archy/apps/lnd-ui/manifest.yml

app:
  id: lnd-ui
  name: LND UI
  version: 1.0.0
  description: |
    Archipelago-native HTTP frontend for LND. Runs nginx inside a
    container and serves static assets. LND connection info is fetched
    via an absolute URL that the host nginx routes to the archipelago
    backend on 127.0.0.1:5678, so no upstream auth is baked in.

  container:
    build:
      context: /opt/archipelago/docker/lnd-ui
      dockerfile: Dockerfile
      tag: localhost/lnd-ui:local

  dependencies:
    - app_id: lnd

  resources:
    memory_limit: 64Mi

  security:
    readonly_root: false
    network_policy: bridge

  # Bridge networking via archy-net. Container nginx listens on 80;
  # host nginx proxies /app/lnd/ -> 127.0.0.1:18083 -> container:80.
  ports:
    - host: 18083
      container: 80
      protocol: tcp

  volumes: []

  environment: []

  health_check:
    type: http
    endpoint: http://127.0.0.1:18083
    path: /
    interval: 30s
    timeout: 5s
    retries: 3
feat(container): bitcoin-ui pre-start hook renders nginx.conf from embedded template Replaces the first-boot-containers.sh sed/envsubst approach with a Rust-native render step bound into the ContainerOrchestrator lifecycle. - New container::bitcoin_ui module: embeds the nginx.conf template via include_str!, reads the plaintext RPC password from /var/lib/archipelago/secrets/bitcoin-rpc-password, substitutes {{BITCOIN_RPC_AUTH}} with base64(archipelago:<password>), and atomic- writes (tmp + rename) to /var/lib/archipelago/bitcoin-ui/nginx.conf. Idempotent: byte-compares before writing so unchanged input is a no-op (no inode churn, no restart cascade). - ProdContainerOrchestrator gains run_pre_start_hooks(app_id) returning HookOutcome::{Rewritten, Unchanged}. Fires in install_fresh before create_container, and in ensure_running: on Running + Rewritten triggers a restart; on Stopped re-renders then starts. - bitcoin-ui Dockerfile no longer COPYs a default.conf; the file now arrives via runtime bind-mount of the rendered config. If the bind- mount is ever missing, nginx starts with no site configured and returns 404 everywhere — safe failure vs. serving upstream RPC with a stale Authorization header. - apps/{bitcoin,electrs,lnd}-ui/manifest.yml land as first-class manifests. bitcoin-ui declares the bind-mount target and a dependency on bitcoin-core; electrs-ui and lnd-ui declare their own deps and health checks. - 8 new unit tests on the render fn (idempotency, rotation, trimming, missing/empty secret, template invariants) plus an integration test asserting install(bitcoin-ui) actually lands a substituted nginx.conf on disk via the hook. 39/39 container:: tests pass (test_parse_image_versions pre-existing failure unchanged, out of scope). 2026-04-23 02:19:52 -04:00			`app:`
			`id: lnd-ui`
			`name: LND UI`
			`version: 1.0.0`
			`description: \|`
			`Archipelago-native HTTP frontend for LND. Runs nginx inside a`
			`container and serves static assets. LND connection info is fetched`
			`via an absolute URL that the host nginx routes to the archipelago`
			`backend on 127.0.0.1:5678, so no upstream auth is baked in.`

			`container:`
			`build:`
			`context: /opt/archipelago/docker/lnd-ui`
			`dockerfile: Dockerfile`
			`tag: localhost/lnd-ui:local`

			`dependencies:`
			`- app_id: lnd`

			`resources:`
			`memory_limit: 64Mi`

			`security:`
			`readonly_root: false`
fix(lnd-ui): align container port across all specs The LND UI container was unreachable on .228 after the v1.7.43-alpha deploy because three sources of truth disagreed on which port nginx listens on inside the container: - docker/lnd-ui/nginx.conf listen 8081 - docker/lnd-ui/Dockerfile EXPOSE 8080 - apps/lnd-ui/manifest.yml host networking, ports: [] - scripts/first-boot-containers.sh -p 8081:8080 - scripts/deploy-to-target.sh -p 8081:80 (de-facto) - scripts/deploy-tailscale.sh -p 8081:80 - scripts/container-specs.sh SPEC_PORTS=8081:80 Result: podman published host 8081 to container port 80, but no one was listening on 80 inside, so connections were reset. Canonicalize on container:80 with host:8081 publish, matching the three deploy paths already in agreement. Changes: - docker/lnd-ui/nginx.conf: listen 8081 -> listen 80 - docker/lnd-ui/Dockerfile: EXPOSE 8080 -> EXPOSE 80 - apps/lnd-ui/manifest.yml: replace host-network (never true) with bridge networking and explicit 8081:80 port mapping, correcting a documentation-vs-reality mismatch - scripts/first-boot-containers.sh: -p 8081:8080 -> -p 8081:80, and fix the internal-port comment Verified on .228 after rebuild: curl http://127.0.0.1:8081/ returns HTTP 200 and the /app/lnd/ host-nginx proxy resolves cleanly. 2026-04-23 15:42:49 -04:00			`network_policy: bridge`

			`# Bridge networking via archy-net. Container nginx listens on 80;`
chore(release): stage v1.7.52-alpha 2026-05-05 11:29:18 -04:00			`# host nginx proxies /app/lnd/ -> 127.0.0.1:18083 -> container:80.`
fix(lnd-ui): align container port across all specs The LND UI container was unreachable on .228 after the v1.7.43-alpha deploy because three sources of truth disagreed on which port nginx listens on inside the container: - docker/lnd-ui/nginx.conf listen 8081 - docker/lnd-ui/Dockerfile EXPOSE 8080 - apps/lnd-ui/manifest.yml host networking, ports: [] - scripts/first-boot-containers.sh -p 8081:8080 - scripts/deploy-to-target.sh -p 8081:80 (de-facto) - scripts/deploy-tailscale.sh -p 8081:80 - scripts/container-specs.sh SPEC_PORTS=8081:80 Result: podman published host 8081 to container port 80, but no one was listening on 80 inside, so connections were reset. Canonicalize on container:80 with host:8081 publish, matching the three deploy paths already in agreement. Changes: - docker/lnd-ui/nginx.conf: listen 8081 -> listen 80 - docker/lnd-ui/Dockerfile: EXPOSE 8080 -> EXPOSE 80 - apps/lnd-ui/manifest.yml: replace host-network (never true) with bridge networking and explicit 8081:80 port mapping, correcting a documentation-vs-reality mismatch - scripts/first-boot-containers.sh: -p 8081:8080 -> -p 8081:80, and fix the internal-port comment Verified on .228 after rebuild: curl http://127.0.0.1:8081/ returns HTTP 200 and the /app/lnd/ host-nginx proxy resolves cleanly. 2026-04-23 15:42:49 -04:00			`ports:`
chore(release): stage v1.7.52-alpha 2026-05-05 11:29:18 -04:00			`- host: 18083`
fix(lnd-ui): align container port across all specs The LND UI container was unreachable on .228 after the v1.7.43-alpha deploy because three sources of truth disagreed on which port nginx listens on inside the container: - docker/lnd-ui/nginx.conf listen 8081 - docker/lnd-ui/Dockerfile EXPOSE 8080 - apps/lnd-ui/manifest.yml host networking, ports: [] - scripts/first-boot-containers.sh -p 8081:8080 - scripts/deploy-to-target.sh -p 8081:80 (de-facto) - scripts/deploy-tailscale.sh -p 8081:80 - scripts/container-specs.sh SPEC_PORTS=8081:80 Result: podman published host 8081 to container port 80, but no one was listening on 80 inside, so connections were reset. Canonicalize on container:80 with host:8081 publish, matching the three deploy paths already in agreement. Changes: - docker/lnd-ui/nginx.conf: listen 8081 -> listen 80 - docker/lnd-ui/Dockerfile: EXPOSE 8080 -> EXPOSE 80 - apps/lnd-ui/manifest.yml: replace host-network (never true) with bridge networking and explicit 8081:80 port mapping, correcting a documentation-vs-reality mismatch - scripts/first-boot-containers.sh: -p 8081:8080 -> -p 8081:80, and fix the internal-port comment Verified on .228 after rebuild: curl http://127.0.0.1:8081/ returns HTTP 200 and the /app/lnd/ host-nginx proxy resolves cleanly. 2026-04-23 15:42:49 -04:00			`container: 80`
			`protocol: tcp`
feat(container): bitcoin-ui pre-start hook renders nginx.conf from embedded template Replaces the first-boot-containers.sh sed/envsubst approach with a Rust-native render step bound into the ContainerOrchestrator lifecycle. - New container::bitcoin_ui module: embeds the nginx.conf template via include_str!, reads the plaintext RPC password from /var/lib/archipelago/secrets/bitcoin-rpc-password, substitutes {{BITCOIN_RPC_AUTH}} with base64(archipelago:<password>), and atomic- writes (tmp + rename) to /var/lib/archipelago/bitcoin-ui/nginx.conf. Idempotent: byte-compares before writing so unchanged input is a no-op (no inode churn, no restart cascade). - ProdContainerOrchestrator gains run_pre_start_hooks(app_id) returning HookOutcome::{Rewritten, Unchanged}. Fires in install_fresh before create_container, and in ensure_running: on Running + Rewritten triggers a restart; on Stopped re-renders then starts. - bitcoin-ui Dockerfile no longer COPYs a default.conf; the file now arrives via runtime bind-mount of the rendered config. If the bind- mount is ever missing, nginx starts with no site configured and returns 404 everywhere — safe failure vs. serving upstream RPC with a stale Authorization header. - apps/{bitcoin,electrs,lnd}-ui/manifest.yml land as first-class manifests. bitcoin-ui declares the bind-mount target and a dependency on bitcoin-core; electrs-ui and lnd-ui declare their own deps and health checks. - 8 new unit tests on the render fn (idempotency, rotation, trimming, missing/empty secret, template invariants) plus an integration test asserting install(bitcoin-ui) actually lands a substituted nginx.conf on disk via the hook. 39/39 container:: tests pass (test_parse_image_versions pre-existing failure unchanged, out of scope). 2026-04-23 02:19:52 -04:00
			`volumes: []`

			`environment: []`

			`health_check:`
			`type: http`
chore(release): stage v1.7.52-alpha 2026-05-05 11:29:18 -04:00			`endpoint: http://127.0.0.1:18083`
feat(container): bitcoin-ui pre-start hook renders nginx.conf from embedded template Replaces the first-boot-containers.sh sed/envsubst approach with a Rust-native render step bound into the ContainerOrchestrator lifecycle. - New container::bitcoin_ui module: embeds the nginx.conf template via include_str!, reads the plaintext RPC password from /var/lib/archipelago/secrets/bitcoin-rpc-password, substitutes {{BITCOIN_RPC_AUTH}} with base64(archipelago:<password>), and atomic- writes (tmp + rename) to /var/lib/archipelago/bitcoin-ui/nginx.conf. Idempotent: byte-compares before writing so unchanged input is a no-op (no inode churn, no restart cascade). - ProdContainerOrchestrator gains run_pre_start_hooks(app_id) returning HookOutcome::{Rewritten, Unchanged}. Fires in install_fresh before create_container, and in ensure_running: on Running + Rewritten triggers a restart; on Stopped re-renders then starts. - bitcoin-ui Dockerfile no longer COPYs a default.conf; the file now arrives via runtime bind-mount of the rendered config. If the bind- mount is ever missing, nginx starts with no site configured and returns 404 everywhere — safe failure vs. serving upstream RPC with a stale Authorization header. - apps/{bitcoin,electrs,lnd}-ui/manifest.yml land as first-class manifests. bitcoin-ui declares the bind-mount target and a dependency on bitcoin-core; electrs-ui and lnd-ui declare their own deps and health checks. - 8 new unit tests on the render fn (idempotency, rotation, trimming, missing/empty secret, template invariants) plus an integration test asserting install(bitcoin-ui) actually lands a substituted nginx.conf on disk via the hook. 39/39 container:: tests pass (test_parse_image_versions pre-existing failure unchanged, out of scope). 2026-04-23 02:19:52 -04:00			`path: /`
			`interval: 30s`
			`timeout: 5s`
			`retries: 3`