archy/scripts at 870ff095d83daf3efa27cebdd214e27f112eb429 - archy - Gitea: Git with a cup of tea

lfg2025/archy

Files

History

Dorian 870ff095d8 feat: rootless podman, session hardening, boot stability, sidebar fix

Rootless podman migration (TASK-11):
- Remove sudo from all podman calls in PodmanClient + 8 backend files
- Remove sudo from all podman/docker calls in deploy script
- Restore full systemd security hardening: NoNewPrivileges,
  RestrictAddressFamilies, MemoryDenyWriteExecute, RestrictRealtime,
  RestrictNamespaces, RestrictSUIDSGID, SystemCallFilter, ProtectSystem=strict
- Enable loginctl linger for rootless container persistence
- Remove Ollama from auto-deploy (marketplace-only)

Session & auth hardening:
- Increase MAX_CONCURRENT_SESSIONS 20→50 (prevents eviction storms)
- Debounced 401 redirect in rpc-client.ts (prevents redirect storms)

Boot stability:
- optimize-debian.sh: adds chrony, swap, removes policy-rc.d
- deploy script: pre-restart chrony + swap setup
- ISO build: chrony package, swap file creation
- BootScreen: no longer clears localStorage (prevents splash replay)
- RootRedirect: sole owner of localStorage clearing on server ready

UI fixes:
- Sidebar opacity default changed from 0→visible (fixes missing sidebar
  after page-persistence login without entrance animation)
- Console.log/error wrapped in import.meta.env.DEV guards
- Remove unused route import from RootRedirect

Beta tracking:
- CLAUDE.md: beta freeze protocol added
- MASTER_PLAN.md: TASK-11, TASK-17, phase structure
- BETA-PROGRESS.md: initial tracking doc
- Tagged v1.2.0-alpha.1 as pre-rootless baseline

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-18 13:53:27 +00:00

..

feat: add archy-dev CLI scaffold for app developers

2026-03-14 05:47:29 +00:00

Update Fedimint configuration and enhance onboarding process

2026-02-17 15:03:34 +00:00

archipelago-tailscale.service

Enhance README and RPC for package management

2026-02-01 18:46:35 +00:00

archy-dev.sh

feat: add archy-dev app developer SDK (Y4-01)

2026-03-14 05:47:16 +00:00

audit-deps.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

audit-secrets.sh

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

chaos-test.sh

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

check-deployment.sh

feat: complete Phase 1 foundation hardening + three-mode UI design doc

2026-03-04 05:23:42 +00:00

configure-tailscale-nginx.sh

Enhance README and RPC for package management

2026-02-01 18:46:35 +00:00

container-doctor.sh

feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege

2026-03-18 00:42:29 +00:00

create-release-manifest.sh

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

create-release.sh

feat: add release automation script (RELEASE-01)

2026-03-11 17:49:23 +00:00

daily-reboot-test.sh

feat: deploy daily reboot test + stability report generator (SOAK-03/04)

2026-03-14 05:37:16 +00:00

debug-frontend.sh

feat: complete Phase 1 foundation hardening + three-mode UI design doc

2026-03-04 05:23:42 +00:00

deploy-bitcoin-knots.sh

feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege

2026-03-18 00:42:29 +00:00

deploy-config.example

Update Fedimint configuration and enhance onboarding process

2026-02-17 15:03:34 +00:00

deploy-tailscale.sh

fix: resolve did:dht compilation errors

2026-03-14 04:14:04 +00:00

deploy-to-target.sh

feat: rootless podman, session hardening, boot stability, sidebar fix

2026-03-18 13:53:27 +00:00

dev-container.sh

mid coding commit

2026-01-24 22:59:20 +00:00

dev-setup.sh

mid coding commit

2026-01-24 22:59:20 +00:00

dev-start.sh

feat: complete Phase 1 foundation hardening + three-mode UI design doc

2026-03-04 05:23:42 +00:00

dev.sh

feat: complete Phase 1 foundation hardening + three-mode UI design doc

2026-03-04 05:23:42 +00:00

federation-health-check.sh

feat: add federation health monitoring, fix uptime monitor auth

2026-03-13 03:38:33 +00:00

first-boot-containers.sh

feat: Phase 9 — Tor-by-default for Bitcoin and Lightning

2026-03-18 01:05:22 +00:00

fix-indeedhub-containers.sh

feat: v1.2.0-alpha — E2E encrypted mesh relay, steganography, relay status polling

2026-03-17 23:56:37 +00:00

generate-stability-report.sh

feat: deploy daily reboot test + stability report generator (SOAK-03/04)

2026-03-14 05:37:16 +00:00

golden-path-test.sh

test: add golden path E2E test suite (E2E-01)

2026-03-11 14:58:21 +00:00

kiosk-watchdog.sh

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

nginx-app-iframe-patch.conf

Implement multi-container app installation for Immich and Penpot, enhance Docker package scanning, and update Nginx configuration for iframe support

2026-02-25 18:04:41 +00:00

nginx-archipelago-patch.conf

Update Fedimint configuration and enhance onboarding process

2026-02-17 15:03:34 +00:00

nginx-https-app-proxies.conf

feat: add missing nginx app proxies to HTTP block for full app wiring

2026-03-05 07:53:04 +00:00

nginx-penpot-iframe-patch.conf

Implement multi-container app installation for Immich and Penpot, enhance Docker package scanning, and update Nginx configuration for iframe support

2026-02-25 18:04:41 +00:00

nginx-pwa-snippet.conf

Enhance PWA support with new install prompt and configuration updates

2026-02-18 13:48:45 +00:00

optimize-debian.sh

feat: rootless podman, session hardening, boot stability, sidebar fix

2026-03-18 13:53:27 +00:00

overnight-loop.sh

chore: add pentest verification script and wire into overnight loop

2026-03-06 03:50:50 +00:00

parmanode-wrapper.sh

Initial commit

2026-01-24 22:01:51 +00:00

prepackage-test.sh

mid coding commit

2026-01-24 22:59:20 +00:00

run-e2e-tests.sh

fix: zero-amount invoices, identity.verify DID extraction, tor service permissions

2026-03-09 09:53:36 +00:00

run-tests.sh

test: add CI-compatible test runner script

2026-03-10 23:56:10 +00:00

setup-aiui-server.sh

hot fixes to utc-6

2026-03-12 12:56:59 +00:00

setup-https-dev.sh

Refactor Indeehub integration and enhance deployment documentation

2026-03-01 17:53:18 +00:00

setup-kiosk.sh

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

setup-target-dev.sh

Refactor configuration and scripts for Archipelago backend and ISO build

2026-02-01 05:42:05 +00:00

test-all-apps.sh

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

test-all-features.sh

fix: re-authenticate per iteration in test-all-features.sh

2026-03-14 04:57:56 +00:00

test-app-install.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

test-backend-rpc.sh

feat: complete Phase 1 foundation hardening + three-mode UI design doc

2026-03-04 05:23:42 +00:00

test-container.sh

mid coding commit

2026-01-24 22:59:20 +00:00

test-cross-node.sh

test: US-15 boot recovery tests — .228 passes 9/9, .198 needs CONT-02

2026-03-14 02:54:16 +00:00

test-dep-chains.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

test-failure-recovery.sh

feat: auto-start stopped containers on boot, add failure recovery tests

2026-03-13 03:55:14 +00:00

test-first-install.sh

feat: release v1.1.0 — Nostr signing, file sharing, DWN sync, Tor rotation

2026-03-13 04:02:21 +00:00

test-fresh-install-e2e.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

test-identity.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

test-iframe-newtab.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

test-integration-full.sh

feat: add full integration test script — 23 checks all passing

2026-03-13 03:35:42 +00:00

test-multi-node.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

test-network.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

test-nip07.sh

feat: fix NIP-07 signing to use node Nostr key, add test script

2026-03-13 03:18:45 +00:00

test-performance.sh

fix: prevent tokio runtime deadlock in credential issue/verify

2026-03-09 07:43:12 +00:00

test-reboot-survival.sh

test: add reboot survival test script (REBOOT-01)

2026-03-14 02:52:55 +00:00

test-security.sh

test: enhance automated pentest suite (PENTEST-01)

2026-03-11 14:15:53 +00:00

test-stability-72h.sh

refactor: update dependencies and remove unused code

2026-03-12 00:19:30 +00:00

test-tor-rotation.sh

feat: fix Tor rotation to handle system Tor and hostname caching

2026-03-13 03:32:21 +00:00

trust-archipelago-cert.sh

Refactor Indeehub integration and enhance deployment documentation

2026-03-01 17:53:18 +00:00

uptime-monitor.sh

feat: add federation health monitoring, fix uptime monitor auth

2026-03-13 03:38:33 +00:00

validate-app-manifest.sh

feat: app manifest validator and Spanish locale stub

2026-03-14 05:39:46 +00:00

verify-deployment.sh

feat: complete Phase 1 foundation hardening + three-mode UI design doc

2026-03-04 05:23:42 +00:00

verify-pentest-fixes.sh

test: enhance automated pentest suite (PENTEST-01)

2026-03-11 14:15:53 +00:00