Critical: headless services (Bitcoin, LND, Electrumx) need companion
UI containers that serve web dashboards. These were only built for
Bitcoin, and only on bundled ISO builds.
Changes:
- install.rs: auto-build UI containers for LND (port 8081) and
Electrumx (port 50002) in addition to Bitcoin (port 8334)
- build-auto-installer-iso.sh: always bundle docker UI source files
(was skipping for unbundled builds — they're tiny HTML, not images)
- Dockerfiles: fix nginx base image tag 1.29.6→1.27.4 (matches registry)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fedimintd v0.10.0 requires --data-dir and --bitcoind-url as CLI args,
not just env vars. Container was exiting with usage error.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add orchestration_tests.rs + mock_podman.rs (container unit tests)
- Add container-tests.yml CI workflow
- Add dev-container-test.sh for local testing
- MASTER_PLAN.md: add TASK-49 (P0) with 6-phase plan
- Login.vue: minor fixes from user testing
- AppCard.vue: enter key handler fix
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dashboard System card now reports disk usage for /var/lib/archipelago
(the LUKS encrypted partition) instead of / (small root partition).
This shows the actual usable storage (428GB) rather than the 29GB root.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Container image pulls were filling the 29GB root partition (100% full
after 6 images). Now podman graphroot points to /var/lib/archipelago/
containers/storage on the 400GB+ LUKS encrypted data partition.
Added storage.conf with graphroot redirect + symlink for compat.
Also create containers/storage dir on encrypted partition during install.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- LND: add --bitcoin.active --bitcoin.mainnet and all bitcoind
connection args as container CMD args (was only env var before)
- SearXNG: add volume mount + auto-create settings.yml on install
(container exits immediately without it)
- Default caps: all containers get full rootless podman baseline
Tested on .198:
- Bitcoin Knots: running, syncing (942803 blocks)
- Grafana: running, migration complete
- Vaultwarden: running, keys created
- SearXNG: running, listening on 8080
- LND: needs bitcoin container named 'bitcoin-knots' on archy-net
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All containers now get CHOWN+FOWNER+SETUID+SETGID+DAC_OVERRIDE+NET_BIND_SERVICE
as the default cap set. Rootless podman needs these for:
- CHOWN/FOWNER/DAC_OVERRIDE: file ownership in mapped UID namespace
- SETUID/SETGID: internal user switching (entrypoint scripts)
- NET_BIND_SERVICE: port binding in network namespaces
Tested on .198: Grafana, Vaultwarden, Bitcoin Knots all start successfully.
Previously failed with "Permission denied" or "loopback adapter" errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bitcoin Knots failed to start with "failed to set loopback adapter up"
because cap-drop=ALL removed NET_BIND_SERVICE, which rootless podman
needs for network namespace setup.
- Add NET_BIND_SERVICE to Bitcoin/LND/Fedimint capabilities
- Add NET_BIND_SERVICE as default for ALL apps (rootless podman needs it)
- UID mapping fix from previous commit also included
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
create_data_dirs now chowns data directories to the correct mapped
UID for rootless podman (host_uid = 100000 + container_uid).
Previously only Grafana (UID 472) was handled. Now all containers
get the correct ownership:
- Bitcoin Knots: 100101 (container UID 101)
- Grafana: 100472 (UID 472)
- LND: 101000 (UID 1000)
- MariaDB: 100999 (UID 999)
- Postgres: 100070 (UID 70)
- All others: 100000 (UID 0, root)
Without this, containers fail with "Operation not permitted" on
chown during startup because rootless podman restricts UID operations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- image-versions.sh: fix 15+ tag mismatches against actual registry
(bitcoin-knots:28.1→latest, lnd:v0.18.5→v0.18.4, grafana:11.4→10.2,
vaultwarden:1.32.5→1.30.0-alpine, nextcloud:29→28, etc.)
- .bashrc: add /sbin:/usr/sbin to PATH so reboot/shutdown work
- Tailscale: add Arch Atob node (100.113.33.31)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
UEFI boot:
- xorriso now uses -append_partition with ESP type GUID
(C12A7328-F81F-11D2-BA4B-00A0C93EC93B) instead of -isohybrid-gpt-basdat
which only creates "basic data" partitions. Strict UEFI firmware
requires the correct ESP type to find BOOTX64.EFI.
- Uses Arch Linux ISO approach: -append_partition + appended_part_as_gpt
WebSocket/login from LAN browser:
- HTTPS nginx /ws block was missing proxy_set_header Cookie $http_cookie
Session cookie wasn't forwarded → backend returned 401 → WS failed
Password UX:
- Renamed "Change Password" → "Set Password" with description explaining
default password is password123
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All mkfs, cryptsetup, grub-install, tar, update-initramfs output now
goes to log file only via run() wrapper. Console shows only clean TUI
status messages (step/ok/warn/fail/spinner).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move installingApps from local refs in Marketplace/Discover to the
global server store. Install progress now persists when navigating
between views. My Apps shows installing overlay with progress bar
for apps being installed from the Marketplace.
Changes:
- server.ts: add installingApps Map + helpers to store
- Marketplace.vue: use store's installingApps instead of local ref
- Discover.vue: same
- Apps.vue: pass isInstalling + installProgress to AppCard
- AppCard.vue: add amber installing overlay with progress bar
522 tests pass, vue-tsc clean.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The embedded GRUB EFI config only searched by volume label ARCHIPELAGO.
Some UEFI firmware presents USB devices differently, causing the search
to fail and GRUB to stall.
Added fallbacks:
1. search --file /archipelago/auto-install.sh (known ISO file)
2. Fall back to $cmdpath (EFI partition itself)
3. Use configfile before normal for explicit config loading
4. Added search_fs_file module to grub-mkstandalone
Also added same fallback to the main ISO grub.cfg.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When running as sudo, root podman can't reach the systemd D-Bus
session, causing "Transport endpoint is not connected" errors.
Auto-detect and fall back to cgroupfs cgroup manager.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The clean:false setting causes checkout to fail when previous runs
leave corrupted workspaces. Default clean behavior ensures fresh
checkout each run.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The orchestration_tests integration test file is not yet committed,
causing CI to fail with "no test target named orchestration_tests".
Gracefully skip if not present.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The profile.d script used <<'PROFILE' (single-quoted heredoc) inside
a bash -c '...' single-quoted block. The inner quotes broke the outer
quoting, causing all $ variables to expand to empty at build time.
The for loop checked if [ -f "/archipelago/auto-install.sh" ] instead
of if [ -f "$dev/archipelago/auto-install.sh" ] — never matching.
Fix: use <<PROFILE with \$ escaping (matching .228's working version).
Also adds fallback device scanning if standard mount points are empty,
and fixes same quoting issue in grub-embed.cfg ($root variable).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The z99-archipelago-installer.sh heredoc used $'\033[...]' ANSI-C
quoting inside an unquoted <<PROFILE heredoc. Bash misparses this
during expansion, treating multi-line content as a single ANSI-C
quoted string.
Fix: switch to <<'PROFILE' (quoted, no expansion) and use raw
\033 escape codes in echo -e instead of $'...' variables.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
UEFI boot fix:
- Write proper EFI grub.cfg with root UUID after update-grub
(was missing — GRUB dropped to grub> prompt because it couldn't
find its config on the EFI FAT partition)
Installer TUI (Claude Code-inspired):
- Step counter [1/7] through [7/7] with clean progress display
- Helper functions: step(), ok(), warn(), fail(), spinner()
- Centered output with cc() helper
- Clean status messages instead of emoji + raw echo
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- OnboardingDone: "Go to Login" → "Set Password" with context text
- Reboot: lazy-unmount live FS before USB removal prompt, suppress
kernel SquashFS messages, auto-reboot after 10s countdown
- Initramfs: filter "Possible missing firmware" warnings (cosmetic)
- ISOLINUX: menu centered at bottom (VSHIFT 18, HSHIFT 32, WIDTH 18)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Critical fixes from ISO testing on .198:
- Backend auto-creates default user (password123) on first start
so login works immediately after onboarding
- Force reboot (reboot -f) after install to avoid SquashFS errors
when live USB is removed
- Eject USB before prompting user, not after
- Add firmware-misc-nonfree for Intel i915 GPU (suppresses dozens
of "Possible missing firmware" warnings during initramfs update)
- First boot screen: wait up to 10s for DHCP before showing IP
- First boot screen: compact layout fits 80-col terminals
- ISOLINUX menu resolution dropped to 640x480 for universal
VESA compatibility (was 1024x768, caused scaling on some hardware)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
UEFI (#5): grub-mkstandalone embedded config now insmod's all needed
modules (iso9660, search_label, normal, linux) and uses 'normal' to
load the full grub.cfg. Previous config couldn't find the ISO root.
ISOLINUX (#6, #7): Switch from menu.c32 to vesamenu.c32 for background
image support. Copies splash.png from branding. TIMEOUT 0 for instant
boot (no keyboard lag, no menu flicker). Dark theme with transparent
background over the splash image.
Also: added vesamenu.c32 and libcom32.c32 to build artifacts.
Removed console=ttyS0 from quiet boot (interferes with Plymouth).
Added splash to quiet boot kernel params.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Secure flag on session cookies broke HTTP LAN access — browsers refuse
to send Secure cookies over plain HTTP, causing 401 redirect loop.
Fix: check X-Forwarded-Proto header. Only set Secure when request came
over HTTPS. HTTP on LAN works, HTTPS still gets Secure cookies.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Frontend:
- Router guard checks isOnboardingComplete before redirecting to /login.
Fresh installs now go to /onboarding/intro instead of stuck on login.
- Login.vue: autocomplete="off" — fixes Enter key focusing button
instead of submitting the form.
ISO build:
- Added uidmap, slirp4netns, fuse-overlayfs to rootfs (required for
rootless Podman, lost to --no-install-recommends)
- Tor setup: mkdir + chmod 700 for hidden service dirs before starting
(Tor refuses 750/setgid permissions)
CI:
- QEMU headless boot test step after smoke test
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two critical issues found on fresh .198 install:
1. Podman broken — uidmap package missing from rootfs because
--no-install-recommends dropped it. Without newuidmap, rootless
Podman can't create user namespaces. Also add slirp4netns and
fuse-overlayfs which are required for rootless networking and
storage.
2. Tor hidden service dirs created with 750 permissions (setgid).
Tor requires exactly 700. Added explicit mkdir + chmod 700 for
all hidden service dirs before starting Tor.
Both issues fixed on .198 live. Build script updated for future installs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CI now runs a headless QEMU boot test after the smoke test:
- Boots ISO with -nographic, captures serial output
- Watches for "Press Enter to start installation" (pass)
- Detects kernel panic or initramfs shell (fail)
- 120 second timeout, runs as continue-on-error
Also: updated iso-debug reference with embedded vs appended EFI
findings from real hardware testing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- sudo not installed in minbase squashfs — caused "command not found"
when pressing Enter to install. We're already root via auto-login.
- ISOLINUX timeout from 5s to 1s — reduces menu flicker/duplication
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three fixes from real hardware testing:
1. Installer auto-start: replace systemd service with profile.d script.
The service and getty raced on tty1 — service output was overwritten
by the login prompt. Profile.d runs AFTER auto-login, same approach
the working Debian Live build used.
2. xorriso: revert from -append_partition to embedded -e boot/grub/efi.img.
The appended partition approach produces cyl-align-off with zero CHS
geometry, which is why BIOS wouldn't recognize the USB. The embedded
approach matches the working main ISO (cyl-align-on, proper CHS).
3. ISOLINUX: dark theme instead of ugly blue. Black background, orange
title, dark selection highlight. No blue boxes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Root cause of USB boot failure: our xorriso used -e boot/grub/efi.img
to embed the EFI image inside the ISO. This works for CD-ROM and QEMU
but NOT for USB on real UEFI hardware.
Fix: use the Will Haley / Debian live-build approach:
- -append_partition 2 (GPT type EFI) appends efi.img AFTER ISO data
- -e --interval:appended_partition_2:all:: references the appended partition
- --mbr-force-bootable forces MBR active flag
- grub-mkstandalone with embedded bootstrap config (searches for grub.cfg)
- grub.cfg placed in both /boot/grub/ AND /EFI/BOOT/ on ISO
- grub.cfg uses search --label ARCHIPELAGO to find the ISO root
This is the exact approach used by StartOS, TAILS, and every production
custom Debian live ISO that boots from USB.
Also: iso-debug, iso-branding skills + reference docs, dev-start.sh
option 0 for branding dev, improved dev-branding.sh and test-iso-qemu.sh.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Option 0 in dev-start.sh launches the branding development workflow:
- Finds latest ISO on Desktop or results/
- Patches branding files into the ISO
- Boots in QEMU for immediate visual feedback
- Lists editable files if no ISO is available
Edit background.png, theme.txt, or Plymouth files, re-run option 0,
see changes in ~10 seconds without a full CI build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Boot fix:
- Ship proven Debian Live MBR (4552) as branding/isohdpfx.bin — the
ISOLINUX package MBR (33ed) doesn't boot on all hardware. This was
the root cause of "machine doesn't pick up the USB".
Branding:
- Custom GRUB background: pixel-art floating island (1024x574)
- Archipelago pixel-art logo for Plymouth boot splash
- GRUB theme: dark background, orange selected item, no broken font refs
- Plymouth theme: script-based with progress bar, LUKS prompt support
- Plymouth + splash added to target rootfs packages
- GRUB theme installed on both installer ISO and target system
- Serial console (ttyS0) added to kernel params for QEMU debugging
CI improvements:
- Smoke test step: mounts ISO, verifies all critical files, checks
initrd has live-boot, confirms boot=live in grub.cfg. Fails build
before copying to Builds if any check fails.
Dev workflow:
- dev-branding.sh: extract ISO, swap branding, repackage, boot in QEMU
(~10 seconds vs 20 min full rebuild)
- generate-grub-background.py: procedural cyberpunk background generator
- generate-plymouth-logo.py: procedural logo generator
- Improved test-iso-qemu.sh: --bios/--nographic flags, serial logging
Build:
- Simplified live-boot install (clean chroot, no complex fallbacks)
- Static branding images preferred, generators as fallback
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Theme: remove explicit font name references that don't match
grub-mkfont output names, remove select_*.png pixmap reference
(files don't exist). GRUB falls back to default when theme fails
to load — this was causing the Debian helmet to show.
QEMU test script: add --bios/--nographic flags, serial console
logging to /tmp/archipelago-qemu-serial.log, auto-detect latest
ISO, use -drive for OVMF firmware.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The old Debian Live ISO used -partition_offset 16 which reserves space
for a GPT partition table in the hybrid MBR layout. UEFI firmware on
some machines requires this to recognize the USB as bootable. We
removed it thinking it was Debian Live-specific but it's actually an
xorriso hybrid boot requirement.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The verification used [ -d ] but live-boot-initramfs-tools installs
scripts/live as a regular file, not a directory. Changed to [ -e ].
The chroot install was actually succeeding — only the check was wrong.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The chroot /installer command fails inside the CI container because
the container exits after debootstrap completes (set -e + container
boundary). The chroot then runs on the host where /installer doesn't
exist.
Fix: use apt-get with Dir overrides first, fall back to dpkg-deb -x
extraction of live-boot .deb files directly into the installer root.
This bypasses chroot entirely and is more robust in container-in-
container environments.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two boot fixes:
- live-boot package must be installed via chroot apt-get, not debootstrap
--include (minbase resolver can't handle its deps). Verified initrd was
missing scripts/live* entirely.
- Remove -partition_offset 16 from xorriso — it was designed for the
original Debian Live MBR, not the standard ISOLINUX isohdpfx.bin.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The first ISO build didn't boot. Three root causes:
1. No squashfs-as-root mechanism — the custom initramfs hook mounted
boot media but had no way to use the squashfs as the root filesystem.
Fix: add live-boot + live-boot-initramfs-tools to debootstrap includes.
This is ~100KB and provides proven squashfs-as-root with overlayfs.
2. Broken initramfs — update-initramfs needs /proc, /sys, /dev mounted
in the chroot to detect modules and generate a working initrd.
Fix: bind-mount virtual filesystems before update-initramfs.
3. Missing kernel parameters — GRUB and ISOLINUX configs lacked
boot=live components, so live-boot never activated.
Fix: add boot=live components to all kernel command lines.
Also: add all_video/efi_gop/efi_uga modules to GRUB EFI image for
display output on real hardware, and update installer wrapper to
check /run/live/medium first (where live-boot mounts the ISO).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Major ISO build overhaul on dev-iso branch:
- Replace ~800MB Debian Live download with debootstrap --variant=minbase
(~150MB installer squashfs built from scratch)
- Custom initramfs with archipelago-mount hook for boot media detection
- Systemd service auto-starts installer (replaces profile.d hack)
- GRUB + ISOLINUX configs written from scratch (no Debian Live dependency)
- EFI boot image built with grub-mkimage (no more MBR extraction)
- Archipelago GRUB theme: dark background, Bitcoin orange accents
- Theme installed on both installer ISO and target system
- Rootfs optimizations: --no-install-recommends, strip docs/man/locales,
remove firmware-misc-nonfree/wget/htop, add explicit font deps
- Separate CI workflow (build-iso-dev.yml) for dev-iso branch
- Includes pre-existing fixes from main (build-iso.yml, middleware, Login)
Target: sub-2GB unbundled ISO (down from 3.9GB)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add identity.create + server.echo to UNAUTHENTICATED_METHODS
- Clear web/dist before frontend build to prevent stale artifacts
- Add autocomplete attrs to login inputs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
FileBrowser crash fix:
- Add --cap-add=NET_BIND_SERVICE (port 80 needs it with --cap-drop=ALL)
- Add --cap-add=DAC_OVERRIDE for rootless volume access
- Both in first-boot script and backend config.rs
Test script fixes:
- Extract csrf_token cookie and send as X-CSRF-Token header on RPC calls
- Add --phase1-only flag for safe install-only checks (no side effects)
- Auto-test service uses --phase1-only so it doesn't steal onboarding
Install fixes:
- Pre-create ~/.local/share/containers (ReadWritePaths mount namespace error)
- Fix console-setup.service: add After=tmp.mount + ExecStartPre mkdir /tmp
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
