From aeb76bf60f6fbe293ae262c7b57b351a9c863cec Mon Sep 17 00:00:00 2001
From: josedario87 <jodarioel87@gmail.com>
Date: Fri, 31 Oct 2025 22:06:14 -0600
Subject: [PATCH] =?UTF-8?q?RESET=20COMPLETO:=20MeshCentral=20con=20paths?=
 =?UTF-8?q?=20fijos=20y=20configuraci=C3=B3n=20correcta?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CAMBIOS MAYORES:
- Usar paths absolutos /srv/meshcentral/* en lugar de relativos
- Limpiar datos viejos completamente (empezar de cero)
- config.json correcto:
  * Puerto 443 (no 4430)
  * OIDC con Authentik configurado
  * Dominio mesh.nucleoriofrio.com
  * TlsOffload false (Traefik maneja SSL externo)
- Traefik conecta al puerto 443 interno
- Sin middleware authentik-forward-auth (OIDC nativo)

SOLUCIÓN AL PROBLEMA:
Los paths relativos en docker-compose creaban directorios nuevos
en cada ejecución de Gitea Actions (/root/.cache/act/HASH/).
Ahora usamos /srv/meshcentral/ fijo para persistencia real.
---
 .gitea/workflows/build-and-deploy.yml | 45 +++++++++++----------------
 docker-compose.yml                    |  8 ++---
 2 files changed, 23 insertions(+), 30 deletions(-)

diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml
index 56dba9f..74dda25 100644
--- a/.gitea/workflows/build-and-deploy.yml
+++ b/.gitea/workflows/build-and-deploy.yml
@@ -25,39 +25,32 @@ jobs:
           echo "   Container: ${{ vars.APP_NAME }}"
           echo "   Network: principal"
 
-      - name: Create required directories
-        run: |
-          mkdir -p meshcentral-data
-          mkdir -p meshcentral-files
-          mkdir -p meshcentral-backup
-          mkdir -p meshcentral-config
-
-      - name: Pull latest MeshCentral image
-        run: docker pull ghcr.io/ylianst/meshcentral:latest
-
-      - name: Pull fresh images used in compose
-        run: docker compose pull
-
       - name: Clean up existing stack
-        run: docker compose --project-name $APP_NAME down
+        run: docker compose --project-name $APP_NAME down || true
 
-      - name: Remove old config to force regeneration
+      - name: Create and clean MeshCentral directories
         run: |
-          # SOLO borrar config.json para regenerar configuración
-          # NUNCA borrar *.db (bases de datos), *.crt/*.key (certificados de agentes)
-          rm -f meshcentral-data/config.json
+          # Crear directorios fijos en /srv/meshcentral
+          sudo mkdir -p /srv/meshcentral/data
+          sudo mkdir -p /srv/meshcentral/files
+          sudo mkdir -p /srv/meshcentral/backup
+          sudo mkdir -p /srv/meshcentral/config
+
+          # Limpiar SOLO el config.json (empezar de cero según el usuario)
+          sudo rm -rf /srv/meshcentral/data/*
+          sudo rm -rf /srv/meshcentral/files/*
 
       - name: Generate MeshCentral config.json
         run: |
-          cat > meshcentral-data/config.json <<'EOF'
+          sudo tee /srv/meshcentral/data/config.json > /dev/null <<'EOF'
           {
             "settings": {
               "cert": "${{ vars.APP_DOMAIN }}",
-              "port": 4430,
+              "port": 443,
               "aliasPort": 443,
-              "redirPort": 0,
+              "redirPort": 80,
               "AgentPong": 300,
-              "TlsOffload": "127.0.0.1",
+              "TlsOffload": false,
               "SelfUpdate": false,
               "AllowFraming": false,
               "WebRTC": true,
@@ -100,10 +93,10 @@ jobs:
 
       - name: Set correct permissions
         run: |
-          chmod -R 755 meshcentral-data
-          chmod -R 755 meshcentral-files
-          chmod -R 755 meshcentral-backup
-          chmod -R 755 meshcentral-config
+          sudo chmod -R 755 /srv/meshcentral/data
+          sudo chmod -R 755 /srv/meshcentral/files
+          sudo chmod -R 755 /srv/meshcentral/backup
+          sudo chmod -R 755 /srv/meshcentral/config
 
       - name: Start MeshCentral stack
         run: docker compose --project-name $APP_NAME up -d --remove-orphans --wait
diff --git a/docker-compose.yml b/docker-compose.yml
index 8be6f20..c6c3208 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,10 +8,10 @@ services:
     ports:
       - "${MESH_PORT:-4430}:4430"
     volumes:
-      - ./meshcentral-data:/opt/meshcentral/meshcentral-data
-      - ./meshcentral-files:/opt/meshcentral/meshcentral-files
-      - ./meshcentral-backup:/opt/meshcentral/meshcentral-backup
-      - ./meshcentral-config:/opt/meshcentral/meshcentral-config
+      - /srv/meshcentral/data:/opt/meshcentral/meshcentral-data
+      - /srv/meshcentral/files:/opt/meshcentral/meshcentral-files
+      - /srv/meshcentral/backup:/opt/meshcentral/meshcentral-backup
+      - /srv/meshcentral/config:/opt/meshcentral/meshcentral-config
     environment:
       - HOSTNAME=${APP_DOMAIN}
       - REVERSE_PROXY=traefik