running directly, the process exits (user must restart manually as fallback). - os.kill(os.getpid(), signal.SIGTERM) + # Use systemctl restart which properly stops and starts the service. + # This works because systemd manages proxmenux-monitor.service. + try: + subprocess.Popen( + ["systemctl", "restart", "proxmenux-monitor"], + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL + ) + except Exception as e: + print(f"[ProxMenux] Failed to restart via systemctl: {e}") + # Fallback: try to restart the process directly + os.kill(os.getpid(), 15) # SIGTERM t = threading.Thread(target=_do_restart, daemon=True) t.start() From c429cb2ed134f01755d08bbeb56128c2f6c9c8bf Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 14:32:30 +0100 Subject: [PATCH 12/21] Update flask_server.py --- AppImage/scripts/flask_server.py | 57 ++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/AppImage/scripts/flask_server.py b/AppImage/scripts/flask_server.py index aaa3e1c8..0f5b8d6c 100644 --- a/AppImage/scripts/flask_server.py +++ b/AppImage/scripts/flask_server.py @@ -125,6 +125,63 @@ app.register_blueprint(security_bp) init_terminal_routes(app) +# ------------------------------------------------------------------- +# Fail2Ban application-level ban check (for reverse proxy scenarios) +# ------------------------------------------------------------------- +# When users access via a reverse proxy, iptables/nftables cannot block +# the real client IP because the TCP connection comes from the proxy. +# This middleware checks if the client's real IP (from X-Forwarded-For) +# is banned in the 'proxmenux' fail2ban jail and blocks at app level. +import subprocess as _f2b_subprocess +import time as _f2b_time + +# Cache banned IPs for 30 seconds to avoid calling fail2ban-client on every request +_f2b_banned_cache = {"ips": set(), "ts": 0, "ttl": 30} + +def _f2b_get_banned_ips(): + """Get currently banned IPs from the proxmenux jail, with caching.""" + now = _f2b_time.time() + if now - _f2b_banned_cache["ts"] < _f2b_banned_cache["ttl"]: + return _f2b_banned_cache["ips"] + try: + result = _f2b_subprocess.run( + ["fail2ban-client", "status", "proxmenux"], + capture_output=True, text=True, timeout=5 + ) + if result.returncode == 0: + for line in result.stdout.splitlines(): + if "Banned IP list:" in line: + ip_str = line.split(":", 1)[1].strip() + banned = set(ip.strip() for ip in ip_str.split() if ip.strip()) + _f2b_banned_cache["ips"] = banned + _f2b_banned_cache["ts"] = now + return banned + except Exception: + pass + return _f2b_banned_cache["ips"] + +def _f2b_get_client_ip(): + """Get the real client IP, supporting reverse proxies.""" + forwarded = request.headers.get("X-Forwarded-For", "") + if forwarded: + return forwarded.split(",")[0].strip() + real_ip = request.headers.get("X-Real-IP", "") + if real_ip: + return real_ip.strip() + return request.remote_addr or "unknown" + +@app.before_request +def check_fail2ban_ban(): + """Block requests from IPs banned by fail2ban (works with reverse proxies).""" + client_ip = _f2b_get_client_ip() + banned_ips = _f2b_get_banned_ips() + if client_ip in banned_ips: + return jsonify({ + "success": False, + "message": "Access denied. Your IP has been temporarily banned due to too many failed login attempts." + }), 403 + + def identify_gpu_type(name, vendor=None, bus=None, driver=None): """ Returns: 'Integrated' or 'PCI' (discrete) From 1da1c178d038b91baa227288de3f329cc40cecde Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 16:08:11 +0100 Subject: [PATCH 13/21] Update security.tsx --- AppImage/components/security.tsx | 290 ++++++++++++++++++++++++++----- 1 file changed, 247 insertions(+), 43 deletions(-) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index f9adb354..e0ae1310 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -9,7 +9,8 @@ import { Shield, Lock, User, AlertCircle, CheckCircle, Info, LogOut, Key, Copy, Eye, EyeOff, Trash2, RefreshCw, Clock, ShieldCheck, Globe, FileKey, AlertTriangle, Flame, Bug, Search, Download, Power, PowerOff, Plus, Minus, Activity, Settings, Ban, - FileText, Printer, Play, BarChart3, TriangleAlert, ChevronDown, + FileText, Printer, Play, BarChart3, TriangleAlert, ChevronDown, ArrowDownLeft, ArrowUpRight, + ChevronRight, Network, Zap, } from "lucide-react" import { getApiUrl, fetchApi } from "../lib/api-config" import { TwoFactorSetup } from "./two-factor-setup" @@ -88,6 +89,7 @@ export function Security() { }) const [addingRule, setAddingRule] = useState(false) const [deletingRuleIdx, setDeletingRuleIdx] = useState(null) + const [expandedRuleKey, setExpandedRuleKey] = useState(null) // Security Tools state const [toolsLoading, setToolsLoading] = useState(true) @@ -2341,6 +2343,83 @@ ${(report.sections && report.sections.length > 0) ? ` )}
+ {/* Rules Summary Dashboard */} + {firewallData.rules.length > 0 && (() => { + const acceptCount = firewallData.rules.filter(r => r.action === "ACCEPT").length + const dropCount = firewallData.rules.filter(r => r.action === "DROP").length + const rejectCount = firewallData.rules.filter(r => r.action === "REJECT").length + const blockCount = dropCount + rejectCount + const total = firewallData.rules.length + const clusterCount = firewallData.rules.filter(r => r.source_file === "cluster").length + const hostCount = firewallData.rules.filter(r => r.source_file === "host").length + const inCount = firewallData.rules.filter(r => (r.direction || "IN") === "IN").length + const outCount = firewallData.rules.filter(r => r.direction === "OUT").length + // Collect unique protected ports + const protectedPorts = new Set() + firewallData.rules.forEach(r => { + if (r.dport) r.dport.split(",").forEach(p => protectedPorts.add(p.trim())) + }) + + return ( +
+

Rules Overview

+
+
+

{total}

+

Total Rules

+
+
+

{acceptCount}

+

Accept

+
+
+

{blockCount}

+

Block / Reject

+
+
+

{protectedPorts.size}

+

Ports Covered

+
+
+ {/* Visual bar */} +
+
+ {acceptCount > 0 && ( +
+ )} + {dropCount > 0 && ( +
+ )} + {rejectCount > 0 && ( +
+ )} +
+
+ Accept + Drop + Reject +
+
+ {/* Scope breakdown */} +
+ + Cluster: {clusterCount} + + + Host: {hostCount} + + | + + IN: {inCount} + + + OUT: {outCount} + +
+
+ ) + })()} + {/* Firewall Rules */}
@@ -2366,6 +2445,42 @@ ${(report.sections && report.sections.length > 0) ? `

New Firewall Rule

+ {/* Service Presets */} +
+

Quick Presets

+
+ {[ + { label: "HTTP", port: "80", proto: "tcp", comment: "HTTP Web" }, + { label: "HTTPS", port: "443", proto: "tcp", comment: "HTTPS Web" }, + { label: "SSH", port: "22", proto: "tcp", comment: "SSH Remote Access" }, + { label: "DNS", port: "53", proto: "udp", comment: "DNS" }, + { label: "SMTP", port: "25", proto: "tcp", comment: "SMTP Mail" }, + { label: "NFS", port: "2049", proto: "tcp", comment: "NFS" }, + { label: "SMB", port: "445", proto: "tcp", comment: "SMB/CIFS" }, + { label: "Ping", port: "", proto: "icmp", comment: "ICMP Ping" }, + ].map((preset) => ( + + ))} +
+
+
@@ -2490,51 +2605,140 @@ ${(report.sections && report.sections.length > 0) ? ` {firewallData.rules.length > 0 ? (
{/* Table header */} -
- Action - Direction - Proto - Port - Source - Level - +
+ + Action + + Proto + Port + Source + Level +
-
- {firewallData.rules.map((rule, idx) => ( -
- - {rule.action || "?"} - - {rule.direction || "IN"} - {rule.p || "-"} - {rule.dport || "-"} - {rule.source || "any"} - - {rule.source_file} - - +
+
)} - -
- ))} +
+ ) + })}
) : ( From ace4d83789bc7c771808fd5f438890ab76017e74 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 16:39:24 +0100 Subject: [PATCH 14/21] Update security.tsx --- AppImage/components/security.tsx | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index e0ae1310..7e79bed0 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -10,7 +10,7 @@ import { Trash2, RefreshCw, Clock, ShieldCheck, Globe, FileKey, AlertTriangle, Flame, Bug, Search, Download, Power, PowerOff, Plus, Minus, Activity, Settings, Ban, FileText, Printer, Play, BarChart3, TriangleAlert, ChevronDown, ArrowDownLeft, ArrowUpRight, - ChevronRight, Network, Zap, + ChevronRight, Network, Zap, Pencil, Check, X, } from "lucide-react" import { getApiUrl, fetchApi } from "../lib/api-config" import { TwoFactorSetup } from "./two-factor-setup" @@ -90,6 +90,12 @@ export function Security() { const [addingRule, setAddingRule] = useState(false) const [deletingRuleIdx, setDeletingRuleIdx] = useState(null) const [expandedRuleKey, setExpandedRuleKey] = useState(null) + const [editingRuleKey, setEditingRuleKey] = useState(null) + const [editRule, setEditRule] = useState({ + direction: "IN", action: "ACCEPT", protocol: "tcp", + dport: "", sport: "", source: "", iface: "", comment: "", level: "host", + }) + const [savingRule, setSavingRule] = useState(false) // Security Tools state const [toolsLoading, setToolsLoading] = useState(true) From 1ee5863da72b63b1a4429d463ab88c77f703948d Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 16:49:08 +0100 Subject: [PATCH 15/21] Update firewall --- AppImage/components/security.tsx | 245 +++++++++++++++++----- AppImage/scripts/flask_security_routes.py | 33 +++ AppImage/scripts/security_manager.py | 90 ++++++++ 3 files changed, 312 insertions(+), 56 deletions(-) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index 7e79bed0..bf99345e 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -479,6 +479,51 @@ export function Security() { } } + const startEditRule = (rule: any) => { + const ruleKey = `${rule.source_file}-${rule.rule_index}` + const comment = rule.raw?.includes("#") ? rule.raw.split("#").slice(1).join("#").trim() : "" + setEditingRuleKey(ruleKey) + setEditRule({ + direction: rule.direction || "IN", + action: rule.action || "ACCEPT", + protocol: rule.p || "tcp", + dport: rule.dport || "", + sport: "", + source: rule.source || "", + iface: rule.i || "", + comment, + level: rule.source_file || "host", + }) + } + + const handleSaveEditRule = async (oldRuleIndex: number, oldLevel: string) => { + setSavingRule(true) + setError("") + setSuccess("") + try { + const data = await fetchApi("/api/security/firewall/rules/edit", { + method: "PUT", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ + rule_index: oldRuleIndex, + level: oldLevel, + new_rule: editRule, + }), + }) + if (data.success) { + setSuccess(data.message || "Rule updated successfully") + setEditingRuleKey(null) + loadFirewallStatus() + } else { + setError(data.message || "Failed to update rule") + } + } catch (err) { + setError(err instanceof Error ? err.message : "Failed to update rule") + } finally { + setSavingRule(false) + } + } + const handleFirewallToggle = async (level: "host" | "cluster", enable: boolean) => { setFirewallAction(true) setError("") @@ -2633,7 +2678,7 @@ ${(report.sections && report.sections.length > 0) ? `
{/* Main row */}
setExpandedRuleKey(isExpanded ? null : ruleKey)} > {/* Direction icon */} @@ -2683,63 +2728,151 @@ ${(report.sections && report.sections.length > 0) ? ` {/* Expanded details */} {isExpanded && (
-
-
-

Direction

-

- {direction === "IN" ? : } - {direction === "IN" ? "Incoming" : "Outgoing"} -

-
-
-

Protocol

-

{rule.p || "any"}

-
-
-

Port

-

{rule.dport || "any"}

-
-
-

Source

-

{rule.source || "any"}

-
- {rule.i && ( -
-

Interface

-

{rule.i}

+ {editingRuleKey === ruleKey ? ( + /* ── Inline Edit Form ── */ +
+
+
+ + +
+
+ + +
+
+ + +
+
+ + setEditRule({ ...editRule, dport: e.target.value })} + placeholder="e.g. 80,443" className="h-8 text-xs mt-0.5" /> +
- )} -
-

Scope

-

- {rule.source_file === "cluster" ? : } - {rule.source_file === "cluster" ? "Cluster" : "Host"} -

-
- {comment && ( -
-

Comment

-

{comment}

+
+
+ + setEditRule({ ...editRule, source: e.target.value })} + placeholder="IP or CIDR" className="h-8 text-xs mt-0.5" /> +
+
+ + setEditRule({ ...editRule, iface: e.target.value })} + placeholder="e.g. vmbr0" className="h-8 text-xs mt-0.5" /> +
+
+ + setEditRule({ ...editRule, comment: e.target.value })} + placeholder="Description" className="h-8 text-xs mt-0.5" /> +
- )} -
-
- {rule.raw} - -
+
+ + +
+
+ ) : ( + /* ── Read-only Details ── */ + <> +
+
+

Direction

+

+ {direction === "IN" ? : } + {direction === "IN" ? "Incoming" : "Outgoing"} +

+
+
+

Protocol

+

{rule.p || "any"}

+
+
+

Port

+

{rule.dport || "any"}

+
+
+

Source

+

{rule.source || "any"}

+
+ {rule.i && ( +
+

Interface

+

{rule.i}

+
+ )} +
+

Scope

+

+ {rule.source_file === "cluster" ? : } + {rule.source_file === "cluster" ? "Cluster" : "Host"} +

+
+ {comment && ( +
+

Comment

+

{comment}

+
+ )} +
+
+ {rule.raw} +
+ + +
+
+ + )}
)}
diff --git a/AppImage/scripts/flask_security_routes.py b/AppImage/scripts/flask_security_routes.py index 426145da..9870c72b 100644 --- a/AppImage/scripts/flask_security_routes.py +++ b/AppImage/scripts/flask_security_routes.py @@ -106,6 +106,39 @@ def firewall_delete_rule(): return jsonify({"success": False, "message": str(e)}), 500 +@security_bp.route('/api/security/firewall/rules/edit', methods=['PUT']) +def firewall_edit_rule(): + """Edit an existing firewall rule (delete old + insert new at same position)""" + if not security_manager: + return jsonify({"success": False, "message": "Security manager not available"}), 500 + try: + data = request.json or {} + rule_index = data.get("rule_index") + level = data.get("level", "host") + new_rule = data.get("new_rule", {}) + if rule_index is None: + return jsonify({"success": False, "message": "rule_index is required"}), 400 + + success, message = security_manager.edit_firewall_rule( + rule_index=int(rule_index), + level=level, + direction=new_rule.get("direction", "IN"), + action=new_rule.get("action", "ACCEPT"), + protocol=new_rule.get("protocol", "tcp"), + dport=new_rule.get("dport", ""), + sport=new_rule.get("sport", ""), + source=new_rule.get("source", ""), + iface=new_rule.get("iface", ""), + comment=new_rule.get("comment", ""), + ) + if success: + return jsonify({"success": True, "message": message}) + else: + return jsonify({"success": False, "message": message}), 400 + except Exception as e: + return jsonify({"success": False, "message": str(e)}), 500 + + @security_bp.route('/api/security/firewall/monitor-port', methods=['POST']) def firewall_add_monitor_port(): """Add firewall rule to allow port 8008 for ProxMenux Monitor""" diff --git a/AppImage/scripts/security_manager.py b/AppImage/scripts/security_manager.py index 1a9472d6..8958a284 100644 --- a/AppImage/scripts/security_manager.py +++ b/AppImage/scripts/security_manager.py @@ -274,6 +274,96 @@ def add_firewall_rule(direction="IN", action="ACCEPT", protocol="tcp", dport="", return False, f"Failed to add firewall rule: {str(e)}" +def edit_firewall_rule(rule_index, level="host", direction="IN", action="ACCEPT", + protocol="tcp", dport="", sport="", source="", iface="", comment=""): + """ + Edit an existing firewall rule by replacing it in-place. + Deletes the old rule at rule_index and inserts the new one at the same position. + Returns (success, message) + """ + # Validate inputs + action = action.upper() + if action not in ("ACCEPT", "DROP", "REJECT"): + return False, f"Invalid action: {action}. Must be ACCEPT, DROP, or REJECT" + direction = direction.upper() + if direction not in ("IN", "OUT"): + return False, f"Invalid direction: {direction}. Must be IN or OUT" + + # Build new rule line + parts = [direction, action] + if protocol: + parts.extend(["-p", protocol.lower()]) + if dport: + if not re.match(r'^[\d:,]+$', dport): + return False, f"Invalid destination port: {dport}" + parts.extend(["-dport", dport]) + if sport: + if not re.match(r'^[\d:,]+$', sport): + return False, f"Invalid source port: {sport}" + parts.extend(["-sport", sport]) + if source: + parts.extend(["-source", source]) + if iface: + parts.extend(["-i", iface]) + parts.extend(["-log", "nolog"]) + if comment: + safe_comment = re.sub(r'[^\w\s\-._/():]', '', comment) + parts.append(f"# {safe_comment}") + new_rule_line = " ".join(parts) + + # Determine target file + if level == "cluster": + fw_file = CLUSTER_FW + else: + fw_file = os.path.join(HOST_FW_DIR, "host.fw") + + if not os.path.isfile(fw_file): + return False, "Firewall config file not found" + + try: + with open(fw_file, 'r') as f: + content = f.read() + + lines = content.splitlines() + new_lines = [] + in_rules = False + current_rule_idx = 0 + replaced = False + + for line in lines: + stripped = line.strip() + if stripped.startswith('['): + section_match = re.match(r'\[(\w+)\]', stripped) + if section_match: + section = section_match.group(1).upper() + in_rules = section in ("RULES", "IN", "OUT") + + if in_rules and stripped and not stripped.startswith('#') and not stripped.startswith('['): + if current_rule_idx == rule_index: + # Replace the old rule with the new one + new_lines.append(new_rule_line) + replaced = True + current_rule_idx += 1 + continue + current_rule_idx += 1 + + new_lines.append(line) + + if not replaced: + return False, f"Rule index {rule_index} not found" + + with open(fw_file, 'w') as f: + f.write("\n".join(new_lines) + "\n") + + _run_cmd(["pve-firewall", "reload"]) + + return True, f"Firewall rule updated: {direction} {action} {protocol}{':' + dport if dport else ''}" + except PermissionError: + return False, "Permission denied. Cannot modify firewall config." + except Exception as e: + return False, f"Failed to edit rule: {str(e)}" + + def delete_firewall_rule(rule_index, level="host"): """ Delete a firewall rule by index from host or cluster config. From bafaaf9c47ef4028e980c01bea804af1a1153eaf Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 17:01:14 +0100 Subject: [PATCH 16/21] Update security.tsx --- AppImage/components/security.tsx | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index bf99345e..b35f4f93 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -2452,7 +2452,7 @@ ${(report.sections && report.sections.length > 0) ? `
{/* Scope breakdown */} -
+
Cluster: {clusterCount} @@ -2698,12 +2698,19 @@ ${(report.sections && report.sections.length > 0) ? ` }`}> {rule.action || "?"} - {/* Mobile: combined info */} -
- {rule.p || "*"} - / - {rule.dport || "*"} - {comment && - {comment}} + {/* Mobile: combined info on two lines */} +
+
+ {rule.p || "*"} + : + {rule.dport || "*"} + {rule.source_file} +
+ {comment && ( +

{comment}

+ )}
{/* Desktop: direction label */} {direction} From 9f8c27ddc1951f2f105fc7489be717e232e75c09 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 17:28:35 +0100 Subject: [PATCH 17/21] Update modal --- AppImage/components/security.tsx | 31 ++++++++++++------- .../components/temperature-detail-modal.tsx | 11 +++++-- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index b35f4f93..dcb2a7a2 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -2433,19 +2433,26 @@ ${(report.sections && report.sections.length > 0) ? `
{/* Visual bar */} -
-
- {acceptCount > 0 && ( -
- )} - {dropCount > 0 && ( -
- )} - {rejectCount > 0 && ( -
- )} +
+
+
+ {acceptCount > 0 && ( +
+ )} + {dropCount > 0 && ( +
+ )} + {rejectCount > 0 && ( +
+ )} +
+
+ Accept + Drop + Reject +
-
+
Accept Drop Reject diff --git a/AppImage/components/temperature-detail-modal.tsx b/AppImage/components/temperature-detail-modal.tsx index 695b894c..87cb1864 100644 --- a/AppImage/components/temperature-detail-modal.tsx +++ b/AppImage/components/temperature-detail-modal.tsx @@ -120,10 +120,15 @@ export function TemperatureDetailModal({ open, onOpenChange, liveTemperature }: const currentStatus = getStatusInfo(currentTemp) const chartColor = getStatusColor(currentTemp) - // Calculate Y axis domain with some padding + // Calculate Y axis domain including the real min/max stats (not just plotted averages) + // This ensures the axis always covers the actual recorded extremes const values = data.map((d) => d.value) - const yMin = values.length > 0 ? Math.max(0, Math.floor(Math.min(...values) - 5)) : 0 - const yMax = values.length > 0 ? Math.ceil(Math.max(...values) + 5) : 100 + const dataMin = values.length > 0 ? Math.min(...values) : 0 + const dataMax = values.length > 0 ? Math.max(...values) : 100 + const realMin = stats.min > 0 ? Math.min(dataMin, stats.min) : dataMin + const realMax = stats.max > 0 ? Math.max(dataMax, stats.max) : dataMax + const yMin = Math.max(0, Math.floor(realMin - 3)) + const yMax = Math.ceil(realMax + 3) return ( From 3e8661f5caa99cb1ec844f7322c1f2e197e5c6dc Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 17:40:09 +0100 Subject: [PATCH 18/21] Update temperature-detail-modal.tsx --- AppImage/components/temperature-detail-modal.tsx | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/AppImage/components/temperature-detail-modal.tsx b/AppImage/components/temperature-detail-modal.tsx index 87cb1864..ce53ca4d 100644 --- a/AppImage/components/temperature-detail-modal.tsx +++ b/AppImage/components/temperature-detail-modal.tsx @@ -120,15 +120,13 @@ export function TemperatureDetailModal({ open, onOpenChange, liveTemperature }: const currentStatus = getStatusInfo(currentTemp) const chartColor = getStatusColor(currentTemp) - // Calculate Y axis domain including the real min/max stats (not just plotted averages) - // This ensures the axis always covers the actual recorded extremes + // Calculate Y axis domain based on plotted data values only. + // Stats cards already show the real historical min/max separately. + // Using only graphed values keeps the chart readable and avoids + // large empty gaps caused by momentary spikes that get averaged out. const values = data.map((d) => d.value) - const dataMin = values.length > 0 ? Math.min(...values) : 0 - const dataMax = values.length > 0 ? Math.max(...values) : 100 - const realMin = stats.min > 0 ? Math.min(dataMin, stats.min) : dataMin - const realMax = stats.max > 0 ? Math.max(dataMax, stats.max) : dataMax - const yMin = Math.max(0, Math.floor(realMin - 3)) - const yMax = Math.ceil(realMax + 3) + const yMin = values.length > 0 ? Math.max(0, Math.floor(Math.min(...values) - 3)) : 0 + const yMax = values.length > 0 ? Math.ceil(Math.max(...values) + 3) : 100 return ( From 070a1b47e5544262251216e371606c84ddf3510c Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 17:59:44 +0100 Subject: [PATCH 19/21] Update security.tsx --- AppImage/components/security.tsx | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index dcb2a7a2..318b4823 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -96,6 +96,7 @@ export function Security() { dport: "", sport: "", source: "", iface: "", comment: "", level: "host", }) const [savingRule, setSavingRule] = useState(false) + const [networkInterfaces, setNetworkInterfaces] = useState<{name: string, type: string, status: string}[]>([]) // Security Tools state const [toolsLoading, setToolsLoading] = useState(true) @@ -217,6 +218,21 @@ export function Security() { } } + const loadNetworkInterfaces = async () => { + try { + const data = await fetchApi("/api/network") + if (data.interfaces) { + // Get physical + bridge + bond interfaces (exclude vm_lxc virtual taps) + const relevant = data.interfaces + .filter((i: any) => ["physical", "bridge", "bond", "vlan"].includes(i.type)) + .sort((a: any, b: any) => a.name.localeCompare(b.name)) + setNetworkInterfaces(relevant) + } + } catch { + // Silently fail - user can still type manually if needed + } + } + const loadSecurityTools = async () => { try { setToolsLoading(true) From 9f11238d43b004cea7a0cef7e64823372a5bd587 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 18:21:53 +0100 Subject: [PATCH 20/21] Update security.tsx --- AppImage/components/security.tsx | 35 ++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index 318b4823..310f4115 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -193,6 +193,7 @@ export function Security() { loadApiTokens() loadSslStatus() loadFirewallStatus() + loadNetworkInterfaces() loadSecurityTools() }, []) @@ -220,16 +221,19 @@ export function Security() { const loadNetworkInterfaces = async () => { try { + console.log("[v0] Loading network interfaces...") const data = await fetchApi("/api/network") + console.log("[v0] Network API response:", JSON.stringify(data?.interfaces?.length), "interfaces found") if (data.interfaces) { - // Get physical + bridge + bond interfaces (exclude vm_lxc virtual taps) + console.log("[v0] Interface types:", data.interfaces.map((i: any) => `${i.name}(${i.type})`).join(", ")) const relevant = data.interfaces .filter((i: any) => ["physical", "bridge", "bond", "vlan"].includes(i.type)) .sort((a: any, b: any) => a.name.localeCompare(b.name)) + console.log("[v0] Filtered interfaces:", relevant.map((i: any) => i.name).join(", ")) setNetworkInterfaces(relevant) } - } catch { - // Silently fail - user can still type manually if needed + } catch (err) { + console.log("[v0] Error loading network interfaces:", err) } } @@ -2619,12 +2623,18 @@ ${(report.sections && report.sections.length > 0) ? `
- setNewRule({...newRule, iface: e.target.value})} - className="h-9 text-sm" - /> + className="w-full h-9 rounded-md border border-border bg-card px-3 text-sm" + > + + {networkInterfaces.map((iface) => ( + + ))} +
@@ -2802,8 +2812,15 @@ ${(report.sections && report.sections.length > 0) ? `
- setEditRule({ ...editRule, iface: e.target.value })} - placeholder="e.g. vmbr0" className="h-8 text-xs mt-0.5" /> +
From f75e30afd07a98a5d9ca3fb2dedddcf9513f828d Mon Sep 17 00:00:00 2001 From: MacRimi Date: Sat, 14 Feb 2026 18:34:36 +0100 Subject: [PATCH 21/21] Update security.tsx --- AppImage/components/security.tsx | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/AppImage/components/security.tsx b/AppImage/components/security.tsx index 310f4115..d18a69ee 100644 --- a/AppImage/components/security.tsx +++ b/AppImage/components/security.tsx @@ -221,19 +221,17 @@ export function Security() { const loadNetworkInterfaces = async () => { try { - console.log("[v0] Loading network interfaces...") const data = await fetchApi("/api/network") - console.log("[v0] Network API response:", JSON.stringify(data?.interfaces?.length), "interfaces found") - if (data.interfaces) { - console.log("[v0] Interface types:", data.interfaces.map((i: any) => `${i.name}(${i.type})`).join(", ")) - const relevant = data.interfaces - .filter((i: any) => ["physical", "bridge", "bond", "vlan"].includes(i.type)) - .sort((a: any, b: any) => a.name.localeCompare(b.name)) - console.log("[v0] Filtered interfaces:", relevant.map((i: any) => i.name).join(", ")) - setNetworkInterfaces(relevant) - } - } catch (err) { - console.log("[v0] Error loading network interfaces:", err) + // The API returns interfaces in separate arrays: physical_interfaces, bridge_interfaces, etc. + // The generic "interfaces" array only holds uncategorized types and is usually empty. + const all = [ + ...(data.physical_interfaces || []), + ...(data.bridge_interfaces || []), + ...(data.interfaces || []), + ].sort((a: any, b: any) => a.name.localeCompare(b.name)) + setNetworkInterfaces(all) + } catch { + // Silently fail - select will just show "Any interface" } }