fix: files sync paste dir out bug

* feat(user-service): update dataStore use redis

* feat(wise): remove from system-frontend
fix(settings): some bugs
fix(files): some bugs

* knowledge: remove knowledge, rss, argo

---------

Co-authored-by: eball <liuy102@hotmail.com>

.github/workflows/check.yaml

@@ -65,6 +65,7 @@ jobs:
     with:
       version: ${{ needs.test-version.outputs.version }}
       ref: ${{ github.event.pull_request.head.ref }}
+      repository: ${{ github.event.pull_request.head.repo.full_name }}
 
   upload-daemon:
     needs: test-version
@@ -73,6 +74,7 @@ jobs:
     with:
       version: ${{ needs.test-version.outputs.version }}
       ref: ${{ github.event.pull_request.head.ref }}
+      repository: ${{ github.event.pull_request.head.repo.full_name }}
 
   push-image:
     runs-on: ubuntu-latest
@@ -132,6 +134,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.test-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
@@ -156,6 +159,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.test-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64

.github/workflows/push-deps-to-s3.yml

@@ -11,27 +11,13 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
 
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
@@ -42,28 +28,12 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64

.github/workflows/push-to-s3.yaml

@@ -11,22 +11,6 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          coscmd config -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       # test
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -42,23 +26,6 @@ jobs:
       - name: "Checkout source code"
         uses: actions/checkout@v3
 
-      - name: Install coscmd
-        run: pip install coscmd        
-
-      - name: Configure coscmd
-        env:
-          TENCENT_SECRET_ID: ${{ secrets.TENCENT_SECRET_ID }}
-          TENCENT_SECRET_KEY: ${{ secrets.TENCENT_SECRET_KEY }}
-          COS_BUCKET: ${{ secrets.COS_BUCKET }}
-          COS_REGION: ${{ secrets.COS_REGION }}
-          END_POINT: ${{ secrets.END_POINT }}
-        run: |
-          export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
-          coscmd config -m 10 -p 10 -a $TENCENT_SECRET_ID \
-                        -s $TENCENT_SECRET_KEY \
-                        -b $COS_BUCKET \
-                        -r $COS_REGION 
-
       - env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/release-cli.yaml

@@ -8,7 +8,17 @@ on:
         required: true
       ref:
         type: string
+      repository:
+        type: string
   workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
 jobs:
   goreleaser:
     runs-on: ubuntu-22.04
@@ -18,6 +28,7 @@ jobs:
         with:
           fetch-depth: 1
           ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repository }}
 
       - name: Add Local Git Tag For GoReleaser
         run: git tag ${{ inputs.version }}
@@ -51,6 +62,5 @@ jobs:
           AWS_DEFAULT_REGION: "us-east-1"
         run: |
           cd cli/output && for file in *.tar.gz; do
-            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
-            # coscmd upload $file /$file
+            aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
           done

.github/workflows/release-daemon.yaml

@@ -8,7 +8,17 @@ on:
         required: true
       ref:
         type: string
+      repository:
+        type: string
   workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+      ref:
+        type: string
+      repository:
+        type: string
 
 jobs:
   goreleaser:
@@ -19,6 +29,7 @@ jobs:
         with:
           fetch-depth: 1
           ref: ${{ inputs.ref }}
+          repository: ${{ inputs.repository }}
 
       - name: Add Local Git Tag For GoReleaser
         run: git tag ${{ inputs.version }}
@@ -54,5 +65,5 @@ jobs:
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
           cd daemon/output && for file in *.tar.gz; do
-            aws s3 cp "$file" s3://terminus-os-install/$file --acl=public-read
+            aws s3 cp "$file" s3://terminus-os-install${{ secrets.REPO_PATH }}${file} --acl=public-read
           done

.github/workflows/release-daily.yaml

@@ -77,6 +77,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.daily-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           bash build/deps-manifest.sh && bash build/upload-deps.sh
 
@@ -94,6 +95,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           AWS_DEFAULT_REGION: "us-east-1"
           VERSION: ${{ needs.daily-version.outputs.version }}
+          REPO_PATH: '${{ secrets.REPO_PATH }}'
         run: |
           export PATH=$PATH:/usr/local/bin:/home/ubuntu/.local/bin
           bash build/deps-manifest.sh linux/arm64 && bash build/upload-deps.sh linux/arm64
@@ -121,8 +123,8 @@ jobs:
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
           md5sum install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz > install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt && \
-          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
-          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install/install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ needs.daily-version.outputs.version }}.tar.gz --acl=public-read && \
           echo "md5sum=$(awk '{print $1}' install-wizard-v${{ needs.daily-version.outputs.version }}.md5sum.txt)" >> "$GITHUB_OUTPUT"
 
 

.github/workflows/release.yaml

@@ -80,8 +80,8 @@ jobs:
           AWS_DEFAULT_REGION: 'us-east-1'
         run: |
           md5sum install-wizard-v${{ github.event.inputs.tags }}.tar.gz > install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt && \
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
-          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install/install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt --acl=public-read && \
+          aws s3 cp install-wizard-v${{ github.event.inputs.tags }}.tar.gz s3://terminus-os-install${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.tar.gz --acl=public-read
 
   release:
     runs-on: ubuntu-latest
@@ -101,7 +101,7 @@ jobs:
       - name: Get checksum
         id: vars
         run: |
-          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net/install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
+          echo "version_md5sum=$(curl -sSfL https://dc3p1870nn3cj.cloudfront.net${{ secrets.REPO_PATH }}install-wizard-v${{ github.event.inputs.tags }}.md5sum.txt|awk '{print $1}')" >> $GITHUB_OUTPUT
 
       - name: Update checksum
         uses: eball/write-tag-to-version-file@latest

README.md

@@ -108,20 +108,15 @@ Olares has been tested and verified on the following Linux platforms:
 To get started with Olares on your own device, follow the [Getting Started Guide](https://docs.olares.com/manual/get-started/) for step-by-step instructions.
 
 ## Project navigation
-
-> [!NOTE]  
-> We are currently consolidating Olares subproject code into this repository. This process may take a few months. Once finished, you will get a comprehensive view of the entire Olares system here.
-
-
 This section lists the main directories in the Olares repository:
 
-* **`apps`**: Contains the code for system applications, primarily for `larepass`.
-* **`cli`**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
-* **`daemon`**: Contains the code for `olaresd`, the system daemon process.
+* **[`apps`](./apps)**: Contains the code for system applications, primarily for `larepass`.
+* **[`cli`](./cli)**: Contains the code for `olares-cli`, the command-line interface tool for Olares.
+* **[`daemon`](./daemon)**: Contains the code for `olaresd`, the system daemon process.
 * **`docs`**: Contains documentation for the project.
-* **`framework`**: Contains the Olares system services.
-* **`infrastructure`**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
-* **`platform`**: Contains code for cloud-native components like databases and message queues.
+* **[`framework`](./framework)**: Contains the Olares system services.
+* **[`infrastructure`](./infrastructure)**: Contains code related to infrastructure components such as computing, storage, networking, and GPUs.
+* **[`platform`](./platform)**: Contains code for cloud-native components like databases and message queues.
 * **`vendor`**: Contains code from third-party hardware vendors.
 
 ## Contributing to Olares

README_CN.md

@@ -110,19 +110,15 @@ Olares 已在以下 Linux 平台完成测试与验证：
 参考[快速上手指南](https://docs.olares.cn/zh/manual/get-started/)安装并激活 Olares。
 
 ## 项目目录
-
-> [!NOTE]
-> 我们正将 Olares 子项目的代码移动到当前仓库。此过程可能会持续数月。届时您就可以通过本仓库了解 Olares 系统的全貌。
-
 Olares 代码库中的主要目录如下：
 
-* **`apps`**: 用于存放系统应用，主要是 `larepass` 的代码。
-* **`cli`**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
-* **`daemon`**: 用于存放 `olaresd`（系统守护进程）的代码。
+* **[`apps`](./apps)**: 用于存放系统应用，主要是 `larepass` 的代码。
+* **[`cli`](./cli)**: 用于存放 `olares-cli`（Olares 的命令行界面工具）的代码。
+* **[`daemon`](./daemon)**: 用于存放 `olaresd`（系统守护进程）的代码。
 * **`docs`**: 用于存放 Olares 项目的文档。
-* **`framework`**: 用来存放 Olares 系统服务代码。
-* **`infrastructure`**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
-* **`platform`**: 用于存放数据库、消息队列等云原生组件的代码。
+* **[`framework`](./framework)**: 用来存放 Olares 系统服务代码。
+* **[`infrastructure`](./infrastructure)**: 用于存放计算，存储，网络，GPU 等基础设施的代码。
+* **[`platform`](./platform)**: 用于存放数据库、消息队列等云原生组件的代码。
 * **`vendor`**: 用于存放来自第三方硬件供应商的代码。
 
 ## 社区贡献

README_JP.md

@@ -110,18 +110,15 @@ Olaresは以下のLinuxプラットフォームで動作検証を完了してい
 
 ## プロジェクトナビゲーション
 
-> [!NOTE]
-> 現在、Olaresのサブプロジェクトのコードを当リポジトリへ移行する作業を進めています。この作業が完了するまでには数ヶ月を要する見込みです。完了後には、当リポジトリを通じてOlaresシステムの全貌をご覧いただけるようになります。
-
 このセクションでは、Olares リポジトリ内の主要なディレクトリをリストアップしています：
 
-* **`apps`**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
-* **`cli`**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
-* **`daemon`**: システムデーモンプロセスである `olaresd` のコードが含まれています。
+* **[`apps`](./apps)**: システムアプリケーションのコードが含まれており、主に `larepass` 用です。
+* **[`cli`](./cli)**: Olares のコマンドラインインターフェースツールである `olares-cli` のコードが含まれています。
+* **[`daemon`](./daemon)**: システムデーモンプロセスである `olaresd` のコードが含まれています。
 * **`docs`**: プロジェクトのドキュメントが含まれています。
-* **`framework`**: Olares システムサービスが含まれています。
-* **`infrastructure`**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
-* **`platform`**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。
+* **[`framework`](./framework)**: Olares システムサービスが含まれています。
+* **[`infrastructure`](./infrastructure)**: コンピューティング、ストレージ、ネットワーキング、GPU などのインフラストラクチャコンポーネントに関連するコードが含まれています。
+* **[`platform`](./platform)**: データベースやメッセージキューなどのクラウドネイティブコンポーネントのコードが含まれています。
 * **`vendor`**: サードパーティのハードウェアベンダーからのコードが含まれています。
 
 ## Olaresへの貢献

apps/.olares/config/user/helm-charts/system-apps/templates/system-frontend.yaml

@@ -42,6 +42,14 @@
 {{ $user_service_pg_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
+
+{{- $user_service_redis_password := "" -}}
+{{ if $user_service_secret -}}
+{{ $user_service_redis_password = (index $user_service_secret "data" "redis_password") }}
+{{ else -}}
+{{ $user_service_redis_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
 {{- $user_service_nats_secret := (lookup "v1" "Secret" $namespace "user-service-nats-secret") -}}
 {{- $nats_password := "" -}}
 {{ if $user_service_nats_secret -}}
@@ -114,22 +122,6 @@ spec:
 ---
 apiVersion: v1
 kind: Service
-metadata:
-  name: wise-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: system-frontend
-  ports:
-    - name: "frontend"
-      protocol: TCP
-      port: 80
-      targetPort: 84
-
----
-apiVersion: v1
-kind: Service
 metadata:
   name: headscale-svc
   namespace: user-space-{{ .Values.bfl.username }}
@@ -254,11 +246,11 @@ metadata:
     applications.app.bytetrade.io/group: 'true'
     applications.app.bytetrade.io/author: bytetrade.io
   annotations:
-    applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png","files":"https://file.bttcdn.com/appstore/files/icon.png","vault":"https://file.bttcdn.com/appstore/vault/icon.png","market":"https://file.bttcdn.com/appstore/appstore/icon.png"}'
-    applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings","studio":"Studio","files":"Files","vault":"Vault","market":"Market"}'
-    applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1","files":"0.0.1","vault":"0.0.1","market":"0.0.1"}'
+    applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png","files":"https://file.bttcdn.com/appstore/files/icon.png","vault":"https://file.bttcdn.com/appstore/vault/icon.png","market":"https://file.bttcdn.com/appstore/appstore/icon.png"}'
+    applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","headscale":"Headscale","settings":"Settings","studio":"Studio","files":"Files","vault":"Vault","market":"Market"}'
+    applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1","files":"0.0.1","vault":"0.0.1","market":"0.0.1"}'
     applications.app.bytetrade.io/policies: '{"dashboard":{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}}'
-    applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}],"files":[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true}],"vault":[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true}],"market":[{"name":"appstore", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true}]}'
+    applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}],"files":[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true}],"vault":[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true}],"market":[{"name":"appstore", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true}]}'
 spec:
   replicas: 1
   selector:
@@ -270,10 +262,12 @@ spec:
         app: system-frontend
         io.bytetrade.app: "true"
       annotations:
+{{ if .Values.telemetry }}
         instrumentation.opentelemetry.io/inject-nodejs: "olares-instrumentation"
         instrumentation.opentelemetry.io/nodejs-container-names: "user-service"    
         instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
         instrumentation.opentelemetry.io/inject-nginx-container-names: "system-frontend"    
+{{ end }}        
     spec:
       priorityClassName: "system-cluster-critical"
       initContainers:
@@ -351,7 +345,7 @@ spec:
             - name: PGDB
               value: user_space_{{ .Values.bfl.username }}_cloud_drive_integration
         - name: system-frontend-init
-          image: beclab/system-frontend:v1.3.93
+          image: beclab/system-frontend:v1.3.102
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -394,7 +388,6 @@ spec:
             - containerPort: 81
             - containerPort: 82
             - containerPort: 83
-            - containerPort: 84
             - containerPort: 85
             - containerPort: 86
             - containerPort: 88
@@ -474,7 +467,7 @@ spec:
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
         - name: user-service
-          image: beclab/user-service:v0.0.20
+          image: beclab/user-service:v0.0.21
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
@@ -540,6 +533,15 @@ spec:
               value: os.knowledge.{{ .Values.bfl.username}}
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: redis_password
+                  name: user-service-secrets
+            - name: REDIS_HOST
+              value: redis-cluster-proxy.user-system-guotest334
+            - name: REDIS_PORT
+              value: '6379'
               
         - name: drive-server
           image: beclab/drive:v0.0.72
@@ -769,21 +771,15 @@ spec:
         secretKeyRef:
           key: files_frontend_nats_password
           name: files-frontend-nats-secrets
-    refs:
-      - appName: files-server
-        appNamespace: os
-        subjects:
-          - name: files-notify
-            perm:
-              - pub
-              - sub
-      - appName: user-service
-        appNamespace: os
-        subjects:
-          - name: "files.*"
-            perm:
-              - pub
-              - sub
+    subjects:
+      - name: files-notify
+        permission:
+          pub: allow
+          sub: allow
+      - name: files.{{ .Values.bfl.username }}
+        permission:
+          sub: allow
+          pub: allow
     user: user-system-{{ .Values.bfl.username }}-files-frontend
 ---
 apiVersion: v1
@@ -1259,6 +1255,7 @@ metadata:
 type: Opaque
 data:
   pg_password: {{ $user_service_pg_password }}
+  redis_password: {{ $user_service_redis_password }}
 ---
 apiVersion: v1
 kind: Secret
@@ -1268,6 +1265,7 @@ metadata:
 type: Opaque
 data:
   pg_password: {{ $user_service_pg_password }}
+  redis_password: {{ $user_service_redis_password }}
 ---
 apiVersion: apr.bytetrade.io/v1alpha1
 kind: MiddlewareRequest
@@ -1288,6 +1286,23 @@ spec:
     databases:
     - name: user-service
 ---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: user-service-redis
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: user-service
+  appNamespace: user-space-{{ .Values.bfl.username }}
+  middleware: redis
+  redis:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: redis_password
+          name: user-service-secrets
+    namespace: user-service
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -1584,8 +1599,6 @@ data:
                               prefix: "/images/upload"
                             route:
                               cluster: images
-                  http_protocol_options:
-                    accept_http_10: true
                   http_filters:
                   - name: envoy.filters.http.router
                     typed_config:
@@ -2129,84 +2142,36 @@ spec:
         secretKeyRef:
           key: nats_password
           name: user-service-nats-secret
-    refs: []
     subjects:
-      - export:
-          - appName: files-server
-            sub: allow
-            pub: allow
-          - appName: files-frontend
-            sub: allow
-            pub: allow
-        name: "files.*"
+      - name: "files.*"
         permission:
           pub: allow
           sub: allow
-      - export:
-          - appName: notifications
-            sub: allow
-            pub: allow
-        name: "notification.*"
+      - name: "notification.*"
         permission:
           pub: allow
           sub: allow
-      - export:
-          - appName: search-server
-            sub: allow
-            pub: allow
-        name: "search.*"
+      - name: "search.*"
         permission:
           pub: allow
           sub: allow
-      - export:
-          - appName: seahub-server
-            sub: allow
-            pub: allow
-        name: "seahub.*"
+      - name: "seahub.*"
         permission:
           sub: allow
           pub: allow
-      - export:
-          - appName: vault-server
-            sub: allow
-            pub: allow
-        name: "vault.*"
+      - name: "vault.*"
         permission:
           sub: allow
           pub: allow
-      - export:
-          - appName: market-backend
-            sub: allow
-            pub: allow
-          - appName: app-service
-            sub: allow
-            pub: allow
-          - appName: studio-server
-            sub: allow
-            pub: deny
-        name: "application.*"
+      - name: "application.*"
         permission:
           sub: allow
           pub: allow
-      - export:
-          - appName: knowledge
-            sub: allow
-            pub: allow
-          - appName: download
-            sub: allow
-            pub: allow
-        name: "knowledge.*"
+      - name: "knowledge.*"
         permission:
           sub: allow
           pub: allow
-      - export:
-          - appName: market-backend
-            sub: allow
-            pub: allow
-          - appName: studio-server
-            sub: allow
-            pub: deny
-        name: "market.*"
+      - name: "market.*"
         permission:
           sub: allow
           pub: allow

apps/README.md

@@ -0,0 +1,20 @@
+# Olares Apps
+
+## Overview
+
+This directory contains the code for system applications, primarily for LarePass. The following are the pre-installed system applications that offer tools for managing files, knowledge, passwords, and the system itself.
+
+## System Applications Overview
+
+| Application | Description |
+| --- | --- |
+| Files | A file management app that manages and synchronizes files across devices and sources, enabling seamless sharing and access. |
+| Wise | A local-first and AI-native modern reader that helps to collect, read, and manage information from various platforms. Users can run self-hosted recommendation algorithms to filter and sort online content. |
+| Vault | A secure password manager for storing and managing sensitive information across devices. |
+| Market | A decentralized and permissionless app store for installing, uninstalling, and updating applications and recommendation algorithms. |
+| Desktop | A hub for managing and interacting with installed applications. File and application searching are also supported. |
+| Profile | An app to customize the user's profile page. |
+| Settings | A system configuration application. |
+| Dashboard | An app for monitoring system resource usage. |
+| Control Hub | The console for Olares, providing precise and autonomous control over the system and its environment. |
+| DevBox | A development tool for building and deploying Olares applications. |

build/base-package/wizard/config/account/templates/account.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     iam.kubesphere.io/uninitialized: "true"
     helm.sh/resource-policy: keep
-    bytetrade.io/owner-role: platform-admin
+    bytetrade.io/owner-role: owner
     bytetrade.io/terminus-name: "{{.Values.user.terminus_name}}"
     bytetrade.io/launcher-auth-policy: two_factor
     bytetrade.io/launcher-access-level: "1"
@@ -23,4 +23,4 @@ spec:
   groups:
   - lldap_admin
 status:
-  state: Active
+  state: Created

build/build-manifest.py

@@ -39,6 +39,7 @@ def main():
 
     manifest_file = args.manifest_file
     version = os.environ.get("VERSION", "")
+    repo_path = os.environ.get("REPO_PATH", "/")
     manifest_amd64_data = {}
     manifest_arm64_data = {}
 
@@ -54,6 +55,9 @@ def main():
                 if version:
                     line = line.replace("#__VERSION__", version)
 
+                # Replace repo path
+                if repo_path:
+                    line = line.replace("#__REPO_PATH__", repo_path)
 
                 fields = line.split(",")
                 if len(fields) < 5:

build/build-manifest.sh

@@ -46,6 +46,9 @@ while read line; do
 done < components
 sed -i "s/#__VERSION__/${VERSION}/g" $manifest_file
 
+path="${REPO_PATH:-/}"
+sed -i "s|#__REPO_PATH__|${path}|g" $manifest_file
+
 path="images"
 for deps in "images.mf"; do
     while read line; do

build/deps-manifest.sh

@@ -77,3 +77,5 @@ find $BASE_DIR/../ -type f -name Olares.yaml | while read f; do
 done
 
 sed -i "s/#__VERSION__/${VERSION}/g" ${manifest}
+path="${REPO_PATH:-/}"
+sed -i "s|#__REPO_PATH__|${path}|g" ${manifest}

cli/README.md

@@ -1 +1,92 @@
-# installer
+# Olares CLI
+
+This directory contains the code for **olares-cli**, the official command-line interface for administering an **Olares** cluster. It provides a modular, pipeline-based architecture for orchestrating complex system operations. See the full [Olares CLI Documentation](https://docs.olares.com/developer/install/cli-1.12/olares-cli.html) for command reference and tutorials.
+
+Key responsibilities include: 
+- **Cluster management**: Installing, upgrading, restarting, and maintaining an Olares cluster.
+- **Node management**: Adding to or removing nodes from an Olares cluster.
+
+
+## Execution Model
+
+For most of the commands, `olares-cli` is executed through a four-tier hierarchy:
+
+```
+Pipeline ➜ Module ➜ Task ➜ Action
+````
+
+### Example: `install-olares` Pipeline
+
+```text
+Pipeline: Install Olares
+├── ...other modules
+└── Module: Bootstrap OS
+    ├── ...other tasks
+    ├── Task: Check Prerequisites
+    │   └── Action: run-precheck.sh
+    └── Task: Configure System
+        └── Action: apply-sysctl
+````
+
+
+## Repository layout
+
+```text
+cli/
+├── cmd/                  # Cobra command definitions
+│   ├── main.go           # CLI entry point
+│   └── ctl/
+│       ├── root.go
+│       ├── os/           # OS-level maintenance commands
+│       ├── node/         # Cluster node operations
+│       └── gpu/          # GPU management
+└── pkg/
+    ├── core/
+    │   ├── action/       # Re-usable action primitives
+    │   ├── module/       # Module abstractions
+    │   ├── pipeline/     # Pipeline abstractions
+    │   └── task/         # Task abstractions
+    └── pipelines/        # Pre-built pipelines
+    │   ├── ...           # actual modules and tasks for various commands and components
+```
+
+
+## Build from source
+
+### Prerequisites
+
+* **Go 1.24+**
+* **GoReleaser** (optional, for cross-compiling and packaging)
+
+### Sample commands
+
+```bash
+# Clone the repo and enter the CLI folder
+cd cli
+
+# 1) Build for the host OS/ARCH
+go build -o olares-cli ./cmd/main.go
+
+# 2) Cross-compile for Linux amd64 (from macOS, for example)
+GOOS=linux GOARCH=amd64 go build -o olares-cli ./cmd/main.go
+
+# 3) Produce multi-platform artifacts (tar.gz, checksums, etc.)
+goreleaser release --snapshot --clean
+```
+
+---
+
+## Development workflow
+
+### Add a new command
+
+1. Create the command file in `cmd/ctl/<category>/`.
+2. Define a pipeline in `pkg/pipelines/`.
+3. Implement modules & tasks inside the relevant `pkg/` sub-packages.
+
+
+### Test your build
+
+1. Upload the self-built `olares-cli` binary to a machine that's running Olares.
+2. Replace the existing `olares-cli` binary on the machine using `sudo cp -f olares-cli /usr/local/bin`.
+3. Execute arbitrary commands using `olares-cli`

cli/pkg/common/plugins.go

@@ -1,17 +1,16 @@
 package common
 
 const (
-	NamespaceDefault                       = "default"
-	NamespaceKubeNodeLease                 = "kube-node-lease"
-	NamespaceKubePublic                    = "kube-public"
-	NamespaceKubeSystem                    = "kube-system"
-	NamespaceKubekeySystem                 = "kubekey-system"
-	NamespaceKubesphereControlsSystem      = "kubesphere-controls-system"
-	NamespaceKubesphereMonitoringFederated = "kubesphere-monitoring-federated"
-	NamespaceKubesphereMonitoringSystem    = "kubesphere-monitoring-system"
-	NamespaceKubesphereSystem              = "kubesphere-system"
-	NamespaceOsFramework                   = "os-framework"
-	NamespaceOsPlatform                    = "os-platform"
+	NamespaceDefault                    = "default"
+	NamespaceKubeNodeLease              = "kube-node-lease"
+	NamespaceKubePublic                 = "kube-public"
+	NamespaceKubeSystem                 = "kube-system"
+	NamespaceKubekeySystem              = "kubekey-system"
+	NamespaceKubesphereControlsSystem   = "kubesphere-controls-system"
+	NamespaceKubesphereMonitoringSystem = "kubesphere-monitoring-system"
+	NamespaceKubesphereSystem           = "kubesphere-system"
+	NamespaceOsFramework                = "os-framework"
+	NamespaceOsPlatform                 = "os-platform"
 
 	ChartNameRedis               = "redis"
 	ChartNameSnapshotController  = "snapshot-controller"

cli/pkg/daemon/task.go

@@ -133,8 +133,11 @@ type DisableTerminusdService struct {
 }
 
 func (s *DisableTerminusdService) Execute(runtime connector.Runtime) error {
-	if _, err := runtime.GetRunner().SudoCmd("systemctl disable --now olaresd", false, true); err != nil {
-		return errors.Wrap(errors.WithStack(err), "disable olaresd failed")
+	stdout, _ := runtime.GetRunner().SudoCmd("systemctl is-active olaresd", false, false)
+	if stdout == "active" {
+		if _, err := runtime.GetRunner().SudoCmd("systemctl disable --now olaresd", false, true); err != nil {
+			return errors.Wrap(errors.WithStack(err), "disable olaresd failed")
+		}
 	}
 	return nil
 }
@@ -144,10 +147,18 @@ type UninstallTerminusd struct {
 }
 
 func (r *UninstallTerminusd) Execute(runtime connector.Runtime) error {
+	var olaresdFiles []string
 	svcpath := filepath.Join("/etc/systemd/system", templates.TerminusdService.Name())
 	svcenvpath := filepath.Join("/etc/systemd/system", templates.TerminusdEnv.Name())
-	if _, err := runtime.GetRunner().SudoCmd(fmt.Sprintf("rm -rf %s && rm -rf %s && rm -rf /usr/local/bin/olaresd", svcpath, svcenvpath), false, false); err != nil {
-		return errors.Wrap(errors.WithStack(err), "remove olaresd failed")
+	binPath := "/usr/local/bin/olaresd"
+	olaresdFiles = append(olaresdFiles, svcpath, svcenvpath, binPath)
+	for _, pidFile := range []string{"installing.pid", "changingip.pid"} {
+		olaresdFiles = append(olaresdFiles, filepath.Join(runtime.GetBaseDir(), pidFile))
+	}
+	for _, f := range olaresdFiles {
+		if _, err := runtime.GetRunner().SudoCmd(fmt.Sprintf("rm -rf %s", f), false, false); err != nil {
+			return errors.Wrap(errors.WithStack(err), "remove olaresd failed")
+		}
 	}
 	return nil
 }

cli/pkg/kubesphere/plugins/files/build/ks-core-config/values.yaml

@@ -4,8 +4,6 @@
 
 image:
   # Overrides the image tag whose default is the chart appVersion.
-  ks_controller_manager_repo: kubesphere/ks-controller-manager
-  ks_controller_manager_tag: "v3.3.0"
 
   ks_apiserver_repo: beclab/ks-apiserver
   ks_apiserver_tag: "v3.3.0-ext-3"

cli/pkg/kubesphere/plugins/files/build/ks-core/templates/ks-controller-manager.yaml

@@ -1,121 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: ks-controller-manager
-    tier: backend
-    version: {{ .Chart.AppVersion }}
-  name: ks-controller-manager
-spec:
-  strategy:
-    rollingUpdate:
-      maxSurge: 0
-    type: RollingUpdate
-  progressDeadlineSeconds: 600
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      app: ks-controller-manager
-      tier: backend
-      # version: {{ .Chart.AppVersion }}
-  template:
-    metadata:
-      labels:
-        app: ks-controller-manager
-        tier: backend
-        # version: {{ .Chart.AppVersion }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-      - command:
-        - controller-manager
-        - --logtostderr=true
-        - --leader-elect=false
-        image: beclab/ks-controller-manager:0.0.21
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        name: ks-controller-manager
-        ports:
-        - containerPort: 8080
-          protocol: TCP
-        resources:
-          {{- toYaml .Values.controller.resources | nindent 12 }}
-        volumeMounts:
-        - mountPath: /etc/kubesphere/
-          name: kubesphere-config
-        - mountPath: /etc/localtime
-          name: host-time
-          readOnly: true
-        {{- if .Values.controller.extraVolumeMounts }}
-          {{- toYaml .Values.controller.extraVolumeMounts | nindent 8 }}
-        {{- end }}
-        env:
-        {{- if .Values.env }}
-        {{- toYaml .Values.env | nindent 8 }}
-        {{- end }}
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
-      terminationGracePeriodSeconds: 30
-      volumes:
-      - name: kubesphere-config
-        configMap:
-          name: kubesphere-config
-          defaultMode: 420
-      - hostPath:
-          path: /etc/localtime
-          type: ""
-        name: host-time
-      {{- if .Values.controller.extraVolumes }}
-        {{ toYaml .Values.controller.extraVolumes | nindent 6 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - topologyKey: kubernetes.io/hostname
-            labelSelector:
-              matchExpressions:
-              - key: app
-                operator: In
-                values:
-                - ks-controller-manager
-            namespaces:
-            - kubesphere-system
-{{- with .Values.nodeAffinity }}
-        nodeAffinity:
-{{ toYaml . | indent 10 }}
-{{- end }}
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: ks-controller-manager
-    tier: backend
-    version: {{ .Chart.AppVersion }}
-  name: ks-controller-manager
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 8443
-  selector:
-    app: ks-controller-manager
-    tier: backend
-    # version: {{ .Chart.AppVersion }}
-  sessionAffinity: None
-  type: ClusterIP

cli/pkg/kubesphere/plugins/files/build/ks-core/values.yaml

@@ -4,8 +4,6 @@
 
 image:
   # Overrides the image tag whose default is the chart appVersion.
-  ks_controller_manager_repo: kubesphere/ks-controller-manager
-  ks_controller_manager_tag: "v3.3.0"
 
   ks_apiserver_repo: beclab/ks-apiserver
   ks_apiserver_tag: "v3.3.0-ext-3"

cli/pkg/kubesphere/plugins/kscore_config.go

@@ -58,12 +58,12 @@ var kscorecrds = []map[string]string{
 		"resource": "default-http-backend",
 		"release":  "ks-core",
 	},
-	{
-		"ns":       "kubesphere-system",
-		"kind":     "secrets",
-		"resource": "ks-controller-manager-webhook-cert",
-		"release":  "ks-core",
-	},
+	//{
+	//	"ns":       "kubesphere-system",
+	//	"kind":     "secrets",
+	//	"resource": "ks-controller-manager-webhook-cert",
+	//	"release":  "ks-core",
+	//},
 	{
 		"ns":       "kubesphere-system",
 		"kind":     "serviceaccounts",
@@ -100,24 +100,24 @@ var kscorecrds = []map[string]string{
 		"resource": "ks-apiserver",
 		"release":  "ks-core",
 	},
-	{
-		"ns":       "kubesphere-system",
-		"kind":     "services",
-		"resource": "ks-controller-manager",
-		"release":  "ks-core",
-	},
+	//{
+	//	"ns":       "kubesphere-system",
+	//	"kind":     "services",
+	//	"resource": "ks-controller-manager",
+	//	"release":  "ks-core",
+	//},
 	{
 		"ns":       "kubesphere-system",
 		"kind":     "deployments",
 		"resource": "ks-apiserver",
 		"release":  "ks-core",
 	},
-	{
-		"ns":       "kubesphere-system",
-		"kind":     "deployments",
-		"resource": "ks-controller-manager",
-		"release":  "ks-core",
-	},
+	//{
+	//	"ns":       "kubesphere-system",
+	//	"kind":     "deployments",
+	//	"resource": "ks-controller-manager",
+	//	"release":  "ks-core",
+	//},
 	//{
 	//	"ns":       "kubesphere-system",
 	//	"kind":     "validatingwebhookconfigurations",

cli/pkg/kubesphere/plugins/tasks.go

@@ -65,7 +65,7 @@ func (t *InitNamespace) Execute(runtime connector.Runtime) error {
 		kubectlpath = path.Join(common.BinDir, common.CommandKubectl)
 	}
 
-	for _, ns := range []string{common.NamespaceKubesphereControlsSystem, common.NamespaceKubesphereMonitoringFederated} {
+	for _, ns := range []string{common.NamespaceKubesphereControlsSystem} {
 		if stdout, err := runtime.GetRunner().Cmd(fmt.Sprintf("%s create ns %s", kubectlpath, ns), false, true); err != nil {
 			if !strings.Contains(stdout, "already exists") {
 				logger.Errorf("create ns %s failed: %v", ns, err)
@@ -98,8 +98,6 @@ func (t *InitNamespace) Execute(runtime connector.Runtime) error {
 		common.NamespaceKubeSystem,
 		common.NamespaceKubekeySystem,
 		common.NamespaceKubesphereControlsSystem,
-		common.NamespaceKubesphereMonitoringFederated,
-		common.NamespaceKubesphereMonitoringSystem,
 		common.NamespaceKubesphereSystem,
 	}
 

cli/pkg/kubesphere/tasks.go

@@ -355,7 +355,7 @@ func (c *Check) Execute(runtime connector.Runtime) error {
 		return fmt.Errorf("kubectl not found")
 	}
 
-	var labels = []string{"app=ks-apiserver", "app=ks-controller-manager"}
+	var labels = []string{"app=ks-apiserver"}
 
 	for _, label := range labels {
 		var cmd = fmt.Sprintf("%s get pod -n %s -l '%s' -o jsonpath='{.items[0].status.phase}'", kubectlpath, common.NamespaceKubesphereSystem, label)

cli/pkg/phase/cluster/delete_cluster.go

@@ -133,24 +133,13 @@ func (p *phaseBuilder) phasePrepare() *phaseBuilder {
 				PhaseFile: common.TerminusStateFilePrepared,
 				BaseDir:   p.runtime.GetBaseDir(),
 			},
+			&daemon.UninstallTerminusdModule{},
 			&terminus.RemoveReleaseFileModule{},
 		)
 	}
 	return p
 }
 
-func (p *phaseBuilder) phaseDownload() *phaseBuilder {
-	terminusdAction := &daemon.CheckTerminusdService{}
-	err := terminusdAction.Execute()
-
-	if p.convert() >= PhaseDownload {
-		if err == nil {
-			p.modules = append(p.modules, &daemon.UninstallTerminusdModule{})
-		}
-	}
-	return p
-}
-
 func (p *phaseBuilder) phaseMacos() {
 	p.modules = []module.Module{
 		&precheck.GreetingsModule{},
@@ -178,8 +167,7 @@ func UninstallTerminus(phase string, runtime *common.KubeRuntime) pipeline.Pipel
 		builder.
 			phaseInstall().
 			phaseStorage().
-			phasePrepare().
-			phaseDownload()
+			phasePrepare()
 	}
 
 	return pipeline.Pipeline{

cli/pkg/release/builder/builder.go

@@ -11,6 +11,7 @@ import (
 
 type Builder struct {
 	olaresRepoRoot  string
+	vendorRepoPath  string
 	distPath        string
 	version         string
 	manifestManager *manifest.Manager
@@ -19,8 +20,13 @@ type Builder struct {
 
 func NewBuilder(olaresRepoRoot, version, cdnURL string, ignoreMissingImages bool) *Builder {
 	distPath := filepath.Join(olaresRepoRoot, ".dist/install-wizard")
+	vendorRepoPath := os.Getenv("OLARES_VENDOR_REPO_PATH")
+	if vendorRepoPath == "" {
+		vendorRepoPath = "/"
+	}
 	return &Builder{
 		olaresRepoRoot:  olaresRepoRoot,
+		vendorRepoPath:  vendorRepoPath,
 		distPath:        distPath,
 		version:         version,
 		manifestManager: manifest.NewManager(olaresRepoRoot, distPath, cdnURL, ignoreMissingImages),
@@ -68,6 +74,9 @@ func (b *Builder) archive() (string, error) {
 		if err := util.ReplaceInFile(file, "#__VERSION__", b.version); err != nil {
 			return "", err
 		}
+		if err := util.ReplaceInFile(file, "#__REPO_PATH__", b.vendorRepoPath); err != nil {
+			return "", err
+		}
 	}
 
 	tarFile := filepath.Join(b.olaresRepoRoot, fmt.Sprintf("install-wizard-%s.tar.gz", versionStr))

daemon/.olares/Olares.yaml

@@ -5,5 +5,5 @@ output:
     - 
       id: olaresd
       name: olaresd-v#__VERSION__.tar.gz
-      amd64: https://dc3p1870nn3cj.cloudfront.net/olaresd-v#__VERSION__-linux-amd64.tar.gz
-      arm64: https://dc3p1870nn3cj.cloudfront.net/olaresd-v#__VERSION__-linux-arm64.tar.gz
+      amd64: https://dc3p1870nn3cj.cloudfront.net#__REPO_PATH__olaresd-v#__VERSION__-linux-amd64.tar.gz
+      arm64: https://dc3p1870nn3cj.cloudfront.net#__REPO_PATH__olaresd-v#__VERSION__-linux-arm64.tar.gz

daemon/README.md

@@ -0,0 +1,170 @@
+
+# Olares System Daemon (`olaresd`)
+
+`olaresd` is the foundational process that boots on every Olares node. It runs as a `systemd` service on port `18088`, exposing a secure REST API for hardware abstraction, network orchestration, storage management, and turnkey cluster operations—all before Kubernetes starts. 
+
+Olaresd is installed as a systemd service in `/etc/systemd/system/olaresd.service`.
+
+## Key features
+
+- **System monitoring**: Continuous health checks of cluster and node status.
+- **Cluster lifecycle management**: Automated install, upgrade, IP-switching, restart, and maintenance operations.
+- **Hardware Abstraction**: USB auto-mounting, storage provisioning, and management.
+- **Network Management**: mDNS service discovery, WiFi onboarding, and network interface control.
+
+## REST API reference
+
+The daemon provides an authenticated REST API (using signature-based auth):
+
+**Base URL**: `http://<node-ip>:18088`
+
+### System commands `/command/`
+
+**Lifecycle operations**
+
+| Method | Endpoint                    | Description                  |
+|--------|-----------------------------|------------------------------|
+| POST   | `/command/install`          | Install Olares               |
+| POST   | `/command/uninstall`        | Uninstall Olares             |
+| POST   | `/command/upgrade`          | Upgrade Olares               |
+| DELETE | `/command/upgrade`          | Cancel upgrade               |
+| POST   | `/command/reboot`           | Reboot node                  |
+| POST   | `/command/shutdown`         | Shutdown node                |
+
+**Network configuration**
+
+| Method | Endpoint                    | Description                  |
+|--------|-----------------------------|------------------------------|
+| POST   | `/command/connect-wifi`     | Connect to WiFi              |
+| POST   | `/command/change-host`      | Change Olares IP binding     |
+
+**Storage management**
+
+| Method | Endpoint                          | Description                        |
+|--------|-----------------------------------|------------------------------------|
+| POST   | `/command/mount-samba`            | Mount SMB shares                   |
+| POST   | `/command/v2/mount-samba`         | Enhanced SMB mounting              |
+| POST   | `/command/umount-samba`           | Unmount SMB shares                 |
+| POST   | `/command/umount-samba-incluster` | Cluster-wide SMB unmount           |
+| POST   | `/command/umount-usb`             | Unmount USB device                 |
+| POST   | `/command/umount-usb-incluster`   | Cluster-wide USB unmount           |
+
+**System Maintenance**
+
+| Method | Endpoint                    | Description                         |
+|--------|-----------------------------|-------------------------------------|
+| POST   | `/command/collect-logs`     | Collect system logs for diagnostics |
+
+---
+
+### System information (`/system/`)
+
+**System status**
+
+| Method | Endpoint                 | Description                 |
+|--------|--------------------------|-----------------------------|
+| GET    | `/system/status`         | Get full system status      |
+| GET    | `/system/ifs`            | List network interfaces     |
+| GET    | `/system/hosts-file`     | View `/etc/hosts`           |
+| POST   | `/system/hosts-file`     | Update `/etc/hosts`         |
+
+**Mount information**
+
+| Method | Endpoint                        | Description                    |
+|--------|---------------------------------|--------------------------------|
+| GET    | `/system/mounted-usb`           | Mounted USB devices            |
+| GET    | `/system/mounted-hdd`           | Mounted hard drives            |
+| GET    | `/system/mounted-smb`           | Mounted SMB shares             |
+| GET    | `/system/mounted-path`          | All mount points               |
+
+**Cluster-wide mounts**
+
+| Method | Endpoint                             | Description                      |
+|--------|--------------------------------------|----------------------------------|
+| GET    | `/system/mounted-usb-incluster`      | USB mounts in cluster            |
+| GET    | `/system/mounted-hdd-incluster`      | HDD mounts in cluster            |
+| GET    | `/system/mounted-smb-incluster`      | SMB mounts in cluster            |
+| GET    | `/system/mounted-path-incluster`     | All cluster mounts               |
+
+---
+
+### Container management (`/containerd/`)
+
+**Registry Management**
+
+| Method | Endpoint                                  | Description                         |
+|--------|-------------------------------------------|-------------------------------------|
+| GET    | `/containerd/registries`                  | List registries                     |
+| GET    | `/containerd/registry/mirrors/`           | List registry mirrors               |
+| GET    | `/containerd/registry/mirrors/:registry`  | Get specific registry mirror        |
+| PUT    | `/containerd/registry/mirrors/:registry`  | Update registry mirror              |
+| DELETE | `/containerd/registry/mirrors/:registry`  | Delete registry mirror              |
+
+**Image Management**
+
+| Method | Endpoint                         | Description                    |
+|--------|----------------------------------|--------------------------------|
+| GET    | `/containerd/images/`            | List container images          |
+| DELETE | `/containerd/images/:image`      | Delete specific image          |
+| POST   | `/containerd/images/prune`       | Remove unused images           |
+
+
+## Build from source
+
+### Prerequisites
+
+* Go 1.24+
+* GoReleaser (Optional, for creating release artifacts)
+
+### Steps
+
+1.  **Navigate to the daemon directory:**
+
+    ```bash
+    cd daemon
+    ```
+
+2.  **Build for your host OS/architecture:**
+
+    ```bash
+    go build -o olaresd ./cmd/olaresd/main.go
+    ```
+
+3.  **Cross-compile for another target (e.g., Linux AMD64):**
+
+    ```bash
+    GOOS=linux GOARCH=amd64 go build -o olaresd ./cmd/olaresd/main.go
+    ```
+
+4.  **Produce release artifacts (optional):**
+
+    ```bash
+    goreleaser release --snapshot --clean
+    ```
+
+## Extend `olaresd`
+
+To add a new command API:
+
+1.  **Define command**: Add a new command struct in `pkg/commands/`.
+2.  **Implement handler**: Create the corresponding HTTP handler logic in `internal/apiserver/handlers/`.
+3.  **Register route**: Register the new API route in `internal/apiserver/server.go`.
+4.  **Update state**: If the command modifies the cluster's state, ensure you update the logic in `pkg/cluster/state/`.
+5.  **Validate**: Run `go vet ./... && go test ./...` to check for issues and ensure all tests pass before opening a pull request.
+
+
+### Test a custom build
+
+1.  Copy the binary to your Olares node.
+
+2.  On the node, replace the existing binary:
+
+    ```bash
+    # Move the new binary into place
+    sudo cp -f /tmp/olaresd /usr/local/bin/
+
+3. Restart the daemon to apply changes:
+    
+   ``` 
+   sudo systemctl restart olaresd
+   ```

daemon/cmd/terminusd/main.go

@@ -49,10 +49,7 @@ func main() {
 
 	mainCtx, cancel := context.WithCancel(context.Background())
 
-	apis, err := apiserver.NewServer(mainCtx, port)
-	if err != nil {
-		panic(err)
-	}
+	apis := apiserver.NewServer(mainCtx, port)
 
 	if err := state.CheckCurrentStatus(mainCtx); err != nil {
 		klog.Error(err)

daemon/internel/apiserver/handlers/command_group.go

@@ -0,0 +1,83 @@
+package handlers
+
+import (
+	"github.com/beclab/Olares/daemon/internel/apiserver/server"
+	changehost "github.com/beclab/Olares/daemon/pkg/commands/change_host"
+	collectlogs "github.com/beclab/Olares/daemon/pkg/commands/collect_logs"
+	connectwifi "github.com/beclab/Olares/daemon/pkg/commands/connect_wifi"
+	"github.com/beclab/Olares/daemon/pkg/commands/install"
+	mountsmb "github.com/beclab/Olares/daemon/pkg/commands/mount_smb"
+	"github.com/beclab/Olares/daemon/pkg/commands/reboot"
+	"github.com/beclab/Olares/daemon/pkg/commands/shutdown"
+	umountsmb "github.com/beclab/Olares/daemon/pkg/commands/umount_smb"
+	umountusb "github.com/beclab/Olares/daemon/pkg/commands/umount_usb"
+	"github.com/beclab/Olares/daemon/pkg/commands/uninstall"
+	"github.com/beclab/Olares/daemon/pkg/commands/upgrade"
+	"k8s.io/klog/v2"
+)
+
+func init() {
+	s := server.API
+	cmd := s.App.Group("command")
+	cmd.Post("/install", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostTerminusInit, install.New))))
+
+	cmd.Post("/uninstall", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostTerminusUninstall, uninstall.New))))
+
+	cmd.Post("/upgrade", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.RequestOlaresUpgrade, upgrade.NewCreateUpgradeTarget))))
+
+	cmd.Delete("/upgrade", handlers.RequireSignature(
+		handlers.RunCommand(handlers.CancelOlaresUpgrade, upgrade.NewRemoveUpgradeTarget)))
+
+	cmd.Post("/reboot", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostReboot, reboot.New))))
+
+	cmd.Post("/shutdown", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostShutdown, shutdown.New))))
+
+	cmd.Post("/connect-wifi", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostConnectWifi, connectwifi.New))))
+
+	cmd.Post("/change-host", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostChangeHost, changehost.New))))
+
+	cmd.Post("/umount-usb", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostUmountUsb, umountusb.New))))
+
+	cmd.Post("/umount-usb-incluster", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostUmountUsbInCluster, umountusb.New))))
+
+	cmd.Post("/collect-logs", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostCollectLogs, collectlogs.New))))
+
+	cmd.Post("/mount-samba", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostMountSambaDriver, mountsmb.New))))
+
+	cmd.Post("/umount-samba", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostUmountSmb, umountsmb.New))))
+
+	cmd.Post("/umount-samba-incluster", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostUmountSmbInCluster, umountsmb.New))))
+
+	cmdv2 := cmd.Group("v2")
+	cmdv2.Post("/mount-samba", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostMountSambaDriverV2, mountsmb.New))))
+
+	klog.Info("command handlers initialized")
+}

daemon/internel/apiserver/handlers/containerd_group.go

@@ -0,0 +1,28 @@
+package handlers
+
+import (
+	"github.com/beclab/Olares/daemon/internel/apiserver/server"
+	"k8s.io/klog/v2"
+)
+
+func init() {
+	s := server.API
+	containerd := s.App.Group("containerd")
+	containerd.Get("/registries", handlers.RequireSignature(handlers.ListRegistries))
+
+	registry := containerd.Group("registry")
+	mirrors := registry.Group("mirrors")
+
+	mirrors.Get("/", handlers.RequireSignature(handlers.GetRegistryMirrors))
+	mirrors.Get("/:registry", handlers.RequireSignature(handlers.GetRegistryMirror))
+	mirrors.Put("/:registry", handlers.RequireSignature(handlers.UpdateRegistryMirror))
+	mirrors.Delete("/:registry", handlers.RequireSignature(handlers.DeleteRegistryMirror))
+
+	image := containerd.Group("images")
+
+	image.Get("/", handlers.RequireSignature(handlers.ListImages))
+	image.Delete("/:image", handlers.RequireSignature(handlers.DeleteImage))
+	image.Post("/prune", handlers.RequireSignature(handlers.PruneImages))
+
+	klog.Info("containerd handlers initialized")
+}

daemon/internel/apiserver/handlers/handler_change_host.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -13,7 +13,7 @@ type ChangeHostReq struct {
 	IP string `json:"ip"`
 }
 
-func (h *handlers) PostChangeHost(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostChangeHost(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req ChangeHostReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_collect_logs.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) PostCollectLogs(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostCollectLogs(ctx *fiber.Ctx, cmd commands.Interface) error {
 	_, err := cmd.Execute(ctx.Context(), nil)
 	if err != nil {
 		klog.Error("execute command error, ", err, ", ", cmd.OperationName().Stirng())

daemon/internel/apiserver/handlers/handler_connect_wifi.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -14,7 +14,7 @@ type ConnectWifiReq struct {
 	SSID     string `json:"ssid"`
 }
 
-func (h *handlers) PostConnectWifi(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostConnectWifi(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req ConnectWifiReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_containerd.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) ListRegistries(ctx *fiber.Ctx) error {
+func (h *Handlers) ListRegistries(ctx *fiber.Ctx) error {
 	images, err := containerd.ListRegistries(ctx)
 	if err != nil {
 		klog.Error("list registries error, ", err)
@@ -17,7 +17,7 @@ func (h *handlers) ListRegistries(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", images)
 }
 
-func (h *handlers) GetRegistryMirrors(ctx *fiber.Ctx) error {
+func (h *Handlers) GetRegistryMirrors(ctx *fiber.Ctx) error {
 	mirrors, err := containerd.GetRegistryMirrors(ctx)
 	if err != nil {
 		klog.Error("get registry mirrors error, ", err)
@@ -27,7 +27,7 @@ func (h *handlers) GetRegistryMirrors(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", mirrors)
 }
 
-func (h *handlers) GetRegistryMirror(ctx *fiber.Ctx) error {
+func (h *Handlers) GetRegistryMirror(ctx *fiber.Ctx) error {
 	mirror, err := containerd.GetRegistryMirror(ctx)
 	if err != nil {
 		klog.Error("get registry mirror error, ", err)
@@ -37,7 +37,7 @@ func (h *handlers) GetRegistryMirror(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", mirror)
 }
 
-func (h *handlers) UpdateRegistryMirror(ctx *fiber.Ctx) error {
+func (h *Handlers) UpdateRegistryMirror(ctx *fiber.Ctx) error {
 	mirror, err := containerd.UpdateRegistryMirror(ctx)
 	if err != nil {
 		klog.Error("update registry mirror error, ", err)
@@ -47,7 +47,7 @@ func (h *handlers) UpdateRegistryMirror(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", mirror)
 }
 
-func (h *handlers) DeleteRegistryMirror(ctx *fiber.Ctx) error {
+func (h *Handlers) DeleteRegistryMirror(ctx *fiber.Ctx) error {
 	if err := containerd.DeleteRegistryMirror(ctx); err != nil {
 		klog.Error("delete registry mirror error, ", err)
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -56,7 +56,7 @@ func (h *handlers) DeleteRegistryMirror(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success")
 }
 
-func (h *handlers) ListImages(ctx *fiber.Ctx) error {
+func (h *Handlers) ListImages(ctx *fiber.Ctx) error {
 	registry := ctx.Query("registry")
 	images, err := containerd.ListImages(ctx, registry)
 	if err != nil {
@@ -66,7 +66,7 @@ func (h *handlers) ListImages(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", images)
 }
 
-func (h *handlers) DeleteImage(ctx *fiber.Ctx) error {
+func (h *Handlers) DeleteImage(ctx *fiber.Ctx) error {
 	if err := containerd.DeleteImage(ctx); err != nil {
 		klog.Error("delete image error, ", err)
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -74,7 +74,7 @@ func (h *handlers) DeleteImage(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success")
 }
 
-func (h *handlers) PruneImages(ctx *fiber.Ctx) error {
+func (h *Handlers) PruneImages(ctx *fiber.Ctx) error {
 	res, err := containerd.PruneImages(ctx)
 	if err != nil {
 		klog.Error("prune images error, ", err)

daemon/internel/apiserver/handlers/handler_hosts.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -9,7 +9,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) GetHostsfile(ctx *fiber.Ctx) error {
+func (h *Handlers) GetHostsfile(ctx *fiber.Ctx) error {
 	items, err := nets.GetHostsFile()
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusServiceUnavailable, err.Error())
@@ -22,7 +22,7 @@ type writeHostsfileReq struct {
 	Items []*nets.HostsItem `json:"items"`
 }
 
-func (h *handlers) PostHostsfile(ctx *fiber.Ctx) error {
+func (h *Handlers) PostHostsfile(ctx *fiber.Ctx) error {
 	var req writeHostsfileReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_ifs.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -21,6 +21,7 @@ type NetIf struct {
 	Strength          *int    `json:"strength,omitempty"`
 	MTU               int     `json:"mtu,omitempty"`
 	InternetConnected *bool   `json:"internetConnected,omitempty"`
+	Hostname          string  `json:"hostname,omitempty"` // Hostname of the device
 
 	Ipv4Gateway      *string  `json:"ipv4Gateway,omitempty"`
 	Ipv6Gateway      *string  `json:"ipv6Gateway,omitempty"`
@@ -34,7 +35,7 @@ type NetIf struct {
 	TxRate           *float64 `json:"txRate,omitempty"` // in bytes per second
 }
 
-func (h *handlers) GetNetIfs(ctx *fiber.Ctx) error {
+func (h *Handlers) GetNetIfs(ctx *fiber.Ctx) error {
 	test := ctx.Query("testConnectivity", "false")
 
 	ifaces, err := nets.GetInternalIpv4Addr(test != "true")
@@ -65,6 +66,7 @@ func (h *handlers) GetNetIfs(ctx *fiber.Ctx) error {
 			IP:       i.IP,
 			IsHostIp: i.IP == hostip,
 			MTU:      i.Iface.MTU,
+			Hostname: host,
 		}
 
 		if wifiDevs != nil {
@@ -137,8 +139,8 @@ func (h *handlers) GetNetIfs(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "", res)
 }
 
-func (h *handlers) findAp(ssid string) *ble.AccessPoint {
-	for _, ap := range h.apList {
+func (h *Handlers) findAp(ssid string) *ble.AccessPoint {
+	for _, ap := range h.ApList {
 		if ap.SSID == ssid {
 			return &ap
 		}

daemon/internel/apiserver/handlers/handler_mount_smb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -15,7 +15,7 @@ type MountReq struct {
 	Password string `json:"password"`
 }
 
-func (h *handlers) PostMountSambaDriver(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostMountSambaDriver(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req MountReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_mount_smb_v2.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -17,7 +17,7 @@ type ListSmbResponse struct {
 	Mounted bool   `json:"mounted"`
 }
 
-func (h *handlers) PostMountSambaDriverV2(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostMountSambaDriverV2(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req MountReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_mounted_hdd.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -9,7 +9,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) getMountedHdd(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
+func (h *Handlers) getMountedHdd(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
 	paths, err := utils.MountedHddPath(ctx.Context())
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -35,11 +35,11 @@ func (h *handlers) getMountedHdd(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *d
 	return h.OkJSON(ctx, "success", res)
 }
 
-func (h *handlers) GetMountedHdd(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedHdd(ctx *fiber.Ctx) error {
 	return h.getMountedHdd(ctx, nil)
 }
 
-func (h *handlers) GetMountedHddInCluster(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedHddInCluster(ctx *fiber.Ctx) error {
 	return h.getMountedHdd(ctx, func(us *disk.UsageStat) *disk.UsageStat {
 		us.Path = nodePathToClusterPath(us.Path)
 		return us

daemon/internel/apiserver/handlers/handler_mounted_path.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -20,7 +20,7 @@ type mountedPath struct {
 	ReadOnly       bool   `json:"read_only"`
 }
 
-func (h *handlers) getMountedPath(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
+func (h *Handlers) getMountedPath(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
 	paths, err := utils.MountedPath(ctx.Context())
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -58,11 +58,11 @@ func (h *handlers) getMountedPath(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *
 	return h.OkJSON(ctx, "success", res)
 }
 
-func (h *handlers) GetMountedPath(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedPath(ctx *fiber.Ctx) error {
 	return h.getMountedPath(ctx, nil)
 }
 
-func (h *handlers) GetMountedPathInCluster(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedPathInCluster(ctx *fiber.Ctx) error {
 	return h.getMountedPath(ctx, func(us *disk.UsageStat) *disk.UsageStat {
 		us.Path = nodePathToClusterPath(us.Path)
 		return us

daemon/internel/apiserver/handlers/handler_mounted_smb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -15,7 +15,7 @@ type mountedSmbPathResponse struct {
 	Device         string `json:"device"`
 }
 
-func (h *handlers) getMountedSmb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
+func (h *Handlers) getMountedSmb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
 	paths, err := utils.MountedSambaPath(ctx.Context())
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -41,11 +41,11 @@ func (h *handlers) getMountedSmb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *d
 	return h.OkJSON(ctx, "success", res)
 }
 
-func (h *handlers) GetMountedSmb(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedSmb(ctx *fiber.Ctx) error {
 	return h.getMountedSmb(ctx, nil)
 }
 
-func (h *handlers) GetMountedSmbInCluster(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedSmbInCluster(ctx *fiber.Ctx) error {
 	return h.getMountedSmb(ctx, func(us *disk.UsageStat) *disk.UsageStat {
 		us.Path = nodePathToClusterPath(us.Path)
 		return us

daemon/internel/apiserver/handlers/handler_mounted_usb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -9,7 +9,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) getMountedUsb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
+func (h *Handlers) getMountedUsb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
 	paths, err := utils.MountedUsbPath(ctx.Context())
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -33,11 +33,11 @@ func (h *handlers) getMountedUsb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *d
 	return h.OkJSON(ctx, "success", res)
 }
 
-func (h *handlers) GetMountedUsb(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedUsb(ctx *fiber.Ctx) error {
 	return h.getMountedUsb(ctx, nil)
 }
 
-func (h *handlers) GetMountedUsbInCluster(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedUsbInCluster(ctx *fiber.Ctx) error {
 	return h.getMountedUsb(ctx, func(us *disk.UsageStat) *disk.UsageStat {
 		us.Path = nodePathToClusterPath(us.Path)
 		return us

daemon/internel/apiserver/handlers/handler_olares_upgrade.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"fmt"
@@ -35,7 +35,7 @@ func (r *UpgradeReq) Check() error {
 	return nil
 }
 
-func (h *handlers) RequestOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) RequestOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UpgradeReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)
@@ -60,7 +60,7 @@ func (h *handlers) RequestOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface)
 	return h.OkJSON(ctx, "successfully created upgrade target")
 }
 
-func (h *handlers) CancelOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) CancelOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface) error {
 	if _, err := cmd.Execute(ctx.Context(), nil); err != nil {
 		return h.ErrJSON(ctx, http.StatusBadRequest, err.Error())
 	}

daemon/internel/apiserver/handlers/handler_reboot.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) PostReboot(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostReboot(ctx *fiber.Ctx, cmd commands.Interface) error {
 	_, err := cmd.Execute(ctx.Context(), nil)
 	if err != nil {
 		klog.Error("execute command error, ", err, ", ", cmd.OperationName().Stirng())

daemon/internel/apiserver/handlers/handler_shutdown.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) PostShutdown(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostShutdown(ctx *fiber.Ctx, cmd commands.Interface) error {
 	_, err := cmd.Execute(ctx.Context(), nil)
 	if err != nil {
 		klog.Error("execute command error, ", err, ", ", cmd.OperationName().Stirng())

daemon/internel/apiserver/handlers/handler_terminus_init.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -16,7 +16,7 @@ type TerminusInitReq struct {
 	Domain   string `json:"domain"`
 }
 
-func (h *handlers) PostTerminusInit(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostTerminusInit(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req TerminusInitReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_terminus_state.go

@@ -1,10 +1,10 @@
-package apiserver
+package handlers
 
 import (
 	"github.com/beclab/Olares/daemon/pkg/cluster/state"
 	"github.com/gofiber/fiber/v2"
 )
 
-func (h *handlers) GetTerminusState(ctx *fiber.Ctx) error {
+func (h *Handlers) GetTerminusState(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", state.CurrentState)
 }

daemon/internel/apiserver/handlers/handler_terminus_uninstall.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) PostTerminusUninstall(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostTerminusUninstall(ctx *fiber.Ctx, cmd commands.Interface) error {
 	// run in background
 	_, err := cmd.Execute(h.mainCtx, nil)
 

daemon/internel/apiserver/handlers/handler_umount_smb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -13,7 +13,7 @@ type UmountSmbReq struct {
 	Path string ``
 }
 
-func (h *handlers) umountSmbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathInNode string) error {
+func (h *Handlers) umountSmbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathInNode string) error {
 	_, err := cmd.Execute(ctx.Context(), &umountsmb.Param{
 		MountPath: pathInNode,
 	})
@@ -25,7 +25,7 @@ func (h *handlers) umountSmbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathI
 	return h.OkJSON(ctx, "success to umount")
 }
 
-func (h *handlers) PostUmountSmb(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostUmountSmb(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UmountSmbReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)
@@ -38,7 +38,7 @@ func (h *handlers) PostUmountSmb(ctx *fiber.Ctx, cmd commands.Interface) error {
 	return h.umountSmbInNode(ctx, cmd, req.Path)
 }
 
-func (h *handlers) PostUmountSmbInCluster(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostUmountSmbInCluster(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UmountSmbReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_umount_usb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -13,7 +13,7 @@ type UmountReq struct {
 	Path string ``
 }
 
-func (h *handlers) umountUsbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathInNode string) error {
+func (h *Handlers) umountUsbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathInNode string) error {
 	_, err := cmd.Execute(ctx.Context(), &umountusb.Param{
 		Path: pathInNode,
 	})
@@ -25,7 +25,7 @@ func (h *handlers) umountUsbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathI
 	return h.OkJSON(ctx, "success to umount")
 }
 
-func (h *handlers) PostUmountUsb(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostUmountUsb(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UmountReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)
@@ -38,7 +38,7 @@ func (h *handlers) PostUmountUsb(ctx *fiber.Ctx, cmd commands.Interface) error {
 	return h.umountUsbInNode(ctx, cmd, req.Path)
 }
 
-func (h *handlers) PostUmountUsbInCluster(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostUmountUsbInCluster(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UmountReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handlers.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"context"
@@ -10,12 +10,19 @@ import (
 	"github.com/gofiber/fiber/v2"
 )
 
-type handlers struct {
+type Handlers struct {
 	mainCtx context.Context
-	apList  []ble.AccessPoint
+	ApList  []ble.AccessPoint
 }
 
-func (h *handlers) ParseBody(ctx *fiber.Ctx, value any) error {
+var handlers *Handlers = &Handlers{}
+
+func NewHandlers(ctx context.Context) *Handlers {
+	handlers.mainCtx = ctx
+	return handlers
+}
+
+func (h *Handlers) ParseBody(ctx *fiber.Ctx, value any) error {
 	err := ctx.BodyParser(value)
 
 	if err != nil {
@@ -35,7 +42,7 @@ func (h *handlers) ParseBody(ctx *fiber.Ctx, value any) error {
 	return nil
 }
 
-func (h *handlers) ErrJSON(ctx *fiber.Ctx, code int, message string, data ...interface{}) error {
+func (h *Handlers) ErrJSON(ctx *fiber.Ctx, code int, message string, data ...interface{}) error {
 	switch len(data) {
 	case 0:
 		return ctx.Status(code).JSON(fiber.Map{
@@ -58,10 +65,10 @@ func (h *handlers) ErrJSON(ctx *fiber.Ctx, code int, message string, data ...int
 
 }
 
-func (h *handlers) OkJSON(ctx *fiber.Ctx, message string, data ...interface{}) error {
+func (h *Handlers) OkJSON(ctx *fiber.Ctx, message string, data ...interface{}) error {
 	return h.ErrJSON(ctx, http.StatusOK, message, data...)
 }
 
-func (h *handlers) NeedChoiceJSON(ctx *fiber.Ctx, message string, data ...interface{}) error {
+func (h *Handlers) NeedChoiceJSON(ctx *fiber.Ctx, message string, data ...interface{}) error {
 	return h.ErrJSON(ctx, http.StatusMultipleChoices, message, data...)
 }

daemon/internel/apiserver/handlers/in_cluster.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"path/filepath"

daemon/internel/apiserver/handlers/middlewares.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -13,7 +13,7 @@ const (
 	SIGNATURE_HEADER = "X-Signature"
 )
 
-func (h *handlers) WaitServerRunning(next func(ctx *fiber.Ctx) error) func(ctx *fiber.Ctx) error {
+func (h *Handlers) WaitServerRunning(next func(ctx *fiber.Ctx) error) func(ctx *fiber.Ctx) error {
 	return func(ctx *fiber.Ctx) error {
 		if state.CurrentState.TerminusdState != state.Running {
 			return h.ErrJSON(ctx, http.StatusForbidden, "server is not running, please wait and retry again later")
@@ -23,7 +23,7 @@ func (h *handlers) WaitServerRunning(next func(ctx *fiber.Ctx) error) func(ctx *
 	}
 }
 
-func (h *handlers) RequireSignature(next func(ctx *fiber.Ctx) error) func(ctx *fiber.Ctx) error {
+func (h *Handlers) RequireSignature(next func(ctx *fiber.Ctx) error) func(ctx *fiber.Ctx) error {
 	return func(ctx *fiber.Ctx) error {
 		headers := ctx.GetReqHeaders()
 		signature, ok := headers[SIGNATURE_HEADER]
@@ -42,7 +42,7 @@ func (h *handlers) RequireSignature(next func(ctx *fiber.Ctx) error) func(ctx *f
 	}
 }
 
-func (h *handlers) RunCommand(next func(ctx *fiber.Ctx, cmd commands.Interface) error,
+func (h *Handlers) RunCommand(next func(ctx *fiber.Ctx, cmd commands.Interface) error,
 	cmdNew func() commands.Interface) func(ctx *fiber.Ctx) error {
 
 	return func(ctx *fiber.Ctx) error {

daemon/internel/apiserver/handlers/system_group.go

@@ -0,0 +1,25 @@
+package handlers
+
+import (
+	"github.com/beclab/Olares/daemon/internel/apiserver/server"
+	"k8s.io/klog/v2"
+)
+
+func init() {
+	s := server.API
+	system := s.App.Group("system")
+	system.Get("/status", handlers.RequireSignature(handlers.GetTerminusState))
+	system.Get("/ifs", handlers.RequireSignature(handlers.GetNetIfs))
+	system.Get("/hosts-file", handlers.RequireSignature(handlers.GetHostsfile))
+	system.Post("/hosts-file", handlers.RequireSignature(handlers.PostHostsfile))
+	system.Get("/mounted-usb", handlers.RequireSignature(handlers.GetMountedUsb))
+	system.Get("/mounted-hdd", handlers.RequireSignature(handlers.GetMountedHdd))
+	system.Get("/mounted-smb", handlers.RequireSignature(handlers.GetMountedSmb))
+	system.Get("/mounted-path", handlers.RequireSignature(handlers.GetMountedPath))
+	system.Get("/mounted-usb-incluster", handlers.RequireSignature(handlers.GetMountedUsbInCluster))
+	system.Get("/mounted-hdd-incluster", handlers.RequireSignature(handlers.GetMountedHddInCluster))
+	system.Get("/mounted-smb-incluster", handlers.RequireSignature(handlers.GetMountedSmbInCluster))
+	system.Get("/mounted-path-incluster", handlers.RequireSignature(handlers.GetMountedPathInCluster))
+
+	klog.Info("system handlers initialized")
+}

daemon/internel/apiserver/server.go

@@ -2,146 +2,26 @@ package apiserver
 
 import (
 	"context"
-	"fmt"
 
+	"github.com/beclab/Olares/daemon/internel/apiserver/handlers"
+	"github.com/beclab/Olares/daemon/internel/apiserver/server"
 	"github.com/beclab/Olares/daemon/internel/ble"
-	changehost "github.com/beclab/Olares/daemon/pkg/commands/change_host"
-	collectlogs "github.com/beclab/Olares/daemon/pkg/commands/collect_logs"
-	connectwifi "github.com/beclab/Olares/daemon/pkg/commands/connect_wifi"
-	"github.com/beclab/Olares/daemon/pkg/commands/install"
-	mountsmb "github.com/beclab/Olares/daemon/pkg/commands/mount_smb"
-	"github.com/beclab/Olares/daemon/pkg/commands/reboot"
-	"github.com/beclab/Olares/daemon/pkg/commands/shutdown"
-	umountsmb "github.com/beclab/Olares/daemon/pkg/commands/umount_smb"
-	umountusb "github.com/beclab/Olares/daemon/pkg/commands/umount_usb"
-	"github.com/beclab/Olares/daemon/pkg/commands/uninstall"
-	"github.com/beclab/Olares/daemon/pkg/commands/upgrade"
-	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
 	"github.com/gofiber/fiber/v2/middleware/logger"
-	"k8s.io/klog/v2"
 )
 
-type server struct {
-	handlers *handlers
-	port     int
-	app      *fiber.App
-}
+func NewServer(ctx context.Context, port int) *server.Server {
+	server.API.Port = port
+	h := handlers.NewHandlers(ctx)
 
-func NewServer(ctx context.Context, port int) (*server, error) {
-	return &server{handlers: &handlers{mainCtx: ctx}, port: port}, nil
-}
-
-func (s *server) Start() error {
-	app := fiber.New()
-	s.app = app
-
-	app.Use(cors.New())
-	app.Use(logger.New())
-
-	cmd := app.Group("command")
-	cmd.Post("/install", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostTerminusInit, install.New))))
-
-	cmd.Post("/uninstall", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostTerminusUninstall, uninstall.New))))
-
-	cmd.Post("/upgrade", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.RequestOlaresUpgrade, upgrade.NewCreateUpgradeTarget))))
-
-	cmd.Delete("/upgrade", s.handlers.RequireSignature(
-		s.handlers.RunCommand(s.handlers.CancelOlaresUpgrade, upgrade.NewRemoveUpgradeTarget)))
-
-	cmd.Post("/reboot", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostReboot, reboot.New))))
-
-	cmd.Post("/shutdown", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostShutdown, shutdown.New))))
-
-	cmd.Post("/connect-wifi", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostConnectWifi, connectwifi.New))))
-
-	cmd.Post("/change-host", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostChangeHost, changehost.New))))
-
-	cmd.Post("/umount-usb", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostUmountUsb, umountusb.New))))
-
-	cmd.Post("/umount-usb-incluster", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostUmountUsbInCluster, umountusb.New))))
-
-	cmd.Post("/collect-logs", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostCollectLogs, collectlogs.New))))
-
-	cmd.Post("/mount-samba", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostMountSambaDriver, mountsmb.New))))
-
-	cmd.Post("/umount-samba", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostUmountSmb, umountsmb.New))))
-
-	cmd.Post("/umount-samba-incluster", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostUmountSmbInCluster, umountsmb.New))))
-
-	cmdv2 := cmd.Group("v2")
-	cmdv2.Post("/mount-samba", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostMountSambaDriverV2, mountsmb.New))))
-
-	system := app.Group("system")
-	system.Get("/status", s.handlers.RequireSignature(s.handlers.GetTerminusState))
-	system.Get("/ifs", s.handlers.RequireSignature(s.handlers.GetNetIfs))
-	system.Get("/hosts-file", s.handlers.RequireSignature(s.handlers.GetHostsfile))
-	system.Post("/hosts-file", s.handlers.RequireSignature(s.handlers.PostHostsfile))
-	system.Get("/mounted-usb", s.handlers.RequireSignature(s.handlers.GetMountedUsb))
-	system.Get("/mounted-hdd", s.handlers.RequireSignature(s.handlers.GetMountedHdd))
-	system.Get("/mounted-smb", s.handlers.RequireSignature(s.handlers.GetMountedSmb))
-	system.Get("/mounted-path", s.handlers.RequireSignature(s.handlers.GetMountedPath))
-	system.Get("/mounted-usb-incluster", s.handlers.RequireSignature(s.handlers.GetMountedUsbInCluster))
-	system.Get("/mounted-hdd-incluster", s.handlers.RequireSignature(s.handlers.GetMountedHddInCluster))
-	system.Get("/mounted-smb-incluster", s.handlers.RequireSignature(s.handlers.GetMountedSmbInCluster))
-	system.Get("/mounted-path-incluster", s.handlers.RequireSignature(s.handlers.GetMountedPathInCluster))
-
-	containerd := app.Group("containerd")
-	containerd.Get("/registries", s.handlers.RequireSignature(s.handlers.ListRegistries))
-
-	registry := containerd.Group("registry")
-	mirrors := registry.Group("mirrors")
-
-	mirrors.Get("/", s.handlers.RequireSignature(s.handlers.GetRegistryMirrors))
-	mirrors.Get("/:registry", s.handlers.RequireSignature(s.handlers.GetRegistryMirror))
-	mirrors.Put("/:registry", s.handlers.RequireSignature(s.handlers.UpdateRegistryMirror))
-	mirrors.Delete("/:registry", s.handlers.RequireSignature(s.handlers.DeleteRegistryMirror))
-
-	image := containerd.Group("images")
-
-	image.Get("/", s.handlers.RequireSignature(s.handlers.ListImages))
-	image.Delete("/:image", s.handlers.RequireSignature(s.handlers.DeleteImage))
-	image.Post("/prune", s.handlers.RequireSignature(s.handlers.PruneImages))
-
-	return app.Listen(fmt.Sprintf(":%d", s.port))
-}
-
-func (s *server) Shutdown() error {
-	klog.Info("shutdown api server")
-	if s.app == nil {
-		return nil
+	server.API.UpdateAps = func(aplist []ble.AccessPoint) {
+		h.ApList = aplist
 	}
-	return s.app.Shutdown()
-}
 
-func (s *server) UpdateAps(aplist []ble.AccessPoint) {
-	s.handlers.apList = aplist
+	s := server.API
+
+	s.App.Use(cors.New())
+	s.App.Use(logger.New())
+
+	return s
 }

daemon/internel/apiserver/server/api.go

@@ -0,0 +1,31 @@
+package server
+
+import (
+	"fmt"
+
+	"github.com/beclab/Olares/daemon/internel/ble"
+	"github.com/gofiber/fiber/v2"
+	"k8s.io/klog/v2"
+)
+
+type Server struct {
+	Port      int
+	App       *fiber.App
+	UpdateAps func(aplist []ble.AccessPoint)
+}
+
+var API *Server = &Server{
+	App: fiber.New(),
+}
+
+func (s *Server) Start() error {
+	return s.App.Listen(fmt.Sprintf(":%d", s.Port))
+}
+
+func (s *Server) Shutdown() error {
+	klog.Info("shutdown api server")
+	if s.App == nil {
+		return nil
+	}
+	return s.App.Shutdown()
+}

daemon/pkg/utils/k8s.go

@@ -310,11 +310,16 @@ func ListUsers(ctx context.Context, client dynamic.Interface, filters ...Filter)
 
 	var userList []*unstructured.Unstructured
 	for _, u := range users.Items {
+		var skip bool
 		for _, filter := range filters {
 			if !filter(&u) {
-				continue
+				skip = true
+				break
 			}
 		}
+		if skip {
+			continue
+		}
 
 		userList = append(userList, &u)
 	}

framework/README.md

@@ -0,0 +1,33 @@
+# Olares Framework
+
+## Overview
+
+The application framework layer provides common functionality and interfaces for system and third-party applications.
+
+## Sub-component overview
+
+| Component | Description |
+| --- | --- |
+| [app-service](app-service) | Handles application lifecycle management and resource allocation. |
+| [argo-workflow](argo-workflow) | A Kubernetes-native workflow engine for orchestrating parallel jobs. |
+| [authelia](authelia) | An open-source authentication and authorization server that provides multi-factor authentication and single sign-on (SSO). |
+| [backup-server](backup-server) | Supports backups for directories, applications, and clusters. |
+| [bfl](bfl) | The Backend For Launcher service that aggregates backend interfaces and proxies requests for all system services. |
+| [docker-nginx-headers-more](docker-nginx-headers-more) | A Docker image for Nginx with the `headers-more` module. |
+| [files](files) | Provides essential file management services. |
+| [headscale](headscale) | A self-hosted implementation of the Tailscale control server. |
+| [infisical](infisical) | A tool for managing sensitive information and preventing secret leaks in Olares development. |
+| [knowledge](knowledge) | Stores content such as web pages, videos, audio files, PDFs, and EPUBs that users collect. |
+| [kube-state-metrics](kube-state-metrics) | A service that listens to the Kubernetes API server and generates metrics about the state of the objects. |
+| [l4-bfl-proxy](l4-bfl-proxy) | A Layer 4 network proxy for BFL (Backend For Launcher). |
+| [market](market) | A decentralized and permissionless app store for installing, uninstalling, and updating applications and recommendation algorithms. |
+| [monitor](monitor) | Used for system monitoring and resource usage tracking. |
+| [notifications](notifications) | Delivers system-wide notifications. |
+| [osnode-init](osnode-init) | Initializes the Olares node. |
+| [reverse-proxy](reverse-proxy) | Options include Cloudflare Tunnel, Olares Tunnel, and self-built FRP. |
+| [rsshub](rsshub) | Generates RSS feeds for easier content subscription. |
+| [seahub](seahub) | The web frontend for the Seafile file hosting platform. |
+| [search3](search3) | Provides full-text search for stored content in Knowledge and Files. |
+| [system-server](system-server) | Manages permissions for inter-application API calls and handles network routing between applications and database middlewares. |
+| [upgrade](upgrade) | Supports automated system upgrades. |
+| [vault](vault) | Protects sensitive data like accounts, passwords, and mnemonics. |

framework/analytics/.olares/config/cluster/deploy/analytics_deploy.yaml

@@ -1,147 +0,0 @@
-
-
-
-{{ $analytics_rootpath := printf "%s%s" .Values.rootPath "/rootfs/analytics" }}
-{{- $namespace := printf "%s" "os-framework" -}}
-{{- $analytics_secret := (lookup "v1" "Secret" $namespace "analytics-secrets") -}}
-{{- $pg_password := "" -}}
-{{ if $analytics_secret -}}
-{{ $pg_password = (index $analytics_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: analytics-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: analytics-pg
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: analytics
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: analytics_os_framework
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: analytics-secrets
-    databases:
-      - name: analytics
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: analytics-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: analytics-server
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: analytics-server
-  template:
-    metadata:
-      labels:
-        app: analytics-server
-    spec:
-      initContainers:
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-0.citus-headless.os-platform
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: analytics_os_framework
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: os_framework_analytics
-      containers:
-      - name: analytics-server
-        image: beclab/analytics-api:v0.0.7
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 3010
-        env:
-        - name: PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING
-          value: '1'
-        - name: PL_DATA_BACKEND
-          value: postgres
-        - name: PL_DATA_POSTGRES_HOST
-          value: citus-0.citus-headless.os-platform
-        - name: PL_DATA_POSTGRES_PORT
-          value: "5432"
-        - name: PL_DATA_POSTGRES_DATABASE
-          value: os_framework_analytics
-        - name: PL_DATA_POSTGRES_USER
-          value: analytics_os_framework
-        - name: PL_DATA_POSTGRES_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: DATABASE_URL
-          value: postgres://$(PL_DATA_POSTGRES_USER):$(PL_DATA_POSTGRES_PASSWORD)@$(PL_DATA_POSTGRES_HOST)/$(PL_DATA_POSTGRES_DATABASE)?sslmode=disable
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: analytics-server
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: analytics-server
-  ports:
-    - name: server
-      protocol: TCP
-      port: 3010
-      targetPort: 3010
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: SysEventRegistry
-metadata:
-  name: analytics-user-create-cb
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: subscriber
-  event: user.create
-  callback: http://analytics-server.{{ .Release.Namespace }}:3010/callback/create
-
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: SysEventRegistry
-metadata:
-  name: analytics-user-delete-cb
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: subscriber
-  event: user.delete
-  callback: http://analytics-server.{{ .Release.Namespace }}:3010/callback/delete
-
-
-

framework/analytics/README.md

@@ -1,3 +0,0 @@
-# analytics
-
-https://github.com/beclab/analytic

framework/app-service/.olares/config/cluster/deploy/appservice_deploy.yaml

@@ -163,7 +163,7 @@ spec:
       priorityClassName: "system-cluster-critical"
       containers:
       - name: app-service
-        image: beclab/app-service:0.3.49
+        image: beclab/app-service:0.3.52
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0
@@ -179,7 +179,7 @@ spec:
         - name: REQUIRE_PERMISSION_APPS
           value: "vault,desktop,message,wise,search,appstore,notification,dashboard,settings,studio,profile"
         - name: SYS_APPS
-          value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend,studio"
+          value: "market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard,nitro,system-frontend,studio"
         - name: GENERATED_APPS
           value: "citus,mongo-cluster-cfg,mongo-cluster-mongos,mongo-cluster-rs0,frp-agent,l4-bfl-proxy,drc-redis-cluster,appdata-backend,argoworkflows,argoworkflow-workflow-controller,velero,kvrocks"
         - name: WS_CONTAINER_IMAGE
@@ -398,7 +398,7 @@ spec:
       hostNetwork: true
       containers:
         - name: image-service
-          image: beclab/image-service:0.3.47
+          image: beclab/image-service:0.3.50
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsUser: 0
@@ -409,7 +409,7 @@ spec:
                 fieldRef:
                   fieldPath: spec.nodeName
             - name: SYS_APPS
-              value: "analytics,market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,nitro,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard"
+              value: "market,auth,citus,desktop,did,docs,files,fsnotify,headscale,infisical,intentprovider,ksserver,message,mongo,monitoring,notifications,profile,redis,wise,recommend,seafile,search,nitro,search-admin,settings,systemserver,tapr,vault,video,zinc,accounts,control-hub,dashboard"
           volumeMounts:
             - mountPath: /var/run/containerd
               mountPropagation: Bidirectional
@@ -440,25 +440,29 @@ spec:
         secretKeyRef:
           key: nats_password
           name: app-service-nats-secret
-    refs:
-      - appName: user-service
-        appNamespace: os
-        subjects:
-          - name: "application.*"
-            perm:
-              - pub
-              - sub
     subjects:
+      - name: "application.*"
+        permission:
+          pub: allow
+          sub: allow
       - name: application
         permission:
           pub: allow
           sub: allow
+      - name: "users.*"
+        permission:
+          pub: allow
+          sub: allow
       - name: users
         permission:
           pub: allow
-          sub: deny
+          sub: allow
+      - name: "groups.*"
+        permission:
+          pub: allow
+          sub: allow
       - name: groups
         permission:
           pub: allow
-          sub: deny
+          sub: allow
     user: os-app-service

framework/app-service/README.md

@@ -1,3 +1,6 @@
-# app-service
+# `app-service`
+
+## Overview
+
+The `app-service` component is a core part of the Olares framework, responsible for handling the lifecycle of applications. This includes managing their installation, updates, and removal, as well as overseeing resource allocation to ensure that all applications run smoothly and efficiently within the Olares ecosystem.
 
-https://github.com/beclab/app-service

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_clusterworkflowtemplates.yaml

@@ -1,38 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterworkflowtemplates.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: ClusterWorkflowTemplate
-    listKind: ClusterWorkflowTemplateList
-    plural: clusterworkflowtemplates
-    shortNames:
-    - clusterwftmpl
-    - cwft
-    singular: clusterworkflowtemplate
-  scope: Cluster
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_cronworkflows.yaml

@@ -1,42 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: cronworkflows.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: CronWorkflow
-    listKind: CronWorkflowList
-    plural: cronworkflows
-    shortNames:
-    - cwf
-    - cronwf
-    singular: cronworkflow
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflowartifactgctasks.yaml

@@ -1,43 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowartifactgctasks.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowArtifactGCTask
-    listKind: WorkflowArtifactGCTaskList
-    plural: workflowartifactgctasks
-    shortNames:
-      - wfat
-    singular: workflowartifactgctask
-  scope: Namespaced
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          properties:
-            apiVersion:
-              type: string
-            kind:
-              type: string
-            metadata:
-              type: object
-            spec:
-              type: object
-              x-kubernetes-map-type: atomic
-              x-kubernetes-preserve-unknown-fields: true
-            status:
-              type: object
-              x-kubernetes-map-type: atomic
-              x-kubernetes-preserve-unknown-fields: true
-          required:
-            - metadata
-            - spec
-          type: object
-      served: true
-      storage: true
-      subresources:
-        status: {}

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workfloweventbindings.yaml

@@ -1,37 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workfloweventbindings.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowEventBinding
-    listKind: WorkflowEventBindingList
-    plural: workfloweventbindings
-    shortNames:
-    - wfeb
-    singular: workfloweventbinding
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflows.yaml

@@ -1,57 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflows.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: Workflow
-    listKind: WorkflowList
-    plural: workflows
-    shortNames:
-    - wf
-    singular: workflow
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Status of the workflow
-      jsonPath: .status.phase
-      name: Status
-      type: string
-    - description: When the workflow was started
-      format: date-time
-      jsonPath: .status.startedAt
-      name: Age
-      type: date
-    - description: Human readable message indicating details about why the workflow
-        is in this condition.
-      jsonPath: .status.message
-      name: Message
-      type: string
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources: {}

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflowtaskresults.yaml

@@ -1,599 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtaskresults.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTaskResult
-    listKind: WorkflowTaskResultList
-    plural: workflowtaskresults
-    singular: workflowtaskresult
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          message:
-            type: string
-          metadata:
-            type: object
-          outputs:
-            properties:
-              artifacts:
-                items:
-                  properties:
-                    archive:
-                      properties:
-                        none:
-                          type: object
-                        tar:
-                          properties:
-                            compressionLevel:
-                              format: int32
-                              type: integer
-                          type: object
-                        zip:
-                          type: object
-                      type: object
-                    archiveLogs:
-                      type: boolean
-                    artifactGC:
-                      properties:
-                        podMetadata:
-                          properties:
-                            annotations:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            labels:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        serviceAccountName:
-                          type: string
-                        strategy:
-                          enum:
-                          - ""
-                          - OnWorkflowCompletion
-                          - OnWorkflowDeletion
-                          - Never
-                          type: string
-                      type: object
-                    artifactory:
-                      properties:
-                        passwordSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        url:
-                          type: string
-                        usernameSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - url
-                      type: object
-                    azure:
-                      properties:
-                        accountKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        blob:
-                          type: string
-                        container:
-                          type: string
-                        endpoint:
-                          type: string
-                        useSDKCreds:
-                          type: boolean
-                      required:
-                      - blob
-                      - container
-                      - endpoint
-                      type: object
-                    deleted:
-                      type: boolean
-                    from:
-                      type: string
-                    fromExpression:
-                      type: string
-                    gcs:
-                      properties:
-                        bucket:
-                          type: string
-                        key:
-                          type: string
-                        serviceAccountKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - key
-                      type: object
-                    git:
-                      properties:
-                        branch:
-                          type: string
-                        depth:
-                          format: int64
-                          type: integer
-                        disableSubmodules:
-                          type: boolean
-                        fetch:
-                          items:
-                            type: string
-                          type: array
-                        insecureIgnoreHostKey:
-                          type: boolean
-                        passwordSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        repo:
-                          type: string
-                        revision:
-                          type: string
-                        singleBranch:
-                          type: boolean
-                        sshPrivateKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        usernameSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - repo
-                      type: object
-                    globalName:
-                      type: string
-                    hdfs:
-                      properties:
-                        addresses:
-                          items:
-                            type: string
-                          type: array
-                        force:
-                          type: boolean
-                        hdfsUser:
-                          type: string
-                        krbCCacheSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbConfigConfigMap:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbKeytabSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbRealm:
-                          type: string
-                        krbServicePrincipalName:
-                          type: string
-                        krbUsername:
-                          type: string
-                        path:
-                          type: string
-                      required:
-                      - path
-                      type: object
-                    http:
-                      properties:
-                        auth:
-                          properties:
-                            basicAuth:
-                              properties:
-                                passwordSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                usernameSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                            clientCert:
-                              properties:
-                                clientCertSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                clientKeySecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                            oauth2:
-                              properties:
-                                clientIDSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                clientSecretSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                endpointParams:
-                                  items:
-                                    properties:
-                                      key:
-                                        type: string
-                                      value:
-                                        type: string
-                                    required:
-                                    - key
-                                    type: object
-                                  type: array
-                                scopes:
-                                  items:
-                                    type: string
-                                  type: array
-                                tokenURLSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                          type: object
-                        headers:
-                          items:
-                            properties:
-                              name:
-                                type: string
-                              value:
-                                type: string
-                            required:
-                            - name
-                            - value
-                            type: object
-                          type: array
-                        url:
-                          type: string
-                      required:
-                      - url
-                      type: object
-                    mode:
-                      format: int32
-                      type: integer
-                    name:
-                      type: string
-                    optional:
-                      type: boolean
-                    oss:
-                      properties:
-                        accessKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        bucket:
-                          type: string
-                        createBucketIfNotPresent:
-                          type: boolean
-                        endpoint:
-                          type: string
-                        key:
-                          type: string
-                        lifecycleRule:
-                          properties:
-                            markDeletionAfterDays:
-                              format: int32
-                              type: integer
-                            markInfrequentAccessAfterDays:
-                              format: int32
-                              type: integer
-                          type: object
-                        secretKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        securityToken:
-                          type: string
-                        useSDKCreds:
-                          type: boolean
-                      required:
-                      - key
-                      type: object
-                    path:
-                      type: string
-                    raw:
-                      properties:
-                        data:
-                          type: string
-                      required:
-                      - data
-                      type: object
-                    recurseMode:
-                      type: boolean
-                    s3:
-                      properties:
-                        accessKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        bucket:
-                          type: string
-                        caSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        createBucketIfNotPresent:
-                          properties:
-                            objectLocking:
-                              type: boolean
-                          type: object
-                        encryptionOptions:
-                          properties:
-                            enableEncryption:
-                              type: boolean
-                            kmsEncryptionContext:
-                              type: string
-                            kmsKeyId:
-                              type: string
-                            serverSideCustomerKeySecret:
-                              properties:
-                                key:
-                                  type: string
-                                name:
-                                  type: string
-                                optional:
-                                  type: boolean
-                              required:
-                              - key
-                              type: object
-                          type: object
-                        endpoint:
-                          type: string
-                        insecure:
-                          type: boolean
-                        key:
-                          type: string
-                        region:
-                          type: string
-                        roleARN:
-                          type: string
-                        secretKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        useSDKCreds:
-                          type: boolean
-                      type: object
-                    subPath:
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              exitCode:
-                type: string
-              parameters:
-                items:
-                  properties:
-                    default:
-                      type: string
-                    description:
-                      type: string
-                    enum:
-                      items:
-                        type: string
-                      type: array
-                    globalName:
-                      type: string
-                    name:
-                      type: string
-                    value:
-                      type: string
-                    valueFrom:
-                      properties:
-                        configMapKeyRef:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        default:
-                          type: string
-                        event:
-                          type: string
-                        expression:
-                          type: string
-                        jqFilter:
-                          type: string
-                        jsonPath:
-                          type: string
-                        parameter:
-                          type: string
-                        path:
-                          type: string
-                        supplied:
-                          type: object
-                      type: object
-                  required:
-                  - name
-                  type: object
-                type: array
-              result:
-                type: string
-            type: object
-          phase:
-            type: string
-          progress:
-            type: string
-        required:
-        - metadata
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflowtasksets.yaml

@@ -1,43 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtasksets.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTaskSet
-    listKind: WorkflowTaskSetList
-    plural: workflowtasksets
-    shortNames:
-    - wfts
-    singular: workflowtaskset
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflowtemplates.yaml

@@ -1,37 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtemplates.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTemplate
-    listKind: WorkflowTemplateList
-    plural: workflowtemplates
-    shortNames:
-    - wftmpl
-    singular: workflowtemplate
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/deploy/argo-task.yaml

@@ -1,67 +0,0 @@
-{{- $namespace := printf "%s" "os-framework" -}}
-{{- $rss_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-{{- $password := "" -}}
-{{ if $rss_secret -}}
-{{ $password = (index $rss_secret "data" "pg_password") }}
-{{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password := "" -}}
-{{ if $rss_secret -}}
-{{ $redis_password = (index $rss_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-{{- $pg_password_data := "" -}}
-{{ $pg_password_data = $password | b64dec }}
-
-{{- $pg_user :=  printf "%s" "argo_os_framework" -}}
-{{- $pg_user = $pg_user | b64enc -}}
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rss-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  pg_user: {{ $pg_user }}
-  pg_password: {{ $password }}
-  redis_password: {{ $redis_password }}
-
----
-
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: rss-pg
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: argo_os_framework
-    password: 
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: rss-secrets
-    databases:
-    - name: rss
-    - name: rss_v1
-    - name: argo
-
-
-
-
-
-    

framework/argo-workflow/.olares/config/cluster/deploy/server-cluster-roles.yaml

@@ -1,94 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflows
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - events
-  verbs:
-  - get
-  - watch
-  - list
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-  - list
-  - watch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - pods/log
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - watch
-  - create
-  - patch
-- apiGroups:
-    - argoproj.io
-  resources:
-    - eventsources
-    - sensors
-    - workflows
-    - workfloweventbindings
-    - workflowtemplates
-    - cronworkflows
-  verbs:
-    - create
-    - get
-    - list
-    - watch
-    - update
-    - patch
-    - delete
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflows-cluster-template
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - clusterworkflowtemplates
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete

framework/argo-workflow/.olares/config/cluster/deploy/server-crb.yaml

@@ -1,26 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:argoworkflows
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argoworkflows
-subjects:
-  - kind: ServiceAccount
-    name: argoworkflows
-    namespace: {{ .Release.Namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:argoworkflows-cluster-template
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argoworkflows-cluster-template
-subjects:
-  - kind: ServiceAccount
-    name: argoworkflows
-    namespace: {{ .Release.Namespace }}

framework/argo-workflow/.olares/config/cluster/deploy/server-deployment.yaml

@@ -1,86 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argoworkflows
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: argoworkflows
-    applications.app.bytetrade.io/author: bytetrade.io
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-    applications.app.bytetrade.io/icon: https://argoproj.github.io/argo-workflows/assets/logo.png
-    applications.app.bytetrade.io/title: argoworkflows
-    applications.app.bytetrade.io/version: '0.35.0'
-spec:
-  selector:
-    matchLabels:
-      app: argoworkflows
-  template:
-    metadata:
-      labels:
-        app: argoworkflows
-    spec:
-      serviceAccountName: argoworkflows
-      containers:
-        - name: argo-server
-          image: quay.io/argoproj/argocli:v3.5.0
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-          args:
-            - server
-            - --configmap=argoworkflow-workflow-controller-configmap
-            - "--auth-mode=server"
-            - "--secure=false"
-            - "--x-frame-options="
-            - "--loglevel"
-            - "debug"
-            - "--gloglevel"
-            - "0"
-            - "--log-format"
-            - "text"
-          ports:
-            - name: web
-              containerPort: 2746
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 2746
-              scheme: HTTP
-            initialDelaySeconds: 10
-            periodSeconds: 20
-          env:
-            - name: IN_CLUSTER
-              value: "true"
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: BASE_HREF
-              value: /
-          volumeMounts:
-            - name: tmp
-              mountPath: /tmp
-        
-      volumes:
-        - name: tmp
-          emptyDir: {}
-      nodeSelector:
-        kubernetes.io/os: linux
-      tolerations:
-        - key: node.kubernetes.io/not-ready
-          operator: Exists
-          effect: NoExecute
-          tolerationSeconds: 300
-        - key: node.kubernetes.io/unreachable
-          operator: Exists
-          effect: NoExecute
-          tolerationSeconds: 300
-      
-

framework/argo-workflow/.olares/config/cluster/deploy/server-sa.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: argoworkflows
-  namespace: {{ .Release.Namespace }}
-  

framework/argo-workflow/.olares/config/cluster/deploy/server-service.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: argoworkflows-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-  - port: 2746
-    name: http
-    protocol: TCP
-    targetPort: 2746
-  selector:
-    app: argoworkflows
-  sessionAffinity: None
-  type: ClusterIP
-  

framework/argo-workflow/.olares/config/cluster/deploy/workflow-aggregate-roles.yaml

@@ -1,105 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-view
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-edit
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - update
-  - watch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-admin
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtasksets
-  - workflowtasksets/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - update
-  - watch

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-cluster-roles.yaml

@@ -1,178 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-workflow-controller
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - pods/exec
-  verbs:
-  - create
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - persistentvolumeclaims
-  - persistentvolumeclaims/finalizers
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workflowtasksets
-  - workflowtasksets/finalizers
-  - workflowartifactgctasks
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-  - create
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflowtaskresults
-  - workflowtaskresults/finalizers
-  verbs:
-  - list
-  - watch
-  - deletecollection
-- apiGroups:
-  - argoproj.io
-  resources:
-  - cronworkflows
-  - cronworkflows/finalizers
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - "policy"
-  resources:
-  - poddisruptionbudgets
-  verbs:
-  - create
-  - get
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  resourceNames:
-  - workflow-controller
-  - workflow-controller-lease
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  resourceNames:
-  - rss-secrets
-  - argo-workflows-agent-ca-certificates
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-workflow-controller-cluster-template
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-config-map.yaml

@@ -1,40 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argoworkflow-workflow-controller-configmap
-  namespace: {{ .Release.Namespace }}
-data:
-  config: |
-    instanceID: {{ .Release.Namespace }}
-    artifactRepository:
-      archiveLogs: true
-      s3:
-        accessKeySecret:
-          key: AWS_ACCESS_KEY_ID
-          name: argo-workflow-log-fakes3
-        secretKeySecret:
-          key: AWS_SECRET_ACCESS_KEY
-          name: argo-workflow-log-fakes3
-        bucket: mongo-backup
-        endpoint: tapr-s3-svc:4568
-        insecure: true
-    persistence:
-      connectionPool:
-        maxIdleConns: 5
-        maxOpenConns: 0
-      archive: true
-      archiveTTL: 5d
-      postgresql:
-        host: citus-headless.os-platform
-        port: 5432
-        database: os_framework_argo
-        tableName: argo_workflows
-        userNameSecret:
-          name: rss-secrets
-          key: pg_user
-        passwordSecret:
-          name: rss-secrets
-          key: pg_password
-    nodeEvents:
-      enabled: true
-

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-crb.yaml

@@ -1,27 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:argoworkflow-workflow-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argoworkflow-workflow-controller
-subjects:
-  - kind: ServiceAccount
-    name: argoworkflow-workflow-controller
-    namespace: {{ .Release.Namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:argoworkflow-workflow-controller-cluster-template
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argoworkflow-workflow-controller-cluster-template
-subjects:
-  - kind: ServiceAccount
-    name: argoworkflow-workflow-controller
-    namespace: {{ .Release.Namespace }}
-

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-deployment.yaml

@@ -1,90 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argoworkflow-workflow-controller
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/component: workflow-controller
-    applications.app.bytetrade.io/author: bytetrade.io
-    app.kubernetes.io/instance: argo
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/part-of: argo-workflows
-    app.kubernetes.io/version: v3.5.0
-    helm.sh/chart: argoworkflows-0.35.0
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: argo
-      app.kubernetes.io/name: argoworkflows-workflow-controller
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: workflow-controller
-        app.kubernetes.io/instance: argo
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: argoworkflows-workflow-controller
-        app.kubernetes.io/part-of: argo-workflows
-        app.kubernetes.io/version: v3.5.0
-        helm.sh/chart: argoworkflows-0.35.0
-    spec:
-      serviceAccountName: argoworkflow-workflow-controller
-      serviceAccount: argoworkflow-workflow-controller
-      schedulerName: default-scheduler
-      containers:
-        - name: controller
-          image: quay.io/argoproj/workflow-controller:v3.5.0
-          imagePullPolicy: IfNotPresent
-          command: [ "workflow-controller" ]
-          args:
-          - "--configmap"
-          - "argoworkflow-workflow-controller-configmap"
-          - "--executor-image"
-          - "quay.io/argoproj/argoexec:v3.5.0"
-          - "--loglevel"
-          - "debug"
-          - "--gloglevel"
-          - "0"
-          - "--log-format"
-          - "text"
-          securityContext:
-            capabilities:
-              drop:
-                - ALL
-            runAsNonRoot: true
-            readOnlyRootFilesystem: true
-            allowPrivilegeEscalation: false
-          env:
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: LEADER_ELECTION_IDENTITY
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.name
-          
-          ports:
-            - name: metrics
-              containerPort: 9090
-              protocol: TCP
-            - containerPort: 6060
-              protocol: TCP
-          livenessProbe: 
-            httpGet:
-              path: /healthz
-              port: 6060
-              scheme: HTTP
-            initialDelaySeconds: 90
-            timeoutSeconds: 30
-            periodSeconds: 60
-            successThreshold: 1
-            failureThreshold: 3
-
-      nodeSelector:
-        kubernetes.io/os: linux
-      
-     

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-sa.yaml

@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: argoworkflow-workflow-controller
-  namespace: {{ .Release.Namespace }}

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-secrets.yaml

@@ -1,41 +0,0 @@
-
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: argo-workflow-log-fakes3
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-stringData:
-  AWS_ACCESS_KEY_ID: S3RVER
-  AWS_SECRET_ACCESS_KEY: S3RVER
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: workflow-role
-  namespace: {{ .Release.Namespace }}
-rules:
-- apiGroups:
-  - "*"
-  resources:
-  - pods
-  verbs:
-  - patch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: workflow-rolebinding
-  namespace: {{ .Release.Namespace }}
-subjects:
-  - kind: ServiceAccount
-    namespace: {{ .Release.Namespace }}
-    name: default
-roleRef:
-  kind: Role
-  name: workflow-role
-  apiGroup: rbac.authorization.k8s.io

framework/argo-workflow/.olares/config/cluster/deploy/workflow-rb.yaml

@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: argoworkflow-workflow
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: argoworkflow-workflow
-subjects:
-  - kind: ServiceAccount
-    name: argo-workflow
-    namespace: {{ .Release.Namespace }}

framework/argo-workflow/.olares/config/cluster/deploy/workflow-role.yaml

@@ -1,49 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: argoworkflow-workflow
-  namespace: {{ .Release.Namespace }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs:
-      - get
-      - watch
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/log
-    verbs:
-      - get
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtaskresults
-    verbs:
-      - create
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtasksets
-      - workflowartifactgctasks
-    verbs:
-      - list
-      - watch
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtasksets/status
-      - workflowartifactgctasks/status
-    verbs:
-      - patch
-

framework/argo-workflow/README.md

@@ -1 +1,7 @@
-# argo-workflow
+# `argo-workflow`
+
+## Overview
+
+The `argo-workflow` component integrates Argo Workflows, a powerful, Kubernetes-native workflow engine, into the Olares framework. This allows for the orchestration of complex and parallel jobs, making it an essential tool for automating and managing sophisticated data processing and CI/CD pipelines within the Olares ecosystem.
+
+For more information, visit the official [Argo Workflows website](https://argoproj.github.io/workflows).

framework/authelia/.olares/config/cluster/deploy/auth_backend_deploy.yaml

@@ -81,14 +81,27 @@ spec:
         secretKeyRef:
           key: nats_password
           name: authelia-secrets
-    refs:
-    - appName: notifications
-      appNamespace: os
-      subjects:
-      - name: notification
-        perm:
-        - pub
-        - sub
+    subjects:
+      - name: "notification.*"
+        permission:
+          pub: allow
+          sub: allow
+      - name: "users.*"
+        permission:
+          pub: allow
+          sub: allow
+      - name: users
+        permission:
+          pub: allow
+          sub: allow
+      - name: "groups.*"
+        permission:
+          pub: allow
+          sub: allow
+      - name: groups
+        permission:
+          pub: allow
+          sub: allow
     user: os-authelia
 
 ---
@@ -354,7 +367,7 @@ spec:
           privileged: true
       containers:      
       - name: authelia
-        image: beclab/auth:0.2.10
+        image: beclab/auth:0.2.15
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9091
@@ -379,6 +392,8 @@ spec:
               name: authelia-secrets
         - name: NATS_SUBJECT
           value: "os.notification"
+        - name: NATS_SUBJECT_FOR_USERS
+          value: "os.users"
 
         volumeMounts:
         - name: config

framework/authelia/.olares/config/user/helm-charts/auth/templates/auth_deploy.yaml

@@ -28,7 +28,7 @@ spec:
         name: check-auth
       containers:
       - name: auth-front
-        image: beclab/login:v1.3.73
+        image: beclab/login:v1.3.101
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 80

framework/authelia/README.md

@@ -1,5 +1,7 @@
-# Authelia
+# `authelia`
 
-https://github.com/beclab/authelia
+## Overview
 
-https://github.com/beclab/login
+The `authelia` component integrates Authelia, an open-source authentication and authorization server, into the Olares framework. It provides robust security features, including multi-factor authentication (MFA) and single sign-on (SSO), to protect applications and services within the Olares ecosystem.
+
+For more information, visit the official [Authelia website](https://www.authelia.com/).

framework/backup-server/README.md

@@ -1,3 +1,5 @@
-# backup-server
+# `backup-server`
 
-https://github.com/beclab/backup-server
+## Overview
+
+The `backup-server` component provides a comprehensive backup solution for the Olares ecosystem. It supports backing up directories, applications, and even entire clusters, ensuring that your data is safe and can be restored in case of any issues.

framework/bfl/.olares/config/launcher/templates/bfl_deploy.yaml

@@ -200,11 +200,13 @@ spec:
       labels:
         tier: bfl
       annotations:
+{{ if .Values.telemetry }}
         instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
         instrumentation.opentelemetry.io/go-container-names: "api"    
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/bfl-api"
         instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
         instrumentation.opentelemetry.io/inject-nginx-container-names: "ingress"    
+{{ end }}
     spec:
 {{ if .Values.bfl.admin_user }}
       affinity:
@@ -264,7 +266,7 @@ spec:
 
       containers:
       - name: api
-        image: beclab/bfl:v0.4.15
+        image: beclab/bfl:v0.4.18
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 1000
@@ -325,7 +327,7 @@ spec:
               apiVersion: v1
               fieldPath: spec.nodeName
       - name: ingress
-        image: beclab/bfl-ingress:v0.3.8
+        image: beclab/bfl-ingress:v0.3.12
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: ngxlog

framework/bfl/README.md

@@ -1,5 +1,5 @@
-# bfl
+# `bfl`
 
-Backend For Launcher
+## Overview
 
-https://github.com/beclab/bfl
+The `bfl` (Backend For Launcher) component is a crucial part of the Olares framework's service architecture. It acts as an aggregator for various backend interfaces, and as a proxy for all system service requests. This simplifies the interaction between the launcher and the backend services, providing a single point of contact and streamlining the overall system design.

framework/docker-nginx-headers-more/README.md

@@ -1,3 +1,7 @@
-# docker-nginx-headers-more
+# `docker-nginx-headers-more`
 
-https://github.com/Above-Os/docker-nginx-headers-more
+## Overview
+
+The `docker-nginx-headers-more` component provides a Docker image for Nginx that includes the `headers-more` module. This module allows for more advanced manipulation of HTTP headers than what is available in the standard Nginx distribution, which is useful for fine-tuning the behavior of web applications and services within the Olares ecosystem.
+
+For more information, see the [docker-nginx-headers-more GitHub repository](https://github.com/anroe/docker-nginx-headers-more).

framework/files/.olares/config/cluster/deploy/files_deploy.yaml

@@ -26,7 +26,7 @@
 
 ---
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
   name: files
   namespace: {{ .Release.Namespace }}
@@ -34,7 +34,6 @@ metadata:
     app: files
     applications.app.bytetrade.io/author: bytetrade.io
 spec:
-  replicas: 1
   selector:
     matchLabels:
       app: files
@@ -43,11 +42,13 @@ spec:
       labels:
         app: files
       annotations:
+{{ if .Values.telemetry }}
         instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
         instrumentation.opentelemetry.io/inject-nginx-container-names: "nginx"    
         instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
         instrumentation.opentelemetry.io/go-container-names: "gateway,files,uploader"    
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/filebrowser"
+{{ end }}
     spec:
       serviceAccount: os-internal
       serviceAccountName: os-internal
@@ -68,6 +69,8 @@ spec:
               mountPath: /appdata
             - name: upload-appdata
               mountPath: /appcache
+            - mountPath: /data/appcache
+              name: upload-appdata
           command:
           - sh
           - -c
@@ -96,21 +99,6 @@ spec:
               value: os_framework_files
 
       containers:
-        - name: gateway
-          image: beclab/appdata-gateway:0.1.22
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            allowPrivilegeEscalation: false
-            runAsUser: 0
-          ports:
-            - containerPort: 8080
-          env:
-            - name: FILES_SERVER_TAG
-              value: 'beclab/files-server:v0.2.78'
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
 
         - name: media-server
           env:
@@ -120,7 +108,7 @@ spec:
             value: /appdata
           - name: SEAFILE_SERVICE
             value: seafile
-          image: beclab/media-server:v0.1.10
+          image: beclab/media-server:v0.1.11
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true
@@ -132,7 +120,7 @@ spec:
           - name: userspace-dir
             mountPath: /data
           - name: user-appdata-dir
-            mountPath: /appdata
+            mountPath: /appcache
 {{ if .Values.sharedlib }}
           - name: shared-lib
             mountPath: /data/External
@@ -140,25 +128,21 @@ spec:
 {{ end }}
 
         - name: files
-          image: beclab/files-server:v0.2.78
+          image: beclab/files-server:v0.2.83
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true
             runAsUser: 0
             privileged: true
           volumeMounts:
+            - mountPath: /data/appcache/
+              name: upload-appdata
             - name: fb-data
               mountPath: /appdata
             - name: userspace-dir
               mountPath: /data
-#              mountPath: /data/Home
-#            - name: userspace-app-dir
-#              mountPath: /data/Application
-#            - name: watch-dir
-#              mountPath: /data/Home/Documents
             - name: upload-appdata
               mountPath: /appcache/
-            
 {{ if .Values.sharedlib }}        
             - name: shared-lib
               mountPath: /data/External
@@ -172,6 +156,11 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: status.hostIP
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
             - name: TERMINUSD_HOST
               value: $(NODE_IP):18088  
 {{ end }}
@@ -265,6 +254,10 @@ spec:
               value: {{ $files_postgres_password | b64dec }}
             - name: PGDB1
               value: os_framework_files
+            - name: UPLOAD_FILE_TYPE
+              value: '*'
+            - name: UPLOAD_LIMITED_SIZE
+              value: "118111600640"
             - name: POD_NAME
               valueFrom:
                 fieldRef:
@@ -280,6 +273,8 @@ spec:
           command:
             - /filebrowser
             - --noauth
+            - -p
+            - "8080"
         - name: uploader
           image: beclab/upload:v1.0.14
           env:
@@ -395,110 +390,6 @@ spec:
       port: 9090
       targetPort: 9090
 
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: appdata-backend
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: appdata-backend
-  annotations:
-    velero.io/exclude-from-backup: "true"
-spec:
-  selector:
-    matchLabels:
-      app: appdata-backend
-  template:
-    metadata:
-      labels:
-        app: appdata-backend
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-      initContainers:
-        - name: init-data
-          image: busybox:1.28
-          securityContext:
-            privileged: true
-            runAsNonRoot: false
-            runAsUser: 0
-          volumeMounts:
-          - name: fb-data
-            mountPath: /appdata
-          command:
-          - sh
-          - -c
-          - |
-            chown -R 1000:1000 /appdata
-        - args:
-          - -it
-          - nats.os-platform:4222
-          image: owncloudci/wait-for:latest
-          imagePullPolicy: IfNotPresent
-          name: check-nats
-      containers:
-        - name: files
-          image: beclab/files-server:v0.2.78
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            allowPrivilegeEscalation: true
-            runAsUser: 0
-            runAsNonRoot: false
-          volumeMounts:
-            - name: fb-data
-              mountPath: /appdata
-            - name: user-appdata-dir
-              mountPath: /data/AppData
-          ports:
-            - containerPort: 8110
-          env:
-            - name: ROOT_PREFIX
-              value: /data
-#            - name: FB_DATABASE
-#              value: /appdata/database/filebrowser.db
-#            - name: FB_CONFIG
-#              value: /appdata/config/settings.json
-#            - name: FB_ROOT
-#              value: /data
-            - name: OLARES_VERSION
-              value: '1.12'
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-          command:
-            - /filebrowser
-            - --noauth
-      volumes:
-        - name: user-appdata-dir
-          hostPath:
-            type: Directory
-            path: '{{ .Values.rootPath }}/userdata/Cache'
-        - name: fb-data
-          hostPath:
-            type: DirectoryOrCreate
-            path: '{{ .Values.rootPath }}/userdata/Cache/files-appdata'
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: appdata-backend-headless
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: appdata-backend
-spec:
-  selector:
-    app: appdata-backend
-  clusterIP: None
-  ports:
-    - protocol: TCP
-      port: 8110
-      targetPort: 8110
-
 ---
 apiVersion: v1
 kind: Secret
@@ -574,23 +465,12 @@ spec:
         secretKeyRef:
           key: files_nats_password
           name: files-nats-secrets
-    refs:
-      - appName: user-service
-        appNamespace: os
-        subjects:
-          - name: "files.*"
-            perm:
-              - pub
-              - sub
     subjects:
-      - export:
-          - appName: files-frontend
-            pub: allow
-            sub: allow
-          - appName: vault
-            pub: allow
-            sub: allow
-        name: files-notify
+      - name: "files.*"
+        permission:
+          pub: allow
+          sub: allow
+      - name: files-notify
         permission:
           pub: allow
           sub: allow
@@ -824,7 +704,7 @@ data:
         }
 
         location /upload {
-            proxy_pass http://127.0.0.1:40030;
+            proxy_pass http://127.0.0.1:8080;
             # rewrite ^/server(.*)$ $1 break;
 
             # Add original-request-related headers

framework/files/README.md

@@ -1 +1,5 @@
-# Files Backend
+# `files`
+
+## Overview
+
+The `files` component provides essential file management services within Olares. It is a core component that enables users to store, retrieve, and manage their files in a secure and efficient manner.

framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml

@@ -87,16 +87,15 @@ spec:
     spec:
       affinity:
         nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - preference:
-              matchExpressions:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
               - key: kubernetes.io/os
                 operator: In
                 values:
                 - linux
-              - key: node-role.kubernetes.io/master
+              - key: node-role.kubernetes.io/control-plane
                 operator: Exists
-            weight: 10
       serviceAccountName: tailscale
       securityContext:
         runAsUser: 1000

framework/headscale/README.md

@@ -1,3 +1,7 @@
-# headscale
+# `headscale`
 
-https://github.com/beclab/headscale
+## Overview
+
+The `headscale` component integrates Headscale, a self-hosted, open-source implementation of the Tailscale control server, into the Olares framework. This allows for the creation and management of secure, private networks for your Olares nodes and services, without relying on the public Tailscale service.
+
+For more information, visit the official [Headscale website](https://headscale.net).