a7048f6d8e
- core/archipelago/src/bootstrap.rs (NEW): embed scripts/container-doctor.sh
and image-recipe/configs/archipelago-doctor.{service,timer} via
include_str! and sync to disk + enable the timer on every archipelago
startup. Idempotent (content-hash compare), dev-box symlink guard keeps
the git checkout untouched, best-effort (warn-only on failure) so
bootstrap never blocks server readiness. Wired in main.rs as a
background tokio task.
- scripts/container-doctor.sh: add fix_rootless_netns_egress(). Detects
when the rootless-netns has lost its pasta tap (container-to-container
still works but outbound DNS/TCP fails) via an nsenter probe into
aardvark-dns; with a two-probe 10s debounce to rule out transients and
a host-precheck that bails out if the host itself is offline. When the
rootless-netns is truly broken, does a graceful podman stop --all /
start --all so pasta + aardvark-dns rebuild the netns from scratch.
Bitcoin-knots and every other outbound container recover in one cycle.
- core/archipelago/src/update.rs: host_sudo → pub(crate) so bootstrap.rs
can reuse the existing systemd-run escape hatch.
- apps/bitcoin-core/manifest.yml: bump app version 24.0.0 → 28.4.0 and
image bitcoin/bitcoin:24.0 → bitcoin/bitcoin:28.4. Resources aligned
with the real container-specs.sh large-disk tune (4 GiB memory cap,
cpu_limit: 0 so bitcoind can run -par=auto across every core).
- neode-ui/src/views/apps/AppCard.vue + Apps.vue: add an Update button
+ Updating spinner to every app card that has available-update set.
Wires through serverStore.updatePackage(id) — the same RPC the detail
view already calls. common.update / common.updating i18n keys added in
en.json and es.json.
- core/archipelago/src/identity_manager.rs: add create_from_signing_key()
that mirrors an existing Ed25519 key as a manager-level identity with
a deterministic id (`node-<pubkey16>`). Idempotent across restarts,
gets the hex-SVG master avatar.
- core/archipelago/src/server.rs: the auto-create path on first boot now
mirrors the node's own signing_key (seed-derived on onboarded installs)
as a "Node" identity instead of generating a random "Default" keypair.
Once this ships, the DID on the Web5 DID Status card (via node.did
RPC), the Node entry on the Identities page (via identity.list), and
the DID used for peer-to-peer connects (via server_info.pubkey) all
resolve to the same seed-derived pubkey.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
62 lines
1.5 KiB
YAML
62 lines
1.5 KiB
YAML
app:
|
|
id: bitcoin-core
|
|
name: Bitcoin Core
|
|
version: 28.4.0
|
|
description: Full Bitcoin node implementation. The reference implementation of the Bitcoin protocol.
|
|
|
|
container:
|
|
image: bitcoin/bitcoin:28.4
|
|
image_signature: cosign://...
|
|
pull_policy: verify-signature
|
|
|
|
dependencies:
|
|
- storage: 500Gi # Minimum disk space for mainnet
|
|
|
|
resources:
|
|
cpu_limit: 0 # 0 = unlimited; bitcoind uses -par=auto across all cores
|
|
memory_limit: 4Gi # matches container-specs.sh bitcoin-knots large-disk dbcache=4096
|
|
disk_limit: 500Gi
|
|
|
|
security:
|
|
capabilities: [] # No special capabilities needed
|
|
readonly_root: true
|
|
no_new_privileges: true
|
|
user: 1000
|
|
seccomp_profile: default
|
|
network_policy: isolated
|
|
apparmor_profile: bitcoin-core
|
|
|
|
ports:
|
|
- host: 8332
|
|
container: 8332
|
|
protocol: tcp # RPC
|
|
- host: 8333
|
|
container: 8333
|
|
protocol: tcp # P2P
|
|
|
|
volumes:
|
|
- type: bind
|
|
source: /var/lib/archipelago/bitcoin
|
|
target: /home/bitcoin/.bitcoin
|
|
options: [rw]
|
|
|
|
environment:
|
|
- NETWORK=mainnet
|
|
- RPC_USER=${BITCOIN_RPC_USER}
|
|
- RPC_PASSWORD=${BITCOIN_RPC_PASSWORD}
|
|
- PRUNE=0 # Full node (set to 550 for pruned)
|
|
|
|
health_check:
|
|
type: http
|
|
endpoint: http://localhost:8332
|
|
path: /
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
|
|
bitcoin_integration:
|
|
rpc_access: admin
|
|
sync_required: true
|
|
testnet_support: true
|
|
pruning_support: true
|