bug fixing and deploy and build diagnostics

This commit is contained in:
Dorian
2026-03-22 03:30:21 +00:00
parent 1f8287c4c3
commit e4e0ef4f11
198 changed files with 21703 additions and 19587 deletions

View File

@@ -28,6 +28,9 @@
- [iso-build-session-2026-03-10.md](iso-build-session-2026-03-10.md) — ISO build session notes
- [unbundled-iso.md](unbundled-iso.md) — Unbundled ISO approach notes
## Infrastructure
- [project_bitcoin_rpc_auth.md](project_bitcoin_rpc_auth.md) — Bitcoin rpcauth, system Tor, reboot survival, container resilience
## Completed Work
- [project_mesh_198_issue.md](project_mesh_198_issue.md) — Mesh .198: 3 bugs fixed and deployed
- [project_indeedhub_arch3_fix.md](project_indeedhub_arch3_fix.md) — IndeedHub Arch 3: corrupted combined tarball fixed

View File

@@ -0,0 +1,21 @@
---
name: Bitcoin RPC rpcauth architecture
description: Bitcoin uses rpcauth (salted hash in config, password in secrets file), system Tor for containers, reboot survival
type: project
---
Bitcoin RPC uses `rpcauth` — salted HMAC-SHA256 hash in bitcoin.conf, plaintext password in `/var/lib/archipelago/secrets/bitcoin-rpc-password`. Credentials are STABLE across reboots, restarts, deploys.
**Why:** Cookie auth rotates on every Bitcoin restart, breaking all dependent containers with env-var-only credentials. The `rpcauth` approach keeps the password stable while never exposing plaintext in config files or CLI args.
**How to apply:**
- Bitcoin: reads rpcauth from bitcoin.conf (no CLI credential flags, config generated by first-boot or deploy)
- LND: `bitcoind.rpcuser/rpcpass` in lnd.conf (NOT rpccookie — LND v0.18.4 doesn't support it)
- All containers: read password from secrets file at creation time, passed via env vars
- Rust backend `bitcoin_rpc.rs`: reads from secrets file, cached with OnceCell
- bitcoin-ui: mounts `/var/lib/archipelago/secrets:/secrets:ro`, start.sh reads password and injects nginx auth header
- System Tor: `SocksPort 0.0.0.0:9050` + SocksPolicy, containers use `host.containers.internal:9050`
- `podman-restart.service` enabled for container auto-start after reboot
- Tor hidden service hostnames copied to `/var/lib/archipelago/tor-hostnames/` for readable access
- .198 ElectrumX points at .228's full Bitcoin node (pruned node can't run ElectrumX locally)
- Health monitor interval: 60 seconds — UI may briefly show "crashed" during restarts

View File

@@ -1,49 +1,44 @@
---
name: v1.3.0 Session Status (March 19 late)
description: Massive session — 33 pentest fixes, container reliability, federation, mesh channel, 30+ commits
name: v1.3.0 Session Status (March 20)
description: Tor management system, bug fixes, federation name sync — cloud files working both ways
type: project
---
## Deployed to .228 + .198
### What's Live
- All 33 pentest security fixes (backend + frontend + nginx)
- Container reliability: memory limits in scripts, crash recovery coordination, health badges
- Federation & Peers: DID persistence, rotation, node names, two-column layout, invite types
- Archipelago public channel in Mesh (Tor messaging)
- LND Connect with CORS fix (bulletproof)
- ElectrumX headers.subscribe fix
- FileBrowser auto-login
- Lightning channel backup export
- App iframe auto-retry
- Install progress persists across navigation
- Full Tor hidden service management (systemd path unit pattern — tor-helper.sh)
- Container doctor: system Tor preferred, archy-tor container removed
- Federation name sync: server rename pushes to peers
- Cloud files working both ways over Tor
- Arch channel local echo for sent messages
- Web5 Message button → Mesh redirect
- Node names in federation/peers
- PeerFiles header shows name + DID (not onion)
- Connected Nodes flex height
- Server name persistence (root-owned file fixed)
- Tor services UI: add from installed apps, delete, restart, auth/protocol badges
- Layout: Network Interfaces + Tor Services stack on normal screens
### Active Bugs (fix next session)
1. **Archipelago channel**: sent messages don't show to sender (no local echo), .228 says "no peers found"
2. **Web5 Send Message modal**: should redirect to Mesh chat, not show its own modal
3. **Cloud peer files**: "Operation failed" when browsing .198 files from .228 — Tor connection issue
4. **Server name save**: not persisting — no `server-name.txt` on server
5. **Node names**: still showing DIDs in some places (cloud peer header, some federation contexts)
6. **Tor**: ControlPort 0 fix applied manually but needs to be in deploy script/torrc generation
7. **Connected Nodes container**: not filling height, needs max-height fix in Web5 view
### Architecture: Tor Management
- Backend writes staged torrc + action file to /var/lib/archipelago/tor-config/
- systemd path unit (archipelago-tor-helper.path) triggers root-level service
- tor-helper.sh processes actions: write-torrc-and-restart, restart, delete-service, sync-hostnames
- NoNewPrivileges=yes safe — no sudo from backend
- Container doctor ensures system Tor stays running after deploys
- Web apps: port 80 on .onion → local app port; Protocol services: direct port
### Outstanding Tasks
- Tor restart button in Network UI
- Auto-restart Tor when features fail
- ISO build for alpha tester
- Deploy to Tailscale nodes (Arch 1/2/3)
- .198 stabilization (containers, memory limits)
- Container memory limits recreation on existing servers
- Meshcore public channel investigation (radio messages not showing)
- AIUI API key settings
- Message notification → open Mesh chat (not Web5)
- Loading state on Archipelago channel send ("Decentralization takes a sec")
### Onion Addresses (current)
- .228 archipelago: r33p5uzk2vxhdte4a5pfqgeax44a7b2lx57q32dxmx5llzyfz42lwnyd.onion
- .198 archipelago: mxn62m4odavwctlpsq2ozvhy3ibjpenlzemumwtkev7wviikttxvjhyd.onion
### Deploy Notes
- Backend binary: atomic swap via `cp -new` + `mv`
- Tor fix: remove `ControlPort 0` from torrc, chown debian-tor
- LND UI: rebuild with `--no-cache` for CORS credentials fix
- Always sync: frontend, nginx config, docker UIs, scripts, core source
### Still TODO
1. **Tor channel chat** — messages via Archipelago channel need testing/polish
2. **ISO build** — update build-auto-installer-iso.sh with tor-helper, systemd units, container doctor changes
3. **Better error messaging** — when nodes are down, addresses changed, all situations
4. **File access permissions** — public (no auth), federated (full access), peer-set (specific files)
5. **Auth on Tor app access** — login before accessing app via .onion (post-beta candidate)
6. **.198 health check** — deploy health check times out on .198 (backend works, likely timing)
**Why:** Session continuity for the massive v1.3.0 effort.
**How to apply:** Read at start of next session. Fix active bugs first, then ISO build.
**Why:** Session continuity for v1.3.0 beta stabilization effort.
**How to apply:** Read at start of next session. Work on TODO items in order.