History

mwiegand 406f2196f8 fix(l4d2-web): write sandbox script tmpfile under LEFT4ME_ROOT, not /tmp The web service unit has PrivateTmp=yes: its /tmp is a per-instance namespace at /tmp/systemd-private-X-left4me-web.service-Y/tmp/ from PID 1's perspective. When ScriptBuilder writes /tmp/tmpXXX.sh and passes that path to the sandbox helper, systemd-run asks PID 1 to set up BindReadOnlyPaths=${SCRIPT}:/script.sh — but PID 1 lives in the host namespace and can't resolve the web service's PrivateTmp path. The unit fails to start with status=226/NAMESPACE and "Failed to set up mount namespacing: /script.sh: No such file or directory". Move the tmpfile to ${LEFT4ME_ROOT}/sandbox-scripts/. /var/lib is not affected by PrivateTmp (only /tmp and /var/tmp are), so PID 1 can resolve the path. The web service has ReadWritePaths=/var/lib/left4me already, and the directory is created on demand by Python. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-05-08 17:14:21 +02:00
..
alembic	feat(l4d2-web): script overlay schema — add overlay.script + last_build_status, drop globals tables	2026-05-08 15:33:04 +02:00
routes	fix(l4d2-web): normalize CRLF to LF in script overlay POST	2026-05-08 16:20:10 +02:00
services	fix(l4d2-web): write sandbox script tmpfile under LEFT4ME_ROOT, not /tmp	2026-05-08 17:14:21 +02:00
static	feat(web): blueprint-prefilled create-server flow + empty-state CTA	2026-05-07 01:47:33 +02:00
templates	feat(l4d2-web): script overlay UI	2026-05-08 15:50:36 +02:00
tests	fix(l4d2-web): normalize CRLF to LF in script overlay POST	2026-05-08 16:20:10 +02:00
__init__.py	chore(l4d2): flatten component layout	2026-05-05 23:47:06 +02:00
alembic.ini	chore(l4d2): flatten component layout	2026-05-05 23:47:06 +02:00
app.py	feat(l4d2-web): workshop overlay UI (routes + templates)	2026-05-07 16:50:54 +02:00
auth.py	fix(l4d2-web): reject encoded unsafe redirects	2026-05-06 13:24:04 +02:00
cli.py	refactor(l4d2-web): drop global-overlays subsystem in favor of script type	2026-05-08 15:43:41 +02:00
config.py	feat(web): forms in modals, edit/delete on detail pages, port auto-assign	2026-05-07 01:30:33 +02:00
db.py	feat(deploy): add production-like test deployment	2026-05-06 19:30:10 +02:00
models.py	feat(l4d2-web): script overlay schema — add overlay.script + last_build_status, drop globals tables	2026-05-08 15:33:04 +02:00
pyproject.toml	refactor(l4d2-web): drop global-overlays subsystem in favor of script type	2026-05-08 15:43:41 +02:00
README.md	feat(deploy): add production-like test deployment	2026-05-06 19:30:10 +02:00

README.md

l4d2-web-app

Flask web app for managing L4D2 servers through user-private blueprints.

Key v1 behaviors

Local username/password login; no public signup
Admin-managed overlay catalog
Private blueprints per user
Server creation from blueprints (live-linked; no per-server blueprint overrides)
Async job model with persisted command logs in job_logs
Desired vs actual state model
Live logs for jobs and servers via SSE endpoints
Host operations go through l4d2ctl via a local host command runner, not direct l4d2host imports

Frontend constraints

Server-rendered templates (Jinja)
Vendored HTMX (static/vendor/htmx.min.js)
Custom CSS only
Tokenized, consistent link and accent colors

Development

python3 -m venv .venv
.venv/bin/pip install -e .
.venv/bin/pytest tests -q

Configuration

The web app reads these settings from the environment:

DATABASE_URL: SQLAlchemy database URL, for example sqlite:////var/lib/left4me/left4me.db.
SECRET_KEY: Flask secret key used for sessions and CSRF-sensitive state.
JOB_WORKER_THREADS: number of background job worker threads.

In the systemd deployment, environment is loaded from /etc/left4me/host.env and /etc/left4me/web.env.

Admin Bootstrap

Create the first admin account with the Flask CLI. Provide the password through LEFT4ME_ADMIN_PASSWORD:

LEFT4ME_ADMIN_PASSWORD='change-me' flask create-user <username> --admin