987158ef5f
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Has been cancelled
- core/archipelago/src/bootstrap.rs (NEW): embed scripts/container-doctor.sh
and image-recipe/configs/archipelago-doctor.{service,timer} via
include_str! and sync to disk + enable the timer on every archipelago
startup. Idempotent (content-hash compare), dev-box symlink guard keeps
the git checkout untouched, best-effort (warn-only on failure) so
bootstrap never blocks server readiness. Wired in main.rs as a
background tokio task.
- scripts/container-doctor.sh: add fix_rootless_netns_egress(). Detects
when the rootless-netns has lost its pasta tap (container-to-container
still works but outbound DNS/TCP fails) via an nsenter probe into
aardvark-dns; with a two-probe 10s debounce to rule out transients and
a host-precheck that bails out if the host itself is offline. When the
rootless-netns is truly broken, does a graceful podman stop --all /
start --all so pasta + aardvark-dns rebuild the netns from scratch.
Bitcoin-knots and every other outbound container recover in one cycle.
- core/archipelago/src/update.rs: host_sudo → pub(crate) so bootstrap.rs
can reuse the existing systemd-run escape hatch.
- apps/bitcoin-core/manifest.yml: bump app version 24.0.0 → 28.4.0 and
image bitcoin/bitcoin:24.0 → bitcoin/bitcoin:28.4. Resources aligned
with the real container-specs.sh large-disk tune (4 GiB memory cap,
cpu_limit: 0 so bitcoind can run -par=auto across every core).
- neode-ui/src/views/apps/AppCard.vue + Apps.vue: add an Update button
+ Updating spinner to every app card that has available-update set.
Wires through serverStore.updatePackage(id) — the same RPC the detail
view already calls. common.update / common.updating i18n keys added in
en.json and es.json.
- core/archipelago/src/identity_manager.rs: add create_from_signing_key()
that mirrors an existing Ed25519 key as a manager-level identity with
a deterministic id (`node-<pubkey16>`). Idempotent across restarts,
gets the hex-SVG master avatar.
- core/archipelago/src/server.rs: the auto-create path on first boot now
mirrors the node's own signing_key (seed-derived on onboarded installs)
as a "Node" identity instead of generating a random "Default" keypair.
Once this ships, the DID on the Web5 DID Status card (via node.did
RPC), the Node entry on the Identities page (via identity.list), and
the DID used for peer-to-peer connects (via server_info.pubkey) all
resolve to the same seed-derived pubkey.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
249 lines
8.5 KiB
Rust
249 lines
8.5 KiB
Rust
// Archipelago Bitcoin Node OS - Native Backend
|
|
// Pure Archipelago implementation, no StartOS dependencies
|
|
|
|
// Crate-level clippy allowances. These are stylistic lints that fire on
|
|
// large legacy surfaces and offer no correctness benefit to chase on every
|
|
// PR — suppressing them crate-wide keeps CI gating on correctness issues
|
|
// without drowning in cleanup noise every time a new toolchain tightens.
|
|
#![allow(
|
|
clippy::too_many_arguments,
|
|
clippy::doc_lazy_continuation,
|
|
clippy::type_complexity,
|
|
clippy::enum_variant_names,
|
|
clippy::wildcard_in_or_patterns,
|
|
clippy::assertions_on_constants,
|
|
clippy::drop_non_drop,
|
|
clippy::unused_io_amount,
|
|
clippy::ptr_arg
|
|
)]
|
|
|
|
use anyhow::{Context, Result};
|
|
use std::net::SocketAddr;
|
|
use tokio::signal;
|
|
use tracing::info;
|
|
|
|
mod api;
|
|
mod auth;
|
|
mod avatar;
|
|
mod backup;
|
|
mod bitcoin_rpc;
|
|
mod blobs;
|
|
mod bootstrap;
|
|
mod config;
|
|
mod constants;
|
|
mod container;
|
|
mod content_server;
|
|
mod crash_recovery;
|
|
mod credentials;
|
|
mod data_model;
|
|
mod disk_monitor;
|
|
mod electrs_status;
|
|
mod federation;
|
|
mod fips;
|
|
mod health_monitor;
|
|
mod identity;
|
|
mod identity_manager;
|
|
mod marketplace;
|
|
mod mesh;
|
|
mod monitoring;
|
|
mod names;
|
|
mod network;
|
|
mod node_message;
|
|
mod nostr_discovery;
|
|
mod nostr_handshake;
|
|
mod nostr_relays;
|
|
mod peers;
|
|
mod port_allocator;
|
|
mod rate_limit;
|
|
pub mod seed;
|
|
mod server;
|
|
mod session;
|
|
mod settings;
|
|
mod state;
|
|
mod streaming;
|
|
mod totp;
|
|
mod transport;
|
|
mod update;
|
|
mod vpn;
|
|
mod wallet;
|
|
mod webhooks;
|
|
|
|
use config::Config;
|
|
use server::Server;
|
|
|
|
#[tokio::main]
|
|
async fn main() -> Result<()> {
|
|
let startup_start = std::time::Instant::now();
|
|
crash_recovery::init_start_time();
|
|
|
|
// Initialize tracing
|
|
tracing_subscriber::fmt()
|
|
.with_env_filter(
|
|
tracing_subscriber::EnvFilter::try_from_default_env()
|
|
.unwrap_or_else(|_| "archipelago=debug,info".into()),
|
|
)
|
|
.init();
|
|
|
|
info!("Starting Archipelago Bitcoin Node OS");
|
|
|
|
// Load configuration
|
|
let config = Config::load().await?;
|
|
info!("📁 Data directory: {}", config.data_dir.display());
|
|
|
|
// Load user transport preferences so peer-to-peer call sites can
|
|
// consult them from any module without threading a handle through
|
|
// deep async chains. Missing/corrupt file → default (Auto everywhere).
|
|
if let Err(e) = settings::transport::init(&config.data_dir).await {
|
|
tracing::warn!(
|
|
"Failed to initialise transport preferences: {} — using defaults",
|
|
e
|
|
);
|
|
}
|
|
|
|
// Write PID marker early so we can detect crashes on next startup
|
|
crash_recovery::write_pid_marker(&config.data_dir).await?;
|
|
|
|
// Crash recovery runs in background so health endpoint is available immediately
|
|
{
|
|
let data_dir = config.data_dir.clone();
|
|
tokio::spawn(async move {
|
|
// Check if previous instance shut down cleanly
|
|
match crash_recovery::check_for_crash(&data_dir).await {
|
|
Ok(Some(containers)) => {
|
|
info!(
|
|
"🔧 Recovering {} containers from previous crash...",
|
|
containers.len()
|
|
);
|
|
let report = crash_recovery::recover_containers(&containers).await;
|
|
info!(
|
|
"🔧 Recovery complete: {}/{} containers restarted (failed: {:?})",
|
|
report.recovered, report.total, report.failed
|
|
);
|
|
}
|
|
Ok(None) => {}
|
|
Err(e) => {
|
|
tracing::warn!("Crash recovery check failed: {}", e);
|
|
}
|
|
}
|
|
|
|
// Start any stopped containers (handles clean reboot)
|
|
// Skips user-stopped containers, uses tier ordering
|
|
let boot_report = crash_recovery::start_stopped_containers(&data_dir).await;
|
|
if boot_report.total > 0 {
|
|
info!(
|
|
"🔄 Boot startup: {}/{} containers started (failed: {:?})",
|
|
boot_report.recovered, boot_report.total, boot_report.failed
|
|
);
|
|
}
|
|
|
|
// Signal to health monitor that boot recovery is done
|
|
crash_recovery::mark_recovery_complete();
|
|
|
|
// Boot reconciliation disabled — the reconciler creates ALL containers
|
|
// from specs, which is wrong on unbundled installs where only user-chosen
|
|
// apps should exist. The health monitor handles restarting existing
|
|
// containers. Run reconcile-containers.sh manually when needed.
|
|
// crash_recovery::run_boot_reconciliation().await;
|
|
});
|
|
}
|
|
|
|
// Ensure a default user exists so login works after install/onboarding.
|
|
// In production, the default password is "password123" (shown during install).
|
|
// In dev mode, the dev default password is used.
|
|
// Don't auto-create default user — let onboarding flow handle password setup
|
|
// via auth.setup RPC. The Login page detects is_setup=false and shows
|
|
// "Create Password" form instead of login form.
|
|
|
|
// Create server
|
|
let server = Server::new(config.clone()).await?;
|
|
|
|
// Start server
|
|
let addr: SocketAddr = format!("{}:{}", config.bind_host, config.bind_port)
|
|
.parse()
|
|
.context("Invalid bind address")?;
|
|
|
|
// The FIPS peer listener is bound lazily by server::serve_with_shutdown
|
|
// on a 30s poll of fips0 — so a post-onboarding fips.install brings it
|
|
// online without needing an archipelago restart.
|
|
|
|
// Spawn background update scheduler
|
|
let update_data_dir = config.data_dir.clone();
|
|
tokio::spawn(async move {
|
|
update::run_update_scheduler(update_data_dir).await;
|
|
});
|
|
|
|
// Synchronize host-side doctor artifacts (script + systemd units) with
|
|
// what's embedded in this binary. Runs in the background so it never
|
|
// delays server readiness; best-effort, warnings only.
|
|
tokio::spawn(bootstrap::ensure_doctor_installed());
|
|
|
|
// Spawn periodic container snapshot (for crash recovery)
|
|
crash_recovery::spawn_snapshot_task(config.data_dir.clone());
|
|
|
|
// Spawn disk space monitor (warns at 85%, auto-cleans at 90%)
|
|
disk_monitor::spawn_disk_monitor(config.data_dir.clone());
|
|
|
|
// Restore WireGuard peers into wg0 (kernel loses them on every reboot).
|
|
{
|
|
let data_dir = config.data_dir.clone();
|
|
tokio::spawn(async move {
|
|
vpn::restore_wg_peers(&data_dir).await;
|
|
});
|
|
}
|
|
|
|
// Spawn ElectrumX status cache (refreshes every 15s, serves cached data to avoid race conditions)
|
|
electrs_status::spawn_status_cache();
|
|
|
|
let startup_ms = startup_start.elapsed().as_millis();
|
|
info!(
|
|
"Server listening on http://{} (startup: {}ms)",
|
|
addr, startup_ms
|
|
);
|
|
info!("RPC API: http://{}/rpc/v1", addr);
|
|
info!("WebSocket: ws://{}/ws", addr);
|
|
|
|
// Notify systemd that we're ready (Type=notify)
|
|
// Note: first param `false` keeps NOTIFY_SOCKET so watchdog pings work
|
|
let _ = sd_notify::notify(false, &[sd_notify::NotifyState::Ready]);
|
|
|
|
// Spawn systemd watchdog ping (WatchdogSec=300, ping every 120s)
|
|
tokio::spawn(async {
|
|
let mut interval = tokio::time::interval(std::time::Duration::from_secs(120));
|
|
loop {
|
|
interval.tick().await;
|
|
let _ = sd_notify::notify(false, &[sd_notify::NotifyState::Watchdog]);
|
|
}
|
|
});
|
|
|
|
// Graceful shutdown: wait for SIGTERM or SIGINT
|
|
let mut sigterm = signal::unix::signal(signal::unix::SignalKind::terminate())
|
|
.context("Failed to register SIGTERM handler")?;
|
|
let shutdown = async move {
|
|
tokio::select! {
|
|
_ = signal::ctrl_c() => {
|
|
info!("Received SIGINT (Ctrl+C), initiating graceful shutdown...");
|
|
}
|
|
_ = sigterm.recv() => {
|
|
info!("Received SIGTERM, initiating graceful shutdown...");
|
|
}
|
|
}
|
|
};
|
|
|
|
server.serve_with_shutdown(addr, shutdown).await?;
|
|
|
|
// Clean shutdown: remove PID marker so next startup doesn't trigger recovery
|
|
crash_recovery::remove_pid_marker(&config.data_dir).await;
|
|
|
|
info!("Archipelago shut down cleanly");
|
|
|
|
// Hard-exit after logging. All business state is persisted by now
|
|
// (connections drained, PID marker removed, disk flushes done via
|
|
// tokio::fs awaits). Letting tokio try to drop the runtime instead
|
|
// can stall for 15s+ on non-daemon OS threads we don't directly
|
|
// own (mdns_sd daemon, reqwest resolver pool, etc.) — long enough
|
|
// for systemd's TimeoutStopSec to SIGKILL us and mark the service
|
|
// Failed, which makes an otherwise-successful update look like a
|
|
// crash in `systemctl status`.
|
|
std::process::exit(0);
|
|
}
|