NoobBoard is a local-first Go web app for monitoring an Unraid server, Docker apps, UniFi network state, and basic connectivity. It serves two surfaces: a detailed admin panel and a compact, phone-friendly shared home status view aimed at non-technical users.
The compact view is meant to help everyone in the home share awareness of service health without needing to understand or manage the server itself.
It is designed for a LAN or private reverse-proxy deployment. Live collectors are used when credentials are configured; fixture data is only used when explicitly selected for development or visual QA.
This is a personal hobby project, shared as-is. It is intended for private, personal, home-lab use on a trusted LAN — not for production, commercial, or multi-tenant deployments. It comes with no warranty and no guarantee of security, correctness, or support; use it at your own risk. You are responsible for your own credentials, network exposure, and data. NoobBoard is not affiliated with or endorsed by Unraid/Lime Technology, Ubiquiti/UniFi, OpenAI, or Anthropic.
- Two separate web surfaces:
- Admin panel on port
8787with detailed status, incidents, settings, logs, and Docker controls. - Compact web app on port
8788with simplified status, selected apps, and chat.
- Admin panel on port
- Live Unraid status, array health, capacity, parity, Docker state, Docker logs, and Docker start/stop/restart actions.
- Live UniFi gateway, WAN, device, client, update, and warning telemetry.
- Direct probes for internet, DNS, router, and NAS reachability.
- OpenAI or Anthropic diagnosis support with strict JSON validation and redacted role-scoped context.
- Runtime settings for roles, visibility, app icons, privacy blacklist, LLM provider, and notifications.
- Local username/password auth with admin and standard-user roles, plus trusted-device stay-signed-in sessions.
- PWA metadata and safe-area handling for iOS Safari web apps and Android install prompts.
Prerequisites:
- Windows 10/11
- Windows PowerShell 5.1+ (or PowerShell 7)
The install script checks for and installs the Go toolchain (via winget if missing),
builds a self-contained noobboard.exe, and registers the NoobBoard Windows service.
# Build only — no service. Good for trying it out or development:
.\install.ps1 -NoService
.\dist\noobboard.exe serve
# Full install as an auto-starting Windows service (run from an *elevated* prompt):
.\install.ps1 -StartAfter NoobBoard is installed as a service, use the update script from an elevated prompt when new code has been merged:
.\update.ps1The update script syncs this checkout from GitHub, rebuilds the app, replaces the installed
service binary, and restarts NoobBoard. Existing firewall and admin-login settings are
preserved. install.ps1 can still rebuild an existing service, but update.ps1 is the
preferred routine update path because it performs the GitHub sync first.
During a first service install, the script also prompts whether to:
- add a Windows Firewall rule for ports 8787-8788 (recommended) — opens the Private and
Public profiles with a warning (see Windows Service below) and binds the server to
0.0.0.0so it is reachable from the LAN (not just localhost), and - set up the admin login now (enter a username and password).
The admin-login prompt only seeds the bootstrap credentials in the service config; it does
not complete setup, so the in-app setup wizard (when available) still runs and continues
from where the installer left off. See the install/wizard contract in
docs/deployment-windows.md and docs/agent-roadmap.md.
Useful flags: -NoService (build only), -Start (start the service after install),
-RunTests (run the test suite first), -AllowLan / -NoFirewall (firewall rule yes/no
without prompting), -SetupAuth (force bootstrap admin prompt), -InstallDir <path> (service binary location, default
%ProgramFiles%\NoobBoard). Run Get-Help .\install.ps1 -Detailed for the full list.
Requires Go 1.25 or newer:
& 'C:\Program Files\Go\bin\go.exe' test ./...
& 'C:\Program Files\Go\bin\go.exe' build -o dist\noobboard.exe .\cmd\dashboard
.\dist\noobboard.exe serveDefault URLs:
Admin panel: http://127.0.0.1:8787/
Compact web app: http://127.0.0.1:8788/
Development credentials:
admin/change-me-nowviewer/change-me-now
Change these before any real LAN or reverse-proxy use.
Live mode is the default. Keep credentials in environment variables, a local config file, or local key files ignored by git.
$env:NOOBBOARD_INTEGRATION_MODE = 'live'
$env:NOOBBOARD_PORT = '8787'
$env:NOOBBOARD_COMPACT_PORT = '8788'
$env:UNRAID_BASE_URL = 'http://tower.local'
$env:UNRAID_API_KEY_FILE = 'C:\path\to\unraid.key'
$env:UNIFI_BASE_URL = 'https://192.168.1.1'
$env:UNIFI_API_KEY_FILE = 'C:\path\to\unifi.key'
$env:UNIFI_SITE_ID = 'default'
$env:NOOBBOARD_LLM_PROVIDER = 'openai' # or 'anthropic'
$env:OPENAI_API_KEY = 'replace_me' # or ANTHROPIC_API_KEY
.\dist\noobboard.exe serveYou can also keep this configuration in a local config file and run
.\dist\noobboard.exe serve --config config.local.yaml. When running as a Windows service,
the default config path is C:\ProgramData\NoobBoard\config.yaml.
Legacy HSD_* environment variables are still accepted as fallback aliases, but new
configuration should use NOOBBOARD_*.
Bare local IPs are accepted for UNRAID_BASE_URL and UNIFI_BASE_URL. Unraid values
normalize to http://...; UniFi values normalize to https://....
If the Unraid GraphQL Docker API omits containers, enable SSH fallback. It runs Docker CLI commands directly on Unraid using key/agent-based SSH and argument-array process execution.
$env:UNRAID_SSH_FALLBACK_ENABLED = 'true'
$env:UNRAID_SSH_HOST = 'tower.local'
$env:UNRAID_SSH_USER = 'root'
$env:UNRAID_SSH_KEY_FILE = 'C:\path\to\unraid-ssh-key'The app prefers SSH only when SSH sees more containers than GraphQL, or when GraphQL cannot serve logs/control for a selected SSH-sourced app.
Fixture mode is for deterministic demos and tests. It must be selected explicitly.
$env:NOOBBOARD_INTEGRATION_MODE = 'fixture'
$env:NOOBBOARD_FIXTURE_SCENARIO = 'single_container_exited'
.\dist\noobboard.exe run-onceFixtures live under fixtures/incidents.
Run the visual check before and after UI changes:
powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\visual-check.ps1The check starts an isolated fixture-backed dashboard, signs in with the development admin
and viewer accounts, captures desktop and mobile screenshots under .cache, and checks for
common regressions such as blank dashboards, hidden login screens, missing app logos,
missing compact content, button overflow, and mobile body overflow.
The recommended path is .\install.ps1 -Start (see Quick Start), which builds the binary,
copies it to %ProgramFiles%\NoobBoard, and registers the service. To manage it manually:
.\dist\noobboard.exe install-service
.\dist\noobboard.exe start-service
.\dist\noobboard.exe stop-service
.\dist\noobboard.exe uninstall-serviceDefault Windows paths:
- Config:
C:\ProgramData\NoobBoard\config.yaml - Database:
C:\ProgramData\NoobBoard\data\dashboard.db.json - Logs:
C:\ProgramData\NoobBoard\logs\
The installer's firewall prompt (and -AllowLan) opens TCP 8787-8788 on the Private and
Public profiles, because Windows frequently mislabels a home LAN as "Public". It also sets
server.bind_address to 0.0.0.0 so the server actually listens on the LAN — the firewall
rule alone is not enough, since the server otherwise binds to 127.0.0.1 only. A non-loopback
bind requires a non-default admin password (set one at the install prompt); if validation
fails the installer reverts to localhost. This does not isolate the host if it is genuinely
internet-facing — change the default admin password, and prefer an HTTPS reverse proxy for
real WAN access. To restrict to the private profile only, add the rule manually instead:
New-NetFirewallRule -DisplayName "NoobBoard" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 8787,8788 -Profile PrivateNoobBoard is built for a trusted LAN or a private HTTPS reverse proxy — not the open
internet. The admin API is served only on the admin port (the compact app returns 404
for /api/admin/*), mutating requests require CSRF + same-origin checks, logs/notifications/
LLM context are redacted, and Docker controls and agent repairs are admin-gated and audited.
Secrets and local state (.env, config.yaml, key files, data/, logs/) are git-ignored —
never commit them, and change the default admin password before any real use.
See docs/security_doc.md for the full list of controls and the
reverse-proxy hardening checklist.
.\dist\noobboard.exe check-config
.\dist\noobboard.exe run-once
.\dist\noobboard.exe versioninstall.ps1 Dependency check + build + service install
cmd/dashboard CLI entrypoint and server startup
cmd/visualcheck Local screenshot/DOM regression harness
internal/adapters Unraid, Docker, UniFi, probes, and fixtures
internal/server HTTP routing, auth, settings, and static app serving
internal/diagnostics Incident and status rules
web/public Embedded PWA frontend
docs Architecture, API config, deployment, and security notes
AGENTS.md Orientation + don't-regress guardrails for contributors/agents
docs/agent-roadmap.md Planned workstreams and design notes
Read AGENTS.md first for the app's purpose and the invariants that keep the two surfaces
safe. Planned work and design decisions live in docs/agent-roadmap.md.
NoobBoard is free software: you can redistribute it and/or modify it under the terms of the
GNU General Public License v3.0 as published by the Free Software Foundation. See the
LICENSE file for the full text.
Copyright (C) 2026 wellivea1
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.