Dorian 430d174389 feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege ...

- Service runs as unprivileged `archipelago` user instead of root
- Added systemd sandboxing: ProtectSystem=strict, NoNewPrivileges, PrivateTmp,
  MemoryDenyWriteExecute, RestrictNamespaces, SystemCallFilter
- Bitcoin RPC rpcallowip restricted to localhost + Podman subnet (10.88.0.0/16)
- Tailscale container: removed --privileged, uses cap-drop ALL + cap-add NET_ADMIN/NET_RAW

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-18 00:42:29 +00:00

..

.cargo

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

archipelago

feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege

2026-03-18 00:42:29 +00:00

container

feat: v1.2.0-alpha — E2E encrypted mesh relay, steganography, relay status polling

2026-03-17 23:56:37 +00:00

container-init

mid coding commit

2026-01-24 22:59:20 +00:00

helpers

mid coding commit

2026-01-24 22:59:20 +00:00

js-engine

mid coding commit

2026-01-24 22:59:20 +00:00

models

mid coding commit

2026-01-24 22:59:20 +00:00

parmanode

feat: complete Phase 1 foundation hardening + three-mode UI design doc

2026-03-04 05:23:42 +00:00

performance

Update archipelago: API, auth, container, parmanode, performance, security

2026-01-27 22:27:17 +00:00

security

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

.env.example

Add comprehensive installation and setup documentation

2026-01-27 17:18:21 +00:00

.env.production

Update README and configuration for macOS support

2026-01-28 11:12:19 +00:00

Cargo.lock

feat: v1.2.0-alpha — E2E encrypted mesh relay, steganography, relay status polling

2026-03-17 23:56:37 +00:00

Cargo.toml

Refactor configuration and scripts for Archipelago backend and ISO build

2026-02-01 05:42:05 +00:00