{% extends "ui/_layout.html" %} {% block title %}Settings - bty-web{% endblock %} {% block content %} {# Hoisted once: ``primary`` is the first listed non-loopback interface, used by the router-config cheatsheet to suggest the appliance's LAN IP. Computed up front so the same reference is available everywhere on the page. #} {% set primary = interfaces[0] if interfaces else None %}

Settings

Authentication

bty-web is gated by the OS password of the {{ service_user }} account. To rotate the credential, run sudo passwd {{ service_user }} on the server. Sessions are server-signed cookies (Starlette's SessionMiddleware) with a sliding 7-day TTL. To invalidate every existing session in one shot, rotate the session secret: sudo rm /var/lib/bty/session-secret && sudo systemctl restart bty-web. The restart regenerates the secret on startup; no reboot needed.

PXE / network boot

bty-server runs a TFTP daemon (dnsmasq) and serves boot artefacts over HTTP. The DHCP side stays with your LAN's router/DHCP server -- bty deliberately doesn't try to replace it. Point your router at this appliance with the settings below.

{% if missing_netboot_artifacts %}
Netboot environment incomplete. Missing under {{ boot_root }}: {% for name in missing_netboot_artifacts %} {{ name }}{% if not loop.last %}, {% endif %} {% endfor %}. PXE clients will chain into iPXE but get 404 on the kernel fetch until these files are present.
Boot artifacts
{% endif %}

This appliance

{% for iface in interfaces %} {% else %} {% endfor %}
Interface State IPv4
{{ iface.name }} {{ iface.operstate }} {% if iface.ipv4 %} {{ iface.ipv4 }}/{{ iface.prefix }} {% else %} (no address) {% endif %}
(no interfaces detected)

Router-side configuration

Configure your LAN's DHCP server to tag PXE clients with the options below. For UniFi: Settings → Networks → [your LAN] → Advanced → DHCP → Network Boot. For pfSense / OpenWRT / dnsmasq: equivalent options on the DHCP service.

Option Value Notes
option 60 PXEClient Vendor-class echo. Strict UEFI firmware filters offers without it.
option 66 / Next-Server {% if primary and primary.ipv4 %} {{ primary.ipv4 }} {% else %} (this appliance's LAN IP) {% endif %} The TFTP server. Same box as bty-web.
option 67 / Boot-Filename ipxe.efi For UEFI PXEClient (arch 6/7/9). Use undionly.kpxe for legacy BIOS (arch 0).
option 67 for user-class=iPXE http://{% if primary and primary.ipv4 %}{{ primary.ipv4 }}{% else %}<bty-server>{% endif %}:8080/pxe-bootstrap.ipxe Stops iPXE chain-loop. Different bootfile when iPXE re-DHCPs.

For UEFI HTTP-Boot (vendor-class HTTPClient), point option 67 at http://{% if primary and primary.ipv4 %}{{ primary.ipv4 }}{% else %}<bty-server>{% endif %}:8080/boot/ipxe.efi instead -- no TFTP roundtrip.

{# TFTP daemon (dnsmasq) state + control panel. Distinct from the info card above: this lets the operator triage the local TFTP service. Start / Stop are the "take PXE offline briefly" knobs; Restart picks up any TFTP-root changes the operator made by hand. #}

TFTP daemon

The local dnsmasq.service serves the TFTP root (/var/lib/tftpboot). Stop it to take PXE offline without disabling DHCP; restart it to pick up new bootfiles staged into the TFTP root.

{% if tftp.state == 'active' %} {{ tftp.state }} {% elif tftp.state == 'failed' %} {{ tftp.state }} {% elif tftp.state in ('activating', 'deactivating', 'reloading') %} {{ tftp.state }} {% else %} {{ tftp.state }} {% endif %} dnsmasq.service
{% if tftp_controllable %}
{% else %} {# No sudo'd helper available in this deployment (Docker container, dev shell, etc). dnsmasq lifecycle is owned by the entrypoint / supervisor instead of bty-web. #} Controls disabled (no daemon helper here) {% endif %}
{% endblock %}