Update from task 03995583-94fd-41a9-991f-d31351b4ae48

.gitignore

@@ -1,28 +1,71 @@
-# Ignore generated environment variables and secrets
+```bash
+# Environment
 .env
+.env.local
+.env.*
 
-# Ignore generated hardware acceleration override
-docker-compose.override.yml
-
-# Ignore generated management script
-manage.sh
-
-# Ignore all application data, databases, and configs
-configs/
-data/
-
-# Ignore generated installation and backups
-torbox-media-server/
-backups/
-*.bak.*
+# Logs and temp files
+*.log
+*.tmp
+*.swp
 
-# IDE/Editor files
+# Editors
 .vscode/
 .idea/
-*.swp
-*.swo
-*~
+
+# Dependencies
+node_modules/
+.venv/
+venv/
+__pycache__/
+.mypy_cache/
+.pytest_cache/
+dist/
+build/
+target/
+.gradle/
 
 # OS generated files
 .DS_Store
 Thumbs.db
+
+# Compiled files
+*.pyc
+*.class
+*.o
+*.exe
+*.dll
+*.so
+*.a
+*.obj
+*.out
+
+# Coverage
+coverage/
+htmlcov/
+.coverage
+
+# Compressed files
+*.zip
+*.gz
+*.tar
+*.tgz
+*.bz2
+*.xz
+*.7z
+*.rar
+*.zst
+*.lz4
+*.lzh
+*.cab
+*.arj
+*.rpm
+*.deb
+*.Z
+*.lz
+*.lzo
+*.tar.gz
+*.tar.bz2
+*.tar.xz
+*.tar.zst
+```

setup.sh

@@ -589,6 +589,39 @@ gather_config() {
         done
     fi
 
+    # Generate or preserve admin credentials for the *arr services
+    if [[ -n "${EXISTING_RADARR_ADMIN_USER:-}" && -n "${EXISTING_RADARR_ADMIN_PASS:-}" ]]; then
+        RADARR_ADMIN_USER="$EXISTING_RADARR_ADMIN_USER"
+        RADARR_ADMIN_PASS="$EXISTING_RADARR_ADMIN_PASS"
+        SONARR_ADMIN_USER="$EXISTING_SONARR_ADMIN_USER"
+        SONARR_ADMIN_PASS="$EXISTING_SONARR_ADMIN_PASS"
+        PROWLARR_ADMIN_USER="$EXISTING_PROWLARR_ADMIN_USER"
+        PROWLARR_ADMIN_PASS="$EXISTING_PROWLARR_ADMIN_PASS"
+        log_info "Preserved existing admin credentials from previous installation."
+    else
+        RADARR_ADMIN_USER="admin"
+        SONARR_ADMIN_USER="admin"
+        PROWLARR_ADMIN_USER="admin"
+
+        # Generate secure random passwords
+        RADARR_ADMIN_PASS="$(openssl rand -base64 12 2>/dev/null | tr -d '/+=' | head -c 12)"
+        SONARR_ADMIN_PASS="$RADARR_ADMIN_PASS"
+        PROWLARR_ADMIN_PASS="$RADARR_ADMIN_PASS"
+
+        # Fallback if openssl fails
+        if [[ -z "$RADARR_ADMIN_PASS" ]]; then
+            RADARR_ADMIN_PASS="$(head -c 12 /dev/urandom | base64 | tr -d '/+=' | head -c 12)"
+            SONARR_ADMIN_PASS="$RADARR_ADMIN_PASS"
+            PROWLARR_ADMIN_PASS="$RADARR_ADMIN_PASS"
+        fi
+
+        # Validate passwords are non-empty
+        if [[ -z "$RADARR_ADMIN_PASS" ]]; then
+            log_error "Failed to generate admin passwords. Ensure openssl is installed."
+            exit 1
+        fi
+    fi
+
     echo ""
 
     # Hardware Acceleration — auto-detect, then prompt only if ambiguous
@@ -933,7 +966,7 @@ DECYPHARR_USER="${DECYPHARR_USER:-torbox}"
 DECYPHARR_PASS="${DECYPHARR_PASS:-}"
 ENV_EOF
 
-    # Preserve existing admin credentials if this is a re-run
+    # Preserve existing admin credentials if this is a re-run, or write newly generated ones on fresh install
     if [[ -n "${EXISTING_RADARR_ADMIN_USER:-}" ]]; then
         cat >> "${ENV_FILE}" << ADMIN_EOF
 
@@ -944,6 +977,18 @@ SONARR_ADMIN_USER="${EXISTING_SONARR_ADMIN_USER}"
 SONARR_ADMIN_PASS="${EXISTING_SONARR_ADMIN_PASS}"
 PROWLARR_ADMIN_USER="${EXISTING_PROWLARR_ADMIN_USER}"
 PROWLARR_ADMIN_PASS="${EXISTING_PROWLARR_ADMIN_PASS}"
+ADMIN_EOF
+    else
+        # Fresh install: write the newly generated admin credentials
+        cat >> "${ENV_FILE}" << ADMIN_EOF
+
+# Admin Credentials (Auto-generated)
+RADARR_ADMIN_USER="${RADARR_ADMIN_USER}"
+RADARR_ADMIN_PASS="${RADARR_ADMIN_PASS}"
+SONARR_ADMIN_USER="${SONARR_ADMIN_USER}"
+SONARR_ADMIN_PASS="${SONARR_ADMIN_PASS}"
+PROWLARR_ADMIN_USER="${PROWLARR_ADMIN_USER}"
+PROWLARR_ADMIN_PASS="${PROWLARR_ADMIN_PASS}"
 ADMIN_EOF
     fi