fix: container stability, OnlyOffice removal, node bootstrapping, UI fixes
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 50m9s

Container orchestration:
- Add --network-alias to all archy-net containers (fixes Podman DNS)
- Fix bitcoin-knots health check: expand $BITCOIN_RPC_PASS at creation
- Increase bitcoin-knots memory limit to 4g, reduce dbcache to 2048
- Enable podman-restart.service in ISO for auto-start on boot
- Fix UI container Dockerfiles: ENTRYPOINT [], user root for rootless

App changes:
- Remove OnlyOffice (incompatible with rootless Podman)
- Replace with CryptPad reference (single-process, e2e encrypted)
- Fix NPM port mapping: 8181 → 81
- Fix OnlyOffice port mapping: 8044 → 9980 (now CryptPad: 3003)

AIUI & proxy:
- Add MODEL_MAP to claude-api-proxy (ISO + deploy)
- Map legacy model IDs (claude-haiku-4.5 → claude-haiku-4-5-20251001)

Kiosk:
- Move chromium-kiosk data dir to /var/lib/archipelago (data partition)
- Remove --metrics-recording-only (contradicted --disable-metrics)

Node bootstrapping:
- Add bootstrap-switchover.sh for live node updates
- ElectrumX UI improvements and nginx proxy fixes
- LND UI nginx config updates

Backend:
- Bitcoin health check uses .cookie auth (no plaintext creds)
- ElectrumX status endpoint improvements
- Network alias flag in install.rs for DNS reliability

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-02 16:15:04 +01:00
parent 56d11f5c99
commit c6e55e9dd0
13 changed files with 423 additions and 113 deletions

View File

@@ -59,7 +59,7 @@ pub(super) fn get_app_capabilities(app_id: &str) -> Vec<String> {
"--cap-add=NET_RAW".to_string(),
],
"nextcloud" | "btcpay-server" | "btcpayserver"
| "onlyoffice" | "onlyoffice-documentserver" | "portainer" => vec![
| "portainer" => vec![
"--cap-add=CHOWN".to_string(),
"--cap-add=SETUID".to_string(),
"--cap-add=SETGID".to_string(),
@@ -156,11 +156,10 @@ pub(super) fn is_readonly_compatible(app_id: &str) -> bool {
/// Get container health check arguments for podman run.
/// Returns (health-cmd, interval, retries) args to append to run_args.
pub(super) fn get_health_check_args(app_id: &str, rpc_pass: &str) -> Vec<String> {
let btc_health = format!(
"bitcoin-cli -rpcuser=archipelago -rpcpassword={} getblockchaininfo || exit 1",
rpc_pass
);
pub(super) fn get_health_check_args(app_id: &str, _rpc_pass: &str) -> Vec<String> {
// bitcoin-cli reads the .cookie file from -datadir automatically (no plaintext creds needed)
let btc_health = "bitcoin-cli -datadir=/home/bitcoin/.bitcoin getblockchaininfo || exit 1"
.to_string();
let (cmd, interval, retries) = match app_id {
"bitcoin" | "bitcoin-core" | "bitcoin-knots" => (btc_health.as_str(), "30s", "3"),
"lnd" => ("lncli getinfo || exit 1", "30s", "3"),
@@ -256,7 +255,7 @@ pub(super) fn get_memory_limit(app_id: &str) -> &'static str {
match app_id {
// Heavy apps
"bitcoin" | "bitcoin-core" | "bitcoin-knots" => "4g",
"onlyoffice" | "onlyoffice-documentserver" => "2g",
"cryptpad" => "512m",
"ollama" => "4g",
// Medium apps
"lnd" => "512m",
@@ -566,9 +565,9 @@ pub(super) async fn get_app_config(
None,
None,
),
"onlyoffice" | "onlyoffice-documentserver" => (
vec!["9980:80".to_string()],
vec![],
"cryptpad" => (
vec!["3003:3000".to_string()],
vec!["/var/lib/archipelago/cryptpad:/cryptpad/datastore".to_string()],
vec![],
None,
None,

View File

@@ -360,11 +360,11 @@ fn get_app_metadata(app_id: &str) -> AppMetadata {
repo: "https://github.com/searxng/searxng".to_string(),
tier: "",
},
"onlyoffice" | "onlyoffice-documentserver" => AppMetadata {
title: "OnlyOffice".to_string(),
description: "Office suite and document collaboration".to_string(),
icon: "/assets/img/app-icons/onlyoffice.webp".to_string(),
repo: "https://github.com/ONLYOFFICE/DocumentServer".to_string(),
"cryptpad" => AppMetadata {
title: "CryptPad".to_string(),
description: "End-to-end encrypted document collaboration".to_string(),
icon: "/assets/img/app-icons/cryptpad.webp".to_string(),
repo: "https://github.com/cryptpad/cryptpad".to_string(),
tier: "",
},
"penpot" | "penpot-frontend" => AppMetadata {

View File

@@ -165,9 +165,9 @@ pub async fn get_electrs_sync_status() -> ElectrsSyncStatus {
let tor_onion = {
let mut onion = None;
for path in &[
"/var/lib/archipelago/tor-hostnames/electrs",
"/var/lib/tor/hidden_service_electrs/hostname",
"/var/lib/archipelago/tor/hidden_service_electrs/hostname",
"/var/lib/archipelago/tor-hostnames/electrumx",
"/var/lib/tor/hidden_service_electrumx/hostname",
"/var/lib/archipelago/tor/hidden_service_electrumx/hostname",
] {
if let Ok(addr) = tokio::fs::read_to_string(path).await {
let addr = addr.trim().to_string();

View File

@@ -116,7 +116,7 @@ impl PodmanClient {
"grafana" => "http://localhost:3000",
"searxng" => "http://localhost:8888",
"ollama" => "http://localhost:11434",
"onlyoffice" => "http://localhost:9980",
"cryptpad" => "http://localhost:3003",
"penpot" => "http://localhost:9001",
"nextcloud" => "http://localhost:8085",
"vaultwarden" => "http://localhost:8082",