base docs

.gitignore

@@ -0,0 +1,3 @@
+.DS_Store
+.vscode/
+build/

Makefile

@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line, and also
+# from the environment for the first two.
+SPHINXOPTS    ?=
+SPHINXBUILD   ?= sphinx-build
+SOURCEDIR     = source
+BUILDDIR      = build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

README.md

@@ -0,0 +1,11 @@
+# Embassy Documentation
+
+## Contributing
+
+### Environment Setup
+
+pip install sphinx-autobuild
+
+### To Develop
+
+sphinx-autobuild source build/html

make.bat

@@ -0,0 +1,35 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+	set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=source
+set BUILDDIR=build
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+	echo.
+	echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+	echo.installed, then set the SPHINXBUILD environment variable to point
+	echo.to the full path of the 'sphinx-build' executable. Alternatively you
+	echo.may add the Sphinx directory to PATH.
+	echo.
+	echo.If you don't have Sphinx installed, grab it from
+	echo.http://sphinx-doc.org/
+	exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
+
+:end
+popd

source/_static/default.css

@@ -0,0 +1,75 @@
+body, h1, h2, h3, h4, nav, .topbar, .topbar-main, .tocsection, .form-control, .bd-toc {
+    background-color: #2b2b2b!important;
+    color: #f8f8ff!important;
+}
+
+h1 {
+    font-size: 2rem;
+    margin-top: 2rem;
+}
+
+h2 {
+    font-size: 1.75rem;
+}
+
+h3 {
+    font-size: 1.5rem;
+}
+
+h4 {
+    font-size: 1.25rem;
+}
+
+p, nav a  {
+    font-size: 1.1em;
+    letter-spacing: 0.75px;
+}
+
+
+a, a:visited, .headerlink {
+    color: #ff4961!important;
+}
+
+.bd-toc nav li.active>a.active {
+    border-left: 2px solid #ff4961!important;;
+}
+
+.prev-next-bottom a.left-prev, .prev-next-bottom a.right-next {
+    border: 1px solid #f8f8ff;
+}
+
+.input:focus {
+    outline: none !important;
+    border:1px solid #ff4961!important;
+    box-shadow: 0 0 10px #ff4961!important;
+}
+
+h1, h2 {
+    /* border-bottom: 1px solid #666!important;
+    padding-bottom: 0.5rem!important; */
+    /* font-variant: small-caps; */
+    letter-spacing: 2.3px;
+
+}
+
+.admonition.warning .admonition-title, .admonition.note .admonition-title  {
+    background-color: #666;
+}
+
+.header-style:before, h1:before, h2:before, h3:before, h4:before, h5:before, h6:before {
+    display: inline;
+}
+
+.main-content {
+    margin-top: 1rem;
+}
+
+@media (min-width: 768px) {
+    .bd-sidebar {
+        border-right: 1px solid #f8f8ff;
+    }
+}
+
+li .current {
+    text-decoration: underline #f8f8ff;
+}

source/_static/js/main.js

@@ -0,0 +1,3 @@
+$(document).ready(function () {
+    $('a[href^="http://"], a[href^="https://"]').not('a[class*=internal]').attr('target', '_blank');
+  });

source/_templates/layout.html

@@ -0,0 +1,5 @@
+{# layout.html #}
+{# Import the layout of the theme. #}
+{% extends "!layout.html" %}
+
+{% set css_files = css_files + ['_static/default.css'] %}

source/concepts/embassy-os.rst

@@ -0,0 +1,19 @@
+.. _embassy-os-concept:
+
+Embassy OS
+==========
+
+Embassy OS refers to a custom Linux distribution along with a suite of software tools installed on the Embassy which makes it easy to:
+
+* Install new services
+* Uninstall services
+* Upgrade services
+* Upgrade your Embassy software to future versions
+* Manage the data of each installed service
+
+Embassy OS is a forked branch of the Buster Lite version of Raspberry Pi OS. Start9 Labs augmented this base operating system to include:
+
+* a custom application management layer specialized for installing, running, and backing up .s9pk packaged services
+* a layer responsible for Embassy specific operations, such as Tor, Backups, and Notifications
+
+The .s9pk extension is Start9 Labs's custom package format based on tar. It encompasses the necessary components to compress, host, and install a service on the marketplace.

source/concepts/open-source.rst

@@ -0,0 +1,14 @@
+.. _open-source:
+
+Open Source Software
+====================
+
+The Internet itself was built on free and publicly available code, with the values of collaboration, peer review, communication, and openness built into its very foundation. This decentralized model evolved into the open source movement, which uses these values to discover new ways to solve problems across boundaries and industries.
+
+Open source software centered around the concept of user freedoms: freedom to see, modify, and redistribute the code to make it work for the user in whatever way they needed. It does not necessarily mean free to use. It means that the software will be better, cheaper, and more flexible if it is freely accessible, openly modifiable, and shared. 
+
+If anyone can inspect, modify, and distribute the code, bugs are more rapidly resolved, security vulnerabilities are more quickly audited and exposed. Community driven development efforts enable diverse collaboration which increases project reliability and longevity. 
+
+Distinct from open source software is propriety, or closed source, software. Closed source software is strictly moderated, cannot legally be altered, copied, or distributed, and is paid for to be used as intended without modification. Only the code owners have the right to access the code.
+
+As a company founded on the principles of freedom, every service we support is open source. We believe in contributing to the future of this vibrant and passionate ecosystem.

source/concepts/services.rst

@@ -0,0 +1,18 @@
+.. _services:
+
+Services
+========
+
+Apps for third technological revolution, the era of sovereign computing. Running on a personal server, these software packages serve the desired content. This could be a webpage, application, or endpoint. 
+
+For instance, the Bitcoin service provides a Tor address endpoint for a bitcoind node. Bitwarden serves the password management website. File Browser serves a file management graphical user interface. 
+
+The following services are currently supported on the Embassy:
+
+`Bitcoin <https://github.com/Start9Labs/bitcoind-wrapper/blob/master/docs/instructions.md>`_
+
+`Cups <https://github.com/Start9Labs/cups-wrapper/blob/master/docs/instructions.md>`_
+
+`File Browser <https://github.com/Start9Labs/filebrowser-wrapper/blob/master/docs/instructions.md>`_
+
+Bitwarden

source/concepts/ssl.rst

@@ -0,0 +1,18 @@
+.. _ssl-concept:
+
+SSL / TLS
+=========
+
+Visiting websites on the Tor network is slow. We wanted to provide a be \er option to access the Embassy at home. That’s why we created an address for the Embassy that can be accessed on your Local Area Network. 
+
+By default, this `.local` address is served like a regular website, over HTTP. Browser's makes it noticeable visiting a site over HTTP in the URL bar - it could be red, show an unlocked lock, or warn the connection is not secure. 
+
+SSL certificates are what enable websites to move from HTTP to HTTPS, which increases security and makes browsers happy. Using the Secure Sockets Layer protocol, HTTPS enabled websites use certificates to establish authenticated and encrypted links between networked computers. It’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two devices, preventing third parties from reading and modifying any personal information transferred. They also verify ownership of a website. 
+
+Valid SSL certificates are typically issued and obtained from Certificate Authorities. These trusted third parties generate and distribute certificates, signing them with their trusted private key, which allows the clients who use them to verify its authenticity. Websites obtain a certificate from a CA then load it on to their website’s hosting service or server, allowing the website to load over HTTPS and have all traffic to and from the website be encrypted and secure.
+
+We decided to have the Embassy act as a Certificate Authority. It creates a self-signed certificate, which means that the private key used to sign the digital certificate is the Embassy’s own private key instead of a third party’s.
+
+When you setup SSL for your Embassy and device, the certificate communicates to the client (a browser) that the server (the Embassy) demonstrated ownership of the domain (the `start9-xxxxxxxx.local` address) to the certificate authority (created on the Embassy) at the time of certificate issuance (during the setup process). The Embassy dashboard can then be accessed from a home network (LAN) using a secure HTTPS connection!
+
+For more information on how to setup your devices to enable this feature visit :ref:`ssl-setup`.

source/concepts/tor.rst

@@ -0,0 +1,12 @@
+.. _tor-concept:
+
+TOR
+===
+
+The Onion Router, or TOR, is a free and open source software that enables anonymous communication. By routing Internet traffic though a worldwide, volunteer overlay network of nodes, requests are bundled in layers of encryption like the layers of an onion. The request is relayed across nodes, decrypting a layer only to reveal the next relay destination, until the request meets its final destination, without revealing the source IP address.
+
+If a malicious third party were to intercept a request, they would see a garbled mess of the remaining onion encryption, and would only know that it came from some onion node and was heading to some other onion node. The contents, source, and destination of the message are totally anonymous.
+
+When you use Tor to communicate with services running on the Embassy, all the traffic is onion routed and encrypted, and there are no Tor exit nodes involved - it's totally private with no configuration needed.
+
+Furthermore, every service on the Embassy has a different Tor address, including the device itself. This is for privacy reasons - should one Tor address be exposed, the others will not be compromised. Tor addresses are actually ed25519 keys, which means they also provide all the benefits of cryptographically secure private/public keys.

source/conf.py

@@ -0,0 +1,77 @@
+# Configuration file for the Sphinx documentation builder.
+#
+# This file only contains a selection of the most common options. For a full
+# list see the documentation:
+# https://www.sphinx-doc.org/en/master/usage/configuration.html
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- Project information -----------------------------------------------------
+
+project = 'Start9 Labs'
+copyright = '2020, Start9 Labs'
+
+# -- General configuration ---------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    # 'sphinxcontrib.needs'
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = []
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+# import sphinx_press_theme
+# html_theme_path = [sphinx_press_theme.get_html_theme_path()]
+# import sphinxbootstrap4theme
+
+html_theme = 'sphinx_book_theme'
+
+# possible alternative themes:
+# sphinxawesome_theme
+# pydata_sphinx_theme
+# sphinx_material
+# pytorch_sphinx_theme
+# sphinx-typlog-theme
+# sphinx-press-theme
+# msmb_theme
+# sphinx-glpi-theme
+# sphinx-material
+
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+html_theme_options = {
+    "extra_navbar": "",
+}
+html_logo = "_static/logo.png"
+html_title = ""
+html_favicon = "_static/favicon.ico"
+html_js_files = [
+    'js/main.js'
+]

source/developer/alt-reg.rst

@@ -0,0 +1,15 @@
+.. _alt-reg:
+
+Alternative Registry URL
+========================
+
+Embassy OS supports accessing alternative marketplaces by configuring a system file.
+Start9 Labs is not responsible for issues encountered by downloading unverified services from these alternative marketplaces.
+
+After SSHing into the Embassy, run the following commands::
+
+    sudo systemctl stop agent
+    sudo sh -c "echo '<alternative_registry_url>' > /root/agent/alt_registry_url.txt"
+    sudo systemctl start agent
+
+The Embassy is now able to connect to the provided alternative registry. 

source/developer/beta.rst

@@ -0,0 +1,12 @@
+.. _best-testing:
+
+Beta Testing
+============
+
+On request, or by selective offerings, we will admit certain users to test upcoming releases in our beta environment. This environment requires authorized SSH authentication, the credentials for which will be provided to selected users.
+
+After successful authentication, run the following commands::
+
+    sudo systemctl stop agent
+    sudo sh -c "echo '<https://beta-registry.start9labs.com:443>' > /root/agent/alt_registry_url.txt"
+    sudo systemctl start agent

source/developer/sdk.rst

@@ -0,0 +1,14 @@
+.. _sdk:
+
+Services Software Development Kit (SDK)
+=======================================
+
+We are finalizing the OS infrastructure requirements to ensure a smooth process for developer contribution. This includes wrapping everything up into a software development kit for developing services on the Embassy OS platform.
+
+If you are interested in developing a service, keep the following in mind:
+
+Marketplace services need to provide a "service manifest" and a "config spec", which the SDK will facilitate. The service manifest is for the store listing. The config spec is a detailed mapping of configuration options with acceptable values, defaults, and relational rule-sets. For example, if the user chooses config option A, then config option B must be between 5 and 10. That way, users can enjoy a simple GUI configuration experience, complete with validations and protections, and not have to worry about screwing up a .conf file in some unknown way. 
+
+The config spec will also denote any dependencies. Many services depend on other libraries and services on the Embassy (such as Bitcoin), sometimes even a particular version of those services, which need to be specified by the developers so that Embassy OS can handle installing these dependencies under the hood.
+
+Check back soon for more details!

source/developer/ssh.rst

@@ -0,0 +1,11 @@
+.. _ssh-key:
+
+Adding a SSH Key
+================
+
+#. Navigate to the Embassy tab in the dashboard menu after logging in.
+#. Select `Developer Options`. 
+#. Select the (+) button in the lower right hand corner to add an SSH key.
+#. Navigate back to the Embassy tab and select `Monitor` to find the Embassy's `LAN IP address`. `pi@` will be your SSH target.
+
+.. warning:: Adding an SSH key will void the warranty. This is an advanced feature and should only be completed by experienced users. We can make no guarantees about the continued functioning of the Embassy once this process is completed.

source/getting-started/connect.rst

@@ -0,0 +1,51 @@
+.. _connect:
+
+Connecting to the Embassy
+=========================
+
+WiFi
+----
+
+Once the Embassy has been setup while connected to the router, it can be configured to be accessible only from a wireless network. This option can be found in the `Embassy` tab in the dashboard menu under `WiFi`. From here, the desired wireless network credentials can be entered by selecting the (+) sign in the lower right hand corner. Either `save` to persist the network for later use, or `save and connect` to immediately use the provided network. 
+
+.. seealso:: :ref:`connecting-wifi`
+
+After successfully connected to a configured WiFi network, the Embassy can be unplugged from the router and relocated anywhere it's power supply can reach. 
+
+.. _browser-access:
+
+Browser
+-------
+
+The Embassy dashboard can be accessed in two distinct ways:
+
+#. By visiting the Tor address in a Tor enabled browser. You can visit it from anywhere in the world via the Tor network. Please be advised that the Tor network is censored in some places.
+
+    Depending on your device operating system and browser preference, there exists several methods for reaching the Embassy dashboard:
+
+    
+    * MacOS / Windows:
+
+        Any browser that supports Tor (ie. a SOCKS5 proxy), such as:
+
+        * A private window with Tor in `Brave <https://brave.com/>`_
+        * The `Tor Browser <https://www.torproject.org/download/>`_
+        * `Firefox <https://www.mozilla.org/en-US/firefox/mobile/>`_
+
+        .. seealso:: `Setting up Firefox to handle Tor addresses <https://medium.com/@start9labs/setting-up-your-firefox-web-browser-to-handle-onion-urls-b805391726e4>`_
+
+    * iOS
+        Download the Consulate `app <https://apps.apple.com/us/app/consulate/id1528124570>`_ in the Apple App Store.
+
+        .. seealso:: `Announcing the Consulate Browser! <https://medium.com/@start9labs/announcing-the-consulate-browser-76d94a8599cb>`_
+
+    * Android
+        Download the `Tor Browser <https://www.torproject.org/download/>`_
+        `Firefox <https://www.mozilla.org/en-US/firefox/mobile/>`_
+
+        .. seealso:: `Setting up Firefox to handle Tor addresses on Android <https://medium.com/@start9labs/setting-up-your-firefox-web-browser-to-handle-onion-urls-android-65b36801c0d2>`_
+
+    * FDroid
+        Coming Soon!
+
+#. This option is considered an **advanced** feature. By visiting the local address after setting up a SSL certificate on the Embassy. This means that the remote device and Embassy server must be in physical proximity and connected to the same WiFi network in order to communicate. Once this is setup, the Embassy can be accessed from any browser while on the Local Area Network (LAN) with little latency and with no extra configuration options needed.

source/getting-started/dashboard.rst

@@ -0,0 +1,11 @@
+.. _dashboard:
+
+Accessing dashboard
+-------------------
+
+Acquire your Tor address from the Setup App. Plug it into the URL bar of any Tor enabled browser. Login using the master password supplied during the setup process.  
+
+.. seealso:: :ref:`connect`
+
+
+After you are logged into your dashboard (link), navigate to the Marketplace tab from the menu. Here, you can view the services available to download. Once downloaded, you can view these in the Services tab in the menu. 

source/getting-started/marketplace.rst

@@ -0,0 +1,8 @@
+.. _marketplace:
+
+Exploring Services in Marketplace
+---------------------------------
+
+The Start9 Marketplace currently hosts the available service to install on your Embassy. Soon, any developer will be able to submit a service to this marketplace for review. Submitted services will follow our :ref:`sdk` Guide to conform to the standards necessary for Embassy software services to run.
+
+The review will consist of code review (we want services to work very well), user experience testing acceptance (we want services to be a dead simple and pleasant experience), documentation of instructions (we want it to be clear to users and developers how to run and contribute), and a security vulnerability audit (we want to prevent any malware being installed).

source/getting-started/setup.rst

@@ -0,0 +1,12 @@
+.. _setup-guide:
+
+Setup Guide
+===========
+
+Ensure your phone is connected to the same WiFi network as your router.
+
+Visit the appropriate setup instructions for your version:
+
+`Setup0.2.x <https://start9labs.com/devices/embassy/setup?version=0.2.0>`_
+
+After completing the above guide, it no longer matters if the device and Embassy WiFi network differ - the Embassy can be reached anywhere in the world using its Tor address in a Tor enabled browser. :ref:`post-setup`

source/getting-started/unboxing.rst

@@ -0,0 +1,8 @@
+.. _unboxing:
+
+Unboxing the Embassy
+====================
+
+We have strived to create a “batteries included” product, so the box you receive includes all necessary components to run and backup your Embassy. The included brochure diagram demonstrates how to plug in the device for initial setup. Scanning the brochure QR code will redirect to the setup instructions for your Embassy OS version. 
+
+The included USB stick can be used for service backups right out of the box. Simply plug it into the Embassy and navigate to the desired service you want to back up from the `Services` tab in the dashboard menu.

source/index.rst

@@ -0,0 +1,58 @@
+Documentation
+=============
+
+Start9 Lab's documentation resources aim to provide product and troubleshooting information for all levels of users. Explore to learn more about our mission, our products, and the technology behind our solutions. 
+
+
+Table of Contents
+-----------------
+.. toctree::
+   :maxdepth: 3
+   :caption: Getting Started
+
+   Unboxing <./getting-started/unboxing>
+   Setup <./getting-started/setup>
+   Connect <./getting-started/connect>
+   Dashboard <./getting-started/dashboard>
+   Marketplace <./getting-started/marketplace>
+
+.. toctree::
+   :maxdepth: 3
+   :caption: Manual
+
+   Connecting Wifi <./manual/embassy-one/wifi>
+   SSL Setup <./manual/embassy-one/ssl>
+   Installing Services <./manual/embassy-one/services>
+   Manage Device <./manual/embassy-one/manage>
+   Upgrading <./manual/embassy-one/upgrade>
+   View notifications <./manual/embassy-one/notifications>
+   Backups <./manual/embassy-one/backups>
+   Dependencies <./manual/embassy-one/dependencies>
+   Restart <./manual/embassy-one/restart>
+   Shutdown <./manual/embassy-one/shutdown>
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Support
+
+   FAQ <./support/faq>
+   Contact <./support/contact>
+
+.. toctree::
+   :maxdepth: 3
+   :caption: Concepts
+
+   Embassy OS <./concepts/embassy-os>
+   Open Source <./concepts/open-source>
+   SSL <./concepts/ssl>
+   TOR <./concepts/tor>
+   Services <./concepts/services>
+
+.. toctree::
+   :maxdepth: 3
+   :caption: Developer
+
+   Services SDK <./developer/sdk>
+   SSH Keys <./developer/ssh>
+   Beta Testing <./developer/beta>
+   Alt Registry <./developer/alt-reg>

source/manual/embassy-one/backups.rst

@@ -0,0 +1,46 @@
+.. _backups:
+
+Backups
+=======
+
+The Embassy supports encrypted backups of installed services to an external USB drive. Encryption utilizes the master password, so memorization of only one password is necessary.
+
+To begin the backup process:
+
+#. Enter the USB stick provided with the Embassy kit, or any USB drive with enough storage capacity, into a USB port on the device.
+#. Navigate to the `Services` sub menu from the main dashboard menu.
+#. Select the service to be backed-up.
+#. Select the floppy disc icon next to the `Last Backup` menu item. If a backup was never completed, this should say "never".
+
+.. figure:: /_static/images/bitcoin_view.png
+    :width: 90%
+    :alt: Bitcoin Core Service Sub Menu
+
+    Bitcoin Core Service Sub Menu
+
+#. In the modal prompt, select the available disc space. If no option is marked as available, ensure the USB drive has enough space and that it is properly inserted.
+
+.. figure:: /_static/images/bitcoin_backup_view_storage.png
+    :width: 90%
+    :alt: Bitcoin Core Service Backup Storage
+
+    Backup menu with available storage space
+
+.. figure:: /_static/images/bitcoin_backup_view_no_storage.png
+    :width: 90%
+    :alt: Bitcoin Core Service Backup No Storage
+
+    Backup menu with no available storage disc
+
+
+#. Enter the master password to encrypt the backup.
+#. "Creating Backup..." will appear on the service sub menu while the backup is in process.
+
+.. figure:: /_static/images/bitcoin_creating_backup.png
+    :width: 90%
+    :alt: Bitcoin Core Service Backup No Storage
+
+    Creating Backup
+
+#. A notification will emit when the backup has successfully completed.
+#. The `Last Backup` menu item in the service will now indicate the date and time at which the last backup was made.

source/manual/embassy-one/dependencies.rst

@@ -0,0 +1,11 @@
+.. _dependencies:
+
+Dependencies
+============
+
+Some services require a dependency on another service. For example, in order to run Lightning, Bitcoin also needs to be installed and running on the Embassy - Bitcoin is a *depencency* of Lightning.
+
+Dependency management is complicated. Managing the installation of dependent software is something a computer's operating system does well behind the scenes and with little user input. In this sense, it is not very transparent. Start9 has opted to take a transparency first approach by generating a user interface that supplies awareness to required dependencies. As such, input is required to opt in to such installations, and nothing will be installed on the Embassy without the user's knowledge. Furthermore, Start9 has made it supremely easy by making a one click install for all services and their associated dependencies. 
+
+Dependencies can be required, optional, or dependently-optional, such as if a particular subset of features on a service want to be enabled. All of this information is presented upfront to the user before a service is installed to demonstrate transparency. As always, the user is in control of what is running on their Embassy.
+

source/manual/embassy-one/manage.rst

@@ -0,0 +1,34 @@
+.. _manage-device:
+
+Manage device
+=============
+
+The Embassy settings can be managed from the Embassy tab in the main dashboard menu. Here, configuration options can be adjusted and server metrics viewed. 
+
+.. figure:: /_static/images/embassy_tab.png
+    :width: 90%
+    :alt: Embassy Menu Tab
+
+    Embassy settings tab in dashboard menu
+
+Config 
+-------
+
+Currently, the only configurable property is the device name. It can be adjusted by selecting the `Configure` item in Embassy sub menu. Once changed, the new device name will appear in the top left of the main dashboard menu.
+
+.. figure:: /_static/images/embassy_config.png
+    :width: 90%
+    :alt: Embassy Config View
+
+    View of Embassy Config
+
+Metrics
+-------
+
+Accessible via the `Monitor` item in the Embassy sub menu. Real time statistics, such as CPU usage and temperature, stream. Also included are details about memory and disk space. 
+
+.. figure:: /_static/images/embassy_metrics.png
+    :width: 90%
+    :alt: Embassy Metrics View
+
+    View of Embassy Metrics

source/manual/embassy-one/notifications.rst

@@ -0,0 +1,26 @@
+.. _notifications:
+
+View notifications
+==================
+
+Select the `Notifications` tab in the main dashboard menu. A history of all notifications persists here. It also provides further information for failure scenarios. 
+
+.. figure:: /_static/images/embassy_notifications.png
+    :width: 90%
+    :alt: Embassy Notifications
+
+    All notifications View
+
+
+Notifications will be emitted on:
+
+* successful or failed service installations
+* successful or failed service backups
+* successful or failed system updates
+* successful or failed service updates
+
+.. figure:: /_static/images/embassy_notification.png
+    :width: 90%
+    :alt: Embassy notification alert
+
+    Example notification alerts

source/manual/embassy-one/restart.rst

@@ -0,0 +1,11 @@
+.. _restart:
+
+Restart
+=======
+
+#. Open the Embassy dashboard using its Tor address.
+#. Access the Embassy tab from the main menu
+#. Select `Restart` from the sub menu
+#. A tune will play (mario death song), indicating the restart has been initiated. 
+#. A bep will sound when the Embassy is powered back on.
+#. A chime (mario coin chime) will sound when the Embassy is ready to use.

source/manual/embassy-one/services.rst

@@ -0,0 +1,20 @@
+.. _installing-services:
+
+Installing services
+===================
+
+Visit the marketplace from the Embassy dashboard menu. Select a service to download. When the service has finished installing, a notification will appear when complete. 
+
+Services can be viewed in the Services tab in the dashboard menu. Selecting a service here allows you to:
+
+#. View the instructions:
+
+   * Details on what the service is and how to use it. Any gotchas, special options, or gaps in functionality are noted here.
+
+#. Supply configuration options:
+
+   * Some services require input to configure the service before running. This could be entering a password, enabling certain features, or confirming the default options.
+
+#. Run the service:
+
+   * A service will not be started when downloaded. This will need to be user initiated. Once a service has been configured, the option to start the service will appear. After it is started, the service is available for you to use.

source/manual/embassy-one/shutdown.rst

@@ -0,0 +1,11 @@
+.. _shutdown:
+
+Shutdown
+========
+
+#. Open the Embassy dashboard using its Tor address.
+#. Access the Embassy tab from the main menu
+#. Select `Shutdown` from the sub menu
+#. Wait for the Embassy to shut down, typically about 1 minute. The dashboard will no longer be accessible from the browser.
+#. It is now safe to unplug the Embassy from power and the ethernet cable, if connected.
+#. To turn it back on, plug the Embassy back into the power supply and wait for it to bep and chime (mario coin chime). 

source/manual/embassy-one/ssl.rst

@@ -0,0 +1,10 @@
+.. _ssl-setup:
+
+SSL Setup
+=========
+
+This advanced feature will be enabled soon. Then, users can download the SSL root certificate to a device and follow the setup instructions `here <https://medium.com/@start9labs/embassy-https-certificate-setup-8cd873d7075c>`_.
+
+In depth
+--------
+Check out the :ref:`ssl-concept` concept guide for a deeper dive.

source/manual/embassy-one/upgrade.rst

@@ -0,0 +1,27 @@
+.. _upgrading:
+
+Upgrading
+=========
+
+Embassy OS
+----------
+Visit the Embassy tab from the Dashboard menu. Select “Check for Upgrades”. Clicking this will reach out to the marketplace to see if a new OS update has been released, and will indicate if it has. You can then update and get access to new features and bug fixes. 
+
+Services
+--------
+Visit the Marketplace tab from the Dashboard menu. Each service will denote a status, such as:
+
+* Not Installed
+* Installed
+* Update Available
+
+If Update Available is denoted as the option, select the service you are interested in updating, and click the green update button on the service page in the Marketplace.
+
+Config
+^^^^^^
+These are configuration options that can be changed at any time. When a service is in `Needs Config` status, it requires user input to complete setup before the service can be started. 
+
+Properties
+^^^^^^^^^^
+These are user initiated configuration properties, typically for credentials such as a password.
+

source/manual/embassy-one/wifi.rst

@@ -0,0 +1,24 @@
+.. _connecting-wifi:
+
+Connecting to WiFi
+==================
+
+#. Once logged into your Embassy dashboard, access the Embassy tab from the dashboard menu. 
+#. Navigate to the `WiFi` section. 
+#. Obtain the WiFi network name and password.
+#. Click the (+) button in the lower right corner to add a network with the gathered credentials.
+
+.. figure:: /_static/images/embassy_wifi.png
+    :width: 90%
+    :alt: Add WiFi menu
+
+    Add WiFi Network options
+
+#. Select the appropriate country to ensure the proper protocol is used.
+#. Click `Add and Connect`. 
+#. The saved network will appear in the list when successfully added. At this point, you can disconnect the Embassy from your router.
+
+If the Embassy relocates or needs to change WiFi networks, it can be connected into the new router’s ethernet jack and powered on to complete this process again.
+
+.. note::
+    The network speeds (and other server metrics) can be monitored within the Embassy dashboard.

source/support/contact.rst

@@ -0,0 +1,10 @@
+.. _contact:
+
+Contact Us
+==========
+
+    `Telegram <https://t.me/start9_labs>`_ - best for one off questions or back and forth direct messages
+
+    `Matrix <https://matrix.to/#/!lMnRwPWnyQvOfAoEnD:matrix.start9labs.com>`_ - we will eventually be migrating our community channel off telegram and onto this self hosted communication platform
+
+    `support@start9labs.com <mailto:support@start9labs.com>`_ - best for more involved questions

source/support/faq.rst

@@ -0,0 +1,93 @@
+.. _faq:
+
+Frequently Asked Questions
+==========================
+
+This guide is meant to compile questions we commonly receive. We are a small team working hard to build and deliver the best product and features possible, so please regard this guide before directly reaching out. Also, let us know if there is a question you would like to see answered here!
+
+What is the Embassy?
+--------------------
+
+The internet as we know it is organized into questioners, or clients, and answerers, or servers. When you open a mobile email app, say Gmail, the app (client) begins asking questions: "have I received new mail?", "what are my last 50 messages?", "what drafts am I in the midst of writing?", and so on. Your app's questions are sent to and heard by a Google-run server which then provides answers back to the client and are subsequently displayed to the screen.
+
+The Embassy is exactly that: your very own "answerer", just like Google's, except managed simply and with ease by and for you alone.
+
+In other words, it is a generalized private personal server capable of running all sorts of self hosted open source software. 
+
+When you see your credit card information on your banking app, your messages in your texting app, your passwords in your password management app, all of that information comes from somewhere in the cloud: some server run by some company somewhere on the planet. Who can see the data stored in that server? Who can edit it? It's not always clear, but the increasingly common practice of selling your data to advertisers and the high-profile cyber-security breaches of the last decade suggest a pessimistic outlook.
+
+One thing is for certain though: if you control your server, then you control your data. Your finances, your communications, all of it is actually yours -- and only yours -- with an Embassy.
+
+
+How does the Embassy work?
+--------------------------
+
+The Embassy runs on the Raspberry Pi 4B hardware with a Cortex-a72 CPU, 4GB of RAM, and has 2.4ghz and 5.0ghz IEEE 802.11AC wireless capabilities and a BLE internal speaker for audio feedback of system operations. It also features a high endurance MicroSD card, on which the operating system software is installed.
+
+Embassy OS is a stripped down version of Raspbian Buster Lite and handles all operations of your Embassy device. This core element of the technology stack is what enables you to set up, login, access your Embassy’s dashboard, and download and install services.
+
+One of these operations is creating and managing Tor addresses, which are uniquely attributed to each service you download, as well as to the Embassy device itself. You can see your uniquely generated Tor address when you complete the setup process using the Setup App. This address is how you view your Embassy’s dashboard, which is actually just a website served up from your Embassy itself! It is authenticated, of course, so only you can access it. 
+
+In depth
+--------
+    :ref:`tor-concept`
+
+    :ref:`embassy-os-concept`
+
+    :ref:`connect`
+
+
+I can't connect to my Embassy.
+------------------------------
+
+If the Embassy is connected to a WiFi network, ensure your phone / computer is connected to the same network.
+
+If the Embassy is connected via ethernet or to a router, ensure your phone / computer is connected to the same network as the router.
+
+Ensure that your server has been running long enough for the startup chime noise to sound.
+
+.. _post-setup:
+
+I setup my Embassy, now what?
+-----------------------------
+
+Connect to the dashboard using a preferable :ref:`browser-access` compatible with the communicating device's operating system.
+
+Do I plug the Embassy into my computer?
+---------------------------------------
+
+The Embassy does not plug into any other device. It is a just a small computer without a screen designed for constant uptime, aka a server. You can connect to and manage your Embassy from any mobile device, desktop computer, or laptop computer. This is accomplished right through the browser by visiting your Embassy's private and unique URL.
+
+In other words, the interface and admin dashboard for your Embassy is simply a web page/application served up by the Embassy itself into the browser. It's radical, but also very simple. It does not require any technical expertise.
+
+Once on Embassy's web page, you can choose what services to install to the Embassy. Then, each installed service also receives its own private and unique URL, such that you can access it from the browser or any mobile app that supports using it as a backend.
+
+The list of services will grow rapidly over the coming months, such that many things you currently do using cloud-based third party servers can be just as easily accomplished using your own personal cloud serving your own personal apps and storing your own private data. No trusted third parties at all.
+
+Are my Internet requests anonymous and secure?
+-----------------------------------------------------------
+
+Embassy OS and every service on the Embassy are served on their own Tor Hidden Services with unique Tor addresses. The private keys used to create these addresses are generated on your phone or computer when you first set up the Embassy. No one, not even Start9, has any idea what your Tor addresses are, let alone the password(s) you choose to authenticate with them. 
+
+There is also the option to communicate with your Embassy using standard :ref:`ssl-concept` encryption and a uniquely generated `.local` address. This method is faster than Tor, but can only be used on your home network.
+
+I cannot connect to a service.
+------------------------------
+
+Make sure the service is started by viewing it in the Services tab in the Embassy dashboard menu. A green indicator bar should be visible.
+
+Is the software open source?
+----------------------------
+
+The team at Start9 Labs is working to open source Embassy OS with a custom license. 
+
+Some of our projects are currently open sourced under MIT.
+
+Is there a product warranty?
+----------------------------
+
+Yes. Start9 commits to serving each beta Embassy product released until the wild. We commit, to the best of our ability, to resolve any issue encountered with our provided hardware or software in a personalized matter until resolved.
+
+Do not hesitate to :ref:`contact`. We strive to also provide quality and available customer service upfront. 
+
+.. warning:: Adding an SSH key voids the product warranty in totality.