Tidy SSH defaults formatting

Restrict public browser gateway defaults to newt targets
Remove NoNewPrivileges
2026-06-22 15:22:12 +00:00 · 2026-06-16 23:56:01 +00:00 · 2026-06-16 23:53:23 +00:00 · 2026-06-14 15:02:18 -07:00
6 changed files with 49 additions and 33 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,42 +1,52 @@
 version: 2
-
 updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
-    open-pull-requests-limit: 1
    groups:
-      npm-dependencies:
-        patterns:
-          - "*"
-
+      dev-patch-updates:
+        dependency-type: "development"
+        update-types:
+          - "patch"
+      dev-minor-updates:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+      prod-patch-updates:
+        dependency-type: "production"
+        update-types:
+          - "patch"
+      prod-minor-updates:
+        dependency-type: "production"
+        update-types:
+          - "minor"
+          
  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "daily"
-    open-pull-requests-limit: 1
    groups:
-      docker-dependencies:
-        patterns:
-          - "*"
+      patch-updates:
+        update-types:
+          - "patch"
+      minor-updates:
+        update-types:
+          - "minor"

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
-    open-pull-requests-limit: 1
-    groups:
-      github-actions-dependencies:
-        patterns:
-          - "*"

  - package-ecosystem: "gomod"
    directory: "/install"
    schedule:
      interval: "daily"
-    open-pull-requests-limit: 1
    groups:
-      go-install-dependencies:
-        patterns:
-          - "*"
+      patch-updates:
+        update-types:
+          - "patch"
+      minor-updates:
+        update-types:
+          - "minor"
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -1,4 +1,4 @@
-FROM node:26-alpine
+FROM node:24-alpine

 WORKDIR /app

--- a/src/app/[orgId]/settings/resources/public/[niceId]/rdp/page.tsx
+++ b/src/app/[orgId]/settings/resources/public/[niceId]/rdp/page.tsx
@@ -40,6 +40,7 @@ type TargetRow = {
    targetId: number;
    resourceId: number;
    siteId: number;
+    siteType: string | null;
    siteName?: string;
    mode: string | null;
    ip: string;
@@ -105,7 +106,8 @@ function RdpServerForm({
    const api = createApiClient(useEnvContext());
    const router = useRouter();
    const targets = targetsResponse.targets.filter((t) => t.mode === "rdp");
-    const firstTarget = targets[0];
+    const browserGatewayTargets = targets.filter((t) => t.siteType === "newt");
+    const firstTarget = browserGatewayTargets[0];

    const formSchema = useMemo(
        () => createBrowserGatewayTargetFormSchema(t),
@@ -115,7 +117,7 @@ function RdpServerForm({
    const form = useForm<BrowserGatewayTargetFormValues>({
        resolver: zodResolver(formSchema),
        defaultValues: {
-            selectedSites: targets.map((target) => ({
+            selectedSites: browserGatewayTargets.map((target) => ({
                siteId: target.siteId,
                name: target.siteName ?? String(target.siteId),
                type: "newt" as const
--- a/src/app/[orgId]/settings/resources/public/[niceId]/ssh/page.tsx
+++ b/src/app/[orgId]/settings/resources/public/[niceId]/ssh/page.tsx
@@ -62,6 +62,7 @@ type TargetRow = {
    targetId: number;
    resourceId: number;
    siteId: number;
+    siteType: string | null;
    siteName?: string;
    mode: string | null;
    ip: string;
@@ -130,7 +131,9 @@ function SshServerForm({

    const isNativeInitially = resource.authDaemonMode === "native";
    const targets = targetsResponse.targets.filter((t) => t.mode === "ssh");
+    const browserGatewayTargets = targets.filter((t) => t.siteType === "newt");
    const firstTarget = targets[0];
+    const firstBrowserGatewayTarget = browserGatewayTargets[0];
    const initialPamMode =
        (resource.pamMode as "passthrough" | "push") || "passthrough";
    const initialStandardDaemonLocation = isNativeInitially
@@ -163,18 +166,18 @@ function SshServerForm({
            selectedSites:
                isNativeInitially || useSingleSiteOnLoad
                    ? []
-                    : targets.map((target) => ({
+                    : browserGatewayTargets.map((target) => ({
                          siteId: target.siteId,
                          name: target.siteName ?? String(target.siteId),
                          type: "newt" as const
                      })),
            selectedSite:
-                useSingleSiteOnLoad && firstTarget
+                useSingleSiteOnLoad && firstBrowserGatewayTarget
                    ? {
-                          siteId: firstTarget.siteId,
+                          siteId: firstBrowserGatewayTarget.siteId,
                          name:
-                              firstTarget.siteName ??
-                              String(firstTarget.siteId),
+                              firstBrowserGatewayTarget.siteName ??
+                              String(firstBrowserGatewayTarget.siteId),
                          type: "newt" as const
                      }
                    : null,
@@ -190,11 +193,11 @@ function SshServerForm({
                    : null,
            destination: isNativeInitially
                ? ""
-                                : (firstTarget?.ip ?? ""),
+                : (firstBrowserGatewayTarget?.ip ?? ""),
            destinationPort: isNativeInitially
                ? "22"
-                : firstTarget
-                                    ? String(firstTarget.port)
+                : firstBrowserGatewayTarget
+                  ? String(firstBrowserGatewayTarget.port)
                  : "22"
        }
    });
--- a/src/app/[orgId]/settings/resources/public/[niceId]/vnc/page.tsx
+++ b/src/app/[orgId]/settings/resources/public/[niceId]/vnc/page.tsx
@@ -40,6 +40,7 @@ type TargetRow = {
    targetId: number;
    resourceId: number;
    siteId: number;
+    siteType: string | null;
    siteName?: string;
    mode: string | null;
    ip: string;
@@ -105,7 +106,8 @@ function VncServerForm({
    const api = createApiClient(useEnvContext());
    const router = useRouter();
    const targets = targetsResponse.targets.filter((t) => t.mode === "vnc");
-    const firstTarget = targets[0];
+    const browserGatewayTargets = targets.filter((t) => t.siteType === "newt");
+    const firstTarget = browserGatewayTargets[0];

    const formSchema = useMemo(
        () => createBrowserGatewayTargetFormSchema(t),
@@ -115,7 +117,7 @@ function VncServerForm({
    const form = useForm<BrowserGatewayTargetFormValues>({
        resolver: zodResolver(formSchema),
        defaultValues: {
-            selectedSites: targets.map((target) => ({
+            selectedSites: browserGatewayTargets.map((target) => ({
                siteId: target.siteId,
                name: target.siteName ?? String(target.siteId),
                type: "newt" as const
--- a/src/components/newt-install-commands.tsx
+++ b/src/components/newt-install-commands.tsx
@@ -139,7 +139,6 @@ Restart=always
 RestartSec=2
 UMask=0077

-NoNewPrivileges=true
 PrivateTmp=true

 [Install]
Author	SHA1	Message	Date
copilot-swe-agent[bot]	baf45c47eb	Tidy SSH defaults formatting	2026-06-16 23:56:01 +00:00
copilot-swe-agent[bot]	76d0b5753a	Restrict public browser gateway defaults to newt targets	2026-06-16 23:53:23 +00:00
Owen	f9cc52ece9	Remove NoNewPrivileges Fixes https://github.com/fosrl/newt/issues/383	2026-06-14 15:02:18 -07:00