fix: unbundled first-boot, fast VPN status, kiosk relay dedup
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 32m38s
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 32m38s
- Unbundled ISO: first-boot only creates FileBrowser (marker file .unbundled) Users install apps from Marketplace — no more bitcoin/mempool on clean install - VPN status: read tunnel IP from config file (instant) instead of nvpn status (22s) - Kiosk: App.vue skips remote relay on /kiosk path (prevents duplicate input) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
@@ -48,6 +48,63 @@ SCRIPT_DIR_FBC="$(cd "$(dirname "$0")" && pwd)"
|
||||
# as root (rootful podman), the backend can't see them at all.
|
||||
DOCKER="runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/$(id -u archipelago) podman"
|
||||
|
||||
# UNBUNDLED mode: only create FileBrowser, skip all other containers.
|
||||
# Users install apps on-demand from the Marketplace.
|
||||
UNBUNDLED_MARKER="/opt/archipelago/.unbundled"
|
||||
if [ -f "$UNBUNDLED_MARKER" ]; then
|
||||
log "UNBUNDLED mode detected — creating FileBrowser only (apps install from Marketplace)"
|
||||
|
||||
# Core setup: secrets, podman prerequisites, FileBrowser
|
||||
SECRETS_DIR="/var/lib/archipelago/secrets"
|
||||
mkdir -p "$SECRETS_DIR" && chmod 700 "$SECRETS_DIR"
|
||||
if [ ! -f "$SECRETS_DIR/bitcoin-rpc-password" ]; then
|
||||
openssl rand -hex 16 > "$SECRETS_DIR/bitcoin-rpc-password"
|
||||
chmod 600 "$SECRETS_DIR/bitcoin-rpc-password"
|
||||
fi
|
||||
# Generate all DB passwords upfront so they're stable
|
||||
for svc in mempool btcpay mysql-root; do
|
||||
if [ ! -f "$SECRETS_DIR/${svc}-db-password" ]; then
|
||||
openssl rand -hex 16 > "$SECRETS_DIR/${svc}-db-password"
|
||||
chmod 600 "$SECRETS_DIR/${svc}-db-password"
|
||||
fi
|
||||
done
|
||||
chown -R 1000:1000 "$SECRETS_DIR"
|
||||
|
||||
# Podman prerequisites
|
||||
loginctl enable-linger archipelago 2>/dev/null || true
|
||||
DOCKER="runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/$(id -u archipelago) podman"
|
||||
$DOCKER system migrate 2>/dev/null || true
|
||||
|
||||
# Ensure archy-net exists
|
||||
$DOCKER network create archy-net 2>/dev/null || true
|
||||
|
||||
# Create FileBrowser only
|
||||
if ! $DOCKER ps -a --format '{{.Names}}' 2>/dev/null | grep -q filebrowser; then
|
||||
log "Creating FileBrowser..."
|
||||
mkdir -p /var/lib/archipelago/filebrowser /var/lib/archipelago/filebrowser-data
|
||||
mkdir -p /var/lib/archipelago/data/cloud/{Documents,Photos,Music,Videos,Downloads}
|
||||
sudo chown -R 100000:100000 /var/lib/archipelago/filebrowser
|
||||
sudo chown -R 100000:100000 /var/lib/archipelago/filebrowser-data
|
||||
sudo chown -R 100000:100000 /var/lib/archipelago/data
|
||||
$DOCKER run -d --name filebrowser --restart unless-stopped \
|
||||
--cap-drop=ALL --cap-add=DAC_OVERRIDE --cap-add=NET_BIND_SERVICE \
|
||||
--security-opt=no-new-privileges:true \
|
||||
--health-cmd='curl -sf http://localhost:80/ || exit 1' \
|
||||
--health-interval=30s --health-timeout=5s --health-retries=3 \
|
||||
--memory=256m \
|
||||
-p 8083:80 \
|
||||
-v /var/lib/archipelago/filebrowser:/srv \
|
||||
-v /var/lib/archipelago/filebrowser-data:/data \
|
||||
-v /var/lib/archipelago/data/cloud:/srv/cloud \
|
||||
${FILEBROWSER_IMAGE} \
|
||||
--database=/data/database.db --root=/srv --address=0.0.0.0 --port=80 2>>"$LOG" && \
|
||||
log " FileBrowser created" || log " WARNING: FileBrowser creation failed"
|
||||
fi
|
||||
|
||||
log "Unbundled first-boot complete"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
TARGET_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
|
||||
[ -z "$TARGET_IP" ] && TARGET_IP="127.0.0.1"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user