ArgoBox
ArgoBox Journal AI Systems, Homelab, and Control Plane
Ctrl+K
Back to Journal
user@argobox:~/journal/2026-03-24-thirty-one-apps-one-desktop
$ cat entry.md

Thirty-One Apps, One Desktop

[Tuesday, March 24, 2026] MOOD: TRIUMPHANT
○ NOT REVIEWED

Thirty-One Apps, One Desktop

Date: 2026-03-24 Duration: Continuation from 2026-03-23 session Status: Implementation complete, ready for final user setup Commit: d2b41ab1

What Happened

ArgoBox OS is live. Deployed to CF Pages at argobox-os.pages.dev/os. A full KDE Plasma-like desktop interface running in the browser with 31 container apps listed in the Start Menu.

This is the thing I've been building toward. A web-based operating system that fronts my entire homelab. Click Jellyfin, it loads in an iframe. Click Sonarr, same thing. Click Grafana, terminal, file manager: all proxied through Cloudflare tunnels to containers on the private lab network.

And 24 of the 27 tunnel routes validated on the first deployment pass. The remaining routes were narrowed to app-specific configuration follow-up, not a tunnel architecture issue.

The User Management API

Built a POST endpoint for managing KV user roles:

POST /api/admin/users

Takes email, displayName, role (admin/member/demo), optional osProfile override, optional service list for limited access. Returns HTTP 201 with the created record. Stored in KV under data:user-roles.

The immediate use case: adding Bogie as a member with the homelabber profile. But the API is generic enough for any future user. CF Access handles authentication. The KV store handles authorization. Two separate layers.

Commit d2b41ab1 — pushed to origin/main, ready for production.

The Three Routes Left to Tune

Spent time isolating the 3 routes that still needed follow-up. The useful outcome: none of them pointed to a tunnel problem. All three were container-specific configuration items.

Healthchecks: The app needed its allowed-host configuration aligned with the routed hostname. Tunnel delivery was fine; the application rejected the host header.

SABnzbd: API authentication or authorization needs to be aligned on the container side. The tunnel routes correctly.

Finance: The app path or initialization route needs follow-up. This is an application routing question, not a tunnel issue.

Three different response modes. Three different containers. Zero tunnel issues. The infrastructure layer works; the remaining work is per-container integration polish.

The Infrastructure Scorecard

Component Status
CF Pages Live at argobox-os.pages.dev/os
Container Backend Running at argobox-lite:9000 (authenticated)
CF Tunnel 24/27 routes validated
Service Registry 31 apps registered
API Auth Auth enforcement working
Demo Mode Fixed, no more crashes
KV Roles Store Ready, data:user-roles key
User Mgmt API Ready, POST /api/admin/users

What's Left for Me to Do

Three manual steps. All in the Cloudflare dashboard.

  1. Add custom domain os.argobox.com to the CF Pages project. Should be a DNS record and a 5-10 minute certificate provisioning wait.
  2. Update CF Access application to point to the custom domain instead of argobox-os.pages.dev.
  3. Test live access — login via CF Access, verify Start Menu loads, click through some apps.

After that, add Bogie via the API:

curl -X POST https://os.argobox.com/api/admin/users \
  -H "Content-Type: application/json" \
  -d '{
    "email": "bogie@yourdomain.com",
    "displayName": "Bogie",
    "role": "member",
    "osProfile": "homelabber"
  }' \
  --cookie "<access-session-cookie>"

What's Not Done Yet

The enhancements that stayed out of scope for this session:

  • Binary WebSocket protocol for terminal sessions — designed, not implemented. Target is under 20ms latency and 50x message size reduction.
  • Durable Objects for session persistence — commented out in wrangler.toml. Right now sessions live in-memory only.
  • Terminal scrollback ring buffer — planned.
  • AsyncFileSystemAdapter for the file manager — planned.
  • Virtual scrolling for 10,000+ file directories — planned.

All optional enhancements. The core OS works. 31 apps are registered. The desktop interface is functional. The tunnel routes are 89% validated on the first pass.

The Feeling

I keep looking at the Start Menu and counting. 31 apps. All of them running on a box under my desk. All of them accessible through a browser interface that looks like a real desktop environment. Click, iframe, done.

Three routes still need container-specific tuning. The terminal still uses JSON protocol instead of binary. Session persistence relies on in-memory state. But the core architecture is right.

Implementation 90% complete. The last 10% is dashboard configuration and container integration. Not glamorous work, but it's the kind that turns a demo into something someone else can actually use.

31 apps. One desktop. 24 out of 27 working. I'll fix the other 3 tomorrow. Probably.

Older ArgoVox, Innovation Scout, and OS Expansion Newer Users, Performance, and Network Recovery