Merge pull request #124 from ThePorgs/dev-wrapper

Adding Dashboard API and Offline mode

Author: Dramelac

docs/.vitepress/config.mts

@@ -72,6 +72,7 @@ export default defineConfig({
     socialLinks: [
       { icon: 'discord', link: 'https://discord.exegol.com' },
       { icon: 'linkedin', link: 'https://linkedin.exegol.com' },
+      { icon: 'reddit', link: 'https://www.reddit.com/r/exegol' },
       { icon: 'x', link: 'https://x.com/exegogol' },
       { icon: 'youtube', link: 'https://www.youtube.com/@exegogol' },
       { icon: 'github', link: 'https://github.com/ThePorgs/Exegol' },

docs/src/assets/desktop.png

@@ -106,24 +106,13 @@ go install -v github.com/AUTHOR/REPO@latest
 asdf reshim golang
 ```
 
-The `go install` command will work with the default version of golang (managed via `asdf`), currently being 1.22.2, set in `package_base`, in the `install_go()` function, with `asdf set --home golang 1.22.2`.
+The `go install` command will work with the default version of golang (managed via `asdf`), currently being `1.22.2`, set in `package_base`, in the `install_go()` function.
 
-If another version is needed, when a tool requires go >= 1.22.2, the following template can be used:
+If another version is needed, the following instruction should be used before the `go install -v ...`:
 
 ```bash
-mkdir /opt/tools/TOOL_NAME
-cd /opt/tools/TOOL_NAME
+# Example with Golang 1.24.4
 asdf set golang 1.24.4
-mkdir -p .go/bin
-GOBIN=/opt/tools/TOOL_NAME/.go/bin go install -v github.com/REPO_NAME/TOOL_NAME@latest
-asdf reshim golang
-add-aliases TOOL_NAME
-```
-
-And then the alias being like:
-
-```bash
-alias TOOL_NAME="/opt/tools/TOOL_NAME/.go/bin/TOOL_NAME"
 ```
 
 == Ruby

docs/src/assets/desktop_dark.png

@@ -5,6 +5,7 @@ The Licenses page allows you to manage your **Exegol Pro and Enterprises** licen
 For each license, you can see:
 
 - Type (Pro or Enterprise)
+- Options (e.g. "Offline")
 - Organization behind the Enterprise license (Enterprise only)
 - Team you're in (Enterprise only)
 - Status (active/expired/disabled)

docs/src/assets/desktop_light.png

@@ -102,6 +102,19 @@ To log out from all other devices where you're signed in:
 
 :::
 
+## API keys
+
+API keys allow you to authenticate with Exegol services in a non-interactive way. This is available to both Pro and Enterprise users.
+
+You can create, revoke, and remove API keys from their section in Settings. API keys can be used with the Exegol wrapper for [unattended activation](/wrapper/cli/activate#unattended-activation), which may be useful for automation, CI/CD, or scripted setups.
+
+- **One-time display**: The key value is shown only once at creation. Store it securely; it cannot be displayed again.
+- **Lifespan**: You can set a lifespan of up to **2 years** when creating a key.
+- **Scope**: An API key gives the wrapper access to **all licenses** attached to an account.
+
+> [!WARNING]
+> Treat API keys like passwords. Never share them or commit them to version control. Revoke any key that may have been exposed.
+
 ## Account Deletion
 
 Account deletion requests are currently processed manually by our team to ensure proper handling of active subscriptions before account closure. This prevents you from being locked out while subscriptions are still active. This process will be automated as we scale up.

docs/src/contribute/images.md

@@ -61,6 +61,26 @@ http server: `updog`, `goshs`, `http-server`, `http-put-server`,
 In order to **shares notes** during an engagement, `trilium`
 (<https://github.com/TriliumNext/Trilium>) can be used.
 
+## Transferring images to an offline machine
+
+A machine activated with the [offline procedure](/wrapper/cli/activate#offline-option) cannot pull Exegol images from the Internet.
+
+The image needs to be downloaded on an Internet-facing machine first, then transferred onto the offline one.
+
+The following example uses the `full` image. It all starts on the Internet-facing machine.
+
+1. Activate Exegol with [default](/wrapper/cli/activate#default-activation) or [unattended](/wrapper/cli/activate#unattended-activation) activation.
+
+2. Install the image(s) with `exegol install full`
+
+3. Export the image to a tarball: `docker save registry.exegol.com/exegol:full --output "/path/to/image.tar"`
+
+4. Transfer the file to the offline machine by any secure means.
+
+5. Then, on the offline machine, load the image with: `docker load --input "/path/to/image.tar"`
+   
+6. Verify the import worked and Exegol can see the image: `exegol info`. You should see the loaded image listed. You can then use `exegol start` and other wrapper commands as usual.
+
 ## Dynamic history commands
 
 Many commands in the pre-filled history rely on environment variables

docs/src/dashboard/licenses.md

@@ -4,44 +4,73 @@ The `activate` action is used to activate Exegol with a valid Pro/Enterprise lic
 Exegol in a professional environment. Without activation, Exegol will run in Community edition mode with limited
 features.
 
-When activating Exegol, you will need:
 
-1. A valid Exegol account (email)
-2. An active license assigned to your account
-3. Internet access to connect to the license server
+## Default activation
 
-> [!NOTE] Offline Activation
->
-> If you need to activate Exegol in an offline environment, please contact us directly. We may be able to provide
-> offline activation solutions on a case-by-case basis for specific clients.
+This is the default interactive activation method (online, interactively).
+
+1. Run `exegol activate`
+2. The wrapper will prompt you to enter your Exegol email address
+3. You will need to generate a login token from the Exegol dashboard [OTP](https://dashboard.exegol.com/otp) page
+4. Enter the token when prompted
+5. Select which license to activate
+
+## Unattended activation
+
+You can activate Exegol without any interactive prompts (e.g. for automation, CI/CD, or remote setup).
 
-## Activation process
+1. Create and save an API key from the Exegol dashboard "[Settings](https://dashboard.exegol.com/settings)" page. See the [API keys docs](/dashboard/settings#api-keys) for more info. **The key is shown only once at creation**.
+2. Retrieve the License ID you want to activate, from the Exegol dashboard "[My licenses](https://dashboard.exegol.com/licenses)" page. The ID can be copied from the three-dots menu in the Action column.
 
-1. The wrapper will prompt you to enter your Exegol email address
-2. You will need to generate a login token from the Exegol dashboard [/otp](https://dashboard.exegol.com/otp) page
-3. Enter the token when prompted
-4. If you have multiple licenses, you will be presented with a list to choose from
-5. If the selected license is already in use on another machine, you will be asked if you want to revoke it from that
-   machine
-6. Once activated, the license will be bound to your current machine
+Use the following command, replacing the placeholders with your API key and license ID:
 
-> [!WARNING] Important
+```bash
+exegol activate --accept-eula --api "$API_KEY" --license-id "$LICENSE_ID"
+```
+
+Alternatively, if you set the `EXEGOL_API_KEY` and `EXEGOL_LICENSE_ID` environment variables, you can run without arguments:
+
+```bash
+exegol activate --accept-eula
+```
+
+## Offline option <Badge type="enterprise"/>
+
+The **offline mode** is a paid option of the **Exegol Enterprise** tier. Licenses with that option are not affected by the usual 7-days offline limit. They can be activated like other standard Licenses with both [Default activation](#default-activation) or [Unattended activation](#unattended-activation) methods described above.
+
+This option can also prove useful for machines that will never be connected to the Internet, as they can be activated using the dedicated offline activation procedure described below.
+
+1. Run `exegol activate --offline` on the offline machine, and retrieve the "Activation ID"
+2. On an Internet-connected machine, open the Exegol dashboard "[My licenses](https://dashboard.exegol.com/licenses)" page, identify the "Offline" license to activate, then click "Offline Enrollment" in the three-dots menu from the Actions column
+3. Fill in the form with the Activation ID, set an OS and name for the machine
+3. Download the resulting `license.key` file and place it on the offline machine at `~/.exegol/license.key`
+
+Once the license key is in place, the offline machine will be considered activated without needing any Internet access. 
+
+> [!INFO]
+> This activation procedure is meant for machines that will never be connected to the Internet. They won't be able to download Exegol images.
 >
-> You can only have one active license per machine at a time. If you want to activate a different license, you must
-> first revoke the current one using the `--revoke` option.
+> To install Exegol images on a fully offline machine, use the procedure described in [Transferring images to an offline machine](/tips-and-tricks#transferring-images-to-an-offline-machine): activate and pull the image on an Internet-connected station, export it with `docker save`, transfer the archive, then load it on the offline machine with `docker load` and run `exegol info` to verify.
 
 ## Options
 
-| Option     | Description                      |
-|------------|----------------------------------|
-| `--revoke` | Revoke your local Exegol license |
+| Option          | Description                                                          |
+|-----------------|----------------------------------------------------------------------|
+| `--accept-eula` | Non-interactively accept the EULA                                    |
+| `--offline`     | Show the activation ID of the current machine for offline activation |
+| `--api`         | API key for unattended activation (or set `EXEGOL_API_KEY` env var)  |
+| `--license-id`  | License ID to activate (or set `EXEGOL_LICENSE_ID` env var)          |
+| `--revoke`      | Revoke your local Exegol license                                     |
 
 ## Command examples
 
 ```bash
 # Activate Exegol interactively
 exegol activate
 
+# Activate Exegol non-interactively
+exegol activate --accept-eula --api "$API_KEY" --license-id "$LICENSE_ID"
+
 # Revoke current license
 exegol activate --revoke
 ```

docs/src/dashboard/settings.md

@@ -41,19 +41,21 @@ Many options exist to customize the creation of exegol container.
 | `-V VOLUMES`, `--volume VOLUMES`                  | Share a new volume between host and exegol (format: --volume /path/on/host/:/path/in/container/\[:ro\|rw\]).                                                                                                                         |
 | `-p PORTS`, `--port PORTS`                        | Share a network port between host and exegol (format: `--port [<host_ipv4>:]<host_port>[-<end_host_port>][:<container_port>[-<end_container_port>]][:<protocol>]`. This configuration will disable the shared network with the host. |
 | `--hostname HOSTNAME`                             | Set a custom hostname to the exegol container (default: exegol-\<name\>)                                                                                                                                                             |
+| `--hosts-file HOSTS_FILE`                         | Import custom host entries from a file (format: IP HOSTNAME)                                                                                                                                                                         |
 | `--disable-X11`                                   | Disable X11 sharing to run GUI-based applications. (default: Enabled)                                                                                                                                                                |
 | `--disable-my-resources`                          | Disable the mount of the shared resources (/opt/my-resources) from the host (/home/dramelac/.exegol/my-resources) (default: Enabled)                                                                                                 |
 | `--disable-exegol-resources`                      | Disable the mount of the exegol resources (/opt/resources) from the host (/home/dramelac/Documents/tools/Exegol/exegol-resources) (default: Enabled)                                                                                 |
 | `--network NETWORK`                               | <Badge type="new"/> Configure the container's network mode (default: host). See [Network Modes](#network-modes) for details.                                                                                                         |
 | `--disable-shared-timezones`                      | Disable the sharing of the host's time and timezone configuration with exegol (default: Enabled)                                                                                                                                     |
+| `--comment`                                       | The specified comment will be added to the container info                                                                                                                                                                            |
 
 ### Privileges
 
 By default, the Exegol container will receive the minimum permissions required by the enabled features.
 
 > [!NOTE] Automatic permissions
 > Permissions will be added automatically if required. For example, when the `--vpn` parameter is used,
-devices and capabilities are automatically added to enable the VPN to operate with the least privileges possible.
+> devices and capabilities are automatically added to enable the VPN to operate with the least privileges possible.
 
 | Option                           | Description                                                                                                                                                    |
 |----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -62,26 +64,33 @@ devices and capabilities are automatically added to enable the VPN to operate wi
 | `--privileged`                   | **(dangerous)** Give extended privileges at the container **creation** (e.g. needed to mount things, to use Wi-Fi or Bluetooth)                                |
 
 > [!CAUTION] Avoid using privileged mode unless absolutely necessary
-> This flag grants the container nearly unrestricted access to the host, effectively breaking most security boundaries 
-> Docker puts in place (all Linux kernel capabilities are enabled; seccomp, AppArmor and SELinux protections are disabled; 
+> This flag grants the container nearly unrestricted access to the host, effectively breaking most security boundaries
+> Docker puts in place (all Linux kernel capabilities are enabled; seccomp, AppArmor and SELinux protections are
+> disabled;
 > the container can access all host devices; and major mounts become read-write).
 
 #### New container
 
 When a new container is created, it is possible to:
 
-- Add the specific [capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) needed with `--cap`, among the following list: `NET_ADMIN`, `NET_BROADCAST`, `SYS_MODULE`, `SYS_PTRACE`, `SYS_RAWIO`,
-      `SYS_ADMIN`, `LINUX_IMMUTABLE`, `MAC_ADMIN`, `SYSLOG`. `ALL` is a special value that sets them all (all capabilities supported by Docker, [read more](https://docs.docker.com/engine/containers/run/#runtime-privilege-and-linux-capabilities)).
+- Add the specific [capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) needed with `--cap`, among
+  the following list: `NET_ADMIN`, `NET_BROADCAST`, `SYS_MODULE`, `SYS_PTRACE`, `SYS_RAWIO`,
+  `SYS_ADMIN`, `LINUX_IMMUTABLE`, `MAC_ADMIN`, `SYSLOG`. `ALL` is a special value that sets them all (all capabilities
+  supported by
+  Docker, [read more](https://docs.docker.com/engine/containers/run/#runtime-privilege-and-linux-capabilities)).
 - Identify which devices are required and add specific devices with `-d`/`--device`.
-- If you need "root access" (i.e., all capabilities, and access to all devices, hardware and kernel of the host) the `--privileged` option can be used.
+- If you need "root access" (i.e., all capabilities, and access to all devices, hardware and kernel of the host) the
+  `--privileged` option can be used.
 
 > [!WARNING]
-> The privileges configured when creating the container will be given to all processes in that container for the entirety of its lifetime.
+> The privileges configured when creating the container will be given to all processes in that container for the
+> entirety of its lifetime.
 
 #### Existing container <Badge type="new"/>
 
 When the container already exists, you cannot change the default privileges mode, capabilities or share new devices.
-However, it is possible to spawn a **single** shell session with **all capabilities** with `--cap ALL`. The capabilities won't be added to the container itself and will only be valid for the specific shell the flag was enabled for.
+However, it is possible to spawn a **single** shell session with **all capabilities** with `--cap ALL`. The capabilities
+won't be added to the container itself and will only be valid for the specific shell the flag was enabled for.
 
 ### Network modes
 
@@ -165,15 +174,18 @@ users a full-featured desktop experience directly from their browser.
 
 ### VPN
 
-An additional feature of Exegol is the managed VPN tunnel. Compatible with OpenVPN and WireGuard since Exegol image version `3.1.8`.
+An additional feature of Exegol is the managed VPN tunnel. Compatible with OpenVPN and WireGuard since Exegol image
+version `3.1.8`.
 
-- To configure an OpenVPN tunnel, your configuration file must have the `.ovpn` extension or the directory must contain an `.ovpn` file.
+- To configure an OpenVPN tunnel, your configuration file must have the `.ovpn` extension or the directory must contain
+  an `.ovpn` file.
 - To configure a WireGuard VPN, your configuration file must have the `.conf` extension.
 
 The container will take care of starting the tunnel at each startup.
 
 > [!IMPORTANT] WrireGuard support
-> WireGuard VPN support is currently in beta and exclusive to <Badge type="pro" /> and <Badge type="enterprise" /> users at this time.
+> WireGuard VPN support is currently in beta and exclusive to <Badge type="pro" /> and <Badge type="enterprise" /> users
+> at this time.
 
 > [!INFO]
 > When using the `--vpn` feature, network mode defaults to `docker`, or `nat` if the user has a