Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 02:11:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

first sweep

Browse Source
This commit is contained in:
Matt Hill
2020-10-07 16:36:17 -06:00
parent c481ce9ff4
commit a09b2ae77b
48 changed files with 418 additions and 430 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
source/concepts/embassy-os.rst
View File

@@ -1,19 +0,0 @@
.. _embassy-os-concept:
Embassy OS
==========
Embassy OS refers to a custom Linux distribution along with a suite of software tools installed on the Embassy which makes it easy to:
* Install new services
* Uninstall services
* Upgrade services
* Upgrade your Embassy software to future versions
* Manage the data of each installed service
Embassy OS is a forked branch of the Buster Lite version of Raspberry Pi OS. Start9 Labs augmented this base operating system to include:
* a custom application management layer specialized for installing, running, and backing up .s9pk packaged services
* a layer responsible for Embassy specific operations, such as Tor, Backups, and Notifications
The .s9pk extension is Start9 Labs's custom package format based on tar. It encompasses the necessary components to compress, host, and install a service on the marketplace.

14
source/concepts/open-source.rst
View File

@@ -1,14 +0,0 @@
.. _open-source:
Open Source Software
====================
The Internet itself was built on free and publicly available code, with the values of collaboration, peer review, communication, and openness built into its very foundation. This decentralized model evolved into the open source movement, which uses these values to discover new ways to solve problems across boundaries and industries.
Open source software centered around the concept of user freedoms: freedom to see, modify, and redistribute the code to make it work for the user in whatever way they needed. It does not necessarily mean free to use. It means that the software will be better, cheaper, and more flexible if it is freely accessible, openly modifiable, and shared.
If anyone can inspect, modify, and distribute the code, bugs are more rapidly resolved, security vulnerabilities are more quickly audited and exposed. Community driven development efforts enable diverse collaboration which increases project reliability and longevity.
Distinct from open source software is propriety, or closed source, software. Closed source software is strictly moderated, cannot legally be altered, copied, or distributed, and is paid for to be used as intended without modification. Only the code owners have the right to access the code.
As a company founded on the principles of freedom, every service we support is open source. We believe in contributing to the future of this vibrant and passionate ecosystem.

18
source/concepts/services.rst
View File

@@ -1,18 +0,0 @@
.. _services:
Services
========
Apps for third technological revolution, the era of sovereign computing. Running on a personal server, these software packages serve the desired content. This could be a webpage, application, or endpoint.
For instance, the Bitcoin service provides a Tor address endpoint for a bitcoind node. Bitwarden serves the password management website. File Browser serves a file management graphical user interface.
The following services are currently supported on the Embassy:
`Bitcoin <https://github.com/Start9Labs/bitcoind-wrapper/blob/master/docs/instructions.md>`_
`Cups <https://github.com/Start9Labs/cups-wrapper/blob/master/docs/instructions.md>`_
`File Browser <https://github.com/Start9Labs/filebrowser-wrapper/blob/master/docs/instructions.md>`_
Bitwarden

18
source/concepts/ssl.rst
View File

@@ -1,18 +0,0 @@
.. _ssl-concept:
SSL / TLS
=========
Visiting websites on the Tor network is slow. We wanted to provide a be \er option to access the Embassy at home. Thats why we created an address for the Embassy that can be accessed on your Local Area Network.
By default, this `.local` address is served like a regular website, over HTTP. Browser's makes it noticeable visiting a site over HTTP in the URL bar - it could be red, show an unlocked lock, or warn the connection is not secure.
SSL certificates are what enable websites to move from HTTP to HTTPS, which increases security and makes browsers happy. Using the Secure Sockets Layer protocol, HTTPS enabled websites use certificates to establish authenticated and encrypted links between networked computers. Its the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two devices, preventing third parties from reading and modifying any personal information transferred. They also verify ownership of a website.
Valid SSL certificates are typically issued and obtained from Certificate Authorities. These trusted third parties generate and distribute certificates, signing them with their trusted private key, which allows the clients who use them to verify its authenticity. Websites obtain a certificate from a CA then load it on to their websites hosting service or server, allowing the website to load over HTTPS and have all traffic to and from the website be encrypted and secure.
We decided to have the Embassy act as a Certificate Authority. It creates a self-signed certificate, which means that the private key used to sign the digital certificate is the Embassys own private key instead of a third partys.
When you setup SSL for your Embassy and device, the certificate communicates to the client (a browser) that the server (the Embassy) demonstrated ownership of the domain (the `start9-xxxxxxxx.local` address) to the certificate authority (created on the Embassy) at the time of certificate issuance (during the setup process). The Embassy dashboard can then be accessed from a home network (LAN) using a secure HTTPS connection!
For more information on how to setup your devices to enable this feature visit :ref:`ssl-setup`.

12
source/concepts/tor.rst
View File

@@ -1,12 +0,0 @@
.. _tor-concept:
TOR
===
The Onion Router, or TOR, is a free and open source software that enables anonymous communication. By routing Internet traffic though a worldwide, volunteer overlay network of nodes, requests are bundled in layers of encryption like the layers of an onion. The request is relayed across nodes, decrypting a layer only to reveal the next relay destination, until the request meets its final destination, without revealing the source IP address.
If a malicious third party were to intercept a request, they would see a garbled mess of the remaining onion encryption, and would only know that it came from some onion node and was heading to some other onion node. The contents, source, and destination of the message are totally anonymous.
When you use Tor to communicate with services running on the Embassy, all the traffic is onion routed and encrypted, and there are no Tor exit nodes involved - it's totally private with no configuration needed.
Furthermore, every service on the Embassy has a different Tor address, including the device itself. This is for privacy reasons - should one Tor address be exposed, the others will not be compromised. Tor addresses are actually ed25519 keys, which means they also provide all the benefits of cryptographically secure private/public keys.

7
source/conf.py
View File

@@ -67,7 +67,12 @@ html_theme = 'sphinx_book_theme'
html_static_path = ['_static']
html_theme_options = {
"extra_navbar": "",
"theme_dev_mode": True,
"path_to_docs": "source",
"repository_url": "https://github.com/Start9Labs/documentation",
"use_edit_page_button": True,
"use_issues_button": True,
"use_repository_button": True,
}
html_logo = "_static/logo.png"
html_title = ""

7
source/developer/sdk.rst → source/contributing/adding-services.rst
View File

@@ -1,7 +1,8 @@
.. _sdk:
.. _adding-services:
Services Software Development Kit (SDK)
=======================================
***************
Adding Services
***************
We are finalizing the OS infrastructure requirements to ensure a smooth process for developer contribution. This includes wrapping everything up into a software development kit for developing services on the Embassy OS platform.

3
source/developer/beta.rst → source/contributing/beta-testing.rst
View File

@@ -1,7 +1,8 @@
.. _best-testing:
************
Beta Testing
============
************
On request, or by selective offerings, we will admit certain users to test upcoming releases in our beta environment. This environment requires authorized SSH authentication, the credentials for which will be provided to selected users.

5
source/contributing/documentation.rst Normal file
View File

@@ -0,0 +1,5 @@
.. _documentation:
*************
Documentation
*************

11
source/developer/ssh.rst
View File

@@ -1,11 +0,0 @@
.. _ssh-key:
Adding a SSH Key
================
#. Navigate to the Embassy tab in the dashboard menu after logging in.
#. Select `Developer Options`.
#. Select the (+) button in the lower right hand corner to add an SSH key.
#. Navigate back to the Embassy tab and select `Monitor` to find the Embassy's `LAN IP address`. `pi@` will be your SSH target.
.. warning:: Adding an SSH key will void the warranty. This is an advanced feature and should only be completed by experienced users. We can make no guarantees about the continued functioning of the Embassy once this process is completed.

51
source/getting-started/connect.rst
View File

@@ -1,51 +0,0 @@
.. _connect:
Connecting to the Embassy
=========================
WiFi
----
Once the Embassy has been setup while connected to the router, it can be configured to be accessible only from a wireless network. This option can be found in the `Embassy` tab in the dashboard menu under `WiFi`. From here, the desired wireless network credentials can be entered by selecting the (+) sign in the lower right hand corner. Either `save` to persist the network for later use, or `save and connect` to immediately use the provided network.
.. seealso:: :ref:`connecting-wifi`
After successfully connected to a configured WiFi network, the Embassy can be unplugged from the router and relocated anywhere it's power supply can reach.
.. _browser-access:
Browser
-------
The Embassy dashboard can be accessed in two distinct ways:
#. By visiting the Tor address in a Tor enabled browser. You can visit it from anywhere in the world via the Tor network. Please be advised that the Tor network is censored in some places.
Depending on your device operating system and browser preference, there exists several methods for reaching the Embassy dashboard:
* MacOS / Windows:
Any browser that supports Tor (ie. a SOCKS5 proxy), such as:
* A private window with Tor in `Brave <https://brave.com/>`_
* The `Tor Browser <https://www.torproject.org/download/>`_
* `Firefox <https://www.mozilla.org/en-US/firefox/mobile/>`_
.. seealso:: `Setting up Firefox to handle Tor addresses <https://medium.com/@start9labs/setting-up-your-firefox-web-browser-to-handle-onion-urls-b805391726e4>`_
* iOS
Download the Consulate `app <https://apps.apple.com/us/app/consulate/id1528124570>`_ in the Apple App Store.
.. seealso:: `Announcing the Consulate Browser! <https://medium.com/@start9labs/announcing-the-consulate-browser-76d94a8599cb>`_
* Android
Download the `Tor Browser <https://www.torproject.org/download/>`_
`Firefox <https://www.mozilla.org/en-US/firefox/mobile/>`_
.. seealso:: `Setting up Firefox to handle Tor addresses on Android <https://medium.com/@start9labs/setting-up-your-firefox-web-browser-to-handle-onion-urls-android-65b36801c0d2>`_
* FDroid
Coming Soon!
#. This option is considered an **advanced** feature. By visiting the local address after setting up a SSL certificate on the Embassy. This means that the remote device and Embassy server must be in physical proximity and connected to the same WiFi network in order to communicate. Once this is setup, the Embassy can be accessed from any browser while on the Local Area Network (LAN) with little latency and with no extra configuration options needed.

36
source/getting-started/connecting.rst Normal file
View File

@@ -0,0 +1,36 @@
.. _connecting:
**********
Connecting
**********
With the :ref:`initial-setup` complete, your Embassy is now privately hosted on the Internet and can be accessed right from the borwser. Your Embassy's addresses (its Tor and LAN URLs) are completely private; no one else even knows they exists.
If you accidentally leak your Embassy's addresses, do not worry. You Embassy is also protected by your password; so only you can log in.
Tor
===
Connecting to your Embassy over :ref:`tor` requires uing a browser that supports *.onion* URLs.
Currently, Tor is the default and our recommended approach for most users. It *just works*. The one drawback, however, is latency; onion-routed communications over Tor can be slow. For a lightning fast experience, you can connect to your Embassy over LAN (below), but this requires additional setup.
Below are a list of our recommended browsers for Tor:
* `Start9 Consulate <https://apps.apple.com/us/app/consulate/id1528124570>`_ (iOS)
* `Firefox <https://mozilla.org/firefox/new/>`_ (Mac, Windows, Linux, Android)
* `Tor Browser <https://torproject.org/download/>`_ (Mac, Windows, Linux, Android)
* `Brave <https://brave.com/>`_ (Mac, Windows, Linux, Android)
.. seealso:: `Setting up Firefox to handle Tor addresses <https://medium.com/@start9labs/setting-up-your-firefox-web-browser-to-handle-onion-urls-b805391726e4>`_
.. seealso:: `Announcing the Consulate Browser! <https://medium.com/@start9labs/announcing-the-consulate-browser-76d94a8599cb>`_
LAN
===
Connecting to your Embassy over :ref:`lan` has the benefit of being fast! It requires uing a browser that supports *.local* URLs, which is true for most browsers.
This option is considered *advanced*, since it requires :ref:`installing and trusting your Embassy's Root Certificate Authority SSL<ssl-setup>` on any phone or laptop you use to connect.

11
source/getting-started/dashboard.rst
View File

@@ -1,11 +0,0 @@
.. _dashboard:
Accessing dashboard
-------------------
Acquire your Tor address from the Setup App. Plug it into the URL bar of any Tor enabled browser. Login using the master password supplied during the setup process.
.. seealso:: :ref:`connect`
After you are logged into your dashboard (link), navigate to the Marketplace tab from the menu. Here, you can view the services available to download. Once downloaded, you can view these in the Services tab in the menu.

11
source/getting-started/initial-setup.rst Normal file
View File

@@ -0,0 +1,11 @@
.. _initial-setup:
*************
Initial Setup
*************
Ensure your phone is connected to the same WiFi network as your router.
Visit the appropriate setup instructions for your version:
`Setup0.2.x <https://start9labs.com/devices/embassy/setup?version=0.2.0>`_

8
source/getting-started/marketplace.rst
View File

@@ -1,8 +0,0 @@
.. _marketplace:
Exploring Services in Marketplace
---------------------------------
The Start9 Marketplace currently hosts the available service to install on your Embassy. Soon, any developer will be able to submit a service to this marketplace for review. Submitted services will follow our :ref:`sdk` Guide to conform to the standards necessary for Embassy software services to run.
The review will consist of code review (we want services to work very well), user experience testing acceptance (we want services to be a dead simple and pleasant experience), documentation of instructions (we want it to be clear to users and developers how to run and contribute), and a security vulnerability audit (we want to prevent any malware being installed).

12
source/getting-started/setup.rst
View File

@@ -1,12 +0,0 @@
.. _setup-guide:
Setup Guide
===========
Ensure your phone is connected to the same WiFi network as your router.
Visit the appropriate setup instructions for your version:
`Setup0.2.x <https://start9labs.com/devices/embassy/setup?version=0.2.0>`_
After completing the above guide, it no longer matters if the device and Embassy WiFi network differ - the Embassy can be reached anywhere in the world using its Tor address in a Tor enabled browser. :ref:`post-setup`

8
source/getting-started/unboxing.rst
View File

@@ -1,8 +0,0 @@
.. _unboxing:
Unboxing the Embassy
====================
We have strived to create a “batteries included” product, so the box you receive includes all necessary components to run and backup your Embassy. The included brochure diagram demonstrates how to plug in the device for initial setup. Scanning the brochure QR code will redirect to the setup instructions for your Embassy OS version.
The included USB stick can be used for service backups right out of the box. Simply plug it into the Embassy and navigate to the desired service you want to back up from the `Services` tab in the dashboard menu.

63
source/index.rst
View File

@@ -1,58 +1,35 @@
#############
Documentation
=============
#############
Start9 Lab's documentation resources aim to provide product and troubleshooting information for all levels of users. Explore to learn more about our mission, our products, and the technology behind our solutions.
Table of Contents
-----------------
.. toctree::
:maxdepth: 3
:maxdepth: 2
:caption: Getting Started
Unboxing <./getting-started/unboxing>
Setup <./getting-started/setup>
Connect <./getting-started/connect>
Dashboard <./getting-started/dashboard>
Marketplace <./getting-started/marketplace>
getting-started/initial-setup
getting-started/connecting
.. toctree::
:maxdepth: 3
:caption: Manual
:maxdepth: 2
:caption: User Manuals
Connecting Wifi <./manual/embassy-one/wifi>
SSL Setup <./manual/embassy-one/ssl>
Installing Services <./manual/embassy-one/services>
Manage Device <./manual/embassy-one/manage>
Upgrading <./manual/embassy-one/upgrade>
View notifications <./manual/embassy-one/notifications>
Backups <./manual/embassy-one/backups>
Dependencies <./manual/embassy-one/dependencies>
Restart <./manual/embassy-one/restart>
Shutdown <./manual/embassy-one/shutdown>
user-manuals/embassyos/index
user-manuals/services/index
.. toctree::
:maxdepth: 2
:caption: Contributing
contributing/adding-services
contributing/beta-testing
contributing/documentation
.. toctree::
:maxdepth: 2
:caption: Support
FAQ <./support/faq>
Contact <./support/contact>
.. toctree::
:maxdepth: 3
:caption: Concepts
Embassy OS <./concepts/embassy-os>
Open Source <./concepts/open-source>
SSL <./concepts/ssl>
TOR <./concepts/tor>
Services <./concepts/services>
.. toctree::
:maxdepth: 3
:caption: Developer
Services SDK <./developer/sdk>
SSH Keys <./developer/ssh>
Beta Testing <./developer/beta>
Alt Registry <./developer/alt-reg>
support/faq
support/concepts
support/contact

34
source/manual/embassy-one/manage.rst
View File

@@ -1,34 +0,0 @@
.. _manage-device:
Manage device
=============
The Embassy settings can be managed from the Embassy tab in the main dashboard menu. Here, configuration options can be adjusted and server metrics viewed.
.. figure:: /_static/images/embassy_tab.png
:width: 90%
:alt: Embassy Menu Tab
Embassy settings tab in dashboard menu
Config
-------
Currently, the only configurable property is the device name. It can be adjusted by selecting the `Configure` item in Embassy sub menu. Once changed, the new device name will appear in the top left of the main dashboard menu.
.. figure:: /_static/images/embassy_config.png
:width: 90%
:alt: Embassy Config View
View of Embassy Config
Metrics
-------
Accessible via the `Monitor` item in the Embassy sub menu. Real time statistics, such as CPU usage and temperature, stream. Also included are details about memory and disk space.
.. figure:: /_static/images/embassy_metrics.png
:width: 90%
:alt: Embassy Metrics View
View of Embassy Metrics

26
source/manual/embassy-one/notifications.rst
View File

@@ -1,26 +0,0 @@
.. _notifications:
View notifications
==================
Select the `Notifications` tab in the main dashboard menu. A history of all notifications persists here. It also provides further information for failure scenarios.
.. figure:: /_static/images/embassy_notifications.png
:width: 90%
:alt: Embassy Notifications
All notifications View
Notifications will be emitted on:
* successful or failed service installations
* successful or failed service backups
* successful or failed system updates
* successful or failed service updates
.. figure:: /_static/images/embassy_notification.png
:width: 90%
:alt: Embassy notification alert
Example notification alerts

11
source/manual/embassy-one/restart.rst
View File

@@ -1,11 +0,0 @@
.. _restart:
Restart
=======
#. Open the Embassy dashboard using its Tor address.
#. Access the Embassy tab from the main menu
#. Select `Restart` from the sub menu
#. A tune will play (mario death song), indicating the restart has been initiated.
#. A bep will sound when the Embassy is powered back on.
#. A chime (mario coin chime) will sound when the Embassy is ready to use.

20
source/manual/embassy-one/services.rst
View File

@@ -1,20 +0,0 @@
.. _installing-services:
Installing services
===================
Visit the marketplace from the Embassy dashboard menu. Select a service to download. When the service has finished installing, a notification will appear when complete.
Services can be viewed in the Services tab in the dashboard menu. Selecting a service here allows you to:
#. View the instructions:
* Details on what the service is and how to use it. Any gotchas, special options, or gaps in functionality are noted here.
#. Supply configuration options:
* Some services require input to configure the service before running. This could be entering a password, enabling certain features, or confirming the default options.
#. Run the service:
* A service will not be started when downloaded. This will need to be user initiated. Once a service has been configured, the option to start the service will appear. After it is started, the service is available for you to use.

11
source/manual/embassy-one/shutdown.rst
View File

@@ -1,11 +0,0 @@
.. _shutdown:
Shutdown
========
#. Open the Embassy dashboard using its Tor address.
#. Access the Embassy tab from the main menu
#. Select `Shutdown` from the sub menu
#. Wait for the Embassy to shut down, typically about 1 minute. The dashboard will no longer be accessible from the browser.
#. It is now safe to unplug the Embassy from power and the ethernet cable, if connected.
#. To turn it back on, plug the Embassy back into the power supply and wait for it to bep and chime (mario coin chime).

10
source/manual/embassy-one/ssl.rst
View File

@@ -1,10 +0,0 @@
.. _ssl-setup:
SSL Setup
=========
This advanced feature will be enabled soon. Then, users can download the SSL root certificate to a device and follow the setup instructions `here <https://medium.com/@start9labs/embassy-https-certificate-setup-8cd873d7075c>`_.
In depth
--------
Check out the :ref:`ssl-concept` concept guide for a deeper dive.

27
source/manual/embassy-one/upgrade.rst
View File

@@ -1,27 +0,0 @@
.. _upgrading:
Upgrading
=========
Embassy OS
----------
Visit the Embassy tab from the Dashboard menu. Select “Check for Upgrades”. Clicking this will reach out to the marketplace to see if a new OS update has been released, and will indicate if it has. You can then update and get access to new features and bug fixes.
Services
--------
Visit the Marketplace tab from the Dashboard menu. Each service will denote a status, such as:
* Not Installed
* Installed
* Update Available
If Update Available is denoted as the option, select the service you are interested in updating, and click the green update button on the service page in the Marketplace.
Config
^^^^^^
These are configuration options that can be changed at any time. When a service is in `Needs Config` status, it requires user input to complete setup before the service can be started.
Properties
^^^^^^^^^^
These are user initiated configuration properties, typically for credentials such as a password.

24
source/manual/embassy-one/wifi.rst
View File

@@ -1,24 +0,0 @@
.. _connecting-wifi:
Connecting to WiFi
==================
#. Once logged into your Embassy dashboard, access the Embassy tab from the dashboard menu.
#. Navigate to the `WiFi` section.
#. Obtain the WiFi network name and password.
#. Click the (+) button in the lower right corner to add a network with the gathered credentials.
.. figure:: /_static/images/embassy_wifi.png
:width: 90%
:alt: Add WiFi menu
Add WiFi Network options
#. Select the appropriate country to ensure the proper protocol is used.
#. Click `Add and Connect`.
#. The saved network will appear in the list when successfully added. At this point, you can disconnect the Embassy from your router.
If the Embassy relocates or needs to change WiFi networks, it can be connected into the new routers ethernet jack and powered on to complete this process again.
.. note::
The network speeds (and other server metrics) can be monitored within the Embassy dashboard.

92
source/support/concepts.rst Normal file
View File

@@ -0,0 +1,92 @@
.. _concepts:
********
Concepts
********
Depending on your background, the Embassy platform may deal with some unfamilar concepts. While it is not strictly *necessary* for you to understand these concepts to use your Embassy, we know many of you would like to.
.. _embassyos:
EmbassyOS
=========
Embassy OS refers to a custom Linux distribution along with a suite of software tools installed on the Embassy which makes it easy to:
* Install new services
* Uninstall services
* Upgrade services
* Upgrade your Embassy software to future versions
* Manage the data of each installed service
Embassy OS is a forked branch of the Buster Lite version of Raspberry Pi OS. Start9 Labs augmented this base operating system to include:
* a custom application management layer specialized for installing, running, and backing up .s9pk packaged services
* a layer responsible for Embassy specific operations, such as Tor, Backups, and Notifications
The .s9pk extension is Start9 Labs's custom package format based on tar. It encompasses the necessary components to compress, host, and install a service on the marketplace.
.. _open-source:
Open Source
===========
The Internet itself was built on free and publicly available code, with the values of collaboration, peer review, communication, and openness built into its very foundation. This decentralized model evolved into the open source movement, which uses these values to discover new ways to solve problems across boundaries and industries.
Open source software centered around the concept of user freedoms: freedom to see, modify, and redistribute the code to make it work for the user in whatever way they needed. It does not necessarily mean free to use. It means that the software will be better, cheaper, and more flexible if it is freely accessible, openly modifiable, and shared.
If anyone can inspect, modify, and distribute the code, bugs are more rapidly resolved, security vulnerabilities are more quickly audited and exposed. Community driven development efforts enable diverse collaboration which increases project reliability and longevity.
Distinct from open source software is propriety, or closed source, software. Closed source software is strictly moderated, cannot legally be altered, copied, or distributed, and is paid for to be used as intended without modification. Only the code owners have the right to access the code.
As a company founded on the principles of freedom, every service we support is open source. We believe in contributing to the future of this vibrant and passionate ecosystem.
.. _lan:
LAN
===
A Local Area Network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building.
Devices on a LAN are private and protected, such that only devices conncted to the same Ethernet or WiFi network can see or communicate with them.
Your Embassy hosts itself on the LAN and is reachable by visiting its *.local* URL in the browser while also connected to the LAN.
.. note:: Any device connected to a LAN can inspect all communications on that LAN. To avoid snooping, your Embassy's LAN communications are encrypted using :ref:`ssl`, which requires :ref:`additional setup <ssl-setup>`.
.. _ssl:
SSL
===
Visiting websites on the Tor network is slow. We wanted to provide a be \er option to access the Embassy at home. Thats why we created an address for the Embassy that can be accessed on your Local Area Network.
By default, this `.local` address is served like a regular website, over HTTP. Browser's makes it noticeable visiting a site over HTTP in the URL bar - it could be red, show an unlocked lock, or warn the connection is not secure.
SSL certificates are what enable websites to move from HTTP to HTTPS, which increases security and makes browsers happy. Using the Secure Sockets Layer protocol, HTTPS enabled websites use certificates to establish authenticated and encrypted links between networked computers. Its the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two devices, preventing third parties from reading and modifying any personal information transferred. They also verify ownership of a website.
Valid SSL certificates are typically issued and obtained from Certificate Authorities. These trusted third parties generate and distribute certificates, signing them with their trusted private key, which allows the clients who use them to verify its authenticity. Websites obtain a certificate from a CA then load it on to their websites hosting service or server, allowing the website to load over HTTPS and have all traffic to and from the website be encrypted and secure.
We decided to have the Embassy act as a Certificate Authority. It creates a self-signed certificate, which means that the private key used to sign the digital certificate is the Embassys own private key instead of a third partys.
When you setup SSL for your Embassy and device, the certificate communicates to the client (a browser) that the server (the Embassy) demonstrated ownership of the domain (the `start9-xxxxxxxx.local` address) to the certificate authority (created on the Embassy) at the time of certificate issuance (during the setup process). The Embassy dashboard can then be accessed from a home network (LAN) using a secure HTTPS connection!
For more information on how to setup your devices to enable this feature visit :ref:`ssl-setup`.
.. _tor:
Tor
===
The Onion Router, or Tor, is a free and open source software that enables anonymous communication. By routing Internet traffic though a worldwide, volunteer overlay network of nodes, requests are bundled in layers of encryption like the layers of an onion. The request is relayed across nodes, decrypting a layer only to reveal the next relay destination, until the request meets its final destination, without revealing the source IP address.
If a malicious third party were to intercept a request, they would see a garbled mess of the remaining onion encryption, and would only know that it came from some onion node and was heading to some other onion node. The contents, source, and destination of the message are totally anonymous.
When you use Tor to communicate with services running on the Embassy, all the traffic is onion routed and encrypted, and there are no Tor exit nodes involved - it's totally private with no configuration needed.
Furthermore, every service on the Embassy has a different Tor address, including the device itself. This is for privacy reasons - should one Tor address be exposed, the others will not be compromised. Tor addresses are actually ed25519 keys, which means they also provide all the benefits of cryptographically secure private/public keys.

5
source/support/contact.rst
View File

@@ -1,7 +1,8 @@
.. _contact:
Contact Us
==========
*******
Contact
*******
`Telegram <https://t.me/start9_labs>`_ - best for one off questions or back and forth direct messages

41
source/support/faq.rst
View File

@@ -1,12 +1,11 @@
.. _faq:
Frequently Asked Questions
==========================
This guide is meant to compile questions we commonly receive. We are a small team working hard to build and deliver the best product and features possible, so please regard this guide before directly reaching out. Also, let us know if there is a question you would like to see answered here!
***
FAQ
***
What is the Embassy?
--------------------
====================
The internet as we know it is organized into questioners, or clients, and answerers, or servers. When you open a mobile email app, say Gmail, the app (client) begins asking questions: "have I received new mail?", "what are my last 50 messages?", "what drafts am I in the midst of writing?", and so on. Your app's questions are sent to and heard by a Google-run server which then provides answers back to the client and are subsequently displayed to the screen.
@@ -20,7 +19,7 @@ One thing is for certain though: if you control your server, then you control yo
How does the Embassy work?
--------------------------
==========================
The Embassy runs on the Raspberry Pi 4B hardware with a Cortex-a72 CPU, 4GB of RAM, and has 2.4ghz and 5.0ghz IEEE 802.11AC wireless capabilities and a BLE internal speaker for audio feedback of system operations. It also features a high endurance MicroSD card, on which the operating system software is installed.
@@ -30,15 +29,15 @@ One of these operations is creating and managing Tor addresses, which are unique
In depth
--------
:ref:`tor-concept`
:ref:`tor`
:ref:`embassy-os-concept`
:ref:`embassyos`
:ref:`connect`
:ref:`connecting`
I can't connect to my Embassy.
------------------------------
==============================
If the Embassy is connected to a WiFi network, ensure your phone / computer is connected to the same network.
@@ -46,15 +45,9 @@ If the Embassy is connected via ethernet or to a router, ensure your phone / com
Ensure that your server has been running long enough for the startup chime noise to sound.
.. _post-setup:
I setup my Embassy, now what?
-----------------------------
Connect to the dashboard using a preferable :ref:`browser-access` compatible with the communicating device's operating system.
Do I plug the Embassy into my computer?
---------------------------------------
=======================================
The Embassy does not plug into any other device. It is a just a small computer without a screen designed for constant uptime, aka a server. You can connect to and manage your Embassy from any mobile device, desktop computer, or laptop computer. This is accomplished right through the browser by visiting your Embassy's private and unique URL.
@@ -64,27 +57,31 @@ Once on Embassy's web page, you can choose what services to install to the Embas
The list of services will grow rapidly over the coming months, such that many things you currently do using cloud-based third party servers can be just as easily accomplished using your own personal cloud serving your own personal apps and storing your own private data. No trusted third parties at all.
Are my Internet requests anonymous and secure?
-----------------------------------------------------------
==============================================
Embassy OS and every service on the Embassy are served on their own Tor Hidden Services with unique Tor addresses. The private keys used to create these addresses are generated on your phone or computer when you first set up the Embassy. No one, not even Start9, has any idea what your Tor addresses are, let alone the password(s) you choose to authenticate with them.
There is also the option to communicate with your Embassy using standard :ref:`ssl-concept` encryption and a uniquely generated `.local` address. This method is faster than Tor, but can only be used on your home network.
There is also the option to communicate with your Embassy using standard :ref:`ssl` encryption and a uniquely generated `.local` address. This method is faster than Tor, but can only be used on your home network.
I cannot connect to a service.
------------------------------
==============================
Make sure the service is started by viewing it in the Services tab in the Embassy dashboard menu. A green indicator bar should be visible.
Is the software open source?
----------------------------
============================
The team at Start9 Labs is working to open source Embassy OS with a custom license.
Some of our projects are currently open sourced under MIT.
Is there a product warranty?
----------------------------
============================
Yes. Start9 commits to serving each beta Embassy product released until the wild. We commit, to the best of our ability, to resolve any issue encountered with our provided hardware or software in a personalized matter until resolved.

7
source/user-manuals/embassyos/about.rst Normal file
View File

@@ -0,0 +1,7 @@
*****
About
*****
``Embassy ---> About``
This page conatins static information about your device, such as its ID, Tor Address, and hardware specs.

13
source/user-manuals/embassyos/configure.rst Normal file
View File

@@ -0,0 +1,13 @@
*********
Configure
*********
``Embassy ---> Configure``
Here you can set custom configurations for your Embassy. Currently, changing the ``Device Name`` is the only option.
.. figure:: /_static/images/embassy_config.png
:width: 90%
:alt: Embassy Config View
View of Embassy Config

7
source/developer/alt-reg.rst → source/user-manuals/embassyos/developer-options/alt-marketplace.rst
View File

@@ -1,7 +1,8 @@
.. _alt-reg:
.. _alt-marketplace:
Alternative Registry URL
========================
***********************
Alternative Marketplace
***********************
Embassy OS supports accessing alternative marketplaces by configuring a system file.
Start9 Labs is not responsible for issues encountered by downloading unverified services from these alternative marketplaces.

9
source/user-manuals/embassyos/developer-options/index.rst Normal file
View File

@@ -0,0 +1,9 @@
*****************
Developer Options
*****************
.. toctree::
:maxdepth: 2
ssh-setup
alt-marketplace

13
source/user-manuals/embassyos/developer-options/ssh-setup.rst Normal file
View File

@@ -0,0 +1,13 @@
.. _ssh-setup:
*********
SSH Setup
*********
``Embassy ---> Developer Options ---> SSH Keys``
#. Click the ``+`` button in the lower right hand corner.
#. Paste in your SSH key.
#. You can now access your Embassy from the command line using ``ssh pi@<LAN URL>``
.. warning:: Adding an SSH key voids the device warranty. This is an advanced feature for developers and should ne used with caution.

24
source/user-manuals/embassyos/index.rst Normal file
View File

@@ -0,0 +1,24 @@
*********
EmbassyOS
*********
You can view and manage your Embassy inside the ``Embassy`` tab in the main menu.
.. figure:: /_static/images/embassy_tab.png
:width: 90%
:alt: Embassy Menu Tab
Embassy settings tab in dashboard menu
.. toctree::
:maxdepth: 2
about
monitor
configure
updating
wifi
developer-options/index
power
notifications
ssl

13
source/user-manuals/embassyos/monitor.rst Normal file
View File

@@ -0,0 +1,13 @@
*******
Monitor
*******
``Embassy ---> Monitor``
Provides real-time statistics, such as temperature, CPU usage, memory and disk space.
.. figure:: /_static/images/embassy_metrics.png
:width: 90%
:alt: Embassy Metrics View
View of Embassy Metrics

24
source/user-manuals/embassyos/notifications.rst Normal file
View File

@@ -0,0 +1,24 @@
*************
Notifications
*************
You can view and manage your Notifications inside the ``Notifications`` tab in the main menu. They include:
* successful or failed EmbassyOS updates
* successful or failed service installations
* successful or failed service backups
* successful or failed service updates
To delete a notification, slide the notification to the left and click the *trash* icon.
.. figure:: /_static/images/embassy_notifications.png
:width: 90%
:alt: Embassy Notifications
All notifications View
.. figure:: /_static/images/embassy_notification.png
:width: 90%
:alt: Embassy notification alert
Example notification alerts

20
source/user-manuals/embassyos/power.rst Normal file
View File

@@ -0,0 +1,20 @@
*****
Power
*****
Restart
=======
#. ``Embassy ---> Restart ---> 'Restart'``.
#. Be patient while services shut down. A *tune* will play, indicating the powerdown is complete.
#. A gentle *bep* will sound when the Embassy is powered back on.
#. A *chime* will sound when the Embassy is ready to use.
Shutdown
========
#. ``Embassy ---> Shutdown ---> 'Shutdown'``
#. Be patient while services shut down. A *tune* will play, indicating the powerdown is complete.
#. It is now safe to unplug the Embassy from power and the ethernet cable, if connected.
.. note:: After a shutdown, the *only* way to turn your Embassy back on is to unplug it and plug it back in. As such, we do not recommend shutting down your Embassy when you are not physically near it. Instead, you should use the restart option.

7
source/user-manuals/embassyos/ssl.rst Normal file
View File

@@ -0,0 +1,7 @@
.. _ssl-setup:
*********
SSL Setup
*********
Please follow the setup instructions `here <https://medium.com/@start9labs/embassy-https-certificate-setup-8cd873d7075c>`_.

10
source/user-manuals/embassyos/updating.rst Normal file
View File

@@ -0,0 +1,10 @@
******************
Updating EmbassyOS
******************
``Embassy ---> Check for Updates``
#. If there is an update available, you will be promted to install it.
#. While updating, your Embassy will emit a gantle chime every 20 seconds.
.. note:: Ensure you have a stable Internet connection, and do not unplug your Embassy during an update. Updates usually complete within a few minutes, but depending on the size of the update and you Internet bandwidth, they can sometimes take up to an hour.

20
source/user-manuals/embassyos/wifi.rst Normal file
View File

@@ -0,0 +1,20 @@
**********
WiFi Setup
**********
``Embassy tab ---> WiFi``
#. Click the ``+`` button in the lower right corner.
#. Select the appropriate country.
#. Enter your WiFi SSID and password.
.. figure:: /_static/images/embassy_wifi.png
:width: 90%
:alt: Add WiFi
Add WiFi Network options
#. Save
* Clicking *Add* will save the network credentials but not try to connect immediately. This is useful, for example, if you are conncted over Ethernet at home and want to add your office WiFi credentials.
* `Add and Connect`.
#. The saved network will appear in the list when successfully added. If you are successfully connected, the WiFi symbol will be green, at which point, you can safely disconnect the Embassy from your router.

5
source/manual/embassy-one/backups.rst → source/user-manuals/services/backups.rst
View File

@@ -1,7 +1,6 @@
.. _backups:
*******
Backups
=======
*******
The Embassy supports encrypted backups of installed services to an external USB drive. Encryption utilizes the master password, so memorization of only one password is necessary.

3
source/user-manuals/services/config.rst Normal file
View File

@@ -0,0 +1,3 @@
******
Config
******

5
source/manual/embassy-one/dependencies.rst → source/user-manuals/services/dependencies.rst
View File

@@ -1,7 +1,6 @@
.. _dependencies:
************
Dependencies
============
************
Some services require a dependency on another service. For example, in order to run Lightning, Bitcoin also needs to be installed and running on the Embassy - Bitcoin is a *depencency* of Lightning.

26
source/user-manuals/services/index.rst Normal file
View File

@@ -0,0 +1,26 @@
********
Services
********
After you install a service, you can view its instructions by navigating to ``Services ---> [Service Name] ---> Instructions``
.. note:: Some services require configuration before starting up. You can only connect to and use a service once it is in a *running* state.
`Bitcoin <https://github.com/Start9Labs/bitcoind-wrapper/blob/master/docs/instructions.md>`_
`Bitwarden <https://github.com/Start9Labs/filebrowser-wrapper/blob/master/docs/instructions.md>`_
`Cups <https://github.com/Start9Labs/cups-wrapper/blob/master/docs/instructions.md>`_
`File Browser <https://github.com/Start9Labs/filebrowser-wrapper/blob/master/docs/instructions.md>`_
.. toctree::
:maxdepth: 2
updating
backups
config
properties
logs
dependencies

3
source/user-manuals/services/logs.rst Normal file
View File

@@ -0,0 +1,3 @@
****
Logs
****

5
source/user-manuals/services/properties.rst Normal file
View File

@@ -0,0 +1,5 @@
**********
Properties
**********
These are user initiated configuration properties, typically for credentials such as a password.

11
source/user-manuals/services/updating.rst Normal file
View File

@@ -0,0 +1,11 @@
********************
Updating/Downgrading
********************
Visit the Marketplace tab from the Dashboard menu. Each service will denote a status, such as:
* Not Installed
* Installed
* Update Available
If Update Available is denoted as the option, select the service you are interested in updating, and click the green update button on the service page in the Marketplace.