Fixes from real fresh-install feedback (Framework node .81) + its log bundle:
Backend:
- websocket: subscribe before initial snapshot — broadcasts in the gap were
silently lost, stranding clients on stale state until a hard refresh
(the "everything needs ctrl-r" bug: My Apps stuck Loading, App Store
stuck Checking, containers-scanned never arriving)
- crash recovery: check the crash marker BEFORE writing our own PID —
recovery had never run on any node (always saw its own PID and skipped);
PID-reuse guard via /proc cmdline
- boot status: pending-boot-starts registry (recovery, stack recovery,
reconciler, adoption) — scanner overlays queued-but-down apps as
Restarting instead of Stopped after a reboot; scanner-authored
Restarting resolves immediately on a settled scan (no transitional wedge)
- install deps: bounded wait (36x5s) when a dependency is installed but
still starting ("Waiting for Bitcoin to start…") instead of instant
rejection; dependency-gate rejections remove the optimistic entry (no
phantom Stopped tile) and surface as a notification
- seed backup: auth.setup persists the onboarding mnemonic as the
encrypted seed backup (reveal previously failed on EVERY node — nothing
ever wrote master_seed.enc); seed.restore stashes too; error sanitizer
lets seed/2FA errors through instead of "Check server logs"
- lnd: bitcoind.rpchost resolved from the running Bitcoin variant
(hardcoded bitcoin-knots broke Core nodes); manifest uses derived_env
- bitcoin status: clean human message for connection-reset/startup; raw
URLs + os-error chains no longer reach the app card
- fedimint-clientd: chown /var/lib/archipelago/fmcd to 1000:1000 (root-
created dir crash-looped the rootless container, EACCES) — first-boot
script + pre-start self-heal
- log volume (>1GB/day on a day-old node): journald caps drop-in (ISO +
bootstrap self-heal), bitcoind -printtoconsole=0 everywhere (90% of the
journal was IBD UpdateTip spam), tracing default debug→info
Frontend:
- Login: Enter advances to confirm field then submits; submit always
clickable with inline errors (was silently disabled on mismatch);
Restart Onboarding needs a confirming second click (the mismatch →
"onboarding restarted" trap)
- sync store: 30s state reconciliation + refetch on re-entrant connect;
20s containers-scanned escape hatch so Checking can never show forever;
fresh empty node reaches the real "no apps yet" state
- intro video: CRF20 re-encode (SSIM 0.988) + faststart — moov was at EOF
so playback needed the full 15MB first (the intro lag)
- backgrounds: 10 heaviest JPEGs → WebP q90 (9.4MB→6.6MB); 7 stayed JPEG
(WebP larger on noisy sources)
- Web5ConnectedNodes: drop unused template ref that failed vue-tsc -b
ISO/kiosk:
- nginx: /assets/ 404s no longer cached immutable for a year; HTTPS block
gained the missing /assets/ location (served index.html as images)
- kiosk: launcher/service spliced from configs/ at ISO build (stale
heredoc force-disabled GPU); MemoryHigh/Max 1200/1500→2200/2800M (kiosk
rode the reclaim throttle = the lag); firmware-intel-graphics +
firmware-amd-graphics (trixie split DMC blobs out of misc-nonfree)
Verified: cargo test 898/898 green, npm run build green with dist
contents confirmed (webp refs, lnd.png, faststart video, new strings).
Handover for ISO build + deploy: docs/HANDOVER-2026-07-02-iso-feedback.md
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
102 lines
3.9 KiB
YAML
102 lines
3.9 KiB
YAML
app:
|
|
id: bitcoin-knots
|
|
name: Bitcoin Knots
|
|
version: 28.1.0
|
|
description: Full Bitcoin Knots node with dynamic prune/full-mode startup based on host disk.
|
|
|
|
container_name: bitcoin-knots
|
|
|
|
container:
|
|
image: 146.59.87.168:3000/lfg2025/bitcoin-knots:latest
|
|
pull_policy: if-not-present
|
|
network: archy-net
|
|
entrypoint: ["sh", "-lc"]
|
|
custom_args:
|
|
# Sync-speed flags: -par=0 uses every core (was capped at 2 by
|
|
# --cpus=2, now removed for bitcoin/electrumx). -dbcache sized to
|
|
# the IBD sweet spot - 4GB on full nodes, 1GB on pruned. Container
|
|
# --memory=8g (config.rs::get_memory_limit) leaves headroom for
|
|
# mempool + connections.
|
|
#
|
|
# -printtoconsole=0: foreground bitcoind defaults console logging ON,
|
|
# which pushed every IBD "UpdateTip" line through conmon into journald
|
|
# (>1 GB/day on a fresh node). bitcoind still writes debug.log in the
|
|
# datadir (/var/lib/archipelago/bitcoin/debug.log, self-shrunk on
|
|
# restart) — use that for deep debugging; podman logs only carries
|
|
# entrypoint/startup errors.
|
|
- >-
|
|
BITCOIND="$(command -v bitcoind || true)";
|
|
if [ -z "$BITCOIND" ]; then
|
|
BITCOIND="$(find /opt -path '*/bin/bitcoind' -type f 2>/dev/null | sort | tail -n 1)";
|
|
fi;
|
|
if [ -z "$BITCOIND" ]; then
|
|
echo "bitcoind not found in image" >&2;
|
|
exit 127;
|
|
fi;
|
|
RPC_USER="$(printenv BITCOIN_RPC_USER)";
|
|
RPC_PASS="$(printenv BITCOIN_RPC_PASS)";
|
|
RPC_TXRELAY_AUTH="$(printenv BITCOIN_RPC_TXRELAY_RPCAUTH || true)";
|
|
DISK_GB_VALUE="$(printenv DISK_GB || true)";
|
|
RPC_HEADROOM="-rpcthreads=16 -rpcworkqueue=256";
|
|
RPC_TXRELAY_FLAGS="-rpcwhitelistdefault=0";
|
|
if [ -n "$RPC_TXRELAY_AUTH" ]; then
|
|
RPC_TXRELAY_FLAGS="$RPC_TXRELAY_FLAGS -rpcauth=$RPC_TXRELAY_AUTH -rpcwhitelist=txrelay:sendrawtransaction,submitpackage,testmempoolaccept,getmempoolinfo,getrawmempool,getmempoolentry,getnetworkinfo,getblockchaininfo,getblockcount,getblockhash,getblock,getblockheader,getrawtransaction,gettxout,gettxspendingprevout,decoderawtransaction,decodescript,estimatesmartfee,uptime,ping,getconnectioncount,getpeerinfo,getindexinfo,getdeploymentinfo,getchaintips";
|
|
fi;
|
|
if [ "${DISK_GB_VALUE:-0}" -lt 1000 ]; then
|
|
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -printtoconsole=0 -server=1 -prune=550 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=2048 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
|
else
|
|
exec "$BITCOIND" -datadir=/home/bitcoin/.bitcoin -noconf -printtoconsole=0 -server=1 -txindex=1 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=4096 -par=0 -maxconnections=125 $RPC_HEADROOM $RPC_TXRELAY_FLAGS -rpcuser="$RPC_USER" -rpcpassword="$RPC_PASS";
|
|
fi
|
|
derived_env:
|
|
- key: DISK_GB
|
|
template: "{{DISK_GB}}"
|
|
secret_env:
|
|
- key: BITCOIN_RPC_PASS
|
|
secret_file: bitcoin-rpc-password
|
|
- key: BITCOIN_RPC_TXRELAY_RPCAUTH
|
|
secret_file: bitcoin-rpc-txrelay-rpcauth
|
|
data_uid: "100101:100101"
|
|
|
|
dependencies:
|
|
- storage: 500Gi
|
|
|
|
resources:
|
|
cpu_limit: 0
|
|
memory_limit: 8Gi
|
|
disk_limit: 500Gi
|
|
|
|
security:
|
|
capabilities: [CHOWN, FOWNER, SETUID, SETGID, DAC_OVERRIDE]
|
|
readonly_root: false
|
|
network_policy: isolated
|
|
|
|
ports:
|
|
- host: 8332
|
|
container: 8332
|
|
protocol: tcp
|
|
- host: 8333
|
|
container: 8333
|
|
protocol: tcp
|
|
|
|
volumes:
|
|
- type: bind
|
|
source: /var/lib/archipelago/bitcoin
|
|
target: /home/bitcoin/.bitcoin
|
|
options: [rw]
|
|
|
|
environment:
|
|
- BITCOIN_RPC_USER=archipelago
|
|
|
|
health_check:
|
|
type: tcp
|
|
endpoint: localhost:8332
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
|
|
bitcoin_integration:
|
|
rpc_access: admin
|
|
sync_required: true
|
|
testnet_support: false
|
|
pruning_support: true
|