BE: ensure /db and /config dirs - reorder scripts #1327

Signed-off-by: jokob-sk <jokob.sk@gmail.com>

docs/COMMON_ISSUES.md

@@ -112,3 +112,11 @@ Slowness can be caused by:
 
 > See [Performance Tips](./PERFORMANCE.md) for detailed optimization steps.
 
+
+#### IP flipping
+
+With `ARPSCAN` scans some devices might flip IP addresses after each scan triggering false notifications. This is because some devices respond to broadcast calls and thus different IPs after scans are logged.
+
+See how to prevent IP flipping in the [ARPSCAN plugin guide](/front/plugins/arp_scan/README.md).
+
+Alternatively adjust your [notification settings](./NOTIFICATIONS.md) to prevent false positives by filtering out events or devices.

docs/PIHOLE_GUIDE.md

@@ -1,8 +1,29 @@
 # Integration with PiHole
 
-NetAlertX comes with 2 plugins suitable for integrating with your existing PiHole instance. One plugin is using a direct SQLite DB connection, the other leverages the DHCP.leases file generated by PiHole. You can combine both approaches and also supplement it with other [plugins](/docs/PLUGINS.md). 
+NetAlertX comes with 3 plugins suitable for integrating with your existing PiHole instance. The first plugin uses the v6 API, the second plugin is using a direct SQLite DB connection, the other leverages the `DHCP.leases` file generated by PiHole. You can combine multiple approaches and also supplement scans with other [plugins](/docs/PLUGINS.md).
 
-## Approach 1: `DHCPLSS` Plugin - Import devices from the PiHole DHCP leases file
+## Approach 1: `PIHOLEAPI` Plugin - Import devices directly from PiHole v6 API
+
+![PIHOLEAPI sample settings](./img/PIHOLE_GUIDE/PIHOLEAPI_settings.png)
+
+To use this approach make sure the Web UI password in **Pi-hole** is set.
+
+| Setting | Description | Recommended value |
+| :------------- | :------------- | :-------------|
+| `PIHOLEAPI_URL` | Your Pi-hole base URL including port.  | `http://192.168.1.82:9880/` |
+| `PIHOLEAPI_RUN_SCHD` | If you run multiple device scanner plugins, align the schedules of all plugins to the same value.  | `*/5 * * * *` |
+| `PIHOLEAPI_PASSWORD` | The Web UI base64 encoded (en-/decoding handled by the app) admin password. | `passw0rd` |
+| `PIHOLEAPI_SSL_VERIFY` | Whether to verify HTTPS certificates. Disable only for self-signed certificates. | `False` |
+| `PIHOLEAPI_API_MAXCLIENTS` | Maximum number of devices to request from Pi-hole. Defaults are usually fine. | `500` |
+| `PIHOLEAPI_FAKE_MAC` | Generate FAKE MAC from IP. | `False` |
+
+Check the [PiHole API plugin readme](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/pihole_api_scan/) for details and troubleshooting.
+
+### docker-compose changes
+
+No changes needed
+
+## Approach 2: `DHCPLSS` Plugin - Import devices from the PiHole DHCP leases file
 
 ![DHCPLSS sample settings](./img/PIHOLE_GUIDE/DHCPLSS_pihole_settings.png)
 
@@ -23,12 +44,12 @@ Check the [DHCPLSS plugin readme](https://github.com/jokob-sk/NetAlertX/tree/mai
 | `:/etc/pihole/dhcp.leases` |  PiHole's `dhcp.leases` file. Required if you want to use PiHole `dhcp.leases` file. This has to be matched with a corresponding `DHCPLSS_paths_to_check` setting entry (the path in the container must contain `pihole`) |
 
 
-## Approach 2: `PIHOLE` Plugin - Import devices directly from the PiHole database
+## Approach 3: `PIHOLE` Plugin - Import devices directly from the PiHole database
 
 ![DHCPLSS sample settings](./img/PIHOLE_GUIDE/PIHOLE_settings.png)
 
 | Setting | Description | Recommended value |
-| :------------- | :------------- | :-------------| 
+| :------------- | :------------- | :-------------|
 | `PIHOLE_RUN` | When the plugin should run.  | `schedule` |
 | `PIHOLE_RUN_SCHD` | If you run multiple device scanner plugins, align the schedules of all plugins to the same value.  | `*/5 * * * *` |
 | `PIHOLE_DB_PATH` | You need to map the value in this setting in the `docker-compose.yml` file. | `/etc/pihole/pihole-FTL.db` |

install/production-filesystem/entrypoint.d/0-ensure-dir-structure.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+# 02-ensure-folders.sh - ensure /config and /db exist under /data
+
+set -eu
+
+YELLOW=$(printf '\033[1;33m')
+CYAN=$(printf '\033[1;36m')
+RED=$(printf '\033[1;31m')
+RESET=$(printf '\033[0m')
+
+DATA_DIR=${NETALERTX_DATA:-/data}
+TARGET_CONFIG=${NETALERTX_CONFIG:-${DATA_DIR}/config}
+TARGET_DB=${NETALERTX_DB:-${DATA_DIR}/db}
+
+ensure_folder() {
+    my_path="$1"
+    if [ ! -d "${my_path}" ]; then
+        >&2 printf "%s" "${CYAN}"
+        >&2 echo "Creating missing folder: ${my_path}"
+        >&2 printf "%s" "${RESET}"
+        mkdir -p "${my_path}" || {
+            >&2 printf "%s" "${RED}"
+            >&2 echo "❌ Failed to create folder: ${my_path}"
+            >&2 printf "%s" "${RESET}"
+            exit 1
+        }
+        chmod 700 "${my_path}" 2>/dev/null || true
+    fi
+}
+
+# Ensure subfolders exist
+ensure_folder "${TARGET_CONFIG}"
+ensure_folder "${TARGET_DB}"
+
+exit 0

install/production-filesystem/entrypoint.d/31-apply-conf-override.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+# override-config.sh - Handles APP_CONF_OVERRIDE environment variable
+
+OVERRIDE_FILE="${NETALERTX_CONFIG}/app_conf_override.json"
+
+# Ensure config directory exists
+mkdir -p "$(dirname "$NETALERTX_CONFIG")" || {
+    >&2 echo "ERROR: Failed to create config directory $(dirname "$NETALERTX_CONFIG")"
+    exit 1
+}
+
+# Remove old override file if it exists
+rm -f "$OVERRIDE_FILE"
+
+# Check if APP_CONF_OVERRIDE is set
+if [ -z "$APP_CONF_OVERRIDE" ]; then
+    >&2 echo "APP_CONF_OVERRIDE is not set. Skipping override config file creation."
+else
+    # Save the APP_CONF_OVERRIDE env variable as a JSON file
+    echo "$APP_CONF_OVERRIDE" > "$OVERRIDE_FILE" || {
+        >&2 echo "ERROR: Failed to write override config to $OVERRIDE_FILE"
+        exit 2
+    }
+
+    RESET=$(printf '\033[0m')
+    >&2 cat <<EOF
+══════════════════════════════════════════════════════════════════════════════
+📝  APP_CONF_OVERRIDE detected. Configuration written to $OVERRIDE_FILE.
+
+    Make sure the JSON content is correct before starting the application.
+══════════════════════════════════════════════════════════════════════════════
+EOF
+
+    >&2 printf "%s" "${RESET}"
+fi

install/production-filesystem/entrypoint.d/99-ports-available.sh

@@ -5,22 +5,22 @@
 
 # Define ports from ENV variables, applying defaults
 PORT_APP=${PORT:-20211}
-PORT_GQL=${APP_CONF_OVERRIDE:-${GRAPHQL_PORT:-20212}}
+# PORT_GQL=${APP_CONF_OVERRIDE:-${GRAPHQL_PORT:-20212}}
 
-# Check if ports are configured to be the same
-if [ "$PORT_APP" -eq "$PORT_GQL" ]; then
-    cat <<EOF
-══════════════════════════════════════════════════════════════════════════════
-⚠️  Configuration Warning: Both ports are set to ${PORT_APP}.
+# # Check if ports are configured to be the same
+# if [ "$PORT_APP" -eq "$PORT_GQL" ]; then
+#     cat <<EOF
+# ══════════════════════════════════════════════════════════════════════════════
+# ⚠️  Configuration Warning: Both ports are set to ${PORT_APP}.
 
-    The Application port (\$PORT) and the GraphQL API port
-    (\$APP_CONF_OVERRIDE or \$GRAPHQL_PORT) are configured to use the
-    same port. This will cause a conflict.
+#     The Application port (\$PORT) and the GraphQL API port
+#     (\$APP_CONF_OVERRIDE or \$GRAPHQL_PORT) are configured to use the
+#     same port. This will cause a conflict.
 
-    https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/port-conflicts.md
-══════════════════════════════════════════════════════════════════════════════
-EOF
-fi
+#     https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/port-conflicts.md
+# ══════════════════════════════════════════════════════════════════════════════
+# EOF
+# fi
 
 # Check for netstat (usually provided by busybox)
 if ! command -v netstat >/dev/null 2>&1; then
@@ -53,17 +53,17 @@ if echo "$LISTENING_PORTS" | grep -q ":${PORT_APP}$"; then
 EOF
 fi
 
-# Check GraphQL Port
-# We add a check to avoid double-warning if ports are identical AND in use
-if [ "$PORT_APP" -ne "$PORT_GQL" ] && echo "$LISTENING_PORTS" | grep -q ":${PORT_GQL}$"; then
-    cat <<EOF
-══════════════════════════════════════════════════════════════════════════════
-⚠️  Port Warning: GraphQL API port ${PORT_GQL} is already in use.
+# # Check GraphQL Port
+# # We add a check to avoid double-warning if ports are identical AND in use
+# if [ "$PORT_APP" -ne "$PORT_GQL" ] && echo "$LISTENING_PORTS" | grep -q ":${PORT_GQL}$"; then
+#     cat <<EOF
+# ══════════════════════════════════════════════════════════════════════════════
+# ⚠️  Port Warning: GraphQL API port ${PORT_GQL} is already in use.
 
-    The GraphQL API (defined by \$APP_CONF_OVERRIDE or \$GRAPHQL_PORT)
-    may fail to start.
+#     The GraphQL API (defined by \$APP_CONF_OVERRIDE or \$GRAPHQL_PORT)
+#     may fail to start.
 
-    https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/port-conflicts.md
-══════════════════════════════════════════════════════════════════════════════
-EOF
-fi
+#     https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/port-conflicts.md
+# ══════════════════════════════════════════════════════════════════════════════
+# EOF
+# fi