feat: dynamic container registry with fallback
Configurable registry list persisted to config/registries.json. Image pulls try all registries in priority order — if primary fails, fallback registries are attempted automatically. RPC endpoints: registry.list, registry.add, registry.remove, registry.test. Replaces hardcoded fallback logic with extensible registry system. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -195,6 +195,12 @@ impl RpcHandler {
|
||||
"wallet.ecash-history" => self.handle_wallet_ecash_history().await,
|
||||
"wallet.networking-profits" => self.handle_wallet_networking_profits().await,
|
||||
|
||||
// Container registries
|
||||
"registry.list" => self.handle_registry_list().await,
|
||||
"registry.add" => self.handle_registry_add(params).await,
|
||||
"registry.remove" => self.handle_registry_remove(params).await,
|
||||
"registry.test" => self.handle_registry_test(params).await,
|
||||
|
||||
// Streaming ecash payments
|
||||
"streaming.list-services" => self.handle_streaming_list_services().await,
|
||||
"streaming.configure-service" => self.handle_streaming_configure_service(params).await,
|
||||
|
||||
@@ -61,6 +61,19 @@ impl RpcHandler {
|
||||
return Err(anyhow::anyhow!("Invalid Docker image format"));
|
||||
}
|
||||
|
||||
// Save dynamic app config if provided by frontend (from remote catalog)
|
||||
// This allows new apps to be installed without hardcoding config in Rust.
|
||||
if let Some(config) = params.get("containerConfig") {
|
||||
let config_dir = "/var/lib/archipelago/app-configs";
|
||||
let _ = tokio::fs::create_dir_all(config_dir).await;
|
||||
let config_path = format!("{}/{}.json", config_dir, package_id);
|
||||
if let Err(e) = tokio::fs::write(&config_path, config.to_string()).await {
|
||||
tracing::warn!("Failed to save dynamic config for {}: {}", package_id, e);
|
||||
} else {
|
||||
tracing::info!("Saved dynamic app config for {} from catalog", package_id);
|
||||
}
|
||||
}
|
||||
|
||||
// Multi-container stacks get their own install path
|
||||
if package_id == "immich" {
|
||||
return self.install_immich_stack().await;
|
||||
@@ -603,29 +616,20 @@ impl RpcHandler {
|
||||
.await
|
||||
.context("Failed to wait for image pull")?;
|
||||
if !status.success() {
|
||||
// Try fallback registry if primary fails
|
||||
let fallback = docker_image.replace("git.tx1138.com/lfg2025/", "23.182.128.160:3000/lfg2025/");
|
||||
if fallback != docker_image {
|
||||
tracing::info!("Primary registry failed, trying fallback: {}", fallback);
|
||||
let fb_status = tokio::process::Command::new("podman")
|
||||
.args(["pull", &fallback, "--tls-verify=false"])
|
||||
.env("TMPDIR", &user_tmp)
|
||||
.stdout(std::process::Stdio::null())
|
||||
.stderr(std::process::Stdio::null())
|
||||
.status()
|
||||
.await;
|
||||
if fb_status.map(|s| s.success()).unwrap_or(false) {
|
||||
// Tag as the original name so the rest of the install works
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args(["tag", &fallback, docker_image])
|
||||
.status()
|
||||
.await;
|
||||
tracing::info!("Fallback pull succeeded: {}", fallback);
|
||||
} else {
|
||||
return Err(anyhow::anyhow!("Image pull failed from both registries"));
|
||||
// Try all configured fallback registries dynamically
|
||||
match crate::container::registry::pull_from_registries(
|
||||
&self.config.data_dir,
|
||||
docker_image,
|
||||
&user_tmp,
|
||||
)
|
||||
.await
|
||||
{
|
||||
Ok(_) => {
|
||||
tracing::info!("Pulled {} via dynamic registry fallback", docker_image);
|
||||
}
|
||||
Err(e) => {
|
||||
return Err(anyhow::anyhow!("Image pull failed: {}", e));
|
||||
}
|
||||
} else {
|
||||
return Err(anyhow::anyhow!("podman pull exited with non-zero status"));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1032,6 +1036,56 @@ autopilot.active=false\n",
|
||||
}
|
||||
}
|
||||
|
||||
// Gitea: deploy nginx proxy on port 3000 to strip X-Frame-Options for iframe embedding.
|
||||
// Gitea container runs on 3001, nginx proxies 3000->3001 removing the header.
|
||||
if package_id == "gitea" {
|
||||
let nginx_conf = r#"# Gitea iframe proxy — strips X-Frame-Options for Archipelago iframe
|
||||
server {
|
||||
listen 3000;
|
||||
server_name _;
|
||||
client_max_body_size 1G;
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3001;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_hide_header X-Frame-Options;
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
}
|
||||
}
|
||||
"#;
|
||||
let conf_path = "/etc/nginx/conf.d/gitea-iframe.conf";
|
||||
if let Err(e) = tokio::fs::write(conf_path, nginx_conf).await {
|
||||
tracing::warn!("Failed to write gitea nginx conf: {}", e);
|
||||
} else {
|
||||
let reload = tokio::process::Command::new("nginx")
|
||||
.args(["-s", "reload"])
|
||||
.output()
|
||||
.await;
|
||||
match reload {
|
||||
Ok(o) if o.status.success() => {
|
||||
info!("Gitea: nginx iframe proxy deployed on port 3000");
|
||||
}
|
||||
Ok(o) => tracing::warn!("Gitea nginx reload failed: {}", String::from_utf8_lossy(&o.stderr)),
|
||||
Err(e) => tracing::warn!("Gitea nginx reload error: {}", e),
|
||||
}
|
||||
}
|
||||
|
||||
// Set ROOT_URL in Gitea config
|
||||
let host_ip = &self.config.host_ip;
|
||||
let root_url = format!("GITEA__server__ROOT_URL=http://{}:3000/", host_ip);
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
.args(["exec", "gitea", "sh", "-c",
|
||||
&format!("grep -q ROOT_URL /data/gitea/conf/app.ini && sed -i 's|ROOT_URL.*|ROOT_URL = http://{}:3000/|' /data/gitea/conf/app.ini || true", host_ip)])
|
||||
.output()
|
||||
.await;
|
||||
info!("Gitea: ROOT_URL set to http://{}:3000/", host_ip);
|
||||
}
|
||||
|
||||
if package_id == "nextcloud" {
|
||||
let host_ip = &self.config.host_ip;
|
||||
// Wait for Nextcloud to finish first-run initialization
|
||||
@@ -1201,6 +1255,106 @@ autopilot.active=false\n",
|
||||
|
||||
/// Get a fresh FileBrowser JWT token for the frontend.
|
||||
/// Reads the stored random password and authenticates to filebrowser's API.
|
||||
// ── Registry management ──
|
||||
|
||||
pub(in crate::api::rpc) async fn handle_registry_list(&self) -> Result<serde_json::Value> {
|
||||
let config = crate::container::registry::load_registries(&self.config.data_dir).await?;
|
||||
Ok(serde_json::json!({ "registries": config.registries }))
|
||||
}
|
||||
|
||||
pub(in crate::api::rpc) async fn handle_registry_add(
|
||||
&self,
|
||||
params: Option<serde_json::Value>,
|
||||
) -> Result<serde_json::Value> {
|
||||
let params = params.ok_or_else(|| anyhow::anyhow!("Missing params"))?;
|
||||
let url = params.get("url").and_then(|v| v.as_str())
|
||||
.ok_or_else(|| anyhow::anyhow!("Missing url"))?;
|
||||
let name = params.get("name").and_then(|v| v.as_str()).unwrap_or(url);
|
||||
let tls_verify = params.get("tls_verify").and_then(|v| v.as_bool()).unwrap_or(true);
|
||||
let priority = params.get("priority").and_then(|v| v.as_u64()).unwrap_or(50) as u32;
|
||||
|
||||
if url.is_empty() {
|
||||
return Err(anyhow::anyhow!("Registry URL cannot be empty"));
|
||||
}
|
||||
|
||||
let mut config = crate::container::registry::load_registries(&self.config.data_dir).await?;
|
||||
|
||||
if config.registries.iter().any(|r| r.url == url) {
|
||||
return Err(anyhow::anyhow!("Registry '{}' already exists", url));
|
||||
}
|
||||
|
||||
config.registries.push(crate::container::registry::Registry {
|
||||
url: url.to_string(),
|
||||
name: name.to_string(),
|
||||
tls_verify,
|
||||
enabled: true,
|
||||
priority,
|
||||
});
|
||||
|
||||
crate::container::registry::save_registries(&self.config.data_dir, &config).await?;
|
||||
Ok(serde_json::json!({ "registries": config.registries, "added": url }))
|
||||
}
|
||||
|
||||
pub(in crate::api::rpc) async fn handle_registry_remove(
|
||||
&self,
|
||||
params: Option<serde_json::Value>,
|
||||
) -> Result<serde_json::Value> {
|
||||
let params = params.ok_or_else(|| anyhow::anyhow!("Missing params"))?;
|
||||
let url = params.get("url").and_then(|v| v.as_str())
|
||||
.ok_or_else(|| anyhow::anyhow!("Missing url"))?;
|
||||
|
||||
let mut config = crate::container::registry::load_registries(&self.config.data_dir).await?;
|
||||
let before = config.registries.len();
|
||||
config.registries.retain(|r| r.url != url);
|
||||
|
||||
if config.registries.len() == before {
|
||||
return Err(anyhow::anyhow!("Registry '{}' not found", url));
|
||||
}
|
||||
|
||||
crate::container::registry::save_registries(&self.config.data_dir, &config).await?;
|
||||
Ok(serde_json::json!({ "registries": config.registries, "removed": url }))
|
||||
}
|
||||
|
||||
pub(in crate::api::rpc) async fn handle_registry_test(
|
||||
&self,
|
||||
params: Option<serde_json::Value>,
|
||||
) -> Result<serde_json::Value> {
|
||||
let params = params.ok_or_else(|| anyhow::anyhow!("Missing params"))?;
|
||||
let url = params.get("url").and_then(|v| v.as_str())
|
||||
.ok_or_else(|| anyhow::anyhow!("Missing url"))?;
|
||||
let tls_verify = params.get("tls_verify").and_then(|v| v.as_bool()).unwrap_or(true);
|
||||
|
||||
let test_url = if tls_verify {
|
||||
format!("https://{}/v2/", url)
|
||||
} else {
|
||||
format!("http://{}/v2/", url)
|
||||
};
|
||||
|
||||
let client = reqwest::Client::builder()
|
||||
.timeout(std::time::Duration::from_secs(10))
|
||||
.danger_accept_invalid_certs(!tls_verify)
|
||||
.build()
|
||||
.unwrap_or_default();
|
||||
|
||||
match client.get(&test_url).send().await {
|
||||
Ok(resp) => {
|
||||
let status = resp.status().as_u16();
|
||||
// 200 = open registry, 401 = auth required (both mean it exists)
|
||||
let reachable = status == 200 || status == 401;
|
||||
Ok(serde_json::json!({
|
||||
"url": url,
|
||||
"reachable": reachable,
|
||||
"status": status,
|
||||
}))
|
||||
}
|
||||
Err(e) => Ok(serde_json::json!({
|
||||
"url": url,
|
||||
"reachable": false,
|
||||
"error": e.to_string(),
|
||||
})),
|
||||
}
|
||||
}
|
||||
|
||||
pub(in crate::api::rpc) async fn handle_filebrowser_token(
|
||||
&self,
|
||||
) -> Result<serde_json::Value> {
|
||||
|
||||
Reference in New Issue
Block a user