{% extends "ui/_layout.html" %}
{% block title %}Account - bty-web{% endblock %}

{% block subnav %}
{% with sections=None %}
{% include "ui/_subnav.html" %}
{% endwith %}
{% endblock %}

{% block intro %}
{% from "ui/_intro_box.html" import render as intro_box %}
{% call intro_box() %}
    Operator-account info for the logged-in user. PXE / Netboot
    configuration (router cheatsheet + TFTP daemon control)
    lives on the <a href="/ui/boot">Netboot</a> page.
{% endcall %}
{% endblock %}

{% block content %}
<div class="card mb-4">
    <div class="card-body">
        <h2 class="h5 mb-3"><i class="bi bi-info-circle me-2"></i>About</h2>
        <p class="text-muted mb-0">
            Running <code>bty v{{ version }}</code> as service user
            <code>{{ service_user }}</code>. Source +
            release notes at <a href="https://github.com/safl/bty"
            target="_blank" rel="noopener">github.com/safl/bty</a>.
        </p>
    </div>
</div>

<div class="card mb-4">
    <div class="card-body">
        <h2 class="h5 mb-3"><i class="bi bi-shield-lock me-2"></i>Authentication</h2>
        <p class="text-muted mb-0">
            bty-web is gated by the OS password of the
            <code>{{ service_user }}</code> account. To rotate the credential,
            run <code>sudo passwd {{ service_user }}</code> on the server.
            Sessions are server-signed cookies (Starlette's
            <code>SessionMiddleware</code>) with a sliding 7-day TTL. To
            invalidate every existing session in one shot, rotate the
            session secret:
            <code>sudo rm /var/lib/bty/session-secret &amp;&amp; sudo systemctl
            restart bty-web</code>. The restart regenerates the secret on
            startup; no reboot needed.
        </p>
    </div>
</div>

{% endblock %}