Elgato_dark/Olares
1
0
Fork 0
mirror of https://github.com/beclab/Olares synced 2026-05-24 09:18:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'main' into docs/add-ace-step-tutorial

Browse source
This commit is contained in:
Meow33 2025-11-26 22:03:01 +08:00 committed by GitHub
commit 3021a88e70
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
41 changed files with 1217 additions and 226 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apps/.olares/config/user/helm-charts/system-apps/templates/files-provider.yaml
View file

@ -51,6 +51,7 @@ rules:
- "/provider/get_dataset_folder_status"
- "/provider/update_dataset_folder_paths"
- "/seahub/api/*"
- "/system/configuration/encoding"
verbs: ["*"]
---

4
apps/.olares/config/user/helm-charts/system-apps/templates/olares-app.yaml
View file

@ -318,7 +318,7 @@ spec:
chown -R 1000:1000 /uploadstemp && \
chown -R 1000:1000 /appdata
- name: olares-app-init
image: beclab/system-frontend:v1.6.6
image: beclab/system-frontend:v1.6.8
imagePullPolicy: IfNotPresent
command:
- /bin/sh
@ -440,7 +440,7 @@ spec:
- name: NATS_SUBJECT_VAULT
value: os.vault.{{ .Values.bfl.username}}
- name: user-service
image: beclab/user-service:v0.0.69
image: beclab/user-service:v0.0.71
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000

6
docs/.vitepress/en.ts
View file

@ -441,7 +441,7 @@ const side = {
],
"/use-cases/": [
{
text: "Tutorials & use cases",
text: "Use cases",
link: "/use-cases/",
items: [
{
@ -498,6 +498,10 @@ const side = {
{
text: "DeerFlow",
link: "/use-cases/deerflow",
},
{
text: "Duix.Avatar",
link: "/use-cases/duix-avatar",
},
{
text: "ACE-Step",

423
docs/developer/develop/package/manifest.md
View file

@ -4,18 +4,26 @@ outline: [2, 3]
# OlaresManifest Specification
Every **Olares Application Chart** should include a `OlaresManifest.yaml` file in the root directory. `OlaresManifest.yaml` provides all the essential information about an Olares App. Both the **Olares Market protocol** and the Olares depend on this information to distribute and install applications.
Every **Olares Application Chart** should include an `OlaresManifest.yaml` file in the root directory. `OlaresManifest.yaml` provides all the essential information about an Olares App. Both the **Olares Market protocol** and the Olares depend on this information to distribute and install applications.
:::info NOTE
Latest Olares Manifest version: `0.9.0`
Latest Olares Manifest version: `0.10.0`
- Modified the `categories` field
- Added the `provider` field in the Permission section
- Added the Provider section, to allow apps to expose specific service interfaces within the cluster
- Removed some deprecated fields from the Spec section
- Removed some deprecated fields from the Option section
- Added the `allowMultipleInstall` field, allowing the app to be installed as multiple independent instances
- Added the Envs section, to define environment variables required by the application
:::
:::details Changelog
`0.9.0`
- Added a `conflict` field in `options` to declare incompatible applications
- Removed `analytics` field in `options`
- Modified the format of the `tailscale` section
- Added a `allowedOutboundPorts` field to allow non-http protocol external access through the specified port
- Modified the format of the `ports` section
:::
:::details Changelog
`0.8.3`
- Add a `mandatory` field in the `dependencies` section for dependent applications required for the installation
- Add `tailscaleAcls` section to permit applications to open specified ports via Tailscale
@ -35,8 +43,8 @@ Here's an example of what a `OlaresManifest.yaml` file might look like:
::: details OlaresManifest.yaml Example
```Yaml
olaresManifest.version: '0.8.0'
```yaml
olaresManifest.version: '0.10.0'
olaresManifest.type: app
metadata:
name: helloworld
@ -101,10 +109,8 @@ options:
Olares currently supports 3 types of applications, each requiring different fields. This document uses `app` as an example to explain each field. For information on other types, please refer to the corresponding configuration guide.
- [Recommend Configuration Guide](recommend.md)
:::info Example
```Yaml
olaresManifest.type: app
```
:::info NOTE
`recommend` apps will not be listed in the Olares Market, but you can install recommendation algorithms for Wise by uploading a custom Chart.
:::
## olaresManifest.version
@ -118,7 +124,7 @@ As Olares evolves, the configuration specification of `OlaresManifest.yaml` may
- A change in the **third digit** does not affect the application's distribution and installation.
Developers can use 1-3 digit version numbers to indicate the application's configuration version. Here are some examples of valid versions:
```Yaml
```yaml
olaresManifest.version: 1
olaresManifest.version: 1.1.0
olaresManifest.version: '2.2'
@ -130,7 +136,7 @@ olaresManifest.version: "3.0.122"
Basic information about the app shown in the system and Olares Market.
:::info Example
```Yaml
```yaml
metadata:
name: nextcloud
title: Nextcloud
@ -179,16 +185,33 @@ The **Chart Version** of the application. It should be incremented each time the
### categories
- Type: `list<string>`
- Accepted Value: `Blockchain`, `Utilities`, `Social Network`, `Entertainment`, `Productivity`
Used to display your app on different category page in Olares Market.
Accepted Value for OS 1.11:
`Blockchain`, `Utilities`, `Social Network`, `Entertainment`, `Productivity`
Accepted Value for OS 1.12:
- `Creativity`
- `Productivity_v112` (displayed as Productivity)
- `Developer Tools`
- `Fun`
- `Lifestyle`
- `Utilities_v112` (displayed as Utilities)
- `AI`
:::info NOTE
Olares Market categories were updated in OS 1.12.0. To ensure your app is compatible with both versions 1.11 and 1.12, include category values for both versions in your configuration.
:::
## Entrances
The number of entrances through which to access the app. You must specify at least 1 access method, with a maximum of 10 allowed.
:::info Example
```Yaml
```yaml
entrances:
- name: a
host: firefox
@ -304,7 +327,7 @@ To ensure a seamless user experience, you can enable this option by setting it t
Specify exposed ports
:::info Example
```Yaml
```yaml
ports:
- name: rdp-tcp # Name of the entrance that provides service
host: windows-svc # Ingress name of the entrance that provides service
@ -316,7 +339,8 @@ ports:
Olares will expose the ports you specify for an application, which are accessible via the application domain name in the local network, for example: `84864c1f.your_olares_id.olares.com:46879`. For each port you expose, Olares configures both TCP and UDP with the same port number.
When the `addToTailscaleAcl` field is set to `true`, the port will be automatically added to the Tailscale's ACL, and there is no need to configure in the tailscale section.
When the `addToTailscaleAcl` field is set to `true`, the system will automatically assign a random port and add it to the Tailscale ACLs.
:::info NOTE
The exposed ports can only be accessed on the local network or through a VPN.
@ -325,20 +349,12 @@ The exposed ports can only be accessed on the local network or through a VPN.
## Permission
:::info Example
```Yaml
```yaml
permission:
appCache: true
appData: true
userData:
- /Home/
sysData:
- dataType: legacy_prowlarr
appName: prowlarr
port: 9696
group: api.prowlarr
version: v2
ops:
- All
- /Home/
```
:::
@ -370,8 +386,12 @@ Whether the app requires read and write permission to user's `Home` folder. List
Declare the list of APIs that this app needs to access.
:::info NOTE
This configuration has been deprecated since version 1.12.0.
:::
:::info Example
```Yaml
```yaml
sysData:
- group: service.bfl
dataType: app
@ -404,6 +424,42 @@ All system API [providers](../advanced/provider.md) are list below:
| secret.infisical | v1 | secret | CreateSecret, RetrieveSecret
| secret.vault | v1 | key | List, Info, Sign
### provider
- Type: `list<map>`
- Optional
Use this field to declare APIs from other applications that your app needs to access. The target application must have exposed a `providerName` in its own `provider` section (refer to the Provider section below).
To configure access:
1. Set the `appName` field to the `name` of the target application.
2. Set the `providerName` field to match the `name` specified in the target apps provider configuration.
You can optionally use the `podSelectors` field to specify which pods in your app should have access. If this field is omitted, all pods in your app will be injected with the `outbound envoy sidecar` to enable access.
:::info Example for calling app
```yaml
# App requiring provider, e.g. sonarr
permission:
provider:
- appName: bazarr
providerName: bazarr-svc
podSelectors:
- matchLabels:
io.kompose.service: api
```
:::
:::info Example for provider app
```yaml
# Provider app, e.g. bazarr
provider:
- name: bazarr-svc
entrance: bazarr-svc
paths: ["/*"]
verbs: ["*"]
```
:::
## Tailscale
- Type: `map`
- Optional
@ -411,7 +467,7 @@ All system API [providers](../advanced/provider.md) are list below:
Allow applications to add Access Control Lists (ACL) in Tailscale to open specified ports.
:::info Example
```Yaml
```yaml
tailscale:
acls:
- proto: tcp
@ -427,11 +483,8 @@ tailscale:
Additional information about the application, primarily used for display in the Olares Market.
:::info Example
```Yaml
```yaml
spec:
namespace: os-system
# optional. Install the app to a specified namespace, e.g. os-system, user-space, user-system
versionName: '10.8.11'
# The version of the application that this chart contains. It is recommended to enclose the version number in quotes. This value corresponds to the appVersion field in the `Chart.yaml` file. Note that it is not related to the `version` field.
@ -507,7 +560,7 @@ Olares Market will automatically display the content of the corresponding "Olare
```
:::
Currently, you can add i18n content for the following fields:
```Yaml
```yaml
metadata:
description:
title:
@ -557,8 +610,14 @@ The Olares provides highly available middleware services. Developers do not need
Use the `scripts` field to specify scripts that should be executed after the database is created. Additionally, use the `extension` field to add the corresponding extension in the database.
:::info NOTE
MongoDB, MySQL, MariaDB, MinIO, and RabbitMQ must first be installed by an admin from the Market before they can be used by other applications.
:::
### PostgreSQL
:::info Example
```Yaml
```yaml
middleware:
postgres:
username: immich
@ -573,22 +632,11 @@ middleware:
- ALTER SCHEMA vectors OWNER TO $dbusername;
- COMMIT;
# The OS provides two variables, $databasename and $dbusername, which will be replaced by Olares Application Runtime when the command is executed.
redis:
password: password
namespace: db0
mongodb:
username: chromium
databases:
- name: chromium
script:
- 'db.getSiblingDB("$databasename").myCollection.insertOne({ x: 111 });'
# Please make sure each line is a complete query.
```
:::
Use the middleware information in deployment YAML
```yaml
# For PostgreSQL, the corresponding value is as follows
- name: DB_POSTGRESDB_DATABASE # The database name you configured in OlaresManifest, specified in middleware.postgres.databases[i].name
value: {{ .Values.postgres.databases.<dbname> }}
- name: DB_POSTGRESDB_HOST
@ -599,21 +647,157 @@ Use the middleware information in deployment YAML
value: {{ .Values.postgres.username }}
- name: DB_POSTGRESDB_PASSWORD
value: {{ .Values.postgres.password }}
```
### Redis
:::info Example
```yaml
middleware:
redis:
password: password
namespace: db0
```
:::
Use the middleware information in deployment YAML
```yaml
# For Redis, the corresponding value is as follows
host --> {{ .Values.redis.host }}
port --> "{{ .Values.redis.port }}"
password --> "{{ .Values.redis.password }}"
```
# For mongodb, the corresponding value is as follows
### MongoDB
:::info Example
```yaml
middleware:
mongodb:
username: chromium
databases:
- name: chromium
script:
- 'db.getSiblingDB("$databasename").myCollection.insertOne({ x: 111 });'
# Please make sure each line is a complete query.
```
:::
Use the middleware information in deployment YAML
```yaml
# For MongoDB, the corresponding value is as follows
host --> {{ .Values.mongodb.host }}
port --> "{{ .Values.mongodb.port }}" # The port and password in the yaml file need to be enclosed in double quotes.
username --> {{ .Values.mongodb.username }}
password --> "{{ .Values.mongodb.password }}" # The port and password in the yaml file need to be enclosed in double quotes.
databases --> "{{ .Values.mongodb.databases }}" # The value type of database is a map. You can get the database using {{ .Values.mongodb.databases.<dbname> }}. The <dbname> is the name you configured in OlaresManifest, specified in middleware.mongodb.databases[i].name
```
# For Redis, the corresponding value is as follows
host --> {{ .Values.redis.host }}
port --> "{{ .Values.redis.port }}"
password --> "{{ .Values.redis.password }}"
### MinIO
:::info Example
```yaml
middleware:
minio:
username: miniouser
buckets:
- name: mybucket
```
:::
Use the middleware information in deployment YAML
```yaml
# For MinIO, the corresponding value is as follows
- env:
- name: MINIO_ENDPOINT
value: '{{ .Values.minio.host }}:{{ .Values.minio.port }}'
- name: MINIO_PORT
value: "{{ .Values.minio.port }}"
- name: MINIO_ACCESS_KEY
value: {{ .Values.minio.username }}
- name: MINIO_SECRET_KEY
value: {{ .Values.minio.password }}
- name: MINIO_BUCKET
value: {{ .Values.minio.buckets.mybucket }}
```
### RabbitMQ
:::info Example
```yaml
middleware:
rabbitmq:
username: rabbitmquser
vhosts:
- name: aaa
```
:::
Use the middleware information in deployment YAML
```yaml
# For RabbitMQ, the corresponding value is as follows
- env:
- name: RABBITMQ_HOST
value: '{{ .Values.rabbitmq.host }}'
- name: RABBITMQ_PORT
value: "{{ .Values.rabbitmq.port }}"
- name: RABBITMQ_USER
value: "{{ .Values.rabbitmq.username }}"
- name: RABBITMQ_PASSWORD
value: "{{ .Values.rabbitmq.password }}"
- name: RABBITMQ_VHOST
value: "{{ .Values.rabbitmq.vhosts.aaa }}"
user := os.Getenv("RABBITMQ_USER")
password := os.Getenv("RABBITMQ_PASSWORD")
vhost := os.Getenv("RABBITMQ_VHOST")
host := os.Getenv("RABBITMQ_HOST")
portMQ := os.Getenv("RABBITMQ_PORT")
url := fmt.Sprintf("amqp://%s:%s@%s:%s/%s", user, password, host, portMQ, vhost)
```
### MariaDB
:::info Example
```yaml
middleware:
mariadb:
username: mariadbclient
databases:
- name: aaa
```
:::
Use the middleware information in deployment YAML
```yaml
# For MariaDB, the corresponding value is as follows
- env:
- name: MDB_HOST
value: '{{ .Values.mariadb.host }}'
- name: MDB_PORT
value: "{{ .Values.mariadb.port }}"
- name: MDB_USER
value: "{{ .Values.mariadb.username }}"
- name: MDB_PASSWORD
value: "{{ .Values.mariadb.password }}"
- name: MDB_DB
value: "{{ .Values.mariadb.databases.aaa }}"
```
### MySQL
:::info Example
```yaml
middleware:
mysql:
username: mysqlclient
databases:
- name: aaa
```
:::
Use the middleware information in deployment YAML
```yaml
# For MySQL, the corresponding value is as follows
- env:
- name: MDB_HOST
value: '{{ .Values.mysql.host }}'
- name: MDB_PORT
value: "{{ .Values.mysql.port }}"
- name: MDB_USER
value: "{{ .Values.mysql.username }}"
- name: MDB_PASSWORD
value: "{{ .Values.mysql.password }}"
- name: MDB_DB
value: "{{ .Values.mysql.databases.aaa }}"
```
## Options
@ -695,54 +879,6 @@ options:
```
:::
### websocket
- Type: `map`
- Optional
Enable websocket for the app. Refer to [websocket](../advanced/websocket.md) for more information.
:::info Example
```yaml
options:
websocket:
url: /ws/message
port: 8888
```
:::
### resetCookie
- Type: `map`
- Optional
If the app requires cookies, please enable this feature. Refer to [cookie](../advanced/cookie.md) for more information.
:::info Example
```yaml
options:
resetCookie:
enabled: true
```
:::
### upload
- Type: `map`
- Optional
The Olares Application Runtime includes a built-in file upload component designed to simplify the file upload process in your application. Refer to [upload](../advanced/file-upload.md) for more information.
:::info Example
```yaml
upload:
# The types of files that are allowed to be uploaded, * stands for any type, The type of the uploaded file must be in the list.
fileType:
- pdf
# The path of 'dest' must be a mountPath
dest: /appdata
# The maximum size of file, in bytes
limitedSize: 3729747942
```
:::
### mobileSupported
- Type: `boolean`
- Default: `false`
@ -803,4 +939,91 @@ allowedOutboundPorts:
- 465
- 587
```
:::
:::
### allowMultipleInstall
- Type: `boolean`
- Default: `false`
- Optional
This application supports deploying multiple independent instances within the same Olares cluster. This setting does not apply to paid applications or clients of shared applications.
## Envs
Declare the environment variables required for your application to run here. You can allow users to manually enter these values or reference existing system environment variables directly.
:::info NOTE
This configuration requires Olares OS version 1.12.2 or later to take effect.
:::
:::info Example
```yaml
envs:
- envName: ENV_NAME
# This key will be injected as .Values.olaresEnv.ENV_NAME during deployment.
required: true
# Specifies whether a value is required for installation. If set to true and no default is provided, users must input a value, and the value cannot be deleted.
default: "DEFAULT"
# The default value of the environment variable; set by the developer and not editable by users
type: string
# The data type of the environment variable. Supported types: int, bool, url, ip, domain, email, string, password. If specified, system will validate user input accordingly.
editable: true
# Specifies whether the environment variable can be edited after the application is deployed.
options:
- title: Windows11
value: "11"
- title: Windows10
value: "10"
# List of allowed values. Users can only select value from these options.
# "title" is a user-friendly label, while "value" is what's actually set in the system.
remoteOptions: https://xxx.xxx/xx
# URL providing a list of accepted options. The response body should be a JSON-encoded options list.
regex: '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
# The value must match this regular expression.
valueFrom:
envName: OLARES_SYSTEM_CLUSTER_DNS_SERVICE
# Reference the value from a system environment variable. When this is used, manual input is not allowed.
# All declarable fields (type, editable, etc.) will be overridden by the referenced variable's attributes; default/value fields are also ignored.
applyOnChange: true
# Whether to automatically redeploy the app when this variable changes.
# If set to false, changes take effect only on upgrade/reinstallation, not on restart.
description: "DESCRIPTION"
# Description of this environment variable.
```
:::
To use the values of environment variables in your deployment YAML file, simply use `.Values.olaresEnv.ENV_NAME` in the appropriate place. The system will automatically inject the olaresEnv variables into the Values.yaml during deployment. For example:
:::info deployment.yaml
```yaml
BACKEND_MAIL_HOST: "{{ .Values.olaresEnv.MAIL_HOST }}"
BACKEND_MAIL_PORT: "{{ .Values.olaresEnv.MAIL_PORT }}"
BACKEND_MAIL_AUTH_USER: "{{ .Values.olaresEnv.MAIL_AUTH_USER }}"
BACKEND_MAIL_AUTH_PASS: "{{ .Values.olaresEnv.MAIL_AUTH_PASS }}"
BACKEND_MAIL_SECURE: "{{ .Values.olaresEnv.MAIL_SECURE }}"
BACKEND_MAIL_SENDER: "{{ .Values.olaresEnv.MAIL_SENDER }}"
```
:::
## Provider
Declare the interfaces that this application exposes to other applications here. The system will automatically generate a Service for each declared interface, enabling other applications within the cluster to access them through the internal network. If another application needs to access these interfaces, it must first request permission for the specific provider in the permissions section.
:::info Example
```yaml
provider:
- name: bazarr
entrance: bazarr-svc # The entry name of the service
paths: ["/api*"] # API paths to expose; cannot consist of * only
verbs: ["*"] # Supported: post, get, put, delete, patch; "*" allows all methods
```
:::

17
docs/manual/larepass/private-network.md
View file

@ -32,8 +32,23 @@ Application entrances intended only for you, such as Desktop, Vault, and the man
Use the local URL (`http://app.yourname.olares.local`) for a direct, local connection that bypasses the VPN and internet tunnels.
:::tip For macOS users
Chrome may fail to access local URLs if macOS blocks local network permissions.
To enable access:
1. Open Apple menu and go to **System Settings**.
2. Go to **Privacy & Security** > **Local Network**.
3. Find Google Chrome and Google Chrome Helper in the list and enable the toggles.
![Enable local network](/public/images/manual/larepass/mac-chrome-local-access.png#bordered){width=400}
Restart Chrome and try accessing the local URL again.
:::
:::info For Windows users
Currently, local access via `.local` domains is not supported on Windows.
:::
:::warning Always enable VPN for remote access
For the best experience with private apps when youre away from your network, enable **LarePass VPN**. It keeps your connection to Olares encrypted, direct, and fast.
For the best experience with private apps when you're away from your network, enable **LarePass VPN**. It keeps your connection to Olares encrypted, direct, and fast.
:::
## Enable VPN on LarePass

BIN
docs/public/images/manual/larepass/mac-chrome-local-access.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
docs/public/images/manual/use-cases/duix-avatar-check-collection.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 304 KiB

BIN
docs/public/images/manual/use-cases/duix-avatar-check-in-controlhub.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 468 KiB

BIN
docs/public/images/manual/use-cases/duix-avatar-check-video-in-files.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.2 MiB

BIN
docs/public/images/manual/use-cases/duix-avatar-edit-audio-parameters.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1 MiB

BIN
docs/public/images/manual/use-cases/duix-avatar-generate-audio-file.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1 MiB

BIN
docs/public/images/manual/use-cases/duix-avatar-import-from-hoppscotch.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 312 KiB

BIN
docs/public/images/manual/use-cases/duix-avatar-pretrain.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 836 KiB

BIN
docs/public/images/manual/use-cases/duix-avatar-submit-task.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 664 KiB

BIN
docs/public/images/manual/use-cases/duix-avatar-task-completed.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 639 KiB

BIN
docs/public/images/manual/use-cases/duix-avatar-upload-audio.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
docs/public/images/manual/use-cases/duix-avatar-upload-source-audio.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
docs/public/images/manual/use-cases/duix-avatar-upload-source-video.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
docs/public/images/manual/use-cases/duix-avatar.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.7 MiB

BIN
docs/public/images/manual/use-cases/hoppscotch.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.3 MiB

162
docs/use-cases/duix-avatar.md Normal file
View file

@ -0,0 +1,162 @@
---
outline: [2, 3]
description: Learn to deploy Duix.Avatar on Olares, from model training to video synthesis, to create text-driven digital avatar videos.
---
# Create a digital avatar with Duix.Avatar
Duix.Avatar (formerly HeyGem) is an open-source AI toolkit for generating digital avatars, specializing in offline video creation and digital cloning.
This guide walks you through deploying and using Duix.Avatar on Olares, covering the complete process from model training to video synthesis to generate a text-driven digital avatar video.
## Learning objectives
In this guide, you will learn how to:
- Prepare and process video and audio assets for digital avatar cloning.
- Use Hoppscotch on Olares to call the Duix.Avatar API collection to train a model, synthesize audio, and create a video.
## Prerequisites
Before you begin, ensure the following:
- Olares 1.11 or later.
- Olares running on a machine equipped with an NVIDIA GPU.
## Install Duix.Avatar
1. In **Market**, search for "Duix.Avatar".
![Duix.Avatar](/images/manual/use-cases/duix-avatar.png#bordered)
2. Click **Get**, then **Install**, and wait for installation to complete.
## Install Hoppscotch
In addition to Duix.Avatar, you also need Hoppscotch, an open-source API development environment to interact with the Duix.Avatar service.
1. In **Market**, search for "Hoppscotch".
![Hoppscotch](/images/manual/use-cases/hoppscotch.png#bordered)
2. Click **Get**, then **Install**, and wait for installation to complete.
## Prepare media files
Generating a digital avatar requires a source video to use as a template for the face and voice. You will need a 10-20 second video clip of a person speaking clearly while facing the camera.
You must then separate this source video into two files: a silent video and an audio-only file. This guide uses `ffmpeg` for this step.
:::info Ensure ffmpeg is installed
To follow this guide using the `ffmpeg` command, ensure it is installed on your local computer. See https://www.ffmpeg.org/download.html.
:::
1. Open your terminal, `cd` into the folder containing your video, and run the following command:
```bash
# Replace input.mp4 with your actual filename
ffmpeg -i input.mp4 -c:v copy -an output_video.mp4 -c:a pcm_s16le -f wav output_audio.wav
```
This creates two new files in the same folder:
- `output_video.mp4` (silent video)
- `output_audio.wav` (audio)
2. The Duix.Avatar service reads files from specific directories. Upload the two files you just generated to their designated locations in the Olares **Files** app.
1. Upload `output_audio.wav` to:
```plain
/Data/heygem/voice/data/
```
![Upload source audio](/images/manual/use-cases/duix-avatar-upload-source-audio.png#bordered)
2. Upload `output_video.mp4` to:
```plain
/Data/heygem/face2face-data/temp/
```
![Upload source video](/images/manual/use-cases/duix-avatar-upload-source-video.png#bordered)
## Import the API collection to Hoppscotch
A pre-configured Hoppscotch collection is available to simplify the API calls.
1. Run the following command in your terminal to download the API collection file:
```bash
curl -o duix.avatar.json https://cdn.olares.com/app/demos/en/duix/duix.avatar.json
```
2. Open the Hoppscotch app in Olares.
3. In the collections panel on the right, click **Import** > **Import from Hoppscotch**, and select the `duix.avatar.json` file you just downloaded.
![Import from Hoppscotch](/images/manual/use-cases/duix-avatar-import-from-hoppscotch.png#bordered)
After importing, you will see a new collection named `duix.avatar` containing four pre-configured requests.
![Check collection](/images/manual/use-cases/duix-avatar-check-collection.png#bordered)
## Train data via API
Now you will call the four APIs in sequence to generate the digital avatar.
:::tip
The Duix.Avatar API address is tied to your Olares ID. In all of the following API requests, you must replace `<OLARES_ID_PREFIX>` in the URL with your own Olares ID prefix. For example, if your Olares access URL is `https://app.alice123.olares.com`, your prefix is `alice123`.
:::
### Step 1: Model training
This step preprocesses your uploaded audio, extracting features to prepare for voice cloning.
1. In Hoppscotch, expand the `duix.avatar` collection and select **1. Model training**.
2. Modify the request URL, replacing `<OLARES_ID_PREFIX>` with your Olares ID's prefix.
:::info
The request body is pre-set to point to the `output_audio.wav` file you uploaded, so you don't need to change it.
:::
3. Click **Send** to begin pre-training.
A successful request returns a JSON response. Copy the values for `reference_audio_text` and `asr_format_audio_url` for later use.
![Pretrain](/images/manual/use-cases/duix-avatar-pretrain.png#bordered)
### Step 2: Audio synthesis
This step uses the voice model you trained in Step 1 to synthesize new audio from a text prompt.
1. Click **2. Audio synthesis**.
2. Modify the Olares ID in the request URL.
3. In the request body, modify the following fields:
* `text`: Enter the text you want the digital avatar to speak.
* `reference_audio`: Paste the `asr_format_audio_url` value from Step 1.
* `reference_text`: Paste the `reference_audio_text` value from Step 1.
* Other parameters can be left as their defaults.
![Edit audio parameters](/images/manual/use-cases/duix-avatar-edit-audio-parameters.png#bordered)
4. Click **Send** to synthesize the audio. A successful request will return an audio file.
5. In the response area, click <span class="material-symbols-outlined">more_vert</span> to download the audio in MP3 format.
![Generate audio file](/images/manual/use-cases/duix-avatar-generate-audio-file.png#bordered)
6. Rename the downloaded file to `new.mp3`. In the same folder, convert it to `.wav` with `ffmpeg`:
```bashß
ffmpeg -i new.mp3 new.wav
```
7. Upload the new `new.wav` file to:
```plain
/Data/heygem/face2face-data/temp/
```
![Upload audio](/images/manual/use-cases/duix-avatar-upload-audio.png#bordered)
### Step 3: Video synthesis
Now you will use your synthesized audio (`new.wav`) together with your original silent video (`output_video.mp4`) to synthesize the final avatar.
1. Click **3. Video synthesis**.
2. Modify the Olares ID in the request URL.
3. In the request body, change the `code` field to a new, unique task identifier. You will use this ID to check the synthesis progress.
:::info
The `audio_url` and `video_url` in the request body are pre-set to `new.wav` and `output_video.mp4`, which match the files you uploaded. They do not need to be changed.
:::
4. Confirm the settings and click **Send**. A successful response will return `"success": true`, indicating the task has been submitted.
![Submit task](/images/manual/use-cases/duix-avatar-submit-task.png#bordered)
### Step 4: Query video synthesis progress
Video synthesis is a time-consuming task. Use this to query its processing status.
1. Click **4. Query progress**.
2. Modify the Olares ID in the request URL.
3. In the **Params** section, change the `code` value to the unique identifier you set in Step 3.
4. Click **Send** to check the current progress.
5. Repeat this query until the `progress` field in the response reaches `100`, which indicates the video synthesis is complete.
![Task completed](/images/manual/use-cases/duix-avatar-task-completed.png#bordered)
:::tip
The time required for video synthesis depends on your GPU performance and video length. It may take several minutes or longer.
:::
6. When successful, the `result` field in the response will contain the output video's filename. You can find the final generated video in the Olares Files app at:
```plain
/Data/heygem/face2face-data/temp/
```
![Check video in Files](/images/manual/use-cases/duix-avatar-check-video-in-files.png#bordered)
## FAQ
### Progress is stuck or synthesis fails
If the progress query stalls for a long time or an API returns an error, go to Control Hub, find the container named `heygemgenvideo`, and check its logs for detailed error messages.
![Check Duix.Avatar in Control Hub](/images/manual/use-cases/duix-avatar-check-in-controlhub.png#bordered)
### API request fails
Confirm the following:
- You have correctly replaced the default Olares ID (`<OLARES_ID_PREFIX>`) with your own ID in the request URL.
- All media files (`output_audio.wav`, `output_video.mp4`, `new.wav`) are uploaded to the correct directories with the exact filenames.
### Media is updated, but the old video is still generated
Ensure you are using a new, unique `code` parameter for the video synthesis. The system caches results, so reusing a `code` will return the previously cached video.

3
docs/use-cases/index.md
View file

@ -1,7 +1,7 @@
---
description: Explore practical use cases of Olares, showcasing how to leverage its features for AI workflows, creative tools, and self-hosted applications. Unlock the full potential of Olares in your environment.
---
# Use cases and tutorials
# Use cases
While other guides tell you "what" and "how" with Olares, this section dives into the real-world use cases that reveal the full potential of Olares.
From running AI models to building seamless workflows across your self-hosted services, these hands-on guides help you accomplish specific tasks and implement complete, practical solutions using your installed applications.
@ -20,5 +20,6 @@ From running AI models to building seamless workflows across your self-hosted se
{ title: 'Windows', link: './windows.html', tags: ['Virtual Machine']},
{ title: 'DeerFlow', link: './host-cloud-android.html', tags: ['AI']},
{ title: 'ACE-Step', link: './ace-step.html', tags: ['AI']},
{ title: 'Duix.Avatar', link: './duix-avatar.html', tags: ['AI']},
]"
/>

425
docs/zh/developer/develop/package/manifest.md
View file

@ -7,15 +7,23 @@ outline: [2, 3]
每一个 Olares 应用的 Chart 根目录下都必须有一个名为 `OlaresManifest.yaml` 的文件。`OlaresManifest.yaml` 描述了一个 Olares 应用的所有基本信息。Olares 应用市场协议和 Olares 系统依赖这些关键信息来正确分发和安装应用。
:::info 提示
最新的 Olares 系统使用的 Manifest 版本为: `0.9.0`
最新的 Olares 系统使用的 Manifest 版本为: `0.10.0`
- 修改 `categories` 分类
- 增加 Permission 部分中 `provider` 权限的申请
- 增加 Provider 部分,用于让应用对集群内暴露指定服务接口
- 移除 Spec 部分已不支持的一些配置项
- 移除 Option 部分已不支持的一些配置项
- 增加 `allowMultipleInstall` 配置,允许应用克隆出多个独立的实例
- 增加 Envs 部分,支持应用声明需要的环境变量
:::
:::details Changelog
`0.9.0`
- 在 `options` 中增加 `conflict` 字段, 用于声明不兼容的应用
- 移除 `options``analytics` 配置项
- 修改 `tailscale` 字段的配置格式
- 增加 `allowedOutboundPorts` 配置,允许通过指定端口进行非 HTTP 协议的对外访问
- 修改 `ports` 部分的配置
:::
:::details Changelog
`0.8.3`
- 在 `dependencies` 配置项里增加 `mandatory` 字段以表示该依赖应用必须安装。
- 增加 `tailscaleAcls` 配置项,允许 Tailscale 为应用开放指定端口
@ -35,8 +43,8 @@ outline: [2, 3]
::: details `OlaresManifest.yaml` 示例
```Yaml
olaresManifest.version: '0.8.0'
```yaml
olaresManifest.version: '0.10.0'
olaresManifest.type: app
metadata:
name: helloworld
@ -101,10 +109,8 @@ options:
Olares 市场目前支持 3 种类型的应用,各自对应不同场景。本文档以 “app” 为例来解释各个字段。其他类型请参考相应的配置指南。
- [推荐算法配置指南](recommend.md)
:::info 示例
```Yaml
olaresManifest.type: app
```
:::info 提示
Olares Market 目前不展示 `recommend` 类型的应用,但你可以上传自定义 Chart 来给 Wise 安装推荐算法
:::
## olaresManifest.version
@ -118,7 +124,7 @@ olaresManifest.type: app
- 第 3 位数字的改变,不影响应用分发和安装。
开发者可以使用 1-3 位的版本号来标识该应用遵循的配置版本。以下是有效版本的一些示例:
```Yaml
```yaml
olaresManifest.version: 1
olaresManifest.version: 1.1.0
olaresManifest.version: '2.2'
@ -130,7 +136,7 @@ olaresManifest.version: "3.0.122"
应用的基本信息,用于在 Olares 系统和应用市场中展示应用。
:::info 示例
```Yaml
```yaml
metadata:
name: nextcloud
title: Nextcloud
@ -179,16 +185,33 @@ Olares 应用市场中的应用名称下方显示的简短说明。
### categories
- 类型: `list<string>`
- 有效值: `Blockchain`、`Utilities`、`Social Network`、`Entertainment`、`Productivity`
在应用市场的哪个类别下展示应用。
描述在应用市场的哪个类别下展示应用。
OS 1.11 有效值:
- `Blockchain`, `Utilities`, `Social Network`, `Entertainment`, `Productivity`
OS 1.12 有效值:
- `Creativity`:设计创作
- `Productivity_v112`:工作效率
- `Developer Tools`:开发工具
- `Fun`:休闲娱乐
- `Lifestyle`:生活方式
- `Utilities_v112`:实用工具
- `AI`AI
:::info 提示
Olares OS 1.12.0 版本对应用商店的应用分类进行了调整,因此如果应用需要同时兼容 1.11 和 1.12 版本,请同时填写两个版本所需的分类。
:::
## Entrances
指定此应用访问入口的数量。每个应用允许最少 1 个,最多 10 个入口 。
:::info 示例
```Yaml
```yaml
entrances:
- name: a
host: firefox
@ -304,7 +327,7 @@ entrances:
定义暴露的端口
:::info 示例
```Yaml
```yaml
ports:
- name: rdp-tcp # 提供服务的入口名称
host: windows-svc # 提供服务的 Ingress 主机名称
@ -316,8 +339,7 @@ ports:
Olares 会为你的应用暴露指定的端口,这些端口可通过应用域名在本地网络下访问,如`84864c1f.your_olares_id.olares.com:46879`。对于每个公开的端口Olares 会自动配置相同端口号的 TCP 和 UDP。
当设置 `addToTailscaleAcl` 字段为 `true`该端口会自动增加tailscale acl中无需再去tailscale部分配置
当将 `addToTailscaleAcl` 字段设置为 `true` 时,系统会为该端口分配一个随机端口,并自动将其加入到 Tailscale 的 ACL 中。
:::info 提示
暴露的端口只能通过本地网络或 Olares 专用网络访问。
@ -327,20 +349,12 @@ Olares 会为你的应用暴露指定的端口,这些端口可通过应用域
## Permission
:::info 示例
```Yaml
```yaml
permission:
appCache: true
appData: true
userData:
- /Home/
sysData:
- dataType: legacy_prowlarr
appName: prowlarr
port: 9696
group: api.prowlarr
version: v2
ops:
- All
```
:::
@ -372,8 +386,12 @@ permission:
声明该应用程序需要访问的 API 列表。
:::info 提示
从 1.12.0 版本开始,该权限配置已经被废弃。
:::
:::info 示例
```Yaml
```yaml
sysData:
- group: service.bfl
dataType: app
@ -406,6 +424,39 @@ permission:
| secret.infisical | v1 | secret | CreateSecret, RetrieveSecret
| secret.vault | v1 | key | List, Info, Sign
### provider
- 类型:`list<map>`
- 可选
用于声明本应用需访问的其他应用接口。被访问的应用需在其 `provider` 部分声明对外开放的 `providerName`,详见下方 Provider 章节。
此处 `appName` 应填写目标应用的 `name``providerName` 填写目标应用 `provider` 配置中的 `name` 字段。`podSelectors` 字段用于指定本应用中哪些 pod 需要访问目标应用。如果未声明此字段,则默认为本应用的所有 pod 注入 `outbound envoy sidecar`
:::info 调用应用示例
```yaml
# 需要调用其他应用的应用,如 sonarr
permission:
provider:
- appName: bazarr
providerName: bazarr-svc
podSelectors:
- matchLabels:
io.kompose.service: api
```
:::
:::info 被调用应用示例
```yaml
# 被调用方应用,如 bazarr
provider:
- name: bazarr-svc
entrance: bazarr-svc
paths: ["/*"]
verbs: ["*"]
```
:::
## Tailscale
- 类型:`map`
- 可选
@ -413,7 +464,7 @@ permission:
允许应用在 Tailscale 的ACL(Access Control Lists)中开放指定端口。
:::info 示例
```Yaml
```yaml
tailscale:
acls:
- proto: tcp
@ -429,13 +480,10 @@ tailscale:
记录额外的应用信息,主要用于应用商店的展示。
:::info 示例
```Yaml
```yaml
spec:
namespace: os-system
# 可选。将应用安装到指定的命名空间,如 os-system、user-space 和 user-system
versionName: '10.8.11'
## 此 Chart 包含的应用程序的版本。建议将版本号括在引号中。该值对应于 Chart.yaml 文件中的 appVersion 字段。请注意,它与 version 字段无关。
# 此 Chart 包含的应用程序的版本。建议将版本号括在引号中。该值对应于 Chart.yaml 文件中的 appVersion 字段。请注意,它与 version 字段无关。
featuredImage: https://app.cdn.olares.com/appstore/jellyfin/promote_image_1.jpg
# 当应用在应用市场上推荐时,会显示特色图像。
@ -509,7 +557,7 @@ Olares 应用市场将根据用户的区域设置自动显示相应的 `OlaresMa
```
:::
目前,你可以为以下字段添加 i18n 内容:
```Yaml
```yaml
metadata:
description:
title:
@ -559,8 +607,13 @@ Olares 目前不支持混合架构的集群。
使用 `scripts` 字段指定创建数据库后应执行的脚本。此外,使用 `extension` 字段在数据库中添加相应的扩展名。
:::info 提示
MongoDBMySQLMariaDBMinIORabbitMQ 需要管理员从 Market 安装后才能被其他应用使用
:::
### PostgreSQL
:::info 示例
```Yaml
```yaml
middleware:
postgres:
username: immich
@ -575,9 +628,44 @@ middleware:
- ALTER SCHEMA vectors OWNER TO $dbusername;
- COMMIT;
# 操作系统提供了两个变量 $databasename 和 $dbusername命令执行时会被 Olares 应用运行时替换。
```
:::
使用 deployment YAML 中的中间件信息:
```yaml
# 对于 PostgreSQL对应值如下
- env:
- name: DB_POSTGRESDB_DATABASE # 你在 OlaresManifest 中配置的数据库名称,在 middleware.postgres.databases[i].name 中指定
value: {{ .Values.postgres.databases.<dbname> }}
- name: DB_POSTGRESDB_HOST
value: {{ .Values.postgres.host }}
- name: DB_POSTGRESDB_PORT
value: "{{ .Values.postgres.port }}"
- name: DB_POSTGRESDB_USER
value: {{ .Values.postgres.username }}
- name: DB_POSTGRESDB_PASSWORD
value: {{ .Values.postgres.password }}
```
### Redis
:::info 示例
```yaml
middleware:
redis:
password: password
namespace: db0
```
:::
使用 deployment YAML 中的中间件信息:
```yaml
# 对于 Redis对应的值如下
host --> {{ .Values.redis.host }}For Redis, the corresponding value is as follow
port --> "{{ .Values.redis.port }}"
password --> "{{ .Values.redis.password }}"
```
### MongoDB
:::info 示例
```yaml
middleware:
mongodb:
username: chromium
databases:
@ -587,35 +675,122 @@ middleware:
# 请确保每一行都是完整的查询。
```
:::
使用 deployment YAML 中的中间件信息:
```yaml
- name: DB_POSTGRESDB_DATABASE # 你在 OlaresManifest 中配置的数据库名称,在 middleware.postgres.databases[i].name 中指定
value: {{ .Values.postgres.databases.<dbname> }}
- name: DB_POSTGRESDB_HOST
value: {{ .Values.postgres.host }}
- name: DB_POSTGRESDB_PORT
value: "{{ .Values.postgres.port }}"
- name: DB_POSTGRESDB_USER
value: {{ .Values.postgres.username }}
- name: DB_POSTGRESDB_PASSWORD
value: {{ .Values.postgres.password }}
# 对于mongodb来说对应的值如下
# 对于 MongoDB对应的值如下
host --> {{ .Values.mongodb.host }}
port --> "{{ .Values.mongodb.port }}" # yaml 文件中的端口和密码需要用双引号括起来。
username --> {{ .Values.mongodb.username }}
password --> "{{ .Values.mongodb.password }}" # yaml 文件中的端口和密码需要用双引号括起来。
databases --> "{{ .Values.mongodb.databases }}" # 数据库的值类型是 map。你可以使用 {{ .Values.mongodb.databases.<dbname> }} 获取数据库。 <dbname> 是你在 OlaresManifest 中配置的名称,在 middleware.mongodb.databases[i].name 中指定
```
### MinIO
:::info 示例
```yaml
middleware:
minio:
username: miniouser
buckets:
- name: mybucket
```
:::
使用 deployment YAML 中的中间件信息:
```yaml
# 对于 MinIO对应的值如下
- env:
- name: MINIO_ENDPOINT
value: '{{ .Values.minio.host }}:{{ .Values.minio.port }}'
- name: MINIO_PORT
value: "{{ .Values.minio.port }}"
- name: MINIO_ACCESS_KEY
value: {{ .Values.minio.username }}
- name: MINIO_SECRET_KEY
value: {{ .Values.minio.password }}
- name: MINIO_BUCKET
value: {{ .Values.minio.buckets.mybucket }}
```
### RabbitMQ
:::info 示例
```yaml
middleware:
rabbitmq:
username: rabbitmquser
vhosts:
- name: aaa
```
:::
使用 deployment YAML 中的中间件信息:
```yaml
# 对于 RabbitMQ对应的值如下
- env:
- name: RABBITMQ_HOST
value: '{{ .Values.rabbitmq.host }}'
- name: RABBITMQ_PORT
value: "{{ .Values.rabbitmq.port }}"
- name: RABBITMQ_USER
value: "{{ .Values.rabbitmq.username }}"
- name: RABBITMQ_PASSWORD
value: "{{ .Values.rabbitmq.password }}"
- name: RABBITMQ_VHOST
value: "{{ .Values.rabbitmq.vhosts.aaa }}"
user := os.Getenv("RABBITMQ_USER")
password := os.Getenv("RABBITMQ_PASSWORD")
vhost := os.Getenv("RABBITMQ_VHOST")
host := os.Getenv("RABBITMQ_HOST")
portMQ := os.Getenv("RABBITMQ_PORT")
url := fmt.Sprintf("amqp://%s:%s@%s:%s/%s", user, password, host, portMQ, vhost)
```
### MariaDB
:::info 示例
```yaml
middleware:
mariadb:
username: mariadbclient
databases:
- name: aaa
```
:::
使用 deployment YAML 中的中间件信息:
```yaml
# 对于 MariaDB对应的值如下
- env:
- name: MDB_HOST
value: '{{ .Values.mariadb.host }}'
- name: MDB_PORT
value: "{{ .Values.mariadb.port }}"
- name: MDB_USER
value: "{{ .Values.mariadb.username }}"
- name: MDB_PASSWORD
value: "{{ .Values.mariadb.password }}"
- name: MDB_DB
value: "{{ .Values.mariadb.databases.aaa }}"
```
### MySQL
:::info 示例
```yaml
middleware:
mysql:
username: mysqlclient
databases:
- name: aaa
```
:::
使用 deployment YAML 中的中间件信息:
# 对于Redis来说对应的值如下
host --> {{ .Values.redis.host }}For Redis, the corresponding value is as follow
port --> "{{ .Values.redis.port }}"
password --> "{{ .Values.redis.password }}"
```yaml
# 对于 MySQL对应的值如下
- env:
- name: MDB_HOST
value: '{{ .Values.mysql.host }}'
- name: MDB_PORT
value: "{{ .Values.mysql.port }}"
- name: MDB_USER
value: "{{ .Values.mysql.username }}"
- name: MDB_PASSWORD
value: "{{ .Values.mysql.password }}"
- name: MDB_DB
value: "{{ .Values.mysql.databases.aaa }}"
```
## Options
@ -696,54 +871,6 @@ options:
```
:::
### websocket
- 类型:`map`
- 可选
为应用启用 websocket。请参阅 [websocket](../advanced/websocket.md) 了解更多信息。
:::info 示例
```yaml
options:
websocket:
url: /ws/message
port: 8888
```
:::
### resetCookie
- 类型:`map`
- 可选
如果应用需要 cookie请启用此功能。更多信息请参考 [cookie](../advanced/cookie.md)。
:::info 示例
```yaml
options:
resetCookie:
enabled: true
```
:::
### upload
- 类型: `map`
- 可选
Olares 应用运行时包含一个内置文件上传组件,旨在简化应用程序中的文件上传过程。请参阅 [上传](../advanced/file-upload.md) 了解更多信息。
:::info Example
```yaml
upload:
# 允许上传的文件类型,*为任意类型, 上传时会指定 file_type必须在允许的文件类型中
fileType:
- pdf
# dest 的路径必须为某一个 mountPath
dest: /appdata
# 文件上传的最大大小,单位为字节
limitedSize: 3729747942
```
:::
### mobileSupported
- 类型: `boolean`
- 默认值: `false`
@ -802,4 +929,94 @@ allowedOutboundPorts:
- 465
- 587
```
:::
:::
### allowMultipleInstall
- 类型: `boolean`
- 默认值: `false`
- 可选
该应用支持在同一 Olares 集群中部署多个独立实例。此设置对付费应用和共享应用客户端无效。
## Envs
在此声明应用运行所需的环境变量,既支持用户手动输入,也可以直接引用已有的系统环境变量值。
:::info 提示
该配置需要 Olares OS 版本在 1.12.2 及以上才生效
:::
:::info 示例
```yaml
envs:
- envName: ENV_NAME
# 在部署应用时,该键会被注入为.Values.olaresEnv.ENV_NAME
required: true
# 是否为必填项
# 若为true且未设置default则用户安装应用时必须填写此值且修改value时不允许清空
default: "DEFAULT"
# 环境变量的默认值,开发者可在编写时提供,用户不可修改。
type: string
# 环境变量的类型目前有int/bool/url/ip/domain/email/string/password。如果声明会对value进行类型校验
editable: true
# 是否可在应用部署后编辑
options:
- title: Windows11
value: "11"
- title: Windows10
value: "10"
# 允许值列表,此环境变量的值只允许从该列表中选择
# title为展示给用户的名称value为实际注入系统的值
remoteOptions: https://xxx.xxx/xx
# 提供允许值列表的一个urlresponse body需为JSON编码的options列表
regex: '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
# 该环境变量的值必须匹配此正则表达式
valueFrom:
envName: OLARES_SYSTEM_CLUSTER_DNS_SERVICE
# 引用系统环境变量的值。如果采用该方式,将不允许用户手动指定/修改其value
# 引用后,此环境变量的可声明字段(type,editable)将被系统环境变量的对应属性覆盖default/value字段也会失效
applyOnChange: true
# 是否在此环境变量的值变化时自动重新部署应用,使变化生效
# 若该字段为false在环境变量变化时即使停止/启动应用,也不会生效,只有升级/重装会生效
description: "DESCRIPTION"
# 对环境变量的描述
```
:::
如需在部署 YAML 文件中使用环境变量的值,只需在相应位置使用 `.Values.olaresEnv.ENV_NAME` 即可。系统会在应用部署时自动将对应的 olaresEnv 变量注入到 values 中。例如
:::info 示例
```yaml
BACKEND_MAIL_HOST: "{{ .Values.olaresEnv.MAIL_HOST }}"
BACKEND_MAIL_PORT: "{{ .Values.olaresEnv.MAIL_PORT }}"
BACKEND_MAIL_AUTH_USER: "{{ .Values.olaresEnv.MAIL_AUTH_USER }}"
BACKEND_MAIL_AUTH_PASS: "{{ .Values.olaresEnv.MAIL_AUTH_PASS }}"
BACKEND_MAIL_SECURE: "{{ .Values.olaresEnv.MAIL_SECURE }}"
BACKEND_MAIL_SENDER: "{{ .Values.olaresEnv.MAIL_SENDER }}"
```
:::
## Provider
在此声明本应用向其他应用开放的接口。系统会自动为这些接口生成 Service让集群内其他应用能够通过内部网络访问。如果其他应用要调用这些接口需要在 permission 部分申请访问该 provider 的权限。
:::info 示例
```yaml
provider:
- name: bazarr
entrance: bazarr-svc # 该服务的入口名称
paths: ["/api*"] # 开放的接口路径,不能只包含通配符 *
verbs: ["*"] # 支持post,get,put,delete,patch"*"表示允许所有方法
```
:::

15
docs/zh/manual/larepass/private-network.md
View file

@ -32,6 +32,21 @@ description:"本文介绍如何在任意环境安全访问 Olares: 区分公有/
使用本地 URL (`http://app.yourname.olares.local`) 直连 Olares无需通过 VPN 和互联网隧道。
:::tip macOS 用户注意
如在 macOS 上使用 Chrome 无法访问本地 URL可能是因系统未授予 Chrome 本地网络访问权限。
请按以下步骤启用权限:
1. 打开苹果菜单 > **系统设置**
2. 点击边栏的**隐私与安全性**,然后点击**本地网络**。
3. 找到列表中的 Google Chrome 和 Google Chrome Helper 并开启旁边的开关。
![启用本地网络](/public/images/manual/larepass/mac-chrome-local-access.png#bordered){width=400}
完成后重新启动 Chrome再次尝试访问本地 URL。
:::
:::info Windows 用户注意
Windows 系统暂不支持通过`.local`结尾的域名访问本地服务。
:::
:::warning 远程访问时请启用 VPN
当你不在自己的本地网络中时,为获得最佳的私有应用访问体验,请启用 **LarePass VPN**。它能确保你与 Olares 之间可始终保持加密、私有且高速的通道。
:::

40
framework/app-service/.olares/config/cluster/crds/app.bytetrade.io_applications.yaml
View file

@ -159,6 +159,46 @@ spec:
type: string
description: the extend settings of the application
type: object
sharedEntrances:
description: SharedEntrances contains entrances shared with other
applications
items:
description: Entrance contains details for application entrance
properties:
authLevel:
type: string
host:
type: string
icon:
description: Optional. if invisible=true.
type: string
invisible:
type: boolean
name:
type: string
openMethod:
description: |-
openMethod has three choices default, iframe, window
Optional. if invisible=true.
type: string
port:
format: int32
type: integer
skip:
type: boolean
title:
description: Optional. if invisible=true.
type: string
url:
type: string
windowPushState:
type: boolean
required:
- host
- name
- port
type: object
type: array
tailscale:
properties:
acls:

2
framework/app-service/.olares/config/cluster/deploy/appservice_deploy.yaml
View file

@ -170,7 +170,7 @@ spec:
priorityClassName: "system-cluster-critical"
containers:
- name: app-service
image: beclab/app-service:0.4.44
image: beclab/app-service:0.4.47
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 0

2
framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml
View file

@ -1,6 +1,6 @@
{{ $backupVersion := "0.3.54" }}
{{ $backupVersion := "0.3.55" }}
{{ $backup_server_rootpath := printf "%s%s" .Values.rootPath "/rootfs/backup-server" }}
{{- $backup_nats_secret := (lookup "v1" "Secret" .Release.Namespace "backup-nats-secret") -}}

2
framework/bfl/.olares/config/launcher/templates/bfl_deploy.yaml
View file

@ -266,7 +266,7 @@ spec:
containers:
- name: api
image: beclab/bfl:v0.4.32
image: beclab/bfl:v0.4.33
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1000

2
framework/chart-repo/.olares/config/cluster/deploy/chart_repo_deploy.yaml
View file

@ -121,7 +121,7 @@ spec:
name: check-appservice
containers:
- name: chartrepo
image: beclab/dynamic-chart-repository:v0.2.5
image: beclab/dynamic-chart-repository:v0.3.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 81

27
framework/files/.olares/config/cluster/deploy/files_deploy.yaml
View file

@ -144,7 +144,7 @@ spec:
{{ end }}
- name: samba-server
image: beclab/samba-server:0.0.6
image: beclab/samba-server:0.0.7
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: true
@ -210,7 +210,7 @@ spec:
command:
- /samba_share
- name: files
image: beclab/files-server:v0.2.128
image: beclab/files-server:v0.2.130
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: true
@ -460,7 +460,7 @@ spec:
- protocol: TCP
name: media-server
port: 9090
targetPort: 9090
targetPort: 80
---
apiVersion: v1
@ -825,6 +825,24 @@ data:
add_header Accept-Ranges bytes;
}
location /system {
proxy_pass http://127.0.0.1:8080;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /videos {
proxy_pass http://127.0.0.1:8080;
# rewrite ^/server(.*)$ $1 break;
@ -863,9 +881,8 @@ data:
proxy_send_timeout 600s;
}
location /seafhttp/upload {
location /seafhttp/upload-aj {
proxy_pass http://127.0.0.1:8080;
#proxy_pass http://seafile/;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers

2
framework/market/.olares/config/cluster/deploy/market_deploy.yaml
View file

@ -140,7 +140,7 @@ spec:
name: check-chart-repo
containers:
- name: appstore-backend
image: beclab/market-backend:v0.5.6
image: beclab/market-backend:v0.6.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 81

2
framework/notifications/.olares/config/cluster/deploy/notification_deploy.yaml
View file

@ -146,7 +146,7 @@ spec:
value: os_framework_notifications
containers:
- name: notifications-api
image: beclab/notifications-api:v1.12.36
image: beclab/notifications-api:v1.12.38
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3010

52
framework/search3/.olares/config/cluster/crds/shared_monitor_setting_crd.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: sharedmonitorsettings.sys.bytetrade.search3
spec:
group: sys.bytetrade.search3
names:
categories: []
kind: SharedMonitorSetting
plural: sharedmonitorsettings
shortNames: [shms]
singular: sharedmonitorsetting
scope: Namespaced
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for SharedMonitorSettingSpec via `CustomResource`
properties:
spec:
description: SharedMonitorSetting Custom Resource (CRD) Spec Using CustomResource macro will generate a CRD type named SharedMonitorSetting
properties:
excludeFilePathPattern:
description: File path pattern to exclude in filename search, it's a regular expression
items:
type: string
type: array
required:
- excludeFilePathPattern
type: object
status:
description: SharedMonitorSetting's Status struct, used for CRD status
nullable: true
properties:
last_updated:
description: Last updated time
nullable: true
type: string
message:
description: Status message
nullable: true
type: string
type: object
required:
- spec
title: SharedMonitorSetting
type: object
served: true
storage: true
subresources:
status: {}

60
framework/search3/.olares/config/cluster/crds/specialize_monitor_setting_crd.yaml Normal file
View file

@ -0,0 +1,60 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: specializedmonitorsettings.sys.bytetrade.search3
spec:
group: sys.bytetrade.search3
names:
categories: []
kind: SpecializedMonitorSetting
plural: specializedmonitorsettings
shortNames: [spms]
singular: specializedmonitorsetting
scope: Namespaced
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for SpecializedMonitorSettingSpec via `CustomResource`
properties:
spec:
description: SpecializedMonitorSetting Custom Resource (CRD) Spec Using CustomResource macro will generate a CRD type named SpecializedMonitorSetting
properties:
includeDirectory:
description: File path pattern to exclude in filename search, it's a regular expression Include directory configuration, filename task does not need to fill this field
items:
type: string
type: array
manualStop:
default: false
description: Whether the task is manually stopped by the user. If true, the task will not be started when Pod restarts
type: boolean
taskId:
description: Task ID
type: string
required:
- includeDirectory
- taskId
type: object
status:
description: SpecializedMonitorSetting's Status struct, used for CRD status
nullable: true
properties:
last_updated:
description: Last updated time
nullable: true
type: string
message:
description: Status message
nullable: true
type: string
type: object
required:
- spec
title: SpecializedMonitorSetting
type: object
served: true
storage: true
subresources:
status: {}

9
framework/search3/.olares/config/cluster/deploy/_helpers.tpl Normal file
View file

@ -0,0 +1,9 @@
{{/*
Generate self-signed TLS certificates for search3-validation webhook
*/}}
{{- define "search3-validation.certs" -}}
{{- $altNames := list (printf "search3-validation.%s" .Release.Namespace) (printf "search3-validation.%s.svc" .Release.Namespace) -}}
{{- $cert := genSelfSignedCert "search3-validation" nil $altNames 36500 }}
{{- $result := dict "tlsCert" (b64enc $cert.Cert) "tlsKey" (b64enc $cert.Key) }}
{{- $result | toYaml }}
{{- end }}

5
framework/search3/.olares/config/cluster/deploy/search3_server_deploy.yaml
View file

@ -196,7 +196,6 @@ spec:
labels:
app: search3
spec:
serviceAccount: os-internal
serviceAccountName: os-internal
priorityClassName: "system-cluster-critical"
volumes:
@ -241,7 +240,7 @@ spec:
value: os_framework_search3
containers:
- name: search3
image: beclab/search3:v0.0.71
image: beclab/search3:v0.0.72
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
@ -292,7 +291,7 @@ spec:
priorityClassName: "system-cluster-critical"
containers:
- name: search3monitor
image: beclab/search3monitor:v0.0.71
image: beclab/search3monitor:v0.0.72
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8081

160
framework/search3/.olares/config/cluster/deploy/search3_validation.yaml Normal file
View file

@ -0,0 +1,160 @@
{{- $certs := include "search3-validation.certs" . | fromYaml }}
---
# TLS Secret for search3-validation webhook
apiVersion: v1
kind: Secret
metadata:
name: search3-validation-tls
namespace: {{ .Release.Namespace }}
type: kubernetes.io/tls
data:
tls.crt: {{ $certs.tlsCert }}
tls.key: {{ $certs.tlsKey }}
---
# Search3 Validation Server Deployment
# This deployment runs the Kubernetes validation server for MonitorSetting CRD admission webhooks
apiVersion: apps/v1
kind: Deployment
metadata:
name: search3-validation
namespace: {{ .Release.Namespace }}
labels:
applications.app.bytetrade.io/author: bytetrade.io
annotations:
applications.app.bytetrade.io/version: '0.0.1'
spec:
replicas: 1
selector:
matchLabels:
app: search3-validation
template:
metadata:
labels:
app: search3-validation
spec:
serviceAccountName: os-internal
priorityClassName: "system-cluster-critical"
containers:
- name: search3-validation
image: beclab/search3validation:v0.0.72
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
name: https
# command: ["/search3validation/k8svalidationserver"]
env:
- name: K8S_ENV_TEST
value: "true"
- name: SEARCH3_VALIDATION_PORT
value: "8443"
# TLS/HTTPS configuration (recommended for production)
- name: SEARCH3_VALIDATION_TLS_CERT
value: "/etc/tls/tls.crt"
- name: SEARCH3_VALIDATION_TLS_KEY
value: "/etc/tls/tls.key"
volumeMounts:
- name: tls-certs
mountPath: /etc/tls
readOnly: true
- name: fb-data
mountPath: /appdata
- name: userspace-dir
mountPath: /data
- name: upload-appdata
mountPath: /appcache/
- name: shared-lib
mountPath: /data/External
mountPropagation: Bidirectional
securityContext:
privileged: true
runAsUser: 0
allowPrivilegeEscalation: true
# No database or other dependencies needed for validation server
volumes:
- name: tls-certs
secret:
secretName: search3-validation-tls
- name: userspace-dir
hostPath:
path: /olares/rootfs/userspace
type: DirectoryOrCreate
- name: fb-data
hostPath:
path: /olares/userdata/Cache/files
type: DirectoryOrCreate
- name: upload-appdata
hostPath:
path: /olares/userdata/Cache
type: DirectoryOrCreate
- name: shared-lib
hostPath:
path: /olares/share
type: DirectoryOrCreate
---
# Search3 Validation Service
apiVersion: v1
kind: Service
metadata:
name: search3-validation
namespace: {{ .Release.Namespace }}
spec:
selector:
app: search3-validation
type: ClusterIP
ports:
- protocol: TCP
name: https
port: 443
targetPort: 8443
---
# ValidatingWebhookConfiguration for SpecializedMonitorSetting and SharedMonitorSetting
# Note: RBAC permissions (ServiceAccount, ClusterRole, ClusterRoleBinding) are defined in monitor_setting_rbac.yaml
# Note: Kubernetes requires HTTPS for admission webhooks.
# For local minikube development, you have two options:
# 1. Configure TLS/HTTPS (recommended for production-like testing)
# - Generate self-signed certificates using generate-webhook-certs.sh
# - Create Kubernetes Secret: kubectl create secret tls search3-validation-tls --cert=certs/tls.crt --key=certs/tls.key --namespace=os-framework
# - Uncomment TLS configuration in the Deployment above
# - Add caBundle field below with the base64-encoded CA certificate
# 2. Modify minikube API server to allow insecure webhooks (development only)
# - Run: minikube start --extra-config=apiserver.runtime-config=admissionregistration.k8s.io/v1beta1
# - And: --enable-admission-plugins=ValidatingAdmissionWebhook,MutatingAdmissionWebhook
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: monitorsetting-validating-webhook
webhooks:
- name: monitorsetting.validation.sys.bytetrade.search3
clientConfig:
service:
name: search3-validation
namespace: {{ .Release.Namespace }}
path: "/validate"
port: 443
# CA certificate for HTTPS validation (using tls.crt as caBundle for self-signed cert)
caBundle: {{ $certs.tlsCert }}
rules:
- apiGroups:
- "sys.bytetrade.search3"
apiVersions:
- "v1alpha1"
operations:
- CREATE
- UPDATE
resources:
- specializedmonitorsettings
- sharedmonitorsettings
admissionReviewVersions:
- "v1"
- "v1beta1"
sideEffects: None
failurePolicy: Fail
matchPolicy: Equivalent
# namespaceSelector can be used to limit which namespaces trigger this webhook
# namespaceSelector:
# matchLabels:
# name: os-framework

15
framework/system-server/.olares/config/user/helm-charts/systemserver/templates/proxy.yaml
View file

@ -184,3 +184,18 @@ spec:
- protocol: TCP
port: 28080
targetPort: 28080
---
apiVersion: v1
kind: Service
metadata:
name: files
namespace: user-system-{{ .Values.bfl.username }}
spec:
type: ClusterIP
selector:
app: systemserver
ports:
- protocol: TCP
port: 28080
targetPort: 28080

2
infrastructure/gpu/.olares/config/gpu/hami/values.yaml
View file

@ -4,7 +4,7 @@ nameOverride: ""
fullnameOverride: ""
namespaceOverride: ""
imagePullSecrets: []
version: "v2.6.3"
version: "v2.6.4"
# Nvidia GPU Parameters
resourceName: "nvidia.com/gpu"

2
platform/hami/.olares/Olares.yaml
View file

@ -3,7 +3,7 @@ target: prebuilt
output:
containers:
-
name: beclab/hami:v2.6.3
name: beclab/hami:v2.6.4
-
name: beclab/hami-webui-fe-oss:v1.0.8
-

3
platform/tapr/.olares/config/cluster/deploy/sys_event_deploy.yaml
View file

@ -18,6 +18,7 @@ rules:
- cronworkflows
- pods
- nodes
- services
verbs:
- get
- list
@ -78,7 +79,7 @@ spec:
runAsUser: 0
containers:
- name: tapr-sysevent
image: beclab/sys-event:0.2.13
image: beclab/sys-event:0.2.15
imagePullPolicy: IfNotPresent
---