Connect LiteLLM to nas-dashboard_internal and point dashboard-dev to the litellm container hostname so health probes work without host-loopback routing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Point dashboard-dev LiteLLM health checks at host.docker.internal so the container can reach the NAS LiteLLM service bound on localhost.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Switch env_file declarations back to string list syntax so Synology's docker compose parser accepts the LiteLLM and cc-connect compose files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Introduce a localhost-only LiteLLM service template and expose a protected dashboard health endpoint for operational visibility, while adding cc-connect mobile bridge templates with conservative defaults.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Keep LAN/Tailscale-home behavior for NAS-targeted links while converting remote :8443 URLs to standard HTTPS on public access so external links resolve correctly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Separate Tailscale IP detection from true LAN detection so public internet users routed through VPS no longer get non-routable port links in the sidebar.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Optimizations to reduce latency over Tailscale tunnel:
- Add GZip middleware for 70% bandwidth reduction (480KB → ~150KB)
- Cache static assets with immutable headers (1 year)
- Remove 500ms blocking CPU interval in system stats
These changes significantly improve dashboard load time over public network.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace 3 separate category renderers with single unified loop using Svelte snippet for icons
- Items now properly move between categories (Main/Media/Tools) via drag-and-drop
- buildLists() resolves items from global allItems map regardless of original category
- Convert all remaining conditional dark class strings to Tailwind dark: variants in Sidebar
- Fix body/html dark background to surface-950
- Add dark scrollbar styling
- Fix App.svelte wrapper to use Tailwind dark: classes instead of conditional strings
- Add dark:bg-surface-800 and dark:border-surface-700 to all cards in Dashboard, Docker, Files, Gitea
- Add dark text variants for headings, labels, and content text
- Add dark hover states for interactive elements
- Enable cross-category sidebar drag-and-drop
- Add Access Control card in Settings (admin-only): role defaults display, user overrides CRUD
- Add sidebar drag-and-drop reordering with per-user persistence in rbac.json
- Backend: GET/PUT /api/auth/preferences endpoints, sidebar order helpers in rbac.py
- Frontend: HTML5 drag API with grip handles, smart order merge, debounced save
- Preserve sidebar_order when updating page overrides
- Add rbac.py with User model, LDAP group-to-role mapping, page/write dependencies
- Proxy auth reads Remote-Groups header to resolve role from LDAP groups
- JWT tokens carry role claim, /me returns role + allowed pages
- Per-router page access control and viewer write protection
- Terminal WebSocket RBAC check
- Frontend filters sidebar links and routes by allowed pages
- Admin-only Settings page and RBAC override endpoints
- Mount rbac.json in docker-compose for page config persistence
- Skip internal API paths (/api/, /rest/, /backend/) from suspicious flagging
- Remove broad .php match that caught Speedtest's garbage.php
- Only flag 4xx on non-internal paths, ignore 5xx (service errors)
- Switch to shoutrrr notification URL format
- Use extra_hosts to resolve smtp.gmail.com to local tunnel (192.168.31.222:1587)
- Add URL-encoded SMTP credentials for shoutrrr URL compatibility
- SSH tunnel: NAS:1587 -> server2 -> smtp.gmail.com:587