feat: federate 3 servers with Tor, fix inter-node auth (FED-DEPLOY-02)

- Add tor-hostnames fallback for reading onion addresses when system Tor
  owns hidden_service directories (permissions 700)
- Exempt federation.peer-joined, federation.get-state, and
  federation.peer-address-changed from auth/CSRF (inter-node RPC)
- Set up system Tor with AppArmor overrides on archipelago-2 and 3
- All 3 servers federated and syncing successfully

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-13 01:52:50 +00:00
parent 16f6cda679
commit c45f0c8fb8
3 changed files with 21 additions and 1 deletions

View File

@@ -73,6 +73,10 @@ const UNAUTHENTICATED_METHODS: &[&str] = &[
"auth.login.backup",
"auth.isOnboardingComplete",
"health",
// Inter-node RPC: called by federated peers over Tor, no session cookies
"federation.peer-joined",
"federation.peer-address-changed",
"federation.get-state",
];
pub struct RpcHandler {