4ec6ca98c1
Resilience-validated release. Three full sweeps of the new resilience
harness against .228 confirm no shipstoppers.
Big user-visible:
- Bitcoin RPC auth durably correct via host-rendered nginx.conf bind-mount,
replaces fragile post-start exec that failed under restricted-cap rootless
podman ("crun: write cgroup.procs: Permission denied")
- Multi-container stack installs (indeedhub, immich, btcpay, mempool) now
emit phase events at every boundary so the progress bar advances
- Apps no longer vanish from the dashboard mid-install (absent-scanner skips
packages in transitional states)
- Indeedhub fresh installs work end-to-end (was 8500+ restart loop): five
missing env vars (DATABASE_PORT, QUEUE_HOST, QUEUE_PORT,
S3_PRIVATE_BUCKET_NAME, AES_MASTER_SECRET) added to install code
- Tailscale install fixed: --entrypoint string was being passed as a single
shell-line arg; switched to custom_args array
- Catalog cleaned of broken entries (dwn, endurain, ollama removed; nextcloud
restored on docker.io)
- Bitcoin Core update path uses correct image (was looking for nonexistent
lfg2025/bitcoin:28.4)
- ISO installs now allocate swap on the encrypted data partition
Infra:
- New resilience harness (scripts/resilience/) — black-box state-machine
tester, every app × every transition. Run before each release.
Sweep #3 final: PASS 107 / FAIL 12 / SKIP 14. The 12 fails are 1 cosmetic
(homeassistant trusted_hosts), 8 harness/timing false-positives, and 3
non-shipstopper tracked items. Down from 23 in baseline sweep #1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Archipelago App Manifests
Containerized applications for the Archipelago Bitcoin Node OS. All apps run in rootless Podman with security hardening (cap-drop ALL, readonly root, non-root user, memory limits).
App Categories
Bitcoin & Lightning
- bitcoin-knots — Full Bitcoin node (v28.1)
- lnd — Lightning Network Daemon (v0.17.4-beta)
- btcpay-server — Payment processor (v1.13.5)
- thunderhub — Lightning management UI (v0.13.31)
- mempool — Block explorer and fee estimator (v2.5.0)
- electrumx — Electrum server
- fedimint — Federated Bitcoin minting (v0.10.0)
Nostr
- nostr-rs-relay — High-performance Rust relay (v0.9.0)
- nostrudel — Nostr web client (v0.40.0)
Web5 & Identity
- web5-dwn — Decentralized Web Node (v0.4.0)
- did-wallet — Web5 DID Wallet
Self-Hosted Services
- nextcloud (v28), jellyfin (v10.8.13), immich (release), photoprism (v240915)
- vaultwarden (v1.30.0-alpine), onlyoffice (v7.5.1), penpot (v2.4)
- homeassistant (v2024.1), filebrowser (v2.27.0), searxng (2024.11.17)
- ollama (v0.5.4), grafana (v10.2.0), portainer (v2.19.4)
Networking
- tailscale (stable), nginx-proxy-manager (v2.12.1)
Custom & External
- indeedhub — Bitcoin documentary streaming (custom build)
- router — Mesh routing and network management
- botfights, nwnn, 484-kitchen, call-the-operator, arch-presentation, syntropy-institute, t-zero — External web apps
Manifest Format
Each app has a manifest.yml defining container image, resources, dependencies, security policies, health checks, and network config. See docs/app-manifest-spec.md for the spec.
Quick Reference
- PORTS.md — Complete port mapping
- QUICKSTART.md — Build and run apps
- DEVELOPMENT.md — Development workflow