Resilience-validated release. Three full sweeps of the new resilience
harness against .228 confirm no shipstoppers.
Big user-visible:
- Bitcoin RPC auth durably correct via host-rendered nginx.conf bind-mount,
replaces fragile post-start exec that failed under restricted-cap rootless
podman ("crun: write cgroup.procs: Permission denied")
- Multi-container stack installs (indeedhub, immich, btcpay, mempool) now
emit phase events at every boundary so the progress bar advances
- Apps no longer vanish from the dashboard mid-install (absent-scanner skips
packages in transitional states)
- Indeedhub fresh installs work end-to-end (was 8500+ restart loop): five
missing env vars (DATABASE_PORT, QUEUE_HOST, QUEUE_PORT,
S3_PRIVATE_BUCKET_NAME, AES_MASTER_SECRET) added to install code
- Tailscale install fixed: --entrypoint string was being passed as a single
shell-line arg; switched to custom_args array
- Catalog cleaned of broken entries (dwn, endurain, ollama removed; nextcloud
restored on docker.io)
- Bitcoin Core update path uses correct image (was looking for nonexistent
lfg2025/bitcoin:28.4)
- ISO installs now allocate swap on the encrypted data partition
Infra:
- New resilience harness (scripts/resilience/) — black-box state-machine
tester, every app × every transition. Run before each release.
Sweep #3 final: PASS 107 / FAIL 12 / SKIP 14. The 12 fails are 1 cosmetic
(homeassistant trusted_hosts), 8 harness/timing false-positives, and 3
non-shipstopper tracked items. Down from 23 in baseline sweep #1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
76 lines
1.6 KiB
YAML
76 lines
1.6 KiB
YAML
app:
|
|
id: indeedhub
|
|
name: Indeehub
|
|
version: 0.1.0
|
|
description: Bitcoin documentary streaming platform featuring God Bless Bitcoin and other educational content about Bitcoin, sovereignty, and decentralized technology. Sign in with your Nostr identity.
|
|
category: media
|
|
|
|
container:
|
|
image: 146.59.87.168:3000/lfg2025/indeedhub:latest
|
|
pull_policy: always # Pull from registry; falls back to local build
|
|
|
|
dependencies:
|
|
- storage: 1Gi
|
|
|
|
resources:
|
|
cpu_limit: 2
|
|
memory_limit: 512Mi
|
|
disk_limit: 1Gi
|
|
|
|
security:
|
|
capabilities: []
|
|
readonly_root: true
|
|
no_new_privileges: true
|
|
user: 1001
|
|
seccomp_profile: default
|
|
network_policy: bridge
|
|
apparmor_profile: default
|
|
|
|
ports:
|
|
- host: 7777
|
|
container: 3000
|
|
protocol: tcp # Web UI (Next.js)
|
|
|
|
volumes:
|
|
- type: tmpfs
|
|
target: /tmp
|
|
options: [rw,noexec,nosuid,size=64m]
|
|
- type: tmpfs
|
|
target: /app/.next/cache
|
|
options: [rw,noexec,nosuid,size=128m]
|
|
|
|
environment:
|
|
- NODE_ENV=production
|
|
- NEXT_TELEMETRY_DISABLED=1
|
|
|
|
health_check:
|
|
type: http
|
|
endpoint: http://localhost:3000
|
|
path: /
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
interfaces:
|
|
main:
|
|
name: Web UI
|
|
description: Stream Bitcoin documentaries with Nostr identity
|
|
type: ui
|
|
port: 7777
|
|
protocol: http
|
|
path: /
|
|
|
|
metadata:
|
|
author: Indeehub Team
|
|
website: https://indeedhub.com
|
|
source: https://github.com/indeedhub/indeedhub
|
|
license: MIT
|
|
tags:
|
|
- bitcoin
|
|
- documentary
|
|
- streaming
|
|
- media
|
|
- education
|
|
- nostr
|