Problem
Mast currently has no authentication. Anyone who can reach the dashboard can manage the fleet, apply patches, and view SSH key metadata. We need a baseline auth gate before this is usable outside a trusted LAN.
Proposal
On first run (no users in the DB), the app redirects to a setup page that asks for a username + password. Submitting creates the initial admin user. From then on, the app requires login.
Modeled on Coolify's first-run flow: zero config, no env vars, no seed script.
Scope
Out of scope (future issues)
- Multiple users / inviting more admins
- Role-based permissions beyond "admin"
- OAuth / SSO / 2FA
- Password reset flow (admin can reset via
mix task for now)
Notes
- This is a meaningful structural change, so add an ADR covering auth approach.
- Keep the setup page reachable only when zero users exist; otherwise 404 it.
- Use designs in components.pen
- Auth - Login (L1inTT)
- Auth - Initial Setup (E1gFG)
Problem
Mast currently has no authentication. Anyone who can reach the dashboard can manage the fleet, apply patches, and view SSH key metadata. We need a baseline auth gate before this is usable outside a trusted LAN.
Proposal
On first run (no users in the DB), the app redirects to a setup page that asks for a username + password. Submitting creates the initial admin user. From then on, the app requires login.
Modeled on Coolify's first-run flow: zero config, no env vars, no seed script.
Scope
bcrypt_elixirorargon2_elixir(pick one, note in ADR)/setup/setupLiveView: username + password + confirm, creates the adminOut of scope (future issues)
mixtask for now)Notes