lfg2025/archy
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 33 Wiki Activity

chore: release v1.7.57-alpha

Browse Source
This commit is contained in:
archipelago
2026-05-17 17:30:04 -04:00
parent a322b04021
commit 7804223152
37 changed files with 382 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/container-specs.sh
View File

@@ -99,6 +99,10 @@ reset_spec() {
SPEC_ENTRYPOINT=""
}
if ! declare -F alloc_port >/dev/null 2>&1; then
alloc_port() { printf '%s' "$2"; }
fi
# ── Tier 0: Databases ────────────────────────────────────────────────
load_spec_archy-mempool-db() {
@@ -493,13 +497,17 @@ load_spec_nginx-proxy-manager() {
reset_spec
SPEC_NAME="nginx-proxy-manager"
SPEC_IMAGE="${NPM_IMAGE}"
SPEC_PORTS="81:81 8084:80 8444:443"
local admin_port http_port https_port
admin_port=$(alloc_port nginx-proxy-manager 8081 81)
http_port=$(alloc_port nginx-proxy-manager-http 8084 80)
https_port=$(alloc_port nginx-proxy-manager-https 8444 443)
SPEC_PORTS="$admin_port:81 $http_port:80 $https_port:443"
SPEC_VOLUMES="/var/lib/archipelago/nginx-proxy-manager/data:/data /var/lib/archipelago/nginx-proxy-manager/letsencrypt:/etc/letsencrypt"
SPEC_MEMORY="$(mem_limit nginx-proxy-manager)"
SPEC_HEALTH_CMD="curl -sf http://localhost:81/ || exit 1"
SPEC_TIER="3"
SPEC_DATA_DIR="/var/lib/archipelago/nginx-proxy-manager"
SPEC_CAPS="CHOWN SETUID SETGID NET_BIND_SERVICE"
SPEC_CAPS="CHOWN FOWNER SETUID SETGID DAC_OVERRIDE NET_BIND_SERVICE"
SPEC_OPTIONAL="true"
}

2
scripts/deploy-tailscale.sh
View File

@@ -914,7 +914,7 @@ LNDCONF
--health-cmd 'curl -sf http://localhost:81/' --health-interval=30s --health-timeout=5s --health-retries=3 \
--cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add NET_BIND_SERVICE \
--security-opt no-new-privileges:true \
-p 81:81 -p 8084:80 -p 8444:443 \
-p 8081:81 -p 8084:80 -p 8444:443 \
-v /var/lib/archipelago/nginx-proxy-manager/data:/data \
-v /var/lib/archipelago/nginx-proxy-manager/letsencrypt:/etc/letsencrypt \
$NPM_IMAGE

38
scripts/first-boot-containers.sh
View File

@@ -48,6 +48,37 @@ SCRIPT_DIR_FBC="$(cd "$(dirname "$0")" && pwd)"
# as root (rootful podman), the backend can't see them at all.
DOCKER="runuser -u archipelago -- env XDG_RUNTIME_DIR=/run/user/$(id -u archipelago) podman"
PORT_ALLOC_FILE="/var/lib/archipelago/port-allocations.env"
mkdir -p /var/lib/archipelago 2>/dev/null || true
[ -f "$PORT_ALLOC_FILE" ] && . "$PORT_ALLOC_FILE"
port_available() {
local port="$1"
ss -ltn 2>/dev/null | awk -v p=":$port" '$4 == p || $4 ~ p "$" { found=1 } END { exit found ? 1 : 0 }'
}
alloc_port() {
local key="$1" preferred="$2" var="PORT_${key//[^A-Za-z0-9]/_}" cur=""
eval "cur=\${$var:-}"
if [ -n "$cur" ] && port_available "$cur"; then
printf '%s' "$cur"
return
fi
if port_available "$preferred"; then
cur="$preferred"
else
cur=""
for p in $(seq 8085 9999); do
if port_available "$p"; then cur="$p"; break; fi
done
fi
[ -n "$cur" ] || cur="$preferred"
if ! grep -q "^$var=" "$PORT_ALLOC_FILE" 2>/dev/null; then
printf '%s=%s\n' "$var" "$cur" >> "$PORT_ALLOC_FILE"
fi
printf '%s' "$cur"
}
# UNBUNDLED mode: only create FileBrowser, skip all other containers.
# Users install apps on-demand from the Marketplace.
UNBUNDLED_MARKER="/opt/archipelago/.unbundled"
@@ -1146,12 +1177,15 @@ track_container "filebrowser"
if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q nginx-proxy-manager; then
log "Creating Nginx Proxy Manager..."
mkdir -p /var/lib/archipelago/nginx-proxy-manager/data /var/lib/archipelago/nginx-proxy-manager/letsencrypt
NPM_ADMIN_PORT=$(alloc_port nginx-proxy-manager 8081)
NPM_HTTP_PORT=$(alloc_port nginx-proxy-manager-http 8084)
NPM_HTTPS_PORT=$(alloc_port nginx-proxy-manager-https 8444)
$DOCKER run -d --name nginx-proxy-manager --restart unless-stopped \
--health-cmd="curl -sf http://localhost:81/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
--memory=$(mem_limit nginx-proxy-manager) \
--cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add NET_BIND_SERVICE \
--cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE --cap-add NET_BIND_SERVICE \
--security-opt no-new-privileges:true \
-p 81:81 -p 8084:80 -p 8444:443 \
-p ${NPM_ADMIN_PORT}:81 -p ${NPM_HTTP_PORT}:80 -p ${NPM_HTTPS_PORT}:443 \
-v /var/lib/archipelago/nginx-proxy-manager/data:/data \
-v /var/lib/archipelago/nginx-proxy-manager/letsencrypt:/etc/letsencrypt \
"${NPM_IMAGE}" 2>>"$LOG" || true

2
scripts/nginx-https-app-proxies.conf
View File

@@ -204,7 +204,7 @@ location /app/electrs-ui/ {
proxy_hide_header Content-Security-Policy;
}
location /app/nginx-proxy-manager/ {
proxy_pass http://127.0.0.1:81/;
proxy_pass http://127.0.0.1:8081/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

70
scripts/reconcile-containers.sh
View File

@@ -63,6 +63,37 @@ header(){ echo -e "\n${BOLD}$*${NC}"; }
source "$SCRIPT_DIR/container-specs.sh" || { echo "Cannot source container-specs.sh"; exit 1; }
detect_environment
PORT_ALLOC_FILE="/var/lib/archipelago/port-allocations.env"
[ -f "$PORT_ALLOC_FILE" ] && . "$PORT_ALLOC_FILE"
port_available() {
local port="$1"
ss -ltn 2>/dev/null | awk -v p=":$port" '$4 == p || $4 ~ p "$" { found=1 } END { exit found ? 1 : 0 }'
}
alloc_port() {
local key="$1" preferred="$2" var="PORT_${key//[^A-Za-z0-9]/_}" cur=""
eval "cur=\${$var:-}"
if [ -n "$cur" ] && port_available "$cur"; then
printf '%s' "$cur"
return
fi
if port_available "$preferred"; then
cur="$preferred"
else
cur=""
for p in $(seq 8085 9999); do
if port_available "$p"; then cur="$p"; break; fi
done
fi
[ -n "$cur" ] || cur="$preferred"
sudo mkdir -p "$(dirname "$PORT_ALLOC_FILE")" 2>/dev/null || true
if ! grep -q "^$var=" "$PORT_ALLOC_FILE" 2>/dev/null; then
printf '%s=%s\n' "$var" "$cur" | sudo tee -a "$PORT_ALLOC_FILE" >/dev/null
fi
printf '%s' "$cur"
}
# ── Podman command ───────────────────────────────────────────────────
# Run as archipelago user — podman sees rootless containers directly.
# Use sudo only for chown/mkdir operations.
@@ -154,6 +185,39 @@ host_port_listening() {
'
}
prepare_bind_source() {
local source="$1"
[ -n "$source" ] || return 0
case "$source" in
/run/user/*/podman/podman.sock)
if [ ! -S "$source" ]; then
local runtime_dir="${source%/podman/podman.sock}"
XDG_RUNTIME_DIR="$runtime_dir" systemctl --user start podman.socket 2>/dev/null || true
for _ in 1 2 3 4 5 6 7 8 9 10; do
[ -S "$source" ] && return 0
sleep 0.25
done
fi
;;
esac
case "$source" in
/var/lib/archipelago/*)
sudo mkdir -p "$source" 2>/dev/null
;;
*)
# Non-data bind mounts can be files/sockets/devices. Creating the full
# path would turn e.g. podman.sock into a directory and break Portainer.
if [ -e "$source" ]; then
return 0
fi
fail "bind source missing: $source"
return 1
;;
esac
}
container_has_mount() {
local name="$1" source="$2" target="$3"
$PODMAN inspect "$name" --format '{{range .Mounts}}{{println .Source "|" .Destination}}{{end}}' 2>/dev/null \
@@ -536,7 +600,11 @@ reconcile() {
else
for v in $SPEC_VOLUMES; do
local host_dir="${v%%:*}"
[ -n "$host_dir" ] && sudo mkdir -p "$host_dir" 2>/dev/null
prepare_bind_source "$host_dir" || {
COUNT_FAILED=$((COUNT_FAILED + 1))
FAILED_LIST+=" $name"
return
}
done
if eval "$(build_run_cmd)" >/dev/null 2>&1; then
fixed "$name — created"