pi-kit/pikit-web/onboarding/index.html

<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Welcome to your Pi-Kit</title>
    <link rel="stylesheet" href="/style.css?v=2" />
  </head>
  <body>
    <main class="card">
      <header>
        <div class="dot"></div>
        <h1>Welcome to your Pi-Kit</h1>
      </header>

      <p class="welcome">Great news — you’re already on your Pi-Kit and it’s responding.</p>
      <p class="subtle">
        Everything stays on your local network. Let’s move you to the secure (HTTPS) dashboard so you
        can manage Pi-Kit safely.
      </p>

      <section class="actions">
        <button id="continueBtn">Continue to secure dashboard</button>
        <a class="ghost" id="downloadCa" href="http://pikit.local/assets/pikit-ca.crt" download>
          Download Pi-Kit CA
        </a>
      </section>

      <section class="steps">
        <h3>Why switch to HTTPS?</h3>
        <ul>
          <li>Encrypts traffic on your LAN so no one can snoop your Pi-Kit dashboard.</li>
          <li>Stops mixed-content / “not secure” browser warnings.</li>
          <li>Needed for some browser features (clipboard, notifications, service workers).</li>
        </ul>
      </section>

      <section class="steps">
        <h3>If you see a warning</h3>
        <ul>
          <li>Brave/Chrome: click <strong>Advanced</strong> → <strong>Proceed</strong>.</li>
          <li>Firefox: click <strong>Advanced</strong> → <strong>Accept the Risk & Continue</strong>.</li>
        </ul>
        <p>This warning is expected the first time. It’s safe for your own Pi on your own network.</p>
      </section>

      <section class="steps">
        <h3>Install the Pi-Kit CA (recommended, one-time)</h3>
        <p>This removes future warnings for the Pi-Kit dashboard.</p>
        <details>
          <summary>Windows</summary>
          <p>Run <strong>mmc</strong> → Add/Remove Snap-in → Certificates (Computer) → Trusted Root CAs → Import <em>pikit-ca.crt</em>.</p>
        </details>
        <details>
          <summary>macOS</summary>
          <p>Double-click <em>pikit-ca.crt</em> → Always Trust.</p>
        </details>
        <details>
          <summary>Linux (Arch / Manjaro / Garuda, etc.)</summary>
          <code id="archCmd">curl -s http://pikit.local/assets/pikit-ca.crt -o /tmp/pikit-ca.crt && sudo install -m644 /tmp/pikit-ca.crt /etc/ca-certificates/trust-source/anchors/ && sudo trust extract-compat</code>
          <button class="copy" data-target="archCmd">Copy</button>
        </details>
        <details>
          <summary>Linux (Debian / Ubuntu)</summary>
          <code id="debCmd">curl -s http://pikit.local/assets/pikit-ca.crt -o /tmp/pikit-ca.crt && sudo cp /tmp/pikit-ca.crt /usr/local/share/ca-certificates/pikit-ca.crt && sudo update-ca-certificates</code>
          <button class="copy" data-target="debCmd">Copy</button>
        </details>
        <details>
          <summary>Linux (Fedora)</summary>
          <code id="fedoraCmd">curl -s http://pikit.local/assets/pikit-ca.crt -o /tmp/pikit-ca.crt && sudo cp /tmp/pikit-ca.crt /etc/pki/ca-trust/source/anchors/pikit-ca.crt && sudo update-ca-trust</code>
          <button class="copy" data-target="fedoraCmd">Copy</button>
        </details>
        <details>
          <summary>BSD (FreeBSD / OpenBSD)</summary>
          <code id="bsdCmd">fetch -o /tmp/pikit-ca.crt http://pikit.local/assets/pikit-ca.crt && sudo install -m644 /tmp/pikit-ca.crt /usr/local/share/certs/pikit-ca.crt && sudo certctl rehash</code>
          <button class="copy" data-target="bsdCmd">Copy</button>
        </details>
      </section>

      <p class="footnote">Once trusted, this page will auto-forward you to the secure dashboard.</p>
    </main>

    <script>
      (function () {
        const target = `https://${location.hostname}`;
        const hasCookie = document.cookie.includes("pikit_https_ok=1");

        document.getElementById("continueBtn").addEventListener("click", () => {
          window.location = target;
        });

        document.querySelectorAll(".copy").forEach((btn) => {
          btn.addEventListener("click", async () => {
            const id = btn.dataset.target;
            const el = document.getElementById(id);
            const text = el.textContent.trim();
            try {
              if (navigator.clipboard && window.isSecureContext) {
                await navigator.clipboard.writeText(text);
              } else {
                const ta = document.createElement("textarea");
                ta.value = text;
                ta.style.position = "fixed";
                ta.style.opacity = "0";
                document.body.appendChild(ta);
                ta.select();
                document.execCommand("copy");
                document.body.removeChild(ta);
              }
              btn.textContent = "Copied";
              setTimeout(() => (btn.textContent = "Copy"), 1500);
            } catch (err) {
              btn.textContent = "Failed";
              setTimeout(() => (btn.textContent = "Copy"), 1500);
            }
          });
        });

        // Accordion: keep only one platform section open at a time
        const detailBlocks = Array.from(document.querySelectorAll("details"));
        detailBlocks.forEach((d) => {
          d.addEventListener("toggle", () => {
            if (!d.open) return;
            detailBlocks.forEach((other) => {
              if (other !== d) other.removeAttribute("open");
            });
          });
        });

        if (hasCookie) {
          window.location = target;
        }
      })();
    </script>
  </body>
</html>