From 3869ca7cba9f96c063bd768f9e60ff1e449ef8a3 Mon Sep 17 00:00:00 2001 From: jester Date: Sat, 7 Feb 2026 21:48:02 +0000 Subject: [PATCH] docs: add host controls decision (keep delete failsafe, add LXC controls) --- ...02-07_host-controls-and-delete-failsafe.md | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 SCRATCH/2026-02-07_host-controls-and-delete-failsafe.md diff --git a/SCRATCH/2026-02-07_host-controls-and-delete-failsafe.md b/SCRATCH/2026-02-07_host-controls-and-delete-failsafe.md new file mode 100644 index 0000000..30eb917 --- /dev/null +++ b/SCRATCH/2026-02-07_host-controls-and-delete-failsafe.md @@ -0,0 +1,58 @@ +# 2026-02-07 — Host controls + delete failsafe + +## Problem + +- The frontend gained a **Delete Server** button with confirmation. +- Backend has a **failsafe**: do not allow deleting a container unless the host (LXC) is stopped. +- At the time, the portal only had "server" controls (game server process), not host controls (LXC start/stop). + +## Decision + +✅ Keep the failsafe. + +Instead of removing safety checks, add **Host Controls** to the UI and wire them to the API: +- Start Host +- Stop Host +- Restart Host + +This keeps the deletion gate meaningful, and also gives users a way to stop compute spend / idle containers. + +## UX wording + +Avoid saying "container" in the user-facing UI if possible. + +Use: +- "Host Controls" or "Server Host" +- "Start Host / Stop Host / Restart Host" + +(Internally it is Proxmox LXC lifecycle, but the UI doesn't need to expose that.) + +## Backend wiring (high-level) + +Routes in `servers.js`: + +- `POST /servers/:id/host/start` +- `POST /servers/:id/host/stop` +- `POST /servers/:id/host/restart` + +Implementation calls `proxmoxClient.startContainer(vmid)`, `stopContainer(...)` or `shutdownContainer(...)`. + +## Delete gate + +Delete endpoint should enforce something like: + +- refuse delete if host is still running +- or auto-stop then delete (only if you explicitly want that behavior) + +Current stance: +- keep it strict to avoid accidental data loss. +- make the user stop the host first, then delete. + +## Testing checklist + +- Start Host → LXC goes running +- Stop Host → LXC shuts down +- Restart Host → stop then start +- Delete Server: + - while running → denied (expected) + - after stop → allowed (expected)