lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/scripts
History
Dorian c005dc9a22 feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege 
- Service runs as unprivileged `archipelago` user instead of root
- Added systemd sandboxing: ProtectSystem=strict, NoNewPrivileges, PrivateTmp,
  MemoryDenyWriteExecute, RestrictNamespaces, SystemCallFilter
- Bitcoin RPC rpcallowip restricted to localhost + Podman subnet (10.88.0.0/16)
- Tailscale container: removed --privileged, uses cap-drop ALL + cap-add NET_ADMIN/NET_RAW

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 00:42:29 +00:00
..
archy-dev
feat: add archy-dev CLI scaffold for app developers
2026-03-14 05:47:29 +00:00
tor
Update Fedimint configuration and enhance onboarding process
2026-02-17 15:03:34 +00:00
archipelago-tailscale.service
Enhance README and RPC for package management
2026-02-01 18:46:35 +00:00
archy-dev.sh
feat: add archy-dev app developer SDK (Y4-01)
2026-03-14 05:47:16 +00:00
audit-deps.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
audit-secrets.sh
refactor: update dependencies and remove unused code
2026-03-12 00:19:30 +00:00
chaos-test.sh
refactor: update dependencies and remove unused code
2026-03-12 00:19:30 +00:00
check-deployment.sh
feat: complete Phase 1 foundation hardening + three-mode UI design doc
2026-03-04 05:23:42 +00:00
configure-tailscale-nginx.sh
Enhance README and RPC for package management
2026-02-01 18:46:35 +00:00
container-doctor.sh
feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege
2026-03-18 00:42:29 +00:00
create-release-manifest.sh
refactor: update dependencies and remove unused code
2026-03-12 00:19:30 +00:00
create-release.sh
feat: add release automation script (RELEASE-01)
2026-03-11 17:49:23 +00:00
daily-reboot-test.sh
feat: deploy daily reboot test + stability report generator (SOAK-03/04)
2026-03-14 05:37:16 +00:00
debug-frontend.sh
feat: complete Phase 1 foundation hardening + three-mode UI design doc
2026-03-04 05:23:42 +00:00
deploy-bitcoin-knots.sh
feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege
2026-03-18 00:42:29 +00:00
deploy-config.example
Update Fedimint configuration and enhance onboarding process
2026-02-17 15:03:34 +00:00
deploy-tailscale.sh
fix: resolve did:dht compilation errors
2026-03-14 04:14:04 +00:00
deploy-to-target.sh
feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege
2026-03-18 00:42:29 +00:00
dev-container.sh
mid coding commit
2026-01-24 22:59:20 +00:00
dev-setup.sh
mid coding commit
2026-01-24 22:59:20 +00:00
dev-start.sh
feat: complete Phase 1 foundation hardening + three-mode UI design doc
2026-03-04 05:23:42 +00:00
dev.sh
feat: complete Phase 1 foundation hardening + three-mode UI design doc
2026-03-04 05:23:42 +00:00
federation-health-check.sh
feat: add federation health monitoring, fix uptime monitor auth
2026-03-13 03:38:33 +00:00
first-boot-containers.sh
feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege
2026-03-18 00:42:29 +00:00
fix-indeedhub-containers.sh
feat: v1.2.0-alpha — E2E encrypted mesh relay, steganography, relay status polling
2026-03-17 23:56:37 +00:00
generate-stability-report.sh
feat: deploy daily reboot test + stability report generator (SOAK-03/04)
2026-03-14 05:37:16 +00:00
golden-path-test.sh
test: add golden path E2E test suite (E2E-01)
2026-03-11 14:58:21 +00:00
kiosk-watchdog.sh
refactor: update dependencies and remove unused code
2026-03-12 00:19:30 +00:00
nginx-app-iframe-patch.conf
Implement multi-container app installation for Immich and Penpot, enhance Docker package scanning, and update Nginx configuration for iframe support
2026-02-25 18:04:41 +00:00
nginx-archipelago-patch.conf
Update Fedimint configuration and enhance onboarding process
2026-02-17 15:03:34 +00:00
nginx-https-app-proxies.conf
feat: add missing nginx app proxies to HTTP block for full app wiring
2026-03-05 07:53:04 +00:00
nginx-penpot-iframe-patch.conf
Implement multi-container app installation for Immich and Penpot, enhance Docker package scanning, and update Nginx configuration for iframe support
2026-02-25 18:04:41 +00:00
nginx-pwa-snippet.conf
Enhance PWA support with new install prompt and configuration updates
2026-02-18 13:48:45 +00:00
optimize-debian.sh
Enhance development workflow and deployment practices for Archipelago
2026-02-01 13:24:03 +00:00
overnight-loop.sh
chore: add pentest verification script and wire into overnight loop
2026-03-06 03:50:50 +00:00
parmanode-wrapper.sh
Initial commit
2026-01-24 22:01:51 +00:00
prepackage-test.sh
mid coding commit
2026-01-24 22:59:20 +00:00
run-e2e-tests.sh
fix: zero-amount invoices, identity.verify DID extraction, tor service permissions
2026-03-09 09:53:36 +00:00
run-tests.sh
test: add CI-compatible test runner script
2026-03-10 23:56:10 +00:00
setup-aiui-server.sh
hot fixes to utc-6
2026-03-12 12:56:59 +00:00
setup-https-dev.sh
Refactor Indeehub integration and enhance deployment documentation
2026-03-01 17:53:18 +00:00
setup-kiosk.sh
refactor: update dependencies and remove unused code
2026-03-12 00:19:30 +00:00
setup-target-dev.sh
Refactor configuration and scripts for Archipelago backend and ISO build
2026-02-01 05:42:05 +00:00
test-all-apps.sh
refactor: update dependencies and remove unused code
2026-03-12 00:19:30 +00:00
test-all-features.sh
fix: re-authenticate per iteration in test-all-features.sh
2026-03-14 04:57:56 +00:00
test-app-install.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
test-backend-rpc.sh
feat: complete Phase 1 foundation hardening + three-mode UI design doc
2026-03-04 05:23:42 +00:00
test-container.sh
mid coding commit
2026-01-24 22:59:20 +00:00
test-cross-node.sh
test: US-15 boot recovery tests — .228 passes 9/9, .198 needs CONT-02
2026-03-14 02:54:16 +00:00
test-dep-chains.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
test-failure-recovery.sh
feat: auto-start stopped containers on boot, add failure recovery tests
2026-03-13 03:55:14 +00:00
test-first-install.sh
feat: release v1.1.0 — Nostr signing, file sharing, DWN sync, Tor rotation
2026-03-13 04:02:21 +00:00
test-fresh-install-e2e.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
test-identity.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
test-iframe-newtab.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
test-integration-full.sh
feat: add full integration test script — 23 checks all passing
2026-03-13 03:35:42 +00:00
test-multi-node.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
test-network.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
test-nip07.sh
feat: fix NIP-07 signing to use node Nostr key, add test script
2026-03-13 03:18:45 +00:00
test-performance.sh
fix: prevent tokio runtime deadlock in credential issue/verify
2026-03-09 07:43:12 +00:00
test-reboot-survival.sh
test: add reboot survival test script (REBOOT-01)
2026-03-14 02:52:55 +00:00
test-security.sh
test: enhance automated pentest suite (PENTEST-01)
2026-03-11 14:15:53 +00:00
test-stability-72h.sh
refactor: update dependencies and remove unused code
2026-03-12 00:19:30 +00:00
test-tor-rotation.sh
feat: fix Tor rotation to handle system Tor and hostname caching
2026-03-13 03:32:21 +00:00
trust-archipelago-cert.sh
Refactor Indeehub integration and enhance deployment documentation
2026-03-01 17:53:18 +00:00
uptime-monitor.sh
feat: add federation health monitoring, fix uptime monitor auth
2026-03-13 03:38:33 +00:00
validate-app-manifest.sh
feat: app manifest validator and Spanish locale stub
2026-03-14 05:39:46 +00:00
verify-deployment.sh
feat: complete Phase 1 foundation hardening + three-mode UI design doc
2026-03-04 05:23:42 +00:00
verify-pentest-fixes.sh
test: enhance automated pentest suite (PENTEST-01)
2026-03-11 14:15:53 +00:00