k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 13:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2a37eeccb3496b4a159245a48da4c41d08dd091e
TREK/charts
T
History
Julien G. 2a37eeccb3 fix: hot fixes 23-04-2026 (#856) 
* fix(packing): resolve avatar URL path in bag and category assignees (#854)

packingService was returning raw avatar filenames from the DB instead of
the full /uploads/avatars/<filename> path, causing broken profile images
for users with uploaded avatars.

* fix(budget): use Map.get() to fix category rename no-op (#855)

* fix(security): relax Referrer-Policy and document HSTS_INCLUDE_SUBDOMAINS (#862) (#863)

- Change Helmet default from no-referrer to strict-origin-when-cross-origin
  so browsers send the origin on cross-origin requests, allowing Google Maps
  API key restrictions by HTTP referrer to work correctly
- Document HSTS_INCLUDE_SUBDOMAINS in all deployment artifacts:
  .env.example, docker-compose.yml, README.md, unraid-template.xml,
  charts/values.yaml, charts/configmap.yaml, wiki/Environment-Variables.md

* fix(planner): prefetch budget items on trip page mount (#864)

Loads budgetItems alongside reservations when TripPlannerPage mounts so
the Budget category dropdown in ReservationModal and TransportModal shows
pre-existing categories on first open, regardless of whether the Budget
tab has been visited.

Closes #861

* fix(reservations): prevent Invalid Date when end time is set without end date (#866)

When reservation_end_time held a bare time string ("HH:MM"), fmtDate()
produced Invalid Date on the reservation card.

- Modal: when end date is blank but end time is filled, construct a
  same-day ISO datetime using the start date (prevents time-only strings
  from ever being persisted)
- Panel: derive endDatePart via regex so date-only end values ("YYYY-MM-DD")
  still show the multi-day range, while bare time strings are skipped and
  handled correctly by the existing time column logic

Closes #860

* fix(planner): format reservation end time instead of rendering raw ISO string (#867)

Closes #859

* fix(planner): wire Route toggle into mobile day sidebar (#850) (#868)

The per-booking Route icon was missing on mobile because the mobile
DayPlanSidebar invocation in TripPlannerPage didn't pass
visibleConnectionIds or onToggleConnection. Mobile PWA users couldn't
activate reservation map overlays without forcing desktop mode.

Also corrects the Map-Features wiki: fixes the setting name
("Booking route labels" not "Show connection labels"), documents the
route_calculation requirement for travel-time pills, and explains that
overlays are off by default and must be toggled per reservation.
2026-04-23 19:49:36 +02:00
..
trek
fix: hot fixes 23-04-2026 (#856)
2026-04-23 19:49:36 +02:00
README.md
docs: document hosted Helm repository
2026-04-11 15:40:02 +02:00

README.md

TREK Helm Chart

This is a minimal Helm chart for deploying the TREK app.

Features

  • Deploys the TREK container
  • Exposes port 3000 via Service
  • Optional persistent storage for /app/data and /app/uploads
  • Configurable environment variables and secrets
  • Optional generic Ingress support
  • Health checks on /api/health

Helm Repository

A hosted Helm repository is available:

helm repo add trek https://mauriceboe.github.io/TREK
helm repo update
helm install trek trek/trek

Usage

Or install directly from the local chart:

helm install trek ./chart \
  --set ingress.enabled=true \
  --set ingress.hosts[0].host=yourdomain.com

See values.yaml for more options.

Files

  • Chart.yaml — chart metadata
  • values.yaml — configuration values
  • templates/ — Kubernetes manifests

Notes

  • Ingress is off by default. Enable and configure hosts for your domain.
  • PVCs require a default StorageClass or specify one as needed.
  • JWT_SECRET is managed entirely by the server — auto-generated into the data PVC on first start and rotatable via the admin panel (Settings → Danger Zone). No Helm configuration needed.
  • ENCRYPTION_KEY encrypts stored secrets (API keys, MFA, SMTP, OIDC) at rest. Recommended: set via secretEnv.ENCRYPTION_KEY or existingSecret. If left empty, the server falls back automatically: existing installs use data/.jwt_secret (no action needed on upgrade); fresh installs auto-generate a key persisted to the data PVC.
  • If using ingress, you must manually keep env.ALLOWED_ORIGINS and ingress.hosts in sync to ensure CORS works correctly. The chart does not sync these automatically.
  • Set env.ALLOW_INTERNAL_NETWORK: "true" if Immich or other integrated services are hosted on a private/RFC-1918 address (e.g. a pod on the same cluster or a NAS on your LAN). Loopback (127.x) and link-local/metadata addresses (169.254.x) remain blocked regardless.
  • FORCE_HTTPS is optional. Set env.FORCE_HTTPS: "true" only when ingress (or another proxy) terminates TLS. It enables HTTPS redirects, HSTS, CSP upgrade-insecure-requests, and forces the session cookie secure flag. Requires TRUST_PROXY to be set.
  • Set env.TRUST_PROXY: "1" (or the number of proxy hops) when running behind ingress or a load balancer. Required for FORCE_HTTPS to detect the forwarded protocol correctly. In production it defaults to 1 automatically.
  • COOKIE_SECURE is auto-derived (on when NODE_ENV=production or FORCE_HTTPS=true). Set env.COOKIE_SECURE: "false" only during local testing without TLS. Not recommended for production.
  • Set env.OIDC_DISCOVERY_URL to override the auto-constructed OIDC discovery endpoint. Required for providers (e.g. Authentik) that expose it at a non-standard path.
Reference in New Issue View Git Blame Copy Permalink