archy/apps/bitcoin-core/manifest.yml

app:
  id: bitcoin-core
  name: Bitcoin Knots
  version: 28.4.0
  description: Full Bitcoin Knots node with dynamic prune/full-mode startup based on host disk.

  container_name: bitcoin-knots

  container:
    image: 146.59.87.168:3000/lfg2025/bitcoin-knots:latest
    pull_policy: if-not-present
    network: archy-net
    entrypoint: ["sh", "-lc"]
    custom_args:
      # Sync-speed flags: -par=0 uses every core (was capped at 2 by
      # --cpus=2, now removed for bitcoin/electrumx). -dbcache sized to
      # the IBD sweet spot — 4GB on full nodes, 1GB on pruned. Container
      # --memory=8g (config.rs::get_memory_limit) leaves headroom for
      # mempool + connections.
      - >-
        if [ "${DISK_GB:-0}" -lt 1000 ]; then
          exec bitcoind -server=1 -prune=550 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=1024 -par=0 -maxconnections=125 -rpcuser="${BITCOIN_RPC_USER}" -rpcpassword="${BITCOIN_RPC_PASS}";
        else
          exec bitcoind -server=1 -txindex=1 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=4096 -par=0 -maxconnections=125 -rpcuser="${BITCOIN_RPC_USER}" -rpcpassword="${BITCOIN_RPC_PASS}";
        fi
    derived_env:
      - key: DISK_GB
        template: "{{DISK_GB}}"
    secret_env:
      - key: BITCOIN_RPC_PASS
        secret_file: bitcoin-rpc-password
    data_uid: "100101:100101"

  dependencies:
    - storage: 500Gi

  resources:
    cpu_limit: 0
    memory_limit: 4Gi
    disk_limit: 500Gi

  security:
    capabilities: [CHOWN, FOWNER, SETUID, SETGID, DAC_OVERRIDE]
    readonly_root: false
    network_policy: isolated

  ports:
    - host: 8332
      container: 8332
      protocol: tcp
    - host: 8333
      container: 8333
      protocol: tcp

  volumes:
    - type: bind
      source: /var/lib/archipelago/bitcoin
      target: /home/bitcoin/.bitcoin
      options: [rw]

  environment:
    - BITCOIN_RPC_USER=archipelago

  health_check:
    type: tcp
    endpoint: localhost:8332
    interval: 30s
    timeout: 5s
    retries: 3

  bitcoin_integration:
    rpc_access: admin
    sync_required: true
    testnet_support: false
    pruning_support: true
Initial commit 2026-01-24 22:01:51 +00:00			`app:`
			`id: bitcoin-core`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`name: Bitcoin Knots`
release(v1.7.35-alpha): rootless-netns self-heal + app update button + bitcoin-core 28.4 + Node DID unification - core/archipelago/src/bootstrap.rs (NEW): embed scripts/container-doctor.sh and image-recipe/configs/archipelago-doctor.{service,timer} via include_str! and sync to disk + enable the timer on every archipelago startup. Idempotent (content-hash compare), dev-box symlink guard keeps the git checkout untouched, best-effort (warn-only on failure) so bootstrap never blocks server readiness. Wired in main.rs as a background tokio task. - scripts/container-doctor.sh: add fix_rootless_netns_egress(). Detects when the rootless-netns has lost its pasta tap (container-to-container still works but outbound DNS/TCP fails) via an nsenter probe into aardvark-dns; with a two-probe 10s debounce to rule out transients and a host-precheck that bails out if the host itself is offline. When the rootless-netns is truly broken, does a graceful podman stop --all / start --all so pasta + aardvark-dns rebuild the netns from scratch. Bitcoin-knots and every other outbound container recover in one cycle. - core/archipelago/src/update.rs: host_sudo → pub(crate) so bootstrap.rs can reuse the existing systemd-run escape hatch. - apps/bitcoin-core/manifest.yml: bump app version 24.0.0 → 28.4.0 and image bitcoin/bitcoin:24.0 → bitcoin/bitcoin:28.4. Resources aligned with the real container-specs.sh large-disk tune (4 GiB memory cap, cpu_limit: 0 so bitcoind can run -par=auto across every core). - neode-ui/src/views/apps/AppCard.vue + Apps.vue: add an Update button + Updating spinner to every app card that has available-update set. Wires through serverStore.updatePackage(id) — the same RPC the detail view already calls. common.update / common.updating i18n keys added in en.json and es.json. - core/archipelago/src/identity_manager.rs: add create_from_signing_key() that mirrors an existing Ed25519 key as a manager-level identity with a deterministic id (`node-<pubkey16>`). Idempotent across restarts, gets the hex-SVG master avatar. - core/archipelago/src/server.rs: the auto-create path on first boot now mirrors the node's own signing_key (seed-derived on onboarded installs) as a "Node" identity instead of generating a random "Default" keypair. Once this ships, the DID on the Web5 DID Status card (via node.did RPC), the Node entry on the Identities page (via identity.list), and the DID used for peer-to-peer connects (via server_info.pubkey) all resolve to the same seed-derived pubkey. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-22 08:29:56 -04:00			`version: 28.4.0`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`description: Full Bitcoin Knots node with dynamic prune/full-mode startup based on host disk.`

			`container_name: bitcoin-knots`
release(v1.7.35-alpha): rootless-netns self-heal + app update button + bitcoin-core 28.4 + Node DID unification - core/archipelago/src/bootstrap.rs (NEW): embed scripts/container-doctor.sh and image-recipe/configs/archipelago-doctor.{service,timer} via include_str! and sync to disk + enable the timer on every archipelago startup. Idempotent (content-hash compare), dev-box symlink guard keeps the git checkout untouched, best-effort (warn-only on failure) so bootstrap never blocks server readiness. Wired in main.rs as a background tokio task. - scripts/container-doctor.sh: add fix_rootless_netns_egress(). Detects when the rootless-netns has lost its pasta tap (container-to-container still works but outbound DNS/TCP fails) via an nsenter probe into aardvark-dns; with a two-probe 10s debounce to rule out transients and a host-precheck that bails out if the host itself is offline. When the rootless-netns is truly broken, does a graceful podman stop --all / start --all so pasta + aardvark-dns rebuild the netns from scratch. Bitcoin-knots and every other outbound container recover in one cycle. - core/archipelago/src/update.rs: host_sudo → pub(crate) so bootstrap.rs can reuse the existing systemd-run escape hatch. - apps/bitcoin-core/manifest.yml: bump app version 24.0.0 → 28.4.0 and image bitcoin/bitcoin:24.0 → bitcoin/bitcoin:28.4. Resources aligned with the real container-specs.sh large-disk tune (4 GiB memory cap, cpu_limit: 0 so bitcoind can run -par=auto across every core). - neode-ui/src/views/apps/AppCard.vue + Apps.vue: add an Update button + Updating spinner to every app card that has available-update set. Wires through serverStore.updatePackage(id) — the same RPC the detail view already calls. common.update / common.updating i18n keys added in en.json and es.json. - core/archipelago/src/identity_manager.rs: add create_from_signing_key() that mirrors an existing Ed25519 key as a manager-level identity with a deterministic id (`node-<pubkey16>`). Idempotent across restarts, gets the hex-SVG master avatar. - core/archipelago/src/server.rs: the auto-create path on first boot now mirrors the node's own signing_key (seed-derived on onboarded installs) as a "Node" identity instead of generating a random "Default" keypair. Once this ships, the DID on the Web5 DID Status card (via node.did RPC), the Node entry on the Identities page (via identity.list), and the DID used for peer-to-peer connects (via server_info.pubkey) all resolve to the same seed-derived pubkey. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-22 08:29:56 -04:00
Initial commit 2026-01-24 22:01:51 +00:00			`container:`
chore: release v1.7.45-alpha Resilience-validated release. Three full sweeps of the new resilience harness against .228 confirm no shipstoppers. Big user-visible: - Bitcoin RPC auth durably correct via host-rendered nginx.conf bind-mount, replaces fragile post-start exec that failed under restricted-cap rootless podman ("crun: write cgroup.procs: Permission denied") - Multi-container stack installs (indeedhub, immich, btcpay, mempool) now emit phase events at every boundary so the progress bar advances - Apps no longer vanish from the dashboard mid-install (absent-scanner skips packages in transitional states) - Indeedhub fresh installs work end-to-end (was 8500+ restart loop): five missing env vars (DATABASE_PORT, QUEUE_HOST, QUEUE_PORT, S3_PRIVATE_BUCKET_NAME, AES_MASTER_SECRET) added to install code - Tailscale install fixed: --entrypoint string was being passed as a single shell-line arg; switched to custom_args array - Catalog cleaned of broken entries (dwn, endurain, ollama removed; nextcloud restored on docker.io) - Bitcoin Core update path uses correct image (was looking for nonexistent lfg2025/bitcoin:28.4) - ISO installs now allocate swap on the encrypted data partition Infra: - New resilience harness (scripts/resilience/) — black-box state-machine tester, every app × every transition. Run before each release. Sweep #3 final: PASS 107 / FAIL 12 / SKIP 14. The 12 fails are 1 cosmetic (homeassistant trusted_hosts), 8 harness/timing false-positives, and 3 non-shipstopper tracked items. Down from 23 in baseline sweep #1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-29 12:31:45 -04:00			`image: 146.59.87.168:3000/lfg2025/bitcoin-knots:latest`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`pull_policy: if-not-present`
			`network: archy-net`
			`entrypoint: ["sh", "-lc"]`
			`custom_args:`
chore: release v1.7.47-alpha Sync-perf tuning for bitcoin/bitcoin-core/bitcoin-knots/electrumx. - Drop the --cpus=2 cap on bitcoin/electrumx variants. Script verification is parallelizable; the cap halved IBD speed on 4-8 core machines. - Bump bitcoin --memory 4g→8g so dbcache=4096 has headroom for mempool + connection buffers + I/O. 4g was OOM-prone during heavy IBD. - Bump electrumx --memory 1g→2g + add CACHE_MB=2048 + MAX_SEND=10MB. - bitcoin-core CLI args gain -dbcache=4096 -par=0 -maxconnections=125. - bitcoin-knots manifest matched (1024MB pruned / 4096MB full + par=0). Future v2: host-RAM-aware dbcache scaling. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-29 15:47:51 -04:00			`# Sync-speed flags: -par=0 uses every core (was capped at 2 by`
			`# --cpus=2, now removed for bitcoin/electrumx). -dbcache sized to`
			`# the IBD sweet spot — 4GB on full nodes, 1GB on pruned. Container`
			`# --memory=8g (config.rs::get_memory_limit) leaves headroom for`
			`# mempool + connections.`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`- >-`
			`if [ "${DISK_GB:-0}" -lt 1000 ]; then`
chore: release v1.7.47-alpha Sync-perf tuning for bitcoin/bitcoin-core/bitcoin-knots/electrumx. - Drop the --cpus=2 cap on bitcoin/electrumx variants. Script verification is parallelizable; the cap halved IBD speed on 4-8 core machines. - Bump bitcoin --memory 4g→8g so dbcache=4096 has headroom for mempool + connection buffers + I/O. 4g was OOM-prone during heavy IBD. - Bump electrumx --memory 1g→2g + add CACHE_MB=2048 + MAX_SEND=10MB. - bitcoin-core CLI args gain -dbcache=4096 -par=0 -maxconnections=125. - bitcoin-knots manifest matched (1024MB pruned / 4096MB full + par=0). Future v2: host-RAM-aware dbcache scaling. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-29 15:47:51 -04:00			`exec bitcoind -server=1 -prune=550 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=1024 -par=0 -maxconnections=125 -rpcuser="${BITCOIN_RPC_USER}" -rpcpassword="${BITCOIN_RPC_PASS}";`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`else`
chore: release v1.7.47-alpha Sync-perf tuning for bitcoin/bitcoin-core/bitcoin-knots/electrumx. - Drop the --cpus=2 cap on bitcoin/electrumx variants. Script verification is parallelizable; the cap halved IBD speed on 4-8 core machines. - Bump bitcoin --memory 4g→8g so dbcache=4096 has headroom for mempool + connection buffers + I/O. 4g was OOM-prone during heavy IBD. - Bump electrumx --memory 1g→2g + add CACHE_MB=2048 + MAX_SEND=10MB. - bitcoin-core CLI args gain -dbcache=4096 -par=0 -maxconnections=125. - bitcoin-knots manifest matched (1024MB pruned / 4096MB full + par=0). Future v2: host-RAM-aware dbcache scaling. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-29 15:47:51 -04:00			`exec bitcoind -server=1 -txindex=1 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=4096 -par=0 -maxconnections=125 -rpcuser="${BITCOIN_RPC_USER}" -rpcpassword="${BITCOIN_RPC_PASS}";`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`fi`
			`derived_env:`
			`- key: DISK_GB`
			`template: "{{DISK_GB}}"`
			`secret_env:`
			`- key: BITCOIN_RPC_PASS`
			`secret_file: bitcoin-rpc-password`
			`data_uid: "100101:100101"`

Initial commit 2026-01-24 22:01:51 +00:00			`dependencies:`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`- storage: 500Gi`

Initial commit 2026-01-24 22:01:51 +00:00			`resources:`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`cpu_limit: 0`
			`memory_limit: 4Gi`
Initial commit 2026-01-24 22:01:51 +00:00			`disk_limit: 500Gi`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00
Initial commit 2026-01-24 22:01:51 +00:00			`security:`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`capabilities: [CHOWN, FOWNER, SETUID, SETGID, DAC_OVERRIDE]`
			`readonly_root: false`
Initial commit 2026-01-24 22:01:51 +00:00			`network_policy: isolated`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00
Initial commit 2026-01-24 22:01:51 +00:00			`ports:`
			`- host: 8332`
			`container: 8332`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`protocol: tcp`
Initial commit 2026-01-24 22:01:51 +00:00			`- host: 8333`
			`container: 8333`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`protocol: tcp`

Initial commit 2026-01-24 22:01:51 +00:00			`volumes:`
			`- type: bind`
			`source: /var/lib/archipelago/bitcoin`
			`target: /home/bitcoin/.bitcoin`
			`options: [rw]`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00
Initial commit 2026-01-24 22:01:51 +00:00			`environment:`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`- BITCOIN_RPC_USER=archipelago`

Initial commit 2026-01-24 22:01:51 +00:00			`health_check:`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`type: tcp`
			`endpoint: localhost:8332`
Initial commit 2026-01-24 22:01:51 +00:00			`interval: 30s`
			`timeout: 5s`
			`retries: 3`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00
Initial commit 2026-01-24 22:01:51 +00:00			`bitcoin_integration:`
			`rpc_access: admin`
			`sync_required: true`
feat(orchestrator): complete container migration and release hardening 2026-04-28 15:00:58 -04:00			`testnet_support: false`
Initial commit 2026-01-24 22:01:51 +00:00			`pruning_support: true`