Volume bind mounts into LXC containers inherited private propagation
from the host source path, which prevented mounts made inside a
container (e.g. NAS mounts via postinit.sh) from propagating back to
the host. Dependent services bind-mounting the same volume from the
host side would never see these internal mounts.
Self-bind each host volume directory and mark it rshared so that
container-internal mounts propagate back to the host path. Mark
dependency mounts as rslave so they receive propagated mounts but
cannot propagate mounts back to the source service.
Because rshared propagation means mounts can survive container
teardown, add defense-in-depth to uninstall cleanup: unmount any
remaining mounts under the package volume path, then refuse to
delete if any persist, preventing remove_dir_all from traversing
into a live NFS/NAS mount and destroying data.
* Fix PackageInfoShort to handle LocaleString on releaseNotes
* fix: filter by target_version in get_matching_models and pass otherVersions from install
* chore: add exver documentation for ai agents
* fix alerts i18n, fix status display, better, remove usb media, hide shutdown for install complete
* trigger chnage detection for localize pipe and round out implementing localize pipe for consistency even though not needed
* add documentation for ai agents
* docs: consolidate CLAUDE.md and CONTRIBUTING.md, add style guidelines
- Refactor CLAUDE.md to reference CONTRIBUTING.md for build/test/format info
- Expand CONTRIBUTING.md with comprehensive build targets, env vars, and testing
- Add code style guidelines section with conventional commits
- Standardize SDK prettier config to use single quotes (matching web)
- Add project-level Claude Code settings to disable co-author attribution
* style(sdk): apply prettier with single quotes
Run prettier across sdk/base and sdk/package to apply the
standardized quote style (single quotes matching web).
* docs: add USER.md for per-developer TODO filtering
- Add agents/USER.md to .gitignore (contains user identifier)
- Document session startup flow in CLAUDE.md:
- Create USER.md if missing, prompting for identifier
- Filter TODOs by @username tags
- Offer relevant TODOs on session start
* docs: add i18n documentation task to agent TODOs
* docs: document i18n ID patterns in core/
Add agents/i18n-patterns.md covering rust-i18n setup, translation file
format, t!() macro usage, key naming conventions, and locale selection.
Remove completed TODO item and add reference in CLAUDE.md.
* chore: clarify that all builds work on any OS with Docker
* fix --arch flag to fall back to emulation when native image unavailable, always infer hardware requirement for arch
* better handling of arch filter
* dont cancel in-progress commit workflows and abstract common setup
* cli improvements
fix group handling
* fix cli publish
* alpha.19
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* start consolidating
* add start-cli flash-os
* combine install and setup and refactor all
* use http
* undo mock
* fix translation
* translations
* use dialogservice wrapper
* better ST messaging on setup
* only warn on update if breakages (#3097)
* finish setup wizard and ui language-keyboard feature
* fix typo
* wip: localization
* remove start-tunnel readme
* switch to posix strings for language internal
* revert mock
* translate backend strings
* fix missing about text
* help text for args
* feat: add "Add new gateway" option (#3098)
* feat: add "Add new gateway" option
* Update web/projects/ui/src/app/routes/portal/components/form/controls/select.component.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* add translation
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix dns selection
* keyboard keymap also
* ability to shutdown after install
* revert mock
* working setup flow + manifest localization
* (mostly) redundant localization on frontend
* version bump
* omit live medium from disk list and better space management
* ignore missing package archive on 035 migration
* fix device migration
* add i18n helper to sdk
* fix install over 0.3.5.1
* fix grub config
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* port misc fixes from feature/nvidia
* switch back to official tor proxy on 9050
* refactor OpenUI
* fix typo
* fixes, plus getServiceManifest
* fix EffectCreator, bump to beta.47
* fixes
* help ios downlaod .crt and add begin add masked for addresses
* only require and show CA for public domain if addSsl
* fix type and revert i18n const
* feat: add address masking and adjust design (#3088)
* feat: add address masking and adjust design
* update lockfile
* chore: move eye button to actions
* chore: refresh notifications and handle action error
* static width for health check name
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* hide certificate authorities tab
* alpha.17
* add waiting health check status
* remove "on" from waiting message
* reject on abort in `.watch`
* id migration: nostr -> nostr-rs-relay
* health check waiting state
* use interface type for launch button
* better wording for masked
* cleaner
* sdk improvements
* fix type error
* fix notification badge issue
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* fix: refactor dns to handle tcp connections:
- do not use long-lived tcp connections to upstream dns servers
- when incoming request is over tcp, force a tcp lookup instead of udp
this solves cases where large dns records were not being resolved due to udp->tcp switch-over.
* use forwarding resolver for fallback
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* fix: keep uptime width constant and service table DOM cached
* show error status and fix columns spacing
* revert const
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* add tor logs, rework services page, other small things
* feat: sortable service table and mobile view
---------
Co-authored-by: waterplea <alexander@inkin.ru>
* fix: race condition in Daemon.stop()
* fix: do not stop Daemon on context leave
* fix: remove duplicate Daemons.term calls
* feat: honor dependency order when shutting terminating Daemons
* fixes, and remove started
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* add support for idmapped mounts to start-sdk
* misc fixes
* misc fixes
* add default to textarea
* fix iptables masquerade rule
* fix textarea types
* more fixes
* better logging for rsync
* fix tty size
* fix wg conf generation for android
* disable file mounts on dependencies
* mostly there, some styling issues (#3069)
* mostly there, some styling issues
* fix: address comments (#3070)
* fix: address comments
* fix: fix
* show SSL for any address with secure protocol and ssl added
* better sorting and messaging
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
* fixes for nextcloud
* allow sidebar navigation during service state traansitions
* wip: x-forwarded headers
* implement x-forwarded-for proxy
* lowercase domain names and fix warning popover bug
* fix http2 websockets
* fix websocket retry behavior
* add arch filters to s9pk pack
* use docker for start-cli install
* add version range to package signer on registry
* fix rcs < 0
* fix user information parsing
* refactor service interface getters
* disable idmaps
* build fixes
* update docker login action
* streamline build
* add start-cli workflow
* rename
* riscv64gc
* fix ui packing
* no default features on cli
* make cli depend on GIT_HASH
* more build fixes
* more build fixes
* interpolate arch within dockerfile
* fix tests
* add launch ui to service page plus other small improvements (#3075)
* add launch ui to service page plus other small improvements
* revert translation disable
* add spinner to service list if service is health and loading
* chore: some visual tune up
* chore: update Taiga UI
---------
Co-authored-by: waterplea <alexander@inkin.ru>
* fix backups
* feat: use arm hosted runners and don't fail when apt package does not exist (#3076)
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Shadowy Super Coder <musashidisciple@proton.me>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Remco Ros <remcoros@live.nl>
