bitcoin.conf already has server=1, rpcbind=0.0.0.0, rpcallowip, listen.
Passing them again via command-line causes bitcoin to try binding port
8332 twice → "Address already in use" → container crashes on every start.
Now only passes pruning/txindex args and dbcache via CLI.
Health check uses cookie auth (-datadir) instead of plaintext password.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Critical:
- BUILD_VERSION was hardcoded as "1.3.0-alpha" — now reads from Cargo.toml
This caused ALL ISOs to show v1.3.0 regardless of actual binary version
Kiosk:
- Remove --disable-gpu flags (broke display scaling on some monitors)
- Add --start-fullscreen --window-size for reliable fullscreen
New apps:
- Nostr VPN, FIPS, Routstr, noStrudel, BotFights, NWNN, 484 Kitchen,
Call the Operator, Arch Presentation, Syntropy Institute, T-0
Rust: suppress dead_code and unused_assignments warnings
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
We were editing build-iso.yml but Gitea runs build-iso-dev.yml.
Replaced actions/checkout@v4 with direct git fetch+rsync.
This is the root cause of stale builds all day.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
actions/checkout@v4 uses a broken Gitea-generated token that always
fails. Replaced with direct git fetch+reset on the local repo, then
rsync to workspace. No more stale builds. Verified with version check.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add firmware-linux-nonfree to ISO (fixes missing Realtek NIC firmware)
- Pre-create nbxplorer/Main and btcpay/Main data directories
- Fix fedimint data dir permissions (chmod 775 for non-root container)
- GRUB GFX fallback: gfxpayload=keep + console fallback for incompatible hardware
- Kill stale Chromium before kiosk restart (prevents duplicate processes)
- Suppress Rust warnings: #[allow(dead_code)] on run_boot_reconciliation,
#[allow(unused_assignments)] on history_dirty
- Version bump to 1.3.3
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The actions/checkout@v4 step fails with stale Gitea token but leaves
a cached .git dir, preventing the fallback from triggering. Now we
always rsync from ~/archy/ which is kept up-to-date via git pull.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The actions/checkout fails (Gitea token issue) and falls back to
~/archy local copy. But local copy was stale — builds were missing
fixes. Now: always git pull in local repo before rsync fallback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Pre-create Documents/Photos/Music/Downloads/Builds dirs for FileBrowser
- Add "Already set up? Log in" link on onboarding intro page
- Prevents users from getting stuck in onboarding loop
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Claude proxy no longer crashes when ANTHROPIC_API_KEY is not set.
Instead serves a 401 with a helpful message telling users to configure
their API key in Settings. Fixes blank AIUI on fresh installs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Onboarding:
- Persist current step in localStorage — page refresh resumes where user was
- Router afterEach saves step; guard redirects to saved step, not always intro
- Show npub alongside DID on restore success screen
UI fixes:
- Clipboard polyfill for HTTP contexts (fixes Copy DID crash on non-HTTPS)
- AppCard installing overlay shows for pkg.state=installing (survives refresh)
- Hide uninstall button during installation
- Frontend version bumped to 1.3.2
App store:
- OnlyOffice fully removed from marketplace, curated apps, app config
- Replaced with CryptPad references throughout
- Remove OnlyOffice from ISO capture patterns
Container stability:
- UI containers (bitcoin-ui, lnd-ui, electrs-ui) pull from registry first
- Added --cap-add FOWNER for rootless Podman compatibility
- electrs-ui now included in first-boot loop alongside bitcoin-ui and lnd-ui
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ISO build:
- Remove stale archipelago-rootfs-tmp container before creating new one
(previous failed builds leave it behind, blocking subsequent builds)
Container ports:
- OnlyOffice: fix LAN address from 8044 to 9980 (actual mapped port)
- Nginx Proxy Manager: fix from 8181 to 81 (correct admin port)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bitcoin Knots needs more memory headroom (was OOMing at 2g during IBD).
Reduce dbcache from 4096 to 2048 on large disks to stay within the 4g
container limit. Low-memory systems get 2g (was 1g).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The act_runner on .228 cannot git-fetch from git.tx1138.com via the
actions/checkout action (auth/network issue). Without continue-on-error
the build dies before the ~/archy rsync fallback can run. Restore it
so the fallback works. The red cross on checkout is cosmetic — the
fallback step provides the correct code.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The continue-on-error flag causes the checkout step to always show a
red cross in Gitea UI even on success. Removed it since the rsync
fallback is now conditional and ~/archy is up to date. Increased
timeout from 3 to 5 minutes for slow LAN fetches.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The rsync step was unconditionally overwriting the git checkout with
~/archy (which had diverged commit history), causing every CI build to
use wrong code. Now only falls back to rsync if checkout didn't produce
a valid workspace. Also removed --delete to prevent destroying checkout
files, and updated verification checks.
Root cause of CI build #373 using stale code.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The CI build server's /opt/archipelago/web-ui/aiui resolves to the
same path as the build workspace. cp -r fails with "same file" error
which aborts the build under set -e. Use rsync instead (handles
same-src/dest gracefully), with cp fallback + || true.
This was the root cause of CI build #373 failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move CompanionIndicator from global App.vue overlay to DashboardSidebar
next to ControllerIndicator. Redesigned as inline sidebar element with
Tailwind classes — shows muted 'Relay' when idle, orange 'Companion'
with pulse dot when actively receiving input.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CompanionIndicator: show muted icon when relay connected but idle,
orange when companion actively sending input. Removes Transition
wrapper for always-visible relay status.
Add scripts/node-profile.sh utility.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove old agents, hooks, plans, skills, rules, and settings that
accumulated in .claude/ and .cursor/. These are not used by the build
and were bloating the repo. Active memory is in the project-level
.claude/projects/ directory (not tracked in git).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Frontend:
- Add remote-relay.ts: receives companion input via /ws/remote-relay,
dispatches keyboard/mouse/scroll events into browser DOM
- Add CompanionIndicator.vue: NES gamepad icon when companion connected
- Wire relay start/stop to auth state in App.vue
Kiosk:
- Move Chromium data dir to /var/lib/archipelago/chromium-kiosk (encrypted)
- Disable MetricsReporting, AutofillServerCommunication, PasswordManager
- Remove --metrics-recording-only (contradicts disable-metrics)
CSS:
- Fix Chromium ghost rectangles: only apply preserve-3d + backface-visibility
during transitions, not always-on (causes Chromium to skip painting
off-viewport cards)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sync MODEL_MAP from deploy script to ISO build's inline claude-api-proxy.
Maps short model names (claude-sonnet-4) to full API IDs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Move handle_remote_relay from remote_input.rs to remote_relay.rs
- Android: lifecycle-aware WebSocket reconnection on app resume
- Cleaner module boundaries between xdotool input and browser relay
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Backport from .228 live server:
- AIUI: use SPA fallback (try_files → /aiui/index.html) for client-side routing
- Remove cookie_session gates from AIUI proxies (API key managed by proxy)
- Apply to both HTTP and HTTPS server blocks
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Container stability:
- Merge scan results instead of full replacement (prevents UI flapping)
- Absence threshold: 3 consecutive missed scans before removing from state
- container-list RPC uses cached scanner state for consistency
- Increased Podman API timeout 30s → 60s (scanner + health monitor)
- Keep crashed containers visible as "exited" instead of podman rm -f
- Resolve host-gateway IP via ip route (podman 4.3.x compatibility)
ISO build fixes:
- AIUI web app inclusion: searches 5 paths + CI step to copy from build server
- Claude API proxy: systemctl enable with symlink fallback
- AIUI nginx: try_files =404 (was /aiui/index.html redirect loop)
- Build version set to 1.3.0
Container fixes:
- lnd-ui: nginx listens on 8080 (was 80, Permission denied in rootless)
- first-boot: image-versions.sh sourced from correct path with validation
- first-boot: host-gateway resolved to actual gateway IP
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- NESPortraitController layout for vertical phone use
- Updated NESController and NESKeyboard components
- Remote input WebSocket handler and API route registration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- RemoteInputScreen: touch/keyboard relay via WebSocket to /ws/remote-input
- Network layer for server communication
- UI components and NES/Neo theme variants
- Updated navigation, server connect, and WebView screens
- Build config and string resources updates
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The unbundled build was generating a 73-line inline script that only
created FileBrowser. This meant no lnd.conf, no UI sidecars, no
--add-host DNS fix for any app. Now uses the full first-boot-containers.sh
which handles both bundled (load tarballs) and unbundled (pull from
registry) modes, and includes all fixes for LND config, nginx sidecars,
and DNS resolution.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bitcoin UI and Electrs UI proxy API calls to 127.0.0.1 services
(Bitcoin RPC on 8332, backend on 5678). With port-mapped containers,
127.0.0.1 is the container's own localhost — the proxy fails and UIs
show "Unable to connect to Bitcoin node".
Fix: bitcoin-ui and electrs-ui use --network host (internal ports
8334 and 50002 don't conflict with host nginx on 80/443). LND UI
stays port-mapped (-p 8081:80) because port 80 would conflict.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bitcoin UI listens on 8334 internally (not 80), Electrs UI on 50002.
Port mappings must match: -p 8334:8334 and -p 50002:50002.
Also adds missing electrs-ui to the UI container list.
Removes --network host for bitcoin-ui which conflicted with nginx.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Containers installed via marketplace need host.containers.internal
to resolve for Tor proxy (9050) and inter-service communication.
Was only in first-boot-containers.sh and podman_client.rs, not in
the direct podman run path used by package.install RPC.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The outer page wrapper needs path-glass-container for the glass effect.
Only the inner text field grid should be without it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Proxy paths (/app/name/) break iframes due to root-relative asset
paths. Direct IP:port access works correctly over Tailscale and LAN.
This has been confirmed working on .228 via Tailscale DNS.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Direct port access (http://host:port) fails over Tailscale/VPN and
when ports aren't externally accessible. Now all apps use nginx proxy
paths (/app/name/) on both HTTP and HTTPS.
Also adds missing proxy paths for btcpay, nextcloud, penpot, grafana,
indeedhub. Bumps version to 1.3.1.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
First release with working UI sidecar containers (--user 0:0, CHOWN caps)
and complete update pipeline (manifest publishing, archive extraction,
WebSocket notifications).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The backend's post-install hooks create archy-bitcoin-ui, archy-lnd-ui,
archy-electrs-ui containers but with only NET_BIND_SERVICE cap. Nginx
inside these containers crashes on chown in rootless podman.
Added --user=0:0, CHOWN, DAC_OVERRIDE, SETUID, SETGID caps to match
the first-boot-containers.sh pattern. Also fixed manifest publish
Python error (git log fails in rsync'd workspace with no .git).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
