- Update patch-db submodule: fixes DB null-nuke caused by ciborium's
broken deserialize_str, and stack overflow from recursive apply_patches
- Create /media/startos with mode 750 in initramfs before subdirectories
* task fix and keyboard fix
* fixes for build scripts
* passthrough feature
* feat: inline domain health checks and improve address UX
- addPublicDomain returns DNS query + port check results (AddPublicDomainRes)
so frontend skips separate API calls after adding a domain
- addPrivateDomain returns check_dns result for the gateway
- Support multiple ports per domain in validation modal (deduplicated)
- Run port checks concurrently via futures::future::join_all
- Add note to add-domain dialog showing other interfaces on same host
- Add addXForwardedHeaders to knownProtocols in SDK Host.ts
- Add plugin filter kind, pluginId filter, matchesAny, and docs to
getServiceInterface.ts
- Add PassthroughInfo type and passthroughs field to NetworkInfo
- Pluralize "port forwarding rules" in i18n dictionaries
* feat: add shared host note to private domain dialog with i18n
* fix: scope public domain to single binding and return single port check
Accept internalPort in AddPublicDomainParams to target a specific
binding. Disable the domain on all other bindings. Return a single
CheckPortRes instead of Vec. Revert multi-port UI to singular port
display from 0f8a66b35.
* better shared hostname approach, and improve look-feel of addresses tables
* fix starttls
* preserve usb as top efi boot option
* fix race condition in wan ip check
* sdk beta.56
* various bug, improve smtp
* multiple bugs, better outbound gateway UX
* remove non option from smtp for better package compat
* bump sdk
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* docs: update preferred external port design in TODO
* docs: add user-controlled public/private and port forward mapping to design
* docs: overhaul interfaces page design with view/manage split and per-address controls
* docs: move address enable/disable to overflow menu, add SSL indicator, defer UI placement decisions
* chore: remove tor from startos core
Tor is being moved from a built-in OS feature to a service. This removes
the Arti-based Tor client, onion address management, hidden service
creation, and all related code from the core backend, frontend, and SDK.
- Delete core/src/net/tor/ module (~2060 lines)
- Remove OnionAddress, TorSecretKey, TorController from all consumers
- Remove HostnameInfo::Onion and HostAddress::Onion variants
- Remove onion CRUD RPC endpoints and tor subcommand
- Remove tor key handling from account and backup/restore
- Remove ~12 tor-related Cargo dependencies (arti-client, torut, etc.)
- Remove tor UI components, API methods, mock data, and routes
- Remove OnionHostname and tor patterns/regexes from SDK
- Add v0_4_0_alpha_20 database migration to strip onion data
- Bump version to 0.4.0-alpha.20
* chore: flatten HostnameInfo from enum to struct
HostnameInfo only had one variant (Ip) after removing Tor. Flatten it
into a plain struct with fields gateway, public, hostname. Remove all
kind === 'ip' type guards and narrowing across SDK, frontend, and
container runtime. Update DB migration to strip the kind field.
* chore: format RPCSpec.md markdown table
* docs: update TODO.md with DerivedAddressInfo design, remove completed tor task
* feat: implement preferred port allocation and per-address enable/disable
- Add AvailablePorts::try_alloc() with SSL tracking (BTreeMap<u16, bool>)
- Add DerivedAddressInfo on BindInfo with private_disabled/public_enabled/possible sets
- Add Bindings wrapper with Map impl for patchdb indexed access
- Flatten HostAddress from single-variant enum to struct
- Replace set-gateway-enabled RPC with set-address-enabled
- Remove hostname_info from Host; computed addresses now in BindInfo.addresses.possible
- Compute possible addresses inline in NetServiceData::update()
- Update DB migration, SDK types, frontend, and container-runtime
* feat: replace InterfaceFilter with ForwardRequirements, add WildcardListener, complete alpha.20 bump
- Replace DynInterfaceFilter with ForwardRequirements for per-IP forward
precision with source-subnet iptables filtering for private forwards
- Add WildcardListener (binds [::]:port) to replace the per-gateway
NetworkInterfaceListener/SelfContainedNetworkInterfaceListener/
UpgradableListener infrastructure
- Update forward-port script with src_subnet and excluded_src env vars
- Remove unused filter types and listener infrastructure from gateway.rs
- Add availablePorts migration (IdPool -> BTreeMap<u16, bool>) to alpha.20
- Complete version bump to 0.4.0-alpha.20 in SDK and web
* outbound gateway support (#3120)
* Multiple (#3111)
* fix alerts i18n, fix status display, better, remove usb media, hide shutdown for install complete
* trigger chnage detection for localize pipe and round out implementing localize pipe for consistency even though not needed
* Fix PackageInfoShort to handle LocaleString on releaseNotes (#3112)
* Fix PackageInfoShort to handle LocaleString on releaseNotes
* fix: filter by target_version in get_matching_models and pass otherVersions from install
* chore: add exver documentation for ai agents
* frontend plus some be types
---------
Co-authored-by: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com>
* feat: replace SourceFilter with IpNet, add policy routing, remove MASQUERADE
* build ts types and fix i18n
* fix license display in marketplace
* wip refactor
* chore: update ts bindings for preferred port design
* feat: refactor NetService to watch DB and reconcile network state
- NetService sync task now uses PatchDB DbWatch instead of being called
directly after DB mutations
- Read gateways from DB instead of network interface context when
updating host addresses
- gateway sync updates all host addresses in the DB
- Add Watch<u64> channel for callers to wait on sync completion
- Fix ts-rs codegen bug with #[ts(skip)] on flattened Plugin field
- Update SDK getServiceInterface.ts for new HostnameInfo shape
- Remove unnecessary HTTPS redirect in static_server.rs
- Fix tunnel/api.rs to filter for WAN IPv4 address
* re-arrange (#3123)
* new service interfacee page
* feat: add mdns hostname metadata variant and fix vhost routing
- Add HostnameMetadata::Mdns variant to distinguish mDNS from private domains
- Mark mDNS addresses as private (public: false) since mDNS is local-only
- Fall back to null SNI entry when hostname not found in vhost mapping
- Simplify public detection in ProxyTarget filter
- Pass hostname to update_addresses for mDNS domain name generation
* looking good
* feat: add port_forwards field to Host for tracking gateway forwarding rules
* update bindings for API types, add ARCHITECTURE (#3124)
* update binding for API types, add ARCHITECTURE
* translations
* fix: add CONNMARK restore-mark to mangle OUTPUT chain
The CONNMARK --restore-mark rule was only in PREROUTING, which handles
forwarded packets. Locally-bound listeners (e.g. vhost) generate replies
through the OUTPUT chain, where the fwmark was never restored. This
caused response packets to route via the default table instead of back
through the originating interface.
* chore: reserialize db on equal version, update bindings and docs
- Run de/ser roundtrip in pre_init even when db version matches, ensuring
all #[serde(default)] fields are populated before any typed access
- Add patchdb.md documentation for TypedDbWatch patterns
- Update TS bindings for CheckPortParams, CheckPortRes, ifconfigUrl
- Update CLAUDE.md docs with patchdb and component-level references
* fix: include public gateways for IP-based addresses in vhost targets
The server hostname vhost construction only collected private IPs,
always setting public to empty. Public IP addresses (Ipv4/Ipv6 metadata
with public=true) were never added to the vhost target's public gateway
set, causing the vhost filter to reject public traffic for IP-based
addresses.
* fix: add TLS handshake timeout and fix accept loop deadlock
Two issues in TlsListener::poll_accept:
1. No timeout on TLS handshakes: LazyConfigAcceptor waits indefinitely
for ClientHello. Attackers that complete TCP handshake but never send
TLS data create zombie futures in `in_progress` that never complete.
Fix: wrap the entire handshake in tokio::time::timeout(15s).
2. Missing waker on new-connection pending path: when a TCP connection
is accepted and the TLS handshake is pending, poll_accept returned
Pending without calling wake_by_ref(). Since the TcpListener returned
Ready (not Pending), no waker was registered for it. With edge-
triggered epoll and no other wakeup source, the task sleeps forever
and remaining connections in the kernel accept queue are never
drained. Fix: add cx.waker().wake_by_ref() so the task immediately
re-polls and continues draining the accept queue.
* fix: switch BackgroundJobRunner from Vec to FuturesUnordered
BackgroundJobRunner stored active jobs in a Vec<BoxFuture> and polled
ALL of them on every wakeup — O(n) per poll. Since this runs in the
same tokio::select! as the WebServer accept loop, polling overhead from
active connections directly delayed acceptance of new connections.
FuturesUnordered only polls woken futures — O(woken) instead of O(n).
* chore: update bindings and use typed params for outbound gateway API
* feat: per-service and default outbound gateway routing
Add set-outbound-gateway RPC for packages and set-default-outbound RPC
for the server, with policy routing enforcement via ip rules. Fix
connmark restore to skip packets with existing fwmarks, add bridge
subnet routes to per-interface tables, and fix squashfs path in
update-image-local.sh.
* refactor: manifest wraps PackageMetadata, move dependency_metadata to PackageVersionInfo
Manifest now embeds PackageMetadata via #[serde(flatten)] instead of
duplicating ~14 fields. icon and dependency_metadata moved from
PackageMetadata to PackageVersionInfo since they are registry-enrichment
data loaded from the S9PK archive. merge_with now returns errors on
metadata/icon/dependency_metadata mismatches instead of silently ignoring
them.
* fix: replace .status() with .invoke() for iptables/ip commands
Using .status() leaks stderr directly to system logs, causing noisy
iptables error messages. Switch all networking CLI invocations to use
.invoke() which captures stderr properly. For check-then-act patterns
(iptables -C), use .invoke().await.is_err() instead of
.status().await.map_or(false, |s| s.success()).
* feat: add check-dns gateway endpoint and fix per-interface routing tables
Add a `check-dns` RPC endpoint that verifies whether a gateway's DNS
is properly configured for private domain resolution. Uses a three-tier
check: direct match (DNS == server IP), TXT challenge probe (DNS on
LAN), or failure (DNS off-subnet).
Fix per-interface routing tables to clone all non-default routes from
the main table instead of only the interface's own subnets. This
preserves LAN reachability when the priority-75 catch-all overrides
default routing. Filter out status-only flags (linkdown, dead) that
are invalid for `ip route add`.
* refactor: rename manifest metadata fields and improve error display
Rename wrapperRepo→packageRepo, marketingSite→marketingUrl,
docsUrl→docsUrls (array), remove supportSite. Add display_src/display_dbg
helpers to Error. Fix DepInfo description type to LocaleString. Update
web UI, SDK bindings, tests, and fixtures to match. Clean up cli_attach
error handling and remove dead commented code.
* chore: bump sdk version to 0.4.0-beta.49
* chore: add createTask decoupling TODO
* chore: add TODO to clear service error state on install/update
* round out dns check, dns server check, port forward check, and gateway port forwards
* chore: add TODOs for URL plugins, NAT hairpinning, and start-tunnel OTA updates
* version instead of os query param
* interface row clickable again, bu now with a chevron!
* feat: implement URL plugins with table/row actions and prefill support
- Add URL plugin effects (register, export_url, clear_urls) in core
- Add PluginHostnameInfo, HostnameMetadata::Plugin, and plugin registration types
- Implement plugin URL table in web UI with tableAction button and rowAction overflow menus
- Thread urlPluginMetadata (packageId, hostId, interfaceId, internalPort) as prefill to actions
- Add prefill support to PackageActionData so metadata passes through form dialogs
- Add i18n translations for plugin error messages
- Clean up plugin URLs on package uninstall
* feat: split row_actions into remove_action and overflow_actions for URL plugins
* touch up URL plugins table
* show table even when no addresses
* feat: NAT hairpinning, DNS static servers, clear service error on install
- Add POSTROUTING MASQUERADE rules for container and host hairpin NAT
- Allow bridge subnet containers to reach private forwards via LAN IPs
- Pass bridge_subnet env var from forward.rs to forward-port script
- Use DB-configured static DNS servers in resolver with DB watcher
- Fall back to resolv.conf servers when no static servers configured
- Clear service error state when install/update completes successfully
- Remove completed TODO items
* feat: builder-style InputSpec API, prefill plumbing, and port forward fix
- Add addKey() and add() builder methods to InputSpec with InputSpecTools
- Move OuterType to last generic param on Value, List, and all dynamic methods
- Plumb prefill through getActionInput end-to-end (core → container-runtime → SDK)
- Filter port_forwards to enabled addresses only
- Bump SDK to 0.4.0-beta.50
* fix: propagate host locale into LXC containers and write locale.conf
* chore: remove completed URL plugins TODO
* feat: OTA updates for start-tunnel via apt repository (untested)
- Add apt repo publish script (build/apt/publish-deb.sh) for S3-hosted repo
- Add apt source config and GPG key placeholder (apt/)
- Add tunnel.update.check and tunnel.update.apply RPC endpoints
- Wire up update API in tunnel frontend (api service + mock)
- Uses systemd-run --scope to survive service restart during update
* fix: publish script dpkg-name, s3cfg fallback, and --reinstall for apply
* chore: replace OTA updates TODO with UI TODO for MattDHill
* feat: add getOutboundGateway effect and simplify VersionGraph init/uninit
Add getOutboundGateway effect across core, container-runtime, and SDK
to let services query their effective outbound gateway with callback
support. Remove preInstall/uninstall hooks from VersionGraph as they
are no longer needed.
* frontend start-tunnel updates
* chore: remove completed TODO
* feat: tor hidden service key migration
* chore: migrate from ts-matches to zod across all TypeScript packages
* feat(core): allow setting server hostname
* send prefill for tasks and hide operations to hidden fields
* fix(core): preserve plugin URLs across binding updates
BindInfo::update was replacing addresses with a new DerivedAddressInfo
that cleared the available set, wiping plugin-exported URLs whenever
bind() was called. Also simplify update_addresses plugin preservation
to use retain in place rather than collecting into a separate set.
* minor cleanup from patch-db audit
* clean up prefill flow
* frontend support for setting and changing hostname
* feat(core): refactor hostname to ServerHostnameInfo with name/hostname pair
- Rename Hostname to ServerHostnameInfo, add name + hostname fields
- Add set_hostname_rpc for changing hostname at runtime
- Migrate alpha_20: generate serverInfo.name from hostname, delete ui.name
- Extract gateway.rs helpers to fix rustfmt nesting depth issue
- Add i18n key for hostname validation error
- Update SDK bindings
* add comments to everything potentially consumer facing (#3127)
* add comments to everything potentially consumer facing
* rework smtp
---------
Co-authored-by: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com>
* implement server name
* setup changes
* clean up copy around addresses table
* feat: add zod-deep-partial, partialValidator on InputSpec, and z.deepPartial re-export
* fix: header color in zoom (#3128)
* fix: merge version ranges when adding existing package signer (#3125)
* fix: merge version ranges when adding existing package signer
Previously, add_package_signer unconditionally inserted the new
version range, overwriting any existing authorization for that signer.
Now it OR-merges the new range with the existing one, so running
signer add multiple times accumulates permissions rather than
replacing them.
* add --merge flag to registry package signer add
Default behavior remains overwrite. When --merge is passed, the new
version range is OR-merged with the existing one, allowing admins to
accumulate permissions incrementally.
* add missing attribute to TS type
* make merge optional
* upsert instead of insert
* VersionRange::None on upsert
* fix: header color in zoom
---------
Co-authored-by: Dominion5254 <musashidisciple@proton.me>
* update snake and add about this server to system general
* chore: bump sdk to beta.53, wrap z.deepPartial with passthrough
* reset instead of reset defaults
* action failure show dialog
* chore: bump sdk to beta.54, add device-info RPC, improve SDK abort handling and InputSpec filtering
- Bump SDK version to 0.4.0-beta.54
- Add `server.device-info` RPC endpoint and `s9pk select` CLI command
- Extract `HardwareRequirements::is_compatible()` method, reuse in registry filtering
- Add `AbortedError` class with `muteUnhandled` flag, replace generic abort errors
- Handle unhandled promise rejections in container-runtime with mute support
- Improve `InputSpec.filter()` with `keepByDefault` param and boolean filter values
- Accept readonly tuples in `CommandType` and `splitCommand`
- Remove `sync_host` calls from host API handlers (binding/address changes)
- Filter mDNS hostnames by secure gateway availability
- Derive mDNS enabled state from LAN IPs in web UI
- Add "Open UI" action to address table, disable mDNS toggle
- Hide debug details in service error component
- Update rpc-toolkit docs for no-params handlers
* fix: add --no-nvram to efi grub-install to preserve built-in boot order
* update snake
* diable actions when in error state
* chore: split out nvidia variant
* misc bugfixes
* create manage-release script (untested)
* fix: preserve z namespace types for sdk consumers
* sdk version bump
* new checkPort types
* multiple bugs and better port forward ux
* fix link
* chore: todos and formatting
* fix build
---------
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Dominion5254 <musashidisciple@proton.me>
* add documentation for ai agents
* docs: consolidate CLAUDE.md and CONTRIBUTING.md, add style guidelines
- Refactor CLAUDE.md to reference CONTRIBUTING.md for build/test/format info
- Expand CONTRIBUTING.md with comprehensive build targets, env vars, and testing
- Add code style guidelines section with conventional commits
- Standardize SDK prettier config to use single quotes (matching web)
- Add project-level Claude Code settings to disable co-author attribution
* style(sdk): apply prettier with single quotes
Run prettier across sdk/base and sdk/package to apply the
standardized quote style (single quotes matching web).
* docs: add USER.md for per-developer TODO filtering
- Add agents/USER.md to .gitignore (contains user identifier)
- Document session startup flow in CLAUDE.md:
- Create USER.md if missing, prompting for identifier
- Filter TODOs by @username tags
- Offer relevant TODOs on session start
* docs: add i18n documentation task to agent TODOs
* docs: document i18n ID patterns in core/
Add agents/i18n-patterns.md covering rust-i18n setup, translation file
format, t!() macro usage, key naming conventions, and locale selection.
Remove completed TODO item and add reference in CLAUDE.md.
* chore: clarify that all builds work on any OS with Docker
* start consolidating
* add start-cli flash-os
* combine install and setup and refactor all
* use http
* undo mock
* fix translation
* translations
* use dialogservice wrapper
* better ST messaging on setup
* only warn on update if breakages (#3097)
* finish setup wizard and ui language-keyboard feature
* fix typo
* wip: localization
* remove start-tunnel readme
* switch to posix strings for language internal
* revert mock
* translate backend strings
* fix missing about text
* help text for args
* feat: add "Add new gateway" option (#3098)
* feat: add "Add new gateway" option
* Update web/projects/ui/src/app/routes/portal/components/form/controls/select.component.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* add translation
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix dns selection
* keyboard keymap also
* ability to shutdown after install
* revert mock
* working setup flow + manifest localization
* (mostly) redundant localization on frontend
* version bump
* omit live medium from disk list and better space management
* ignore missing package archive on 035 migration
* fix device migration
* add i18n helper to sdk
* fix install over 0.3.5.1
* fix grub config
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* port misc fixes from feature/nvidia
* switch back to official tor proxy on 9050
* refactor OpenUI
* fix typo
* fixes, plus getServiceManifest
* fix EffectCreator, bump to beta.47
* fixes
* add support for idmapped mounts to start-sdk
* misc fixes
* misc fixes
* add default to textarea
* fix iptables masquerade rule
* fix textarea types
* more fixes
* better logging for rsync
* fix tty size
* fix wg conf generation for android
* disable file mounts on dependencies
* mostly there, some styling issues (#3069)
* mostly there, some styling issues
* fix: address comments (#3070)
* fix: address comments
* fix: fix
* show SSL for any address with secure protocol and ssl added
* better sorting and messaging
---------
Co-authored-by: Alex Inkin <alexander@inkin.ru>
* fixes for nextcloud
* allow sidebar navigation during service state traansitions
* wip: x-forwarded headers
* implement x-forwarded-for proxy
* lowercase domain names and fix warning popover bug
* fix http2 websockets
* fix websocket retry behavior
* add arch filters to s9pk pack
* use docker for start-cli install
* add version range to package signer on registry
* fix rcs < 0
* fix user information parsing
* refactor service interface getters
* disable idmaps
* build fixes
* update docker login action
* streamline build
* add start-cli workflow
* rename
* riscv64gc
* fix ui packing
* no default features on cli
* make cli depend on GIT_HASH
* more build fixes
* more build fixes
* interpolate arch within dockerfile
* fix tests
* add launch ui to service page plus other small improvements (#3075)
* add launch ui to service page plus other small improvements
* revert translation disable
* add spinner to service list if service is health and loading
* chore: some visual tune up
* chore: update Taiga UI
---------
Co-authored-by: waterplea <alexander@inkin.ru>
* fix backups
* feat: use arm hosted runners and don't fail when apt package does not exist (#3076)
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Shadowy Super Coder <musashidisciple@proton.me>
Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Remco Ros <remcoros@live.nl>
* overwrite AllowedIPs in wg config
mute UnknownCA errors
* fix upgrade issues
* allow start9 user to access journal
* alpha.15
* sort actions lexicographically and show desc in marketplace details
* add registry package download cli command
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* import marketplac preview for sideload
* fix: improve state service (#2977)
* fix: fix sideload DI
* fix: update Angular
* fix: cleanup
* fix: fix version selection
* Bump node version to fix build for Angular
* misc fixes
- update node to v22
- fix chroot-and-upgrade access to prune-images
- don't self-migrate legacy packages
- #2985
- move dataVersion to volume folder
- remove "instructions.md" from s9pk
- add "docsUrl" to manifest
* version bump
* include flavor when clicking view listing from updates tab
* closes#2980
* fix: fix select button
* bring back ssh keys
* fix: drop 'portal' from all routes
* fix: implement longtap action to select table rows
* fix description for ssh page
* replace instructions with docsLink and refactor marketplace preview
* delete unused translations
* fix patchdb diffing algorithm
* continue refactor of marketplace lib show components
* Booting StartOS instead of Setting up your server on init
* misc fixes
- closes#2990
- closes#2987
* fix build
* docsUrl and clickable service headers
* don't cleanup after update until new service install succeeds
* update types
* misc fixes
* beta.35
* sdkversion, githash for sideload, correct logs for init, startos pubkey display
* bring back reboot button on install
* misc fixes
* beta.36
* better handling of setup and init for websocket errors
* reopen init and setup logs even on graceful closure
* better logging, misc fixes
* fix build
* dont let package stats hang
* dont show docsurl in marketplace if no docsurl
* re-add needs-config
* show error if init fails, shorten hover state on header icons
* fix operator precedemce
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
Co-authored-by: Mariusz Kogen <k0gen@pm.me>
* addHealthCheck on Daemons
* fix bug that prevents domains without protocols from being deleted
* fixes from testing
* version bump
* add sdk version to UI
* fix useEntrypoint
* fix dependency health check error display
* minor fixes
* beta.29
* fixes from testing
* beta.30
* set /etc/os-release (#2918)
* remove check-monitor from kiosk (#2059)
* add units for progress (#2693)
* use new progress type
* alpha.7
* fix up pwa stuff
* fix wormhole-squashfs and prune boot (#2964)
* don't exit on expected errors
* use bash
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* fix initiall setup as user and clear messaging
* fix this and that :)
* add IPv6 support to validate_ip function
* Use vpn-clearnet as name for the interface
* Rebrand and finish with docs link
* set static clearnet name
* Magic clearnet to the end :D
* change the command name
* the name is magic-clearnet
* wireguard-vps-proxy-setup
* one more fix
* miscellaneous bugfixes for alpha12
* fix deserialization of path in cifs share
* catch error in setup.status
* actually reserialize db after migration
* better progress reporting for migrations
* fix infinite drop
* fix raspi build
* fix race condition
* version bump
---------
Co-authored-by: Matt Hill <mattnine@protonmail.com>
* feat: add WireGuard VPS setup automation script
Adds a comprehensive bash script that automates:
- SSH key setup and authentication
- WireGuard installation on remote VPS
- Configuration download and import to NetworkManager
- User-friendly CLI interface with validation
- Detailed status messages and error handling
- Instructions for exposing services via ACME/Let's Encrypt
* use cat heredoc for issue files to fix formatting
Replaces echo with cat heredoc when writing to /etc/issue and /etc/issue.net to properly preserve escape sequences and prevent unwanted newlines in login prompts.
* add convent `wg-vps-setup` symlink to PATH
* sync ssh privkey on init
* Update default ssh key location
* simplify to use existing StartOS SSH keys and fix .ssh permission
* finetune
* Switch to start9labs repo
* rename some files
* set correct ownership
---------
Co-authored-by: Aiden McClelland <me@drbonez.dev>
* Add gather_debug_info.sh for comprehensive StartOS diagnostics
* chore: Update the services to use the lxc instead of podman
* chore: Add symlink /usr/bin/gather-debug
---------
Co-authored-by: Jade <2364004+Blu-J@users.noreply.github.com>
* add support for ACME cert acquisition
* add support for modifying hosts for a package
* misc fixes
* more fixes
* use different port for lan clearnet than wan clearnet
* fix chroot-and-upgrade always growing
* bail on failure
* wip
* fix alpn auth
* bump async-acme
* fix cli
* add barebones documentation
* add domain to hostname info
* wip: static-server errors
* wip: fix wifi
* wip: Fix the service_effects
* wip: Fix cors in the middleware
* wip(chore): Auth clean up the lint.
* wip(fix): Vhost
* wip: continue manager refactor
Co-authored-by: J H <Blu-J@users.noreply.github.com>
* wip: service manager refactor
* wip: Some fixes
* wip(fix): Fix the lib.rs
* wip
* wip(fix): Logs
* wip: bins
* wip(innspect): Add in the inspect
* wip: config
* wip(fix): Diagnostic
* wip(fix): Dependencies
* wip: context
* wip(fix) Sorta auth
* wip: warnings
* wip(fix): registry/admin
* wip(fix) marketplace
* wip(fix) Some more converted and fixed with the linter and config
* wip: Working on the static server
* wip(fix)static server
* wip: Remove some asynnc
* wip: Something about the request and regular rpc
* wip: gut install
Co-authored-by: J H <Blu-J@users.noreply.github.com>
* wip: Convert the static server into the new system
* wip delete file
* test
* wip(fix) vhost does not need the with safe defaults
* wip: Adding in the wifi
* wip: Fix the developer and the verify
* wip: new install flow
Co-authored-by: J H <Blu-J@users.noreply.github.com>
* fix middleware
* wip
* wip: Fix the auth
* wip
* continue service refactor
* feature: Service get_config
* feat: Action
* wip: Fighting the great fight against the borrow checker
* wip: Remove an error in a file that I just need to deel with later
* chore: Add in some more lifetime stuff to the services
* wip: Install fix on lifetime
* cleanup
* wip: Deal with the borrow later
* more cleanup
* resolve borrowchecker errors
* wip(feat): add in the handler for the socket, for now
* wip(feat): Update the service_effect_handler::action
* chore: Add in the changes to make sure the from_service goes to context
* chore: Change the
* refactor service map
* fix references to service map
* fill out restore
* wip: Before I work on the store stuff
* fix backup module
* handle some warnings
* feat: add in the ui components on the rust side
* feature: Update the procedures
* chore: Update the js side of the main and a few of the others
* chore: Update the rpc listener to match the persistant container
* wip: Working on updating some things to have a better name
* wip(feat): Try and get the rpc to return the correct shape?
* lxc wip
* wip(feat): Try and get the rpc to return the correct shape?
* build for container runtime wip
* remove container-init
* fix build
* fix error
* chore: Update to work I suppose
* lxc wip
* remove docker module and feature
* download alpine squashfs automatically
* overlays effect
Co-authored-by: Jade <Blu-J@users.noreply.github.com>
* chore: Add the overlay effect
* feat: Add the mounter in the main
* chore: Convert to use the mounts, still need to work with the sandbox
* install fixes
* fix ssl
* fixes from testing
* implement tmpfile for upload
* wip
* misc fixes
* cleanup
* cleanup
* better progress reporting
* progress for sideload
* return real guid
* add devmode script
* fix lxc rootfs path
* fix percentage bar
* fix progress bar styling
* fix build for unstable
* tweaks
* label progress
* tweaks
* update progress more often
* make symlink in rpc_client
* make socket dir
* fix parent path
* add start-cli to container
* add echo and gitInfo commands
* wip: Add the init + errors
* chore: Add in the exit effect for the system
* chore: Change the type to null for failure to parse
* move sigterm timeout to stopping status
* update order
* chore: Update the return type
* remove dbg
* change the map error
* chore: Update the thing to capture id
* chore add some life changes
* chore: Update the loging
* chore: Update the package to run module
* us From for RpcError
* chore: Update to use import instead
* chore: update
* chore: Use require for the backup
* fix a default
* update the type that is wrong
* chore: Update the type of the manifest
* chore: Update to make null
* only symlink if not exists
* get rid of double result
* better debug info for ErrorCollection
* chore: Update effects
* chore: fix
* mount assets and volumes
* add exec instead of spawn
* fix mounting in image
* fix overlay mounts
Co-authored-by: Jade <Blu-J@users.noreply.github.com>
* misc fixes
* feat: Fix two
* fix: systemForEmbassy main
* chore: Fix small part of main loop
* chore: Modify the bundle
* merge
* fixMain loop"
* move tsc to makefile
* chore: Update the return types of the health check
* fix client
* chore: Convert the todo to use tsmatches
* add in the fixes for the seen and create the hack to allow demo
* chore: Update to include the systemForStartOs
* chore UPdate to the latest types from the expected outout
* fixes
* fix typo
* Don't emit if failure on tsc
* wip
Co-authored-by: Jade <Blu-J@users.noreply.github.com>
* add s9pk api
* add inspection
* add inspect manifest
* newline after display serializable
* fix squashfs in image name
* edit manifest
Co-authored-by: Jade <Blu-J@users.noreply.github.com>
* wait for response on repl
* ignore sig for now
* ignore sig for now
* re-enable sig verification
* fix
* wip
* env and chroot
* add profiling logs
* set uid & gid in squashfs to 100000
* set uid of sqfs to 100000
* fix mksquashfs args
* add env to compat
* fix
* re-add docker feature flag
* fix docker output format being stupid
* here be dragons
* chore: Add in the cross compiling for something
* fix npm link
* extract logs from container on exit
* chore: Update for testing
* add log capture to drop trait
* chore: add in the modifications that I make
* chore: Update small things for no updates
* chore: Update the types of something
* chore: Make main not complain
* idmapped mounts
* idmapped volumes
* re-enable kiosk
* chore: Add in some logging for the new system
* bring in start-sdk
* remove avahi
* chore: Update the deps
* switch to musl
* chore: Update the version of prettier
* chore: Organize'
* chore: Update some of the headers back to the standard of fetch
* fix musl build
* fix idmapped mounts
* fix cross build
* use cross compiler for correct arch
* feat: Add in the faked ssl stuff for the effects
* @dr_bonez Did a solution here
* chore: Something that DrBonez
* chore: up
* wip: We have a working server!!!
* wip
* uninstall
* wip
* tes
---------
Co-authored-by: J H <dragondef@gmail.com>
Co-authored-by: J H <Blu-J@users.noreply.github.com>
Co-authored-by: J H <2364004+Blu-J@users.noreply.github.com>
* set governor to "performance" if available
* add linux-cpupower
* fix: Boolean blindness, thanks @dr-bones
---------
Co-authored-by: J H <2364004+Blu-J@users.noreply.github.com>
