refactor: update dependencies and remove unused code
- Added new dependencies: `adler2`, `crc32fast`, `flate2`, `miniz_oxide`, and `libredox`. - Updated existing dependencies: `tokio-rustls` to version 0.26.4 and `filetime` to version 0.2.27. - Removed the `backup.rs` file as it is no longer needed. - Introduced tests for configuration and credential management. - Enhanced the `identity` module to generate W3C compliant DID documents. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
14
image-recipe/configs/archipelago-kiosk-watchdog.service
Normal file
14
image-recipe/configs/archipelago-kiosk-watchdog.service
Normal file
@@ -0,0 +1,14 @@
|
||||
[Unit]
|
||||
Description=Archipelago Kiosk Watchdog
|
||||
After=archipelago.service
|
||||
Wants=archipelago.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=root
|
||||
ExecStart=/usr/local/bin/archipelago-kiosk-watchdog
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
22
image-recipe/configs/archipelago-kiosk.service
Normal file
22
image-recipe/configs/archipelago-kiosk.service
Normal file
@@ -0,0 +1,22 @@
|
||||
[Unit]
|
||||
Description=Archipelago Kiosk (X11 + Chromium)
|
||||
After=archipelago.service graphical.target
|
||||
Wants=archipelago.service
|
||||
ConditionPathExists=/usr/local/bin/archipelago-kiosk-x11
|
||||
Conflicts=getty@tty1.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=archipelago
|
||||
Environment="HOME=/home/archipelago"
|
||||
Environment="DISPLAY=:0"
|
||||
# Wait for backend before launching UI
|
||||
ExecStartPre=/bin/bash -c 'for i in $(seq 1 30); do curl -sf http://localhost/health >/dev/null 2>&1 && exit 0; sleep 2; done; exit 0'
|
||||
ExecStart=/usr/bin/startx /usr/local/bin/archipelago-kiosk-x11 -- -nocursor vt1
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
StandardInput=tty
|
||||
TTYPath=/dev/tty1
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -14,10 +14,12 @@ server {
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' ws: wss:; frame-src *" always;
|
||||
|
||||
# AIUI SPA (Chat mode iframe)
|
||||
# Use =404 fallback instead of index.html to prevent serving HTML with wrong
|
||||
# MIME type when JS/CSS files are missing (causes module script MIME errors)
|
||||
location /aiui/ {
|
||||
alias /opt/archipelago/web-ui/aiui/;
|
||||
index index.html;
|
||||
try_files $uri $uri/ /aiui/index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# AIUI Claude API proxy — requires valid session cookie
|
||||
@@ -403,6 +405,39 @@ server {
|
||||
proxy_send_timeout 86400s;
|
||||
}
|
||||
|
||||
# External site proxies — strip X-Frame-Options so iframe embedding works.
|
||||
# add_header here prevents inheritance of server-level X-Frame-Options.
|
||||
location /ext/botfights/ {
|
||||
proxy_pass https://botfights.net/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host botfights.net;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_hide_header X-Frame-Options;
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
proxy_hide_header Cross-Origin-Embedder-Policy;
|
||||
proxy_hide_header Cross-Origin-Opener-Policy;
|
||||
proxy_hide_header Cross-Origin-Resource-Policy;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
}
|
||||
location /ext/484-kitchen/ {
|
||||
proxy_pass https://484.kitchen/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host 484.kitchen;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_hide_header X-Frame-Options;
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
}
|
||||
location /ext/arch-presentation/ {
|
||||
proxy_pass https://present.l484.com/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host present.l484.com;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_hide_header X-Frame-Options;
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
}
|
||||
|
||||
# Proxy WebSocket
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:5678;
|
||||
@@ -600,6 +635,40 @@ server {
|
||||
}
|
||||
# All remaining app proxies (mempool, fedimint, lnd, bitcoin-ui, etc.)
|
||||
include snippets/archipelago-https-app-proxies.conf;
|
||||
|
||||
# External site proxies — strip X-Frame-Options so iframe embedding works.
|
||||
# add_header here prevents inheritance of server-level X-Frame-Options.
|
||||
location /ext/botfights/ {
|
||||
proxy_pass https://botfights.net/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host botfights.net;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_hide_header X-Frame-Options;
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
proxy_hide_header Cross-Origin-Embedder-Policy;
|
||||
proxy_hide_header Cross-Origin-Opener-Policy;
|
||||
proxy_hide_header Cross-Origin-Resource-Policy;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
}
|
||||
location /ext/484-kitchen/ {
|
||||
proxy_pass https://484.kitchen/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host 484.kitchen;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_hide_header X-Frame-Options;
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
}
|
||||
location /ext/arch-presentation/ {
|
||||
proxy_pass https://present.l484.com/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host present.l484.com;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_hide_header X-Frame-Options;
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:5678;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
Reference in New Issue
Block a user