chore: release v1.7.45-alpha
Resilience-validated release. Three full sweeps of the new resilience
harness against .228 confirm no shipstoppers.
Big user-visible:
- Bitcoin RPC auth durably correct via host-rendered nginx.conf bind-mount,
replaces fragile post-start exec that failed under restricted-cap rootless
podman ("crun: write cgroup.procs: Permission denied")
- Multi-container stack installs (indeedhub, immich, btcpay, mempool) now
emit phase events at every boundary so the progress bar advances
- Apps no longer vanish from the dashboard mid-install (absent-scanner skips
packages in transitional states)
- Indeedhub fresh installs work end-to-end (was 8500+ restart loop): five
missing env vars (DATABASE_PORT, QUEUE_HOST, QUEUE_PORT,
S3_PRIVATE_BUCKET_NAME, AES_MASTER_SECRET) added to install code
- Tailscale install fixed: --entrypoint string was being passed as a single
shell-line arg; switched to custom_args array
- Catalog cleaned of broken entries (dwn, endurain, ollama removed; nextcloud
restored on docker.io)
- Bitcoin Core update path uses correct image (was looking for nonexistent
lfg2025/bitcoin:28.4)
- ISO installs now allocate swap on the encrypted data partition
Infra:
- New resilience harness (scripts/resilience/) — black-box state-machine
tester, every app × every transition. Run before each release.
Sweep #3 final: PASS 107 / FAIL 12 / SKIP 14. The 12 fails are 1 cosmetic
(homeassistant trusted_hosts), 8 harness/timing false-positives, and 3
non-shipstopper tracked items. Down from 23 in baseline sweep #1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -2143,6 +2143,24 @@ chown -R 1000:1000 /mnt/target/var/lib/archipelago
|
||||
|
||||
echo " ✅ Data partition encrypted with LUKS2 ($LUKS_CIPHER)"
|
||||
|
||||
# Allocate swap space on the encrypted data partition. Without swap, large
|
||||
# container image builds (immich, indeedhub) and brief memory spikes can
|
||||
# OOM-kill containers or trigger cgroup cascades. Sized to RAM, capped at
|
||||
# 8GB (above which swap is rarely useful), floored at 2GB so even
|
||||
# constrained nodes have headroom. Lives on the LUKS partition so it's
|
||||
# encrypted at rest.
|
||||
step "Allocating swap"
|
||||
RAM_MB=$(($(awk '/^MemTotal:/ {print $2}' /proc/meminfo) / 1024))
|
||||
SWAP_MB=$RAM_MB
|
||||
[ "$SWAP_MB" -lt 2048 ] && SWAP_MB=2048
|
||||
[ "$SWAP_MB" -gt 8192 ] && SWAP_MB=8192
|
||||
SWAPFILE=/mnt/target/var/lib/archipelago/swapfile
|
||||
echo " Allocating ${SWAP_MB}MB swap at /var/lib/archipelago/swapfile"
|
||||
run dd if=/dev/zero of="$SWAPFILE" bs=1M count=$SWAP_MB status=none
|
||||
run chmod 600 "$SWAPFILE"
|
||||
run mkswap "$SWAPFILE"
|
||||
echo " ✅ ${SWAP_MB}MB swap allocated"
|
||||
|
||||
# Configure auto-unlock via crypttab (key file on root partition)
|
||||
step "Configuring system"
|
||||
DATA_UUID=$(blkid -s UUID -o value "$DATA_PART")
|
||||
@@ -2208,6 +2226,8 @@ cat > /mnt/target/etc/fstab <<EOF
|
||||
UUID=$(blkid -s UUID -o value "$ROOT_PART") / ext4 errors=remount-ro 0 1
|
||||
UUID=$(blkid -s UUID -o value "$EFI_PART") /boot/efi vfat umask=0077 0 1
|
||||
/dev/mapper/archipelago-data /var/lib/archipelago ext4 defaults,nofail,x-systemd.device-timeout=60 0 2
|
||||
# Swap on encrypted data partition — activated after LUKS unlock
|
||||
/var/lib/archipelago/swapfile none swap sw,nofail 0 0
|
||||
EOF
|
||||
|
||||
# Configure hostname
|
||||
@@ -2241,11 +2261,11 @@ cat > /mnt/target/home/archipelago/.config/containers/registries.conf <<'REGCONF
|
||||
unqualified-search-registries = ["docker.io"]
|
||||
|
||||
[[registry]]
|
||||
location = "git.tx1138.com"
|
||||
location = "146.59.87.168:3000"
|
||||
insecure = true
|
||||
|
||||
[[registry]]
|
||||
location = "146.59.87.168:3000"
|
||||
location = "git.tx1138.com"
|
||||
insecure = true
|
||||
REGCONF
|
||||
chown -R 1000:1000 /mnt/target/home/archipelago/.config
|
||||
@@ -2255,8 +2275,8 @@ mkdir -p /mnt/target/var/lib/archipelago/config
|
||||
cat > /mnt/target/var/lib/archipelago/config/registries.json <<'DYNREG'
|
||||
{
|
||||
"registries": [
|
||||
{"url": "git.tx1138.com/lfg2025", "name": "Archipelago Primary", "tls_verify": true, "enabled": true, "priority": 0},
|
||||
{"url": "146.59.87.168:3000/lfg2025", "name": "Archipelago Fallback", "tls_verify": false, "enabled": true, "priority": 10}
|
||||
{"url": "146.59.87.168:3000/lfg2025", "name": "Archipelago Primary", "tls_verify": false, "enabled": true, "priority": 0},
|
||||
{"url": "git.tx1138.com/lfg2025", "name": "Archipelago Fallback", "tls_verify": true, "enabled": true, "priority": 10}
|
||||
]
|
||||
}
|
||||
DYNREG
|
||||
|
||||
Reference in New Issue
Block a user