From e543a4eb3a029080a2e2a5c99f76dc22504e1f62 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 22 Mar 2021 13:31:50 -0600 Subject: [PATCH 1/4] add btcpay --- source/misc-guides/available-services.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/misc-guides/available-services.rst b/source/misc-guides/available-services.rst index df4b001..c1ad940 100644 --- a/source/misc-guides/available-services.rst +++ b/source/misc-guides/available-services.rst @@ -23,4 +23,5 @@ Other services * `Burn After Reading `_ * `Cups `_ * `File Browser `_ -* `Mastodon `_ \ No newline at end of file +* `Mastodon `_ +* `BTCPay Server `_ \ No newline at end of file From 80bdad6cfbf2a2b976771aca792cbbab00a77983 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 22 Mar 2021 13:32:25 -0600 Subject: [PATCH 2/4] update windows bonjour install; number formatting --- source/getting-started/diy.rst | 30 +-- .../user-manual/general/lan-setup/browser.rst | 75 +++---- .../user-manual/general/lan-setup/desktop.rst | 206 +++++++++--------- 3 files changed, 158 insertions(+), 153 deletions(-) diff --git a/source/getting-started/diy.rst b/source/getting-started/diy.rst index 34a4dd4..21ab8c0 100644 --- a/source/getting-started/diy.rst +++ b/source/getting-started/diy.rst @@ -43,11 +43,11 @@ Components Assembly Instructions --------------------- -1. Insert mini speaker/buzzer into GPIO pins 6/8/10/12 with the word "speaker" facing out, `away from the board`. +#. Insert mini speaker/buzzer into GPIO pins 6/8/10/12 with the word "speaker" facing out, `away from the board`. -.. figure:: /_static/images/diy/pins.png - :width: 60% - :alt: Speaker board spec + .. figure:: /_static/images/diy/pins.png + :width: 60% + :alt: Speaker board spec That's it. Place the Raspberry Pi 4 board (with speaker attached), into its case. @@ -76,18 +76,18 @@ Installing EmbassyOS Whether you purchase EmbassyOS from us or build it yourself, you need to flash it onto a microSD card. -1. Download `balenaEtcher `_ onto your Mac, Windows, or Linux computer. -2. Insert the microSD card into your computer, either directly or using an adapter. -3. Open balenaEtcher. -4. Click `Select Image`, then find and select your copy of EmbassyOS. -5. Click `Select Target`, then find and select your micro SD card. -6. Click `Flash!` You may be asked to (1) approve the unusually large disk target or (2) enter your password. Both are normal. +#. Download `balenaEtcher `_ onto your Mac, Windows, or Linux computer. +#. Insert the microSD card into your computer, either directly or using an adapter. +#. Open balenaEtcher. +#. Click `Select Image`, then find and select your copy of EmbassyOS. +#. Click `Select Target`, then find and select your micro SD card. +#. Click `Flash!` You may be asked to (1) approve the unusually large disk target or (2) enter your password. Both are normal. -.. figure:: /_static/images/diy/balena.png - :width: 60% - :alt: Balena Etcher Dashboard + .. figure:: /_static/images/diy/balena.png + :width: 60% + :alt: Balena Etcher Dashboard -7. Once the image is flashed and verified, you may remove the micro SD and insert it into your Embassy. -8. The Embassy is now ready for use, and you may following the normal :ref:`setup ` instructions. ``*`` +#. Once the image is flashed and verified, you may remove the micro SD and insert it into your Embassy. +#. The Embassy is now ready for use, and you may following the normal :ref:`setup ` instructions. ``*`` ``*`` The first time you power it on, your Embassy will make more noises than future attempts, and it may take several minutes to finally complete. \ No newline at end of file diff --git a/source/user-manual/general/lan-setup/browser.rst b/source/user-manual/general/lan-setup/browser.rst index ffd7140..0e02e21 100644 --- a/source/user-manual/general/lan-setup/browser.rst +++ b/source/user-manual/general/lan-setup/browser.rst @@ -6,87 +6,84 @@ Browser .. warning:: Make sure you have completed setup on your :ref:`device ` before continuing! -.. note:: - Some browsers (such as Firefox) may emit a "Warning: Potential Security Risk Ahead". This is because the SSL Certificate issued from your Embassy is not from a registered certificate authority. Usually, this warning is a valid concern, but in the case of accessing a service over LAN from your Embassy, select "Advanced" and "Accept the Risk and Continue". - .. _brave: Brave ===== -1. Navigate to your Brave Settings in a new tab. +#. Navigate to your Brave Settings in a new tab. -2. On the left hand sidebar, navigate to *Additional Settings > Privacy and Security*. +#. On the left hand sidebar, navigate to *Additional Settings > Privacy and Security*. -3. Add the bottom of the section, select "Manage Certificates". +#. Add the bottom of the section, select "Manage Certificates". -.. figure:: /_static/images/ssl/browser/brave_security_settings.png - :width: 90% - :alt: Brave privacy and security settings page + .. figure:: /_static/images/ssl/browser/brave_security_settings.png + :width: 90% + :alt: Brave privacy and security settings page -4. If you see a trusted “Embassy Local Root CA”, open a new tab to apply the certificate. If this does not work, quit and restart Brave. +#. If you see a trusted “Embassy Local Root CA”, open a new tab to apply the certificate. If this does not work, quit and restart Brave. -5. If you do not see a trusted “Embassy Local Root CA” certificate in the list, ensure the certificate is properly set up on your computer system. +#. If you do not see a trusted “Embassy Local Root CA” certificate in the list, ensure the certificate is properly set up on your computer system. -.. figure:: /_static/images/ssl/browser/brave_view_certs.png - :width: 90% - :alt: Brave Manage Certificates sub-menu on MacOS + .. figure:: /_static/images/ssl/browser/brave_view_certs.png + :width: 90% + :alt: Brave Manage Certificates sub-menu on MacOS -6. Obtain the LAN address provided in the Setup App and enter it in a new tab. +#. Obtain the LAN address provided in the Setup App and enter it in a new tab. -7. You can now securely navigate to your Embassy over HTTPS! +#. You can now securely navigate to your Embassy over HTTPS! -8. Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings). +#. Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings). .. _chrome: Chrome ====== -1. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome. +#. Once you have followed the steps to setup your device, open a new tab to apply the certificate. If this does not work, quit and restart Chrome. -2. Obtain the LAN address provided in the Setup App and enter it in the URL bar. +#. Obtain the LAN address provided in the Setup App and enter it in the URL bar. -3. You can now securely navigate to your Embassy over HTTPS! +#. You can now securely navigate to your Embassy over HTTPS! .. _firefox: Firefox ======== -1. Navigate to your Firefox Settings in a new tab. +#. Navigate to your Firefox Settings in a new tab. -2. Select “Privacy and Security” from the left hand navigation menu. +#. Select “Privacy and Security” from the left hand navigation menu. -3. Scroll all the way to the bottom of the page and select “View Certificates”. +#. Scroll all the way to the bottom of the page and select “View Certificates”. -.. figure:: /_static/images/ssl/browser/firefox_security_settings.png - :width: 90% - :alt: Firefox security settings + .. figure:: /_static/images/ssl/browser/firefox_security_settings.png + :width: 90% + :alt: Firefox security settings - Firefox privacy and security settings page + Firefox privacy and security settings page -4. Select the "Authorities" tab from the "Certificate Manager". +#. Select the "Authorities" tab from the "Certificate Manager". -5. Click “Import” and open the downloaded *Embassy Local Root CA.crt* file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps `. +#. Click “Import” and open the downloaded *Embassy Local Root CA.crt* file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps `. -6. When prompted, check “Trust this CA to identity websites” and select “OK”. +#. When prompted, check “Trust this CA to identity websites” and select “OK”. -.. figure:: /_static/images/ssl/browser/firefox_security_settings.png - :width: 90% - :alt: Firefox import cert + .. figure:: /_static/images/ssl/browser/firefox_security_settings.png + :width: 90% + :alt: Firefox import cert - Firefox import certificate page + Firefox import certificate page -7. Ensure the “Embassy Local Root CA” exists under “Start9 Labs”. +#. Ensure the “Embassy Local Root CA” exists under “Start9 Labs”. -8. Click “OK” to save. +#. Click “OK” to save. -9. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox. +#. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox. -10. Navigate to the LAN address provided in the Setup App. +#. Navigate to the LAN address provided in the Setup App. -11. You can now securely navigate to your Embassy over HTTPS! +#. You can now securely navigate to your Embassy over HTTPS! .. _safari: diff --git a/source/user-manual/general/lan-setup/desktop.rst b/source/user-manual/general/lan-setup/desktop.rst index 71610de..ec7fb99 100644 --- a/source/user-manual/general/lan-setup/desktop.rst +++ b/source/user-manual/general/lan-setup/desktop.rst @@ -8,172 +8,180 @@ Operating Systems MacOS ----- -1. Visit your Embassy at its Tor Address. +#. Visit your Embassy at its Tor Address. -2. Navigate to --> Embassy --> Connect Over LAN +#. Navigate to --> Embassy --> Connect Over LAN -.. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item - Select the "Connect over LAN" menu item + Select the "Connect over LAN" menu item -3. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. -.. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page - Select the "Root Certificate Authority" sub menu + Select the "Root Certificate Authority" sub menu -4. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. +#. Select the option to open your key with Keychain Access. If you choose to save file, double click on it once downloaded. -.. figure:: /_static/images/secure_lan_setup_prompt.png - :width: 90% - :alt: LAN setup prompt + .. figure:: /_static/images/secure_lan_setup_prompt.png + :width: 90% + :alt: LAN setup prompt - Open with "Keychain Access" and select "OK" + Open with "Keychain Access" and select "OK" -5. Enter your computer password when prompted. It will be imported into your computer’s keychain. +#. Enter your computer password when prompted. It will be imported into your computer’s keychain. -.. figure:: /_static/images/ssl/macos/certificate_untrusted.png - :width: 90% - :alt: Keychain access import menu + .. figure:: /_static/images/ssl/macos/certificate_untrusted.png + :width: 90% + :alt: Keychain access import menu - Keychain access import menu + Keychain access import menu -If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. +#. If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it. -6. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. +#. Navigate to the "System" tab and find the certificate entitled “Embassy Local Root CA”. -7. Double click on this certificate. A second window will pop up. +#. Double click on this certificate. A second window will pop up. -8. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. +#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “when using this certificate”. -.. figure:: /_static/images/ssl/macos/always_trust.png - :width: 90% - :alt: Keychain submenu + .. figure:: /_static/images/ssl/macos/always_trust.png + :width: 90% + :alt: Keychain submenu - Select "Always trust" under SSL dropdown for Embassy Local CA + Select "Always trust" under SSL dropdown for Embassy Local CA -9. Close this window and enter your password to apply the settings. +#. Close this window and enter your password to apply the settings. -10. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. +#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access. -.. figure:: /_static/images/ssl/macos/certificate_trusted.png - :width: 90% - :alt: Keychain menu trusted certificate + .. figure:: /_static/images/ssl/macos/certificate_trusted.png + :width: 90% + :alt: Keychain menu trusted certificate - Trusted Embassy Local CA certificate + Trusted Embassy Local CA certificate -11. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. +#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. Windows ------- -1. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. +#. Install `Bonjour Print Services `_ on your Windows machine. This is necessary in order to visit .local addresses on Windows. +#. If you are having issues running Bonjour after installing, you might have had Bonjour previously installed. To fix: -2. Visit your Embassy at its Tor Address. + #. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ + #. UNinstall Bonjour completely via ``system settings -> remove programs`` + #. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US) + #. Restart Windows + #. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings. + +#. Visit your Embassy at its Tor Address. -3. Navigate to --> Embassy --> Connect Over LAN +#. Navigate to --> Embassy --> Connect Over LAN -.. figure:: /_static/images/embassy_lan_setup.png - :width: 90% - :alt: LAN setup menu item + .. figure:: /_static/images/embassy_lan_setup.png + :width: 90% + :alt: LAN setup menu item - Select the "Connect over LAN" menu item + Select the "Connect over LAN" menu item -4. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. +#. Select the "Root Certificate Authority" sub menu. This will prompt a download to save the certificate file to your machine. -.. figure:: /_static/images/secure_lan_setup_page.png - :width: 90% - :alt: LAN setup page + .. figure:: /_static/images/secure_lan_setup_page.png + :width: 90% + :alt: LAN setup page - Select the "Root Certificate Authority" sub menu download icon + Select the "Root Certificate Authority" sub menu download icon -5. Select the option to save the *Embassy Local CA.crt* file. +#. Select the option to save the *Embassy Local CA.crt* file. -.. figure:: /_static/images/ssl/windows/windows_download_cert.png - :width: 90% - :alt: LAN setup prompt + .. figure:: /_static/images/ssl/windows/windows_download_cert.png + :width: 90% + :alt: LAN setup prompt - "Save file" when Opening Embassy Local CA.crt + "Save file" when Opening Embassy Local CA.crt -6. On your computer, right-click the “Start” menu and select “Run”. +#. On your computer, right-click the “Start” menu and select “Run”. -7. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. +#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run. -.. figure:: /_static/images/ssl/windows/1_windows_mmc.png - :width: 90% - :alt: Windows MMC + .. figure:: /_static/images/ssl/windows/1_windows_mmc.png + :width: 90% + :alt: Windows MMC - Access the Windows Management Console + Access the Windows Management Console -8. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. +#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*. -.. figure:: /_static/images/ssl/windows/2_windows_console_root.png - :width: 90% - :alt: Windows Console Root + .. figure:: /_static/images/ssl/windows/2_windows_console_root.png + :width: 90% + :alt: Windows Console Root - Add Snap-in from Console Root + Add Snap-in from Console Root -9. Select “Certificates” in the left side menu, then “Add”. This will open another window. +#. Select “Certificates” in the left side menu, then “Add”. This will open another window. -.. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png - :width: 90% - :alt: Add Certificates + .. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png + :width: 90% + :alt: Add Certificates - Add Certificates to selected snap-ins + Add Certificates to selected snap-ins -10. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. +#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”. -11. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. +#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”. -.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png - :width: 90% - :alt: Snap-in Selected + .. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png + :width: 90% + :alt: Snap-in Selected - Certificates (Local Computer) is selected as snap-in + Certificates (Local Computer) is selected as snap-in -12. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. +#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. -.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png - :width: 90% - :alt: Certificates in Management Console + .. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png + :width: 90% + :alt: Certificates in Management Console - Access Certificates in Management Console + Access Certificates in Management Console -13. Right click on “Certificates”, then navigate to *All Tasks > Import*. +#. Right click on “Certificates”, then navigate to *All Tasks > Import*. -.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png - :width: 90% - :alt: Import certificate + .. figure:: /_static/images/ssl/windows/6_windows_import_cert.png + :width: 90% + :alt: Import certificate - Select "Import" from Certificates sub-menu + Select "Import" from Certificates sub-menu -14. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. +#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”. -.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png - :width: 90% - :alt: Import cert wizard + .. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png + :width: 90% + :alt: Import cert wizard - Add downloaded certificate int he Certificate Import Wizard + Add downloaded certificate int he Certificate Import Wizard -15. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. +#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”. -16. Select “OK” when the import is successful. +#. Select “OK” when the import is successful. -17. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. +#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder. -.. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png - :width: 90% - :alt: Successful cert install + .. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png + :width: 90% + :alt: Successful cert install - Embassy Local Root CA imported into Certificate folder + Embassy Local Root CA imported into Certificate folder -18. You can save the settings to the console if desired or cancel. +#. You can save the settings to the console if desired or cancel. + +#. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. -19. Open to your favorite browser to import this certificate and follow the steps for :ref:`supported browsers `. Linux ----- From 4917fb6b1a3ab6c1a8a0485b4b14976a5d38fa01 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 22 Mar 2021 14:35:00 -0600 Subject: [PATCH 3/4] remove duplicate link targets --- source/support/faq.rst | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/source/support/faq.rst b/source/support/faq.rst index 9ac2162..69cb3c4 100644 --- a/source/support/faq.rst +++ b/source/support/faq.rst @@ -14,15 +14,15 @@ Start9Labs is a company based in Denver, CO that builds the Embassy and EmbassyO What is the Embassy? -------------------- -The Embassy is a "shelf-top" computer built using a `Raspberry Pi `_ for hardware and running EmbassyOS software. Learn more :ref:`here `. +The Embassy is a "shelf-top" computer built using a `Raspberry Pi `_ for hardware and running EmbassyOS software. Learn more here: :ref:`embassy`. What is EmbassyOS? ------------------ -EmbassyOS is a new kind of Operating System (OS). It is built from the ground up to allow anyone to easily run thier own 'cloud,' remove their dependence on Big Tech, and own their own data. EmbassyOS allows anyone to easily self-host their own software services. It handles all operations of the device, including managing the Service Marketplace, Services, Backups, Updates, data, and much more. Learn more :ref:`here `. +EmbassyOS is a new kind of Operating System (OS). It is built from the ground up to allow anyone to easily run thier own 'cloud,' remove their dependence on Big Tech, and own their own data. EmbassyOS allows anyone to easily self-host their own software services. It handles all operations of the device, including managing the Service Marketplace, Services, Backups, Updates, data, and much more. Learn more here: :ref:`embassyos`. What are EmbassyOS Services? ---------------------------- -A Service can be any piece of software added to the Marketplace. All services are "self-hosted," meaning that you are in complete control of your data. This means you can run your own "cloud!" Learn more :ref:`here ` and see our currently :ref:`Available Services `. +A Service can be any piece of software added to the Marketplace. All services are "self-hosted," meaning that you are in complete control of your data. This means you can run your own "cloud"! Check out our currently :ref:`available services ` and learn more here: :ref:`managing-services`. Does the Embassy ship worldwide? -------------------------------- @@ -41,10 +41,14 @@ How does pricing work for EmbassyOS? Are you targeting a specific USD price? The price is changed every 2016 blocks, which occurs about every 14 days. And no, the intent is not to tie EmbassyOS to a USD value, though at the moment USD is a convenient proxy for real purchasing power. What are you using for a store backend? Do you store my data? ---------------------------------------- +-------------------------------------------------------------- + Great question, here is our exact situation currently: + Embassy device sales are processed through Shopify, which we do not like, but it was expedient in the early days, especially for shipping, so we went with it. Aside from a master list of email addresses for those who have explicitly opted in to our mailing list, all customer data is contained within Shopify. We do not duplicate it anywhere. We are asking Shopify to delete our customer data, but they claim it will take upward of 3 months to comply and we of course have no guarantee the data will actually be deleted permanently. This is partly why we exist...as such, we will be moving off of Shopify and onto a self-hosted solution, where Start9 alone controls our customer data for Embassy purchases, which we will delete as a matter of policy following a short grace period after delivery. + For EmbassyOS sales, we took the maximally private approach right out of the gate. When you buy EmbassyOS, the only thing we need is an email address, and you can only pay with bitcoin. That's it. Then, unless you have explicitly requested that we keep your email for mailing list purposes, we delete the email immediately upon transaction completion. + So...in summary: (1) the shipping data we currently have is stored in Shopify (2) we are asking Shopify to delete all our customer data (3) we will be migrating off of Shopify (4) going forward, we alone will control customer data and will purge it regularly (5) you can always assemble the hardware yourself and just buy EmbassyOS from us with bitcoin, which only requires an email, which is gets purged immediately. I want to help, but I'm not a developer. Are there any ways for non-coders to contribute? @@ -120,7 +124,7 @@ No, and we do not advise this. It is designed to be used on a RaspberryPi. Is it possible to use the EmbassyOS on my own hardware? ------------------------------------------------------- -Yes! You can follow the diy guide :ref:`here `. This option is great for people who already own the necessary hardware or who live outside the US and want to save on shipping and customs fees. +Yes! The :ref:`diy guide ` will take you through the setup steps. This option is great for people who already own the necessary hardware or who live outside the US and want to save on shipping and customs fees. Additionally, EmbassyOS is available to build from source under the Start9 Personal Use License. If you have the time and energy, it is possible to download and compile EmbassyOS yourself, for free, with the caveat that your “Embassy” will not have a product key generated by us. This means you will miss out on the perks that come along with purchasing from us, which will grow over time. @@ -162,7 +166,7 @@ Can I mine Bitcoin with this? No, you can not. Does the Embassy only work over Tor? No http or VPN...?? ----------------------------------------------------- +-------------------------------------------------------- The Embassy’s current primary communication is Tor, yes. In many cases we use HTTP over Tor (they are not mutually exclusive), you can see this by navigating to the Tor address in a browser and see the “http” in front of it. A VPN is a feature we’re exploring as an alternative to Tor to make things faster without meaningfully impacting privacy. You can also connect directly via LAN if you are on the same network as your device. ========================= @@ -208,7 +212,7 @@ Potentially. The list of software that can be self-hosted is growing rapidly. Does the Embassy run a full archival Bitcoin node? -------------------------------------------------- The Embassy runs a full node, but does not run a full *archival* node, it's pruned. This means it does not store the entire Blockchain. As it syncs, it discards blocks and transactions it does not need. -It is fully validating and verifying consensus all the way from Genesis. Really, the only reason to store the entire Blockchain is if you want to run a block explorer. Learn more :ref:`here `. +It is fully validating and verifying consensus all the way from Genesis. Really, the only reason to store the entire Blockchain is if you want to run a block explorer. Learn more here: :ref:`node`. What actions, specifically, are only possible with an archival, or ‘unpruned’ node? ----------------------------------------------------------------------------------- @@ -224,7 +228,7 @@ The Lightning Network (LN) is a second 'layer,' built on top of the Bitcoin Prot Are there any resources for learning about how to use Bitcoin and the Lightning Network? ---------------------------------------------------------------------------------------- -It may be helpful to start `here `_ for Bitcoin and `here `_ for Lightning. +It may be helpful to start `here `__ for Bitcoin and `here `__ for Lightning. I opened a Lightning channel, but my local balance is lower than I expected. Where is the remainder? ----------------------------------------------------------------------------------------------------- @@ -244,7 +248,7 @@ Is there a solution to this? Yes, the concept of a Watchtower was originally conceptualized in the LN whitepaper. A Watchtower is simply a lightning node to which you can give the authority to monitor transactions associated with your open payment channels. Is a wallet vulnerable to hacking if it’s always online?? -------------------------------------------------------- +--------------------------------------------------------- Funds are not stored on the node typically. The node simply serves as a source of truth for the state of the blockchain. Attacks depend on where the keys are and where the signing happens. You can use something like a hardware wallet for better security. Though, to be fair, a lot of attacks depend on you or your machine being targeted specifically, and a whole bunch of attack vectors are highly theoretical and obscure. Most successful attacks seem to be either fake/doctored software or a social attack (tricking you into installing some malware or giving your seed outright or something like that). Keep in mind, however, the more value there is out there to steal, the more sophisticated attacks will get automated (bots, crawlers etc). So its not just the risk profile of today, but also tomorrow you have to consider. That’s why something like a hardware wallet or dedicated mobile device for key signing is a good idea. From 6206d702438e2c36aeb972301bdff748be70c0dc Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Tue, 23 Mar 2021 14:29:03 -0600 Subject: [PATCH 4/4] remove assets and add backups to service dev docs --- source/contributing/services/backups.rst | 29 ++++++++++++++++++++++++ source/contributing/services/index.rst | 1 + source/contributing/services/wrapper.rst | 22 +----------------- 3 files changed, 31 insertions(+), 21 deletions(-) create mode 100644 source/contributing/services/backups.rst diff --git a/source/contributing/services/backups.rst b/source/contributing/services/backups.rst new file mode 100644 index 0000000..87d6e6b --- /dev/null +++ b/source/contributing/services/backups.rst @@ -0,0 +1,29 @@ +.. _service_backups: + +*************** +Service Backups +*************** + +Everything within the root of the mounted volume directory will be stored in an EmbassyOS backup. This includes the config (config.yaml) and properties (stats.yaml) files, as well as any other persisted data within the volume directory. + +For restoration purposes, it might be beneficial to ignore certain files or folders. For instance, ignore the shared/public folder that is mounted for dependencies that expose this feature as it causes data inconsistencies on restore. + +In this case, create a `.backupignore` file. This file contains a list of relative paths to the ignored files. + + +Example +======= + +The `btcpayserver wrapper `_ demonstrates a good use of a backupignore template. + +Ultimately, ``/datadir/.backupignore`` gets populated with: + +.. code:: + + /root/volumes/btcpayserver/start9/public + /root/volumes/btcpayserver/start9/shared + +.. role:: raw-html(raw) + :format: html + +:raw-html:`
` \ No newline at end of file diff --git a/source/contributing/services/index.rst b/source/contributing/services/index.rst index e0f8794..dca0b86 100644 --- a/source/contributing/services/index.rst +++ b/source/contributing/services/index.rst @@ -31,6 +31,7 @@ Happy building! Config Properties Instructions + Backups Submission process ------------------ diff --git a/source/contributing/services/wrapper.rst b/source/contributing/services/wrapper.rst index 6104e9d..e4ebad3 100644 --- a/source/contributing/services/wrapper.rst +++ b/source/contributing/services/wrapper.rst @@ -26,16 +26,12 @@ The project structure should be used as a model: ├── Dockerfile ├── Makefile (optional) ├── README.md - ├── assets - │ ├── httpd.conf (optional) - │ └── httpd.conf.template (optional) ├── config_rules.yaml ├── config_spec.yaml ├── ├── docker_entrypoint.sh ├── docs │ └── instructions.md - ├── instructions.md -> docs/instructions.md (symlink) └── manifest.yaml Submodule @@ -43,20 +39,4 @@ Submodule `Git sub-modules `_ allow use of another project while in the working project directory. Setting up this feature enables linking of the source service repository so that it's context is available. -Run ``git submodule add `` - -Assets -====== - -.. warning:: - - *This section is being deprecated in favor of baking assets into the Docker image, and moved into the mountpoint at runtime if necessary* - -Whenever a service is stopped, any file that is not contained within in the ``/assets`` directory will be cleared from memory. Any unsaved changes will be reverted. This folder acts as a persistance storage container. - -In this folder belongs any assets that are unique configurations to your service. For instance, bitcoind's ``.conf`` file is saved here. - -.. role:: raw-html(raw) - :format: html - -:raw-html:`
` \ No newline at end of file +Run ``git submodule add `` \ No newline at end of file