Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 10:21:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

re-arrange the user docs (#76)

Browse Source 
* re-arrange the user docs

* Minor description edit

* update styles

* fix service links

Co-authored-by: kn0wmad <kn0wmad@protonmail.com>
Co-authored-by: Lucy Cifferello <12953208+elvece@users.noreply.github.com>
This commit is contained in:
Matt Hill
2022-02-18 08:49:53 -07:00
committed by GitHub
parent c38d5c1a0c
commit aed86e7e6c
151 changed files with 500 additions and 781 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
site/source/support/contact.rst Normal file
View File

@@ -0,0 +1,35 @@
.. _contact:
==========
Contact Us
==========
Community Channels
------------------
`Matrix Start9 Community <https://matrix.to/#/#community:matrix.start9labs.com>`_
`Matrix Community Developers <https://matrix.to/#/#community-dev:matrix.start9labs.com>`_
`Matrix Start9 Tor Community (Tor required) <https://matrix.to/#/!iRwnQntcjpWfLxdgav:matrix.privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion?via=matrix.start9labs.com&via=matrix.privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion&via=oayal5vhil3zhj7ylixvpi4nr2xvhypdnenji4sx5q4kvaotevjvsxad.onion>`_
`Telegram <https://t.me/start9_labs>`_
Social Media
------------
`Mastodon <https://mastodon.start9labs.com/>`_
`Twitter <https://twitter.com/start9labs>`_
`GitHub <https://github.com/start9labs>`_
Email
-----
General Inquiries - info@start9labs.com
Support - support@start9labs.com
Operations - ops@start9labs.com
Affiliates - affiliate@start9labs.com

2
site/source/support/faq/faq-basic-use.rst
View File

@@ -23,7 +23,7 @@ Check out the `docs <https://docs.start9.com/user-manual/general/forgot-password
My Embassy is set up, now what?
-------------------------------
Check out our :ref:`Walkthrough<walkthrough>` for some details on your Embassy. You can now access your Embassy and find the Services you want from the "Marketplace" tab, then clicking "Install." The Service will let you know if you need any "dependencies," or pre-requisite Services, first. After you have a Service installed, don't forget to "Start" the service. Check out :ref:`Services<services>` for more info.
Check out the :ref:`Dashboard Overview<dashboard-overview>` for some details on your Embassy. You can now access your Embassy and find the Services you want from the "Marketplace" tab, then clicking "Install." The Service will let you know if you need any "dependencies," or pre-requisite Services, first. After you have a Service installed, don't forget to "Start" the service.
Can I move my Embassy to another location? What happens when I do this?
------------------------------------------------------------------------

2
site/source/support/faq/faq-general.rst
View File

@@ -69,7 +69,7 @@ The .s9pk extension is Start9's custom package format based on tar. It encompass
What are EmbassyOS Services?
----------------------------
A Service can be any piece of software added to the Marketplace. All services are "self-hosted," meaning that you are in complete control of your data. This means you can run your own "cloud!" Learn more about managing services :ref:`here <managing-services>` and see our currently :ref:`Available Services <service-marketplace>`.
A Service can be any piece of software added to the Marketplace. All services are "self-hosted," meaning that you are in complete control of your data. This means you can run your own "cloud!" Learn more about managing services :ref:`here <managing-services>` and see our currently `Available Services <https://marketplace.start9.com/>`_.
Does the Embassy ship worldwide?
--------------------------------

2
site/source/support/faq/faq-services.rst
View File

@@ -33,7 +33,7 @@ To get a general idea of what is required of an app, answer these questions:
If all answers are yes, then it can run on EmbassyOS.
Packing up a service for the Embassy does not require extensive development skills. If you are interested in doing do, please see our :ref:`Service Packaging Overview <service-packaging>`.
Packing up a service for the Embassy does not require extensive development skills. If you are interested in doing do, please see our :ref:`Developer Docs <developer-docs>`.
We are aggressively moving away from service development in favor of a more community driven approach. Meaning you, an app development team, or anyone else on Earth, can bring the Service they want to an Embassy Marketplace. You don't need our permission.

42
site/source/support/index.rst
View File

@@ -4,7 +4,7 @@
Support
=======
Here you will find help on how to use your devices, answers to frequently asked questions, and documentation for developers.
View frequently asked questions, troubleshoot common issues, or contact support.
.. raw:: html
@@ -12,41 +12,32 @@ Support
<div class="grid-x grid-margin-x">
.. topic-box::
:title: User Manual
:link: user-manual
:icon: scylla-icon scylla-icon--docs
:class: large-4
:anchor: View
All you need to be the owner/operator of your own self-hosted software
.. topic-box::
:title: FAQ
:link: faq
:icon: scylla-icon scylla-icon--monitoring
:class: large-4
:anchor: Get Answers
:class: large-5
:anchor: View
Answers to Frequently Asked Questions from Embassy users
.. topic-box::
:title: Service Packaging
:link: ../service-packaging
:icon: scylla-icon scylla-icon--open-source
:class: large-4
:anchor: Build
:title: Troubleshooting
:link: troubleshooting
:icon: scylla-icon scylla-icon--monitoring
:class: large-5
:anchor: View
Tools and guides for service packagers
Explore common problems and their solutions
.. topic-box::
:title: Community Channels
:link: ../about/contact
:title: Contact
:link: contact
:icon: scylla-icon scylla-icon--networking
:class: large-4
:anchor: Join us
:class: large-5
:anchor: Get help
Network with the community to get help and offer your skills and insights to the cause!
Get help from Start9 and the community directly
.. raw:: html
@@ -57,5 +48,6 @@ Support
:maxdepth: 1
:hidden:
user-manual/index
faq/index
faq/index
troubleshooting/index
contact

0
site/source/support/user-manual/troubleshooting/index.rst → site/source/support/troubleshooting/index.rst
View File

0
site/source/support/user-manual/troubleshooting/shoot-connection.rst → site/source/support/troubleshooting/shoot-connection.rst
View File

2
site/source/support/user-manual/troubleshooting/shoot-embassy.rst → site/source/support/troubleshooting/shoot-embassy.rst
View File

@@ -26,4 +26,4 @@ Software
I'm having an issue with a particular Service
=============================================
If a Service is crashing or acting up in some way, check the `Documentation<services>` and `FAQ<faq-services>` for that particular Service. You can also check the `Logs` of a service, which might tell you what the problem is. If that is not helpful, try to restart the service to see if that clears up the issue. If you are still having issues, please reach out in one of our `Community Channels` for immediate assistance, or email support@start9labs.com for help during business hours.
If a Service is crashing or acting up in some way, check the `Documentation<service-guides>` and `FAQ<faq-services>` for that particular Service. You can also check the `Logs` of a service, which might tell you what the problem is. If that is not helpful, try to restart the service to see if that clears up the issue. If you are still having issues, please reach out in one of our `Community Channels` for immediate assistance, or email support@start9labs.com for help during business hours.

46
site/source/support/user-manual/configuration/backup-setup/backup-lin.rst
View File

@@ -1,46 +0,0 @@
.. _backup-lin:
=====
Linux
=====
Remote Backups
--------------
The following will guide you through the prerequisite configuration to backup to a Linux machine or an external drive that is attached to a Linux machine.
.. tabs::
.. group-tab:: Ubuntu
#. Open the file manager
#. Right-click the folder that you want to share and click ``Local Network Share`` from the menu.
#. In the resulting window, select the check box for ``Share this folder`` and then check the boxes for ``Allow others to create and delete files in this folder`` and ``Guest access``.
#. (Optional) Create a description in the ``Comment`` section
#. Click ``Create Share``
#. Click ``Add the permissions automatically``
#. That's it! Now you can make encrypted backups to your own, private "cloud" by using the :ref:`Backup flow<backups>` in the Embassy UI.
.. group-tab:: Other Linux
#. Install Samba if it is not already installed
* ``sudo pacman -S samba`` For Arch
* ``sudo apt install samba`` For Debian
* ``sudo yum install samba`` For CentOS/Redhat
* ``sudo dnf install samba`` For Fedora
#. Create a directory to share or choose an existing one
#. Configure Samba
#. Add your user to Samba and "own" the directory if you do not already

30
site/source/support/user-manual/configuration/backup-setup/backup-mac.rst
View File

@@ -1,30 +0,0 @@
.. _backup-mac:
===
Mac
===
There are 2 options for backing up your Embassy and all its service data. You can setup a shared folder on a remote machine, such as a laptop or desktop, or you can backup to a local drive, which must be externally powered or plugged into a powered USB hub before plugging into Embassy.
Remote Backups
--------------
#. Go to system settings
#. Click sharing
#. Click file sharing
#. Click the + under shared folders
#. Add a folder
#. Click options
#. Enable Windows file sharing for the user you would like to use to authenticate
#. Click done
#. Enter the name of your macbook, as shown in the computer name field at the top of the sharing page into the hostname field in embassy ui
#. Enter the name of the folder as shown in the shared folders section as the path
#. Enter your macbook username and password for the user that you enabled windows file sharing for
Local Backups
-------------
#. With Embassy powered down, plug in your external drive to the powered hub if you are using one, or directly into Embassy's available USB 3.0 (blue) slot if it is externally powered.
#. Plug in power to your hub or drive
#. Boot Embassy and go to ``Embassy`` -> ``Create Backup``

30
site/source/support/user-manual/configuration/backup-setup/backup-win.rst
View File

@@ -1,30 +0,0 @@
.. _backups-win:
=======
Windows
=======
There are 2 options for backing up your Embassy and all its service data. You can setup a shared folder on a remote machine, such as a laptop or desktop, or you can backup to a local drive, which must be externally powered or plugged into a powered USB hub before plugging into Embassy.
Remote Backups
--------------
#. Create a folder
#. Right click the folder
#. Select "properties"
#. Click the share tab
#. Click share...
#. Select a user you want to use for login, or select everyone
#. Click share
#. Enter your computer name into the hostname field in embassy ui (the name is shown after a \\ in the windows ui)
#. Enter the path that is shown after the hostname in the windows ui into the path field
#. Enter your username for the windows computer
#. Enter the password for the windows computer
Local Backups
-------------
#. With Embassy powered down, plug in your external drive to the powered hub if you are using one, or directly into Embassy's available USB 3.0 (blue) slot if it is externally powered.
#. Plug in power to your hub or drive
#. Boot Embassy and go to ``Embassy`` -> ``Create Backup``

14
site/source/support/user-manual/configuration/backup-setup/index.rst
View File

@@ -1,14 +0,0 @@
.. _backup-setup:
=======
Backups
=======
In addition to safekeeping of a good master password, maintaining good backups are among the few major responsibilities required to keep the benefits and freedom that come with self-hosting.
.. toctree::
:maxdepth: 2
backup-lin
backup-mac
backup-win

35
site/source/support/user-manual/configuration/basic-config.rst
View File

@@ -1,35 +0,0 @@
.. _basic-config:
===================
Basic Configuration
===================
.. .. _auto-reporting:
.. Automatically Report Bugs
.. -------------------------
.. You are asked at first setup if you would like to provide bug reports to Start9. You can edit that setting here if you change your mind. This data is anonymous and you can see exactly what is collected :ref:`here<error-logs>`.
.. #. As in the :ref:`Set Device Name<device-name>` steps above, go to the ``Embasssy`` tab, then under ``Settings``, click ``Preferences``
.. #. Click ``Auto Report Bugs`` and either ``Enable`` or ``Disable``
.. .. figure:: /_static/images/config/basic-config3.png
.. :width: 60%
.. :alt: Automatically Report Bugs
.. _auto-update:
Automatically Check for Updates
-------------------------------
Automatic check for updates enables you to choose whether you want to be informed of EmbassyOS updates. Enabling this feature makes a request to the Start9 Marketplace to see if a new OS version has been released, and notifies you if so. This request is only made when you log into a new session or refresh your current session.
#. Go to the ``Embasssy`` tab, then under ``Settings``, click ``Preferences``
#. Click ``Automatically Check for Updates`` and either ``Enable`` or ``Disable``
.. figure:: /_static/images/config/basic-config4.png
:width: 60%
:alt: Automatically Report Bugs

17
site/source/support/user-manual/configuration/index.rst
View File

@@ -1,17 +0,0 @@
.. _config:
=============
Configuration
=============
Configuration, setup guides, and known limitations are provided here by device.
.. toctree::
:maxdepth: 2
basic-config
backup-setup/index
tor-setup/index
lan-setup/index
wifi
limitations/index

13
site/source/support/user-manual/configuration/lan-setup/index.rst
View File

@@ -1,13 +0,0 @@
.. _lan-setup:
=================
Local (LAN) Setup
=================
When you are on the same network as your Embassy (typically a home or small office), :ref:`Local Access<lan>` is much faster and will allow access to your data, even with no Internet connection. Begin by setting up :ref:`Devices<lan-os>` before setting up a :ref:`Browser<lan-browser>`.
.. toctree::
:maxdepth: 2
lan-os/index
lan-browser/index

17
site/source/support/user-manual/configuration/lan-setup/lan-browser/index.rst
View File

@@ -1,17 +0,0 @@
.. _lan-browser:
=============
LAN - Browser
=============
When you are on the same network as your Embassy (typically a home or small office), :ref:`Local Access<lan>` is much faster and will allow access to your data, even with no Internet connection.
.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.
.. toctree::
:maxdepth: 2
lan-brave
lan-chrome
lan-ff
lan-safari

46
site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-brave.rst
View File

@@ -1,46 +0,0 @@
.. _lan-brave:
=====
Brave
=====
.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.
#. Open a new tab in Brave and Navigate to ``Settings`` from the top-right hamburger menu.
.. figure:: /_static/images/ssl/browser/brave_settings.png
:width: 30%
:alt: Brave settings page
#. On the left hand sidebar, select the Security and Privacy section, then the Security menu item.
.. figure:: /_static/images/ssl/browser/brave_security.png
:width: 60%
:alt: Brave Security and Privacy settings
#. At the bottom of the section, select "Manage Certificates".
.. figure:: /_static/images/ssl/browser/brave_security_settings.png
:width: 60%
:alt: Brave Security settings page
#. If you **EITHER** see "org-Start9" with a trusted “Embassy Local Root CA” listed under it, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
**OR**
#. If you do not see "org-Start9"in the list, ensure the certificate is properly set up on your computer system. Otherwise, click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-os>`.
.. figure:: /_static/images/ssl/browser/brave_view_certs.png
:width: 60%
:alt: Brave Manage Certificates sub-menu on MacOS
Check the box for "Trust this certificate for identitying websites" and click "OK"
#. Obtain the LAN address that was provided at the end of your initial Embassy setup, or from the :ref:`Embassy tab<embassy-tab>` -> ``About`` (Under ``Insights``) and enter it in a new tab.
.. tip:: You may need to restart the browser
#. You will see a green padlock and ``https://`` to the left of the URL bar. You can now securely navigate to your Embassy on your :ref:`LAN<lan>` with :ref:`HTTPS<ssl>`!
.. note:: Additionally, you can start a Brave private window with Tor to visit the Tor address over HTTPS (unnecessary in principle, but will circumvent annoying browser warnings).

49
site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-chrome.rst
View File

@@ -1,49 +0,0 @@
.. _lan-chrome:
======
Chrome
======
.. caution:: You will first need to complete :ref:`LAN Setup<lan-os>` for your device before continuing.
.. tip:: The following guide also works with Chromium and Vivaldi.
#. Open a new tab in Chrome and navigate to ``chrome://settings/certificates``.
.. figure:: /_static/images/ssl/browser/chrome_settings.png
:width: 60%
:alt: Chrome Certificates Settings page
#. Click on the "Authorities" tab.
.. figure:: /_static/images/ssl/browser/chrome_authorities.png
:width: 60%
:alt: Chrome Certificate Authorities page
#. You will **EITHER** see "org-Start9" with a trusted “Embassy Local Root CA” listed under it,
.. figure:: /_static/images/ssl/browser/chrome_s9ca.png
:width: 60%
:alt: Start9 Certificate Authority
in which case, open a new tab to apply the certificate. If this does not work, quit and restart Chrome.
**OR**
#. If you do not see "org-Start9"in the list, ensure the certificate is properly set up on your computer system. Otherwise, click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-os>`.
.. figure:: /_static/images/ssl/browser/chrome_trust.png
:width: 60%
:alt: Trust the CA
Check the box for "Trust this certificate for identitying websites" and click "OK"
#. Obtain the LAN address that was provided at the end of your initial Embassy setup, or from the :ref:`Embassy tab<embassy-tab>` -> ``About`` (Under ``Insights``) and enter it in a new tab.
.. tip:: You may need to restart the browser
.. figure:: /_static/images/ssl/browser/chrome_https.png
:width: 60%
:alt: Success
#. You will see a green padlock and ``https://`` to the left of the URL bar. You can now securely navigate to your Embassy on your :ref:`LAN<lan>` with :ref:`HTTPS<ssl>`!

39
site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-ff.rst
View File

@@ -1,39 +0,0 @@
.. _lan-ff:
=======
Firefox
=======
#. Open Firefox and in a new tab select ``Settings`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Select “Privacy and Security” from the left hand navigation menu.
#. Scroll all the way to the bottom of the page and select “View Certificates”.
.. figure:: /_static/images/ssl/browser/firefox_security_settings.png
:width: 80%
:alt: Firefox security settings
Firefox privacy and security settings page
#. Select the "Authorities" tab from the "Certificate Manager".
#. Click “Import” and open the downloaded ``Embassy Local Root CA.crt`` file on your device. If you cannot find this, make sure you completed the :ref:`device setup steps <lan-setup>`.
#. When prompted, check “Trust this CA to identity websites” and select “OK”.
.. figure:: /_static/images/ssl/browser/firefox_view_certs.png
:width: 80%
:alt: Firefox import cert
Firefox import certificate page
#. Ensure the “Embassy Local Root CA” exists under “Start9 Labs”. Then click “OK” to save.
#. Open a new tab in Firefox to apply the changes. If this does not work, quit and restart Firefox.
#. Navigate to the LAN address provided at setup, or in the :ref:`Embassy tab<embassy-tab>` -> LAN. You can now securely navigate to your Embassy over HTTPS!

7
site/source/support/user-manual/configuration/lan-setup/lan-browser/lan-safari.rst
View File

@@ -1,7 +0,0 @@
.. _lan-safari:
======
Safari
======
Once you have completed the :ref:`LAN Setup<lan-os>` steps on your device, simply open a new tab to apply the changes. If this does not work, quit and restart Safari. You can now securely navigate to the LAN address for your Embassy!

16
site/source/support/user-manual/configuration/lan-setup/lan-os/index.rst
View File

@@ -1,16 +0,0 @@
.. _lan-os:
============
LAN - Device
============
When you are on the same network as your Embassy (typically a home or small office), :ref:`Local Access<lan>` is much faster and will allow access to your data, even with no Internet connection.
.. toctree::
:maxdepth: 2
lan-linux
lan-mac
lan-windows
lan-android
lan-ios

33
site/source/support/user-manual/configuration/lan-setup/lan-os/lan-android.rst
View File

@@ -1,33 +0,0 @@
.. _lan-android:
=======
Android
=======
If you are running Android 12+ (not yet available on Calyx/Graphene), you can setup :ref:`Local Access<lan>`, please refer to :ref:`Android Limitations <lim-android>` for more details.
.. note:: You must download your certificate via desktop/laptop over Tor and then transfer it to your phone (Step 3)
#. Either use the Root CA you downloaded at the completion of :ref:`Initial Setup<initial-setup>`, or visit your Embassy at its Tor Address (for security purposes), and navigate to the :ref:`Embassy tab<embassy-tab>` -> LAN
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
#. Click "Download Root CA". This will prompt a download to save the certificate file to your machine
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 60%
:alt: LAN setup page
#. Send the cert to yourself via Signal, email, File Browser, etc and download onto your Android device
#. Go to Settings -> Security -> Advanced -> Encryption and Credentials -> Install a Certificate and select the cert you downloaded from the file system
.. figure:: /_static/images/ssl/android/droidLAN0.png
:width: 30%
:alt: Install certificate
#. To setup in Firefox Beta or Fennec, go to Settings -> About -> tap the logo several times until it says "Debug menu enabled." Then return to Settings -> Secret Settings and toggle on "Use third party CA certificates."
#. That's it! You may now browse the ``.local`` addresses on your Embassy.

75
site/source/support/user-manual/configuration/lan-setup/lan-os/lan-ios.rst
View File

@@ -1,75 +0,0 @@
.. _lan-ios:
===
iOS
===
.. note:: For security, this will need to be done using a Tor connection. Please use Onion Browser or Consulate to access your Embassy and complete the following steps.
#. You will first need to get your :ref:`LAN Certificate<lan-cert>`, which can be found either:
#. When completing your Embassy :ref:`Initial Setup<initial-setup>`, it is provided on the final screen
or:
#. In the ``Embassy`` tab in your Embassy, under ``Settings`` -> ``LAN``
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
#. Select ``Download Root CA``. Clicking this will prompt you to “Save to device”.
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 60%
:alt: LAN setup page
#. You will be directed to a page in your default browser indicating next steps and that the profile has been successfully downloaded. Be sure to complete all steps in this process! These steps are also outlined below.
.. note::
If you have changed the default browser from Safari to Brave, the following auto save certificate to device flow will *not* work. Safari, Firefox, and Chrome work as expected. We recommend you temporarily use one of these browsers to complete this action.
.. figure:: /_static/images/ssl/ios/ssl_certificate_install_page.png
:width: 40%
:alt: Certificate install page
Select "Allow" on the certificate install page
#. Go to Settings on your iOS device.
.. figure:: /_static/images/ssl/ios/ssl_ipad_general_settings.png
:width: 40%
:alt: General settings
#. Navigate to *General > Profile(s) > Downloaded Profile > Install*.
.. figure:: /_static/images/ssl/ios/ssl_ipad_profiles.png
:width: 40%
:alt: Profiles
.. figure:: /_static/images/ssl/ios/ssl_ipad_install_profile.png
:width: 40%
:alt: Install profile
Select "Install" for Embassy Local Root CA
#. Select “Yes” to any warning prompts.
#. Next, navigate to *General > About > Certificate Trust Settings*.
.. figure:: /_static/images/ssl/ios/ssl_ipad_cert_trust_settings.png
:width: 40%
:alt: Certificate trust settings
Select Certificate Trust Settings (scroll all the way down)
#. Enable full trust for root certificates.
.. figure:: /_static/images/ssl/ios/ssl_ipad_cert_trust.png
:width: 40%
:alt: Enable full trust
Toggle to enable full trust for root certificates. "Continue" when warning prompts.
#. Test that this process worked successfully by navigating to the LAN address provided from one of the locations listed under Step 1 at the top of this page. You should not see warnings about the security of this site in your browser (if you do, setup was not successful).

25
site/source/support/user-manual/configuration/lan-setup/lan-os/lan-linux.rst
View File

@@ -1,25 +0,0 @@
.. _lan-linux:
=====
Linux
=====
Nothing specific needs to be configured for the Linux environment, so you just need to download the certificate from your Embassy.
#. Visit your Embassy at its Tor Address.
.. note:: Using this encrypted Tor connection is required for security reasons.
#. Navigate to the :ref:`Embassy tab<embassy-tab>` -> Settings -> LAN
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
#. Click "Download Root CA". This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 60%
:alt: LAN setup page
Then open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <lan-browser>`.

55
site/source/support/user-manual/configuration/lan-setup/lan-os/lan-mac.rst
View File

@@ -1,55 +0,0 @@
.. _lan-mac:
===
Mac
===
#. Visit your Embassy at its Tor Address (for security purposes), and navigate to the :ref:`Embassy tab<embassy-tab>` -> LAN
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 60%
:alt: LAN setup menu item
#. Click "Download Root CA". This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 60%
:alt: LAN setup page
#. Select the option to ``Open with`` "Keychain Access" and select ``OK``. If you choose to save the file, double click on it once downloaded.
.. figure:: /_static/images/ssl/embassy_lan_setup1.png
:width: 60%
:alt: LAN setup prompt
#. Enter your computer password when prompted. It will be imported into your mac's keychain.
.. figure:: /_static/images/ssl/macos/certificate_untrusted.png
:width: 60%
:alt: Keychain access import menu
Keychain access import menu
.. note:: If the keychain console did not open, press "Command + spacebar" and type “Keychain Access”, and hit enter to open it.
#. Navigate to the "System" tab on the left, find the certificate entitled “Embassy Local Root CA”, and double click on this certificate. A second window will pop up.
#. Open the “Trust” dropdown and select “Always Trust” from the dropdown next to “When using this certificate”.
.. figure:: /_static/images/ssl/macos/always_trust.png
:width: 60%
:alt: Keychain submenu
Select "Always trust" under the "Trust" dropdown for Embassy Local CA
#. Close this window and enter your password to apply the settings.
#. The “Embassy Local Root CA” cert will now read “This certificate is marked as trusted for all users” in Keychain Access.
.. figure:: /_static/images/ssl/macos/certificate_trusted.png
:width: 60%
:alt: Keychain menu trusted certificate
Trusted Embassy Local CA certificate
#. Open your favorite browser and follow the steps for :ref:`browser setup <lan-browser>` to complete LAN setup.

109
site/source/support/user-manual/configuration/lan-setup/lan-os/lan-windows.rst
View File

@@ -1,109 +0,0 @@
.. _lan-windows:
=======
Windows
=======
Unfortunately, Windows does not have mDNS support built-in, which is necessary in order to visit .local addresses, so we recommend using the Bonjour service. Check out this :ref:`FAQ answer<why-bonjour>` for details.
#. Install `Bonjour Print Services <https://support.apple.com/kb/DL999>`_ on your Windows machine.
.. tip:: If you are experiencing issues after installing Bonjour, you might have had a previous or failed install. To fix:
#. Check out this video: https://www.youtube.com/watch?v=9ECCB3bqNDQ
#. Uninstall Bonjour completely via ``system settings -> remove programs``
#. Reinstall Bonjour Printer Driver package (download at https://support.apple.com/kb/DL999?locale=en_US)
#. Restart Windows
#. Note: Uninstalling Bonjour via the setup package seems to be not enough to solve the issue. Bonjour must be uninstalled via windows system settings.
#. Visit your Embassy at its Tor Address.
.. note:: Using this encrypted Tor connection is required for security reasons.
#. Navigate to the :ref:`Embassy tab<embassy-tab>` -> Settings -> LAN
.. figure:: /_static/images/ssl/embassy_lan_setup.png
:width: 90%
:alt: LAN setup menu item
#. Click "Download Root CA". This will prompt a download to save the certificate file to your machine.
.. figure:: /_static/images/ssl/embassy_lan_setup0.png
:width: 90%
:alt: LAN setup page
#. Back in Windows, right-click the “Start” menu and select “Run”.
#. Type in “mmc” and click “OK”. When prompted on the “User Account Control” window, select “Yes” to allow this program to run.
.. figure:: /_static/images/ssl/windows/1_windows_mmc.png
:width: 90%
:alt: Windows MMC
Access the Windows Management Console
#. When the Management Console opens, navigate to *File > Add/Remove Snap-in*.
.. figure:: /_static/images/ssl/windows/2_windows_console_root.png
:width: 90%
:alt: Windows Console Root
Add Snap-in from Console Root
#. Select “Certificates” in the left side menu, then “Add”. This will open another window.
.. figure:: /_static/images/ssl/windows/3_windows_add_certificates.png
:width: 90%
:alt: Add Certificates
Add Certificates to selected snap-ins
#. Select “Computer account” and click “Next. Leave defaulted options on the next screen and click “Finish”.
#. When you return to the “Add or Remove Snap-ins” page, ensure “Certificates (Local Computer)” exists under “Console Root” in the “Selected snap-ins” section, then click “OK”.
.. figure:: /_static/images/ssl/windows/4_windows_selected_snapin.png
:width: 90%
:alt: Snap-in Selected
Certificates (Local Computer) is selected as snap-in
#. In the left hand menu of the Management Console, navigate to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
.. figure:: /_static/images/ssl/windows/5_windows_trusted_certificate_menu.png
:width: 90%
:alt: Certificates in Management Console
Access Certificates in Management Console
#. Right click on “Certificates”, then navigate to *All Tasks > Import*.
.. figure:: /_static/images/ssl/windows/6_windows_import_cert.png
:width: 90%
:alt: Import certificate
Select "Import" from Certificates sub-menu
#. Click “Next” on the first page of the Certificate Import Wizard, then browse to the location where you saved the downloaded certificate and click “Open”.
.. figure:: /_static/images/ssl/windows/7_windows_import_cert_wizard.png
:width: 90%
:alt: Import cert wizard
Add downloaded certificate int he Certificate Import Wizard
#. On the “Certificate Store” window, ensure that it says “Trusted Root Certificate Authorities” and click “Next”.
#. Select “OK” when the import is successful.
#. Verify the Embassy Local Root CA certificate is in the “Certificates” folder.
.. figure:: /_static/images/ssl/windows/8_windows_successful_cert_install.png
:width: 90%
:alt: Successful cert install
Embassy Local Root CA imported into Certificate folder
#. You can save the settings to the console if desired or cancel.
#. Open your favorite browser to import this certificate and follow the steps for :ref:`browser setup <lan-browser>`.

16
site/source/support/user-manual/configuration/limitations/index.rst
View File

@@ -1,16 +0,0 @@
.. _limitations:
=================
Known Limitations
=================
The following pages describe functionality that is known to be missing from certain platforms. Please bother the appropriate company or developers until they have been remedied.
.. toctree::
:maxdepth: 2
lim-linux
lim-mac
lim-windows
lim-android
lim-ios

17
site/source/support/user-manual/configuration/limitations/lim-android.rst
View File

@@ -1,17 +0,0 @@
.. _lim-android:
=======
Android
=======
Local Access
------------
Older versions of Android (previous to version 12, and some custom ROMs, such as Graphene/Calyx) do not have native support for :ref:`mDNS<mdns>` and therefore cannot resolve ``.local`` addresses. This issue has been long known by Google, and can be tracked `here <https://issuetracker.google.com/issues/140786115>`_ (Google account required to view).
Workarounds
===========
An app developer can add mDNS support, and some projects, such as Chromium, have long `considered it <https://bugs.chromium.org/p/chromium/issues/detail?id=405925>`_, but the real solution is for support to occur at the OS level.
LineageOS
---------
Unfortunately, there seems to be a bug in Lineage that makes using Firefox over Tor currently unusable. Currently, this feature works fine on Calyx and Graphene.

25
site/source/support/user-manual/configuration/limitations/lim-ios.rst
View File

@@ -1,25 +0,0 @@
.. _lim-ios:
===
iOS
===
Tor
---
It is not currently possible to run Tor natively (in the background) on iOS. The best chance for this functionality coming to iOS in the future is via the `iCepa Project <https://github.com/iCepa>`_.
Workarounds
===========
The only way to use Tor (in the background) on iOS is with apps that come with Tor built-in, such as :ref:`Zap Wallet <zap>`. For visiting Embassy UI Tor sites, you may use `Onion Browser <https://apps.apple.com/us/app/onion-browser/id519296448>`_ or `Start9's Consulate <https://apps.apple.com/us/app/start9-consulate-browser/id1528124570>`_ application.
Matrix
------
The lack of Tor support on iOS means that Element/Matrix cannot be run on an iPhone in conjunction with your Embassy Matrix server, as that currently requires a Tor connection. This will be fixed when `Element <https://github.com/vector-im/element-ios>`_ builds Tor into their app. An issue specifically in regard to this can be found `here <https://github.com/vector-im/element-ios/issues/1085>`_.
Workarounds
===========
None currently known, but may be solved with forthcoming "clearnet" support on EmbassyOS.
Spark Wallet
------------
Unfortunately, Spark cannot currently be used in Consulate. This issue is being tracked `here <https://github.com/Start9Labs/consulate-ios/issues/30>`__.

7
site/source/support/user-manual/configuration/limitations/lim-linux.rst
View File

@@ -1,7 +0,0 @@
.. _lim-linux:
=====
Linux
=====
Currently, Linux has no known limitations in regard to Embassy. Congratulations, Master Race...

7
site/source/support/user-manual/configuration/limitations/lim-mac.rst
View File

@@ -1,7 +0,0 @@
.. _lim-mac:
===
Mac
===
MacOS has no known limitations in regard to Embassy at this time.

9
site/source/support/user-manual/configuration/limitations/lim-windows.rst
View File

@@ -1,9 +0,0 @@
.. _lim-windows:
=======
Windows
=======
Windows10 has no known limitations in regard to Embassy at this time.
No testing has been done with other versions, such as Windows 7 or 11.

13
site/source/support/user-manual/configuration/tor-setup/index.rst
View File

@@ -1,13 +0,0 @@
.. _running-tor:
=========
Tor Setup
=========
Setup :ref:`Tor<tor>` to run on your devices, either natively (in the background), or by configuring an application, such as Firefox.
.. toctree::
:maxdepth: 2
tor-os/index
tor-firefox/index

18
site/source/support/user-manual/configuration/tor-setup/tor-firefox/index.rst
View File

@@ -1,18 +0,0 @@
.. _tor-firefox:
=============
Tor - Firefox
=============
.. caution:: This guide assumes you are already :ref:`running Tor on your phone or computer<running-tor>`.
Once you have completed native :ref:`Tor Setup<tor-os>`, you can configure Firefox to use the Tor Network. This will allow you to visit both ``.onion`` and "normal" (.com, .net, etc) websites from within the same browser.
.. toctree::
:maxdepth: 2
torff-linux
torff-mac
torff-windows
torff-android
torff-ios

49
site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-android.rst
View File

@@ -1,49 +0,0 @@
.. _torff-android:
=======
Android
=======
.. caution::
This guide assumes you have completed :ref:`setting up Tor for Android<tor-android>`. Please visit this section before proceeding as it is required for Firefox to properly work with Tor.
Once Tor is setup on your system, you can proceed to setup Firefox:
1. Download `Firefox Beta <https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta>`_ from the Play Store, or `Fennec <https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/>`_ from F-Droid.
2. Next, download a `Proxy Auto Config` file that will use Orbot to resolve `.onion` URLs. We have one hosted `here <https://registry.start9labs.com/sys/proxy.pac>`_.
3. Navigate to ``about:config`` in the Firefox URL bar.
.. figure:: /_static/images/tor/about_config.png
:width: 50%
:alt: Firefox about config
4. You are going to have to change a few options in here. First, type ``network.proxy.type`` into the search bar, and set the value to ``2``.
.. figure:: /_static/images/tor/network_proxy_type.png
:width: 50%
:alt: Firefox network proxy type setting screenshot
5. Search for ``network.proxy.autoconfig_url``, and set the value to ``file:///storage/emulated/0/Download/proxy.pac``.
.. caution:: For some platforms, such as Calyx/Graphene on a Pixel 5/6, it may be necessary to place the file within the application's ``data`` folder, such as ``file:///storage/emulated/0/Android/data/org.mozilla.firefox_beta/files/Download/proxy.pac``. Furthermore, the stock file explorer app may not let you do this, so you might have to get a new one, such as `Explorer <https://play.google.com/store/apps/details?id=com.speedsoftware.explorer&hl=en_US&gl=US>`_. Please reach out to support if you have issues.
.. figure:: /_static/images/tor/autoconfig_url.png
:width: 50%
:alt: Firefox autoconfig url setting screenshot
6. Search for ``network.proxy.socks_remote_dns``, and set the value to ``true``.
.. figure:: /_static/images/tor/socks_remote_dns.png
:width: 50%
:alt: Firefox socks remote dns setting screenshot
7. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist_mobile.png
:width: 50%
:alt: Firefox whitelist onions screenshot
8. Restart Firefox, and you're all set! You should now be able to navigate to `.onion` URLs in Firefox. This means you can bookmark Cups Messenger, or other Embassy ``.onion`` addresses, as well as use the :ref:`Bitwarden<vaultwarden>` browser extension.

7
site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-ios.rst
View File

@@ -1,7 +0,0 @@
.. _torff-ios:
===
iOS
===
Unforutnately, it is not currently possible to run Tor natively on iOS. This means that Firefox cannot be configured to use tor. Please see :ref:`iOS Limitations<lim-ios>` for details and workarounds.

51
site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-linux.rst
View File

@@ -1,51 +0,0 @@
.. _torff-linux:
=====
Linux
=====
.. caution::
This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file from a terminal, by using:
.. code-block::
sudo wget -P /etc/tor https://registry.start9labs.com/sys/proxy.pac
#. Now, back in your Firefox web browser, select ``Settings`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file:///etc/tor/proxy.pac
#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor-only service :ref:`WebUIs <web-ui>`, such as Cups Messenger, and use your :ref:`Vaultwarden<vaultwarden>` Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.

56
site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-mac.rst
View File

@@ -1,56 +0,0 @@
.. _torff-mac:
===
Mac
===
.. caution::
This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by opening the ``Terminal`` App on your Mac. You can find it in your list of Applications. In the terminal, enter:
.. code-block::
brew install wget
And then:
.. code-block::
wget -P /usr/local/etc/tor https://registry.start9labs.com/sys/proxy.pac
#. Now, back in your Firefox web browser, select ``Settings`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/os_ff_settings.png
:width: 30%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file:///usr/local/etc/tor/proxy.pac
#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor-only service :ref:`WebUIs <web-ui>`, such as Cups Messenger, and use your :ref:`Vaultwarden<vaultwarden>` Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`_.

53
site/source/support/user-manual/configuration/tor-setup/tor-firefox/torff-windows.rst
View File

@@ -1,53 +0,0 @@
.. _torff-windows:
=======
Windows
=======
.. caution:: This guide assumes you have completed :ref:`setting up Tor<running-tor>`. Please visit this section first before you proceed as it is required for Firefox to properly work with Tor.
#. Open Firefox and enter ``about:config`` in the URL bar. Accept any warnings that may appear about accessing advanced settings.
#. Search for ``dom.securecontext.whitelist_onions`` and set the value to ``true``.
.. figure:: /_static/images/tor/firefox_whitelist.png
:width: 60%
:alt: Firefox whitelist onions screenshot
#. Download a `Proxy Auto Config` file to inform Firefox how to use the Tor daemon running on your computer. You can get Start9's standard file by following instructions below:
- Click `here <https://registry.start9labs.com/sys/proxy.pac>`_ to get the file and save the file somewhere you wont delete it. Please remember the location you save the file in if you do not use our example location. For this example:
.. code-block::
C:\Program Files\Tor Browser\proxy.pac
#. Now, back in your Firefox web browser, select ``Options`` from the right-hand hamburger menu:
.. figure:: /_static/images/tor/firefox_options_windows.png
:width: 60%
:alt: Firefox options screenshot
#. Search for the term “proxy” in the search bar in the upper right, then select the button that says ``Settings…``:
.. figure:: /_static/images/tor/firefox_search.png
:width: 60%
:alt: Firefox search screenshot
#. This should open a menu that will allow you to configure your proxy settings. Select ``Automatic proxy configuration URL`` and paste in the path to your PAC file from earlier, prefixed with ``file://``. For example:
.. code-block::
file://C:/Program Files/Tor Browser/proxy.pac
#. Then, check the box labeled ``Proxy DNS when using SOCKS v5``:
.. figure:: /_static/images/tor/firefox_proxy.png
:width: 60%
:alt: Firefox proxy settings screenshot
#. Click ``OK`` and then restart Firefox for the changes to take effect.
#. You're all set! You should now be able to navigate to ``.onion`` URLs in Firefox. This means you can access tor-only service :ref:`WebUIs <web-ui>`, such as Cups Messenger, and use your :ref:`Vaultwarden<vaultwarden>` Tor address in the `Bitwarden Firefox Plugin <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_. You can test this by going to Start9's ``.onion`` homepage, `here <http://privacy34kn4ez3y3nijweec6w4g54i3g54sdv7r5mr6soma3w4begyd.onion/>`__.

16
site/source/support/user-manual/configuration/tor-setup/tor-os/index.rst
View File

@@ -1,16 +0,0 @@
.. _tor-os:
============
Tor - Device
============
Select your Operating System to setup Tor to run in the background (natively) of any device that you might want to use to access your Embassy with remotely.
.. toctree::
:maxdepth: 2
tor-linux
tor-mac
tor-windows
tor-android
tor-ios

85
site/source/support/user-manual/configuration/tor-setup/tor-os/tor-android.rst
View File

@@ -1,85 +0,0 @@
.. _tor-android:
=======
Android
=======
Some apps, such as :ref:`Tor Browser<tor-browser>`, have Tor built in. They do not require additional software or configurations to utilize Tor. Most apps, however, do not have Tor built in. They require an app called Orbot to be installed in order to utilize the Tor Network.
.. youtube:: b__mVfN-BP8
Running Orbot
-------------
Orbot is a system wide proxy for your Android device that enables communications over Tor.
1. Download and install Orbot from the `Play Store <https://play.google.com/store/apps/details?id=org.torproject.android>`_, or from `F-Droid <https://f-droid.org/packages/org.torproject.android>`_ (must open with F-Droid app).
.. tip:: When using F-Droid, you will want to activate the Guardian Project repository by visiting the ``Settings`` menu (bottom right) -> ``Repositories`` -> ``Guardian Project Official Releases``
2. Launch Orbot.
3. Open the kebab menu in the upper right hand corner and select `Settings`:
.. figure:: /_static/images/tor/orbot_menu.png
:width: 50%
:alt: Orbot menu
4. Make sure the options for `Start Orbot on Boot` and `Allow Background Starts` are checked:
.. figure:: /_static/images/tor/orbot_settings.png
:width: 50%
:alt: Orbot settings
5. Go back, and tap start:
.. figure:: /_static/images/tor/orbot_start.png
:width: 50%
:alt: Orbot start
6. Orbot will start up the Tor service. Once complete, you will see:
.. figure:: /_static/images/tor/orbot_started.png
:width: 50%
:alt: Orbot started
7. That's it, you're now running a Tor client on your Android device! Certain apps, such as Firefox, Fennec, and DuckDuckGo will now just work. Other apps, however, require that Orbot be running VPN mode.
Orbot VPN mode
--------------
To utilize Tor, some apps require that Orbot be running in VPN mode. This means that you are sending your application's traffic across the Tor network via Orbot.
1. Disable Private DNS on your device. Note: This is not necessary if running GrapheneOS. To do edit Private DNS, navigate to:
``Settings > Network & Internet > Advanced > Private DNS > Off``
.. figure:: /_static/images/tor/private_dns_off.png
:width: 50%
:alt: Private DNS off
Toggle Private DNS to "off"
2. Launch Orbot and toggle VPN Mode on:
.. figure:: /_static/images/tor/orbot_vpn.png
:width: 50%
:alt: Orbot vpn mode
Toggle VPN Mode to "on"
Under `Tor-Enabled Apps`, click the gear icon and add apps you want to utilize Tor.
.. figure:: /_static/images/tor/orbot_apps.png
:width: 50%
:alt: Orbot apps
Examples of applications that need this feature are:
- Bitwarden
- Element (Matrix)
You can also add the following browsers to the Tor-Enabled Apps list to easily access Tor addresses (`.onion` URLs):
- Chrome
- Vanadium

7
site/source/support/user-manual/configuration/tor-setup/tor-os/tor-ios.rst
View File

@@ -1,7 +0,0 @@
.. _tor-ios:
===
iOS
===
Unforutnately, it is not currently possible to run Tor natively on iOS. Please see :ref:`iOS Limitations<lim-ios>` for details and workarounds.

87
site/source/support/user-manual/configuration/tor-setup/tor-os/tor-linux.rst
View File

@@ -1,87 +0,0 @@
.. _tor-linux:
=====
Linux
=====
.. tabs::
.. group-tab:: Debian / Ubuntu
For Debian and Debian-based systems, such as Mint, PopOS etc.
.. note:: The following install is for the LTS (Long Term Support) version of Tor from Debian. If you would like the latest stable release, The Tor Project maintain their own Debian repository. The instructions to connect to this can be found `here <https://support.torproject.org/apt/tor-deb-repo/>`_.
Install the Tor proxy service to your system. To do so, open your terminal and run the following command:
.. code-block:: bash
sudo apt update && sudo apt install tor
.. tip:: You can check that Tor is running with:
.. code-block:: bash
systemctl status tor
In the rare event that Tor is having connectivity issues, you can reset your connection with:
.. code-block:: bash
sudo systemctl restart tor
.. group-tab:: Arch / Garuda / Manjaro
Simply install Tor with:
.. code-block:: bash
sudo pacman -S tor
.. tip:: You can check that Tor is running with:
.. code-block:: bash
systemctl status tor
In the rare event that Tor is having connectivity issues, you can reset your connection with:
.. code-block:: bash
sudo systemctl restart tor
.. group-tab:: CentOS / RHEL / Fedora
#. Configure the Tor Package repository. Add the following to ``/etc/yum.repos.d/tor.repo``:
- CentOS / RHEL:
.. code-block:: bash
[Tor]
name=Tor for Enterprise Linux $releasever - $basearch
baseurl=https://rpm.torproject.org/centos/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/centos/public_gpg.key
cost=100
- Fedora:
.. code-block:: bash
[Tor]
name=Tor for Fedora $releasever - $basearch
baseurl=https://rpm.torproject.org/fedora/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/fedora/public_gpg.key
cost=100
#. Then install the Tor package:
.. code-block:: bash
sudo dnf install tor

59
site/source/support/user-manual/configuration/tor-setup/tor-os/tor-mac.rst
View File

@@ -1,59 +0,0 @@
.. _tor-mac:
===
Mac
===
Install Homebrew
----------------
#. If you do not have Homebrew installed, follow the installation instructions `here <https://brew.sh/>`_. TLDR: Open the Terminal and paste the following line:
.. code-block::
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
.. note:: On new (M1) Macs, you might need to be root for this in which case add ``sudo`` at the front of the command, with a space before ``/bin/bash``
#. You will be prompted for your system password before installation; proceed with entering your password. You may be asked more than once.
.. figure:: /_static/images/tor/install_homebrew.png
:width: 80%
:alt: Homebrew installation
#. You will be notified which directories Homebrew is going to create, hit :code:`RETURN`:
.. figure:: /_static/images/tor/install_homebrew1.png
:width: 80%
:alt: Homebrew installation
Homebrew creates the directories and downloads any other files it needs e.g. “Command Line Tool for Xcode” and “Homebrew”.
Wait a few minutes while it downloads and installs what it needs.
.. warning:: Surprisingly, Homebrew uses Google Analytics to collect anonymous usage data. You can deselect the option to share usage data by `opting out <https://docs.brew.sh/Analytics#opting-out>`_.
Install Tor
-----------
.. caution:: If you have the Tor Browser open, close it and quit the application.
#. In the command line, install Tor:
.. code-block::
brew install tor
Once it is finished you have the following options:
.. figure:: /_static/images/tor/install_tor.png
:width: 80%
:alt: Tor installation
#. Then run Tor with:
.. code-block::
brew services start tor
This will start Tor and ensure that it is always running, even after a restart. See the `Tor Project docs <https://2019.www.torproject.org/docs/tor-doc-osx.html.en>`_ for more details.

61
site/source/support/user-manual/configuration/tor-setup/tor-os/tor-windows.rst
View File

@@ -1,61 +0,0 @@
.. _tor-windows:
=======
Windows
=======
#. Unfortunately, `The Tor Project <https://torproject.org>`_ no longer publishes a standalone Tor binary for Windows, so the recommended way to get it is with the Tor Browser Bundle. You can download it `here <https://www.torproject.org/download/>`_.
.. figure:: /_static/images/tor/tor_download_windows.png
:width: 80%
:alt: Tor download
Download Tor for Windows
#. Once it is downloaded, go ahead and run the installer. If you want to install the program outside of your user directory, you will have to right click and select `Run as Administrator`.
#. Once you have selected a language, you should see a menu like this:
.. figure:: /_static/images/tor/tor_windows_install.png
:width: 80%
:alt: Tor install wizard
Note Tor destination folder when installing
#. It does not matter where you set the destination folder; however, you need to make note of it for later. Go ahead and finish the installation.
#. Now you want to set up Tor to run as a service: to run in the background and keep itself running so you dont have to worry about it again. To do so, you need to open your Command Prompt as an administrator.
* In Windows 10, you can simply type ``cmd`` in the Windows search bar, right click on the first result, and select `Run as Administrator`.
#. Once it opens, you can run the following commands, inserting your destination folder (from above) in place of ``<PATH TO>``:
.. code-block::
sc create tor start= auto binPath= "<PATH TO>\Browser\TorBrowser\Tor\tor.exe -nt-service"
.. tip:: If you get the error "Access denied," please ensure you are running the command prompt in Administrator mode. You can tell because the prompt will show C:\\Users\\YOUR-USERNAME> if you are NOT in admin mode, and it will show C:\\WINDOWS\\system32 if you ARE in admin mode.
.. code-block::
sc start tor
#. When you run this, it should look something like this:
.. figure:: /_static/images/tor/tor_windows_terminal.png
:width: 80%
:alt: Tor windows terminal
Replace highlighted section with noted destination folder
.. note:: If you get the error "The specified service already exists," complete the following steps:
1. Run the command:
.. code-block::
sc delete tor
2. Uninstall the Tor Browser, following `these steps <https://tb-manual.torproject.org/uninstalling/>`_.
3. Begin this guide again from the beginning.
#. That's it! Your Windows computer is now setup to natively use Tor.

45
site/source/support/user-manual/configuration/wifi.rst
View File

@@ -1,45 +0,0 @@
.. _wifi:
===============
Setting up WiFi
===============
Although we highly recommend a wired (ethernet) connection for best performance, you can connect your Embassy with a wireless connection if you prefer. Follow the directions below to connect to a WiFi network, or save your credentials for later to connect to a network you are not currently in proximity to.
#. On the ``Embassy`` tab, Under ``Settings``, Click ``WiFi``
.. figure:: /_static/images/config/wifi0.png
:width: 60%
:alt: Select Region
#. Select the appropriate region at the top
.. figure:: /_static/images/config/wifi1.png
:width: 60%
:alt: Select Region
#. Select the network you would like from the list of available networks. You will get an idea of signal strength on the right, from red (weak signal) to green (strong signal). If you can move your Embassy closer to the WiFi broadcasting device, you will get a better signal, and as a result, better performance.
.. figure:: /_static/images/config/wifi2.png
:width: 60%
:alt: Add WiFi Network
.. tip:: You may also select the network labeled ``Other`` at the bottom of the list in order to add a hidden network, or a network that is not nearby, for connecting to at a later time.
#. Enter your WiFi password and either select ``Save for Later`` or ``Save and Connect`` to connect immediately.
.. figure:: /_static/images/config/wifi3.png
:width: 60%
:alt: Enter Credentials
#. If you saved the network, it will appear in the list when successfully added, but not show connected. If you connect immediately, you will receive a dialogue box and a green checkmark to show connection is live.
.. figure:: /_static/images/config/wifi4.png
:width: 60%
:alt: Connect
#. Click on a saved network for connection options. If you are successfully connected, you will receive a dialogue box and a green checkmark to show connection is live. At this point, you can safely disconnect the ethernet cable from your Embassy, if you wish to use WiFi.
.. figure:: /_static/images/config/wifi5.png
:width: 60%
:alt: Connect

29
site/source/support/user-manual/getting-started/device-guides/dg-android.rst
View File

@@ -1,29 +0,0 @@
.. _dg-android:
=======
Android
=======
.. tip:: Please see Android's :ref:`Known Limitations<lim-android>` to understand what is currently not possible on these devices
.. topic-box::
:title: LAN Setup (Connectivity, Performance)
:link: https://start9.com/latest/support/user-manual/configuration/lan-setup/lan-android
:anchor: Setup
For a fast and secure connection while on your Embassy's local network
.. topic-box::
:title: Tor Setup (Connectivity)
:link: https://start9.com/latest/support/user-manual/configuration/tor-setup/tor-os/tor-android
:anchor: Setup
Run Tor natively (in the background) on your device. This will allow you to use applications on your Windows machine via the Tor Network so they can communicate with your Embassy.
.. topic-box::
:title: Tor Firefox Config (Connectivity)
:link: https://start9.com/latest/support/user-manual/configuration/tor-setup/tor-firefox/torff-android
:anchor: Configure
Configure Firefox to use the Tor Network so that you can reach ``.onion`` sites without needing to change browsers.

14
site/source/support/user-manual/getting-started/device-guides/dg-ios.rst
View File

@@ -1,14 +0,0 @@
.. _dg-ios:
===
iOS
===
.. tip:: Please see iOS's :ref:`Known Limitations<lim-ios>` to understand what is currently not possible on these devices
.. topic-box::
:title: LAN Setup (Connectivity, Performance)
:link: https://start9.com/latest/support/user-manual/configuration/lan-setup/lan-ios
:anchor: Setup
For a fast and secure connection while on your Embassy's local network

35
site/source/support/user-manual/getting-started/device-guides/dg-linux.rst
View File

@@ -1,35 +0,0 @@
.. _dg-linux:
=====
Linux
=====
.. tip:: Please see Linux's :ref:`Known Limitations<lim-linux>` to understand what is currently not possible on these devices
.. topic-box::
:title: LAN Setup (Connectivity, Performance)
:link: https://start9.com/latest/support/user-manual/configuration/lan-setup/lan-linux
:anchor: Setup
For a fast and secure connection while on your Embassy's local network
.. topic-box::
:title: Tor Setup (Connectivity)
:link: https://start9.com/latest/support/user-manual/configuration/tor-setup/tor-os/tor-linux
:anchor: Setup
Run Tor natively (in the background) on your device. This will allow you to use applications on your Windows machine via the Tor Network so they can communicate with your Embassy.
.. topic-box::
:title: Tor Firefox Config (Connectivity)
:link: https://start9.com/latest/support/user-manual/configuration/tor-setup/tor-firefox/torff-linux
:anchor: Configure
Configure Firefox to use the Tor Network so that you can reach ``.onion`` sites without needing to change browsers.
.. topic-box::
:title: Embassy Backups (Resilience)
:link: https://start9.com/latest/support/user-manual/walkthrough/backup/backup-lin
:anchor: Backup
Configure remote backups of your Embassy to your Windows machine. **Backups are supremely important** as they ensure redundancy of your data for convenience, as well as preventing loss in case of disaster.

35
site/source/support/user-manual/getting-started/device-guides/dg-mac.rst
View File

@@ -1,35 +0,0 @@
.. _dg-mac:
===
Mac
===
.. tip:: Please see Mac's :ref:`Known Limitations<lim-mac>` to understand what is currently not possible on these devices
.. topic-box::
:title: LAN Setup (Connectivity, Performance)
:link: https://start9.com/latest/support/user-manual/configuration/lan-setup/lan-mac
:anchor: Setup
For a fast and secure connection while on your Embassy's local network
.. topic-box::
:title: Tor Setup (Connectivity)
:link: https://start9.com/latest/support/user-manual/configuration/tor-setup/tor-os/tor-mac
:anchor: Setup
Run Tor natively (in the background) on your device. This will allow you to use applications on your Windows machine via the Tor Network so they can communicate with your Embassy.
.. topic-box::
:title: Tor Firefox Config (Connectivity)
:link: https://start9.com/latest/support/user-manual/configuration/tor-setup/tor-firefox/torff-mac
:anchor: Configure
Configure Firefox to use the Tor Network so that you can reach ``.onion`` sites without needing to change browsers.
.. topic-box::
:title: Embassy Backups (Resilience)
:link: https://start9.com/latest/support/user-manual/walkthrough/backup/backup-mac
:anchor: Backup
Configure remote backups of your Embassy to your Windows machine. **Backups are supremely important** as they ensure redundancy of your data for convenience, as well as preventing loss in case of disaster.

35
site/source/support/user-manual/getting-started/device-guides/dg-windows.rst
View File

@@ -1,35 +0,0 @@
.. _dg-windows:
=======
Windows
=======
.. tip:: Please see Window's :ref:`Known Limitations<lim-windows>` to understand what is currently not possible on these devices.
.. topic-box::
:title: LAN Setup (Connectivity, Performance)
:link: https://start9.com/latest/support/user-manual/configuration/lan-setup/lan-windows
:anchor: Setup
For a fast and secure connection while on your Embassy's local network
.. topic-box::
:title: Tor Setup (Connectivity)
:link: https://start9.com/latest/support/user-manual/configuration/tor-setup/tor-os/tor-windows
:anchor: Setup
Run Tor natively (in the background) on your device. This will allow you to use applications on your Windows machine via the Tor Network so they can communicate with your Embassy.
.. topic-box::
:title: Tor Firefox Config (Connectivity)
:link: https://start9.com/latest/support/user-manual/configuration/tor-setup/tor-firefox/torff-windows
:anchor: Configure
Configure Firefox to use the Tor Network so that you can reach ``.onion`` sites without needing to change browsers.
.. topic-box::
:title: Embassy Backups (Resilience)
:link: https://start9.com/latest/support/user-manual/walkthrough/backup/backup-win
:anchor: Backup
Configure remote backups of your Embassy to your Windows machine. **Backups are supremely important** as they ensure redundancy of your data for convenience, as well as preventing loss in case of disaster.

16
site/source/support/user-manual/getting-started/device-guides/index.rst
View File

@@ -1,16 +0,0 @@
.. _device-guides:
=============
Device Guides
=============
Guides to get connected with or improve your Embassy by device-type.
.. toctree::
:maxdepth: 2
dg-linux
dg-mac
dg-windows
dg-android
dg-ios

17
site/source/support/user-manual/getting-started/index.rst
View File

@@ -1,17 +0,0 @@
.. _getting-started:
===============
Getting Started
===============
Take your first steps! If you are setting up your device for the first time, you can also skip straight to :ref:`Initial Setup <initial-setup>`.
.. toctree::
:maxdepth: 2
introduction
purchasing
initial-setup
recover-02
recover-03
device-guides/index

107
site/source/support/user-manual/getting-started/initial-setup.rst
View File

@@ -1,107 +0,0 @@
.. _initial-setup:
=============
Initial Setup
=============
Connect and Power Up
--------------------
Check out our quick setup video below, and follow along with the steps in this guide:
.. youtube:: DmTlwp5_zvY
1. Connect your Embassy to power and Internet, normally using an ethernet port on your home Internet router.
.. tip:: To avoid networking issues, it is recommended to use your primary router, not an extender or mesh router.
2. Plug in your external drive to one of the USB 3.0 (blue) ports on Embassy.
Embassy will initialize, which may take 10-15min. You will hear 2 distinct sounds:
* "bep" - Starting up
* "chime" - Embassy is ready
Setup Your Embassy
------------------
1. Ensure the device you are using (desktop/laptop or mobile) is connected to the same network as your router.
.. caution:: Sometmies a router will have a "guest WiFi network," which might be different than the network your Embassy is placed on via ethernet.
2. Visit ``embassy.local`` from your web browser. You will be prompted to enter your :ref:`Product Key<product-key>`. This is found on the bottom side of your device.
.. figure:: /_static/images/setup/setup0.png
:width: 60%
:alt: Enter Product Key
.. admonition:: Explanation
:class: toggle expand
The product key is used to discover your Embassy's IP address on the Local Area Network using a hashing function and a protocol named :ref:`MDNS (or Zeroconf) <mdns>`.
3. Next, select "Start Fresh" if this is your first time using an Embassy. If you'd like to "Recover" from an existing Embassy, please follow the guide for :ref:`versions 0.2.x <recover-02x>` or :ref:`versions 0.3.x <recover-03x>`.
.. figure:: /_static/images/setup/setup1.png
:width: 60%
:alt: Fresh Install
4. Select your storage drive. You should only have one drive plugged into your Embassy at this time, but always verify it is what you expect before clicking (such as, is it a 1TB drive?)
.. figure:: /_static/images/setup/setup2.png
:width: 60%
:alt: Select Drive
5. Create your *permanent* master password and complete setup.
.. figure:: /_static/images/setup/setup3.png
:width: 60%
:alt: Enter a New Password
.. admonition:: Explanation
:class: toggle expand
In this step, the setup process will provide your Embassy with three pieces of critical information:
* An ed25519 private key. Used by the Embassy to create a .onion public address for encrypted and anonymous communication over Tor.
* A 4096 bit RSA private key. Used by the Embassy to create a SSL certificate for encrypted communication over LAN.
* A master password. Used by the Embassy to authenticate you as its owner.
All three secrets are packaged together and transmitted to the Embassy encrypted with its :ref:`Product Key<product-key>`.
.. warning:: There is also currently no way to change your password. Choose a strong master password. Write it down. Store it somewhere safe. DO NOT LOSE IT. If you lose this password, you may be forced to reset the device, resulting in permanent loss of data. **This one responsibility is the price of sovereignty.**
6. That's it!
.. figure:: /_static/images/setup/setup4.png
:width: 60%
:alt: Setup Complete
Your Embassy is now hosted on the private web! After setup is complete you will be presented with connection information. You can view and manage your Embassy by visiting its unique Tor Address from any Tor-enabled browser, or by accessing it's ``.local`` address from your LAN (see :ref:`LAN Setup<lan-setup>` for assistance).
Enjoy!
------
.. figure:: /_static/images/setup/setup5.png
:width: 60%
:alt: Fresh Embassy
Upon accessing your Embassy for the first time, you will be greeted with an empty Services page. Start9 firmly believe that the only software that should be on your device is the software you choose to be on there. So go ahead and visit the Marketplace to get your first Service!!
Troubleshooting
---------------
Try these steps if you have any issues with setup.
#. Confirm that the Embassy is plugged into both power and Ethernet, with the USB drive in a USB 3.0 (blue) slot.
#. Confirm the Embassy emitted two sounds when powering on: a bep and a chime.
#. Confirm you are entering the product key correctly and exactly.
#. Confirm your device you are using is not connected to a "Guest" network
#. Confirm your device is not using a VPN.
#. Try to refresh the ``embassy.local`` page.
#. Very rarely, a router may not support mDNS. In this case:
- On your desktop or laptop computer, navigate to your router configuration settings within the browser. This is usually an IP address such as 192.168.1.1. A simple web search will usually reveal how to access the router configuration settings for a particular brand.
- Once in the router config settings, find the section that lists the devices on your network. You should see an item labeled "embassy". Take note of the associated IP address and enter it into your browser's URL field to enter the setup.
If you are still having issues, please reach out to us for :ref:`Assistance<contact>`.

15
site/source/support/user-manual/getting-started/introduction.rst
View File

@@ -1,15 +0,0 @@
.. _introduction:
============
Introduction
============
:ref:`Embassy<embassy>` is a new kind of personal computer - one that sits quietly on your shelf and runs all day and night. It has no screen and no keyboard. You access your Embassy from anywhere in the world in total, trustless privacy, simply by visiting its unique Tor address (.onion URL) right from the browser.
Embassy is composed of commonly available hardware components that can be sourced and assembled by anyone, anywhere, for a marginal fee. Embassy is powered by :ref:`EmbassyOS<embassy-os>`, the open-source operating system by :ref:`Start9<start9>`.
So, what do you do with your Embassy? You use it to run services: Bitcoin, Lightning, personal cloud storage, P2P messaging, password management, etc. The list of available services is growing quickly and will eventually encompass the entirety of open-source, self-hosted software.
Every communication between you and your Embassy is end-to-end encrypted and onion routed over the :ref:`Tor network<tor>`. All services are open-source and self-hosted, meaning there are no trusted third parties of any kind.
To get an Embassy, you can :ref:`purchase<purchasing>` one directly from Start9, or you can :ref:`build one yourself<diy>`.

9
site/source/support/user-manual/getting-started/purchasing.rst
View File

@@ -1,9 +0,0 @@
.. _purchasing:
==========
Purchasing
==========
For maximum convenience, you can purchase an Embassy device, or EmbassyOS, directly from Start9 through our `Shopify Store <https://store.start9.com>`_. The device comes in a beautiful box, fully-assembled, and pre-installed with the latest version of :ref:`EmbassyOS<embassy-os>`. We do our own hardware assembly and fulfillment, and we only collect the minimal information necessary to fulfill your order. And yes, we accept Bitcoin, as well as Lightning payments.
If you prefer to build your own Embassy, you can follow the :ref:`DIY Guide <diy>`.

102
site/source/support/user-manual/getting-started/recover-02.rst
View File

@@ -1,102 +0,0 @@
.. _recover-02x:
===================
Migrate v0.2.x Data
===================
.. contents::
:depth: 4
:local:
Migrate Embassy Series 0.2.x Data
---------------------------------
This guide will cover how to upgrade from EmbassyOS version 0.2.x to version 0.3.0.
If you purchased the upgrade kit from us you can skip to :ref:`backing up <recover-02-backup>` unless you received your kit before we completed 0.3.0, in which case please skip to :ref:`flashing <recover-02-flashing>` as you will need to flash 0.3.0 onto your SD card to continue migrating.
Additional Hardware
===================
If you have not purchased an `upgrade kit <https://store.start9.com/collections/embassy/products/upgrade-kit>`_ from us you'll need the following equipment:
#. `16GB microSD card <https://www.amazon.com/Sandisk-Ultra-Micro-UHS-I-Adapter/dp/B073K14CVB/>`_
#. `1TB solid state drive <https://www.amazon.com/Crucial-MX500-NAND-SATA-Internal/dp/B078211KBB>`_ minimum, 2TB+ recommended.
#. `Connector <https://www.amazon.com/Sabrent-2-5-Inch-Adapter-Optimized-EC-SSHD/dp/B011M8YACM/ref=sr_1_3?crid=IP9CVCE40BLN&keywords=usb+sabrent+ssd&qid=1640909042&sprefix=usb+sabrent+s%2Caps%2C192&sr=8-3>`_ or `enclosure <https://www.amazon.com/gp/product/B07T9D8F6C>`_ for your drive.
#. `SD card adapter <https://www.amazon.com/gp/product/B000WR3Z3A>`_ for getting data from your SD card.
Instructions
============
.. _recover-02-flashing:
Flashing
........
#. Once you have all these you will need to download an 0.3.0 image from https://images.start9.com. This is free for all existing users. Anyone who is running 0.2.x who compiled it themselves will need to either compile 0.3.0 themselves or purchase an 0.3.0 image.
#. Once you have the image, flash it on to the 16GB SD card - the new one, **NOT** the one currently in your Embassy!
.. tip:: The flashing software we recommend is `Balena Etcher <https://www.balena.io/etcher/>`_
.. _recover-02-backup:
Backing up
..........
.. caution:: It is prudent to back up your Embassy before migrating in case something doesn't work correctly, or there is an accident
If you're unsure how to do this - please follow `this <https://youtube.com/watch?v=_QJXgnE90ko>`_ guide.
.. youtube:: _QJXgnE90ko
With your Embassy safely backed up, it's time to proceed with the migration.
.. _recover-02-migrate:
Migration
.........
#. Begin by going into your Embassy, stopping all running services, and shutting down the device in the Embassy tab.
#. Once you've heard the power-off sound, wait a few more seconds and then safely unplug the Embassy.
#. Next, remove the SD card that is in your Embassy and place it into the SD card adaptor, and then connect the adaptor to a USB port on your Embassy.
#. Then take the new SD card with 0.3.0 on it and place it into the microSD card slot on your Embassy (not into the adaptor - that is for the old SD card!)
#. Next, plug the SSD into one of the USB 3.0 ports (blue) on your Embassy, then reconnect the Ethernet cable if not already connected.
#. Now the power cable can be connected and the Embassy powered up.
Power Up
........
#. The Embassy will power up and make a *bep* sound. It will then initialize, a process of less than 5 minutes if you purchased an image, or about 10-20 minutes if you built from source. Once complete you will hear a *chime* sound.
#. On your computer, open up a browser and go to ``embassy.local``
#. You will be asked to enter a product key. This can be located on the bottom of your Embassy if you purchased, or in the repository folder if you built from source.
#. Once entered, select ``Recover`` then select the microSD card - this will be labelled ``rootfs``.
#. On the next page you will be asked to select a storage device - here you should select your SSD.
.. note:: If it does not show up, please power down Embassy, unplug it, plug it back in, and boot Embassy again
#. If this drive is not empty, you will see a warning first. If you are happy to proceed, click ``Continue``.
#. You will now need to make a password for your Embassy. It needs to be a strong password. This password protects your Embassy. It can be the same one that you used prior to migration, or a different one.
#. The Embassy will now recover all your data from your old Embassy and once finished, you will hear <this>.
#. Now you will be provided with both a Tor and LAN address with which you can access your Embassy. Please make a note of these.
#. To use LAN safely, the SSL certificate will need to be added to whatever device you are using to access. This can be downloaded by clicking on ``Download root CA`` and installed by following the instructions <here>.
#. You can now log in to your Embassy via Tor or LAN, and you will be given the option of recovering your data on a service-by-service basis.
.. note:: For those recovering Bitwarden - it is now called Vaultwarden.

17
site/source/support/user-manual/getting-started/recover-03.rst
View File

@@ -1,17 +0,0 @@
.. _recover-03x:
===================
Recover v0.3.x Data
===================
Recover Embassy Series 0.3.x Data
---------------------------------
This guide will cover how to recover existing EmbassyOS version 0.3.x data.
Recover From Remote Backup
==========================
Recover From Local (External Drive) Backup
==========================================

32
site/source/support/user-manual/index.rst
View File

@@ -1,32 +0,0 @@
.. _user-manual:
===========
User Manual
===========
.. toctree::
:maxdepth: 1
:hidden:
getting-started/index
walkthrough/index
configuration/index
tuning/index
services/index
troubleshooting/index
.. panel-box::
:title: Overview
:id: "getting-started"
:class: my-panel
EmbassyOS is designed to work out of the box with a minimal setup and immediate practicality. That said, there are many use-cases and utilities that can be added and tweaked at your convenience, which are covered extensively in this manual. You can get started right away with :ref:`Initial Setup <initial-setup>`, head to our :doc:`Walkthrough <walkthrough/index>` for a guided tour, or learn about :doc:`Services <services/index>` and how to use them. In the :doc:`Configuration <configuration/index>` and :doc:`Tuning <tuning/index>` chapters, you can put your Embassy to work, and make it unique. Finally, you can cure common issues with :doc:`Troubleshooting <troubleshooting/index>` or find answers in our :ref:`FAQ<faq>`.
For further information, check out our :ref:`Knowledge Base <Learn>` to learn about the technologies behind Embassy. If you want to build your own Embassy, check out the :ref:`DIY Guide<diy>`. When you're ready to build, please check out our :ref:`Service Packaging Overview <service-packaging>`. Please don't hestitate to :ref:`Contact Us <contact>` if you have any issues, questions, or suggestions.
* :doc:`Getting Started <getting-started/index>` - Initial setup and device-specific guides to connect with your Embassy.
* :doc:`Walkthrough <walkthrough/index>` - A guided tour of EmbassyOS.
* :doc:`Services <services/index>` - Overview of featured Services and general usage on EmbassyOS.
* :doc:`Configuration <configuration/index>` - Configure your Embassy to your preference.
* :doc:`Tuning <tuning/index>` - Customize your Embassy with advanced configuration and external service integrations.
* :doc:`Troubleshooting <troubleshooting/index>` - Resolve any common issues you may encounter.

13
site/source/support/user-manual/services/index.rst
View File

@@ -1,13 +0,0 @@
.. _services:
========
Services
========
An overview of Services and Marketplaces on EmbassyOS.
.. toctree::
:maxdepth: 2
marketplace
managing-services/index

21
site/source/support/user-manual/services/managing-services/index.rst
View File

@@ -1,21 +0,0 @@
.. _managing-services:
=================
Managing Services
=================
An overview of Services and Marketplaces on EmbassyOS.
.. toctree::
:maxdepth: 2
service-overview
service-install
service-config
service-instructions
service-properties
service-actions
service-interfaces
service-logs
service-donate
service-updates

19
site/source/support/user-manual/services/managing-services/service-actions.rst
View File

@@ -1,19 +0,0 @@
.. _actions:
=======
Actions
=======
Actions are defined by the service package developer, and can provide the ability to do resets or other miscellaneous administrative tasks. The most simple of these is to remove a service from your Embassy.
.. _uninstalling:
Un-installing
-------------
.. warning:: THIS WILL DELETE ALL DATA FOR THIS SERVICE, PLEASE BE SURE YOU WANT TO DO THIS!
To remove a service, navigate to the :ref:`Services tab<services-tab>` *> [Service Name] > Actions > Uninstall*.
.. figure:: /_static/images/services/acts.png
:width: 60%

27
site/source/support/user-manual/services/managing-services/service-config.rst
View File

@@ -1,27 +0,0 @@
.. _service-config:
=============
Configuration
=============
After installation or update, some services require configuration before they can be started.
Navigate to the `Services tab <services-tab>` *> [Service Name] > Config*
.. figure:: /_static/images/services/service-needs-config.png
:width: 60%
Traditionally, configuring services was a massive headache and a huge barrier to running a personal server. But no more! The Embassy's revolutionary service config system makes the process transparent, simple, and safe.
.. figure:: /_static/images/services/service4.png
:width: 60%
Config options are defined by the service developer and can be almost anything. They are represented as simple UI elements - such as toggles and drop downs - and they include explanations and validations, such that users understand their purpose and are prevented from making mistakes.
.. figure:: /_static/images/services/service5.png
:width: 60%
You can change your configuration at any time from a Service's main page:
.. figure:: /_static/images/services/config.png
:width: 60%

15
site/source/support/user-manual/services/managing-services/service-donate.rst
View File

@@ -1,15 +0,0 @@
.. _service-donate:
======
Donate
======
Currently, this is a link provided by the service package developer so that you may donate to them or the developer of the service they packaged directly. If this is not provided, a pop-up message will let you know this, and you will need to find the devs on their own platforms in order to donate.
.. figure:: /_static/images/services/donate.png
:width: 60%
.. topic-box::
:title: Looking Forward
We intend to leverage the power of Embassy's Lightning Network options to create the choice for a user to immediately send sats to a developer. Ideally, this will have a percentage breakdown for the service developer, service packager, and Start9, for the user to delegate their donation as they choose. We are serious about helping to incentivize :ref:`Open Source<open-source>` development.

32
site/source/support/user-manual/services/managing-services/service-install.rst
View File

@@ -1,32 +0,0 @@
.. _installing:
==========
Installing
==========
.. note:: Some services have :ref:`dependencies<service-dependencies>` on other services. Adding, updating, or removing a service can sometimes have requirements or consequences for other services. Your Embassy will always inform you of these issues along the way.
To add a new service, simply find it's listing inside the :ref:`Service Marketplace <service-marketplace>` tab: *[Service Name] >* ``Install``. Let's install Synapse as an example:
.. figure:: /_static/images/services/service0.png
:width: 60%
.. figure:: /_static/images/services/service1.png
:width: 60%
Depending on the size of the service and your Internet connection, installation should take between 60 seconds and a few minutes.
.. figure:: /_static/images/services/service2.png
:width: 60%
You may click *View Service* at any time to view install progress, or after install to go to the Service page. Many services will need to be configured after install. You can use the default options, or change to your liking. See :ref:`configuration<service-config>` for details.
.. figure:: /_static/images/services/service3.png
:width: 60%
You will see a screen like the following when install is complete. Then you're ready to :ref:`configure <service-config>` your service!
.. figure:: /_static/images/services/service4.png
:width: 60%
.. note:: You can only use a service once its :ref:`dependencies <service-dependencies>` are met, its :ref:`configuration<service-config>` is complete, it has been started, and is in a *running* :ref:`status <service-status>`.

17
site/source/support/user-manual/services/managing-services/service-instructions.rst
View File

@@ -1,17 +0,0 @@
.. _instructions:
============
Instructions
============
To view the instructions for a particular service, navigate to the :ref:`Services tab <services-tab>` *> [Service Name] > Instructions*.
.. figure:: /_static/images/services/instruct.png
:width: 60%
Instructions will provide you with service-specific direction, provided by the service package developer, on what to expect, and how to use your new service.
.. figure:: /_static/images/services/service-instruct.png
:width: 60%
.. note:: For advanced instructions and integration guides, visit the wrapper repository for an `available service <https://marketplace.start9.com>`_.

15
site/source/support/user-manual/services/managing-services/service-interfaces.rst
View File

@@ -1,15 +0,0 @@
.. _service-interfaces:
==========
Interfaces
==========
Interfaces are URLs that a :ref:`Service<services>` uses to communicate in various ways with other software. Many Services will only have one interface, perhaps with a Tor and LAN address, to denote where it is hosted / accessed. Other services, such as Bitcoin or Lightning Nodes, may have several interfaces for different use-cases.
.. figure:: /_static/images/services/service-ints.png
:width: 60%
To view the instructions for a particular service, navigate to the :ref:`Services tab <services-tab>` *> [Service Name] > Properties*. From there you can copy a URL to your clipboard for use with external software.
.. figure:: /_static/images/services/service-ints0.png
:width: 60%

12
site/source/support/user-manual/services/managing-services/service-logs.rst
View File

@@ -1,12 +0,0 @@
.. _service-logs:
====
Logs
====
Naviage to *Services > [Service Name] > Logs*
Every service emits logs while it is in a *running* state. Logs give an *under-the-hood* glimpse of a service and can be extremely useful for debugging purposes. To a non-technical user, logs may look like gibberish, and sometimes there is nothing to see at all. You can check here if you have an issue with a service, and if you are talking to support, they may ask you to screenshot or copy these logs to help discover the root of the problem.
.. figure:: /_static/images/services/logs.png
:width: 60%

39
site/source/support/user-manual/services/managing-services/service-overview.rst
View File

@@ -1,39 +0,0 @@
.. _service-overview:
========
Overview
========
Services are very similar to Applications on a mobile device. The biggest differences are that they are often designed to run constantly, with 24/7 availability for when a user requires them. This is why they are called :ref:`Services<services>`, they are always ready to serve users!
.. _service-page:
The Service Page
----------------
.. figure:: /_static/images/services/service8.png
:width: 60%
The Service Page
In the image above, we see an example of a Service's homescreen, where you can access all the information and utilities of a particular service.
Below, we highlight the quick, need-to-know information of a Service that a user will want to see right away.
.. figure:: /_static/images/services/service00.png
:width: 60%
.. _service-status:
We can see the Service (Embassy Pages in this case), its ``Status``, ``Health Checks`` (if it has any), ``Dependencies`` (if it has any), and the ability to ``Start`` or ``Stop`` the Service, as well as ``Launch UI`` if it has a :ref:`Web Interface <web-ui>`. Here's a breakdown of what each of these means:
- Status:
- Needs Config: The Service needs your attention in making a configuration decision. There will always be default options available to you.
- Stopping... : Service is being stopped
- Stopped: Service is installed and configured, but not currently running.
- Starting... : Service is booting up
- Running: Service is running
- Health Checks: This is a critical feature of EmbassyOS. Health Checks are configured by the service packager in order to quickly convey to the user what is happening with their service, and possible actions they may want to take. Learn more about :ref:`Health Checks <health-checks>`.
- Dependencies: A service may require another service, called a dependency, in order to work. These may be optional, or required. Learn more about :ref:`Dependencies <service-dependencies>`.
- Start / Stop: Self-explanatory, use these buttons to start or stop a service.
- Launch UI: If available, this will open the User Interface (UI) for the service in a new browser tab. Learn more about :ref:`Web UIs<web-ui>`.

20
site/source/support/user-manual/services/managing-services/service-properties.rst
View File

@@ -1,20 +0,0 @@
.. _service-properties:
==========
Properties
==========
Properties can contain both static and dynamic information about a service. They could be almost anything: a default username/password, an invite code, or a list of peers - anything the service developer thought might be useful.
.. figure:: /_static/images/services/props.png
:width: 60%
To view the instructions for a particular service, navigate to the :ref:`Services tab <services-tab>` *> [Service Name] > Properties*.
Properties may be accompanied by one or more of the following:
* a *help* icon for further explanation.
* a *copy* icon for copying the value to your clipboard.
* a *QR* icon for viewing the value as a QR code.
.. note:: Some services do not have any information in the Properties section

9
site/source/support/user-manual/services/managing-services/service-updates.rst
View File

@@ -1,9 +0,0 @@
.. _service-updates:
========
Updating
========
To see if an update is available for a service, you can visit the *Updates* section of the Marketplace or by visiting its Marketplace listing.
If an update is available, simply click "Update" and confirm the action.

17
site/source/support/user-manual/services/marketplace.rst
View File

@@ -1,17 +0,0 @@
.. _service-marketplace:
===========
Marketplace
===========
Embassy Marketplace
-------------------
We now have a fully interactive, live `Marketplace <https://marketplace.start9.com>`_!! Visit now to see currently available services and get a feel for the ecosystem!
Community Wishlist
------------------
You can visit the `Embassy: Voice <https://s9.altweb.me/>`_ unofficial feedback forum to see what the Community are asking for and make your own suggestions!
You can also make suggestions on our `Github Discussions <https://github.com/Start9Labs/embassy-os/discussions>`_ forum.

23
site/source/support/user-manual/tuning/advanced-config/alt-marketplace.rst
View File

@@ -1,23 +0,0 @@
.. _alt-marketplace:
===============
Alt Marketplace
===============
EmbassyOS supports accessing alternative marketplaces.
.. caution:: Start9 is not responsible for issues encountered when downloading services from alternative marketplaces, and cannot provide support for services that are not from our offical marketplace. Here be dragons!!
After SSH-ing into the Embassy, run the following command, replacing ``<url>`` with your desired marketplace URL:
.. code-block:: bash
embassy-cli server set-marketplace <url>
or to only change the marketplace for fetching packages, but not os updates:
.. code-block:: bash
embassy-cli package set-marketplace <url>
.. note:: Make sure you have the URL **EXACTLY CORRECT.** If you do not, your Embassy may crash. In this case, just reboot the device and try again.

14
site/source/support/user-manual/tuning/advanced-config/index.rst
View File

@@ -1,14 +0,0 @@
.. _advanced-config:
===============
Advanced Config
===============
Custom options for folks that "know what they're doing."
.. toctree::
:maxdepth: 2
ssh-setup
ssh-tor
alt-marketplace

28
site/source/support/user-manual/tuning/advanced-config/ssh-setup.rst
View File

@@ -1,28 +0,0 @@
.. _ssh-setup:
=========
SSH Setup
=========
.. warning:: This is an advanced feature and should be used with caution. Start9 is not responsible for any damage you might cause while using SSH access.
.. tip:: An ED25519 key is strongly recommended. If you have issues with any other type of key, please consider using an ED25519.
Connecting via CLI (Linux / Mac)
--------------------------------
#. Navigate to the ``Embassy`` tab, then under ``Settings``, click ``SSH``
#. Click the ``+ Add New Key`` button
#. Paste in your SSH public key and hit ``Submit``
#. You can now access your Embassy from the command line (Linux and Mac) using:
.. code-block:: bash
ssh root@<LAN URL>
Replacing ``<LAN URL>`` with your Embassy's LAN (``embassy-xxxxxxx.local``) address
Connecting via SSH on Windows, using PuTTY
------------------------------------------
One of our community members, `@brewsbitcoin <https://twitter.com/brewsbitcoin>`_ (https://brewsbitcoin.com/), has put together this `Guide <https://medium.com/@brewsbitcoin/ssh-to-start9-embassy-from-windows-4a4e17891b5a>`_ for connecting via PuTTY on Windows.

73
site/source/support/user-manual/tuning/advanced-config/ssh-tor.rst
View File

@@ -1,73 +0,0 @@
.. _ssh-tor:
============
SSH Over Tor
============
.. warning:: This is an advanced feature and should be used with caution. Start9 is not responsible for any damage you might cause while using SSH access.
.. note:: The following guide requires that you have already added an `SSH key to your Embassy<ssh-setup>`.
This is currently only supported on Linux, but may work on Windows with `Torifier <https://torifier.com/>`_.
Setup
-----
#. First, you'll need one dependency, ``torsocks``, which will allow you to use SSH over Tor on the machine that you want access with. Select your Linux flavor to install:
.. tabs::
.. group-tab:: Debian / Ubuntu
.. code-block:: bash
apt install torsocks
.. group-tab:: Arch / Garuda / Manjaro
.. code-block:: bash
pacman -S torsocks
#. SSH in:
.. code-block:: bash
ssh root@embassy-xxxxxxx.local
#. Add the following 2 lines to ``/etc/tor/torrc`` **EITHER** by using your preferred text editor (such as ``nano`` or ``vim``):
``HiddenServiceDir /var/lib/tor/ssh``
``HiddenServicePort 22 127.0.0.1:22``
**OR** by entering the following 2 commands:
.. code-block:: bash
echo "HiddenServiceDir /var/lib/tor/ssh" >> /etc/tor/torrc
echo "HiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc
#. Then reload the Tor configuration with your edits:
.. code-block:: bash
systemctl reload tor
#. Next, gather the ``.onion`` address you just created:
.. code-block:: bash
cat /var/lib/tor/ssh/hostname
.. note:: All these changes are on the overlay and won't persist after a restart of your Embassy
#. Add an additional SSH key in your EmbassyUI if you want to access from a machine other than the one you did this setup with.
Access
------
Now to log in, simply use the following command, using the ``.onion`` hostname you printed above:
.. code-block::
torsocks ssh root@xxxxxxxxxxxxxxxxx.onion

101
site/source/support/user-manual/tuning/diy.rst
View File

@@ -1,101 +0,0 @@
.. _diy:
=========
DIY Guide
=========
.. figure:: /_static/images/diy/pi.png
:width: 40%
:alt: Raspberry Pi
Raspberry Pi Board
By popular demand, we are pleased to present this "Do it Yourself" (DIY) guide for the Start9 Embassy personal server!
Motivation
----------
There are several reasons you might prefer to build your own Embassy instead of purchasing one from us:
#. You already own the necessary hardware and would like to re-purpose it.
#. You live outside the US and want to save on shipping costs.
#. You do not trust Start9's supply chain.
#. You do not want to share your shipping address.
#. You just like building things.
Building an Embassy
-------------------
The first thing you'll need to do is gather the hardware and assemble it.
Hardware: Components
....................
#. `Raspberry Pi 4B (8GB) <https://raspberrypi.org/products/raspberry-pi-4-model-b/?variant=raspberry-pi-4-model-b-8gb>`_
#. `Power supply for Raspberry Pi 4B <https://raspberrypi.org/products/type-c-power-supply/>`_ Make sure this is at minimum 15w and 3.5a.
#. Case for Raspberry Pi 4B (`passive cooling <https://www.amazon.com/Geekworm-Raspberry-Aluminum-Passive-Heatsink/dp/B07Z6FYHCH/>`_ is recommended). This means no moving parts and no noise, as a fan is not required.
.. caution:: If you prefer to use a fan, **DO NOT** use the official Raspberry Pi fan, as it requires the same GPIO pins as the audio speaker. Instead, we recommend `this fan <https://www.amazon.com/Raspberry-iUniker-30x30x7mm-Brushless-RetroFlag/dp/B076H3TKBP/>`_.
#. A `16GB microSD card <https://amazon.com/SanDisk-Endurance-microSDXC-Adapter-Monitoring/dp/B07NY23WBG/>`_ (no need for bigger). If you have ABSOLUTELY NO data to migrate (from an Embassy v0.2.x), you may choose to re-use the card already in your Embassy.
#. `GPIO mini speaker/buzzer <https://www.amazon.com/Corporate-Computer-Motherboard-Internal-Speaker/dp/B01527H4W2/>`_ (These often sell out, please let us know if this link needs to be refreshed)
#. Ethernet cable
#. MicroSD → USB adapter (or you may have a microSD port on your computer)
#. An external drive (1TB minimum, 2TB SSD recommended), or an `internal drive <https://www.amazon.com/Crucial-MX500-NAND-SATA-Internal/dp/B078211KBB>`_ with an `USB enclosure <https://www.amazon.com/gp/product/B07T9D8F6C>`_, as sold with our upgrade kits. MUST CONNECT OVER USB 3.0!
- Currently the only tested and supported external drives are the Samsung T5 and T7
.. tip:: Alternatively, you may build with the Geekworm setup and internal M.2 drive as described in this `guide <https://start9dave.substack.com/p/diy-build>`_, which has been tested to work, but is not currently supported.
Hardware: Assembly
..................
#. Insert mini speaker/buzzer into GPIO pins 6/8/10/12 with the word "speaker" facing out, `away from the board`.
.. figure:: /_static/images/diy/pins.png
:width: 60%
:alt: Speaker board spec
#. Place the Raspberry Pi 4 board (with speaker attached), into its case.
#. Plug in the external drive to one of the USB 3.0 (blue) slots
Getting EmbassyOS
-----------------
After building your device, you need a copy of EmbassyOS.
Getting EmbassyOS: Purchasing
.............................
- You can purchase EmbassyOS `here <https://store.start9.com/collections/embassy/products/embassyos-software-download>`_. This is by far the easiest path to get up and running.
- Depending on your Internet speed, the download should take between 5 and 30 minutes.
Getting EmbassyOS: Building from Source
.......................................
- If you prefer to build EmbassyOS from source, you can do so following our guide on the `Start9 GitHub <https://github.com/Start9Labs/embassy-os/tree/master/build>`_.
Installing EmbassyOS
--------------------
Whether you purchase EmbassyOS from us or build it yourself, you'll need to flash it onto a microSD card.
#. Download `balenaEtcher <https://www.balena.io/etcher/>`_ onto your Mac, Windows, or Linux computer.
#. Insert the microSD card into your computer, either directly or using an adapter.
#. Open balenaEtcher.
#. Click `Select Image`, then find and select your copy of EmbassyOS.
#. Click `Select Target`, then find and select your micro SD card.
.. warning:: BE CERTAIN YOU SELECT THE CORRECT DISK AS IT WILL BE ERASED AND WRITTEN OVER
#. Click `Flash!` You may be asked to (1) approve the unusually large disk target or (2) enter your password. Both are normal.
.. figure:: /_static/images/diy/balena.png
:width: 60%
:alt: Balena Etcher Dashboard
#. Once the image is flashed and verified, you may remove the micro SD, insert it into your Embassy, and power up the device.
#. The Embassy is now ready for use, and you may continue following the normal :ref:`Initial Setup <initial-setup>` instructions.
.. note:: The first time you power on your Embassy it may take 10-20 minutes to initialize.

15
site/source/support/user-manual/tuning/index.rst
View File

@@ -1,15 +0,0 @@
.. _tuning:
======
Tuning
======
Here, you can customize your Embassy with advanced configuration, setup external tools, migrate from old projects, or build your own Embassy from scratch.
.. toctree::
:maxdepth: 2
diy
advanced-config/index
tune-embassy-os
service-guides/index

124
site/source/support/user-manual/tuning/service-guides/bitcoin.rst
View File

@@ -1,124 +0,0 @@
.. _bitcoin-service:
=======
Bitcoin
=======
Here you will find guides on how to connect different kinds of Bitcoin wallets (hardware and software) to your Embassy node, to complete your sovereign Bitcoin stack!
Tested Wallets
--------------
.. _blockstream-green:
Blockstream Green
=================
.. note:: Not Possible at this time - No ability to connect to a Bitcoin node
.. _blue-wallet:
BlueWallet
==========
.. note:: Not Possible at this time - Requires Electrum Server
.. _electrum:
Electrum
========
.. warning:: UNTESTED
.. _fully-noded:
FullyNoded
==========
Available For
.............
- iOS
- Mac
Instructions
............
1. In Fully Noded, go to `Settings > Node Manager > +`
2. Enter your Bitcoin Core credentials. You can do this in one of two ways: (1) Use Fully Noded to scan your QuickConnect QR code (located in `Services > Bitcoin Core > properties`); or (2) copy/paste your Bitcoin Core Tor Address (located in `Services > Bitcoin Core > Interfaces`) with :8332 appended, as well as you rpc username and password (located in `Services > Bitcoin Core > Config > RPC Settings`).
.. _ledger-live:
Ledger Live
===========
.. tip:: Built for use with Ledger hardware devices
.. warning:: UNTESTED
.. _samourai:
Samourai
========
.. note:: Not Possible at this time - Requires Dojo Stack
.. _sparrow:
Sparrow
=======
Available For
.............
- Linux
- Mac
- Windows
Instructions
............
Follow the `guide <https://github.com/start9labs/bitcoind-wrapper/docs/integrations/sparrow/guide.md>`__.
.. _specter:
Specter
=======
Available For
.............
- Linux
- Mac
- Windows
Instructions
............
Follow the `guide <https://github.com/Start9Labs/bitcoind-wrapper/tree/master/docs/integrations/specter>`__.
.. _trezor-suite:
Trezor Suite
============
.. tip:: Built for use with Trezor hardware devices
.. warning:: UNTESTED
.. _bitcoin-cli:
Using Bitcoin-Cli
-----------------
Instructions for accessing the bitcoind service in order to issue commands directly.
.. warning:: This is an advanced feature and should be used with caution. Start9 is not responsible for any damage you might cause through SSH access.
1. First, you will need SSH access. Please see the :ref:`setup instructions <ssh-setup>` for details.
2. Access your Embassy and then you can interact with the bitcoind docker container using the following syntax::
sudo docker exec bitcoind bitcoin-cli COMMAND
.. tip:: For example ``sudo docker exec bitcoind bitcoin-cli getnetworkinfo``
A list of possible commands can be found `here <https://chainquery.com/bitcoin-cli>`__.
You can also drop into a shell using::
sudo docker exec -it bitcoind bash
and then enter ``bitcoin-cli`` commands. When you are finished, simply type ``exit``...

15
site/source/support/user-manual/tuning/service-guides/index.rst
View File

@@ -1,15 +0,0 @@
.. _service-guides:
==============
Service Guides
==============
These guides will help you to setup external tools to connect or interact with specific :ref:`Services<services>`, such as a chat client or :ref:`Bitcoin<bitcoin>` wallet.
.. toctree::
:maxdepth: 2
vaultwarden
matrix
bitcoin
lightning

88
site/source/support/user-manual/tuning/service-guides/lightning.rst
View File

@@ -1,88 +0,0 @@
.. _lightning:
=========
Lightning
=========
Check out our `Getting Started with Lightning video <https://www.youtube.com/watch?v=KhU_sTiaN8w>`_ for an introduction to the Lightning Network using LND and RTL on Embassy!
.. youtube:: KhU_sTiaN8w
.. _blue-wallet-lightning:
BlueWallet
----------
.. note:: Not available at this time - LNDHub is required
.. _rtl:
Ride the Lightning
------------------
Available For
.............
- EmbassyOS
See the video at the top of this page for an intro to Lightning using RTL.
.. _spark:
Spark
-----
.. note:: Compatible with C-Lightning only
Available For
.............
- Android
- EmbassyOS
- iOS
To use a Spark client, you still need to have Spark installed on the Embassy. The Spark service on Embassy is both a server (background service) and a client (the :ref:`Web UI<web-ui>`). Under Properties, there is a "Pairing URL". The first part of this is the server URL, and the end portion of it is the access key.
.. _thunderhub:
Thunderhub
----------
Available For
.............
- EmbassyOS
Download from your Embassy's Marketplace and follow the included Instructions.
.. _zap:
Zap
---
Available For
.............
- Android
- iOS
.. note:: Compatible with LND only
#. Download from your device's application store.
#. Go to Settings and activate Tor.
#. Go to Add a Wallet and scan the LND REST connection QR code found in your Embassy's LND service page -> Properties.
.. _zeus:
Zeus
----
Available For
.............
- Android
- iOS (Coming Soon)
C-Lightning
...........
LND
...
Spark
.....

14
site/source/support/user-manual/tuning/service-guides/matrix.rst
View File

@@ -1,14 +0,0 @@
.. _matrix:
======
Matrix
======
.. _matrix-setup:
Guides
------
Check out our `Synapse video <https://www.youtube.com/watch?v=PtwQsybFapo>`_ for features and setup!
.. youtube:: PtwQsybFapo

113
site/source/support/user-manual/tuning/service-guides/vaultwarden.rst
View File

@@ -1,113 +0,0 @@
.. _vaultwarden:
===========
Vaultwarden
===========
Vaultwarden Setup Guide and Integrations
----------------------------------------
.. note:: The version of Bitwarden server used on the Embassy is a fork called "Vaultwarden." Despite this, it still functions with several of the apps/integrations that are built for, and still named after, "Bitwarden." We apologize for any confusion this may cause.
Check out our `Vaultwarden video <https://www.youtube.com/watch?v=YcxxVHpm9j0>`_ for basic features and setup!
.. youtube:: YcxxVHpm9j0
Vaultwarden Vault (WebUI)
=========================
1. First we will open up our Embassy and go to the Marketplace tab, select Vaultwarden, and install if you have not already done so.
2. After install, click Configure. A strong admin token has been securely created by your Embassy, but you may change it if you wish. This can also be changed later. Click save. Click start to run the service.
3. Next launch the Vaultwarden web interface. If you are connected to your Embassy on LAN, Vaultwarden will also launch on LAN. If you are connected over Tor, Vaultwarden will lanuch on Tor. What you are looking at now is your very own Vaultwarden website, served right from your Embassy. Let's create an account. Please note, you are creating an account with yourself on your own Vaultwarden website served from your own Vaultwarden server, there are no third parties involved here. Enter an email for logging in, a strong password that you will remember, and optionally a password hint. It is important to realize that this is the 'Master password' for all your other passwords. Make it very strong, memorize it, write it down, and back it up to a safe place. If you lose it, you may lose access to all your passwords and your entire digital life.
Now you can log in to your new password manager!
4. We are greeted with our newly setup Vaultwarden password vault. At the top you can visit 'Tools' for reports, a password generator, and to import data from another program, such as lastpass, onepass, or keepass. 'Settings' gives you all your options, including the ability to set up 2 factor authorization.
5. Back at the main page for your vault, let's do a quick example login. We can setup a new folder here and save new login. For our example, we're going to use our FileBrowser instance. So click 'Add item,' then we'll fill in some test information. A name for the entry, a username, password, and the website we want to log in to. Then click 'Save.'
Bitwarden Browser Extension
===========================
The Bitwarden browser extension will only work with Tor browser or Firefox, since those are the only two browsers capable of using Tor, or in other words, access .onion URLs. Brave Browser can also access .onion URLs, but only in special tabs, not in extension, so the Bitwarden extension will not work on Brave.
1. If you choose Tor Browser, everything will just work right out of the box. If you choose Firefox, you will need to configure both your :ref:`device <tor-os>` and :ref:`Firefox <tor-firefox>` to use Tor.
2. In this example we will use Firefox. First, install the `Bitwarden browser extension <https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/>`_. Once installed, click on the extension and click 'Settings' in the top left. Under 'Self-hosted environment,' you will see a field for 'Server URL,'. Here, we need to paste in our Vaultwarden Tor address. Go to your Embassy and copy you Vaultwarden Tor address, then return to the Bitwarden extension and paste it in, prefixed by ``http://``. Please note, you must use in ``http``, not ``https``. Click 'Save.'
3. Now you can click on the extension again, click 'Log In,' and enter your credentials. That's it, the extension is all set up!
Mobile Apps
===========
Android
.......
You will need to :ref:`Setup Tor <tor-android>` on your device first.
#. Visit your app store of choice and download the Bitwarden app. Once downloaded and installed, let's go into Orbot, and add the app to the VPN apps list. You may need to hit the refresh button in the top left to get it to populate.
#. Next, enter the Bitwarden app. You'll be greeted with a log-in screen, and just like in the extension, you can go to the top left gear icon to enter the Settings. You'll need to enter your LAN address from your Embassy, so you can copy-paste it over to your phone, or type it in by hand. Don't forget to ensure the prefix is ``http://`` and NOT ``https://``. Hit save, and you'll be returned to the log-in screen.
#. Go ahead and tap 'Log In,' enter your credentials, and you can access your Bitwarden app / Vaultwarden server.
iOS
...
Unfortunately, the iOS app does not support Tor, so currently the Bitwarden app can only be synced on LAN. Once synced, your app and passwords will be cached and available when you are on the go, and you will only need to be on LAN to update any edits to your vault.
You will need to :ref:`Setup LAN <lan-ios>` on your device first.
#. Visit your app store and download the Bitwarden app.
#. Next, enter the Bitwarden app. You'll be greeted with a log-in screen, and just like in the extension, you can go to the top left gear icon to enter the Settings. You'll need to enter your LAN address from your Embassy, so you can copy-paste it over to your phone, or type it in by hand. Don't forget to ensure the prefix is ``https://``. Hit save, and you'll be returned to the log-in screen.
#. Go ahead and tap 'Log In,' enter your credentials, and you can access your Bitwarden app / Vaultwarden server.
Desktop Apps
============
The desktop app is a bit more finicky, and arguably much less useful than the mobile and browser solutions, but below are the known good (tested) configurations if you'd like to use it.
Linux
.....
First, be sure to :ref:`Setup Tor <tor-linux>` natively.
#. Download the `Bitwarden Desktop app <https://bitwarden.com/download/>`_. Depending on your Linux distribution and preference, you may want the AppImage, Deb, Snap, etc. You can also check your favorite package manager.
#. Run the program with the flag ` --proxy-server=socks5://127.0.0.1:9050` behind it. You can run this from a terminal, and if you'd like to use a shortcut, edit that shortcut file to include the flag.
#. As with the other solutions above, click the 'Settings' icon, and enter your Vaultwarden Tor address. You can then log in to your vault.
Alternatively, you may be able to run using your LAN address, but this has proven finicky, especially on Debian/Ubuntu systems. You will have better luck if you have the Root CA installed at the OS level. First, be sure to :ref:`Setup LAN <lan-linux>` natively.
Mac
...
#. Download the `Bitwarden Desktop app <https://bitwarden.com/download/>`_.
#. LAN
#. First, be sure to :ref:`Setup LAN <lan-mac>` natively.
#. For LAN access, follow the LAN setup in the instructions below. After completing setup, simply open Bitwarden and add your LAN address in the 'Settings' and login.
#. Tor
#. First, be sure to :ref:`Setup Tor <tor-mac>` natively.
#. Run the program with the flag ` --proxy-server=socks5://127.0.0.1:9050` behind it. You can run this from a terminal, and if you'd like to use a shortcut, edit that shortcut file to include the flag.
#. You can now log in to your vault.
Windows
.......
#. Download the `Bitwarden Desktop app <https://bitwarden.com/download/>`_.
#. Follow the Tor setup in the instructions below. Make sure the Bitwarden directory is located in your user's directory (C:\Users\YOURUSER\AppData\Local\Bitwarden). This is because you need permission to run over a proxy. You can make a shortcut wherever you'd like.
#. Right-click the shortcut and click 'Properties.' Add the flag ` --proxy-server=socks5://127.0.0.1:9050` to the end of the 'Target' field. Click 'Apply,' then 'OK.' Close Properties and launch the shortcut.
#. As with the other solutions above, click the 'Settings' icon, and enter your Vaultwarden Tor address. You can then log in to your vault.

49
site/source/support/user-manual/tuning/tune-embassy-os.rst
View File

@@ -1,49 +0,0 @@
.. _tune-embassy-os:
===============
Customizing EOS
===============
.. _device-name:
Set Device Name
---------------
Here you can change the name of your Embassy!
#. Go to the ``Embassy`` tab on the main menu on the left side of the UI
.. figure:: /_static/images/config/basic-config0.png
:width: 60%
:alt: Embassy Tab
#. Under the ``Settings`` section, click ``Preferences``
.. figure:: /_static/images/config/basic-config1.png
:width: 60%
:alt: Preferences
#. Then click ``Device Name``, set to desired name, and click ``Save``
.. figure:: /_static/images/config/basic-config2.png
:width: 60%
:alt: Rename Embassy
.. _reorder:
Reorder Service Page
--------------------
You may customize the layout of your Services by re-arranging them to your liking.
#. Simply visit the ``Services`` tab on the main menu on the left side of the UI, and select ``Reorder`` in the top right.
.. figure:: /_static/images/walkthrough/reorder0.png
:width: 60%
:alt: Reorder Button
#. You can now click and drag on each service to create the ordered list you desire. When satisfied, click ``Done`` in the top right to save.
.. figure:: /_static/images/walkthrough/reorder1.png
:width: 60%
:alt: Reorder Services

60
site/source/support/user-manual/walkthrough/backups.rst
View File

@@ -1,60 +0,0 @@
.. _backups:
==============
Making Backups
==============
There are 2 options for backing up your Embassy and all its service data. You can setup a shared folder on a remote machine, such as a laptop, desktop, or external drive on your network, or you can backup to a local drive, which must be externally powered or plugged into a powered USB hub before plugging into Embassy.
.. note:: For remote backups, you will first need to configure the machine you want to backup to. Check our :ref:`Backup Setup<backup-setup>` guide for your OS first.
Remote Backups
--------------
#. Go to the :ref:`Embassy tab<embassy-tab>`, then click on ``Create Backup``.
.. figure:: /_static/images/config/embassy_backup.png
:width: 60%
#. Next, click on ``+ New Shared Folder`` to use your previously created backup folder.
.. figure:: /_static/images/config/embassy_backup0.png
:width: 60%
#. Fill in the following fields:
* Hostname - This is the hostname of the machine that your folder or drive is located on
* Path - This is the directory path to the shared folder. If you setup Samba yourself (Linux), this may be the name of the share in your samba config file and not the path.
* Username - This is the user on the remote machine that you used to create the shared directory
* Password - This is your user (from above) password
.. figure:: /_static/images/config/embassy_backup1.png
:width: 60%
Then click ``Save``
#. You will see a freshly created "cloud" backup location available, click it for options, and click ``Create Backup`` to begin.
.. figure:: /_static/images/config/embassy_backup2.png
:width: 60%
#. You can continue to use your Embassy while the backup is in progress.
.. figure:: /_static/images/config/embassy_backup3.png
:width: 60%
#. When the backup is complete you will be notified in the :ref:`Notifications tab<notifications-tab>`, and you will see the date and time of your most recent backup updated under ``Backups`` in the Embassy tab.
.. figure:: /_static/images/config/embassy_backup4.png
:width: 60%
Local Backups
-------------
#. With Embassy powered down, plug in your external drive to the powered hub if you are using one, or directly into Embassy's available USB 3.0 (blue) slot if it is externally powered.
#. Plug in power to your hub or drive
#. Boot Embassy and go to ``Embassy`` -> ``Create Backup``
#.

18
site/source/support/user-manual/walkthrough/index.rst
View File

@@ -1,18 +0,0 @@
.. _walkthrough:
===========
Walkthrough
===========
An overview of EmbassyOS general capabilities.
.. toctree::
:maxdepth: 2
overview
updates
backups
password
sessions

88
site/source/support/user-manual/walkthrough/overview.rst
View File

@@ -1,88 +0,0 @@
.. _overview:
==================
EmbassyOS Overview
==================
.. _services-tab:
Services Tab
------------
The Services Tab will show you all of your currently installed :ref:`Services<services>`, or in the case of a fresh install, no Services. You can reorder this layout to your liking with the ``Reorder`` button in the top right. You can see a demo of this :ref:`here<reorder>`.
.. figure:: /_static/images/walkthrough/servicestab.png
:width: 60%
Click on any service in order to see its :ref:`Service Page<service-page>`.
.. figure:: /_static/images/walkthrough/servicepage.png
:width: 60%
.. _embassy-tab:
Embassy Tab
-----------
The Embassy Tab is where you can perform :ref:`Backups<backups>`, get Insights into EOS, change some basic Settings, and Power cycle your device if necessary.
.. figure:: /_static/images/walkthrough/embassytab.png
:width: 60%
Backups
=======
One of the most important actions you can do on your Embassy is to keep a regular backup of your data. See the page on :ref:`Backups<backups>`, and select your device for more details. In this section, you can create, and restore from, backups.
Insights
========
The Insights section gives you basic information on your Embassy, monitoring of system resources / temperature, and logs for debugging.
Settings
========
The Settings section lets you change preferences, and manage `Connectivity` and Active Sessions. See the documentation on :ref:`Configuration<config>` for more details.
.. _power:
Power
=====
Restart
.......
#. Be patient while services shut down. A *tune* will play, indicating the shutdown is complete.
#. A gentle *bep* will sound when the Embassy is powered back on.
#. A *chime* will sound when the Embassy is ready to use. Please be patient as a Restart will take some time.
Shutdown
........
#. Be patient while services shut down, it may take some minutes. A *tune* will play, indicating the shutdown is complete.
#. It is now safe to unplug the Embassy from power and the ethernet cable, if connected.
.. note:: After a shutdown, the *only* way to turn your Embassy back on is to unplug it and plug it back in. As such, we do not recommend shutting down your Embassy when you are not physically near it. Instead, you should use the restart option.
.. _marketplace-tab:
Marketplace Tab
---------------
The Marketplace Tab is obviously the home of the Marketplace, where you can search out and install new Services, or manange existing ones. You can view our live Marketplace `here <marketplace.start9.com>`_.
.. figure:: /_static/images/walkthrough/markettab.png
:width: 60%
Marketplace
===========
.. _notifications-tab:
Notifications Tab
-----------------
The Notifications Tab is where you can view and manage information produced by EOS and your Services that may need your attention. You can clear these individually, or all at once with ``Delete All`` in the top right.
.. figure:: /_static/images/walkthrough/notiftab.png
:width: 60%

88
site/source/support/user-manual/walkthrough/password.rst
View File

@@ -1,88 +0,0 @@
.. _forgot-password:
===============
Forgot Password
===============
There is currently no way to reset you Embassy master password through a standard UI flow.
SSH/Linux
---------
If you already have :ref:`SSH keys registered with your Embassy<ssh-setup>` **OR** you have access to a Linux computer, you can reset your Embassy password without losing any data.
SSH
===
#. Use the command line to gain SSH access to your Embassy, replacing ``[network-id]`` with your Embassy's unique ID:
.. code-block:: bash
ssh pi@embassy-[network-id].local
#. Check if you have sqlite3 installed (with ``which``). If not, install it (with ``apt``):
.. code-block:: bash
which sqlite3
sudo apt install sqlite3
#. Access the sqlite3 terminal:
.. code-block:: bash
sudo sqlite3 /root/agent/start9_agent.sqlite3
#. Run:
.. code-block:: bash
delete from account;
.quit
#. Exit the SSH session:
.. code-block:: bash
exit
.. warning:: Running setup process will generate new certificate and Tor address for your Embassy.
#. You can now visit ``embassy.local`` to reclaim your Embassy and set a new password.
Linux
=====
#. Shut down your Embassy, disconnect from power, and remove the microSD card.
#. Insert the microSD card into your Linux computer and mount the drive::
mount [drive] [mount folder]
#. Check if you have sqlite3 installed. If not, install it::
which sqlite3
sudo apt install sqlite3
#. Access the sqlite3 terminal::
sudo sqlite3 /root/agent/start9_agent.sqlite3
#. Run::
delete from account;
.quit
#. Un-mount the microSD card::
umount [mount folder]
#. Return the microSD card to your Embassy and power it on.
.. warning:: Running setup process will generate new certificate and Tor address for your Embassy.
#. You can now visit ``embassy.local`` to reclaim your Embassy and set a new password.
No SSH/Linux
------------
You must factory reset your device by re-installing EmbassyOS, resulting in permanent loss of data. Visit the `image downloader <https://images.start9labs.com/>`_ to obtain a new EmbassyOS image, then follow the :ref:`Initial Setup <initial-setup>` guide.

12
site/source/support/user-manual/walkthrough/sessions.rst
View File

@@ -1,12 +0,0 @@
.. _active-sessions:
===============
Active Sessions
===============
Every time a login is made with Embassy, such as from a web browser on your laptop or mobile device, a :ref:`Session <sessions>` is created. You can see these listed in the ``Embassy`` tab, under ``Active Sessions``.
To end a session, simply click ``Kill`` to the right of your selection.
.. figure:: /_static/images/walkthrough/sessions0.png
:width: 60%

32
site/source/support/user-manual/walkthrough/updates.rst
View File

@@ -1,32 +0,0 @@
.. _updates:
========
Updating
========
Keeping current on Updates ensures a secure and performant system.
.. _update-eos:
Updating EmbassyOS
------------------
When an Operating System update is available, a big, beautiful banner will appear in the Marketplace as an announcement. Simply click on this and follow the UI flow to update EmbassyOS. It is recommended to keep EOS up to date for the latest security and performance patches, as well as to take advantage of new features.
.. _auto-check-updates:
Enable Auto Check for Updates
-----------------------------
#. Navigate to the ``Embassy`` tab -> ``Preferences``
#. Click "Auto Check for Updates" and click Enable
#. If there is an update available, you will be prompted to install it.
#. While updating, your Embassy will emit a gentle chime every 20 seconds.
#. You can also enable :ref:`automatic update checks<auto-update>` in the ``Embassy`` tab -> Settings -> Preferences.
.. note:: Ensure you have a stable Internet connection, and do not unplug your Embassy during an update. Updates usually complete within a few minutes, but depending on the size of the update and your Internet bandwidth, they can sometimes take up to an hour.
Manually Checking Updates
-------------------------
If you choose not to enable automatic update checks, service updates will still appear in the ``Updates`` tab of the Marketplace when ready.