fix: redirect container storage to LUKS encrypted partition

Container image pulls were filling the 29GB root partition (100% full
after 6 images). Now podman graphroot points to /var/lib/archipelago/
containers/storage on the 400GB+ LUKS encrypted data partition.

Added storage.conf with graphroot redirect + symlink for compat.
Also create containers/storage dir on encrypted partition during install.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

image-recipe/build-auto-installer-iso.sh

@@ -1440,15 +1440,24 @@ DIMMER=$'\033[38;5;238m'
 NC=$'\033[0m'
 BOLD=$'\033[1m'
 
-# Fixed left-margin layout (no more mixed centering)
-TW=$(tput cols 2>/dev/null || echo 60)
-[ "$TW" -gt 100 ] && TW=100
-PAD=$(( (TW - 50) / 2 ))
-[ "$PAD" -lt 0 ] && PAD=0
-PADS=$(printf "%*s" "$PAD" "")
+# Left-justified layout — 2-space indent, no centering
+PADS="  "
 
 p() { printf "%s%b\n" "$PADS" "$1"; }
-hrule() { local hr=""; for i in $(seq 1 48); do hr="${hr}*"; done; p "${ORANGE_DIM}${hr}${NC}"; }
+hrule() { local hr=""; for i in $(seq 1 48); do hr="${hr}─"; done; p "${ORANGE_DIM}${hr}${NC}"; }
+
+# Typewriter animation for key text
+typewrite() {
+    local text="$1" delay="${2:-0.02}"
+    printf "%s" "$PADS"
+    local i=0
+    while [ $i -lt ${#text} ]; do
+        printf "%s" "${text:$i:1}"
+        i=$((i + 1))
+        sleep "$delay"
+    done
+    printf "\n"
+}
 
 # Phase display
 STEP=0
@@ -1474,10 +1483,11 @@ spinner() {
 }
 
 clear
-echo -e "  ${ORANGE}▄▀█ █▀▄ █▀▀ █ █ █ █▀█ █▀▀ █   ▄▀█ █▀▀ █▀█${NC}"
-echo -e "  ${ORANGE}█▀█ █▀▄ █   █▀█ █ █▀▀ ██▀ █   █▀█ █ █ █ █${NC}"
-echo -e "  ${ORANGE}▀ ▀ ▀ ▀ ▀▀▀ ▀ ▀ ▀ ▀   ▀▀▀ ▀▀▀ ▀ ▀ ▀▀▀ ▀▀▀${NC}"
-echo -e "                              ${ORANGE_DIM}bitcoin node os${NC}"
+echo ""
+echo -e "${PADS}${ORANGE}▄▀█ █▀▄ █▀▀ █ █ █ █▀█ █▀▀ █   ▄▀█ █▀▀ █▀█${NC}"
+echo -e "${PADS}${ORANGE}█▀█ █▀▄ █   █▀█ █ █▀▀ ██▀ █   █▀█ █ █ █ █${NC}"
+echo -e "${PADS}${ORANGE}▀ ▀ ▀ ▀ ▀▀▀ ▀ ▀ ▀ ▀   ▀▀▀ ▀▀▀ ▀ ▀ ▀▀▀ ▀▀▀${NC}"
+typewrite "$(echo -e "${ORANGE_DIM}bitcoin node os${NC}")" 0.04
 echo ""
 
 # Check required tools are present (should be bundled in ISO)
@@ -1689,6 +1699,7 @@ mount /dev/mapper/archipelago-data /mnt/target/var/lib/archipelago
 
 # Recreate directory structure on encrypted partition
 mkdir -p /mnt/target/var/lib/archipelago/{data,config,containers,secrets,tor,identities,lnd}
+mkdir -p /mnt/target/var/lib/archipelago/containers/storage
 mkdir -p /mnt/target/var/lib/archipelago/data/cloud/{Documents,Photos,Music,Videos,Downloads}
 chown -R 1000:1000 /mnt/target/var/lib/archipelago
 
@@ -1722,6 +1733,18 @@ mkdir -p /mnt/target/home/archipelago/.local/share/containers
 mkdir -p /mnt/target/home/archipelago/.config/containers
 chown -R 1000:1000 /mnt/target/home/archipelago/.local
 
+# Redirect container storage to encrypted LUKS partition (not root filesystem)
+# Without this, pulling images fills the 29GB root partition
+cat > /mnt/target/home/archipelago/.config/containers/storage.conf <<'STORAGECONF'
+[storage]
+driver = "overlay"
+graphroot = "/var/lib/archipelago/containers/storage"
+runroot = "/run/user/1000/containers"
+STORAGECONF
+
+# Symlink for backward compat (some tools look in ~/.local/share/containers)
+ln -sf /var/lib/archipelago/containers/storage /mnt/target/home/archipelago/.local/share/containers/storage 2>/dev/null || true
+
 # Configure Archipelago app registry (HTTP, insecure)
 cat > /mnt/target/home/archipelago/.config/containers/registries.conf <<'REGCONF'
 [[registry]]
@@ -2535,10 +2558,7 @@ cryptsetup close archipelago-data 2>/dev/null || true
 umount /mnt/target 2>/dev/null || true
 
 echo ""
-echo -e "  ${ORANGE}▄▀█ █▀▄ █▀▀ █ █ █ █▀█ █▀▀ █   ▄▀█ █▀▀ █▀█${NC}"
-echo -e "  ${ORANGE}█▀█ █▀▄ █   █▀█ █ █▀▀ ██▀ █   █▀█ █ █ █ █${NC}"
-echo -e "  ${ORANGE}▀ ▀ ▀ ▀ ▀▀▀ ▀ ▀ ▀ ▀   ▀▀▀ ▀▀▀ ▀ ▀ ▀▀▀ ▀▀▀${NC}"
-echo -e "                              ${ORANGE_DIM}bitcoin node os${NC}"
+hrule
 echo ""
 p "${ORANGE_BRIGHT}  ✓ Installation Complete${NC}"
 echo ""