Compare commits
No commits in common. "main" and "v1.7.99-alpha" have entirely different histories.
main
...
v1.7.99-al
@ -7,14 +7,6 @@
|
|||||||
# Allow demo assets (AIUI pre-built dist)
|
# Allow demo assets (AIUI pre-built dist)
|
||||||
!demo/
|
!demo/
|
||||||
|
|
||||||
# Allow the Bitcoin UI + ElectrumX UI mock shells (served from /docker/*)
|
|
||||||
!docker/
|
|
||||||
docker/*
|
|
||||||
!docker/bitcoin-ui/
|
|
||||||
!docker/electrs-ui/
|
|
||||||
!docker/lnd-ui/
|
|
||||||
!docker/fedimint-ui/
|
|
||||||
|
|
||||||
# Allow backend source for ISO source builds
|
# Allow backend source for ISO source builds
|
||||||
!core/
|
!core/
|
||||||
!scripts/
|
!scripts/
|
||||||
|
|||||||
@ -1,51 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
# Keep the served companion APK in sync with main on every push.
|
|
||||||
#
|
|
||||||
# When a push to main includes Android changes, rebuild the APK, refresh
|
|
||||||
# neode-ui/public/packages/archipelago-companion.apk, commit it, and ask
|
|
||||||
# you to push again (so the refreshed APK rides along in the same push).
|
|
||||||
#
|
|
||||||
# Enable once per clone: git config core.hooksPath .githooks
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
ROOT="$(git rev-parse --show-toplevel)"
|
|
||||||
cd "$ROOT"
|
|
||||||
|
|
||||||
# ship-companion.sh already (re)published the APK for this push — don't redo it.
|
|
||||||
[ -n "${SHIP_COMPANION:-}" ] && exit 0
|
|
||||||
|
|
||||||
PUSH_MAIN=0; RANGE_OLD=""; RANGE_NEW=""
|
|
||||||
while read -r _local_ref local_sha remote_ref remote_sha; do
|
|
||||||
if [ "${remote_ref##*/}" = "main" ]; then
|
|
||||||
PUSH_MAIN=1; RANGE_OLD="$remote_sha"; RANGE_NEW="$local_sha"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
[ "$PUSH_MAIN" = "1" ] || exit 0
|
|
||||||
|
|
||||||
# Loop-break: if the tip is already the auto APK commit, let the push proceed.
|
|
||||||
case "$(git log -1 --pretty=%s)" in
|
|
||||||
*"companion APK"*) exit 0 ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Only rebuild when this push actually touches the Android app.
|
|
||||||
ZEROS="0000000000000000000000000000000000000000"
|
|
||||||
if [ -z "$RANGE_OLD" ] || [ "$RANGE_OLD" = "$ZEROS" ]; then
|
|
||||||
ANDROID_CHANGED=1
|
|
||||||
elif git diff --quiet "$RANGE_OLD" "$RANGE_NEW" -- Android/ 2>/dev/null; then
|
|
||||||
ANDROID_CHANGED=0
|
|
||||||
else
|
|
||||||
ANDROID_CHANGED=1
|
|
||||||
fi
|
|
||||||
[ "$ANDROID_CHANGED" = "1" ] || exit 0
|
|
||||||
|
|
||||||
bash scripts/publish-companion-apk.sh || exit 0
|
|
||||||
|
|
||||||
DEST="neode-ui/public/packages/archipelago-companion.apk"
|
|
||||||
if git diff --cached --quiet -- "$DEST"; then
|
|
||||||
exit 0 # APK unchanged — nothing to do
|
|
||||||
fi
|
|
||||||
|
|
||||||
git commit -q -m "chore(android): update companion APK download [skip ci]"
|
|
||||||
echo "" >&2
|
|
||||||
echo "▶ Companion APK rebuilt and committed. Run your push again to include it." >&2
|
|
||||||
exit 1
|
|
||||||
67
.github/workflows/demo-images.yml
vendored
67
.github/workflows/demo-images.yml
vendored
@ -1,67 +0,0 @@
|
|||||||
name: Demo images
|
|
||||||
|
|
||||||
# Builds and pushes the public-demo images on every change to the UI / mock
|
|
||||||
# backend, so the separated `archy-demo` Portainer stack auto-tracks the real
|
|
||||||
# code (see demo-deploy/ and docs/demo-deployment-design.md).
|
|
||||||
#
|
|
||||||
# Required repo configuration:
|
|
||||||
# vars.DEMO_REGISTRY e.g. 146.59.87.168:3000/lfg2025
|
|
||||||
# secrets.DEMO_REGISTRY_USER
|
|
||||||
# secrets.DEMO_REGISTRY_TOKEN
|
|
||||||
# Optional:
|
|
||||||
# secrets.PORTAINER_WEBHOOK redeploy hook called after a successful push
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches: [main]
|
|
||||||
paths:
|
|
||||||
- 'neode-ui/**'
|
|
||||||
- 'docker-compose.demo.yml'
|
|
||||||
- '.github/workflows/demo-images.yml'
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
name: Build & push demo images
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
# Skip cleanly on forks / before registry config is set.
|
|
||||||
if: ${{ vars.DEMO_REGISTRY != '' }}
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v3
|
|
||||||
|
|
||||||
- name: Log in to registry
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
registry: ${{ vars.DEMO_REGISTRY_HOST || vars.DEMO_REGISTRY }}
|
|
||||||
username: ${{ secrets.DEMO_REGISTRY_USER }}
|
|
||||||
password: ${{ secrets.DEMO_REGISTRY_TOKEN }}
|
|
||||||
|
|
||||||
- name: Build & push backend
|
|
||||||
uses: docker/build-push-action@v6
|
|
||||||
with:
|
|
||||||
context: .
|
|
||||||
file: neode-ui/Dockerfile.backend
|
|
||||||
push: true
|
|
||||||
tags: |
|
|
||||||
${{ vars.DEMO_REGISTRY }}/archy-demo-backend:demo
|
|
||||||
${{ vars.DEMO_REGISTRY }}/archy-demo-backend:${{ github.sha }}
|
|
||||||
|
|
||||||
- name: Build & push web
|
|
||||||
uses: docker/build-push-action@v6
|
|
||||||
with:
|
|
||||||
context: .
|
|
||||||
file: neode-ui/Dockerfile.web
|
|
||||||
push: true
|
|
||||||
build-args: |
|
|
||||||
VITE_DEMO=1
|
|
||||||
tags: |
|
|
||||||
${{ vars.DEMO_REGISTRY }}/archy-demo-web:demo
|
|
||||||
${{ vars.DEMO_REGISTRY }}/archy-demo-web:${{ github.sha }}
|
|
||||||
|
|
||||||
- name: Trigger Portainer redeploy
|
|
||||||
if: ${{ success() && secrets.PORTAINER_WEBHOOK != '' }}
|
|
||||||
run: curl -fsS -X POST "${{ secrets.PORTAINER_WEBHOOK }}"
|
|
||||||
5
Android/.gitignore
vendored
5
Android/.gitignore
vendored
@ -14,8 +14,3 @@ local.properties
|
|||||||
*.aab
|
*.aab
|
||||||
*.jks
|
*.jks
|
||||||
*.keystore
|
*.keystore
|
||||||
# Exception: the repo-dedicated *debug* keystore is committed on purpose so every
|
|
||||||
# machine (and the published companion download) signs debug builds identically —
|
|
||||||
# updates then install over the top without an uninstall. Debug keys are not
|
|
||||||
# secret (well-known password "android"); never commit a real release keystore.
|
|
||||||
!/app/debug.keystore
|
|
||||||
|
|||||||
@ -1,94 +0,0 @@
|
|||||||
# Companion App — Build, Ship & "App Not Installed" Runbook
|
|
||||||
|
|
||||||
Canonical procedure for releasing the Archipelago Companion Android app and for
|
|
||||||
debugging install failures. Read this before touching the companion release flow.
|
|
||||||
Hard lessons from 2026-06-26 are baked in below — don't relearn them.
|
|
||||||
|
|
||||||
## Ship the companion (the only sanctioned way)
|
|
||||||
|
|
||||||
```bash
|
|
||||||
./Android/ship-companion.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
This calls `scripts/publish-companion-apk.sh` (the single source of truth, also
|
|
||||||
used by the `.githooks/pre-push` hook), which:
|
|
||||||
|
|
||||||
1. **Removes/rejects resource dirs whose names contain spaces.** Empty stray
|
|
||||||
`mipmap-* NNN` dirs (left by icon-export tools) break a *clean* build with
|
|
||||||
`Invalid resource directory name`. Incremental builds hide them — clean builds
|
|
||||||
don't.
|
|
||||||
2. **Always does a CLEAN build** (`:app:clean :app:assembleDebug`).
|
|
||||||
3. **Forces v1 + v2 + v3 signing** via `zipalign` + `apksigner`.
|
|
||||||
4. **Verifies all three schemes** (`apksigner verify --min-sdk-version 21`) and
|
|
||||||
**aborts** if any is missing.
|
|
||||||
5. Stages the signed APK at `neode-ui/public/packages/archipelago-companion.apk`,
|
|
||||||
commits, and pushes with `SHIP_COMPANION=1` (the sanctioned pre-push bypass).
|
|
||||||
|
|
||||||
**Never** hand-roll `gradlew assembleDebug` + `cp` to the served path. That path
|
|
||||||
skips the clean build and the signature enforcement and is exactly how a broken
|
|
||||||
APK shipped.
|
|
||||||
|
|
||||||
### Bump the version first
|
|
||||||
Edit `Android/app/build.gradle.kts` — `versionCode` (must strictly increase) and
|
|
||||||
`versionName`. The committed value can drift AHEAD of what's actually built into
|
|
||||||
the served APK, so verify the served APK's real version after shipping:
|
|
||||||
`aapt2 dump badging neode-ui/public/packages/archipelago-companion.apk | grep version`.
|
|
||||||
|
|
||||||
## Signing facts (important)
|
|
||||||
|
|
||||||
- Debug builds are signed with the **committed** `Android/app/debug.keystore`
|
|
||||||
(store/key pass `android`, alias `androiddebugkey`) so every machine and the
|
|
||||||
served download share ONE signing key. Cert SHA-256: `D6:22:E0:7E:…:66:4D`.
|
|
||||||
- **AGP silently ignores `enableV1Signing = true` for `minSdk ≥ 24`**, so a plain
|
|
||||||
gradle build produces a **v2-only** APK. The `apksigner` step in the publish
|
|
||||||
script is what actually guarantees v1+v2+v3 — do not remove it.
|
|
||||||
- **Changing the signing key forces every existing install to be uninstalled
|
|
||||||
once.** Android blocks in-place upgrades across different signatures. Treat the
|
|
||||||
keystore as permanent; never regenerate it casually.
|
|
||||||
|
|
||||||
## Debugging "App Not Installed" — DIAGNOSE FIRST
|
|
||||||
|
|
||||||
Do **not** theorize about signing schemes / OEM quirks. Get the real reason:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
adb install ~/Desktop/archipelago-companion-<ver>.apk
|
|
||||||
# -> Failure [INSTALL_FAILED_<REASON>: ...]
|
|
||||||
```
|
|
||||||
|
|
||||||
Map the reason:
|
|
||||||
|
|
||||||
| `INSTALL_FAILED_*` | Cause | Fix |
|
|
||||||
|---|---|---|
|
|
||||||
| `UPDATE_INCOMPATIBLE … signatures do not match` | Old install signed with a **different key** (e.g. pre-shared-keystore per-machine key `58:31:12…`). | Uninstall the old package, then install. **One-time** per device after a key change. |
|
|
||||||
| `INVALID_APK` / parse error | Corrupt/incomplete download or bad signing. | Re-download; re-run the publish script. |
|
|
||||||
| `INSUFFICIENT_STORAGE` | Storage. | Free space. |
|
|
||||||
| `OLDER_SDK` | Device below `minSdk` (26 = Android 8.0). | Unsupported device. |
|
|
||||||
|
|
||||||
> A manual uninstall on the phone may NOT clear `UPDATE_INCOMPATIBLE` if the
|
|
||||||
> package is registered under another user/profile — `pm path <pkg>` under user 0
|
|
||||||
> can show nothing while the conflict persists. `adb uninstall <pkg>` clears it
|
|
||||||
> across all users.
|
|
||||||
|
|
||||||
## Phone / adb safety (non-negotiable)
|
|
||||||
|
|
||||||
When acting on the user's physical phone, be surgical — the user once had all
|
|
||||||
home-screen app layouts wiped by an over-broad action.
|
|
||||||
|
|
||||||
- Default to **read-only** adb (`devices`, `getprop`, `pm path/list`, `dumpsys`).
|
|
||||||
- Mutations (`adb install`, `adb uninstall com.archipelago.app.debug`) only with
|
|
||||||
explicit go-ahead and **scoped to our exact package** — echo it first.
|
|
||||||
- **Never** run launcher/system resets: no `pm clear` on launchers, no
|
|
||||||
`reset-permissions`, no factory wipe, no uninstalling apps you didn't build.
|
|
||||||
|
|
||||||
## Verify the published download after shipping
|
|
||||||
|
|
||||||
The download served to nodes is Gitea raw-on-main. Confirm the live bytes match
|
|
||||||
what you built and signed:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
SERVED=neode-ui/public/packages/archipelago-companion.apk
|
|
||||||
URL=http://146.59.87.168:3000/lfg2025/archy/raw/branch/main/$SERVED
|
|
||||||
curl -sS -o /tmp/live.apk "$URL"
|
|
||||||
shasum -a 256 "$SERVED" /tmp/live.apk # must match
|
|
||||||
apksigner verify -v --min-sdk-version 21 /tmp/live.apk | grep -i "scheme" # v1/v2/v3 = true
|
|
||||||
```
|
|
||||||
@ -11,41 +11,15 @@ android {
|
|||||||
applicationId = "com.archipelago.app"
|
applicationId = "com.archipelago.app"
|
||||||
minSdk = 26
|
minSdk = 26
|
||||||
targetSdk = 35
|
targetSdk = 35
|
||||||
versionCode = 16
|
versionCode = 6
|
||||||
versionName = "0.4.12"
|
versionName = "0.4.2"
|
||||||
|
|
||||||
vectorDrawables {
|
vectorDrawables {
|
||||||
useSupportLibrary = true
|
useSupportLibrary = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
signingConfigs {
|
|
||||||
// Repo-dedicated debug keystore (committed at app/debug.keystore) so every
|
|
||||||
// machine — and the published companion download — signs debug builds with
|
|
||||||
// the SAME key. Without this, Gradle falls back to each machine's
|
|
||||||
// ~/.android/debug.keystore, so a build from a different machine has a
|
|
||||||
// different signature and the phone rejects the update ("App not installed").
|
|
||||||
getByName("debug") {
|
|
||||||
storeFile = file("debug.keystore")
|
|
||||||
storePassword = "android"
|
|
||||||
keyAlias = "androiddebugkey"
|
|
||||||
keyPassword = "android"
|
|
||||||
// Force both legacy JAR (v1) and APK Signature Scheme v2. AGP drops v1
|
|
||||||
// for minSdk>=24, but some OEM package installers (e.g. Samsung) reject
|
|
||||||
// a v2-only sideload with "App not installed" — keep v1 for max compat.
|
|
||||||
enableV1Signing = true
|
|
||||||
enableV2Signing = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
buildTypes {
|
buildTypes {
|
||||||
debug {
|
|
||||||
// Separate app ID so a debug/test build installs alongside the
|
|
||||||
// release app instead of colliding on signature.
|
|
||||||
applicationIdSuffix = ".debug"
|
|
||||||
versionNameSuffix = "-debug"
|
|
||||||
signingConfig = signingConfigs.getByName("debug")
|
|
||||||
}
|
|
||||||
release {
|
release {
|
||||||
isMinifyEnabled = true
|
isMinifyEnabled = true
|
||||||
isShrinkResources = true
|
isShrinkResources = true
|
||||||
|
|||||||
Binary file not shown.
@ -18,11 +18,7 @@ data class ServerEntry(
|
|||||||
val useHttps: Boolean,
|
val useHttps: Boolean,
|
||||||
val port: String = "",
|
val port: String = "",
|
||||||
val password: String = "",
|
val password: String = "",
|
||||||
val name: String = "",
|
|
||||||
) {
|
) {
|
||||||
/** Label to show in lists — the user-given name, or the address if unnamed. */
|
|
||||||
fun displayName(): String = name.ifBlank { address }
|
|
||||||
|
|
||||||
fun toUrl(): String {
|
fun toUrl(): String {
|
||||||
val scheme = if (useHttps) "https" else "http"
|
val scheme = if (useHttps) "https" else "http"
|
||||||
val portSuffix = if (port.isNotBlank()) ":$port" else ""
|
val portSuffix = if (port.isNotBlank()) ":$port" else ""
|
||||||
@ -35,9 +31,7 @@ data class ServerEntry(
|
|||||||
return "$scheme://$address$portSuffix"
|
return "$scheme://$address$portSuffix"
|
||||||
}
|
}
|
||||||
|
|
||||||
// name is the trailing field so entries saved before naming existed
|
fun serialize(): String = "$address|$useHttps|$port|$password"
|
||||||
// (4 fields) still deserialize, with name defaulting to "".
|
|
||||||
fun serialize(): String = "$address|$useHttps|$port|$password|$name"
|
|
||||||
|
|
||||||
companion object {
|
companion object {
|
||||||
fun deserialize(raw: String): ServerEntry? {
|
fun deserialize(raw: String): ServerEntry? {
|
||||||
@ -48,7 +42,6 @@ data class ServerEntry(
|
|||||||
useHttps = parts[1].toBooleanStrictOrNull() ?: false,
|
useHttps = parts[1].toBooleanStrictOrNull() ?: false,
|
||||||
port = parts.getOrElse(2) { "" },
|
port = parts.getOrElse(2) { "" },
|
||||||
password = parts.getOrElse(3) { "" },
|
password = parts.getOrElse(3) { "" },
|
||||||
name = parts.getOrElse(4) { "" },
|
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -60,7 +53,6 @@ class ServerPreferences(private val context: Context) {
|
|||||||
private val activeHttpsKey = booleanPreferencesKey("active_https")
|
private val activeHttpsKey = booleanPreferencesKey("active_https")
|
||||||
private val activePortKey = stringPreferencesKey("active_port")
|
private val activePortKey = stringPreferencesKey("active_port")
|
||||||
private val activePasswordKey = stringPreferencesKey("active_password")
|
private val activePasswordKey = stringPreferencesKey("active_password")
|
||||||
private val activeNameKey = stringPreferencesKey("active_name")
|
|
||||||
private val savedServersKey = stringSetPreferencesKey("saved_servers")
|
private val savedServersKey = stringSetPreferencesKey("saved_servers")
|
||||||
private val introSeenKey = booleanPreferencesKey("intro_seen")
|
private val introSeenKey = booleanPreferencesKey("intro_seen")
|
||||||
|
|
||||||
@ -71,7 +63,6 @@ class ServerPreferences(private val context: Context) {
|
|||||||
useHttps = prefs[activeHttpsKey] ?: false,
|
useHttps = prefs[activeHttpsKey] ?: false,
|
||||||
port = prefs[activePortKey] ?: "",
|
port = prefs[activePortKey] ?: "",
|
||||||
password = prefs[activePasswordKey] ?: "",
|
password = prefs[activePasswordKey] ?: "",
|
||||||
name = prefs[activeNameKey] ?: "",
|
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -90,7 +81,6 @@ class ServerPreferences(private val context: Context) {
|
|||||||
prefs[activeHttpsKey] = server.useHttps
|
prefs[activeHttpsKey] = server.useHttps
|
||||||
prefs[activePortKey] = server.port
|
prefs[activePortKey] = server.port
|
||||||
prefs[activePasswordKey] = server.password
|
prefs[activePasswordKey] = server.password
|
||||||
prefs[activeNameKey] = server.name
|
|
||||||
}
|
}
|
||||||
addSavedServer(server)
|
addSavedServer(server)
|
||||||
}
|
}
|
||||||
@ -101,7 +91,6 @@ class ServerPreferences(private val context: Context) {
|
|||||||
prefs.remove(activeHttpsKey)
|
prefs.remove(activeHttpsKey)
|
||||||
prefs.remove(activePortKey)
|
prefs.remove(activePortKey)
|
||||||
prefs.remove(activePasswordKey)
|
prefs.remove(activePasswordKey)
|
||||||
prefs.remove(activeNameKey)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -112,50 +101,10 @@ class ServerPreferences(private val context: Context) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Replace a saved server in place. Matches the existing entry by connection
|
|
||||||
* identity (address/port/scheme) so edits that change the name or password —
|
|
||||||
* or that touch a legacy 4-field entry — still update the right record. If the
|
|
||||||
* edited server is also the active one, the active record is kept in sync.
|
|
||||||
*/
|
|
||||||
suspend fun updateSavedServer(original: ServerEntry, updated: ServerEntry) {
|
|
||||||
context.dataStore.edit { prefs ->
|
|
||||||
val current = prefs[savedServersKey] ?: emptySet()
|
|
||||||
val filtered = current.filterNot { raw ->
|
|
||||||
val e = ServerEntry.deserialize(raw)
|
|
||||||
e != null &&
|
|
||||||
e.address == original.address &&
|
|
||||||
e.port == original.port &&
|
|
||||||
e.useHttps == original.useHttps
|
|
||||||
}.toSet()
|
|
||||||
prefs[savedServersKey] = filtered + updated.serialize()
|
|
||||||
|
|
||||||
val isActive = prefs[activeAddressKey] == original.address &&
|
|
||||||
(prefs[activePortKey] ?: "") == original.port &&
|
|
||||||
(prefs[activeHttpsKey] ?: false) == original.useHttps
|
|
||||||
if (isActive) {
|
|
||||||
prefs[activeAddressKey] = updated.address
|
|
||||||
prefs[activeHttpsKey] = updated.useHttps
|
|
||||||
prefs[activePortKey] = updated.port
|
|
||||||
prefs[activePasswordKey] = updated.password
|
|
||||||
prefs[activeNameKey] = updated.name
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
suspend fun removeSavedServer(server: ServerEntry) {
|
suspend fun removeSavedServer(server: ServerEntry) {
|
||||||
context.dataStore.edit { prefs ->
|
context.dataStore.edit { prefs ->
|
||||||
val current = prefs[savedServersKey] ?: emptySet()
|
val current = prefs[savedServersKey] ?: emptySet()
|
||||||
// Match by connection identity (address/port/scheme) rather than the
|
prefs[savedServersKey] = current - server.serialize()
|
||||||
// exact serialized string, so a rename — or the legacy 4-field format
|
|
||||||
// saved before names existed — still removes the right entry.
|
|
||||||
prefs[savedServersKey] = current.filterNot { raw ->
|
|
||||||
val e = ServerEntry.deserialize(raw)
|
|
||||||
e != null &&
|
|
||||||
e.address == server.address &&
|
|
||||||
e.port == server.port &&
|
|
||||||
e.useHttps == server.useHttps
|
|
||||||
}.toSet()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -108,9 +108,7 @@ private fun Btn(icon: ImageVector, key: String, onDir: (String) -> Unit) {
|
|||||||
.pointerInput(key) {
|
.pointerInput(key) {
|
||||||
detectTapGestures(onPress = {
|
detectTapGestures(onPress = {
|
||||||
p = true; onDir(key)
|
p = true; onDir(key)
|
||||||
// 500ms initial delay so a normal tap sends one key, not two
|
job = scope.launch { delay(350); while (true) { onDir(key); delay(100) } }
|
||||||
// (a touch tap often exceeds 350ms → doubled nav sound).
|
|
||||||
job = scope.launch { delay(500); while (true) { onDir(key); delay(100) } }
|
|
||||||
tryAwaitRelease(); p = false; job?.cancel()
|
tryAwaitRelease(); p = false; job?.cancel()
|
||||||
})
|
})
|
||||||
},
|
},
|
||||||
|
|||||||
@ -83,16 +83,13 @@ val ClassicPalette = NESPalette(
|
|||||||
inlayBg = Color(0xFF080808), inlayBorder = Color(0xFF999999),
|
inlayBg = Color(0xFF080808), inlayBorder = Color(0xFF999999),
|
||||||
)
|
)
|
||||||
|
|
||||||
// Glassmorphism-black (OS design): translucent dark surfaces so the backdrop
|
|
||||||
// shows through the controller, subtle white-alpha borders, translucent-white
|
|
||||||
// buttons. Accents come from each button's ring.
|
|
||||||
val DarkPalette = NESPalette(
|
val DarkPalette = NESPalette(
|
||||||
body = Color(0xA6121216), face = Color(0x8C0E0E12), ridge = Color(0x14FFFFFF),
|
body = NES.DarkBody, face = NES.DarkFace, ridge = NES.DarkRidge,
|
||||||
label = Color(0xFF9A9A9A), labelMuted = Color(0xFF777777),
|
label = NES.DarkLabel, labelMuted = NES.DarkLabelMuted,
|
||||||
dpad = Color(0xFF202024), dpadHi = Color(0xFF33333A),
|
dpad = Color(0xFF080808), dpadHi = Color(0xFF141418),
|
||||||
btn = Color(0x14FFFFFF), btnPress = Color(0x0AFFFFFF),
|
btn = NES.DarkButtonMain, btnPress = NES.DarkButtonMainPress,
|
||||||
capsule = Color(0x12FFFFFF), capsulePress = Color(0x08FFFFFF),
|
capsule = Color(0xFF121216), capsulePress = Color(0xFF0A0A0C),
|
||||||
inlayBg = Color(0x990A0A0A), inlayBorder = Color(0x1FFFFFFF),
|
inlayBg = Color(0xFF060608), inlayBorder = Color(0xFF444448),
|
||||||
)
|
)
|
||||||
|
|
||||||
fun paletteFor(style: ControllerStyle) = if (style == ControllerStyle.CLASSIC) ClassicPalette else DarkPalette
|
fun paletteFor(style: ControllerStyle) = if (style == ControllerStyle.CLASSIC) ClassicPalette else DarkPalette
|
||||||
@ -116,10 +113,20 @@ fun NESController(
|
|||||||
Box(
|
Box(
|
||||||
modifier = modifier
|
modifier = modifier
|
||||||
.fillMaxSize()
|
.fillMaxSize()
|
||||||
|
.background(Color(0xFF0C0C0C)) // Slightly lighter than black for shadow visibility
|
||||||
.twoFingerHold(onMenu)
|
.twoFingerHold(onMenu)
|
||||||
.padding(horizontal = 40.dp, vertical = 24.dp),
|
.padding(horizontal = 40.dp, vertical = 24.dp),
|
||||||
contentAlignment = Alignment.Center,
|
contentAlignment = Alignment.Center,
|
||||||
) {
|
) {
|
||||||
|
// Shadow platform
|
||||||
|
Box(
|
||||||
|
modifier = Modifier
|
||||||
|
.fillMaxWidth(0.86f)
|
||||||
|
.aspectRatio(2.3f)
|
||||||
|
.padding(top = 6.dp)
|
||||||
|
.clip(RoundedCornerShape(18.dp))
|
||||||
|
.background(Color(0xFF000000)),
|
||||||
|
)
|
||||||
// Controller body
|
// Controller body
|
||||||
Box(
|
Box(
|
||||||
Modifier
|
Modifier
|
||||||
@ -128,7 +135,7 @@ fun NESController(
|
|||||||
.shadow(32.dp, RoundedCornerShape(16.dp), ambientColor = Color(0xFF000000), spotColor = Color(0xFF000000))
|
.shadow(32.dp, RoundedCornerShape(16.dp), ambientColor = Color(0xFF000000), spotColor = Color(0xFF000000))
|
||||||
.clip(RoundedCornerShape(16.dp))
|
.clip(RoundedCornerShape(16.dp))
|
||||||
.background(
|
.background(
|
||||||
Brush.verticalGradient(listOf(c.body, c.body))
|
Brush.verticalGradient(listOf(c.body, c.body.copy(alpha = 0.95f)))
|
||||||
)
|
)
|
||||||
.border(1.dp, Color.White.copy(alpha = if (isClassic) 0.08f else 0.04f), RoundedCornerShape(16.dp)),
|
.border(1.dp, Color.White.copy(alpha = if (isClassic) 0.08f else 0.04f), RoundedCornerShape(16.dp)),
|
||||||
) {
|
) {
|
||||||
@ -186,13 +193,13 @@ fun NESController(
|
|||||||
horizontalAlignment = Alignment.CenterHorizontally,
|
horizontalAlignment = Alignment.CenterHorizontally,
|
||||||
verticalArrangement = Arrangement.Center,
|
verticalArrangement = Arrangement.Center,
|
||||||
) {
|
) {
|
||||||
// C on top
|
// C on top (white)
|
||||||
GlassFaceBtn("C", Color(0xFFBBBBBB), 44.dp) { onKey("c") }
|
ColorBtn(Color(0xFF888888), Color(0xFFAAAAAA), 44.dp) { onKey("c") }
|
||||||
Spacer(Modifier.height(6.dp))
|
Spacer(Modifier.height(6.dp))
|
||||||
// B + A on bottom row
|
// B + A on bottom row
|
||||||
Row(horizontalArrangement = Arrangement.spacedBy(12.dp)) {
|
Row(horizontalArrangement = Arrangement.spacedBy(12.dp)) {
|
||||||
GlassFaceBtn("B", Color(0xFF60A5FA), 44.dp) { onKey("b") }
|
ColorBtn(Color(0xFF3B82F6), Color(0xFF60A5FA), 44.dp) { onKey("b") }
|
||||||
GlassFaceBtn("A", Color(0xFFF7931A), 44.dp) { onKey("a") }
|
ColorBtn(Color(0xFFEA580C), Color(0xFFFB923C), 44.dp) { onKey("a") }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -257,9 +264,7 @@ fun OnePointDPad(c: NESPalette, size: Dp, onDir: (String) -> Unit) {
|
|||||||
}
|
}
|
||||||
activeDir = dir; onDir(dir)
|
activeDir = dir; onDir(dir)
|
||||||
job?.cancel()
|
job?.cancel()
|
||||||
// 500ms initial delay so a normal tap sends one key, not
|
job = scope.launch { delay(300); while (true) { onDir(dir); delay(90) } }
|
||||||
// two (a touch tap often exceeds 300ms → doubled nav sound).
|
|
||||||
job = scope.launch { delay(500); while (true) { onDir(dir); delay(90) } }
|
|
||||||
tryAwaitRelease()
|
tryAwaitRelease()
|
||||||
job?.cancel(); activeDir = null
|
job?.cancel(); activeDir = null
|
||||||
},
|
},
|
||||||
@ -370,28 +375,6 @@ fun ColorBtn(color: Color, pressColor: Color, sz: Dp = 48.dp, onClick: () -> Uni
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Glass face button — dark translucent fill, colored ring + letter (OS style) */
|
|
||||||
@Composable
|
|
||||||
fun GlassFaceBtn(label: String, accent: Color, sz: Dp = 44.dp, onClick: () -> Unit) {
|
|
||||||
var p by remember { mutableStateOf(false) }
|
|
||||||
Box(
|
|
||||||
Modifier
|
|
||||||
.size(sz)
|
|
||||||
.clip(CircleShape)
|
|
||||||
.background(
|
|
||||||
Brush.verticalGradient(
|
|
||||||
if (p) listOf(Color.White.copy(alpha = 0.05f), Color.White.copy(alpha = 0.02f))
|
|
||||||
else listOf(Color.White.copy(alpha = 0.10f), Color.White.copy(alpha = 0.03f))
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.border(1.5.dp, accent.copy(alpha = if (p) 0.95f else 0.55f), CircleShape)
|
|
||||||
.pointerInput(Unit) { detectTapGestures(onPress = { p = true; onClick(); tryAwaitRelease(); p = false }) },
|
|
||||||
contentAlignment = Alignment.Center,
|
|
||||||
) {
|
|
||||||
Text(label, color = accent.copy(alpha = if (p) 1f else 0.85f), fontSize = 16.sp, fontWeight = FontWeight.Bold)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/** START/SELECT capsule */
|
/** START/SELECT capsule */
|
||||||
@Composable
|
@Composable
|
||||||
fun CapsuleBtn(label: String, c: NESPalette, w: Dp = 64.dp, h: Dp = 28.dp, onClick: () -> Unit) {
|
fun CapsuleBtn(label: String, c: NESPalette, w: Dp = 64.dp, h: Dp = 28.dp, onClick: () -> Unit) {
|
||||||
|
|||||||
@ -3,8 +3,6 @@ package com.archipelago.app.ui.components
|
|||||||
import androidx.compose.animation.AnimatedVisibility
|
import androidx.compose.animation.AnimatedVisibility
|
||||||
import androidx.compose.animation.fadeIn
|
import androidx.compose.animation.fadeIn
|
||||||
import androidx.compose.animation.fadeOut
|
import androidx.compose.animation.fadeOut
|
||||||
import androidx.compose.animation.scaleIn
|
|
||||||
import androidx.compose.animation.scaleOut
|
|
||||||
import androidx.compose.foundation.background
|
import androidx.compose.foundation.background
|
||||||
import androidx.compose.foundation.border
|
import androidx.compose.foundation.border
|
||||||
import androidx.compose.foundation.clickable
|
import androidx.compose.foundation.clickable
|
||||||
@ -36,35 +34,17 @@ import androidx.compose.ui.Alignment
|
|||||||
import androidx.compose.ui.Modifier
|
import androidx.compose.ui.Modifier
|
||||||
import androidx.compose.ui.draw.clip
|
import androidx.compose.ui.draw.clip
|
||||||
import androidx.compose.ui.graphics.Color
|
import androidx.compose.ui.graphics.Color
|
||||||
import androidx.compose.ui.text.TextStyle
|
|
||||||
import androidx.compose.ui.text.font.FontWeight
|
import androidx.compose.ui.text.font.FontWeight
|
||||||
import androidx.compose.ui.text.input.ImeAction
|
import androidx.compose.ui.text.input.ImeAction
|
||||||
import androidx.compose.ui.text.input.KeyboardType
|
import androidx.compose.ui.text.input.KeyboardType
|
||||||
import androidx.compose.ui.text.input.PasswordVisualTransformation
|
import androidx.compose.ui.text.input.PasswordVisualTransformation
|
||||||
import androidx.compose.ui.text.style.TextAlign
|
|
||||||
import androidx.compose.ui.unit.dp
|
import androidx.compose.ui.unit.dp
|
||||||
import androidx.compose.ui.unit.sp
|
import androidx.compose.ui.unit.sp
|
||||||
import com.archipelago.app.data.ServerEntry
|
import com.archipelago.app.data.ServerEntry
|
||||||
import com.archipelago.app.ui.theme.BitcoinOrange
|
|
||||||
import com.archipelago.app.ui.theme.ControllerStyle
|
import com.archipelago.app.ui.theme.ControllerStyle
|
||||||
import com.archipelago.app.ui.theme.SurfaceDark
|
import com.archipelago.app.ui.theme.NES
|
||||||
import com.archipelago.app.ui.theme.TextMuted
|
|
||||||
import com.archipelago.app.ui.theme.TextPrimary
|
|
||||||
|
|
||||||
// Glassmorphism palette (OS design): near-black surfaces, subtle white borders,
|
/** NES-styled modal menu — dark blue panel with white borders */
|
||||||
// Bitcoin-orange accent.
|
|
||||||
private val PanelBg = SurfaceDark // #0A0A0A
|
|
||||||
private val PanelBorder = Color.White.copy(alpha = 0.12f)
|
|
||||||
private val RowBg = Color.White.copy(alpha = 0.05f)
|
|
||||||
private val RowBorder = Color.White.copy(alpha = 0.08f)
|
|
||||||
private val FieldBg = Color.White.copy(alpha = 0.04f)
|
|
||||||
|
|
||||||
private val PANEL_R = 20.dp
|
|
||||||
private val ROW_R = 14.dp
|
|
||||||
private val ROW_H = 54.dp
|
|
||||||
private val FIELD_H = 58.dp
|
|
||||||
|
|
||||||
/** Glassmorphism modal menu — #0A0A0A surface, subtle white borders. */
|
|
||||||
@Composable
|
@Composable
|
||||||
fun NESMenu(
|
fun NESMenu(
|
||||||
visible: Boolean,
|
visible: Boolean,
|
||||||
@ -75,7 +55,6 @@ fun NESMenu(
|
|||||||
onDismiss: () -> Unit,
|
onDismiss: () -> Unit,
|
||||||
onSelectServer: (ServerEntry) -> Unit,
|
onSelectServer: (ServerEntry) -> Unit,
|
||||||
onAddServer: (ServerEntry) -> Unit,
|
onAddServer: (ServerEntry) -> Unit,
|
||||||
onEditServer: (ServerEntry, ServerEntry) -> Unit,
|
|
||||||
onRemoveServer: (ServerEntry) -> Unit,
|
onRemoveServer: (ServerEntry) -> Unit,
|
||||||
onToggleMode: () -> Unit,
|
onToggleMode: () -> Unit,
|
||||||
onToggleStyle: () -> Unit,
|
onToggleStyle: () -> Unit,
|
||||||
@ -87,9 +66,7 @@ fun NESMenu(
|
|||||||
.clickable(indication = null, interactionSource = remember { MutableInteractionSource() }) { onDismiss() },
|
.clickable(indication = null, interactionSource = remember { MutableInteractionSource() }) { onDismiss() },
|
||||||
contentAlignment = Alignment.Center,
|
contentAlignment = Alignment.Center,
|
||||||
) {
|
) {
|
||||||
AnimatedVisibility(visible = visible, enter = fadeIn() + scaleIn(initialScale = 0.95f), exit = fadeOut() + scaleOut(targetScale = 0.95f)) {
|
MenuPanel(servers, activeServer, isGamepadMode, controllerStyle, onDismiss, onSelectServer, onAddServer, onRemoveServer, onToggleMode, onToggleStyle, onBackToWebView)
|
||||||
MenuPanel(servers, activeServer, isGamepadMode, controllerStyle, onDismiss, onSelectServer, onAddServer, onEditServer, onRemoveServer, onToggleMode, onToggleStyle, onBackToWebView)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -103,160 +80,105 @@ private fun MenuPanel(
|
|||||||
onDismiss: () -> Unit,
|
onDismiss: () -> Unit,
|
||||||
onSelectServer: (ServerEntry) -> Unit,
|
onSelectServer: (ServerEntry) -> Unit,
|
||||||
onAddServer: (ServerEntry) -> Unit,
|
onAddServer: (ServerEntry) -> Unit,
|
||||||
onEditServer: (ServerEntry, ServerEntry) -> Unit,
|
|
||||||
onRemoveServer: (ServerEntry) -> Unit,
|
onRemoveServer: (ServerEntry) -> Unit,
|
||||||
onToggleMode: () -> Unit,
|
onToggleMode: () -> Unit,
|
||||||
onToggleStyle: () -> Unit,
|
onToggleStyle: () -> Unit,
|
||||||
onBackToWebView: (() -> Unit)?,
|
onBackToWebView: (() -> Unit)?,
|
||||||
) {
|
) {
|
||||||
var showAdd by remember { mutableStateOf(false) }
|
var showAdd by remember { mutableStateOf(false) }
|
||||||
// The saved server being edited, or null when adding a new one.
|
|
||||||
var editing by remember { mutableStateOf<ServerEntry?>(null) }
|
|
||||||
var nm by remember { mutableStateOf("") }
|
|
||||||
var addr by remember { mutableStateOf("") }
|
var addr by remember { mutableStateOf("") }
|
||||||
var pwd by remember { mutableStateOf("") }
|
var pwd by remember { mutableStateOf("") }
|
||||||
|
|
||||||
fun resetForm() {
|
|
||||||
nm = ""; addr = ""; pwd = ""; showAdd = false; editing = null
|
|
||||||
}
|
|
||||||
|
|
||||||
fun startEdit(server: ServerEntry) {
|
|
||||||
editing = server
|
|
||||||
nm = server.name; addr = server.address; pwd = server.password
|
|
||||||
showAdd = false
|
|
||||||
}
|
|
||||||
|
|
||||||
fun submit() {
|
|
||||||
if (addr.isBlank()) return
|
|
||||||
val orig = editing
|
|
||||||
if (orig != null) {
|
|
||||||
// Preserve fields the compact form doesn't expose (scheme, port).
|
|
||||||
onEditServer(orig, orig.copy(address = addr, password = pwd, name = nm))
|
|
||||||
} else {
|
|
||||||
onAddServer(ServerEntry(addr, false, password = pwd, name = nm))
|
|
||||||
}
|
|
||||||
resetForm()
|
|
||||||
}
|
|
||||||
|
|
||||||
Column(
|
Column(
|
||||||
modifier = Modifier
|
modifier = Modifier
|
||||||
.widthIn(max = 420.dp)
|
.widthIn(max = 360.dp)
|
||||||
.padding(horizontal = 20.dp)
|
.clip(RoundedCornerShape(4.dp))
|
||||||
.clip(RoundedCornerShape(PANEL_R))
|
.background(NES.MenuPanel)
|
||||||
.background(PanelBg)
|
.border(3.dp, NES.MenuBorder, RoundedCornerShape(4.dp))
|
||||||
.border(1.dp, PanelBorder, RoundedCornerShape(PANEL_R))
|
|
||||||
.clickable(indication = null, interactionSource = remember { MutableInteractionSource() }) {}
|
.clickable(indication = null, interactionSource = remember { MutableInteractionSource() }) {}
|
||||||
.padding(22.dp),
|
.padding(16.dp),
|
||||||
verticalArrangement = Arrangement.spacedBy(10.dp),
|
verticalArrangement = Arrangement.spacedBy(6.dp),
|
||||||
) {
|
) {
|
||||||
// Title
|
// Title
|
||||||
Text(
|
Text("- MENU -", color = NES.MenuText, fontSize = 14.sp, fontWeight = FontWeight.Bold, letterSpacing = 4.sp,
|
||||||
"Menu",
|
modifier = Modifier.fillMaxWidth(), textAlign = androidx.compose.ui.text.style.TextAlign.Center)
|
||||||
color = TextPrimary,
|
Spacer(Modifier.height(4.dp))
|
||||||
fontSize = 18.sp,
|
|
||||||
fontWeight = FontWeight.SemiBold,
|
|
||||||
letterSpacing = 2.sp,
|
|
||||||
modifier = Modifier.fillMaxWidth(),
|
|
||||||
textAlign = TextAlign.Center,
|
|
||||||
)
|
|
||||||
Spacer(Modifier.height(2.dp))
|
|
||||||
|
|
||||||
// Servers
|
// Servers
|
||||||
servers.forEach { server ->
|
servers.forEach { server ->
|
||||||
val active = server.serialize() == activeServer?.serialize()
|
val active = server.serialize() == activeServer?.serialize()
|
||||||
MenuItem(
|
MenuItem(
|
||||||
label = server.displayName(),
|
label = (if (active) "\u25B6 " else " ") + server.address,
|
||||||
selected = active,
|
selected = active,
|
||||||
onClick = { onSelectServer(server) },
|
onClick = { onSelectServer(server) },
|
||||||
onEdit = { startEdit(server) },
|
|
||||||
onRemove = { onRemoveServer(server) },
|
onRemove = { onRemoveServer(server) },
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (servers.isEmpty()) {
|
if (servers.isEmpty()) {
|
||||||
Text("No servers", color = TextMuted, fontSize = 14.sp, modifier = Modifier.padding(vertical = 4.dp))
|
Text(" NO SERVERS", color = NES.MenuMuted, fontSize = 11.sp, modifier = Modifier.padding(vertical = 4.dp))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add / edit server
|
// Add server
|
||||||
if (showAdd || editing != null) {
|
if (showAdd) {
|
||||||
Column(
|
Column(
|
||||||
Modifier
|
Modifier.fillMaxWidth().background(Color.Black.copy(alpha = 0.3f)).padding(8.dp),
|
||||||
.fillMaxWidth()
|
verticalArrangement = Arrangement.spacedBy(6.dp),
|
||||||
.clip(RoundedCornerShape(ROW_R))
|
|
||||||
.background(FieldBg)
|
|
||||||
.border(1.dp, RowBorder, RoundedCornerShape(ROW_R))
|
|
||||||
.padding(12.dp),
|
|
||||||
verticalArrangement = Arrangement.spacedBy(8.dp),
|
|
||||||
) {
|
) {
|
||||||
Row(
|
OutlinedTextField(
|
||||||
Modifier.fillMaxWidth(),
|
|
||||||
verticalAlignment = Alignment.CenterVertically,
|
|
||||||
horizontalArrangement = Arrangement.SpaceBetween,
|
|
||||||
) {
|
|
||||||
Text(
|
|
||||||
if (editing != null) "Edit Server" else "Add Server",
|
|
||||||
color = TextMuted,
|
|
||||||
fontSize = 13.sp,
|
|
||||||
letterSpacing = 1.sp,
|
|
||||||
fontWeight = FontWeight.Medium,
|
|
||||||
)
|
|
||||||
Text(
|
|
||||||
"Cancel",
|
|
||||||
color = TextMuted,
|
|
||||||
fontSize = 13.sp,
|
|
||||||
modifier = Modifier.clickable { resetForm() }.padding(start = 8.dp),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
GlassField(
|
|
||||||
value = nm, onValueChange = { nm = it },
|
|
||||||
placeholder = "Name (optional)",
|
|
||||||
keyboardOptions = KeyboardOptions(keyboardType = KeyboardType.Text, imeAction = ImeAction.Next),
|
|
||||||
)
|
|
||||||
GlassField(
|
|
||||||
value = addr, onValueChange = { addr = it.trim() },
|
value = addr, onValueChange = { addr = it.trim() },
|
||||||
placeholder = "192.168.1.100",
|
placeholder = { Text("192.168.1.100", color = NES.MenuMuted, fontSize = 11.sp) },
|
||||||
keyboardOptions = KeyboardOptions(keyboardType = KeyboardType.Uri, imeAction = ImeAction.Next),
|
modifier = Modifier.fillMaxWidth().height(48.dp), singleLine = true,
|
||||||
|
textStyle = androidx.compose.ui.text.TextStyle(color = NES.MenuText, fontSize = 12.sp),
|
||||||
|
colors = nesFieldColors(),
|
||||||
|
shape = RoundedCornerShape(2.dp),
|
||||||
)
|
)
|
||||||
Row(horizontalArrangement = Arrangement.spacedBy(8.dp), verticalAlignment = Alignment.CenterVertically) {
|
Row(horizontalArrangement = Arrangement.spacedBy(6.dp), verticalAlignment = Alignment.CenterVertically) {
|
||||||
GlassField(
|
OutlinedTextField(
|
||||||
value = pwd, onValueChange = { pwd = it },
|
value = pwd, onValueChange = { pwd = it },
|
||||||
placeholder = "Password",
|
placeholder = { Text("PASSWORD", color = NES.MenuMuted, fontSize = 11.sp) },
|
||||||
modifier = Modifier.weight(1f),
|
modifier = Modifier.weight(1f).height(48.dp), singleLine = true,
|
||||||
visualTransformation = PasswordVisualTransformation(),
|
visualTransformation = PasswordVisualTransformation(),
|
||||||
keyboardOptions = KeyboardOptions(keyboardType = KeyboardType.Password, imeAction = ImeAction.Go),
|
keyboardOptions = KeyboardOptions(keyboardType = KeyboardType.Password, imeAction = ImeAction.Go),
|
||||||
keyboardActions = KeyboardActions(onGo = { submit() }),
|
keyboardActions = KeyboardActions(onGo = {
|
||||||
|
if (addr.isNotBlank()) { onAddServer(ServerEntry(addr, false, password = pwd)); addr = ""; pwd = ""; showAdd = false }
|
||||||
|
}),
|
||||||
|
textStyle = androidx.compose.ui.text.TextStyle(color = NES.MenuText, fontSize = 12.sp),
|
||||||
|
colors = nesFieldColors(),
|
||||||
|
shape = RoundedCornerShape(2.dp),
|
||||||
)
|
)
|
||||||
Box(
|
Box(
|
||||||
Modifier.size(FIELD_H).clip(RoundedCornerShape(12.dp)).background(BitcoinOrange.copy(alpha = 0.15f))
|
Modifier.size(48.dp).clip(RoundedCornerShape(2.dp)).background(NES.MenuSelected)
|
||||||
.border(1.dp, BitcoinOrange.copy(alpha = 0.4f), RoundedCornerShape(12.dp))
|
.clickable {
|
||||||
.clickable { submit() },
|
if (addr.isNotBlank()) { onAddServer(ServerEntry(addr, false, password = pwd)); addr = ""; pwd = ""; showAdd = false }
|
||||||
|
},
|
||||||
contentAlignment = Alignment.Center,
|
contentAlignment = Alignment.Center,
|
||||||
) { Text("OK", color = BitcoinOrange, fontSize = 14.sp, fontWeight = FontWeight.Bold) }
|
) { Text("OK", color = NES.MenuText, fontSize = 10.sp, fontWeight = FontWeight.Bold) }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
MenuItem(label = "Add Server", labelColor = BitcoinOrange, onClick = { showAdd = true })
|
MenuItem(label = " ADD SERVER", onClick = { showAdd = true })
|
||||||
}
|
}
|
||||||
|
|
||||||
Spacer(Modifier.height(2.dp))
|
Spacer(Modifier.height(2.dp))
|
||||||
Box(Modifier.fillMaxWidth().height(1.dp).background(PanelBorder))
|
Box(Modifier.fillMaxWidth().height(1.dp).background(NES.MenuBorder.copy(alpha = 0.3f)))
|
||||||
Spacer(Modifier.height(2.dp))
|
Spacer(Modifier.height(2.dp))
|
||||||
|
|
||||||
// Mode toggle
|
// Mode toggle
|
||||||
MenuItem(
|
MenuItem(
|
||||||
label = if (isGamepadMode) "Switch to Keyboard" else "Switch to Gamepad",
|
label = if (isGamepadMode) " SWITCH TO KEYBOARD" else " SWITCH TO GAMEPAD",
|
||||||
onClick = onToggleMode,
|
onClick = onToggleMode,
|
||||||
)
|
)
|
||||||
|
|
||||||
// Style toggle
|
// Style toggle
|
||||||
MenuItem(
|
MenuItem(
|
||||||
label = if (controllerStyle == ControllerStyle.CLASSIC) "Style: Classic" else "Style: Dark",
|
label = if (controllerStyle == ControllerStyle.CLASSIC) " STYLE: CLASSIC" else " STYLE: DARK",
|
||||||
onClick = onToggleStyle,
|
onClick = onToggleStyle,
|
||||||
)
|
)
|
||||||
|
|
||||||
// Back to dashboard
|
// Back to dashboard
|
||||||
if (onBackToWebView != null) {
|
if (onBackToWebView != null) {
|
||||||
MenuItem(label = "Back to Dashboard", onClick = onBackToWebView)
|
MenuItem(label = " BACK TO DASHBOARD", onClick = onBackToWebView)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -265,79 +187,32 @@ private fun MenuPanel(
|
|||||||
private fun MenuItem(
|
private fun MenuItem(
|
||||||
label: String,
|
label: String,
|
||||||
selected: Boolean = false,
|
selected: Boolean = false,
|
||||||
labelColor: Color = TextPrimary,
|
|
||||||
onClick: () -> Unit,
|
onClick: () -> Unit,
|
||||||
onEdit: (() -> Unit)? = null,
|
|
||||||
onRemove: (() -> Unit)? = null,
|
onRemove: (() -> Unit)? = null,
|
||||||
) {
|
) {
|
||||||
Row(
|
Row(
|
||||||
Modifier
|
Modifier
|
||||||
.fillMaxWidth()
|
.fillMaxWidth()
|
||||||
.height(ROW_H)
|
.height(32.dp)
|
||||||
.clip(RoundedCornerShape(ROW_R))
|
.background(if (selected) NES.MenuSelected.copy(alpha = 0.15f) else Color.Transparent)
|
||||||
.background(if (selected) BitcoinOrange.copy(alpha = 0.12f) else RowBg)
|
|
||||||
.border(1.dp, if (selected) BitcoinOrange.copy(alpha = 0.4f) else RowBorder, RoundedCornerShape(ROW_R))
|
|
||||||
.clickable { onClick() }
|
.clickable { onClick() }
|
||||||
.padding(horizontal = 16.dp),
|
.padding(horizontal = 8.dp),
|
||||||
verticalAlignment = Alignment.CenterVertically,
|
verticalAlignment = Alignment.CenterVertically,
|
||||||
horizontalArrangement = Arrangement.SpaceBetween,
|
horizontalArrangement = Arrangement.SpaceBetween,
|
||||||
) {
|
) {
|
||||||
Text(
|
Text(label, color = if (selected) NES.MenuSelected else NES.MenuText, fontSize = 11.sp, fontWeight = FontWeight.Medium)
|
||||||
label,
|
|
||||||
color = if (selected) BitcoinOrange else labelColor,
|
|
||||||
fontSize = 16.sp,
|
|
||||||
fontWeight = FontWeight.Medium,
|
|
||||||
modifier = Modifier.weight(1f),
|
|
||||||
)
|
|
||||||
if (onEdit != null) {
|
|
||||||
Text(
|
|
||||||
"✎",
|
|
||||||
color = TextMuted,
|
|
||||||
fontSize = 16.sp,
|
|
||||||
modifier = Modifier.clickable { onEdit() }.padding(horizontal = 8.dp),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
if (onRemove != null) {
|
if (onRemove != null) {
|
||||||
Text(
|
Text("\u2715", color = NES.MenuMuted, fontSize = 10.sp,
|
||||||
"✕",
|
modifier = Modifier.clickable { onRemove() }.padding(horizontal = 8.dp))
|
||||||
color = TextMuted,
|
|
||||||
fontSize = 16.sp,
|
|
||||||
modifier = Modifier.clickable { onRemove() }.padding(horizontal = 8.dp),
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Glass text field with centered input text. */
|
|
||||||
@Composable
|
@Composable
|
||||||
private fun GlassField(
|
private fun nesFieldColors() = OutlinedTextFieldDefaults.colors(
|
||||||
value: String,
|
focusedBorderColor = NES.MenuBorder,
|
||||||
onValueChange: (String) -> Unit,
|
unfocusedBorderColor = NES.MenuMuted,
|
||||||
placeholder: String,
|
cursorColor = NES.MenuText,
|
||||||
modifier: Modifier = Modifier,
|
focusedTextColor = NES.MenuText,
|
||||||
visualTransformation: androidx.compose.ui.text.input.VisualTransformation = androidx.compose.ui.text.input.VisualTransformation.None,
|
unfocusedTextColor = NES.MenuText,
|
||||||
keyboardOptions: KeyboardOptions = KeyboardOptions.Default,
|
)
|
||||||
keyboardActions: KeyboardActions = KeyboardActions.Default,
|
|
||||||
) {
|
|
||||||
OutlinedTextField(
|
|
||||||
value = value,
|
|
||||||
onValueChange = onValueChange,
|
|
||||||
placeholder = {
|
|
||||||
Text(placeholder, color = TextMuted, fontSize = 15.sp, modifier = Modifier.fillMaxWidth(), textAlign = TextAlign.Center)
|
|
||||||
},
|
|
||||||
modifier = modifier.fillMaxWidth().height(FIELD_H),
|
|
||||||
singleLine = true,
|
|
||||||
visualTransformation = visualTransformation,
|
|
||||||
keyboardOptions = keyboardOptions,
|
|
||||||
keyboardActions = keyboardActions,
|
|
||||||
textStyle = TextStyle(color = TextPrimary, fontSize = 16.sp, textAlign = TextAlign.Center),
|
|
||||||
colors = OutlinedTextFieldDefaults.colors(
|
|
||||||
focusedBorderColor = Color.White.copy(alpha = 0.3f),
|
|
||||||
unfocusedBorderColor = Color.White.copy(alpha = 0.12f),
|
|
||||||
cursorColor = BitcoinOrange,
|
|
||||||
focusedTextColor = TextPrimary,
|
|
||||||
unfocusedTextColor = TextPrimary,
|
|
||||||
),
|
|
||||||
shape = RoundedCornerShape(12.dp),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|||||||
@ -50,6 +50,7 @@ fun NESPortraitController(
|
|||||||
Box(
|
Box(
|
||||||
Modifier
|
Modifier
|
||||||
.fillMaxSize()
|
.fillMaxSize()
|
||||||
|
.background(Color(0xFF0C0C0C))
|
||||||
.twoFingerHold(onMenu)
|
.twoFingerHold(onMenu)
|
||||||
.padding(horizontal = 40.dp, vertical = 24.dp),
|
.padding(horizontal = 40.dp, vertical = 24.dp),
|
||||||
contentAlignment = Alignment.Center,
|
contentAlignment = Alignment.Center,
|
||||||
@ -61,7 +62,7 @@ fun NESPortraitController(
|
|||||||
.fillMaxSize()
|
.fillMaxSize()
|
||||||
.shadow(28.dp, RoundedCornerShape(20.dp), ambientColor = Color.Black, spotColor = Color.Black)
|
.shadow(28.dp, RoundedCornerShape(20.dp), ambientColor = Color.Black, spotColor = Color.Black)
|
||||||
.clip(RoundedCornerShape(20.dp))
|
.clip(RoundedCornerShape(20.dp))
|
||||||
.background(Brush.verticalGradient(listOf(c.body, c.body)))
|
.background(Brush.verticalGradient(listOf(c.body, c.body.copy(alpha = 0.95f))))
|
||||||
.border(1.dp, Color.White.copy(alpha = if (isClassic) 0.08f else 0.04f), RoundedCornerShape(20.dp)),
|
.border(1.dp, Color.White.copy(alpha = if (isClassic) 0.08f else 0.04f), RoundedCornerShape(20.dp)),
|
||||||
) {
|
) {
|
||||||
// Top highlight
|
// Top highlight
|
||||||
@ -118,11 +119,11 @@ fun NESPortraitController(
|
|||||||
Modifier.fillMaxWidth().padding(horizontal = 12.dp, vertical = 8.dp),
|
Modifier.fillMaxWidth().padding(horizontal = 12.dp, vertical = 8.dp),
|
||||||
horizontalAlignment = Alignment.CenterHorizontally,
|
horizontalAlignment = Alignment.CenterHorizontally,
|
||||||
) {
|
) {
|
||||||
GlassFaceBtn("C", Color(0xFFBBBBBB), 46.dp) { onKey("c") }
|
ColorBtn(Color(0xFF888888), Color(0xFFAAAAAA), 46.dp) { onKey("c") }
|
||||||
Spacer(Modifier.height(6.dp))
|
Spacer(Modifier.height(6.dp))
|
||||||
Row(horizontalArrangement = Arrangement.spacedBy(14.dp)) {
|
Row(horizontalArrangement = Arrangement.spacedBy(14.dp)) {
|
||||||
GlassFaceBtn("B", Color(0xFF60A5FA), 46.dp) { onKey("b") }
|
ColorBtn(Color(0xFF3B82F6), Color(0xFF60A5FA), 46.dp) { onKey("b") }
|
||||||
GlassFaceBtn("A", Color(0xFFF7931A), 46.dp) { onKey("a") }
|
ColorBtn(Color(0xFFEA580C), Color(0xFFFB923C), 46.dp) { onKey("a") }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -23,7 +23,6 @@ import androidx.compose.foundation.layout.fillMaxWidth
|
|||||||
import androidx.compose.foundation.layout.height
|
import androidx.compose.foundation.layout.height
|
||||||
import androidx.compose.foundation.layout.padding
|
import androidx.compose.foundation.layout.padding
|
||||||
import androidx.compose.foundation.layout.safeDrawing
|
import androidx.compose.foundation.layout.safeDrawing
|
||||||
import androidx.compose.foundation.layout.size
|
|
||||||
import androidx.compose.foundation.layout.windowInsetsPadding
|
import androidx.compose.foundation.layout.windowInsetsPadding
|
||||||
import androidx.compose.foundation.shape.RoundedCornerShape
|
import androidx.compose.foundation.shape.RoundedCornerShape
|
||||||
import androidx.compose.material3.MaterialTheme
|
import androidx.compose.material3.MaterialTheme
|
||||||
@ -42,7 +41,7 @@ import androidx.compose.ui.geometry.Offset
|
|||||||
import androidx.compose.ui.geometry.Size
|
import androidx.compose.ui.geometry.Size
|
||||||
import androidx.compose.ui.graphics.Brush
|
import androidx.compose.ui.graphics.Brush
|
||||||
import androidx.compose.ui.graphics.Color
|
import androidx.compose.ui.graphics.Color
|
||||||
import androidx.compose.ui.layout.ContentScale
|
import androidx.compose.ui.graphics.ColorFilter
|
||||||
import androidx.compose.ui.res.painterResource
|
import androidx.compose.ui.res.painterResource
|
||||||
import androidx.compose.ui.res.stringResource
|
import androidx.compose.ui.res.stringResource
|
||||||
import androidx.compose.ui.text.style.TextAlign
|
import androidx.compose.ui.text.style.TextAlign
|
||||||
@ -68,45 +67,26 @@ fun IntroScreen(onContinue: () -> Unit) {
|
|||||||
Box(
|
Box(
|
||||||
modifier = Modifier
|
modifier = Modifier
|
||||||
.fillMaxSize()
|
.fillMaxSize()
|
||||||
.background(SurfaceBlack),
|
.background(SurfaceBlack)
|
||||||
|
.windowInsetsPadding(WindowInsets.safeDrawing),
|
||||||
|
contentAlignment = Alignment.Center,
|
||||||
) {
|
) {
|
||||||
// Reddish synthwave backdrop
|
|
||||||
Image(
|
|
||||||
painter = painterResource(id = R.drawable.bg_synthwave),
|
|
||||||
contentDescription = null,
|
|
||||||
modifier = Modifier.fillMaxSize(),
|
|
||||||
contentScale = ContentScale.Crop,
|
|
||||||
)
|
|
||||||
// Dark scrim so the title/buttons stay legible over the art
|
|
||||||
Box(
|
|
||||||
modifier = Modifier
|
|
||||||
.fillMaxSize()
|
|
||||||
.background(
|
|
||||||
Brush.verticalGradient(
|
|
||||||
colors = listOf(
|
|
||||||
Color.Black.copy(alpha = 0.55f),
|
|
||||||
Color.Black.copy(alpha = 0.35f),
|
|
||||||
Color.Black.copy(alpha = 0.75f),
|
|
||||||
),
|
|
||||||
)
|
|
||||||
),
|
|
||||||
)
|
|
||||||
Column(
|
Column(
|
||||||
modifier = Modifier
|
modifier = Modifier
|
||||||
.align(Alignment.Center)
|
|
||||||
.fillMaxWidth()
|
.fillMaxWidth()
|
||||||
.windowInsetsPadding(WindowInsets.safeDrawing)
|
|
||||||
.padding(horizontal = 32.dp),
|
.padding(horizontal = 32.dp),
|
||||||
horizontalAlignment = Alignment.CenterHorizontally,
|
horizontalAlignment = Alignment.CenterHorizontally,
|
||||||
verticalArrangement = Arrangement.Center,
|
verticalArrangement = Arrangement.Center,
|
||||||
) {
|
) {
|
||||||
// Circular badge logo
|
// Wide pixel-art logo
|
||||||
Image(
|
Image(
|
||||||
painter = painterResource(id = R.drawable.ic_logo),
|
painter = painterResource(id = R.drawable.ic_logo_wide),
|
||||||
contentDescription = "Archipelago",
|
contentDescription = "Archipelago",
|
||||||
modifier = Modifier
|
modifier = Modifier
|
||||||
.size(160.dp)
|
.fillMaxWidth()
|
||||||
|
.padding(horizontal = 8.dp)
|
||||||
.alpha(logoAlpha.value),
|
.alpha(logoAlpha.value),
|
||||||
|
colorFilter = ColorFilter.tint(Color.White),
|
||||||
)
|
)
|
||||||
|
|
||||||
Spacer(modifier = Modifier.height(48.dp))
|
Spacer(modifier = Modifier.height(48.dp))
|
||||||
@ -122,7 +102,7 @@ fun IntroScreen(onContinue: () -> Unit) {
|
|||||||
Text(
|
Text(
|
||||||
text = stringResource(R.string.welcome_title),
|
text = stringResource(R.string.welcome_title),
|
||||||
style = MaterialTheme.typography.headlineLarge,
|
style = MaterialTheme.typography.headlineLarge,
|
||||||
color = Color(0xFFFAFAFA),
|
color = TextPrimary,
|
||||||
textAlign = TextAlign.Center,
|
textAlign = TextAlign.Center,
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -131,7 +111,7 @@ fun IntroScreen(onContinue: () -> Unit) {
|
|||||||
Text(
|
Text(
|
||||||
text = stringResource(R.string.welcome_subtitle),
|
text = stringResource(R.string.welcome_subtitle),
|
||||||
style = MaterialTheme.typography.bodyLarge,
|
style = MaterialTheme.typography.bodyLarge,
|
||||||
color = Color(0xFFFAFAFA),
|
color = TextMuted,
|
||||||
textAlign = TextAlign.Center,
|
textAlign = TextAlign.Center,
|
||||||
lineHeight = 26.sp,
|
lineHeight = 26.sp,
|
||||||
)
|
)
|
||||||
|
|||||||
@ -2,7 +2,6 @@ package com.archipelago.app.ui.screens
|
|||||||
|
|
||||||
import android.content.res.Configuration
|
import android.content.res.Configuration
|
||||||
import androidx.activity.compose.BackHandler
|
import androidx.activity.compose.BackHandler
|
||||||
import androidx.compose.foundation.Image
|
|
||||||
import androidx.compose.foundation.background
|
import androidx.compose.foundation.background
|
||||||
import androidx.compose.foundation.layout.Box
|
import androidx.compose.foundation.layout.Box
|
||||||
import androidx.compose.foundation.layout.Column
|
import androidx.compose.foundation.layout.Column
|
||||||
@ -25,17 +24,13 @@ import androidx.compose.runtime.setValue
|
|||||||
import androidx.compose.ui.Alignment
|
import androidx.compose.ui.Alignment
|
||||||
import androidx.compose.ui.Modifier
|
import androidx.compose.ui.Modifier
|
||||||
import androidx.compose.ui.draw.clip
|
import androidx.compose.ui.draw.clip
|
||||||
import androidx.compose.ui.graphics.Brush
|
|
||||||
import androidx.compose.ui.graphics.Color
|
import androidx.compose.ui.graphics.Color
|
||||||
import androidx.compose.ui.layout.ContentScale
|
|
||||||
import androidx.compose.ui.platform.LocalConfiguration
|
import androidx.compose.ui.platform.LocalConfiguration
|
||||||
import androidx.compose.ui.platform.LocalContext
|
import androidx.compose.ui.platform.LocalContext
|
||||||
import androidx.compose.ui.platform.LocalLifecycleOwner
|
import androidx.compose.ui.platform.LocalLifecycleOwner
|
||||||
import androidx.lifecycle.Lifecycle
|
import androidx.lifecycle.Lifecycle
|
||||||
import androidx.lifecycle.LifecycleEventObserver
|
import androidx.lifecycle.LifecycleEventObserver
|
||||||
import androidx.compose.ui.res.painterResource
|
|
||||||
import androidx.compose.ui.unit.dp
|
import androidx.compose.ui.unit.dp
|
||||||
import com.archipelago.app.R
|
|
||||||
import com.archipelago.app.data.ServerPreferences
|
import com.archipelago.app.data.ServerPreferences
|
||||||
import com.archipelago.app.network.ConnectionState
|
import com.archipelago.app.network.ConnectionState
|
||||||
import com.archipelago.app.network.InputWebSocket
|
import com.archipelago.app.network.InputWebSocket
|
||||||
@ -63,7 +58,7 @@ fun RemoteInputScreen(onBack: () -> Unit) {
|
|||||||
|
|
||||||
var isGamepadMode by remember { mutableStateOf(true) }
|
var isGamepadMode by remember { mutableStateOf(true) }
|
||||||
var showModal by remember { mutableStateOf(false) }
|
var showModal by remember { mutableStateOf(false) }
|
||||||
var controllerStyle by remember { mutableStateOf(ControllerStyle.DARK) }
|
var controllerStyle by remember { mutableStateOf(ControllerStyle.CLASSIC) }
|
||||||
var playerId by remember { mutableStateOf(0) } // 0 = broadcast, 1 = P1, 2 = P2
|
var playerId by remember { mutableStateOf(0) } // 0 = broadcast, 1 = P1, 2 = P2
|
||||||
|
|
||||||
val ws = remember { InputWebSocket(scope) }
|
val ws = remember { InputWebSocket(scope) }
|
||||||
@ -118,31 +113,9 @@ fun RemoteInputScreen(onBack: () -> Unit) {
|
|||||||
Box(
|
Box(
|
||||||
Modifier
|
Modifier
|
||||||
.fillMaxSize()
|
.fillMaxSize()
|
||||||
.background(Color(0xFF0C0C0C)),
|
.background(Color(0xFF0C0C0C))
|
||||||
|
.windowInsetsPadding(WindowInsets.safeDrawing),
|
||||||
) {
|
) {
|
||||||
// Reddish synthwave backdrop behind the controller
|
|
||||||
Image(
|
|
||||||
painter = painterResource(id = R.drawable.bg_synthwave),
|
|
||||||
contentDescription = null,
|
|
||||||
modifier = Modifier.fillMaxSize(),
|
|
||||||
contentScale = ContentScale.Crop,
|
|
||||||
)
|
|
||||||
// Light scrim — the controller body provides its own contrast, so keep
|
|
||||||
// this subtle and let the backdrop show through around it.
|
|
||||||
Box(
|
|
||||||
modifier = Modifier
|
|
||||||
.fillMaxSize()
|
|
||||||
.background(
|
|
||||||
Brush.verticalGradient(
|
|
||||||
colors = listOf(
|
|
||||||
Color.Black.copy(alpha = 0.4f),
|
|
||||||
Color.Black.copy(alpha = 0.25f),
|
|
||||||
Color.Black.copy(alpha = 0.45f),
|
|
||||||
),
|
|
||||||
)
|
|
||||||
),
|
|
||||||
)
|
|
||||||
Box(Modifier.fillMaxSize().windowInsetsPadding(WindowInsets.safeDrawing)) {
|
|
||||||
when {
|
when {
|
||||||
isGamepadMode && isLandscape -> NESController(
|
isGamepadMode && isLandscape -> NESController(
|
||||||
style = controllerStyle,
|
style = controllerStyle,
|
||||||
@ -201,7 +174,6 @@ fun RemoteInputScreen(onBack: () -> Unit) {
|
|||||||
}
|
}
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
}
|
|
||||||
|
|
||||||
NESMenu(
|
NESMenu(
|
||||||
visible = showModal,
|
visible = showModal,
|
||||||
@ -216,31 +188,7 @@ fun RemoteInputScreen(onBack: () -> Unit) {
|
|||||||
onAddServer = { server ->
|
onAddServer = { server ->
|
||||||
scope.launch { prefs.addSavedServer(server); if (activeServer == null) prefs.setActiveServer(server) }
|
scope.launch { prefs.addSavedServer(server); if (activeServer == null) prefs.setActiveServer(server) }
|
||||||
},
|
},
|
||||||
onEditServer = { original, updated ->
|
onRemoveServer = { server -> scope.launch { prefs.removeSavedServer(server) } },
|
||||||
scope.launch {
|
|
||||||
prefs.updateSavedServer(original, updated)
|
|
||||||
// If the edited server is the live one, reconnect with the new
|
|
||||||
// address/credentials so the change takes effect immediately.
|
|
||||||
if (original.serialize() == activeServer?.serialize()) {
|
|
||||||
ws.disconnect()
|
|
||||||
prefs.setActiveServer(updated)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
onRemoveServer = { server ->
|
|
||||||
scope.launch {
|
|
||||||
prefs.removeSavedServer(server)
|
|
||||||
// Deleting the last server leaves nothing to control — drop the
|
|
||||||
// active server and return to the Connect screen.
|
|
||||||
val remaining = savedServers.count { it.serialize() != server.serialize() }
|
|
||||||
if (remaining == 0) {
|
|
||||||
ws.disconnect()
|
|
||||||
prefs.clearActiveServer()
|
|
||||||
showModal = false
|
|
||||||
onBack()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
onToggleMode = { isGamepadMode = !isGamepadMode; showModal = false },
|
onToggleMode = { isGamepadMode = !isGamepadMode; showModal = false },
|
||||||
onToggleStyle = {
|
onToggleStyle = {
|
||||||
controllerStyle = if (controllerStyle == ControllerStyle.CLASSIC) ControllerStyle.DARK else ControllerStyle.CLASSIC
|
controllerStyle = if (controllerStyle == ControllerStyle.CLASSIC) ControllerStyle.DARK else ControllerStyle.CLASSIC
|
||||||
|
|||||||
@ -30,7 +30,6 @@ import androidx.compose.material.icons.filled.VisibilityOff
|
|||||||
import androidx.compose.foundation.verticalScroll
|
import androidx.compose.foundation.verticalScroll
|
||||||
import androidx.compose.material.icons.Icons
|
import androidx.compose.material.icons.Icons
|
||||||
import androidx.compose.material.icons.filled.Close
|
import androidx.compose.material.icons.filled.Close
|
||||||
import androidx.compose.material.icons.filled.Edit
|
|
||||||
import androidx.compose.material.icons.filled.Lock
|
import androidx.compose.material.icons.filled.Lock
|
||||||
import androidx.compose.material.icons.filled.LockOpen
|
import androidx.compose.material.icons.filled.LockOpen
|
||||||
import androidx.compose.material3.CircularProgressIndicator
|
import androidx.compose.material3.CircularProgressIndicator
|
||||||
@ -56,7 +55,6 @@ import androidx.compose.ui.draw.drawWithContent
|
|||||||
import androidx.compose.ui.graphics.Brush
|
import androidx.compose.ui.graphics.Brush
|
||||||
import androidx.compose.ui.graphics.Color
|
import androidx.compose.ui.graphics.Color
|
||||||
import androidx.compose.ui.graphics.ColorFilter
|
import androidx.compose.ui.graphics.ColorFilter
|
||||||
import androidx.compose.ui.layout.ContentScale
|
|
||||||
import androidx.compose.ui.platform.LocalContext
|
import androidx.compose.ui.platform.LocalContext
|
||||||
import androidx.compose.ui.platform.LocalSoftwareKeyboardController
|
import androidx.compose.ui.platform.LocalSoftwareKeyboardController
|
||||||
import androidx.compose.ui.res.painterResource
|
import androidx.compose.ui.res.painterResource
|
||||||
@ -99,7 +97,6 @@ fun ServerConnectScreen(
|
|||||||
val scope = rememberCoroutineScope()
|
val scope = rememberCoroutineScope()
|
||||||
val keyboard = LocalSoftwareKeyboardController.current
|
val keyboard = LocalSoftwareKeyboardController.current
|
||||||
|
|
||||||
var name by remember { mutableStateOf("") }
|
|
||||||
var address by remember { mutableStateOf("") }
|
var address by remember { mutableStateOf("") }
|
||||||
var port by remember { mutableStateOf("") }
|
var port by remember { mutableStateOf("") }
|
||||||
var password by remember { mutableStateOf("") }
|
var password by remember { mutableStateOf("") }
|
||||||
@ -107,50 +104,9 @@ fun ServerConnectScreen(
|
|||||||
var useHttps by remember { mutableStateOf(false) }
|
var useHttps by remember { mutableStateOf(false) }
|
||||||
var isConnecting by remember { mutableStateOf(false) }
|
var isConnecting by remember { mutableStateOf(false) }
|
||||||
var errorMessage by remember { mutableStateOf<String?>(null) }
|
var errorMessage by remember { mutableStateOf<String?>(null) }
|
||||||
// The saved server currently being edited, or null when adding/connecting.
|
|
||||||
var editingServer by remember { mutableStateOf<ServerEntry?>(null) }
|
|
||||||
|
|
||||||
val savedServers by prefs.savedServers.collectAsState(initial = emptyList())
|
val savedServers by prefs.savedServers.collectAsState(initial = emptyList())
|
||||||
|
|
||||||
fun clearForm() {
|
|
||||||
name = ""
|
|
||||||
address = ""
|
|
||||||
port = ""
|
|
||||||
password = ""
|
|
||||||
useHttps = false
|
|
||||||
passwordVisible = false
|
|
||||||
errorMessage = null
|
|
||||||
}
|
|
||||||
|
|
||||||
fun startEdit(server: ServerEntry) {
|
|
||||||
editingServer = server
|
|
||||||
name = server.name
|
|
||||||
address = server.address
|
|
||||||
port = server.port
|
|
||||||
password = server.password
|
|
||||||
useHttps = server.useHttps
|
|
||||||
passwordVisible = false
|
|
||||||
errorMessage = null
|
|
||||||
}
|
|
||||||
|
|
||||||
fun cancelEdit() {
|
|
||||||
editingServer = null
|
|
||||||
clearForm()
|
|
||||||
}
|
|
||||||
|
|
||||||
fun saveEdit() {
|
|
||||||
val original = editingServer ?: return
|
|
||||||
if (address.isBlank()) {
|
|
||||||
errorMessage = "Enter a server address"
|
|
||||||
return
|
|
||||||
}
|
|
||||||
val updated = ServerEntry(address, useHttps, port, password, name)
|
|
||||||
scope.launch {
|
|
||||||
prefs.updateSavedServer(original, updated)
|
|
||||||
cancelEdit()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
fun connect(server: ServerEntry) {
|
fun connect(server: ServerEntry) {
|
||||||
if (isConnecting) return
|
if (isConnecting) return
|
||||||
if (server.address.isBlank()) {
|
if (server.address.isBlank()) {
|
||||||
@ -176,33 +132,12 @@ fun ServerConnectScreen(
|
|||||||
Box(
|
Box(
|
||||||
modifier = Modifier
|
modifier = Modifier
|
||||||
.fillMaxSize()
|
.fillMaxSize()
|
||||||
.background(SurfaceBlack),
|
.background(SurfaceBlack)
|
||||||
|
.windowInsetsPadding(WindowInsets.safeDrawing),
|
||||||
) {
|
) {
|
||||||
// Reddish synthwave backdrop
|
|
||||||
Image(
|
|
||||||
painter = painterResource(id = R.drawable.bg_synthwave),
|
|
||||||
contentDescription = null,
|
|
||||||
modifier = Modifier.fillMaxSize(),
|
|
||||||
contentScale = ContentScale.Crop,
|
|
||||||
)
|
|
||||||
// Dark scrim so the form stays legible over the art
|
|
||||||
Box(
|
|
||||||
modifier = Modifier
|
|
||||||
.fillMaxSize()
|
|
||||||
.background(
|
|
||||||
Brush.verticalGradient(
|
|
||||||
colors = listOf(
|
|
||||||
Color.Black.copy(alpha = 0.6f),
|
|
||||||
Color.Black.copy(alpha = 0.45f),
|
|
||||||
Color.Black.copy(alpha = 0.8f),
|
|
||||||
),
|
|
||||||
)
|
|
||||||
),
|
|
||||||
)
|
|
||||||
Column(
|
Column(
|
||||||
modifier = Modifier
|
modifier = Modifier
|
||||||
.fillMaxSize()
|
.fillMaxSize()
|
||||||
.windowInsetsPadding(WindowInsets.safeDrawing)
|
|
||||||
.verticalScroll(state = rememberScrollState())
|
.verticalScroll(state = rememberScrollState())
|
||||||
.drawWithContent { drawContent() }
|
.drawWithContent { drawContent() }
|
||||||
.padding(horizontal = 24.dp)
|
.padding(horizontal = 24.dp)
|
||||||
@ -210,17 +145,20 @@ fun ServerConnectScreen(
|
|||||||
horizontalAlignment = Alignment.CenterHorizontally,
|
horizontalAlignment = Alignment.CenterHorizontally,
|
||||||
verticalArrangement = Arrangement.spacedBy(16.dp),
|
verticalArrangement = Arrangement.spacedBy(16.dp),
|
||||||
) {
|
) {
|
||||||
// Circular badge logo
|
// Wide logo
|
||||||
Image(
|
Image(
|
||||||
painter = painterResource(id = R.drawable.ic_logo),
|
painter = painterResource(id = R.drawable.ic_logo_wide),
|
||||||
contentDescription = "Archipelago",
|
contentDescription = "Archipelago",
|
||||||
modifier = Modifier.size(96.dp),
|
modifier = Modifier
|
||||||
|
.fillMaxWidth()
|
||||||
|
.padding(horizontal = 16.dp),
|
||||||
|
colorFilter = ColorFilter.tint(Color.White),
|
||||||
)
|
)
|
||||||
|
|
||||||
Spacer(modifier = Modifier.height(4.dp))
|
Spacer(modifier = Modifier.height(4.dp))
|
||||||
|
|
||||||
Text(
|
Text(
|
||||||
text = if (editingServer != null) stringResource(R.string.edit_server_title) else "Connect to Server",
|
text = "Connect to Server",
|
||||||
style = MaterialTheme.typography.headlineMedium,
|
style = MaterialTheme.typography.headlineMedium,
|
||||||
color = TextPrimary,
|
color = TextPrimary,
|
||||||
textAlign = TextAlign.Center,
|
textAlign = TextAlign.Center,
|
||||||
@ -240,7 +178,6 @@ fun ServerConnectScreen(
|
|||||||
modifier = Modifier
|
modifier = Modifier
|
||||||
.fillMaxWidth()
|
.fillMaxWidth()
|
||||||
.clip(RoundedCornerShape(16.dp))
|
.clip(RoundedCornerShape(16.dp))
|
||||||
.background(Color.Black.copy(alpha = 0.6f))
|
|
||||||
.background(
|
.background(
|
||||||
Brush.verticalGradient(
|
Brush.verticalGradient(
|
||||||
colors = listOf(
|
colors = listOf(
|
||||||
@ -253,34 +190,6 @@ fun ServerConnectScreen(
|
|||||||
.padding(20.dp),
|
.padding(20.dp),
|
||||||
) {
|
) {
|
||||||
Column {
|
Column {
|
||||||
OutlinedTextField(
|
|
||||||
value = name,
|
|
||||||
onValueChange = {
|
|
||||||
name = it
|
|
||||||
errorMessage = null
|
|
||||||
},
|
|
||||||
label = { Text(stringResource(R.string.server_name_label)) },
|
|
||||||
placeholder = { Text(stringResource(R.string.server_name_placeholder)) },
|
|
||||||
modifier = Modifier.fillMaxWidth(),
|
|
||||||
singleLine = true,
|
|
||||||
keyboardOptions = KeyboardOptions(
|
|
||||||
keyboardType = KeyboardType.Text,
|
|
||||||
imeAction = ImeAction.Next,
|
|
||||||
),
|
|
||||||
colors = OutlinedTextFieldDefaults.colors(
|
|
||||||
focusedBorderColor = Color.White.copy(alpha = 0.3f),
|
|
||||||
unfocusedBorderColor = Color.White.copy(alpha = 0.12f),
|
|
||||||
cursorColor = Color.White,
|
|
||||||
focusedLabelColor = Color.White.copy(alpha = 0.7f),
|
|
||||||
unfocusedLabelColor = TextMuted,
|
|
||||||
focusedTextColor = TextPrimary,
|
|
||||||
unfocusedTextColor = TextPrimary,
|
|
||||||
),
|
|
||||||
shape = RoundedCornerShape(12.dp),
|
|
||||||
)
|
|
||||||
|
|
||||||
Spacer(modifier = Modifier.height(12.dp))
|
|
||||||
|
|
||||||
OutlinedTextField(
|
OutlinedTextField(
|
||||||
value = address,
|
value = address,
|
||||||
onValueChange = {
|
onValueChange = {
|
||||||
@ -366,11 +275,7 @@ fun ServerConnectScreen(
|
|||||||
keyboardActions = KeyboardActions(
|
keyboardActions = KeyboardActions(
|
||||||
onGo = {
|
onGo = {
|
||||||
keyboard?.hide()
|
keyboard?.hide()
|
||||||
if (editingServer != null) {
|
connect(ServerEntry(address, useHttps, port, password))
|
||||||
saveEdit()
|
|
||||||
} else {
|
|
||||||
connect(ServerEntry(address, useHttps, port, password, name))
|
|
||||||
}
|
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
colors = OutlinedTextFieldDefaults.colors(
|
colors = OutlinedTextFieldDefaults.colors(
|
||||||
@ -435,40 +340,15 @@ fun ServerConnectScreen(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (editingServer != null) {
|
// Connect button — glass style
|
||||||
// Save / Cancel while editing an existing saved server
|
GlassButton(
|
||||||
Row(
|
text = if (isConnecting) stringResource(R.string.connecting) else stringResource(R.string.connect),
|
||||||
modifier = Modifier.fillMaxWidth(),
|
onClick = {
|
||||||
horizontalArrangement = Arrangement.spacedBy(12.dp),
|
keyboard?.hide()
|
||||||
) {
|
connect(ServerEntry(address, useHttps, port, password))
|
||||||
GlassButton(
|
},
|
||||||
text = stringResource(R.string.cancel),
|
modifier = Modifier.fillMaxWidth().height(56.dp),
|
||||||
onClick = {
|
)
|
||||||
keyboard?.hide()
|
|
||||||
cancelEdit()
|
|
||||||
},
|
|
||||||
modifier = Modifier.weight(1f).height(56.dp),
|
|
||||||
)
|
|
||||||
GlassButton(
|
|
||||||
text = stringResource(R.string.save_changes),
|
|
||||||
onClick = {
|
|
||||||
keyboard?.hide()
|
|
||||||
saveEdit()
|
|
||||||
},
|
|
||||||
modifier = Modifier.weight(1f).height(56.dp),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// Connect button — glass style
|
|
||||||
GlassButton(
|
|
||||||
text = if (isConnecting) stringResource(R.string.connecting) else stringResource(R.string.connect),
|
|
||||||
onClick = {
|
|
||||||
keyboard?.hide()
|
|
||||||
connect(ServerEntry(address, useHttps, port, password, name))
|
|
||||||
},
|
|
||||||
modifier = Modifier.fillMaxWidth().height(56.dp),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isConnecting) {
|
if (isConnecting) {
|
||||||
CircularProgressIndicator(
|
CircularProgressIndicator(
|
||||||
@ -478,8 +358,8 @@ fun ServerConnectScreen(
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Saved servers (hidden while editing one to keep focus on the form)
|
// Saved servers
|
||||||
if (editingServer == null && savedServers.isNotEmpty()) {
|
if (savedServers.isNotEmpty()) {
|
||||||
Spacer(modifier = Modifier.height(8.dp))
|
Spacer(modifier = Modifier.height(8.dp))
|
||||||
Text(
|
Text(
|
||||||
text = stringResource(R.string.saved_servers),
|
text = stringResource(R.string.saved_servers),
|
||||||
@ -493,7 +373,6 @@ fun ServerConnectScreen(
|
|||||||
SavedServerItem(
|
SavedServerItem(
|
||||||
server = server,
|
server = server,
|
||||||
onConnect = { connect(it) },
|
onConnect = { connect(it) },
|
||||||
onEdit = { startEdit(it) },
|
|
||||||
onRemove = { scope.launch { prefs.removeSavedServer(it) } },
|
onRemove = { scope.launch { prefs.removeSavedServer(it) } },
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@ -506,14 +385,12 @@ fun ServerConnectScreen(
|
|||||||
private fun SavedServerItem(
|
private fun SavedServerItem(
|
||||||
server: ServerEntry,
|
server: ServerEntry,
|
||||||
onConnect: (ServerEntry) -> Unit,
|
onConnect: (ServerEntry) -> Unit,
|
||||||
onEdit: (ServerEntry) -> Unit,
|
|
||||||
onRemove: (ServerEntry) -> Unit,
|
onRemove: (ServerEntry) -> Unit,
|
||||||
) {
|
) {
|
||||||
Row(
|
Row(
|
||||||
modifier = Modifier
|
modifier = Modifier
|
||||||
.fillMaxWidth()
|
.fillMaxWidth()
|
||||||
.clip(RoundedCornerShape(12.dp))
|
.clip(RoundedCornerShape(12.dp))
|
||||||
.background(Color.Black.copy(alpha = 0.6f))
|
|
||||||
.background(
|
.background(
|
||||||
Brush.verticalGradient(
|
Brush.verticalGradient(
|
||||||
colors = listOf(
|
colors = listOf(
|
||||||
@ -537,21 +414,12 @@ private fun SavedServerItem(
|
|||||||
)
|
)
|
||||||
Spacer(modifier = Modifier.width(12.dp))
|
Spacer(modifier = Modifier.width(12.dp))
|
||||||
Column {
|
Column {
|
||||||
Text(text = server.displayName(), style = MaterialTheme.typography.bodyMedium, color = TextPrimary, maxLines = 1, overflow = TextOverflow.Ellipsis)
|
Text(text = server.address, style = MaterialTheme.typography.bodyMedium, color = TextPrimary, maxLines = 1, overflow = TextOverflow.Ellipsis)
|
||||||
val secondary = buildString {
|
if (server.port.isNotBlank()) {
|
||||||
if (server.name.isNotBlank()) append(server.address)
|
Text(text = "Port ${server.port}", style = MaterialTheme.typography.labelMedium, color = TextMuted)
|
||||||
if (server.port.isNotBlank()) {
|
|
||||||
if (isNotEmpty()) append(":${server.port}") else append("Port ${server.port}")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (secondary.isNotBlank()) {
|
|
||||||
Text(text = secondary, style = MaterialTheme.typography.labelMedium, color = TextMuted, maxLines = 1, overflow = TextOverflow.Ellipsis)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
IconButton(onClick = { onEdit(server) }) {
|
|
||||||
Icon(imageVector = Icons.Default.Edit, contentDescription = stringResource(R.string.edit_server), modifier = Modifier.size(18.dp), tint = TextMuted)
|
|
||||||
}
|
|
||||||
IconButton(onClick = { onRemove(server) }) {
|
IconButton(onClick = { onRemove(server) }) {
|
||||||
Icon(imageVector = Icons.Default.Close, contentDescription = stringResource(R.string.remove_server), modifier = Modifier.size(18.dp), tint = TextMuted)
|
Icon(imageVector = Icons.Default.Close, contentDescription = stringResource(R.string.remove_server), modifier = Modifier.size(18.dp), tint = TextMuted)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2,7 +2,6 @@ package com.archipelago.app.ui.screens
|
|||||||
|
|
||||||
import android.annotation.SuppressLint
|
import android.annotation.SuppressLint
|
||||||
import android.graphics.Bitmap
|
import android.graphics.Bitmap
|
||||||
import android.graphics.BitmapFactory
|
|
||||||
import android.view.ViewGroup
|
import android.view.ViewGroup
|
||||||
import android.webkit.CookieManager
|
import android.webkit.CookieManager
|
||||||
import android.webkit.WebChromeClient
|
import android.webkit.WebChromeClient
|
||||||
@ -15,12 +14,10 @@ import androidx.activity.compose.BackHandler
|
|||||||
import androidx.compose.animation.AnimatedVisibility
|
import androidx.compose.animation.AnimatedVisibility
|
||||||
import androidx.compose.animation.fadeIn
|
import androidx.compose.animation.fadeIn
|
||||||
import androidx.compose.animation.fadeOut
|
import androidx.compose.animation.fadeOut
|
||||||
import androidx.compose.foundation.Image
|
|
||||||
import androidx.compose.foundation.background
|
import androidx.compose.foundation.background
|
||||||
import androidx.compose.foundation.layout.Arrangement
|
import androidx.compose.foundation.layout.Arrangement
|
||||||
import androidx.compose.foundation.layout.Box
|
import androidx.compose.foundation.layout.Box
|
||||||
import androidx.compose.foundation.layout.Column
|
import androidx.compose.foundation.layout.Column
|
||||||
import androidx.compose.foundation.layout.Row
|
|
||||||
import androidx.compose.foundation.layout.Spacer
|
import androidx.compose.foundation.layout.Spacer
|
||||||
import androidx.compose.foundation.layout.WindowInsets
|
import androidx.compose.foundation.layout.WindowInsets
|
||||||
import androidx.compose.foundation.layout.fillMaxSize
|
import androidx.compose.foundation.layout.fillMaxSize
|
||||||
@ -29,24 +26,14 @@ import androidx.compose.foundation.layout.height
|
|||||||
import androidx.compose.foundation.layout.padding
|
import androidx.compose.foundation.layout.padding
|
||||||
import androidx.compose.foundation.layout.safeDrawing
|
import androidx.compose.foundation.layout.safeDrawing
|
||||||
import androidx.compose.foundation.layout.size
|
import androidx.compose.foundation.layout.size
|
||||||
import androidx.compose.foundation.layout.width
|
|
||||||
import androidx.compose.foundation.layout.windowInsetsPadding
|
import androidx.compose.foundation.layout.windowInsetsPadding
|
||||||
import androidx.compose.foundation.shape.RoundedCornerShape
|
|
||||||
import androidx.compose.material.icons.Icons
|
import androidx.compose.material.icons.Icons
|
||||||
import androidx.compose.material.icons.automirrored.filled.ArrowBack
|
|
||||||
import androidx.compose.material.icons.automirrored.filled.ArrowForward
|
|
||||||
import androidx.compose.material.icons.filled.Close
|
|
||||||
import androidx.compose.material.icons.filled.CloudOff
|
import androidx.compose.material.icons.filled.CloudOff
|
||||||
import androidx.compose.material.icons.filled.OpenInBrowser
|
|
||||||
import androidx.compose.material.icons.filled.Refresh
|
|
||||||
import androidx.compose.material3.CircularProgressIndicator
|
|
||||||
import androidx.compose.material3.Icon
|
import androidx.compose.material3.Icon
|
||||||
import androidx.compose.material3.IconButton
|
|
||||||
import androidx.compose.material3.LinearProgressIndicator
|
import androidx.compose.material3.LinearProgressIndicator
|
||||||
import androidx.compose.material3.MaterialTheme
|
import androidx.compose.material3.MaterialTheme
|
||||||
import androidx.compose.material3.Text
|
import androidx.compose.material3.Text
|
||||||
import androidx.compose.runtime.Composable
|
import androidx.compose.runtime.Composable
|
||||||
import androidx.compose.runtime.LaunchedEffect
|
|
||||||
import androidx.compose.runtime.getValue
|
import androidx.compose.runtime.getValue
|
||||||
import androidx.compose.runtime.mutableIntStateOf
|
import androidx.compose.runtime.mutableIntStateOf
|
||||||
import androidx.compose.runtime.mutableStateOf
|
import androidx.compose.runtime.mutableStateOf
|
||||||
@ -54,12 +41,8 @@ import androidx.compose.runtime.remember
|
|||||||
import androidx.compose.runtime.setValue
|
import androidx.compose.runtime.setValue
|
||||||
import androidx.compose.ui.Alignment
|
import androidx.compose.ui.Alignment
|
||||||
import androidx.compose.ui.Modifier
|
import androidx.compose.ui.Modifier
|
||||||
import androidx.compose.ui.draw.clip
|
|
||||||
import androidx.compose.ui.graphics.asImageBitmap
|
|
||||||
import androidx.compose.ui.platform.LocalContext
|
|
||||||
import androidx.compose.ui.res.stringResource
|
import androidx.compose.ui.res.stringResource
|
||||||
import androidx.compose.ui.text.style.TextAlign
|
import androidx.compose.ui.text.style.TextAlign
|
||||||
import androidx.compose.ui.text.style.TextOverflow
|
|
||||||
import androidx.compose.ui.unit.dp
|
import androidx.compose.ui.unit.dp
|
||||||
import androidx.compose.ui.viewinterop.AndroidView
|
import androidx.compose.ui.viewinterop.AndroidView
|
||||||
import com.archipelago.app.R
|
import com.archipelago.app.R
|
||||||
@ -67,70 +50,8 @@ import com.archipelago.app.ui.theme.BitcoinOrange
|
|||||||
import com.archipelago.app.ui.theme.SurfaceBlack
|
import com.archipelago.app.ui.theme.SurfaceBlack
|
||||||
import com.archipelago.app.ui.theme.TextMuted
|
import com.archipelago.app.ui.theme.TextMuted
|
||||||
import com.archipelago.app.ui.theme.TextPrimary
|
import com.archipelago.app.ui.theme.TextPrimary
|
||||||
import kotlinx.coroutines.Dispatchers
|
|
||||||
import kotlinx.coroutines.withContext
|
|
||||||
|
|
||||||
/** Open a URL in the phone's default browser (genuinely external links). */
|
|
||||||
private fun openExternalUrl(context: android.content.Context, url: String) {
|
|
||||||
try {
|
|
||||||
val intent = android.content.Intent(
|
|
||||||
android.content.Intent.ACTION_VIEW,
|
|
||||||
android.net.Uri.parse(url),
|
|
||||||
).apply {
|
|
||||||
// Required when launching from a non-Activity/binder thread
|
|
||||||
// (the JS bridge below can run off the UI thread).
|
|
||||||
addFlags(android.content.Intent.FLAG_ACTIVITY_NEW_TASK)
|
|
||||||
}
|
|
||||||
context.startActivity(intent)
|
|
||||||
} catch (_: Exception) {}
|
|
||||||
}
|
|
||||||
|
|
||||||
/** True when [url] points at the same host as the connected Archipelago node
|
|
||||||
* (ignoring port). Such URLs are node apps — e.g. one that can't be iframed —
|
|
||||||
* and should stay inside the app rather than bouncing out to the browser. */
|
|
||||||
private fun isSameHost(url: String, base: String): Boolean {
|
|
||||||
return try {
|
|
||||||
val a = android.net.Uri.parse(url).host ?: return false
|
|
||||||
val b = android.net.Uri.parse(base).host ?: return false
|
|
||||||
a.equals(b, ignoreCase = true)
|
|
||||||
} catch (_: Exception) {
|
|
||||||
false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Apply the WebView settings shared by the kiosk view and the in-app browser.
|
|
||||||
* These are tuned for SPA performance and parity with the mobile browser;
|
|
||||||
* none of them alter how a page renders visually. */
|
|
||||||
@SuppressLint("SetJavaScriptEnabled")
|
@SuppressLint("SetJavaScriptEnabled")
|
||||||
private fun WebView.applyArchipelagoSettings() {
|
|
||||||
// Pre-rasterize just outside the viewport so flinging the kiosk/app doesn't
|
|
||||||
// show blank checkerboarding — the single biggest scroll-smoothness win and
|
|
||||||
// a major part of the "feels slower than the browser" gap. (API 23+)
|
|
||||||
settings.setOffscreenPreRaster(true)
|
|
||||||
|
|
||||||
settings.apply {
|
|
||||||
javaScriptEnabled = true
|
|
||||||
domStorageEnabled = true
|
|
||||||
databaseEnabled = true
|
|
||||||
mediaPlaybackRequiresUserGesture = false
|
|
||||||
mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
|
|
||||||
useWideViewPort = true
|
|
||||||
loadWithOverviewMode = true
|
|
||||||
setSupportZoom(false)
|
|
||||||
builtInZoomControls = false
|
|
||||||
cacheMode = WebSettings.LOAD_DEFAULT
|
|
||||||
allowContentAccess = true
|
|
||||||
allowFileAccess = false
|
|
||||||
}
|
|
||||||
|
|
||||||
// chrome://inspect profiling on debuggable builds only — lets us measure the
|
|
||||||
// real in-page bottleneck rather than guess. No effect on release builds.
|
|
||||||
val debuggable = 0 != (context.applicationInfo.flags and
|
|
||||||
android.content.pm.ApplicationInfo.FLAG_DEBUGGABLE)
|
|
||||||
if (debuggable) WebView.setWebContentsDebuggingEnabled(true)
|
|
||||||
}
|
|
||||||
|
|
||||||
@SuppressLint("SetJavaScriptEnabled", "ClickableViewAccessibility")
|
|
||||||
@Composable
|
@Composable
|
||||||
fun WebViewScreen(
|
fun WebViewScreen(
|
||||||
serverUrl: String,
|
serverUrl: String,
|
||||||
@ -142,12 +63,7 @@ fun WebViewScreen(
|
|||||||
var hasError by remember { mutableStateOf(false) }
|
var hasError by remember { mutableStateOf(false) }
|
||||||
var webView by remember { mutableStateOf<WebView?>(null) }
|
var webView by remember { mutableStateOf<WebView?>(null) }
|
||||||
|
|
||||||
// A node app that refused iframing, opened in a local WebView overlay.
|
BackHandler(enabled = webView?.canGoBack() == true) {
|
||||||
// null = no overlay. The kiosk WebView underneath stays alive (and warm)
|
|
||||||
// while this is shown, so closing it returns instantly with no reload.
|
|
||||||
var inAppUrl by remember { mutableStateOf<String?>(null) }
|
|
||||||
|
|
||||||
BackHandler(enabled = inAppUrl == null && webView?.canGoBack() == true) {
|
|
||||||
webView?.goBack()
|
webView?.goBack()
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -216,6 +132,20 @@ fun WebViewScreen(
|
|||||||
AndroidView(
|
AndroidView(
|
||||||
modifier = Modifier.fillMaxSize(),
|
modifier = Modifier.fillMaxSize(),
|
||||||
factory = { context ->
|
factory = { context ->
|
||||||
|
fun openExternalUrl(url: String) {
|
||||||
|
try {
|
||||||
|
val intent = android.content.Intent(
|
||||||
|
android.content.Intent.ACTION_VIEW,
|
||||||
|
android.net.Uri.parse(url),
|
||||||
|
).apply {
|
||||||
|
// Required when launching from a non-Activity/binder
|
||||||
|
// thread (the JS bridge below runs off the UI thread).
|
||||||
|
addFlags(android.content.Intent.FLAG_ACTIVITY_NEW_TASK)
|
||||||
|
}
|
||||||
|
context.startActivity(intent)
|
||||||
|
} catch (_: Exception) {}
|
||||||
|
}
|
||||||
|
|
||||||
WebView(context).apply {
|
WebView(context).apply {
|
||||||
layoutParams = ViewGroup.LayoutParams(
|
layoutParams = ViewGroup.LayoutParams(
|
||||||
ViewGroup.LayoutParams.MATCH_PARENT,
|
ViewGroup.LayoutParams.MATCH_PARENT,
|
||||||
@ -229,8 +159,19 @@ fun WebViewScreen(
|
|||||||
cookieManager.setAcceptCookie(true)
|
cookieManager.setAcceptCookie(true)
|
||||||
cookieManager.setAcceptThirdPartyCookies(this, true)
|
cookieManager.setAcceptThirdPartyCookies(this, true)
|
||||||
|
|
||||||
applyArchipelagoSettings()
|
|
||||||
settings.apply {
|
settings.apply {
|
||||||
|
javaScriptEnabled = true
|
||||||
|
domStorageEnabled = true
|
||||||
|
databaseEnabled = true
|
||||||
|
mediaPlaybackRequiresUserGesture = false
|
||||||
|
mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
|
||||||
|
useWideViewPort = true
|
||||||
|
loadWithOverviewMode = true
|
||||||
|
setSupportZoom(false)
|
||||||
|
builtInZoomControls = false
|
||||||
|
cacheMode = WebSettings.LOAD_DEFAULT
|
||||||
|
allowContentAccess = true
|
||||||
|
allowFileAccess = false
|
||||||
setSupportMultipleWindows(true) // enables onCreateWindow for window.open
|
setSupportMultipleWindows(true) // enables onCreateWindow for window.open
|
||||||
// Let JS open windows without a synchronous user-gesture
|
// Let JS open windows without a synchronous user-gesture
|
||||||
// chain; without this, window.open() from a Vue click
|
// chain; without this, window.open() from a Vue click
|
||||||
@ -238,35 +179,18 @@ fun WebViewScreen(
|
|||||||
javaScriptCanOpenWindowsAutomatically = true
|
javaScriptCanOpenWindowsAutomatically = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Deterministic bridge for "open in the phone's browser".
|
||||||
|
// The web UI calls window.ArchipelagoNative.openExternal(url)
|
||||||
|
// when present (companion app), falling back to window.open
|
||||||
|
// in a plain mobile browser. This avoids relying on the
|
||||||
|
// window.open → onCreateWindow path, which noopener/noreferrer
|
||||||
|
// can suppress in the WebView.
|
||||||
val webViewRef = this
|
val webViewRef = this
|
||||||
|
|
||||||
// Decide where an outbound URL goes:
|
|
||||||
// - same host as the node → in-app WebView overlay
|
|
||||||
// (this is the "open in browser" target for apps the
|
|
||||||
// kiosk couldn't iframe — keep the user inside the app)
|
|
||||||
// - different host → the phone's real browser
|
|
||||||
fun routeOutbound(url: String) {
|
|
||||||
if (isSameHost(url, serverUrl)) {
|
|
||||||
inAppUrl = url
|
|
||||||
} else {
|
|
||||||
openExternalUrl(context, url)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// JS bridge. The web UI calls:
|
|
||||||
// window.ArchipelagoNative.openExternal(url) — host-routed
|
|
||||||
// window.ArchipelagoNative.openInApp(url) — force in-app
|
|
||||||
// Falls back to window.open in a plain mobile browser.
|
|
||||||
addJavascriptInterface(
|
addJavascriptInterface(
|
||||||
object {
|
object {
|
||||||
@android.webkit.JavascriptInterface
|
@android.webkit.JavascriptInterface
|
||||||
fun openExternal(url: String) {
|
fun openExternal(url: String) {
|
||||||
webViewRef.post { routeOutbound(url) }
|
webViewRef.post { openExternalUrl(url) }
|
||||||
}
|
|
||||||
|
|
||||||
@android.webkit.JavascriptInterface
|
|
||||||
fun openInApp(url: String) {
|
|
||||||
webViewRef.post { inAppUrl = url }
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"ArchipelagoNative",
|
"ArchipelagoNative",
|
||||||
@ -323,35 +247,15 @@ fun WebViewScreen(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Node apps (e.g. NetBird) terminate TLS with a
|
|
||||||
// self-signed cert — the dashboard needs a secure
|
|
||||||
// context for OIDC/window.crypto.subtle (#15). The
|
|
||||||
// WebView default is to CANCEL untrusted certs, so
|
|
||||||
// those apps render blank. The user explicitly trusts
|
|
||||||
// their own node, so proceed for same-host certs only;
|
|
||||||
// reject anything else (don't blanket-trust the web).
|
|
||||||
override fun onReceivedSslError(
|
|
||||||
view: WebView?,
|
|
||||||
handler: android.webkit.SslErrorHandler?,
|
|
||||||
error: android.net.http.SslError?,
|
|
||||||
) {
|
|
||||||
val u = error?.url
|
|
||||||
if (u != null && isSameHost(u, serverUrl)) {
|
|
||||||
handler?.proceed()
|
|
||||||
} else {
|
|
||||||
handler?.cancel()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
override fun shouldOverrideUrlLoading(
|
override fun shouldOverrideUrlLoading(
|
||||||
view: WebView?,
|
view: WebView?,
|
||||||
request: WebResourceRequest?,
|
request: WebResourceRequest?,
|
||||||
): Boolean {
|
): Boolean {
|
||||||
val url = request?.url?.toString() ?: return false
|
val url = request?.url?.toString() ?: return false
|
||||||
// Keep kiosk navigation (same origin incl. port) in place
|
// Keep navigation within the Archipelago server
|
||||||
if (url.startsWith(serverUrl)) return false
|
if (url.startsWith(serverUrl)) return false
|
||||||
// Same node (other port) → in-app; external → browser
|
// Open external URLs in the system browser
|
||||||
routeOutbound(url)
|
openExternalUrl(url)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -361,9 +265,7 @@ fun WebViewScreen(
|
|||||||
loadProgress = newProgress
|
loadProgress = newProgress
|
||||||
}
|
}
|
||||||
|
|
||||||
// window.open() — e.g. the kiosk's "Open in new tab"
|
// Handle window.open() — open in system browser
|
||||||
// for an app that can't be iframed. Capture the target
|
|
||||||
// URL via a throwaway WebView and route it ourselves.
|
|
||||||
override fun onCreateWindow(
|
override fun onCreateWindow(
|
||||||
view: WebView?,
|
view: WebView?,
|
||||||
isDialog: Boolean,
|
isDialog: Boolean,
|
||||||
@ -381,12 +283,12 @@ fun WebViewScreen(
|
|||||||
request: WebResourceRequest?,
|
request: WebResourceRequest?,
|
||||||
): Boolean {
|
): Boolean {
|
||||||
val url = request?.url?.toString() ?: return true
|
val url = request?.url?.toString() ?: return true
|
||||||
routeOutbound(url)
|
openExternalUrl(url)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
override fun onPageStarted(view: WebView?, url: String?, favicon: Bitmap?) {
|
override fun onPageStarted(view: WebView?, url: String?, favicon: Bitmap?) {
|
||||||
if (url != null) routeOutbound(url)
|
if (url != null) openExternalUrl(url)
|
||||||
view?.stopLoading()
|
view?.stopLoading()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -448,255 +350,6 @@ fun WebViewScreen(
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// In-app browser overlay for non-iframeable node apps. Rendered last
|
|
||||||
// so it sits above the kiosk WebView, which stays alive underneath.
|
|
||||||
inAppUrl?.let { target ->
|
|
||||||
InAppBrowser(
|
|
||||||
url = target,
|
|
||||||
serverUrl = serverUrl,
|
|
||||||
onClose = { inAppUrl = null },
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Best-effort fetch of the origin's /favicon.ico, so the launched app's icon
|
|
||||||
* can be shown on the loading screen before the WebView reports onReceivedIcon
|
|
||||||
* (which only fires once the page's <head> has parsed). Blocking — call on IO. */
|
|
||||||
private fun fetchFavicon(pageUrl: String): Bitmap? {
|
|
||||||
return try {
|
|
||||||
val u = android.net.Uri.parse(pageUrl)
|
|
||||||
val scheme = u.scheme ?: return null
|
|
||||||
val host = u.host ?: return null
|
|
||||||
val portPart = if (u.port > 0) ":${u.port}" else ""
|
|
||||||
val conn = (java.net.URL("$scheme://$host$portPart/favicon.ico").openConnection()
|
|
||||||
as java.net.HttpURLConnection).apply {
|
|
||||||
connectTimeout = 4000
|
|
||||||
readTimeout = 4000
|
|
||||||
instanceFollowRedirects = true
|
|
||||||
}
|
|
||||||
conn.inputStream.use { BitmapFactory.decodeStream(it) }
|
|
||||||
} catch (_: Exception) {
|
|
||||||
null
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Lightweight in-app browser used when the kiosk hands off an app that can't be
|
|
||||||
* shown in an iframe. Loads the app in a local WebView with a centered loading
|
|
||||||
* screen (app favicon + progress bar) and a BOTTOM control bar mirroring the
|
|
||||||
* web mobile-iframe footer (back / forward / reload / open-in-browser / close).
|
|
||||||
* Same-host navigation stays here; any genuinely external link escapes to the
|
|
||||||
* phone's browser.
|
|
||||||
*/
|
|
||||||
@SuppressLint("SetJavaScriptEnabled")
|
|
||||||
@Composable
|
|
||||||
private fun InAppBrowser(
|
|
||||||
url: String,
|
|
||||||
serverUrl: String,
|
|
||||||
onClose: () -> Unit,
|
|
||||||
) {
|
|
||||||
val context = LocalContext.current
|
|
||||||
var browser by remember { mutableStateOf<WebView?>(null) }
|
|
||||||
var title by remember { mutableStateOf(android.net.Uri.parse(url).host ?: url) }
|
|
||||||
var favicon by remember { mutableStateOf<Bitmap?>(null) }
|
|
||||||
var progress by remember { mutableIntStateOf(0) }
|
|
||||||
var loading by remember { mutableStateOf(true) }
|
|
||||||
var canGoBack by remember { mutableStateOf(false) }
|
|
||||||
var canGoForward by remember { mutableStateOf(false) }
|
|
||||||
|
|
||||||
// Seed the loading-screen icon immediately from a best-effort favicon
|
|
||||||
// pre-fetch (main's app-icon work), then onReceivedIcon upgrades it — so the
|
|
||||||
// loader shows an icon right away instead of staying blank until the page
|
|
||||||
// parses its <head> (which is what made the loader look stuck).
|
|
||||||
LaunchedEffect(url) {
|
|
||||||
val fetched = withContext(Dispatchers.IO) { fetchFavicon(url) }
|
|
||||||
if (fetched != null && favicon == null) favicon = fetched
|
|
||||||
}
|
|
||||||
|
|
||||||
// Back: walk the in-app history first, then close the overlay.
|
|
||||||
BackHandler {
|
|
||||||
val b = browser
|
|
||||||
if (b != null && b.canGoBack()) b.goBack() else onClose()
|
|
||||||
}
|
|
||||||
|
|
||||||
Column(
|
|
||||||
modifier = Modifier
|
|
||||||
.fillMaxSize()
|
|
||||||
.background(SurfaceBlack)
|
|
||||||
.windowInsetsPadding(WindowInsets.safeDrawing),
|
|
||||||
) {
|
|
||||||
// WebView + loading overlay fill the area above the bottom control bar.
|
|
||||||
Box(modifier = Modifier.weight(1f).fillMaxWidth()) {
|
|
||||||
AndroidView(
|
|
||||||
modifier = Modifier.fillMaxSize(),
|
|
||||||
factory = { ctx ->
|
|
||||||
WebView(ctx).apply {
|
|
||||||
layoutParams = ViewGroup.LayoutParams(
|
|
||||||
ViewGroup.LayoutParams.MATCH_PARENT,
|
|
||||||
ViewGroup.LayoutParams.MATCH_PARENT,
|
|
||||||
)
|
|
||||||
isVerticalScrollBarEnabled = false
|
|
||||||
isHorizontalScrollBarEnabled = false
|
|
||||||
|
|
||||||
CookieManager.getInstance().setAcceptThirdPartyCookies(this, true)
|
|
||||||
applyArchipelagoSettings()
|
|
||||||
|
|
||||||
webChromeClient = object : WebChromeClient() {
|
|
||||||
override fun onProgressChanged(view: WebView?, newProgress: Int) {
|
|
||||||
progress = newProgress
|
|
||||||
}
|
|
||||||
|
|
||||||
override fun onReceivedTitle(view: WebView?, t: String?) {
|
|
||||||
if (!t.isNullOrBlank()) title = t
|
|
||||||
}
|
|
||||||
|
|
||||||
override fun onReceivedIcon(view: WebView?, icon: Bitmap?) {
|
|
||||||
if (icon != null) favicon = icon
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
webViewClient = object : WebViewClient() {
|
|
||||||
override fun onPageStarted(view: WebView?, u: String?, favicon: Bitmap?) {
|
|
||||||
loading = true
|
|
||||||
}
|
|
||||||
|
|
||||||
override fun onPageFinished(view: WebView?, u: String?) {
|
|
||||||
loading = false
|
|
||||||
canGoBack = view?.canGoBack() == true
|
|
||||||
canGoForward = view?.canGoForward() == true
|
|
||||||
}
|
|
||||||
|
|
||||||
override fun doUpdateVisitedHistory(view: WebView?, u: String?, isReload: Boolean) {
|
|
||||||
canGoBack = view?.canGoBack() == true
|
|
||||||
canGoForward = view?.canGoForward() == true
|
|
||||||
}
|
|
||||||
|
|
||||||
// Self-signed TLS on the node's apps (e.g. NetBird on
|
|
||||||
// :8087) would otherwise be cancelled by the WebView
|
|
||||||
// and render blank. Proceed for the user's own node
|
|
||||||
// (same host); reject any other untrusted cert.
|
|
||||||
override fun onReceivedSslError(
|
|
||||||
view: WebView?,
|
|
||||||
handler: android.webkit.SslErrorHandler?,
|
|
||||||
error: android.net.http.SslError?,
|
|
||||||
) {
|
|
||||||
val u = error?.url
|
|
||||||
if (u != null && isSameHost(u, serverUrl)) {
|
|
||||||
handler?.proceed()
|
|
||||||
} else {
|
|
||||||
handler?.cancel()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
override fun shouldOverrideUrlLoading(
|
|
||||||
view: WebView?,
|
|
||||||
request: WebResourceRequest?,
|
|
||||||
): Boolean {
|
|
||||||
val u = request?.url?.toString() ?: return false
|
|
||||||
// Stay in the overlay for same-node navigation;
|
|
||||||
// hand genuinely external links to the real browser.
|
|
||||||
if (isSameHost(u, serverUrl)) return false
|
|
||||||
openExternalUrl(ctx, u)
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
browser = this
|
|
||||||
loadUrl(url)
|
|
||||||
}
|
|
||||||
},
|
|
||||||
)
|
|
||||||
|
|
||||||
// Centered loading screen — app favicon (or spinner) + title + bar.
|
|
||||||
if (loading) {
|
|
||||||
Column(
|
|
||||||
modifier = Modifier
|
|
||||||
.fillMaxSize()
|
|
||||||
.background(SurfaceBlack),
|
|
||||||
horizontalAlignment = Alignment.CenterHorizontally,
|
|
||||||
verticalArrangement = Arrangement.Center,
|
|
||||||
) {
|
|
||||||
Box(
|
|
||||||
modifier = Modifier.size(84.dp).clip(RoundedCornerShape(20.dp)),
|
|
||||||
contentAlignment = Alignment.Center,
|
|
||||||
) {
|
|
||||||
val fav = favicon
|
|
||||||
if (fav != null) {
|
|
||||||
Image(
|
|
||||||
bitmap = fav.asImageBitmap(),
|
|
||||||
contentDescription = title,
|
|
||||||
modifier = Modifier.fillMaxSize(),
|
|
||||||
)
|
|
||||||
} else {
|
|
||||||
CircularProgressIndicator(color = BitcoinOrange)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Spacer(modifier = Modifier.height(18.dp))
|
|
||||||
Text(
|
|
||||||
text = title,
|
|
||||||
style = MaterialTheme.typography.bodyLarge,
|
|
||||||
color = TextPrimary,
|
|
||||||
maxLines = 1,
|
|
||||||
overflow = TextOverflow.Ellipsis,
|
|
||||||
)
|
|
||||||
Spacer(modifier = Modifier.height(16.dp))
|
|
||||||
LinearProgressIndicator(
|
|
||||||
progress = { progress / 100f },
|
|
||||||
modifier = Modifier.width(220.dp),
|
|
||||||
color = BitcoinOrange,
|
|
||||||
trackColor = TextMuted.copy(alpha = 0.2f),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Bottom control bar — mirrors the web mobile-iframe footer.
|
|
||||||
Row(
|
|
||||||
modifier = Modifier
|
|
||||||
.fillMaxWidth()
|
|
||||||
.height(56.dp)
|
|
||||||
.background(SurfaceBlack)
|
|
||||||
.padding(horizontal = 8.dp),
|
|
||||||
horizontalArrangement = Arrangement.SpaceAround,
|
|
||||||
verticalAlignment = Alignment.CenterVertically,
|
|
||||||
) {
|
|
||||||
IconButton(onClick = { browser?.goBack() }, enabled = canGoBack) {
|
|
||||||
Icon(
|
|
||||||
imageVector = Icons.AutoMirrored.Filled.ArrowBack,
|
|
||||||
contentDescription = "Back",
|
|
||||||
tint = if (canGoBack) TextPrimary else TextMuted.copy(alpha = 0.4f),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
IconButton(onClick = { browser?.goForward() }, enabled = canGoForward) {
|
|
||||||
Icon(
|
|
||||||
imageVector = Icons.AutoMirrored.Filled.ArrowForward,
|
|
||||||
contentDescription = "Forward",
|
|
||||||
tint = if (canGoForward) TextPrimary else TextMuted.copy(alpha = 0.4f),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
IconButton(onClick = { browser?.reload() }) {
|
|
||||||
Icon(
|
|
||||||
imageVector = Icons.Default.Refresh,
|
|
||||||
contentDescription = "Reload",
|
|
||||||
tint = TextPrimary,
|
|
||||||
)
|
|
||||||
}
|
|
||||||
IconButton(onClick = { openExternalUrl(context, browser?.url ?: url) }) {
|
|
||||||
Icon(
|
|
||||||
imageVector = Icons.Default.OpenInBrowser,
|
|
||||||
contentDescription = stringResource(R.string.open_in_browser),
|
|
||||||
tint = TextPrimary,
|
|
||||||
)
|
|
||||||
}
|
|
||||||
IconButton(onClick = onClose) {
|
|
||||||
Icon(
|
|
||||||
imageVector = Icons.Default.Close,
|
|
||||||
contentDescription = stringResource(R.string.close),
|
|
||||||
tint = TextPrimary,
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Binary file not shown.
|
Before Width: | Height: | Size: 869 KiB |
@ -1,53 +1,10 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<!-- Whole badge lives here (background renders to the mask edge with no
|
|
||||||
safe-zone cropping, unlike the foreground): dark fill + metallic ring pulled
|
|
||||||
inward to ~0.88 so the mask can't clip it + grid at ~0.58. Matches the
|
|
||||||
locally-rendered preview. Foreground is transparent. -->
|
|
||||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
||||||
xmlns:aapt="http://schemas.android.com/aapt"
|
|
||||||
android:width="108dp"
|
android:width="108dp"
|
||||||
android:height="108dp"
|
android:height="108dp"
|
||||||
android:viewportWidth="752"
|
android:viewportWidth="108"
|
||||||
android:viewportHeight="752">
|
android:viewportHeight="108">
|
||||||
|
|
||||||
<path
|
<path
|
||||||
android:fillColor="#0A0A0A"
|
android:fillColor="#030202"
|
||||||
android:pathData="M0,0h752v752H0z" />
|
android:pathData="M0,0h108v108H0z" />
|
||||||
|
|
||||||
<!-- Ring matching logo.svg's gradient (#000->#666). Scale 0.65 places it at
|
|
||||||
the home-screen's visible edge (calibrated from a device home screenshot;
|
|
||||||
launcher3 crops less than the Settings App-info view). -->
|
|
||||||
<group
|
|
||||||
android:pivotX="376"
|
|
||||||
android:pivotY="376"
|
|
||||||
android:scaleX="0.65"
|
|
||||||
android:scaleY="0.65">
|
|
||||||
<path
|
|
||||||
android:fillColor="#00000000"
|
|
||||||
android:strokeWidth="22.8834"
|
|
||||||
android:pathData="M11.441,375.669a364.227,364.227 0 1,0 728.454,0a364.227,364.227 0 1,0 -728.454,0z">
|
|
||||||
<aapt:attr name="android:strokeColor">
|
|
||||||
<gradient
|
|
||||||
android:type="linear"
|
|
||||||
android:startX="751.337"
|
|
||||||
android:startY="751.338"
|
|
||||||
android:endX="0"
|
|
||||||
android:endY="0.000976562">
|
|
||||||
<item android:offset="0" android:color="#FF000000" />
|
|
||||||
<item android:offset="1" android:color="#FF666666" />
|
|
||||||
</gradient>
|
|
||||||
</aapt:attr>
|
|
||||||
</path>
|
|
||||||
</group>
|
|
||||||
|
|
||||||
<!-- White Archipelago grid -->
|
|
||||||
<group
|
|
||||||
android:pivotX="376"
|
|
||||||
android:pivotY="376"
|
|
||||||
android:scaleX="0.55"
|
|
||||||
android:scaleY="0.55">
|
|
||||||
<path
|
|
||||||
android:fillColor="#FFFFFF"
|
|
||||||
android:pathData="M253.805,278.37V222.28H309.853V278.37H253.805ZM315.797,278.37V222.28H372.694V278.37H315.797ZM378.639,278.37V222.28H435.536V278.37H378.639ZM441.481,278.37V222.28H497.529V278.37H441.481ZM441.481,341.259V284.319H497.529V341.259H441.481ZM503.473,341.259V284.319H560.37V341.259H503.473ZM190.963,404.148V347.208H247.86V404.148H190.963ZM253.805,404.148V347.208H309.853V404.148H253.805ZM315.797,404.148V347.208H372.694V404.148H315.797ZM378.639,404.148V347.208H435.536V404.148H378.639ZM441.481,404.148V347.208H497.529V404.148H441.481ZM503.473,404.148V347.208H560.37V404.148H503.473ZM190.963,466.187V410.097H247.86V466.187H190.963ZM253.805,466.187V410.097H309.853V466.187H253.805ZM441.481,466.187V410.097H497.529V466.187H441.481ZM503.473,466.187V410.097H560.37V466.187H503.473ZM253.805,529.076V472.136H309.853V529.076H253.805ZM315.797,529.076V472.136H372.694V529.076H315.797ZM378.639,529.076V472.136H435.536V529.076H378.639ZM441.481,529.076V472.136H497.529V529.076H441.481Z" />
|
|
||||||
</group>
|
|
||||||
</vector>
|
</vector>
|
||||||
|
|||||||
@ -1,12 +1,45 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<!-- Transparent — the whole badge (ring + grid) is in the background layer so it
|
<!-- Archipelago pixel-art "A" logo — scaled 90% and centered -->
|
||||||
renders to the mask edge without safe-zone cropping. -->
|
|
||||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
||||||
android:width="108dp"
|
android:width="108dp"
|
||||||
android:height="108dp"
|
android:height="108dp"
|
||||||
android:viewportWidth="108"
|
android:viewportWidth="1024"
|
||||||
android:viewportHeight="108">
|
android:viewportHeight="1024">
|
||||||
<path
|
|
||||||
android:fillColor="#00000000"
|
<group
|
||||||
android:pathData="M0,0h108v108H0z" />
|
android:pivotX="512"
|
||||||
|
android:pivotY="512"
|
||||||
|
android:scaleX="0.55"
|
||||||
|
android:scaleY="0.55">
|
||||||
|
|
||||||
|
<!-- Row 1: 4 blocks -->
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M357.614,318h71.007v70.936h-71.007z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M436.152,318h72.082v70.936h-72.082z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M515.766,318h72.082v70.936h-72.082z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M595.379,318h71.007v70.936h-71.007z" />
|
||||||
|
|
||||||
|
<!-- Row 2: 2 blocks (right side) -->
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M595.379,396.46h71.007v72.011h-71.007z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M673.917,396.46h72.083v72.011h-72.083z" />
|
||||||
|
|
||||||
|
<!-- Row 3: 6 blocks (full width) -->
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M278,475.994h72.083v72.012h-72.083z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M357.614,475.994h71.007v72.012h-71.007z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M436.152,475.994h72.082v72.012h-72.082z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M515.766,475.994h72.082v72.012h-72.082z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M595.379,475.994h71.007v72.012h-71.007z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M673.917,475.994h72.083v72.012h-72.083z" />
|
||||||
|
|
||||||
|
<!-- Row 4: 4 blocks (sides only — the "A" gap) -->
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M278,555.529h72.083v70.936h-72.083z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M357.614,555.529h71.007v70.936h-71.007z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M595.379,555.529h71.007v70.936h-71.007z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M673.917,555.529h72.083v70.936h-72.083z" />
|
||||||
|
|
||||||
|
<!-- Row 5: 4 blocks (bottom) -->
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M357.614,633.989h71.007v72.011h-71.007z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M436.152,633.989h72.082v72.011h-72.082z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M515.766,633.989h72.082v72.011h-72.082z" />
|
||||||
|
<path android:fillColor="#FFFFFF" android:pathData="M595.379,633.989h71.007v72.011h-71.007z" />
|
||||||
|
</group>
|
||||||
</vector>
|
</vector>
|
||||||
|
|||||||
@ -1,33 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<!-- Archipelago circular badge logo (from logo.svg):
|
|
||||||
dark circle with a black→grey gradient ring + white pixel-grid mark. -->
|
|
||||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
|
||||||
xmlns:aapt="http://schemas.android.com/aapt"
|
|
||||||
android:width="120dp"
|
|
||||||
android:height="120dp"
|
|
||||||
android:viewportWidth="752"
|
|
||||||
android:viewportHeight="752">
|
|
||||||
|
|
||||||
<!-- Ringed circle (circle converted to a path; stroke carries the gradient) -->
|
|
||||||
<path
|
|
||||||
android:fillColor="#0A0A0A"
|
|
||||||
android:strokeWidth="22.8834"
|
|
||||||
android:pathData="M11.441,375.669a364.227,364.227 0 1,0 728.454,0a364.227,364.227 0 1,0 -728.454,0z">
|
|
||||||
<aapt:attr name="android:strokeColor">
|
|
||||||
<gradient
|
|
||||||
android:type="linear"
|
|
||||||
android:startX="751.337"
|
|
||||||
android:startY="751.338"
|
|
||||||
android:endX="0"
|
|
||||||
android:endY="0">
|
|
||||||
<item android:offset="0" android:color="#FF000000" />
|
|
||||||
<item android:offset="1" android:color="#FF666666" />
|
|
||||||
</gradient>
|
|
||||||
</aapt:attr>
|
|
||||||
</path>
|
|
||||||
|
|
||||||
<!-- White Archipelago pixel grid -->
|
|
||||||
<path
|
|
||||||
android:fillColor="#FFFFFF"
|
|
||||||
android:pathData="M253.805,278.37V222.28H309.853V278.37H253.805ZM315.797,278.37V222.28H372.694V278.37H315.797ZM378.639,278.37V222.28H435.536V278.37H378.639ZM441.481,278.37V222.28H497.529V278.37H441.481ZM441.481,341.259V284.319H497.529V341.259H441.481ZM503.473,341.259V284.319H560.37V341.259H503.473ZM190.963,404.148V347.208H247.86V404.148H190.963ZM253.805,404.148V347.208H309.853V404.148H253.805ZM315.797,404.148V347.208H372.694V404.148H315.797ZM378.639,404.148V347.208H435.536V404.148H378.639ZM441.481,404.148V347.208H497.529V404.148H441.481ZM503.473,404.148V347.208H560.37V404.148H503.473ZM190.963,466.187V410.097H247.86V466.187H190.963ZM253.805,466.187V410.097H309.853V466.187H253.805ZM441.481,466.187V410.097H497.529V466.187H441.481ZM503.473,466.187V410.097H560.37V466.187H503.473ZM253.805,529.076V472.136H309.853V529.076H253.805ZM315.797,529.076V472.136H372.694V529.076H315.797ZM378.639,529.076V472.136H435.536V529.076H378.639ZM441.481,529.076V472.136H497.529V529.076H441.481Z" />
|
|
||||||
</vector>
|
|
||||||
@ -1,12 +0,0 @@
|
|||||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
|
||||||
android:width="24dp"
|
|
||||||
android:height="24dp"
|
|
||||||
android:viewportWidth="24"
|
|
||||||
android:viewportHeight="24">
|
|
||||||
<path
|
|
||||||
android:pathData="M15,19l-7,-7 7,-7"
|
|
||||||
android:strokeColor="#FFFFFF"
|
|
||||||
android:strokeWidth="2"
|
|
||||||
android:strokeLineCap="round"
|
|
||||||
android:strokeLineJoin="round" />
|
|
||||||
</vector>
|
|
||||||
@ -1,12 +0,0 @@
|
|||||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
|
||||||
android:width="24dp"
|
|
||||||
android:height="24dp"
|
|
||||||
android:viewportWidth="24"
|
|
||||||
android:viewportHeight="24">
|
|
||||||
<path
|
|
||||||
android:pathData="M6,18L18,6M6,6l12,12"
|
|
||||||
android:strokeColor="#FFFFFF"
|
|
||||||
android:strokeWidth="2"
|
|
||||||
android:strokeLineCap="round"
|
|
||||||
android:strokeLineJoin="round" />
|
|
||||||
</vector>
|
|
||||||
@ -1,12 +0,0 @@
|
|||||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
|
||||||
android:width="24dp"
|
|
||||||
android:height="24dp"
|
|
||||||
android:viewportWidth="24"
|
|
||||||
android:viewportHeight="24">
|
|
||||||
<path
|
|
||||||
android:pathData="M9,5l7,7 -7,7"
|
|
||||||
android:strokeColor="#FFFFFF"
|
|
||||||
android:strokeWidth="2"
|
|
||||||
android:strokeLineCap="round"
|
|
||||||
android:strokeLineJoin="round" />
|
|
||||||
</vector>
|
|
||||||
@ -1,12 +0,0 @@
|
|||||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
|
||||||
android:width="24dp"
|
|
||||||
android:height="24dp"
|
|
||||||
android:viewportWidth="24"
|
|
||||||
android:viewportHeight="24">
|
|
||||||
<path
|
|
||||||
android:pathData="M10,6H6a2,2 0,0 0,-2 2v10a2,2 0,0 0,2 2h10a2,2 0,0 0,2 -2v-4M14,4h6m0,0v6m0,-6L10,14"
|
|
||||||
android:strokeColor="#FFFFFF"
|
|
||||||
android:strokeWidth="2"
|
|
||||||
android:strokeLineCap="round"
|
|
||||||
android:strokeLineJoin="round" />
|
|
||||||
</vector>
|
|
||||||
@ -1,12 +0,0 @@
|
|||||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
|
||||||
android:width="24dp"
|
|
||||||
android:height="24dp"
|
|
||||||
android:viewportWidth="24"
|
|
||||||
android:viewportHeight="24">
|
|
||||||
<path
|
|
||||||
android:pathData="M4,4v6h6M20,20v-6h-6M5.64,15.36A8,8 0,0 0,18.36 18M18.36,8.64A8,8 0,0 0,5.64 6"
|
|
||||||
android:strokeColor="#FFFFFF"
|
|
||||||
android:strokeWidth="2"
|
|
||||||
android:strokeLineCap="round"
|
|
||||||
android:strokeLineJoin="round" />
|
|
||||||
</vector>
|
|
||||||
@ -21,15 +21,4 @@
|
|||||||
<string name="retry">Retry</string>
|
<string name="retry">Retry</string>
|
||||||
<string name="remote_input">Remote Control</string>
|
<string name="remote_input">Remote Control</string>
|
||||||
<string name="remote_input_hint">Use your phone as a keyboard and mouse for the kiosk</string>
|
<string name="remote_input_hint">Use your phone as a keyboard and mouse for the kiosk</string>
|
||||||
<string name="close">Close</string>
|
|
||||||
<string name="open_in_browser">Open in browser</string>
|
|
||||||
<string name="back">Back</string>
|
|
||||||
<string name="forward">Forward</string>
|
|
||||||
<string name="refresh">Refresh</string>
|
|
||||||
<string name="server_name_label">Server Name (optional)</string>
|
|
||||||
<string name="server_name_placeholder">My Archipelago</string>
|
|
||||||
<string name="edit_server">Edit</string>
|
|
||||||
<string name="edit_server_title">Edit Server</string>
|
|
||||||
<string name="save_changes">Save Changes</string>
|
|
||||||
<string name="cancel">Cancel</string>
|
|
||||||
</resources>
|
</resources>
|
||||||
|
|||||||
@ -1,10 +0,0 @@
|
|||||||
<svg width="752" height="752" viewBox="0 0 752 752" fill="none" xmlns="http://www.w3.org/2000/svg">
|
|
||||||
<circle cx="375.668" cy="375.669" r="364.227" fill="#0A0A0A" stroke="url(#paint0_linear_877_1990)" stroke-width="22.8834"/>
|
|
||||||
<path d="M253.805 278.37V222.28H309.853V278.37H253.805ZM315.797 278.37V222.28H372.694V278.37H315.797ZM378.639 278.37V222.28H435.536V278.37H378.639ZM441.481 278.37V222.28H497.529V278.37H441.481ZM441.481 341.259V284.319H497.529V341.259H441.481ZM503.473 341.259V284.319H560.37V341.259H503.473ZM190.963 404.148V347.208H247.86V404.148H190.963ZM253.805 404.148V347.208H309.853V404.148H253.805ZM315.797 404.148V347.208H372.694V404.148H315.797ZM378.639 404.148V347.208H435.536V404.148H378.639ZM441.481 404.148V347.208H497.529V404.148H441.481ZM503.473 404.148V347.208H560.37V404.148H503.473ZM190.963 466.187V410.097H247.86V466.187H190.963ZM253.805 466.187V410.097H309.853V466.187H253.805ZM441.481 466.187V410.097H497.529V466.187H441.481ZM503.473 466.187V410.097H560.37V466.187H503.473ZM253.805 529.076V472.136H309.853V529.076H253.805ZM315.797 529.076V472.136H372.694V529.076H315.797ZM378.639 529.076V472.136H435.536V529.076H378.639ZM441.481 529.076V472.136H497.529V529.076H441.481Z" fill="white"/>
|
|
||||||
<defs>
|
|
||||||
<linearGradient id="paint0_linear_877_1990" x1="751.337" y1="751.338" x2="0" y2="0.000976562" gradientUnits="userSpaceOnUse">
|
|
||||||
<stop/>
|
|
||||||
<stop offset="1" stop-color="#666666"/>
|
|
||||||
</linearGradient>
|
|
||||||
</defs>
|
|
||||||
</svg>
|
|
||||||
|
Before Width: | Height: | Size: 1.4 KiB |
@ -1,41 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
#
|
|
||||||
# Build the Android companion app and publish it as the served download
|
|
||||||
# (neode-ui/public/packages/archipelago-companion.apk — a plain APK a phone can
|
|
||||||
# install straight from the link), then commit + push.
|
|
||||||
#
|
|
||||||
# Use this INSTEAD of `git push` when shipping the companion app, so the
|
|
||||||
# downloadable APK on the node always matches what's on main.
|
|
||||||
#
|
|
||||||
# ./Android/ship-companion.sh
|
|
||||||
#
|
|
||||||
# The actual build/sign/verify/stage is done by scripts/publish-companion-apk.sh
|
|
||||||
# (single source of truth, shared with the pre-push hook). It does a CLEAN build,
|
|
||||||
# forces v1+v2+v3 signing, and ABORTS if any signature scheme is missing — so a
|
|
||||||
# broken or v2-only APK can never be shipped.
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
||||||
cd "$ROOT"
|
|
||||||
|
|
||||||
export JAVA_HOME="${JAVA_HOME:-/opt/homebrew/opt/openjdk@17}"
|
|
||||||
export ANDROID_HOME="${ANDROID_HOME:-$HOME/Library/Android/sdk}"
|
|
||||||
|
|
||||||
DEST="neode-ui/public/packages/archipelago-companion.apk"
|
|
||||||
|
|
||||||
echo "==> Building + signing + verifying companion APK"
|
|
||||||
bash scripts/publish-companion-apk.sh
|
|
||||||
|
|
||||||
[ -f "$DEST" ] || { echo "ERROR: served APK not found at $DEST" >&2; exit 1; }
|
|
||||||
|
|
||||||
if git diff --cached --quiet -- "$DEST"; then
|
|
||||||
echo "==> Nothing to commit (APK unchanged)"
|
|
||||||
else
|
|
||||||
git commit -q -m "chore(android): update companion apk download"
|
|
||||||
echo "==> Committed"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "==> Pushing $(git branch --show-current)"
|
|
||||||
# SHIP_COMPANION lets the pre-push guard know the APK was just refreshed.
|
|
||||||
SHIP_COMPANION=1 git push origin "$(git branch --show-current)"
|
|
||||||
echo "==> Done — companion APK published and pushed."
|
|
||||||
29
CHANGELOG.md
29
CHANGELOG.md
@ -1,34 +1,5 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
## v1.8.00-alpha (2026-06-18)
|
|
||||||
|
|
||||||
Polishes the mesh AI assistant and Fedimint, on top of all the v1.7.99 features (kept listed below so you can still see what's new).
|
|
||||||
|
|
||||||
- The off-grid mesh radio no longer posts cryptic identity codes to the shared public channel. Your node was announcing a line starting with "ARCHY:" to the public channel about once a minute, which everyone else on that channel saw as spam; that broadcast has been removed.
|
|
||||||
- You can now use your node's AI assistant straight from a normal chat. Send "!ai <your question>" in a direct message to an AI-enabled node and the answer comes right back in the same conversation — whether your message travelled over the internet or the LoRa radio. Before, the reply could be sent on the wrong path and never arrive.
|
|
||||||
- The Mesh AI Assistant panel is easier to set up: pick the Claude model from a dropdown (Haiku, Sonnet, or Opus) instead of typing it, and add specific contacts to an "always allow" list so chosen people can use "!ai" even when the assistant is set to trusted-nodes-only.
|
|
||||||
- Fedimint federations show up in Wallet Settings again. The Fedimint client app wasn't starting because of a configuration error, so the federation your node auto-joins never appeared; the client is fixed and runs again.
|
|
||||||
- In Settings, "App Updates" and "App Registry" now sit directly under your Account section for quicker access.
|
|
||||||
- In Mesh chat, scrolling the conversation no longer also scrolls the contact list behind it.
|
|
||||||
- Mesh direct messages are now private and end-to-end encrypted to the recipient — they're sent as real radio DMs instead of being broadcast on the public channel, so other people on the mesh no longer see them, and the answer arrives intact (even on standard meshcore phone apps).
|
|
||||||
- You can now message standard meshcore apps (like the phone companion) and they can message you — text shows up readable on both sides, and your node's AI answers come back as a private reply rather than on the public channel.
|
|
||||||
- New contacts you hear on the radio are added automatically, so people show up in your Peers list without any extra steps.
|
|
||||||
- "Clear All" now actually removes contacts (rather than hiding them forever); a contact comes back on its own the next time it's in range. Each contact also shows a reachability dot so you can see who's currently reachable.
|
|
||||||
- The Peers list has a search box (with a clear button) to quickly filter your contacts by name, DID, npub, or key.
|
|
||||||
|
|
||||||
All the v1.7.99-alpha features are included as well:
|
|
||||||
|
|
||||||
- Your node can now hold Fedimint ecash as well as Cashu, with tabbed Wallet Settings for each and both balances shown side by side on the home wallet card.
|
|
||||||
- You can buy files shared by another node right from their cloud, paying from this node's ecash, your Lightning wallet, on-chain, or by scanning a Lightning QR with any outside wallet.
|
|
||||||
- Your node can act as an AI assistant on the off-grid mesh: peers ask by starting a message with "!ai" and get an answer back over the radio, with a panel to turn it on or off.
|
|
||||||
- You can view your node's 24-word recovery phrase any time from Settings, behind a password (and 2FA) confirmation and a tap-to-show blur.
|
|
||||||
- Setting up a brand-new node is smoother: it waits and retries quietly instead of flashing errors, and shows a gentle "securing your private connection…" status that turns to "ready" on its own.
|
|
||||||
- The NetBird VPN app now logs in (it's served over HTTPS and opens in a browser tab).
|
|
||||||
- Phone remote-control of a node's screen now supports two-finger scrolling inside apps, and external-browser apps open on your phone.
|
|
||||||
- You can choose whether your node shares Bitcoin block headers over the mesh, and your choices are remembered.
|
|
||||||
- Version numbers display cleanly everywhere (no more doubled "v"), and "Back" buttons look and behave consistently across desktop and mobile.
|
|
||||||
- For advanced testing, Settings includes an optional update & app source choice between the usual trusted origin and an experimental peer-to-peer (DHT swarm) mode, with the trusted origin remaining the default.
|
|
||||||
|
|
||||||
## v1.7.99-alpha (2026-06-17)
|
## v1.7.99-alpha (2026-06-17)
|
||||||
|
|
||||||
- Your node can now hold Fedimint ecash as well as Cashu. Wallet Settings now has tabbed sections for each: keep your list of trusted Cashu mints, or paste a Fedimint invite code to join a federation, and the home wallet card shows both your Cashu and Fedimint balances side by side. A new "Fedimint Client" app in the catalog powers the federation side.
|
- Your node can now hold Fedimint ecash as well as Cashu. Wallet Settings now has tabbed sections for each: keep your list of trusted Cashu mints, or paste a Fedimint invite code to join a federation, and the home wallet card shows both your Cashu and Fedimint balances side by side. A new "Fedimint Client" app in the catalog powers the federation side.
|
||||||
|
|||||||
84
CLAUDE.md
84
CLAUDE.md
@ -1,84 +0,0 @@
|
|||||||
# Archipelago — agent guide
|
|
||||||
|
|
||||||
## ✅ Single-node production gate is GREEN (2026-06-23)
|
|
||||||
|
|
||||||
`tests/lifecycle/run-gate.sh` is **5/5 on .228, 0 failures** — the single-node exit
|
|
||||||
criterion is met and the priority banner is demoted. Next exit-criteria: the
|
|
||||||
**multinode pass** (`docs/multinode-testing-plan.md`) and workstreams B/C/D.
|
|
||||||
|
|
||||||
**For day-to-day work, use `docs/UNIFIED-TASK-TRACKER.md`** — the consolidated,
|
|
||||||
priority-ordered "what's left" list across the 1.8.0 OTA and master-plan docs
|
|
||||||
(fastest/simplest tasks first). It supersedes hunting through the two source docs
|
|
||||||
below for open items; those remain the narrative/history.
|
|
||||||
|
|
||||||
**Read `docs/PRODUCTION-MASTER-PLAN.md` first** — it is still the authoritative plan
|
|
||||||
for the north star: a world-class, **developer-ready app platform** where every app
|
|
||||||
is manifest-driven, manifests ship via the **signed registry** (not OTA disk files),
|
|
||||||
and **third-party developers publish apps via an external/decentralized registry** —
|
|
||||||
all rootless, secure, robust, and 100%-uptime-capable. It no longer overrides all
|
|
||||||
ad-hoc direction now that the gate is green, but it remains the source of truth for
|
|
||||||
sequencing the remaining workstreams.
|
|
||||||
|
|
||||||
Detailed sub-plans (all linked from the master):
|
|
||||||
- App platform / packaging phases + security model → `docs/APP-PACKAGING-MIGRATION-PLAN.md`
|
|
||||||
- Registry-distributed manifests (in progress) → `docs/registry-manifest-design.md`
|
|
||||||
- External/decentralized marketplace for devs → `docs/marketplace-protocol.md`
|
|
||||||
- Current per-app state → `docs/app-registry-status-2026-06-21.md`
|
|
||||||
- Production test gate (exit criterion) → `tests/lifecycle/TESTING.md`
|
|
||||||
|
|
||||||
## Commit & push every unit of work (never violate)
|
|
||||||
|
|
||||||
**The #1 process rule: work is not "done" until it is committed AND pushed.** This
|
|
||||||
exists because finished work has been lost/clobbered by sitting uncommitted in the
|
|
||||||
shared tree across agents and sessions. To prevent that:
|
|
||||||
|
|
||||||
- **Commit each feature/fix the moment it works** — one focused, self-contained
|
|
||||||
commit per logical change (it compiles and its targeted tests pass). Do not let
|
|
||||||
unrelated changes accumulate uncommitted.
|
|
||||||
- **Push immediately after committing** so nothing lives only on one machine. `main`
|
|
||||||
is protected → push via `git push gitea-ai main` (account `ai`, see the memory
|
|
||||||
note); feature branches push to their own remote.
|
|
||||||
- **Never leave a stack of finished work uncommitted** overnight or when handing off
|
|
||||||
between agents — if you must pause mid-change, commit a clearly-labelled WIP
|
|
||||||
checkpoint rather than leaving it dirty.
|
|
||||||
- **Stage explicitly by path** (`git add <paths>`) when another agent's uncommitted
|
|
||||||
work shares the tree — never `git add -A` / `git commit -a`, which clobbers or
|
|
||||||
entangles their changes.
|
|
||||||
- **Never commit or push secrets** (mnemonics, private keys, API tokens). Signing is
|
|
||||||
done offline; artifacts (catalog/manifest) are signed, not the keys.
|
|
||||||
- Commit messages end with the `Co-Authored-By: Claude …` trailer.
|
|
||||||
|
|
||||||
## Invariants (never violate)
|
|
||||||
|
|
||||||
- **Rootless Podman only.** No rootful, no Docker-socket mounts, no privileged
|
|
||||||
containers unless explicitly approved.
|
|
||||||
- **No per-app Rust installers / no OS-level reliance.** Apps are declarative;
|
|
||||||
the orchestrator owns the lifecycle. `install_immich_stack` (hardcoded
|
|
||||||
`podman run` + `sudo chown`) is the anti-pattern being deleted, not a template.
|
|
||||||
- **Secrets are manifest-declared** (`generated_secrets`, materialised by
|
|
||||||
`container::secrets`, 0600/rootless) — never hardcoded, per-app, or logged.
|
|
||||||
- **Migrations never destroy data** — preserve `/var/lib/archipelago/<app>`,
|
|
||||||
secrets, credentials, ports, and adoption container names; keep a rollback path.
|
|
||||||
- **Verify on the real node .228 before any tag.** (Fleet-wide multinode
|
|
||||||
verification is a separate plan: `docs/multinode-testing-plan.md`.)
|
|
||||||
|
|
||||||
## Build / verify
|
|
||||||
|
|
||||||
- Rust workspace root is `core/` (no Cargo.toml at repo root). `cargo` from `core/`.
|
|
||||||
- If a `cargo test`/build hits `rust-lld: undefined hidden symbol`, it's
|
|
||||||
incremental-cache corruption — rebuild with `CARGO_INCREMENTAL=0`.
|
|
||||||
- Frontend: `neode-ui/` → `npm run build` outputs to `web/dist/neode-ui/`.
|
|
||||||
Grep the built bundle for new strings before shipping (build can silently no-op).
|
|
||||||
- App manifests load from disk on nodes at `/opt/archipelago/apps/*/manifest.yml`
|
|
||||||
(today); the goal is to distribute them via the signed catalog instead.
|
|
||||||
|
|
||||||
## Production test gate (definition of done)
|
|
||||||
|
|
||||||
`tests/lifecycle/run-gate.sh` green across install / UI / stop / start / restart /
|
|
||||||
reinstall / reboot-survive / archipelago-restart-survive / uninstall — **5× on
|
|
||||||
.228** (`ARCHY_ITERATIONS=5`). **Run the gate ON the node** (it uses local podman/systemctl/bitcoin
|
|
||||||
probes), not via RPC from another host. **✅ GREEN 2026-06-23 (5/5, 0 not-ok)** — keep it
|
|
||||||
green (re-run after orchestrator/lifecycle changes); regressions are top priority again.
|
|
||||||
**Multinode testing (.198 + the rest of the fleet) is a SEPARATE plan** —
|
|
||||||
`docs/multinode-testing-plan.md` — not part of this single-node gate criterion, and is
|
|
||||||
the next exit criterion now that single-node is green.
|
|
||||||
@ -73,7 +73,7 @@
|
|||||||
"author": "Mempool",
|
"author": "Mempool",
|
||||||
"category": "money",
|
"category": "money",
|
||||||
"tier": "core",
|
"tier": "core",
|
||||||
"dockerImage": "146.59.87.168:3000/lfg2025/mempool-frontend:v3.0.1",
|
"dockerImage": "146.59.87.168:3000/lfg2025/mempool-frontend:v3.0.0",
|
||||||
"repoUrl": "https://github.com/mempool/mempool",
|
"repoUrl": "https://github.com/mempool/mempool",
|
||||||
"requires": [
|
"requires": [
|
||||||
"bitcoin-knots",
|
"bitcoin-knots",
|
||||||
@ -195,7 +195,7 @@
|
|||||||
"title": "Nostr Relay (Rust)",
|
"title": "Nostr Relay (Rust)",
|
||||||
"version": "0.8.0",
|
"version": "0.8.0",
|
||||||
"description": "High-performance Nostr relay written in Rust. Host your own decentralized social media relay and earn networking profits.",
|
"description": "High-performance Nostr relay written in Rust. Host your own decentralized social media relay and earn networking profits.",
|
||||||
"icon": "/assets/img/app-icons/nostrudel.svg",
|
"icon": "/assets/img/app-icons/nostr.svg",
|
||||||
"author": "Nostr RS Relay",
|
"author": "Nostr RS Relay",
|
||||||
"category": "community",
|
"category": "community",
|
||||||
"tier": "recommended",
|
"tier": "recommended",
|
||||||
@ -214,6 +214,31 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "meshtastic",
|
||||||
|
"title": "Meshtastic",
|
||||||
|
"version": "2-daily-alpine",
|
||||||
|
"description": "Open-source mesh networking for LoRa radios. Create decentralized communication networks.",
|
||||||
|
"icon": "/assets/img/app-icons/meshcore.svg",
|
||||||
|
"author": "Meshtastic",
|
||||||
|
"category": "networking",
|
||||||
|
"tier": "recommended",
|
||||||
|
"dockerImage": "docker.io/meshtastic/meshtasticd:daily-alpine",
|
||||||
|
"repoUrl": "https://github.com/meshtastic/firmware",
|
||||||
|
"containerConfig": {
|
||||||
|
"ports": [
|
||||||
|
"4403:4403"
|
||||||
|
],
|
||||||
|
"volumes": [
|
||||||
|
"/var/lib/archipelago/meshtastic:/var/lib/meshtasticd"
|
||||||
|
],
|
||||||
|
"env": [
|
||||||
|
"MESHTASTIC_PORT=/dev/ttyUSB0",
|
||||||
|
"MESHTASTIC_SERIAL=true"
|
||||||
|
],
|
||||||
|
"notes": "Requires a LoRa radio device at /dev/ttyUSB0. The config file is rendered from the app manifest before container start."
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "vaultwarden",
|
"id": "vaultwarden",
|
||||||
"title": "Vaultwarden",
|
"title": "Vaultwarden",
|
||||||
@ -256,7 +281,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "fedimint",
|
"id": "fedimint",
|
||||||
"title": "Fedimint Guardian",
|
"title": "Fedimint",
|
||||||
"version": "0.10.0",
|
"version": "0.10.0",
|
||||||
"description": "Federated Bitcoin minting service with built-in Guardian UI. Privacy-preserving Bitcoin custody.",
|
"description": "Federated Bitcoin minting service with built-in Guardian UI. Privacy-preserving Bitcoin custody.",
|
||||||
"icon": "/assets/img/app-icons/fedimint.png",
|
"icon": "/assets/img/app-icons/fedimint.png",
|
||||||
@ -269,12 +294,12 @@
|
|||||||
"id": "fedimint-clientd",
|
"id": "fedimint-clientd",
|
||||||
"title": "Fedimint Client",
|
"title": "Fedimint Client",
|
||||||
"version": "0.8.0",
|
"version": "0.8.0",
|
||||||
"description": "Fedimint ecash client daemon (fmcd). Lets the node hold Fedimint ecash and join federations; the wallet talks to it over a local REST API.",
|
"description": "Fedimint ecash client daemon (fmcd). Lets your node hold Fedimint ecash and join federations; the wallet talks to it over a local REST API.",
|
||||||
"icon": "/assets/img/app-icons/fedimint.png",
|
"icon": "/assets/img/app-icons/fedimint.png",
|
||||||
"author": "Fedimint",
|
"author": "Fedimint",
|
||||||
"category": "money",
|
"category": "money",
|
||||||
"tier": "core",
|
"tier": "core",
|
||||||
"dockerImage": "146.59.87.168:3000/lfg2025/fmcd:0.8.1",
|
"dockerImage": "146.59.87.168:3000/lfg2025/fmcd:0.8.0",
|
||||||
"repoUrl": "https://github.com/minmoto/fmcd"
|
"repoUrl": "https://github.com/minmoto/fmcd"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -321,8 +346,8 @@
|
|||||||
{
|
{
|
||||||
"id": "immich",
|
"id": "immich",
|
||||||
"title": "Immich",
|
"title": "Immich",
|
||||||
"version": "2.7.4",
|
"version": "1.90.0",
|
||||||
"description": "Self-hosted photo and video backup with mobile apps and search.",
|
"description": "High-performance photo and video backup with ML.",
|
||||||
"icon": "/assets/img/app-icons/immich.png",
|
"icon": "/assets/img/app-icons/immich.png",
|
||||||
"author": "Immich",
|
"author": "Immich",
|
||||||
"category": "data",
|
"category": "data",
|
||||||
@ -428,13 +453,13 @@
|
|||||||
{
|
{
|
||||||
"id": "netbird",
|
"id": "netbird",
|
||||||
"title": "NetBird",
|
"title": "NetBird",
|
||||||
"version": "2.38.0",
|
"version": "0.71.2",
|
||||||
"description": "Self-hosted WireGuard mesh VPN control plane with dashboard, embedded identity provider, management API, signal, relay, and STUN. The user-facing entry point — a TLS proxy in front of the dashboard + server.",
|
"description": "Self-hosted WireGuard mesh VPN control plane with dashboard, embedded identity provider, management API, signal, relay, and STUN service.",
|
||||||
"icon": "/assets/img/app-icons/netbird.svg",
|
"icon": "/assets/img/app-icons/netbird.svg",
|
||||||
"author": "NetBird",
|
"author": "NetBird",
|
||||||
"category": "networking",
|
"category": "networking",
|
||||||
"tier": "recommended",
|
"tier": "recommended",
|
||||||
"dockerImage": "docker.io/library/nginx:1.27-alpine",
|
"dockerImage": "docker.io/netbirdio/dashboard:v2.38.0",
|
||||||
"repoUrl": "https://github.com/netbirdio/netbird",
|
"repoUrl": "https://github.com/netbirdio/netbird",
|
||||||
"containerConfig": {
|
"containerConfig": {
|
||||||
"ports": [
|
"ports": [
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
app:
|
app:
|
||||||
id: archy-btcpay-db
|
id: archy-btcpay-db
|
||||||
name: BTCPay Postgres
|
name: BTCPay Postgres
|
||||||
version: "15.17"
|
version: 15.17
|
||||||
description: Postgres backend for BTCPay and NBXplorer.
|
description: Postgres backend for BTCPay and NBXplorer.
|
||||||
|
|
||||||
container:
|
container:
|
||||||
|
|||||||
@ -1,12 +1,12 @@
|
|||||||
app:
|
app:
|
||||||
id: archy-mempool-web
|
id: archy-mempool-web
|
||||||
name: Mempool Web
|
name: Mempool Web
|
||||||
version: 3.0.1
|
version: 3.0.0
|
||||||
description: Frontend web UI for mempool explorer.
|
description: Frontend web UI for mempool explorer.
|
||||||
container_name: mempool
|
container_name: mempool
|
||||||
|
|
||||||
container:
|
container:
|
||||||
image: 146.59.87.168:3000/lfg2025/mempool-frontend:v3.0.1
|
image: git.tx1138.com/lfg2025/mempool-frontend:v3.0.0
|
||||||
pull_policy: if-not-present
|
pull_policy: if-not-present
|
||||||
network: archy-net
|
network: archy-net
|
||||||
|
|
||||||
@ -33,10 +33,7 @@ app:
|
|||||||
|
|
||||||
health_check:
|
health_check:
|
||||||
type: http
|
type: http
|
||||||
# 127.0.0.1 not localhost: the image's wget resolves localhost to ::1 (IPv6)
|
endpoint: http://localhost:8080
|
||||||
# first, but nginx binds 0.0.0.0:8080 (IPv4) only -> localhost probe gets
|
|
||||||
# "connection refused" -> perpetual unhealthy -> health_monitor restart loop.
|
|
||||||
endpoint: http://127.0.0.1:8080
|
|
||||||
path: /
|
path: /
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
|
|||||||
@ -1,34 +1,5 @@
|
|||||||
# Bitcoin Core — minimal rootless image built from the OFFICIAL upstream release.
|
# Bitcoin Core - uses official image
|
||||||
#
|
FROM bitcoin/bitcoin:24.0
|
||||||
# The CANONICAL, verified build path is scripts/build-bitcoin-image.sh, which
|
|
||||||
# downloads the upstream tarball, verifies SHA-256 + the OpenPGP signature
|
# Default user is already 'bitcoin'
|
||||||
# (fail-closed), and tags/pushes <registry>/bitcoin:<version>. This Dockerfile
|
# No additional setup needed
|
||||||
# mirrors that image for a manual/local build and replaces the old stale
|
|
||||||
# community base (`FROM bitcoin/bitcoin:24.0`).
|
|
||||||
#
|
|
||||||
# Build (binaries must be pre-fetched + verified into ./bin — see the script):
|
|
||||||
# scripts/build-bitcoin-image.sh core 31.0
|
|
||||||
FROM debian:bookworm-slim
|
|
||||||
ARG BITCOIN_VERSION=31.0
|
|
||||||
RUN set -eux; \
|
|
||||||
apt-get update; \
|
|
||||||
apt-get install -y --no-install-recommends ca-certificates; \
|
|
||||||
rm -rf /var/lib/apt/lists/*; \
|
|
||||||
useradd -m -u 1000 -s /bin/bash bitcoin; \
|
|
||||||
mkdir -p /home/bitcoin/.bitcoin; \
|
|
||||||
chown -R bitcoin:bitcoin /home/bitcoin
|
|
||||||
# bin/ holds the SHA-256 + GPG-verified bitcoind / bitcoin-cli (Guix-built,
|
|
||||||
# x86_64-linux-gnu) extracted from the official release tarball.
|
|
||||||
COPY bin/bitcoind /usr/local/bin/bitcoind
|
|
||||||
COPY bin/bitcoin-cli /usr/local/bin/bitcoin-cli
|
|
||||||
RUN chmod 0755 /usr/local/bin/bitcoind /usr/local/bin/bitcoin-cli
|
|
||||||
# Run as (container) root, like the legacy hand-built :latest image. Rootless
|
|
||||||
# Podman maps container-root to the unprivileged host service user; the manifest
|
|
||||||
# grants CAP_DAC_OVERRIDE so bitcoind can read its data dir, which the
|
|
||||||
# orchestrator chowns to the data_uid (host 100101 / container uid 102), not to
|
|
||||||
# this image's `bitcoin` user. A non-root USER can't read existing chain data and
|
|
||||||
# bitcoind crash-loops with "Error initializing block database".
|
|
||||||
WORKDIR /home/bitcoin
|
|
||||||
VOLUME ["/home/bitcoin/.bitcoin"]
|
|
||||||
EXPOSE 8332 8333
|
|
||||||
ENTRYPOINT ["bitcoind"]
|
|
||||||
|
|||||||
@ -17,13 +17,6 @@ app:
|
|||||||
# the IBD sweet spot - 4GB on full nodes, 1GB on pruned. Container
|
# the IBD sweet spot - 4GB on full nodes, 1GB on pruned. Container
|
||||||
# --memory=8g (config.rs::get_memory_limit) leaves headroom for
|
# --memory=8g (config.rs::get_memory_limit) leaves headroom for
|
||||||
# mempool + connections.
|
# mempool + connections.
|
||||||
#
|
|
||||||
# -printtoconsole=0: foreground bitcoind defaults console logging ON,
|
|
||||||
# which pushed every IBD "UpdateTip" line through conmon into journald
|
|
||||||
# (>1 GB/day on a fresh node). bitcoind still writes debug.log in the
|
|
||||||
# datadir (/var/lib/archipelago/bitcoin/debug.log, self-shrunk on
|
|
||||||
# restart) — use that for deep debugging; podman logs only carries
|
|
||||||
# entrypoint/startup errors.
|
|
||||||
- >-
|
- >-
|
||||||
BITCOIND="$(command -v bitcoind || true)";
|
BITCOIND="$(command -v bitcoind || true)";
|
||||||
if [ -z "$BITCOIND" ]; then
|
if [ -z "$BITCOIND" ]; then
|
||||||
@ -43,9 +36,9 @@ app:
|
|||||||
RPC_TXRELAY_FLAGS="$RPC_TXRELAY_FLAGS -rpcauth=$RPC_TXRELAY_AUTH -rpcwhitelist=txrelay:sendrawtransaction,submitpackage,testmempoolaccept,getmempoolinfo,getrawmempool,getmempoolentry,getnetworkinfo,getblockchaininfo,getblockcount,getblockhash,getblock,getblockheader,getrawtransaction,gettxout,gettxspendingprevout,decoderawtransaction,decodescript,estimatesmartfee,uptime,ping,getconnectioncount,getpeerinfo,getindexinfo,getdeploymentinfo,getchaintips";
|
RPC_TXRELAY_FLAGS="$RPC_TXRELAY_FLAGS -rpcauth=$RPC_TXRELAY_AUTH -rpcwhitelist=txrelay:sendrawtransaction,submitpackage,testmempoolaccept,getmempoolinfo,getrawmempool,getmempoolentry,getnetworkinfo,getblockchaininfo,getblockcount,getblockhash,getblock,getblockheader,getrawtransaction,gettxout,gettxspendingprevout,decoderawtransaction,decodescript,estimatesmartfee,uptime,ping,getconnectioncount,getpeerinfo,getindexinfo,getdeploymentinfo,getchaintips";
|
||||||
fi;
|
fi;
|
||||||
if [ "${DISK_GB_VALUE:-0}" -lt 1000 ]; then
|
if [ "${DISK_GB_VALUE:-0}" -lt 1000 ]; then
|
||||||
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -printtoconsole=0 -server=1 -prune=550 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=1024 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -server=1 -prune=550 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=1024 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
||||||
else
|
else
|
||||||
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -printtoconsole=0 -server=1 -txindex=1 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=4096 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -server=1 -txindex=1 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=4096 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
||||||
fi
|
fi
|
||||||
derived_env:
|
derived_env:
|
||||||
- key: DISK_GB
|
- key: DISK_GB
|
||||||
|
|||||||
@ -1,35 +0,0 @@
|
|||||||
# Bitcoin Knots — minimal rootless image built from the OFFICIAL upstream release.
|
|
||||||
#
|
|
||||||
# Knots previously had NO Dockerfile (the :latest tag was built/pushed by hand).
|
|
||||||
# The CANONICAL, verified build path is scripts/build-bitcoin-image.sh, which
|
|
||||||
# downloads the upstream tarball, verifies SHA-256 + the OpenPGP signature
|
|
||||||
# (fail-closed, Luke-Jr release key), and tags/pushes
|
|
||||||
# <registry>/bitcoin-knots:<version>. Knots version strings embed a build date,
|
|
||||||
# e.g. 29.3.knots20260508 — the full string is the tag.
|
|
||||||
#
|
|
||||||
# Build (binaries must be pre-fetched + verified into ./bin — see the script):
|
|
||||||
# scripts/build-bitcoin-image.sh knots 29.3.knots20260508
|
|
||||||
FROM debian:bookworm-slim
|
|
||||||
ARG KNOTS_VERSION=29.3.knots20260508
|
|
||||||
RUN set -eux; \
|
|
||||||
apt-get update; \
|
|
||||||
apt-get install -y --no-install-recommends ca-certificates; \
|
|
||||||
rm -rf /var/lib/apt/lists/*; \
|
|
||||||
useradd -m -u 1000 -s /bin/bash bitcoin; \
|
|
||||||
mkdir -p /home/bitcoin/.bitcoin; \
|
|
||||||
chown -R bitcoin:bitcoin /home/bitcoin
|
|
||||||
# bin/ holds the SHA-256 + GPG-verified bitcoind / bitcoin-cli (Knots, Guix-built,
|
|
||||||
# x86_64-linux-gnu) extracted from the official release tarball.
|
|
||||||
COPY bin/bitcoind /usr/local/bin/bitcoind
|
|
||||||
COPY bin/bitcoin-cli /usr/local/bin/bitcoin-cli
|
|
||||||
RUN chmod 0755 /usr/local/bin/bitcoind /usr/local/bin/bitcoin-cli
|
|
||||||
# Run as (container) root, like the legacy hand-built :latest image. Rootless
|
|
||||||
# Podman maps container-root to the unprivileged host service user; the manifest
|
|
||||||
# grants CAP_DAC_OVERRIDE so bitcoind can read its data dir, which the
|
|
||||||
# orchestrator chowns to the data_uid (host 100101 / container uid 102), not to
|
|
||||||
# this image's `bitcoin` user. A non-root USER can't read existing chain data and
|
|
||||||
# bitcoind crash-loops with "Error initializing block database".
|
|
||||||
WORKDIR /home/bitcoin
|
|
||||||
VOLUME ["/home/bitcoin/.bitcoin"]
|
|
||||||
EXPOSE 8332 8333
|
|
||||||
ENTRYPOINT ["bitcoind"]
|
|
||||||
@ -17,13 +17,6 @@ app:
|
|||||||
# the IBD sweet spot - 4GB on full nodes, 1GB on pruned. Container
|
# the IBD sweet spot - 4GB on full nodes, 1GB on pruned. Container
|
||||||
# --memory=8g (config.rs::get_memory_limit) leaves headroom for
|
# --memory=8g (config.rs::get_memory_limit) leaves headroom for
|
||||||
# mempool + connections.
|
# mempool + connections.
|
||||||
#
|
|
||||||
# -printtoconsole=0: foreground bitcoind defaults console logging ON,
|
|
||||||
# which pushed every IBD "UpdateTip" line through conmon into journald
|
|
||||||
# (>1 GB/day on a fresh node). bitcoind still writes debug.log in the
|
|
||||||
# datadir (/var/lib/archipelago/bitcoin/debug.log, self-shrunk on
|
|
||||||
# restart) — use that for deep debugging; podman logs only carries
|
|
||||||
# entrypoint/startup errors.
|
|
||||||
- >-
|
- >-
|
||||||
BITCOIND="$(command -v bitcoind || true)";
|
BITCOIND="$(command -v bitcoind || true)";
|
||||||
if [ -z "$BITCOIND" ]; then
|
if [ -z "$BITCOIND" ]; then
|
||||||
@ -43,9 +36,9 @@ app:
|
|||||||
RPC_TXRELAY_FLAGS="$RPC_TXRELAY_FLAGS -rpcauth=$RPC_TXRELAY_AUTH -rpcwhitelist=txrelay:sendrawtransaction,submitpackage,testmempoolaccept,getmempoolinfo,getrawmempool,getmempoolentry,getnetworkinfo,getblockchaininfo,getblockcount,getblockhash,getblock,getblockheader,getrawtransaction,gettxout,gettxspendingprevout,decoderawtransaction,decodescript,estimatesmartfee,uptime,ping,getconnectioncount,getpeerinfo,getindexinfo,getdeploymentinfo,getchaintips";
|
RPC_TXRELAY_FLAGS="$RPC_TXRELAY_FLAGS -rpcauth=$RPC_TXRELAY_AUTH -rpcwhitelist=txrelay:sendrawtransaction,submitpackage,testmempoolaccept,getmempoolinfo,getrawmempool,getmempoolentry,getnetworkinfo,getblockchaininfo,getblockcount,getblockhash,getblock,getblockheader,getrawtransaction,gettxout,gettxspendingprevout,decoderawtransaction,decodescript,estimatesmartfee,uptime,ping,getconnectioncount,getpeerinfo,getindexinfo,getdeploymentinfo,getchaintips";
|
||||||
fi;
|
fi;
|
||||||
if [ "${DISK_GB_VALUE:-0}" -lt 1000 ]; then
|
if [ "${DISK_GB_VALUE:-0}" -lt 1000 ]; then
|
||||||
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -printtoconsole=0 -server=1 -prune=550 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=2048 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -server=1 -prune=550 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=2048 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
||||||
else
|
else
|
||||||
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -printtoconsole=0 -server=1 -txindex=1 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=4096 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -server=1 -txindex=1 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=4096 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
||||||
fi
|
fi
|
||||||
derived_env:
|
derived_env:
|
||||||
- key: DISK_GB
|
- key: DISK_GB
|
||||||
|
|||||||
@ -22,7 +22,6 @@ app:
|
|||||||
- app_id: bitcoin-knots
|
- app_id: bitcoin-knots
|
||||||
version: ">=26.0"
|
version: ">=26.0"
|
||||||
- storage: 50Gi
|
- storage: 50Gi
|
||||||
- bitcoin:archival
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
cpu_limit: 0
|
cpu_limit: 0
|
||||||
|
|||||||
@ -9,18 +9,13 @@ app:
|
|||||||
# 0.8.2 — iroh-capable). No usable upstream image exists, so we build + push
|
# 0.8.2 — iroh-capable). No usable upstream image exists, so we build + push
|
||||||
# this to the node registry. Pin the tag to match the REST shapes coded in
|
# this to the node registry. Pin the tag to match the REST shapes coded in
|
||||||
# core/archipelago/src/wallet/fedimint_client.rs (validated against 0.8.2).
|
# core/archipelago/src/wallet/fedimint_client.rs (validated against 0.8.2).
|
||||||
image: 146.59.87.168:3000/lfg2025/fmcd:0.8.1
|
image: 146.59.87.168:3000/lfg2025/fmcd:0.8.0
|
||||||
pull_policy: if-not-present
|
pull_policy: if-not-present
|
||||||
network: archy-net
|
network: archy-net
|
||||||
# No entrypoint override: the image's resilient `fmcd-run` launcher loops
|
# No entrypoint override: the image's resilient `fmcd-run` launcher loops
|
||||||
# fmcd and retries on join failure (fmcd needs >=1 federation to boot), so an
|
# fmcd and retries on join failure (fmcd needs >=1 federation to boot), so an
|
||||||
# unreachable default never crash-loops. All config comes from FMCD_* env
|
# unreachable default never crash-loops. All config comes from FMCD_* env
|
||||||
# below. Nodes can join more federations via wallet.fedimint-join.
|
# below. Nodes can join more federations via wallet.fedimint-join.
|
||||||
# Auto-generated on first install (random hex, 0600, rootless-owned) so the
|
|
||||||
# app needs no host provisioning. The wallet bridge reads the same file.
|
|
||||||
generated_secrets:
|
|
||||||
- name: fmcd-password
|
|
||||||
kind: hex16
|
|
||||||
secret_env:
|
secret_env:
|
||||||
- key: FMCD_PASSWORD
|
- key: FMCD_PASSWORD
|
||||||
secret_file: fmcd-password
|
secret_file: fmcd-password
|
||||||
@ -33,32 +28,17 @@ app:
|
|||||||
- storage: 2Gi
|
- storage: 2Gi
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
# fmcd's embedded iroh networking can hot-loop on relay/hole-punch retries
|
|
||||||
# on NAT'd nodes that reach the federation neither directly nor via iroh's
|
|
||||||
# public relays, pegging its whole allotment. Cap it low so a stuck instance
|
|
||||||
# can't starve the node (steady-state is <3% of a core; joins are brief);
|
|
||||||
# the fmcd-run watchdog additionally restarts a sustained-hot process.
|
|
||||||
cpu_limit: 1
|
cpu_limit: 1
|
||||||
memory_limit: 1Gi
|
memory_limit: 1Gi
|
||||||
disk_limit: 2Gi
|
disk_limit: 2Gi
|
||||||
|
|
||||||
security:
|
security:
|
||||||
# fmcd's `fmcd-run` launcher chowns its /data (existing federation DB) on
|
capabilities: []
|
||||||
# every start. With the default `cap_drop: ALL` and no caps added back, that
|
|
||||||
# chown fails and fmcd dies "Operation not permitted (os error 1)" — but ONLY
|
|
||||||
# once /data holds a joined federation (a fresh/empty dir needs no chown, so
|
|
||||||
# it appeared to work). Restore the standard container capability set so the
|
|
||||||
# startup chown succeeds (#7). Verified by bisection on .116: these caps make
|
|
||||||
# fmcd boot + serve /v2/*; DAC_OVERRIDE or SETUID/SETGID alone do NOT.
|
|
||||||
capabilities: ["CHOWN", "DAC_OVERRIDE", "FOWNER", "SETUID", "SETGID"]
|
|
||||||
readonly_root: true
|
readonly_root: true
|
||||||
# NOT isolated: fmcd needs outbound UDP + Mainline DHT (port 6881) + iroh
|
# NOT isolated: fmcd needs outbound UDP + Mainline DHT (port 6881) + iroh
|
||||||
# relays to reach iroh-transport federations. `bridge` gives NAT'd outbound
|
# relays to reach iroh-transport federations. Lock down once the default
|
||||||
# (UDP/DHT/iroh hole-punch all work) plus the published 8178→8080 port the
|
# federation's reachability model is finalized.
|
||||||
# wallet bridge targets. ("open" is not a valid policy — it made the loader
|
network_policy: open
|
||||||
# skip this whole manifest, so fmcd never ran and federations never joined.)
|
|
||||||
# Lock down once the default federation's reachability model is finalized.
|
|
||||||
network_policy: bridge
|
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
# fmcd REST bound to 8080 in-container; 8080 collides with LND REST on the
|
# fmcd REST bound to 8080 in-container; 8080 collides with LND REST on the
|
||||||
@ -86,15 +66,10 @@ app:
|
|||||||
# join reliability from a real second node before relying on auto-bundle.
|
# join reliability from a real second node before relying on auto-bundle.
|
||||||
- FMCD_INVITE_CODE=fed11qgqyj3mfwfhksw309uuxywtxxfjrjc35xuexverpxdsnxcnrxucxvenzveskgc3kvvun2c34xp3k2ep38yunzdpexcekxe3hvd3rvvmx8pnrvdenx5mnzvtzqqqjqt0t6pc3s5z0ynqjw9s4njf6svwgu59kweawc0vvrddcjeemw6yyn4pcdp
|
- FMCD_INVITE_CODE=fed11qgqyj3mfwfhksw309uuxywtxxfjrjc35xuexverpxdsnxcnrxucxvenzveskgc3kvvun2c34xp3k2ep38yunzdpexcekxe3hvd3rvvmx8pnrvdenx5mnzvtzqqqjqt0t6pc3s5z0ynqjw9s4njf6svwgu59kweawc0vvrddcjeemw6yyn4pcdp
|
||||||
|
|
||||||
# fmcd serves only authenticated /v2/* routes — there is no unauthenticated
|
|
||||||
# /health endpoint, so an http probe to /health 404s forever and pins the
|
|
||||||
# container in "(starting)". fmcd's own image also ships neither curl nor wget.
|
|
||||||
# Use a TCP probe: the Quadlet renderer skips it (no HealthCmd emitted) and the
|
|
||||||
# host-side lifecycle layer verifies reachability, so the container reports
|
|
||||||
# "running" instead of a perpetual false-negative "(starting)".
|
|
||||||
health_check:
|
health_check:
|
||||||
type: tcp
|
type: http
|
||||||
endpoint: localhost:8080
|
endpoint: http://localhost:8080
|
||||||
|
path: /health
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
retries: 3
|
retries: 3
|
||||||
|
|||||||
@ -16,14 +16,6 @@ app:
|
|||||||
else
|
else
|
||||||
exec gatewayd --data-dir /data --listen 0.0.0.0:8176 --bcrypt-password-hash "$FEDI_HASH" --network bitcoin --bitcoind-url http://host.archipelago:8332 --bitcoind-username "$FM_BITCOIND_USERNAME" --bitcoind-password "$FM_BITCOIND_PASSWORD" ldk --ldk-lightning-port 9737 --ldk-alias archipelago-gateway;
|
exec gatewayd --data-dir /data --listen 0.0.0.0:8176 --bcrypt-password-hash "$FEDI_HASH" --network bitcoin --bitcoind-url http://host.archipelago:8332 --bitcoind-username "$FM_BITCOIND_USERNAME" --bitcoind-password "$FM_BITCOIND_PASSWORD" ldk --ldk-lightning-port 9737 --ldk-alias archipelago-gateway;
|
||||||
fi
|
fi
|
||||||
# The gateway's admin API is gated by a bcrypt password hash. Generate it on
|
|
||||||
# first install (random password + its bcrypt hash, both 0600 rootless-owned)
|
|
||||||
# so the app installs from its manifest alone — `fedimint-gateway-hash` holds
|
|
||||||
# the hash passed to gatewayd, `fedimint-gateway-hash.pw` the plaintext for
|
|
||||||
# any client that must authenticate. Self-heals a wrongly root-owned hash.
|
|
||||||
generated_secrets:
|
|
||||||
- name: fedimint-gateway-hash
|
|
||||||
kind: bcrypt
|
|
||||||
secret_env:
|
secret_env:
|
||||||
- key: FM_BITCOIND_PASSWORD
|
- key: FM_BITCOIND_PASSWORD
|
||||||
secret_file: bitcoin-rpc-password
|
secret_file: bitcoin-rpc-password
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
app:
|
app:
|
||||||
id: fedimint
|
id: fedimint
|
||||||
name: Fedimint Guardian
|
name: Fedimint
|
||||||
version: 0.10.0
|
version: 0.10.0
|
||||||
description: Federated Bitcoin minting service with built-in Guardian UI. Privacy-preserving Bitcoin custody.
|
description: Federated Bitcoin minting service with built-in Guardian UI. Privacy-preserving Bitcoin custody.
|
||||||
|
|
||||||
|
|||||||
@ -1,58 +0,0 @@
|
|||||||
app:
|
|
||||||
id: immich-postgres
|
|
||||||
name: Immich Postgres
|
|
||||||
version: "14-vectorchord0.4.3-pgvectors0.2.0"
|
|
||||||
description: Postgres (pgvecto.rs / vectorchord) backend for Immich.
|
|
||||||
|
|
||||||
# Container named immich_postgres (underscore) to match the runtime's existing
|
|
||||||
# per-app references (lifecycle/health/crash-recovery/config) and serve as the
|
|
||||||
# server's DB_HOSTNAME alias. Top-level key → serde(flatten) → extensions →
|
|
||||||
# compute_container_name.
|
|
||||||
container_name: immich_postgres
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: archy-net
|
|
||||||
# postgres drops to its own uid (container 999 → host 100998 under rootless),
|
|
||||||
# so the data dir must be owned by that mapped uid — mirrors archy-btcpay-db.
|
|
||||||
# Verified on .228: the live immich-db is owned 100998. Without this a FRESH
|
|
||||||
# install's dir would be service-user-owned and postgres would EACCES.
|
|
||||||
data_uid: "100998:100998"
|
|
||||||
generated_secrets:
|
|
||||||
- name: immich-db-password
|
|
||||||
kind: hex32
|
|
||||||
secret_env:
|
|
||||||
- key: POSTGRES_PASSWORD
|
|
||||||
secret_file: immich-db-password
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- storage: 40Gi
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 2Gi
|
|
||||||
disk_limit: 40Gi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: [CHOWN, DAC_OVERRIDE, FOWNER, SETGID, SETUID]
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- type: bind
|
|
||||||
source: /var/lib/archipelago/immich-db
|
|
||||||
target: /var/lib/postgresql/data
|
|
||||||
options: [rw]
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- POSTGRES_USER=postgres
|
|
||||||
- POSTGRES_DB=immich
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:5432
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 3
|
|
||||||
@ -1,37 +0,0 @@
|
|||||||
app:
|
|
||||||
id: immich-redis
|
|
||||||
name: Immich Redis
|
|
||||||
version: "7-alpine"
|
|
||||||
description: Valkey (Redis-compatible) cache for Immich.
|
|
||||||
|
|
||||||
# Container named immich_redis (underscore) to match runtime per-app references
|
|
||||||
# and serve as the server's REDIS_HOSTNAME alias on archy-net.
|
|
||||||
container_name: immich_redis
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/valkey:7-alpine
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: archy-net
|
|
||||||
|
|
||||||
dependencies: []
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 128Mi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: [SETGID, SETUID]
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
volumes: []
|
|
||||||
|
|
||||||
environment: []
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:6379
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 3
|
|
||||||
@ -1,74 +0,0 @@
|
|||||||
app:
|
|
||||||
id: immich
|
|
||||||
name: Immich
|
|
||||||
version: "2.7.4"
|
|
||||||
description: Self-hosted photo and video backup with mobile apps and search.
|
|
||||||
|
|
||||||
# app_id "immich" = the user-facing launcher (matches the catalog entry's title
|
|
||||||
# + icon). The container is named "immich_server" so it matches the runtime's
|
|
||||||
# existing per-app container references (lifecycle/health/crash-recovery/ports);
|
|
||||||
# `container_name` is a top-level app key (captured by serde(flatten) into
|
|
||||||
# extensions, read by compute_container_name). It reaches its backends by their
|
|
||||||
# underscore aliases on archy-net (DB_HOSTNAME / REDIS_HOSTNAME below).
|
|
||||||
container_name: immich_server
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/immich-server:release
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: archy-net
|
|
||||||
secret_env:
|
|
||||||
- key: DB_PASSWORD
|
|
||||||
secret_file: immich-db-password
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- app_id: immich-postgres
|
|
||||||
- app_id: immich-redis
|
|
||||||
- storage: 200Gi
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 2Gi
|
|
||||||
disk_limit: 200Gi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: []
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports:
|
|
||||||
- host: 2283
|
|
||||||
container: 2283
|
|
||||||
protocol: tcp
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- type: bind
|
|
||||||
source: /var/lib/archipelago/immich
|
|
||||||
target: /usr/src/app/upload
|
|
||||||
options: [rw]
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- DB_HOSTNAME=immich_postgres
|
|
||||||
- DB_USERNAME=postgres
|
|
||||||
- DB_DATABASE_NAME=immich
|
|
||||||
- REDIS_HOSTNAME=immich_redis
|
|
||||||
- UPLOAD_LOCATION=/usr/src/app/upload
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: http
|
|
||||||
endpoint: http://localhost:2283
|
|
||||||
path: /api/server/ping
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 20
|
|
||||||
|
|
||||||
interfaces:
|
|
||||||
main:
|
|
||||||
name: Web UI
|
|
||||||
description: Immich photo library
|
|
||||||
type: ui
|
|
||||||
port: 2283
|
|
||||||
protocol: http
|
|
||||||
path: /
|
|
||||||
|
|
||||||
metadata:
|
|
||||||
launch:
|
|
||||||
open_in_new_tab: true
|
|
||||||
@ -1,77 +0,0 @@
|
|||||||
app:
|
|
||||||
id: indeedhub-api
|
|
||||||
name: IndeedHub API
|
|
||||||
version: "1.0.0"
|
|
||||||
description: IndeedHub backend API (Nostr auth, media, payments).
|
|
||||||
category: community
|
|
||||||
|
|
||||||
# Hyphen name matches runtime references + the live container (adoption);
|
|
||||||
# alias `api` is the short hostname the frontend nginx proxies to
|
|
||||||
# (http://api:4000). Reaches its backends by their short aliases
|
|
||||||
# (postgres/redis/minio) on indeedhub-net — unchanged from the legacy installer.
|
|
||||||
container_name: indeedhub-api
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/indeedhub-api:1.0.0
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: indeedhub-net
|
|
||||||
network_aliases: [api]
|
|
||||||
# The JWT signing secret is owned here (no backend container owns it); the
|
|
||||||
# db + minio passwords are owned by indeedhub-postgres / indeedhub-minio and
|
|
||||||
# only consumed here. ensure_generated_secrets no-ops when a file already
|
|
||||||
# exists, so live values on .228 are preserved (postgres pw is fixed at
|
|
||||||
# PGDATA init — regenerating would lock the API out).
|
|
||||||
generated_secrets:
|
|
||||||
- name: indeedhub-jwt
|
|
||||||
kind: hex32
|
|
||||||
secret_env:
|
|
||||||
- key: DATABASE_PASSWORD
|
|
||||||
secret_file: indeedhub-db-password
|
|
||||||
- key: AWS_SECRET_KEY
|
|
||||||
secret_file: indeedhub-minio-password
|
|
||||||
- key: NOSTR_JWT_SECRET
|
|
||||||
secret_file: indeedhub-jwt
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- app_id: indeedhub-postgres
|
|
||||||
- app_id: indeedhub-redis
|
|
||||||
- app_id: indeedhub-minio
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 2Gi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: []
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
volumes: []
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- PORT=4000
|
|
||||||
- DATABASE_HOST=postgres
|
|
||||||
- DATABASE_PORT=5432
|
|
||||||
- DATABASE_USER=indeedhub
|
|
||||||
- DATABASE_NAME=indeedhub
|
|
||||||
- QUEUE_HOST=redis
|
|
||||||
- QUEUE_PORT=6379
|
|
||||||
- S3_ENDPOINT=http://minio:9000
|
|
||||||
- AWS_REGION=us-east-1
|
|
||||||
- AWS_ACCESS_KEY=indeeadmin
|
|
||||||
- S3_PUBLIC_BUCKET_NAME=indeedhub-public
|
|
||||||
- S3_PRIVATE_BUCKET_NAME=indeedhub-private
|
|
||||||
- S3_PUBLIC_BUCKET_URL=/storage
|
|
||||||
- NOSTR_JWT_EXPIRES_IN=7d
|
|
||||||
# Fixed across the fleet (envelope-encryption master key baked by the legacy
|
|
||||||
# installer); not node-specific, so a plain env literal, not a secret.
|
|
||||||
- AES_MASTER_SECRET=0123456789abcdef0123456789abcdef
|
|
||||||
- ENVIRONMENT=production
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:4000
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 10
|
|
||||||
@ -1,51 +0,0 @@
|
|||||||
app:
|
|
||||||
id: indeedhub-ffmpeg
|
|
||||||
name: IndeedHub FFmpeg Worker
|
|
||||||
version: "1.0.0"
|
|
||||||
description: IndeedHub background media transcoding worker.
|
|
||||||
category: community
|
|
||||||
|
|
||||||
# Hyphen name matches runtime references + the live container (adoption). No
|
|
||||||
# network_alias: nothing connects TO the worker — it only dials out to
|
|
||||||
# postgres/redis/minio (resolved by their aliases on indeedhub-net).
|
|
||||||
container_name: indeedhub-ffmpeg
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/indeedhub-ffmpeg:1.0.0
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: indeedhub-net
|
|
||||||
secret_env:
|
|
||||||
- key: DATABASE_PASSWORD
|
|
||||||
secret_file: indeedhub-db-password
|
|
||||||
- key: AWS_SECRET_KEY
|
|
||||||
secret_file: indeedhub-minio-password
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- app_id: indeedhub-api
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 4Gi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: []
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
volumes: []
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- DATABASE_HOST=postgres
|
|
||||||
- DATABASE_PORT=5432
|
|
||||||
- DATABASE_USER=indeedhub
|
|
||||||
- DATABASE_NAME=indeedhub
|
|
||||||
- QUEUE_HOST=redis
|
|
||||||
- QUEUE_PORT=6379
|
|
||||||
- S3_ENDPOINT=http://minio:9000
|
|
||||||
- AWS_REGION=us-east-1
|
|
||||||
- AWS_ACCESS_KEY=indeeadmin
|
|
||||||
- S3_PUBLIC_BUCKET_NAME=indeedhub-public
|
|
||||||
- S3_PRIVATE_BUCKET_NAME=indeedhub-private
|
|
||||||
- ENVIRONMENT=production
|
|
||||||
- AES_MASTER_SECRET=0123456789abcdef0123456789abcdef
|
|
||||||
@ -1,60 +0,0 @@
|
|||||||
app:
|
|
||||||
id: indeedhub-minio
|
|
||||||
name: IndeedHub MinIO
|
|
||||||
version: "RELEASE.2024-11-07T00-52-20Z"
|
|
||||||
description: MinIO S3-compatible object storage for IndeedHub media.
|
|
||||||
category: community
|
|
||||||
|
|
||||||
# Hyphen name matches runtime references + the live container (adoption);
|
|
||||||
# alias `minio` is the short hostname the api/ffmpeg use (S3_ENDPOINT=
|
|
||||||
# http://minio:9000) AND the frontend nginx proxies to (http://minio:9000).
|
|
||||||
container_name: indeedhub-minio
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/minio:RELEASE.2024-11-07T00-52-20Z
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: indeedhub-net
|
|
||||||
network_aliases: [minio]
|
|
||||||
# `server /data` — the minio entrypoint args from the legacy installer.
|
|
||||||
custom_args: [server, /data]
|
|
||||||
generated_secrets:
|
|
||||||
- name: indeedhub-minio-password
|
|
||||||
kind: hex32
|
|
||||||
secret_env:
|
|
||||||
- key: MINIO_ROOT_PASSWORD
|
|
||||||
secret_file: indeedhub-minio-password
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- storage: 50Gi
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 1Gi
|
|
||||||
disk_limit: 50Gi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: []
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
# Named volume matches the live indeedhub-minio-data volume on .228.
|
|
||||||
volumes:
|
|
||||||
- type: volume
|
|
||||||
source: indeedhub-minio-data
|
|
||||||
target: /data
|
|
||||||
options: [rw]
|
|
||||||
|
|
||||||
# MINIO_ROOT_USER "indeeadmin" is the fixed admin identity baked by the legacy
|
|
||||||
# installer (api/ffmpeg use it as AWS_ACCESS_KEY); the password is the
|
|
||||||
# generated secret above. Not secret, so it stays a plain env value.
|
|
||||||
environment:
|
|
||||||
- MINIO_ROOT_USER=indeeadmin
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: http
|
|
||||||
endpoint: http://localhost:9000
|
|
||||||
path: /minio/health/live
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 5
|
|
||||||
@ -1,59 +0,0 @@
|
|||||||
app:
|
|
||||||
id: indeedhub-postgres
|
|
||||||
name: IndeedHub Postgres
|
|
||||||
version: "16.13-alpine"
|
|
||||||
description: Postgres database backend for IndeedHub.
|
|
||||||
category: community
|
|
||||||
|
|
||||||
# Container named indeedhub-postgres (hyphen) to match the runtime's existing
|
|
||||||
# per-app references (health_monitor tiers/deps, crash_recovery) and the live
|
|
||||||
# .228 install, so the orchestrator ADOPTS the running container instead of
|
|
||||||
# recreating it. `network_aliases: [postgres]` keeps the short hostname the
|
|
||||||
# api/ffmpeg/relay reach by (DATABASE_HOST=postgres) resolvable on
|
|
||||||
# indeedhub-net, reproducing the legacy `--network-alias postgres`.
|
|
||||||
container_name: indeedhub-postgres
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/postgres:16.13-alpine
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: indeedhub-net
|
|
||||||
network_aliases: [postgres]
|
|
||||||
generated_secrets:
|
|
||||||
- name: indeedhub-db-password
|
|
||||||
kind: hex32
|
|
||||||
secret_env:
|
|
||||||
- key: POSTGRES_PASSWORD
|
|
||||||
secret_file: indeedhub-db-password
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- storage: 10Gi
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 1Gi
|
|
||||||
disk_limit: 10Gi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: [CHOWN, DAC_OVERRIDE, FOWNER, SETGID, SETUID]
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
# Named podman volume (matches the live indeedhub-postgres-data volume on .228);
|
|
||||||
# preserves all existing database content across the migration.
|
|
||||||
volumes:
|
|
||||||
- type: volume
|
|
||||||
source: indeedhub-postgres-data
|
|
||||||
target: /var/lib/postgresql/data
|
|
||||||
options: [rw]
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- POSTGRES_USER=indeedhub
|
|
||||||
- POSTGRES_DB=indeedhub
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:5432
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 3
|
|
||||||
@ -1,45 +0,0 @@
|
|||||||
app:
|
|
||||||
id: indeedhub-redis
|
|
||||||
name: IndeedHub Redis
|
|
||||||
version: "7.4.8-alpine"
|
|
||||||
description: Redis queue/cache backend for IndeedHub.
|
|
||||||
category: community
|
|
||||||
|
|
||||||
# Hyphen name matches runtime references + the live container (adoption);
|
|
||||||
# alias `redis` is the short hostname the api/ffmpeg reach (QUEUE_HOST=redis).
|
|
||||||
container_name: indeedhub-redis
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/redis:7.4.8-alpine
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: indeedhub-net
|
|
||||||
network_aliases: [redis]
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- storage: 1Gi
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 256Mi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: [SETGID, SETUID]
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
# Named volume matches the live indeedhub-redis-data volume on .228.
|
|
||||||
volumes:
|
|
||||||
- type: volume
|
|
||||||
source: indeedhub-redis-data
|
|
||||||
target: /data
|
|
||||||
options: [rw]
|
|
||||||
|
|
||||||
environment: []
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:6379
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 3
|
|
||||||
@ -1,47 +0,0 @@
|
|||||||
app:
|
|
||||||
id: indeedhub-relay
|
|
||||||
name: IndeedHub Nostr Relay
|
|
||||||
version: "0.9.0"
|
|
||||||
description: nostr-rs-relay backing IndeedHub's Nostr identity + comments.
|
|
||||||
category: community
|
|
||||||
|
|
||||||
# Hyphen name matches runtime references + the live container (adoption);
|
|
||||||
# alias `relay` is the short hostname the frontend nginx proxies to
|
|
||||||
# (http://relay:8080 for the /relay websocket).
|
|
||||||
container_name: indeedhub-relay
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: 146.59.87.168:3000/lfg2025/nostr-rs-relay:0.9.0
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: indeedhub-net
|
|
||||||
network_aliases: [relay]
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- storage: 2Gi
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 256Mi
|
|
||||||
disk_limit: 2Gi
|
|
||||||
|
|
||||||
security:
|
|
||||||
capabilities: []
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
# Named volume matches the live indeedhub-relay-data volume on .228.
|
|
||||||
volumes:
|
|
||||||
- type: volume
|
|
||||||
source: indeedhub-relay-data
|
|
||||||
target: /usr/src/app/db
|
|
||||||
options: [rw]
|
|
||||||
|
|
||||||
environment: []
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:8080
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 3
|
|
||||||
@ -1,84 +1,63 @@
|
|||||||
app:
|
app:
|
||||||
id: indeedhub
|
id: indeedhub
|
||||||
name: IndeeHub
|
name: IndeeHub
|
||||||
version: "1.0.0"
|
version: 1.0.0
|
||||||
description: Bitcoin documentary streaming platform featuring God Bless Bitcoin and other educational content about Bitcoin, sovereignty, and decentralized technology. Sign in with your Nostr identity.
|
description: Bitcoin documentary streaming platform featuring God Bless Bitcoin and other educational content about Bitcoin, sovereignty, and decentralized technology. Sign in with your Nostr identity.
|
||||||
category: community
|
category: community
|
||||||
|
|
||||||
# The user-facing launcher (app_id "indeedhub"). Container is named "indeedhub"
|
|
||||||
# (matches the runtime's per-app references + the live container, so the
|
|
||||||
# orchestrator adopts it). Its nginx (listen 7777) proxies to the backends by
|
|
||||||
# their short aliases on indeedhub-net: api:4000, minio:9000, relay:8080.
|
|
||||||
container_name: indeedhub
|
|
||||||
|
|
||||||
container:
|
container:
|
||||||
image: 146.59.87.168:3000/lfg2025/indeedhub:1.0.0
|
image: 146.59.87.168:3000/lfg2025/indeedhub:1.0.0
|
||||||
pull_policy: if-not-present
|
pull_policy: always # Pull from registry; falls back to local build
|
||||||
network: indeedhub-net
|
network: indeedhub-net
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- app_id: indeedhub-api
|
|
||||||
- storage: 1Gi
|
- storage: 1Gi
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
cpu_limit: 2
|
||||||
memory_limit: 512Mi
|
memory_limit: 512Mi
|
||||||
disk_limit: 1Gi
|
disk_limit: 1Gi
|
||||||
|
|
||||||
security:
|
security:
|
||||||
# nginx master runs as root and drops workers to the nginx user (uid/gid
|
capabilities: []
|
||||||
# 101) — needs SET{UID,GID}; CHOWN + DAC_OVERRIDE let it own + write the
|
readonly_root: true
|
||||||
# proxy cache under the tmpfs /var/cache/nginx. The orchestrator does
|
no_new_privileges: true
|
||||||
# --cap-drop=ALL, so (unlike the legacy `podman run` default caps) these
|
user: 1001
|
||||||
# must be declared or nginx workers die with "setgid(101) failed".
|
seccomp_profile: default
|
||||||
capabilities: [CHOWN, DAC_OVERRIDE, SETGID, SETUID]
|
network_policy: bridge
|
||||||
readonly_root: false
|
apparmor_profile: default
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
- host: 7778
|
- host: 7778
|
||||||
container: 7777
|
container: 7777
|
||||||
protocol: tcp # Web UI. Port 7777 on the host is reserved for the Nostr relay.
|
protocol: tcp # Web UI. Port 7777 on the host is reserved for Nostr relay.
|
||||||
|
|
||||||
# Writable scratch the baked nginx needs; matches the legacy installer's
|
|
||||||
# --tmpfs /run + /var/cache/nginx.
|
|
||||||
volumes:
|
volumes:
|
||||||
|
- type: tmpfs
|
||||||
|
target: /tmp
|
||||||
|
options: [rw,noexec,nosuid,size=64m]
|
||||||
|
- type: tmpfs
|
||||||
|
target: /app/.next/cache
|
||||||
|
options: [rw,noexec,nosuid,size=128m]
|
||||||
- type: tmpfs
|
- type: tmpfs
|
||||||
target: /run
|
target: /run
|
||||||
options: [rw, nosuid, nodev, size=16m]
|
options: [rw,nosuid,nodev,size=16m]
|
||||||
- type: tmpfs
|
- type: tmpfs
|
||||||
target: /var/cache/nginx
|
target: /var/cache/nginx
|
||||||
options: [rw, nosuid, nodev, size=32m]
|
options: [rw,nosuid,nodev,size=32m]
|
||||||
|
|
||||||
environment: []
|
environment:
|
||||||
|
- NODE_ENV=production
|
||||||
|
- NEXT_TELEMETRY_DISABLED=1
|
||||||
|
|
||||||
# Defensive + idempotent. The current indeedhub:1.0.0 image already bakes the
|
|
||||||
# iframe-friendly nginx (X-Frame-Options omitted, nostr-provider.js present +
|
|
||||||
# <script> injected), so these are mostly no-ops on that tag — but they keep
|
|
||||||
# the app iframe-loadable + the provider script fresh for any image build that
|
|
||||||
# predates the bake. copy_from_host pulls /opt/archipelago/web-ui/nostr-provider.js
|
|
||||||
# (kept current by frontend OTA releases). Replaces the legacy hardcoded
|
|
||||||
# patch_indeedhub_nostr_provider() Rust hook.
|
|
||||||
hooks:
|
|
||||||
post_install:
|
|
||||||
- exec: ["sed", "-i", "/X-Frame-Options/d", "/etc/nginx/conf.d/default.conf"]
|
|
||||||
- copy_from_host:
|
|
||||||
src: "web-ui/nostr-provider.js"
|
|
||||||
dest: "/usr/share/nginx/html/nostr-provider.js"
|
|
||||||
- exec: ["sh", "-c", "grep -q nostr-provider /etc/nginx/conf.d/default.conf || sed -i 's#</head>#<script src=\"/nostr-provider.js\"></script></head>#' /etc/nginx/conf.d/default.conf"]
|
|
||||||
- exec: ["nginx", "-s", "reload"]
|
|
||||||
|
|
||||||
# TCP liveness on the nginx port, NOT an http GET of /. nginx binds 7777 at
|
|
||||||
# startup (before workers), so this passes immediately and stays green under
|
|
||||||
# load. An http check of / runs the SPA + sub_filter and false-fails when the
|
|
||||||
# node is busy → the reconciler then treats the frontend as wedged and
|
|
||||||
# recreates it in a loop (observed churning the frontend on the loaded .198).
|
|
||||||
health_check:
|
health_check:
|
||||||
type: tcp
|
type: http
|
||||||
endpoint: localhost:7777
|
endpoint: http://localhost:3000
|
||||||
|
path: /
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 5s
|
timeout: 10s
|
||||||
retries: 5
|
retries: 3
|
||||||
start_period: 30s
|
start_period: 40s
|
||||||
|
|
||||||
interfaces:
|
interfaces:
|
||||||
main:
|
main:
|
||||||
|
|||||||
@ -8,13 +8,6 @@ app:
|
|||||||
image: 146.59.87.168:3000/lfg2025/lnd:v0.18.4-beta
|
image: 146.59.87.168:3000/lfg2025/lnd:v0.18.4-beta
|
||||||
pull_policy: if-not-present
|
pull_policy: if-not-present
|
||||||
network: archy-net
|
network: archy-net
|
||||||
# BITCOIND_HOST must follow the node's actual Bitcoin container — Knots or
|
|
||||||
# Core — resolved at apply time from host facts. Hardcoding either breaks
|
|
||||||
# LND's chain backend connection on the other (lnd.conf is likewise
|
|
||||||
# resolved in lnd::ensure_config).
|
|
||||||
derived_env:
|
|
||||||
- key: BITCOIND_HOST
|
|
||||||
template: "{{BITCOIN_HOST}}"
|
|
||||||
secret_env:
|
secret_env:
|
||||||
- key: BITCOIND_RPCPASS
|
- key: BITCOIND_RPCPASS
|
||||||
secret_file: bitcoin-rpc-password
|
secret_file: bitcoin-rpc-password
|
||||||
@ -52,6 +45,7 @@ app:
|
|||||||
options: [rw]
|
options: [rw]
|
||||||
|
|
||||||
environment:
|
environment:
|
||||||
|
- BITCOIND_HOST=bitcoin-knots
|
||||||
- BITCOIND_RPCUSER=archipelago
|
- BITCOIND_RPCUSER=archipelago
|
||||||
- NETWORK=mainnet
|
- NETWORK=mainnet
|
||||||
|
|
||||||
|
|||||||
@ -27,7 +27,6 @@ app:
|
|||||||
version: ">=1.18.0"
|
version: ">=1.18.0"
|
||||||
- app_id: archy-mempool-db
|
- app_id: archy-mempool-db
|
||||||
version: ">=11.4.10"
|
version: ">=11.4.10"
|
||||||
- bitcoin:archival
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
memory_limit: 2Gi
|
memory_limit: 2Gi
|
||||||
|
|||||||
@ -5,7 +5,7 @@ app:
|
|||||||
description: Bitcoin mempool and blockchain explorer. Real-time transaction and block visualization.
|
description: Bitcoin mempool and blockchain explorer. Real-time transaction and block visualization.
|
||||||
|
|
||||||
container:
|
container:
|
||||||
image: 146.59.87.168:3000/lfg2025/mempool-frontend:v3.0.1
|
image: 146.59.87.168:3000/lfg2025/mempool-frontend:v3.0.0
|
||||||
image_signature: cosign://...
|
image_signature: cosign://...
|
||||||
pull_policy: if-not-present
|
pull_policy: if-not-present
|
||||||
|
|
||||||
@ -13,7 +13,6 @@ app:
|
|||||||
- app_id: bitcoin-core
|
- app_id: bitcoin-core
|
||||||
version: ">=24.0"
|
version: ">=24.0"
|
||||||
- storage: 20Gi
|
- storage: 20Gi
|
||||||
- bitcoin:archival
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
cpu_limit: 2
|
cpu_limit: 2
|
||||||
@ -31,7 +30,7 @@ app:
|
|||||||
|
|
||||||
ports:
|
ports:
|
||||||
- host: 4080
|
- host: 4080
|
||||||
container: 8080 # mempool-frontend nginx listens on 8080 (FRONTEND_HTTP_PORT=8080)
|
container: 4080
|
||||||
protocol: tcp # Web UI
|
protocol: tcp # Web UI
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
|
|||||||
5
apps/meshtastic/Dockerfile
Normal file
5
apps/meshtastic/Dockerfile
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# Meshtastic - uses official image
|
||||||
|
FROM meshtastic/meshtastic:latest
|
||||||
|
|
||||||
|
# Default configuration is in the image
|
||||||
|
# No additional setup needed
|
||||||
69
apps/meshtastic/manifest.yml
Normal file
69
apps/meshtastic/manifest.yml
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
app:
|
||||||
|
id: meshtastic
|
||||||
|
name: Meshtastic
|
||||||
|
version: 2-daily-alpine
|
||||||
|
description: Open-source mesh networking for LoRa radios. Create decentralized communication networks.
|
||||||
|
|
||||||
|
container:
|
||||||
|
image: docker.io/meshtastic/meshtasticd:daily-alpine
|
||||||
|
pull_policy: if-not-present
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- storage: 1Gi
|
||||||
|
|
||||||
|
resources:
|
||||||
|
cpu_limit: 1
|
||||||
|
memory_limit: 512Mi
|
||||||
|
disk_limit: 1Gi
|
||||||
|
|
||||||
|
security:
|
||||||
|
capabilities: [NET_ADMIN, SYS_ADMIN] # Required for LoRa radio access
|
||||||
|
readonly_root: false # Needs write access for device management
|
||||||
|
no_new_privileges: true
|
||||||
|
user: 1000
|
||||||
|
seccomp_profile: default
|
||||||
|
network_policy: host # Requires host network for radio access
|
||||||
|
apparmor_profile: meshtastic
|
||||||
|
|
||||||
|
ports:
|
||||||
|
- host: 4403
|
||||||
|
container: 4403
|
||||||
|
protocol: tcp # Meshtastic TCP API
|
||||||
|
|
||||||
|
devices:
|
||||||
|
- /dev/ttyUSB0 # LoRa radio device (if connected)
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- type: bind
|
||||||
|
source: /var/lib/archipelago/meshtastic
|
||||||
|
target: /var/lib/meshtasticd
|
||||||
|
options: [rw]
|
||||||
|
|
||||||
|
files:
|
||||||
|
- path: /var/lib/archipelago/meshtastic/config.yaml
|
||||||
|
content: |
|
||||||
|
General:
|
||||||
|
MACAddress: AA:BB:CC:DD:EE:01
|
||||||
|
Webserver:
|
||||||
|
Port: 4403
|
||||||
|
|
||||||
|
environment:
|
||||||
|
- MESHTASTIC_PORT=/dev/ttyUSB0
|
||||||
|
- MESHTASTIC_SERIAL=true
|
||||||
|
|
||||||
|
health_check:
|
||||||
|
type: cmd
|
||||||
|
endpoint: test -f /var/lib/meshtasticd/config.yaml
|
||||||
|
interval: 30s
|
||||||
|
timeout: 30s
|
||||||
|
retries: 5
|
||||||
|
|
||||||
|
networking:
|
||||||
|
mesh_enabled: true
|
||||||
|
local_network_access: true
|
||||||
|
|
||||||
|
metadata:
|
||||||
|
icon: /assets/img/app-icons/meshcore.svg
|
||||||
|
category: networking
|
||||||
|
tier: recommended
|
||||||
|
repo: https://github.com/meshtastic/firmware
|
||||||
@ -1,77 +0,0 @@
|
|||||||
app:
|
|
||||||
id: netbird-dashboard
|
|
||||||
name: NetBird Dashboard
|
|
||||||
version: "2.38.0"
|
|
||||||
description: NetBird management dashboard (SPA). Internal stack member served through the netbird proxy.
|
|
||||||
category: networking
|
|
||||||
|
|
||||||
# Hyphen name matches runtime references + the live container (adoption).
|
|
||||||
# Alias `netbird-dashboard` is the short hostname the proxy's nginx proxies to.
|
|
||||||
container_name: netbird-dashboard
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: docker.io/netbirdio/dashboard:v2.38.0
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: netbird-net
|
|
||||||
network_aliases: [netbird-dashboard]
|
|
||||||
# The dashboard SPA bakes its API/OIDC base URL from these at container
|
|
||||||
# start. They must point at the proxy's public HTTPS origin (8087) so the
|
|
||||||
# browser uses a secure context (window.crypto.subtle / OIDC PKCE, #15).
|
|
||||||
# {{HOST_IP}} is the node's primary host IP, resolved at apply time.
|
|
||||||
derived_env:
|
|
||||||
- key: NETBIRD_MGMT_API_ENDPOINT
|
|
||||||
template: "https://{{HOST_IP}}:8087"
|
|
||||||
- key: NETBIRD_MGMT_GRPC_API_ENDPOINT
|
|
||||||
template: "https://{{HOST_IP}}:8087"
|
|
||||||
- key: AUTH_AUTHORITY
|
|
||||||
template: "https://{{HOST_IP}}:8087/oauth2"
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- app_id: netbird-server
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 256Mi
|
|
||||||
|
|
||||||
security:
|
|
||||||
# cap-drop=ALL is applied by the orchestrator. The dashboard image runs
|
|
||||||
# nginx (master as root, drops workers) binding :80 — needs the worker-drop
|
|
||||||
# caps + NET_BIND_SERVICE for the privileged port.
|
|
||||||
capabilities: [CHOWN, DAC_OVERRIDE, SETGID, SETUID, NET_BIND_SERVICE]
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
# Internal only — reached container-to-container by the proxy via netbird-net.
|
|
||||||
ports: []
|
|
||||||
|
|
||||||
volumes: []
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- AUTH_AUDIENCE=netbird-dashboard
|
|
||||||
- AUTH_CLIENT_ID=netbird-dashboard
|
|
||||||
- AUTH_CLIENT_SECRET=
|
|
||||||
- USE_AUTH0=false
|
|
||||||
- AUTH_SUPPORTED_SCOPES=openid profile email groups
|
|
||||||
- AUTH_REDIRECT_URI=/nb-auth
|
|
||||||
- AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
|
|
||||||
- NETBIRD_TOKEN_SOURCE=idToken
|
|
||||||
- NGINX_SSL_PORT=443
|
|
||||||
- LETSENCRYPT_DOMAIN=none
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:80
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 5
|
|
||||||
start_period: 20s
|
|
||||||
|
|
||||||
metadata:
|
|
||||||
author: NetBird
|
|
||||||
icon: /assets/img/app-icons/netbird.svg
|
|
||||||
website: https://netbird.io
|
|
||||||
repo: https://github.com/netbirdio/dashboard
|
|
||||||
license: BSD-3-Clause
|
|
||||||
tags:
|
|
||||||
- networking
|
|
||||||
- vpn
|
|
||||||
- dashboard
|
|
||||||
@ -1,122 +0,0 @@
|
|||||||
app:
|
|
||||||
id: netbird-server
|
|
||||||
name: NetBird Server
|
|
||||||
version: "0.71.2"
|
|
||||||
description: NetBird combined management / signal / relay server with an embedded identity provider and STUN. Backend for the self-hosted NetBird mesh VPN.
|
|
||||||
category: networking
|
|
||||||
|
|
||||||
# Hyphen name matches the runtime references (crash_recovery / dependencies /
|
|
||||||
# config startup order) + the live container, so on an existing node the
|
|
||||||
# orchestrator ADOPTS the running server rather than recreating it (data +
|
|
||||||
# the sqlite store under /var/lib/netbird preserved). Alias `netbird-server`
|
|
||||||
# is the short hostname the proxy's nginx proxies/grpc-passes to.
|
|
||||||
container_name: netbird-server
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: docker.io/netbirdio/netbird-server:0.71.2
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: netbird-net
|
|
||||||
network_aliases: [netbird-server]
|
|
||||||
# The relay authSecret and the sqlite store encryptionKey are base64 keys
|
|
||||||
# (the server base64-decodes them to recover raw bytes — hex would decode to
|
|
||||||
# the wrong value). Generated once and reused: ensure_generated_secrets
|
|
||||||
# no-ops when the file already exists, so a re-render of config.yaml on an
|
|
||||||
# adopted node keeps the same keys (regenerating would orphan the store).
|
|
||||||
generated_secrets:
|
|
||||||
- name: netbird-relay-auth-secret
|
|
||||||
kind: base64
|
|
||||||
- name: netbird-store-encryption-key
|
|
||||||
kind: base64
|
|
||||||
# Pass the rendered config explicitly, mirroring the legacy `--config` arg.
|
|
||||||
custom_args: ["--config", "/etc/netbird/config.yaml"]
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- storage: 1Gi
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 1Gi
|
|
||||||
|
|
||||||
security:
|
|
||||||
# cap-drop=ALL is applied by the orchestrator. The server binds :80
|
|
||||||
# (management/signal/relay HTTP + gRPC) inside the container — a privileged
|
|
||||||
# port — so it needs NET_BIND_SERVICE. STUN is 3478/udp (unprivileged).
|
|
||||||
capabilities: [NET_BIND_SERVICE]
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports:
|
|
||||||
- host: 8086
|
|
||||||
container: 80
|
|
||||||
protocol: tcp # management API + embedded OIDC issuer (/oauth2)
|
|
||||||
- host: 3478
|
|
||||||
container: 3478
|
|
||||||
protocol: udp # STUN — must be UDP; tcp here breaks relay discovery
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- type: bind
|
|
||||||
source: /var/lib/archipelago/netbird/data
|
|
||||||
target: /var/lib/netbird
|
|
||||||
options: [rw]
|
|
||||||
# The rendered config.yaml, read-only. Re-rendered on every reconcile from
|
|
||||||
# host facts + the base64 secrets; idempotent (stable bytes → no restart).
|
|
||||||
- type: bind
|
|
||||||
source: /var/lib/archipelago/netbird/config.yaml
|
|
||||||
target: /etc/netbird/config.yaml
|
|
||||||
options: [ro]
|
|
||||||
|
|
||||||
environment: []
|
|
||||||
|
|
||||||
# The server's config. {{HOST_IP}} is the node's primary host IP (the proxy's
|
|
||||||
# public origin is https on 8087 — the dashboard needs a secure context for
|
|
||||||
# OIDC PKCE, issue #15). {{secret:...}} are read 0600 from the secrets dir.
|
|
||||||
files:
|
|
||||||
- path: /var/lib/archipelago/netbird/config.yaml
|
|
||||||
overwrite: true
|
|
||||||
content: |
|
|
||||||
server:
|
|
||||||
listenAddress: ":80"
|
|
||||||
exposedAddress: "https://{{HOST_IP}}:8087"
|
|
||||||
stunPorts:
|
|
||||||
- 3478
|
|
||||||
metricsPort: 9090
|
|
||||||
healthcheckAddress: ":9000"
|
|
||||||
logLevel: "info"
|
|
||||||
logFile: "console"
|
|
||||||
authSecret: "{{secret:netbird-relay-auth-secret}}"
|
|
||||||
dataDir: "/var/lib/netbird"
|
|
||||||
auth:
|
|
||||||
issuer: "https://{{HOST_IP}}:8087/oauth2"
|
|
||||||
localAuthDisabled: false
|
|
||||||
signKeyRefreshEnabled: false
|
|
||||||
dashboardRedirectURIs:
|
|
||||||
- "https://{{HOST_IP}}:8087/nb-auth"
|
|
||||||
- "https://{{HOST_IP}}:8087/nb-silent-auth"
|
|
||||||
dashboardPostLogoutRedirectURIs:
|
|
||||||
- "https://{{HOST_IP}}:8087/"
|
|
||||||
cliRedirectURIs:
|
|
||||||
- "http://localhost:53000/"
|
|
||||||
store:
|
|
||||||
engine: "sqlite"
|
|
||||||
encryptionKey: "{{secret:netbird-store-encryption-key}}"
|
|
||||||
|
|
||||||
# TCP liveness on the management port. Binds at startup, stays green; an http
|
|
||||||
# check of /oauth2 would false-fail while the issuer warms up.
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:80
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 10
|
|
||||||
start_period: 30s
|
|
||||||
|
|
||||||
metadata:
|
|
||||||
author: NetBird
|
|
||||||
icon: /assets/img/app-icons/netbird.svg
|
|
||||||
website: https://netbird.io
|
|
||||||
repo: https://github.com/netbirdio/netbird
|
|
||||||
license: BSD-3-Clause
|
|
||||||
tags:
|
|
||||||
- networking
|
|
||||||
- vpn
|
|
||||||
- wireguard
|
|
||||||
- mesh
|
|
||||||
@ -1,182 +0,0 @@
|
|||||||
app:
|
|
||||||
id: netbird
|
|
||||||
name: NetBird
|
|
||||||
version: "2.38.0"
|
|
||||||
description: Self-hosted WireGuard mesh VPN control plane with dashboard, embedded identity provider, management API, signal, relay, and STUN. The user-facing entry point — a TLS proxy in front of the dashboard + server.
|
|
||||||
category: networking
|
|
||||||
|
|
||||||
# The user-facing launcher (app_id + container both "netbird", matching the
|
|
||||||
# runtime references + the live container so the orchestrator adopts it). This
|
|
||||||
# is the nginx that terminates TLS on 8087 and fans out to the dashboard +
|
|
||||||
# server by their short aliases on netbird-net.
|
|
||||||
container_name: netbird
|
|
||||||
|
|
||||||
container:
|
|
||||||
image: docker.io/library/nginx:1.27-alpine
|
|
||||||
pull_policy: if-not-present
|
|
||||||
network: netbird-net
|
|
||||||
# Self-signed TLS cert materialised before create — the dashboard needs a
|
|
||||||
# secure context (window.crypto.subtle / OIDC PKCE, issue #15), so the proxy
|
|
||||||
# serves HTTPS. Idempotent: kept as-is when crt+key already exist (a user
|
|
||||||
# accepts it once). SAN defaults to the host IP + 127.0.0.1 + localhost.
|
|
||||||
generated_certs:
|
|
||||||
- crt: /var/lib/archipelago/netbird/tls.crt
|
|
||||||
key: /var/lib/archipelago/netbird/tls.key
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- app_id: netbird-server
|
|
||||||
- app_id: netbird-dashboard
|
|
||||||
- storage: 1Gi
|
|
||||||
|
|
||||||
resources:
|
|
||||||
memory_limit: 256Mi
|
|
||||||
|
|
||||||
security:
|
|
||||||
# cap-drop=ALL is applied by the orchestrator. nginx (master as root, drops
|
|
||||||
# workers) binds :443 — needs the worker-drop caps + NET_BIND_SERVICE.
|
|
||||||
capabilities: [CHOWN, DAC_OVERRIDE, SETGID, SETUID, NET_BIND_SERVICE]
|
|
||||||
readonly_root: false
|
|
||||||
network_policy: isolated
|
|
||||||
|
|
||||||
ports:
|
|
||||||
# 8087 publishes the TLS listener (container :443). HTTPS is required for the
|
|
||||||
# dashboard's secure context (issue #15).
|
|
||||||
- host: 8087
|
|
||||||
container: 443
|
|
||||||
protocol: tcp
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- type: bind
|
|
||||||
source: /var/lib/archipelago/netbird/nginx.conf
|
|
||||||
target: /etc/nginx/conf.d/default.conf
|
|
||||||
options: [ro]
|
|
||||||
- type: bind
|
|
||||||
source: /var/lib/archipelago/netbird/tls.crt
|
|
||||||
target: /etc/nginx/tls.crt
|
|
||||||
options: [ro]
|
|
||||||
- type: bind
|
|
||||||
source: /var/lib/archipelago/netbird/tls.key
|
|
||||||
target: /etc/nginx/tls.key
|
|
||||||
options: [ro]
|
|
||||||
|
|
||||||
environment: []
|
|
||||||
|
|
||||||
# The proxy config. {{NETWORK_GATEWAY}} is the netbird-net bridge gateway =
|
|
||||||
# Podman's aardvark DNS. nginx uses it as an explicit `resolver` with VARIABLE
|
|
||||||
# upstreams so it re-resolves container names per request — without it nginx
|
|
||||||
# pins a container IP at startup and 502s forever once that IP moves on a
|
|
||||||
# restart/reboot (issue #15, observed live on .198). Every #15 fix below
|
|
||||||
# (CORS $http_origin reflect, grpc pass, nb-auth/nb-silent-auth rewrite to
|
|
||||||
# index.html, /relay websocket) is preserved verbatim from the legacy config.
|
|
||||||
files:
|
|
||||||
- path: /var/lib/archipelago/netbird/nginx.conf
|
|
||||||
overwrite: true
|
|
||||||
content: |
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
server_name _;
|
|
||||||
|
|
||||||
# netbird's dashboard needs a secure context (window.crypto.subtle for
|
|
||||||
# OIDC PKCE), so the proxy terminates TLS with a self-signed cert (#15).
|
|
||||||
ssl_certificate /etc/nginx/tls.crt;
|
|
||||||
ssl_certificate_key /etc/nginx/tls.key;
|
|
||||||
|
|
||||||
# Rootless Podman can hand a container a new IP across restarts/reboots.
|
|
||||||
# nginx resolves a literal upstream name ONCE at startup and caches it,
|
|
||||||
# so after the IP moves every request 502s with "host unreachable"
|
|
||||||
# (issue #15, observed live on .198: nginx pinned to a dead
|
|
||||||
# netbird-dashboard IP). Fix: point `resolver` at the netbird-net
|
|
||||||
# gateway (Podman's aardvark DNS) and use VARIABLE upstreams, which
|
|
||||||
# forces nginx to re-resolve the container names at request time.
|
|
||||||
resolver {{NETWORK_GATEWAY}} valid=10s ipv6=off;
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
|
|
||||||
location ~ ^/(relay|ws-proxy/) {
|
|
||||||
set $nb_server netbird-server;
|
|
||||||
proxy_pass http://$nb_server:80;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 1d;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^/(api|oauth2)(/|$) {
|
|
||||||
# The dashboard is a SPA whose API/OIDC base URL is baked at build
|
|
||||||
# time to one host:port. A single box is reached via several
|
|
||||||
# addresses, so those fetches are cross-origin and the browser
|
|
||||||
# blocks them with no Access-Control-Allow-Origin (#15, live on
|
|
||||||
# .198). Reflect the caller's Origin and answer the CORS preflight.
|
|
||||||
if ($request_method = OPTIONS) {
|
|
||||||
add_header Access-Control-Allow-Origin $http_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials true always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept" always;
|
|
||||||
add_header Access-Control-Max-Age 86400 always;
|
|
||||||
add_header Content-Length 0;
|
|
||||||
return 204;
|
|
||||||
}
|
|
||||||
add_header Access-Control-Allow-Origin $http_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials true always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept" always;
|
|
||||||
set $nb_server netbird-server;
|
|
||||||
proxy_pass http://$nb_server:80;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^/(signalexchange\.SignalExchange|management\.ManagementService|management\.ProxyService)/ {
|
|
||||||
set $nb_server netbird-server;
|
|
||||||
grpc_pass grpc://$nb_server:80;
|
|
||||||
grpc_read_timeout 1d;
|
|
||||||
grpc_send_timeout 1d;
|
|
||||||
}
|
|
||||||
|
|
||||||
# OIDC callback routes are client-side SPA routes with NO prebuilt page
|
|
||||||
# in the dashboard bundle, so proxying them straight through 404s —
|
|
||||||
# which crashes the dashboard's auth init and shows "Unauthenticated"
|
|
||||||
# with dead buttons (#15, live on .198: /nb-auth + /nb-silent-auth
|
|
||||||
# returned 404). Serve index.html at these paths (URL unchanged) so
|
|
||||||
# react-oidc boots and completes the login / silent-SSO.
|
|
||||||
location ~ ^/(nb-auth|nb-silent-auth) {
|
|
||||||
set $nb_dashboard netbird-dashboard;
|
|
||||||
rewrite ^.*$ /index.html break;
|
|
||||||
proxy_pass http://$nb_dashboard:80;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
set $nb_dashboard netbird-dashboard;
|
|
||||||
proxy_pass http://$nb_dashboard:80;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
health_check:
|
|
||||||
type: tcp
|
|
||||||
endpoint: localhost:443
|
|
||||||
interval: 30s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 5
|
|
||||||
start_period: 20s
|
|
||||||
|
|
||||||
interfaces:
|
|
||||||
main:
|
|
||||||
name: Dashboard
|
|
||||||
description: Manage your self-hosted NetBird mesh VPN
|
|
||||||
type: ui
|
|
||||||
port: 8087
|
|
||||||
protocol: https
|
|
||||||
path: /
|
|
||||||
|
|
||||||
metadata:
|
|
||||||
author: NetBird
|
|
||||||
icon: /assets/img/app-icons/netbird.svg
|
|
||||||
website: https://netbird.io
|
|
||||||
repo: https://github.com/netbirdio/netbird
|
|
||||||
license: BSD-3-Clause
|
|
||||||
tags:
|
|
||||||
- networking
|
|
||||||
- vpn
|
|
||||||
- wireguard
|
|
||||||
- mesh
|
|
||||||
80
core/Cargo.lock
generated
80
core/Cargo.lock
generated
@ -99,7 +99,6 @@ version = "1.7.99-alpha"
|
|||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"archipelago-container",
|
"archipelago-container",
|
||||||
"archipelago-openwrt",
|
|
||||||
"archipelago-performance",
|
"archipelago-performance",
|
||||||
"archipelago-security",
|
"archipelago-security",
|
||||||
"argon2",
|
"argon2",
|
||||||
@ -129,7 +128,6 @@ dependencies = [
|
|||||||
"hyper-ws-listener",
|
"hyper-ws-listener",
|
||||||
"iroh",
|
"iroh",
|
||||||
"iroh-blobs",
|
"iroh-blobs",
|
||||||
"libc",
|
|
||||||
"mainline",
|
"mainline",
|
||||||
"mdns-sd",
|
"mdns-sd",
|
||||||
"nostr-sdk",
|
"nostr-sdk",
|
||||||
@ -182,22 +180,6 @@ dependencies = [
|
|||||||
"uuid",
|
"uuid",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "archipelago-openwrt"
|
|
||||||
version = "0.1.0"
|
|
||||||
dependencies = [
|
|
||||||
"anyhow",
|
|
||||||
"async-trait",
|
|
||||||
"reqwest 0.11.27",
|
|
||||||
"serde",
|
|
||||||
"serde_json",
|
|
||||||
"ssh2",
|
|
||||||
"thiserror 1.0.69",
|
|
||||||
"tokio",
|
|
||||||
"tokio-test",
|
|
||||||
"tracing",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "archipelago-performance"
|
name = "archipelago-performance"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
@ -2857,32 +2839,6 @@ dependencies = [
|
|||||||
"redox_syscall 0.7.3",
|
"redox_syscall 0.7.3",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "libssh2-sys"
|
|
||||||
version = "0.3.1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "220e4f05ad4a218192533b300327f5150e809b54c4ec83b5a1d91833601811b9"
|
|
||||||
dependencies = [
|
|
||||||
"cc",
|
|
||||||
"libc",
|
|
||||||
"libz-sys",
|
|
||||||
"openssl-sys",
|
|
||||||
"pkg-config",
|
|
||||||
"vcpkg",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "libz-sys"
|
|
||||||
version = "1.1.29"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "85bc9657773828b90eeb625adff10eeac83cc21bbfd8e23a03eaa8a33c9e28d9"
|
|
||||||
dependencies = [
|
|
||||||
"cc",
|
|
||||||
"libc",
|
|
||||||
"pkg-config",
|
|
||||||
"vcpkg",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "linux-raw-sys"
|
name = "linux-raw-sys"
|
||||||
version = "0.11.0"
|
version = "0.11.0"
|
||||||
@ -3624,18 +3580,6 @@ version = "0.2.1"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"
|
checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "openssl-sys"
|
|
||||||
version = "0.9.117"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "b47e7e6bb2c38cd930d25a23b40fa52e068c10e85f3e03a7f5ba5aaca5713695"
|
|
||||||
dependencies = [
|
|
||||||
"cc",
|
|
||||||
"libc",
|
|
||||||
"pkg-config",
|
|
||||||
"vcpkg",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "papaya"
|
name = "papaya"
|
||||||
version = "0.2.4"
|
version = "0.2.4"
|
||||||
@ -3814,12 +3758,6 @@ dependencies = [
|
|||||||
"spki 0.8.0",
|
"spki 0.8.0",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "pkg-config"
|
|
||||||
version = "0.3.33"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "plain"
|
name = "plain"
|
||||||
version = "0.2.3"
|
version = "0.2.3"
|
||||||
@ -5050,18 +4988,6 @@ dependencies = [
|
|||||||
"der 0.8.0",
|
"der 0.8.0",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "ssh2"
|
|
||||||
version = "0.9.5"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "2f84d13b3b8a0d4e91a2629911e951db1bb8671512f5c09d7d4ba34500ba68c8"
|
|
||||||
dependencies = [
|
|
||||||
"bitflags 2.13.0",
|
|
||||||
"libc",
|
|
||||||
"libssh2-sys",
|
|
||||||
"parking_lot 0.12.5",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "stable_deref_trait"
|
name = "stable_deref_trait"
|
||||||
version = "1.2.1"
|
version = "1.2.1"
|
||||||
@ -5849,12 +5775,6 @@ version = "0.1.1"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
|
checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "vcpkg"
|
|
||||||
version = "0.2.15"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "vergen"
|
name = "vergen"
|
||||||
version = "9.1.0"
|
version = "9.1.0"
|
||||||
|
|||||||
@ -4,7 +4,6 @@ resolver = "2"
|
|||||||
members = [
|
members = [
|
||||||
"archipelago",
|
"archipelago",
|
||||||
"container",
|
"container",
|
||||||
"openwrt",
|
|
||||||
"performance",
|
"performance",
|
||||||
"security",
|
"security",
|
||||||
]
|
]
|
||||||
|
|||||||
@ -22,7 +22,6 @@ iroh-swarm = ["dep:iroh", "dep:iroh-blobs"]
|
|||||||
[dependencies]
|
[dependencies]
|
||||||
# Core dependencies
|
# Core dependencies
|
||||||
tokio = { version = "1", features = ["full"] }
|
tokio = { version = "1", features = ["full"] }
|
||||||
libc = "0.2" # process-group signalling for the supervised reticulum daemon
|
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
serde_json = "1.0"
|
serde_json = "1.0"
|
||||||
anyhow = "1.0"
|
anyhow = "1.0"
|
||||||
@ -43,7 +42,6 @@ futures-util = "0.3"
|
|||||||
|
|
||||||
# Our modules
|
# Our modules
|
||||||
archipelago-container = { path = "../container" }
|
archipelago-container = { path = "../container" }
|
||||||
archipelago-openwrt = { path = "../openwrt" }
|
|
||||||
archipelago-security = { path = "../security" }
|
archipelago-security = { path = "../security" }
|
||||||
archipelago-performance = { path = "../performance" }
|
archipelago-performance = { path = "../performance" }
|
||||||
|
|
||||||
|
|||||||
@ -48,17 +48,6 @@ impl ApiHandler {
|
|||||||
.get("x-blob-filename")
|
.get("x-blob-filename")
|
||||||
.and_then(|v| v.to_str().ok())
|
.and_then(|v| v.to_str().ok())
|
||||||
.map(|s| s.to_string());
|
.map(|s| s.to_string());
|
||||||
// Optional caller-supplied thumbnail (small, base64) — e.g. the mesh
|
|
||||||
// chat's image-quality picker generates a tiny client-side preview so
|
|
||||||
// a ContentRef receiver can render something before fetching the full
|
|
||||||
// blob. Best-effort: a malformed header is just ignored, not fatal.
|
|
||||||
let thumb_bytes = headers
|
|
||||||
.get("x-blob-thumb")
|
|
||||||
.and_then(|v| v.to_str().ok())
|
|
||||||
.and_then(|b64| {
|
|
||||||
use base64::{engine::general_purpose::STANDARD, Engine as _};
|
|
||||||
STANDARD.decode(b64).ok()
|
|
||||||
});
|
|
||||||
|
|
||||||
let bytes = body.to_vec();
|
let bytes = body.to_vec();
|
||||||
// Uploads through /api/blob come from the node owner's session and
|
// Uploads through /api/blob come from the node owner's session and
|
||||||
@ -66,7 +55,7 @@ impl ApiHandler {
|
|||||||
// pictures, banners). Store them public so `/blob/<cid>` serves
|
// pictures, banners). Store them public so `/blob/<cid>` serves
|
||||||
// without a capability check — external Nostr clients fetching a
|
// without a capability check — external Nostr clients fetching a
|
||||||
// kind-0 `picture` URL have no cap and can't get one.
|
// kind-0 `picture` URL have no cap and can't get one.
|
||||||
match store.put(&bytes, &mime, filename, thumb_bytes, true).await {
|
match store.put(&bytes, &mime, filename, None, true).await {
|
||||||
Ok(meta) => {
|
Ok(meta) => {
|
||||||
let exp =
|
let exp =
|
||||||
(chrono::Utc::now().timestamp() as u64) + crate::blobs::DEFAULT_CAP_TTL_SECS;
|
(chrono::Utc::now().timestamp() as u64) + crate::blobs::DEFAULT_CAP_TTL_SECS;
|
||||||
|
|||||||
@ -146,9 +146,7 @@ impl ApiHandler {
|
|||||||
Ok(content_server::ServeResult::Forbidden) => Ok(build_response(
|
Ok(content_server::ServeResult::Forbidden) => Ok(build_response(
|
||||||
StatusCode::FORBIDDEN,
|
StatusCode::FORBIDDEN,
|
||||||
"application/json",
|
"application/json",
|
||||||
hyper::Body::from(
|
hyper::Body::from(r#"{"error":"Access denied — federation peer required"}"#),
|
||||||
r#"{"error":"This file is shared with the host's federation peers only. Federate with that node (exchange invites) so it recognizes you, then try again."}"#,
|
|
||||||
),
|
|
||||||
)),
|
)),
|
||||||
Ok(content_server::ServeResult::NotFound) | Err(_) => Ok(build_response(
|
Ok(content_server::ServeResult::NotFound) | Err(_) => Ok(build_response(
|
||||||
StatusCode::NOT_FOUND,
|
StatusCode::NOT_FOUND,
|
||||||
@ -224,12 +222,8 @@ impl ApiHandler {
|
|||||||
hyper::Body::from(r#"{"error":"Invoice missing payment hash"}"#),
|
hyper::Body::from(r#"{"error":"Invoice missing payment hash"}"#),
|
||||||
)),
|
)),
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
// Surface the FULL error chain ({:#}) — the generic top-level
|
|
||||||
// message hid the real cause (e.g. the LND REST connection
|
|
||||||
// failing), which made this 503 undiagnosable.
|
|
||||||
tracing::warn!("content invoice creation failed: {e:#}");
|
|
||||||
let body = serde_json::json!({
|
let body = serde_json::json!({
|
||||||
"error": format!("Could not create invoice: {e:#}")
|
"error": format!("Could not create invoice: {e}")
|
||||||
});
|
});
|
||||||
Ok(build_response(
|
Ok(build_response(
|
||||||
StatusCode::SERVICE_UNAVAILABLE,
|
StatusCode::SERVICE_UNAVAILABLE,
|
||||||
|
|||||||
@ -39,17 +39,6 @@ impl ApiHandler {
|
|||||||
|
|
||||||
let (mut tx, mut rx) = ws_stream.split();
|
let (mut tx, mut rx) = ws_stream.split();
|
||||||
|
|
||||||
// Subscribe BEFORE taking the initial snapshot. Messages are full
|
|
||||||
// data dumps keyed by a monotonic revision, so a broadcast that
|
|
||||||
// races the snapshot is at worst a harmless duplicate/newer dump
|
|
||||||
// delivered right after — but subscribing after the snapshot send
|
|
||||||
// (the old order) let any update in that window vanish forever,
|
|
||||||
// since a tokio broadcast channel never delivers sends that
|
|
||||||
// predate subscribe(). That silently stuck clients (e.g. a fresh
|
|
||||||
// install's post-boot container scan) on a stale initial snapshot
|
|
||||||
// until a full page reload opened a new connection past the race.
|
|
||||||
let mut state_rx = state_manager.subscribe();
|
|
||||||
|
|
||||||
let initial_msg = state_manager.get_initial_message().await;
|
let initial_msg = state_manager.get_initial_message().await;
|
||||||
if let Ok(json_msg) = serde_json::to_string(&initial_msg) {
|
if let Ok(json_msg) = serde_json::to_string(&initial_msg) {
|
||||||
if let Err(e) = tx.send(Message::Text(json_msg)).await {
|
if let Err(e) = tx.send(Message::Text(json_msg)).await {
|
||||||
@ -58,6 +47,8 @@ impl ApiHandler {
|
|||||||
}
|
}
|
||||||
debug!("Sent initial data dump at revision {}", initial_msg.rev);
|
debug!("Sent initial data dump at revision {}", initial_msg.rev);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let mut state_rx = state_manager.subscribe();
|
||||||
let ping_interval = tokio::time::interval(tokio::time::Duration::from_secs(30));
|
let ping_interval = tokio::time::interval(tokio::time::Duration::from_secs(30));
|
||||||
tokio::pin!(ping_interval);
|
tokio::pin!(ping_interval);
|
||||||
let mut last_client_activity = Instant::now();
|
let mut last_client_activity = Instant::now();
|
||||||
|
|||||||
@ -141,19 +141,6 @@ impl RpcHandler {
|
|||||||
|
|
||||||
self.auth_manager.setup_user(password).await?;
|
self.auth_manager.setup_user(password).await?;
|
||||||
tracing::info!("[onboarding] user setup complete");
|
tracing::info!("[onboarding] user setup complete");
|
||||||
|
|
||||||
// Persist the pending onboarding seed as the encrypted backup now that
|
|
||||||
// a passphrase (the login password) finally exists — otherwise "Reveal
|
|
||||||
// recovery phrase" has nothing to decrypt on this node, ever.
|
|
||||||
// Best-effort: a failure here must not break password setup.
|
|
||||||
match super::seed_rpc::save_pending_seed_encrypted(&self.config.data_dir, password).await {
|
|
||||||
Ok(true) => tracing::info!("[onboarding] encrypted seed backup saved"),
|
|
||||||
Ok(false) => tracing::info!(
|
|
||||||
"[onboarding] no pending mnemonic to back up (restored earlier or legacy node)"
|
|
||||||
),
|
|
||||||
Err(e) => tracing::warn!("[onboarding] encrypted seed backup failed: {e:#}"),
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(serde_json::json!(true))
|
Ok(serde_json::json!(true))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -171,12 +171,6 @@ impl RpcHandler {
|
|||||||
// than the WebSocket-delivered package_data, which caused apps to flicker
|
// than the WebSocket-delivered package_data, which caused apps to flicker
|
||||||
// between "installed" and "not-installed" in the UI.
|
// between "installed" and "not-installed" in the UI.
|
||||||
let (data, _) = self.state_manager.get_snapshot().await;
|
let (data, _) = self.state_manager.get_snapshot().await;
|
||||||
// Apps the user explicitly stopped must read as "stopped" even though a
|
|
||||||
// UI companion (electrs-ui, bitcoin-ui, …) keeps serving the launch port:
|
|
||||||
// launch_port_reachable() below would otherwise upgrade an exited backend
|
|
||||||
// back to "running". The reconcile guard keeps these backends down, so the
|
|
||||||
// marker is authoritative here.
|
|
||||||
let user_stopped = crate::crash_recovery::load_user_stopped(&self.config.data_dir).await;
|
|
||||||
if data.server_info.status_info.containers_scanned && !data.package_data.is_empty() {
|
if data.server_info.status_info.containers_scanned && !data.package_data.is_empty() {
|
||||||
let mut containers = Vec::with_capacity(data.package_data.len());
|
let mut containers = Vec::with_capacity(data.package_data.len());
|
||||||
for (id, pkg) in &data.package_data {
|
for (id, pkg) in &data.package_data {
|
||||||
@ -208,11 +202,7 @@ impl RpcHandler {
|
|||||||
// Scanner backoff preserves cached package_data. Refresh stable
|
// Scanner backoff preserves cached package_data. Refresh stable
|
||||||
// states so callers do not see stale `running`/`exited` after
|
// states so callers do not see stale `running`/`exited` after
|
||||||
// health-monitor recovery or Quadlet --rm container removal.
|
// health-monitor recovery or Quadlet --rm container removal.
|
||||||
if user_stopped.contains(id) {
|
if state == "running" && requires_launch_port_for_health(id) {
|
||||||
// User stopped it → authoritative "stopped". Do NOT let a
|
|
||||||
// still-running UI companion's launch port mark it running.
|
|
||||||
state = "stopped".to_string();
|
|
||||||
} else if state == "running" && requires_launch_port_for_health(id) {
|
|
||||||
if !self.cached_reachable_health(id).await?.is_some() {
|
if !self.cached_reachable_health(id).await?.is_some() {
|
||||||
state = live_state_for_app(id)
|
state = live_state_for_app(id)
|
||||||
.await
|
.await
|
||||||
|
|||||||
@ -19,29 +19,6 @@ fn is_valid_v3_onion(addr: &str) -> bool {
|
|||||||
|
|
||||||
const FILE_CATALOG_PROTOCOL: &str = "https://archipelago.dev/protocols/file-catalog/v1";
|
const FILE_CATALOG_PROTOCOL: &str = "https://archipelago.dev/protocols/file-catalog/v1";
|
||||||
|
|
||||||
/// Best-effort reclaim of an ecash payment token that was minted but the sale
|
|
||||||
/// didn't complete (seller unreachable or couldn't redeem it), so the buyer
|
|
||||||
/// doesn't lose the value. For Fedimint the spender can reissue its own
|
|
||||||
/// un-redeemed notes; for Cashu the proofs are received back. Fails silently if
|
|
||||||
/// the seller already claimed the token (then the value is genuinely gone).
|
|
||||||
async fn reclaim_spent_ecash(data_dir: &std::path::Path, token: &str, backend: &str) {
|
|
||||||
let res = match backend {
|
|
||||||
"fedimint" => crate::wallet::fedimint_client::reissue_into_any(data_dir, token)
|
|
||||||
.await
|
|
||||||
.map(|(sats, _fed)| sats),
|
|
||||||
_ => ecash::receive_token(data_dir, token).await,
|
|
||||||
};
|
|
||||||
match res {
|
|
||||||
Ok(sats) => tracing::info!(
|
|
||||||
"paid download: reclaimed {sats} sats of unspent {backend} ecash after a failed sale"
|
|
||||||
),
|
|
||||||
Err(e) => tracing::warn!(
|
|
||||||
"paid download: could not reclaim {backend} ecash (the peer may have already \
|
|
||||||
claimed it): {e:#}"
|
|
||||||
),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
impl RpcHandler {
|
impl RpcHandler {
|
||||||
/// List content I'm sharing.
|
/// List content I'm sharing.
|
||||||
pub(super) async fn handle_content_list_mine(&self) -> Result<serde_json::Value> {
|
pub(super) async fn handle_content_list_mine(&self) -> Result<serde_json::Value> {
|
||||||
@ -283,20 +260,6 @@ impl RpcHandler {
|
|||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
// A 403 carries an actionable reason in its JSON body (e.g. "shared with
|
|
||||||
// the host's federation peers only — federate first"). Surface that to
|
|
||||||
// the user instead of a bare "Peer returned: 403 Forbidden".
|
|
||||||
if response.status() == reqwest::StatusCode::FORBIDDEN {
|
|
||||||
let status = response.status();
|
|
||||||
let body: serde_json::Value = response.json().await.unwrap_or_default();
|
|
||||||
let msg = body
|
|
||||||
.get("error")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(|s| s.to_string())
|
|
||||||
.unwrap_or_else(|| format!("Peer returned: {status}"));
|
|
||||||
return Err(anyhow::anyhow!(msg));
|
|
||||||
}
|
|
||||||
|
|
||||||
if !response.status().is_success() {
|
if !response.status().is_success() {
|
||||||
return Err(anyhow::anyhow!("Peer returned: {}", response.status()));
|
return Err(anyhow::anyhow!("Peer returned: {}", response.status()));
|
||||||
}
|
}
|
||||||
@ -406,64 +369,10 @@ impl RpcHandler {
|
|||||||
return Err(anyhow::anyhow!("Invalid v3 onion address"));
|
return Err(anyhow::anyhow!("Invalid v3 onion address"));
|
||||||
}
|
}
|
||||||
|
|
||||||
// `method` pins the backend the user confirmed in the UI ("cashu" |
|
// Mint ecash payment token
|
||||||
// "fedimint"); absent = auto (Cashu first, then Fedimint). The seller's
|
let token_str = ecash::send_token(&self.config.data_dir, price_sats)
|
||||||
// verify_payment_token accepts either, so a node whose balance lives in
|
.await
|
||||||
// one system can still pay (#3).
|
.context("Failed to create ecash payment token — check wallet balance")?;
|
||||||
let method = params.get("method").and_then(|v| v.as_str());
|
|
||||||
|
|
||||||
let mint_cashu = || ecash::send_token(&self.config.data_dir, price_sats);
|
|
||||||
let mint_fedimint =
|
|
||||||
|| crate::wallet::fedimint_client::spend_from_any(&self.config.data_dir, price_sats);
|
|
||||||
|
|
||||||
let (token_str, used_backend) = match method {
|
|
||||||
Some("cashu") => match mint_cashu().await {
|
|
||||||
Ok(t) => (t, "cashu"),
|
|
||||||
Err(e) => {
|
|
||||||
tracing::warn!("paid download: cashu mint failed for {price_sats} sats: {e:#}");
|
|
||||||
return Ok(serde_json::json!({ "error": format!(
|
|
||||||
"Couldn't pay {price_sats} sats from your Cashu wallet: {e}. \
|
|
||||||
Fund it, or choose Fedimint."
|
|
||||||
) }));
|
|
||||||
}
|
|
||||||
},
|
|
||||||
Some("fedimint") => match mint_fedimint().await {
|
|
||||||
Ok((notes, fed)) => {
|
|
||||||
tracing::info!(
|
|
||||||
"paid download: spending {price_sats} sats Fedimint notes from {fed}"
|
|
||||||
);
|
|
||||||
(notes, "fedimint")
|
|
||||||
}
|
|
||||||
Err(e) => {
|
|
||||||
tracing::warn!(
|
|
||||||
"paid download: fedimint spend failed for {price_sats} sats: {e:#}"
|
|
||||||
);
|
|
||||||
return Ok(serde_json::json!({ "error": format!(
|
|
||||||
"Couldn't pay {price_sats} sats from your Fedimint wallet: {e}. \
|
|
||||||
Fund it, or choose Cashu."
|
|
||||||
) }));
|
|
||||||
}
|
|
||||||
},
|
|
||||||
_ => match mint_cashu().await {
|
|
||||||
Ok(t) => (t, "cashu"),
|
|
||||||
Err(cashu_err) => match mint_fedimint().await {
|
|
||||||
Ok((notes, _fed)) => (notes, "fedimint"),
|
|
||||||
Err(fedi_err) => {
|
|
||||||
tracing::warn!(
|
|
||||||
"paid download: no ecash backend could pay {price_sats} sats \
|
|
||||||
(cashu: {cashu_err:#}; fedimint: {fedi_err:#})"
|
|
||||||
);
|
|
||||||
return Ok(serde_json::json!({ "error": format!(
|
|
||||||
"Couldn't pay {price_sats} sats from your ecash wallet \
|
|
||||||
(Cashu or Fedimint). Fund either wallet and try again."
|
|
||||||
) }));
|
|
||||||
}
|
|
||||||
},
|
|
||||||
},
|
|
||||||
};
|
|
||||||
tracing::info!(
|
|
||||||
"paid download: paying {price_sats} sats to {onion} via {used_backend} ecash"
|
|
||||||
);
|
|
||||||
|
|
||||||
let (data, _) = self.state_manager.get_snapshot().await;
|
let (data, _) = self.state_manager.get_snapshot().await;
|
||||||
let local_did = crate::identity::did_key_from_pubkey_hex(&data.server_info.pubkey)?;
|
let local_did = crate::identity::did_key_from_pubkey_hex(&data.server_info.pubkey)?;
|
||||||
@ -480,7 +389,7 @@ impl RpcHandler {
|
|||||||
)
|
)
|
||||||
.service(crate::settings::transport::PeerService::PeerFiles)
|
.service(crate::settings::transport::PeerService::PeerFiles)
|
||||||
.header("X-Federation-DID", local_did)
|
.header("X-Federation-DID", local_did)
|
||||||
.header("X-Payment-Token", token_str.clone())
|
.header("X-Payment-Token", token_str)
|
||||||
.timeout(std::time::Duration::from_secs(900))
|
.timeout(std::time::Duration::from_secs(900))
|
||||||
.send_get()
|
.send_get()
|
||||||
.await
|
.await
|
||||||
@ -488,11 +397,8 @@ impl RpcHandler {
|
|||||||
Ok(v) => v,
|
Ok(v) => v,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
tracing::warn!("paid peer download dial failed for {}: {:#}", onion, e);
|
tracing::warn!("paid peer download dial failed for {}: {:#}", onion, e);
|
||||||
// The token was already minted/spent — reclaim it so the buyer
|
|
||||||
// doesn't lose the value when the seller was simply unreachable.
|
|
||||||
reclaim_spent_ecash(&self.config.data_dir, &token_str, used_backend).await;
|
|
||||||
return Ok(serde_json::json!({
|
return Ok(serde_json::json!({
|
||||||
"error": "Could not reach the peer over mesh or Tor — it may be offline. Your ecash was refunded to your wallet. Please try again."
|
"error": "Could not reach the peer over mesh or Tor — it may be offline. Please try again."
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
@ -506,92 +412,30 @@ impl RpcHandler {
|
|||||||
.await;
|
.await;
|
||||||
|
|
||||||
if response.status() == reqwest::StatusCode::PAYMENT_REQUIRED {
|
if response.status() == reqwest::StatusCode::PAYMENT_REQUIRED {
|
||||||
// Payment was rejected by the seller. Surface the most likely cause
|
// Payment was rejected — token is spent but content not received
|
||||||
// per backend — for ecash both sides must share a redemption network
|
|
||||||
// (a Cashu mint, or a Fedimint federation).
|
|
||||||
let body = response.text().await.unwrap_or_default();
|
|
||||||
tracing::warn!(
|
|
||||||
"paid download: seller {onion} rejected {used_backend} payment of {price_sats} sats: {body}"
|
|
||||||
);
|
|
||||||
// Seller couldn't redeem the token — reclaim it so the buyer keeps
|
|
||||||
// their funds (the spent-but-unredeemed-notes case the user hit).
|
|
||||||
reclaim_spent_ecash(&self.config.data_dir, &token_str, used_backend).await;
|
|
||||||
let hint = match used_backend {
|
|
||||||
"fedimint" => "the seller isn't in the same Fedimint federation as you",
|
|
||||||
_ => "the seller doesn't accept your Cashu mint",
|
|
||||||
};
|
|
||||||
return Ok(serde_json::json!({
|
return Ok(serde_json::json!({
|
||||||
"error": format!(
|
"error": "Payment rejected by peer — the token may have been insufficient or invalid."
|
||||||
"Payment rejected by the seller — {hint}. Your ecash was refunded to \
|
|
||||||
your wallet. Try the other ecash type, or use a shared mint/federation."
|
|
||||||
)
|
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
if !response.status().is_success() {
|
if !response.status().is_success() {
|
||||||
let status = response.status();
|
|
||||||
let body = response.text().await.unwrap_or_default();
|
|
||||||
tracing::warn!("paid download: seller {onion} returned {status}: {body}");
|
|
||||||
reclaim_spent_ecash(&self.config.data_dir, &token_str, used_backend).await;
|
|
||||||
return Ok(serde_json::json!({
|
return Ok(serde_json::json!({
|
||||||
"error": format!("Peer returned an error ({status}). Your ecash was refunded to your wallet.")
|
"error": format!("Peer returned an error ({}).", response.status())
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Capture the content type BEFORE consuming the body so the local cache
|
|
||||||
// can render the right viewer (image vs video) later.
|
|
||||||
let mime_type = response
|
|
||||||
.headers()
|
|
||||||
.get(reqwest::header::CONTENT_TYPE)
|
|
||||||
.and_then(|v| v.to_str().ok())
|
|
||||||
.map(|s| s.split(';').next().unwrap_or(s).trim().to_string())
|
|
||||||
.filter(|s| !s.is_empty())
|
|
||||||
.unwrap_or_else(|| "application/octet-stream".to_string());
|
|
||||||
|
|
||||||
let bytes = response
|
let bytes = response
|
||||||
.bytes()
|
.bytes()
|
||||||
.await
|
.await
|
||||||
.context("Failed to read response body")?;
|
.context("Failed to read response body")?;
|
||||||
|
|
||||||
// Persist the purchase so it "stays unlocked" for this buyer: cache the
|
|
||||||
// bytes + metadata keyed by (onion, content_id). The gallery then renders
|
|
||||||
// it unblurred and views it in-app from this cache — no re-payment and no
|
|
||||||
// reliance on a browser download (which silently fails on the mobile
|
|
||||||
// companion, the original "paid but never unlocked" report). Best-effort:
|
|
||||||
// a cache-write failure must not fail an already-paid download.
|
|
||||||
let filename = params
|
|
||||||
.get("filename")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.unwrap_or(content_id)
|
|
||||||
.to_string();
|
|
||||||
let purchased_at = chrono::Utc::now().to_rfc3339();
|
|
||||||
if let Err(e) = crate::content_owned::record_purchase(
|
|
||||||
&self.config.data_dir,
|
|
||||||
onion,
|
|
||||||
content_id,
|
|
||||||
&filename,
|
|
||||||
&mime_type,
|
|
||||||
&bytes,
|
|
||||||
price_sats,
|
|
||||||
used_backend,
|
|
||||||
&purchased_at,
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
{
|
|
||||||
tracing::warn!("paid download: failed to cache purchased content (non-fatal): {e:#}");
|
|
||||||
}
|
|
||||||
|
|
||||||
use base64::Engine;
|
use base64::Engine;
|
||||||
let encoded = base64::engine::general_purpose::STANDARD.encode(&bytes);
|
let encoded = base64::engine::general_purpose::STANDARD.encode(&bytes);
|
||||||
|
|
||||||
tracing::info!("paid download: received {} bytes from {onion} (paid {price_sats} sats via {used_backend})", bytes.len());
|
|
||||||
Ok(serde_json::json!({
|
Ok(serde_json::json!({
|
||||||
"data": encoded,
|
"data": encoded,
|
||||||
"size": bytes.len(),
|
"size": bytes.len(),
|
||||||
"paid_sats": price_sats,
|
"paid_sats": price_sats,
|
||||||
"ecash_backend": used_backend,
|
|
||||||
"mime_type": mime_type,
|
|
||||||
"owned": true,
|
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -619,16 +463,12 @@ impl RpcHandler {
|
|||||||
let local_did = crate::identity::did_key_from_pubkey_hex(&data.server_info.pubkey)?;
|
let local_did = crate::identity::did_key_from_pubkey_hex(&data.server_info.pubkey)?;
|
||||||
let fips_npub = crate::federation::fips_npub_for_onion(&self.config.data_dir, onion).await;
|
let fips_npub = crate::federation::fips_npub_for_onion(&self.config.data_dir, onion).await;
|
||||||
|
|
||||||
// Minting a bolt11 is a tiny request/response — keep it snappy. Cap the
|
|
||||||
// FIPS attempt hard so a cold overlay can't burn the whole budget, and
|
|
||||||
// give Tor a short-but-real window (onion circuits need a few seconds).
|
|
||||||
let path = format!("/content/{}/invoice", content_id);
|
let path = format!("/content/{}/invoice", content_id);
|
||||||
let (response, _transport) =
|
let (response, _transport) =
|
||||||
match crate::fips::dial::PeerRequest::new(fips_npub.as_deref(), onion, &path)
|
match crate::fips::dial::PeerRequest::new(fips_npub.as_deref(), onion, &path)
|
||||||
.service(crate::settings::transport::PeerService::PeerFiles)
|
.service(crate::settings::transport::PeerService::PeerFiles)
|
||||||
.header("X-Federation-DID", local_did)
|
.header("X-Federation-DID", local_did)
|
||||||
.timeout(std::time::Duration::from_secs(25))
|
.timeout(std::time::Duration::from_secs(60))
|
||||||
.fips_timeout(std::time::Duration::from_secs(6))
|
|
||||||
.send_get()
|
.send_get()
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
@ -684,15 +524,11 @@ impl RpcHandler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let fips_npub = crate::federation::fips_npub_for_onion(&self.config.data_dir, onion).await;
|
let fips_npub = crate::federation::fips_npub_for_onion(&self.config.data_dir, onion).await;
|
||||||
// Settlement poll — runs repeatedly, so each call must be quick. Fast-fail
|
|
||||||
// FIPS and keep a short Tor window; an unreachable peer just reads as
|
|
||||||
// "not yet paid" and the UI polls again.
|
|
||||||
let path = format!("/content/{}/invoice-status/{}", content_id, payment_hash);
|
let path = format!("/content/{}/invoice-status/{}", content_id, payment_hash);
|
||||||
let (response, _transport) =
|
let (response, _transport) =
|
||||||
match crate::fips::dial::PeerRequest::new(fips_npub.as_deref(), onion, &path)
|
match crate::fips::dial::PeerRequest::new(fips_npub.as_deref(), onion, &path)
|
||||||
.service(crate::settings::transport::PeerService::PeerFiles)
|
.service(crate::settings::transport::PeerService::PeerFiles)
|
||||||
.timeout(std::time::Duration::from_secs(15))
|
.timeout(std::time::Duration::from_secs(30))
|
||||||
.fips_timeout(std::time::Duration::from_secs(6))
|
|
||||||
.send_get()
|
.send_get()
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
@ -816,15 +652,12 @@ impl RpcHandler {
|
|||||||
let local_did = crate::identity::did_key_from_pubkey_hex(&data.server_info.pubkey)?;
|
let local_did = crate::identity::did_key_from_pubkey_hex(&data.server_info.pubkey)?;
|
||||||
let fips_npub = crate::federation::fips_npub_for_onion(&self.config.data_dir, onion).await;
|
let fips_npub = crate::federation::fips_npub_for_onion(&self.config.data_dir, onion).await;
|
||||||
|
|
||||||
// Issuing an address is a tiny request/response — fast-fail FIPS, short
|
|
||||||
// Tor window (same budget shape as the invoice path, #6).
|
|
||||||
let path = format!("/content/{}/onchain", content_id);
|
let path = format!("/content/{}/onchain", content_id);
|
||||||
let (response, _transport) =
|
let (response, _transport) =
|
||||||
match crate::fips::dial::PeerRequest::new(fips_npub.as_deref(), onion, &path)
|
match crate::fips::dial::PeerRequest::new(fips_npub.as_deref(), onion, &path)
|
||||||
.service(crate::settings::transport::PeerService::PeerFiles)
|
.service(crate::settings::transport::PeerService::PeerFiles)
|
||||||
.header("X-Federation-DID", local_did)
|
.header("X-Federation-DID", local_did)
|
||||||
.timeout(std::time::Duration::from_secs(25))
|
.timeout(std::time::Duration::from_secs(60))
|
||||||
.fips_timeout(std::time::Duration::from_secs(6))
|
|
||||||
.send_get()
|
.send_get()
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
@ -882,8 +715,7 @@ impl RpcHandler {
|
|||||||
let (response, _transport) =
|
let (response, _transport) =
|
||||||
match crate::fips::dial::PeerRequest::new(fips_npub.as_deref(), onion, &path)
|
match crate::fips::dial::PeerRequest::new(fips_npub.as_deref(), onion, &path)
|
||||||
.service(crate::settings::transport::PeerService::PeerFiles)
|
.service(crate::settings::transport::PeerService::PeerFiles)
|
||||||
.timeout(std::time::Duration::from_secs(15))
|
.timeout(std::time::Duration::from_secs(30))
|
||||||
.fips_timeout(std::time::Duration::from_secs(6))
|
|
||||||
.send_get()
|
.send_get()
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
@ -1063,43 +895,4 @@ impl RpcHandler {
|
|||||||
"preview_mode": is_preview,
|
"preview_mode": is_preview,
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// `content.owned-list` — every paid item this node has purchased, so the
|
|
||||||
/// gallery can render owned items unblurred/viewable without re-payment.
|
|
||||||
pub(super) async fn handle_content_owned_list(&self) -> Result<serde_json::Value> {
|
|
||||||
let items = crate::content_owned::list_owned(&self.config.data_dir).await;
|
|
||||||
Ok(serde_json::json!({ "items": items }))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// `content.owned-get` — return a purchased item's bytes (base64) from the
|
|
||||||
/// local cache for in-app viewing/saving. No network, no re-payment.
|
|
||||||
pub(super) async fn handle_content_owned_get(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let params = params.ok_or_else(|| anyhow::anyhow!("Missing params"))?;
|
|
||||||
let onion = params
|
|
||||||
.get("onion")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing onion address"))?;
|
|
||||||
let content_id = params
|
|
||||||
.get("content_id")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing content_id"))?;
|
|
||||||
|
|
||||||
match crate::content_owned::read_owned(&self.config.data_dir, onion, content_id).await {
|
|
||||||
Some((mime_type, bytes)) => {
|
|
||||||
use base64::Engine;
|
|
||||||
let encoded = base64::engine::general_purpose::STANDARD.encode(&bytes);
|
|
||||||
Ok(serde_json::json!({
|
|
||||||
"data": encoded,
|
|
||||||
"size": bytes.len(),
|
|
||||||
"mime_type": mime_type,
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
None => Ok(serde_json::json!({
|
|
||||||
"error": "You don't own this item yet, or its cached copy is missing."
|
|
||||||
})),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -57,8 +57,6 @@ impl RpcHandler {
|
|||||||
"package.uninstall" => self.clone().spawn_package_uninstall(params).await,
|
"package.uninstall" => self.clone().spawn_package_uninstall(params).await,
|
||||||
"package.update" => self.clone().spawn_package_update(params).await,
|
"package.update" => self.clone().spawn_package_update(params).await,
|
||||||
"package.check-updates" => self.handle_package_check_updates(params).await,
|
"package.check-updates" => self.handle_package_check_updates(params).await,
|
||||||
"package.versions" => self.handle_package_versions(params).await,
|
|
||||||
"package.set-config" => self.clone().handle_package_set_config(params).await,
|
|
||||||
"package.credentials" => self.handle_package_credentials(params).await,
|
"package.credentials" => self.handle_package_credentials(params).await,
|
||||||
"app.filebrowser-token" => self.handle_filebrowser_token().await,
|
"app.filebrowser-token" => self.handle_filebrowser_token().await,
|
||||||
|
|
||||||
@ -223,7 +221,6 @@ impl RpcHandler {
|
|||||||
"network.list-interfaces" => self.handle_network_list_interfaces().await,
|
"network.list-interfaces" => self.handle_network_list_interfaces().await,
|
||||||
"network.scan-wifi" => self.handle_network_scan_wifi().await,
|
"network.scan-wifi" => self.handle_network_scan_wifi().await,
|
||||||
"network.configure-wifi" => self.handle_network_configure_wifi(params).await,
|
"network.configure-wifi" => self.handle_network_configure_wifi(params).await,
|
||||||
"network.set-wifi-radio" => self.handle_network_set_wifi_radio(params).await,
|
|
||||||
"network.configure-ethernet" => self.handle_network_configure_ethernet(params).await,
|
"network.configure-ethernet" => self.handle_network_configure_ethernet(params).await,
|
||||||
"network.dns-status" => self.handle_network_dns_status().await,
|
"network.dns-status" => self.handle_network_dns_status().await,
|
||||||
"network.configure-dns" => self.handle_network_configure_dns(params).await,
|
"network.configure-dns" => self.handle_network_configure_dns(params).await,
|
||||||
@ -231,13 +228,6 @@ impl RpcHandler {
|
|||||||
"router.info" => self.handle_router_info().await,
|
"router.info" => self.handle_router_info().await,
|
||||||
"router.configure" => self.handle_router_configure(params).await,
|
"router.configure" => self.handle_router_configure(params).await,
|
||||||
|
|
||||||
// OpenWrt / TollGate
|
|
||||||
"openwrt.scan" => self.handle_openwrt_scan(params).await,
|
|
||||||
"openwrt.get-status" => self.handle_openwrt_get_status(params).await,
|
|
||||||
"openwrt.provision-tollgate" => self.handle_openwrt_provision_tollgate(params).await,
|
|
||||||
"openwrt.scan-wifi" => self.handle_openwrt_scan_wifi(params).await,
|
|
||||||
"openwrt.configure-wan" => self.handle_openwrt_configure_wan(params).await,
|
|
||||||
|
|
||||||
// Ecash wallet
|
// Ecash wallet
|
||||||
"wallet.ecash-balance" => self.handle_wallet_ecash_balance().await,
|
"wallet.ecash-balance" => self.handle_wallet_ecash_balance().await,
|
||||||
"wallet.ecash-mint" => self.handle_wallet_ecash_mint(params).await,
|
"wallet.ecash-mint" => self.handle_wallet_ecash_mint(params).await,
|
||||||
@ -286,8 +276,6 @@ impl RpcHandler {
|
|||||||
"content.browse-peer" => self.handle_content_browse_peer(params).await,
|
"content.browse-peer" => self.handle_content_browse_peer(params).await,
|
||||||
"content.download-peer" => self.handle_content_download_peer(params).await,
|
"content.download-peer" => self.handle_content_download_peer(params).await,
|
||||||
"content.download-peer-paid" => self.handle_content_download_peer_paid(params).await,
|
"content.download-peer-paid" => self.handle_content_download_peer_paid(params).await,
|
||||||
"content.owned-list" => self.handle_content_owned_list().await,
|
|
||||||
"content.owned-get" => self.handle_content_owned_get(params).await,
|
|
||||||
"content.request-invoice" => self.handle_content_request_invoice(params).await,
|
"content.request-invoice" => self.handle_content_request_invoice(params).await,
|
||||||
"content.invoice-status" => self.handle_content_invoice_status(params).await,
|
"content.invoice-status" => self.handle_content_invoice_status(params).await,
|
||||||
"content.download-peer-invoice" => {
|
"content.download-peer-invoice" => {
|
||||||
@ -374,7 +362,6 @@ impl RpcHandler {
|
|||||||
"mesh.send" => self.handle_mesh_send(params).await,
|
"mesh.send" => self.handle_mesh_send(params).await,
|
||||||
"mesh.send-channel" => self.handle_mesh_send_channel(params).await,
|
"mesh.send-channel" => self.handle_mesh_send_channel(params).await,
|
||||||
"mesh.broadcast" => self.handle_mesh_broadcast().await,
|
"mesh.broadcast" => self.handle_mesh_broadcast().await,
|
||||||
"mesh.reboot-radio" => self.handle_mesh_reboot_radio(params).await,
|
|
||||||
"mesh.configure" => self.handle_mesh_configure(params).await,
|
"mesh.configure" => self.handle_mesh_configure(params).await,
|
||||||
"mesh.send-invoice" => self.handle_mesh_send_invoice(params).await,
|
"mesh.send-invoice" => self.handle_mesh_send_invoice(params).await,
|
||||||
"mesh.send-coordinate" => self.handle_mesh_send_coordinate(params).await,
|
"mesh.send-coordinate" => self.handle_mesh_send_coordinate(params).await,
|
||||||
@ -427,10 +414,8 @@ impl RpcHandler {
|
|||||||
|
|
||||||
// Server settings
|
// Server settings
|
||||||
"server.set-name" => self.handle_server_set_name(params).await,
|
"server.set-name" => self.handle_server_set_name(params).await,
|
||||||
"server.set-location" => self.handle_server_set_location(params).await,
|
|
||||||
|
|
||||||
// System monitoring
|
// System monitoring
|
||||||
"system.get-hostname" => self.handle_system_get_hostname().await,
|
|
||||||
"system.stats" => self.handle_system_stats().await,
|
"system.stats" => self.handle_system_stats().await,
|
||||||
"system.processes" => self.handle_system_processes().await,
|
"system.processes" => self.handle_system_processes().await,
|
||||||
"system.temperature" => self.handle_system_temperature().await,
|
"system.temperature" => self.handle_system_temperature().await,
|
||||||
|
|||||||
@ -454,12 +454,6 @@ impl RpcHandler {
|
|||||||
.flatten(),
|
.flatten(),
|
||||||
};
|
};
|
||||||
|
|
||||||
let shared_location = if data.server_info.share_location {
|
|
||||||
data.server_info.lat.zip(data.server_info.lon)
|
|
||||||
} else {
|
|
||||||
None
|
|
||||||
};
|
|
||||||
|
|
||||||
let state = federation::build_local_state(
|
let state = federation::build_local_state(
|
||||||
apps,
|
apps,
|
||||||
0.0,
|
0.0,
|
||||||
@ -473,7 +467,6 @@ impl RpcHandler {
|
|||||||
nostr_npub,
|
nostr_npub,
|
||||||
own_fips_npub,
|
own_fips_npub,
|
||||||
&federated_peers,
|
&federated_peers,
|
||||||
shared_location,
|
|
||||||
);
|
);
|
||||||
|
|
||||||
Ok(serde_json::to_value(&state)?)
|
Ok(serde_json::to_value(&state)?)
|
||||||
|
|||||||
@ -18,24 +18,6 @@ impl RpcHandler {
|
|||||||
Ok(serde_json::json!({ "networks": networks }))
|
Ok(serde_json::json!({ "networks": networks }))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// network.set-wifi-radio — turn the wifi adapter fully on or off (not just
|
|
||||||
/// disconnect from a network). Params: `{ "enabled": bool }`.
|
|
||||||
pub(super) async fn handle_network_set_wifi_radio(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let params = params.ok_or_else(|| anyhow::anyhow!("Missing params"))?;
|
|
||||||
let enabled = params
|
|
||||||
.get("enabled")
|
|
||||||
.and_then(|v| v.as_bool())
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing required parameter: enabled"))?;
|
|
||||||
|
|
||||||
tracing::info!(enabled, "Setting wifi radio state");
|
|
||||||
set_wifi_radio(enabled).await?;
|
|
||||||
|
|
||||||
Ok(serde_json::json!({ "ok": true, "enabled": enabled }))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// network.configure-wifi — connect to a WiFi network.
|
/// network.configure-wifi — connect to a WiFi network.
|
||||||
pub(super) async fn handle_network_configure_wifi(
|
pub(super) async fn handle_network_configure_wifi(
|
||||||
&self,
|
&self,
|
||||||
@ -345,27 +327,6 @@ fn split_nmcli_escaped(line: &str, limit: usize) -> Vec<String> {
|
|||||||
fields
|
fields
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Turn the wifi radio fully on or off using nmcli (a rfkill-level toggle, not
|
|
||||||
/// just disconnecting from the current network — the adapter stops scanning/
|
|
||||||
/// associating entirely until switched back on).
|
|
||||||
async fn set_wifi_radio(enabled: bool) -> Result<()> {
|
|
||||||
let state = if enabled { "on" } else { "off" };
|
|
||||||
let output = tokio::process::Command::new("nmcli")
|
|
||||||
.args(["radio", "wifi", state])
|
|
||||||
.output()
|
|
||||||
.await
|
|
||||||
.context("Failed to run nmcli radio wifi")?;
|
|
||||||
|
|
||||||
if !output.status.success() {
|
|
||||||
anyhow::bail!(
|
|
||||||
"nmcli radio wifi {} failed: {}",
|
|
||||||
state,
|
|
||||||
String::from_utf8_lossy(&output.stderr)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Connect to a WiFi network using nmcli.
|
/// Connect to a WiFi network using nmcli.
|
||||||
async fn connect_wifi(ssid: &str, password: &str) -> Result<()> {
|
async fn connect_wifi(ssid: &str, password: &str) -> Result<()> {
|
||||||
let conn_name = format!("archipelago-wifi-{ssid}");
|
let conn_name = format!("archipelago-wifi-{ssid}");
|
||||||
|
|||||||
@ -156,35 +156,6 @@ impl RpcHandler {
|
|||||||
/// Shared helper used by both the `lnd.createinvoice` RPC and the seller-side
|
/// Shared helper used by both the `lnd.createinvoice` RPC and the seller-side
|
||||||
/// peer-file invoice flow (#46). LND returns `r_hash` as base64; we re-encode
|
/// peer-file invoice flow (#46). LND returns `r_hash` as base64; we re-encode
|
||||||
/// it as hex so it can be used as a stable lookup key and passed in URLs.
|
/// it as hex so it can be used as a stable lookup key and passed in URLs.
|
||||||
/// Whether LND reports it's synced to its Bitcoin chain backend. Used to
|
|
||||||
/// fail invoice minting FAST with a clear reason while the node's Bitcoin
|
|
||||||
/// backend is still in initial block download — otherwise the `/v1/invoices`
|
|
||||||
/// POST hangs for the full client timeout (×3 retries ≈ 45s) and surfaces as
|
|
||||||
/// an opaque failure. `getinfo` answers in ~2s even mid-IBD. Returns
|
|
||||||
/// `Some(false)` only when LND is reachable AND explicitly not synced;
|
|
||||||
/// `None` when we couldn't tell (let the mint attempt proceed and report its
|
|
||||||
/// own error rather than guess "syncing").
|
|
||||||
pub(crate) async fn lnd_chain_synced(&self) -> Option<bool> {
|
|
||||||
let (client, macaroon_hex) = self.lnd_client().await.ok()?;
|
|
||||||
let resp = client
|
|
||||||
.get(format!("{LND_REST_BASE_URL}/v1/getinfo"))
|
|
||||||
.header("Grpc-Metadata-macaroon", &macaroon_hex)
|
|
||||||
.send()
|
|
||||||
.await
|
|
||||||
.ok()?;
|
|
||||||
let body: serde_json::Value = resp.json().await.ok()?;
|
|
||||||
body.get("synced_to_chain").and_then(|v| v.as_bool())
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Error returned when the node can't mint a Lightning invoice because its
|
|
||||||
/// Bitcoin backend is still syncing. Kept as one string so every invoice
|
|
||||||
/// entry point surfaces the same clear, user-facing reason.
|
|
||||||
fn syncing_invoice_err() -> anyhow::Error {
|
|
||||||
anyhow::anyhow!(
|
|
||||||
"Your Bitcoin node is still syncing — Lightning invoices are unavailable until it finishes. Try again once the node is fully synced."
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
pub(crate) async fn create_invoice(
|
pub(crate) async fn create_invoice(
|
||||||
&self,
|
&self,
|
||||||
amount_sats: i64,
|
amount_sats: i64,
|
||||||
@ -202,55 +173,13 @@ impl RpcHandler {
|
|||||||
"value": amount_sats.to_string(),
|
"value": amount_sats.to_string(),
|
||||||
"memo": memo,
|
"memo": memo,
|
||||||
});
|
});
|
||||||
// LND's REST endpoint can briefly drop/reset connections under load
|
let resp = client
|
||||||
// (swap pressure, just-restarted, TLS handshake races), which used to
|
.post(format!("{LND_REST_BASE_URL}/v1/invoices"))
|
||||||
// hard-fail the buy-file invoice with an opaque 503. Retry on a
|
.header("Grpc-Metadata-macaroon", &macaroon_hex)
|
||||||
// CONNECTION error with short backoff so a transient blip doesn't
|
.json(&invoice_body)
|
||||||
// surface as a payment failure. A *timeout* is NOT retried: it means LND
|
.send()
|
||||||
// accepted the connection but isn't answering the mint (e.g. a degraded
|
.await
|
||||||
// node), and retrying just multiplies the wait (3×15s ≈ 45s) — fail
|
.context("Failed to create invoice")?;
|
||||||
// after the first hang and let the caller surface the real reason.
|
|
||||||
let mut last_err: Option<anyhow::Error> = None;
|
|
||||||
let mut resp = None;
|
|
||||||
for attempt in 0..3u32 {
|
|
||||||
match client
|
|
||||||
.post(format!("{LND_REST_BASE_URL}/v1/invoices"))
|
|
||||||
.header("Grpc-Metadata-macaroon", &macaroon_hex)
|
|
||||||
.json(&invoice_body)
|
|
||||||
.send()
|
|
||||||
.await
|
|
||||||
{
|
|
||||||
Ok(r) => {
|
|
||||||
resp = Some(r);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
Err(e) => {
|
|
||||||
let timed_out = e.is_timeout();
|
|
||||||
last_err = Some(anyhow::anyhow!(
|
|
||||||
"LND REST send failed (attempt {}): {e}",
|
|
||||||
attempt + 1
|
|
||||||
));
|
|
||||||
if timed_out {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
tokio::time::sleep(std::time::Duration::from_millis(400)).await;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
let resp = match resp {
|
|
||||||
Some(r) => r,
|
|
||||||
None => {
|
|
||||||
// If LND is reachable but explicitly not synced to chain, say so —
|
|
||||||
// it's the most common reason a just-restored/syncing node can't
|
|
||||||
// mint. Otherwise surface the underlying transport error.
|
|
||||||
if self.lnd_chain_synced().await == Some(false) {
|
|
||||||
return Err(Self::syncing_invoice_err());
|
|
||||||
}
|
|
||||||
return Err(last_err.unwrap_or_else(|| {
|
|
||||||
anyhow::anyhow!("Failed to reach LND REST to create invoice")
|
|
||||||
}));
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
let status = resp.status();
|
let status = resp.status();
|
||||||
let body: serde_json::Value = resp
|
let body: serde_json::Value = resp
|
||||||
@ -427,23 +356,13 @@ impl RpcHandler {
|
|||||||
"memo": memo,
|
"memo": memo,
|
||||||
});
|
});
|
||||||
|
|
||||||
let resp = match client
|
let resp = client
|
||||||
.post(format!("{LND_REST_BASE_URL}/v1/invoices"))
|
.post(format!("{LND_REST_BASE_URL}/v1/invoices"))
|
||||||
.header("Grpc-Metadata-macaroon", &macaroon_hex)
|
.header("Grpc-Metadata-macaroon", &macaroon_hex)
|
||||||
.json(&invoice_body)
|
.json(&invoice_body)
|
||||||
.send()
|
.send()
|
||||||
.await
|
.await
|
||||||
{
|
.context("Failed to create invoice")?;
|
||||||
Ok(r) => r,
|
|
||||||
Err(e) => {
|
|
||||||
// A hung/failed mint while LND is explicitly not synced to chain
|
|
||||||
// gets a clear, user-facing reason instead of an opaque error.
|
|
||||||
if self.lnd_chain_synced().await == Some(false) {
|
|
||||||
return Err(Self::syncing_invoice_err());
|
|
||||||
}
|
|
||||||
return Err(anyhow::anyhow!(e).context("Failed to create invoice"));
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
let status = resp.status();
|
let status = resp.status();
|
||||||
let body: serde_json::Value = resp
|
let body: serde_json::Value = resp
|
||||||
|
|||||||
@ -14,15 +14,12 @@ impl RpcHandler {
|
|||||||
pub(in crate::api::rpc) async fn handle_mesh_assistant_status(
|
pub(in crate::api::rpc) async fn handle_mesh_assistant_status(
|
||||||
&self,
|
&self,
|
||||||
) -> Result<serde_json::Value> {
|
) -> Result<serde_json::Value> {
|
||||||
let (cfg, denied_askers) = {
|
let cfg = {
|
||||||
let service = self.mesh_service.read().await;
|
let service = self.mesh_service.read().await;
|
||||||
let svc = service
|
let svc = service
|
||||||
.as_ref()
|
.as_ref()
|
||||||
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
||||||
(
|
svc.assistant_config().await
|
||||||
svc.assistant_config().await,
|
|
||||||
svc.assistant_denied_askers().await,
|
|
||||||
)
|
|
||||||
};
|
};
|
||||||
|
|
||||||
let (ollama_detected, models) = detect_ollama().await;
|
let (ollama_detected, models) = detect_ollama().await;
|
||||||
@ -35,12 +32,10 @@ impl RpcHandler {
|
|||||||
"model": cfg.model,
|
"model": cfg.model,
|
||||||
"trusted_only": cfg.trusted_only,
|
"trusted_only": cfg.trusted_only,
|
||||||
"backend": cfg.backend,
|
"backend": cfg.backend,
|
||||||
"allowed_contacts": cfg.allowed_contacts,
|
|
||||||
"default_model": DEFAULT_MODEL,
|
"default_model": DEFAULT_MODEL,
|
||||||
"ollama_detected": ollama_detected,
|
"ollama_detected": ollama_detected,
|
||||||
"claude_available": claude_available,
|
"claude_available": claude_available,
|
||||||
"models": models,
|
"models": models,
|
||||||
"denied_askers": denied_askers,
|
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -69,18 +64,8 @@ impl RpcHandler {
|
|||||||
} else {
|
} else {
|
||||||
None
|
None
|
||||||
};
|
};
|
||||||
// allowed_contacts: present + array => replace the allowlist (pubkey hex
|
|
||||||
// strings); absent => leave unchanged.
|
|
||||||
let allowed_contacts = params
|
|
||||||
.get("allowed_contacts")
|
|
||||||
.and_then(|v| v.as_array())
|
|
||||||
.map(|arr| {
|
|
||||||
arr.iter()
|
|
||||||
.filter_map(|e| e.as_str().map(|s| s.to_string()))
|
|
||||||
.collect::<Vec<String>>()
|
|
||||||
});
|
|
||||||
|
|
||||||
svc.configure_assistant(enabled, model, trusted_only, backend, allowed_contacts)
|
svc.configure_assistant(enabled, model, trusted_only, backend)
|
||||||
.await?;
|
.await?;
|
||||||
let cfg = svc.assistant_config().await;
|
let cfg = svc.assistant_config().await;
|
||||||
Ok(serde_json::json!({
|
Ok(serde_json::json!({
|
||||||
@ -88,7 +73,6 @@ impl RpcHandler {
|
|||||||
"model": cfg.model,
|
"model": cfg.model,
|
||||||
"trusted_only": cfg.trusted_only,
|
"trusted_only": cfg.trusted_only,
|
||||||
"backend": cfg.backend,
|
"backend": cfg.backend,
|
||||||
"allowed_contacts": cfg.allowed_contacts,
|
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -86,29 +86,6 @@ impl RpcHandler {
|
|||||||
Ok(serde_json::json!({ "broadcast": true }))
|
Ok(serde_json::json!({ "broadcast": true }))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// mesh.reboot-radio — Reboot the locally-connected radio firmware to
|
|
||||||
/// recover a wedged / RX-deaf radio. Optional `seconds` delay (default 2).
|
|
||||||
pub(in crate::api::rpc) async fn handle_mesh_reboot_radio(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let seconds = params
|
|
||||||
.as_ref()
|
|
||||||
.and_then(|p| p.get("seconds"))
|
|
||||||
.and_then(|v| v.as_i64())
|
|
||||||
.unwrap_or(2);
|
|
||||||
|
|
||||||
let service = self.mesh_service.read().await;
|
|
||||||
let svc = service
|
|
||||||
.as_ref()
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Mesh service not running. Enable mesh first."))?;
|
|
||||||
|
|
||||||
svc.reboot_radio(seconds).await?;
|
|
||||||
info!(seconds, "Mesh radio reboot requested via RPC");
|
|
||||||
|
|
||||||
Ok(serde_json::json!({ "reboot": true, "seconds": seconds }))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// mesh.configure — Enable/disable mesh and set device path.
|
/// mesh.configure — Enable/disable mesh and set device path.
|
||||||
pub(in crate::api::rpc) async fn handle_mesh_configure(
|
pub(in crate::api::rpc) async fn handle_mesh_configure(
|
||||||
&self,
|
&self,
|
||||||
|
|||||||
@ -95,17 +95,12 @@ impl RpcHandler {
|
|||||||
if let Some(svc) = service.as_ref() {
|
if let Some(svc) = service.as_ref() {
|
||||||
let peers = svc.peers().await;
|
let peers = svc.peers().await;
|
||||||
let messages = svc.messages(None).await;
|
let messages = svc.messages(None).await;
|
||||||
// Collapse radio/federation twins into one conversation per identity
|
// Per-peer last message.
|
||||||
// so a node reachable both ways shows once, with its messages unioned
|
for peer in &peers {
|
||||||
// across both twin contact_ids (#12).
|
|
||||||
let groups = mesh::group_peer_twins(&peers);
|
|
||||||
for group in &groups {
|
|
||||||
let peer = &group.canonical;
|
|
||||||
// Newest message across ALL twin contact_ids in this group.
|
|
||||||
let last = messages
|
let last = messages
|
||||||
.iter()
|
.iter()
|
||||||
.rev()
|
.rev()
|
||||||
.find(|m| group.contact_ids.contains(&m.peer_contact_id));
|
.find(|m| m.peer_contact_id == peer.contact_id);
|
||||||
let is_federation = peer.contact_id & 0x8000_0000 != 0;
|
let is_federation = peer.contact_id & 0x8000_0000 != 0;
|
||||||
conversations.push(serde_json::json!({
|
conversations.push(serde_json::json!({
|
||||||
"id": format!("{}:{}", if is_federation { "federation" } else { "mesh" }, peer.contact_id),
|
"id": format!("{}:{}", if is_federation { "federation" } else { "mesh" }, peer.contact_id),
|
||||||
@ -168,16 +163,8 @@ impl RpcHandler {
|
|||||||
let filtered: Vec<_> = match kind {
|
let filtered: Vec<_> = match kind {
|
||||||
"mesh" | "federation" => {
|
"mesh" | "federation" => {
|
||||||
let contact_id: u32 = rest.parse().unwrap_or(0);
|
let contact_id: u32 = rest.parse().unwrap_or(0);
|
||||||
// Resolve this id's twin group and union messages across all of
|
|
||||||
// its contact_ids, so opening either twin shows the full thread
|
|
||||||
// (federation-injected + radio messages) (#12).
|
|
||||||
let ids: Vec<u32> = mesh::group_peer_twins(&svc.peers().await)
|
|
||||||
.into_iter()
|
|
||||||
.find(|g| g.contact_ids.contains(&contact_id))
|
|
||||||
.map(|g| g.contact_ids)
|
|
||||||
.unwrap_or_else(|| vec![contact_id]);
|
|
||||||
all.into_iter()
|
all.into_iter()
|
||||||
.filter(|m| ids.contains(&m.peer_contact_id))
|
.filter(|m| m.peer_contact_id == contact_id)
|
||||||
.collect()
|
.collect()
|
||||||
}
|
}
|
||||||
"channel" => {
|
"channel" => {
|
||||||
@ -271,45 +258,43 @@ impl RpcHandler {
|
|||||||
if let Some(svc) = service.as_ref() {
|
if let Some(svc) = service.as_ref() {
|
||||||
let state = svc.state();
|
let state = svc.state();
|
||||||
|
|
||||||
// NOTE: `clear-all` intentionally does NOT build a radio-contact
|
// Snapshot the firmware pubkeys we currently know about, then
|
||||||
// blocklist. Permanently ignoring firmware contacts meant a cleared
|
// add them to the radio-contact blocklist. MeshCore's on-device
|
||||||
// peer could never return even when it re-advertised (it also broke
|
// contact table is persistent and reads back stale rows on the
|
||||||
// re-pairing a phone after a clear). Real per-contact blocking will
|
// next refresh_contacts, so without this step `clear-all` only
|
||||||
// be a separate, explicit feature. Here we just wipe the app-side
|
// wipes the app view for a few seconds before the old entries
|
||||||
// view and ALSO clear any blocklist left over from older builds, so
|
// reappear. The blocklist is also saved to disk so the filter
|
||||||
// previously-hidden contacts can re-appear when next heard. The
|
// survives a restart.
|
||||||
// firmware's own contact table is the source of truth on refresh.
|
let firmware_pubkeys: Vec<String> = state
|
||||||
{
|
|
||||||
let mut set = state.radio_contact_blocklist.write().await;
|
|
||||||
set.clear();
|
|
||||||
}
|
|
||||||
let _ = crate::mesh::save_ignored_radio_contacts(&data_dir, &[]).await;
|
|
||||||
|
|
||||||
// Actually DELETE each radio contact from the firmware table (via
|
|
||||||
// CMD_REMOVE_CONTACT) so wiped peers don't just reappear on the next
|
|
||||||
// refresh. They come back only when they re-advertise (reachable).
|
|
||||||
// Federation-synthetic peers (high contact_id bit) aren't firmware
|
|
||||||
// contacts, so skip those.
|
|
||||||
let firmware_pubkeys: Vec<[u8; 32]> = state
|
|
||||||
.peers
|
.peers
|
||||||
.read()
|
.read()
|
||||||
.await
|
.await
|
||||||
.values()
|
.values()
|
||||||
.filter(|p| p.contact_id & 0x8000_0000 == 0)
|
.filter_map(|p| {
|
||||||
.filter_map(|p| p.pubkey_hex.as_deref())
|
// Federation-synthetic peers have their contact_id in the
|
||||||
.filter_map(|h| hex::decode(h).ok())
|
// high half of u32 and carry the archipelago key — those
|
||||||
.filter(|b| b.len() == 32)
|
// aren't firmware contacts and must not go on the list.
|
||||||
.map(|b| {
|
if p.contact_id & 0x8000_0000 != 0 {
|
||||||
let mut k = [0u8; 32];
|
None
|
||||||
k.copy_from_slice(&b);
|
} else {
|
||||||
k
|
p.pubkey_hex.clone()
|
||||||
|
}
|
||||||
})
|
})
|
||||||
.collect();
|
.collect();
|
||||||
for pk in firmware_pubkeys {
|
{
|
||||||
let _ = state
|
let mut set = state.radio_contact_blocklist.write().await;
|
||||||
.send_cmd(crate::mesh::listener::MeshCommand::RemoveContact { pubkey: pk })
|
for pk in &firmware_pubkeys {
|
||||||
.await;
|
set.insert(pk.clone());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
let persisted: Vec<String> = state
|
||||||
|
.radio_contact_blocklist
|
||||||
|
.read()
|
||||||
|
.await
|
||||||
|
.iter()
|
||||||
|
.cloned()
|
||||||
|
.collect();
|
||||||
|
let _ = crate::mesh::save_ignored_radio_contacts(&data_dir, &persisted).await;
|
||||||
|
|
||||||
state.peers.write().await.clear();
|
state.peers.write().await.clear();
|
||||||
state.messages.write().await.clear();
|
state.messages.write().await.clear();
|
||||||
|
|||||||
@ -5,7 +5,6 @@ use crate::mesh::message_types::{
|
|||||||
Coordinate, DeletePayload, EditPayload, ForwardPayload, InvoicePayload, MeshMessageType,
|
Coordinate, DeletePayload, EditPayload, ForwardPayload, InvoicePayload, MeshMessageType,
|
||||||
MessageKey, PsbtHashPayload, ReactionPayload, ReadReceiptPayload, ReplyPayload, TypedEnvelope,
|
MessageKey, PsbtHashPayload, ReactionPayload, ReadReceiptPayload, ReplyPayload, TypedEnvelope,
|
||||||
};
|
};
|
||||||
use crate::mesh::types::radio_transport_label;
|
|
||||||
use anyhow::Result;
|
use anyhow::Result;
|
||||||
use tracing::info;
|
use tracing::info;
|
||||||
|
|
||||||
@ -392,24 +391,9 @@ impl RpcHandler {
|
|||||||
|
|
||||||
// Hard ceiling matching the chunked-send capacity (~20 chunks * 152
|
// Hard ceiling matching the chunked-send capacity (~20 chunks * 152
|
||||||
// b64 chars after MCIIXXTT framing). Anything larger must go via
|
// b64 chars after MCIIXXTT framing). Anything larger must go via
|
||||||
// ContentRef over Tor — UNLESS the active device is Reticulum, which
|
// ContentRef over Tor.
|
||||||
// can carry up to RETICULUM_RESOURCE_MAX directly over LoRa via a
|
|
||||||
// native RNS Resource transfer (keep this ceiling in sync with
|
|
||||||
// `mesh.transport-advice`'s `"resource-mesh"` tier, the source of
|
|
||||||
// truth the frontend consults before ever reaching this size).
|
|
||||||
const INLINE_HARD_MAX: usize = 2300;
|
const INLINE_HARD_MAX: usize = 2300;
|
||||||
const RETICULUM_RESOURCE_MAX: usize = 2 * 1024 * 1024;
|
if bytes.len() > INLINE_HARD_MAX {
|
||||||
|
|
||||||
let service = self.mesh_service.read().await;
|
|
||||||
let svc = service
|
|
||||||
.as_ref()
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
|
||||||
let device_type = svc.shared_state().status.read().await.device_type;
|
|
||||||
let use_resource_transfer = bytes.len() > INLINE_HARD_MAX
|
|
||||||
&& device_type == crate::mesh::types::DeviceType::Reticulum
|
|
||||||
&& bytes.len() <= RETICULUM_RESOURCE_MAX;
|
|
||||||
|
|
||||||
if bytes.len() > INLINE_HARD_MAX && !use_resource_transfer {
|
|
||||||
anyhow::bail!(
|
anyhow::bail!(
|
||||||
"Payload {} bytes exceeds inline max {} — use mesh.send-content (ContentRef) instead",
|
"Payload {} bytes exceeds inline max {} — use mesh.send-content (ContentRef) instead",
|
||||||
bytes.len(),
|
bytes.len(),
|
||||||
@ -430,6 +414,22 @@ impl RpcHandler {
|
|||||||
.put(&bytes, &mime, filename.clone(), None, false)
|
.put(&bytes, &mime, filename.clone(), None, false)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
|
let service = self.mesh_service.read().await;
|
||||||
|
let svc = service
|
||||||
|
.as_ref()
|
||||||
|
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
||||||
|
|
||||||
|
let content = ContentInlinePayload {
|
||||||
|
mime: mime.clone(),
|
||||||
|
filename: filename.clone(),
|
||||||
|
caption: caption.clone(),
|
||||||
|
bytes,
|
||||||
|
};
|
||||||
|
let seq = svc.next_send_seq(contact_id).await;
|
||||||
|
let payload = message_types::encode_payload(&content)?;
|
||||||
|
let envelope = TypedEnvelope::new(MeshMessageType::ContentInline, payload).with_seq(seq);
|
||||||
|
let wire = envelope.to_wire()?;
|
||||||
|
|
||||||
let display = match (&filename, &caption) {
|
let display = match (&filename, &caption) {
|
||||||
(Some(f), Some(c)) => format!("📎 {} — {}", f, c),
|
(Some(f), Some(c)) => format!("📎 {} — {}", f, c),
|
||||||
(Some(f), None) => format!("📎 {}", f),
|
(Some(f), None) => format!("📎 {}", f),
|
||||||
@ -437,8 +437,7 @@ impl RpcHandler {
|
|||||||
(None, None) => format!("📎 {} ({} bytes)", mime, meta.size),
|
(None, None) => format!("📎 {} ({} bytes)", mime, meta.size),
|
||||||
};
|
};
|
||||||
// Render as a content_ref card on the sender side (UI already knows
|
// Render as a content_ref card on the sender side (UI already knows
|
||||||
// how to draw it from cid + mime + filename + size) regardless of
|
// how to draw it from cid + mime + filename + size).
|
||||||
// which wire format actually goes out — this is a local-only mirror.
|
|
||||||
let typed_json = serde_json::json!({
|
let typed_json = serde_json::json!({
|
||||||
"cid": meta.cid,
|
"cid": meta.cid,
|
||||||
"size": meta.size,
|
"size": meta.size,
|
||||||
@ -447,67 +446,22 @@ impl RpcHandler {
|
|||||||
"caption": caption,
|
"caption": caption,
|
||||||
"inline": true,
|
"inline": true,
|
||||||
});
|
});
|
||||||
let seq = svc.next_send_seq(contact_id).await;
|
|
||||||
|
|
||||||
// A stock (non-archy) peer can't decode our typed-envelope wire
|
let msg = svc
|
||||||
// format — send images to them via LXMF's native FIELD_IMAGE
|
.send_typed_wire(
|
||||||
// instead, so they actually see the photo (Sideband/NomadNet).
|
|
||||||
let is_archy = svc.is_archy_peer(contact_id).await;
|
|
||||||
let native_image = !is_archy
|
|
||||||
&& device_type == crate::mesh::types::DeviceType::Reticulum
|
|
||||||
&& mime.starts_with("image/");
|
|
||||||
|
|
||||||
let msg = if native_image {
|
|
||||||
svc.send_native_image(contact_id, &mime, bytes, caption.clone())
|
|
||||||
.await?;
|
|
||||||
svc.record_sent_typed(
|
|
||||||
contact_id,
|
contact_id,
|
||||||
|
wire,
|
||||||
"content_ref",
|
"content_ref",
|
||||||
&display,
|
&display,
|
||||||
Some(typed_json),
|
Some(typed_json),
|
||||||
seq,
|
seq,
|
||||||
Some(radio_transport_label(device_type).to_string()),
|
|
||||||
true, // Reticulum/LXMF is unconditionally E2E on every send
|
|
||||||
)
|
)
|
||||||
.await
|
.await?;
|
||||||
} else {
|
|
||||||
let content = ContentInlinePayload {
|
|
||||||
mime: mime.clone(),
|
|
||||||
filename: filename.clone(),
|
|
||||||
caption: caption.clone(),
|
|
||||||
bytes,
|
|
||||||
};
|
|
||||||
let payload = message_types::encode_payload(&content)?;
|
|
||||||
let envelope = TypedEnvelope::new(MeshMessageType::ContentInline, payload).with_seq(seq);
|
|
||||||
let wire = envelope.to_wire()?;
|
|
||||||
if use_resource_transfer {
|
|
||||||
svc.send_content_resource(
|
|
||||||
contact_id,
|
|
||||||
wire,
|
|
||||||
"content_ref",
|
|
||||||
&display,
|
|
||||||
Some(typed_json),
|
|
||||||
seq,
|
|
||||||
)
|
|
||||||
.await?
|
|
||||||
} else {
|
|
||||||
svc.send_typed_wire(
|
|
||||||
contact_id,
|
|
||||||
wire,
|
|
||||||
"content_ref",
|
|
||||||
&display,
|
|
||||||
Some(typed_json),
|
|
||||||
seq,
|
|
||||||
)
|
|
||||||
.await?
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
info!(
|
info!(
|
||||||
contact_id,
|
contact_id,
|
||||||
size = meta.size,
|
size = meta.size,
|
||||||
cid = %meta.cid,
|
cid = %meta.cid,
|
||||||
via_resource = use_resource_transfer,
|
|
||||||
"Sent content_inline over mesh"
|
"Sent content_inline over mesh"
|
||||||
);
|
);
|
||||||
Ok(serde_json::json!({
|
Ok(serde_json::json!({
|
||||||
@ -538,19 +492,8 @@ impl RpcHandler {
|
|||||||
// Knobs — keep in sync with the frontend modal copy.
|
// Knobs — keep in sync with the frontend modal copy.
|
||||||
const MESH_AUTO_MAX: u64 = 1024;
|
const MESH_AUTO_MAX: u64 = 1024;
|
||||||
const MESH_HARD_MAX: u64 = 2300;
|
const MESH_HARD_MAX: u64 = 2300;
|
||||||
// Reticulum-only: above the small inline-chunk cap, a real RNS Resource
|
|
||||||
// transfer can still carry the payload directly over LoRa (native
|
|
||||||
// chunked transfer with retries) instead of falling back to Tor. Capped
|
|
||||||
// well under TOR_LARGE_WARN to keep worst-case LoRa transfer time
|
|
||||||
// bounded — comfortably covers the HIGH image preset (512KB target).
|
|
||||||
const RETICULUM_RESOURCE_MAX: u64 = 2 * 1024 * 1024;
|
|
||||||
const TOR_LARGE_WARN: u64 = 5 * 1024 * 1024;
|
const TOR_LARGE_WARN: u64 = 5 * 1024 * 1024;
|
||||||
// Meshcore/Meshtastic effective LoRa throughput after retries/FEC is much
|
const LORA_BYTES_PER_SEC: u64 = 50;
|
||||||
// lower than the raw radio bitrate. Reticulum's RNodeInterface reports its
|
|
||||||
// real bitrate (e.g. ~3125 bps ≈ 390 B/s observed live), so estimates for it
|
|
||||||
// would be wildly pessimistic at the generic 50 B/s figure.
|
|
||||||
const LORA_BYTES_PER_SEC_DEFAULT: u64 = 50;
|
|
||||||
const LORA_BYTES_PER_SEC_RETICULUM: u64 = 390;
|
|
||||||
|
|
||||||
// Resolve peer Tor reachability via federation node list.
|
// Resolve peer Tor reachability via federation node list.
|
||||||
let service = self.mesh_service.read().await;
|
let service = self.mesh_service.read().await;
|
||||||
@ -558,12 +501,6 @@ impl RpcHandler {
|
|||||||
.as_ref()
|
.as_ref()
|
||||||
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
||||||
let state = svc.shared_state();
|
let state = svc.shared_state();
|
||||||
let device_type = state.status.read().await.device_type;
|
|
||||||
let lora_bytes_per_sec = if device_type == crate::mesh::types::DeviceType::Reticulum {
|
|
||||||
LORA_BYTES_PER_SEC_RETICULUM
|
|
||||||
} else {
|
|
||||||
LORA_BYTES_PER_SEC_DEFAULT
|
|
||||||
};
|
|
||||||
let (peer_pubkey_hex, peer_did) = {
|
let (peer_pubkey_hex, peer_did) = {
|
||||||
let peers = state.peers.read().await;
|
let peers = state.peers.read().await;
|
||||||
match peers.get(&contact_id) {
|
match peers.get(&contact_id) {
|
||||||
@ -583,10 +520,8 @@ impl RpcHandler {
|
|||||||
.map(|d| nodes.iter().any(|n| &n.did == d))
|
.map(|d| nodes.iter().any(|n| &n.did == d))
|
||||||
.unwrap_or(false);
|
.unwrap_or(false);
|
||||||
|
|
||||||
let est_seconds =
|
let est_seconds = (size.saturating_add(LORA_BYTES_PER_SEC - 1) / LORA_BYTES_PER_SEC).max(1);
|
||||||
(size.saturating_add(lora_bytes_per_sec - 1) / lora_bytes_per_sec).max(1);
|
|
||||||
|
|
||||||
let is_reticulum = device_type == crate::mesh::types::DeviceType::Reticulum;
|
|
||||||
let (tier, reason) = if size <= MESH_AUTO_MAX {
|
let (tier, reason) = if size <= MESH_AUTO_MAX {
|
||||||
("auto-mesh", "Small enough to send inline over mesh")
|
("auto-mesh", "Small enough to send inline over mesh")
|
||||||
} else if size <= MESH_HARD_MAX {
|
} else if size <= MESH_HARD_MAX {
|
||||||
@ -595,8 +530,6 @@ impl RpcHandler {
|
|||||||
} else {
|
} else {
|
||||||
("auto-mesh", "No Tor path — sending inline over mesh")
|
("auto-mesh", "No Tor path — sending inline over mesh")
|
||||||
}
|
}
|
||||||
} else if is_reticulum && size <= RETICULUM_RESOURCE_MAX {
|
|
||||||
("resource-mesh", "Sending directly over LoRa via a Reticulum resource transfer")
|
|
||||||
} else if size <= TOR_LARGE_WARN {
|
} else if size <= TOR_LARGE_WARN {
|
||||||
if has_tor {
|
if has_tor {
|
||||||
("tor-only", "Too large for mesh — Tor only")
|
("tor-only", "Too large for mesh — Tor only")
|
||||||
@ -741,6 +674,18 @@ impl RpcHandler {
|
|||||||
.as_str()
|
.as_str()
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing cid"))?
|
.ok_or_else(|| anyhow::anyhow!("Missing cid"))?
|
||||||
.to_string();
|
.to_string();
|
||||||
|
let sender_onion = params["sender_onion"]
|
||||||
|
.as_str()
|
||||||
|
.ok_or_else(|| anyhow::anyhow!("Missing sender_onion"))?
|
||||||
|
.trim_end_matches('/')
|
||||||
|
.to_string();
|
||||||
|
let cap_token = params["cap_token"]
|
||||||
|
.as_str()
|
||||||
|
.ok_or_else(|| anyhow::anyhow!("Missing cap_token"))?
|
||||||
|
.to_string();
|
||||||
|
let cap_exp = params["cap_exp"]
|
||||||
|
.as_u64()
|
||||||
|
.ok_or_else(|| anyhow::anyhow!("Missing cap_exp"))?;
|
||||||
let mime_hint = params["mime"]
|
let mime_hint = params["mime"]
|
||||||
.as_str()
|
.as_str()
|
||||||
.unwrap_or("application/octet-stream")
|
.unwrap_or("application/octet-stream")
|
||||||
@ -764,12 +709,7 @@ impl RpcHandler {
|
|||||||
};
|
};
|
||||||
|
|
||||||
// Short-circuit if we already hold the blob — still issue a fresh
|
// Short-circuit if we already hold the blob — still issue a fresh
|
||||||
// self-cap so the UI gets a displayable local URL. Checked BEFORE the
|
// self-cap so the UI gets a displayable local URL.
|
||||||
// sender_onion/cap_token/cap_exp params are required below: an inline
|
|
||||||
// ContentInline attachment (mesh.send-content-inline) is written to
|
|
||||||
// our own BlobStore the moment it's received/sent (dispatch.rs), so
|
|
||||||
// its typed_payload never carries those fields at all — only a
|
|
||||||
// ContentRef fetched from a remote peer needs them.
|
|
||||||
if blob_store.has(&cid).await {
|
if blob_store.has(&cid).await {
|
||||||
let local_exp = (chrono::Utc::now().timestamp() as u64) + DEFAULT_CAP_TTL_SECS;
|
let local_exp = (chrono::Utc::now().timestamp() as u64) + DEFAULT_CAP_TTL_SECS;
|
||||||
let local_cap = blob_store.issue_capability(&cid, &self_pubkey_hex, local_exp);
|
let local_cap = blob_store.issue_capability(&cid, &self_pubkey_hex, local_exp);
|
||||||
@ -785,19 +725,6 @@ impl RpcHandler {
|
|||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
let sender_onion = params["sender_onion"]
|
|
||||||
.as_str()
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing sender_onion"))?
|
|
||||||
.trim_end_matches('/')
|
|
||||||
.to_string();
|
|
||||||
let cap_token = params["cap_token"]
|
|
||||||
.as_str()
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing cap_token"))?
|
|
||||||
.to_string();
|
|
||||||
let cap_exp = params["cap_exp"]
|
|
||||||
.as_u64()
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing cap_exp"))?;
|
|
||||||
|
|
||||||
// Reach the sender: FIPS preferred when the sender is federated
|
// Reach the sender: FIPS preferred when the sender is federated
|
||||||
// and has advertised a FIPS npub, Tor fallback otherwise.
|
// and has advertised a FIPS npub, Tor fallback otherwise.
|
||||||
// Cap/exp/peer in the query string match what the sender signed in
|
// Cap/exp/peer in the query string match what the sender signed in
|
||||||
@ -933,15 +860,6 @@ impl RpcHandler {
|
|||||||
let svc = service
|
let svc = service
|
||||||
.as_ref()
|
.as_ref()
|
||||||
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
||||||
// Read receipts are fired automatically just by viewing a chat (no
|
|
||||||
// explicit user action), unlike every other typed send here — so a
|
|
||||||
// stock (non-archy) peer that can't decode a TypedEnvelope at all
|
|
||||||
// (e.g. a phone running plain Sideband) would otherwise get a raw
|
|
||||||
// control envelope shoved at it the moment its message is viewed,
|
|
||||||
// surfacing as garbage text right after whatever it just sent.
|
|
||||||
if !svc.is_archy_peer(contact_id).await {
|
|
||||||
return Ok(serde_json::json!({ "sent": false, "reason": "not an archy peer" }));
|
|
||||||
}
|
|
||||||
let seq = svc.next_send_seq(contact_id).await;
|
let seq = svc.next_send_seq(contact_id).await;
|
||||||
let payload = message_types::encode_payload(&receipt)?;
|
let payload = message_types::encode_payload(&receipt)?;
|
||||||
let envelope = TypedEnvelope::new(MeshMessageType::ReadReceipt, payload).with_seq(seq);
|
let envelope = TypedEnvelope::new(MeshMessageType::ReadReceipt, payload).with_seq(seq);
|
||||||
@ -1215,13 +1133,9 @@ impl RpcHandler {
|
|||||||
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
.ok_or_else(|| anyhow::anyhow!("Mesh service not running"))?;
|
||||||
let state = svc.shared_state();
|
let state = svc.shared_state();
|
||||||
let contacts = state.contacts.read().await;
|
let contacts = state.contacts.read().await;
|
||||||
let peer_vec: Vec<_> = state.peers.read().await.values().cloned().collect();
|
let peers = state.peers.read().await;
|
||||||
// Collapse radio/federation twins so a node reachable both ways shows as
|
|
||||||
// one contact instead of two (#12).
|
|
||||||
let groups = crate::mesh::group_peer_twins(&peer_vec);
|
|
||||||
let mut out: Vec<serde_json::Value> = Vec::new();
|
let mut out: Vec<serde_json::Value> = Vec::new();
|
||||||
for group in &groups {
|
for peer in peers.values() {
|
||||||
let peer = &group.canonical;
|
|
||||||
if let Some(pk) = peer.pubkey_hex.as_ref() {
|
if let Some(pk) = peer.pubkey_hex.as_ref() {
|
||||||
let entry = contacts.get(pk).cloned().unwrap_or_default();
|
let entry = contacts.get(pk).cloned().unwrap_or_default();
|
||||||
out.push(serde_json::json!({
|
out.push(serde_json::json!({
|
||||||
|
|||||||
@ -64,32 +64,6 @@ pub(super) fn sanitize_error_message(msg: &str) -> String {
|
|||||||
"Container",
|
"Container",
|
||||||
"Image",
|
"Image",
|
||||||
"Bitcoin address",
|
"Bitcoin address",
|
||||||
"No router",
|
|
||||||
"No OpenWrt",
|
|
||||||
"No space left",
|
|
||||||
"Not enough flash",
|
|
||||||
"Not enough space",
|
|
||||||
"TollGate installation failed",
|
|
||||||
"No pre-built TollGate",
|
|
||||||
"opkg not found",
|
|
||||||
"apk update failed",
|
|
||||||
"No wireless interface",
|
|
||||||
"No wireless radio",
|
|
||||||
"WiFi radio enabled but",
|
|
||||||
"Missing required field",
|
|
||||||
// seed.reveal / auth flows — user-actionable, no internals to leak.
|
|
||||||
// Without these the sanitizer collapsed every reveal failure into
|
|
||||||
// "Operation failed. Check server logs." (which isn't even a crash).
|
|
||||||
"Incorrect",
|
|
||||||
"This node has no encrypted seed",
|
|
||||||
"A 2FA code is required",
|
|
||||||
"2FA is enabled but",
|
|
||||||
"Could not decrypt the saved seed",
|
|
||||||
"Could not unlock 2FA",
|
|
||||||
"No mnemonic available",
|
|
||||||
"No pending seed generation",
|
|
||||||
"Submitted words",
|
|
||||||
"Already set up",
|
|
||||||
];
|
];
|
||||||
for prefix in &user_facing_prefixes {
|
for prefix in &user_facing_prefixes {
|
||||||
if msg.starts_with(prefix) {
|
if msg.starts_with(prefix) {
|
||||||
@ -109,43 +83,6 @@ pub(super) fn sanitize_error_message(msg: &str) -> String {
|
|||||||
"Operation failed. Check server logs for details.".to_string()
|
"Operation failed. Check server logs for details.".to_string()
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
|
||||||
mod sanitize_tests {
|
|
||||||
use super::sanitize_error_message;
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn seed_reveal_errors_pass_through() {
|
|
||||||
// Every user-actionable seed.reveal failure must reach the user —
|
|
||||||
// masking them as "Check server logs" sent a real user hunting a
|
|
||||||
// crash that never happened.
|
|
||||||
for msg in [
|
|
||||||
"Incorrect password",
|
|
||||||
"This node has no encrypted seed backup, so the recovery phrase cannot be shown. It was only displayed once during setup.",
|
|
||||||
"A 2FA code is required to reveal the recovery phrase",
|
|
||||||
"2FA is enabled but no TOTP data found",
|
|
||||||
"Could not decrypt the saved seed. If you set a separate backup passphrase during setup, enter that passphrase.",
|
|
||||||
"Could not unlock 2FA with this password",
|
|
||||||
"No mnemonic available. Generate or restore a seed first.",
|
|
||||||
"Submitted words do not match generated seed",
|
|
||||||
"Already set up. Use auth.changePassword to change.",
|
|
||||||
] {
|
|
||||||
assert_ne!(
|
|
||||||
sanitize_error_message(msg),
|
|
||||||
"Operation failed. Check server logs for details.",
|
|
||||||
"masked: {msg}"
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn internal_errors_stay_generic() {
|
|
||||||
assert_eq!(
|
|
||||||
sanitize_error_message("thread panicked at src/foo.rs:42"),
|
|
||||||
"Operation failed. Check server logs for details."
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Derive a CSRF token from the session token via HMAC.
|
/// Derive a CSRF token from the session token via HMAC.
|
||||||
/// Deterministic: same session token always produces the same CSRF token.
|
/// Deterministic: same session token always produces the same CSRF token.
|
||||||
/// Survives backend restarts because it depends only on the session token
|
/// Survives backend restarts because it depends only on the session token
|
||||||
|
|||||||
@ -23,7 +23,6 @@ mod names;
|
|||||||
mod network;
|
mod network;
|
||||||
mod node;
|
mod node;
|
||||||
mod nostr;
|
mod nostr;
|
||||||
mod openwrt;
|
|
||||||
mod package;
|
mod package;
|
||||||
mod peers;
|
mod peers;
|
||||||
mod response;
|
mod response;
|
||||||
|
|||||||
@ -1,353 +0,0 @@
|
|||||||
use super::RpcHandler;
|
|
||||||
use anyhow::Result;
|
|
||||||
use archipelago_openwrt::{
|
|
||||||
detect,
|
|
||||||
router::Router,
|
|
||||||
tollgate::{self, TollGateConfig},
|
|
||||||
wan,
|
|
||||||
wifi_scan,
|
|
||||||
};
|
|
||||||
use crate::network::router as net_router;
|
|
||||||
|
|
||||||
/// Default port for the local Cashu mint (nutshell / cashu-mint app).
|
|
||||||
const LOCAL_MINT_PORT: u16 = 3338;
|
|
||||||
|
|
||||||
impl RpcHandler {
|
|
||||||
/// Scan the local subnet for OpenWrt routers.
|
|
||||||
///
|
|
||||||
/// Params: `{ "subnet": "192.168.1.0", "prefix": 24,
|
|
||||||
/// "ssh_user": "root", "ssh_password": "" }`
|
|
||||||
pub(super) async fn handle_openwrt_scan(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let p = params.unwrap_or_default();
|
|
||||||
let subnet: [u8; 4] = parse_ipv4(
|
|
||||||
p.get("subnet").and_then(|v| v.as_str()).unwrap_or("192.168.1.0"),
|
|
||||||
)?;
|
|
||||||
let prefix = p.get("prefix").and_then(|v| v.as_u64()).unwrap_or(24) as u8;
|
|
||||||
let ssh_user = p
|
|
||||||
.get("ssh_user")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.unwrap_or("root")
|
|
||||||
.to_string();
|
|
||||||
let ssh_password = p
|
|
||||||
.get("ssh_password")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.unwrap_or("")
|
|
||||||
.to_string();
|
|
||||||
|
|
||||||
let routers = detect::scan_subnet(subnet, prefix, &ssh_user, &ssh_password).await;
|
|
||||||
let ips: Vec<String> = routers.iter().map(|ip| ip.to_string()).collect();
|
|
||||||
|
|
||||||
Ok(serde_json::json!({ "routers": ips }))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Read current settings from a saved or ad-hoc OpenWrt router via SSH/UCI.
|
|
||||||
///
|
|
||||||
/// Params (all optional): `{ "host": "...", "ssh_user": "root", "ssh_password": "" }`
|
|
||||||
/// If params are omitted the saved `router_config.json` credentials are used.
|
|
||||||
pub(super) async fn handle_openwrt_get_status(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let saved = net_router::load_router_config(&self.config.data_dir).await?;
|
|
||||||
let p = params.unwrap_or_default();
|
|
||||||
let host_from_params = p.get("host").and_then(|v| v.as_str()).is_some();
|
|
||||||
|
|
||||||
let host = p
|
|
||||||
.get("host")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(|s| s.to_string())
|
|
||||||
.or_else(|| if saved.configured { Some(saved.address.clone()) } else { None })
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("No router configured — provide host or call router.configure first"))?;
|
|
||||||
|
|
||||||
let ssh_user = p
|
|
||||||
.get("ssh_user")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(|s| s.to_string())
|
|
||||||
.or_else(|| saved.username.clone())
|
|
||||||
.unwrap_or_else(|| "root".to_string());
|
|
||||||
|
|
||||||
let ssh_password = p
|
|
||||||
.get("ssh_password")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(|s| s.to_string())
|
|
||||||
.or_else(|| saved.password.clone())
|
|
||||||
.unwrap_or_default();
|
|
||||||
|
|
||||||
let router = Router::connect_password(&host, 22, &ssh_user, &ssh_password)?;
|
|
||||||
router.verify_openwrt()?;
|
|
||||||
|
|
||||||
// Persist the connection so other views (e.g. the Home dashboard's
|
|
||||||
// Network tile) can poll `openwrt.get-status` with no params instead
|
|
||||||
// of every caller needing to carry host/credentials around. Only do
|
|
||||||
// this when the host actually came from params — otherwise every
|
|
||||||
// no-args poll would re-save the same thing it just read.
|
|
||||||
if host_from_params {
|
|
||||||
let _ = net_router::configure_router(
|
|
||||||
&self.config.data_dir,
|
|
||||||
net_router::RouterType::OpenWrt,
|
|
||||||
&host,
|
|
||||||
None,
|
|
||||||
Some(&ssh_user),
|
|
||||||
Some(&ssh_password),
|
|
||||||
).await;
|
|
||||||
}
|
|
||||||
|
|
||||||
// System info
|
|
||||||
let release = router.run_ok("cat /etc/openwrt_release").unwrap_or_default();
|
|
||||||
let hostname = router
|
|
||||||
.uci_get("system.@system[0].hostname")
|
|
||||||
.unwrap_or_else(|_| "unknown".into());
|
|
||||||
let uptime_secs: u64 = router
|
|
||||||
.run_ok("cat /proc/uptime")
|
|
||||||
.unwrap_or_default()
|
|
||||||
.split_whitespace()
|
|
||||||
.next()
|
|
||||||
.and_then(|s| s.split('.').next())
|
|
||||||
.and_then(|s| s.parse().ok())
|
|
||||||
.unwrap_or(0);
|
|
||||||
|
|
||||||
// TollGate — check via opkg (≤24.x) or binary presence (25.x apk-native).
|
|
||||||
// The service binary is /usr/bin/tollgate-wrt (per its init.d script),
|
|
||||||
// not /usr/bin/tollgate-module-basic-go — that's only the opkg/apk
|
|
||||||
// *package* name, never an on-disk filename.
|
|
||||||
let tollgate_installed = router
|
|
||||||
.run("/usr/bin/opkg list-installed 2>/dev/null | grep -q '^tollgate-module-basic-go ' || \
|
|
||||||
test -f /usr/bin/tollgate-wrt 2>/dev/null")
|
|
||||||
.map(|(_, code)| code == 0)
|
|
||||||
.unwrap_or(false);
|
|
||||||
|
|
||||||
let tollgate = if tollgate_installed {
|
|
||||||
serde_json::json!({
|
|
||||||
"installed": true,
|
|
||||||
"enabled": router.uci_get("tollgate.main.enabled").map(|v| v == "1").unwrap_or(false),
|
|
||||||
"metric": router.uci_get("tollgate.main.metric").unwrap_or_default(),
|
|
||||||
"step_size_ms": router.uci_get("tollgate.main.step_size").ok().and_then(|v| v.parse::<u64>().ok()).unwrap_or(0),
|
|
||||||
"price_per_step":router.uci_get("tollgate.main.price_per_step").ok().and_then(|v| v.parse::<u64>().ok()).unwrap_or(0),
|
|
||||||
"min_steps": router.uci_get("tollgate.main.min_steps").ok().and_then(|v| v.parse::<u32>().ok()).unwrap_or(1),
|
|
||||||
"currency": router.uci_get("tollgate.main.currency").unwrap_or_default(),
|
|
||||||
"mint_url": router.uci_get("tollgate.main.mint_url").unwrap_or_default(),
|
|
||||||
})
|
|
||||||
} else {
|
|
||||||
serde_json::json!({ "installed": false })
|
|
||||||
};
|
|
||||||
|
|
||||||
// WiFi interfaces
|
|
||||||
let wifi_raw = router.run_ok("uci show wireless").unwrap_or_default();
|
|
||||||
let wifi_interfaces = parse_wifi_interfaces(&wifi_raw);
|
|
||||||
|
|
||||||
let wan_status = wan::get_wan_status(&router);
|
|
||||||
|
|
||||||
Ok(serde_json::json!({
|
|
||||||
"host": host,
|
|
||||||
"hostname": hostname,
|
|
||||||
"uptime_secs": uptime_secs,
|
|
||||||
"release": parse_release(&release),
|
|
||||||
"tollgate": tollgate,
|
|
||||||
"wifi_interfaces": wifi_interfaces,
|
|
||||||
"wan": wan_status,
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Provision TollGate on an OpenWrt router and create the "archipelago" SSID.
|
|
||||||
///
|
|
||||||
/// Params: `{ "host": "192.168.1.1", "ssh_user": "root", "ssh_password": "",
|
|
||||||
/// "price_sats": 10, "step_size_ms": 60000, "min_steps": 1,
|
|
||||||
/// "mint_url": "<optional override>" }`
|
|
||||||
///
|
|
||||||
/// `mint_url` defaults to `http://<this node's IP>:3338` — the local Cashu
|
|
||||||
/// mint that must be running as an Archy app before calling this endpoint.
|
|
||||||
pub(super) async fn handle_openwrt_provision_tollgate(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let saved = net_router::load_router_config(&self.config.data_dir).await?;
|
|
||||||
let p = params.unwrap_or_default();
|
|
||||||
|
|
||||||
let host = p
|
|
||||||
.get("host")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(|s| s.to_string())
|
|
||||||
.or_else(|| if saved.configured { Some(saved.address.clone()) } else { None })
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("No router configured — provide host or call router.configure first"))?;
|
|
||||||
let ssh_user = p
|
|
||||||
.get("ssh_user")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(|s| s.to_string())
|
|
||||||
.or_else(|| saved.username.clone())
|
|
||||||
.unwrap_or_else(|| "root".to_string());
|
|
||||||
let ssh_password = p
|
|
||||||
.get("ssh_password")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(|s| s.to_string())
|
|
||||||
.or_else(|| saved.password.clone())
|
|
||||||
.unwrap_or_default();
|
|
||||||
|
|
||||||
let default_mint_url = format!("http://{}:{}", self.config.host_ip, LOCAL_MINT_PORT);
|
|
||||||
let mint_url = p
|
|
||||||
.get("mint_url")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.unwrap_or(&default_mint_url)
|
|
||||||
.to_string();
|
|
||||||
|
|
||||||
let config = TollGateConfig {
|
|
||||||
ssid: "archipelago".to_string(),
|
|
||||||
mint_url,
|
|
||||||
price_sats: p.get("price_sats").and_then(|v| v.as_u64()).unwrap_or(10),
|
|
||||||
step_size_ms: p
|
|
||||||
.get("step_size_ms")
|
|
||||||
.and_then(|v| v.as_u64())
|
|
||||||
.unwrap_or(60_000),
|
|
||||||
min_steps: p
|
|
||||||
.get("min_steps")
|
|
||||||
.and_then(|v| v.as_u64())
|
|
||||||
.unwrap_or(1) as u32,
|
|
||||||
enabled: p.get("enabled").and_then(|v| v.as_bool()).unwrap_or(true),
|
|
||||||
};
|
|
||||||
|
|
||||||
let router = Router::connect_password(&host, 22, &ssh_user, &ssh_password)?;
|
|
||||||
router.verify_openwrt()?;
|
|
||||||
tollgate::provision(&router, &config).await?;
|
|
||||||
|
|
||||||
Ok(serde_json::json!({
|
|
||||||
"ok": true,
|
|
||||||
"host": host,
|
|
||||||
"ssid": config.ssid,
|
|
||||||
"mint_url": config.mint_url,
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Scan for visible WiFi networks from the router's radio.
|
|
||||||
///
|
|
||||||
/// Params: same host/credentials as other openwrt methods.
|
|
||||||
pub(super) async fn handle_openwrt_scan_wifi(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let saved = net_router::load_router_config(&self.config.data_dir).await?;
|
|
||||||
let p = params.unwrap_or_default();
|
|
||||||
|
|
||||||
let host = p.get("host").and_then(|v| v.as_str()).map(|s| s.to_string())
|
|
||||||
.or_else(|| if saved.configured { Some(saved.address.clone()) } else { None })
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("No router configured — provide host or call router.configure first"))?;
|
|
||||||
let ssh_user = p.get("ssh_user").and_then(|v| v.as_str()).map(|s| s.to_string())
|
|
||||||
.or_else(|| saved.username.clone()).unwrap_or_else(|| "root".to_string());
|
|
||||||
let ssh_password = p.get("ssh_password").and_then(|v| v.as_str()).map(|s| s.to_string())
|
|
||||||
.or_else(|| saved.password.clone()).unwrap_or_default();
|
|
||||||
|
|
||||||
let router = Router::connect_password(&host, 22, &ssh_user, &ssh_password)?;
|
|
||||||
router.verify_openwrt()?;
|
|
||||||
|
|
||||||
let networks = wifi_scan::scan_networks(&router)?;
|
|
||||||
let result: Vec<serde_json::Value> = networks
|
|
||||||
.iter()
|
|
||||||
.map(|n| serde_json::json!({
|
|
||||||
"ssid": n.ssid,
|
|
||||||
"bssid": n.bssid,
|
|
||||||
"signal": n.signal,
|
|
||||||
"channel": n.channel,
|
|
||||||
"encryption": n.encryption,
|
|
||||||
}))
|
|
||||||
.collect();
|
|
||||||
|
|
||||||
Ok(serde_json::json!({ "networks": result }))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Configure WAN/WISP — connect the router to an upstream WiFi network.
|
|
||||||
///
|
|
||||||
/// Params: host/credentials + `{ "ssid": "...", "password": "...", "encryption": "psk2" }`
|
|
||||||
pub(super) async fn handle_openwrt_configure_wan(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let saved = net_router::load_router_config(&self.config.data_dir).await?;
|
|
||||||
let p = params.unwrap_or_default();
|
|
||||||
|
|
||||||
let host = p.get("host").and_then(|v| v.as_str()).map(|s| s.to_string())
|
|
||||||
.or_else(|| if saved.configured { Some(saved.address.clone()) } else { None })
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("No router configured — provide host or call router.configure first"))?;
|
|
||||||
let ssh_user = p.get("ssh_user").and_then(|v| v.as_str()).map(|s| s.to_string())
|
|
||||||
.or_else(|| saved.username.clone()).unwrap_or_else(|| "root".to_string());
|
|
||||||
let ssh_password = p.get("ssh_password").and_then(|v| v.as_str()).map(|s| s.to_string())
|
|
||||||
.or_else(|| saved.password.clone()).unwrap_or_default();
|
|
||||||
|
|
||||||
let ssid = p.get("ssid").and_then(|v| v.as_str())
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing required field: ssid"))?.to_string();
|
|
||||||
let password = p.get("password").and_then(|v| v.as_str()).unwrap_or("").to_string();
|
|
||||||
let encryption = p.get("encryption").and_then(|v| v.as_str()).unwrap_or("psk2").to_string();
|
|
||||||
let dhcp_start = p.get("dhcp_start").and_then(|v| v.as_u64()).unwrap_or(100) as u32;
|
|
||||||
let dhcp_limit = p.get("dhcp_limit").and_then(|v| v.as_u64()).unwrap_or(150) as u32;
|
|
||||||
let masq = p.get("masq").and_then(|v| v.as_bool()).unwrap_or(true);
|
|
||||||
|
|
||||||
let router = Router::connect_password(&host, 22, &ssh_user, &ssh_password)?;
|
|
||||||
router.verify_openwrt()?;
|
|
||||||
|
|
||||||
let config = wan::WispConfig { ssid: ssid.clone(), password, encryption, dhcp_start, dhcp_limit, masq };
|
|
||||||
wan::configure_wisp(&router, &config)?;
|
|
||||||
|
|
||||||
Ok(serde_json::json!({ "ok": true, "host": host, "ssid": ssid }))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Parse /etc/openwrt_release key=value pairs into a JSON object.
|
|
||||||
fn parse_release(raw: &str) -> serde_json::Value {
|
|
||||||
let mut m = serde_json::Map::new();
|
|
||||||
for line in raw.lines() {
|
|
||||||
if let Some((k, v)) = line.split_once('=') {
|
|
||||||
m.insert(
|
|
||||||
k.to_lowercase(),
|
|
||||||
serde_json::Value::String(v.trim_matches('"').to_string()),
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
serde_json::Value::Object(m)
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Extract AP wifi-iface sections from `uci show wireless` output.
|
|
||||||
fn parse_wifi_interfaces(raw: &str) -> Vec<serde_json::Value> {
|
|
||||||
use std::collections::HashMap;
|
|
||||||
let mut sections: HashMap<String, HashMap<String, String>> = HashMap::new();
|
|
||||||
|
|
||||||
for line in raw.lines() {
|
|
||||||
if let Some((lhs, rhs)) = line.trim().split_once('=') {
|
|
||||||
let parts: Vec<&str> = lhs.splitn(3, '.').collect();
|
|
||||||
if parts.len() == 3 && parts[0] == "wireless" {
|
|
||||||
sections
|
|
||||||
.entry(parts[1].to_string())
|
|
||||||
.or_default()
|
|
||||||
.insert(parts[2].to_string(), rhs.trim_matches('\'').to_string());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut ifaces: Vec<serde_json::Value> = sections
|
|
||||||
.into_iter()
|
|
||||||
.filter(|(_, f)| f.get("mode").map(|m| m == "ap").unwrap_or(false))
|
|
||||||
.map(|(name, f)| serde_json::json!({
|
|
||||||
"section": name,
|
|
||||||
"ssid": f.get("ssid").cloned().unwrap_or_default(),
|
|
||||||
"device": f.get("device").cloned().unwrap_or_default(),
|
|
||||||
"encryption": f.get("encryption").cloned().unwrap_or_else(|| "none".into()),
|
|
||||||
"network": f.get("network").cloned().unwrap_or_default(),
|
|
||||||
"disabled": f.get("disabled").map(|v| v == "1").unwrap_or(false),
|
|
||||||
}))
|
|
||||||
.collect();
|
|
||||||
|
|
||||||
ifaces.sort_by_key(|v| v["section"].as_str().unwrap_or("").to_string());
|
|
||||||
ifaces
|
|
||||||
}
|
|
||||||
|
|
||||||
fn parse_ipv4(s: &str) -> Result<[u8; 4]> {
|
|
||||||
let parts: Vec<&str> = s.split('.').collect();
|
|
||||||
if parts.len() != 4 {
|
|
||||||
anyhow::bail!("Invalid IPv4: {}", s);
|
|
||||||
}
|
|
||||||
Ok([
|
|
||||||
parts[0].parse()?,
|
|
||||||
parts[1].parse()?,
|
|
||||||
parts[2].parse()?,
|
|
||||||
parts[3].parse()?,
|
|
||||||
])
|
|
||||||
}
|
|
||||||
@ -114,31 +114,6 @@ impl RpcHandler {
|
|||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!("package.install {} failed: {:#}", package_id_spawn, e);
|
error!("package.install {} failed: {:#}", package_id_spawn, e);
|
||||||
install_log(&format!("INSTALL FAIL: {} — {:#}", package_id_spawn, e)).await;
|
install_log(&format!("INSTALL FAIL: {} — {:#}", package_id_spawn, e)).await;
|
||||||
// Dependency-gate rejections happen BEFORE any resource
|
|
||||||
// (container/image/data dir) exists for this package, so
|
|
||||||
// keeping the optimistic entry would leave a phantom
|
|
||||||
// "Stopped" tile whose Start fails with `no such object`
|
|
||||||
// (the log-confirmed LND fresh-install failure). Remove
|
|
||||||
// the entry so the card reverts to installable, and
|
|
||||||
// surface the reason as a notification instead.
|
|
||||||
if let Some(gate) = e.downcast_ref::<super::dependencies::DependencyGateError>()
|
|
||||||
{
|
|
||||||
let (mut data, _) = handler.state_manager.get_snapshot().await;
|
|
||||||
data.package_data.remove(&package_id_spawn);
|
|
||||||
data.notifications.push(crate::data_model::Notification {
|
|
||||||
id: format!("install-deps-{package_id_spawn}"),
|
|
||||||
level: crate::data_model::NotificationLevel::Error,
|
|
||||||
title: format!("Could not install {package_id_spawn}"),
|
|
||||||
message: gate.to_string(),
|
|
||||||
timestamp: chrono::Utc::now().to_rfc3339(),
|
|
||||||
app_id: Some(package_id_spawn.clone()),
|
|
||||||
});
|
|
||||||
while data.notifications.len() > 20 {
|
|
||||||
data.notifications.remove(0);
|
|
||||||
}
|
|
||||||
handler.state_manager.update_data(data).await;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
// Don't remove the entry — that's what made the card
|
// Don't remove the entry — that's what made the card
|
||||||
// vanish from My Apps mid-install / between retry-loop
|
// vanish from My Apps mid-install / between retry-loop
|
||||||
// attempts (e.g. tailscale's entrypoint failure). Leave
|
// attempts (e.g. tailscale's entrypoint failure). Leave
|
||||||
|
|||||||
@ -349,37 +349,13 @@ fn http_probe_cmd(url: &'static str) -> &'static str {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Bitcoin UTXO cache (`-dbcache`) in MB, sized to host RAM.
|
|
||||||
///
|
|
||||||
/// A fixed large dbcache on a small box pushes bitcoind + the ~20 app
|
|
||||||
/// containers past physical RAM and triggers system-wide swap thrash: the
|
|
||||||
/// disk saturates, bitcoind can't answer its own RPC, and the dashboard
|
|
||||||
/// backend's sqlite reads stall — surfacing as /rpc/v1 502s and a blank
|
|
||||||
/// Bitcoin UI. Budget ~1/16 of RAM for the cache (floor 300 MB — bitcoind's
|
|
||||||
/// own default is 450 — cap 4096 MB), mirroring scripts/container-specs.sh.
|
|
||||||
pub(super) fn bitcoin_dbcache_mb() -> u64 {
|
|
||||||
let total_mb = std::fs::read_to_string("/proc/meminfo")
|
|
||||||
.ok()
|
|
||||||
.and_then(|c| {
|
|
||||||
c.lines()
|
|
||||||
.find_map(|l| l.strip_prefix("MemTotal:"))
|
|
||||||
.and_then(|v| v.split_whitespace().next())
|
|
||||||
.and_then(|kb| kb.parse::<u64>().ok())
|
|
||||||
})
|
|
||||||
.map(|kb| kb / 1024)
|
|
||||||
.unwrap_or(16000); // assume a comfortable host if /proc/meminfo is unreadable
|
|
||||||
(total_mb / 16).clamp(300, 4096)
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Get per-app memory limit.
|
/// Get per-app memory limit.
|
||||||
pub(super) fn get_memory_limit(app_id: &str) -> &'static str {
|
pub(super) fn get_memory_limit(app_id: &str) -> &'static str {
|
||||||
match app_id {
|
match app_id {
|
||||||
// Heavy apps. Bitcoin: dbcache is now host-RAM-aware (see
|
// Heavy apps. Bitcoin: dbcache uses ~4GB; the daemon also needs
|
||||||
// bitcoin_dbcache_mb), so the daemon's footprint scales with the box.
|
// headroom for mempool + connection buffers + script-verifier
|
||||||
// This cgroup cap is an upper bound for mempool + connection buffers +
|
// memory + I/O. 4g caused OOM-cascades during IBD. 8g is the
|
||||||
// script-verifier memory + I/O; a tight cap (4g) previously caused
|
// floor; ideally this would be host-RAM aware (next pass).
|
||||||
// OOM-cascades during IBD, so keep 8g as a generous ceiling rather
|
|
||||||
// than a tight limit — swap thrash is prevented at the dbcache layer.
|
|
||||||
"bitcoin" | "bitcoin-core" | "bitcoin-knots" => "8g",
|
"bitcoin" | "bitcoin-core" | "bitcoin-knots" => "8g",
|
||||||
// ElectrumX indexing spikes above its cache size due Python,
|
// ElectrumX indexing spikes above its cache size due Python,
|
||||||
// RocksDB, socket buffers, and reorg/history work. Keep cache
|
// RocksDB, socket buffers, and reorg/history work. Keep cache
|
||||||
@ -698,28 +674,22 @@ pub(super) async fn get_app_config(
|
|||||||
// RPC is reachable from the bitcoin-ui companion container.
|
// RPC is reachable from the bitcoin-ui companion container.
|
||||||
//
|
//
|
||||||
// Sync-speed flags:
|
// Sync-speed flags:
|
||||||
// -dbcache — UTXO set cache, sized to host RAM via
|
// -dbcache=4096 — UTXO set cache; 4GB is the sweet spot before
|
||||||
// bitcoin_dbcache_mb() (see there). A fixed 4GB cache swap-
|
// diminishing returns. Container has --memory=8g now so
|
||||||
// thrashed small nodes into fleet-wide 502s; ~1/16 of RAM
|
// there's headroom for mempool + connections.
|
||||||
// keeps headroom for mempool + connections + the app stack.
|
|
||||||
// -par=0 — use all available cores for script
|
// -par=0 — use all available cores for script
|
||||||
// verification (defaults to NCPU-1 capped at 16). Was
|
// verification (defaults to NCPU-1 capped at 16). Was
|
||||||
// effectively pinned at 2 by --cpus=2 (now removed).
|
// effectively pinned at 2 by --cpus=2 (now removed).
|
||||||
// -maxconnections=125 — default but explicit, so ops can
|
// -maxconnections=125 — default but explicit, so ops can
|
||||||
// tune downward on bandwidth-constrained nodes.
|
// tune downward on bandwidth-constrained nodes.
|
||||||
// Log volume: -printtoconsole=0 — bitcoind already writes
|
|
||||||
// debug.log in the datadir (self-shrunk on restart); echoing it
|
|
||||||
// to stdout too pushed every IBD "UpdateTip" line through
|
|
||||||
// conmon into journald (>1 GB/day on a fresh node). Deep
|
|
||||||
// debugging uses /var/lib/archipelago/bitcoin/debug.log.
|
|
||||||
Some(vec![
|
Some(vec![
|
||||||
"-server=1".to_string(),
|
"-server=1".to_string(),
|
||||||
"-rpcbind=0.0.0.0".to_string(),
|
"-rpcbind=0.0.0.0".to_string(),
|
||||||
"-rpcallowip=0.0.0.0/0".to_string(),
|
"-rpcallowip=0.0.0.0/0".to_string(),
|
||||||
"-rpcport=8332".to_string(),
|
"-rpcport=8332".to_string(),
|
||||||
"-printtoconsole=0".to_string(),
|
"-printtoconsole=1".to_string(),
|
||||||
"-datadir=/home/bitcoin/.bitcoin".to_string(),
|
"-datadir=/home/bitcoin/.bitcoin".to_string(),
|
||||||
format!("-dbcache={}", bitcoin_dbcache_mb()),
|
"-dbcache=4096".to_string(),
|
||||||
"-par=0".to_string(),
|
"-par=0".to_string(),
|
||||||
"-maxconnections=125".to_string(),
|
"-maxconnections=125".to_string(),
|
||||||
]),
|
]),
|
||||||
|
|||||||
@ -1,8 +1,6 @@
|
|||||||
use super::config::get_containers_for_app;
|
use super::config::get_containers_for_app;
|
||||||
use super::runtime::manifest_apps_dirs;
|
|
||||||
use crate::data_model::{PackageDataEntry, PackageState};
|
use crate::data_model::{PackageDataEntry, PackageState};
|
||||||
use anyhow::{Context, Result};
|
use anyhow::{Context, Result};
|
||||||
use archipelago_container::{AppManifest, Dependency};
|
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
use tracing::info;
|
use tracing::info;
|
||||||
|
|
||||||
@ -13,38 +11,7 @@ const BITCOIN_NAMES: &[&str] = &["bitcoin-knots", "bitcoin-core", "bitcoin"];
|
|||||||
const ELECTRUM_NAMES: &[&str] = &["electrumx", "mempool-electrs", "electrs"];
|
const ELECTRUM_NAMES: &[&str] = &["electrumx", "mempool-electrs", "electrs"];
|
||||||
const ARCHIVAL_BITCOIN_DISK_GB: u64 = 1000;
|
const ARCHIVAL_BITCOIN_DISK_GB: u64 = 1000;
|
||||||
|
|
||||||
/// The manifest string dependency that declares "needs an archival
|
|
||||||
/// (unpruned + txindex) Bitcoin node" — see `manifest_declares_archival_bitcoin`.
|
|
||||||
const ARCHIVAL_BITCOIN_DEPENDENCY: &str = "bitcoin:archival";
|
|
||||||
|
|
||||||
/// Whether `package_id`'s own on-disk manifest declares
|
|
||||||
/// `dependencies: [bitcoin:archival]`. Manifest-driven alternative to the
|
|
||||||
/// hardcoded id list below — a new app just declares the dependency instead
|
|
||||||
/// of needing a code change here.
|
|
||||||
fn manifest_declares_archival_bitcoin(package_id: &str) -> bool {
|
|
||||||
for apps_dir in manifest_apps_dirs() {
|
|
||||||
let path = apps_dir.join(package_id).join("manifest.yml");
|
|
||||||
let Ok(contents) = std::fs::read_to_string(&path) else {
|
|
||||||
continue;
|
|
||||||
};
|
|
||||||
let Ok(manifest) = AppManifest::parse(&contents) else {
|
|
||||||
continue;
|
|
||||||
};
|
|
||||||
return dependency_list_declares_archival_bitcoin(&manifest.app.dependencies);
|
|
||||||
}
|
|
||||||
false
|
|
||||||
}
|
|
||||||
|
|
||||||
fn dependency_list_declares_archival_bitcoin(deps: &[Dependency]) -> bool {
|
|
||||||
deps.iter()
|
|
||||||
.any(|dep| matches!(dep, Dependency::Simple(s) if s == ARCHIVAL_BITCOIN_DEPENDENCY))
|
|
||||||
}
|
|
||||||
|
|
||||||
fn requires_unpruned_bitcoin(package_id: &str) -> bool {
|
fn requires_unpruned_bitcoin(package_id: &str) -> bool {
|
||||||
if manifest_declares_archival_bitcoin(package_id) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
// Fallback for apps not yet migrated to the manifest declaration above.
|
|
||||||
matches!(
|
matches!(
|
||||||
package_id,
|
package_id,
|
||||||
"electrumx" | "mempool-electrs" | "electrs" | "mempool" | "mempool-web"
|
"electrumx" | "mempool-electrs" | "electrs" | "mempool" | "mempool-web"
|
||||||
@ -58,7 +25,6 @@ fn archival_bitcoin_required_message(package_id: &str) -> String {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Snapshot of which dependency services are currently running.
|
/// Snapshot of which dependency services are currently running.
|
||||||
#[derive(Debug)]
|
|
||||||
pub(super) struct RunningDeps {
|
pub(super) struct RunningDeps {
|
||||||
pub has_bitcoin: bool,
|
pub has_bitcoin: bool,
|
||||||
pub has_electrumx: bool,
|
pub has_electrumx: bool,
|
||||||
@ -228,190 +194,6 @@ pub(super) fn check_install_deps(package_id: &str, deps: &RunningDeps) -> Result
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// ---------------------------------------------------------------------------
|
|
||||||
// Bounded dependency wait (install race fix)
|
|
||||||
// ---------------------------------------------------------------------------
|
|
||||||
//
|
|
||||||
// Confirmed race on fresh nodes: the user clicks "Install LND" while
|
|
||||||
// bitcoin-knots is itself still installing/starting. `check_install_deps`
|
|
||||||
// rejected instantly ("LND requires a running Bitcoin node…") even though
|
|
||||||
// Bitcoin came up 55s later. The fix: when the dependency is INSTALLED
|
|
||||||
// (container exists in `podman ps -a`, or the package state knows about it)
|
|
||||||
// but not Running yet, poll for up to DEP_WAIT_MAX_ATTEMPTS × DEP_WAIT_INTERVAL
|
|
||||||
// (~3 minutes) before failing, surfacing "Waiting for X to start…" via the
|
|
||||||
// install-progress message. If the dependency is not installed at all, fail
|
|
||||||
// fast with the canonical `check_install_deps` message — waiting can't help.
|
|
||||||
|
|
||||||
/// Poll interval while waiting for an installed dependency to start.
|
|
||||||
pub(super) const DEP_WAIT_INTERVAL: std::time::Duration = std::time::Duration::from_secs(5);
|
|
||||||
/// 36 × 5s = 3 minutes of bounded waiting.
|
|
||||||
pub(super) const DEP_WAIT_MAX_ATTEMPTS: u32 = 36;
|
|
||||||
|
|
||||||
/// Marker error: the install was rejected by the dependency gate BEFORE any
|
|
||||||
/// resource (container, image, data dir) was created for the package. The
|
|
||||||
/// async install wrapper (`async_lifecycle.rs`) downcasts to this to remove
|
|
||||||
/// the optimistic `Installing` state entry instead of leaving a phantom
|
|
||||||
/// "Stopped" tile whose Start fails with `no such object`.
|
|
||||||
#[derive(Debug)]
|
|
||||||
pub(in crate::api::rpc) struct DependencyGateError(pub String);
|
|
||||||
|
|
||||||
impl std::fmt::Display for DependencyGateError {
|
|
||||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
|
||||||
f.write_str(&self.0)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
impl std::error::Error for DependencyGateError {}
|
|
||||||
|
|
||||||
/// One unsatisfied install dependency: a user-facing label plus the container
|
|
||||||
/// name variants that would satisfy it.
|
|
||||||
struct MissingDep {
|
|
||||||
label: &'static str,
|
|
||||||
containers: &'static [&'static str],
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Which dependencies `check_install_deps` would reject `package_id` over.
|
|
||||||
/// Must stay in lockstep with the match arms in `check_install_deps` (the
|
|
||||||
/// wait loop re-runs `check_install_deps` for the canonical error message).
|
|
||||||
fn missing_install_deps(package_id: &str, deps: &RunningDeps) -> Vec<MissingDep> {
|
|
||||||
const BITCOIN: MissingDep = MissingDep {
|
|
||||||
label: "Bitcoin",
|
|
||||||
containers: BITCOIN_NAMES,
|
|
||||||
};
|
|
||||||
const ELECTRUM: MissingDep = MissingDep {
|
|
||||||
label: "ElectrumX",
|
|
||||||
containers: ELECTRUM_NAMES,
|
|
||||||
};
|
|
||||||
let mut missing = Vec::new();
|
|
||||||
match package_id {
|
|
||||||
"electrumx" | "mempool-electrs" | "electrs" | "lnd" | "btcpay-server" | "btcpayserver" => {
|
|
||||||
if !deps.has_bitcoin {
|
|
||||||
missing.push(BITCOIN);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
"mempool" | "mempool-web" => {
|
|
||||||
if !deps.has_bitcoin {
|
|
||||||
missing.push(BITCOIN);
|
|
||||||
}
|
|
||||||
if !deps.has_electrumx {
|
|
||||||
missing.push(ELECTRUM);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// fedimint deliberately absent: check_install_deps allows it without
|
|
||||||
// a local Bitcoin node (remote RPC configured in guardian setup).
|
|
||||||
_ => {}
|
|
||||||
}
|
|
||||||
missing
|
|
||||||
}
|
|
||||||
|
|
||||||
fn join_dep_labels(missing: &[MissingDep]) -> String {
|
|
||||||
missing
|
|
||||||
.iter()
|
|
||||||
.map(|d| d.label)
|
|
||||||
.collect::<Vec<_>>()
|
|
||||||
.join(" and ")
|
|
||||||
}
|
|
||||||
|
|
||||||
/// One snapshot of the dependency world, fed to [`wait_for_install_deps`].
|
|
||||||
pub(super) struct DepProbe {
|
|
||||||
/// Which dependency services are currently Running.
|
|
||||||
pub running: RunningDeps,
|
|
||||||
/// Container/package names that EXIST in any state — installed, but
|
|
||||||
/// possibly not running yet (`podman ps -a` ∪ package-state entries).
|
|
||||||
pub existing: Vec<String>,
|
|
||||||
}
|
|
||||||
|
|
||||||
/// All container names known to podman in any state (`podman ps -a`).
|
|
||||||
/// Conservative on probe failure: returns an empty list, which makes the
|
|
||||||
/// wait loop fall back to the pre-fix fail-fast behavior.
|
|
||||||
pub(super) async fn detect_existing_containers() -> Vec<String> {
|
|
||||||
let out = tokio::time::timeout(
|
|
||||||
std::time::Duration::from_secs(30),
|
|
||||||
tokio::process::Command::new("podman")
|
|
||||||
.args(["ps", "-a", "--format", "{{.Names}}"])
|
|
||||||
.output(),
|
|
||||||
)
|
|
||||||
.await;
|
|
||||||
match out {
|
|
||||||
Ok(Ok(o)) if o.status.success() => String::from_utf8_lossy(&o.stdout)
|
|
||||||
.lines()
|
|
||||||
.map(|l| l.trim().to_string())
|
|
||||||
.filter(|l| !l.is_empty())
|
|
||||||
.collect(),
|
|
||||||
_ => Vec::new(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Bounded dependency gate. Returns the (satisfied) `RunningDeps` snapshot,
|
|
||||||
/// or a [`DependencyGateError`]:
|
|
||||||
/// - immediately, when a missing dependency is not installed at all
|
|
||||||
/// (canonical `check_install_deps` message), or
|
|
||||||
/// - after `max_attempts × interval`, when an installed dependency never
|
|
||||||
/// reached Running.
|
|
||||||
///
|
|
||||||
/// `probe` and `on_waiting` are injected so unit tests can drive the loop
|
|
||||||
/// without a podman runtime; production wires them to
|
|
||||||
/// `RpcHandler::dep_probe_for_install` / `set_install_message`.
|
|
||||||
pub(super) async fn wait_for_install_deps<P, PF, L, LF>(
|
|
||||||
package_id: &str,
|
|
||||||
mut probe: P,
|
|
||||||
mut on_waiting: L,
|
|
||||||
max_attempts: u32,
|
|
||||||
interval: std::time::Duration,
|
|
||||||
) -> Result<RunningDeps>
|
|
||||||
where
|
|
||||||
P: FnMut() -> PF,
|
|
||||||
PF: std::future::Future<Output = Result<DepProbe>>,
|
|
||||||
L: FnMut(String) -> LF,
|
|
||||||
LF: std::future::Future<Output = ()>,
|
|
||||||
{
|
|
||||||
let mut waited_attempts = 0u32;
|
|
||||||
loop {
|
|
||||||
let DepProbe { running, existing } = probe().await?;
|
|
||||||
let missing = missing_install_deps(package_id, &running);
|
|
||||||
if missing.is_empty() {
|
|
||||||
// Keep behavior in lockstep with the canonical gate (covers any
|
|
||||||
// future arm added there but not mirrored in missing_install_deps).
|
|
||||||
check_install_deps(package_id, &running)?;
|
|
||||||
return Ok(running);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Fail fast if any missing dependency has no installed container
|
|
||||||
// under any name variant — waiting cannot satisfy it.
|
|
||||||
let some_dep_not_installed = missing
|
|
||||||
.iter()
|
|
||||||
.any(|dep| !dep.containers.iter().any(|c| existing.iter().any(|e| e == c)));
|
|
||||||
if some_dep_not_installed {
|
|
||||||
let msg = match check_install_deps(package_id, &running) {
|
|
||||||
Err(e) => e.to_string(),
|
|
||||||
Ok(()) => format!("{package_id} dependencies are not running"),
|
|
||||||
};
|
|
||||||
return Err(anyhow::Error::new(DependencyGateError(msg)));
|
|
||||||
}
|
|
||||||
|
|
||||||
if waited_attempts >= max_attempts {
|
|
||||||
let labels = join_dep_labels(&missing);
|
|
||||||
return Err(anyhow::Error::new(DependencyGateError(format!(
|
|
||||||
"{labels} is installed but did not reach the running state within \
|
|
||||||
{} seconds. Start {labels}, then install {package_id} again.",
|
|
||||||
u64::from(max_attempts) * interval.as_secs()
|
|
||||||
))));
|
|
||||||
}
|
|
||||||
waited_attempts += 1;
|
|
||||||
|
|
||||||
let labels = join_dep_labels(&missing);
|
|
||||||
if waited_attempts == 1 {
|
|
||||||
info!(
|
|
||||||
"Install {package_id}: dependency {labels} installed but not running yet — \
|
|
||||||
waiting up to {}s for it to start",
|
|
||||||
u64::from(max_attempts) * interval.as_secs()
|
|
||||||
);
|
|
||||||
}
|
|
||||||
on_waiting(format!("Waiting for {labels} to start…")).await;
|
|
||||||
tokio::time::sleep(interval).await;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// ElectrumX and Mempool's Electrum backend need historical blocks from an
|
/// ElectrumX and Mempool's Electrum backend need historical blocks from an
|
||||||
/// unpruned node while building their indexes. A pruned Bitcoin node can be
|
/// unpruned node while building their indexes. A pruned Bitcoin node can be
|
||||||
/// running and RPC-reachable but still leave them stuck with closed ports.
|
/// running and RPC-reachable but still leave them stuck with closed ports.
|
||||||
@ -594,31 +376,16 @@ pub(super) fn startup_order(package_id: &str) -> &'static [&'static str] {
|
|||||||
/// order for the given app. Unknown containers sort to the end.
|
/// order for the given app. Unknown containers sort to the end.
|
||||||
pub(super) async fn ordered_containers_for_start(package_id: &str) -> Result<Vec<String>> {
|
pub(super) async fn ordered_containers_for_start(package_id: &str) -> Result<Vec<String>> {
|
||||||
let containers = get_containers_for_app(package_id).await?;
|
let containers = get_containers_for_app(package_id).await?;
|
||||||
Ok(order_present_containers(package_id, containers))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Order the *actually-present* containers of an app by its dependency-aware
|
|
||||||
/// startup order. Containers whose name is unknown to the order list sort to
|
|
||||||
/// the end, preserving their relative input order.
|
|
||||||
///
|
|
||||||
/// This deliberately does NOT inject order entries that aren't live
|
|
||||||
/// containers. `startup_order` is a union of container-name variants across
|
|
||||||
/// install generations (e.g. `mysql-mempool` vs `archy-mempool-db`), so any
|
|
||||||
/// single install only ever has a subset of those names. Injecting a phantom
|
|
||||||
/// name makes the start path fail on a "no such object" inspect — and because
|
|
||||||
/// `do_orchestrator_package_start` propagates the unknown-app-id fallback
|
|
||||||
/// error via `?`, every later member (the api + frontend) is then skipped,
|
|
||||||
/// leaving the stack down until the health monitor recovers it minutes later.
|
|
||||||
/// That was the source of mempool gate flakes #73 (frontend) / #74 (api).
|
|
||||||
fn order_present_containers(package_id: &str, containers: Vec<String>) -> Vec<String> {
|
|
||||||
if containers.is_empty() {
|
|
||||||
// Nothing is live under any known name. Fall back to the package id so
|
|
||||||
// a single-container app whose container matches its id still gets one
|
|
||||||
// start attempt; multi-container stacks with no live members are
|
|
||||||
// surfaced as "no containers" by the caller's emptiness check.
|
|
||||||
return vec![package_id.to_string()];
|
|
||||||
}
|
|
||||||
let order = startup_order(package_id);
|
let order = startup_order(package_id);
|
||||||
|
if order.is_empty() && containers.is_empty() {
|
||||||
|
return Ok(vec![package_id.to_string()]);
|
||||||
|
}
|
||||||
|
let mut sorted = containers;
|
||||||
|
for required in order {
|
||||||
|
if !sorted.iter().any(|name| name == required) {
|
||||||
|
sorted.push((*required).to_string());
|
||||||
|
}
|
||||||
|
}
|
||||||
// If no special order is defined, fall back to mempool order for legacy
|
// If no special order is defined, fall back to mempool order for legacy
|
||||||
// multi-container names that may still be returned by config lookups.
|
// multi-container names that may still be returned by config lookups.
|
||||||
let effective_order: &[&str] = if order.is_empty() {
|
let effective_order: &[&str] = if order.is_empty() {
|
||||||
@ -626,14 +393,8 @@ fn order_present_containers(package_id: &str, containers: Vec<String>) -> Vec<St
|
|||||||
} else {
|
} else {
|
||||||
order
|
order
|
||||||
};
|
};
|
||||||
let mut sorted = containers;
|
sorted.sort_by_key(|c| effective_order.iter().position(|o| *o == c).unwrap_or(99));
|
||||||
sorted.sort_by_key(|c| {
|
Ok(sorted)
|
||||||
effective_order
|
|
||||||
.iter()
|
|
||||||
.position(|o| *o == c)
|
|
||||||
.unwrap_or(usize::MAX)
|
|
||||||
});
|
|
||||||
sorted
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Configure Fedimint Gateway to use LND instead of LDK.
|
/// Configure Fedimint Gateway to use LND instead of LDK.
|
||||||
@ -691,52 +452,7 @@ pub(super) fn configure_fedimint_lnd(
|
|||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::{
|
use super::{requires_unpruned_bitcoin, startup_order};
|
||||||
dependency_list_declares_archival_bitcoin, manifest_declares_archival_bitcoin,
|
|
||||||
order_present_containers, requires_unpruned_bitcoin, startup_order,
|
|
||||||
};
|
|
||||||
use archipelago_container::Dependency;
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn order_present_containers_never_injects_phantom_stack_members() {
|
|
||||||
// The live mempool stack on a node: db + api + frontend. These are the
|
|
||||||
// only real container names; the startup_order list also contains
|
|
||||||
// variant/legacy names (mysql-mempool, archy-mempool-api, ...) that are
|
|
||||||
// NOT live here and must never appear in the result — a phantom name in
|
|
||||||
// the start list aborts the orchestrator start mid-sequence (gate
|
|
||||||
// #73/#74).
|
|
||||||
let present = vec![
|
|
||||||
"mempool".to_string(),
|
|
||||||
"mempool-api".to_string(),
|
|
||||||
"archy-mempool-db".to_string(),
|
|
||||||
];
|
|
||||||
let ordered = order_present_containers("mempool", present);
|
|
||||||
// Dependency order: db -> api -> frontend.
|
|
||||||
assert_eq!(ordered, vec!["archy-mempool-db", "mempool-api", "mempool"]);
|
|
||||||
// No phantom variants leaked in.
|
|
||||||
for phantom in ["mysql-mempool", "archy-mempool-api", "archy-mempool-web"] {
|
|
||||||
assert!(
|
|
||||||
!ordered.iter().any(|c| c == phantom),
|
|
||||||
"phantom {phantom} must not be injected"
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn order_present_containers_orders_known_before_unknown() {
|
|
||||||
let present = vec!["mempool".to_string(), "some-sidecar".to_string()];
|
|
||||||
let ordered = order_present_containers("mempool", present);
|
|
||||||
// The known frontend sorts ahead of an unknown sidecar.
|
|
||||||
assert_eq!(ordered, vec!["mempool", "some-sidecar"]);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn order_present_containers_empty_falls_back_to_package_id() {
|
|
||||||
assert_eq!(
|
|
||||||
order_present_containers("mempool", vec![]),
|
|
||||||
vec!["mempool".to_string()]
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn btcpay_start_order_includes_required_stack_members() {
|
fn btcpay_start_order_includes_required_stack_members() {
|
||||||
@ -769,272 +485,4 @@ mod tests {
|
|||||||
assert!(!requires_unpruned_bitcoin(package_id), "{package_id}");
|
assert!(!requires_unpruned_bitcoin(package_id), "{package_id}");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn dependency_matcher_finds_the_archival_marker_among_other_deps() {
|
|
||||||
let deps = vec![
|
|
||||||
Dependency::App {
|
|
||||||
app_id: "bitcoin-knots".to_string(),
|
|
||||||
version: Some(">=26.0".to_string()),
|
|
||||||
},
|
|
||||||
Dependency::Storage {
|
|
||||||
storage: "50Gi".to_string(),
|
|
||||||
},
|
|
||||||
Dependency::Simple("bitcoin:archival".to_string()),
|
|
||||||
];
|
|
||||||
assert!(dependency_list_declares_archival_bitcoin(&deps));
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn dependency_matcher_false_when_marker_absent() {
|
|
||||||
let deps = vec![Dependency::App {
|
|
||||||
app_id: "bitcoin-knots".to_string(),
|
|
||||||
version: Some(">=26.0".to_string()),
|
|
||||||
}];
|
|
||||||
assert!(!dependency_list_declares_archival_bitcoin(&deps));
|
|
||||||
assert!(!dependency_list_declares_archival_bitcoin(&[]));
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn manifest_declared_archival_bitcoin_covers_a_new_app_without_a_code_change() {
|
|
||||||
// electrumx and mempool declare `dependencies: [..., bitcoin:archival]`
|
|
||||||
// on disk (apps/electrumx/manifest.yml, apps/mempool/manifest.yml) —
|
|
||||||
// this is the manifest-driven path working end-to-end, not the
|
|
||||||
// hardcoded id list. A future app only needs this manifest line, no
|
|
||||||
// edit to `requires_unpruned_bitcoin`.
|
|
||||||
assert!(manifest_declares_archival_bitcoin("electrumx"));
|
|
||||||
assert!(manifest_declares_archival_bitcoin("mempool"));
|
|
||||||
// An app whose manifest exists but never declares the marker.
|
|
||||||
assert!(!manifest_declares_archival_bitcoin("bitcoin-knots"));
|
|
||||||
// An id with no manifest on disk at all.
|
|
||||||
assert!(!manifest_declares_archival_bitcoin("does-not-exist"));
|
|
||||||
}
|
|
||||||
|
|
||||||
mod dep_wait {
|
|
||||||
use super::super::{wait_for_install_deps, DepProbe, DependencyGateError, RunningDeps};
|
|
||||||
use std::sync::atomic::{AtomicU32, Ordering};
|
|
||||||
use std::sync::{Arc, Mutex};
|
|
||||||
use std::time::Duration;
|
|
||||||
|
|
||||||
fn deps(has_bitcoin: bool, has_electrumx: bool) -> RunningDeps {
|
|
||||||
RunningDeps {
|
|
||||||
has_bitcoin,
|
|
||||||
has_electrumx,
|
|
||||||
has_lnd: false,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
fn probe(has_bitcoin: bool, has_electrumx: bool, existing: &[&str]) -> DepProbe {
|
|
||||||
DepProbe {
|
|
||||||
running: deps(has_bitcoin, has_electrumx),
|
|
||||||
existing: existing.iter().map(|s| s.to_string()).collect(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Collects "Waiting for X to start…" labels emitted during the wait.
|
|
||||||
fn label_sink() -> (Arc<Mutex<Vec<String>>>, impl FnMut(String) -> std::future::Ready<()>)
|
|
||||||
{
|
|
||||||
let labels = Arc::new(Mutex::new(Vec::new()));
|
|
||||||
let sink = {
|
|
||||||
let labels = Arc::clone(&labels);
|
|
||||||
move |msg: String| {
|
|
||||||
labels.lock().unwrap().push(msg);
|
|
||||||
std::future::ready(())
|
|
||||||
}
|
|
||||||
};
|
|
||||||
(labels, sink)
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::test]
|
|
||||||
async fn passes_immediately_when_dependency_is_running() {
|
|
||||||
let (labels, sink) = label_sink();
|
|
||||||
let result = wait_for_install_deps(
|
|
||||||
"lnd",
|
|
||||||
|| async { Ok(probe(true, false, &["bitcoin-knots"])) },
|
|
||||||
sink,
|
|
||||||
3,
|
|
||||||
Duration::ZERO,
|
|
||||||
)
|
|
||||||
.await;
|
|
||||||
assert!(result.is_ok());
|
|
||||||
assert!(labels.lock().unwrap().is_empty(), "no waiting expected");
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::test]
|
|
||||||
async fn fails_fast_when_dependency_not_installed_at_all() {
|
|
||||||
let calls = AtomicU32::new(0);
|
|
||||||
let (labels, sink) = label_sink();
|
|
||||||
let err = wait_for_install_deps(
|
|
||||||
"lnd",
|
|
||||||
|| {
|
|
||||||
calls.fetch_add(1, Ordering::SeqCst);
|
|
||||||
async { Ok(probe(false, false, &["uptime-kuma"])) }
|
|
||||||
},
|
|
||||||
sink,
|
|
||||||
36,
|
|
||||||
Duration::ZERO,
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
.unwrap_err();
|
|
||||||
// Single probe — no polling when waiting cannot help.
|
|
||||||
assert_eq!(calls.load(Ordering::SeqCst), 1);
|
|
||||||
assert!(labels.lock().unwrap().is_empty());
|
|
||||||
// Canonical check_install_deps message, wrapped in the gate marker
|
|
||||||
// so async_lifecycle removes the optimistic Installing entry.
|
|
||||||
assert!(err.downcast_ref::<DependencyGateError>().is_some());
|
|
||||||
assert!(
|
|
||||||
err.to_string().contains("LND requires a running Bitcoin node"),
|
|
||||||
"unexpected message: {err}"
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::test]
|
|
||||||
async fn waits_while_installed_dependency_starts_then_passes() {
|
|
||||||
// Bitcoin container exists (installing/starting) but only reports
|
|
||||||
// Running from the 3rd probe onward — the log-confirmed LND race.
|
|
||||||
let calls = Arc::new(AtomicU32::new(0));
|
|
||||||
let (labels, sink) = label_sink();
|
|
||||||
let probe_calls = Arc::clone(&calls);
|
|
||||||
let result = wait_for_install_deps(
|
|
||||||
"lnd",
|
|
||||||
move || {
|
|
||||||
let n = probe_calls.fetch_add(1, Ordering::SeqCst);
|
|
||||||
async move { Ok(probe(n >= 2, false, &["bitcoin-knots"])) }
|
|
||||||
},
|
|
||||||
sink,
|
|
||||||
36,
|
|
||||||
Duration::ZERO,
|
|
||||||
)
|
|
||||||
.await;
|
|
||||||
assert!(result.is_ok(), "{result:?}");
|
|
||||||
assert_eq!(calls.load(Ordering::SeqCst), 3);
|
|
||||||
let labels = labels.lock().unwrap();
|
|
||||||
assert_eq!(labels.len(), 2, "one waiting label per polling attempt");
|
|
||||||
assert!(labels.iter().all(|l| l == "Waiting for Bitcoin to start…"));
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::test]
|
|
||||||
async fn times_out_when_installed_dependency_never_runs() {
|
|
||||||
let (labels, sink) = label_sink();
|
|
||||||
let err = wait_for_install_deps(
|
|
||||||
"lnd",
|
|
||||||
|| async { Ok(probe(false, false, &["bitcoin-knots"])) },
|
|
||||||
sink,
|
|
||||||
4,
|
|
||||||
Duration::ZERO,
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
.unwrap_err();
|
|
||||||
assert!(err.downcast_ref::<DependencyGateError>().is_some());
|
|
||||||
assert!(
|
|
||||||
err.to_string()
|
|
||||||
.contains("did not reach the running state within 0 seconds"),
|
|
||||||
"unexpected message: {err}"
|
|
||||||
);
|
|
||||||
assert_eq!(labels.lock().unwrap().len(), 4);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::test]
|
|
||||||
async fn mempool_waits_on_both_bitcoin_and_electrumx() {
|
|
||||||
let calls = Arc::new(AtomicU32::new(0));
|
|
||||||
let (labels, sink) = label_sink();
|
|
||||||
let probe_calls = Arc::clone(&calls);
|
|
||||||
let result = wait_for_install_deps(
|
|
||||||
"mempool",
|
|
||||||
move || {
|
|
||||||
let n = probe_calls.fetch_add(1, Ordering::SeqCst);
|
|
||||||
// Bitcoin comes up on probe 2, electrumx on probe 3.
|
|
||||||
async move { Ok(probe(n >= 1, n >= 2, &["bitcoin-knots", "electrumx"])) }
|
|
||||||
},
|
|
||||||
sink,
|
|
||||||
36,
|
|
||||||
Duration::ZERO,
|
|
||||||
)
|
|
||||||
.await;
|
|
||||||
assert!(result.is_ok(), "{result:?}");
|
|
||||||
let labels = labels.lock().unwrap();
|
|
||||||
assert_eq!(
|
|
||||||
labels.as_slice(),
|
|
||||||
&[
|
|
||||||
"Waiting for Bitcoin and ElectrumX to start…".to_string(),
|
|
||||||
"Waiting for ElectrumX to start…".to_string(),
|
|
||||||
]
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::test]
|
|
||||||
async fn mempool_fails_fast_when_one_dep_is_not_installed() {
|
|
||||||
// Bitcoin is installed (waiting could help) but ElectrumX is not
|
|
||||||
// installed at all — waiting can never satisfy the gate, so fail
|
|
||||||
// fast with the canonical message.
|
|
||||||
let (labels, sink) = label_sink();
|
|
||||||
let err = wait_for_install_deps(
|
|
||||||
"mempool",
|
|
||||||
|| async { Ok(probe(false, false, &["bitcoin-knots"])) },
|
|
||||||
sink,
|
|
||||||
36,
|
|
||||||
Duration::ZERO,
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
.unwrap_err();
|
|
||||||
assert!(err.downcast_ref::<DependencyGateError>().is_some());
|
|
||||||
assert!(labels.lock().unwrap().is_empty());
|
|
||||||
assert!(
|
|
||||||
err.to_string().contains("Mempool requires"),
|
|
||||||
"unexpected message: {err}"
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::test]
|
|
||||||
async fn variant_container_names_count_as_installed() {
|
|
||||||
// bitcoin-core (not just bitcoin-knots) satisfies the "installed"
|
|
||||||
// check for the wait path.
|
|
||||||
let calls = Arc::new(AtomicU32::new(0));
|
|
||||||
let (_labels, sink) = label_sink();
|
|
||||||
let probe_calls = Arc::clone(&calls);
|
|
||||||
let result = wait_for_install_deps(
|
|
||||||
"electrumx",
|
|
||||||
move || {
|
|
||||||
let n = probe_calls.fetch_add(1, Ordering::SeqCst);
|
|
||||||
async move { Ok(probe(n >= 1, false, &["bitcoin-core"])) }
|
|
||||||
},
|
|
||||||
sink,
|
|
||||||
36,
|
|
||||||
Duration::ZERO,
|
|
||||||
)
|
|
||||||
.await;
|
|
||||||
assert!(result.is_ok(), "{result:?}");
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::test]
|
|
||||||
async fn apps_without_dependency_gate_pass_untouched() {
|
|
||||||
let (labels, sink) = label_sink();
|
|
||||||
let result = wait_for_install_deps(
|
|
||||||
"uptime-kuma",
|
|
||||||
|| async { Ok(probe(false, false, &[])) },
|
|
||||||
sink,
|
|
||||||
36,
|
|
||||||
Duration::ZERO,
|
|
||||||
)
|
|
||||||
.await;
|
|
||||||
assert!(result.is_ok());
|
|
||||||
assert!(labels.lock().unwrap().is_empty());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn mempool_api_is_directly_installable_and_covered_by_the_archival_gate() {
|
|
||||||
// `mempool-api` is a legitimate direct `package.install` target
|
|
||||||
// (`uses_orchestrator_install_flow` in install.rs), reachable without
|
|
||||||
// going through the `mempool`/`mempool-web` umbrella id that the old
|
|
||||||
// hardcoded fallback list only recognized. It was missing from that
|
|
||||||
// list, so installing/repairing it directly skipped the archival
|
|
||||||
// Bitcoin gate entirely. Its manifest now declares `bitcoin:archival`
|
|
||||||
// directly, closing the gap the manifest-driven path exists for.
|
|
||||||
assert!(requires_unpruned_bitcoin("mempool-api"));
|
|
||||||
assert!(manifest_declares_archival_bitcoin("mempool-api"));
|
|
||||||
// `archy-mempool-web` has no direct Bitcoin RPC access
|
|
||||||
// (bitcoin_integration.rpc_access: none) and correctly stays excluded.
|
|
||||||
assert!(!requires_unpruned_bitcoin("archy-mempool-web"));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,10 +3,9 @@ use super::config::{
|
|||||||
is_readonly_compatible, is_valid_docker_image,
|
is_readonly_compatible, is_valid_docker_image,
|
||||||
};
|
};
|
||||||
use super::dependencies::{
|
use super::dependencies::{
|
||||||
check_bitcoin_pruning_compatibility, configure_fedimint_lnd, detect_existing_containers,
|
check_bitcoin_pruning_compatibility, check_install_deps, configure_fedimint_lnd,
|
||||||
detect_running_deps, detect_running_deps_from_package_data, log_optional_dep_info,
|
detect_running_deps, detect_running_deps_from_package_data, log_optional_dep_info,
|
||||||
needs_archy_net, wait_for_install_deps, DepProbe, RunningDeps, DEP_WAIT_INTERVAL,
|
needs_archy_net, RunningDeps,
|
||||||
DEP_WAIT_MAX_ATTEMPTS,
|
|
||||||
};
|
};
|
||||||
use super::progress::parse_pull_progress;
|
use super::progress::parse_pull_progress;
|
||||||
use super::validation::validate_app_id;
|
use super::validation::validate_app_id;
|
||||||
@ -244,17 +243,6 @@ impl RpcHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Multi-version support: honor an install-time version selection for the
|
|
||||||
// orchestrator-managed Bitcoin apps. Selecting the catalog default (or
|
|
||||||
// omitting `version`) leaves the app unpinned (tracks latest); selecting
|
|
||||||
// an older version pins it so install_fresh resolves that image and the
|
|
||||||
// update badge stays suppressed. See docs/bitcoin-multi-version-design.md.
|
|
||||||
if matches!(package_id, "bitcoin-core" | "bitcoin-knots") {
|
|
||||||
if let Some(version) = params.get("version").and_then(|v| v.as_str()) {
|
|
||||||
persist_install_version_selection(package_id, version).await;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Phase: Preparing — emit BEFORE the stack dispatch so multi-container
|
// Phase: Preparing — emit BEFORE the stack dispatch so multi-container
|
||||||
// stacks also flip state to Installing immediately. Without this, the
|
// stacks also flip state to Installing immediately. Without this, the
|
||||||
// backend's package state for stack apps stayed empty until the first
|
// backend's package state for stack apps stayed empty until the first
|
||||||
@ -266,7 +254,8 @@ impl RpcHandler {
|
|||||||
.await;
|
.await;
|
||||||
|
|
||||||
if matches!(package_id, "mempool" | "mempool-web") {
|
if matches!(package_id, "mempool" | "mempool-web") {
|
||||||
self.gate_install_deps(package_id).await?;
|
let deps = self.running_deps_for_install(package_id).await?;
|
||||||
|
check_install_deps(package_id, &deps)?;
|
||||||
check_bitcoin_pruning_compatibility(package_id).await?;
|
check_bitcoin_pruning_compatibility(package_id).await?;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -289,11 +278,9 @@ impl RpcHandler {
|
|||||||
// Dependency checks. Prefer the scanner's cached package state so a
|
// Dependency checks. Prefer the scanner's cached package state so a
|
||||||
// congested Podman API does not turn an already-running dependency into
|
// congested Podman API does not turn an already-running dependency into
|
||||||
// a false install failure. Fall back to a bounded direct Podman probe
|
// a false install failure. Fall back to a bounded direct Podman probe
|
||||||
// only when the cache does not show the dependency. When the dependency
|
// only when the cache does not show the dependency.
|
||||||
// is installed but not Running yet (the "clicked Install LND 55s before
|
let deps = self.running_deps_for_install(package_id).await?;
|
||||||
// Bitcoin was up" race), wait up to ~3 minutes for it instead of
|
check_install_deps(package_id, &deps)?;
|
||||||
// failing instantly.
|
|
||||||
let deps = self.gate_install_deps(package_id).await?;
|
|
||||||
check_bitcoin_pruning_compatibility(package_id).await?;
|
check_bitcoin_pruning_compatibility(package_id).await?;
|
||||||
log_optional_dep_info(package_id, &deps);
|
log_optional_dep_info(package_id, &deps);
|
||||||
let repaired_bitcoin_conf =
|
let repaired_bitcoin_conf =
|
||||||
@ -947,27 +934,6 @@ impl RpcHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Bounded dependency gate for installs: passes immediately when deps are
|
|
||||||
/// running, fails fast (with the phantom-tile marker) when a dependency
|
|
||||||
/// isn't installed at all, and otherwise waits up to
|
|
||||||
/// `DEP_WAIT_MAX_ATTEMPTS × DEP_WAIT_INTERVAL` for an installed-but-
|
|
||||||
/// starting dependency, surfacing "Waiting for X to start…" on the card.
|
|
||||||
pub(super) async fn gate_install_deps(&self, package_id: &str) -> Result<RunningDeps> {
|
|
||||||
wait_for_install_deps(
|
|
||||||
package_id,
|
|
||||||
|| async {
|
|
||||||
Ok(DepProbe {
|
|
||||||
running: self.running_deps_for_install(package_id).await?,
|
|
||||||
existing: detect_existing_containers().await,
|
|
||||||
})
|
|
||||||
},
|
|
||||||
|msg| async move { self.set_install_message(package_id, &msg).await },
|
|
||||||
DEP_WAIT_MAX_ATTEMPTS,
|
|
||||||
DEP_WAIT_INTERVAL,
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
}
|
|
||||||
|
|
||||||
// -- Private helpers for install --
|
// -- Private helpers for install --
|
||||||
|
|
||||||
/// Pull the image from a registry or verify a local image exists.
|
/// Pull the image from a registry or verify a local image exists.
|
||||||
@ -1318,11 +1284,6 @@ impl RpcHandler {
|
|||||||
// Default to full archive — operators with 2TB+ drives shouldn't be
|
// Default to full archive — operators with 2TB+ drives shouldn't be
|
||||||
// silently pruned down to 550 MB. Users who want a pruned node can
|
// silently pruned down to 550 MB. Users who want a pruned node can
|
||||||
// set `prune=N` in bitcoin.conf themselves after install.
|
// set `prune=N` in bitcoin.conf themselves after install.
|
||||||
//
|
|
||||||
// printtoconsole=0: bitcoind already writes debug.log in the datadir
|
|
||||||
// (self-shrunk on restart); duplicating it to stdout pushed every IBD
|
|
||||||
// "UpdateTip" line through conmon into journald (>1 GB/day). Deep
|
|
||||||
// debugging uses /var/lib/archipelago/bitcoin/debug.log.
|
|
||||||
let bitcoin_conf = format!(
|
let bitcoin_conf = format!(
|
||||||
"\
|
"\
|
||||||
# rpcauth: salted hash only - no plaintext password in config or CLI\n\
|
# rpcauth: salted hash only - no plaintext password in config or CLI\n\
|
||||||
@ -1332,7 +1293,7 @@ rpcallowip=0.0.0.0/0\n\
|
|||||||
listen=1\n\
|
listen=1\n\
|
||||||
rpcthreads=16\n\
|
rpcthreads=16\n\
|
||||||
rpcworkqueue=256\n\
|
rpcworkqueue=256\n\
|
||||||
printtoconsole=0\n",
|
printtoconsole=1\n",
|
||||||
rpcauth_line
|
rpcauth_line
|
||||||
);
|
);
|
||||||
tokio::fs::create_dir_all(bitcoin_dir)
|
tokio::fs::create_dir_all(bitcoin_dir)
|
||||||
@ -2466,36 +2427,6 @@ exit 2
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Persist an install-time version selection for a multi-version app. Selecting
|
|
||||||
/// the catalog default (or a version equal to it) un-pins so the app tracks
|
|
||||||
/// latest; selecting any other version pins it. Best-effort: a write failure
|
|
||||||
/// just means the app installs at the catalog default.
|
|
||||||
async fn persist_install_version_selection(app_id: &str, version: &str) {
|
|
||||||
use crate::container::version_config::{read, write, AppVersionConfig};
|
|
||||||
let is_default = crate::container::app_catalog::catalog_default_version(app_id)
|
|
||||||
.map(|d| d == version)
|
|
||||||
.unwrap_or(false);
|
|
||||||
let existing = read(app_id);
|
|
||||||
let cfg = AppVersionConfig {
|
|
||||||
pinned_version: if is_default {
|
|
||||||
None
|
|
||||||
} else {
|
|
||||||
Some(version.to_string())
|
|
||||||
},
|
|
||||||
auto_update: existing.auto_update,
|
|
||||||
};
|
|
||||||
if let Err(e) = write(app_id, &cfg) {
|
|
||||||
tracing::warn!(app_id, version, error = %e, "failed to persist install-time version selection");
|
|
||||||
} else {
|
|
||||||
tracing::info!(
|
|
||||||
app_id,
|
|
||||||
version,
|
|
||||||
pinned = !is_default,
|
|
||||||
"persisted install-time version selection"
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
fn should_try_orchestrator_install(package_id: &str, orchestrator_available: bool) -> bool {
|
fn should_try_orchestrator_install(package_id: &str, orchestrator_available: bool) -> bool {
|
||||||
orchestrator_available && uses_orchestrator_install_flow(package_id)
|
orchestrator_available && uses_orchestrator_install_flow(package_id)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,7 +5,6 @@ mod install;
|
|||||||
mod lifecycle;
|
mod lifecycle;
|
||||||
mod progress;
|
mod progress;
|
||||||
mod runtime;
|
mod runtime;
|
||||||
mod set_config;
|
|
||||||
mod stacks;
|
mod stacks;
|
||||||
mod update;
|
mod update;
|
||||||
mod validation;
|
mod validation;
|
||||||
|
|||||||
@ -61,31 +61,6 @@ impl RpcHandler {
|
|||||||
self.state_manager.update_data(data).await;
|
self.state_manager.update_data(data).await;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Set a user-facing install status message (e.g. "Waiting for Bitcoin
|
|
||||||
/// to start…") without disturbing the current phase/byte counters.
|
|
||||||
pub(super) async fn set_install_message(&self, package_id: &str, message: &str) {
|
|
||||||
let (mut data, _rev) = self.state_manager.get_snapshot().await;
|
|
||||||
let entry = data
|
|
||||||
.package_data
|
|
||||||
.entry(package_id.to_string())
|
|
||||||
.or_insert_with(|| create_installing_entry(package_id));
|
|
||||||
if entry.state != PackageState::Updating {
|
|
||||||
entry.state = PackageState::Installing;
|
|
||||||
}
|
|
||||||
let (size, downloaded, phase) = entry
|
|
||||||
.install_progress
|
|
||||||
.as_ref()
|
|
||||||
.map(|p| (p.size, p.downloaded, p.phase))
|
|
||||||
.unwrap_or((0, 0, None));
|
|
||||||
entry.install_progress = Some(InstallProgress {
|
|
||||||
size,
|
|
||||||
downloaded,
|
|
||||||
phase,
|
|
||||||
message: Some(message.to_string()),
|
|
||||||
});
|
|
||||||
self.state_manager.update_data(data).await;
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Clear install progress after pull completes or fails.
|
/// Clear install progress after pull completes or fails.
|
||||||
pub(super) async fn clear_install_progress(&self, package_id: &str) {
|
pub(super) async fn clear_install_progress(&self, package_id: &str) {
|
||||||
let (mut data, _rev) = self.state_manager.get_snapshot().await;
|
let (mut data, _rev) = self.state_manager.get_snapshot().await;
|
||||||
|
|||||||
@ -22,11 +22,6 @@ const PODMAN_LOG_TIMEOUT: Duration = Duration::from_secs(15);
|
|||||||
/// Per-container graceful shutdown timeout in seconds.
|
/// Per-container graceful shutdown timeout in seconds.
|
||||||
/// Bitcoin Core needs 600s to flush UTXO set, LND 330s for channel state,
|
/// Bitcoin Core needs 600s to flush UTXO set, LND 330s for channel state,
|
||||||
/// indexers 300s for index flush, databases 120s for WAL/transaction commit.
|
/// indexers 300s for index flush, databases 120s for WAL/transaction commit.
|
||||||
///
|
|
||||||
/// MIRRORS `archipelago_container::runtime::stop_grace_secs_for` (which returns
|
|
||||||
/// `u64` and is the canonical table used by the orchestrator stop path). This
|
|
||||||
/// `&str` variant exists for the legacy `podman stop -t <s>` call sites here —
|
|
||||||
/// keep the two tables in sync until those are migrated to the orchestrator.
|
|
||||||
pub fn stop_timeout_secs(container_name: &str) -> &'static str {
|
pub fn stop_timeout_secs(container_name: &str) -> &'static str {
|
||||||
let id = container_name
|
let id = container_name
|
||||||
.strip_prefix("archy-")
|
.strip_prefix("archy-")
|
||||||
@ -312,16 +307,7 @@ impl RpcHandler {
|
|||||||
|
|
||||||
let mut stopped = 0u32;
|
let mut stopped = 0u32;
|
||||||
let mut removed = 0u32;
|
let mut removed = 0u32;
|
||||||
// Two distinct failure classes, kept separate so they don't get
|
let mut errors = Vec::new();
|
||||||
// conflated (the old single `errors` vec did, which caused the "ghost in
|
|
||||||
// My Apps" bug): `container_errors` means a container could NOT be
|
|
||||||
// removed (force-rm failed too) — the app is genuinely still present, so
|
|
||||||
// we keep its state entry and surface a hard error. `cleanup_errors`
|
|
||||||
// means volume/network/data-dir teardown left residue — the containers
|
|
||||||
// are already gone, so the app IS uninstalled and MUST disappear from My
|
|
||||||
// Apps; the residue is logged but never ghosts the app.
|
|
||||||
let mut container_errors: Vec<String> = Vec::new();
|
|
||||||
let mut cleanup_errors: Vec<String> = Vec::new();
|
|
||||||
|
|
||||||
self.set_uninstall_stage(
|
self.set_uninstall_stage(
|
||||||
package_id,
|
package_id,
|
||||||
@ -379,7 +365,7 @@ impl RpcHandler {
|
|||||||
let msg =
|
let msg =
|
||||||
format!("Failed to remove {}: {}; {}", name, stderr.trim(), e);
|
format!("Failed to remove {}: {}; {}", name, stderr.trim(), e);
|
||||||
tracing::error!("Uninstall {}: {}", package_id, msg);
|
tracing::error!("Uninstall {}: {}", package_id, msg);
|
||||||
container_errors.push(msg);
|
errors.push(msg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -388,35 +374,12 @@ impl RpcHandler {
|
|||||||
Err(force_err) => {
|
Err(force_err) => {
|
||||||
let msg = format!("Failed to remove {}: {}; {}", name, e, force_err);
|
let msg = format!("Failed to remove {}: {}; {}", name, e, force_err);
|
||||||
tracing::error!("Uninstall {}: {}", package_id, msg);
|
tracing::error!("Uninstall {}: {}", package_id, msg);
|
||||||
container_errors.push(msg);
|
errors.push(msg);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// A container that survived even force-remove means the app is NOT
|
|
||||||
// actually uninstalled — keep its state entry and fail so the spawned
|
|
||||||
// task reverts it to its prior state (and the user can retry), rather
|
|
||||||
// than orphaning a live container that's missing from My Apps.
|
|
||||||
if !container_errors.is_empty() {
|
|
||||||
tracing::error!(
|
|
||||||
"Uninstall {}: containers could not be removed: {:?}",
|
|
||||||
package_id,
|
|
||||||
container_errors
|
|
||||||
);
|
|
||||||
return Err(anyhow::anyhow!(
|
|
||||||
"Uninstall {} failed: {}",
|
|
||||||
package_id,
|
|
||||||
container_errors.join("; ")
|
|
||||||
));
|
|
||||||
}
|
|
||||||
|
|
||||||
// Containers are gone → the app is uninstalled. Remove its state entry
|
|
||||||
// NOW, before the (possibly slow, possibly fallible) volume/data
|
|
||||||
// teardown below, so My Apps updates immediately and a residue failure
|
|
||||||
// can never leave a ghost. Reinstall/scan no longer see a stale entry.
|
|
||||||
self.remove_package_state_entry(package_id).await;
|
|
||||||
|
|
||||||
self.set_uninstall_stage(package_id, "Cleaning up volumes")
|
self.set_uninstall_stage(package_id, "Cleaning up volumes")
|
||||||
.await;
|
.await;
|
||||||
// Avoid global Podman volume prune on production nodes: store-wide
|
// Avoid global Podman volume prune on production nodes: store-wide
|
||||||
@ -464,73 +427,70 @@ impl RpcHandler {
|
|||||||
let stderr = String::from_utf8_lossy(&o.stderr);
|
let stderr = String::from_utf8_lossy(&o.stderr);
|
||||||
let msg = format!("Failed to remove data {}: {}", dir, stderr.trim());
|
let msg = format!("Failed to remove data {}: {}", dir, stderr.trim());
|
||||||
tracing::error!("Uninstall {}: {}", package_id, msg);
|
tracing::error!("Uninstall {}: {}", package_id, msg);
|
||||||
cleanup_errors.push(msg);
|
errors.push(msg);
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
let msg = format!("Failed to remove data {}: {}", dir, e);
|
let msg = format!("Failed to remove data {}: {}", dir, e);
|
||||||
tracing::error!("Uninstall {}: {}", package_id, msg);
|
tracing::error!("Uninstall {}: {}", package_id, msg);
|
||||||
cleanup_errors.push(msg);
|
errors.push(msg);
|
||||||
}
|
}
|
||||||
_ => {}
|
_ => {}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// The app is already gone from My Apps (entry removed above). Residual
|
if !errors.is_empty() {
|
||||||
// volume/data cleanup failures are logged but NEVER ghost the app — a
|
|
||||||
// reinstall and the next uninstall both tolerate leftover dirs.
|
|
||||||
if !cleanup_errors.is_empty() {
|
|
||||||
tracing::error!(
|
tracing::error!(
|
||||||
"Uninstall {} removed but left cleanup residue: {:?}",
|
"Uninstall {} completed with errors: {:?}",
|
||||||
package_id,
|
package_id,
|
||||||
cleanup_errors
|
errors
|
||||||
);
|
);
|
||||||
|
return Err(anyhow::anyhow!(
|
||||||
|
"Uninstall {} partially failed: {}",
|
||||||
|
package_id,
|
||||||
|
errors.join("; ")
|
||||||
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
tracing::info!(
|
tracing::info!(
|
||||||
"Uninstall {} complete: stopped={}, removed={}, cleanup_errors={}",
|
"Uninstall {} complete: stopped={}, removed={}",
|
||||||
package_id,
|
package_id,
|
||||||
stopped,
|
stopped,
|
||||||
removed,
|
removed
|
||||||
cleanup_errors.len()
|
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// Immediately remove from in-memory state so the UI updates without
|
||||||
|
// waiting for the scanner's absence threshold (3 scans × 60s each).
|
||||||
|
{
|
||||||
|
let (mut data, _rev) = self.state_manager.get_snapshot().await;
|
||||||
|
let before = data.package_data.len();
|
||||||
|
data.package_data.remove(package_id);
|
||||||
|
// Also remove any alias keys (e.g. "bitcoin-knots" vs "bitcoin")
|
||||||
|
let aliases: Vec<String> = data
|
||||||
|
.package_data
|
||||||
|
.keys()
|
||||||
|
.filter(|k| {
|
||||||
|
super::config::all_container_names(package_id)
|
||||||
|
.iter()
|
||||||
|
.any(|c| c.strip_prefix("archy-").unwrap_or(c) == k.as_str())
|
||||||
|
})
|
||||||
|
.cloned()
|
||||||
|
.collect();
|
||||||
|
for alias in &aliases {
|
||||||
|
data.package_data.remove(alias);
|
||||||
|
}
|
||||||
|
if data.package_data.len() < before {
|
||||||
|
self.state_manager.update_data(data).await;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Ok(serde_json::json!({
|
Ok(serde_json::json!({
|
||||||
"status": "uninstalled",
|
"status": "uninstalled",
|
||||||
"stopped": stopped,
|
"stopped": stopped,
|
||||||
"removed": removed,
|
"removed": removed,
|
||||||
"cleanup_warnings": cleanup_errors,
|
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Remove a package's entry (and any alias keys) from persisted state so it
|
|
||||||
/// disappears from My Apps immediately, without waiting for the scanner's
|
|
||||||
/// absence threshold (3 scans × 60s). Called as soon as an uninstall has
|
|
||||||
/// removed the app's containers — before the slower volume/data teardown —
|
|
||||||
/// so a residue failure can never leave a ghost entry behind.
|
|
||||||
async fn remove_package_state_entry(&self, package_id: &str) {
|
|
||||||
let (mut data, _rev) = self.state_manager.get_snapshot().await;
|
|
||||||
let before = data.package_data.len();
|
|
||||||
data.package_data.remove(package_id);
|
|
||||||
// Also remove any alias keys (e.g. "bitcoin-knots" vs "bitcoin").
|
|
||||||
let aliases: Vec<String> = data
|
|
||||||
.package_data
|
|
||||||
.keys()
|
|
||||||
.filter(|k| {
|
|
||||||
super::config::all_container_names(package_id)
|
|
||||||
.iter()
|
|
||||||
.any(|c| c.strip_prefix("archy-").unwrap_or(c) == k.as_str())
|
|
||||||
})
|
|
||||||
.cloned()
|
|
||||||
.collect();
|
|
||||||
for alias in &aliases {
|
|
||||||
data.package_data.remove(alias);
|
|
||||||
}
|
|
||||||
if data.package_data.len() < before {
|
|
||||||
self.state_manager.update_data(data).await;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Start a bundled app (create container from pre-loaded image if needed).
|
/// Start a bundled app (create container from pre-loaded image if needed).
|
||||||
pub(in crate::api::rpc) async fn handle_bundled_app_start(
|
pub(in crate::api::rpc) async fn handle_bundled_app_start(
|
||||||
&self,
|
&self,
|
||||||
@ -1603,7 +1563,7 @@ fn manifest_host_ports(container_name: &str) -> Vec<u16> {
|
|||||||
Vec::new()
|
Vec::new()
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(super) fn manifest_apps_dirs() -> Vec<std::path::PathBuf> {
|
fn manifest_apps_dirs() -> Vec<std::path::PathBuf> {
|
||||||
let mut dirs = Vec::new();
|
let mut dirs = Vec::new();
|
||||||
if let Ok(manifest_dir) = std::env::var("CARGO_MANIFEST_DIR") {
|
if let Ok(manifest_dir) = std::env::var("CARGO_MANIFEST_DIR") {
|
||||||
dirs.push(Path::new(&manifest_dir).join("../../apps"));
|
dirs.push(Path::new(&manifest_dir).join("../../apps"));
|
||||||
@ -1947,17 +1907,6 @@ pub(super) fn orchestrator_uninstall_app_ids(package_id: &str) -> Vec<String> {
|
|||||||
"archy-btcpay-db".into(),
|
"archy-btcpay-db".into(),
|
||||||
],
|
],
|
||||||
"fedimint" => vec!["fedimint".into(), "fedimint-gateway".into()],
|
"fedimint" => vec!["fedimint".into(), "fedimint-gateway".into()],
|
||||||
// Immich: multi-container stack, mirrors `immich_stack_app_ids` in
|
|
||||||
// stacks.rs. Without this, uninstalling "immich" only disabled the
|
|
||||||
// orchestrator-tracked "immich" app_id — "immich-postgres" and
|
|
||||||
// "immich-redis" stayed enabled, so the boot reconciler kept
|
|
||||||
// restarting their leftover stopped containers forever after the
|
|
||||||
// generic uninstall path stopped them (`.198`, 2026-07-01).
|
|
||||||
"immich" => vec![
|
|
||||||
"immich-postgres".into(),
|
|
||||||
"immich-redis".into(),
|
|
||||||
"immich".into(),
|
|
||||||
],
|
|
||||||
_ => vec![package_id.to_string()],
|
_ => vec![package_id.to_string()],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1977,19 +1926,4 @@ mod tests {
|
|||||||
fn runtime_host_ports_preserve_legacy_extra_ports() {
|
fn runtime_host_ports_preserve_legacy_extra_ports() {
|
||||||
assert_eq!(runtime_host_ports("gitea"), vec![3001, 2222, 3000]);
|
assert_eq!(runtime_host_ports("gitea"), vec![3001, 2222, 3000]);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn immich_uninstall_covers_every_sibling_orchestrator_app_id() {
|
|
||||||
// Regression: uninstalling "immich" used to only disable the
|
|
||||||
// "immich" app_id itself, leaving immich-postgres/immich-redis
|
|
||||||
// enabled — the boot reconciler kept restarting their leftover
|
|
||||||
// stopped containers forever (.198, 2026-07-01).
|
|
||||||
let ids = orchestrator_uninstall_app_ids("immich");
|
|
||||||
for expected in ["immich-postgres", "immich-redis", "immich"] {
|
|
||||||
assert!(
|
|
||||||
ids.iter().any(|id| id == expected),
|
|
||||||
"missing {expected} in {ids:?}"
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,352 +0,0 @@
|
|||||||
//! Multi-version support — version listing + in-app version switch / pin /
|
|
||||||
//! auto-update toggle (`docs/bitcoin-multi-version-design.md` §3 Phase 3).
|
|
||||||
//!
|
|
||||||
//! Two RPCs:
|
|
||||||
//! - `package.versions` — read the selectable versions for an app plus the
|
|
||||||
//! runner's current pin / auto-update preference and (best-effort) the
|
|
||||||
//! version actually running. Drives the install modal + "Version & Updates"
|
|
||||||
//! card.
|
|
||||||
//! - `package.set-config` — persist a version pin (or un-pin to track latest)
|
|
||||||
//! and/or the auto-update toggle, then recreate the app at the chosen image
|
|
||||||
//! when the version actually changed. A DOWNGRADE (older release over a
|
|
||||||
//! newer chainstate — the highest-risk operation, design §4) is refused
|
|
||||||
//! unless the caller passes `confirm: true`, so the UI can warn first.
|
|
||||||
|
|
||||||
use super::config::get_containers_for_app;
|
|
||||||
use super::install::install_log;
|
|
||||||
use super::validation::validate_app_id;
|
|
||||||
use crate::api::rpc::RpcHandler;
|
|
||||||
use crate::container::{app_catalog, version_config};
|
|
||||||
use anyhow::Result;
|
|
||||||
use std::sync::Arc;
|
|
||||||
use tracing::{info, warn};
|
|
||||||
|
|
||||||
/// Apps that participate in multi-version selection today. Kept narrow on
|
|
||||||
/// purpose: version switching recreates the container, which is only safe for
|
|
||||||
/// the single-container, orchestrator-managed Bitcoin backends whose data and
|
|
||||||
/// downgrade semantics we understand. Any app the catalog gives a `versions[]`
|
|
||||||
/// list also qualifies (third-party registry apps inherit the capability).
|
|
||||||
fn supports_versions(app_id: &str) -> bool {
|
|
||||||
matches!(app_id, "bitcoin-core" | "bitcoin-knots")
|
|
||||||
|| !app_catalog::catalog_versions(app_id).is_empty()
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Extract the tag from a full image reference, leaving a `registry:port/repo`
|
|
||||||
/// host-port colon intact (only a colon AFTER the last `/` is a tag).
|
|
||||||
fn image_tag(image: &str) -> Option<String> {
|
|
||||||
let after_slash = image.rsplit_once('/').map(|(_, r)| r).unwrap_or(image);
|
|
||||||
after_slash
|
|
||||||
.rsplit_once(':')
|
|
||||||
.map(|(_, tag)| tag.to_string())
|
|
||||||
.filter(|t| !t.is_empty())
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Best-effort: the version tag of the backend container actually running for
|
|
||||||
/// `app_id`, by inspecting its image. `None` when not installed or unreadable.
|
|
||||||
async fn installed_version(app_id: &str) -> Option<String> {
|
|
||||||
let containers = get_containers_for_app(app_id).await.ok()?;
|
|
||||||
// Prefer the backend container (exact id / `archy-<id>`) over UI companions.
|
|
||||||
let name = containers
|
|
||||||
.iter()
|
|
||||||
.find(|n| n.as_str() == app_id || n.as_str() == format!("archy-{app_id}"))
|
|
||||||
.or_else(|| containers.first())?;
|
|
||||||
let out = tokio::process::Command::new("podman")
|
|
||||||
.args(["inspect", name, "--format", "{{.ImageName}}"])
|
|
||||||
.output()
|
|
||||||
.await
|
|
||||||
.ok()?;
|
|
||||||
if !out.status.success() {
|
|
||||||
return None;
|
|
||||||
}
|
|
||||||
let image = String::from_utf8_lossy(&out.stdout).trim().to_string();
|
|
||||||
let tag = image_tag(&image)?;
|
|
||||||
// A floating tag (latest/stable/...) names the reference used to CREATE the
|
|
||||||
// container, not what's actually running — podman never re-resolves it once
|
|
||||||
// cached, so a stale local `:latest` reports "latest" even when the real
|
|
||||||
// `latest` moved on months ago (.228, 2026-07-01: ran a 4-month-old cached
|
|
||||||
// image while a newer one already sat locally, unused). Ask the Bitcoin
|
|
||||||
// backends directly instead of trusting the tag literal in that case.
|
|
||||||
if is_floating_tag(&tag) {
|
|
||||||
if let Some(real) = bitcoind_reported_version(app_id, name).await {
|
|
||||||
return Some(real);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Some(tag)
|
|
||||||
}
|
|
||||||
|
|
||||||
fn is_floating_tag(tag: &str) -> bool {
|
|
||||||
matches!(tag, "latest" | "stable" | "release" | "main")
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Best-effort: ask the running bitcoind binary for its own version, trimmed to
|
|
||||||
/// the catalog's version-tag format (e.g. `29.3.knots20260210`, `29.2`). `None`
|
|
||||||
/// for apps other than the Bitcoin backends (no generic way to introspect a
|
|
||||||
/// third-party image's content version this way) or if the exec fails.
|
|
||||||
async fn bitcoind_reported_version(app_id: &str, container_name: &str) -> Option<String> {
|
|
||||||
if !matches!(app_id, "bitcoin-core" | "bitcoin-knots") {
|
|
||||||
return None;
|
|
||||||
}
|
|
||||||
let out = tokio::process::Command::new("podman")
|
|
||||||
.args(["exec", container_name, "bitcoind", "--version"])
|
|
||||||
.output()
|
|
||||||
.await
|
|
||||||
.ok()?;
|
|
||||||
if !out.status.success() {
|
|
||||||
return None;
|
|
||||||
}
|
|
||||||
parse_bitcoind_version_output(&String::from_utf8_lossy(&out.stdout))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Parses e.g. "Bitcoin Knots daemon version v29.3.knots20260210\n..." or
|
|
||||||
/// "Bitcoin Core version v29.2.0\n..." down to the version tag after `version v`.
|
|
||||||
fn parse_bitcoind_version_output(output: &str) -> Option<String> {
|
|
||||||
let first_line = output.lines().next()?;
|
|
||||||
let (_, version) = first_line.rsplit_once("version v")?;
|
|
||||||
let version = version.trim();
|
|
||||||
if version.is_empty() {
|
|
||||||
return None;
|
|
||||||
}
|
|
||||||
Some(version.to_string())
|
|
||||||
}
|
|
||||||
|
|
||||||
impl RpcHandler {
|
|
||||||
/// `package.versions` — what a runner can install / switch to for this app,
|
|
||||||
/// plus their current preference and the running version.
|
|
||||||
pub(in crate::api::rpc) async fn handle_package_versions(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let params = params.ok_or_else(|| anyhow::anyhow!("Missing params"))?;
|
|
||||||
let app_id = params
|
|
||||||
.get("id")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing package id"))?;
|
|
||||||
validate_app_id(app_id)?;
|
|
||||||
|
|
||||||
let versions = app_catalog::catalog_versions(app_id);
|
|
||||||
let default = app_catalog::catalog_default_version(app_id);
|
|
||||||
let cfg = version_config::read(app_id);
|
|
||||||
let installed = installed_version(app_id).await;
|
|
||||||
|
|
||||||
Ok(serde_json::json!({
|
|
||||||
"id": app_id,
|
|
||||||
"supportsVersions": supports_versions(app_id),
|
|
||||||
"default": default,
|
|
||||||
"installedVersion": installed,
|
|
||||||
"pinnedVersion": cfg.pinned_version,
|
|
||||||
"autoUpdate": cfg.auto_update,
|
|
||||||
"versions": versions.iter().map(|v| serde_json::json!({
|
|
||||||
"version": v.version,
|
|
||||||
"default": v.default,
|
|
||||||
"deprecated": v.deprecated,
|
|
||||||
"eol": v.eol,
|
|
||||||
})).collect::<Vec<_>>(),
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// `package.set-config` — persist version pin + auto-update preference and
|
|
||||||
/// recreate on an actual version change. Downgrades require `confirm:true`.
|
|
||||||
pub(in crate::api::rpc) async fn handle_package_set_config(
|
|
||||||
self: Arc<Self>,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let params = params.ok_or_else(|| anyhow::anyhow!("Missing params"))?;
|
|
||||||
let app_id = params
|
|
||||||
.get("id")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing package id"))?
|
|
||||||
.to_string();
|
|
||||||
validate_app_id(&app_id)?;
|
|
||||||
|
|
||||||
if !supports_versions(&app_id) {
|
|
||||||
return Err(anyhow::anyhow!(
|
|
||||||
"{} has no selectable versions in the catalog",
|
|
||||||
app_id
|
|
||||||
));
|
|
||||||
}
|
|
||||||
|
|
||||||
let confirm = params
|
|
||||||
.get("confirm")
|
|
||||||
.and_then(|v| v.as_bool())
|
|
||||||
.unwrap_or(false);
|
|
||||||
let existing = version_config::read(&app_id);
|
|
||||||
let default = app_catalog::catalog_default_version(&app_id);
|
|
||||||
|
|
||||||
// ---- Resolve the requested pin (if a version was supplied) ----------
|
|
||||||
// Absent `version` => leave the pin unchanged (an auto-update-only edit).
|
|
||||||
// `version == default` => un-pin (track latest). Any other version must
|
|
||||||
// exist in the catalog and resolve to a same-repo image, else reject.
|
|
||||||
let version_param = params
|
|
||||||
.get("version")
|
|
||||||
.and_then(|v| v.as_str())
|
|
||||||
.map(str::to_string);
|
|
||||||
let mut new_pin = existing.pinned_version.clone();
|
|
||||||
let mut version_changed = false;
|
|
||||||
if let Some(req) = version_param.as_deref() {
|
|
||||||
let resolved_pin = if default.as_deref() == Some(req) {
|
|
||||||
None // selecting the default un-pins
|
|
||||||
} else {
|
|
||||||
// Validate the version is real + same-repo before pinning.
|
|
||||||
if !app_catalog::catalog_versions(&app_id)
|
|
||||||
.iter()
|
|
||||||
.any(|v| v.version == req)
|
|
||||||
{
|
|
||||||
return Err(anyhow::anyhow!(
|
|
||||||
"version {} is not offered for {}",
|
|
||||||
req,
|
|
||||||
app_id
|
|
||||||
));
|
|
||||||
}
|
|
||||||
Some(req.to_string())
|
|
||||||
};
|
|
||||||
version_changed = resolved_pin != existing.pinned_version;
|
|
||||||
new_pin = resolved_pin;
|
|
||||||
}
|
|
||||||
|
|
||||||
let new_auto_update = params
|
|
||||||
.get("autoUpdate")
|
|
||||||
.and_then(|v| v.as_bool())
|
|
||||||
.unwrap_or(existing.auto_update);
|
|
||||||
|
|
||||||
// ---- Downgrade gate (design §4: warn + confirm + allow) -------------
|
|
||||||
// "Current" = what wrote the on-disk chainstate: the running version if
|
|
||||||
// we can read it, else the existing pin, else the catalog default.
|
|
||||||
if version_changed {
|
|
||||||
let target = version_param.as_deref().unwrap_or_default();
|
|
||||||
let current = installed_version(&app_id)
|
|
||||||
.await
|
|
||||||
.or_else(|| existing.pinned_version.clone())
|
|
||||||
.or_else(|| default.clone());
|
|
||||||
if let Some(current) = current {
|
|
||||||
if version_config::is_downgrade(¤t, target) && !confirm {
|
|
||||||
warn!(
|
|
||||||
"set-config {}: refusing un-confirmed downgrade {} -> {}",
|
|
||||||
app_id, current, target
|
|
||||||
);
|
|
||||||
return Ok(serde_json::json!({
|
|
||||||
"status": "confirm_required",
|
|
||||||
"kind": "downgrade",
|
|
||||||
"id": app_id,
|
|
||||||
"currentVersion": current,
|
|
||||||
"targetVersion": target,
|
|
||||||
"warning": format!(
|
|
||||||
"Switching {app_id} from {current} down to {target} is a \
|
|
||||||
downgrade. Bitcoin may refuse to start on a chainstate \
|
|
||||||
written by the newer version without a full reindex, and \
|
|
||||||
a pruned node can lose block data. Re-confirm to proceed."
|
|
||||||
),
|
|
||||||
}));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// ---- Persist preference --------------------------------------------
|
|
||||||
version_config::write(
|
|
||||||
&app_id,
|
|
||||||
&version_config::AppVersionConfig {
|
|
||||||
pinned_version: new_pin.clone(),
|
|
||||||
auto_update: new_auto_update,
|
|
||||||
},
|
|
||||||
)?;
|
|
||||||
install_log(&format!(
|
|
||||||
"SET-CONFIG {}: pinned={:?} autoUpdate={} (version_changed={})",
|
|
||||||
app_id, new_pin, new_auto_update, version_changed
|
|
||||||
))
|
|
||||||
.await;
|
|
||||||
info!(
|
|
||||||
app_id = %app_id,
|
|
||||||
pinned = ?new_pin,
|
|
||||||
auto_update = new_auto_update,
|
|
||||||
version_changed,
|
|
||||||
"package.set-config applied"
|
|
||||||
);
|
|
||||||
|
|
||||||
// ---- Recreate when the version actually changed + app is installed --
|
|
||||||
// The orchestrator's install/recreate path reads the pin we just wrote
|
|
||||||
// (prod_orchestrator image resolution), so reusing the update machinery
|
|
||||||
// pulls + recreates at the chosen image. An auto-update-only edit, or a
|
|
||||||
// change to a not-installed app, just persists the preference.
|
|
||||||
let mut recreating = false;
|
|
||||||
if version_changed {
|
|
||||||
let installed = get_containers_for_app(&app_id)
|
|
||||||
.await
|
|
||||||
.map(|c| !c.is_empty())
|
|
||||||
.unwrap_or(false);
|
|
||||||
if installed {
|
|
||||||
recreating = true;
|
|
||||||
// Fire the existing async update flow; it flips state to
|
|
||||||
// Updating and recreates honoring the new pin. The UI polls.
|
|
||||||
self.clone()
|
|
||||||
.spawn_package_update(Some(serde_json::json!({ "id": app_id })))
|
|
||||||
.await?;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(serde_json::json!({
|
|
||||||
"status": "ok",
|
|
||||||
"id": app_id,
|
|
||||||
"pinnedVersion": new_pin,
|
|
||||||
"autoUpdate": new_auto_update,
|
|
||||||
"versionChanged": version_changed,
|
|
||||||
"recreating": recreating,
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(test)]
|
|
||||||
mod tests {
|
|
||||||
use super::{image_tag, is_floating_tag, parse_bitcoind_version_output};
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn floating_tag_detects_generic_channel_names() {
|
|
||||||
for tag in ["latest", "stable", "release", "main"] {
|
|
||||||
assert!(is_floating_tag(tag), "{tag}");
|
|
||||||
}
|
|
||||||
for tag in ["29.3.knots20260508", "28.4", "v29.2.0"] {
|
|
||||||
assert!(!is_floating_tag(tag), "{tag}");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn parses_knots_version_line() {
|
|
||||||
assert_eq!(
|
|
||||||
parse_bitcoind_version_output(
|
|
||||||
"Bitcoin Knots daemon version v29.3.knots20260210\nCopyright...\n"
|
|
||||||
)
|
|
||||||
.as_deref(),
|
|
||||||
Some("29.3.knots20260210")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn parses_core_version_line() {
|
|
||||||
assert_eq!(
|
|
||||||
parse_bitcoind_version_output("Bitcoin Core version v29.2.0\n").as_deref(),
|
|
||||||
Some("29.2.0")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn parse_returns_none_when_output_has_no_version_marker() {
|
|
||||||
assert_eq!(parse_bitcoind_version_output("garbage output\n"), None);
|
|
||||||
assert_eq!(parse_bitcoind_version_output(""), None);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn image_tag_keeps_registry_port_colon() {
|
|
||||||
assert_eq!(
|
|
||||||
image_tag("146.59.87.168:3000/lfg2025/bitcoin:28.4").as_deref(),
|
|
||||||
Some("28.4")
|
|
||||||
);
|
|
||||||
assert_eq!(
|
|
||||||
image_tag("146.59.87.168:3000/lfg2025/bitcoin-knots:29.3.knots20260508").as_deref(),
|
|
||||||
Some("29.3.knots20260508")
|
|
||||||
);
|
|
||||||
// No tag => None (don't mistake the registry port for a tag).
|
|
||||||
assert_eq!(image_tag("146.59.87.168:3000/lfg2025/bitcoin"), None);
|
|
||||||
assert_eq!(
|
|
||||||
image_tag("docker.io/library/redis:7"),
|
|
||||||
Some("7".to_string())
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -6,6 +6,7 @@
|
|||||||
use crate::api::rpc::RpcHandler;
|
use crate::api::rpc::RpcHandler;
|
||||||
use crate::data_model::InstallPhase;
|
use crate::data_model::InstallPhase;
|
||||||
use anyhow::{Context, Result};
|
use anyhow::{Context, Result};
|
||||||
|
use base64::Engine;
|
||||||
use std::process::Output;
|
use std::process::Output;
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
use tracing::info;
|
use tracing::info;
|
||||||
@ -619,25 +620,16 @@ async fn install_stack_via_orchestrator(
|
|||||||
))
|
))
|
||||||
.await;
|
.await;
|
||||||
|
|
||||||
let mut installed = 0usize;
|
|
||||||
for app_id in app_ids {
|
for app_id in app_ids {
|
||||||
match orchestrator.install(app_id).await {
|
match orchestrator.install(app_id).await {
|
||||||
Ok(container_name) => {
|
Ok(container_name) => {
|
||||||
installed += 1;
|
|
||||||
install_log(&format!(
|
install_log(&format!(
|
||||||
"INSTALL ORCH: {} stack — app {} installed as {}",
|
"INSTALL ORCH: {} stack — app {} installed as {}",
|
||||||
stack_name, app_id, container_name
|
stack_name, app_id, container_name
|
||||||
))
|
))
|
||||||
.await;
|
.await;
|
||||||
}
|
}
|
||||||
Err(e) if e.to_string().contains("unknown app_id") && installed == 0 => {
|
Err(e) if e.to_string().contains("unknown app_id") => {
|
||||||
// None of the stack's manifests are known — the orchestrator
|
|
||||||
// can't render this stack at all, so defer to the legacy
|
|
||||||
// installer. Only safe when NOTHING was installed yet: once an
|
|
||||||
// earlier member is up, falling back would let the legacy path
|
|
||||||
// double-create containers on the same data dir (observed
|
|
||||||
// corrupting an immich postgres cluster — two postmasters, one
|
|
||||||
// PGDATA). A partial set means a deploy bug, not a legacy node.
|
|
||||||
install_log(&format!(
|
install_log(&format!(
|
||||||
"INSTALL ORCH SKIP: {} stack — app {} unknown, falling back to legacy stack installer",
|
"INSTALL ORCH SKIP: {} stack — app {} unknown, falling back to legacy stack installer",
|
||||||
stack_name, app_id
|
stack_name, app_id
|
||||||
@ -645,17 +637,6 @@ async fn install_stack_via_orchestrator(
|
|||||||
.await;
|
.await;
|
||||||
return Ok(None);
|
return Ok(None);
|
||||||
}
|
}
|
||||||
Err(e) if e.to_string().contains("unknown app_id") => {
|
|
||||||
install_log(&format!(
|
|
||||||
"INSTALL ORCH FAIL: {} stack — app {} unknown AFTER {} installed; refusing legacy fallback (would double-create on shared data)",
|
|
||||||
stack_name, app_id, installed
|
|
||||||
))
|
|
||||||
.await;
|
|
||||||
return Err(e.context(format!(
|
|
||||||
"orchestrator stack install {} aborted: app {} has no manifest but {} member(s) already installed — deploy all stack manifests",
|
|
||||||
stack_name, app_id, installed
|
|
||||||
)));
|
|
||||||
}
|
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
install_log(&format!(
|
install_log(&format!(
|
||||||
"INSTALL ORCH FAIL: {} stack — app {} failed: {}",
|
"INSTALL ORCH FAIL: {} stack — app {} failed: {}",
|
||||||
@ -687,43 +668,12 @@ fn mempool_stack_app_ids() -> &'static [&'static str] {
|
|||||||
&["archy-mempool-db", "mempool-api", "archy-mempool-web"]
|
&["archy-mempool-db", "mempool-api", "archy-mempool-web"]
|
||||||
}
|
}
|
||||||
|
|
||||||
fn immich_stack_app_ids() -> &'static [&'static str] {
|
|
||||||
// Install order = dependency order: db + cache before the server. The server
|
|
||||||
// app_id is the user-facing "immich" (canonical name + icon); its install is
|
|
||||||
// handled here (not recursively) since orchestrator.install bypasses the
|
|
||||||
// package.install routing that maps "immich" → this stack installer.
|
|
||||||
&["immich-postgres", "immich-redis", "immich"]
|
|
||||||
}
|
|
||||||
|
|
||||||
fn netbird_stack_app_ids() -> &'static [&'static str] {
|
|
||||||
// Dependency/startup order: the combined management/signal/relay server
|
|
||||||
// first (it owns the base64 relay/store secrets + the sqlite store, and is
|
|
||||||
// the OIDC issuer the others point at), then the dashboard SPA, then the
|
|
||||||
// user-facing TLS proxy ("netbird", which carries the self-signed cert +
|
|
||||||
// the templated nginx.conf and is the launcher). Mirrors the netbird
|
|
||||||
// startup_order in dependencies.rs.
|
|
||||||
&["netbird-server", "netbird-dashboard", "netbird"]
|
|
||||||
}
|
|
||||||
|
|
||||||
fn indeedhub_stack_app_ids() -> &'static [&'static str] {
|
|
||||||
// Dependency order: backends + their generated secrets first, then the api
|
|
||||||
// (owns indeedhub-jwt; reads the db/minio secrets the backends materialised),
|
|
||||||
// then the ffmpeg worker, then the user-facing frontend ("indeedhub", which
|
|
||||||
// carries the post_install nginx hook). The frontend's nginx reaches the
|
|
||||||
// backends by their short network_aliases (api/minio/relay) on indeedhub-net.
|
|
||||||
&[
|
|
||||||
"indeedhub-postgres",
|
|
||||||
"indeedhub-redis",
|
|
||||||
"indeedhub-minio",
|
|
||||||
"indeedhub-relay",
|
|
||||||
"indeedhub-api",
|
|
||||||
"indeedhub-ffmpeg",
|
|
||||||
"indeedhub",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
const REGISTRY: &str = "146.59.87.168:3000/lfg2025";
|
const REGISTRY: &str = "146.59.87.168:3000/lfg2025";
|
||||||
|
|
||||||
|
const NETBIRD_DASHBOARD_IMAGE: &str = "docker.io/netbirdio/dashboard:v2.38.0";
|
||||||
|
const NETBIRD_SERVER_IMAGE: &str = "docker.io/netbirdio/netbird-server:0.71.2";
|
||||||
|
const NETBIRD_PROXY_IMAGE: &str = "docker.io/library/nginx:1.27-alpine";
|
||||||
|
|
||||||
/// Pull an image with retry and exponential backoff (3 attempts).
|
/// Pull an image with retry and exponential backoff (3 attempts).
|
||||||
async fn pull_image_with_retry(image: &str) -> Result<()> {
|
async fn pull_image_with_retry(image: &str) -> Result<()> {
|
||||||
let exists = podman_stack_status(&["image", "exists", image], PODMAN_STACK_PROBE_TIMEOUT).await;
|
let exists = podman_stack_status(&["image", "exists", image], PODMAN_STACK_PROBE_TIMEOUT).await;
|
||||||
@ -784,17 +734,6 @@ async fn pull_image_with_retry(image: &str) -> Result<()> {
|
|||||||
impl RpcHandler {
|
impl RpcHandler {
|
||||||
/// Install Immich stack (postgres + redis + server).
|
/// Install Immich stack (postgres + redis + server).
|
||||||
pub(super) async fn install_immich_stack(&self) -> Result<serde_json::Value> {
|
pub(super) async fn install_immich_stack(&self) -> Result<serde_json::Value> {
|
||||||
// Manifest-driven path (workstream B/C): render the stack from
|
|
||||||
// apps/immich-*/manifest.yml via the orchestrator (rootless Quadlet
|
|
||||||
// units, generated_secrets, reboot-survivable). Falls back to the legacy
|
|
||||||
// installer below only when the orchestrator doesn't know these app_ids
|
|
||||||
// (manifests not yet deployed). See docs/PRODUCTION-MASTER-PLAN.md.
|
|
||||||
if let Some(orchestrated) =
|
|
||||||
install_stack_via_orchestrator(self, "immich", immich_stack_app_ids()).await?
|
|
||||||
{
|
|
||||||
return Ok(orchestrated);
|
|
||||||
}
|
|
||||||
|
|
||||||
if let Some(adopted) = adopt_stack_if_exists(
|
if let Some(adopted) = adopt_stack_if_exists(
|
||||||
"immich_server",
|
"immich_server",
|
||||||
"immich",
|
"immich",
|
||||||
@ -1009,9 +948,9 @@ impl RpcHandler {
|
|||||||
return Ok(adopted);
|
return Ok(adopted);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Dependency check: Bitcoin must be running. Bounded wait covers the
|
// Dependency check: Bitcoin must be running
|
||||||
// "installed but still starting" race instead of failing instantly.
|
let deps = super::dependencies::detect_running_deps().await?;
|
||||||
self.gate_install_deps("btcpay-server").await?;
|
super::dependencies::check_install_deps("btcpay-server", &deps)?;
|
||||||
|
|
||||||
install_log("INSTALL START: btcpay-server (stack: postgres + nbxplorer + btcpay)").await;
|
install_log("INSTALL START: btcpay-server (stack: postgres + nbxplorer + btcpay)").await;
|
||||||
|
|
||||||
@ -1444,20 +1383,6 @@ impl RpcHandler {
|
|||||||
|
|
||||||
/// Install the IndeedHub multi-container stack.
|
/// Install the IndeedHub multi-container stack.
|
||||||
pub(super) async fn install_indeedhub_stack(&self) -> Result<serde_json::Value> {
|
pub(super) async fn install_indeedhub_stack(&self) -> Result<serde_json::Value> {
|
||||||
// Manifest-driven path (#20 phase 3): render the 7-member stack from
|
|
||||||
// apps/indeedhub-*/manifest.yml via the orchestrator (dedicated
|
|
||||||
// indeedhub-net + network_aliases, generated_secrets, the frontend's
|
|
||||||
// post_install nginx hook, reboot-survivable). The manifests use the exact
|
|
||||||
// live container names / named volumes, so on an existing node this ADOPTS
|
|
||||||
// the running stack rather than recreating it (data preserved). Falls back
|
|
||||||
// to the legacy installer below only when the orchestrator doesn't know
|
|
||||||
// these app_ids (manifests not yet deployed). See PRODUCTION-MASTER-PLAN.md.
|
|
||||||
if let Some(orchestrated) =
|
|
||||||
install_stack_via_orchestrator(self, "indeedhub", indeedhub_stack_app_ids()).await?
|
|
||||||
{
|
|
||||||
return Ok(orchestrated);
|
|
||||||
}
|
|
||||||
|
|
||||||
let registry = crate::container::registry::load_registries(&self.config.data_dir)
|
let registry = crate::container::registry::load_registries(&self.config.data_dir)
|
||||||
.await
|
.await
|
||||||
.unwrap_or_default()
|
.unwrap_or_default()
|
||||||
@ -1833,27 +1758,6 @@ impl RpcHandler {
|
|||||||
|
|
||||||
/// Install self-hosted NetBird (dashboard + combined management/signal/relay server).
|
/// Install self-hosted NetBird (dashboard + combined management/signal/relay server).
|
||||||
pub(super) async fn install_netbird_stack(&self) -> Result<serde_json::Value> {
|
pub(super) async fn install_netbird_stack(&self) -> Result<serde_json::Value> {
|
||||||
// Manifest-driven path (#20 phase 4): render the 3-member stack from
|
|
||||||
// apps/netbird-*/manifest.yml via the orchestrator — dedicated
|
|
||||||
// netbird-net + network_aliases, base64 generated_secrets, a self-signed
|
|
||||||
// TLS cert (generated_certs) so the dashboard gets a secure context for
|
|
||||||
// OIDC PKCE (#15), and templated config.yaml/nginx.conf rendered from
|
|
||||||
// host facts + the netbird-net gateway. The manifests use the exact live
|
|
||||||
// container names, so on an existing node this ADOPTS the running stack
|
|
||||||
// rather than recreating it (the sqlite store + base64 keys are
|
|
||||||
// preserved — ensure_generated_secrets no-ops on existing files).
|
|
||||||
//
|
|
||||||
// #20 ph4: the legacy hardcoded `podman run` installer was DELETED — the
|
|
||||||
// signed catalog always ships apps/netbird-*/manifest.yml, so there is no
|
|
||||||
// in-Rust fallback. If the orchestrator doesn't know these app_ids and no
|
|
||||||
// running stack exists to adopt, install errors rather than silently
|
|
||||||
// diverging from the manifest contract.
|
|
||||||
if let Some(orchestrated) =
|
|
||||||
install_stack_via_orchestrator(self, "netbird", netbird_stack_app_ids()).await?
|
|
||||||
{
|
|
||||||
return Ok(orchestrated);
|
|
||||||
}
|
|
||||||
|
|
||||||
if let Some(adopted) = adopt_stack_if_exists(
|
if let Some(adopted) = adopt_stack_if_exists(
|
||||||
"netbird",
|
"netbird",
|
||||||
"netbird",
|
"netbird",
|
||||||
@ -1864,12 +1768,452 @@ impl RpcHandler {
|
|||||||
return Ok(adopted);
|
return Ok(adopted);
|
||||||
}
|
}
|
||||||
|
|
||||||
anyhow::bail!(
|
install_log("INSTALL START: netbird stack (dashboard + server)").await;
|
||||||
"netbird manifests not available on this node — the signed catalog must provide apps/netbird-*/manifest.yml (legacy hardcoded installer removed in #20 ph4)"
|
info!("Installing self-hosted NetBird stack");
|
||||||
|
|
||||||
|
self.set_install_phase("netbird", InstallPhase::PullingImage)
|
||||||
|
.await;
|
||||||
|
for (i, image) in [
|
||||||
|
NETBIRD_DASHBOARD_IMAGE,
|
||||||
|
NETBIRD_SERVER_IMAGE,
|
||||||
|
NETBIRD_PROXY_IMAGE,
|
||||||
|
]
|
||||||
|
.iter()
|
||||||
|
.enumerate()
|
||||||
|
{
|
||||||
|
self.set_install_progress("netbird", i as u64, 3).await;
|
||||||
|
pull_image_with_retry(image)
|
||||||
|
.await
|
||||||
|
.with_context(|| format!("Failed to pull NetBird image: {}", image))?;
|
||||||
|
}
|
||||||
|
self.set_install_progress("netbird", 3, 3).await;
|
||||||
|
|
||||||
|
for name in ["netbird", "netbird-dashboard", "netbird-server"] {
|
||||||
|
let _ = podman_stack_status(&["rm", "-f", name], PODMAN_STACK_PROBE_TIMEOUT).await;
|
||||||
|
}
|
||||||
|
let _ = podman_stack_status(
|
||||||
|
&["network", "rm", "-f", "netbird-net"],
|
||||||
|
PODMAN_STACK_PROBE_TIMEOUT,
|
||||||
)
|
)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
self.set_install_phase("netbird", InstallPhase::CreatingContainer)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
tokio::fs::create_dir_all("/var/lib/archipelago/netbird/data")
|
||||||
|
.await
|
||||||
|
.context("Failed to create NetBird data directory")?;
|
||||||
|
|
||||||
|
let host_ip = detect_netbird_public_host_ip()
|
||||||
|
.await
|
||||||
|
.unwrap_or_else(|| self.config.host_ip.clone());
|
||||||
|
|
||||||
|
// Create the network FIRST so we can read back the gateway it was
|
||||||
|
// assigned — that gateway is Podman's aardvark DNS, which the proxy's
|
||||||
|
// nginx needs as an explicit `resolver` to re-resolve container names
|
||||||
|
// (issue #15: without it nginx caches a container IP and 502s forever
|
||||||
|
// once that IP changes on restart/reboot).
|
||||||
|
let _ = podman_stack_status(
|
||||||
|
&["network", "create", "netbird-net"],
|
||||||
|
PODMAN_STACK_PROBE_TIMEOUT,
|
||||||
|
)
|
||||||
|
.await;
|
||||||
|
|
||||||
|
let resolver_ip = netbird_net_resolver_ip().await;
|
||||||
|
write_netbird_config_files(&host_ip, &self.config.host_ip, &resolver_ip).await?;
|
||||||
|
ensure_netbird_tls_cert(&host_ip).await?;
|
||||||
|
|
||||||
|
let mut server_cmd = tokio::process::Command::new("podman");
|
||||||
|
server_cmd.args([
|
||||||
|
"run",
|
||||||
|
"-d",
|
||||||
|
"--name",
|
||||||
|
"netbird-server",
|
||||||
|
"--network",
|
||||||
|
"netbird-net",
|
||||||
|
"--network-alias",
|
||||||
|
"netbird-server",
|
||||||
|
"--restart=unless-stopped",
|
||||||
|
"-p",
|
||||||
|
"8086:80",
|
||||||
|
"-p",
|
||||||
|
"3478:3478/udp",
|
||||||
|
"-v",
|
||||||
|
"/var/lib/archipelago/netbird/data:/var/lib/netbird",
|
||||||
|
"-v",
|
||||||
|
"/var/lib/archipelago/netbird/config.yaml:/etc/netbird/config.yaml:ro",
|
||||||
|
NETBIRD_SERVER_IMAGE,
|
||||||
|
"--config",
|
||||||
|
"/etc/netbird/config.yaml",
|
||||||
|
]);
|
||||||
|
run_required_stack_command("netbird", "create server", &mut server_cmd).await?;
|
||||||
|
|
||||||
|
self.set_install_phase("netbird", InstallPhase::StartingContainer)
|
||||||
|
.await;
|
||||||
|
tokio::time::sleep(std::time::Duration::from_secs(5)).await;
|
||||||
|
|
||||||
|
let mut dashboard_cmd = tokio::process::Command::new("podman");
|
||||||
|
dashboard_cmd.args([
|
||||||
|
"run",
|
||||||
|
"-d",
|
||||||
|
"--name",
|
||||||
|
"netbird-dashboard",
|
||||||
|
"--network",
|
||||||
|
"netbird-net",
|
||||||
|
// Explicit alias so the proxy can always resolve `netbird-dashboard`
|
||||||
|
// via Podman DNS — don't rely on implicit container-name aliasing.
|
||||||
|
"--network-alias",
|
||||||
|
"netbird-dashboard",
|
||||||
|
"--restart=unless-stopped",
|
||||||
|
"--env-file",
|
||||||
|
"/var/lib/archipelago/netbird/dashboard.env",
|
||||||
|
NETBIRD_DASHBOARD_IMAGE,
|
||||||
|
]);
|
||||||
|
run_required_stack_command("netbird", "create dashboard", &mut dashboard_cmd).await?;
|
||||||
|
|
||||||
|
let mut proxy_cmd = tokio::process::Command::new("podman");
|
||||||
|
proxy_cmd.args([
|
||||||
|
"run",
|
||||||
|
"-d",
|
||||||
|
"--name",
|
||||||
|
"netbird",
|
||||||
|
"--network",
|
||||||
|
"netbird-net",
|
||||||
|
"--restart=unless-stopped",
|
||||||
|
// 8087 publishes the TLS listener — netbird's dashboard requires a
|
||||||
|
// secure context (window.crypto.subtle / OIDC PKCE), issue #15.
|
||||||
|
"-p",
|
||||||
|
"8087:443",
|
||||||
|
"-v",
|
||||||
|
"/var/lib/archipelago/netbird/nginx.conf:/etc/nginx/conf.d/default.conf:ro",
|
||||||
|
"-v",
|
||||||
|
"/var/lib/archipelago/netbird/tls.crt:/etc/nginx/tls.crt:ro",
|
||||||
|
"-v",
|
||||||
|
"/var/lib/archipelago/netbird/tls.key:/etc/nginx/tls.key:ro",
|
||||||
|
NETBIRD_PROXY_IMAGE,
|
||||||
|
]);
|
||||||
|
run_required_stack_command("netbird", "create unified proxy", &mut proxy_cmd).await?;
|
||||||
|
|
||||||
|
wait_for_stack_containers(
|
||||||
|
"netbird",
|
||||||
|
&["netbird-server", "netbird-dashboard", "netbird"],
|
||||||
|
60,
|
||||||
|
)
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
self.set_install_phase("netbird", InstallPhase::WaitingHealthy)
|
||||||
|
.await;
|
||||||
|
self.set_install_phase("netbird", InstallPhase::PostInstall)
|
||||||
|
.await;
|
||||||
|
self.set_install_phase("netbird", InstallPhase::Done).await;
|
||||||
|
self.clear_install_progress("netbird").await;
|
||||||
|
|
||||||
|
install_log("INSTALL OK: netbird stack").await;
|
||||||
|
info!("NetBird stack installed");
|
||||||
|
Ok(serde_json::json!({
|
||||||
|
"success": true,
|
||||||
|
"package_id": "netbird",
|
||||||
|
"message": "NetBird self-hosted stack installed",
|
||||||
|
}))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn read_or_generate_b64_secret(name: &str) -> String {
|
||||||
|
let path = format!("/var/lib/archipelago/secrets/{}", name);
|
||||||
|
if let Ok(val) = tokio::fs::read_to_string(&path).await {
|
||||||
|
let trimmed = val.trim().to_string();
|
||||||
|
if !trimmed.is_empty() {
|
||||||
|
return trimmed;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let mut buf = [0u8; 32];
|
||||||
|
rand::RngCore::fill_bytes(&mut rand::rngs::OsRng, &mut buf);
|
||||||
|
let secret = base64::engine::general_purpose::STANDARD.encode(buf);
|
||||||
|
let _ = tokio::fs::create_dir_all("/var/lib/archipelago/secrets").await;
|
||||||
|
let _ = tokio::fs::write(&path, &secret).await;
|
||||||
|
secret
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Read the gateway of the `netbird-net` bridge. Podman runs its aardvark DNS
|
||||||
|
/// resolver on this address, so nginx can use it as an explicit `resolver` to
|
||||||
|
/// re-resolve container names at request time. Falls back to Podman's usual
|
||||||
|
/// first-pool gateway if the inspect fails (best effort — config is rewritten
|
||||||
|
/// on every (re)install).
|
||||||
|
async fn netbird_net_resolver_ip() -> String {
|
||||||
|
let out = tokio::process::Command::new("podman")
|
||||||
|
.args([
|
||||||
|
"network",
|
||||||
|
"inspect",
|
||||||
|
"netbird-net",
|
||||||
|
"--format",
|
||||||
|
"{{range .Subnets}}{{.Gateway}}{{end}}",
|
||||||
|
])
|
||||||
|
.output()
|
||||||
|
.await;
|
||||||
|
if let Ok(o) = out {
|
||||||
|
let gw = String::from_utf8_lossy(&o.stdout).trim().to_string();
|
||||||
|
if !gw.is_empty() && gw.parse::<std::net::IpAddr>().is_ok() {
|
||||||
|
return gw;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"10.89.0.1".to_string()
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Generate a self-signed TLS cert for the netbird proxy if absent. The
|
||||||
|
/// dashboard needs a secure context (window.crypto.subtle / OIDC PKCE), so the
|
||||||
|
/// proxy serves HTTPS; a self-signed cert is sufficient (the user accepts it
|
||||||
|
/// once when opening netbird in a tab). SAN covers the LAN IP plus
|
||||||
|
/// localhost/127.0.0.1 so it's valid however the box is reached locally.
|
||||||
|
async fn ensure_netbird_tls_cert(host_ip: &str) -> Result<()> {
|
||||||
|
let dir = "/var/lib/archipelago/netbird";
|
||||||
|
let crt = format!("{dir}/tls.crt");
|
||||||
|
let key = format!("{dir}/tls.key");
|
||||||
|
if tokio::fs::metadata(&crt).await.is_ok() && tokio::fs::metadata(&key).await.is_ok() {
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
let _ = tokio::fs::create_dir_all(dir).await;
|
||||||
|
let san = format!("subjectAltName=IP:{host_ip},IP:127.0.0.1,DNS:localhost");
|
||||||
|
let status = tokio::process::Command::new("openssl")
|
||||||
|
.args([
|
||||||
|
"req",
|
||||||
|
"-x509",
|
||||||
|
"-newkey",
|
||||||
|
"rsa:2048",
|
||||||
|
"-nodes",
|
||||||
|
"-keyout",
|
||||||
|
&key,
|
||||||
|
"-out",
|
||||||
|
&crt,
|
||||||
|
"-days",
|
||||||
|
"3650",
|
||||||
|
"-subj",
|
||||||
|
&format!("/CN={host_ip}"),
|
||||||
|
"-addext",
|
||||||
|
&san,
|
||||||
|
])
|
||||||
|
.status()
|
||||||
|
.await
|
||||||
|
.context("failed to run openssl for netbird TLS cert")?;
|
||||||
|
if !status.success() {
|
||||||
|
anyhow::bail!("openssl failed to generate netbird TLS cert");
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn write_netbird_config_files(host_ip: &str, lan_ip: &str, resolver_ip: &str) -> Result<()> {
|
||||||
|
// netbird's dashboard uses window.crypto.subtle (OIDC PKCE), which browsers
|
||||||
|
// only expose in a SECURE context — so the proxy serves HTTPS and every
|
||||||
|
// origin here is https (issue #15: over plain http the dashboard threw
|
||||||
|
// "window.crypto.subtle is unavailable" and never reached login).
|
||||||
|
let public_origin = format!("https://{}:8087", host_ip);
|
||||||
|
let server_origin = format!("http://{}:8086", host_ip);
|
||||||
|
// A single box is reached via several addresses. Allow the OIDC login flow
|
||||||
|
// to redirect back to whichever origin the user actually used, otherwise
|
||||||
|
// post-login lands on the wrong host and the dashboard shows
|
||||||
|
// "Unauthenticated" (issue #15). The browser-side CORS is handled in the
|
||||||
|
// nginx proxy; this covers the redirect-URI allow-list.
|
||||||
|
let lan_origin = format!("https://{}:8087", lan_ip);
|
||||||
|
let mut redirect_origins = vec![public_origin.clone()];
|
||||||
|
if lan_origin != public_origin {
|
||||||
|
redirect_origins.push(lan_origin);
|
||||||
|
}
|
||||||
|
let dashboard_redirect_uris = redirect_origins
|
||||||
|
.iter()
|
||||||
|
.flat_map(|o| {
|
||||||
|
[
|
||||||
|
format!(" - \"{o}/nb-auth\""),
|
||||||
|
format!(" - \"{o}/nb-silent-auth\""),
|
||||||
|
]
|
||||||
|
})
|
||||||
|
.collect::<Vec<_>>()
|
||||||
|
.join("\n");
|
||||||
|
let dashboard_logout_uris = redirect_origins
|
||||||
|
.iter()
|
||||||
|
.map(|o| format!(" - \"{o}/\""))
|
||||||
|
.collect::<Vec<_>>()
|
||||||
|
.join("\n");
|
||||||
|
let relay_secret = read_or_generate_b64_secret("netbird-relay-auth-secret").await;
|
||||||
|
let encryption_key = read_or_generate_b64_secret("netbird-store-encryption-key").await;
|
||||||
|
let config = format!(
|
||||||
|
r#"server:
|
||||||
|
listenAddress: ":80"
|
||||||
|
exposedAddress: "{public_origin}"
|
||||||
|
stunPorts:
|
||||||
|
- 3478
|
||||||
|
metricsPort: 9090
|
||||||
|
healthcheckAddress: ":9000"
|
||||||
|
logLevel: "info"
|
||||||
|
logFile: "console"
|
||||||
|
authSecret: "{relay_secret}"
|
||||||
|
dataDir: "/var/lib/netbird"
|
||||||
|
auth:
|
||||||
|
issuer: "{public_origin}/oauth2"
|
||||||
|
localAuthDisabled: false
|
||||||
|
signKeyRefreshEnabled: false
|
||||||
|
dashboardRedirectURIs:
|
||||||
|
{dashboard_redirect_uris}
|
||||||
|
dashboardPostLogoutRedirectURIs:
|
||||||
|
{dashboard_logout_uris}
|
||||||
|
cliRedirectURIs:
|
||||||
|
- "http://localhost:53000/"
|
||||||
|
store:
|
||||||
|
engine: "sqlite"
|
||||||
|
encryptionKey: "{encryption_key}"
|
||||||
|
"#
|
||||||
|
);
|
||||||
|
tokio::fs::write("/var/lib/archipelago/netbird/config.yaml", config)
|
||||||
|
.await
|
||||||
|
.context("Failed to write NetBird config.yaml")?;
|
||||||
|
|
||||||
|
let dashboard_env = format!(
|
||||||
|
r#"NETBIRD_MGMT_API_ENDPOINT={public_origin}
|
||||||
|
NETBIRD_MGMT_GRPC_API_ENDPOINT={public_origin}
|
||||||
|
AUTH_AUDIENCE=netbird-dashboard
|
||||||
|
AUTH_CLIENT_ID=netbird-dashboard
|
||||||
|
AUTH_CLIENT_SECRET=
|
||||||
|
AUTH_AUTHORITY={public_origin}/oauth2
|
||||||
|
USE_AUTH0=false
|
||||||
|
AUTH_SUPPORTED_SCOPES=openid profile email groups
|
||||||
|
AUTH_REDIRECT_URI=/nb-auth
|
||||||
|
AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
|
||||||
|
NETBIRD_TOKEN_SOURCE=idToken
|
||||||
|
NGINX_SSL_PORT=443
|
||||||
|
LETSENCRYPT_DOMAIN=none
|
||||||
|
"#
|
||||||
|
);
|
||||||
|
tokio::fs::write("/var/lib/archipelago/netbird/dashboard.env", dashboard_env)
|
||||||
|
.await
|
||||||
|
.context("Failed to write NetBird dashboard.env")?;
|
||||||
|
|
||||||
|
let nginx_conf = format!(
|
||||||
|
r#"server {{
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
# netbird's dashboard needs a secure context (window.crypto.subtle for OIDC
|
||||||
|
# PKCE), so the proxy terminates TLS with a self-signed cert (issue #15).
|
||||||
|
ssl_certificate /etc/nginx/tls.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/tls.key;
|
||||||
|
|
||||||
|
# Rootless Podman can hand a container a new IP across restarts/reboots.
|
||||||
|
# nginx resolves a literal upstream name ONCE at startup and caches it, so
|
||||||
|
# after the IP moves every request 502s with "host unreachable" (issue #15,
|
||||||
|
# observed live on .198: nginx pinned to a dead netbird-dashboard IP). Fix:
|
||||||
|
# point `resolver` at the netbird-net gateway (Podman's aardvark DNS) and
|
||||||
|
# use VARIABLE upstreams, which forces nginx to re-resolve the container
|
||||||
|
# names at request time. Everything is reached container-to-container by
|
||||||
|
# name so nothing depends on host-published ports either.
|
||||||
|
resolver {resolver_ip} valid=10s ipv6=off;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
|
||||||
|
location ~ ^/(relay|ws-proxy/) {{
|
||||||
|
set $nb_server netbird-server;
|
||||||
|
proxy_pass http://$nb_server:80;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_read_timeout 1d;
|
||||||
|
}}
|
||||||
|
|
||||||
|
location ~ ^/(api|oauth2)(/|$) {{
|
||||||
|
# The dashboard is a SPA whose API/OIDC base URL is baked at build time
|
||||||
|
# to one host:port. A single box is reached via several addresses (LAN
|
||||||
|
# IP, Tailscale 100.x, hostname), so those fetches are cross-origin and
|
||||||
|
# the browser blocks them with no Access-Control-Allow-Origin (issue
|
||||||
|
# #15, observed live on .198). Reflect the caller's Origin so the
|
||||||
|
# self-hosted management/OIDC API is reachable from any of them, and
|
||||||
|
# answer the CORS preflight here.
|
||||||
|
if ($request_method = OPTIONS) {{
|
||||||
|
add_header Access-Control-Allow-Origin $http_origin always;
|
||||||
|
add_header Access-Control-Allow-Credentials true always;
|
||||||
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
|
||||||
|
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept" always;
|
||||||
|
add_header Access-Control-Max-Age 86400 always;
|
||||||
|
add_header Content-Length 0;
|
||||||
|
return 204;
|
||||||
|
}}
|
||||||
|
add_header Access-Control-Allow-Origin $http_origin always;
|
||||||
|
add_header Access-Control-Allow-Credentials true always;
|
||||||
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
|
||||||
|
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept" always;
|
||||||
|
set $nb_server netbird-server;
|
||||||
|
proxy_pass http://$nb_server:80;
|
||||||
|
}}
|
||||||
|
|
||||||
|
location ~ ^/(signalexchange\.SignalExchange|management\.ManagementService|management\.ProxyService)/ {{
|
||||||
|
set $nb_server netbird-server;
|
||||||
|
grpc_pass grpc://$nb_server:80;
|
||||||
|
grpc_read_timeout 1d;
|
||||||
|
grpc_send_timeout 1d;
|
||||||
|
}}
|
||||||
|
|
||||||
|
# OIDC callback routes are client-side SPA routes with NO prebuilt page in
|
||||||
|
# the dashboard bundle, so proxying them straight through 404s — which
|
||||||
|
# crashes the dashboard's auth init and shows "Unauthenticated" with dead
|
||||||
|
# buttons (issue #15, confirmed live on .198: /nb-auth + /nb-silent-auth
|
||||||
|
# returned 404). Serve the dashboard's index.html at these paths (URL
|
||||||
|
# unchanged) so react-oidc boots and completes the login / silent-SSO.
|
||||||
|
location ~ ^/(nb-auth|nb-silent-auth) {{
|
||||||
|
set $nb_dashboard netbird-dashboard;
|
||||||
|
rewrite ^.*$ /index.html break;
|
||||||
|
proxy_pass http://$nb_dashboard:80;
|
||||||
|
}}
|
||||||
|
|
||||||
|
location / {{
|
||||||
|
set $nb_dashboard netbird-dashboard;
|
||||||
|
proxy_pass http://$nb_dashboard:80;
|
||||||
|
}}
|
||||||
|
}}
|
||||||
|
|
||||||
|
# Direct server remains available for diagnostics at {server_origin}.
|
||||||
|
"#
|
||||||
|
);
|
||||||
|
tokio::fs::write("/var/lib/archipelago/netbird/nginx.conf", nginx_conf)
|
||||||
|
.await
|
||||||
|
.context("Failed to write NetBird nginx.conf")?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn detect_netbird_public_host_ip() -> Option<String> {
|
||||||
|
let output = tokio::process::Command::new("hostname")
|
||||||
|
.args(["-I"])
|
||||||
|
.output()
|
||||||
|
.await
|
||||||
|
.ok()?;
|
||||||
|
let stdout = String::from_utf8_lossy(&output.stdout);
|
||||||
|
let ips: Vec<&str> = stdout
|
||||||
|
.split_whitespace()
|
||||||
|
.filter(|s| s.contains('.'))
|
||||||
|
.collect();
|
||||||
|
|
||||||
|
// Prefer the LAN address as the canonical origin — that's what users browse
|
||||||
|
// to on the local network. Baking the Tailscale 100.x address here broke
|
||||||
|
// LAN access with cross-origin/redirect mismatches (issue #15). Tailscale
|
||||||
|
// (100.64.0.0/10 CGNAT) is only a fallback for nodes with no LAN IP.
|
||||||
|
let is_private_lan = |ip: &str| {
|
||||||
|
ip.starts_with("192.168.")
|
||||||
|
|| ip.starts_with("10.")
|
||||||
|
|| (ip.starts_with("172.")
|
||||||
|
&& ip
|
||||||
|
.split('.')
|
||||||
|
.nth(1)
|
||||||
|
.and_then(|o| o.parse::<u8>().ok())
|
||||||
|
.map(|o| (16..=31).contains(&o))
|
||||||
|
.unwrap_or(false))
|
||||||
|
};
|
||||||
|
if let Some(lan) = ips.iter().find(|ip| is_private_lan(ip)) {
|
||||||
|
return Some(lan.to_string());
|
||||||
|
}
|
||||||
|
ips.iter()
|
||||||
|
.find(|ip| ip.starts_with("100."))
|
||||||
|
.map(|s| s.to_string())
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::{btcpay_stack_app_ids, mempool_stack_app_ids};
|
use super::{btcpay_stack_app_ids, mempool_stack_app_ids};
|
||||||
|
|||||||
@ -32,27 +32,19 @@ impl RpcHandler {
|
|||||||
.ok_or_else(|| anyhow::anyhow!("Missing package id"))?;
|
.ok_or_else(|| anyhow::anyhow!("Missing package id"))?;
|
||||||
validate_app_id(package_id)?;
|
validate_app_id(package_id)?;
|
||||||
|
|
||||||
// Resolve the target image. Prefer the remote app catalog (decoupled
|
// Verify an update is actually available. Prefer the remote app catalog
|
||||||
// from the binary OTA), falling back to the image-versions.sh pin. This
|
// (decoupled from the binary OTA), falling back to the image-versions.sh
|
||||||
// is OPTIONAL for orchestrator-managed apps: the orchestrator resolves
|
// pin when the catalog is absent or doesn't cover this app.
|
||||||
// the image itself (manifest + catalog + version_config pin) in its
|
|
||||||
// upgrade path, so an app the catalog doesn't carry a primary image for
|
|
||||||
// (e.g. bitcoin-core, image lives in the embedded manifest + versions[])
|
|
||||||
// still upgrades. Only the legacy/stack path below hard-requires it.
|
|
||||||
let pinned = crate::container::app_catalog::catalog_primary_image(package_id)
|
let pinned = crate::container::app_catalog::catalog_primary_image(package_id)
|
||||||
.or_else(|| image_versions::pinned_image_for_app(package_id));
|
.or_else(|| image_versions::pinned_image_for_app(package_id))
|
||||||
|
.ok_or_else(|| anyhow::anyhow!("No pinned image found for {}", package_id))?;
|
||||||
|
|
||||||
// Note: the `already updating` guard lives in `spawn_package_update`
|
// Note: the `already updating` guard lives in `spawn_package_update`
|
||||||
// (the async wrapper that dispatch actually routes to). By the time
|
// (the async wrapper that dispatch actually routes to). By the time
|
||||||
// this inner function runs, the wrapper has already flipped state to
|
// this inner function runs, the wrapper has already flipped state to
|
||||||
// `Updating`, so duplicating the check here would be a false positive.
|
// `Updating`, so duplicating the check here would be a false positive.
|
||||||
|
|
||||||
install_log(&format!(
|
install_log(&format!("UPDATE: {} → {}", package_id, pinned)).await;
|
||||||
"UPDATE: {} → {}",
|
|
||||||
package_id,
|
|
||||||
pinned.as_deref().unwrap_or("(orchestrator-resolved)")
|
|
||||||
))
|
|
||||||
.await;
|
|
||||||
|
|
||||||
// Set state to Updating
|
// Set state to Updating
|
||||||
{
|
{
|
||||||
@ -122,16 +114,6 @@ impl RpcHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Legacy/stack path hard-requires a concrete primary image (the
|
|
||||||
// orchestrator path above already returned for apps it manages).
|
|
||||||
let pinned = match pinned {
|
|
||||||
Some(p) => p,
|
|
||||||
None => {
|
|
||||||
self.clear_update_state(package_id).await;
|
|
||||||
return Err(anyhow::anyhow!("No pinned image found for {}", package_id));
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
// Resolve images to pull — either a stack or single container
|
// Resolve images to pull — either a stack or single container
|
||||||
let images_to_pull = self.resolve_images_to_pull(package_id, &pinned);
|
let images_to_pull = self.resolve_images_to_pull(package_id, &pinned);
|
||||||
|
|
||||||
|
|||||||
@ -26,36 +26,6 @@ impl Drop for OnboardingMnemonicState {
|
|||||||
|
|
||||||
const MNEMONIC_TTL: std::time::Duration = std::time::Duration::from_secs(600); // 10 minutes
|
const MNEMONIC_TTL: std::time::Duration = std::time::Duration::from_secs(600); // 10 minutes
|
||||||
|
|
||||||
/// Persist the pending onboarding mnemonic as `identity/master_seed.enc`,
|
|
||||||
/// encrypted with `passphrase`. Called from `auth.setup` — the first moment a
|
|
||||||
/// user password exists — so "Reveal recovery phrase" works after onboarding
|
|
||||||
/// without the frontend having to remember a separate save step (it never
|
|
||||||
/// did, which left every onboarded node with no encrypted seed backup).
|
|
||||||
///
|
|
||||||
/// Deliberately ignores MNEMONIC_TTL: the mnemonic stays in memory until
|
|
||||||
/// overwritten regardless, so using it here widens nothing, and onboarding
|
|
||||||
/// legitimately takes longer than 10 minutes when the user carefully writes
|
|
||||||
/// down 24 words. Clears the in-memory copy on success — password setup is
|
|
||||||
/// the end of onboarding, so the plaintext no longer needs to linger.
|
|
||||||
///
|
|
||||||
/// Returns Ok(true) if a seed was saved, Ok(false) if none was pending.
|
|
||||||
pub(in crate::api::rpc) async fn save_pending_seed_encrypted(
|
|
||||||
data_dir: &std::path::Path,
|
|
||||||
passphrase: &str,
|
|
||||||
) -> Result<bool> {
|
|
||||||
let mut state = ONBOARDING_MNEMONIC.lock().await;
|
|
||||||
let Some(pending) = state.as_ref() else {
|
|
||||||
return Ok(false);
|
|
||||||
};
|
|
||||||
let mnemonic: bip39::Mnemonic = pending
|
|
||||||
.words
|
|
||||||
.parse()
|
|
||||||
.context("Invalid mnemonic in memory")?;
|
|
||||||
crate::seed::save_seed_encrypted(data_dir, &mnemonic, passphrase).await?;
|
|
||||||
*state = None;
|
|
||||||
Ok(true)
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Best-effort: install fips.yaml + start archipelago-fips.service after the
|
/// Best-effort: install fips.yaml + start archipelago-fips.service after the
|
||||||
/// seed onboarding has written the fips_key to disk. Runs in a detached task
|
/// seed onboarding has written the fips_key to disk. Runs in a detached task
|
||||||
/// so the user-facing RPC returns immediately — the systemctl calls can take
|
/// so the user-facing RPC returns immediately — the systemctl calls can take
|
||||||
@ -238,17 +208,6 @@ impl RpcHandler {
|
|||||||
let phrase = words.join(" ");
|
let phrase = words.join(" ");
|
||||||
let (_mnemonic, seed) = crate::seed::MasterSeed::from_mnemonic_words(&phrase)?;
|
let (_mnemonic, seed) = crate::seed::MasterSeed::from_mnemonic_words(&phrase)?;
|
||||||
|
|
||||||
// Stash the restored words like seed.generate does, so auth.setup can
|
|
||||||
// persist the encrypted backup once the user's password exists and
|
|
||||||
// "Reveal recovery phrase" works on restored nodes too.
|
|
||||||
{
|
|
||||||
let mut state = ONBOARDING_MNEMONIC.lock().await;
|
|
||||||
*state = Some(OnboardingMnemonicState {
|
|
||||||
words: phrase.clone(),
|
|
||||||
created_at: std::time::Instant::now(),
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
// Derive and write node Ed25519 key.
|
// Derive and write node Ed25519 key.
|
||||||
let identity_dir = self.config.data_dir.join("identity");
|
let identity_dir = self.config.data_dir.join("identity");
|
||||||
crate::identity::NodeIdentity::from_seed(&identity_dir, &seed).await?;
|
crate::identity::NodeIdentity::from_seed(&identity_dir, &seed).await?;
|
||||||
|
|||||||
@ -47,17 +47,6 @@ impl RpcHandler {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// Keep the self-signed HTTPS cert's SAN in sync with the new hostname —
|
|
||||||
// best-effort, never blocks the rename itself. Without this the cert
|
|
||||||
// stays pinned to whatever name was set at install time, so browsers
|
|
||||||
// hit a hostname-mismatch warning on top of the usual self-signed one
|
|
||||||
// the moment a node is renamed.
|
|
||||||
if hostname_updated {
|
|
||||||
if let Err(e) = regenerate_tls_cert(&hostname).await {
|
|
||||||
warn!(hostname = %hostname, "TLS cert regen after rename failed: {}", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
info!("Server name updated to: {}", name);
|
info!("Server name updated to: {}", name);
|
||||||
|
|
||||||
// Push the new name to federation peers in background
|
// Push the new name to federation peers in background
|
||||||
@ -77,70 +66,6 @@ impl RpcHandler {
|
|||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// server.set-location — Set this node's own lat/lon + whether to share
|
|
||||||
/// it with trusted federation peers (for the Mesh Map). `lat`/`lon` are
|
|
||||||
/// optional so a caller can flip `share` off without clearing the saved
|
|
||||||
/// position, or clear the position by passing nulls.
|
|
||||||
pub(in crate::api::rpc) async fn handle_server_set_location(
|
|
||||||
&self,
|
|
||||||
params: Option<serde_json::Value>,
|
|
||||||
) -> Result<serde_json::Value> {
|
|
||||||
let params = params.ok_or_else(|| anyhow::anyhow!("Missing params"))?;
|
|
||||||
let lat = params.get("lat").and_then(|v| v.as_f64());
|
|
||||||
let lon = params.get("lon").and_then(|v| v.as_f64());
|
|
||||||
let share_location = params
|
|
||||||
.get("share")
|
|
||||||
.and_then(|v| v.as_bool())
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing required parameter: share"))?;
|
|
||||||
|
|
||||||
if let (Some(lat), Some(lon)) = (lat, lon) {
|
|
||||||
if !(-90.0..=90.0).contains(&lat) || !(-180.0..=180.0).contains(&lon) {
|
|
||||||
anyhow::bail!("Invalid lat/lon");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let location_file = self.config.data_dir.join("server-location.json");
|
|
||||||
let payload = serde_json::json!({ "lat": lat, "lon": lon, "share_location": share_location });
|
|
||||||
tokio::fs::write(&location_file, serde_json::to_vec(&payload)?)
|
|
||||||
.await
|
|
||||||
.context("Failed to write server location")?;
|
|
||||||
|
|
||||||
let (mut data, _) = self.state_manager.get_snapshot().await;
|
|
||||||
data.server_info.lat = lat;
|
|
||||||
data.server_info.lon = lon;
|
|
||||||
data.server_info.share_location = share_location;
|
|
||||||
self.state_manager.update_data(data).await;
|
|
||||||
|
|
||||||
info!(share_location, "Server location updated");
|
|
||||||
|
|
||||||
// Push the new location to federation peers in background, same as
|
|
||||||
// a rename — trusted peers' next state sync picks it up.
|
|
||||||
let data_dir = self.config.data_dir.clone();
|
|
||||||
let state_manager = self.state_manager.clone();
|
|
||||||
tokio::spawn(async move {
|
|
||||||
if let Err(e) = push_name_to_peers(&data_dir, &state_manager).await {
|
|
||||||
debug!("Federation location push (non-fatal): {}", e);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
Ok(serde_json::json!({ "lat": lat, "lon": lon, "share_location": share_location }))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// system.get-hostname — Current OS hostname + the mDNS `.local` name it
|
|
||||||
/// resolves to on the LAN (avahi-daemon advertises `<hostname>.local`).
|
|
||||||
/// Lets Settings show users where to reach this node over HTTPS for
|
|
||||||
/// features (mic/camera access) that require a secure context.
|
|
||||||
pub(in crate::api::rpc) async fn handle_system_get_hostname(&self) -> Result<serde_json::Value> {
|
|
||||||
let hostname = tokio::fs::read_to_string("/etc/hostname")
|
|
||||||
.await
|
|
||||||
.map(|s| s.trim().to_string())
|
|
||||||
.unwrap_or_else(|_| "archipelago".to_string());
|
|
||||||
Ok(serde_json::json!({
|
|
||||||
"hostname": hostname,
|
|
||||||
"mdns_hostname": format!("{hostname}.local"),
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// system.stats — CPU usage, RAM used/total, disk used/total, uptime, load average
|
/// system.stats — CPU usage, RAM used/total, disk used/total, uptime, load average
|
||||||
pub(in crate::api::rpc) async fn handle_system_stats(&self) -> Result<serde_json::Value> {
|
pub(in crate::api::rpc) async fn handle_system_stats(&self) -> Result<serde_json::Value> {
|
||||||
debug!("Getting system stats");
|
debug!("Getting system stats");
|
||||||
@ -394,63 +319,6 @@ async fn set_system_hostname(hostname: &str) -> Result<()> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Regenerate the self-signed HTTPS cert (`/etc/archipelago/ssl/archipelago.{crt,key}`)
|
|
||||||
/// with a SAN covering `hostname`, `hostname.local`, `localhost`, and 127.0.0.1, then
|
|
||||||
/// reload nginx so it picks up the new cert. Still self-signed (browsers will warn
|
|
||||||
/// on first visit regardless), but avoids stacking a hostname-mismatch warning on
|
|
||||||
/// top once a node has been renamed away from the install-time default.
|
|
||||||
async fn regenerate_tls_cert(hostname: &str) -> Result<()> {
|
|
||||||
let subj = format!("/C=XX/ST=Bitcoin/L=Node/O=Archipelago/CN={hostname}");
|
|
||||||
let san = format!("subjectAltName=DNS:{hostname},DNS:{hostname}.local,DNS:localhost,IP:127.0.0.1");
|
|
||||||
let output = tokio::process::Command::new("/usr/bin/sudo")
|
|
||||||
.args([
|
|
||||||
"-n",
|
|
||||||
"/usr/bin/openssl",
|
|
||||||
"req",
|
|
||||||
"-x509",
|
|
||||||
"-nodes",
|
|
||||||
"-days",
|
|
||||||
"3650",
|
|
||||||
"-newkey",
|
|
||||||
"rsa:2048",
|
|
||||||
"-keyout",
|
|
||||||
"/etc/archipelago/ssl/archipelago.key",
|
|
||||||
"-out",
|
|
||||||
"/etc/archipelago/ssl/archipelago.crt",
|
|
||||||
"-subj",
|
|
||||||
&subj,
|
|
||||||
"-addext",
|
|
||||||
&san,
|
|
||||||
])
|
|
||||||
.output()
|
|
||||||
.await
|
|
||||||
.context("Failed to run openssl")?;
|
|
||||||
|
|
||||||
if !output.status.success() {
|
|
||||||
let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
|
|
||||||
anyhow::bail!(
|
|
||||||
"{}",
|
|
||||||
if stderr.is_empty() {
|
|
||||||
"openssl cert regen failed".to_string()
|
|
||||||
} else {
|
|
||||||
stderr
|
|
||||||
}
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
let reload = tokio::process::Command::new("/usr/bin/sudo")
|
|
||||||
.args(["-n", "/usr/bin/systemctl", "reload", "nginx"])
|
|
||||||
.output()
|
|
||||||
.await
|
|
||||||
.context("Failed to reload nginx")?;
|
|
||||||
if !reload.status.success() {
|
|
||||||
let stderr = String::from_utf8_lossy(&reload.stderr).trim().to_string();
|
|
||||||
anyhow::bail!("nginx reload failed: {}", stderr);
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
impl RpcHandler {
|
impl RpcHandler {
|
||||||
/// system.factory-reset — Wipe all user data, remove containers, and restart.
|
/// system.factory-reset — Wipe all user data, remove containers, and restart.
|
||||||
/// Only preserves the data_dir itself (recreated empty on restart).
|
/// Only preserves the data_dir itself (recreated empty on restart).
|
||||||
|
|||||||
@ -1,33 +1,12 @@
|
|||||||
use super::RpcHandler;
|
use super::RpcHandler;
|
||||||
use crate::wallet::{ecash, fedimint_client, profits};
|
use crate::wallet::{ecash, profits};
|
||||||
use anyhow::Result;
|
use anyhow::Result;
|
||||||
|
|
||||||
/// A Cashu token (NUT-00 `cashuA`/`cashuB`, or our legacy `cashuSend_` form)
|
|
||||||
/// always starts with `cashu`. Fedimint ecash notes never do, so a non-`cashu`
|
|
||||||
/// string is routed to the Fedimint reissue path.
|
|
||||||
fn is_cashu_token(token: &str) -> bool {
|
|
||||||
token.trim_start().starts_with("cashu")
|
|
||||||
}
|
|
||||||
|
|
||||||
impl RpcHandler {
|
impl RpcHandler {
|
||||||
pub(super) async fn handle_wallet_ecash_balance(&self) -> Result<serde_json::Value> {
|
pub(super) async fn handle_wallet_ecash_balance(&self) -> Result<serde_json::Value> {
|
||||||
let wallet = ecash::load_wallet(&self.config.data_dir).await?;
|
let wallet = ecash::load_wallet(&self.config.data_dir).await?;
|
||||||
let cashu_sats = wallet.balance();
|
|
||||||
// Spendable Fedimint balance too, so callers (e.g. the pay-for-file
|
|
||||||
// pre-check) see funds available across BOTH backends (#3). Best-effort:
|
|
||||||
// if fmcd isn't installed/joined this is just 0, never an error.
|
|
||||||
let fedimint_sats =
|
|
||||||
match fedimint_client::FedimintClient::from_node(&self.config.data_dir).await {
|
|
||||||
Ok(client) => client.total_balance_sats().await.unwrap_or(0),
|
|
||||||
Err(_) => 0,
|
|
||||||
};
|
|
||||||
Ok(serde_json::json!({
|
Ok(serde_json::json!({
|
||||||
// `balance_sats` stays Cashu-only for back-compat; `total_sats` is the
|
"balance_sats": wallet.balance(),
|
||||||
// spendable amount across Cashu + Fedimint.
|
|
||||||
"balance_sats": cashu_sats,
|
|
||||||
"cashu_sats": cashu_sats,
|
|
||||||
"fedimint_sats": fedimint_sats,
|
|
||||||
"total_sats": cashu_sats + fedimint_sats,
|
|
||||||
"proof_count": wallet.proofs.iter().filter(|p| !p.spent && !p.reserved).count(),
|
"proof_count": wallet.proofs.iter().filter(|p| !p.spent && !p.reserved).count(),
|
||||||
"mint_url": wallet.mint_url,
|
"mint_url": wallet.mint_url,
|
||||||
}))
|
}))
|
||||||
@ -150,42 +129,18 @@ impl RpcHandler {
|
|||||||
let token = params
|
let token = params
|
||||||
.get("token")
|
.get("token")
|
||||||
.and_then(|v| v.as_str())
|
.and_then(|v| v.as_str())
|
||||||
.map(str::trim)
|
|
||||||
.filter(|s| !s.is_empty())
|
|
||||||
.ok_or_else(|| anyhow::anyhow!("Missing token"))?;
|
.ok_or_else(|| anyhow::anyhow!("Missing token"))?;
|
||||||
|
|
||||||
// Dual-ecash: one "Receive ecash" box accepts either a Cashu token
|
let amount = ecash::receive_token(&self.config.data_dir, token).await?;
|
||||||
// (redeemed at the mint) or Fedimint notes (reissued via the fmcd
|
|
||||||
// sidecar). Detect by prefix and route accordingly.
|
|
||||||
if is_cashu_token(token) {
|
|
||||||
let amount = ecash::receive_token(&self.config.data_dir, token).await?;
|
|
||||||
return Ok(serde_json::json!({
|
|
||||||
"received_sats": amount,
|
|
||||||
"kind": "cashu",
|
|
||||||
}));
|
|
||||||
}
|
|
||||||
|
|
||||||
let (amount, federation_id) =
|
|
||||||
fedimint_client::reissue_into_any(&self.config.data_dir, token).await?;
|
|
||||||
Ok(serde_json::json!({
|
Ok(serde_json::json!({
|
||||||
"received_sats": amount,
|
"received_sats": amount,
|
||||||
"kind": "fedimint",
|
|
||||||
"federation_id": federation_id,
|
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(super) async fn handle_wallet_ecash_history(&self) -> Result<serde_json::Value> {
|
pub(super) async fn handle_wallet_ecash_history(&self) -> Result<serde_json::Value> {
|
||||||
// Unified history: Cashu transactions (tagged kind="cashu") + the local
|
|
||||||
// Fedimint transaction log (kind="fedimint"), newest first. Previously
|
|
||||||
// only Cashu was returned, so a Fedimint receive showed up nowhere.
|
|
||||||
let wallet = ecash::load_wallet(&self.config.data_dir).await?;
|
let wallet = ecash::load_wallet(&self.config.data_dir).await?;
|
||||||
let mut transactions = wallet.transactions;
|
|
||||||
transactions.extend(fedimint_client::load_fedimint_txs(&self.config.data_dir).await);
|
|
||||||
// Sort by RFC-3339 timestamp descending (string compare is valid for
|
|
||||||
// same-offset RFC-3339), newest first.
|
|
||||||
transactions.sort_by(|a, b| b.timestamp.cmp(&a.timestamp));
|
|
||||||
Ok(serde_json::json!({
|
Ok(serde_json::json!({
|
||||||
"transactions": transactions,
|
"transactions": wallet.transactions,
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -13,32 +13,14 @@ use std::time::{Duration, SystemTime, UNIX_EPOCH};
|
|||||||
use tokio::sync::RwLock;
|
use tokio::sync::RwLock;
|
||||||
use tracing::{debug, warn};
|
use tracing::{debug, warn};
|
||||||
|
|
||||||
// Poll frequently and recover fast so the cached snapshot tracks bitcoind's
|
const CACHE_REFRESH_SECS: u64 = 10;
|
||||||
// responsive windows during IBD. During heavy block-connection, getblockchaininfo
|
const CACHE_ERROR_BACKOFF_SECS: u64 = 15;
|
||||||
// can block briefly; a slow 10s/15s/20s cadence let one missed poll age the
|
|
||||||
// snapshot past the UI's 30s "stale" threshold, so the UI dwelled on
|
|
||||||
// "reconnecting…" long after bitcoind was answering again. Tight cadence + short
|
|
||||||
// timeout keeps last-known state fresh and clears the stale banner promptly.
|
|
||||||
const CACHE_REFRESH_SECS: u64 = 5;
|
|
||||||
const CACHE_ERROR_BACKOFF_SECS: u64 = 5;
|
|
||||||
|
|
||||||
// Grace window before a failing poll marks the snapshot "stale" for the UI.
|
|
||||||
// On a busy / swap-thrashing node (e.g. .198) getblockchaininfo intermittently
|
|
||||||
// exceeds the RPC timeout, so a single missed poll is normal and must NOT flip
|
|
||||||
// the UI to "reconnecting…". Only after the cached snapshot is genuinely old —
|
|
||||||
// several polls failed in a row — do we surface the banner.
|
|
||||||
const STALE_GRACE_MS: u64 = 20_000;
|
|
||||||
|
|
||||||
#[derive(Debug, Clone, Serialize)]
|
#[derive(Debug, Clone, Serialize)]
|
||||||
pub struct BitcoinNodeStatus {
|
pub struct BitcoinNodeStatus {
|
||||||
pub ok: bool,
|
pub ok: bool,
|
||||||
pub stale: bool,
|
pub stale: bool,
|
||||||
pub updated_at_ms: u64,
|
pub updated_at_ms: u64,
|
||||||
// Server-computed age of the snapshot, filled in at serve time. The browser
|
|
||||||
// must not derive this itself (Date.now() - updated_at_ms) because that
|
|
||||||
// compares the browser clock against this node's clock — any skew made a
|
|
||||||
// fresh snapshot look stale and the "reconnecting…" banner never cleared.
|
|
||||||
pub age_ms: u64,
|
|
||||||
pub error: Option<String>,
|
pub error: Option<String>,
|
||||||
pub blockchain_info: Option<serde_json::Value>,
|
pub blockchain_info: Option<serde_json::Value>,
|
||||||
pub network_info: Option<serde_json::Value>,
|
pub network_info: Option<serde_json::Value>,
|
||||||
@ -52,7 +34,6 @@ impl Default for BitcoinNodeStatus {
|
|||||||
ok: false,
|
ok: false,
|
||||||
stale: false,
|
stale: false,
|
||||||
updated_at_ms: 0,
|
updated_at_ms: 0,
|
||||||
age_ms: 0,
|
|
||||||
error: Some("Connecting to Bitcoin node...".to_string()),
|
error: Some("Connecting to Bitcoin node...".to_string()),
|
||||||
blockchain_info: None,
|
blockchain_info: None,
|
||||||
network_info: None,
|
network_info: None,
|
||||||
@ -101,45 +82,19 @@ fn friendly_transient_error(has_cached_state: bool, err_msg: &str) -> String {
|
|||||||
.trim_end_matches('.');
|
.trim_end_matches('.');
|
||||||
let lower = detail.to_lowercase();
|
let lower = detail.to_lowercase();
|
||||||
let state = if lower.contains("verifying blocks") {
|
let state = if lower.contains("verifying blocks") {
|
||||||
Some("verifying blocks after restart")
|
"verifying blocks after restart"
|
||||||
} else if lower.contains("connection reset") {
|
|
||||||
Some("starting up and not yet accepting RPC connections")
|
|
||||||
} else if lower.contains("connection refused") || lower.contains("tcp connect error") {
|
} else if lower.contains("connection refused") || lower.contains("tcp connect error") {
|
||||||
Some("waiting for the Bitcoin RPC listener")
|
"waiting for the Bitcoin RPC listener"
|
||||||
} else if lower.contains("timed out") || lower.contains("timeout") {
|
} else if lower.contains("timed out") || lower.contains("timeout") {
|
||||||
Some("busy and not answering RPC before the timeout")
|
"busy and not answering RPC before the timeout"
|
||||||
} else {
|
} else {
|
||||||
None
|
"starting or busy syncing"
|
||||||
};
|
};
|
||||||
|
|
||||||
// Recognized transient causes get a clean human sentence only — the raw
|
if has_cached_state {
|
||||||
// transport error (URLs, repeated "os error 104" chains) is operator
|
format!("Bitcoin node is {state}; showing last known state and retrying. Detail: {detail}")
|
||||||
// noise that was ending up verbatim on the app card. Unrecognized errors
|
|
||||||
// keep a bounded detail so a genuinely new failure stays diagnosable.
|
|
||||||
let (state, detail) = match state {
|
|
||||||
Some(state) => (state, None),
|
|
||||||
None => (
|
|
||||||
"starting or busy syncing",
|
|
||||||
Some(if detail.len() > 120 {
|
|
||||||
let mut cut = 120;
|
|
||||||
while !detail.is_char_boundary(cut) {
|
|
||||||
cut -= 1;
|
|
||||||
}
|
|
||||||
format!("{}…", &detail[..cut])
|
|
||||||
} else {
|
|
||||||
detail.to_string()
|
|
||||||
}),
|
|
||||||
),
|
|
||||||
};
|
|
||||||
|
|
||||||
let base = if has_cached_state {
|
|
||||||
format!("Bitcoin node is {state}; showing last known state and retrying.")
|
|
||||||
} else {
|
} else {
|
||||||
format!("Bitcoin node is {state}; retrying automatically.")
|
format!("Bitcoin node is {state}; retrying automatically. Detail: {detail}")
|
||||||
};
|
|
||||||
match detail {
|
|
||||||
Some(detail) => format!("{base} Detail: {detail}"),
|
|
||||||
None => base,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -167,11 +122,7 @@ pub fn spawn_status_cache() {
|
|||||||
|
|
||||||
if cached.blockchain_info.is_some() {
|
if cached.blockchain_info.is_some() {
|
||||||
cached.ok = false;
|
cached.ok = false;
|
||||||
// Only flip to "stale" once the last good snapshot is older
|
cached.stale = true;
|
||||||
// than the grace window. A brief RPC gap on a busy node keeps
|
|
||||||
// showing last-known state silently instead of a banner flicker.
|
|
||||||
let snapshot_age_ms = now_ms().saturating_sub(cached.updated_at_ms);
|
|
||||||
cached.stale = snapshot_age_ms > STALE_GRACE_MS;
|
|
||||||
cached.error = Some(friendly_transient_error(true, &err_msg));
|
cached.error = Some(friendly_transient_error(true, &err_msg));
|
||||||
} else {
|
} else {
|
||||||
*cached = BitcoinNodeStatus {
|
*cached = BitcoinNodeStatus {
|
||||||
@ -191,46 +142,40 @@ pub fn spawn_status_cache() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub async fn get_bitcoin_status() -> BitcoinNodeStatus {
|
pub async fn get_bitcoin_status() -> BitcoinNodeStatus {
|
||||||
let mut status = cache().read().await.clone();
|
cache().read().await.clone()
|
||||||
// Compute age here (server clock only) so the browser never has to subtract
|
|
||||||
// across clocks. A successful snapshot serves age_ms ≈ 0 → the UI clears the
|
|
||||||
// "reconnecting…" banner on its very next poll regardless of browser-clock skew.
|
|
||||||
if status.updated_at_ms > 0 {
|
|
||||||
status.age_ms = now_ms().saturating_sub(status.updated_at_ms);
|
|
||||||
}
|
|
||||||
status
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn fetch_bitcoin_status() -> Result<BitcoinNodeStatus> {
|
async fn fetch_bitcoin_status() -> Result<BitcoinNodeStatus> {
|
||||||
// 12s (not 8s): on a swap-thrashing node getblockchaininfo can answer slowly
|
|
||||||
// but correctly; too tight a timeout turned working-but-slow polls into
|
|
||||||
// failures and tripped the "reconnecting…" banner. Stays under STALE_GRACE_MS.
|
|
||||||
let client = reqwest::Client::builder()
|
let client = reqwest::Client::builder()
|
||||||
.timeout(Duration::from_secs(12))
|
.timeout(Duration::from_secs(20))
|
||||||
.build()
|
.build()
|
||||||
.context("build Bitcoin status HTTP client")?;
|
.context("build Bitcoin status HTTP client")?;
|
||||||
|
|
||||||
// Fetch all four calls concurrently: getblockchaininfo gates freshness, so a
|
let blockchain_info = bitcoin_rpc_call(&client, "getblockchaininfo", serde_json::json!([]))
|
||||||
// slow auxiliary call (network/index/zmq) must not delay the snapshot or block
|
.await
|
||||||
// the next refresh. Only getblockchaininfo failing marks the status stale.
|
.context("getblockchaininfo")?;
|
||||||
let (blockchain_info, network_info, index_info, zmq_notifications) = tokio::join!(
|
let network_info = bitcoin_rpc_call(&client, "getnetworkinfo", serde_json::json!([]))
|
||||||
bitcoin_rpc_call(&client, "getblockchaininfo", serde_json::json!([])),
|
.await
|
||||||
bitcoin_rpc_call(&client, "getnetworkinfo", serde_json::json!([])),
|
.context("getnetworkinfo")
|
||||||
bitcoin_rpc_call(&client, "getindexinfo", serde_json::json!([])),
|
.ok();
|
||||||
bitcoin_rpc_call(&client, "getzmqnotifications", serde_json::json!([])),
|
let index_info = bitcoin_rpc_call(&client, "getindexinfo", serde_json::json!([]))
|
||||||
);
|
.await
|
||||||
let blockchain_info = blockchain_info.context("getblockchaininfo")?;
|
.context("getindexinfo")
|
||||||
|
.ok();
|
||||||
|
let zmq_notifications = bitcoin_rpc_call(&client, "getzmqnotifications", serde_json::json!([]))
|
||||||
|
.await
|
||||||
|
.context("getzmqnotifications")
|
||||||
|
.ok();
|
||||||
|
|
||||||
Ok(BitcoinNodeStatus {
|
Ok(BitcoinNodeStatus {
|
||||||
ok: true,
|
ok: true,
|
||||||
stale: false,
|
stale: false,
|
||||||
updated_at_ms: now_ms(),
|
updated_at_ms: now_ms(),
|
||||||
age_ms: 0,
|
|
||||||
error: None,
|
error: None,
|
||||||
blockchain_info: Some(blockchain_info),
|
blockchain_info: Some(blockchain_info),
|
||||||
network_info: network_info.ok(),
|
network_info,
|
||||||
index_info: index_info.ok(),
|
index_info,
|
||||||
zmq_notifications: zmq_notifications.ok(),
|
zmq_notifications,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -304,39 +249,4 @@ mod tests {
|
|||||||
|
|
||||||
assert!(msg.contains("busy and not answering RPC before the timeout"));
|
assert!(msg.contains("busy and not answering RPC before the timeout"));
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn connection_reset_gets_clean_message_without_raw_detail() {
|
|
||||||
// The exact string a fresh install showed on the app card: the raw
|
|
||||||
// reqwest chain (URL + repeated "os error 104") must not surface.
|
|
||||||
let msg = friendly_transient_error(
|
|
||||||
false,
|
|
||||||
"getblockchaininfo: Bitcoin RPC request failed: error sending request for url (http://127.0.0.1:8332/): connection error: Connection reset by peer (os error 104): connection error: Connection reset by peer (os error 104): Connection reset by peer (os error 104)",
|
|
||||||
);
|
|
||||||
|
|
||||||
assert!(msg.contains("starting up and not yet accepting RPC connections"));
|
|
||||||
assert!(!msg.contains("os error"));
|
|
||||||
assert!(!msg.contains("127.0.0.1"));
|
|
||||||
assert!(!msg.contains("Detail:"));
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn recognized_causes_omit_detail_entirely() {
|
|
||||||
for raw in [
|
|
||||||
"x: Connection refused (os error 111)",
|
|
||||||
"x: operation timed out",
|
|
||||||
r#"x: {"error":{"code":-28,"message":"Verifying blocks..."}}"#,
|
|
||||||
] {
|
|
||||||
let msg = friendly_transient_error(false, raw);
|
|
||||||
assert!(!msg.contains("Detail:"), "leaked detail for: {raw}");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn unknown_errors_keep_bounded_detail() {
|
|
||||||
let long = format!("weird new failure {}", "x".repeat(300));
|
|
||||||
let msg = friendly_transient_error(false, &long);
|
|
||||||
assert!(msg.contains("Detail: weird new failure"));
|
|
||||||
assert!(msg.len() < 260);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -39,16 +39,6 @@ const KIOSK_LAUNCHER: &str =
|
|||||||
const KIOSK_SERVICE_PATH: &str = "/etc/systemd/system/archipelago-kiosk.service";
|
const KIOSK_SERVICE_PATH: &str = "/etc/systemd/system/archipelago-kiosk.service";
|
||||||
const KIOSK_LAUNCHER_PATH: &str = "/usr/local/bin/archipelago-kiosk-launcher";
|
const KIOSK_LAUNCHER_PATH: &str = "/usr/local/bin/archipelago-kiosk-launcher";
|
||||||
|
|
||||||
// Journald log-volume policy (size cap + per-service rate limit). Fresh ISOs
|
|
||||||
// write the identical file at build time (image-recipe/_archived/
|
|
||||||
// build-auto-installer-iso.sh); this heals already-deployed nodes via OTA.
|
|
||||||
// A fresh node produced >1 GB/day of journal (bitcoind IBD console spam plus
|
|
||||||
// debug-level backend logging) — the cap bounds disk use and the rate limit
|
|
||||||
// keeps one chatty service from drowning everything else.
|
|
||||||
const JOURNALD_DROPIN: &str =
|
|
||||||
include_str!("../../../image-recipe/configs/journald-archipelago.conf");
|
|
||||||
const JOURNALD_DROPIN_PATH: &str = "/etc/systemd/journald.conf.d/10-archipelago-persistent.conf";
|
|
||||||
|
|
||||||
const NGINX_CONF_PATH: &str = "/etc/nginx/sites-available/archipelago";
|
const NGINX_CONF_PATH: &str = "/etc/nginx/sites-available/archipelago";
|
||||||
const NGINX_ENABLED_CONF_PATH: &str = "/etc/nginx/sites-enabled/archipelago";
|
const NGINX_ENABLED_CONF_PATH: &str = "/etc/nginx/sites-enabled/archipelago";
|
||||||
/// Per-app proxy snippet included by the HTTPS (:443) server block. Carries its
|
/// Per-app proxy snippet included by the HTTPS (:443) server block. Carries its
|
||||||
@ -130,11 +120,6 @@ pub async fn ensure_doctor_installed() {
|
|||||||
Ok(false) => debug!("Bitcoin RPC bind settings already usable"),
|
Ok(false) => debug!("Bitcoin RPC bind settings already usable"),
|
||||||
Err(e) => warn!("Bitcoin RPC repair failed (non-fatal): {:#}", e),
|
Err(e) => warn!("Bitcoin RPC repair failed (non-fatal): {:#}", e),
|
||||||
}
|
}
|
||||||
match run_journald_dropin().await {
|
|
||||||
Ok(true) => info!("Installed journald log-volume policy drop-in"),
|
|
||||||
Ok(false) => debug!("journald log-volume policy already in place"),
|
|
||||||
Err(e) => warn!("journald drop-in bootstrap failed (non-fatal): {:#}", e),
|
|
||||||
}
|
|
||||||
match tighten_secrets_dir().await {
|
match tighten_secrets_dir().await {
|
||||||
Ok(n) if n > 0 => info!(tightened = n, "Tightened mode on secret files"),
|
Ok(n) if n > 0 => info!(tightened = n, "Tightened mode on secret files"),
|
||||||
Ok(_) => debug!("Secrets directory already at expected mode"),
|
Ok(_) => debug!("Secrets directory already at expected mode"),
|
||||||
@ -423,14 +408,6 @@ ensure_line() {
|
|||||||
ensure_line server=1
|
ensure_line server=1
|
||||||
ensure_line rpcallowip=0.0.0.0/0
|
ensure_line rpcallowip=0.0.0.0/0
|
||||||
ensure_line listen=1
|
ensure_line listen=1
|
||||||
# Log-volume fix: printtoconsole=1 duplicated every log line (incl. per-block
|
|
||||||
# IBD "UpdateTip" spam) into journald via conmon on top of the datadir
|
|
||||||
# debug.log bitcoind already writes. Console off; debug.log stays (bitcoind
|
|
||||||
# self-shrinks it on restart).
|
|
||||||
if grep -q '^printtoconsole=1' "$conf"; then
|
|
||||||
sed -i 's/^printtoconsole=1$/printtoconsole=0/' "$conf"
|
|
||||||
changed=1
|
|
||||||
fi
|
|
||||||
[ "$changed" -eq 0 ] && exit 0
|
[ "$changed" -eq 0 ] && exit 0
|
||||||
exit 2
|
exit 2
|
||||||
"#;
|
"#;
|
||||||
@ -451,44 +428,6 @@ exit 2
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Install the journald log-volume policy drop-in (JOURNALD_DROPIN) so nodes
|
|
||||||
/// deployed before the ISO shipped it get the size cap + rate limit via OTA.
|
|
||||||
/// Idempotent; restarts journald only when the file actually changed (safe:
|
|
||||||
/// the sockets are held by pid1, so at most a few messages queue briefly).
|
|
||||||
async fn run_journald_dropin() -> Result<bool> {
|
|
||||||
// Same dev-box guards as the doctor bootstrap: never touch /etc on
|
|
||||||
// contributors' laptops (symlinked or absent /home/archipelago/archy).
|
|
||||||
let home_archy = Path::new("/home/archipelago/archy");
|
|
||||||
if fs::symlink_metadata(home_archy)
|
|
||||||
.await
|
|
||||||
.map(|m| m.file_type().is_symlink())
|
|
||||||
.unwrap_or(false)
|
|
||||||
{
|
|
||||||
debug!("/home/archipelago/archy is a symlink — skipping journald bootstrap (dev box)");
|
|
||||||
return Ok(false);
|
|
||||||
}
|
|
||||||
if fs::metadata(home_archy).await.is_err() {
|
|
||||||
debug!("/home/archipelago/archy missing — skipping journald bootstrap");
|
|
||||||
return Ok(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
let dropin_dir = "/etc/systemd/journald.conf.d";
|
|
||||||
let status = host_sudo(&["mkdir", "-p", dropin_dir])
|
|
||||||
.await
|
|
||||||
.with_context(|| format!("mkdir {}", dropin_dir))?;
|
|
||||||
if !status.success() {
|
|
||||||
anyhow::bail!("mkdir {} exited with {}", dropin_dir, status);
|
|
||||||
}
|
|
||||||
|
|
||||||
let changed = write_root_if_needed(JOURNALD_DROPIN_PATH, JOURNALD_DROPIN).await?;
|
|
||||||
if changed {
|
|
||||||
if let Err(e) = host_sudo(&["systemctl", "restart", "systemd-journald"]).await {
|
|
||||||
warn!("journald restart after drop-in update failed: {:#}", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Ok(changed)
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn run() -> Result<bool> {
|
async fn run() -> Result<bool> {
|
||||||
// Dev-box guard: on contributors' laptops `/home/archipelago/archy` is
|
// Dev-box guard: on contributors' laptops `/home/archipelago/archy` is
|
||||||
// typically a symlink into the git checkout, and writing through it
|
// typically a symlink into the git checkout, and writing through it
|
||||||
|
|||||||
@ -19,11 +19,6 @@
|
|||||||
//! Sign a JSON document (e.g. releases/app-catalog.json) in place: insert
|
//! Sign a JSON document (e.g. releases/app-catalog.json) in place: insert
|
||||||
//! `signature` + `signed_by` over the canonical form, matching exactly
|
//! `signature` + `signed_by` over the canonical form, matching exactly
|
||||||
//! what `trust::verify_detached` recomputes on every node.
|
//! what `trust::verify_detached` recomputes on every node.
|
||||||
//!
|
|
||||||
//! archipelago ceremony verify <file.json>
|
|
||||||
//! Verify a signed JSON document against the compiled-in release-root
|
|
||||||
//! anchor. Exits non-zero unless the signature verifies AND the signer
|
|
||||||
//! is the pinned anchor. Needs no mnemonic — used as the publish gate.
|
|
||||||
//! ```
|
//! ```
|
||||||
|
|
||||||
use anyhow::{bail, Context, Result};
|
use anyhow::{bail, Context, Result};
|
||||||
@ -52,15 +47,9 @@ pub fn run() -> Result<()> {
|
|||||||
.context("usage: archipelago ceremony sign <file.json>")?;
|
.context("usage: archipelago ceremony sign <file.json>")?;
|
||||||
cmd_sign(&file)
|
cmd_sign(&file)
|
||||||
}
|
}
|
||||||
"verify" => {
|
|
||||||
let file = std::env::args()
|
|
||||||
.nth(3)
|
|
||||||
.context("usage: archipelago ceremony verify <file.json>")?;
|
|
||||||
cmd_verify(&file)
|
|
||||||
}
|
|
||||||
other => {
|
other => {
|
||||||
bail!(
|
bail!(
|
||||||
"unknown ceremony subcommand {:?}; expected gen | pubkey | sign <file> | verify <file>",
|
"unknown ceremony subcommand {:?}; expected gen | pubkey | sign <file>",
|
||||||
other
|
other
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@ -118,33 +107,6 @@ fn cmd_sign(path: &str) -> Result<()> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn cmd_verify(path: &str) -> Result<()> {
|
|
||||||
let body = std::fs::read_to_string(path).with_context(|| format!("read {path}"))?;
|
|
||||||
let value: serde_json::Value =
|
|
||||||
serde_json::from_str(&body).with_context(|| format!("parse {path} as JSON"))?;
|
|
||||||
match signed_doc::verify_detached(&value)? {
|
|
||||||
signed_doc::SignatureStatus::Verified {
|
|
||||||
signer_did,
|
|
||||||
anchored: true,
|
|
||||||
} => {
|
|
||||||
eprintln!("✓ {path} verified — signed by the pinned release root");
|
|
||||||
eprintln!(" signed_by: {signer_did}");
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
signed_doc::SignatureStatus::Verified {
|
|
||||||
signer_did,
|
|
||||||
anchored: false,
|
|
||||||
} => {
|
|
||||||
// Only reachable if no anchor is compiled in/overridden — the
|
|
||||||
// signature is self-consistent but proves nothing about identity.
|
|
||||||
bail!("{path} signed by {signer_did}, but no release-root anchor is pinned to compare against")
|
|
||||||
}
|
|
||||||
signed_doc::SignatureStatus::Unsigned => {
|
|
||||||
bail!("{path} is NOT signed (no `signature` field)")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Derive the release-root signing key from the mnemonic in env/stdin.
|
/// Derive the release-root signing key from the mnemonic in env/stdin.
|
||||||
fn load_release_root_key() -> Result<SigningKey> {
|
fn load_release_root_key() -> Result<SigningKey> {
|
||||||
let phrase = read_mnemonic()?;
|
let phrase = read_mnemonic()?;
|
||||||
|
|||||||
@ -66,7 +66,7 @@ pub struct Config {
|
|||||||
/// through Quadlet (`.container` units in ~/.config/containers/systemd
|
/// through Quadlet (`.container` units in ~/.config/containers/systemd
|
||||||
/// + systemctl --user start) instead of `podman create + start`. Default
|
/// + systemctl --user start) instead of `podman create + start`. Default
|
||||||
/// off so the legacy path stays the production path until the harness
|
/// off so the legacy path stays the production path until the harness
|
||||||
/// at tests/lifecycle/run-gate.sh has gone green against the new path
|
/// at tests/lifecycle/run-20x.sh has gone green against the new path
|
||||||
/// on .228 + .198. See `project_v1_7_52_phase3_quadlet_design`.
|
/// on .228 + .198. See `project_v1_7_52_phase3_quadlet_design`.
|
||||||
#[serde(default)]
|
#[serde(default)]
|
||||||
pub use_quadlet_backends: bool,
|
pub use_quadlet_backends: bool,
|
||||||
@ -487,7 +487,7 @@ mod tests {
|
|||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_config_use_quadlet_backends_defaults_off() {
|
fn test_config_use_quadlet_backends_defaults_off() {
|
||||||
// Phase 3.2 of v1.7.52 — the new path stays gated until the 5×
|
// Phase 3.2 of v1.7.52 — the new path stays gated until the 20×
|
||||||
// harness goes green on .228 and .198. Flipping this default
|
// harness goes green on .228 and .198. Flipping this default
|
||||||
// ahead of that would route every backend install through code
|
// ahead of that would route every backend install through code
|
||||||
// we haven't fleet-validated yet.
|
// we haven't fleet-validated yet.
|
||||||
|
|||||||
@ -86,44 +86,6 @@ pub struct AppCatalogEntry {
|
|||||||
/// Optional human-readable changelog lines for this version.
|
/// Optional human-readable changelog lines for this version.
|
||||||
#[serde(default, skip_serializing_if = "Vec::is_empty")]
|
#[serde(default, skip_serializing_if = "Vec::is_empty")]
|
||||||
pub changelog: Vec<String>,
|
pub changelog: Vec<String>,
|
||||||
/// Multi-version support (`docs/bitcoin-multi-version-design.md`): the bounded
|
|
||||||
/// set of versions a user may install or switch to for this app. Empty for
|
|
||||||
/// single-version apps; `version`/`image` above remain the default/latest for
|
|
||||||
/// back-compat. Old nodes ignore this field (no `deny_unknown_fields`).
|
|
||||||
#[serde(default, skip_serializing_if = "Vec::is_empty")]
|
|
||||||
pub versions: Vec<CatalogVersion>,
|
|
||||||
/// Full app manifest, embedded so the app installs from the registry alone —
|
|
||||||
/// no OTA-shipped `apps/<id>/manifest.yml`. Carried as the raw value the
|
|
||||||
/// publisher signed (so it stays part of the verified preimage) and
|
|
||||||
/// deserialized into an `AppManifest` by the orchestrator at load time, where
|
|
||||||
/// it overrides the disk manifest (origin-wins). Absent during the migration
|
|
||||||
/// window => the node falls back to the disk manifest. See
|
|
||||||
/// `docs/registry-manifest-design.md`.
|
|
||||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
|
||||||
pub manifest: Option<serde_json::Value>,
|
|
||||||
}
|
|
||||||
|
|
||||||
/// One selectable version in an app's `versions[]` list. The catalog carries a
|
|
||||||
/// curated, bounded set (current + a few majors back); see
|
|
||||||
/// `docs/bitcoin-multi-version-design.md` §3 Phase 1.
|
|
||||||
#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
|
|
||||||
pub struct CatalogVersion {
|
|
||||||
/// User-facing + tag-matching version string (e.g. `31.0`,
|
|
||||||
/// `29.3.knots20260508`). Treated as the image tag.
|
|
||||||
pub version: String,
|
|
||||||
/// Concrete image reference for this version. When omitted the orchestrator
|
|
||||||
/// falls back to composing `<default-repo>:<version>` from the entry image.
|
|
||||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
|
||||||
pub image: Option<String>,
|
|
||||||
/// Marks the default / latest version pre-selected in the install modal.
|
|
||||||
#[serde(default, skip_serializing_if = "std::ops::Not::not")]
|
|
||||||
pub default: bool,
|
|
||||||
/// Deprecated versions are still installable but badged in the UI.
|
|
||||||
#[serde(default, skip_serializing_if = "std::ops::Not::not")]
|
|
||||||
pub deprecated: bool,
|
|
||||||
/// Optional end-of-life date (YYYY-MM-DD), surfaced in the UI.
|
|
||||||
#[serde(default, skip_serializing_if = "Option::is_none")]
|
|
||||||
pub eol: Option<String>,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Read-side cache file search order. Mirrors `image_versions.rs`: the running
|
/// Read-side cache file search order. Mirrors `image_versions.rs`: the running
|
||||||
@ -204,78 +166,6 @@ pub fn catalog_stack_images(app_id: &str) -> HashMap<String, String> {
|
|||||||
entry_for(app_id).and_then(|e| e.images).unwrap_or_default()
|
entry_for(app_id).and_then(|e| e.images).unwrap_or_default()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// All `(app_id, manifest-value)` pairs the registry catalog carries. The
|
|
||||||
/// orchestrator deserializes + validates each into an `AppManifest` and prefers
|
|
||||||
/// it over the disk manifest (origin-wins); disk remains the migration fallback.
|
|
||||||
/// Empty when the catalog is absent or no entry embeds a manifest.
|
|
||||||
pub fn catalog_manifest_values() -> Vec<(String, serde_json::Value)> {
|
|
||||||
load_catalog()
|
|
||||||
.apps
|
|
||||||
.into_iter()
|
|
||||||
.filter_map(|(id, e)| e.manifest.map(|m| (id, m)))
|
|
||||||
.collect()
|
|
||||||
}
|
|
||||||
|
|
||||||
/// The catalog's default/latest version string for an app (the top-level
|
|
||||||
/// `version` field), if covered. Used to decide whether an install-time
|
|
||||||
/// selection should pin (older) or track-latest (default).
|
|
||||||
pub fn catalog_default_version(app_id: &str) -> Option<String> {
|
|
||||||
entry_for(app_id)
|
|
||||||
.map(|e| e.version)
|
|
||||||
.filter(|v| !v.is_empty())
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Curated, selectable versions for an app per the remote catalog. Empty when
|
|
||||||
/// the catalog is absent or the app is single-version. The default entry (if
|
|
||||||
/// any) sorts first so callers can pre-select it.
|
|
||||||
pub fn catalog_versions(app_id: &str) -> Vec<CatalogVersion> {
|
|
||||||
let mut versions = entry_for(app_id).map(|e| e.versions).unwrap_or_default();
|
|
||||||
versions.sort_by_key(|v| !v.default); // default first, stable otherwise
|
|
||||||
versions
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Resolve the image for a specific selectable `version` of `app_id`, validated
|
|
||||||
/// same-repo against `manifest_image` (the same guard `catalog_image_override`
|
|
||||||
/// applies). The version's explicit `image` is used when present; otherwise the
|
|
||||||
/// repo of `manifest_image` is retagged with `version`. Returns `None` when the
|
|
||||||
/// version is unknown or would point at a different repository — the caller then
|
|
||||||
/// keeps the default resolution and the switch is refused upstream.
|
|
||||||
pub fn catalog_image_for_version(
|
|
||||||
app_id: &str,
|
|
||||||
version: &str,
|
|
||||||
manifest_image: &str,
|
|
||||||
) -> Option<String> {
|
|
||||||
let entry = catalog_versions(app_id)
|
|
||||||
.into_iter()
|
|
||||||
.find(|v| v.version == version)?;
|
|
||||||
let manifest_repo =
|
|
||||||
crate::container::image_versions::image_without_registry_or_tag(manifest_image);
|
|
||||||
let candidate = match entry.image {
|
|
||||||
Some(img) => img,
|
|
||||||
None => {
|
|
||||||
// Retag the manifest's full registry/repo with the requested version.
|
|
||||||
let repo = manifest_image
|
|
||||||
.rsplit_once(':')
|
|
||||||
// keep registry:port colons intact: only strip a tag after the last '/'
|
|
||||||
.filter(|(left, _)| left.contains('/'))
|
|
||||||
.map(|(left, _)| left)
|
|
||||||
.unwrap_or(manifest_image);
|
|
||||||
format!("{repo}:{version}")
|
|
||||||
}
|
|
||||||
};
|
|
||||||
let same_repo = crate::container::image_versions::image_without_registry_or_tag(&candidate)
|
|
||||||
== manifest_repo;
|
|
||||||
if same_repo {
|
|
||||||
Some(candidate)
|
|
||||||
} else {
|
|
||||||
warn!(
|
|
||||||
"app-catalog: ignoring version {} for {} — repo mismatch (candidate={}, manifest={})",
|
|
||||||
version, app_id, candidate, manifest_image
|
|
||||||
);
|
|
||||||
None
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Image override for the orchestrator's install/upgrade path. Returns the
|
/// Image override for the orchestrator's install/upgrade path. Returns the
|
||||||
/// catalog's primary image for `app_id` ONLY when it refers to the same
|
/// catalog's primary image for `app_id` ONLY when it refers to the same
|
||||||
/// repository as the manifest's current image — a guard so a catalog typo can
|
/// repository as the manifest's current image — a guard so a catalog typo can
|
||||||
@ -303,12 +193,6 @@ pub fn catalog_image_override(app_id: &str, manifest_image: &str) -> Option<Stri
|
|||||||
/// newer catalog, nor vice-versa). Falls back to the deployed pin only when the
|
/// newer catalog, nor vice-versa). Falls back to the deployed pin only when the
|
||||||
/// catalog is missing or doesn't cover the app.
|
/// catalog is missing or doesn't cover the app.
|
||||||
pub fn available_update_for_app(app_id: &str, running_image: &str) -> Option<String> {
|
pub fn available_update_for_app(app_id: &str, running_image: &str) -> Option<String> {
|
||||||
// A runner-pinned version is an explicit "stay here" choice — never advertise
|
|
||||||
// an update over it (design §3 Phase 3). Auto-update, when enabled, ignores
|
|
||||||
// the pin and is driven by the catalog tick, not this badge.
|
|
||||||
if crate::container::version_config::pinned_version(app_id).is_some() {
|
|
||||||
return None;
|
|
||||||
}
|
|
||||||
if let Some(catalog_image) = catalog_primary_image(app_id) {
|
if let Some(catalog_image) = catalog_primary_image(app_id) {
|
||||||
// Catalog covers this app with a concrete image -> authoritative.
|
// Catalog covers this app with a concrete image -> authoritative.
|
||||||
return crate::container::image_versions::available_update_for_images(
|
return crate::container::image_versions::available_update_for_images(
|
||||||
@ -462,30 +346,6 @@ mod tests {
|
|||||||
assert_eq!(e.digest.as_deref(), Some("blake3:deadbeef"));
|
assert_eq!(e.digest.as_deref(), Some("blake3:deadbeef"));
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn entry_carries_embedded_manifest() {
|
|
||||||
let json = r#"{
|
|
||||||
"schema": 1,
|
|
||||||
"apps": {
|
|
||||||
"demo": {
|
|
||||||
"version": "1.0.0",
|
|
||||||
"manifest": {
|
|
||||||
"app": {
|
|
||||||
"id": "demo",
|
|
||||||
"name": "Demo",
|
|
||||||
"version": "1.0.0",
|
|
||||||
"container": { "image": "registry/demo:1.0.0" }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}"#;
|
|
||||||
let cat: AppCatalog = serde_json::from_str(json).unwrap();
|
|
||||||
let e = cat.apps.get("demo").unwrap();
|
|
||||||
let m = e.manifest.as_ref().expect("manifest present");
|
|
||||||
assert_eq!(m["app"]["id"], "demo");
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn empty_catalog_when_absent_is_default() {
|
fn empty_catalog_when_absent_is_default() {
|
||||||
let cat = AppCatalog::default();
|
let cat = AppCatalog::default();
|
||||||
|
|||||||
@ -96,35 +96,6 @@ impl BootReconciler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Companion self-heal runs on its OWN cadence, decoupled from the
|
|
||||||
// per-app reconcile pass. On a heavily loaded node `reconcile_existing`
|
|
||||||
// over dozens of apps can take well over a minute, which would delay a
|
|
||||||
// companion-unit repair (deleted/lost unit file) past any reasonable
|
|
||||||
// safety window. Detecting + rewriting a companion unit is cheap, so it
|
|
||||||
// gets a dedicated `interval` loop. The handle is aborted when the main
|
|
||||||
// loop exits (shutdown uses `notify_one`, so we must NOT add a second
|
|
||||||
// waiter on `self.shutdown` — it would steal the single wake permit).
|
|
||||||
let companion_handle = if self.companion_stage {
|
|
||||||
let orchestrator = self.orchestrator.clone();
|
|
||||||
let interval = self.interval;
|
|
||||||
Some(tokio::spawn(async move {
|
|
||||||
loop {
|
|
||||||
let installed = orchestrator.manifest_ids().await;
|
|
||||||
for (companion, err) in crate::container::companion::reconcile(&installed).await
|
|
||||||
{
|
|
||||||
tracing::warn!(
|
|
||||||
companion = %companion,
|
|
||||||
error = %err,
|
|
||||||
"companion reconcile failed"
|
|
||||||
);
|
|
||||||
}
|
|
||||||
time::sleep(interval).await;
|
|
||||||
}
|
|
||||||
}))
|
|
||||||
} else {
|
|
||||||
None
|
|
||||||
};
|
|
||||||
|
|
||||||
// Initial pass: no delay.
|
// Initial pass: no delay.
|
||||||
self.tick().await;
|
self.tick().await;
|
||||||
|
|
||||||
@ -140,15 +111,23 @@ impl BootReconciler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(handle) = companion_handle {
|
|
||||||
handle.abort();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn tick(&self) {
|
async fn tick(&self) {
|
||||||
let report = self.orchestrator.reconcile_existing().await;
|
let report = self.orchestrator.reconcile_existing().await;
|
||||||
Self::log_report(&report);
|
Self::log_report(&report);
|
||||||
|
|
||||||
|
if !self.companion_stage {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
let installed = self.orchestrator.manifest_ids().await;
|
||||||
|
for (companion, err) in crate::container::companion::reconcile(&installed).await {
|
||||||
|
tracing::warn!(
|
||||||
|
companion = %companion,
|
||||||
|
error = %err,
|
||||||
|
"companion reconcile failed"
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn log_report(report: &ReconcileReport) {
|
fn log_report(report: &ReconcileReport) {
|
||||||
@ -294,7 +273,7 @@ mod tests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async fn wait_for_status_calls(rt: &CountingRuntime, expected: u32) -> u32 {
|
async fn wait_for_status_calls(rt: &CountingRuntime, expected: u32) -> u32 {
|
||||||
for _ in 0..1000 {
|
for _ in 0..100 {
|
||||||
let count = rt.status_call_count();
|
let count = rt.status_call_count();
|
||||||
if count >= expected {
|
if count >= expected {
|
||||||
return count;
|
return count;
|
||||||
@ -341,10 +320,11 @@ mod tests {
|
|||||||
assert_eq!(wait_for_status_calls(&rt, 1).await, 1);
|
assert_eq!(wait_for_status_calls(&rt, 1).await, 1);
|
||||||
|
|
||||||
tokio::time::sleep(Duration::from_millis(20)).await;
|
tokio::time::sleep(Duration::from_millis(20)).await;
|
||||||
let count = wait_for_status_calls(&rt, 2).await;
|
wait_for_status_calls(&rt, 2).await;
|
||||||
|
|
||||||
assert!(
|
assert_eq!(
|
||||||
count >= 2,
|
rt.status_call_count(),
|
||||||
|
2,
|
||||||
"a second reconcile pass should fire after one interval"
|
"a second reconcile pass should fire after one interval"
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -402,7 +382,9 @@ mod tests {
|
|||||||
assert!(first >= 1, "initial pass should have touched the runtime");
|
assert!(first >= 1, "initial pass should have touched the runtime");
|
||||||
|
|
||||||
tokio::time::sleep(Duration::from_millis(20)).await;
|
tokio::time::sleep(Duration::from_millis(20)).await;
|
||||||
let second = wait_for_status_calls(&rt, first + 1).await;
|
tokio::task::yield_now().await;
|
||||||
|
tokio::task::yield_now().await;
|
||||||
|
let second = rt.status_call_count();
|
||||||
assert!(
|
assert!(
|
||||||
second > first,
|
second > first,
|
||||||
"loop should have fired a second pass after the interval"
|
"loop should have fired a second pass after the interval"
|
||||||
|
|||||||
@ -102,15 +102,8 @@ const LND_UI: &[CompanionSpec] = &[CompanionSpec {
|
|||||||
],
|
],
|
||||||
pre_start: None,
|
pre_start: None,
|
||||||
bind_mounts: &[],
|
bind_mounts: &[],
|
||||||
// Host networking so the app's own nginx can proxy the archipelago backend
|
ports: &[(18083, 80)],
|
||||||
// same-origin (127.0.0.1:5678), exactly like fips-ui / electrs-ui. The
|
host_network: false,
|
||||||
// previous bridge + 18083→80 mapping forced the browser to fetch the
|
|
||||||
// backend cross-origin from the app's port, which depended on the host
|
|
||||||
// nginx route + a CORS Origin/Host match and broke on http-only nodes
|
|
||||||
// (e.g. .116: blank fields, QR "failed to fetch"). The app's nginx now
|
|
||||||
// listens on 18083 directly (NOT 80 — that would collide with host nginx).
|
|
||||||
ports: &[],
|
|
||||||
host_network: true,
|
|
||||||
}];
|
}];
|
||||||
|
|
||||||
const ELECTRS_UI: &[CompanionSpec] = &[CompanionSpec {
|
const ELECTRS_UI: &[CompanionSpec] = &[CompanionSpec {
|
||||||
@ -221,26 +214,13 @@ async fn ensure_image_present(spec: &CompanionSpec) -> Result<String> {
|
|||||||
for dir in spec.build_dir_candidates {
|
for dir in spec.build_dir_candidates {
|
||||||
let dockerfile = PathBuf::from(dir).join("Dockerfile");
|
let dockerfile = PathBuf::from(dir).join("Dockerfile");
|
||||||
if fs::try_exists(&dockerfile).await.unwrap_or(false) {
|
if fs::try_exists(&dockerfile).await.unwrap_or(false) {
|
||||||
// `:local` is a deliberate manual override — never auto-rebuild it.
|
|
||||||
if image_exists(&local_image_compat).await {
|
if image_exists(&local_image_compat).await {
|
||||||
return Ok(local_image_compat);
|
return Ok(local_image_compat);
|
||||||
}
|
}
|
||||||
// Reuse the auto-built `:latest` only when the build context has NOT
|
|
||||||
// changed since it was built. Without this staleness check an
|
|
||||||
// already-present image is reused forever, so edits to the baked-in
|
|
||||||
// context (Dockerfile, nginx.conf, …) never reach the node — this is
|
|
||||||
// exactly why the guardian-CSS nginx fix never reached the fleet.
|
|
||||||
if image_exists(&local_image).await {
|
if image_exists(&local_image).await {
|
||||||
if !context_is_newer_than_image(dir, &local_image).await {
|
return Ok(local_image);
|
||||||
return Ok(local_image);
|
|
||||||
}
|
|
||||||
info!(
|
|
||||||
companion = spec.name,
|
|
||||||
"build context changed since image built; rebuilding {dir}"
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
info!(companion = spec.name, "building locally from {dir}");
|
|
||||||
}
|
}
|
||||||
|
info!(companion = spec.name, "building locally from {dir}");
|
||||||
let out = command_output_with_timeout(
|
let out = command_output_with_timeout(
|
||||||
Command::new("podman").args(["build", "-t", &local_image, dir]),
|
Command::new("podman").args(["build", "-t", &local_image, dir]),
|
||||||
COMPANION_BUILD_TIMEOUT,
|
COMPANION_BUILD_TIMEOUT,
|
||||||
@ -285,15 +265,7 @@ async fn ensure_image_present(spec: &CompanionSpec) -> Result<String> {
|
|||||||
|
|
||||||
async fn image_exists(image: &str) -> bool {
|
async fn image_exists(image: &str) -> bool {
|
||||||
let mut cmd = Command::new("podman");
|
let mut cmd = Command::new("podman");
|
||||||
// Only the exit status matters. WITHOUT a `--format`, `podman image inspect`
|
cmd.args(["image", "inspect", image]);
|
||||||
// prints the image's full multi-KB manifest JSON; `.status()` inherits the
|
|
||||||
// service's stdout, so on a hit that whole blob lands in the journal — once
|
|
||||||
// per companion image, every reconcile pass. That flood spikes journald +
|
|
||||||
// IO and starves the async runtime (UI websocket then drops → "connection
|
|
||||||
// lost"/reconnect). Discard the child's stdout/stderr; we read neither.
|
|
||||||
cmd.args(["image", "inspect", image])
|
|
||||||
.stdout(std::process::Stdio::null())
|
|
||||||
.stderr(std::process::Stdio::null());
|
|
||||||
match tokio::time::timeout(COMPANION_IMAGE_CHECK_TIMEOUT, cmd.status()).await {
|
match tokio::time::timeout(COMPANION_IMAGE_CHECK_TIMEOUT, cmd.status()).await {
|
||||||
Ok(Ok(status)) => status.success(),
|
Ok(Ok(status)) => status.success(),
|
||||||
Ok(Err(err)) => {
|
Ok(Err(err)) => {
|
||||||
@ -307,76 +279,6 @@ async fn image_exists(image: &str) -> bool {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Returns true if any file in the build context `dir` is newer than the
|
|
||||||
/// already-built `image`, signalling the cached image is stale and must be
|
|
||||||
/// rebuilt. Conservative: if either timestamp can't be determined we return
|
|
||||||
/// false (reuse the cache) to avoid rebuild storms on every reconcile pass.
|
|
||||||
async fn context_is_newer_than_image(dir: &str, image: &str) -> bool {
|
|
||||||
let image_created = match image_created_unix(image).await {
|
|
||||||
Some(t) => t,
|
|
||||||
None => return false,
|
|
||||||
};
|
|
||||||
match newest_mtime_unix(PathBuf::from(dir)).await {
|
|
||||||
Some(ctx) => ctx > image_created,
|
|
||||||
None => false,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Build timestamp of `image` as Unix seconds, via `podman image inspect`.
|
|
||||||
async fn image_created_unix(image: &str) -> Option<i64> {
|
|
||||||
let mut cmd = Command::new("podman");
|
|
||||||
cmd.args(["image", "inspect", "--format", "{{.Created.Unix}}", image]);
|
|
||||||
let out = command_output_with_timeout(
|
|
||||||
&mut cmd,
|
|
||||||
COMPANION_IMAGE_CHECK_TIMEOUT,
|
|
||||||
"podman image created time",
|
|
||||||
)
|
|
||||||
.await
|
|
||||||
.ok()?;
|
|
||||||
if !out.status.success() {
|
|
||||||
return None;
|
|
||||||
}
|
|
||||||
String::from_utf8_lossy(&out.stdout)
|
|
||||||
.trim()
|
|
||||||
.parse::<i64>()
|
|
||||||
.ok()
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Newest modification time (Unix seconds) across all files under `dir`,
|
|
||||||
/// walked recursively. Runs on a blocking thread since it touches the fs.
|
|
||||||
async fn newest_mtime_unix(dir: PathBuf) -> Option<i64> {
|
|
||||||
tokio::task::spawn_blocking(move || newest_mtime_blocking(&dir))
|
|
||||||
.await
|
|
||||||
.ok()
|
|
||||||
.flatten()
|
|
||||||
}
|
|
||||||
|
|
||||||
fn newest_mtime_blocking(dir: &std::path::Path) -> Option<i64> {
|
|
||||||
let mut newest: Option<i64> = None;
|
|
||||||
let mut stack = vec![dir.to_path_buf()];
|
|
||||||
while let Some(p) = stack.pop() {
|
|
||||||
let entries = match std::fs::read_dir(&p) {
|
|
||||||
Ok(e) => e,
|
|
||||||
Err(_) => continue,
|
|
||||||
};
|
|
||||||
for entry in entries.flatten() {
|
|
||||||
let meta = match entry.metadata() {
|
|
||||||
Ok(m) => m,
|
|
||||||
Err(_) => continue,
|
|
||||||
};
|
|
||||||
if meta.is_dir() {
|
|
||||||
stack.push(entry.path());
|
|
||||||
} else if let Ok(modified) = meta.modified() {
|
|
||||||
if let Ok(dur) = modified.duration_since(std::time::UNIX_EPOCH) {
|
|
||||||
let secs = dur.as_secs() as i64;
|
|
||||||
newest = Some(newest.map_or(secs, |n| n.max(secs)));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
newest
|
|
||||||
}
|
|
||||||
|
|
||||||
async fn command_output_with_timeout(
|
async fn command_output_with_timeout(
|
||||||
cmd: &mut Command,
|
cmd: &mut Command,
|
||||||
timeout: Duration,
|
timeout: Duration,
|
||||||
@ -537,15 +439,12 @@ mod tests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn lnd_ui_uses_host_network_for_same_origin_backend_proxy() {
|
fn lnd_ui_uses_port_mapping_not_host_port_80() {
|
||||||
// lnd-ui is host-networked (its nginx listens on 18083 directly) so the
|
|
||||||
// app can proxy the archipelago backend same-origin instead of fetching
|
|
||||||
// it cross-origin from its app port — see the spec comment for why.
|
|
||||||
let spec = &LND_UI[0];
|
let spec = &LND_UI[0];
|
||||||
let u = build_unit(spec, "localhost/lnd-ui:latest");
|
let u = build_unit(spec, "localhost/lnd-ui:latest");
|
||||||
assert_eq!(u.name, "archy-lnd-ui");
|
assert_eq!(u.name, "archy-lnd-ui");
|
||||||
assert!(matches!(u.network, NetworkMode::Host));
|
assert!(matches!(u.network, NetworkMode::Bridge(ref n) if n == "bridge"));
|
||||||
assert!(u.ports.is_empty());
|
assert_eq!(u.ports, vec![(18083, 80, "tcp".into())]);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
|||||||
@ -365,13 +365,6 @@ fn get_app_metadata(app_id: &str) -> AppMetadata {
|
|||||||
repo: "https://github.com/fedimint/fedimint".to_string(),
|
repo: "https://github.com/fedimint/fedimint".to_string(),
|
||||||
tier: "",
|
tier: "",
|
||||||
},
|
},
|
||||||
"fedimint-clientd" | "fmcd" => AppMetadata {
|
|
||||||
title: "Fedimint Client".to_string(),
|
|
||||||
description: "Fedimint ecash client daemon (fmcd) — lets your node hold Fedimint ecash and join federations".to_string(),
|
|
||||||
icon: "/assets/img/app-icons/fedimint.png".to_string(),
|
|
||||||
repo: "https://github.com/minmoto/fmcd".to_string(),
|
|
||||||
tier: "",
|
|
||||||
},
|
|
||||||
"morphos" | "morphos-server" => AppMetadata {
|
"morphos" | "morphos-server" => AppMetadata {
|
||||||
title: "Morphos".to_string(),
|
title: "Morphos".to_string(),
|
||||||
description: "Self-hosted file converter".to_string(),
|
description: "Self-hosted file converter".to_string(),
|
||||||
@ -382,7 +375,7 @@ fn get_app_metadata(app_id: &str) -> AppMetadata {
|
|||||||
"lnd" | "lightning-stack" => AppMetadata {
|
"lnd" | "lightning-stack" => AppMetadata {
|
||||||
title: "LND".to_string(),
|
title: "LND".to_string(),
|
||||||
description: "Lightning Network Daemon".to_string(),
|
description: "Lightning Network Daemon".to_string(),
|
||||||
icon: "/assets/img/app-icons/lnd.png".to_string(),
|
icon: "/assets/img/app-icons/lnd.svg".to_string(),
|
||||||
repo: "https://github.com/lightningnetwork/lnd".to_string(),
|
repo: "https://github.com/lightningnetwork/lnd".to_string(),
|
||||||
tier: "",
|
tier: "",
|
||||||
},
|
},
|
||||||
@ -396,7 +389,7 @@ fn get_app_metadata(app_id: &str) -> AppMetadata {
|
|||||||
"electrumx" | "mempool-electrs" | "electrs" => AppMetadata {
|
"electrumx" | "mempool-electrs" | "electrs" => AppMetadata {
|
||||||
title: "ElectrumX".to_string(),
|
title: "ElectrumX".to_string(),
|
||||||
description: "ElectrumX server — full Electrum protocol indexer for Bitcoin. Powers Mempool and Electrum wallets.".to_string(),
|
description: "ElectrumX server — full Electrum protocol indexer for Bitcoin. Powers Mempool and Electrum wallets.".to_string(),
|
||||||
icon: "/assets/img/app-icons/electrumx.png".to_string(),
|
icon: "/assets/img/app-icons/electrs.svg".to_string(),
|
||||||
repo: "https://github.com/spesmilo/electrumx".to_string(),
|
repo: "https://github.com/spesmilo/electrumx".to_string(),
|
||||||
tier: "",
|
tier: "",
|
||||||
},
|
},
|
||||||
@ -677,76 +670,30 @@ pub async fn read_tor_address(app_id: &str) -> Option<String> {
|
|||||||
.filter(|s| s.ends_with(".onion") && !s.is_empty())
|
.filter(|s| s.ends_with(".onion") && !s.is_empty())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Container-side ports that are essentially never a web UI, even when
|
|
||||||
/// published alongside one — e.g. gitea publishes SSH (`2222->22`) before its
|
|
||||||
/// web port (`3001->3000`), and podman's port list order isn't guaranteed to
|
|
||||||
/// put the UI port first. Skipping these lets launch-URL guessing work for
|
|
||||||
/// any future multi-port app without a per-app static override.
|
|
||||||
const NON_HTTP_CONTAINER_PORTS: &[&str] = &["22", "21", "3306", "5432", "6379", "27017"];
|
|
||||||
|
|
||||||
fn extract_lan_address(ports: &[String]) -> Option<String> {
|
fn extract_lan_address(ports: &[String]) -> Option<String> {
|
||||||
let mut first_candidate = None;
|
|
||||||
for port_str in ports {
|
for port_str in ports {
|
||||||
// Parse port strings like "0.0.0.0:18443->18443/tcp" or "0.0.0.0:18443-18444->18443-18444/tcp"
|
// Parse port strings like "0.0.0.0:18443->18443/tcp" or "0.0.0.0:18443-18444->18443-18444/tcp"
|
||||||
let Some(public_part) = port_str.split("->").next() else {
|
if let Some(public_part) = port_str.split("->").next() {
|
||||||
continue;
|
if let Some(port_part) = public_part.split(':').nth(1) {
|
||||||
};
|
// Extract just the first port if it's a range (e.g., "18443-18444" -> "18443")
|
||||||
let Some(port_part) = public_part.split(':').nth(1) else {
|
let single_port = port_part.split('-').next().unwrap_or(port_part);
|
||||||
continue;
|
return Some(format!("http://localhost:{}", single_port));
|
||||||
};
|
}
|
||||||
// Extract just the first port if it's a range (e.g., "18443-18444" -> "18443")
|
|
||||||
let host_port = port_part.split('-').next().unwrap_or(port_part);
|
|
||||||
let candidate = format!("http://localhost:{}", host_port);
|
|
||||||
if first_candidate.is_none() {
|
|
||||||
first_candidate = Some(candidate.clone());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
let container_port = port_str
|
|
||||||
.split("->")
|
|
||||||
.nth(1)
|
|
||||||
.and_then(|s| s.split('/').next())
|
|
||||||
.map(|s| s.split('-').next().unwrap_or(s));
|
|
||||||
if container_port.is_some_and(|p| NON_HTTP_CONTAINER_PORTS.contains(&p)) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
return Some(candidate);
|
|
||||||
}
|
}
|
||||||
// Nothing looked HTTP-like — fall back to whatever was published first
|
None
|
||||||
// rather than reporting no launch URL at all.
|
|
||||||
first_candidate
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// netbird's dashboard launch URL: HTTPS on 8087 (the proxy terminates TLS —
|
|
||||||
/// the dashboard needs a secure context for OIDC PKCE, issue #15) at the node's
|
|
||||||
/// primary host IP so it's reachable from the LAN. Manifest-driven netbird no
|
|
||||||
/// longer writes `dashboard.env`, so this is derived from host facts (the same
|
|
||||||
/// `{{HOST_IP}}` the orchestrator bakes into the cert/config); it falls back to
|
|
||||||
/// the static localhost mapping when the host IP can't be read. URL shape is
|
|
||||||
/// identical to the legacy installer's, so the existing https reachability
|
|
||||||
/// wrapper still applies.
|
|
||||||
async fn netbird_configured_launch_url() -> Option<String> {
|
async fn netbird_configured_launch_url() -> Option<String> {
|
||||||
if let Some(ip) = first_host_ip().await {
|
let env = tokio::fs::read_to_string("/var/lib/archipelago/netbird/dashboard.env")
|
||||||
return Some(format!("https://{ip}:8087"));
|
|
||||||
}
|
|
||||||
PodmanClient::lan_address_for("netbird")
|
|
||||||
}
|
|
||||||
|
|
||||||
/// First address from `hostname -I` — the node's primary host IP. Mirrors the
|
|
||||||
/// orchestrator's `detect_host_ip` so launch URLs match the cert/config the
|
|
||||||
/// orchestrator renders for `{{HOST_IP}}`.
|
|
||||||
async fn first_host_ip() -> Option<String> {
|
|
||||||
let out = tokio::process::Command::new("hostname")
|
|
||||||
.arg("-I")
|
|
||||||
.output()
|
|
||||||
.await
|
.await
|
||||||
.ok()?;
|
.ok()?;
|
||||||
if !out.status.success() {
|
env.lines()
|
||||||
return None;
|
.find_map(|line| line.strip_prefix("NETBIRD_MGMT_API_ENDPOINT="))
|
||||||
}
|
.map(str::trim)
|
||||||
String::from_utf8_lossy(&out.stdout)
|
.filter(|s| !s.is_empty())
|
||||||
.split_whitespace()
|
|
||||||
.next()
|
|
||||||
.map(ToOwned::to_owned)
|
.map(ToOwned::to_owned)
|
||||||
|
.or_else(|| PodmanClient::lan_address_for("netbird"))
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn reachable_lan_address(app_id: &str, candidate: Option<String>) -> Option<String> {
|
async fn reachable_lan_address(app_id: &str, candidate: Option<String>) -> Option<String> {
|
||||||
@ -883,54 +830,3 @@ mod launch_url_port_tests {
|
|||||||
assert_eq!(launch_url_port("http://localhost/"), None);
|
assert_eq!(launch_url_port("http://localhost/"), None);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
|
||||||
mod extract_lan_address_tests {
|
|
||||||
use super::extract_lan_address;
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn skips_ssh_port_when_web_port_is_published() {
|
|
||||||
// gitea: SSH published before the web port, in podman's list order.
|
|
||||||
let ports = vec![
|
|
||||||
"0.0.0.0:2222->22/tcp".to_string(),
|
|
||||||
"0.0.0.0:3001->3000/tcp".to_string(),
|
|
||||||
];
|
|
||||||
assert_eq!(
|
|
||||||
extract_lan_address(&ports).as_deref(),
|
|
||||||
Some("http://localhost:3001")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn falls_back_to_first_port_when_nothing_looks_like_http() {
|
|
||||||
let ports = vec!["0.0.0.0:2222->22/tcp".to_string()];
|
|
||||||
assert_eq!(
|
|
||||||
extract_lan_address(&ports).as_deref(),
|
|
||||||
Some("http://localhost:2222")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn single_http_port_still_resolves() {
|
|
||||||
let ports = vec!["0.0.0.0:8096->8096/tcp".to_string()];
|
|
||||||
assert_eq!(
|
|
||||||
extract_lan_address(&ports).as_deref(),
|
|
||||||
Some("http://localhost:8096")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn handles_port_ranges() {
|
|
||||||
let ports = vec!["0.0.0.0:18443-18444->18443-18444/tcp".to_string()];
|
|
||||||
assert_eq!(
|
|
||||||
extract_lan_address(&ports).as_deref(),
|
|
||||||
Some("http://localhost:18443")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn no_ports_returns_none() {
|
|
||||||
let ports: Vec<String> = vec![];
|
|
||||||
assert_eq!(extract_lan_address(&ports), None);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user