lhumina_code/hero_os_tfgrid_deployer
0
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

D5 — admin UI (list users, deploy/delete actions, per-user state view) #7

New issue
Open
opened 2026-05-20 21:42:11 +00:00 by mik-tf · 0 comments
mik-tf commented 2026-05-20 21:42:11 +00:00
Owner
Copy link

D5 — admin UI (list users, deploy/delete actions, per-user state view)

Sub-issue of #? (v0.1 scope). The Rust + Askama dashboard the team operator uses to drive the deployer.

What this does

The end-state for v0.1: a team operator opens the deployer's admin UI in a browser, sees a table of demo users + VMs, clicks "Create user" or "Decommission VM", and the deployer drives it.

Pages

/users — user list

  • Table: forge_username, display_name, # VMs, last activity, actions
  • "Create user" button → opens modal form (forge_username, display_name, optional email) → POSTs to deployer.create_user → result modal shows initial password + "share OOB" reminder + "Create VM for this user" button
  • Filters: search by username; show decommissioned

/users/<id> — user detail

  • Forge metadata
  • SSH key fingerprint
  • VM list with state + per-VM actions (open gateway, view logs, restart bootstrap, decommission)
  • "Deploy new VM" button → modal: profile picker (demo / lightweight / custom) + node picker (auto / 1 / 8 / 13 / 50)
  • Event log (last 50 events)

/vms — VM list

  • Table: user, fqdn, state, node, profile, provisioned_at
  • Filters by state (provisioning / ready / failed / decommissioned)
  • Bulk decommission for batch operations (admin-only confirm + double-prompt for >1 VM)

/vms/<id> — VM detail

  • Live state (calls deployer.get_vm which fetches from the underlying VmBackend)
  • Bootstrap log (streamed during provisioning, retained after)
  • Gateway URL + "Open in new tab" button
  • Per-VM ops: restart bootstrap (re-runs setup-binaries.sh), redeploy gateway, decommission

/settings — deployer config

  • VM backend selection (OpenTofu vs hero_compute) — read-only display in v0.1 (changing requires deployer restart)
  • Forge admin token rotation
  • Default profile dropdown
  • Per-node policy (which nodes to schedule on, headroom thresholds — pulled from gridproxy.grid.tf at display time)

API additions to deployer_server

  • deployer.create_vm(user_id, profile, node_id?) -> VmInfo
  • deployer.delete_vm(vm_id, confirm: bool) -> ()
  • deployer.restart_bootstrap(vm_id) -> JobId — for fixing a failed bootstrap without redeploying
  • deployer.get_vm(vm_id) -> VmInfo — joins sqlite state + live state from the VmBackend
  • deployer.list_events(vm_id?, user_id?, limit) -> [Event]
  • SSE stream deployer.events.subscribe — admin UI subscribes for live updates

Auth model for admin UI

  • v0.1: behind hero_proxy's OAuth-via-Forge with allowed_pubkeys set to the team admin group (TBD with Forge admin)
  • Single role: "deployer admin". No tenancy splits.

Acceptance criteria

  • Operator can create + deploy + decommission a user end-to-end via the admin UI without touching the CLI
  • Bootstrap progress visible in real time during provisioning
  • All actions emit events to the events table; audit trail browsable
  • Forge OAuth gate is enforced (no anonymous access)
  • Mobile-readable (Bootstrap 5.3 dark theme handles this for free)

References

  • Cockpit spec (user-facing counterpart): hero_cockpit#1
  • Umbrella: #? (v0.1 scope)
  • Skills: /hero_ui_dashboard_admin · /hero_ui_theme · /hero_ui_whitelists
## D5 — admin UI (list users, deploy/delete actions, per-user state view) Sub-issue of [`#?` (v0.1 scope)](https://forge.ourworld.tf/lhumina_code/hero_os_tfgrid_deployer/issues/2). The Rust + Askama dashboard the team operator uses to drive the deployer. ## What this does The end-state for v0.1: a team operator opens the deployer's admin UI in a browser, sees a table of demo users + VMs, clicks "Create user" or "Decommission VM", and the deployer drives it. ## Pages ### `/users` — user list - Table: forge_username, display_name, # VMs, last activity, actions - "Create user" button → opens modal form (forge_username, display_name, optional email) → POSTs to `deployer.create_user` → result modal shows initial password + "share OOB" reminder + "Create VM for this user" button - Filters: search by username; show decommissioned ### `/users/<id>` — user detail - Forge metadata - SSH key fingerprint - VM list with state + per-VM actions (open gateway, view logs, restart bootstrap, decommission) - "Deploy new VM" button → modal: profile picker (demo / lightweight / custom) + node picker (auto / 1 / 8 / 13 / 50) - Event log (last 50 events) ### `/vms` — VM list - Table: user, fqdn, state, node, profile, provisioned_at - Filters by state (provisioning / ready / failed / decommissioned) - Bulk decommission for batch operations (admin-only confirm + double-prompt for >1 VM) ### `/vms/<id>` — VM detail - Live state (calls `deployer.get_vm` which fetches from the underlying VmBackend) - Bootstrap log (streamed during provisioning, retained after) - Gateway URL + "Open in new tab" button - Per-VM ops: restart bootstrap (re-runs setup-binaries.sh), redeploy gateway, decommission ### `/settings` — deployer config - VM backend selection (OpenTofu vs hero_compute) — read-only display in v0.1 (changing requires deployer restart) - Forge admin token rotation - Default profile dropdown - Per-node policy (which nodes to schedule on, headroom thresholds — pulled from gridproxy.grid.tf at display time) ## API additions to `deployer_server` - `deployer.create_vm(user_id, profile, node_id?) -> VmInfo` - `deployer.delete_vm(vm_id, confirm: bool) -> ()` - `deployer.restart_bootstrap(vm_id) -> JobId` — for fixing a failed bootstrap without redeploying - `deployer.get_vm(vm_id) -> VmInfo` — joins sqlite state + live state from the VmBackend - `deployer.list_events(vm_id?, user_id?, limit) -> [Event]` - SSE stream `deployer.events.subscribe` — admin UI subscribes for live updates ## Auth model for admin UI - v0.1: behind hero_proxy's OAuth-via-Forge with `allowed_pubkeys` set to the team admin group (TBD with Forge admin) - Single role: "deployer admin". No tenancy splits. ## Acceptance criteria - Operator can create + deploy + decommission a user end-to-end via the admin UI without touching the CLI - Bootstrap progress visible in real time during provisioning - All actions emit events to the events table; audit trail browsable - Forge OAuth gate is enforced (no anonymous access) - Mobile-readable (Bootstrap 5.3 dark theme handles this for free) ## References - Cockpit spec (user-facing counterpart): [`hero_cockpit#1`](https://forge.ourworld.tf/lhumina_code/hero_cockpit/issues/1) - Umbrella: [`#?` (v0.1 scope)](https://forge.ourworld.tf/lhumina_code/hero_os_tfgrid_deployer/issues/2) - Skills: `/hero_ui_dashboard_admin` · `/hero_ui_theme` · `/hero_ui_whitelists`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_os_tfgrid_deployer#7
No description provided.