Volume bind mounts into LXC containers inherited private propagation
from the host source path, which prevented mounts made inside a
container (e.g. NAS mounts via postinit.sh) from propagating back to
the host. Dependent services bind-mounting the same volume from the
host side would never see these internal mounts.
Self-bind each host volume directory and mark it rshared so that
container-internal mounts propagate back to the host path. Mark
dependency mounts as rslave so they receive propagated mounts but
cannot propagate mounts back to the source service.
Because rshared propagation means mounts can survive container
teardown, add defense-in-depth to uninstall cleanup: unmount any
remaining mounts under the package volume path, then refuse to
delete if any persist, preventing remove_dir_all from traversing
into a live NFS/NAS mount and destroying data.
* Fix PackageInfoShort to handle LocaleString on releaseNotes
* fix: filter by target_version in get_matching_models and pass otherVersions from install
* chore: add exver documentation for ai agents
* fix --arch flag to fall back to emulation when native image unavailable, always infer hardware requirement for arch
* better handling of arch filter
* dont cancel in-progress commit workflows and abstract common setup
* cli improvements
fix group handling
* fix cli publish
* alpha.19
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* start consolidating
* add start-cli flash-os
* combine install and setup and refactor all
* use http
* undo mock
* fix translation
* translations
* use dialogservice wrapper
* better ST messaging on setup
* only warn on update if breakages (#3097)
* finish setup wizard and ui language-keyboard feature
* fix typo
* wip: localization
* remove start-tunnel readme
* switch to posix strings for language internal
* revert mock
* translate backend strings
* fix missing about text
* help text for args
* feat: add "Add new gateway" option (#3098)
* feat: add "Add new gateway" option
* Update web/projects/ui/src/app/routes/portal/components/form/controls/select.component.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* add translation
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix dns selection
* keyboard keymap also
* ability to shutdown after install
* revert mock
* working setup flow + manifest localization
* (mostly) redundant localization on frontend
* version bump
* omit live medium from disk list and better space management
* ignore missing package archive on 035 migration
* fix device migration
* add i18n helper to sdk
* fix install over 0.3.5.1
* fix grub config
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* port misc fixes from feature/nvidia
* switch back to official tor proxy on 9050
* refactor OpenUI
* fix typo
* fixes, plus getServiceManifest
* fix EffectCreator, bump to beta.47
* fixes
* help ios downlaod .crt and add begin add masked for addresses
* only require and show CA for public domain if addSsl
* fix type and revert i18n const
* feat: add address masking and adjust design (#3088)
* feat: add address masking and adjust design
* update lockfile
* chore: move eye button to actions
* chore: refresh notifications and handle action error
* static width for health check name
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* hide certificate authorities tab
* alpha.17
* add waiting health check status
* remove "on" from waiting message
* reject on abort in `.watch`
* id migration: nostr -> nostr-rs-relay
* health check waiting state
* use interface type for launch button
* better wording for masked
* cleaner
* sdk improvements
* fix type error
* fix notification badge issue
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* fix: refactor dns to handle tcp connections:
- do not use long-lived tcp connections to upstream dns servers
- when incoming request is over tcp, force a tcp lookup instead of udp
this solves cases where large dns records were not being resolved due to udp->tcp switch-over.
* use forwarding resolver for fallback
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* fix: race condition in Daemon.stop()
* fix: do not stop Daemon on context leave
* fix: remove duplicate Daemons.term calls
* feat: honor dependency order when shutting terminating Daemons
* fixes, and remove started
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* add support for idmapped mounts to start-sdk
* misc fixes
* misc fixes
* add default to textarea
* fix iptables masquerade rule
* fix textarea types
* more fixes
* better logging for rsync
* fix tty size
* fix wg conf generation for android
* disable file mounts on dependencies
* mostly there, some styling issues (#3069)
* mostly there, some styling issues
* fix: address comments (#3070)
* fix: address comments
* fix: fix
* show SSL for any address with secure protocol and ssl added
* better sorting and messaging
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
* fixes for nextcloud
* allow sidebar navigation during service state traansitions
* wip: x-forwarded headers
* implement x-forwarded-for proxy
* lowercase domain names and fix warning popover bug
* fix http2 websockets
* fix websocket retry behavior
* add arch filters to s9pk pack
* use docker for start-cli install
* add version range to package signer on registry
* fix rcs < 0
* fix user information parsing
* refactor service interface getters
* disable idmaps
* build fixes
* update docker login action
* streamline build
* add start-cli workflow
* rename
* riscv64gc
* fix ui packing
* no default features on cli
* make cli depend on GIT_HASH
* more build fixes
* more build fixes
* interpolate arch within dockerfile
* fix tests
* add launch ui to service page plus other small improvements (#3075)
* add launch ui to service page plus other small improvements
* revert translation disable
* add spinner to service list if service is health and loading
* chore: some visual tune up
* chore: update Taiga UI
---------
Co-authored-by: waterplea <alexander@inkin.ru>
* fix backups
* feat: use arm hosted runners and don't fail when apt package does not exist (#3076)
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Shadowy Super Coder <musashidisciple@proton.me>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Remco Ros <remcoros@live.nl>
* overwrite AllowedIPs in wg config
mute UnknownCA errors
* fix upgrade issues
* allow start9 user to access journal
* alpha.15
* sort actions lexicographically and show desc in marketplace details
* add registry package download cli command
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* add support for inbound proxies
* backend changes
* fix file type
* proxy -> tunnel, implement backend apis
* wip start-tunneld
* add domains and gateways, remove routers, fix docs links
* dont show hidden actions
* show and test dns
* edit instead of chnage acme and change gateway
* refactor: domains page
* refactor: gateways page
* domains and acme refactor
* certificate authorities
* refactor public/private gateways
* fix fe types
* domains mostly finished
* refactor: add file control to form service
* add ip util to sdk
* domains api + migration
* start service interface page, WIP
* different options for clearnet domains
* refactor: styles for interfaces page
* minor
* better placeholder for no addresses
* start sorting addresses
* best address logic
* comments
* fix unnecessary export
* MVP of service interface page
* domains preferred
* fix: address comments
* only translations left
* wip: start-tunnel & fix build
* forms for adding domain, rework things based on new ideas
* fix: dns testing
* public domain, max width, descriptions for dns
* nix StartOS domains, implement public and private domains at interface scope
* restart tor instead of reset
* better icon for restart tor
* dns
* fix sort functions for public and private domains
* with todos
* update types
* clean up tech debt, bump dependencies
* revert to ts-rs v9
* fix all types
* fix dns form
* add missing translations
* it builds
* fix: comments (#3009)
* fix: comments
* undo default
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix: refactor legacy components (#3010)
* fix: comments
* fix: refactor legacy components
* remove default again
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* more translations
* wip
* fix deadlock
* coukd work
* simple renaming
* placeholder for empty service interfaces table
* honor hidden form values
* remove logs
* reason instead of description
* fix dns
* misc fixes
* implement toggling gateways for service interface
* fix showing dns records
* move status column in service list
* remove unnecessary truthy check
* refactor: refactor forms components and remove legacy Taiga UI package (#3012)
* handle wh file uploads
* wip: debugging tor
* socks5 proxy working
* refactor: fix multiple comments (#3013)
* refactor: fix multiple comments
* styling changes, add documentation to sidebar
* translations for dns page
* refactor: subtle colors
* rearrange service page
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix file_stream and remove non-terminating test
* clean up logs
* support for sccache
* fix gha sccache
* more marketplace translations
* install wizard clarity
* stub hostnameInfo in migration
* fix address info after setup, fix styling on SI page, new 040 release notes
* remove tor logs from os
* misc fixes
* reset tor still not functioning...
* update ts
* minor styling and wording
* chore: some fixes (#3015)
* fix gateway renames
* different handling for public domains
* styling fixes
* whole navbar should not be clickable on service show page
* timeout getState request
* remove links from changelog
* misc fixes from pairing
* use custom name for gateway in more places
* fix dns parsing
* closes#3003
* closes#2999
* chore: some fixes (#3017)
* small copy change
* revert hardcoded error for testing
* dont require port forward if gateway is public
* use old wan ip when not available
* fix .const hanging on undefined
* fix test
* fix doc test
* fix renames
* update deps
* allow specifying dependency metadata directly
* temporarily make dependencies not cliackable in marketplace listings
* fix socks bind
* fix test
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
Co-authored-by: waterplea <alexander@inkin.ru>
* import marketplac preview for sideload
* fix: improve state service (#2977)
* fix: fix sideload DI
* fix: update Angular
* fix: cleanup
* fix: fix version selection
* Bump node version to fix build for Angular
* misc fixes
- update node to v22
- fix chroot-and-upgrade access to prune-images
- don't self-migrate legacy packages
- #2985
- move dataVersion to volume folder
- remove "instructions.md" from s9pk
- add "docsUrl" to manifest
* version bump
* include flavor when clicking view listing from updates tab
* closes#2980
* fix: fix select button
* bring back ssh keys
* fix: drop 'portal' from all routes
* fix: implement longtap action to select table rows
* fix description for ssh page
* replace instructions with docsLink and refactor marketplace preview
* delete unused translations
* fix patchdb diffing algorithm
* continue refactor of marketplace lib show components
* Booting StartOS instead of Setting up your server on init
* misc fixes
- closes#2990
- closes#2987
* fix build
* docsUrl and clickable service headers
* don't cleanup after update until new service install succeeds
* update types
* misc fixes
* beta.35
* sdkversion, githash for sideload, correct logs for init, startos pubkey display
* bring back reboot button on install
* misc fixes
* beta.36
* better handling of setup and init for websocket errors
* reopen init and setup logs even on graceful closure
* better logging, misc fixes
* fix build
* dont let package stats hang
* dont show docsurl in marketplace if no docsurl
* re-add needs-config
* show error if init fails, shorten hover state on header icons
* fix operator precedemce
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Mariusz Kogen <k0gen@pm.me>
