feat: standalone WireGuard from first install, fix networking stack
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 14m13s
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 14m13s
Standalone WireGuard (wg0:51820): - New archipelago-wg.service creates wg0 independent of NostrVPN - Keypair generated on first-boot, persisted on LUKS partition - vpn.create-peer uses wg genkey/pubkey (no nvpn dependency) - wg-address service depends on archipelago-wg, not nostr-vpn Networking fixes: - Remove nos.lol from default relays (requires PoW, events rejected) - Add Tor hidden service for private relay (port 7777) — NAT'd peers can reach relay over Tor for NostrVPN signaling - Fix Tor hostname sync race: wait loop before copying hostname files - Add tor-hostnames + wireguard dirs to LUKS partition setup - Include relay in hostname sync loops (setup-tor.sh + first-boot) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
@@ -76,7 +76,13 @@ fi
|
||||
# The backend reads from /var/lib/archipelago/tor-hostnames/{service} at startup
|
||||
TOR_HOSTNAMES="/var/lib/archipelago/tor-hostnames"
|
||||
mkdir -p "$TOR_HOSTNAMES"
|
||||
for svc in archipelago bitcoin lnd electrumx btcpay mempool fedimint; do
|
||||
# Wait for Tor to generate hostname files (setup-tor.sh may still be running)
|
||||
for attempt in $(seq 1 10); do
|
||||
[ -f /var/lib/tor/hidden_service_archipelago/hostname ] && break
|
||||
log "Waiting for Tor hostnames (attempt $attempt/10)..."
|
||||
sleep 3
|
||||
done
|
||||
for svc in archipelago bitcoin lnd electrumx btcpay mempool fedimint relay; do
|
||||
for dir in /var/lib/tor/hidden_service_${svc}; do
|
||||
if [ -f "$dir/hostname" ]; then
|
||||
cp "$dir/hostname" "$TOR_HOSTNAMES/$svc" 2>/dev/null
|
||||
@@ -86,6 +92,25 @@ done
|
||||
chown -R archipelago:archipelago "$TOR_HOSTNAMES" 2>/dev/null
|
||||
log "Tor hostnames populated: $(ls $TOR_HOSTNAMES 2>/dev/null | tr '\n' ' ')"
|
||||
|
||||
# ── Standalone WireGuard: generate keypair and start wg0 ──────────────
|
||||
WG_DIR="/var/lib/archipelago/wireguard"
|
||||
mkdir -p "$WG_DIR"
|
||||
if [ ! -f "$WG_DIR/private.key" ]; then
|
||||
wg genkey > "$WG_DIR/private.key" 2>/dev/null
|
||||
chmod 600 "$WG_DIR/private.key"
|
||||
wg pubkey < "$WG_DIR/private.key" > "$WG_DIR/public.key"
|
||||
chown -R archipelago:archipelago "$WG_DIR"
|
||||
log "WireGuard keypair generated"
|
||||
fi
|
||||
modprobe wireguard 2>/dev/null || true
|
||||
systemctl enable --now archipelago-wg 2>/dev/null || true
|
||||
systemctl enable --now archipelago-wg-address 2>/dev/null || true
|
||||
# Open firewall port for standalone WG
|
||||
if command -v ufw >/dev/null 2>&1 && ufw status | grep -q "Status: active"; then
|
||||
ufw allow 51820/udp >/dev/null 2>&1 || true
|
||||
fi
|
||||
log "Standalone WireGuard (wg0:51820) started"
|
||||
|
||||
# ── Private Nostr Relay: start for VPN signaling and general use ──────
|
||||
if command -v nostr-rs-relay >/dev/null 2>&1; then
|
||||
# Relay config is pre-installed by ISO at /var/lib/archipelago/nostr-relay/config.toml
|
||||
@@ -153,12 +178,9 @@ NOSTR_PUBKEY=${NOSTR_PUBKEY}
|
||||
NVPNENV
|
||||
chmod 600 /var/lib/archipelago/nostr-vpn/env
|
||||
|
||||
# Load WireGuard kernel module
|
||||
modprobe wireguard 2>/dev/null || true
|
||||
|
||||
# Start NostrVPN and WireGuard address services
|
||||
# Start NostrVPN mesh service (standalone WG already started above)
|
||||
systemctl reset-failed nostr-vpn 2>/dev/null || true
|
||||
systemctl enable --now nostr-vpn 2>/dev/null || true
|
||||
systemctl enable --now archipelago-wg-address 2>/dev/null || true
|
||||
log "NostrVPN configured with node identity and started"
|
||||
else
|
||||
log "NostrVPN: no Nostr identity yet — will configure after onboarding"
|
||||
|
||||
Reference in New Issue
Block a user