Deploy a template¶
Flow¶
- Catalog → Templates → open a template → Deploy… (or Details → Deploy).
- Fill variables (incl. volume mode for storage vars; generate secrets if offered).
- Pick a Docker-enabled host (inventory counts shown).
- Preview rendered files (secrets masked).
- Confirm deploy — blocking wait modal while PiHerder:
- writes files over SSH
- locks host
.env(chmod 600) - runs
compose pull+up -d - Desired state Vn stored encrypted in PiHerder.
- Post-deploy checklist (manual DNS, first login, …).
Redeploy & ops (deployment page)¶
Open the deployment for that host+project (/templates/deployments/{id}):
| Action | Effect |
|---|---|
| Volumes / storage | Change named volume, project folder, or host path without re-wizard |
| Save & redeploy | New config version → write files → compose pull/up (wait modal) |
| Check drift | Compare host compose/.env to desired state; updates drift badge + alert |
| Import host .env | Pull host secrets into PiHerder encrypted store |
| Apply last known config | Re-write stored desired state after host wipe / DR |
| Restore data | Lists matching backup sources → use server Backups dry-run/apply |
Post-redeploy banner links to Docker, this deployment, and Audit.
Drift also runs on a schedule (~every 6 hours).
Create / edit a template¶
- Catalog → Templates → + New template or From host… or Edit.
- Metadata: slug, name, category, version.
- Paste or pull
docker-compose.yml; use{{VAR}}placeholders. - Variables as form rows. Types include boolean + volume.
- Editor tools:
- Scan vars + volumes
- Move secrets → .env
- Checklist rows for operators.
- Save →
source=user.
Import zip¶
Archive with template.yaml + files/. Fully editable after import.
Security settings¶
Settings → Security policy:
| Option | Effect |
|---|---|
| Require 2FA for all users | Force 2FA for the whole UI |
| Require 2FA for template deploy & secrets | Operator must have TOTP to confirm deploy or view/edit secrets |
Step-up unlock for cleartext secrets: Secrets model.