From 3ee5dd67152de13a8b839723bfeba72ee9998c63 Mon Sep 17 00:00:00 2001 From: Dorian Date: Wed, 8 Apr 2026 17:48:38 +0200 Subject: [PATCH] fix: nostr-vpn crash-loop on fresh install, relay config lost on LUKS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two issues on fresh ISO install: 1. nostr-vpn.service was enabled in rootfs but env file doesn't exist until first-boot generates Nostr identity — crash-loop on boot. Now only enabled by first-boot-containers.sh after identity exists. 2. LUKS encrypted partition mounts over /var/lib/archipelago/, hiding the relay config.toml the Dockerfile put there. Now copies relay config and creates nostr-relay/nostr-vpn dirs on the LUKS partition. Co-Authored-By: Claude Opus 4.6 --- image-recipe/build-auto-installer-iso.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh index 6ed083a1..31137efd 100755 --- a/image-recipe/build-auto-installer-iso.sh +++ b/image-recipe/build-auto-installer-iso.sh @@ -398,9 +398,9 @@ RUN systemctl enable NetworkManager || true && \ systemctl enable archipelago-doctor.timer || true && \ systemctl enable archipelago-reconcile.timer || true && \ systemctl enable archipelago-tor-helper.path || true && \ - systemctl enable nostr-relay || true && \ - systemctl enable nostr-vpn || true && \ - systemctl enable archipelago-wg-address || true + systemctl enable nostr-relay || true +# nostr-vpn and wg-address are enabled by first-boot after Nostr identity is generated +# (env file doesn't exist until onboarding, so pre-enabling causes crash-loop) # Remove policy-rc.d so services can start on first boot RUN rm -f /usr/sbin/policy-rc.d @@ -1965,9 +1965,13 @@ mkdir -p /mnt/target/var/lib/archipelago mount /dev/mapper/archipelago-data /mnt/target/var/lib/archipelago # Recreate directory structure on encrypted partition -mkdir -p /mnt/target/var/lib/archipelago/{data,config,containers,secrets,tor,identities,lnd} +mkdir -p /mnt/target/var/lib/archipelago/{data,config,containers,secrets,tor,identities,lnd,nostr-relay,nostr-vpn} mkdir -p /mnt/target/var/lib/archipelago/containers/storage mkdir -p /mnt/target/var/lib/archipelago/data/cloud/{Documents,Photos,Music,Videos,Downloads} +# Copy relay config from rootfs (LUKS mount hides what the Dockerfile put there) +if [ -f /mnt/target/etc/archipelago/nostr-relay-config.toml ]; then + cp /mnt/target/etc/archipelago/nostr-relay-config.toml /mnt/target/var/lib/archipelago/nostr-relay/config.toml +fi chown -R 1000:1000 /mnt/target/var/lib/archipelago echo " ✅ Data partition encrypted with LUKS2 ($LUKS_CIPHER)"