feat: Discover view, Fleet dashboard, MeshMap, type fixes
- New Discover.vue (app store redesign) - Fleet.vue dashboard for .228 - MeshMap.vue component - Fixed Discover.vue type errors (unused var, type predicate) - Various UI updates (Apps, Dashboard, Marketplace, Mesh, Web5) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,78 +1,42 @@
|
||||
---
|
||||
name: Repo Cleanup & Dev Environment Overhaul (2026-03-18)
|
||||
description: Major session — repo cleanup to archy-archive, demo seeding, dev-start.sh rewrite, ThunderHub/Fedimint/ecash, Podman install, wallet mock endpoints
|
||||
name: v1.3.0 Deploy Status
|
||||
description: March 19 session — pentest remediation, container reliability, deployment to .228/.198
|
||||
type: project
|
||||
---
|
||||
|
||||
## What Was Done
|
||||
## v1.3.0 Deployed (2026-03-19)
|
||||
|
||||
### 1. Repo Cleanup
|
||||
- Moved ~200 files (docs, scripts, loops, legacy Docker UIs, duplicate videos) to `~/Projects/archy-archive/` (outside repo)
|
||||
- Kept: all active docs (BETA-PROGRESS, MASTER_PLAN, architecture, ADRs, api-reference, developer-guide, troubleshooting, operations-runbook), all source code, active scripts
|
||||
- Three "user's call" docs kept: `multi-node-architecture.md`, `marketplace-protocol.md`, `app-developer-guide.md`
|
||||
### .228 — Fully deployed and verified
|
||||
- All 33 pentest security fixes live (including backend auth on /lnd-connect-info)
|
||||
- ElectrumX headers.subscribe fix — synced at block 941k+
|
||||
- Container reliability: memory limits in scripts, crash recovery coordination, health badges
|
||||
- Backend bound to 127.0.0.1:5678 (systemd + nginx)
|
||||
- Frontend: iframe auto-retry, TransactionsModal, health-aware badges, What's New v1.3.0
|
||||
- 31 containers running, all healthy
|
||||
|
||||
### 2. docker-compose.yml Switched from Regtest to Signet
|
||||
- All Bitcoin/LND/Fedimint containers now use **signet** (not regtest)
|
||||
- Ports updated: RPC 38332, P2P 38333
|
||||
- Removed archived `bitcoin-ui` and `lnd-ui` nginx services (referenced deleted `docker/` dir)
|
||||
- Added ThunderHub service (port 3010) to main compose
|
||||
### .198 — Partially deployed, needs attention
|
||||
- Binary deployed but machine chronically overloaded (8GB RAM, load 10+)
|
||||
- Bitcoin RPC 401 FIXED (secrets dir was root-owned)
|
||||
- SearXNG settings.yml created, LND Tor REST port 8080 added
|
||||
- Tor uses archipelago torrc NOT system torrc — needs consolidation
|
||||
- Jellyfin stopped to save resources
|
||||
- ElectrumX indexing (pruned data, will be slow)
|
||||
|
||||
### 3. New Testnet Compose (`docker-compose.testnet.yml`)
|
||||
- Standalone signet stack: bitcoind + LND + ThunderHub + Fedimint
|
||||
- Config at `testnet/thunderhub-config.yaml`
|
||||
- README at `testnet/README.md` with faucet links and commands
|
||||
### Deploy lessons learned
|
||||
- `cargo clean -p` + rebuild doesn't always recompile if rsync preserved timestamps
|
||||
- Fix: append blank line to force mtime change, or use `cargo build --release` after manual touch
|
||||
- Atomic binary swap: `cp new, mv over running` works; `cp over running` fails with "Text file busy"
|
||||
- systemd `Restart=always` prevents `systemctl stop` + `cp` — must use atomic mv
|
||||
|
||||
### 4. Mock Backend Enhancements (`neode-ui/mock-backend.js`)
|
||||
- **Container socket auto-detection**: tries `DOCKER_HOST` → Podman TMPDIR socket → Docker socket → null (simulation). No more `/var/run/docker.sock` spam
|
||||
- **8 static dev apps** (was 6): added ThunderHub (port 3010) and Fedimint (port 8175)
|
||||
- **25+ new RPC endpoints**: lnd.getinfo, lnd.newaddress, lnd.createinvoice, lnd.payinvoice, lnd.sendcoins, lnd.listchannels, lnd.openchannel, lnd.closechannel, wallet.ecash-balance, wallet.ecash-send, wallet.ecash-receive, wallet.ecash-history, wallet.networking-profits, bitcoin.getinfo, system.stats, update.status, network.list-requests, dev.faucet, etc.
|
||||
- **Fedimint version** synced to 0.10.0, port fixed from 8174 → 8175
|
||||
- **5 realistic notifications** (was empty array)
|
||||
- **Mock ThunderHub UI** at `/app/thunderhub/` — full HTML dashboard
|
||||
### Backlog for next session
|
||||
1. .198 stabilization (reduce containers for 8GB, apply memory limits via container recreation)
|
||||
2. .198 Tor consolidation (system tor vs archipelago tor process)
|
||||
3. BTCPay iframe cross-origin error (needs nginx proxy config)
|
||||
4. Tailscale admin page in iframe
|
||||
5. ElectrumX UI: Tor first as connect option
|
||||
6. Stagger animation fix + fleet dashboard + map tab
|
||||
7. Deploy to Tailscale nodes (Arch 1/2/3)
|
||||
8. App iframe error page — auto-retry now works, but needs polish
|
||||
|
||||
### 5. Dev Scripts Fixed
|
||||
- `neode-ui/start-dev.sh`: removed broken `start-docker-apps.sh` call, fixed EAGAIN via safe `while read` loop
|
||||
- `neode-ui/stop-dev.sh`: removed broken `stop-docker-apps.sh` call
|
||||
- `neode-ui/package.json`: removed stale `prebuild`, added `--raw` to concurrently (fixes EAGAIN pgrep spawn)
|
||||
- `scripts/dev-start.sh`: complete rewrite with 8 options including boot mode and testnet stack
|
||||
|
||||
### 6. ThunderHub Added Everywhere
|
||||
- Icon: `neode-ui/public/assets/img/app-icons/thunderhub.svg`
|
||||
- Mock backend: portMappings, marketplaceMetadata, staticDevApps, marketplace.get()
|
||||
- Marketplace.vue: getCuratedAppList(), recommended tier
|
||||
- appLauncher.ts: PORT_TO_APP_ID `'3010': 'thunderhub'`
|
||||
|
||||
### 7. Podman Installed on Mac
|
||||
- `podman 5.8.1` + `podman-compose 1.5.0` via Homebrew
|
||||
- Machine initialized and running
|
||||
|
||||
### 8. Home Wallet Card
|
||||
- Fixed `lnd.getinfo` response to include `balance_sats` and `channel_balance_sats`
|
||||
- Fixed `lnd.gettransactions` to use `amount_sats` and include `incoming_pending_count`
|
||||
- Added **Faucet button** (green) — calls `dev.faucet` RPC
|
||||
- Grid changed from 3-col to 4-col (Send, Receive, Faucet, Web5)
|
||||
|
||||
### 9. Developer Onboarding Docs
|
||||
- `neode-ui/README.md`: full rewrite
|
||||
- `neode-ui/DEV-SCRIPTS.md`: updated with actual 8 static apps
|
||||
|
||||
## Current State / Resume Here
|
||||
- **`npm start` works** — no Docker needed, all wallet actions mocked, 8 apps visible
|
||||
- **Send/Receive modals** open from Home wallet card — if still issues, check browser console
|
||||
- **Faucet button** calls dev.faucet and refreshes balances
|
||||
- **Not yet tested**: `podman-compose -f docker-compose.testnet.yml up` (signet sync ~10 min)
|
||||
- **Not yet committed** — all changes are local, uncommitted
|
||||
- **Demo prod server** not redeployed — push changes then redeploy via Portainer
|
||||
|
||||
## Key Files Modified This Session
|
||||
- `neode-ui/mock-backend.js` (major — container socket, 25+ RPC endpoints, ThunderHub mock UI)
|
||||
- `neode-ui/src/views/Home.vue` (faucet button, 4-col grid)
|
||||
- `neode-ui/src/views/Marketplace.vue` (ThunderHub entry)
|
||||
- `neode-ui/src/stores/appLauncher.ts` (ThunderHub port)
|
||||
- `neode-ui/start-dev.sh`, `neode-ui/stop-dev.sh`, `neode-ui/package.json`
|
||||
- `scripts/dev-start.sh` (complete rewrite)
|
||||
- `docker-compose.yml` (regtest→signet, ThunderHub, removed archived UIs)
|
||||
- `docker-compose.testnet.yml` (new)
|
||||
- `testnet/thunderhub-config.yaml`, `testnet/README.md` (new)
|
||||
- `neode-ui/public/assets/img/app-icons/thunderhub.svg` (new)
|
||||
- `neode-ui/README.md`, `neode-ui/DEV-SCRIPTS.md` (rewrites)
|
||||
**Why:** Track deployment state for session continuity.
|
||||
**How to apply:** Read at start of next session. Check .198 load before attempting operations.
|
||||
|
||||
119
.claude/plans/tailscale-migration.md
Normal file
119
.claude/plans/tailscale-migration.md
Normal file
@@ -0,0 +1,119 @@
|
||||
# Plan: Seamless Tailscale Migration for Alpha Testers
|
||||
|
||||
## Context
|
||||
|
||||
Tailscale nodes (Arch 1/2/3) are alpha tester machines. They need full deployment — binary, frontend, infrastructure, and containers — with zero friction. Currently `deploy-tailscale.sh` only deploys binary + frontend (85 lines), missing ALL infrastructure that `deploy-to-target.sh --live` provides (rootless prereqs, UID mapping, containers, nginx, Tor, HTTPS, dev mode, UFW, etc.).
|
||||
|
||||
These nodes may also have old **rootful** containers that need migrating to rootless.
|
||||
|
||||
## Approach
|
||||
|
||||
**Don't refactor the 1615-line deploy-to-target.sh** — too risky during beta freeze. Instead:
|
||||
|
||||
1. **Rewrite `deploy-tailscale.sh`** as a full-deploy script with split-mode SSH resilience
|
||||
2. **Add `--tailscale` flag** to `deploy-to-target.sh` as a convenience wrapper
|
||||
3. **Add rootful→rootless migration** as an automatic pre-step
|
||||
4. **Fix `first-boot-containers.sh`** for rootless (separate concern, for ISO builds)
|
||||
|
||||
## Changes
|
||||
|
||||
### 1. Rewrite `scripts/deploy-tailscale.sh` (~400 lines)
|
||||
|
||||
Currently 85 lines doing only binary+frontend. Rewrite to be a full deploy for any node, using split-mode SSH (each step = separate short SSH session) for Tailscale stability.
|
||||
|
||||
**Steps the new script will run (each as its own SSH session):**
|
||||
|
||||
1. SSH connectivity check
|
||||
2. Install prerequisites (rsync, node, npm) if missing
|
||||
3. Rsync code to target
|
||||
4. **Rootful→rootless migration** (detect `sudo podman ps -a`, stop & remove old rootful containers)
|
||||
5. Build frontend (nohup + poll, or skip if copy-only node)
|
||||
6. Build backend (nohup + poll, or skip if copy-only node)
|
||||
7. Create rollback backup
|
||||
8. Deploy binary (build locally or copy from .228)
|
||||
9. Deploy frontend (build locally or copy from .228)
|
||||
10. Deploy AIUI
|
||||
11. Sync nginx config + HTTPS snippets
|
||||
12. Sync systemd service
|
||||
13. **Setup rootless prereqs** (sysctl, linger, podman.socket)
|
||||
14. **Create data dirs + UID mapping** (full chown table from deploy-to-target.sh:670-689)
|
||||
15. **Dev mode** (ARCHIPELAGO_DEV_MODE=true for HTTP cookies over Tailscale)
|
||||
16. Deploy nostr-provider.js
|
||||
17. Deploy Claude API proxy (if ANTHROPIC_API_KEY available)
|
||||
18. Setup NTP + swap
|
||||
19. Restart services
|
||||
20. **Setup HTTPS** (with node's own IP in SAN)
|
||||
21. **Read Bitcoin RPC credentials** from server secrets
|
||||
22. **Create all containers** (Bitcoin, Mempool, BTCPay, ElectrumX, LND, Fedimint, Immich, HA, Grafana, Jellyfin, Vaultwarden, SearXNG, FileBrowser)
|
||||
23. **Setup Tor** hidden services
|
||||
24. **Fix UFW** forward policy
|
||||
25. **Fix IndeedHub** NIP-07 (if running)
|
||||
26. **Transfer custom images** for copy-only nodes (individual tarballs, never combined)
|
||||
27. Run container doctor
|
||||
28. Write deploy manifest
|
||||
29. Post-deploy health check
|
||||
|
||||
**Copy-only mode**: When target can't build (Arch 1/3), script detects no `cargo`/`npm` on target and copies pre-built artifacts from .228 via SSH pipe.
|
||||
|
||||
**Key sections to port from deploy-to-target.sh:**
|
||||
- Lines 646-689 — rootless prereqs + UID mapping
|
||||
- Lines 629-641 — dev mode
|
||||
- Lines 839-1474 — all container creation
|
||||
- Lines 1143-1234 — Tor setup
|
||||
- Lines 1477-1485 — UFW fix
|
||||
- Lines 1487-1545 — IndeedHub NIP-07
|
||||
|
||||
### 2. Add `--tailscale` flag to `deploy-to-target.sh` (~30 lines)
|
||||
|
||||
Wrapper that calls `deploy-tailscale.sh` for each node sequentially. Also add `--tailscale-node=arch1|arch2|arch3` for single-node targeting.
|
||||
|
||||
### 3. Rootful→rootless migration (in deploy-tailscale.sh step 4)
|
||||
|
||||
Auto-detect and handle:
|
||||
```
|
||||
ssh TARGET 'ROOTFUL=$(sudo podman ps -a 2>/dev/null | wc -l); if [ $ROOTFUL -gt 1 ]; then sudo podman stop --all; sudo podman rm --all; fi'
|
||||
```
|
||||
Data safe — `/var/lib/archipelago/` never deleted, only ownership fixed by UID mapping step.
|
||||
|
||||
### 4. Fix `scripts/first-boot-containers.sh` (5 targeted edits)
|
||||
|
||||
- **Line 15**: Change root check → archipelago user check (UID 1000)
|
||||
- **Line 140**: Change `10.88.0.0/16` → `0.0.0.0/0` (match deploy-to-target.sh)
|
||||
- **After line 111**: Add rootless prereqs (sysctl, linger, podman.socket)
|
||||
- **After line 113**: Add full UID mapping block
|
||||
- **Pin `:latest` tags**: photoprism, ollama, searxng, nginx-proxy-manager, penpot
|
||||
|
||||
### 5. Update `scripts/setup-https-dev.sh`
|
||||
|
||||
Dynamic SAN — detect node's own IPs (including Tailscale interface) instead of hardcoding .228/.198.
|
||||
|
||||
## Files Modified
|
||||
|
||||
| File | Change | ~Lines |
|
||||
|------|--------|--------|
|
||||
| `scripts/deploy-tailscale.sh` | Full rewrite — complete deploy with split-mode SSH | ~400 |
|
||||
| `scripts/deploy-to-target.sh` | Add `--tailscale` / `--tailscale-node` flags | ~30 |
|
||||
| `scripts/first-boot-containers.sh` | Fix for rootless (subnet, UID mapping, prereqs) | ~40 |
|
||||
| `scripts/setup-https-dev.sh` | Dynamic SAN with Tailscale IPs | ~15 |
|
||||
| `docs/BETA-PROGRESS.md` | Update TASK-11 status | ~5 |
|
||||
|
||||
## Auth State Preservation
|
||||
|
||||
All user state in `/var/lib/archipelago/` is **never touched** by deploys:
|
||||
- `sessions.json`, `user.json`, `identities/`, `secrets/`, `federation/`
|
||||
|
||||
## Verification
|
||||
|
||||
1. Deploy to Arch 2 first (has build tools, safest test)
|
||||
2. Then Arch 1/3 (copy-only mode)
|
||||
3. For each node: `podman ps` shows containers, `curl /health` returns 200, UI loads, login works
|
||||
4. Run container doctor — 0 fixes needed
|
||||
|
||||
## Order
|
||||
|
||||
1. Rewrite `deploy-tailscale.sh` (main deliverable)
|
||||
2. Add `--tailscale` flags to `deploy-to-target.sh`
|
||||
3. Fix `first-boot-containers.sh`
|
||||
4. Update `setup-https-dev.sh`
|
||||
5. Test: Arch 2 → Arch 1 → Arch 3
|
||||
6. Update BETA-PROGRESS.md
|
||||
Reference in New Issue
Block a user