[🤖Automation] Update README with sponsors information

Currently translated at 100.0% (737 of 737 strings)

Translation: NetAlertX/core
Translate-URL: https://hosted.weblate.org/projects/pialert/core/uk/

.dockerignore

@@ -5,9 +5,15 @@
 .gitignore
 docker-compose.yml
 Dockerfile
+Dockerfile.debian
 dockerfiles/LICENSE
 dockerfiles/README.md
+dockerfiles/README_ES.md
 docs
 LICENSE.txt
 README.md
 CONTRIBUTING
+FUNDING.yml
+config/.gitignore
+db/.gitignore
+

.env

@@ -7,8 +7,6 @@ LOGS_LOCATION=/path/to/docker_logs
 #ENVIRONMENT VARIABLES
 
 TZ=Europe/Paris
-HOST_USER_ID=1000
-HOST_USER_GID=1000
 PORT=20211
 
 #DEVELOPMENT VARIABLES

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,20 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: ''
-assignees: ''
-
----
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,52 @@
+name: Feature Request
+description: 'Suggest an idea for NetAlertX'
+labels: ['Feature request➕']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    description: Please search to see if an open or closed issue already exists for the feature you are requesting. 
+    options:
+    - label: I have searched the existing open and closed issues
+      required: true
+- type: textarea
+  attributes:
+    label: Is your feature request related to a problem? Please describe
+    description: A clear and concise description of what the problem is.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the solution you'd like
+    description: A clear and concise description of what you want to happen.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Describe alternatives you've considered
+    description: A clear and concise description of any alternative solutions or features you've considered.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Anything else?
+    description: |
+      Links? References? Mockups? Anything that will give us more context about the feature you are encountering!
+      
+      Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+  validations:
+    required: true
+- type: checkboxes
+  attributes:
+    label: Am I willing to test this? 🧪
+    description: I rely on the community to test unreleased features. If you are requesting a feature, please be willing to test it within 48h of test request. Otherwise, the feature might be pulled from the code base. 
+    options:
+    - label: I will do my best to test this feature on the `netlertx-dev` image when requested within 48h and report bugs to help deliver a great user experience for everyone and not to break existing installations.
+      required: true
+- type: checkboxes
+  attributes:
+    label: Can I help implement this? 👩‍💻👨‍💻 
+    description: The maintainer will provide guidance and help. The implementer will read the PR guidelines https://github.com/jokob-sk/NetAlertX/tree/main/docs#-pull-requests-prs
+    options:
+    - label: "Yes"
+    - label: "No"

.github/ISSUE_TEMPLATE/i-have-an-issue.md

@@ -1,46 +0,0 @@
----
-name: I have an issue
-about: Describe this issue template's purpose here.
-title: ''
-labels: ''
-assignees: ''
-
----
-
-**Describe the issue**
-
-
-**Paste last few lines from `pialert.log`**
-
-```
-
-paste here
-
-```
-
-**Paste your `pialert.conf` (remove personal info)**
-
-```
-
-paste here
-
-```
-
-**Paste your `docker-compose.yml` and `.env` (remove personal info)**
-
-`docker-compose.yml` 
-```
-
-paste here
-
-```
-
-
-`.env` 
-```
-
-paste here
-
-```
-**Screenshots**
-If applicable, add screenshots to help explain your problem.

.github/ISSUE_TEMPLATE/i-have-an-issue.yml

@@ -0,0 +1,86 @@
+name: Bug Report
+description: 'When submitting an issue enable LOG_LEVEL="trace" and have a look at the docs.'
+labels: ['bug 🐛']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    description: Please search to see if an open or closed issue already exists for the bug you encountered.
+    options:
+    - label: I have searched the existing open and closed issues and I checked the docs https://github.com/jokob-sk/NetAlertX/tree/main/docs
+      required: true
+- type: checkboxes
+  attributes:
+    label: The issue occurs in the following browsers. Select at least 2.
+    description: This step helps me understand if this is a cache or browser-specific issue. 
+    options:
+    - label: "Firefox"
+    - label: "Chrome"
+    - label: "Edge"
+    - label: "Safari (unsupported) - PRs welcome"
+    - label: "N/A - This is an issue with the backend"
+- type: textarea
+  attributes:
+    label: Current Behavior
+    description: A concise description of what you're experiencing.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Expected Behavior
+    description: A concise description of what you expected to happen.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Steps To Reproduce
+    description: Steps to reproduce the behavior.
+    placeholder: |
+      1. With these settings...
+      2. With this config...
+      3. Run '...'
+      4. See error...
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: app.conf
+    description: |
+      Paste your `app.conf` (remove personal info)    
+    render: python
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: docker-compose.yml
+    description: |
+      Paste your `docker-compose.yml`    
+    render: python
+  validations:
+    required: false
+- type: dropdown
+  attributes:
+    label: What branch are you running?
+    options:
+      - Production
+      - Dev
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: app.log
+    description: |
+      Logs with debug enabled (https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md) ⚠
+      ***Generally speaking, all bug reports should have logs provided.***
+      Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+      Additionally, any additional info? Screenshots? References? Anything that will give us more context about the issue you are encountering!
+      You can use `tail -100 /app/log/app.log` in the container if you have trouble getting to the log files. 
+  validations:
+    required: false
+- type: checkboxes
+  attributes:
+    label: Debug enabled
+    description: I confirm I enabled `debug`
+    options:
+    - label: I have read and followed the steps in the wiki link above and provided the required debug logs and the log section covers the time when the issue occurs.
+      required: true

.github/workflows/docker_cache-cleaner.yml

@@ -0,0 +1,25 @@
+name: 🤖Automation - ci-package-cleaner
+
+on:
+
+  workflow_dispatch: # manual option
+
+  # schedule:
+  #   - cron: '15 22 * * 1' # every Monday 10.15pm UTC (~11.15am Tuesday NZT)
+
+jobs:
+
+  package-cleaner:
+    name: package-cleaner
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      packages: write
+    steps:
+
+      - uses: actions/delete-package-versions@v4
+        with: 
+          package-name: netalertx
+          package-type: container
+          min-versions-to-keep: 0
+          delete-only-untagged-versions: true

.github/workflows/docker_dev.yml

@@ -14,28 +14,41 @@ on:
 jobs: 
   docker_dev:
     runs-on: ubuntu-latest
-    if: contains(github.event.head_commit.message, 'PUSHPROD') != 'True'
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      packages: write
+    if: >
+      contains(github.event.head_commit.message, 'PUSHPROD') != 'True' &&
+      github.repository == 'jokob-sk/NetAlertX'  
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Set up dynamic build ARGs
-        id: getargs       
+        id: getargs        
         run: echo "version=$(cat ./stable/VERSION)" >> $GITHUB_OUTPUT
 
+      - name: Get release version
+        id: get_version
+        run: echo "::set-output name=version::${{ 'Dev' }}"
+
+      - name: Create .VERSION file
+        run: echo "${{ steps.get_version.outputs.version }}" >> .VERSION
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
         with:
           # list of Docker images to use as base name for tags
           images: |
-            jokobsk/pi.alert_dev
+            jokobsk/netalertx-dev
           # generate Docker tags based on the following events/attributes
           tags: |
             type=raw,value=latest
@@ -47,18 +60,32 @@ jobs:
             type=semver,pattern={{major}}
             type=sha
 
+      - name: Log in to Github Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: jokob-sk
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      # # Disable this after use
+      # - name: Prune Docker Builder
+      #   run: docker builder prune --force
+
       - name: Build and push
         uses: docker/build-push-action@v3
         with:
           context: .
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          # # ⚠ disable cache if build is failing to download debian packages
+          # cache-from: type=registry,ref=ghcr.io/jokob-sk/netalertx:buildcache
+          # cache-to: type=registry,ref=ghcr.io/jokob-sk/netalertx:buildcache,mode=max

.github/workflows/docker_prod.yml

@@ -12,24 +12,36 @@ name: Publish Docker image
 on:
   release:
     types: [published]
-
+    tags:
+      - '*.[1-9]+[0-9]?.[1-9]+*'
 jobs:
   docker:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      packages: write
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Set up dynamic build ARGs
         id: getargs        
         run: echo "version=$(cat ./stable/VERSION)" >> $GITHUB_OUTPUT
 
+      - name: Get release version
+        id: get_version
+        run: echo "::set-output name=version::${GITHUB_REF#refs/tags/}"
+
+      - name: Create .VERSION file
+        run: echo "${{ steps.get_version.outputs.version }}" >> .VERSION
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
@@ -37,19 +49,26 @@ jobs:
           # list of Docker images to use as base name for tags
           images: |
             jokobsk/pi.alert
+            jokobsk/netalertx
           # generate Docker tags based on the following events/attributes
           tags: |
-            type=raw,value=latest
-            type=schedule
-            type=ref,event=branch
+            type=semver,pattern={{version}},value=${{ inputs.version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ inputs.version }}
+            type=semver,pattern={{major}},value=${{ inputs.version }}
+            type=ref,event=branch,suffix=-{{ sha }}
             type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
+
+      - name: Log in to Github Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: jokob-sk
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -58,7 +77,10 @@ jobs:
         uses: docker/build-push-action@v3
         with:
           context: .
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          # # ⚠ disable cache if build is failing to download debian packages
+          # cache-from: type=registry,ref=ghcr.io/jokob-sk/netalertx:buildcache
+          # cache-to: type=registry,ref=ghcr.io/jokob-sk/netalertx:buildcache,mode=max

.github/workflows/update_sponsors_table.yml

@@ -0,0 +1,29 @@
+name: 🤖Automation - Update Sponsors Table
+
+on:
+  schedule:
+    - cron: '50 11 * * *' # Set your preferred schedule (UTC)
+
+jobs:
+  update-table:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.8
+
+      - name: Install Dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r update_sponsors_requirements.txt  # If you have any Python dependencies
+
+      - name: Update Sponsors Table
+        run: |
+          python update_sponsors.py
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,8 +1,33 @@
 .vscode
 .DS_Store
+config/*
 config/pialert.conf
+config/app.conf
 db/*
+db/pialert.db
+db/app.db
 front/log/*
+/log/*
 front/api/*
+/api/*
+**/plugins/**/*.log
 **/%40eaDir/
 **/@eaDir/
+
+__pycache__/
+*.py[cod]
+*$py.class
+
+**/last_result.log
+**/script.log
+**/pialert.conf_bak
+**/pialert.db_bak
+.*.swp
+
+front/img/account/*
+**/account.php
+**/account.js
+front/css/account.css
+
+docker-compose.yml.ffsb42
+.env.omada.ffsb42

CONTRIBUTING

@@ -6,8 +6,8 @@ The issue tracker is the preferred channel for bug reports, features requests an
 
 Before submitting a new issue please spend a couple of minutes on research:
 
-* Check [🛑 Common issues](https://github.com/jokob-sk/Pi.Alert/tree/main/dockerfiles#-common-issues) 
-* Check [💡 Closed issues](https://github.com/jokob-sk/Pi.Alert/issues?q=is%3Aissue+is%3Aclosed) if a similar issue was solved in the past.
+* Check [🛑 Common issues](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#common-issues) 
+* Check [💡 Closed issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed) if a similar issue was solved in the past.
 
 ## Pull-requests (PRs)
 

Dockerfile

@@ -1,48 +1,77 @@
-FROM debian:bullseye-slim
+FROM alpine:3.20 AS builder
 
-# default UID and GID
-ENV USER=pi USER_ID=1000 USER_GID=1000 TZ=Europe/London PORT=20211
+ARG INSTALL_DIR=/app
 
-# Todo, figure out why using a workdir instead of full paths don't work
-# Todo, do we still need all these packages? I can already see sudo which isn't needed
+ENV PYTHONUNBUFFERED=1
 
-RUN apt-get update \
-    && apt-get install --no-install-recommends tini ca-certificates curl libwww-perl arp-scan perl apt-utils cron sudo nginx-light php php-cgi php-fpm php-sqlite3 php-curl sqlite3 dnsutils net-tools python3 iproute2 nmap python3-pip zip -y \
-    && pip3 install requests paho-mqtt scapy cron-converter pytz json2table \
-    && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 \
-    && apt-get clean autoclean \
-    && apt-get autoremove \
-    && rm -rf /var/lib/apt/lists/* \
-    && rm -rf /var/www/html \
-    && ln -s /home/pi/pialert/front /var/www/html 
+# Install build dependencies
+RUN apk add --no-cache bash python3 python3-dev gcc musl-dev libffi-dev openssl-dev git\
+    && python -m venv /opt/venv
 
-# create pi user and group
-# add root and www-data to pi group so they can r/w files and db
-RUN groupadd --gid "${USER_GID}" "${USER}" && \
-    useradd \
-        --uid ${USER_ID} \
-        --gid ${USER_GID} \
-        --create-home \
-        --shell /bin/bash \
-        ${USER} && \
-    usermod -a -G ${USER_GID} root && \
-    usermod -a -G ${USER_GID} www-data
+# Enable venv
+ENV PATH="/opt/venv/bin:$PATH"
 
-COPY --chmod=775 --chown=${USER_ID}:${USER_GID} . /home/pi/pialert/
+COPY . ${INSTALL_DIR}/
 
-# Pi.Alert
-RUN rm /etc/nginx/sites-available/default \
-    && ln -s /home/pi/pialert/install/default /etc/nginx/sites-available/default \
-    && sed -ie 's/listen 80/listen '${PORT}'/g' /etc/nginx/sites-available/default \
-    # run the hardware vendors update
-    && /home/pi/pialert/back/update_vendors.sh \
-    # Create a backup of the pialert.conf to be used if the user didn't supply a configuration file
-    && cp /home/pi/pialert/config/pialert.conf /home/pi/pialert/back/pialert.conf_bak \
-    # Create a backup of the pialert.db to be used if the user didn't supply a database
-    && cp /home/pi/pialert/db/pialert.db /home/pi/pialert/back/pialert.db_bak \
-    # Create a buildtimestamp.txt to later check if a new version was released
-    && date +%s > /home/pi/pialert/front/buildtimestamp.txt
 
-ENTRYPOINT ["tini", "--"]
+RUN pip install graphene flask netifaces tplink-omada-client pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros git+https://github.com/foreign-sub/aiofreepybox.git \
+    && bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \
+    && bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \
+    && bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py'  -o -name 'speedtest-cli' \) -exec chmod 750 {} \;"
 
-CMD ["/home/pi/pialert/dockerfiles/start.sh"]
+# Append Iliadbox certificate to aiofreepybox
+RUN printf "\n-----BEGIN CERTIFICATE-----\n\
+MIICOjCCAcCgAwIBAgIUI0Tu7zsrBJACQIZgLMJobtbdNn4wCgYIKoZIzj0EAwIw\n\
+TDELMAkGA1UEBhMCSVQxDjAMBgNVBAgMBUl0YWx5MQ4wDAYDVQQKDAVJbGlhZDEd\n\
+MBsGA1UEAwwUSWxpYWRib3ggRUNDIFJvb3QgQ0EwHhcNMjAxMTI3MDkzODEzWhcN\n\
+NDAxMTIyMDkzODEzWjBMMQswCQYDVQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDjAM\n\
+BgNVBAoMBUlsaWFkMR0wGwYDVQQDDBRJbGlhZGJveCBFQ0MgUm9vdCBDQTB2MBAG\n\
+ByqGSM49AgEGBSuBBAAiA2IABMryJyb2loHNAioY8IztN5MI3UgbVHVP/vZwcnre\n\
+ZvJOyDvE4HJgIti5qmfswlnMzpNbwf/MkT+7HAU8jJoTorRm1wtAnQ9cWD3Ebv79\n\
+RPwtjjy3Bza3SgdVxmd6fWPUKaNjMGEwHQYDVR0OBBYEFDUij/4lpoJ+kOXRyrcM\n\
+jf2RPzOqMB8GA1UdIwQYMBaAFDUij/4lpoJ+kOXRyrcMjf2RPzOqMA8GA1UdEwEB\n\
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQC6eUV1\n\
+pFh4UpJOTc1JToztN4ttnQR6rIzxMZ6mNCe+nhjkohWp24pr7BpUYSbEizYCMAQ6\n\
+LCiBKV2j7QQGy7N1aBmdur17ZepYzR1YV0eI+Kd978aZggsmhjXENQYVTmm/XA==\n\
+-----END CERTIFICATE-----\n" >> /opt/venv/lib/python3.12/site-packages/aiofreepybox/freebox_certificates.pem
+
+# second stage
+FROM alpine:3.20 AS runner
+
+ARG INSTALL_DIR=/app
+
+COPY --from=builder /opt/venv /opt/venv
+
+# Enable venv
+ENV PATH="/opt/venv/bin:$PATH" 
+
+# default port and listen address
+ENV PORT=20211 LISTEN_ADDR=0.0.0.0 
+
+# needed for s6-overlay
+ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
+
+# ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.sh file as well ❗ 
+
+RUN apk update --no-cache \
+    && apk add --no-cache bash zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
+    && apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute nbtscan avahi avahi-tools openrc dbus net-tools net-snmp-tools bind-tools awake ca-certificates  \
+    && apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session \
+    && apk add --no-cache python3 nginx \
+    && apk add --no-cache dcron \
+    && ln -s /usr/bin/awake /usr/bin/wakeonlan \
+    && bash -c "install -d -m 750 -o nginx -g www-data ${INSTALL_DIR} ${INSTALL_DIR}" \
+    && rm -f /etc/nginx/http.d/default.conf
+
+COPY --from=builder --chown=nginx:www-data ${INSTALL_DIR}/ ${INSTALL_DIR}/
+
+# Add crontab file
+COPY install/crontab /etc/crontabs/root
+
+# Start all required services
+RUN ${INSTALL_DIR}/dockerfiles/pre-setup.sh
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=2 \
+    CMD curl -sf -o /dev/null ${LISTEN_ADDR}:${PORT}/php/server/query_json.php?file=app_state.json
+
+ENTRYPOINT ["/init"]

Dockerfile.debian

@@ -0,0 +1,53 @@
+FROM debian:bookworm-slim
+
+# default UID and GID
+ENV USER=pi USER_ID=1000 USER_GID=1000 PORT=20211 
+#TZ=Europe/London
+
+# Todo, figure out why using a workdir instead of full paths don't work
+# Todo, do we still need all these packages? I can already see sudo which isn't needed
+
+RUN apt-get update 
+RUN apt-get install sudo -y 
+
+ARG INSTALL_DIR=/app
+
+# create pi user and group
+# add root and www-data to pi group so they can r/w files and db
+RUN groupadd --gid "${USER_GID}" "${USER}" && \
+    useradd \
+        --uid ${USER_ID} \
+        --gid ${USER_GID} \
+        --create-home \
+        --shell /bin/bash \
+        ${USER} && \
+    usermod -a -G ${USER_GID} root && \
+    usermod -a -G ${USER_GID} www-data
+
+COPY --chmod=775 --chown=${USER_ID}:${USER_GID} . ${INSTALL_DIR}/
+
+
+# ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.debian.sh file as well ❗ 
+
+
+RUN apt-get install -y \
+    tini snmp ca-certificates curl libwww-perl arp-scan perl apt-utils cron sudo \
+    nginx-light php php-cgi php-fpm php-sqlite3 php-curl sqlite3 dnsutils net-tools php-openssl \
+    python3 python3-dev iproute2 nmap python3-pip zip systemctl usbutils traceroute nbtscan avahi avahi-tools openrc dbus
+
+# Alternate dependencies
+RUN apt-get install nginx nginx-core mtr php-fpm php8.2-fpm php-cli php8.2 php8.2-sqlite3 -y
+RUN phpenmod -v 8.2 sqlite3 
+
+# Setup virtual python environment and use pip3 to install packages
+RUN apt-get install -y python3-venv
+RUN python3 -m venv myenv
+
+RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install tplink-omada-client pycryptodome requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython librouteros "
+
+# Create a buildtimestamp.txt to later check if a new version was released
+RUN date +%s > ${INSTALL_DIR}/front/buildtimestamp.txt
+
+CMD ["${INSTALL_DIR}/install/start.debian.sh"]
+
+

README.md

@@ -1,121 +1,161 @@
-# Pi.Alert
+[![GitHub Committed](https://img.shields.io/github/last-commit/jokob-sk/NetAlertX?color=40ba12&label=Pushed&logo=GitHub&logoColor=fff&style=for-the-badge)](https://github.com/jokob-sk/NetAlertX)
+[![Docker Size](https://img.shields.io/docker/image-size/jokobsk/netalertx?label=Size&logo=Docker&color=0aa8d2&logoColor=fff&style=for-the-badge)](https://hub.docker.com/r/jokobsk/netalertx)
+[![Docker Pulls](https://img.shields.io/docker/pulls/jokobsk/netalertx?label=Pulls&logo=docker&color=0aa8d2&logoColor=fff&style=for-the-badge)](https://hub.docker.com/r/jokobsk/netalertx)
+[![GitHub Release](https://img.shields.io/github/v/release/jokob-sk/NetAlertX?color=0aa8d2&logoColor=fff&logo=GitHub&style=for-the-badge)](https://github.com/jokob-sk/NetAlertX/releases)
+[![Discord](https://img.shields.io/discord/1274490466481602755?color=0aa8d2&logoColor=fff&logo=Discord&style=for-the-badge)](https://discord.gg/NczTUTWyRr)
+
+# 🖧🔍 Network scanner & notification framework
+
+Get visibility of what's going on on your WIFI/LAN network. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT).
+
+
+  | 🐳 [Docker hub](https://registry.hub.docker.com/r/jokobsk/netalertx) |  📑 [Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) |🆕 [Release notes](https://github.com/jokob-sk/NetAlertX/releases) | 📚 [All Docs](https://github.com/jokob-sk/NetAlertX/tree/main/docs) | 
+  |----------------------|----------------------| ----------------------|  ----------------------| 
+
+
+  | ![Main screen][main] | ![device_details 1][device_details]  | ![Screen network][network] |
+  |----------------------|----------------------| ----------------------| 
+
+  ![network_setup][network_setup] 
+
+
+Head to [https://netalertx.com/](https://netalertx.com/) for more gifs and screenshots 📷.
+
+<details>
+  <summary>📷 Click for more screenshots</summary>
+
+  | ![presence][presence] | ![maintenance][maintenance] | ![settings][settings]  |
+  |----------------------|----------------------|----------------------|
+  | ![sync_hub][sync_hub] | ![report1][report1] | ![device_nmap][device_nmap]  |
+
+</details>
+
+<details>
+  <summary>❓ Why use Net<b>Alert</b><sup>x</sup>?</summary>
+
+  <hr>
+
+  Most of us don't know what's going on on our home network, but we want our family and data to be safe.  _Command-line tools_ are great, but the output can be _hard to understand_ and action if you are not a network specialist.
+
+  Net<b>Alert</b><sup>x</sup> gives you peace of mind. _Visualize and immediately report 📬_ what is going on in your network - this is the first step to enhance your _network security 🔐_. 
+
+  Net<b>Alert</b><sup>x</sup> combines several network and other scanning tools 🔍 with notifications 📧 into one user-friendly package 📦. 
+
+  Set up a _kill switch ☠_ for your network via a smart plug with the available [Home Assistant](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HOME_ASSISTANT.md) integration. Implement custom automations with the [CSV device Exports 📤](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/csv_backup), [Webhooks](https://github.com/jokob-sk/NetAlertX/blob/main/docs/WEBHOOK_N8N.md), or [API endpoints](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md) features. 
+
+  Extend the app if you want to create your own scanner [Plugin](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) and handle the results and notifications in Net<b>Alert</b><sup>x</sup>. 
+
+  Looking forward to your contributions if you decide to share your work with the community ❤.
+
+</details>
+
+## Scan Methods, Notifications, Integration, Extension system
+
+| Features    | Details    | 
+|-------------|-------------|
+|      🔍     |   The app scans your network for, **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Discovery & scan methods include: **arp-scan**,  **Pi-hole - DB import**,  **Pi-hole - DHCP leases import**, **Generic DHCP leases import**. **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) docs for more info on individual scans. |
+|📧           | Send notifications to more than 80+ services, including Telegram via [Apprise](https://hub.docker.com/r/caronc/apprise), or use [Pushsafer](https://www.pushsafer.com/), [Pushover](https://www.pushover.net/), or [NTFY](https://ntfy.sh/). |
+|🧩           | Feed your data and device changes into [Home Assistant](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HOME_ASSISTANT.md), read [API endpoints](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md), or use [Webhooks](https://github.com/jokob-sk/NetAlertX/blob/main/docs/WEBHOOK_N8N.md) to setup custom automation flows.  |
+|➕           | Build your own scanners with the [Plugin system](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins#readme) |
+
+
+## Installation & Documentation
 <!--- --------------------------------------------------------------------- --->
 
-💻🔍 WIFI / LAN intruder detector.
+Supported browsers: Chrome, Firefox
 
-Scans for devices connected to your WIFI / LAN and alerts you if new and unknown devices are found.
-
-![Main screen][main]
-
-
-# 🐳 Docker image 
-[![Docker](https://img.shields.io/github/actions/workflow/status/jokob-sk/Pi.Alert/docker_prod.yml?label=Build&logo=GitHub)](https://github.com/jokob-sk/Pi.Alert/actions/workflows/docker_prod.yml)
-[![GitHub Committed](https://img.shields.io/github/last-commit/jokob-sk/Pi.Alert?color=40ba12&label=Committed&logo=GitHub&logoColor=fff)](https://github.com/jokob-sk/Pi.Alert)
-[![Docker Size](https://img.shields.io/docker/image-size/jokobsk/pi.alert?label=Size&logo=Docker&color=0aa8d2&logoColor=fff)](https://hub.docker.com/r/jokobsk/pi.alert)
-[![Docker Pulls](https://img.shields.io/docker/pulls/jokobsk/pi.alert?label=Pulls&logo=docker&color=0aa8d2&logoColor=fff)](https://hub.docker.com/r/jokobsk/pi.alert)
-[![Docker Pushed](https://img.shields.io/badge/dynamic/json?color=0aa8d2&logoColor=fff&label=Pushed&query=last_updated&url=https%3A%2F%2Fhub.docker.com%2Fv2%2Frepositories%2Fjokobsk%2Fpi.alert%2F&logo=docker&link=http://left&link=https://hub.docker.com/repository/docker/jokobsk/pi.alert)](https://hub.docker.com/r/jokobsk/pi.alert)
-
-🐳 [Docker hub](https://registry.hub.docker.com/r/jokobsk/pi.alert) | 📄 [Dockerfile](https://github.com/jokob-sk/Pi.Alert/blob/main/Dockerfile) | 📚 [Docker instructions](https://github.com/jokob-sk/Pi.Alert/blob/main//dockerfiles/README.md) | 🆕 [Release notes](https://github.com/jokob-sk/Pi.Alert/releases)
-
-## 🔍 Scan Methods
-The system continuously scans the network for, **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Scanning methods are:
-  - **Method 1: arp-scan**. The arp-scan system utility is used to search
-        for devices on the network using arp frames.
-  - **Method 2: Pi-hole**. This method is optional and complementary to
-        method 1. If the Pi-hole DNS server is active, Pi.Alert examines its
-        activity looking for active devices using DNS that have not been
-        detected by method 1.
-  - **Method 3. dnsmasq**. This method is optional and complementary to the
-        previous methods. If the DHCP server dnsmasq is active, Pi.Alert
-        examines the DHCP leases (addresses assigned) to find active devices
-        that were not discovered by the other methods.
-
-
-## 🧩 Integrations 
-   - [Apprise](https://hub.docker.com/r/caronc/apprise), [Pushsafer](https://www.pushsafer.com/), [NTFY](https://ntfy.sh/)
-   - [Webhooks](https://github.com/jokob-sk/Pi.Alert/blob/main/docs/WEBHOOK_N8N.md) ([sample JSON](docs/webhook_json_sample.json))
-   - Home Assistant via [MQTT](https://www.home-assistant.io/integrations/mqtt/) 
-     - discovery ~10s per device, deleting not supported, use [MQTT Explorer](https://mqtt-explorer.com/) for now
-   - A simple [API endpoint](https://github.com/jokob-sk/Pi.Alert/blob/main/docs/API.md)
-
-
-## 🔐 Security
-
-- Configurable login to prevent unauthorized use. 
-
-## 📑 Features   
-  - Display:
-    - Sessions, Connected devices, Favorites, Events, Presence, Concurrent devices, Down alerts, IP's
-    - Manual Nmap scans, Optional speedtest for Device "Internet"
-    - Simple Network relationship display
-  - Maintenance tasks and Settings like:
-    - Status Infos (active scans, database size, backup counter)
-    - Theme Selection (blue, red, green, yellow, black, purple) and Light/Dark-Mode Switch
-    - Language Selection (English, German, Spanish)    
-    - Pause arp-scan
-    - DB maintenance, Backup, Restore tools and CSV Export / Import
-  - Help/FAQ Section 
-
-  | ![Screen 1][screen1] | ![Screen 2][screen2] | 
-  |----------------------|----------------------| 
-  | ![Screen 3][screen3] | ![Screen 4][screen4] |
-  | ![Screen 5][screen5] | ![Screen 6][screen6] |
-  | ![Report 1][report1] | ![Report 2][report2] |
+| Docs        | Link    | 
+|-------------|-------------|
+| 📥🐳  | [Docker instructions](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) 
+| 📥🗄️  | [HW install (experimental 🧪)](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md) |
+| 📥🟧  | [Unraid App](https://unraid.net/community/apps) |
+| 📚     | [All Documentation](https://github.com/jokob-sk/NetAlertX/blob/main/docs/README.md) (App Usage and Configuration) |
  
+> Other Alternatives
+>
+> - Check out [leiweibau's on HW installed fork](https://github.com/leiweibau/Pi.Alert/) (maintained)
+> - [WatchYourLAN](https://github.com/aceberg/WatchYourLAN) - Lightweight network IP scanner with web GUI (Open source)
+> - [Fing](https://www.fing.com/) - Network scanner app for your Internet security (Commercial, Phone App, Proprietary hardware)
+> - [NetBox](https://netboxlabs.com/) - Network management software (Commercial)
 
-# 📥 Installation
+## 🔔 Get notified what's new
+
+Get notified about a new release, what new functionality you can use and about breaking changes. 
+
+![Follow and star][follow_star] 
+
+### ⭐ Sponsors
+
+[![GitHub Sponsors](https://img.shields.io/github/sponsors/jokob-sk?style=social)](https://github.com/sponsors/jokob-sk)
+
+Thank you to all the wonderful people who are sponsoring this project. 
+
+> preventing my burnout😅 are:
+
+<!-- SPONSORS-LIST DO NOT MODIFY BELOW -->
+| All Sponsors |
+|---|
+
+<!-- SPONSORS-LIST DO NOT MODIFY ABOVE -->
+
+
+
+<details>
+  <summary>Click for more ways to donate</summary>
+  
+  <hr>
+
+  | [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | [![Patreon](https://i.imgur.com/MuYsrq1.png)](https://www.patreon.com/user?u=84385063) | 
+| --- | --- | --- | 
+
+  - Bitcoin: `1N8tupjeCK12qRVU2XrV17WvKK7LCawyZM`
+  - Ethereum: `0x6e2749Cb42F4411bc98501406BdcD82244e3f9C7`
+
+  📧 Email me at [jokob@duck.com](mailto:jokob@duck.com?subject=NetAlertX) if you want to get in touch or if I should add other sponsorship platforms.
+
+</details>
+
+### 🙏Contributors
+
+This project would be nothing without the amazing work of the community, with special thanks to: 
+
+> [pucherot/Pi.Alert](https://github.com/pucherot/Pi.Alert) (the original creator of PiAlert), [leiweibau](https://github.com/leiweibau/Pi.Alert): Dark mode (and much more), [Macleykun](https://github.com/Macleykun) (Help with Dockerfile clean-up) [Final-Hawk](https://github.com/Final-Hawk) (Help with NTFY, styling and other fixes), [TeroRERO](https://github.com/terorero) (Spanish translations), [Data-Monkey](https://github.com/Data-Monkey), (Split-up of the python.py file and more), [cvc90](https://github.com/cvc90) (Spanish translation and various UI work) to name a few...
+
+
+## Everything else
 <!--- --------------------------------------------------------------------- --->
 
- ⚠ This [fork (jokob-sk)](https://github.com/jokob-sk/Pi.Alert) is only tested as a [docker container](dockerfiles/README.md). Check out [leiweibau's fork](https://github.com/leiweibau/Pi.Alert/) if you want to install Pi.Alert on the server directly.
+### 🌍 Translations 
 
-Instructions for [pucherot's original code can be found here](https://github.com/pucherot/Pi.Alert/)
+Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/).
 
+<a href="https://hosted.weblate.org/engage/pialert/">
+  <img src="https://hosted.weblate.org/widget/pialert/core/multi-auto.svg" alt="Translation status" />
+</a>
 
-## 🔗 Other
-
-
-<!--- --------------------------------------------------------------------- --->
-
-<!--- --------------------------------------------------------------------- --->
-### Alternatives
-
-  - [WatchYourLAN](https://github.com/aceberg/WatchYourLAN) - Lightweight network IP scanner with web GUI (Open source)
-  - [Fing](https://www.fing.com/) - Network scanner app for your Internet security (Commercial, Phone App, Proprietary hardware)
-
-### Old docs
-
-  - [Device Management instructions](docs/DEVICE_MANAGEMENT.md)
-  - [Versions History](docs/VERSIONS_HISTORY.md)
+Help out and suggest languages in the [online portal of Weblate](https://hosted.weblate.org/projects/pialert/core/).
 
 ### License
-  GPL 3.0
-  - [Read more here](LICENSE.txt)
-  - Source of the [animated GIF (Loading Animation)](https://commons.wikimedia.org/wiki/File:Loading_Animation.gif)  
-  - Source of the [selfhosted Fonts](https://github.com/adobe-fonts/source-sans)
+>  GPL 3.0 | [Read more here](LICENSE.txt) | Source of the [animated GIF (Loading Animation)](https://commons.wikimedia.org/wiki/File:Loading_Animation.gif) | Source of the [selfhosted Fonts](https://github.com/adobe-fonts/source-sans)
   
-### 🥇 Special thanks 
 
-  This code is a collaborative body of work, with special thanks to: 
-
-   - 🏆 [pucherot/Pi.Alert](https://github.com/pucherot/Pi.Alert) is the original creator od PiAlert
-      - [leiweibau](https://github.com/leiweibau/Pi.Alert): Dark mode (and much more)
-      - [Macleykun](https://github.com/Macleykun): Help with Dockerfile clean-up
-      - [Final-Hawk](https://github.com/Final-Hawk): Help with NTFY, styling and other fixes
-      - [TeroRERO](https://github.com/terorero): Spanish translation
-      - [jokob-sk](https://github.com/jokob-sk/Pi.Alert): DB Maintenance tools
-      - Please see the [Git commit history](https://github.com/jokob-sk/Pi.Alert/commits/main) for a full list of people and their contributions to the project
 
 <!--- --------------------------------------------------------------------- --->
-[main]:    ./docs/img/devices_split.png       "Main screen"
-[screen1]: ./docs/img/device_details.png      "Screen 1"
-[screen2]: ./docs/img/events.png              "Screen 2"
-[screen3]: ./docs/img/presence.png            "Screen 3"
-[screen4]: ./docs/img/maintenance.png         "Screen 4"
-[screen5]: ./docs/img/network.png             "Screen 5"
-[screen6]: ./docs/img/settings.png            "Screen 6"
-[screen7]: ./docs/img/help_faq.png            "Screen 6"
-[report1]: ./docs/img/4_report_1.jpg          "Report sample 1"
-[report2]: ./docs/img/4_report_2.jpg          "Report sample 2"
-[main_dark]: /docs/img/1_devices_dark.jpg     "Main screen dark"
-[maintain_dark]: /docs/img/5_maintain.jpg     "Maintain screen dark"
+[main]:                     ./docs/img/devices_split.png                  "Main screen"
+[device_details]:           ./docs/img/device_details.png                 "Screen 1"
+[events]:                   ./docs/img/events.png                         "Screen 2"
+[presence]:                 ./docs/img/presence.png                       "Screen 3"
+[maintenance]:              ./docs/img/maintenance.png                    "Screen 4"
+[network]:                  ./docs/img/network.png                        "Screen 5"
+[settings]:                 ./docs/img/settings.png                       "Screen 6"
+[network_setup]:            ./docs/img/network_setup.gif                  "Screen 6"
+[help_faq]:                 ./docs/img/help_faq.png                       "Screen 7"
+[sync_hub]:                 ./docs/img/sync_hub.png                       "Screen 8"
+[notification_center]:      ./docs/img/notification_center.png            "Screen 8"
+[sent_reports_text]:        ./docs/img/sent_reports_text.png              "Screen 8"
+[device_nmap]:              ./docs/img/device_nmap.png                    "Screen 9"
+[report1]:                  ./docs/img/report_sample.png                  "Report sample 1"
+[main_dark]:                /docs/img/1_devices_dark.jpg                  "Main screen dark"
+[maintain_dark]:            /docs/img/5_maintain.jpg                      "Maintain screen dark"
+[follow_star]:              /docs/img/Follow_Releases_and_Star.gif        "Follow and Star"
 

api/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

back/app.conf

@@ -0,0 +1,106 @@
+#-----------------AUTOGENERATED FILE-----------------#
+#                                                    #
+#         Generated:  2022-12-30_22-19-40            #
+#                                                    #
+#   Config file for the LAN intruder detection app:  #
+#      https://github.com/jokob-sk/NetAlertX         #
+#                                                    #
+#-----------------AUTOGENERATED FILE-----------------#
+
+# 🔺 Use the Settings UI - only edit when necessary 🔺
+
+# General
+#---------------------------
+# Scan using interface eth0
+# SCAN_SUBNETS    = ['192.168.1.0/24 --interface=eth0']
+#
+# Scan multiple interfaces (eth1 and eth0):
+# SCAN_SUBNETS    = [ '192.168.1.0/24 --interface=eth1', '192.168.1.0/24 --interface=eth0' ]
+
+DISCOVER_PLUGINS=True
+SCAN_SUBNETS=['192.168.1.0/24 --interface=eth0']
+TIMEZONE='Europe/Berlin'
+LOADED_PLUGINS = ['ARPSCAN','CSVBCKP','DBCLNP', 'INTRNT','MAINT','NEWDEV','NSLOOKUP','NTFPRCS', 'AVAHISCAN', 'SETPWD','SMTP', 'SYNC', 'VNDRPDT', 'WORKFLOWS', 'UI']
+
+DAYS_TO_KEEP_EVENTS=90
+# Used for generating links in emails. Make sure not to add a trailing slash!
+REPORT_DASHBOARD_URL='http://netalertx'
+
+# Make sure at least these scanners are enabled for new installs, other defaults are taken from the config.json
+INTRNT_RUN='schedule'
+ARPSCAN_RUN='schedule'
+NSLOOKUP_RUN='before_name_updates'
+
+# Email 
+#-------------------------------------
+# (add SMTP to LOADED_PLUGINS to load)
+#-------------------------------------
+SMTP_RUN='disabled'  # use 'on_notification' to enable
+SMTP_SERVER='smtp.gmail.com'
+SMTP_PORT=587
+SMTP_REPORT_TO='user@gmail.com'
+SMTP_REPORT_FROM='NetAlertX <user@gmail.com>'
+SMTP_SKIP_LOGIN=False
+SMTP_USER='user@gmail.com'
+SMTP_PASS='password'
+SMTP_SKIP_TLS=False
+
+
+# Webhook 
+#-------------------------------------
+# (add WEBHOOK to LOADED_PLUGINS to load)
+#-------------------------------------
+WEBHOOK_RUN='disabled'  # use 'on_notification' to enable
+WEBHOOK_URL='http://n8n.local:5555/webhook-test/aaaaaaaa-aaaa-aaaa-aaaaa-aaaaaaaaaaaa'
+WEBHOOK_PAYLOAD='json'                 # webhook payload data format for the "body > attachements > text" attribute 
+                                       # in https://github.com/jokob-sk/NetAlertX/blob/main/docs/webhook_json_sample.json 
+                                       #   supported values: 'json', 'html' or 'text'
+                                       #   e.g.: for discord use 'html'
+WEBHOOK_REQUEST_METHOD='GET'
+
+
+# Apprise 
+#-------------------------------------
+# (add APPRISE to LOADED_PLUGINS to load)
+#-------------------------------------
+APPRISE_RUN='disabled'  # use 'on_notification' to enable
+APPRISE_HOST='http://localhost:8000/notify'
+APPRISE_URL='mailto://smtp-relay.sendinblue.com:587?from=user@gmail.com&name=apprise&user=user@gmail.com&pass=password&to=user@gmail.com'
+
+
+# NTFY
+#------------------------------------- 
+# (add NTFY to LOADED_PLUGINS to load)
+#-------------------------------------
+NTFY_RUN='disabled'  # use 'on_notification' to enable
+NTFY_HOST='https://ntfy.sh'
+NTFY_TOPIC='replace_my_secure_topicname_91h889f28'
+NTFY_USER='user'
+NTFY_PASSWORD='passw0rd'
+
+
+# PUSHSAFER 
+#-------------------------------------
+# (add PUSHSAFER to LOADED_PLUGINS to load)
+#-------------------------------------
+PUSHSAFER_RUN='disabled'  # use 'on_notification' to enable
+PUSHSAFER_TOKEN='ApiKey'
+
+
+# MQTT 
+#-------------------------------------
+# (add MQTT to LOADED_PLUGINS to load)
+#-------------------------------------
+MQTT_RUN='disabled'  # use 'on_notification' to enable
+MQTT_BROKER='192.168.1.2'
+MQTT_PORT=1883
+MQTT_USER='mqtt'
+MQTT_PASSWORD='passw0rd'
+MQTT_QOS=0
+MQTT_DELAY_SEC=2
+
+
+#-------------------IMPORTANT INFO-------------------#
+#   This file is ingested by a python script, so if  #
+#        modified it needs to use python syntax      #
+#-------------------IMPORTANT INFO-------------------#

back/cron_script.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+export INSTALL_DIR=/app
+
+LOG_FILE="${INSTALL_DIR}/log/execution_queue.log"
+
+# Check if there are any entries with cron_restart_backend
+if grep -q "cron_restart_backend" "$LOG_FILE"; then
+  # Kill all python processes and restart the server
+  pkill -f "python " && (python ${INSTALL_DIR}/server > /dev/null 2>&1 &) && echo 'done'
+
+  # Remove all lines containing cron_restart_backend from the log file
+  sed -i '/cron_restart_backend/d' "$LOG_FILE"
+fi

back/pialert-cli

@@ -1,141 +0,0 @@
-#!/bin/bash
-SCRIPT=$(readlink -f $0)
-SCRIPTPATH=`dirname $SCRIPT`
-PIA_CONF_FILE=${SCRIPTPATH}'/../config/pialert.conf'
-
-case $1 in
-
-  help)
-    echo "pialert-cli v0.1 (https://github.com/leiweibau/Pi.Alert)"
-    echo "Usage: pialert-cli <command>"
-    echo ""
-    echo "The is a list of supported commands:"
-    echo ""
-    echo " set_login                - Sets the parameter PIALERT_WEB_PROTECTION in the config file to TRUE"
-    echo "                          - If the parameter is not present, it will be created. Additionally the" 
-    echo "                            default password '123456' is set."
-    echo ""
-    echo " unset_login              - Sets the parameter PIALERT_WEB_PROTECTION in the config file to FALSE"
-    echo "                          - If the parameter is not present, it will be created. Additionally the"
-    echo "                            default password '123456' is set."
-    echo ""
-    echo " set_password <password>  - Sets the new password as a hashed value."
-    echo "                          - If the PIALERT_WEB_PROTECTION parameter does not exist yet, it will be"
-    echo "                            created and set to 'True' (login enabled)"
-    echo ""
-    echo " set_autopassword         - Sets a new random password as a hashed value and show it plaintext in"
-    echo "                            the console."
-    echo "                          - If the PIALERT_WEB_PROTECTION parameter does not exist yet, it will be"
-    echo "                            created and set to 'True' (login enabled)"
-    echo ""
-    echo " disable_scan             - Stops all active scans"
-    echo "                          - Prevents new scans from starting"
-    echo ""
-    echo " enable_scan              - Stops all active scans"
-    echo "                          - Prevents new scans from starting"
-    echo ""
-    echo ""
-    ;;
-
-  set_login)
-    ## Check if PIALERT_WEB_PROTECTION exists
-    CHECK_PROT=$(grep "PIALERT_WEB_PROTECTION" $PIA_CONF_FILE | wc -l)
-    if [ $CHECK_PROT -eq 0 ]
-    then
-        ## Create PIALERT_WEB_PROTECTION and enable it
-        sed -i "/^VENDORS_DB.*/a PIALERT_WEB_PROTECTION = True" $PIA_CONF_FILE
-        sed -i "/^PIALERT_WEB_PROTECTION.*/a PIALERT_WEB_PASSWORD = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'" $PIA_CONF_FILE
-    else
-        ## Switch PIALERT_WEB_PROTECTION to enable
-        sed -i "/PIALERT_WEB_PROTECTION/c\PIALERT_WEB_PROTECTION = True" $PIA_CONF_FILE
-    fi
-    echo "Login is now enabled"
-    ;;
-
-  unset_login)
-    ## Check if PIALERT_WEB_PROTECTION exists
-    CHECK_PROT=$(grep "PIALERT_WEB_PROTECTION" $PIA_CONF_FILE | wc -l)
-    if [ $CHECK_PROT -eq 0 ]
-    then
-        ## Create PIALERT_WEB_PROTECTION and disable it
-        sed -i "/^VENDORS_DB.*/a PIALERT_WEB_PROTECTION = False" $PIA_CONF_FILE
-        sed -i "/^PIALERT_WEB_PROTECTION.*/a PIALERT_WEB_PASSWORD = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'" $PIA_CONF_FILE
-    else
-        ## Switch PIALERT_WEB_PROTECTION to disable
-        sed -i "/PIALERT_WEB_PROTECTION/c\PIALERT_WEB_PROTECTION = False" $PIA_CONF_FILE
-    fi
-    echo "Login is now disabled"
-    ;;
-
-  set_password)
-    PIA_PASS=$2
-    ## Check if PIALERT_WEB_PROTECTION exists
-    CHECK_PROT=$(grep "PIALERT_WEB_PROTECTION" $PIA_CONF_FILE | wc -l)
-    if [ $CHECK_PROT -eq 0 ]
-    then
-        ## Create PIALERT_WEB_PROTECTION and enable it
-        sed -i "/^VENDORS_DB.*/a PIALERT_WEB_PROTECTION = True" $PIA_CONF_FILE
-    fi
-    ## Prepare Hash
-    PIA_PASS_HASH=$(echo -n $PIA_PASS | sha256sum | awk '{print $1}')
-    echo "   The hashed password is:"
-    echo "   $PIA_PASS_HASH"
-    ## Check if the password parameter is set
-    CHECK_PWD=$(grep "PIALERT_WEB_PASSWORD" $PIA_CONF_FILE | wc -l)
-    if [ $CHECK_PWD -eq 0 ]
-    then
-        sed -i "/^PIALERT_WEB_PROTECTION.*/a PIALERT_WEB_PASSWORD = '$PIA_PASS_HASH'" $PIA_CONF_FILE
-    else
-        sed -i "/PIALERT_WEB_PASSWORD/c\PIALERT_WEB_PASSWORD = '$PIA_PASS_HASH'" $PIA_CONF_FILE
-    fi
-    echo ""
-    echo "The new password is set"
-    ;;
-
-  set_autopassword)
-    ## Check if PIALERT_WEB_PROTECTION exists
-    CHECK_PROT=$(grep "PIALERT_WEB_PROTECTION" $PIA_CONF_FILE | wc -l)
-    if [ $CHECK_PROT -eq 0 ]
-    then
-        ## Create PIALERT_WEB_PROTECTION and enable it
-        sed -i "/^VENDORS_DB.*/a PIALERT_WEB_PROTECTION = True" $PIA_CONF_FILE
-    fi
-    ## Create autopassword
-    PIA_AUTOPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
-    echo "   The password is: $PIA_AUTOPASS"
-    ## Prepare Hash
-    PIA_AUTOPASS_HASH=$(echo -n $PIA_AUTOPASS | sha256sum | awk '{print $1}')
-    echo "   The hashed password is:"
-    echo "   $PIA_AUTOPASS_HASH"
-    ## Check if the password parameter is set
-    CHECK_PWD=$(grep "PIALERT_WEB_PASSWORD" $PIA_CONF_FILE | wc -l)
-    if [ $CHECK_PWD -eq 0 ]
-    then
-        ## Create password parameter
-        sed -i "/^PIALERT_WEB_PROTECTION.*/a PIALERT_WEB_PASSWORD = '$PIA_AUTOPASS_HASH'" $PIA_CONF_FILE
-    else
-        ## Overwrite password parameter
-        sed -i "/PIALERT_WEB_PASSWORD/c\PIALERT_WEB_PASSWORD = '$PIA_AUTOPASS_HASH'" $PIA_CONF_FILE
-    fi
-    echo ""
-    echo "The new password is set"
-    ;;
-
-  disable_scan)
-    ## stop active scans
-    sudo killall arp-scan
-    touch ${SCRIPTPATH}/../db/setting_stoparpscan
-    echo "The arp-scan is disabled"
-    ;;
-
-  enable_scan)
-    ## stop active scans
-    rm ${SCRIPTPATH}/../db/setting_stoparpscan
-    echo "The arp-scan is enabled"
-    ;;
-
-  *)
-    echo "pialert-cli v0.1 (https://github.com/leiweibau/Pi.Alert)"
-    echo "Use \"pialert-cli help\" for a list of supported commands."
-esac
-

back/report_sample.html

@@ -1,173 +0,0 @@
-<!-- ---------------------------------------------------------------------------
-   #  Pi.Alert
-   #  Open Source Network Guard / WIFI & LAN intrusion detector 
-   #
-   #  repot_template.html - Back module. Template to email reporting in HTML format
-   #-------------------------------------------------------------------------------
-   #  Puche 2021        pi.alert.application@gmail.com        GNU GPLv3
-   #--------------------------------------------------------------------------- -->
-   <html>
-    <head></head>
-    <body>
-       <font face=sans-serif>
-          <table align=center width=100% cellpadding=0 cellspacing=0 style="border-radius: 5px;">
-             <tr>
-                <td bgcolor=#EFB956  align=center style="padding: 20px 10px 10px 10px; font-size: 30px; font-weight: bold; color:#000000; border-top-right-radius: 5px; border-top-left-radius: 5px; box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2)">
-                   Pi.Alert Report
-                </td>
-             </tr>
-             <tr>
-                <td bgcolor=#2656f1 width=100% align=center style="padding: 20px 10px 10px 10px; font-size: 20px; font-weight: bold; color:#ffffff; box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2)">
-                   <a style="color:#ffffff;cursor:pointer;" href="https://github.com/jokob-sk/Pi.Alert/releases">🆕 New version available 🆕</a>
-                </td>
-             </tr>
-             <tr>
-                <td>
-                   <table width=100% border=0 bgcolor=#FFD966 cellpadding=5px cellspacing=0 style="border-collapse: collapse; font-size: 15px; text-align:center; color:#404040">
-                      <tr>
-                         <td width=100%> Report Date: <b>2023-01-30 22:17</b> </td>
-                      </tr>
-                   </table>
-                </td>
-             </tr>
-             <tr>
-                <td bgcolor=#F5F5F5 height=200 valign=top style="padding: 10px">
-                   <table style="border-collapse: collapse; font-size: 12px; color:#70707" width="100%" cellspacing="0" cellpadding="3px" bordercolor="#C0C0C0" border="1">
-                      <tr>
-                         <th width='120px' style='color:blue; font-size: 12px;' bgcolor='#909090'  >New devices</th>
-                      </tr>
-                      <tr>
-                         <td>
-                            <table style="border-collapse: collapse; font-size: 12px; color:#70707" width="100%" cellspacing="0" cellpadding="3px" bordercolor="#C0C0C0" border="1">
-                               <tr>
-                                  <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >MAC</th>
-                                  <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Datetime</th>
-                                  <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >IP</th>
-                                  <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Event Type</th>
-                                  <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Device name</th>
-                                  <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Comments</th>
-                               </tr>
-                               <tr>
-                                  <td><a href="http://192.168.1.1:20211/deviceDetails.php?mac=00:00:00:ef:a5:6c">00:00:00:ef:a5:6c</a></td>
-                                  <td>2023-01-30 22:15:09</td>
-                                  <td>192.168.1.1</td>
-                                  <td>New Device</td>
-                                  <td>(name not found)</td>
-                                  <td></td>
-                               </tr>
-                               <tr>
-                                  <td><a href="http://192.168.1.1:20211/deviceDetails.php?mac=00:00:00:ef:a5:6c">00:00:00:ef:a5:6c</a></td>
-                                  <td>2023-01-30 22:17:59</td>
-                                  <td>192.168.1.82</td>
-                                  <td>New Device</td>
-                                  <td>(name not found)</td>
-                                  <td></td>
-                               </tr>
-                            </table>
-                         </td>
-                      </tr>
-                   </table>
-                   <table style="border-collapse: collapse; font-size: 12px; color:#70707" width="100%" cellspacing="0" cellpadding="3px" bordercolor="#C0C0C0" border="1">
-                      <tr>
-                         <th width='120px' style='color:blue; font-size: 12px;' bgcolor='#909090'  >Events</th>
-                      </tr>
-                      <tr>
-                         <td>
-                            <ul>
-                               <li>
-                                  <table style="border-collapse: collapse; font-size: 12px; color:#70707" width="100%" cellspacing="0" cellpadding="3px" bordercolor="#C0C0C0" border="1">
-                                     <tr>
-                                        <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >MAC</th>
-                                        <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Datetime</th>
-                                        <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >IP</th>
-                                        <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Event Type</th>
-                                        <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Device name</th>
-                                        <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Comments</th>
-                                     </tr>
-                                     <tr>
-                                        <td><a href="http://192.168.1.1:20211/deviceDetails.php?mac=00:00:00:ef:a5:6c">00:00:00:ef:a5:6c</a></td>
-                                        <td>2023-01-30 22:15:09</td>
-                                        <td>192.168.1.92</td>
-                                        <td>Disconnected</td>
-                                        <td>(name not found)</td>
-                                        <td></td>
-                                     </tr>
-                                  </table>
-                               </li>
-                            </ul>
-                         </td>
-                      </tr>
-                   </table>
-                   <table style="border-collapse: collapse; font-size: 12px; color:#70707" width="100%" cellspacing="0" cellpadding="3px" bordercolor="#C0C0C0" border="1">
-                      <tr>
-                         <th width='120px' style='color:blue; font-size: 12px;' bgcolor='#909090'  >Changed or new ports</th>
-                      </tr>
-                      <tr>
-                         <td>
-                            <table style="border-collapse: collapse; font-size: 12px; color:#70707" width="100%" cellspacing="0" cellpadding="3px" bordercolor="#C0C0C0" border="1">
-                               <tr>
-                                  <th>new</th>
-                               </tr>                              
-                               <tr>
-                                  <td>
-                                     <table style="border-collapse: collapse; font-size: 12px; color:#70707" width="100%" cellspacing="0" cellpadding="3px" bordercolor="#C0C0C0" border="1">
-                                        <tr>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Name</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >MAC</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Port</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >State</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Service</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Extra</th>
-                                        </tr>
-                                        <tr>
-                                           <td>New device</td>
-                                           <td><a href="http://192.168.1.1:20211/deviceDetails.php?mac=00:00:00:ef:a5:6c">00:00:00:ef:a5:6c</a></td>
-                                           <td>3263/tcp</td>
-                                           <td>open</td>
-                                           <td>ecolor-imager</td>
-                                           <td></td>
-                                        </tr>
-                                     </table>
-                                  </td>
-                               </tr>
-                               <tr>
-                                  <td>
-                                     <table style="border-collapse: collapse; font-size: 12px; color:#70707" width="100%" cellspacing="0" cellpadding="3px" bordercolor="#C0C0C0" border="1">
-                                        <tr>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Name</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >MAC</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Port</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >State</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Service</th>
-                                           <th width='120px' style='color:#F0F0F0' bgcolor='#909090'  >Extra</th>
-                                        </tr>
-                                        <tr>
-                                           <td>New device</td>
-                                           <td><a href="http://192.168.1.1:20211/deviceDetails.php?mac=00:00:00:ef:a5:6c">00:00:00:ef:a5:6c</a></td>
-                                           <td>3264/tcp</td>
-                                           <td>open</td>
-                                           <td>ccmail</td>
-                                           <td></td>
-                                        </tr>
-                                     </table>
-                                  </td>
-                               </tr>
-                               
-                            </table>
-                         </td>
-                      </tr>
-                   </table>
-             <tr>
-                <td>
-                   <table width=100% bgcolor=#46802e cellpadding=5px cellspacing=0 style="font-size: 13px; font-weight: bold; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;">
-                      <tr>
-                         <td width=50% style="text-align:center"> Pi.Alert - Synology-NAS</td>
-                      </tr>
-                   </table>
-                </td>
-             </tr>
-          </table>
-       </font>
-    </body>
- </html>
- 

back/report_template.html

@@ -1,60 +0,0 @@
-<!-- ---------------------------------------------------------------------------
-#  Pi.Alert
-#  Open Source Network Guard / WIFI & LAN intrusion detector 
-#
-#  repot_template.html - Back module. Template to email reporting in HTML format
-#-------------------------------------------------------------------------------
-#  Puche 2021        pi.alert.application@gmail.com        GNU GPLv3
-#--------------------------------------------------------------------------- -->
-
-<html>
-
-<head>
-</head>
-
-<body>
-    <font face=sans-serif>
-    <table align=center width=100% cellpadding=0 cellspacing=0 style="border-radius: 5px;">
-        <tr>
-        <td bgcolor=#EFB956  align=center style="padding: 20px 10px 10px 10px; font-size: 30px; font-weight: bold; color:#000000; border-top-right-radius: 5px; border-top-left-radius: 5px; box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2)">
-            Pi.Alert Report
-        </td>
-        </tr>
-        
-        <tr>
-        <td>
-            <table width=100% border=0 bgcolor=#FFD966 cellpadding=5px cellspacing=0 style="border-collapse: collapse; font-size: 15px; text-align:center; color:#404040">            <tr>
-                <td width=100%> Report Date: <b><REPORT_DATE></b> </td>
-            </tr>
-            </table>
-        </td>
-        </tr>
-
-        <tr>
-        <td bgcolor=#F5F5F5 height=200 valign=top style="padding: 10px">
-            
-                <INTERNET_TABLE>
-
-                <NEW_DEVICES_TABLE>
-            
-                <DOWN_DEVICES_TABLE>
-            
-                <EVENTS_TABLE>
-            
-                <PORTS_TABLE>
-        </td>
-        </tr>
-        
-        <tr>
-        <td>
-            <table width=100% bgcolor=#46802e cellpadding=5px cellspacing=0 style="font-size: 13px; font-weight: bold; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;">
-               <tr>
-                    <td width=50% style="text-align:center"> Pi.Alert - <SERVER_NAME></td>                    
-                </tr>
-            </table>
-        </td>
-        </tr>
-    </table>
-    </font>
-</body>
-</html>

back/report_template.txt

@@ -1,8 +0,0 @@
-Report Date: <REPORT_DATE>
-Server:      <SERVER_NAME>
-
-<SECTION_NEW_DEVICES>
-<SECTION_DEVICES_DOWN>
-<SECTION_EVENTS>
-<SECTION_INTERNET>
-<PORTS_TABLE>

back/report_template_new_version.html

@@ -1,64 +0,0 @@
-<!-- ---------------------------------------------------------------------------
-#  Pi.Alert
-#  Open Source Network Guard / WIFI & LAN intrusion detector 
-#
-#  repot_template.html - Back module. Template to email reporting in HTML format
-#-------------------------------------------------------------------------------
-#  Puche 2021        pi.alert.application@gmail.com        GNU GPLv3
-#--------------------------------------------------------------------------- -->
-
-<html>
-
-<head>
-</head>
-
-<body>
-    <font face=sans-serif>
-    <table align=center width=100% cellpadding=0 cellspacing=0 style="border-radius: 5px;">
-        <tr>
-        <td bgcolor=#EFB956  align=center style="padding: 20px 10px 10px 10px; font-size: 30px; font-weight: bold; color:#000000; border-top-right-radius: 5px; border-top-left-radius: 5px; box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2)">
-            Pi.Alert Report
-        </td>
-        </tr>
-        <tr> 
-            <td bgcolor=#2656f1 width=100% align=center style="padding: 20px 10px 10px 10px; font-size: 20px; font-weight: bold; color:#ffffff; box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2)">
-                <a style="color:#ffffff;cursor:pointer;" href="https://github.com/jokob-sk/Pi.Alert/releases">🆕 New version available 🆕</a>
-            </td>             
-        </tr>
-        <tr>
-        <td>
-            <table width=100% border=0 bgcolor=#FFD966 cellpadding=5px cellspacing=0 style="border-collapse: collapse; font-size: 15px; text-align:center; color:#404040">            <tr>
-                <td width=100%> Report Date: <b><REPORT_DATE></b> </td>
-            </tr>
-            </table>
-        </td>
-        </tr>
-
-        <tr>
-        <td bgcolor=#F5F5F5 height=200 valign=top style="padding: 10px">
-
-            <INTERNET_TABLE>
-
-            <NEW_DEVICES_TABLE>
-        
-            <DOWN_DEVICES_TABLE>
-        
-            <EVENTS_TABLE>
-        
-            <PORTS_TABLE>
-        
-        <tr>
-        <td>
-            <table width=100% bgcolor=#46802e cellpadding=5px cellspacing=0 style="font-size: 13px; font-weight: bold; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;">
-               <tr>
-                    <td width=50% style="text-align:center"> Pi.Alert - <SERVER_NAME></td>                    
-                </tr>
-            </table>
-        </td>
-        </tr>
-    </table>
-    </font>
-
-
-</body>
-</html>

back/update_vendors.sh

@@ -1,6 +1,7 @@
-#!/bin/sh
+#!/usr/bin/env bash
+
 # ------------------------------------------------------------------------------
-#  Pi.Alert
+#  NetAlertX
 #  Open Source Network Guard / WIFI & LAN intrusion detector 
 #
 #  update_vendors.sh - Back module. IEEE Vendors db update
@@ -11,54 +12,30 @@
 # ----------------------------------------------------------------------
 #  Main directories to update:
 #    /usr/share/arp-scan
-#    /usr/share/ieee-data
-#    /var/lib/ieee-data
 # ----------------------------------------------------------------------
 
+echo "---------------------------------------------------------"
+echo "[INSTALL]                           Run update_vendors.sh"
+echo "---------------------------------------------------------"
+
+DL_DIR=/usr/share/arp-scan
 
 # ----------------------------------------------------------------------
-echo Updating... /usr/share/ieee-data/
-cd /usr/share/ieee-data/
+echo Updating... $DL_DIR
+cd $DL_DIR || { echo "could not enter $DL_DIR directory"; exit 1; }
 
-sudo mkdir -p 2_backup
-sudo cp *.txt 2_backup
-sudo cp *.csv 2_backup
-echo ""
-echo Download Start
-echo ""
-sudo curl $1  -O https://standards-oui.ieee.org/iab/iab.csv \
-              -O https://standards-oui.ieee.org/iab/iab.txt \
-              -O https://standards-oui.ieee.org/oui28/mam.csv \
-              -O https://standards-oui.ieee.org/iab/iab.txt \
-              -O https://standards-oui.ieee.org/oui28/mam.csv \
-              -O https://standards-oui.ieee.org/oui28/mam.txt \
-              -O https://standards-oui.ieee.org/oui36/oui36.csv \
-              -O https://standards-oui.ieee.org/oui36/oui36.txt \
-              -O https://standards-oui.ieee.org/oui/oui.csv \
-              -O https://standards-oui.ieee.org/oui/oui.txt
-echo ""
-echo Download Finished
+# Define the URL of the IEEE OUI file
+IEEE_OUI_URL="http://standards-oui.ieee.org/oui/oui.txt"
 
-# ----------------------------------------------------------------------
-echo ""
-echo Updating... /usr/share/arp-scan/
-cd /usr/share/arp-scan
+# Download the file using wget
+wget "$IEEE_OUI_URL" -O ieee-oui_dl.txt
 
-sudo mkdir -p 2_backup
-sudo cp *.txt 2_backup
+# Filter lines containing "(base 16)" and format them with a tab between MAC and vendor
+grep "(base 16)" ieee-oui_dl.txt | sed -E 's/ *\(base 16\)//' | awk -F' ' '{printf "%s\t%s\n", $1, substr($0, index($0, $2))}' > ieee-oui_new.txt
 
-# Update from /usb/lib/ieee-data
-sudo get-iab -v
-sudo get-oui -v
+# Combine, sort, and remove duplicates, ensuring tab-separated output
+cat ieee-oui.txt ieee-oui_new.txt >> ieee-oui_all.txt
+sort ieee-oui_all.txt | awk '{$1=$1; print}' | sort -u | awk -F' ' '{printf "%s\t%s\n", $1, substr($0, index($0, $2))}' > ieee-oui_all_filtered.txt
 
-# Update from ieee website
-# sudo get-iab -v -u http://standards-oui.ieee.org/iab/iab.txt
-# sudo get-oui -v -u http://standards-oui.ieee.org/oui/oui.txt
 
-# Update from ieee website develop
-# sudo get-iab -v -u http://standards.ieee.org/develop/regauth/iab/iab.txt
-# sudo get-oui -v -u http://standards.ieee.org/develop/regauth/oui/oui.txt
-
-# Update from Sanitized oui (linuxnet.ca)
-# sudo get-oui -v -u https://linuxnet.ca/ieee/oui.txt
 

back/webhook_json_sample.json

@@ -1,87 +0,0 @@
-[
-    {
-        "headers": {
-            "host": "192.168.1.82:5678",
-            "user-agent": "curl/7.74.0",
-            "accept": "*/*",
-            "content-type": "application/json",
-            "content-length": "872"
-        },
-        "params": {},
-        "query": {},
-        "body": {
-            "username": "Pi.Alert",
-            "text": "There are new notifications",
-            "attachments": [
-                {
-                    "title": "Pi.Alert Notifications",
-                    "title_link": "",
-                    "text": {
-                      "internet": [],
-                      "new_devices": [{
-                        "MAC": "74:ac:74:ac:74:ac",
-                        "Datetime": "2023-01-30 22:15:09",
-                        "IP": "192.168.1.1",
-                        "Event Type": "New Device",
-                        "Device name": "(name not found)",
-                        "Comments": null
-                      }],
-                      "down_devices": [],
-                      "events": [{
-                        "MAC": "74:ac:74:ac:74:ac",
-                        "Datetime": "2023-01-30 22:15:09",
-                        "IP": "192.168.1.92",
-                        "Event Type": "Disconnected",
-                        "Device name": "(name not found)",
-                        "Comments": null
-                      }, {
-                        "MAC": "74:ac:74:ac:74:ac",
-                        "Datetime": "2023-01-30 22:15:09",
-                        "IP": "192.168.1.150",
-                        "Event Type": "Disconnected",
-                        "Device name": "(name not found)",
-                        "Comments": null
-                      }],
-                      "ports": [{
-                        "new": {
-                          "Name": "New device",
-                          "MAC": "74:ac:74:ac:74:ac",
-                          "Port": "22/tcp",
-                          "State": "open",
-                          "Service": "ssh",
-                          "Extra": ""
-                        }
-                      }, {
-                        "new": {
-                          "Name": "New device",
-                          "MAC": "74:ac:74:ac:74:ac",
-                          "Port": "53/tcp",
-                          "State": "open",
-                          "Service": "domain",
-                          "Extra": ""
-                        }
-                      }, {
-                        "new": {
-                          "Name": "New device",
-                          "MAC": "74:ac:74:ac:74:ac",
-                          "Port": "80/tcp",
-                          "State": "open",
-                          "Service": "http",
-                          "Extra": ""
-                        }
-                      }, {
-                        "new": {
-                          "Name": "New device",
-                          "MAC": "74:ac:74:ac:74:ac",
-                          "Port": "443/tcp",
-                          "State": "open",
-                          "Service": "https",
-                          "Extra": ""
-                        }
-                      }]
-                    }
-                }
-            ]
-        }
-    }
-]

config/pialert.conf

@@ -1,117 +0,0 @@
-#-----------------AUTOGENERATED FILE-----------------#
-#                                                    #
-#         Generated:  2022-12-30_22-19-40            #
-#                                                    #
-#   Config file for the LAN intruder detection app:  #
-#      https://github.com/jokob-sk/Pi.Alert          #
-#                                                    #
-#-----------------AUTOGENERATED FILE-----------------#
-
-
-# General
-#---------------------------
-# Scan using interface eth0
-# SCAN_SUBNETS    = ['192.168.1.0/24 --interface=eth0']
-#
-# Scan multiple interfaces (eth1 and eth0):
-# SCAN_SUBNETS    = [ '192.168.1.0/24 --interface=eth1', '192.168.1.0/24 --interface=eth0' ]
-SCAN_SUBNETS=['192.168.1.0/24 --interface=eth1']
-PRINT_LOG=False
-TIMEZONE='Europe/Berlin'
-PIALERT_WEB_PROTECTION=False
-PIALERT_WEB_PASSWORD='8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'
-INCLUDED_SECTIONS=['internet','new_devices','down_devices','events']
-SCAN_CYCLE_MINUTES=5
-DAYS_TO_KEEP_EVENTS=90
-REPORT_DASHBOARD_URL='http://pi.alert/'
-
-
-# Email
-#---------------------------
-REPORT_MAIL=False
-SMTP_SERVER='smtp.gmail.com'
-SMTP_PORT=587
-REPORT_TO='user@gmail.com'
-REPORT_FROM='Pi.Alert <user@gmail.com>'
-SMTP_SKIP_LOGIN=False
-SMTP_USER='user@gmail.com'
-SMTP_PASS='password'
-SMTP_SKIP_TLS=False
-
-
-# Webhooks
-#---------------------------
-REPORT_WEBHOOK=False
-WEBHOOK_URL='http://n8n.local:5555/webhook-test/aaaaaaaa-aaaa-aaaa-aaaaa-aaaaaaaaaaaa'
-WEBHOOK_PAYLOAD='json'                 # webhook payload data format for the "body > attachements > text" attribute 
-                                       # in https://github.com/jokob-sk/Pi.Alert/blob/main/docs/webhook_json_sample.json 
-                                       #   supported values: 'json', 'html' or 'text'
-                                       #   e.g.: for discord use 'html'
-WEBHOOK_REQUEST_METHOD='GET'
-
-
-# Apprise
-#---------------------------
-REPORT_APPRISE=False
-APPRISE_HOST='http://localhost:8000/notify'
-APPRISE_URL='mailto://smtp-relay.sendinblue.com:587?from=user@gmail.com&name=apprise&user=user@gmail.com&pass=password&to=user@gmail.com'
-
-
-# NTFY
-#---------------------------
-REPORT_NTFY=False
-NTFY_HOST='https://ntfy.sh'
-NTFY_TOPIC='replace_my_secure_topicname_91h889f28'
-NTFY_USER='user'
-NTFY_PASSWORD='passw0rd'
-
-
-# PUSHSAFER
-#---------------------------
-REPORT_PUSHSAFER=False
-PUSHSAFER_TOKEN='ApiKey'
-
-
-# MQTT
-#---------------------------
-REPORT_MQTT=False
-MQTT_BROKER='192.168.1.2'
-MQTT_PORT=1883
-MQTT_USER='mqtt'
-MQTT_PASSWORD='passw0rd'
-MQTT_QOS=0
-MQTT_DELAY_SEC=2
-
-
-# DynDNS
-#---------------------------
-DDNS_ACTIVE=False
-DDNS_DOMAIN='your_domain.freeddns.org'
-DDNS_USER='dynu_user'
-DDNS_PASSWORD='A0000000B0000000C0000000D0000000'
-DDNS_UPDATE_URL='https://api.dynu.com/nic/update?'
-
-
-# PiHole
-#---------------------------
-# if enabled you need to map '/etc/pihole/pihole-FTL.db' in docker-compose.yml
-PIHOLE_ACTIVE=False
-# if enabled you need to map '/etc/pihole/dhcp.leases' in docker-compose.yml
-DHCP_ACTIVE=False
-
-
-# Pholus
-#---------------------------
-PHOLUS_ACTIVE=False
-PHOLUS_TIMEOUT=120
-PHOLUS_FORCE=False
-PHOLUS_DAYS_DATA=7
-PHOLUS_RUN='once'
-PHOLUS_RUN_TIMEOUT=600
-PHOLUS_RUN_SCHD='0 4 * * *'
-
-
-#-------------------IMPORTANT INFO-------------------#
-#   This file is ingested by a python script, so if  #
-#        modified it needs to use python syntax      #
-#-------------------IMPORTANT INFO-------------------#

db/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

docker-compose.yml

@@ -1,39 +1,82 @@
 version: "3"
 services:
-  pialert:
+  netalertx:
     privileged: true
-    build: .
-    container_name: pialert
-    network_mode: "host"
-    restart: unless-stopped
+    build:
+      dockerfile: Dockerfile
+      context: .
+      cache_from:
+        - type=registry,ref=docker.io/jokob-sk/netalertx:buildcache
+    container_name: netalertx
+    network_mode: host
+    # restart: unless-stopped
     volumes:
-      - ${APP_DATA_LOCATION}/pialert/config2:/home/pi/pialert/config
-      # - ${APP_DATA_LOCATION}/pialert/db/pialert.db:/home/pi/pialert/db/pialert.db
-      - ${APP_DATA_LOCATION}/pialert/db2:/home/pi/pialert/db      
+      # - ${APP_DATA_LOCATION}/netalertx_dev/config:/app/config
+      - ${APP_DATA_LOCATION}/netalertx/config:/app/config
+      # - ${APP_DATA_LOCATION}/netalertx_dev/db:/app/db      
+      - ${APP_DATA_LOCATION}/netalertx/db:/app/db           
       # (optional) useful for debugging if you have issues setting up the container
-      - ${LOGS_LOCATION}:/home/pi/pialert/front/log      
+      - ${DEV_LOCATION}/log:/app/log      
+      # (API: OPTION 1) use for performance
+      - type: tmpfs
+        target: /app/api
+      # (API: OPTION 2) use when debugging issues 
+      # - ${DEV_LOCATION}/api:/app/api
+      # ---------------------------------------------------------------------------
       # DELETE START anyone trying to use this file: comment out / delete BELOW lines, they are only for development purposes
-      - ${DEV_LOCATION}/back/pialert.py:/home/pi/pialert/back/pialert.py
-      - ${DEV_LOCATION}/pholus:/home/pi/pialert/pholus
-      - ${DEV_LOCATION}/dockerfiles:/home/pi/pialert/dockerfiles
-      - ${APP_DATA_LOCATION}/pialert/php.ini:/etc/php/7.4/fpm/php.ini      
-      - ${DEV_LOCATION}/front/api:/home/pi/pialert/front/api
-      - ${DEV_LOCATION}/front/css:/home/pi/pialert/front/css
-      - ${DEV_LOCATION}/front/lib/AdminLTE:/home/pi/pialert/front/lib/AdminLTE
-      - ${DEV_LOCATION}/front/js:/home/pi/pialert/front/js
-      - ${DEV_LOCATION}/front/php:/home/pi/pialert/front/php
-      - ${DEV_LOCATION}/front/deviceDetails.php:/home/pi/pialert/front/deviceDetails.php
-      - ${DEV_LOCATION}/front/devices.php:/home/pi/pialert/front/devices.php
-      - ${DEV_LOCATION}/front/events.php:/home/pi/pialert/front/events.php
-      - ${DEV_LOCATION}/front/help_faq.php:/home/pi/pialert/front/help_faq.php
-      - ${DEV_LOCATION}/front/index.php:/home/pi/pialert/front/index.php
-      - ${DEV_LOCATION}/front/maintenance.php:/home/pi/pialert/front/maintenance.php
-      - ${DEV_LOCATION}/front/network.php:/home/pi/pialert/front/network.php
-      - ${DEV_LOCATION}/front/presence.php:/home/pi/pialert/front/presence.php
-      - ${DEV_LOCATION}/front/settings.php:/home/pi/pialert/front/settings.php
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp1.leases:/mnt/dhcp1.leases
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/dhcp2.leases:/mnt/dhcp2.leases      
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_full.leases:/etc/pihole/dhcp.leases      
+      - ${APP_DATA_LOCATION}/netalertx/dhcp_samples/pihole_dhcp_2.leases:/etc/pihole/dhcp2.leases      
+      - ${APP_DATA_LOCATION}/pihole/etc-pihole/pihole-FTL.db:/etc/pihole/pihole-FTL.db    
+      - ${DEV_LOCATION}/server:/app/server            
+      - ${DEV_LOCATION}/test:/app/test            
+      - ${DEV_LOCATION}/dockerfiles:/app/dockerfiles
+      # - ${APP_DATA_LOCATION}/netalertx/php.ini:/etc/php/8.2/fpm/php.ini      
+      - ${DEV_LOCATION}/install:/app/install
+      - ${DEV_LOCATION}/front/css:/app/front/css
+      - ${DEV_LOCATION}/front/img:/app/front/img
+      - ${DEV_LOCATION}/back/update_vendors.sh:/app/back/update_vendors.sh
+      - ${DEV_LOCATION}/front/lib:/app/front/lib
+      - ${DEV_LOCATION}/front/js:/app/front/js
+      - ${DEV_LOCATION}/front/report_templates:/front/report_templates
+      - ${DEV_LOCATION}/install/start.debian.sh:/app/install/start.debian.sh
+      - ${DEV_LOCATION}/install/user-mapping.debian.sh:/app/install/user-mapping.debian.sh
+      - ${DEV_LOCATION}/install/install.debian.sh:/app/install/install.debian.sh      
+      - ${DEV_LOCATION}/install/install_dependencies.debian.sh:/app/install/install_dependencies.debian.sh      
+
+      - ${DEV_LOCATION}/front/php:/app/front/php      
+      - ${DEV_LOCATION}/front/deviceDetails.php:/app/front/deviceDetails.php
+      - ${DEV_LOCATION}/front/deviceDetailsEdit.php:/app/front/deviceDetailsEdit.php
+      - ${DEV_LOCATION}/front/userNotifications.php:/app/front/userNotifications.php
+      - ${DEV_LOCATION}/front/deviceDetailsTools.php:/app/front/deviceDetailsTools.php
+      - ${DEV_LOCATION}/front/deviceDetailsPresence.php:/app/front/deviceDetailsPresence.php
+      - ${DEV_LOCATION}/front/deviceDetailsSessions.php:/app/front/deviceDetailsSessions.php
+      - ${DEV_LOCATION}/front/deviceDetailsEvents.php:/app/front/deviceDetailsEvents.php
+      - ${DEV_LOCATION}/front/devices.php:/app/front/devices.php
+      - ${DEV_LOCATION}/front/events.php:/app/front/events.php
+      - ${DEV_LOCATION}/front/plugins.php:/app/front/plugins.php
+      - ${DEV_LOCATION}/front/pluginsCore.php:/app/front/pluginsCore.php
+      - ${DEV_LOCATION}/front/help_faq.php:/app/front/help_faq.php
+      - ${DEV_LOCATION}/front/index.php:/app/front/index.php
+      - ${DEV_LOCATION}/front/maintenance.php:/app/front/maintenance.php
+      - ${DEV_LOCATION}/front/network.php:/app/front/network.php
+      - ${DEV_LOCATION}/front/presence.php:/app/front/presence.php
+      - ${DEV_LOCATION}/front/settings.php:/app/front/settings.php      
+      - ${DEV_LOCATION}/front/systeminfo.php:/app/front/systeminfo.php      
+      - ${DEV_LOCATION}/front/account.php:/app/front/account.php      
+      - ${DEV_LOCATION}/front/report.php:/app/front/report.php      
+      - ${DEV_LOCATION}/front/workflows.php:/app/front/workflows.php      
+      - ${DEV_LOCATION}/front/appEventsCore.php:/app/front/appEventsCore.php      
+      - ${DEV_LOCATION}/front/multiEditCore.php:/app/front/multiEditCore.php      
+      - ${DEV_LOCATION}/front/donations.php:/app/front/donations.php      
+      - ${DEV_LOCATION}/front/plugins:/app/front/plugins      
       # DELETE END anyone trying to use this file: comment out / delete ABOVE lines, they are only for development purposes
+      # ---------------------------------------------------------------------------
     environment:
+      # - APP_CONF_OVERRIDE={"SCAN_SUBNETS":"['192.168.1.0/24 --interface=eth1']","UI_theme":"Dark"}
       - TZ=${TZ}
-      - PORT=${PORT}
-      - HOST_USER_ID=${HOST_USER_ID}
-      - HOST_USER_GID=${HOST_USER_GID}
+      - PORT=${PORT}      
+      # ❗ DANGER ZONE BELOW - Setting ALWAYS_FRESH_INSTALL=true will delete the content of the /db & /config folders
+      - ALWAYS_FRESH_INSTALL=${ALWAYS_FRESH_INSTALL}
+      

dockerfiles/README.md

@@ -1,111 +1,142 @@
-[![Docker](https://img.shields.io/github/actions/workflow/status/jokob-sk/Pi.Alert/docker_prod.yml?label=Build&logo=GitHub)](https://github.com/jokob-sk/Pi.Alert/actions/workflows/docker_prod.yml)
-[![GitHub Committed](https://img.shields.io/github/last-commit/jokob-sk/Pi.Alert?color=40ba12&label=Committed&logo=GitHub&logoColor=fff)](https://github.com/jokob-sk/Pi.Alert)
-[![Docker Size](https://img.shields.io/docker/image-size/jokobsk/pi.alert?label=Size&logo=Docker&color=0aa8d2&logoColor=fff)](https://hub.docker.com/r/jokobsk/pi.alert)
-[![Docker Pulls](https://img.shields.io/docker/pulls/jokobsk/pi.alert?label=Pulls&logo=docker&color=0aa8d2&logoColor=fff)](https://hub.docker.com/r/jokobsk/pi.alert)
-[![Docker Pushed](https://img.shields.io/badge/dynamic/json?color=0aa8d2&logoColor=fff&label=Pushed&query=last_updated&url=https%3A%2F%2Fhub.docker.com%2Fv2%2Frepositories%2Fjokobsk%2Fpi.alert%2F&logo=docker&link=http://left&link=https://hub.docker.com/repository/docker/jokobsk/pi.alert)](https://hub.docker.com/r/jokobsk/pi.alert)
+[![GitHub Committed](https://img.shields.io/github/last-commit/jokob-sk/NetAlertX?color=40ba12&label=Committed&logo=GitHub&logoColor=fff&style=for-the-badge)](https://github.com/jokob-sk/NetAlertX)
+[![Docker Size](https://img.shields.io/docker/image-size/jokobsk/netalertx?label=Size&logo=Docker&color=0aa8d2&logoColor=fff&style=for-the-badge)](https://hub.docker.com/r/jokobsk/netalertx)
+[![Docker Pulls](https://img.shields.io/docker/pulls/jokobsk/netalertx?label=Pulls&logo=docker&color=0aa8d2&logoColor=fff&style=for-the-badge)](https://hub.docker.com/r/jokobsk/netalertx)
+[![GitHub Release](https://img.shields.io/github/v/release/jokob-sk/NetAlertX?color=0aa8d2&logoColor=fff&logo=GitHub&style=for-the-badge)](https://github.com/jokob-sk/NetAlertX/releases)
+[![Discord](https://img.shields.io/discord/1274490466481602755?color=0aa8d2&logoColor=fff&logo=Discord&style=for-the-badge)](https://discord.gg/NczTUTWyRr)
 
-# 🐳 A docker image for Pi.Alert 
 
-🐳 [Docker hub](https://registry.hub.docker.com/r/jokobsk/pi.alert) | 📄 [Dockerfile](https://github.com/jokob-sk/Pi.Alert/blob/main/Dockerfile) | 📚 [Docker instructions](https://github.com/jokob-sk/Pi.Alert/blob/main//dockerfiles/README.md) | 🆕 [Release notes](https://github.com/jokob-sk/Pi.Alert/releases)
+# NetAlertX 🖧🔍 Network scanner & notification framework
 
-<a href="https://raw.githubusercontent.com/jokob-sk/Pi.Alert/main/docs/img/devices_split.png" target="_blank">
-  <img src="https://raw.githubusercontent.com/jokob-sk/Pi.Alert/main/docs/img/devices_split.png" width="300px" />
-</a>
-<a href="https://raw.githubusercontent.com/jokob-sk/Pi.Alert/main/docs/img/network.png" target="_blank">
-  <img src="https://raw.githubusercontent.com/jokob-sk/Pi.Alert/main/docs/img/network.png" width="300px" />
+  | 🐳 [Docker hub](https://registry.hub.docker.com/r/jokobsk/netalertx) |  📑 [Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) |🆕 [Release notes](https://github.com/jokob-sk/NetAlertX/releases) | 📚 [All Docs](https://github.com/jokob-sk/NetAlertX/tree/main/docs) |
+  |----------------------|----------------------| ----------------------|  ----------------------| 
+
+<a href="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" target="_blank">
+  <img src="https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/GENERAL/github_social_image.jpg" width="1000px" />
 </a>
 
+Head to [https://netalertx.com/](https://netalertx.com/) for more gifs and screenshots 📷.
+
+> [!NOTE]
+> There is also an experimental 🧪 [bare-metal install](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md) method available. 
 
 ## 📕 Basic Usage 
 
-- You will have to run the container on the host network, e.g: 
+> [!WARNING]
+> You will have to run the container on the `host` network.
 
 ```yaml
 docker run -d --rm --network=host \
-  -v local/path/pialert/config:/home/pi/pialert/config \
-  -v local/path/pialert/db:/home/pi/pialert/db \
+  -v local/path/config:/app/config \
+  -v local/path/db:/app/db \
   -e TZ=Europe/Berlin \
   -e PORT=20211 \
-  jokobsk/pi.alert:latest
-  ```
-- The initial scan can take up-to 15min (with 50 devices and MQTT). Subsequent ones 3 and 5 minutes so wait that long for all of the scans to run.
+  jokobsk/netalertx:latest
+```
+- The initial scan can take up to 15min (with 50 devices and MQTT). Subsequent ones 3 and 5 minutes so wait that long for all of the scans to run.
 
 ### Docker environment variables
 
 | Variable | Description | Default |
 | :------------- |:-------------| -----:|
 | `PORT`      |Port of the web interface  |  `20211` |
+| `LISTEN_ADDR`      |Set the specific IP Address for the listener address for the nginx webserver (web interface). This could be useful when using multiple subnets to hide the web interface from all untrusted networks. |  `0.0.0.0` |
 |`TZ` |Time zone to display stats correctly. Find your time zone [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)  |  `Europe/Berlin` |
-|`HOST_USER_GID`    |User ID (UID) to map the user in the container to a server user with sufficient read&write permissions on the mapped files   |  `1000` |
-|`HOST_USER_ID` |User Group ID (GID)  to map the user group in the container to a server user group with sufficient read&write permissions on the mapped files    |    `1000` |
+|`APP_CONF_OVERRIDE` | JSON override for settings, e.g. `{"SCAN_SUBNETS":"['192.168.1.0/24 --interface=eth1']","UI_theme":"Dark"}` (Experimental 🧪)  |  `N/A` |
+|`ALWAYS_FRESH_INSTALL` | If `true` will delete the content of the `/db` & `/config` folders. For testing purposes. Can be coupled with [watchtower](https://github.com/containrrr/watchtower) to have an always freshly installed `netalertx`/`netalertx-dev` image.   |    `N/A` |
+
+> You can override the default GraphQL port setting `GRAPHQL_PORT` (set to `20212`) by using the `APP_CONF_OVERRIDE` env variable. 
 
 ### Docker paths
 
-| | Path | Description |
-| :------------- | :------------- |:-------------| 
-| **Required** | `:/home/pi/pialert/config` | Folder which will contain the `pialert.conf` file (see below for details)  | 
-| **Required** | `:/home/pi/pialert/db` | Folder which will contain the `pialert.db` file  | 
-|Optional| `:/home/pi/pialert/front/log` |  Logs folder useful for debugging if you have issues setting up the container  | 
-|Optional| `:/etc/pihole/pihole-FTL.db` |  PiHole's `pihole-FTL.db` database file. Required if you want to use PiHole  | 
-|Optional| `:/etc/pihole/dhcp.leases` |  PiHole's `dhcp.leases` file. Required if you want to use PiHole  | 
-|Optional| `:/home/pi/pialert/front/api` |  A simple [API endpoint](https://github.com/jokob-sk/Pi.Alert/blob/main/docs/API.md) containing static (but regularly updated) json and other files.   | 
+> [!NOTE]
+> See also [Backup strategies](https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md).   
+
+| Required | Path | Description |
+| :------------- | :------------- | :-------------| 
+| ✅ | `:/app/config` | Folder which will contain the `app.conf` & `devices.csv` ([read about devices.csv](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md)) files (see below for details).  | 
+| ✅ | `:/app/db` | Folder which will contain the `app.db` file  | 
+| | `:/app/log` |  Logs folder useful for debugging if you have issues setting up the container  | 
+| | `:/etc/pihole/pihole-FTL.db` |  PiHole's `pihole-FTL.db` database file. Required if you want to use PiHole DB mapping.  | 
+| | `:/etc/pihole/dhcp.leases` |  PiHole's `dhcp.leases` file. Required if you want to use PiHole `dhcp.leases` file. This has to be matched with a corresponding `DHCPLSS_paths_to_check` setting entry (the path in the container must contain `pihole`)| 
+| | `:/app/api` |  A simple [API endpoint](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md) containing static (but regularly updated) json and other files.   | 
+| | `:/app/front/plugins/<plugin>/ignore_plugin` | Map a file `ignore_plugin` to ignore a plugin. Plugins can be soft-disabled via settings. More in the [Plugin docs](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md).  | 
+| | `:/etc/resolv.conf` | Use a custom `resolv.conf` file for [better name resolution](https://github.com/jokob-sk/NetAlertX/blob/main/docs/REVERSE_DNS.md).  | 
+
+> Use separate `db` and `config` directories, don't nest them.
+
+### (If UI is not available) Modify the config (`app.conf`) 
+
+- The preferred way is to manage the configuration via the Settings section in the UI.
+- You can modify [app.conf](https://github.com/jokob-sk/NetAlertX/tree/main/config) directly, if needed.
+- If unavailable, the app generates a default `app.conf` and `app.db` file on the first run.
+
+### ⚙ Important settings
+
+These are the most important settings to get at least some output in your Devices screen. Usually, only one approach is used, but you can combine these approaches.
+
+| Scan method | Setting | Description |
+| :------------- | :------------- | :-------------| 
+| arp-scan, nmap-scan | `SCAN_SUBNETS` | See the documentation on how [to setup SUBNETS, VLANs & limitations](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md) |
+| PiHole | `PIHOLE_RUN` | There are 2 approaches how to get PiHole devices imported. Via the PiHole import (`PIHOLE`) plugin or DHCP leases (`DHCPLSS`) plugin. The `PIHOLE` plugin requires you to map the PiHole database, as mentioned above. |
+| dhcp.leases | `DHCPLSS_RUN` | You need to map `:/etc/myfiles/dhcp.leases` in the `docker-compose.yml` file if you enable this setting. This path has to be matched with a corresponding `DHCPLSS_paths_to_check` setting entry (check the [DHCPLSS plugin readme](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/dhcp_leases#overview) for details). |
 
 
-### Config (`pialert.conf`)
-
-- Modify [pialert.conf](https://github.com/jokob-sk/Pi.Alert/tree/main/config) or manage the configuration via Settings.  
-- ❗ Set the `SCAN_SUBNETS` variable. 
-   * The adapter will probably be `eth0` or `eth1`. (Run `iwconfig` to find your interface name(s)) 
-   * Specify the network filter (which **significantly** speeds up the scan process). For example, the filter `192.168.1.0/24` covers IP ranges 192.168.1.0 to 192.168.1.255.
-   * Examples for one and two subnets  (❗ Note the `['...', '...']` format):
-     * One subnet: `SCAN_SUBNETS    = ['192.168.1.0/24 --interface=eth0']`
-     * Two subnets:  `SCAN_SUBNETS    = ['192.168.1.0/24 --interface=eth0', '192.168.1.0/24 --interface=eth1']` 
+> [!NOTE]
+> It's recommended to use the same schedule interval for all plugins responsible for discovering new devices.
 
 
-### 🛑 **Common issues** 
+#### 🧭 Community guides
 
-💡 Before creating a new issue, please check if a similar issue was [already resolved](https://github.com/jokob-sk/Pi.Alert/issues?q=is%3Aissue+is%3Aclosed). 
+Use the official installation guides at first and use community content as supplementary material. Open an issue if you'd like to add your link to the list 🙏 
 
-**Permissions**
+- ▶ [Home Lab Network Monitoring - Scotti-BYTE Enterprise Consulting Services](https://www.youtube.com/watch?v=0DryhzrQSJA) (July 2024)
+- 📄 [How to Install NetAlertX on Your Synology NAS - Marius hosting](https://mariushosting.com/how-to-install-pi-alert-on-your-synology-nas/) (Updated frequently)
+- 📄 [Using the PiAlert Network Security Scanner on a Raspberry Pi - PiMyLifeUp](https://pimylifeup.com/raspberry-pi-pialert/)
+- ▶ [How to Setup Pi.Alert on Your Synology NAS - Digital Aloha](https://www.youtube.com/watch?v=M4YhpuRFaUg) 
+- 📄 [防蹭网神器，网络安全助手 | 极空间部署网络扫描和通知系统『NetAlertX』](https://blog.csdn.net/qq_63499861/article/details/141105273)
+- 📄 [시놀/헤놀에서 네트워크 스캐너 Pi.Alert Docker로 설치 및 사용하기](https://blog.dalso.org/article/%EC%8B%9C%EB%86%80-%ED%97%A4%EB%86%80%EC%97%90%EC%84%9C-%EB%84%A4%ED%8A%B8%EC%9B%8C%ED%81%AC-%EC%8A%A4%EC%BA%90%EB%84%88-pi-alert-docker%EB%A1%9C-%EC%84%A4%EC%B9%98-%EB%B0%8F-%EC%82%AC%EC%9A%A9) (July 2023)
+- 📄 [网络入侵探测器Pi.Alert (Chinese)](https://codeantenna.com/a/VgUvIAjZ7J) (May 2023)
+- ▶ [Pi.Alert auf Synology & Docker by - Jürgen Barth](https://www.youtube.com/watch?v=-ouvA2UNu-A) (March 2023)
+- ▶ [Top Docker Container for Home Server Security - VirtualizationHowto](https://www.youtube.com/watch?v=tY-w-enLF6Q) (March 2023)
+- ▶ [Pi.Alert or WatchYourLAN can alert you to unknown devices appearing on your WiFi or LAN network - Danie van der Merwe](https://www.youtube.com/watch?v=v6an9QG2xF0) (November 2022)
 
-* If facing issues (AJAX errors, can't write to DB, empty screen, etc,) make sure permissions are set correctly, and check the logs under `/home/pi/pialert/front/log`. 
-* To solve permission issues you can also try to create a DB backup and then run a DB Restore via the **Maintenance > Backup/Restore** section.
-* You can try also setting the owner and group of the `pialert.db` by executing the following on the host system: `docker exec pialert chown -R www-data:www-data /home/pi/pialert/db/pialert.db`. 
-* Map to local User and Group IDs. Specify the enviroment variables `HOST_USER_ID` and `HOST_USER_GID` if needed.
-* Map the pialert.db file (⚠ not folder) to `:/home/pi/pialert/db/pialert.db` (see Examples below for details)
-
-**Container restarts / crashes**
-
-* Check the logs for details. Often a required setting for a notification method is missing. 
-
-**unable to resolve host**
-
-* Check that your `SCAN_SUBNETS` variable is using the correct mask and `--interface` as outlined in the instructions above. 
+> Ordered by last update time. 
  
+### **Common issues** 
 
-Docker-compose examples can be found below.
+💡 Before creating a new issue, please check if a similar issue was [already resolved](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed). 
 
-## 📄 Examples
+⚠ Check also common issues and [debugging tips](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md). 
+
+> [!NOTE]
+> You can bulk-update devices via the [CSV import method](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md).
+
+## 📄 docker-compose.yml Examples
 
 ### Example 1
 
 ```yaml
 version: "3"
 services:
-  pialert:
-    container_name: pialert
-    image: "jokobsk/pi.alert:latest"      
+  netalertx:
+    container_name: netalertx
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: "jokobsk/netalertx:latest"      
     network_mode: "host"        
     restart: unless-stopped
     volumes:
-      - local/path/pialert/config:/home/pi/pialert/config
-      - local/path/pialert/db:/home/pi/pialert/db      
+      - local/path/config:/app/config
+      - local/path/db:/app/db      
       # (optional) useful for debugging if you have issues setting up the container
-      - local/path/logs:/home/pi/pialert/front/log
+      - local/path/logs:/app/log
+      # (API: OPTION 1) use for performance
+      - type: tmpfs
+        target: /app/api
+      # (API: OPTION 2) use when debugging issues 
+      # -  local/path/api:/app/api
     environment:
       - TZ=Europe/Berlin      
-      - HOST_USER_ID=1000
-      - HOST_USER_GID=1000
       - PORT=20211
 ```
 
@@ -113,25 +144,48 @@ To run the container execute: `sudo docker-compose up -d`
 
 ### Example 2
 
+Example by [SeimuS](https://github.com/SeimusS).
+
+```yaml
+  netalertx:
+    container_name: NetAlertX
+    hostname: NetAlertX
+    privileged: true
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: jokobsk/netalertx:latest
+    environment:
+      - TZ=Europe/Bratislava
+    restart: always
+    volumes:
+      - ./netalertx/db:/app/db
+      - ./netalertx/config:/app/config
+    network_mode: host
+```
+
+To run the container execute: `sudo docker-compose up -d`
+
+### Example 3
+
 `docker-compose.yml` 
 
 ```yaml
 version: "3"
 services:
-  pialert:
-    container_name: pialert
-    image: "jokobsk/pi.alert:latest"      
+  netalertx:
+    container_name: netalertx
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: "jokobsk/netalertx:latest"      
     network_mode: "host"        
     restart: unless-stopped
     volumes:
-      - ${APP_DATA_LOCATION}/pialert/config:/home/pi/pialert/config
-      - ${APP_DATA_LOCATION}/pialert/db/pialert.db:/home/pi/pialert/db/pialert.db      
+      - ${APP_DATA_LOCATION}/netalertx/config:/app/config
+      - ${APP_DATA_LOCATION}/netalertx/db/:/app/db/      
       # (optional) useful for debugging if you have issues setting up the container
-      - ${LOGS_LOCATION}:/home/pi/pialert/front/log
+      - ${LOGS_LOCATION}:/app/log
     environment:
       - TZ=${TZ}      
-      - HOST_USER_ID=${HOST_USER_ID}
-      - HOST_USER_GID=${HOST_USER_GID}
       - PORT=${PORT}
 ```
 
@@ -147,8 +201,6 @@ LOGS_LOCATION=/path/to/docker_logs
 #ENVIRONMENT VARIABLES
 
 TZ=Europe/Paris
-HOST_USER_ID=1000
-HOST_USER_GID=1000
 PORT=20211
 
 #DEVELOPMENT VARIABLES
@@ -158,13 +210,15 @@ DEV_LOCATION=/path/to/local/source/code
 
 To run the container execute: `sudo docker-compose --env-file /path/to/.env up`
 
-### Example 3
+### Example 4
 
-Courtesy of [pbek](https://github.com/pbek). The volume `pialert_db` is used by the db directory. The two config files are mounted directly from a local folder to their places in the config folder. You can backup the `docker-compose.yaml` folder and the docker volumes folder.
+Courtesy of [pbek](https://github.com/pbek). The volume `netalertx_db` is used by the db directory. The two config files are mounted directly from a local folder to their places in the config folder. You can backup the `docker-compose.yaml` folder and the docker volumes folder.
 
 ```yaml
-  pialert:
-    image: jokobsk/pi.alert
+  netalertx:
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: jokobsk/netalertx
     ports:
       - "80:20211/tcp"
     environment:
@@ -174,22 +228,20 @@ Courtesy of [pbek](https://github.com/pbek). The volume `pialert_db` is used by
         ipv4_address: 192.168.1.2
     restart: unless-stopped
     volumes:
-      - pialert_db:/home/pi/pialert/db
-      - ./pialert/pialert.conf:/home/pi/pialert/config/pialert.conf      
+      - netalertx_db:/app/db
+      - ./netalertx/:/app/config/      
 ```
 
 ## 🏅 Recognitions
 
-Big thanks to <a href="https://github.com/Macleykun">@Macleykun</a> for help and tips&tricks for Dockerfile(s):
+Big thanks to <a href="https://github.com/Macleykun">@Macleykun</a> & for help and tips & tricks for Dockerfile(s) and <a href="https://github.com/vladaurosh">@vladaurosh</a> for Alpine re-base help.
 
-<a href="https://github.com/Macleykun">
-  <img src="https://avatars.githubusercontent.com/u/26381427?size=50"> 
-</a>
+## ❤ Support me 
 
-## ☕ Support me
+| [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | [![Patreon](https://i.imgur.com/MuYsrq1.png)](https://www.patreon.com/user?u=84385063) | 
+| --- | --- | --- | 
 
-Disclaimer: Please only donate if you don't have any debt yourself. Support yourself first, then others.
+- Bitcoin: `1N8tupjeCK12qRVU2XrV17WvKK7LCawyZM`
+- Ethereum: `0x6e2749Cb42F4411bc98501406BdcD82244e3f9C7`
 
-<a href="https://github.com/sponsors/jokob-sk" target="_blank"><img src="https://i.imgur.com/X6p5ACK.png" alt="Sponsor Me on GitHub" style="height: 30px !important;width: 117px !important;" width="150px" ></a>
-<a href="https://www.buymeacoffee.com/jokobsk" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 30px !important;width: 117px !important;" width="117px" height="30px" ></a>
-<a href="https://www.patreon.com/user?u=84385063" target="_blank"><img src="https://upload.wikimedia.org/wikipedia/commons/thumb/8/82/Patreon_logo_with_wordmark.svg/512px-Patreon_logo_with_wordmark.svg.png" alt="Support me on patreon" style="height: 30px !important;width: 117px !important;" width="117px" ></a>
+> 📧 Email me at [jokob@duck.com](mailto:jokob@duck.com?subject=NetAlertX) if you want to get in touch or if I should add other sponsorship platforms.

dockerfiles/pre-setup.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+export INSTALL_DIR=/app
+export APP_NAME=netalertx
+
+# php-fpm setup
+install -d -o nginx -g www-data /run/php/
+sed -i "/^;pid/c\pid = /run/php/php8.3-fpm.pid" /etc/php83/php-fpm.conf
+sed -i "/^listen/c\listen = /run/php/php8.3-fpm.sock" /etc/php83/php-fpm.d/www.conf
+sed -i "/^;listen.owner/c\listen.owner = nginx" /etc/php83/php-fpm.d/www.conf
+sed -i "/^;listen.group/c\listen.group = www-data" /etc/php83/php-fpm.d/www.conf
+sed -i "/^user/c\user = nginx" /etc/php83/php-fpm.d/www.conf
+sed -i "/^group/c\group = www-data" /etc/php83/php-fpm.d/www.conf
+
+# s6 overlay setup
+mkdir -p /etc/s6-overlay/s6-rc.d/{SetupOneshot,php-fpm/dependencies.d,nginx/dependencies.d}
+mkdir -p /etc/s6-overlay/s6-rc.d/{SetupOneshot,php-fpm/dependencies.d,nginx/dependencies.d,$APP_NAME/dependencies.d}
+echo "oneshot" > /etc/s6-overlay/s6-rc.d/SetupOneshot/type
+echo "longrun" > /etc/s6-overlay/s6-rc.d/php-fpm/type
+echo "longrun" > /etc/s6-overlay/s6-rc.d/nginx/type
+echo "longrun" > /etc/s6-overlay/s6-rc.d/$APP_NAME/type
+echo -e "${INSTALL_DIR}/dockerfiles/setup.sh" > /etc/s6-overlay/s6-rc.d/SetupOneshot/up
+echo -e "#!/bin/execlineb -P\n/usr/sbin/php-fpm83 -F" > /etc/s6-overlay/s6-rc.d/php-fpm/run
+echo -e '#!/bin/execlineb -P\nnginx -g "daemon off;"' > /etc/s6-overlay/s6-rc.d/nginx/run
+echo -e '#!/bin/execlineb -P
+        with-contenv
+
+        importas -u PORT PORT
+
+        if { echo
+        "
+            [INSTALL] 🚀 Starting app (:${PORT})
+
+        " }' > /etc/s6-overlay/s6-rc.d/$APP_NAME/run
+echo -e "python ${INSTALL_DIR}/server" >> /etc/s6-overlay/s6-rc.d/$APP_NAME/run
+touch /etc/s6-overlay/s6-rc.d/user/contents.d/{SetupOneshot,php-fpm,nginx} /etc/s6-overlay/s6-rc.d/{php-fpm,nginx}/dependencies.d/SetupOneshot
+touch /etc/s6-overlay/s6-rc.d/user/contents.d/{SetupOneshot,php-fpm,nginx,$APP_NAME} /etc/s6-overlay/s6-rc.d/{php-fpm,nginx,$APP_NAME}/dependencies.d/SetupOneshot
+touch /etc/s6-overlay/s6-rc.d/nginx/dependencies.d/php-fpm
+touch /etc/s6-overlay/s6-rc.d/$APP_NAME/dependencies.d/nginx
+
+
+
+rm -f $0

dockerfiles/setup.sh

@@ -0,0 +1,136 @@
+#!/usr/bin/with-contenv bash
+
+echo "---------------------------------------------------------"
+echo "[INSTALL]                                    Run setup.sh"
+echo "---------------------------------------------------------"
+
+export INSTALL_DIR=/app  # Specify the installation directory here
+
+# DO NOT CHANGE ANYTHING BELOW THIS LINE!
+
+CONF_FILE="app.conf"
+NGINX_CONF_FILE=netalertx.conf
+DB_FILE="app.db"
+FULL_FILEDB_PATH="${INSTALL_DIR}/db/${DB_FILE}"
+NGINX_CONFIG_FILE="/etc/nginx/http.d/${NGINX_CONF_FILE}"
+OUI_FILE="/usr/share/arp-scan/ieee-oui.txt" # Define the path to ieee-oui.txt and ieee-iab.txt
+
+INSTALL_DIR_OLD=/home/pi/pialert
+OLD_APP_NAME=pialert
+
+# DO NOT CHANGE ANYTHING ABOVE THIS LINE!
+
+# Check if script is run as root
+if [[ $EUID -ne 0 ]]; then
+    echo "This script must be run as root. Please use 'sudo'."
+    exit 1
+fi
+
+echo "[INSTALL] Copy starter ${DB_FILE} and ${CONF_FILE} if they don't exist"
+
+# DANGER ZONE: ALWAYS_FRESH_INSTALL
+if [ "$ALWAYS_FRESH_INSTALL" = true ]; then
+  echo "[INSTALL] ❗ ALERT /db and /config folders are cleared because the ALWAYS_FRESH_INSTALL is set to: $ALWAYS_FRESH_INSTALL❗"
+
+  # Delete content of "$INSTALL_DIR/config/"
+  rm -rf "$INSTALL_DIR/config/"*
+  rm -rf "$INSTALL_DIR_OLD/config/"*
+
+  # Delete content of "$INSTALL_DIR/db/"
+  rm -rf "$INSTALL_DIR/db/"*
+  rm -rf "$INSTALL_DIR_OLD/db/"*
+fi
+
+# OVERRIDE settings: Handling APP_CONF_OVERRIDE
+# Check if APP_CONF_OVERRIDE is set
+
+# remove old
+rm "${INSTALL_DIR}/config/app_conf_override.json"
+
+if [ -z "$APP_CONF_OVERRIDE" ]; then
+  echo "APP_CONF_OVERRIDE is not set. Skipping config file creation."
+else
+  # Save the APP_CONF_OVERRIDE env variable as a JSON file
+  echo "$APP_CONF_OVERRIDE" > "${INSTALL_DIR}/config/app_conf_override.json"
+  echo "Config file saved to ${INSTALL_DIR}/config/app_conf_override.json"
+fi
+
+# 🔻 FOR BACKWARD COMPATIBILITY - REMOVE AFTER 12/12/2024
+
+# Check if pialert.db exists, then create a symbolic link to app.db
+if [ -f "${INSTALL_DIR_OLD}/db/${OLD_APP_NAME}.db" ]; then
+    ln -s "${INSTALL_DIR_OLD}/db/${OLD_APP_NAME}.db" "${FULL_FILEDB_PATH}"
+fi
+
+# Check if ${OLD_APP_NAME}.conf exists, then create a symbolic link to app.conf
+if [ -f "${INSTALL_DIR_OLD}/config/${OLD_APP_NAME}.conf" ]; then
+    ln -s "${INSTALL_DIR_OLD}/config/${OLD_APP_NAME}.conf" "${INSTALL_DIR}/config/${CONF_FILE}"
+fi
+# 🔺 FOR BACKWARD COMPATIBILITY - REMOVE AFTER 12/12/2024
+
+# Copy starter .db and .conf if they don't exist
+cp -na "${INSTALL_DIR}/back/${CONF_FILE}" "${INSTALL_DIR}/config/${CONF_FILE}"
+cp -na "${INSTALL_DIR}/back/${DB_FILE}" "${FULL_FILEDB_PATH}"
+
+# if custom variables not set we do not need to do anything
+if [ -n "${TZ}" ]; then
+  FILECONF="${INSTALL_DIR}/config/${CONF_FILE}"
+  echo "[INSTALL] Setup timezone"
+  sed -i "\#^TIMEZONE=#c\TIMEZONE='${TZ}'" "${FILECONF}"
+
+  # set TimeZone in container
+  cp /usr/share/zoneinfo/$TZ /etc/localtime
+  echo $TZ > /etc/timezone
+fi
+
+echo "[INSTALL] Setup NGINX"
+echo "Setting webserver to address ($LISTEN_ADDR) and port ($PORT)"
+envsubst '$INSTALL_DIR $LISTEN_ADDR $PORT' < "${INSTALL_DIR}/install/netalertx.template.conf" > "${NGINX_CONFIG_FILE}"
+
+# Run the hardware vendors update at least once
+echo "[INSTALL] Run the hardware vendors update"
+
+# Check if ieee-oui.txt or ieee-iab.txt exist
+if [ -f "${OUI_FILE}" ]; then
+  echo "The file ieee-oui.txt exists. Skipping update_vendors.sh..."
+else
+  echo "The file ieee-oui.txt does not exist. Running update_vendors..."
+
+  # Run the update_vendors.sh script
+  if [ -f "${INSTALL_DIR}/back/update_vendors.sh" ]; then
+    "${INSTALL_DIR}/back/update_vendors.sh"
+  else
+    echo "update_vendors.sh script not found in ${INSTALL_DIR}."
+  fi
+fi
+
+# Create an empty log files
+# Create the execution_queue.log and app_front.log files if they don't exist
+touch "${INSTALL_DIR}"/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log}
+touch "${INSTALL_DIR}"/api/user_notifications.json
+
+echo "[INSTALL] Fixing permissions after copied starter config & DB"
+chown -R nginx:www-data "${INSTALL_DIR}"/{config,log,db,api}
+chown -R nginx:www-data "${INSTALL_DIR}"/api/user_notifications.json
+
+chmod 750 "${INSTALL_DIR}"/{config,log,db}
+find "${INSTALL_DIR}"/{config,log,db} -type f -exec chmod 640 {} \;
+
+# Check if buildtimestamp.txt doesn't exist
+if [ ! -f "${INSTALL_DIR}/front/buildtimestamp.txt" ]; then
+    # Create buildtimestamp.txt
+    date +%s > "${INSTALL_DIR}/front/buildtimestamp.txt"
+    chown nginx:www-data "${INSTALL_DIR}/front/buildtimestamp.txt"
+fi
+
+# Start crond service in the background
+echo "[INSTALL] Starting crond service..."
+crond -f -d 8 > /dev/null 2>&1 &
+
+echo -e "
+            [ENV] PATH                      is ${PATH}
+            [ENV] PORT                      is ${PORT}
+            [ENV] TZ                        is ${TZ}
+            [ENV] LISTEN_ADDR               is ${LISTEN_ADDR}
+            [ENV] ALWAYS_FRESH_INSTALL      is ${ALWAYS_FRESH_INSTALL}
+        "

dockerfiles/start.sh

@@ -1,31 +0,0 @@
-#!/bin/sh
-/home/pi/pialert/dockerfiles/user-mapping.sh
-
-# if custom variables not set we do not need to do anything
-if [ -n "${TZ}" ]; then    
-  FILECONF=/home/pi/pialert/config/pialert.conf 
-  if [ -f "$FILECONF" ]; then
-    sed -ie "s|Europe/Berlin|${TZ}|g" /home/pi/pialert/config/pialert.conf 
-  else 
-    sed -ie "s|Europe/Berlin|${TZ}|g" /home/pi/pialert/back/pialert.conf_bak 
-  fi
-fi
-
-if [ -n "${PORT}" ]; then  
-  sed -ie 's/listen 20211/listen '${PORT}'/g' /etc/nginx/sites-available/default
-fi 
-
-# I hope this will fix DB permission issues going forward
-FILEDB=/home/pi/pialert/db/pialert.db
-if [ -f "$FILEDB" ]; then
-    chown -R www-data:www-data /home/pi/pialert/db/pialert.db
-fi
-
-chmod -R a+rw /home/pi/pialert/front/log
-chmod -R a+rw /home/pi/pialert/config
-
-/etc/init.d/php7.4-fpm start
-/etc/init.d/nginx start
-
-# cron -f
-python /home/pi/pialert/back/pialert.py

dockerfiles/user-mapping.sh

@@ -1,29 +0,0 @@
-#!/bin/bash
-
-if [ -z "${USER}" ]; then
-  echo "We need USER to be set!"; exit 100
-fi
-
-# if both not set we do not need to do anything
-if [ -z "${HOST_USER_ID}" -a -z "${HOST_USER_GID}" ]; then
-    echo "Nothing to do here." ; exit 0
-fi
-
-# reset user_?id to either new id or if empty old (still one of above
-# might not be set)
-USER_ID=${HOST_USER_ID:=$USER_ID}
-USER_GID=${HOST_USER_GID:=$USER_GID}
-
-LINE=$(grep -F "${USER}" /etc/passwd)
-# replace all ':' with a space and create array
-array=( ${LINE//:/ } )
-
-# home is 5th element
-USER_HOME=${array[4]}
-
-sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:[0-9]*/${USER}:\1:${USER_ID}:${USER_GID}/"  /etc/passwd
-sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/"  /etc/group
-
-chown -R ${USER_ID}:${USER_GID} ${USER_HOME}
-
-exec su - "${USER}"

docs/API.md

@@ -1,20 +1,15 @@
 ## API endpoints
 
-PiAlert comes with a simple API. These API endpoints are static files, that are periodically updated based on your settings. 
+NetAlertX comes with a simple API. These API endpoints are static files, that are periodically updated based on your settings. 
 
 
 ### When are the endpoints updated
 
-Once you enable the API (`ENABLE_API` setting), the endpoints are updated during these events:
-
-1) Always during a notification event.
-2) (optional) If `API_RUN` is set to `schedule` on a specified cron-like schedule specified by the `API_RUN_SCHD` setting.
-3) (optional) If `API_RUN` is set to `interval` every N seconds specified by the `API_RUN_INTERVAL` setting (minimum 5).
-
+The endpoints are updated when objects in the API endpoints are changed.
 
 ### Location of the endpoints
 
-In the container, these files are located under the `/home/pi/pialert/front/api/` folder and thus on the `<pialert_url>/api/<File name>` url.
+In the container, these files are located under the `/app/api/` folder. You can acces sthem via the `/php/server/query_json.php?file=user_notifications.json` endpoint.
 
 ### Available endpoints
 
@@ -24,12 +19,15 @@ You can access the following files:
   |----------------------|----------------------| 
   | `notification_text.txt` | The plain text version of the last notification. |
   | `notification_text.html` | The full HTML of the last email notification. |
-  | `notification_json_final.json` | The json version of the last notification (e.g. used for webhooks - [sample JSON](https://github.com/jokob-sk/Pi.Alert/blob/main/back/webhook_json_sample.json)). |
-  | `table_devices.json` | The current (at the time of the last update as mentioned above on this page) state of all of the available Devices detected by the app. |
-  | `table_nmap_scan.json` | The current state of the discovered ports by the regular NMAP scans. |
-  | `table_pholus_scan.json` | The latest state of the [pholus](https://github.com/jokob-sk/Pi.Alert/tree/main/pholus) (A multicast DNS and DNS Service Discovery Security Assessment Tool) scan results. |
-  | `table_events_pending_alert.json` | The list of the unprocessed (pending) notification events. |
+  | `notification_json_final.json` | The json version of the last notification (e.g. used for webhooks - [sample JSON](https://github.com/jokob-sk/NetAlertX/blob/main/front/report_templates/webhook_json_sample.json)). |
+  | `table_devices.json` | The current (at the time of the last update as mentioned above on this page) state of all of the available Devices detected by the app. |  
+  | `table_plugins_events.json` | The list of the unprocessed (pending) notification events (plugins_events DB table). |
+  | `table_plugins_history.json` | The list of notification events history. |  
+  | `table_plugins_objects.json` | The content of the plugins_objects table. Find more info on the [Plugin system here](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins)|
+  | `language_strings.json` | The content of the language_strings table, which in turn is loaded from the plugins `config.json` definitions. |  
   | `table_custom_endpoint.json` | A custom endpoint generated by the SQL query specified by the `API_CUSTOM_SQL` setting. |
+  | `table_settings.json` | The content of the settings table. |
+  | `app_state.json` | Contains the current application state. |
   
   Current/latest state of the aforementioned files depends on your settings.
 
@@ -59,38 +57,38 @@ Example JSON of the `table_devices.json` endpoint with two Devices (database row
 {
   "data": [
         {
-          "dev_MAC": "Internet",
-          "dev_Name": "Net - Huawei",
-          "dev_DeviceType": "Router",
-          "dev_Vendor": null,
-          "dev_Group": "Always on",
-          "dev_FirstConnection": "2021-01-01 00:00:00",
-          "dev_LastConnection": "2021-01-28 22:22:11",
-          "dev_LastIP": "192.168.1.24",
-          "dev_StaticIP": 0,
-          "dev_PresentLastScan": 1,
-          "dev_LastNotification": "2023-01-28 22:22:28.998715",
-          "dev_NewDevice": 0,
-          "dev_Network_Node_MAC_ADDR": "",
-          "dev_Network_Node_port": "",
-          "dev_Icon": "globe"
+          "devMac": "Internet",
+          "devName": "Net - Huawei",
+          "devType": "Router",
+          "devVendor": null,
+          "devGroup": "Always on",
+          "devFirstConnection": "2021-01-01 00:00:00",
+          "devLastConnection": "2021-01-28 22:22:11",
+          "devLastIP": "192.168.1.24",
+          "devStaticIP": 0,
+          "devPresentLastScan": 1,
+          "devLastNotification": "2023-01-28 22:22:28.998715",
+          "devIsNew": 0,
+          "devParentMAC": "",
+          "devParentPort": "",
+          "devIcon": "globe"
         }, 
         {
-          "dev_MAC": "a4:8f:ff:aa:ba:1f",
-          "dev_Name": "Net - USG",
-          "dev_DeviceType": "Firewall",
-          "dev_Vendor": "Ubiquiti Inc",
-          "dev_Group": "",
-          "dev_FirstConnection": "2021-02-12 22:05:00",
-          "dev_LastConnection": "2021-07-17 15:40:00",
-          "dev_LastIP": "192.168.1.1",
-          "dev_StaticIP": 1,
-          "dev_PresentLastScan": 1,
-          "dev_LastNotification": "2021-07-17 15:40:10.667717",
-          "dev_NewDevice": 0,
-          "dev_Network_Node_MAC_ADDR": "Internet",
-          "dev_Network_Node_port": 1,
-          "dev_Icon": "shield-halved"
+          "devMac": "a4:8f:ff:aa:ba:1f",
+          "devName": "Net - USG",
+          "devType": "Firewall",
+          "devVendor": "Ubiquiti Inc",
+          "devGroup": "",
+          "devFirstConnection": "2021-02-12 22:05:00",
+          "devLastConnection": "2021-07-17 15:40:00",
+          "devLastIP": "192.168.1.1",
+          "devStaticIP": 1,
+          "devPresentLastScan": 1,
+          "devLastNotification": "2021-07-17 15:40:10.667717",
+          "devIsNew": 0,
+          "devParentMAC": "Internet",
+          "devParentPort": 1,
+          "devIcon": "shield-halved"
       }
     ]
 }

docs/AUTHELIA.md

@@ -0,0 +1,275 @@
+(DRAFT) Authelia support
+
+
+
+```yaml
+theme: dark
+
+default_2fa_method: "totp"
+
+server:
+  address: 0.0.0.0:9091
+  endpoints:
+    enable_expvars: false
+    enable_pprof: false
+    authz:
+      forward-auth:
+        implementation: 'ForwardAuth'
+        authn_strategies:
+          - name: 'HeaderAuthorization'
+            schemes:
+              - 'Basic'
+          - name: 'CookieSession'
+      ext-authz:
+        implementation: 'ExtAuthz'
+        authn_strategies:
+          - name: 'HeaderAuthorization'
+            schemes:
+              - 'Basic'
+          - name: 'CookieSession'
+      auth-request:
+        implementation: 'AuthRequest'
+        authn_strategies:
+          - name: 'HeaderAuthRequestProxyAuthorization'
+            schemes:
+              - 'Basic'
+          - name: 'CookieSession'
+      legacy:
+        implementation: 'Legacy'
+        authn_strategies:
+          - name: 'HeaderLegacy'
+          - name: 'CookieSession'
+  disable_healthcheck: false
+  tls:
+    key: ""
+    certificate: ""
+    client_certificates: []
+  headers:
+    csp_template: ""
+
+log:
+  ## Level of verbosity for logs: info, debug, trace.
+  level: info
+
+###############################################################
+# The most important section
+###############################################################
+access_control:
+  ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'.
+  default_policy: deny
+  networks:
+    - name: internal
+      networks:
+        - '192.168.0.0/18'
+        - '10.10.10.0/8' # Zerotier
+    - name: private
+      networks:
+        - '172.16.0.0/12'
+  rules:
+    - networks:
+        - private
+      domain:
+        - '*'
+      policy: bypass
+    - networks:
+        - internal
+      domain:
+        - '*'
+      policy: bypass
+    - domain:
+        # exclude itself from auth, should not happen as we use Traefik middleware on a case-by-case screnario
+        - 'auth.MYDOMAIN1.TLD'
+        - 'authelia.MYDOMAIN1.TLD'
+        - 'auth.MYDOMAIN2.TLD'
+        - 'authelia.MYDOMAIN2.TLD'
+      policy: bypass
+    - domain:
+        #All subdomains match
+        - 'MYDOMAIN1.TLD'
+        - '*.MYDOMAIN1.TLD'
+      policy: two_factor
+    - domain:
+        # This will not work yet as Authelio does not support multi-domain authentication
+        - 'MYDOMAIN2.TLD'
+        - '*.MYDOMAIN2.TLD'
+      policy: two_factor
+
+
+############################################################
+identity_validation:
+  reset_password:
+    jwt_secret: "[REDACTED]"
+
+identity_providers:
+  oidc:
+    enable_client_debug_messages: true
+    enforce_pkce: public_clients_only
+    hmac_secret: [REDACTED]
+    lifespans:
+      authorize_code: 1m
+      id_token: 1h
+      refresh_token: 90m
+      access_token: 1h
+    cors:
+      endpoints:
+        - authorization
+        - token
+        - revocation
+        - introspection
+        - userinfo
+      allowed_origins:
+        - "*"
+      allowed_origins_from_client_redirect_uris: false
+    jwks:
+      - key: [REDACTED]
+        certificate_chain:
+    clients:
+      - client_id: portainer
+        client_name: Portainer
+        # generate secret with "authelia crypto hash generate pbkdf2 --random --random.length 32 --random.charset alphanumeric"
+        # Random Password: [REDACTED]
+        # Digest: [REDACTED]
+        client_secret: [REDACTED]
+        token_endpoint_auth_method: 'client_secret_post'
+        public: false
+        authorization_policy: two_factor
+        consent_mode: pre-configured #explicit
+        pre_configured_consent_duration: '6M' #Must be re-authorised every 6 Months
+        scopes:
+          - openid
+          #- groups #Currently not supported in Authelia V
+          - email
+          - profile
+        redirect_uris:
+          - https://portainer.MYDOMAIN1.LTD
+        userinfo_signed_response_alg: none
+
+      - client_id: openproject
+        client_name: OpenProject
+        # generate secret with "authelia crypto hash generate pbkdf2 --random --random.length 32 --random.charset alphanumeric"
+        # Random Password: [REDACTED]
+        # Digest: [REDACTED]
+        client_secret: [REDACTED]
+        token_endpoint_auth_method: 'client_secret_basic'
+        public: false
+        authorization_policy: two_factor
+        consent_mode: pre-configured #explicit
+        pre_configured_consent_duration: '6M' #Must be re-authorised every 6 Months
+        scopes:
+          - openid
+          #- groups #Currently not supported in Authelia V
+          - email
+          - profile
+        redirect_uris:
+          - https://op.MYDOMAIN.TLD
+        #grant_types:
+        #  - refresh_token
+        #  - authorization_code
+        #response_types:
+        #  - code
+        #response_modes:
+        #  - form_post
+        #  - query
+        #  - fragment
+        userinfo_signed_response_alg: none
+##################################################################
+
+
+telemetry:
+  metrics:
+    enabled: false
+    address: tcp://0.0.0.0:9959
+
+totp:
+  disable: false
+  issuer: authelia.com
+  algorithm: sha1
+  digits: 6
+  period: 30 ## The period in seconds a one-time password is valid for.
+  skew: 1
+  secret_size: 32
+
+webauthn:
+  disable: false
+  timeout: 60s ## Adjust the interaction timeout for Webauthn dialogues.
+  display_name: Authelia
+  attestation_conveyance_preference: indirect
+  user_verification: preferred
+
+ntp:
+  address: "pool.ntp.org"
+  version: 4
+  max_desync: 5s
+  disable_startup_check: false
+  disable_failure: false
+
+authentication_backend:
+  password_reset:
+    disable: false
+    custom_url: ""
+  refresh_interval: 5m
+  file:
+    path: /config/users_database.yml
+    watch: true
+    password:
+      algorithm: argon2
+      argon2:
+        variant: argon2id
+        iterations: 3
+        memory: 65536
+        parallelism: 4
+        key_length: 32
+        salt_length: 16
+
+password_policy:
+  standard:
+    enabled: false
+    min_length: 8
+    max_length: 0
+    require_uppercase: true
+    require_lowercase: true
+    require_number: true
+    require_special: true
+  ## zxcvbn is a well known and used password strength algorithm. It does not have tunable settings.
+  zxcvbn:
+    enabled: false
+    min_score: 3
+
+regulation:
+  max_retries: 3
+  find_time: 2m
+  ban_time: 5m
+
+session:
+  name: authelia_session
+  secret: [REDACTED]
+  expiration: 60m
+  inactivity: 15m
+  cookies:
+    - domain: 'MYDOMAIN1.LTD'
+      authelia_url: 'https://auth.MYDOMAIN1.LTD'
+      name: 'authelia_session'
+      default_redirection_url: 'https://MYDOMAIN1.LTD'
+    - domain: 'MYDOMAIN2.LTD'
+      authelia_url: 'https://auth.MYDOMAIN2.LTD'
+      name: 'authelia_session_other'
+      default_redirection_url: 'https://MYDOMAIN2.LTD'
+
+storage:
+  encryption_key: [REDACTED]
+  local:
+    path: /config/db.sqlite3
+
+notifier:
+  disable_startup_check: true
+  smtp:
+    address: MYOTHERDOMAIN.LTD:465
+    timeout: 5s
+    username: "USER@DOMAIN"
+    password: "[REDACTED]"
+    sender: "Authelia <postmaster@MYOTHERDOMAIN.LTD>"
+    identifier: NAME@MYOTHERDOMAIN.LTD
+    subject: "[Authelia] {title}"
+    startup_check_address: postmaster@MYOTHERDOMAIN.LTD
+
+```

docs/BACKUPS.md

@@ -0,0 +1,82 @@
+# 💾 Backing things up
+
+> [!NOTE]
+> To backup 99% of your configuration backup at least the `/config` folder. Please read the whole page (or at least "Scenario 2: Corrupted database") for details.
+
+There are 3 artifacts that can be used to backup the application:
+
+| File                  | Description                   | Limitations                   |
+|-----------------------|-------------------------------|-------------------------------|
+| `/db/app.db`       | Database file(s)  | The database file might be in an uncommitted state or corrupted |
+| `/config/app.conf` | Configuration file |  Can be overridden with the [`APP_CONF_OVERRIDE` env variable](https://github.com/jokob-sk/NetAlertX/tree/main/dockerfiles#docker-environment-variables).  |
+| `/config/devices.csv`  | CSV file containing device information |     Doesn't contain historical data        |
+
+## Data and backup storage
+
+To decide on a backup strategy, check where the data is stored:
+
+### Core Configuration
+
+The core application configuration is in the `app.conf` file (See [Settings System](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SETTINGS_SYSTEM.md) for details), such as:
+
+- Notification settings
+- Scanner settings
+- Scheduled maintenance settings
+- UI configuration (80%)
+
+### Core Device Data
+
+The core device data is backed up to the `devices_<timestamp>.csv` file via the [CSV Backup `CSVBCKP` Plugin](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/csv_backup). This file contains data, such as:
+
+- Device names
+- Device Icons
+- Device Network configuration
+- Device categorization 
+
+### Historical data
+
+Historical data is stored in the `app.db` database (See [Database overview](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DATABASE.md) for details). This data includes:
+
+- Plugin objects
+- Plugin historical entries
+- History of Events, Notifications, Workflow Events
+- Presence History
+
+## 🧭 Backup strategies
+
+The safest approach to backups is to backup all of the above, by taking regular file system backups (I use [Kopia](https://github.com/kopia/kopia)). 
+
+Arguably, the most time is spent setting up the device list, so if only one file is kept I'd recommend to have a latest backup of the `devices_<timestamp>.csv` file, followed by the `app.conf` file. 
+
+### Scenario 1: Full backup
+
+End-result: Full restore
+
+#### Source artifacts:
+
+- `/db/app.db` (uncorrupted)
+- `/config/app.conf`
+
+#### Recovery:
+
+To restore the application map the above files as described in the [Setup documentation](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#docker-paths). 
+
+
+### Scenario 2: Corrupted database
+
+End-result: Partial restore (historical data & configurations from the Maintenance section will be missing)
+
+#### Source artifacts:
+
+- `/config/app.conf`
+- `/config/devices_<timestamp>.csv` or `/config/devices.csv`
+
+#### Recovery:
+
+Even with a corrupted database you can recover what I would argue is 99% of the configuration. 
+
+- map the `/config/app.conf` file as described in the [Setup documentation](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#docker-paths).
+- rename the `devices_<timestamp>.csv` to `devices.csv` and place it in the `/config` folder
+- Restore the `devices.csv` backup via the [Maintenance section](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md)
+
+

docs/DATABASE.md

@@ -0,0 +1,37 @@
+  
+  # A high-level description of the database structure
+
+  ⚠ Disclaimer: As I'm not the original author, some of the information might be inaccurate. Feel free to submit a PR to correct anything within this page or documentation in general. 
+
+  The MAC address is used as a foreign key in most cases. 
+
+  ## 🔍Tables overview
+  
+  | Table name | Description  | Sample data |
+  |----------------------|----------------------| ----------------------| 
+  | CurrentScan | Result of the current scan | ![Screen1][screen1]  |  
+  | Devices     | The main devices database that also contains the Network tree mappings. If `ScanCycle` is set to `0` device is not scanned. | ![Screen2][screen2]  |   
+  | Events | Used to collect connection/disconnection events. | ![Screen4][screen4]  |   
+  | Online_History   | Used to display the `Device presence` chart  | ![Screen6][screen6]  | 
+  | Parameters       | Used to pass values between the frontend and backend. | ![Screen7][screen7]  | 
+  | Plugins_Events   | For capturing events exposed by a plugin via the `last_result.log` file. If unique then saved into the `Plugins_Objects` table. Entries are deleted once processed and stored in the `Plugins_History` and/or `Plugins_Objects` tables.  | ![Screen10][screen10]  | 
+  | Plugins_History  | History of all entries from the `Plugins_Events` table | ![Screen11][screen11]  | 
+  | Plugins_Language_Strings  | Language strings collected from the plugin `config.json` files used for string resolution in the frontend. | ![Screen12][screen12]  | 
+  | Plugins_Objects  | Unique objects detected by individual plugins. | ![Screen13][screen13]  | 
+  | Sessions  | Used to display sessions in the charts | ![Screen15][screen15]  | 
+  | Settings  | Database representation of the sum of all settings from `app.conf` and plugins coming from `config.json` files. | ![Screen16][screen16]  | 
+
+
+
+  [screen1]: /docs/img/DATABASE/CurrentScan.png
+  [screen2]: /docs/img/DATABASE/Devices.png
+  [screen4]: /docs/img/DATABASE/Events.png  
+  [screen6]: /docs/img/DATABASE/Online_History.png
+  [screen7]: /docs/img/DATABASE/Parameters.png
+  [screen10]: /docs/img/DATABASE/Plugins_Events.png
+  [screen11]: /docs/img/DATABASE/Plugins_History.png
+  [screen12]: /docs/img/DATABASE/Plugins_Language_Strings.png
+  [screen13]: /docs/img/DATABASE/Plugins_Objects.png  
+  [screen15]: /docs/img/DATABASE/Sessions.png
+  [screen16]: /docs/img/DATABASE/Settings.png
+

docs/DEBUG_INVALID_JSON.md

@@ -0,0 +1,36 @@
+# How to debug the Invalid JSON response error
+
+Check the the HTTP response of the failing backend call by following these steps:
+
+- Open developer console in your browser (usually, e. g. for Chrome, key F12 on the keyboard).
+- Follow the steps in this screenshot: 
+
+![F12DeveloperConsole][F12DeveloperConsole]
+
+- Copy the URL causing the error and enter it in the address bar of your browser directly and hit enter. The copied URLs could look something like this (notice the query strings at the end):
+  - `http://<NetAlertX URL>:20211/api/table_devices.json?nocache=1704141103121`
+  - `http://<NetAlertX URL>:20211/php/server/devices.php?action=getDevicesTotals`
+  - `http://<NetAlertX URL>:20211/php/server/devices.php?action=getDevicesList&status=all`  
+
+- Post the error response in the existing issue thread on GitHub or create a new issue and include the redacted response of the failing query.
+
+For reference, the above queries should return results in the following format:
+
+## First URL:
+
+- Should yield a valid JSON file
+
+## Second URL:
+
+![array][array]
+
+## Third URL:
+
+![json][json]
+
+You can copy and paste any JSON result (result of the First and Third query) into an online JSON checker, such as [this one](https://jsonchecker.com/) to check if it's valid.
+
+
+[F12DeveloperConsole]:    ./img/DEBUG/Invalid_JSON_repsonse_debug.png           "F12DeveloperConsole"
+[array]:                  ./img/DEBUG/array_result_example.png                  "array"
+[json]:                   ./img/DEBUG/JSON_result_example.png                   "json"

docs/DEBUG_PLUGINS.md

@@ -0,0 +1,91 @@
+# Troubleshooting plugins
+
+## High-level overview
+
+If a Plugin supplies data to the main app it's doine either vie a SQL query or via a script that updates the `last_result.log` file in the plugin folder (`front/plugins/<plugin>`).
+
+For a more in-depth overview on how plugins work check the [Plugins development docs](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md).
+
+### Prerequisites
+
+- Make sure you read and followed the specific plugin setup instructions.
+- Ensure you have [debug enabled (see More Logging)](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#1-more-logging-) 
+
+### Potential issues
+
+- Bugs
+- Unexpected input (e.g. special characters in names)
+- Dependencies changed how data is output
+
+#### Incorrect input data
+
+Input data from the plugin might cause mapping issues in specific edge cases. Look for a corresponding section in the `app.log` file, for example notice the first line of the execution run of the `PIHOLE` plugin below:
+
+```
+17:31:05 [Scheduler] - Scheduler run for PIHOLE: YES
+17:31:05 [Plugin utils] ---------------------------------------------
+17:31:05 [Plugin utils] display_name: PiHole (Device sync)
+17:31:05 [Plugins] CMD: SELECT n.hwaddr AS Object_PrimaryID, {s-quote}null{s-quote} AS Object_SecondaryID, datetime() AS DateTime, na.ip  AS Watched_Value1, n.lastQuery AS Watched_Value2, na.name AS Watched_Value3, n.macVendor AS Watched_Value4, {s-quote}null{s-quote} AS Extra, n.hwaddr AS ForeignKey FROM EXTERNAL_PIHOLE.Network AS n LEFT JOIN EXTERNAL_PIHOLE.Network_Addresses AS na ON na.network_id = n.id WHERE n.hwaddr NOT LIKE {s-quote}ip-%{s-quote} AND n.hwaddr is not {s-quote}00:00:00:00:00:00{s-quote}  AND na.ip is not null
+17:31:05 [Plugins] setTyp: subnets
+17:31:05 [Plugin utils] Flattening the below array
+17:31:05 ['192.168.1.0/24 --interface=eth1']
+17:31:05 [Plugin utils] isinstance(arr, list) : False | isinstance(arr, str) : True
+17:31:05 [Plugins] Resolved value: 192.168.1.0/24 --interface=eth1
+17:31:05 [Plugins] Convert to Base64: True
+17:31:05 [Plugins] base64 value: b'MTkyLjE2OC4xLjAvMjQgLS1pbnRlcmZhY2U9ZXRoMQ=='
+17:31:05 [Plugins] Timeout: 10
+17:31:05 [Plugins] Executing: SELECT n.hwaddr AS Object_PrimaryID, 'null' AS Object_SecondaryID, datetime() AS DateTime, na.ip  AS Watched_Value1, n.lastQuery AS Watched_Value2, na.name AS Watched_Value3, n.macVendor AS Watched_Value4, 'null' AS Extra, n.hwaddr AS ForeignKey FROM EXTERNAL_PIHOLE.Network AS n LEFT JOIN EXTERNAL_PIHOLE.Network_Addresses AS na ON na.network_id = n.id WHERE n.hwaddr NOT LIKE 'ip-%' AND n.hwaddr is not '00:00:00:00:00:00'  AND na.ip is not null
+🔻
+17:31:05 [Plugins] SUCCESS, received 2 entries
+17:31:05 [Plugins] sqlParam entries: [(0, 'PIHOLE', '01:01:01:01:01:01', 'null', 'null', '2023-12-25 06:31:05', '172.30.0.1', 0, 'aaaa', 'vvvvvvvvv', 'not-processed', 'null', 'null', '01:01:01:01:01:01'), (0, 'PIHOLE', '02:42:ac:1e:00:02', 'null', 'null', '2023-12-25 06:31:05', '172.30.0.2', 0, 'dddd', 'vvvvv2222', 'not-processed', 'null', 'null', '02:42:ac:1e:00:02')]
+17:31:05 [Plugins] Processing        : PIHOLE
+17:31:05 [Plugins] Existing objects from Plugins_Objects: 4
+17:31:05 [Plugins] Logged events from the plugin run    : 2
+17:31:05 [Plugins] pluginEvents      count: 2
+17:31:05 [Plugins] pluginObjects     count: 4
+17:31:05 [Plugins] events_to_insert  count: 0
+17:31:05 [Plugins] history_to_insert count: 4
+17:31:05 [Plugins] objects_to_insert count: 0
+17:31:05 [Plugins] objects_to_update count: 4
+17:31:05 [Plugin utils] In pluginEvents there are 2 events with the status "watched-not-changed" 
+17:31:05 [Plugin utils] In pluginObjects there are 2 events with the status "missing-in-last-scan" 
+17:31:05 [Plugin utils] In pluginObjects there are 2 events with the status "watched-not-changed" 
+17:31:05 [Plugins] Mapping objects to database table: CurrentScan
+17:31:05 [Plugins] SQL query for mapping: INSERT into CurrentScan ( "cur_MAC", "cur_IP", "cur_LastQuery", "cur_Name", "cur_Vendor", "cur_ScanMethod") VALUES ( ?, ?, ?, ?, ?, ?)
+17:31:05 [Plugins] SQL sqlParams for mapping: [('01:01:01:01:01:01', '172.30.0.1', 0, 'aaaa', 'vvvvvvvvv', 'PIHOLE'), ('02:42:ac:1e:00:02', '172.30.0.2', 0, 'dddd', 'vvvvv2222', 'PIHOLE')]
+🔺
+17:31:05 [API] Update API starting
+17:31:06 [API] Updating table_plugins_history.json file in /api
+```
+
+> The debug output between the 🔻red arrows🔺 is important for debugging (arrows added only to highlight the section on this page, they are not available in the actual debug log)
+
+In the above output notice the section logging how many events are produced by the plugin:
+
+```
+17:31:05 [Plugins] Existing objects from Plugins_Objects: 4
+17:31:05 [Plugins] Logged events from the plugin run    : 2
+17:31:05 [Plugins] pluginEvents      count: 2
+17:31:05 [Plugins] pluginObjects     count: 4
+17:31:05 [Plugins] events_to_insert  count: 0
+17:31:05 [Plugins] history_to_insert count: 4
+17:31:05 [Plugins] objects_to_insert count: 0
+17:31:05 [Plugins] objects_to_update count: 4
+```
+
+These values, if formatted correctly, will also show up in the UI:
+
+![Plugins table](/docs/img/DEBUG_PLUGINS/plugin_objects_pihole.png)
+
+
+### Sharing application state
+
+Sometimes specific log sections are needed to debug issues. The Devices and CurrentScan table data is sometimes needed to figure out what's wrong. 
+
+1. Please set `LOG_LEVEL` to `trace` (Disable it once you have the info as this produces big log files).
+2. Wait for the issue to occur.
+3. Search for `================ DEVICES table content  ================` in your logs.
+4. Search for `================ CurrentScan table content  ================` in your logs.
+5. Open a new issue and post (redacted) output into the issue description (or send to the netalertx@gmail.com email if sensitive data present).
+6. Please set `LOG_LEVEL` to `debug` or lower.
+

docs/DEBUG_TIPS.md

@@ -0,0 +1,98 @@
+# Debugging and troubleshooting
+
+Please follow tips 1 - 4 to get a more detailed error. 
+
+## 1. More Logging 📃
+
+When debugging an issue always set the highest log level:
+
+`LOG_LEVEL='trace'`
+
+
+## 2. Surfacing errors when container restarts 🔁
+
+Start the container via the **terminal** with a command similar to this one:
+
+```bash
+docker run --rm --network=host \
+  -v local/path/netalertx/config:/app/config \
+  -v local/path/netalertx/db:/app/db \
+  -e TZ=Europe/Berlin \
+  -e PORT=20211 \
+  jokobsk/netalertx:latest
+
+```
+
+> ⚠ Please note, don't use the `-d` parameter so you see the error when the container crashes. Use this error in your issue description.
+
+## 3. Check the _dev image and open issues ❓
+
+If possible, check if your issue got fixed in the `_dev` image before opening a new issue. The container is:
+
+`jokobsk/netalertx-dev:latest`
+
+> ⚠ Please backup your DB and config beforehand!
+
+Please also search [open issues](https://github.com/jokob-sk/NetAlertX/issues).
+
+## 4. Disable restart behavior 🛑
+
+To prevent a Docker container from automatically restarting in a Docker Compose file, specify the restart policy as `no`:
+
+```yaml
+version: '3'
+
+services:
+  your-service:
+    image: your-image:tag
+    restart: no
+    # Other service configurations...
+```
+
+## 5. Sharing application state
+
+Sometimes specific log sections are needed to debug issues. The Devices and CurrentScan table data is sometimes needed to figure out what's wrong. 
+
+1. Please set `LOG_LEVEL` to `trace` (Disable it once you have the info as this produces big log files).
+2. Wait for the issue to occur.
+3. Search for `================ DEVICES table content  ================` in your logs.
+4. Search for `================ CurrentScan table content  ================` in your logs.
+5. Open a new issue and post (redacted) output into the issue description (or send to the netalertx@gmail.com email if sensitive data present).
+6. Please set `LOG_LEVEL` to `debug` or lower.
+
+## 📃Common issues
+
+### Permissions
+
+* If facing issues (AJAX errors, can't write to DB, empty screen, etc,) make sure permissions are set correctly, and check the logs under `/app/log`. 
+* To solve permission issues you can try setting the owner and group of the `app.db` by executing the following on the host system: `docker exec netalertx chown -R www-data:www-data /app/db/app.db`. 
+* If still facing issues, try to map the app.db file (⚠ not folder) to `:/app/db/app.db` (see [docker-compose Examples](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md#-docker-composeyml-examples) for details)
+
+### Container restarts / crashes
+
+* Check the logs for details. Often a required setting for a notification method is missing. 
+
+### unable to resolve host
+
+* Check that your `SCAN_SUBNETS` variable is using the correct mask and `--interface` as outlined in the instructions above. 
+
+### Invalid JSON
+
+Check the [Invalid JSON errors debug help](/docs/DEBUG_INVALID_JSON.md) docs on how to proceed.
+
+### sudo execution failing (e.g.: on arpscan) on a Raspberry Pi 4 
+
+> sudo: unexpected child termination condition: 0
+
+Resolution based on [this issue](https://github.com/linuxserver/docker-papermerge/issues/4#issuecomment-1003657581)
+
+```
+wget ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.3-2_armhf.deb
+sudo dpkg -i libseccomp2_2.5.3-2_armhf.deb
+```
+
+The link above will probably break in time too. Go to https://packages.debian.org/sid/armhf/libseccomp2/download to find the new version number and put that in the url.
+
+### Only Router and own device show up
+
+Make sure that the subnet and interface in SCAN_SUBNETS are the correct ones. If your device/NAS has multiple ethernet ports, you probably need to change eth0 to something else!

docs/DEVICES_BULK_EDITING.md

@@ -0,0 +1,34 @@
+# 🖊 Multi-editing via the UI
+
+> [!NOTE] 
+> Make sure you have your backups saved and restorable before doing any mass edits. Check [Backup strategies](/docs/BACKUPS.md). 
+
+You can select devices in the _Devices_ view by selecting devices to edit and then clicking the _Multi-edit_ button or via the _Maintenance_ > _Multi-Edit_ section.
+
+![Maintenance > Multi-edit](/docs/img/DEVICES_BULK_EDITING/MULTI-EDIT.gif)
+
+
+# 📝Bulk-edit devices via CSV Export/Import
+
+> [!NOTE] 
+> As always, backup everything, just in case.
+
+1. In _Maintenance_ > _Backup / Restore_ click the _CSV Export_ button.  
+2. A `devices.csv` is generated in the `/config` folder
+3. Edit the `devices.csv` file however you like. 
+
+![Maintenance > CSV Export](/docs/img/DEVICES_BULK_EDITING/MAINTENANCE_CSV_EXPORT.png)
+
+> [!NOTE] 
+> The file containing a list of Devices including the Network relationships between Network Nodes and connected devices. You can also trigger this by acessing this URL: `<your netalertx url>/php/server/devices.php?action=ExportCSV` or via the `CSV Backup` plugin. (💡 You can schedule this)
+
+![Settings > CSV Backup](/docs/img/DEVICES_BULK_EDITING/CSV_BACKUP_SETTINGS.png)
+
+> [!NOTE] 
+> Keep Linux line endings (suggested editors: Nano, Notepad++)
+
+![Nodepad++ line endings](/docs/img/DEVICES_BULK_EDITING/NOTEPAD++.png)
+
+
+
+

docs/DEVICE_DISPLAY_SETTINGS.md

@@ -0,0 +1,6 @@
+# Device Display Settings
+
+This set of settings allows you to group Devices under different views. The Archived toggle allows you to exclude a Device from most listings and notifications. 
+
+
+![Display settings](/docs/img/DEVICE_MANAGEMENT/DeviceDetails_DisplaySettings.png)

docs/DEVICE_MANAGEMENT.md

@@ -1,95 +1,52 @@
-# Pi.Alert - Device Management
-<!--- --------------------------------------------------------------------- --->
-To edit device information:
-  - Select "Devices" in the menu on the left of the screen
-  - Find the device you want to edit in the central table
-  - Go to the device page by clicking on the device name or status
-  - Press "Details" tab of the device
-  - Edit the device data
-  - Press the "Save" button
+# NetAlertX - Device Management
+
+The Main Info section is where most of the device identifiable information is stored and edited. Some of the information is autodetected via various plugins. Initial values for most of the fields can be specified in the `NEWDEV` plugin.
 
 
-![Device Details][screen1]
+> [!NOTE] 
+>
+> You can multi-edit devices by selecting them in the main Devices view, from the Mainetence section, or via the CSV Export functionality under Maintenance. More info can be found in the [Devices Bulk-editing docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md).
+
+
+ ![Main Info](/docs/img/DEVICE_MANAGEMENT/DeviceManagement_MainInfo.png)
 
 
 ## Main Info
-  - **MAC**: MAC addres of the device. Not editable.
-  - **Name**: Friendly device name
-  - **Owner**: Device owner (The list is self-populated with existing owners)
-  - **Type**: Select a device type from the dropdown list (Smartphone, Table,
-      Laptop, TV, router, ....) or type a new device type
-  - **Vendor**: Automatically updated by Pi.Alert
-  - **Favorite**: Mark the device as favorite and then it will appears at the
-      begining of the device list
-  - **Group**: Select a grouper ('Always on', 'Personal', Friends') or type
-      your own Group name
-  - **Comments**: Type any comments for the device
 
-## Session Info
-  - **Status**: Show device status : On-line / Off-Line
-  - **First Session**: Date and time of the first connection
-  - **Last Session**: Date and time of the last connection
-  - **Last IP**: Last known IP used during the last connection
-  - **Static IP**: Check this box to identify devices that always use the
-      same IP
+  - **MAC**: MAC addres of the device. Not editable, unless creating a new dummy device.
+  - **Last IP**: IP addres of the device. Not editable, unless creating a new dummy device.
+  - **Name**: Friendly device name. Autodetected via various 🆎 Name discovery [plugins](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md).
+  - **Icon**: Partially autodetected. Select an existing or [add a custom icon](https://github.com/jokob-sk/NetAlertX/blob/main/docs/ICONS.md). You can also auto-apply the same icon on all devices of the same type. 
+  - **Owner**: Device owner (The list is self-populated with existing owners and you can add custom values).
+  - **Type**: Select a device type from the dropdown list (`Smartphone`, `Tablet`,
+      `Laptop`, `TV`, `router`, etc.) or add a new device type. If you want the device to act as a **Network device** (and be able to be a network node in the Network view), select a type under Network Devices or add a new Network Device type in Settings. More information can be found in the [Network Setup docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/NETWORK_TREE.md). 
+  - **Vendor**: The manufacturing vendor. Automatically updated by NetAlertX when empty or unknown, can be edited.
+  - **Group**: Select a group (`Always on`, `Personal`, `Friends`, etc.) or type
+      your own Group name.
+  - **Location**: Select the location, usually a room, where the device is located (`Kitchen`, `Attic`, `Living room`, etc.) or add a custom Location.  
+  - **Comments**: Add any comments for the device, such as a serial number, or maintenance information.
 
-## Events & Alerts config
-  - **Scan Cycle**: Select the scan cycle: 0, 1', 15'
-    - Some devices do not respond to all ARP packets, for this cases is better
-      to use a 15' cycle.
-    - **For Apple devices I recommend using 15' cycle**
-  - **Alert All Events**: Send a notification in each event (connection,
-      disconnection, IP Changed, ...)
-  - **Alert Down**: Send a notification when the device is down
-    - *(Userful with "always connected" devices: Router, AP, Camera, Alexa,
-      ...)*
-  - **Skip repeated notifications during**: Do not send more than one
-      notification to this device for X hours
-    - *(Useful to avoid notification saturation on devices that frequently
-      connects and disconnects)*
+> [!NOTE] 
+>
+> Please note the above usage of the fields are only suggestions. You can use most of these fields for other purposes, such as storing the network interface, company owning a device, or similar. 
 
-# Privacy & Random MAC's
-<!--- --------------------------------------------------------------------- --->
+## Dummy devices
 
-The latest versions of some operating systems (IOS and Android) incorporate a
-new & interesting functionality to improve privacy: **Random MACs**.
+You can create dummy devices from the Devices listing screen. 
 
-This functionality allows you to **hide the true MAC** of the device and
-**assign a random MAC** when we connect to WIFI networks.
+![Create Dummy Device](/docs/img/DEVICE_MANAGEMENT/Devices_CreateDummyDevice.png)
 
-This behavior is especially useful when connecting to WIFI's that we do not
-know, but it **is totally useless when connecting to our own WIFI's** or known
-networks.
+The **MAC** field and the **Last IP** field will then become editable.
 
-**I recommend disabling this operation when connecting our devices to our own
-WIFI's**, in this way, Pi.Alert will be able to identify the device, and it
-will not identify it as a new device every so often (every time IOS or Android
-decides to change the MAC).
-
-### IOS
-![ios][ios]
-
-  - [Use private Wi-Fi addresses in iOS 14](https://support.apple.com/en-us/HT211227)
-
-### Android
-![Android][Android]
-
-  - [How to Disable MAC Randomization in Android 10](https://support.boingo.com/s/article/How-to-Disable-MAC-Randomization-in-Android-10-Android-Q)
-  - [How do I disable random Wi-Fi MAC address on Android 10](https://support.plume.com/hc/en-gb/articles/360052070714-How-do-I-disable-random-Wi-Fi-MAC-address-on-Android-10-)
-  
-### License
-  GPL 3.0
-  [Read more here](../LICENSE.txt)
-
-### Contact
-  pi.alert.application@gmail.com
-  
-  ***Suggestions and comments are welcome***
+![Save Dummy Device](/docs/img/DEVICE_MANAGEMENT/DeviceEdit_SaveDummyDevice.png)
 
 
-<!--- --------------------------------------------------------------------- --->
-[main]:    ./img/1_devices.jpg           "Main screen"
-[screen1]: ./img/2_1_device_details.jpg  "Screen 1"
-[ios]:     https://9to5mac.com/wp-content/uploads/sites/6/2020/08/how-to-use-private-wifi-mac-address-iphone-ipad.png?resize=2048,1009 "ios"
-[Android]: ./img/android_random_mac.jpg  "Android"
+> [!NOTE] 
+>
+> You can couple this with the `ICMP` plugin which can be used to monitor the status of these devices, if they are actual devices reachable with the `ping` command. If not, you can use a loopback IP address so they appear online, such as `0.0.0.0` or `127.0.0.1`.
+
+## Copying data from an existing device. 
+
+To speed up device population you can also copy data from an existing device. This can be done from the **Tools** tab on the Device details. 
+
 

docs/DEV_ENV_SETUP.md

@@ -0,0 +1,70 @@
+## Development environment set up
+
+>[!NOTE]
+> Replace `/development` with the path where your code files will be stored. The default container name is `netalertx` so there might be a conflict with your running containers.
+
+## 1. Download the code:
+
+- `mkdir /development`
+- `cd /development && git clone https://github.com/jokob-sk/NetAlertX.git`
+
+## 2. Create a DEV .env_dev file
+
+`touch /development/.env_dev && sudo nano /development/.env_dev`
+
+The file content should be following, with your custom values.
+
+```yaml
+#--------------------------------
+#NETALERTX
+#--------------------------------
+TZ=Europe/Berlin
+PORT=22222    # make sure this port is unique on your whole network
+DEV_LOCATION=/development/NetAlertX
+APP_DATA_LOCATION=/volume/docker_appdata
+# ALWAYS_FRESH_INSTALL=true # uncommenting this will always delete the content of /config and /db dirs on boot to simulate a fresh install
+```
+
+## 3. Create /db and /config dirs 
+
+Create a folder `netalertx` in the `APP_DATA_LOCATION` (in this example in `/volume/docker_appdata`) with 2 subfolders `db` and `config`. 
+
+- `mkdir /volume/docker_appdata/netalertx`
+- `mkdir /volume/docker_appdata/netalertx/db`
+- `mkdir /volume/docker_appdata/netalertx/config`
+
+## 4. Run the container
+
+- `cd /development/NetAlertX &&  sudo docker-compose --env-file ../.env_dev `
+
+You can then modify the python script without restarting/rebuilding the container every time. Additionally, you can trigger a plugin run via the UI:
+
+![image](https://github.com/jokob-sk/NetAlertX/assets/96159884/3cbf2748-03c8-49e7-b801-f38c7755246b)
+
+
+## 💡 Tips
+
+A quick cheat sheet of useful commands. 
+
+### Removing the container and image 
+
+A command to stop, remove the container and the image (replace `netalertx` and `netalertx-netalertx` with the appropriate values)
+
+- `sudo docker container stop netalertx ; sudo docker container rm netalertx ; sudo docker image rm netalertx-netalertx`
+
+### Restart the server backend
+
+Most code changes can be tetsed without rebuilding the container. When working on the python server backend, you only need to restart the server.
+
+1. You can usually restart the backend via Maintenance > Logs > Restart server
+
+![image](/docs/img/DEV_ENV_SETUP/Maintenance_Logs_Restart_server.png)
+
+2. If above doesn't work, SSH into the container and kill & restart the main script loop 
+
+- `sudo docker exec -it netalertx /bin/bash`
+- `pkill -f "python /app/server" && python /app/server & `
+
+3. If none of the above work, restart the docker image. This is usually the last resort as sometimes the Docker engine becomes unresponsive and the whole engine needs to be restarted. 
+
+

docs/FILE_PERMISSIONS.md

@@ -0,0 +1,41 @@
+# Managing File Permissions for NetAlertX on Nginx with Docker
+
+> [!TIP]
+> If you are facing permission issues, try to start the container without mapping your volumes. If that works, then the issue is permission related. You can try e.g., the following command: 
+>  ``` 
+>  docker run -d --rm --network=host \
+>  -e TZ=Europe/Berlin \
+>  -e PORT=20211 \
+>  jokobsk/netalertx:latest
+> ```
+NetAlertX runs on an Nginx web server. On Alpine Linux, Nginx operates as the `nginx` user (user ID 101, group ID 82 - `www-data`). Consequently, files accessed or written by the NetAlertX application are owned by `nginx:www-data`.
+
+Upon starting, NetAlertX changes the ownership of files on the host system mapped to `/app/config` and `/app/db` in the container to `nginx:www-data`. This ensures that Nginx can access and write to these files. Since the user in the Docker container is mapped to a user on the host system by ID:GID, the files in `/app/config` and `/app/db` on the host system are owned by a user with the same ID and GID (ID 101 and GID 82). On different systems, this ID:GID may belong to different users (on Debian, the user with ID 82 is `uuidd`), or there may not be a user with ID 82 at all.
+
+While this generally isn't problematic, it can cause issues for host system users needing to access these files (e.g., backup scripts). If users other than root need access to these files, it is recommended to add those users to the group with GID 82. If that group doesn't exist, it should be created.
+
+### Permissions Table for Individual Folders
+
+| Folder         | User   | User ID | Group     | Group ID | Permissions | Notes                                                               |
+|----------------|--------|---------|-----------|----------|-------------|---------------------------------------------------------------------|
+| `/app/config`  | nginx  | 101     | www-data  | 82       | rwxr-xr-x   | Ensure `nginx` can read/write; other users can read if in `www-data` |
+| `/app/db`      | nginx  | 101     | www-data  | 82       | rwxr-xr-x   | Same as above                                                       |
+
+### Steps to Add Users to Group
+
+1. **Check if group exists:**
+    ```sh
+    getent group www-data
+    ```
+
+2. **Create group if it does not exist:**
+    ```sh
+    sudo groupadd -g 82 www-data
+    ```
+
+3. **Add user to group:**
+    ```sh
+    sudo usermod -aG www-data <username>
+    ```
+
+Replace `<username>` with the actual username that requires access.

docs/FRONTEND_DEVELOPMENT.md

@@ -0,0 +1,46 @@
+# 🖼 Frontend development 
+
+This page contains tips for frontend development when extending NetAlertX. Guiding principles are:
+
+1. Maintainability
+2. Extendability
+3. Reusability
+4. Placing more functionality into Plugins and enhancing core Plugins functionality
+
+That means that, when writing code, focus on reusing what's available instead of writing quick fixes. Or creating reusable functions, instead of bespoke functionaility. 
+
+## 🔍 Examples
+
+Some examples how to apply the above:
+
+> Example 1
+> 
+> I want to implement a scan fucntion. Options would be:
+>
+> 1. To add a manual scan functionality to the `deviceDetails.php` page. 
+> 2. To create a separate page that handles the execution of the scan.
+> 3. To create a configurable Plugin.
+>
+> From the above, number 3 would be the most appropriate solution. Then followed by number 2. Number 1 would be approved only in special circumstances.
+
+> Example 2
+>
+> I want to change the behavior of the application. Options to implement this could be:
+>
+> 1. Hard-code the changes in the code.
+> 2. Implement the changes and add settings to influence the behavior in the `initialize.py` file so the user can adjust these.
+> 3. Implement the changes and add settings via a setting-only plugin.
+> 4. Implement the changes in a way so the behavior can be toggled on each plugin so the core capabilities of Plugins get extended.
+> 
+> From the above, number 4 would be the most appropriate solution. Then followed by number 3. Number 1 or 2 would be approved only in special circumstances.
+
+## 💡 Frontend tips 
+
+Some useful frontend JavaScript functions:
+
+- `getDevDataByMac(macAddress, devicesColumn)` - method to retrieve any device data (database column) based on MAC address in the frontend 
+- `getString(string stringKey)` - method to retrieve translated strings in the frontend 
+- `getSetting(string stringKey)` - method to retrieve settings in the frontend 
+
+
+Check the [common.js](https://github.com/jokob-sk/NetAlertX/blob/main-2023-06-10/front/js/common.js) file for more frontend functions.

docs/HOME_ASSISTANT.md

@@ -0,0 +1,45 @@
+# Overview
+
+NetAlertX comes with MQTT support, allowing you to show all detected devices as devices in Home Assistant. It also supplies a collection of stats, such as number of online devices.
+
+## ⚠ Note 
+
+- Please note that discovery takes about ~10s per device.
+- Deleting of devices is not handled automatically. Please use [MQTT Explorer](https://mqtt-explorer.com/) to delete devices in the broker (Home Assistant), if needed. 
+- For optimization reasons, the devices are not always fully synchronized. You can delete Plugin objects as described in the [MQTT plugin](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/_publisher_mqtt#forcing-an-update) docs to force a full synchronization.
+
+
+## 🧭 Guide
+
+> 💡 This guide was tested only with the Mosquitto MQTT broker
+
+1. Enable Mosquitto MQTT in Home Assistant by following the [documentation](https://www.home-assistant.io/integrations/mqtt/)
+
+2. Configure a user name and password on your broker.
+
+3. Note down the following details that you will need to configure NetAlertX:
+   - MQTT host url (usually your Home Assistant IP)
+   - MQTT broker port
+   - User
+   - Password
+
+4. Open the _NetAlertX_ > _Settings_ > _MQTT_ settings group
+   - Enable MQTT
+   - Fill in the details from above
+   - Fill in remaining settings as per description
+
+![Configuration Example][configuration] 
+
+## 📷 Screenshots
+
+  | ![Screen 1][sensors] | ![Screen 2][history] | 
+  |----------------------|----------------------| 
+  | ![Screen 3][list] | ![Screen 4][overview] | 
+  
+
+  [configuration]:   /docs/img/HOME_ASISSTANT/HomeAssistant-Configuration.png           "configuration"
+  [sensors]:         /docs/img/HOME_ASISSTANT/HomeAssistant-Device-as-Sensors.png       "sensors"
+  [history]:         /docs/img/HOME_ASISSTANT/HomeAssistant-Device-Presence-History.png "history"
+  [list]:            /docs/img/HOME_ASISSTANT/HomeAssistant-Devices-List.png            "list"  
+  [overview]:        /docs/img/HOME_ASISSTANT/HomeAssistant-Overview-Card.png           "overview"
+

docs/HW_INSTALL.md

@@ -0,0 +1,51 @@
+# How to install NetAlertX on the server hardware
+
+To download and install NetAlertX on the hardware/server directly use the `curl` or `wget` commands at the bottom of this page.
+
+> [!NOTE]
+> This is an Experimental feature 🧪 and it relies on community support.
+>
+> Looking for maintainers for this installation method 🙂
+>
+> There is no guarantee that the install script or any other script will gracefully handle other installed software.
+> Data loss is a possibility, **it is recommended to install NetAlertX using the supplied Docker image**.
+
+A warning to the installation method below: Piping to bash is [controversial](https://pi-hole.net/2016/07/25/curling-and-piping-to-bash) and may
+be dangerous, as you cannot see the code that's about to be executed on your system.
+
+Alternatively you can download the installation script `install/install.debian.sh` from the repository and check the code yourself (beware other scripts are
+downloaded too - only from this repo).
+
+NetAlertX will be installed in `/app` and run on port number `20211`.
+
+Some facts about what and where something will be changed/installed by the HW install setup (may not contain everything!):
+
+- `/app` directory will be deleted and newly created
+- `/app` will contain the whole repository (downloaded by `install/install.debian.sh`)
+- The default NGINX site `/etc/nginx/sites-enabled/default` will be disabled (sym-link deleted or backed up to `sites-available`)
+- `/var/www/html/netalertx` directory will be deleted and newly created
+- `/etc/nginx/conf.d/netalertx.conf` will be sym-linked to `/app/install/netalertx.debian.conf`
+- Some files (IEEE device vendors info, ...) will be created in the directory where the installation script is executed
+
+## Limitations
+
+- No system service is provided. NetAlertX must be started using `/app/install/start.debian.sh`.
+- No checks for other running software is done.
+- Only tested to work on Debian Bookworm (Debian 12).
+- **EXPERIMENTAL** and not recommended way to install NetAlertX.
+
+## 📥 Installation via CURL
+
+```bash
+curl -o install.debian.sh https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/install.debian.sh && sudo chmod +x install.debian.sh && sudo ./install.debian.sh
+```
+
+## 📥 Installation via WGET
+
+```bash
+wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/install/install.debian.sh -O install.debian.sh && sudo chmod +x install.debian.sh && sudo ./install.debian.sh
+```
+
+These commands will download the `install.debian.sh` script from the GitHub repository, make it executable with `chmod`, and then run it using `./install.debian.sh`.
+
+Make sure you have the necessary permissions to execute the script.

docs/ICONS.md

@@ -0,0 +1,51 @@
+## Icons overview
+
+Icons are used to visually distinguish devices in the app in most of the device listing tables and the [network tree](/docs/NETWORK_TREE.md). 
+
+![Raspberry Pi with a brand icon](/docs/img/ICONS/devices-icons.png)
+
+### Icons Support
+
+Two types of icons are suported:
+
+- Free [Font Awesome](https://fontawesome.com/search?o=r&m=free) icons (up-to v 6.4.0)
+- SVG icons (for example from [iconify.design](https://icon-sets.iconify.design/))
+
+You can assign icons individually on each device in the Details tab.
+
+## Adding new icons
+
+1. You can get an SVG or a Font awesome HTML code
+
+Copying the SVG (for example from [iconify.design](https://icon-sets.iconify.design/)): 
+
+![iconify svg](/docs/img/ICONS/iconify_design_copy_svg.png)
+
+Copying the HTML code from [Font Awesome](https://fontawesome.com/search?o=r&m=free).
+
+![Font awesome](/docs/img/ICONS/font_awesome_copy_html.png)
+
+2. Navigate to the device you want to use the icon on and click the "+" icon:
+
+![preview](/docs/img/ICONS/device_add_icon.png)
+
+3. Paste in the copied HTML or SVG code and click "OK":
+
+![Paste SVG](/docs/img/ICONS/paste-svg.png)
+
+6. "Save" the device
+
+> [!NOTE] 
+> If you want to mass-apply an icon to all devices of the same device type (Field: Type), you can click the mass-copy button (next to the "+" button). A confirmation prompt is displayed. If you proceed, icons of all devices set to the same device type as the current device, will be overwritten with the current device's icon.
+
+- The blue dropdown contains all icons already used in the app for device icons. You need to navigate away or refresh the page once you add a new icon. 
+
+## 🌟 Pro Font Awesome icons
+
+If you own the premium package of Font Awesome icons you can mount it in your Docker container the following way:
+
+```yaml
+/font-awesome:/app/front/lib/font-awesome:ro
+```
+
+You can use the full range of Font Awesome icons afterwards. 

docs/MIGRATION.md

@@ -0,0 +1,142 @@
+# Migration form PiAlert to NetAlertX
+
+> [!WARNING] 
+> Follow this guide only after you you downloaded and started NetAlert X at least once after previously using the PiAlert image.
+
+## STEPS: 
+
+> [!TIP] 
+> In short: The application will auto-migrate the database, config, and all device information. A ticker message on top will be displayed until you update your docker mount points. It's always good to have a [backup strategy](https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md) in place.
+
+1. Backup your current config and database (optional `devices.csv` to have a backup) (See bellow tip if facing issues)
+2. Stop the container 
+2. Update the Docker file mount locations in your `docker-compose.yml` or docker run command (See bellow **New Docker mount locations**). 
+3. Rename the DB and conf files to `app.db` and `app.conf` and place them in the appropriate location.
+4. Start the Container
+
+
+> [!TIP] 
+> If you have troubles accessing past backups, config or database files you can copy them into the newly mapped directories, for example by running this command in the container:  `cp -r /app/config /home/pi/pialert/config/old_backup_files`. This should create a folder in the `config` directory called `old_backup_files` conatining all the files in that location. Another approach is to map the old location and the new one at the same time to copy things over. 
+
+
+### New Docker mount locations
+
+The application installation folder in the docker container has changed from `/home/pi/pialert` to `/app`. That means the new mount points are:
+
+ | Old mount point | New mount point | 
+ |----------------------|---------------| 
+ | `/home/pi/pialert/config` | `/app/config` |
+ | `/home/pi/pialert/db` | `/app/db` |
+
+
+ If you were mounting files directly, please note the file names have changed:
+
+ | Old file name | New file name | 
+ |----------------------|---------------| 
+ | `pialert.conf` | `app.conf` |
+ | `pialert.db` | `app.db` |
+
+
+> [!NOTE] 
+> The application uses symlinks linking the old db and config locations to the new ones, so data loss should not occur. [Backup strategies](https://github.com/jokob-sk/NetAlertX/blob/main/docs/BACKUPS.md) are still recommended to backup your setup.
+
+
+# Examples
+
+Exmaples of docker files with the new mount points.
+
+## Example 1: Mapping folders
+
+### Old docker-compose.yml
+
+```yaml
+version: "3"
+services:
+  pialert:
+    container_name: pialert
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: "jokobsk/pialert:latest"      
+    network_mode: "host"        
+    restart: unless-stopped
+    volumes:
+      - local/path/config:/home/pi/pialert/config  
+      - local/path/db:/home/pi/pialert/db         
+      # (optional) useful for debugging if you have issues setting up the container
+      - local/path/logs:/home/pi/pialert/front/log
+    environment:
+      - TZ=Europe/Berlin      
+      - PORT=20211
+```
+
+### New docker-compose.yml
+
+```yaml
+version: "3"
+services:
+  netalertx:                                  # ⚠  This has changed (🟡optional) 
+    container_name: netalertx                 # ⚠  This has changed (🟡optional) 
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: "jokobsk/netalertx:latest"         # ⚠  This has changed (🟡optional/🔺required in future) 
+    network_mode: "host"        
+    restart: unless-stopped
+    volumes:
+      - local/path/config:/app/config         # ⚠  This has changed (🔺required) 
+      - local/path/db:/app/db                 # ⚠  This has changed (🔺required) 
+      # (optional) useful for debugging if you have issues setting up the container
+      - local/path/logs:/app/log        # ⚠  This has changed (🟡optional) 
+    environment:
+      - TZ=Europe/Berlin      
+      - PORT=20211
+```
+
+
+## Example 2: Mapping files
+
+> [!NOTE] 
+> The recommendation is to map folders as in Example 1, map files directly only when needed. 
+
+### Old docker-compose.yml
+
+```yaml
+version: "3"
+services:
+  pialert:
+    container_name: pialert
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: "jokobsk/pialert:latest"      
+    network_mode: "host"        
+    restart: unless-stopped
+    volumes:
+      - local/path/config/pialert.conf:/home/pi/pialert/config/pialert.conf  
+      - local/path/db/pialert.db:/home/pi/pialert/db/pialert.db         
+      # (optional) useful for debugging if you have issues setting up the container
+      - local/path/logs:/home/pi/pialert/front/log
+    environment:
+      - TZ=Europe/Berlin      
+      - PORT=20211
+```
+
+### New docker-compose.yml
+
+```yaml
+version: "3"
+services:
+  netalertx:                                  # ⚠  This has changed (🟡optional) 
+    container_name: netalertx                 # ⚠  This has changed (🟡optional) 
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: "jokobsk/netalertx:latest"         # ⚠  This has changed (🟡optional/🔺required in future) 
+    network_mode: "host"        
+    restart: unless-stopped
+    volumes:
+      - local/path/config/app.conf:/app/config/app.conf # ⚠  This has changed (🔺required) 
+      - local/path/db/app.db:/app/db/app.db             # ⚠  This has changed (🔺required) 
+      # (optional) useful for debugging if you have issues setting up the container
+      - local/path/logs:/app/log                  # ⚠  This has changed (🟡optional) 
+    environment:
+      - TZ=Europe/Berlin      
+      - PORT=20211
+```

docs/NETWORK_TREE.md

@@ -1,10 +1,29 @@
 ## How to setup your Network page
 
-Make sure you have a root device with the MAC `Internet` (No other MAC addresses are currently support as root)
+Make sure you have a root device with the MAC `Internet` (No other MAC addresses are currently supported as the root node) set to a network device type (e.g.: **Type**:`Router`).
 
-To setup a device named `rapberrypi` as a `Switch` in our network. 
+> 💡 Tip: You can add dummy devices via the [Create dummy device](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICE_MANAGEMENT.md#dummy-devices) button in the Devices listing page.
 
-### 1) Device details page
+> 💡 Tip: Export your configuration of the Network and Devices once in a while via the Export CSV feature under **Maintenance** -> **Backup/Restore** -> **CSV Export**.   
+
+## ⚡Quick setup:
+
+* Go to a Device you want to use as network device (network nodes, such as a Switch). 
+* Set the **Type** of such a device to one of the following: AP, Firewall, Gateway, PLC, Powerline, Router, Switch, USB LAN Adapter, USB WIFI Adapter and WLAN (you can create a custom network type device with in Settings -> General -> `NETWORK_DEVICE_TYPES`).
+* Save and go to Network where the devices you've marked as network devices (by selecting the Type as mentioned above) will show up as tabs.
+* You can now assign the Unassigend devices to the network node.
+* If port is empty or 0 a wifi icon is rendered, otherwise a ethernet port icon.
+
+
+> [!NOTE] 
+>
+> [Bulk-edit devices](/docs/DEVICES_BULK_EDITING.md) by using the _CSV Export_ functionality in the _Maintenance_ section. You can use this to fix `Internet` node assignment issues. 
+
+## 🔍Detailed example:
+
+In this example you will setup a device named `rapberrypi` as a `Switch` in our network. 
+
+### 1. Device details page
 
 - Go to the `Devices` (1) page:
 
@@ -13,23 +32,23 @@ To setup a device named `rapberrypi` as a `Switch` in our network.
 - In the (2) `Details` tab navigate to the the `Type` (3) dropdown and select the type `Switch` (4).
 
 > Note: Only the following device types will show up as selectable Network nodes ( = devices you can connect other devices to):
-> AP, Firewall, Gateway, PLC, Powerline, Router, Switch, USB LAN Adapter, USB WIFI Adapter and WLAN.
+> AP, Firewall, Gateway, Hypervisor, PLC, Powerline, Router, Switch, USB LAN Adapter, USB WIFI Adapter and WLAN. Custom types can be added via the `NETWORK_DEVICE_TYPES` setting.
 
-- Assign a device to your root device from the `Node` (5) dropdown whitch has the MAC `Internet` (6) (Your name may differ, but the MAC needs to be set to `Internet` - this is done by default). 
+- Assign a device to your root device from the `Node` (5) dropdown which has the MAC `Internet` (6) (Your name may differ, but the MAC needs to be set to `Internet` - this is done by default). 
 
 - Save your changes (7)
 
-### 1) Network page
+### 2. Network page
 
 - Navigate to your `Network` (1) page:
 
 ![Network page](/docs/img/NETWORK_TREE/Network_Page.png)
 
 - Notice the newly added `raspberrypi` (2) tab which now represents a network node, also showing up in the tree (3).
-- As we asssigned the `raspberrypi` in the previous 1) Device details page section to the `Internet` parent network node in step (6), the link is also showing up in the tree diagram (4)
+- As we asssigned the `raspberrypi` in the previous (1) Device details page section to the `Internet` parent network node in step (6), the link is also showing up in the tree diagram (4)
 - We can now assign the device `(AppleTV)` (5) to this `raspberrypi` node, representing a network Switch in this example
 
-### 1) Network page with 2 levels
+### 3. Network page with 2 levels
 
 - After clicking the `Assign` button in the previous section, the `(AppleTV)` (1) device is now connected to our `raspberrypi` (2).
 
@@ -41,3 +60,4 @@ To setup a device named `rapberrypi` as a `Switch` in our network.
 
 
 
+

docs/NOTIFICATIONS.md

@@ -0,0 +1,53 @@
+# Notifications 📧
+
+There are 4 ways how to influence notifications:
+
+1. On the device itself
+2. On the settings of the plugin
+3. Globally
+4. Ignoring devices
+
+> [!NOTE]
+> It's recommended to use the same schedule interval for all plugins responsible for scanning devices, otherwise false positives might be reported if different devices are discovered by different plugins. Check the **Settings** > **Enabled settings** section for a warning:
+> ![Schedules out-of-sync](/docs/img/NOTIFICATIONS/Schedules_out-of-sync.png)
+
+## Device settings 💻
+
+![Device notification settings](/docs/img/NOTIFICATIONS/Device-notification-settings.png)
+
+There are 4 settings on the device for influencing notifications. You can:
+
+1. **Alert Events** - Enables alerts of connections, disconnections, IP changes.
+2. **Alert Down** - Alerts when a device goes down. This setting overrides a disabled **Alert Events** setting, so you will get a notification of a device going down even if you don't have **Alert Events** ticked.
+3. **Skip repeated notifications**, if for example you know there is a temporary issue and want to pause the same notification for this device for a given time.
+
+## Plugin settings 🔌
+
+![Plugin notification settings](/docs/img/NOTIFICATIONS/Plugin-notification-settings.png)
+
+On almost all plugins there are 2 core settings, `<plugin>_WATCH` and `<plugin>_REPORT_ON`. 
+
+1. `<plugin>_WATCH` specifies the columns which the app should watch. If watched columns change the device state is considered changed. This changed status is then used to decide to send out notifications based on the `<plugin>_REPORT_ON` setting. 
+2. `<plugin>_REPORT_ON` let's you specify on which events the app should notify you. This is related to the `<plugin>_WATCH` setting. So if you select `watched-changed` and in `<plugin>_WATCH` you only select `Watched_Value1`, then a notification is triggered if `Watched_Value1` is changed from the previous value, but no notification is send if `Watched_Value2` changes. 
+
+Click the **Read more in the docs.** Link at the top of each plugin to get more details on how the given plugin works. 
+
+## Global settings ⚙
+
+![Global notification settings](/docs/img/NOTIFICATIONS/Global-notification-settings.png)
+
+In Notification Processing settings, you can specify blanket rules. These allow you to specify exceptions to the Plugin and Device settings and will override those.
+
+1. Notify on (`NTFPRCS_INCLUDED_SECTIONS`) allows you to specify which events trigger notifications. Usual setups will have `new_devices`, `down_devices`, and possibly `down_reconnected` set. Including `plugin` (dependenton the Plugin `<plugin>_WATCH` and `<plugin>_REPORT_ON` settings) and `events` (dependent on the on-device **Alert Events** setting) might be too noisy for most setups. More info in the [NTFPRCS plugin](/front/plugins/notification_processing/README.md)
+2. Alert down after (`NTFPRCS_alert_down_time`) is useful if you want to wait for some time before the system sends out a down notification for a device. This is related to the on-device **Alert down** setting and only devices with this checked will trigger a down notification.
+3. A filter to allow you to set device-specific exceptions to New devices being added to the app.
+4. A filter to allow you to set device-specific exceptions to generated Events.
+
+## Ignoring devices 🔕
+
+![Ignoring new devices](/docs/img/NOTIFICATIONS/NEWDEV_ignores.png)
+
+You can completely ignore detected devices globally. This could be because your instance detects docker containers, you want to ignore devices from a specific manufacturer via MAC rules or you want to ignore devices on a specific IP range. 
+
+1. Ignored MACs (`NEWDEV_ignored_MACs`) - List of MACs to ignore.
+2. Ignored IPs (`NEWDEV_ignored_IPs`) - List of IPs to ignore. 

docs/PERFORMANCE.md

@@ -0,0 +1,59 @@
+# Performance tips
+
+The application runs regular maintenance and DB cleanup tasks. If these tasks fail, you might encounter performance issues. 
+
+Most performance issues are caused by a big database or large log files. Enabling unnecessary plugins will also lead to performance degradation. 
+
+You can always check the size of your database and database tables under the Maintenance page. 
+
+![Db size check](/docs/img/PERFORMANCE/db_size_check.png)
+
+> [!NOTE]
+> For around 100 devices the database should be approximately `50MB` and none of the entries (rows) should exceed the value of `10 000` on a healthy system. These numbers will depend on your network activity and settings. 
+
+## Maintenance plugins
+
+There are 2 plugins responsible for maintaining the overal health of the application. One is responsible for the database cleanup and one for other tasks, such as log cleanup. 
+
+### DB Cleanup (DBCLNP)
+
+The database cleanup plugin. Check details and related setting in the [DB Cleanup plugin docs](/front/plugins/db_cleanup/README.md). Make sure the plugin is not failing by checking the logs. Try changing the schedule `DBCLNP_RUN_SCHD` and the timeout `DBCLNP_RUN_TIMEOUT` (increase) if the plugin is failing to execute.
+
+### Maintenance (MAINT)
+
+The maintenance plugin. Check details and related setting in the [Maintenance plugin docs](/front/plugins/maintenance/README.md). Make sure the plugin is not failing by checking the logs. Try changing the schedule `MAINT_RUN_SCHD` and the timeout `MAINT_RUN_TIMEOUT` (increase) if the plugin is failing to execute.
+
+## Scan frequency and coverage
+
+The more often you scan the networks the more resources, traffic and DB read/write cycles are executed. Especially on busy networks and lower end hardware, consider increasing scan intervals (`<PLUGIN>_RUN_SCHD`)  and timeouts (`<PLUGIN>_RUN_TIMEOUT`).
+
+Also consider decreasing the scanned subnet, e.g. from `/16` to `/24` if need be.   
+
+# Store temporary files in memory
+
+You can also store temporary files in application memory (`/app/api` and `/app/log` folders). See highlighted lines `◀` below.
+
+```yaml
+version: "3"
+services:
+  netalertx:
+    container_name: netalertx
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: "jokobsk/netalertx:latest"      
+    network_mode: "host"        
+    restart: unless-stopped
+    volumes:
+      - local/path/config:/app/config
+      - local/path/db:/app/db      
+      # (optional) useful for debugging if you have issues setting up the container
+      - local/path/logs:/app/log
+      # (API: OPTION 1) use for performance
+      - type: tmpfs              # ◀
+        target: /app/api         # ◀
+      # (API: OPTION 2) use when debugging issues 
+      # -  local/path/api:/app/api
+    environment:
+      - TZ=Europe/Berlin      
+      - PORT=20211
+```

docs/PLUGINS_DEV.md

@@ -0,0 +1,780 @@
+## 🌟 Create a custom plugin: Overview
+
+NetAlertX comes with a plugin system to feed events from third-party scripts into the UI and then send notifications, if desired. The highlighted core functionality this plugin system supports, is:
+
+* dynamic creation of a simple UI to interact with the discovered objects,
+* filtering of displayed values in the Devices UI
+* surface settings of plugins in the UI, 
+* different column types for reported values to e.g. link back to a device
+* import objects into existing NetAlertX database tables 
+
+> (Currently, update/overwriting of existing objects is only supported for devices via the `CurrentScan` table.)
+
+### 🎥 Watch the video:
+
+[![Watch the video](/docs/img/YouTube_thumbnail.png)](https://youtu.be/cdbxlwiWhv8)
+
+### 📸 Screenshots
+
+| ![Screen 1][screen1] | ![Screen 2][screen2] | ![Screen 3][screen3] | 
+|----------------------|----------------------| ----------------------| 
+| ![Screen 4][screen4] |  ![Screen 5][screen5] | 
+
+## Use cases
+
+Example use cases for plugins could be:
+
+* Monitor a web service and alert me if it's down
+* Import devices from dhcp.leases files instead/complementary to using PiHole or arp-scans
+* Creating ad-hoc UI tables from existing data in the NetAlertX database, e.g. to show all open ports on devices, to list devices that disconnected in the last hour, etc.
+* Using other device discovery methods on the network and importing the data as new devices
+* Creating a script to create FAKE devices based on user input via custom settings
+* ...at this point the limitation is mostly the creativity rather than the capability (there might be edge cases and a need to support more form controls for user input off custom settings, but you probably get the idea)
+
+If you wish to develop a plugin, please check the existing plugin structure. Once the settings are saved by the user they need to be removed from the `app.conf` file manually if you want to re-initialize them from the `config.json` of the plugin. 
+
+## ⚠ Disclaimer
+
+Please read the below carefully if you'd like to contribute with a plugin yourself. This documentation file might be outdated, so double-check the sample plugins as well. 
+
+## Plugin file structure overview 
+
+> ⚠️Folder name must be the same as the code name value in: `"code_name": "<value>"`
+> Unique prefix needs to be unique compared to the other settings prefixes, e.g.: the prefix `APPRISE` is already in use. 
+
+  | File | Required (plugin type) | Description | 
+  |----------------------|----------------------|----------------------| 
+  | `config.json` | yes | Contains the plugin configuration (manifest) including the settings available to the user. |
+  | `script.py` |  no | The Python script itself. You may call any valid linux command.  |
+  | `last_result.<prefix>.log` | no | The file used to interface between NetAlertX and the plugin. Required for a script plugin if you want to feed data into the app. Stored in the `/api/log/plugins/` |
+  | `script.log` | no | Logging output (recommended) |
+  | `README.md` | yes | Any setup considerations or overview  |
+
+More on specifics below.
+
+### Column order and values (plugins interface contract)
+
+> [!IMPORTANT] 
+> Spend some time reading and trying to understand the below table. This is the interface between the Plugins and the core application. The application expets 9 or 13 values The first 9 values are mandatory. The next 4 values (`HelpVal1` to `HelpVal4`) are optional. However, if you use any of these optional values (e.g., `HelpVal1`), you need to supply all optional values (e.g., `HelpVal2`, `HelpVal3`, and `HelpVal4`). If a value is not used, it should be padded with `null`.
+
+  | Order | Represented Column | Value Required | Description | 
+  |----------------------|----------------------|----------------------|----------------------| 
+  | 0 | `Object_PrimaryID` | yes | The primary ID used to group Events under. |
+  | 1 | `Object_SecondaryID` | no | Optional secondary ID to create a relationship beween other entities, such as a MAC address |
+  | 2 | `DateTime` | yes | When the event occured in the format `2023-01-02 15:56:30` |
+  | 3 | `Watched_Value1` | yes | A value that is watched and users can receive notifications if it changed compared to the previously saved entry. For example IP address |
+  | 4 | `Watched_Value2` | no | As above |
+  | 5 | `Watched_Value3` | no | As above  |
+  | 6 | `Watched_Value4` | no | As above  |
+  | 7 | `Extra` | no | Any other data you want to pass and display in NetAlertX and the notifications |
+  | 8 | `ForeignKey` | no | A foreign key that can be used to link to the parent object (usually a MAC address) |
+  | 9 | `HelpVal1` | no | (optional) A helper value |
+  | 10 | `HelpVal2` | no | (optional) A helper value |
+  | 11 | `HelpVal3` | no | (optional) A helper value |
+  | 12 | `HelpVal4` | no | (optional) A helper value |
+  
+
+> [!NOTE] 
+> De-duplication is run once an hour on the `Plugins_Objects` database table and duplicate entries with the same value in columns `Object_PrimaryID`, `Object_SecondaryID`, `Plugin` (auto-filled based on `unique_prefix` of the plugin), `UserData` (can be populated with the `"type": "textbox_save"` column type) are removed.
+
+# config.json structure
+
+The `config.json` file is the manifest of the plugin. It contains mainly settings definitions and the mapping of Plugin objects to NetAlertX objects. 
+
+## Execution order
+
+The execution order is used to specify when a plugin is executed. This is useful if a plugin has access and surfaces more information than others. If a device is detected by 2 plugins and inserted into the `CurrentScan` table, the plugin with the higher priority (e.g.: `Level_0` is a higher priority than `Level_1`) will insert it's values first. These values (devices) will be then prioritized over any values inserted later.
+
+```json
+{
+    "execution_order" : "Layer_0"
+}
+```
+
+## Supported data sources
+
+Currently, these data sources are supported (valid `data_source` value). 
+
+| Name | `data_source` value | Needs to return a "table"* | Overview (more details on this page below) | 
+|----------------------|----------------------|----------------------|----------------------| 
+| Script | `script` | no | Executes any linux command in the `CMD` setting. |
+| NetAlertX DB query | `app-db-query` | yes | Executes a SQL query on the NetAlertX database in the `CMD` setting. |
+| Template | `template` | no | Used to generate internal settings, such as default values. |
+| External SQLite DB query | `sqlite-db-query` | yes | Executes a SQL query from the `CMD` setting on an external SQLite database mapped in the `DB_PATH` setting.  |
+| Plugin type | `plugin_type` | no | Specifies the type of the plugin and in which section the Plugin settings are displayed ( one of `general/system/scanner/other/publisher` ). | 
+
+> * "Needs to return a "table" means that the application expects a `last_result.<prefix>.log` file with some results. It's not a blocker, however warnings in the `app.log` might be logged.
+
+> 🔎Example
+>```json
+>"data_source":  "app-db-query"
+>```
+If you want to display plugin objects or import devices into the app, data sources have to return a "table" of the exact structure as outlined above.
+
+You can show or hide the UI on the "Plugins" page and "Plugins" tab for a plugin on devices via the `show_ui` property:
+
+> 🔎Example
+>```json
+> "show_ui": true,
+> ```
+
+### "data_source":  "script"
+
+ If the `data_source` is set to `script` the `CMD` setting (that you specify in the `settings` array section in the `config.json`) contains an executable Linux command, that usually generates a `last_result.<prefix>.log` file (not required if you don't import any data into the app). The `last_result.<prefix>.log` file needs to be saved in `/api/log/plugins`. 
+
+> [!IMPORTANT]
+> A lot of the work is taken care of by the [`plugin_helper.py` library](/front/plugins/plugin_helper.py). You don't need to manage the `last_result.<prefix>.log` file if using the helper objects. Check other `script.py` of other plugins for details (The [Undicoverables plugins `script.py` file](/front/plugins/undiscoverables/script.py) is a good example).
+ 
+ The content of the `last_result.<prefix>.log` file needs to contain the columns as defined in the "Column order and values" section above. The order of columns can't be changed. After every scan it should contain only the results from the latest scan/execution. 
+
+- The format of the `last_result.<prefix>.log` is a `csv`-like file with the pipe `|` as a separator. 
+- 9 (nine) values need to be supplied, so every line needs to contain 8 pipe separators. Empty values are represented by `null`.  
+- Don't render "headers" for these "columns".
+Every scan result/event entry needs to be on a new line.
+- You can find which "columns" need to be present, and if the value is required or optional, in the "Column order and values" section. 
+- The order of these "columns" can't be changed.
+
+#### 🔎 last_result.prefix.log examples
+
+Valid CSV:
+
+```csv
+
+https://www.google.com|null|2023-01-02 15:56:30|200|0.7898|null|null|null|null
+https://www.duckduckgo.com|192.168.0.1|2023-01-02 15:56:30|200|0.9898|null|null|Best search engine|ff:ee:ff:11:ff:11
+
+```
+
+Invalid CSV with different errors on each line:
+
+```csv
+
+https://www.google.com|null|2023-01-02 15:56:30|200|0.7898||null|null|null
+https://www.duckduckgo.com|null|2023-01-02 15:56:30|200|0.9898|null|null|Best search engine|
+|https://www.duckduckgo.com|null|2023-01-02 15:56:30|200|0.9898|null|null|Best search engine|null
+null|192.168.1.1|2023-01-02 15:56:30|200|0.9898|null|null|Best search engine
+https://www.duckduckgo.com|192.168.1.1|2023-01-02 15:56:30|null|0.9898|null|null|Best search engine
+https://www.google.com|null|2023-01-02 15:56:30|200|0.7898|||
+https://www.google.com|null|2023-01-02 15:56:30|200|0.7898|
+
+```
+
+### "data_source":  "app-db-query"
+
+If the `data_source` is set to `app-db-query`, the `CMD` setting needs to contain a SQL query rendering the columns as defined in the "Column order and values" section above. The order of columns is important. 
+
+This SQL query is executed on the `app.db` SQLite database file. 
+
+>  🔎Example
+> 
+> SQL query example:
+> 
+> ```SQL
+> SELECT  dv.devName as Object_PrimaryID, 
+>     cast(dv.devLastIP as VARCHAR(100)) || ':' || cast( SUBSTR(ns.Port ,0, INSTR(ns.Port , '/')) as VARCHAR(100)) as Object_SecondaryID,  
+>     datetime() as DateTime,  
+>     ns.Service as Watched_Value1,        
+>     ns.State as Watched_Value2,
+>     'null' as Watched_Value3,
+>     'null' as Watched_Value4,
+>     ns.Extra as Extra,
+>     dv.devMac as ForeignKey 
+> FROM 
+>     (SELECT * FROM Nmap_Scan) ns 
+> LEFT JOIN 
+>     (SELECT devName, devMac, devLastIP FROM Devices) dv 
+> ON ns.MAC = dv.devMac
+> ```
+> 
+> Required `CMD` setting example with above query (you can set `"type": "label"` if you want it to make uneditable in the UI):
+> 
+> ```json
+> {
+>             "function": "CMD",
+>            "type": {"dataType":"string", "elements": [{"elementType" : "input", "elementOptions" : [] ,"transformers": []}]},
+>            "default_value":"SELECT  dv.devName as Object_PrimaryID, cast(dv.devLastIP as VARCHAR(100)) || ':' || cast( SUBSTR(ns.Port ,0, INSTR(ns.Port , '/')) as VARCHAR(100)) as Object_SecondaryID,  datetime() as DateTime,  ns.Service as Watched_Value1,        ns.State as Watched_Value2,        'null' as Watched_Value3,        'null' as Watched_Value4,        ns.Extra as Extra        FROM (SELECT * FROM Nmap_Scan) ns LEFT JOIN (SELECT devName, devMac, devLastIP FROM Devices) dv   ON ns.MAC = dv.devMac",
+>            "options": [],
+>            "localized": ["name", "description"],
+>            "name" : [{
+>                "language_code":"en_us",
+>                "string" : "SQL to run"
+>            }],
+>             "description": [{
+>                 "language_code":"en_us",
+>                 "string" : "This SQL query is used to populate the coresponding UI tables under the Plugins section."
+>             }]
+>         }
+> ```
+
+### "data_source":  "template"
+
+In most cases, it is used to initialize settings. Check the `newdev_template` plugin for details.
+
+### "data_source":  "sqlite-db-query"
+
+You can execute a SQL query on an external database connected to the current NetAlertX database via a temporary `EXTERNAL_<unique prefix>.` prefix. 
+
+For example for `PIHOLE` (`"unique_prefix": "PIHOLE"`) it is `EXTERNAL_PIHOLE.`. The external SQLite database file has to be mapped in the container to the path specified in the `DB_PATH` setting:
+
+>  🔎Example
+>
+>```json
+>  ...
+>{
+>        "function": "DB_PATH",
+>        "type": {"dataType":"string", "elements": [{"elementType" : "input", "elementOptions" : [{"readonly": "true"}] ,"transformers": []}]},
+>        "default_value":"/etc/pihole/pihole-FTL.db",
+>        "options": [],
+>        "localized": ["name", "description"],
+>        "name" : [{
+>            "language_code":"en_us",
+>            "string" : "DB Path"
+>        }],
+>        "description": [{
+>            "language_code":"en_us",
+>            "string" : "Required setting for the <code>sqlite-db-query</code> plugin type. Is used to mount an external SQLite database and execute the SQL query stored in the <code>CMD</code> setting."
+>        }]    
+>    }
+>  ...
+>```
+
+The actual SQL query you want to execute is then stored as a `CMD` setting, similar to a Plugin of the `app-db-query` plugin type. The format has to adhere to the format outlined in the "Column order and values" section above. 
+
+>  🔎Example
+>
+> Notice the `EXTERNAL_PIHOLE.` prefix.
+>
+>```json
+>{
+>      "function": "CMD",
+>      "type": {"dataType":"string", "elements": [{"elementType" : "input", "elementOptions" : [] ,"transformers": []}]},
+>      "default_value":"SELECT hwaddr as Object_PrimaryID, cast('http://' || (SELECT ip FROM EXTERNAL_PIHOLE.network_addresses WHERE network_id = id ORDER BY lastseen DESC, ip LIMIT 1) as VARCHAR(100)) || ':' || cast( SUBSTR((SELECT name FROM EXTERNAL_PIHOLE.network_addresses WHERE network_id = id ORDER BY lastseen DESC, ip LIMIT 1), 0, INSTR((SELECT name FROM EXTERNAL_PIHOLE.network_addresses WHERE network_id = id ORDER BY lastseen DESC, ip LIMIT 1), '/')) as VARCHAR(100)) as Object_SecondaryID, datetime() as DateTime, macVendor as Watched_Value1, lastQuery as Watched_Value2, (SELECT name FROM EXTERNAL_PIHOLE.network_addresses WHERE network_id = id ORDER BY lastseen DESC, ip LIMIT 1) as Watched_Value3, 'null' as Watched_Value4, '' as Extra, hwaddr as ForeignKey FROM EXTERNAL_PIHOLE.network WHERE hwaddr NOT LIKE 'ip-%' AND hwaddr <> '00:00:00:00:00:00';            ",
+>      "options": [],
+>      "localized": ["name", "description"],
+>      "name" : [{
+>          "language_code":"en_us",
+>          "string" : "SQL to run"
+>      }],
+>      "description": [{
+>          "language_code":"en_us",
+>          "string" : "This SQL query is used to populate the coresponding UI tables under the Plugins section. This particular one selects data from a mapped PiHole SQLite database and maps it to the corresponding Plugin columns."
+>      }]
+>  }
+>  ```
+
+## 🕳 Filters
+
+Plugin entries can be filtered in the UI based on values entered into filter fields. The `txtMacFilter` textbox/field contains the Mac address of the currently viewed device, or simply a Mac address that's available in the `mac` query string (`<url>?mac=aa:22:aa:22:aa:22:aa`).
+
+  | Property | Required | Description | 
+  |----------------------|----------------------|----------------------| 
+  | `compare_column` | yes | Plugin column name that's value is used for comparison (**Left** side of the equation) |
+  | `compare_operator` |  yes | JavaScript comparison operator |
+  | `compare_field_id` | yes | The `id` of a input text field containing a value is used for comparison (**Right** side of the equation)|
+  | `compare_js_template` | yes | JavaScript code used to convert left and right side of the equation. `{value}` is replaced with input values. |
+  | `compare_use_quotes` | yes | If `true` then the end result of the `compare_js_template` i swrapped in `"` quotes. Use to compare strings. |
+  
+  Filters are only applied if a filter is specified, and the `txtMacFilter` is not `undefined`, or empty (`--`).
+
+> 🔎Example:
+> 
+> ```json
+>     "data_filters": [
+>         {
+>             "compare_column" : "Object_PrimaryID",
+>             "compare_operator" : "==",
+>             "compare_field_id": "txtMacFilter",
+>             "compare_js_template": "'{value}'.toString()", 
+>             "compare_use_quotes": true 
+>         }
+>     ],
+> ```
+>
+>1. On the `pluginsCore.php` page is an input field with the id `txtMacFilter`:
+>
+>```html
+><input class="form-control" id="txtMacFilter" type="text" value="--">
+>```
+>
+>2. This input field is initialized via the `&mac=` query string.
+>
+>3. The app then proceeds to use this Mac value from this field and compares it to the value of the `Object_PrimaryID` database field. The `compare_operator` is `==`.
+>
+>4. Both values, from the database field `Object_PrimaryID` and from the `txtMacFilter` are wrapped and evaluated with the `compare_js_template`, that is `'{value}.toString()'`.
+>
+>5. `compare_use_quotes` is set to `true` so `'{value}'.toString()` is wrappe dinto `"` quotes.
+>
+>6. This results in for example this code: 
+>
+>```javascript
+>    // left part of the expression coming from compare_column and right from the input field
+>    // notice the added quotes ()") around the left and right part of teh expression
+>    "eval('ac:82:ac:82:ac:82".toString()')" == "eval('ac:82:ac:82:ac:82".toString()')"
+>```
+>
+
+
+### 🗺 Mapping the plugin results into a database table
+
+Plugin results are always inserted into the standard `Plugin_Objects` database table. Optionally, NetAlertX can take the results of the plugin execution, and insert these results into an additional database table. This is enabled by with the property `"mapped_to_table"` in the `config.json` file. The mapping of the columns is defined in the `database_column_definitions` array.
+
+> [!NOTE] 
+> If results are mapped to the `CurrentScan` table, the data is then included into the regular scan loop, so for example notification for devices are sent out.  
+
+
+>🔍 Example:
+>
+>For example, this approach is used to implement the `DHCPLSS` plugin. The script parses all supplied "dhcp.leases" files, gets the results in the generic table format outlined in the "Column order and values" section above, takes individual values, and inserts them into the `CurrentScan` database table in the NetAlertX database. All this is achieved by:
+>
+>1. Specifying the database table into which the results are inserted by defining `"mapped_to_table": "CurrentScan"` in the root of the `config.json` file as shown below:
+>
+>```json
+>{
+>    "code_name": "dhcp_leases",
+>    "unique_prefix": "DHCPLSS",
+>    ...
+>    "data_source":  "script",
+>    "localized": ["display_name", "description", "icon"],
+>    "mapped_to_table": "CurrentScan",    
+>    ...
+>}
+>```
+>2. Defining the target column with the `mapped_to_column` property for individual columns in the `database_column_definitions` array of the `config.json` file. For example in the `DHCPLSS` plugin, I needed to map the value of the `Object_PrimaryID` column returned by the plugin, to the `cur_MAC` column in the NetAlertX database table `CurrentScan`. Notice the  `"mapped_to_column": "cur_MAC"` key-value pair in the sample below.
+>
+>```json
+>{
+>            "column": "Object_PrimaryID",
+>            "mapped_to_column": "cur_MAC", 
+>            "css_classes": "col-sm-2",
+>            "show": true,
+>            "type": "device_mac",            
+>            "default_value":"",
+>            "options": [],
+>            "localized": ["name"],
+>            "name":[{
+>                "language_code":"en_us",
+>                "string" : "MAC address"
+>                }]
+>        }
+>```
+>
+>3.  That's it. The app takes care of the rest. It loops thru the objects discovered by the plugin, takes the results line-by-line, and inserts them into the database table specified in `"mapped_to_table"`. The columns are translated from the generic plugin columns to the target table columns via the `"mapped_to_column"` property in the column definitions.
+
+> [!NOTE] 
+> You can create a column mapping with a default value via the `mapped_to_column_data` property. This means that the value of the given column will always be this value. That also means that the `"column": "NameDoesntMatter"` is not important as there is no database source column. 
+
+
+>🔍 Example:
+>
+>```json
+>{
+>            "column": "NameDoesntMatter",
+>            "mapped_to_column": "cur_ScanMethod",
+>            "mapped_to_column_data": {
+>                "value": "DHCPLSS"                
+>            },  
+>            "css_classes": "col-sm-2",
+>            "show": true,
+>            "type": "device_mac",            
+>            "default_value":"",
+>            "options": [],
+>            "localized": ["name"],
+>            "name":[{
+>                "language_code":"en_us",
+>                "string" : "MAC address"
+>                }]
+>        }
+>```
+
+#### params
+
+> [!IMPORTANT] 
+> An esier way to access settings in scripts is the `get_setting_value` method.
+> ```python
+> from helper import get_setting_value
+>
+>   ...
+>   NTFY_TOPIC = get_setting_value('NTFY_TOPIC')
+>   ...
+>
+> ``` 
+
+The `params` array in the `config.json` is used to enable the user to change the parameters of the executed script. For example, the user wants to monitor a specific URL. 
+
+> 🔎 Example:
+> Passing user-defined settings to a command. Let's say, you want to have a script, that is called with a user-defined parameter called `urls`: 
+> 
+> ```bash
+> root@server# python3 /app/front/plugins/website_monitor/script.py urls=https://google.com,https://duck.com
+> ```
+
+* You can allow the user to add URLs to a setting with the `function` property set to a custom name, such as `urls_to_check` (this is not a reserved name from the section "Supported settings `function` values" below). 
+* You specify the parameter `urls` in the `params` section of the `config.json` the following way (`WEBMON_` is the plugin prefix automatically added to all the settings):
+```json
+{
+    "params" : [
+        {
+            "name"  : "urls",
+            "type"  : "setting",
+            "value" : "WEBMON_urls_to_check"
+        }]
+}
+```
+* Then you use this setting as an input parameter for your command in the `CMD` setting. Notice `urls={urls}` in the below json:
+
+```json
+ {
+            "function": "CMD",
+            "type": {"dataType":"string", "elements": [{"elementType" : "input", "elementOptions" : [] ,"transformers": []}]},
+            "default_value":"python3 /app/front/plugins/website_monitor/script.py urls={urls}",
+            "options": [],
+            "localized": ["name", "description"],
+            "name" : [{
+                "language_code":"en_us",
+                "string" : "Command"
+            }],
+            "description": [{
+                "language_code":"en_us",
+                "string" : "Command to run"
+            }]
+        }
+```
+
+During script execution, the app will take the command `"python3 /app/front/plugins/website_monitor/script.py urls={urls}"`, take the `{urls}` wildcard and replace it with the value from the `WEBMON_urls_to_check` setting. This is because:
+
+1. The app checks the `params` entries
+2. It finds `"name"  : "urls"`
+3. Checks the type of the `urls` params and finds `"type"  : "setting"`
+4. Gets the setting name from  `"value" : "WEBMON_urls_to_check"` 
+   - IMPORTANT: in the `config.json` this setting is identified by `"function":"urls_to_check"`, not `"function":"WEBMON_urls_to_check"`
+   - You can also use a global setting, or a setting from a different plugin  
+5. The app gets the user defined value from the setting with the code name `WEBMON_urls_to_check`
+   - let's say the setting with the code name  `WEBMON_urls_to_check` contains 2 values entered by the user: 
+   - `WEBMON_urls_to_check=['https://google.com','https://duck.com']`
+6. The app takes the value from `WEBMON_urls_to_check` and replaces the `{urls}` wildcard in the setting where `"function":"CMD"`, so you go from:
+   - `python3 /app/front/plugins/website_monitor/script.py urls={urls}`
+   - to
+   - `python3 /app/front/plugins/website_monitor/script.py urls=https://google.com,https://duck.com` 
+
+Below are some general additional notes, when defining `params`: 
+
+- `"name":"name_value"` - is used as a wildcard replacement in the `CMD` setting value by using curly brackets `{name_value}`. The wildcard is replaced by the result of the `"value" : "param_value"` and `"type":"type_value"` combo configuration below.
+- `"type":"<sql|setting>"` - is used to specify the type of the params, currently only 2 supported (`sql`,`setting`).
+  - `"type":"sql"` - will execute the SQL query specified in the `value` property. The sql query needs to return only one column. The column is flattened and separated by commas (`,`), e.g: `SELECT devMac from DEVICES` -> `Internet,74:ac:74:ac:74:ac,44:44:74:ac:74:ac`. This is then used to replace the wildcards in the `CMD` setting.  
+  - `"type":"setting"` - The setting code name. A combination of the value from `unique_prefix` + `_` + `function` value, or otherwise the code name you can find in the Settings page under the Setting display name, e.g. `PIHOLE_RUN`. 
+- `"value": "param_value"` - Needs to contain a setting code name or SQL query without wildcards.
+- `"timeoutMultiplier" : true` - used to indicate if the value should multiply the max timeout for the whole script run by the number of values in the given parameter.
+- `"base64": true` - use base64 encoding to pass the value to the script (e.g. if there are spaces)
+
+
+> 🔎Example:
+> 
+> ```json
+> {
+>     "params" : [{
+>            "name"              : "ips",
+>            "type"              : "sql",
+>            "value"             : "SELECT devLastIP from DEVICES",
+>            "timeoutMultiplier" : true
+>        },
+>        {
+>            "name"              : "macs",
+>            "type"              : "sql",
+>            "value"             : "SELECT devMac from DEVICES"            
+>        },
+>        {
+>            "name"              : "timeout",
+>            "type"              : "setting",
+>            "value"             : "NMAP_RUN_TIMEOUT"
+>        },
+>        {
+>            "name"              : "args",
+>            "type"              : "setting",
+>            "value"             : "NMAP_ARGS",
+>            "base64"            : true
+>        }]
+> }
+> ```
+
+
+#### ⚙ Setting object structure
+
+> [!NOTE] 
+> The settings flow and when Plugin specific settings are applied is described under the [Settings system](/docs/SETTINGS_SYSTEM.md).
+
+Required attributes are:
+
+| Property | Description |
+| -------- | ----------- |
+| `"function"` | Specifies the function the setting drives or a simple unique code name. See Supported settings function values for options. |
+| `"type"` | Specifies the form control used for the setting displayed in the Settings page and what values are accepted. Supported options include: |
+|  | - `{"dataType":"string", "elements": [{"elementType" : "input", "elementOptions" : [{"type":"password"}] ,"transformers": ["sha256"]}]}` |
+| `"localized"` | A list of properties on the current JSON level that need to be localized. |
+| `"name"` | Displayed on the Settings page. An array of localized strings. See Localized strings below. |
+| `"description"` | Displayed on the Settings page. An array of localized strings. See Localized strings below. |
+| (optional) `"events"` | Specifies whether to generate an execution button next to the input field of the setting. Supported values: |
+|  | - `"test"` - For notification plugins testing |
+|  | - `"run"` - Regular plugins testing |
+| (optional) `"override_value"` | Used to determine a user-defined override for the setting. Useful for template-based plugins, where you can choose to leave the current value or override it with the value defined in the setting. (Work in progress) |
+| (optional) `"events"` | Used to trigger the plugin. Usually used on the `RUN` setting. Not fully tested in all scenarios. Will show a play button next to the setting. After clicking, an event is generated for the backend in the `Parameters` database table to process the front-end event on the next run. |
+
+### UI Component Types Documentation
+
+This section outlines the structure and types of UI components, primarily used to build HTML forms or interactive elements dynamically. Each UI component has a `"type"` which defines its structure, behavior, and rendering options.
+
+#### UI Component JSON Structure
+The UI component is defined as a JSON object containing a list of `elements`. Each element specifies how it should behave, with properties like `elementType`, `elementOptions`, and any associated `transformers` to modify the data. The example below demonstrates how a component with two elements (`span` and `select`) is structured:
+
+```json
+{
+      "function": "devIcon",
+      "type": {
+        "dataType": "string",
+        "elements": [
+          {
+            "elementType": "span",
+            "elementOptions": [
+              { "cssClasses": "input-group-addon iconPreview" },
+              { "getStringKey": "Gen_SelectToPreview" },
+              { "customId": "NEWDEV_devIcon_preview" }
+            ],
+            "transformers": []
+          },
+          {
+            "elementType": "select",
+            "elementHasInputValue": 1,
+            "elementOptions": [
+              { "cssClasses": "col-xs-12" },
+              {
+                "onChange": "updateIconPreview(this)"
+              },
+              { "customParams": "NEWDEV_devIcon,NEWDEV_devIcon_preview" }
+            ],
+            "transformers": []
+          }          
+        ]
+      }
+}
+
+```
+
+### Rendering Logic
+
+The code snippet provided demonstrates how the elements are iterated over to generate their corresponding HTML. Depending on the `elementType`, different HTML tags (like `<select>`, `<input>`, `<textarea>`, `<button>`, etc.) are created with the respective attributes such as `onChange`, `my-data-type`, and `class` based on the provided `elementOptions`. Events can also be attached to elements like buttons or select inputs.
+
+### Key Element Types
+
+- **`select`**: Renders a dropdown list. Additional options like `isMultiSelect` and event handlers (e.g., `onChange`) can be attached.
+- **`input`**: Handles various types of input fields, including checkboxes, text, and others, with customizable attributes like `readOnly`, `placeholder`, etc.
+- **`button`**: Generates clickable buttons with custom event handlers (`onClick`), icons, or labels.
+- **`textarea`**: Creates a multi-line input box for text input.
+- **`span`**: Used for inline text or content with customizable classes and data attributes.
+
+Each element may also have associated events (e.g., running a scan or triggering a notification) defined under `Events`.
+
+    
+##### Supported settings `function` values
+
+You can have any `"function": "my_custom_name"` custom name, however, the ones listed below have a specific functionality attached to them. If you use a custom name, then the setting is mostly used as an input parameter for the `params` section.
+
+| Setting | Description |
+| ------- | ----------- |
+| `RUN` | (required) Specifies when the service is executed. |
+|  | Supported Options: |
+|  | - "disabled" - do not run |
+|  | - "once" - run on app start or on settings saved |
+|  | - "schedule" - if included, then a `RUN_SCHD` setting needs to be specified to determine the schedule |
+|  | - "always_after_scan" - run always after a scan is finished |
+|  | - "before_name_updates" - run before device names are updated (for name discovery plugins) |
+|  | - "on_new_device" - run when a new device is detected |
+|  | - "before_config_save" - run before the config is marked as saved. Useful if your plugin needs to modify the `app.conf` file. |
+| `RUN_SCHD` | (required if you include "schedule" in the above `RUN` function) Cron-like scheduling is used if the `RUN` setting is set to `schedule`. |
+| `CMD` | (required) Specifies the command that should be executed. |
+| `API_SQL` | (not implemented) Generates a `table_` + `code_name` + `.json` file as per [API docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md). |
+| `RUN_TIMEOUT` | (optional) Specifies the maximum execution time of the script. If not specified, a default value of 10 seconds is used to prevent hanging. |
+| `WATCH` | (optional) Specifies which database columns are watched for changes for this particular plugin. If not specified, no notifications are sent. |
+| `REPORT_ON` | (optional) Specifies when to send a notification. Supported options are: |
+|  | - `new` means a new unique (unique combination of PrimaryId and SecondaryId) object was discovered. |
+|  | - `watched-changed` - means that selected `Watched_ValueN` columns changed |
+|  | - `watched-not-changed` - reports even on events where selected `Watched_ValueN` did not change |
+|  | - `missing-in-last-scan` - if the object is missing compared to previous scans |
+
+
+> 🔎 Example:
+> 
+> ```json
+> {
+>     "function": "RUN",            
+>     "type": {"dataType":"string", "elements": [{"elementType" : "select", "elementOptions" : [] ,"transformers": []}]},            
+>     "default_value":"disabled",
+>     "options": ["disabled", "once", "schedule", "always_after_scan", "on_new_device"],
+>     "localized": ["name", "description"],
+>     "name" :[{
+>         "language_code":"en_us",
+>         "string" : "When to run"
+>     }],
+>     "description": [{
+>         "language_code":"en_us",
+>         "string" : "Enable a regular scan of your services. If you select <code>schedule</code> the scheduling settings from below are applied. If you select <code>once</code> the scan is run only once on start of the application (container) for the time specified in <a href=\"#WEBMON_RUN_TIMEOUT\"><code>WEBMON_RUN_TIMEOUT</code> setting</a>."
+>     }]
+> }
+> ```
+
+##### 🌍Localized strings
+
+- `"language_code":"<en_us|es_es|de_de>"`  - code name of the language string. Only these three are currently supported. At least the `"language_code":"en_us"` variant has to be defined. 
+- `"string"`  - The string to be displayed in the given language.
+
+> 🔎 Example:
+> 
+> ```json
+> 
+>     {
+>         "language_code":"en_us",
+>         "string" : "When to run"
+>     }
+> 
+> ```
+
+##### UI settings in database_column_definitions
+
+The UI will adjust how columns are displayed in the UI based on the resolvers definition of the `database_column_definitions` object. These are the supported form controls and related functionality:
+
+- Only columns with `"show": true` and also with at least an English translation will be shown in the UI.
+
+| Supported Types | Description |
+| -------------- | ----------- |
+| `label` | Displays a column only. |
+| `textarea_readonly` | Generates a read only text area and cleans up the text to display it somewhat formatted with new lines preserved. |
+| See below for information on `threshold`, `replace`. | |
+|  |  |
+| `options` Property | Used in conjunction with types like `threshold`, `replace`, `regex`. |
+| `options_params` Property | Used in conjunction with a `"options": "[{value}]"` template and `text.select`/`list.select`. Can specify SQL query (needs to return 2 columns `SELECT devName as name, devMac as id`) or Setting (not tested) to populate the dropdown. Check example below or have a look at the `NEWDEV` plugin `config.json` file. |
+| `threshold` | The `options` array contains objects ordered from the lowest `maximum` to the highest. The corresponding `hexColor` is used for the value background color if it's less than the specified `maximum` but more than the previous one in the `options` array. |
+| `replace` | The `options` array contains objects with an `equals` property, which is compared to the "value." If the values are the same, the string in `replacement` is displayed in the UI instead of the actual "value". |
+| `regex` | Applies a regex to the value.  The `options` array contains objects with an `type` (must be set to `regex`) and `param` (must contain the regex itself) property. |
+|  |  |
+| Type Definitions |  |
+| `device_mac` | The value is considered to be a MAC address, and a link pointing to the device with the given MAC address is generated. |
+| `device_ip` | The value is considered to be an IP address. A link pointing to the device with the given IP is generated. The IP is checked against the last detected IP address and translated into a MAC address, which is then used for the link itself. |
+| `device_name_mac` | The value is considered to be a MAC address, and a link pointing to the device with the given IP is generated. The link label is resolved as the target device name. |
+| `url` | The value is considered to be a URL, so a link is generated. |
+| `textbox_save` | Generates an editable and saveable text box that saves values in the database. Primarily intended for the `UserData` database column in the `Plugins_Objects` table. |
+| `url_http_https` | Generates two links with the `https` and `http` prefix as lock icons. |
+| `eval` | Evaluates as JavaScript. Use the variable `value` to use the given column value as input (e.g. `'<b>${value}<b>'` (replace ' with ` in your code) ) |
+            
+
+> [!NOTE] 
+> Supports chaining. You can chain multiple resolvers with `.`. For example `regex.url_http_https`. This will apply the `regex` resolver and then the `url_http_https` resolver.
+
+
+```json
+        "function": "devType",
+        "type": {"dataType":"string", "elements": [{"elementType" : "select", "elementOptions" : [] ,"transformers": []}]},
+        "maxLength": 30,
+        "default_value": "",
+        "options": ["{value}"],
+        "options_params" : [
+            {
+                "name"  : "value",
+                "type"  : "sql",
+                "value" : "SELECT '' as id, '' as name UNION SELECT devType as id, devType as name FROM (SELECT devType FROM Devices UNION SELECT 'Smartphone' UNION SELECT 'Tablet' UNION SELECT 'Laptop' UNION SELECT 'PC' UNION SELECT 'Printer' UNION SELECT 'Server' UNION SELECT 'NAS' UNION SELECT 'Domotic' UNION SELECT 'Game Console' UNION SELECT 'SmartTV' UNION SELECT 'Clock' UNION SELECT 'House Appliance' UNION SELECT 'Phone' UNION SELECT 'AP' UNION SELECT 'Gateway' UNION SELECT 'Firewall' UNION SELECT 'Switch' UNION SELECT 'WLAN' UNION SELECT 'Router' UNION SELECT 'Other') AS all_devices ORDER BY id;"
+            },
+            {
+                "name"  : "uilang",
+                "type"  : "setting",
+                "value" : "UI_LANG"
+            }
+        ]
+```
+
+
+```json
+{
+            "column": "Watched_Value1",
+            "css_classes": "col-sm-2",
+            "show": true,
+            "type": "threshold",            
+            "default_value":"",
+            "options": [
+                {
+                    "maximum": 199,
+                    "hexColor": "#792D86"                
+                },
+                {
+                    "maximum": 299,
+                    "hexColor": "#5B862D"
+                },
+                {
+                    "maximum": 399,
+                    "hexColor": "#7D862D"
+                },
+                {
+                    "maximum": 499,
+                    "hexColor": "#BF6440"
+                },
+                {
+                    "maximum": 599,
+                    "hexColor": "#D33115"
+                }
+            ],
+            "localized": ["name"],
+            "name":[{
+                "language_code":"en_us",
+                "string" : "Status code"
+                }]
+        },        
+        {
+            "column": "Status",
+            "show": true,
+            "type": "replace",            
+            "default_value":"",
+            "options": [
+                {
+                    "equals": "watched-not-changed",
+                    "replacement": "<i class='fa-solid fa-square-check'></i>"
+                },
+                {
+                    "equals": "watched-changed",
+                    "replacement": "<i class='fa-solid fa-triangle-exclamation'></i>"
+                },
+                {
+                    "equals": "new",
+                    "replacement": "<i class='fa-solid fa-circle-plus'></i>"
+                }
+            ],
+            "localized": ["name"],
+            "name":[{
+                "language_code":"en_us",
+                "string" : "Status"
+                }]
+        },
+        {
+            "column": "Watched_Value3",
+            "css_classes": "col-sm-1",
+            "show": true,
+            "type": "regex.url_http_https",            
+            "default_value":"",
+            "options": [
+                {
+                    "type": "regex",
+                    "param": "([\\d.:]+)"
+                }          
+            ],
+            "localized": ["name"],
+            "name":[{
+                "language_code":"en_us",
+                "string" : "HTTP/s links"
+                },
+	    	    {
+                "language_code":"es_es",
+                "string" : "N/A"
+                }]
+        }
+```
+
+[screen1]: https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/plugins.png                    "Screen 1"
+[screen2]: https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/plugins_settings.png           "Screen 2"
+[screen3]: https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/plugins_json_settings.png      "Screen 3"
+[screen4]: https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/plugins_json_ui.png            "Screen 4"
+[screen5]: https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/plugins_device_details.png     "Screen 5"

docs/RANDOM_MAC.md

@@ -12,10 +12,12 @@ know, but it **is totally useless when connecting to our own WIFI's** or known
 networks.
 
 **I recommend disabling this operation when connecting our devices to our own
-WIFI's**, in this way, Pi.Alert will be able to identify the device, and it
+WIFI's**, in this way, NetAlertX will be able to identify the device, and it
 will not identify it as a new device every so often (every time IOS or Android
 decides to change the MAC).
 
+**Random MACs** are recognized by the characters "2", "6", "A", or "E" as the 2nd character in the Mac address. You can disable specific prefixes to be detected as random MAC addresses by specifying the `UI_NOT_RANDOM_MAC` setting.
+
 ## IOS
 ![ios][ios]
 
@@ -33,7 +35,14 @@ decides to change the MAC).
   [Read more here](../LICENSE.txt)
 
 ### Contact
-  pi.alert.application@gmail.com
+  Always use the Issue tracker for the correct fork, for example: 
+  
+  [jokob-sk/NetAlertX](https://github.com/jokob-sk/NetAlertX/issues). Please also follow the guidelines on:
+
+  - ➕ [Pull Request guidelines](https://github.com/jokob-sk/NetAlertX/tree/main/docs#-pull-requests-prs) 
+  - 🙏 [Feature request guidelines](https://github.com/jokob-sk/NetAlertX/tree/main/docs#-feature-requests) 
+  - 🐛 [Issue guidelines](https://github.com/jokob-sk/NetAlertX/tree/main/docs#-submitting-an-issue-or-bug)
+
   
   ***Suggestions and comments are welcome***
 

docs/README.md

@@ -0,0 +1,144 @@
+## Documentation overview
+
+<details>
+  <summary>:information_source: In the app hover over settings or fields/labels or click blue in-app ❔ (question-mark) icons to get to relevant documentation pages.</summary>
+
+  ![In-app help](/docs/img/GENERAL/in-app-help.png)
+
+</details>
+
+There is also an in-app Help / FAQ section that should be answering frequently asked questions.
+
+### 📥 Installation
+
+#### 🐳 Docker (Fully supported)
+
+- The main installation method is as a [docker container - follow these instructions here](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md). 
+
+#### 💻 Bare-metal / On-server (Experimental/community supported 🧪)
+
+- [(Experimental 🧪) On-hardware instructions](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md) 
+
+- Alternative bare-metal install forks: 
+  - [leiweibau's fork](https://github.com/leiweibau/Pi.Alert/) (maintained)
+  - [pucherot's original code](https://github.com/pucherot/Pi.Alert/) (un-maintained)
+
+### 📚 Table of contents
+
+#### 📥 Initial Setup
+
+- [Synology Guide](/docs/SYNOLOGY_GUIDE.md)
+- [Subnets and VLANs configuration for arp-scan](/docs/SUBNETS.md)
+- [Scanning Remote Networks](/docs/REMOTE_NETWORKS.md)
+- [SMTP server config](/docs/SMTP.md)
+- [Custom Icon configuration and support](/docs/ICONS.md)
+- [Notifications](/docs/NOTIFICATIONS.md)
+- [Better name resolution with Reverse DNS](/docs/REVERSE_DNS.md)
+- [Network treemap configuration](/docs/NETWORK_TREE.md)
+- [Backups](/docs/BACKUPS.md)
+- [Plugins overview](/front/plugins/README.md)
+
+#### 🐛 Debugging help & tips
+
+- [Debugging tips](/docs/DEBUG_TIPS.md)
+- [Debugging UI not showing](/docs/WEB_UI_PORT_DEBUG.md)
+- [Invalid JSON errors debug help](/docs/DEBUG_INVALID_JSON.md)
+- [Troubleshooting Plugins](/docs/DEBUG_PLUGINS.md)
+- [File Permissions](/docs/FILE_PERMISSIONS.md)
+- [Performance tips](/docs/PERFORMANCE.md)
+
+#### 🔝 Popular/Suggested
+
+- [Home Assistant](/docs/HOME_ASSISTANT.md)
+- [Bulk edit devices](/docs/DEVICES_BULK_EDITING.md)
+
+#### ⚙ System Management
+
+- [Manage devices (legacy docs)](/docs/DEVICE_MANAGEMENT.md)
+- [Random MAC/MAC icon meaning (legacy docs)](/docs/RANDOM_MAC.md)
+
+#### 🔎 Examples
+
+- [N8N webhook example](/docs/WEBHOOK_N8N.md)
+
+#### ♻ Misc
+
+- [Version history (legacy)](/docs/VERSIONS_HISTORY.md)
+- [Reverse proxy (Nginx, Apache, SWAG)](/docs/REVERSE_PROXY.md)
+- [Installing Updates](/docs/UPDATES.md)
+- [Setting up Authelia](/docs/AUTHELIA.md) (DRAFT)
+
+#### 👩‍💻For Developers👨‍💻
+
+- [Setting up your DEV environment](/docs/DEV_ENV_SETUP.md)
+- [Server APP code structure](/server/README.md)
+- [Database structure](/docs/DATABASE.md)
+- [API endpoints details](/docs/API.md)
+- [Plugin development guide](/docs/PLUGINS_DEV.md)
+- [Settings system](/docs/SETTINGS_SYSTEM.md)
+- [New Version notifications](/docs/VERSIONS.md)
+- [Frontend development tips](/docs/FRONTEND_DEVELOPMENT.md)
+- [Webhook secrets](/docs/WEBHOOK_SECRET.md)
+
+Feel free to suggest or submit new docs via a PR. 
+
+## 👨‍💻 Development priorities
+
+Priorities from highest to lowest:
+
+* 🔼 Fixing core functionality bugs not solvable with workarounds
+* 🔵 New core functionality unlocking other opportunities (e.g.: plugins) 
+* 🔵 Refactoring enabling faster implementation of future functionality 
+* 🔽 (low) UI functionality & improvements (PRs welcome 😉)
+
+Design philosophy: Focus on core functionality and leverage existing apps and tools to make NetAlertX integrate into other workflows. 
+
+Examples: 
+
+    1. Supporting apprise makes more sense than implementing multiple individual notification gateways
+    2. Implementing regular expression support across settings for validation makes more sense than validating one setting with a specific expression. 
+
+UI-specific requests are a low priority as the framework picked by the original developer is not very extensible (and afaik doesn't support components) and has limited mobile support. Also, I argue the value proposition is smaller than working on something else.
+
+Feel free to submit PRs if interested. try to **keep the PRs small/on-topic** so they are easier to review and approve. 
+
+That being said, I'd reconsider if more people and or recurring sponsors file a request 😉.
+
+## 🙏 Feature requests
+
+Please be as detailed as possible with **workarounds** you considered and why a native feature is the better way. This gives me better context and will make it more likely to be implemented. Ideally, a feature request should be in the format "I want to be able to do XYZ so that ZYX. I considered these approaches XYZ".
+
+## ➕ Pull requests (PRs)
+
+If you submit a PR please:
+
+1. Check that your changes are backward compatible with existing installations and with a blank setup. 
+2. Existing features should always be preserved. 
+3. Keep the PR small, on-topic and don't change code that is not necessary for the PR to work
+4. New features code should ideally be re-usable for different purposes, not for a very narrow use case.
+5. New functionality should ideally be implemented via the Plugins system, if possible.
+
+Suggested test cases:
+
+- Blank setup with no DB or config
+- Existing DB / config
+- Sending a notification (e. g. Delete a device and wait for a scan to run) and testing all notification gateways, especially:
+   - Email, Apprise (e.g. via Telegram), webhook (e.g. via Discord), MQTT (e.g. via Home Assistant)
+- Saving settings
+- Test a couple of plugins
+- Check the Error log for anything unusual
+
+Some additional context:
+
+* Permanent settings/config is stored in the `app.conf` file
+* Currently temporary (session?) settings are stored in the `Parameters` DB table as key-value pairs. This table is wiped during a container rebuild/restart and its values are re-initialized from cookies/session data from the browser. 
+
+## 🐛 Submitting an issue or bug
+
+Before submitting a new issue please spend a couple of minutes on research:
+
+* Check [🛑 Common issues](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#common-issues) 
+* Check [💡 Closed issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed) if a similar issue was solved in the past.
+* When submitting an issue ❗[enable debug](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md)❗
+
+⚠ Please follow the pre-defined issue template to resolve your issue faster.

docs/REMOTE_NETWORKS.md

@@ -0,0 +1,49 @@
+# Scanning Remote or Inaccessible Networks
+
+By design, local network scanners such as `arp-scan` use ARP (Address Resolution Protocol) to map IP addresses to MAC addresses on the local network. Since ARP operates at Layer 2 (Data Link Layer), it typically works only within a single broadcast domain, usually limited to a single router or network segment.
+
+To scan multiple locally accessible network segments, add them as subnets according to the [subnets](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md) documentation.
+
+## Complex Use Cases
+
+The following network setups might make some devices undetectable. Check the specific setup to understand the cause and find potential workarounds to still report on these devices.
+
+### Wi-Fi Extenders
+
+Wi-Fi extenders typically create a separate network or subnet, which can prevent network scanning tools like `arp-scan` from detecting devices behind the extender.
+
+> **Possible workaround**: Scan the specific subnet that the extender uses, if it is separate from the main network.
+
+### VPNs
+
+ARP operates at Layer 2 (Data Link Layer) and works only within a local area network (LAN). VPNs, which operate at Layer 3 (Network Layer), route traffic between networks, preventing ARP requests from discovering devices outside the local network.
+
+VPNs use virtual interfaces (e.g., `tun0`, `tap0`) to encapsulate traffic, bypassing ARP-based discovery. Additionally, many VPNs use NAT, which masks individual devices behind a shared IP address.
+
+> **Possible workaround**: Configure the VPN to bridge networks instead of routing to enable ARP, though this depends on the VPN setup and security requirements.
+
+# Other Workarounds
+
+The following workarounds should work for most complex network setups.
+
+## Supplementing Plugins
+
+You can use supplementary plugins that employ alternate methods. Protocols used by the `SNMPDSC` or `DHCPLSS` plugins are widely supported on different routers and can be effective as workarounds. Check the [plugins list](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md) to find a plugin that works with your router and network setup.
+
+## Multiple NetAlertX Instances
+
+If you have servers in different networks, you can set up separate NetAlertX instances on those subnets and synchronize the results into one instance using the [`SYNC` plugin](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/sync).
+
+## Manual Entry
+
+If you don't need to discover new devices and only need to report on their status (`online`, `offline`, `down`), you can manually enter devices and check their status using the [`ICMP` plugin](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/icmp_scan/), which uses the `ping` command internally.
+
+For more information on how to add devices manually (or dummy devices), refer to the [Device Management](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICE_MANAGEMENT.md) documentation.
+
+To create truly dummy devices, you can use a loopback IP address (e.g., `0.0.0.0` or `127.0.0.1`) so they appear online.
+
+## NMAP and Fake MAC Addresses
+
+Scanning remote networks with NMAP is possible (vai the `NMAPDEV` plugin), but since it cannot retrieve the MAC address, you need to enable the `NMAPDEV_FAKE_MAC` setting. This will generate a fake MAC address based on the IP address, allowing you to track devices. However, this can lead to inconsistencies, especially if the IP address changes or a previously logged device is rediscovered. If this setting is disabled, only the IP address will be discovered, and devices with missing MAC addresses will be skipped.
+
+Check the [NMAPDEV plugin](https://github.com/jokob-sk/NetAlertX/tree/main/front/plugins/nmap_dev_scan) for details

docs/REVERSE_DNS.md

@@ -0,0 +1,87 @@
+## Setting up better name discovery with Reverse DNS
+
+If you are running a DNS server, such as **AdGuard**, set up **Private reverse DNS servers** for a better name resolution on your network. Enabling this setting will enable NetAlertX to execute dig and nslookup commands to automatically resolve device names based on their IP addresses.
+
+
+> Example 1: Reverse DNS `disabled`
+> 
+> ```
+> jokob@Synology-NAS:/$ nslookup 192.168.1.58
+> ** server can't find 58.1.168.192.in-addr.arpa: NXDOMAIN
+> 
+> ```
+
+> Example 2: Reverse DNS `enabled`
+> 
+> ```
+> jokob@Synology-NAS:/$ nslookup 192.168.1.58
+> 45.1.168.192.in-addr.arpa       name = jokob-NUC.localdomain.
+> ```
+
+### Enabling reverse DNS in AdGuard
+
+1. Navigate to **Settings** ->  **DNS Settings**
+2. Locate **Private reverse DNS servers**
+3. Enter your router IP address, such as `192.168.1.1`
+4. Make sure you have **Use private reverse DNS resolvers** ticked.
+5. Click **Apply** to save your settings.
+
+
+### Specifying the DNS in the container
+
+You can specify the DNS server in the docker-compose to improve name resolution on your network. 
+
+```yaml
+services:
+  netalertx:
+    container_name: netalertx
+    image: "jokobsk/netalertx:latest"
+    restart: unless-stopped
+    volumes:
+      -  /home/netalertx/config:/app/config
+      -  /home/netalertx/db:/app/db
+      -  /home/netalertx/log:/app/log
+    environment:
+      - TZ=Europe/Berlin
+      - PORT=20211
+    network_mode: host
+    dns:           # specifying the DNS servers used for the container
+      - 10.8.0.1
+      - 10.8.0.17
+```
+
+### Using a custom resolv.conf file
+
+You can configure a custom **/etc/resolv.conf** file in **docker-compose.yml** and set the nameserver to your LAN DNS server (e.g.: Pi-Hole). See the relevant [resolv.conf man](https://www.man7.org/linux/man-pages/man5/resolv.conf.5.html) entry for details. 
+
+#### docker-compose.yml:
+
+```yaml
+version: "3"
+services:
+  netalertx:
+    container_name: netalertx
+    image: "jokobsk/netalertx:latest"
+    restart: unless-stopped
+    volumes:
+      - ./config/app.conf:/app/config/app.conf
+      - ./db:/app/db
+      - ./log:/app/log
+      - ./config/resolv.conf:/etc/resolv.conf                          # Mapping the /resolv.conf file for better name resolution
+    environment:
+      - TZ=Europe/Berlin
+      - PORT=20211
+    ports:
+      - "20211:20211"
+    network_mode: host
+```
+
+#### ./config/resolv.conf:
+
+The most important below is the `nameserver` entry (you can add multiple):
+
+```
+nameserver 192.168.178.11
+options edns0 trust-ad
+search example.com
+```

docs/REVERSE_PROXY.md

@@ -0,0 +1,483 @@
+# Reverse Proxy Configuration
+
+> Submitted by amazing [cvc90](https://github.com/cvc90) 🙏
+
+
+> [!NOTE] 
+> There are 2 NGINX files for NetAlertX, one for the bare-metal Debian install (`netalertx.debian.conf`), and one for the docker container (`netalertx.template.conf`). Both can be found in the [install](https://github.com/jokob-sk/NetAlertX/tree/main/install) folder. Map, or use, the one appropriate for your setup. 
+
+## NGINX HTTP Configuration (Direct Path)
+
+1. On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
+
+2. In this file, paste the following code:
+
+```
+   server { 
+     listen 80; 
+     server_name netalertx; 
+     proxy_preserve_host on; 
+     proxy_pass http://localhost:20211/; 
+     proxy_pass_reverse http://localhost:20211/; 
+    }
+``` 
+
+3. Activate the new website by running the following command:
+
+   `nginx -s reload` or `systemctl restart nginx`
+
+4. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/
+
+<br>
+
+## NGINX HTTP Configuration (Sub Path)
+
+1. On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
+
+2. In this file, paste the following code:
+
+```
+   server { 
+     listen 80; 
+     server_name netalertx; 
+     proxy_preserve_host on; 
+     location ^~ /netalertx/ {
+          proxy_pass http://localhost:20211/;
+          proxy_pass_reverse http://localhost:20211/; 
+          proxy_redirect ~^/(.*)$ /netalertx/$1;
+          rewrite ^/netalertx/?(.*)$ /$1 break;			
+     }
+    }
+``` 
+
+3. Activate the new website by running the following command:
+
+   `nginx -s reload` or `systemctl restart nginx`
+
+4. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/netalertx/
+
+<br>
+
+## NGINX HTTP Configuration (Sub Path) with module ngx_http_sub_module
+
+1. On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
+
+2. In this file, paste the following code:
+
+```
+   server { 
+     listen 80; 
+     server_name netalertx; 
+     proxy_preserve_host on; 
+     location ^~ /netalertx/ {
+          proxy_pass http://localhost:20211/;
+          proxy_pass_reverse http://localhost:20211/; 
+          proxy_redirect ~^/(.*)$ /netalertx/$1;
+          rewrite ^/netalertx/?(.*)$ /$1 break;
+	  sub_filter_once off;
+	  sub_filter_types *;
+	  sub_filter 'href="/' 'href="/netalertx/';
+	  sub_filter '(?>$host)/css' '/netalertx/css';
+	  sub_filter '(?>$host)/js'  '/netalertx/js';
+	  sub_filter '/img' '/netalertx/img';
+	  sub_filter '/lib' '/netalertx/lib';
+	  sub_filter '/php' '/netalertx/php';				
+     }
+    }
+``` 
+
+3. Activate the new website by running the following command:
+
+   `nginx -s reload` or `systemctl restart nginx`
+
+4. Once NGINX restarts, you should be able to access the proxy website at http://netalertx/netalertx/
+
+<br>
+
+**NGINX HTTPS Configuration (Direct Path)**
+
+1. On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
+
+2. In this file, paste the following code:
+
+```
+   server { 
+     listen 443; 
+     server_name netalertx; 
+     SSLEngine On;
+     SSLCertificateFile /etc/ssl/certs/netalertx.pem;
+     SSLCertificateKeyFile /etc/ssl/private/netalertx.key;
+     proxy_preserve_host on; 
+     proxy_pass http://localhost:20211/; 
+     proxy_pass_reverse http://localhost:20211/; 
+    }
+``` 
+
+3. Activate the new website by running the following command:
+
+   `nginx -s reload` or `systemctl restart nginx`
+
+4. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/
+
+<br>
+
+**NGINX HTTPS Configuration (Sub Path)**
+
+1. On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
+
+2. In this file, paste the following code:
+
+```
+   server { 
+     listen 443; 
+     server_name netalertx; 
+     SSLEngine On;
+     SSLCertificateFile /etc/ssl/certs/netalertx.pem;
+     SSLCertificateKeyFile /etc/ssl/private/netalertx.key;
+     location ^~ /netalertx/ {
+          proxy_pass http://localhost:20211/;
+          proxy_pass_reverse http://localhost:20211/; 
+          proxy_redirect ~^/(.*)$ /netalertx/$1;
+          rewrite ^/netalertx/?(.*)$ /$1 break;		
+     }
+    }
+``` 
+
+3. Activate the new website by running the following command:
+
+   `nginx -s reload` or `systemctl restart nginx`
+
+4. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/netalertx/
+
+<br>
+
+## NGINX HTTPS Configuration (Sub Path) with module ngx_http_sub_module
+
+1. On your NGINX server, create a new file called /etc/nginx/sites-available/netalertx
+
+2. In this file, paste the following code:
+
+```
+   server { 
+     listen 443; 
+     server_name netalertx; 
+     SSLEngine On;
+     SSLCertificateFile /etc/ssl/certs/netalertx.pem;
+     SSLCertificateKeyFile /etc/ssl/private/netalertx.key;
+     location ^~ /netalertx/ {
+          proxy_pass http://localhost:20211/;
+          proxy_pass_reverse http://localhost:20211/; 
+          proxy_redirect ~^/(.*)$ /netalertx/$1;
+          rewrite ^/netalertx/?(.*)$ /$1 break;
+	  sub_filter_once off;
+	  sub_filter_types *;
+	  sub_filter 'href="/' 'href="/netalertx/';
+	  sub_filter '(?>$host)/css' '/netalertx/css';
+	  sub_filter '(?>$host)/js'  '/netalertx/js';
+	  sub_filter '/img' '/netalertx/img';
+	  sub_filter '/lib' '/netalertx/lib';
+	  sub_filter '/php' '/netalertx/php';		
+     }
+    }
+``` 
+
+3. Activate the new website by running the following command:
+
+   `nginx -s reload` or `systemctl restart nginx`
+
+4. Once NGINX restarts, you should be able to access the proxy website at https://netalertx/netalertx/
+
+<br>
+
+## Apache HTTP Configuration (Direct Path)
+
+1. On your Apache server, create a new file called /etc/apache2/sites-available/netalertx.conf.
+
+2. In this file, paste the following code:
+
+```
+    <VirtualHost *:80>
+         ServerName netalertx
+         ProxyPreserveHost On
+         ProxyPass / http://localhost:20211/
+         ProxyPassReverse / http://localhost:20211/
+    </VirtualHost>
+``` 
+
+3. Activate the new website by running the following command:
+
+   `a2ensite netalertx` or `service apache2 reload`
+
+4. Once Apache restarts, you should be able to access the proxy website at http://netalertx/
+
+<br>
+
+## Apache HTTP Configuration (Sub Path)
+
+1. On your Apache server, create a new file called /etc/apache2/sites-available/netalertx.conf.
+
+2. In this file, paste the following code:
+
+```
+    <VirtualHost *:80>
+         ServerName netalertx
+         location ^~ /netalertx/ {
+               ProxyPreserveHost On
+               ProxyPass / http://localhost:20211/
+               ProxyPassReverse / http://localhost:20211/
+         }
+    </VirtualHost>
+```   
+
+3. Activate the new website by running the following command:
+
+   `a2ensite netalertx` or `service apache2 reload`
+
+4. Once Apache restarts, you should be able to access the proxy website at http://netalertx/
+
+<br>
+
+## Apache HTTPS Configuration (Direct Path)
+
+1. On your Apache server, create a new file called /etc/apache2/sites-available/netalertx.conf.
+
+2. In this file, paste the following code:
+
+```
+    <VirtualHost *:443>
+         ServerName netalertx
+         SSLEngine On
+         SSLCertificateFile /etc/ssl/certs/netalertx.pem
+         SSLCertificateKeyFile /etc/ssl/private/netalertx.key
+         ProxyPreserveHost On
+         ProxyPass / http://localhost:20211/
+         ProxyPassReverse / http://localhost:20211/
+    </VirtualHost>
+```   
+
+3. Activate the new website by running the following command:
+
+    `a2ensite netalertx` or `service apache2 reload`
+
+4. Once Apache restarts, you should be able to access the proxy website at https://netalertx/
+
+<br>
+
+## Apache HTTPS Configuration (Sub Path)
+
+1. On your Apache server, create a new file called /etc/apache2/sites-available/netalertx.conf.
+
+2. In this file, paste the following code:
+                            
+```
+	<VirtualHost *:443> 
+        ServerName netalertx
+        SSLEngine On 
+        SSLCertificateFile /etc/ssl/certs/netalertx.pem
+        SSLCertificateKeyFile /etc/ssl/private/netalertx.key
+        location ^~ /netalertx/ {
+              ProxyPreserveHost On
+              ProxyPass / http://localhost:20211/
+              ProxyPassReverse / http://localhost:20211/
+        }
+    </VirtualHost>
+```       
+
+3. Activate the new website by running the following command:
+
+   `a2ensite netalertx` or `service apache2 reload`
+
+4. Once Apache restarts, you should be able to access the proxy website at https://netalertx/netalertx/
+
+## Reverse proxy example by using LinuxServer's SWAG container.
+
+> Submitted by [s33d1ing](https://github.com/s33d1ing). 🙏
+
+## [linuxserver/swag](https://github.com/linuxserver/docker-swag)
+
+In the SWAG container create `/config/nginx/proxy-confs/netalertx.subfolder.conf` with the following contents:
+
+``` nginx
+## Version 2023/02/05
+# make sure that your netalertx container is named netalertx
+# netalertx does not require a base url setting
+
+# Since NetAlertX uses a Host network, you may need to use the IP address of the system running NetAlertX for $upstream_app.
+
+location /netalertx {
+    return 301 $scheme://$host/netalertx/;
+}
+
+location ^~ /netalertx/ {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable for ldap auth (requires ldap-server.conf in the server block)
+    #include /config/nginx/ldap-location.conf;
+
+    # enable for Authelia (requires authelia-server.conf in the server block)
+    #include /config/nginx/authelia-location.conf;
+
+    # enable for Authentik (requires authentik-server.conf in the server block)
+    #include /config/nginx/authentik-location.conf;
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+
+    set $upstream_app netalertx;
+    set $upstream_port 20211;
+    set $upstream_proto http;
+
+    proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    proxy_set_header Accept-Encoding "";
+
+    proxy_redirect ~^/(.*)$ /netalertx/$1;
+    rewrite ^/netalertx/?(.*)$ /$1 break;
+
+    sub_filter_once off;
+    sub_filter_types *;
+
+    sub_filter 'href="/' 'href="/netalertx/';
+
+    sub_filter '(?>$host)/css' '/netalertx/css';
+    sub_filter '(?>$host)/js'  '/netalertx/js';
+
+    sub_filter '/img' '/netalertx/img';
+    sub_filter '/lib' '/netalertx/lib';
+    sub_filter '/php' '/netalertx/php';
+}
+```
+
+
+## Traefik
+
+> Submitted by [Isegrimm](https://github.com/Isegrimm) 🙏 (based on this [discussion](https://github.com/jokob-sk/NetAlertX/discussions/449#discussioncomment-7281442))
+
+Asuming the user already has a working Traefik setup, this is what's needed to make NetAlertX work at a URL like www.domain.com/netalertx/. 
+
+Note: Everything in these configs assumes '**www.domain.com**' as your domainname and '**section31**' as an arbitrary name for your certificate setup. You will have to substitute these with your own.
+
+Also, I use the prefix '**netalertx**'. If you want to use another prefix, change it in these files: dynamic.toml and default.
+
+Content of my yaml-file (this is the generic Traefik config, which defines which ports to listen on, redirect http to https and sets up the certificate process).
+It also contains Authelia, which I use for authentication.
+This part contains nothing specific to NetAlertX.
+
+```yaml
+version: '3.8'
+
+services:
+  traefik:
+    image: traefik
+    container_name: traefik
+    command:
+      - "--api=true"
+      - "--api.insecure=true"
+      - "--api.dashboard=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.file.filename=/traefik-config/dynamic.toml"
+      - "--providers.file.watch=true"
+      - "--log.level=ERROR"
+      - "--certificatesresolvers.section31.acme.email=postmaster@domain.com"
+      - "--certificatesresolvers.section31.acme.storage=/traefik-config/acme.json"
+      - "--certificatesresolvers.section31.acme.httpchallenge=true"
+      - "--certificatesresolvers.section31.acme.httpchallenge.entrypoint=web"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - /appl/docker/traefik/config:/traefik-config
+    depends_on:
+      - authelia
+    restart: unless-stopped
+  authelia:
+    container_name: authelia
+    image: authelia/authelia:latest
+    ports:
+      - "9091:9091"
+    volumes:
+      - /appl/docker/authelia:/config
+    restart: u
+    nless-stopped
+```
+Snippet of the dynamic.toml file (referenced in the yml-file above) that defines the config for NetAlertX:
+The following are self-defined keywords, everything else is traefik keywords:
+- netalertx-router
+- netalertx-service
+- auth
+- netalertx-stripprefix
+
+
+```toml
+[http.routers]
+  [http.routers.netalertx-router]
+    entryPoints = ["websecure"]
+    rule = "Host(`www.domain.com`) && PathPrefix(`/netalertx`)"
+    service = "netalertx-service"
+    middlewares = "auth,netalertx-stripprefix"
+    [http.routers.netalertx-router.tls]
+       certResolver = "section31"
+       [[http.routers.netalertx-router.tls.domains]]
+         main = "www.domain.com"
+
+[http.services]
+  [http.services.netalertx-service]
+    [[http.services.netalertx-service.loadBalancer.servers]]
+      url = "http://internal-ip-address:20211/"
+
+[http.middlewares]
+  [http.middlewares.auth.forwardAuth]
+    address = "http://authelia:9091/api/verify?rd=https://www.domain.com/authelia/"
+    trustForwardHeader = true
+    authResponseHeaders = ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"]
+  [http.middlewares.netalertx-stripprefix.stripprefix]
+    prefixes = "/netalertx"
+    forceSlash = false
+
+```
+To make NetAlertX work with this setup I modified the default file at `/etc/nginx/sites-available/default` in the docker container by copying it to my local filesystem, adding the changes as specified by [cvc90](https://github.com/cvc90) and mounting the new file into the docker container, overwriting the original one. By mapping the file instead of changing the file in-place, the changes persist if an updated dockerimage is pulled. This is also a downside when the default file is updated, so I only use this as a temporary solution, until the dockerimage is updated with this change.
+
+Default-file:
+
+```
+server {
+    listen 80 default_server;
+    root /var/www/html;
+    index index.php;
+    #rewrite /netalertx/(.*) / permanent;
+    add_header X-Forwarded-Prefix "/netalertx" always;
+    proxy_set_header X-Forwarded-Prefix "/netalertx";
+
+  location ~* \.php$ {
+    fastcgi_pass unix:/run/php/php8.2-fpm.sock;
+    include         fastcgi_params;
+    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
+    fastcgi_connect_timeout 75;
+          fastcgi_send_timeout 600;
+          fastcgi_read_timeout 600;
+  }
+}
+```
+
+Mapping the updated file (on the local filesystem at `/appl/docker/netalertx/default`) into the docker container:
+
+
+```bash
+docker run -d --rm --network=host \
+  --name=netalertx \
+  -v /appl/docker/netalertx/config:/app/config \
+  -v /appl/docker/netalertx/db:/app/db \
+  -v /appl/docker/netalertx/default:/etc/nginx/sites-available/default \
+  -e TZ=Europe/Amsterdam \
+  -e PORT=20211 \
+  jokobsk/netalertx:latest
+
+```
+

docs/SESSION_INFO.md

@@ -0,0 +1,62 @@
+# Sessions Section in Device View
+
+The **Sessions Section** provides details about a device's connection history. This data is automatically detected and cannot be edited by the user.
+
+ ![Session info](/docs/img/SESSION_INFO/DeviceDetails_SessionInfo.png)
+
+---
+
+## Key Fields
+
+1. **Date and Time of First Connection**
+   - **Description:** Displays the first detected connection time for the device.
+   - **Editability:** Uneditable (auto-detected).
+   - **Source:** Automatically captured when the device is first added to the system.
+
+2. **Date and Time of Last Connection**
+   - **Description:** Shows the most recent time the device was online.
+   - **Editability:** Uneditable (auto-detected).
+   - **Source:** Updated with every new connection event.
+
+3. **Offline Devices with Missing or Conflicting Data**
+   - **Description:** Handles cases where a device is offline but has incomplete or conflicting session data (e.g., missing start times).
+   - **Handling:** The system flags these cases for review and attempts to infer missing details.
+
+---
+
+## How Sessions are Discovered and Calculated
+
+### 1. Detecting New Devices
+When a device is first detected in the network, the system logs it in the events table:
+
+`INSERT INTO Events (eve_MAC, eve_IP, eve_DateTime, eve_EventType, eve_AdditionalInfo, eve_PendingAlertEmail) SELECT cur_MAC, cur_IP, '{startTime}', 'New Device', cur_Vendor, 1 FROM CurrentScan WHERE NOT EXISTS (SELECT 1 FROM Devices WHERE devMac = cur_MAC)`
+
+- Devices scanned in the current cycle (**CurrentScan**) are checked against the **Devices** table.
+- If a device is new:
+  - A **New Device** event is logged.
+  - The device’s MAC, IP, vendor, and detection time are recorded.
+
+### 2. Logging Connection Sessions
+When a new connection is detected, the system creates a session record:
+
+`INSERT INTO Sessions (ses_MAC, ses_IP, ses_EventTypeConnection, ses_DateTimeConnection, ses_EventTypeDisconnection, ses_DateTimeDisconnection, ses_StillConnected, ses_AdditionalInfo) SELECT cur_MAC, cur_IP, 'Connected', '{startTime}', NULL, NULL, 1, cur_Vendor FROM CurrentScan WHERE NOT EXISTS (SELECT 1 FROM Sessions WHERE ses_MAC = cur_MAC)`
+
+- A new session is logged in the **Sessions** table if no prior session exists.
+- Fields like `MAC`, `IP`, `Connection Type`, and `Connection Time` are populated.
+- The `Still Connected` flag is set to `1` (active connection).
+
+### 3. Handling Missing or Conflicting Data
+- Devices with incomplete or conflicting session data (e.g., missing start times) are detected.
+- The system flags these records and attempts corrections by inferring details from available data.
+
+### 4. Updating Sessions
+- When a device reconnects, its session is updated with a new connection timestamp.
+- When a device disconnects:
+  - The **Disconnection Time** is recorded.
+  - The `Still Connected` flag is set to `0`.
+
+The session information is then used to display the device presence under **Monitoring** -> **Presence**.
+
+![Monitoring Device Presence](/docs/img/SESSION_INFO/Monitoring_Presence.png)
+
+

docs/SETTINGS_SYSTEM.md

@@ -0,0 +1,77 @@
+## ⚙ Setting system
+
+This is an explanation how settings are handled intended for anyone thinking about writing their own plugin or contributing to the project. 
+
+If you are a user of the app, settings have a detailed description in the _Settings_ section of the app. Open an issue if you'd like to clarify any of the settings. 
+
+### 🛢 Data storage
+
+The source of truth for user-defined values is the `app.conf` file. Editing the file makes the App overwrite values in the `Settings` database table and in the `table_settings.json` file. 
+
+#### Settings database table
+
+The `Settings` database table contains settings for App run purposes. The table is recreated every time the App restarts. The settings are loaded from the source-of-truth, that is the `app.conf` file. A high-level overview on the database structure can be found in the [database documentation](/docs/DATABASE.md). 
+
+#### table_settings.json
+
+This is the [API endpoint](/docs/API.md) that reflects the state of the `Settings` database table. Settings can be accessed with the:
+
+* `getSetting(key)` JavaScript method
+
+The json file is also cached on the client-side local storage of the browser.
+
+#### app.conf
+
+> [!NOTE] 
+> This is the source of truth for settings. User-defined values in this files always override default values specified in the Plugin definition.
+
+The App generates two `app.conf` entries for every setting (Since version 23.8+). One entry is the setting value, the second is the `__metadata` associated with the setting. This `__metadata` entry contains the full setting definition in JSON format. Currently unused, but intended to be used in future to extend the Settings system.
+
+#### Plugin settings
+
+> [!NOTE] 
+> This is the preferred way adding settings going forward. I'll be likely migrating all app settings into plugin-based settings.
+
+Plugin settings are loaded dynamically from the `config.json` of individual plugins. If a setting isn't defined in the `app.conf` file, it is initialized via the `default_value` property of a setting from the `config.json` file. Check the [Plugins documentation](https://github.com/jokob-sk/NetAlertX/blob/main/front/plugins/README.md#-setting-object-structure), section `⚙ Setting object structure` for details on the structure of the setting.
+
+![Screen 1][screen1]
+
+### Settings Process flow
+
+The process flow is mostly managed by the [initialise.py](/server/initialise.py) file. 
+
+The script is responsible for reading user-defined values from a configuration file (`app.conf`), initializing settings, and importing them into a database. It also handles plugins and their configurations.
+
+Here's a high-level description of the code:
+
+1. Function Definitions:
+   - `ccd`: This function is used to handle user-defined settings and configurations. It takes several parameters related to the setting's name, default value, input type, options, group, and more. It saves the settings and their metadata in different lists (`conf.mySettingsSQLsafe` and `conf.mySettings`).
+
+   - `importConfigs`: This function is the main entry point of the script. It imports user settings from a configuration file, processes them, and saves them to the database.
+
+   - `read_config_file`: This function reads the configuration file (`app.conf`) and returns a dictionary containing the key-value pairs from the file.
+
+2. Importing Configuration and Initializing Settings:
+   - The `importConfigs` function starts by checking the modification time of the configuration file to determine if it needs to be re-imported. If the file has not been modified since the last import, the function skips the import process.
+
+   - The function reads the configuration file using the `read_config_file` function, which returns a dictionary of settings.
+
+   - The script then initializes various user-defined settings using the `ccd` function, based on the values read from the configuration file. These settings are categorized into groups such as "General," "Email," "Webhooks," "Apprise," and more.
+
+3. Plugin Handling:
+   - The script loads and handles plugins dynamically. It retrieves plugin configurations and iterates through each plugin.
+   - For each plugin, it extracts the prefix and settings related to that plugin and processes them similarly to other user-defined settings.
+   - It also handles scheduling for plugins with specific `RUN_SCHD` settings.
+
+4. Saving Settings to the Database:
+   - The script clears the existing settings in the database and inserts the updated settings into the database using SQL queries.
+
+5. Updating the API and Performing Cleanup:
+   - After importing the configurations, the script updates the API to reflect the changes in the settings.
+   - It saves the current timestamp to determine the next import time.
+   - Finally, it logs the successful import of the new configuration.
+
+
+_____________________
+
+[screen1]: https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/docs/img/plugins_json_settings.png      "Screen 1"

docs/SMTP.md

@@ -0,0 +1,41 @@
+# 📧 SMTP guides
+
+## Using the GMX SMTP server
+
+1. Go to your GMX account https://account.gmx.com
+2. Under Security Options enable 2FA (Two-factor authentication)
+3. Under Security Options generate an Application-specific password
+4. Home -> Email Settings -> POP3 & IMAP -> Enable access to this account via POP3 and IMAP
+5. In NetAlertX specify these settings:
+
+```python
+    SMTP_RUN='on_notification'
+    SMTP_SERVER='mail.gmx.com'
+    SMTP_PORT=465
+    SMTP_USER='gmx_email@gmx.com'
+    SMTP_PASS='<your Application-specific password>'
+    SMTP_SKIP_TLS=True
+    SMTP_FORCE_SSL=True
+    SMTP_SKIP_LOGIN=False
+    SMTP_REPORT_FROM='gmx_email@gmx.com' # this has to be the same email as in SMTP_USER
+    SMTP_REPORT_TO='some_target_email@gmail.com'
+```
+
+
+## Using the Gmail SMTP server
+    
+1. Create an app password by following the instructions from Google, you need to Enable 2FA for this to work.
+[https://support.google.com/accounts/answer/185833](https://support.google.com/accounts/answer/185833)
+
+2. Specify the following settings:
+
+```python
+    SMTP_RUN='on_notification'
+    SMTP_SKIP_TLS=True
+    SMTP_FORCE_SSL=True 
+    SMTP_PORT=465
+    SMTP_SERVER='smtp.gmail.com'
+    SMTP_PASS='16-digit passcode from google'
+    SMTP_REPORT_TO='some_target_email@gmail.com'
+```
+

docs/SMTP_GMAIL.md

@@ -1,15 +0,0 @@
-## Use the Gmail SMTP server
-    
-1) Create an app password by following the instructions from Google, you need to Enable 2FA for this to work.
-[https://support.google.com/accounts/answer/185833](https://support.google.com/accounts/answer/185833)
-
-2) Specify the following settings:
-
-```python
-    SMTP_SKIP_TLS=True
-    SMTP_FORCE_SSL=True 
-    SMTP_PORT=465
-    SMTP_SERVER='smtp.gmail.com'
-    SMTP_PASS='16-digit passcode from google'
-```
-

docs/SUBNETS.md

@@ -0,0 +1,111 @@
+# Subnets Configuration
+
+You need to specify the network interface and the network mask. You can also configure multiple subnets and specify VLANs (see VLAN exceptions below).
+
+`ARPSCAN` can scan multiple networks if the network allows it. To scan networks directly, the subnets must be accessible from the network where NetAlertX is running. This means NetAlertX needs to have access to the interface attached to that subnet. You can verify this by running the following command in the container:
+
+`sudo arp-scan --interface=eth0 192.168.1.0/24`
+
+In this example, `--interface=eth0 192.168.1.0/24` represents a neighboring subnet. If this command returns no results, the network is not accessible due to your network or firewall restrictions.
+
+If direct scans are not possible (Wi-Fi Extenders, VPNs and inaccessible networks), check the [remote networks documentation](https://github.com/jokob-sk/NetAlertX/blob/main/docs/REMOTE_NETWORKS.md). 
+
+> [!TIP] 
+> You may need to increase the time between scans `ARPSCAN_RUN_SCHD` and the timeout `ARPSCAN_RUN_TIMEOUT` (and similar settings for related plugins) when adding more subnets. If the timeout setting is exceeded, the scan is canceled to prevent the application from hanging due to rogue plugins.  
+> Check [debugging plugins](/docs/DEBUG_PLUGINS.md) for more tips.
+
+## Example Values
+
+> [!NOTE] 
+> Please use the UI to configure settings as it ensures the config file is in the correct format. Edit `app.conf` directly only when really necessary.  
+> ![Settings location](/docs/img/SUBNETS/subnets-setting-location.png)
+
+* **Examples for one and two subnets:**
+  * One subnet: `SCAN_SUBNETS = ['192.168.1.0/24 --interface=eth0']`
+  * Two subnets: `SCAN_SUBNETS = ['192.168.1.0/24 --interface=eth0','192.168.1.0/24 --interface=eth1 -vlan=107']`
+
+If you get timeout messages, decrease the network mask (e.g.: from `/16` to `/24`) or increase the `TIMEOUT` setting (e.g.: `ARPSCAN_RUN_TIMEOUT` to `300` (5-minute timeout)) for the plugin and the interval between scans (e.g.: `ARPSCAN_RUN_SCHD` to `*/10 * * * *` (scans every 10 minutes)).
+
+---
+
+## Explanation
+
+### Network Mask
+
+**Example value:** `192.168.1.0/24`
+
+The `arp-scan` time itself depends on the number of IP addresses to check.
+
+> The number of IPs to check depends on the [network mask](https://www.calculator.net/ip-subnet-calculator.html) you set in the `SCAN_SUBNETS` setting.  
+> For example, a `/24` mask results in 256 IPs to check, whereas a `/16` mask checks around 65,536 IPs. Each IP takes a couple of seconds, so an incorrect configuration could make `arp-scan` take hours instead of seconds.
+
+Specify the network filter, which **significantly** speeds up the scan process. For example, the filter `192.168.1.0/24` covers IP ranges from `192.168.1.0` to `192.168.1.255`.
+
+### Network Interface (Adapter)
+
+**Example value:** `--interface=eth0`
+
+The adapter will probably be `eth0` or `eth1`. (Check `System Info` > `Network Hardware` or run `iwconfig` in the container to find your interface name(s)).
+
+![Network hardware](/docs/img/SUBNETS/system_info-network_hardware.png)
+
+> [!TIP]  
+> As an alternative to `iwconfig`, run `ip -o link show | awk -F': ' '!/lo|vir|docker/ {print $2}'` in your container to find your interface name(s) (e.g.: `eth0`, `eth1`).
+
+### VLANs
+
+**Example value:** `-vlan=107`
+
+- Append `-vlan=107` to the interface field (e.g.: `eth0 -vlan=107`) for multiple VLANs. More details are available in this [comment](https://github.com/jokob-sk/NetAlertX/issues/170#issuecomment-1419902988).
+
+#### VLANs on a Hyper-V Setup
+
+> Community-sourced content by [mscreations](https://github.com/mscreations) from this [discussion](https://github.com/jokob-sk/NetAlertX/discussions/404).
+
+**Tested Setup:** Bare Metal → Hyper-V on Win Server 2019 → Ubuntu 22.04 VM → Docker → NetAlertX.
+
+**Approach 1 (may cause issues):**  
+Configure multiple network adapters in Hyper-V with distinct VLANs connected to each one using Hyper-V's network setup. However, this action can potentially lead to the Docker host's inability to handle network traffic correctly. This might interfere with other applications such as Authentik.
+
+**Approach 2 (working example):**
+
+Network connections to switches are configured as trunk and allow all VLANs access to the server.
+
+By default, Hyper-V only allows untagged packets through to the VM interface, blocking VLAN-tagged packets. To fix this, follow these steps:
+
+1. Run the following command in PowerShell on the Hyper-V machine:
+
+   ```powershell
+   Set-VMNetworkAdapterVlan -VMName <Docker VM Name> -Trunk -NativeVlanId 0 -AllowedVlanIdList "<comma separated list of vlans>"
+   ```
+
+
+2. Within the VM, set up sub-interfaces for each VLAN to enable scanning. On Ubuntu 22.04, Netplan can be used. In /etc/netplan/00-installer-config.yaml, add VLAN definitions:
+
+  ```yaml
+
+      network:
+        ethernets:
+          eth0:
+            dhcp4: yes
+        vlans:
+          eth0.2:
+            id: 2
+            link: eth0
+            addresses: [ "192.168.2.2/24" ]
+            routes:
+              - to: 192.168.2.0/24
+                via: 192.168.1.1
+  ```
+
+3. Run `sudo netplan apply` to activate the interfaces for scanning in NetAlertX.
+
+In this case, use `192.168.2.0/24 --interface=eth0.2` in NetAlertX.
+
+#### VLAN Support & Exceptions
+
+Please note the accessibility of macvlans when configured on the same computer. This is a general networking behavior, but feel free to clarify via a PR/issue.
+
+- NetAlertX does not detect the macvlan container when it is running on the same computer.
+- NetAlertX recognizes the macvlan container when it is running on a different computer.
+

docs/SYNOLOGY_GUIDE.md

@@ -0,0 +1,74 @@
+# Installation on a Synology NAS
+
+There are different ways to install NetAlertX on a Synology, including SSH-ing into the machine and using the command line. For this guide, we will use the Project option in Container manager. 
+
+## Create the folder structure
+
+The folders you are creating below will contain the configuration and the database. Back them up regularly. 
+
+1. Create a parent folder named `netalertx`
+2. Create a `db` sub-folder
+
+![Folder structure](/docs/img/SYNOLOGY/01_Create_folder_structure.png)
+![Folder structure](/docs/img/SYNOLOGY/02_Create_folder_structure_db.png)
+![Folder structure](/docs/img/SYNOLOGY/03_Create_folder_structure_db.png)
+
+3. Create a `config` sub-folder
+
+![Folder structure](/docs/img/SYNOLOGY/04_Create_folder_structure_config.png)
+
+4. Note down the folders Locations:
+
+![Getting the location](/docs/img/SYNOLOGY/05_Access_folder_properties.png)
+![Getting the location](/docs/img/SYNOLOGY/06_Note_location.png)
+
+5. Open **Container manager** -> **Project** and click **Create**.
+6. Fill in the details:
+
+- Project name: `netalertx`
+- Path: `/app_storage/netalertx` (will differ from yours)
+- Paste in the following template:
+
+```yaml
+version: "3"
+services:
+  netalertx:
+    container_name: netalertx
+    # use the below line if you want to test the latest dev image
+    # image: "jokobsk/netalertx-dev:latest" 
+    image: "jokobsk/netalertx:latest"      
+    network_mode: "host"        
+    restart: unless-stopped
+    volumes:
+      - local/path/config:/app/config
+      - local/path/db:/app/db      
+      # (optional) useful for debugging if you have issues setting up the container
+      - local/path/logs:/app/log
+    environment:
+      - TZ=Europe/Berlin      
+      - PORT=20211
+```
+
+![Project settings](/docs/img/SYNOLOGY/07_Create_project.png)
+
+7. Replace the paths to your volume and/or comment out unnecessary line(s):
+
+- This is only an example, your paths will differ.
+
+```yaml
+ volumes:
+      - /volume1/app_storage/netalertx/config:/app/config
+      - /volume1/app_storage/netalertx/db:/app/db      
+      # (optional) useful for debugging if you have issues setting up the container
+      # - local/path/logs:/app/log <- commented out with # ⚠
+```
+
+![Adjusting docker-compose](/docs/img/SYNOLOGY/08_Adjust_docker_compose_volumes.png)
+
+8. (optional) Change the port number from `20211` to an unused port if this port is already used.
+9. Build the project:
+
+![Build](/docs/img/SYNOLOGY/09_Run_and_build.png)
+
+10. Navigate to `<Synology URL>:20211` (or your custom port).
+11. Read the [Subnets](/docs/SUBNETS.md) and [Plugins](/front/plugins/README.md) docs to complete your setup. 

docs/UPDATES.md

@@ -0,0 +1,110 @@
+# Docker Update Strategies for NetAlertX
+
+This guide outlines several approaches for updating Docker containers, specifically using NetAlertX. Each method offers different benefits depending on the situation. Here are the methods:
+
+- Manual: Direct commands to stop, remove, and rebuild containers.
+- Dockcheck: Semi-automated with more control, suited for bulk updates.
+- Watchtower: Fully automated, runs continuously to check and update containers.
+
+You can choose any approach that fits your workflow.
+
+> In the examples I assume that the container name is `netalertx` and the image name is `netalertx` as well.
+
+## 1. Manual Updates
+
+Use this method when you need precise control over a single container or when dealing with a broken container that needs immediate attention.
+Example Commands
+
+To manually update the `netalertx` container, stop it, delete it, remove the old image, and start a fresh one with `docker-compose`.
+
+```bash
+# Stop the container
+sudo docker container stop netalertx
+
+# Remove the container
+sudo docker container rm netalertx
+
+# Remove the old image
+sudo docker image rm netalertx
+
+# Pull and start a new container
+sudo docker-compose up -d
+```
+
+### Alternative: Force Pull with Docker Compose
+
+You can also use `--pull always` to ensure Docker pulls the latest image before starting the container:
+
+```bash
+sudo docker-compose up --pull always -d
+```
+
+## 2. Dockcheck for Bulk Container Updates
+
+Always check the [Dockcheck](https://github.com/mag37/dockcheck) docs if encountering issues with the guide below. 
+
+Dockcheck is a useful tool if you have multiple containers to update and some flexibility for handling potential issues that might arise during mass updates. Dockcheck allows you to inspect each container and decide when to update.
+
+### Example Workflow with Dockcheck
+
+You might use Dockcheck to:
+
+- Inspect container versions.
+- Pull the latest images in bulk.
+- Apply updates selectively.
+
+Dockcheck can help streamline bulk updates, especially if you’re managing multiple containers.
+
+Below is a script I use to run an update of the Dockcheck script and start a check for new containers:
+
+```bash
+cd /path/to/Docker &&
+rm dockcheck.sh &&
+wget https://raw.githubusercontent.com/mag37/dockcheck/main/dockcheck.sh &&
+sudo chmod +x dockcheck.sh &&
+sudo ./dockcheck.sh
+```
+
+## 3. Automated Updates with Watchtower
+
+Always check the [watchtower](https://github.com/containrrr/watchtower) docs if encountering issues with the guide below. 
+
+Watchtower monitors your Docker containers and automatically updates them when new images are available. This is ideal for ongoing updates without manual intervention.
+
+### Setting Up Watchtower
+
+#### 1. Pull the Watchtower Image:
+
+```bash
+docker pull containrrr/watchtower
+```
+
+#### 2. Run Watchtower to update all images:
+
+```bash
+docker run -d \
+  --name watchtower \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  containrrr/watchtower \
+  --interval 300 # Check for updates every 5 minutes
+```
+
+#### 3. Run Watchtower to update only NetAlertX: 
+
+You can specify which containers to monitor by listing them. For example, to monitor netalertx only:
+
+```bash
+docker run -d \
+  --name watchtower \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  containrrr/watchtower netalertx
+
+```
+
+## Summary
+
+- Manual: Ideal for individual or critical updates.
+- Dockcheck: Suitable for controlled, mass updates.
+- Watchtower: Fully automated, best for continuous deployment setups.
+
+These approaches allow you to maintain flexibility in how you update Docker containers, depending on the urgency and scale of the update.

docs/VERSIONS.md

@@ -0,0 +1,25 @@
+## Am I running the latest released version?
+
+Since version 23.01.14 NetAlertX uses a simple timestamp-based version check to verify if a new version is available. You can check the [current and past releases here](https://github.com/jokob-sk/NetAlertX/releases), or have a look at what I'm [currently working on](https://github.com/jokob-sk/NetAlertX/issues/138). 
+
+If you are not on the latest version, the app will notify you, that a new released version is avialable the following way:
+
+### 📧 Via email on a notification event
+
+If any notification occurs and an email is sent, the email will contain a note that a new version is available. See the sample email below:
+
+![Sample email if a new version is available](/docs/img/VERSIONS/new-version-available-email.png)
+
+### 🆕 In the UI
+
+In the UI via a notification Icon and via a custom message in the Maintenance section.
+
+![UI screenshot if a new version is available](/docs/img/VERSIONS/new-version-available-maintenance.png)
+
+For a comparison, this is how the UI looks like if you are on the latest stable image:
+
+![UI screenshot if on latest version](/docs/img/VERSIONS/latest-version-maintenance.png)
+
+## Implementation details
+
+During build a [/app/front/buildtimestamp.txt](https://github.com/jokob-sk/NetAlertX/blob/092797e75ccfa8359444ad149e727358ac4da05f/Dockerfile#L44) file is created. The app then periodically checks if a new release is available with a newer timestamp in GitHub's rest-based JSON endpoint (check the `def isNewVersion():` method for details).   

docs/VERSIONS_HISTORY.md

@@ -14,7 +14,7 @@
   |  v2.50  | First public release                                            |
 
 
-# 🆕 2022+ [Newest Release notes](https://github.com/jokob-sk/Pi.Alert/issues/138)
+# 🆕 2022+ [Newest Release notes](https://github.com/jokob-sk/NetAlertX/issues/138)
 
 ## Pi.Alert v3.02
 <!--- --------------------------------------------------------------------- --->
@@ -77,4 +77,11 @@
   [Read more here](../LICENSE.txt)
 
 ### Contact
-  pi.alert.application@gmail.com
+  Always use the Issue tracker for the correct fork, for example: 
+  
+  [jokob-sk/NetAlertX](https://github.com/jokob-sk/NetAlertX/issues). Please also follow the guidelines on:
+
+  - ➕ [Pull Request guidelines](https://github.com/jokob-sk/NetAlertX/tree/main/docs#-pull-requests-prs) 
+  - 🙏 [Feature request guidelines](https://github.com/jokob-sk/NetAlertX/tree/main/docs#-feature-requests) 
+  - 🐛 [Issue guidelines](https://github.com/jokob-sk/NetAlertX/tree/main/docs#-submitting-an-issue-or-bug)
+

docs/WEBHOOK_N8N.md

@@ -1,9 +1,11 @@
 ### Create a simple n8n workflow
 
+N8N can be used for more advanced conditional notification use cases. For example, you want only to get notified if two out of a specified list of devices is down. Or you can use other plugins to process the notifiations further. The below is a simple example of sending an email on a webhook.  
+
 ![n8n workflow](/docs/img/WEBHOOK_N8N/n8n_workflow.png)
 
 ### Specify your email template 
-See [sample JSON](https://github.com/jokob-sk/Pi.Alert/blob/main/back/webhook_json_sample.json) if you want to see the JSON paths used in the email template below
+See [sample JSON](https://github.com/jokob-sk/NetAlertX/blob/main/front/report_templates/webhook_json_sample.json) if you want to see the JSON paths used in the email template below
 ![Email template](/docs/img/WEBHOOK_N8N/n8n_send_email_settings.png)
 
 ```
@@ -14,5 +16,5 @@ New devices count: {{ $json["body"]["attachments"][0]["text"]["new_devices"].len
 ### Get your webhook in n8n
 ![n8n webhook URL](/docs/img/WEBHOOK_N8N/n8n_webhook_settings.png)
 
-### Configure PiAlert to point to the above URL
-![PiAlert config](/docs/img/WEBHOOK_N8N/Webhook_settings.png)
+### Configure NetAlertX to point to the above URL
+![NetAlertX config](/docs/img/WEBHOOK_N8N/Webhook_settings.png)

docs/WEBHOOK_SECRET.md

@@ -0,0 +1,38 @@
+# Webhook Secrets
+
+## How does the signing work?
+
+NetAlertX will use the configured secret to create a hash signature of the request body. This SHA256-HMAC signature will appear in the `X-Webhook-Signature` header of each request to the webhook target URL. You can use the value of this header to validate the request was sent by NetAlertX.
+
+## Activating webhook signatures
+
+All you need to do in order to add a signature to the request headers is to set the `WEBHOOK_SECRET` config value to a non-empty string.
+
+## Validating webhook deliveries
+
+There are a few things to keep in mind when validating the webhook delivery:
+
+- NetAlertX uses an HMAC hex digest to compute the hash
+- The signature in the `X-Webhook-Signature` header always starts with `sha256=`
+- The hash signature is generated using the configured `WEBHOOK_SECRET` and the request body.
+- Never use a plain `==` operator. Instead, consider using a method like [`secure_compare`](https://www.rubydoc.info/gems/rack/Rack%2FUtils:secure_compare) or [`crypto.timingSafeEqual`](https://nodejs.org/api/crypto.html#cryptotimingsafeequala-b), which performs a "constant time" string comparison to help mitigate certain timing attacks against regular equality operators, or regular loops in JIT-optimized languages.
+
+## Testing the webhook payload validation
+
+You can use the following secret and payload to verify that your implementation is working correctly.
+
+`secret`: 'this is my secret'
+
+`payload`: '{"test":"this is a test body"}'
+
+If your implementation is correct, the signature you generated should match the following:
+
+`signature`: bed21fcc34f98e94fd71c7edb75e51a544b4a3b38b069ebaaeb19bf4be8147e9
+
+`X-Webhook-Signature`: sha256=bed21fcc34f98e94fd71c7edb75e51a544b4a3b38b069ebaaeb19bf4be8147e9
+
+## More information
+
+If you want to learn more about webhook security, take a look at [GitHub's webhook documentation](https://docs.github.com/en/webhooks/about-webhooks).
+
+You can find examples for validating a webhook delivery [here](https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries#examples).

docs/WEB_UI_PORT_DEBUG.md

@@ -0,0 +1,51 @@
+# Debugging inaccessible UI
+
+## 1. Port conflicts
+
+When opening an issue please:
+
+1. Include a screenshot of what you see when accessing `HTTP://<your rpi IP>/20211` (or your custom port)
+1. [Follow steps 1, 2, 3, 4  on this page](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md) 
+1. Execute the following in the container to see the processes and their ports and submit a screenshot of the result:
+   1. `sudo apk add lsof`
+   1. `sudo lsof -i`
+1. Try running the `nginx` command in the container
+   1. if you get `nginx: [emerg] bind() to 0.0.0.0:20211 failed (98: Address in use)` try using a different port number
+
+
+![lsof ports](/docs/img/WEB_UI_PORT_DEBUG/container_port.png)
+
+## 2. JavaScript issues 
+
+Check for browser console (F12 browser dev console) errors + check different browsers.
+
+## 3. Clear the app cache and cached JavaScript files
+
+Refresh the browser cache (usually shoft + refresh), try a private window, or different browsers. Please also refresh the app cache by clicking the 🔃 (reload) button in the header of the application. 
+
+## 4. Disable proxy
+
+If you have any reverse proxy or similar, try disabling it. 
+
+## 5. Disable your firewall
+
+If you are using a firewall, try to temporarily disabling it. 
+
+## 6. Post your docker start details
+
+If you haven't, post your docker compose/run command.
+
+## 7. Check for errors in your PHP/NGINX error logs
+
+In the container execute:
+
+`cat /var/log/nginx/error.log`
+
+`cat /app/log/app.php_errors.log`
+
+## 8. Make sure permissions are correct
+
+> [!TIP]
+> You can try to start the container without mapping the `/app/config` and `/app/db` dirs and if the UI shows up then the issue is most likely related to your file system permissions or file ownership. 
+
+Please read the [Permissions troubleshooting guide](/docs/FILE_PERMISSIONS.md) and provide a screesnhot of the permissions and ownership in the `/app/db` and `app/config` directories.