Agent/sync/tor upgrade (#234)

* adds tor upgrade sync

* use the right version

* I hate all of you

CONTRIBUTING.md

@@ -0,0 +1,237 @@
+<!-- omit in toc -->
+# Contributing to Embassy OS
+
+First off, thanks for taking the time to contribute! ❤️
+
+All types of contributions are encouraged and valued. See the [Table of Contents](#table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution. It will make it a lot easier for us maintainers and smooth out the experience for all involved. The community looks forward to your contributions. 🎉
+
+> And if you like the project, but just don't have time to contribute, that's fine. There are other easy ways to support the project and show your appreciation, which we would also be very happy about:
+> - Star the project
+> - Tweet about it
+> - Refer this project in your project's readme
+> - Mention the project at local meetups and tell your friends/colleagues
+> - Buy an [Embassy](https://start9labs.com)
+
+<!-- omit in toc -->
+## Table of Contents
+
+- [I Have a Question](#i-have-a-question)
+- [I Want To Contribute](#i-want-to-contribute)
+  - [Reporting Bugs](#reporting-bugs)
+  - [Suggesting Enhancements](#suggesting-enhancements)
+  - [Your First Code Contribution](#your-first-code-contribution)
+    - [Setting Up Your Development Environment](#setting-up-your-development-environment)
+    - [Building The Image](#building-the-image)
+  - [Improving The Documentation](#improving-the-documentation)
+- [Styleguides](#styleguides)
+  - [Formatting](#formatting)
+  - [Atomic Commits](#atomic-commits)
+  - [Commit Messages](#commit-messages)
+  - [Pull Requests](#pull-requests)
+  - [Rebasing Changes](#rebasing-changes)
+- [Join The Discussion](#join-the-discussion)
+- [Join The Project Team](#join-the-project-team)
+
+
+
+## I Have a Question
+
+> If you want to ask a question, we assume that you have read the available [Documentation](https://docs.start9labs.com).
+
+Before you ask a question, it is best to search for existing [Issues](https://github.com/Start9Labs/embassy-os/issues) that might help you. In case you have found a suitable issue and still need clarification, you can write your question in this issue. It is also advisable to search the internet for answers first.
+
+If you then still feel the need to ask a question and need clarification, we recommend the following:
+
+- Open an [Issue](https://github.com/Start9Labs/embassy-os/issues/new).
+- Provide as much context as you can about what you're running into.
+- Provide project and platform versions, depending on what seems relevant.
+
+We will then take care of the issue as soon as possible.
+
+<!--
+You might want to create a separate issue tag for questions and include it in this description. People should then tag their issues accordingly.
+
+Depending on how large the project is, you may want to outsource the questioning, e.g. to Stack Overflow or Gitter. You may add additional contact and information possibilities:
+- IRC
+- Slack
+- Gitter
+- Stack Overflow tag
+- Blog
+- FAQ
+- Roadmap
+- E-Mail List
+- Forum
+-->
+
+## I Want To Contribute
+
+> ### Legal Notice <!-- omit in toc -->
+> When contributing to this project, you must agree that you have authored 100% of the content, that you have the necessary rights to the content and that the content you contribute may be provided under the project license.
+
+### Reporting Bugs
+
+<!-- omit in toc -->
+#### Before Submitting a Bug Report
+
+A good bug report shouldn't leave others needing to chase you up for more information. Therefore, we ask you to investigate carefully, collect information and describe the issue in detail in your report. Please complete the following steps in advance to help us fix any potential bug as fast as possible.
+
+- Make sure that you are using the latest version.
+- Determine if your bug is really a bug and not an error on your side e.g. using incompatible environment components/versions (Make sure that you have read the [documentation](https://docs.start9labs.com). If you are looking for support, you might want to check [this section](#i-have-a-question)).
+- To see if other users have experienced (and potentially already solved) the same issue you are having, check if there is not already a bug report existing for your bug or error in the [bug tracker](https://github.com/Start9Labs/embassy-osissues?q=label%3Abug).
+- Also make sure to search the internet (including Stack Overflow) to see if users outside of the GitHub community have discussed the issue.
+- Collect information about the bug:
+  - Stack trace (Traceback)
+  - Client OS, Platform and Version (Windows/Linux/macOS/iOS/Android, Firefox/Tor Browser/Consulate)
+  - Version of the interpreter, compiler, SDK, runtime environment, package manager, depending on what seems relevant.
+  - Possibly your input and the output
+  - Can you reliably reproduce the issue? And can you also reproduce it with older versions?
+
+<!-- omit in toc -->
+#### How Do I Submit a Good Bug Report?
+
+> You must never report security related issues, vulnerabilities or bugs to the issue tracker, or elsewhere in public. Instead sensitive bugs must be sent by email to <security@start9labs.com>.
+<!-- You may add a PGP key to allow the messages to be sent encrypted as well. -->
+
+We use GitHub issues to track bugs and errors. If you run into an issue with the project:
+
+- Open an [Issue](https://github.com/Start9Labs/embassy-os/issues/new). (Since we can't be sure at this point whether it is a bug or not, we ask you not to talk about a bug yet and not to label the issue.)
+- Explain the behavior you would expect and the actual behavior.
+- Please provide as much context as possible and describe the *reproduction steps* that someone else can follow to recreate the issue on their own. This usually includes your code. For good bug reports you should isolate the problem and create a reduced test case.
+- Provide the information you collected in the previous section.
+
+Once it's filed:
+
+- The project team will label the issue accordingly.
+- A team member will try to reproduce the issue with your provided steps. If there are no reproduction steps or no obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with the `needs-repro` tag will not be addressed until they are reproduced.
+- If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as `critical`), and the issue will be left to be [implemented by someone](#your-first-code-contribution).
+
+<!-- You might want to create an issue template for bugs and errors that can be used as a guide and that defines the structure of the information to be included. If you do so, reference it here in the description. -->
+
+
+### Suggesting Enhancements
+
+This section guides you through submitting an enhancement suggestion for Embassy OS, **including completely new features and minor improvements to existing functionality**. Following these guidelines will help maintainers and the community to understand your suggestion and find related suggestions.
+
+<!-- omit in toc -->
+#### Before Submitting an Enhancement
+
+- Make sure that you are using the latest version.
+- Read the [documentation](https://docs.start9labs.com) carefully and find out if the functionality is already covered, maybe by an individual configuration.
+- Perform a [search](https://github.com/Start9Labs/embassy-os/issues) to see if the enhancement has already been suggested. If it has, add a comment to the existing issue instead of opening a new one.
+- Find out whether your idea fits with the scope and aims of the project. It's up to you to make a strong case to convince the project's developers of the merits of this feature. Keep in mind that we want features that will be useful to the majority of our users and not just a small subset. If you're just targeting a minority of users, consider writing an add-on/plugin library.
+
+<!-- omit in toc -->
+#### How Do I Submit a Good Enhancement Suggestion?
+
+Enhancement suggestions are tracked as [GitHub issues](https://github.com/Start9Labs/embassy-os/issues).
+
+- Use a **clear and descriptive title** for the issue to identify the suggestion.
+- Provide a **step-by-step description of the suggested enhancement** in as many details as possible.
+- **Describe the current behavior** and **explain which behavior you expected to see instead** and why. At this point you can also tell which alternatives do not work for you.
+- You may want to **include screenshots and animated GIFs** which help you demonstrate the steps or point out the part which the suggestion is related to. You can use [this tool](https://www.cockos.com/licecap/) to record GIFs on macOS and Windows, and [this tool](https://github.com/colinkeenan/silentcast) or [this tool](https://github.com/GNOME/byzanz) on Linux. <!-- this should only be included if the project has a GUI -->
+- **Explain why this enhancement would be useful** to most Embassy OS users. You may also want to point out the other projects that solved it better and which could serve as inspiration.
+
+<!-- You might want to create an issue template for enhancement suggestions that can be used as a guide and that defines the structure of the information to be included. If you do so, reference it here in the description. -->
+
+### Project Structure
+Embassy OS has 3 main components: `agent`, `appmgr`, and `ui`.
+- The `ui` (Typescript Ionic Angular) is the code that is deployed to the browser to provide the user interface for Embassy OS
+- The `agent` (Haskell) is a daemon that provides the interface for the `ui` to interact with the Embassy, as well as manage system state.
+- `appmgr` (Rust) is a command line utility and (soon to be) daemon that sets up and manages services and their environments.
+
+### Your First Code Contribution
+
+#### Setting up your development environment
+##### agent
+There are two main workflows to consider when developing on the agent. During the development process you will spend
+most of your time developing in an environment where you cannot actually run the agent. This is because we make heavy
+platform specific assumptions (by nature of the project) around what folders get used and what package management tools
+are used for the underlying system. If you are running this on a platform besides Linux you won't even be able to run
+the agent effectively on your dev machine. Even if you are on Linux you may not want to turn administrative control over
+to the software you are currently developing. So how do you know that anything you are doing is right? We make extensive
+use of Haskell's type system and surrounding tooling. For this you will want to make sure you are using the [haskell-language-server](https://github.com/haskell/haskell-language-server)
+and [stack](https://github.com/commercialhaskell/stack)
+
+At some point though you will want to build the agent for the target platform (Raspberry Pi 4). This is the second build
+flow that you will need to consider.
+
+At Start9 we build the agent in two different ways. The primary way we have done it is on the Raspberry Pi itself. To do
+this you will need stack built for the Raspberry Pi. Unfortunately, however, FPComplete no longer
+distributes ARMv7 binaries for stack. Though hopefully soon we will be able to submit the binaries we've built for this
+project back to them and have them hosted more visibly. The way we bootstrap through this problem is by downloading version
+[2.1.3](https://github.com/commercialhaskell/stack/releases/download/v2.1.3/stack-2.1.3-linux-arm.tar.gz) and using that
+to compile v2.5.1. Before you can successfully compile anything with GHC on the Raspberry Pi. You will need to tweak the
+relevant GHC config. You will need to edit the file at `~/.stack/programs/arm-linux/ghc-8.10.2/lib/ghc-8.10.2/settings`
+and change the line `("C compiler flags", " -marm -fno-stack-protector -mcpu=cortex-a7")` to include `-mcpu=cortex-a7`.
+You will also need to make sure you've downloaded and installed LLVM 9.
+
+Once you have done these things, you simply need to `cd` into the embassy-os project and then run `make agent`.
+
+##### ui
+- Requirements
+  - [Install nodejs](https://nodejs.org/en/)
+  - [Install npm](https://www.npmjs.com/get-npm)
+  - [Install ionic cli](https://ionicframework.com/docs/intro/cli)
+- Scripts (run within ./ui directory)
+  - `npm i` installs ui node package dependencies
+  - `npm run build` compiles project, depositing build artifacts into ./ui/www
+  - `npm run build-prod` as above but customized for deployment to an Embassy
+  - `ionic serve` serves the ui on localhost:8100 for local development. Edit ./ui/use-mocks.json to 'true' to use mocks during local development
+  - `./build-send.sh <embassy .local address suffix>` builds the project and deploys it to the referenced Embassy
+    - Find your Embassy on the LAN using the Start9 Setup App or network tools. It's address will be of the form `start9-<suffix>.local`.
+    - For example `./build-send.sh abcdefgh` will deploy the ui to the Embassy with LAN address `start9-abcdefgh.local`.
+    - SSH keys must be installed on the Embassy prior to running this script.
+
+##### appmgr
+  - [Install Rust](https://rustup.rs)
+  - Recommended: [rust-analyzer](https://rust-analyzer.github.io/)
+
+#### Building The Image
+- Requirements
+  - `ext4fs` (available if running on the Linux kernel)
+  - [Docker](https://docs.docker.com/get-docker/)
+  - GNU Make
+- Building
+  - build the [agent](#agent)
+    - make sure resulting artifact is agent/dist/agent
+  - run `make`
+
+### Improving The Documentation
+You can find the repository for Start9's documentation [here](https://github.com/Start9Labs/documentation). If there is something you would like to see added, let us know, or create an issue yourself. Welcome are contributions for lacking or incorrect information, broken links, requested additions, or general style improvements. 
+
+Contributions in the form of setup guides for integrations with external applications are highly encouraged. If you struggled through a process and would like to share your steps with others, check out the docs for each [service](https://github.com/Start9Labs/documentation/blob/master/source/user-manuals/available-services/index.rst) we support. The wrapper repos contain sections for adding integration guides, such as this [one](https://github.com/Start9Labs/bitcoind-wrapper/tree/master/docs). These not only help out others in the community, but inform how we can create a more seamless and intuitive experience.
+
+## Styleguides
+### Formatting
+Code must be formatted with the formatter designated for each component:
+- `ui`: [tslint](https://palantir.github.io/tslint/)
+- `agent`: [brittany](https://github.com/lspitzner/brittany)
+- `appmgr`: [rustfmt](https://github.com/rust-lang/rustfmt)
+
+### Atomic Commits
+Commits [should be atomic](https://en.wikipedia.org/wiki/Atomic_commit#Atomic_commit_convention) and diffs should be easy to read.
+Do not mix any formatting fixes or code moves with actual code changes.
+
+### Commit Messages
+If a commit touches only 1 component, prefix the message with the affected component. i.e. `appmgr: update to tokio v0.3`.
+
+### Pull Requests
+The body of a pull request should contain sufficient description of what the changes do, as well as a justification.
+You should include references to any relevant [issues](https://github.com/Start9Labs/embassy-os/issues).
+
+### Rebasing Changes
+When a pull request conflicts with the target branch, you may be asked to rebase it on top of the current target branch. The git rebase command will take care of rebuilding your commits on top of the new base.
+
+This project aims to have a clean git history, where code changes are only made in non-merge commits. This simplifies auditability because merge commits can be assumed to not contain arbitrary code changes.
+
+## Join The Discussion
+Current or aspiring contributors? Join our community developer Matrix channel: `#community-dev:matrix.start9labs.com`.
+
+Just interested in or using the project? Join our community [Telegram](https://t.me/start9_labs) or Matrix channel: `#community:matrix.start9labs.com`.
+
+## Join The Project Team
+Interested in becoming a part of the Start9 Labs team? Send an email to <jobs@start9labs.com>
+
+<!-- omit in toc -->
+## Attribution
+This guide is based on the **contributing-gen**. [Make your own](https://github.com/bttger/contributing-gen)!

LICENSE.md

@@ -2,17 +2,24 @@
 
 This license governs the use of the accompanying Software. If you use the Software, you accept this license. If you do not accept the license, do not use the Software.
 
-1. **Definitions**
-    1. "Licensor" means the copyright owner, Start9 Labs, Inc, or its successor(s) in interest, or a future assignee of the copyright.
-    2. "Source Code" means the code made available to you by the Licensor pursuant to the terms of this license and any derivative works based thereon.
-    3. "Object Code" means any non-source form of the Source Code, including the machine-language output by a compiler or assembler.
-    4. "Distribute" means to convey or to publish and generally has the same meaning here as under U.S. Copyright law.
-    5. "Personal Use" means accessing, copying, reviewing, auditing, running, testing, or modifying the Source Code.
-2. **Grant of Rights**
-    1. Subject to the terms of this license, the Licensor grants you, the licensee, a non-exclusive, worldwide, royalty-free copyright license to the Source Code for Personal Use only.
-    2. Subject to the terms of this license, the Licensor grants you, the licensee, the right to Distribute the Source Code or modifications to the Source Code.
-    3. Distributing the Object Code, or any Object Code created based on your modifications to the Source Code, is not permitted under the terms of this license without express written consent of the Licensor.
-    4. If you Distribute the Source Code, or if permission is granted to Distribute the Object Code, you expressly undertake not to remove, or modify, in any manner, the copyright notices attached to the Source Code, and displayed in any output of the Object Code when run, and to reproduce these notices, in an identical manner, in any distributed copies of the Source Code or Object Code together with a copy of this license. If you Distribute a modified copy of the Software or a derivative work based thereon, the work must carry prominent notices stating that you modified it, and giving a relevant date.
-    5. The terms of this license will apply to anyone who comes into possession of a copy of the Source Code or Object Code, and any modifications or derivative works based thereon, made by anyone.
-3. **Disclaimer.** THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Licensor has no obligation to support recipients of the Source Code or Object Code.
+1. **Definitions.**
+    1. “Licensor” means the copyright owner, Start9 Labs, Inc, or its successor(s) in interest, or a future assignee of the copyright.
+    2. “Source Code” means the preferred form of the Software for making modifications to it.
+    3. “Object Code” means any non-source form of the Software, including the machine-language output by a compiler or assembler.
+    4. “Distribute” means to convey or to publish and generally has the same meaning here as under U.S. Copyright law.
+    5. “Sell” means practicing any or all of the rights granted to you under the License to provide to third parties, for a fee or other consideration (including without limitation fees for hosting or consulting/support services related to the Software), a product or service whose value derives, entirely or substantially, from the functionality of the Software.
+
+2. **Grant of Rights.** Subject to the terms of this license, the Licensor grants you, the licensee, a non-exclusive, worldwide, royalty-free copyright license to:
+    1. Access, audit, copy, modify, compile, or distribute the Source Code or modifications to the Source Code.
+    2. Run, test, or otherwise use the Object Code.
+
+3. **Limitations.**
+    1. The grant of rights under the License will NOT include, and the License does NOT grant you the right to:
+        1. Sell the Software or any derivative works based thereon.
+        2. Distribute the Object Code.
+    2. If you Distribute the Source Code, or if permission is separately granted to Distribute the Object Code, you expressly undertake not to remove, or modify, in any manner, the copyright notices attached to the Source Code, and displayed in any output of the Object Code when run, and to reproduce these notices, in an identical manner, in any distributed copies of the Software together with a copy of this license. If you Distribute a modified copy of the Software, or a derivative work based thereon, the work must carry prominent notices stating that you modified it, and giving a relevant date.
+    3. The terms of this license will apply to anyone who comes into possession of a copy of the Software, and any modifications or derivative works based thereon, made by anyone.
+
 4. **Contributions.** You hereby grant to Licensor a perpetual, irrevocable, worldwide, non-exclusive, royalty-free license to use and exploit any modifications or derivative works based on the Source Code of which you are the author.
+
+5. **Disclaimer.** THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. LICENSOR HAS NO OBLIGATION TO SUPPORT RECIPIENTS OF THE SOFTWARE.

Makefile

@@ -1,12 +1,20 @@
 APPMGR_SRC := $(shell find appmgr/src) appmgr/Cargo.toml appmgr/Cargo.lock
+LIFELINE_SRC := $(shell find lifeline/src) lifeline/Cargo.toml lifeline/Cargo.lock
 AGENT_SRC := $(shell find agent/src) $(shell find agent/config) agent/stack.yaml agent/package.yaml agent/build.sh
-
-.DELETE_ON_ERROR:
+UI_SRC := $(shell find ui/src) \
+			ui/angular.json \
+			ui/browserslist \
+			ui/client-manifest.yaml \
+			ui/ionic.config.json \
+			ui/postprocess.ts \
+			ui/tsconfig.json \
+			ui/tslint.json \
+			ui/use-mocks.json
 
 all: embassy.img
 
-embassy.img: buster.img product_key appmgr/target/armv7-unknown-linux-musleabihf/release/appmgr ui/www agent/dist/agent agent/config/agent.service
-	./make_image.sh
+embassy.img: buster.img product_key appmgr/target/armv7-unknown-linux-gnueabihf/release/appmgr ui/www agent/dist/agent agent/config/agent.service lifeline/target/armv7-unknown-linux-gnueabihf/release/lifeline lifeline/lifeline.service setup.sh setup.service docker-daemon.json
+	sudo ./make_image.sh
 
 buster.img:
 	wget -O buster.zip https://downloads.raspberrypi.org/raspios_lite_armhf/images/raspios_lite_armhf-2020-08-24/2020-08-20-raspios-buster-armhf-lite.zip
@@ -18,13 +26,28 @@ product_key:
 	echo "X\c" > product_key
 	cat /dev/random | base32 | head -c11 | tr '[:upper:]' '[:lower:]' >> product_key
 
-appmgr/target/armv7-unknown-linux-musleabihf/release/appmgr: $(APPMGR_SRC)
+appmgr/target/armv7-unknown-linux-gnueabihf/release/appmgr: $(APPMGR_SRC)
 	docker run --rm -it -v ~/.cargo/registry:/root/.cargo/registry -v "$(shell pwd)":/home/rust/src start9/rust-arm-cross:latest sh -c "(cd appmgr && cargo build --release --features=production)"
 	docker run --rm -it -v ~/.cargo/registry:/root/.cargo/registry -v "$(shell pwd)":/home/rust/src start9/rust-arm-cross:latest arm-linux-gnueabi-strip appmgr/target/armv7-unknown-linux-gnueabihf/release/appmgr
 
-appmgr: appmgr/target/armv7-unknown-linux-musleabihf/release/appmgr
+appmgr: appmgr/target/armv7-unknown-linux-gnueabihf/release/appmgr
 
 agent/dist/agent: $(AGENT_SRC)
-	(cd agent; ./build.sh)
+	(cd agent && ./build.sh)
 
 agent: agent/dist/agent
+
+ui/node_modules: ui/package.json
+	npm --prefix ui install
+
+ui/www: $(UI_SRC) ui/node_modules
+	npm --prefix ui run build-prod
+
+ui: ui/www
+
+lifeline/target/armv7-unknown-linux-gnueabihf/release/lifeline: $(LIFELINE_SRC)
+	docker run --rm -it -v ~/.cargo/registry:/root/.cargo/registry -v "$(shell pwd)":/home/rust/src start9/rust-arm-cross:latest sh -c "(cd lifeline && cargo build --release)"
+	docker run --rm -it -v ~/.cargo/registry:/root/.cargo/registry -v "$(shell pwd)":/home/rust/src start9/rust-arm-cross:latest arm-linux-gnueabi-strip lifeline/target/armv7-unknown-linux-gnueabihf/release/lifeline
+
+lifeline: lifeline/target/armv7-unknown-linux-gnueabihf/release/lifeline
+

README.md

@@ -1 +1,35 @@
-# Embassy OS
+# EmbassyOS
+[![Version](https://img.shields.io/github/v/tag/Start9Labs/embassy-os?color=success)](https://github.com/Start9Labs/embassy-os/releases)
+[![community](https://img.shields.io/badge/community-telegram-informational)](https://t.me/start9_labs)
+[![support](https://img.shields.io/badge/support-docs-important)](https://docs.start9labs.com)
+[![developer](https://img.shields.io/badge/developer-matrix-blueviolet)](https://matrix.to/#/#community-dev:matrix.start9labs.com)
+[![website](https://img.shields.io/website?down_color=lightgrey&down_message=offline&up_color=success&up_message=online&url=https%3A%2F%2Fstart9labs.com)](https://start9labs.com)
+
+[![twitter](https://img.shields.io/twitter/follow/start9labs?label=Follow)](https://twitter.com/start9labs)
+
+### _Anyone can do it. No one can stop it._ ###
+
+EmbassyOS is a mass-market, graphical operating system designed to facilitate the discovery, installation, configuration, private self-hosting, and reliable operation of open-source software services and applications. It aims to eliminate trust and custodianship from personal computing.
+
+![EmbassyOS image](eos.png?w=600)
+
+## ⚠️ Caution
+Some technologies supported by this software, such as [Lightning](https://lightning.network/), are considered in active development and might experience issues. Do not commit any funds you are not willing to loose. Be #reckless at your own risk. 
+
+## Running EmbassyOS
+There are multiple ways to obtain and begin using EmbassyOS.
+
+### Buy an Embassy
+This is the most convenient option. Simply [buy an Embassy](https://start9labs.com) from Start9 Labs and plug it in. Depending on where you live, shipping costs and import duties may vary.
+
+### Build your own Embassy
+While not as convenient as buying an Embassy, this option is easier than you might imagine, and there are 4 reasons why you might prefer it:
+1. You already have a Raspberry Pi and would like to re-purpose it.
+1. You want to save on shipping costs.
+1. You prefer not to divulge your physical shipping address.
+1. You just like building things.
+
+To pursue this option, follow this [guide](https://docs.start9labs.com/getting-started/diy.html).
+
+## Contributing
+To build EmbassyOS from source, or to contribute to its development, see [here](https://github.com/Start9Labs/embassy-os/blob/master/CONTRIBUTING.md#building-the-image).

agent/config/routes

@@ -7,10 +7,13 @@
 /v0                                   ServerR                  GET PATCH
 
 /v0/name                              NameR                    PATCH
+/v0/autoCheckUpdates                  AutoCheckUpdatesR        PATCH
 
+/v0/welcome/#Version                  WelcomeR                 POST
 /v0/specs                             SpecsR                   GET
 /v0/metrics                           MetricsR                 GET
 
+/v0/logs                              LogsR                    GET
 /v0/sshKeys                           SshKeysR                 GET POST
 /v0/sshKeys/#Text                     SshKeyByFingerprintR     DELETE
 /v0/password                          PasswordR                PATCH
@@ -36,8 +39,12 @@
 /v0/apps/#AppId/backup/stop           StopBackupR              POST
 /v0/apps/#AppId/backup/restore        RestoreBackupR           POST
 /v0/apps/#AppId/autoconfig/#AppId     AutoconfigureR           POST
+/v0/apps/#AppId/actions               ActionR                  POST
 
-/v0/disks                             ListDisksR               GET
+/v0/network/lan/reset                 ResetLanR                POST
+
+/v0/disks                             DisksR                   GET
+/v0/disks/eject                       EjectR                   POST
 
 /v0/update                            UpdateAgentR             POST
 /v0/wifi                              WifiR                    GET POST

agent/config/settings.yml

@@ -33,6 +33,6 @@ database:
   database: "start9_agent.sqlite3"
   poolsize: "_env:YESOD_SQLITE_POOLSIZE:10"
 
-app-mgr-version-spec: "=0.2.7"
+app-mgr-version-spec: "=0.2.9"
 
 #analytics: UA-YOURCODE

agent/migrations/0.2.7::0.2.8

@@ -0,0 +1 @@
+SELECT TRUE;

agent/migrations/0.2.8::0.2.9

@@ -0,0 +1 @@
+SELECT TRUE;

agent/package.yaml

@@ -1,5 +1,5 @@
 name: ambassador-agent
-version: 0.2.7
+version: 0.2.9
 
 default-extensions:
 - NoImplicitPrelude
@@ -42,6 +42,7 @@ dependencies:
 - comonad
 - conduit
 - conduit-extra
+- connection
 - containers
 - cryptonite
 - cryptonite-conduit
@@ -64,6 +65,7 @@ dependencies:
 - http-types
 - interpolate
 - iso8601-time
+- json-rpc
 - lens
 - lens-aeson
 - lifted-async
@@ -72,6 +74,7 @@ dependencies:
 - mime-types
 - monad-control
 - monad-logger
+- network
 - persistent
 - persistent-sqlite
 - persistent-template

agent/src/Application.hs

@@ -54,19 +54,21 @@ import           Yesod.Persist.Core
 import           Constants
 import qualified Daemon.AppNotifications       as AppNotifications
 import           Daemon.RefreshProcDev
+import qualified Daemon.SslRenew as SSLRenew
+import           Daemon.TorHealth
 import           Daemon.ZeroConf
 import           Foundation
 import           Lib.Algebra.State.RegistryUrl
+import           Lib.Background
 import           Lib.Database
 import           Lib.External.Metrics.ProcDev
 import           Lib.SelfUpdate
 import           Lib.Sound
 import           Lib.SystemPaths
+import           Lib.Tor                        ( newTorManager )
 import           Lib.WebServer
 import           Model
 import           Settings
-import Lib.Background
-import qualified Daemon.SslRenew as SSLRenew
 
 appMain :: IO ()
 appMain = do
@@ -106,13 +108,17 @@ makeFoundation appSettings = do
     -- subsite.
     appLogger                   <- newStdoutLoggerSet defaultBufSize >>= makeYesodLogger
     appHttpManager              <- getGlobalManager
+    appTorManager               <- newTorManager (appTorSocksPort appSettings)
     appWebServerThreadId        <- newIORef Nothing
     appSelfUpdateSpecification  <- newEmptyMVar
     appIsUpdating               <- newIORef Nothing
     appIsUpdateFailed           <- newIORef Nothing
+    appOsVersionLatest          <- newIORef Nothing
     appBackgroundJobs           <- newTVarIO (JobCache HM.empty)
     def                         <- getDefaultProcDevMetrics
     appProcDevMomentCache       <- newIORef (now, mempty, def)
+    appLastTorRestart           <- newIORef now
+    appLanThread                <- forkIO (sleep 10) >>= newMVar
 
     -- We need a log function to create a connection pool. We need a connection
     -- pool to create our foundation. And we need our foundation to get a
@@ -193,6 +199,10 @@ startupSequence foundation = do
         void . forkIO . forever $ forkIO (SSLRenew.renewSslLeafCert foundation) *> sleep 86_400
         withAgentVersionLog_ "SSL Renewal daemon started"
 
+        withAgentVersionLog_ "Initializing Tor health check loop"
+        void . forkIO . forever $ forkIO (runReaderT torHealth foundation) *> sleep 300
+        withAgentVersionLog_ "Tor health check loop running"
+
         -- reloading avahi daemon
         -- DRAGONS! make sure this step happens AFTER system synchronization
         withAgentVersionLog_ "Publishing Agent to Avahi Daemon"

agent/src/Daemon/TorHealth.hs

@@ -0,0 +1,50 @@
+{-# LANGUAGE QuasiQuotes #-}
+module Daemon.TorHealth where
+
+import           Startlude
+
+import           Data.String.Interpolate.IsString
+
+import           Foundation
+import           Lib.SystemPaths
+import           Lib.Tor
+import           Yesod                          ( RenderRoute(renderRoute) )
+import           Network.HTTP.Simple            ( getResponseBody )
+import           Network.HTTP.Client            ( parseRequest )
+import           Network.HTTP.Client            ( httpLbs )
+import           Data.ByteString.Lazy           ( toStrict )
+import qualified UnliftIO.Exception            as UnliftIO
+import           Settings
+import           Data.IORef                     ( writeIORef
+                                                , readIORef
+                                                )
+import           Lib.SystemCtl
+
+torHealth :: ReaderT AgentCtx IO ()
+torHealth = do
+    settings <- asks appSettings
+    host     <- injectFilesystemBaseFromContext settings getAgentHiddenServiceUrl
+    let url = mappend [i|http://#{host}:5959|] . fold $ mappend "/" <$> fst (renderRoute VersionR)
+    response <- UnliftIO.try @_ @SomeException $ torGet (toS url)
+    case response of
+        Left _ -> do
+            putStrLn @Text "Failed Tor health check"
+            lastRestart <- asks appLastTorRestart >>= liftIO . readIORef
+            cooldown    <- asks $ appTorRestartCooldown . appSettings
+            now         <- liftIO getCurrentTime
+            if now > addUTCTime cooldown lastRestart
+                then do
+                    ec <- liftIO $ systemCtl RestartService "tor"
+                    case ec of
+                        ExitSuccess   -> asks appLastTorRestart >>= liftIO . flip writeIORef now
+                        ExitFailure _ -> do
+                            putStrLn @Text "Failed to restart tor daemon after failed tor health check"
+                else do
+                    putStrLn @Text "Failed tor healthcheck inside of cooldown window, tor will not be restarted"
+        Right _ -> pure ()
+
+torGet :: String -> ReaderT AgentCtx IO ByteString
+torGet url = do
+    manager <- asks appTorManager
+    req     <- parseRequest url
+    liftIO $ toStrict . getResponseBody <$> httpLbs req manager

agent/src/Daemon/ZeroConf.hs

@@ -18,6 +18,9 @@ import           Lib.ProductKey
 import           Lib.SystemPaths
 
 import           Settings
+import qualified Lib.Algebra.Domain.AppMgr     as AppMgr2
+import           Control.Carrier.Lift
+import           Lib.Error
 
 start9AgentServicePrefix :: IsString a => a
 start9AgentServicePrefix = "start9-"
@@ -53,4 +56,10 @@ publishAgentToAvahi = do
         "_http._tcp"
         agentPort
     lift Avahi.reload
+    lift $ threadDelay 10_000_000
+    tid <- asks appLanThread >>= liftIO . takeMVar
+    liftIO $ killThread tid
+    tid' <- liftIO $ forkIO (runM . void . runExceptT @S9Error $ AppMgr2.runAppMgrCliC AppMgr2.lanEnable)
+    asks appLanThread >>= liftIO . flip putMVar tid'
+
 

agent/src/Foundation.hs

@@ -58,19 +58,24 @@ import           Settings
 -- keep settings and values requiring initialization before your application
 -- starts running, such as database connections. Every handler will have
 -- access to the data present here.
+data OsVersionCache = OsVersionCache { osVersion :: Version, lastChecked :: UTCTime }
 
 data AgentCtx = AgentCtx
     { appSettings                 :: AppSettings
     , appHttpManager              :: Manager
+    , appTorManager               :: Manager
     , appConnPool                 :: ConnectionPool -- ^ Database connection pool.
     , appLogger                   :: Logger
     , appWebServerThreadId        :: IORef (Maybe ThreadId)
     , appIsUpdating               :: IORef (Maybe Version)
     , appIsUpdateFailed           :: IORef (Maybe S9Error)
+    , appOsVersionLatest          :: IORef (Maybe OsVersionCache)
     , appProcDevMomentCache       :: IORef (UTCTime, ProcDevMomentStats, ProcDevMetrics)
     , appSelfUpdateSpecification  :: MVar VersionRange
     , appBackgroundJobs           :: TVar JobCache
     , appIconTags                 :: TVar (HM.HashMap AppId (Digest MD5))
+    , appLastTorRestart           :: IORef UTCTime
+    , appLanThread                :: MVar ThreadId
     }
 
 setWebProcessThreadId :: ThreadId -> AgentCtx -> IO ()

agent/src/Handler/Apps.hs

@@ -7,65 +7,70 @@
 {-# LANGUAGE TypeApplications #-}
 module Handler.Apps where
 
-import           Startlude               hiding ( modify
-                                                , execState
+import           Startlude               hiding ( Reader
                                                 , asks
-                                                , Reader
-                                                , runReader
                                                 , catchError
-                                                , forkFinally
                                                 , empty
+                                                , execState
+                                                , forkFinally
+                                                , modify
+                                                , runReader
                                                 )
 
-import           Control.Carrier.Reader
 import           Control.Carrier.Error.Church
 import           Control.Carrier.Lift
+import           Control.Carrier.Reader
 import qualified Control.Concurrent.Async.Lifted
                                                as LAsync
 import qualified Control.Concurrent.Lifted     as Lifted
-import qualified Control.Exception.Lifted      as Lifted
 import           Control.Concurrent.STM.TVar
 import           Control.Effect.Empty    hiding ( guard )
 import           Control.Effect.Labelled        ( HasLabelled
                                                 , Labelled
                                                 , runLabelled
                                                 )
+import qualified Control.Exception.Lifted      as Lifted
 import           Control.Lens            hiding ( (??) )
 import           Control.Monad.Logger
 import           Control.Monad.Trans.Control    ( MonadBaseControl )
+import           Crypto.Hash
 import           Data.Aeson
 import           Data.Aeson.Lens
+import           Data.Aeson.Types               ( parseMaybe )
 import qualified Data.ByteString.Lazy          as LBS
-import           Data.IORef
 import qualified Data.HashMap.Lazy             as HML
 import qualified Data.HashMap.Strict           as HM
+import           Data.IORef
 import qualified Data.List.NonEmpty            as NE
 import           Data.Singletons
-import           Data.Singletons.Prelude.Bool   ( SBool(..)
-                                                , If
+import           Data.Singletons.Prelude.Bool   ( If
+                                                , SBool(..)
                                                 )
 import           Data.Singletons.Prelude.List   ( Elem )
-
+import qualified Data.Text                     as Text
 import           Database.Persist
 import           Database.Persist.Sql           ( ConnectionPool )
 import           Database.Persist.Sqlite        ( runSqlPool )
 import           Exinst
 import           Network.HTTP.Types
+import qualified Network.JSONRPC               as JSONRPC
 import           Yesod.Core.Content
-import           Yesod.Core.Json
 import           Yesod.Core.Handler      hiding ( cached )
+import           Yesod.Core.Json
 import           Yesod.Core.Types               ( JSONResponse(..) )
 import           Yesod.Persist.Core
 
 import           Foundation
 import           Handler.Backups
 import           Handler.Icons
+import           Handler.Network
 import           Handler.Types.Apps
 import           Handler.Util
 import qualified Lib.Algebra.Domain.AppMgr     as AppMgr2
 import           Lib.Algebra.State.RegistryUrl
 import           Lib.Background
 import           Lib.Error
+import qualified Lib.External.AppManifest      as AppManifest
 import qualified Lib.External.AppMgr           as AppMgr
 import qualified Lib.External.Registry         as Reg
 import           Lib.IconCache
@@ -74,10 +79,10 @@ import           Lib.SystemPaths
 import           Lib.TyFam.ConditionalData
 import           Lib.Types.Core
 import           Lib.Types.Emver
+import           Lib.Types.NetAddress
 import           Lib.Types.ServerApp
 import           Model
 import           Settings
-import           Crypto.Hash
 
 pureLog :: Show a => a -> Handler a
 pureLog = liftA2 (*>) ($logInfo . show) pure
@@ -209,6 +214,7 @@ getAvailableAppByIdLogic appId = do
         , appAvailableFullReleaseNotes           = storeAppVersionInfoReleaseNotes latest
         , appAvailableFullDependencyRequirements = HM.elems dependencyRequirements
         , appAvailableFullVersions               = storeAppVersionInfoVersion <$> storeAppVersions
+        , appAvailableFullInstallAlert           = storeAppVersionInfoInstallAlert latest
         }
 
 getAppLogsByIdR :: AppId -> Handler (JSONResponse [Text])
@@ -230,7 +236,7 @@ getInstalledAppsLogic :: (Has (Reader AgentCtx) sig m, Has AppMgr2.AppMgr sig m,
 getInstalledAppsLogic = do
     jobCache <- asks appBackgroundJobs >>= liftIO . readTVarIO
     let installCache = installInfo . fst <$> inspect SInstalling jobCache
-    serverApps <- AppMgr2.list [AppMgr2.flags|-s -d|]
+    serverApps <- AppMgr2.list [AppMgr2.flags|-s -d -m|]
     let remapped           = remapAppMgrInfo jobCache serverApps
         installingPreviews = flip
             HM.mapWithKey
@@ -242,16 +248,30 @@ getInstalledAppsLogic = do
                 , appInstalledPreviewStatus           = AppStatusTmp Installing
                 , appInstalledPreviewVersionInstalled = storeAppVersionInfoVersion
                 , appInstalledPreviewTorAddress       = Nothing
+                , appInstalledPreviewLanAddress       = Nothing
+                , appInstalledPreviewTorUi            = False
+                , appInstalledPreviewLanUi            = False
                 }
         installedPreviews = flip
             HML.mapWithKey
             remapped
-            \appId (s, v, AppMgr2.InfoRes {..}) -> AppInstalledPreview
-                { appInstalledPreviewBase             = AppBase appId infoResTitle (iconUrl appId v)
-                , appInstalledPreviewStatus           = s
-                , appInstalledPreviewVersionInstalled = v
-                , appInstalledPreviewTorAddress       = infoResTorAddress
-                }
+            \appId (s, v, AppMgr2.InfoRes {..}) ->
+                let
+                    mLanAddress = do -- Maybe
+                        addrBase <- infoResTorAddress
+                        let
+                            lanConfs = mapMaybe AppManifest.portMapEntryLan
+                                $ AppManifest.appManifestPortMapping infoResManifest
+                        guard (not . null $ lanConfs)
+                        pure $ LanAddress . (".onion" `Text.replace` ".local") . unTorAddress $ addrBase
+                in  AppInstalledPreview { appInstalledPreviewBase = AppBase appId infoResTitle (iconUrl appId v)
+                                        , appInstalledPreviewStatus = s
+                                        , appInstalledPreviewVersionInstalled = v
+                                        , appInstalledPreviewTorAddress = infoResTorAddress
+                                        , appInstalledPreviewLanAddress = mLanAddress
+                                        , appInstalledPreviewTorUi = AppManifest.torUiAvailable infoResManifest
+                                        , appInstalledPreviewLanUi = AppManifest.lanUiAvailable infoResManifest
+                                        }
 
     pure $ HML.elems $ HML.union installingPreviews installedPreviews
 
@@ -282,7 +302,14 @@ getInstalledAppByIdLogic appId = do
                 , appInstalledFullInstructions           = Nothing
                 , appInstalledFullLastBackup             = backupTime
                 , appInstalledFullTorAddress             = Nothing
+                , appInstalledFullLanAddress             = Nothing
+                , appInstalledFullTorUi                  = False
+                , appInstalledFullLanUi                  = False
                 , appInstalledFullConfiguredRequirements = []
+                , appInstalledFullUninstallAlert         = Nothing
+                , appInstalledFullRestoreAlert           = Nothing
+                , appInstalledFullStartAlert             = Nothing
+                , appInstalledFullActions                = []
                 }
     serverApps <- AppMgr2.list [AppMgr2.flags|-s -d|]
     let remapped = remapAppMgrInfo jobCache serverApps
@@ -290,6 +317,7 @@ getInstalledAppByIdLogic appId = do
     let
         installed = do
             (status, version, AppMgr2.InfoRes {..}) <- hoistMaybe (HM.lookup appId remapped)
+            manifest' <- lift $ LAsync.async $ AppMgr2.infoResManifest <<$>> AppMgr2.info [AppMgr2.flags|-M|] appId
             instructions'                           <- lift $ LAsync.async $ AppMgr2.instructions appId
             requirements                            <- LAsync.runConcurrently $ flip
                 HML.traverseWithKey
@@ -309,15 +337,30 @@ getInstalledAppByIdLogic appId = do
                             (HM.lookup depId installCache $> AppStatusTmp Installing)
                                 <|> (view _1 <$> HM.lookup depId remapped)
                     pure $ dependencyInfoToDependencyRequirement (AsInstalled STrue) (base, depStatus, depInfo)
+            manifest <- (lift $ LAsync.wait manifest') >>= \case
+                Nothing -> throwError $ NotFoundE "manifest" (show appId)
+                Just x  -> pure x
             instructions <- lift $ LAsync.wait instructions'
             backupTime   <- lift $ LAsync.wait backupTime'
+            let lanAddress = do
+                    addrBase <- infoResTorAddress
+                    let lanConfs = mapMaybe AppManifest.portMapEntryLan $ AppManifest.appManifestPortMapping manifest
+                    guard (not . null $ lanConfs)
+                    pure $ LanAddress . (".onion" `Text.replace` ".local") . unTorAddress $ addrBase
             pure AppInstalledFull { appInstalledFullBase = AppBase appId infoResTitle (iconUrl appId version)
                                   , appInstalledFullStatus                 = status
                                   , appInstalledFullVersionInstalled       = version
                                   , appInstalledFullInstructions           = instructions
                                   , appInstalledFullLastBackup             = backupTime
                                   , appInstalledFullTorAddress             = infoResTorAddress
+                                  , appInstalledFullLanAddress             = lanAddress
+                                  , appInstalledFullTorUi                  = AppManifest.torUiAvailable manifest
+                                  , appInstalledFullLanUi                  = AppManifest.lanUiAvailable manifest
                                   , appInstalledFullConfiguredRequirements = HM.elems requirements
+                                  , appInstalledFullUninstallAlert = AppManifest.appManifestUninstallAlert manifest
+                                  , appInstalledFullRestoreAlert = AppManifest.appManifestRestoreAlert manifest
+                                  , appInstalledFullStartAlert             = AppManifest.appManifestStartAlert manifest
+                                  , appInstalledFullActions                = AppManifest.appManifestActions manifest
                                   }
     runMaybeT (installing <|> installed) `orThrowM` NotFoundE "appId" (show appId)
 
@@ -351,7 +394,9 @@ postUninstallAppLogic appId dryrun = do
     breakageIds <- HM.keys . AppMgr2.unBreakageMap <$> AppMgr2.remove flags appId
     bs <- pure (traverse (hydrate $ (AppMgr2.infoResTitle &&& AppMgr2.infoResVersion) <$> serverApps) breakageIds)
         `orThrowM` InternalE "Reported app breakage for app that isn't installed, contact support"
-    when (not $ coerce dryrun) $ clearIcon appId
+    when (not $ coerce dryrun) $ do
+        clearIcon appId
+        postResetLanLogic
     pure $ WithBreakages bs ()
 
 type InstallResponse :: Bool -> Type
@@ -455,6 +500,7 @@ postInstallNewAppLogic appId appVersion dryrun = do
                                  (void $ Notifications.emit k infoResVersion (Notifications.RestartFailed e))
                                  pool
                 )
+            postResetLanLogic
 
 
 postStartServerAppR :: AppId -> Handler ()
@@ -642,6 +688,7 @@ getAvailableAppVersionInfoLogic appId appVersionSpec = do
     pure AppVersionInfo { appVersionInfoVersion                = storeAppVersionInfoVersion
                         , appVersionInfoReleaseNotes           = storeAppVersionInfoReleaseNotes
                         , appVersionInfoDependencyRequirements = HM.elems requirements
+                        , appVersionInfoInstallAlert           = storeAppVersionInfoInstallAlert
                         }
 
 postAutoconfigureR :: AppId -> AppId -> Handler (JSONResponse (WithBreakages AutoconfigureChangesRes))
@@ -730,6 +777,7 @@ storeAppToAvailablePreview s@StoreApp {..} installed = AppAvailablePreview
     (storeAppVersionInfoVersion $ extract storeAppVersions)
     storeAppDescriptionShort
     installed
+    storeAppTimestamp
 
 type AsInstalled :: Bool -> Type
 newtype AsInstalled a = AsInstalled { unAsInstalled :: SBool a }
@@ -757,3 +805,21 @@ dependencyInfoToDependencyRequirement asInstalled (base, status, AppMgr2.Depende
             let appDependencyRequirementReasonOptional = dependencyInfoReasonOptional
                 appDependencyRequirementDefault        = dependencyInfoRequired
             in  AppDependencyRequirement { .. }
+
+postActionR :: AppId -> Handler (JSONResponse JSONRPC.Response)
+postActionR appId = do
+    req <- requireCheckJsonBody
+    fmap JSONResponse . intoHandler $ postActionLogic appId req
+
+postActionLogic :: (Has (Error S9Error) sig m, Has AppMgr2.AppMgr sig m)
+                => AppId
+                -> JSONRPC.Request
+                -> m JSONRPC.Response
+postActionLogic appId (JSONRPC.Request { getReqMethod, getReqId }) = do
+    hm <- AppMgr2.action appId getReqMethod
+    case (HM.lookup "result" hm, HM.lookup "error" hm >>= parseMaybe parseJSON) of
+        (Just v , _      ) -> pure (JSONRPC.Response JSONRPC.V2 v getReqId)
+        (_      , Just e ) -> pure (JSONRPC.ResponseError JSONRPC.V2 e getReqId)
+        (Nothing, Nothing) -> throwError
+            $ AppMgrParseE "action" (decodeUtf8 . LBS.toStrict $ encode (Object hm)) "Invalid JSONRPC Response"
+postActionLogic _ r = throwError $ InvalidRequestE (toJSON r) "Invalid JSONRPC Request"

agent/src/Handler/Backups.hs

@@ -57,6 +57,14 @@ instance FromJSON RestoreBackupReq where
         restoreBackupPassword    <- o .:? "password" .!= Nothing
         pure RestoreBackupReq { .. }
 
+data EjectDiskReq = EjectDiskReq
+    { ejectDiskLogicalName :: Text 
+    } deriving (Eq, Show)
+instance FromJSON EjectDiskReq where
+    parseJSON = withObject "Eject Disk Req" $ \o -> do
+        ejectDiskLogicalName <- o .: "logicalName"
+        pure EjectDiskReq { .. }
+
 -- Handlers
 
 postCreateBackupR :: AppId -> Handler ()
@@ -95,9 +103,11 @@ postRestoreBackupR appId = disableEndpointOnFailedUpdate $ do
         & handleS9ErrC
         & runM
 
-getListDisksR :: Handler (JSONResponse [AppMgr.DiskInfo])
-getListDisksR = fmap JSONResponse . runM . handleS9ErrC $ listDisksLogic
+getDisksR :: Handler (JSONResponse [AppMgr.DiskInfo])
+getDisksR = fmap JSONResponse . runM . handleS9ErrC $ listDisksLogic
 
+postEjectR :: Handler ()
+postEjectR = runM . handleS9ErrC $ requireCheckJsonBody >>= ejectDiskLogic . ejectDiskLogicalName
 
 -- Logic
 
@@ -203,6 +213,13 @@ restoreBackupLogic appId RestoreBackupReq {..} = do
 listDisksLogic :: (Has (Error S9Error) sig m, MonadIO m) => m [AppMgr.DiskInfo]
 listDisksLogic = runExceptT AppMgr.diskShow >>= liftEither
 
+ejectDiskLogic :: (Has (Error S9Error) sig m, MonadIO m) => Text -> m ()
+ejectDiskLogic t = do
+    (ec, _) <- AppMgr.readProcessInheritStderr "eject" [toS t] ""
+    case ec of
+        ExitSuccess   -> pure ()
+        ExitFailure n -> throwError $ EjectE n
+
 insertBackupResult :: MonadIO m => AppId -> Version -> Bool -> SqlPersistT m (Entity BackupRecord)
 insertBackupResult appId appVersion succeeded = do
     uuid <- liftIO nextRandom

agent/src/Handler/Hosts.hs

@@ -7,7 +7,6 @@ import           Startlude               hiding ( ask )
 import           Control.Carrier.Lift           ( runM )
 import           Data.Conduit
 import qualified Data.Conduit.Binary           as CB
-import           Data.Time.ISO8601
 import           Yesod.Core              hiding ( expiresAt )
 
 import           Foundation
@@ -32,7 +31,6 @@ getHostsR = handleS9ErrT $ do
     hostParams <- extractHostsQueryParams
 
     verifyHmac productKey hostParams
-    verifyTimestampNotExpired $ hostsParamsExpiration hostParams
 
     mClaimedAt <- checkExistingPasswordRegistration rootAccountName
     case mClaimedAt of
@@ -50,15 +48,6 @@ verifyHmac productKey params = do
         HostsParams { hostsParamsHmac, hostsParamsExpiration, hostsParamsSalt } = params
         unauthorizedHmac = ClientCryptographyE "Unauthorized hmac"
 
-verifyTimestampNotExpired :: MonadIO m => Text -> S9ErrT m ()
-verifyTimestampNotExpired expirationTimestamp = do
-    now <- liftIO getCurrentTime
-    case parseISO8601 . toS $ expirationTimestamp of
-        Nothing         -> throwE $ TTLExpirationE "invalid timestamp"
-        Just expiration -> when (expiration < now) (throwE $ TTLExpirationE "expired")
-
-
-
 getCertificateR :: Handler TypedContent
 getCertificateR = do
     base <- getsYesod $ appFilesystemBase . appSettings

agent/src/Handler/Network.hs

@@ -0,0 +1,32 @@
+module Handler.Network where
+
+import           Startlude               hiding ( Reader
+                                                , asks
+                                                , runReader
+                                                )
+
+import           Control.Carrier.Lift           ( runM )
+import           Control.Effect.Error
+import           Control.Carrier.Reader
+import           Lib.Error
+import           Yesod.Core                     ( getYesod )
+
+import           Foundation
+import qualified Lib.Algebra.Domain.AppMgr     as AppMgr2
+import           Lib.Types.Core
+
+postResetLanR :: Handler ()
+postResetLanR = do
+    ctx <- getYesod
+    runM . handleS9ErrC . runReader ctx $ postResetLanLogic
+
+postResetLanLogic :: (MonadIO m, Has (Reader AgentCtx) sig m, Has (Error S9Error) sig m) => m ()
+postResetLanLogic = do
+    threadVar <- asks appLanThread
+    mtid      <- liftIO . tryTakeMVar $ threadVar
+    case mtid of
+        Nothing  -> throwError $ TemporarilyForbiddenE (AppId "LAN") "reset" "being reset"
+        Just tid -> liftIO $ do
+            killThread tid
+            newTid <- forkIO (void . runM . runExceptT @S9Error . AppMgr2.runAppMgrCliC $ AppMgr2.lanEnable)
+            putMVar threadVar newTid

agent/src/Handler/Status.hs

@@ -28,6 +28,9 @@ import           Lib.SystemPaths         hiding ( (</>) )
 import           Lib.Tor
 import           Settings
 import           Control.Carrier.Lift           ( runM )
+import           System.Process
+import qualified UnliftIO
+import           System.FileLock
 
 getVersionR :: Handler AppVersionRes
 getVersionR = pure . AppVersionRes $ agentVersion
@@ -35,8 +38,7 @@ getVersionR = pure . AppVersionRes $ agentVersion
 getVersionLatestR :: Handler VersionLatestRes
 getVersionLatestR = handleS9ErrT $ do
     s <- getsYesod appSettings
-    v <- interp s $ Reg.getLatestAgentVersion
-    pure $ VersionLatestRes v
+    uncurry VersionLatestRes <$> interp s Reg.getLatestAgentVersion
     where interp s = ExceptT . liftIO . runError . injectFilesystemBaseFromContext s . runRegistryUrlIOC
 
 
@@ -48,6 +50,8 @@ getSpecsR = handleS9ErrT $ do
     specsDisk       <- fmap show . metricDiskSize <$> getDfMetrics
     specsNetworkId  <- lift . runM . injectFilesystemBaseFromContext settings $ getStart9AgentHostname
     specsTorAddress <- lift . runM . injectFilesystemBaseFromContext settings $ getAgentHiddenServiceUrl
+    specsLanAddress <-
+        fmap (<> ".local") . lift . runM . injectFilesystemBaseFromContext settings $ getStart9AgentHostname
 
     let specsAgentVersion = agentVersion
     returnJsonEncoding SpecsRes { .. }
@@ -69,3 +73,9 @@ patchServerR = do
 getGitR :: Handler Text
 getGitR = pure $embedGitRevision
 
+getLogsR :: Handler (JSONResponse [Text])
+getLogsR = do
+    let debugLock = "/root/agent/tmp/debug.lock"
+    UnliftIO.bracket (liftIO $ lockFile debugLock Exclusive) (liftIO . unlockFile) $ const $ do
+        liftIO $ callCommand "journalctl -u agent --since \"1 hour ago\" > /root/agent/tmp/debug.log"
+        liftIO $ JSONResponse . lines <$> readFile "/root/agent/tmp/debug.log"

agent/src/Handler/Types/Apps.hs

@@ -9,6 +9,7 @@ import           Data.Aeson
 import           Data.Aeson.Flatten
 import           Data.Singletons
 
+import qualified Lib.External.AppManifest      as Manifest
 import           Lib.TyFam.ConditionalData
 import           Lib.Types.Core
 import           Lib.Types.Emver
@@ -28,6 +29,7 @@ data AppAvailablePreview = AppAvailablePreview
     , appAvailablePreviewVersionLatest    :: Version
     , appAvailablePreviewDescriptionShort :: Text
     , appAvailablePreviewInstallInfo      :: Maybe (Version, AppStatus)
+    , appAvailablePreviewTimestamp        :: UTCTime
     }
     deriving (Eq, Show)
 instance ToJSON AppAvailablePreview where
@@ -36,6 +38,7 @@ instance ToJSON AppAvailablePreview where
         , "descriptionShort" .= appAvailablePreviewDescriptionShort
         , "versionInstalled" .= (fst <$> appAvailablePreviewInstallInfo)
         , "status" .= (snd <$> appAvailablePreviewInstallInfo)
+        , "latestVersionTimestamp" .= appAvailablePreviewTimestamp
         ]
 
 data AppInstalledPreview = AppInstalledPreview
@@ -43,6 +46,9 @@ data AppInstalledPreview = AppInstalledPreview
     , appInstalledPreviewStatus           :: AppStatus
     , appInstalledPreviewVersionInstalled :: Version
     , appInstalledPreviewTorAddress       :: Maybe TorAddress
+    , appInstalledPreviewLanAddress       :: Maybe LanAddress
+    , appInstalledPreviewTorUi            :: Bool
+    , appInstalledPreviewLanUi            :: Bool
     }
     deriving (Eq, Show)
 instance ToJSON AppInstalledPreview where
@@ -50,6 +56,9 @@ instance ToJSON AppInstalledPreview where
         [ "status" .= appInstalledPreviewStatus
         , "versionInstalled" .= appInstalledPreviewVersionInstalled
         , "torAddress" .= (unTorAddress <$> appInstalledPreviewTorAddress)
+        , "lanAddress" .= (unLanAddress <$> appInstalledPreviewLanAddress)
+        , "torUi" .= appInstalledPreviewTorUi
+        , "lanUi" .= appInstalledPreviewLanUi
         ]
 
 data InstallNewAppReq = InstallNewAppReq
@@ -70,6 +79,7 @@ data AppAvailableFull = AppAvailableFull
     , appAvailableFullDescriptionShort       :: Text
     , appAvailableFullDescriptionLong        :: Text
     , appAvailableFullReleaseNotes           :: Text
+    , appAvailableFullInstallAlert           :: Maybe Text
     , appAvailableFullDependencyRequirements :: [Full AppDependencyRequirement]
     , appAvailableFullVersions               :: NonEmpty Version
     }
@@ -86,6 +96,7 @@ instance ToJSON AppAvailableFull where
             , "versions" .= appAvailableFullVersions
             , "releaseNotes" .= appAvailableFullReleaseNotes
             , "serviceRequirements" .= appAvailableFullDependencyRequirements
+            , "installAlert" .= appAvailableFullInstallAlert
             ]
         )
 
@@ -123,9 +134,16 @@ data AppInstalledFull = AppInstalledFull
     , appInstalledFullStatus                 :: AppStatus
     , appInstalledFullVersionInstalled       :: Version
     , appInstalledFullTorAddress             :: Maybe TorAddress
+    , appInstalledFullLanAddress             :: Maybe LanAddress
+    , appInstalledFullTorUi                  :: Bool
+    , appInstalledFullLanUi                  :: Bool
     , appInstalledFullInstructions           :: Maybe Text
     , appInstalledFullLastBackup             :: Maybe UTCTime
     , appInstalledFullConfiguredRequirements :: [Stripped AppDependencyRequirement]
+    , appInstalledFullUninstallAlert         :: Maybe Text
+    , appInstalledFullRestoreAlert           :: Maybe Text
+    , appInstalledFullStartAlert             :: Maybe Text
+    , appInstalledFullActions                :: [Manifest.Action]
     }
 instance ToJSON AppInstalledFull where
     toJSON AppInstalledFull {..} = object
@@ -133,23 +151,32 @@ instance ToJSON AppInstalledFull where
         , "lastBackup" .= appInstalledFullLastBackup
         , "configuredRequirements" .= appInstalledFullConfiguredRequirements
         , "torAddress" .= (unTorAddress <$> appInstalledFullTorAddress)
+        , "lanAddress" .= (unLanAddress <$> appInstalledFullLanAddress)
+        , "torUi" .= appInstalledFullTorUi
+        , "lanUi" .= appInstalledFullLanUi
         , "id" .= appBaseId appInstalledFullBase
         , "title" .= appBaseTitle appInstalledFullBase
         , "iconURL" .= appBaseIconUrl appInstalledFullBase
         , "versionInstalled" .= appInstalledFullVersionInstalled
         , "status" .= appInstalledFullStatus
+        , "uninstallAlert" .= appInstalledFullUninstallAlert
+        , "restoreAlert" .= appInstalledFullRestoreAlert
+        , "startAlert" .= appInstalledFullStartAlert
+        , "actions" .= appInstalledFullActions
         ]
 
 data AppVersionInfo = AppVersionInfo
     { appVersionInfoVersion                :: Version
     , appVersionInfoReleaseNotes           :: Text
     , appVersionInfoDependencyRequirements :: [Full AppDependencyRequirement]
+    , appVersionInfoInstallAlert           :: Maybe Text
     }
 instance ToJSON AppVersionInfo where
     toJSON AppVersionInfo {..} = object
         [ "version" .= appVersionInfoVersion
         , "releaseNotes" .= appVersionInfoReleaseNotes
         , "serviceRequirements" .= appVersionInfoDependencyRequirements
+        , "installAlert" .= appVersionInfoInstallAlert
         ]
 
 data ApiDependencyViolation

agent/src/Handler/Types/V0/Base.hs

@@ -15,11 +15,13 @@ import           Lib.Types.Emver
 import           Model
 
 data VersionLatestRes = VersionLatestRes
-    { versionLatestVersion :: Version
+    { versionLatestVersion      :: Version
+    , versionLatestReleaseNotes :: Maybe Text
     }
     deriving (Eq, Show)
 instance ToJSON VersionLatestRes where
-    toJSON VersionLatestRes {..} = object $ ["versionLatest" .= versionLatestVersion]
+    toJSON VersionLatestRes {..} =
+        object $ ["versionLatest" .= versionLatestVersion, "releaseNotes" .= versionLatestReleaseNotes]
 instance ToTypedContent VersionLatestRes where
     toTypedContent = toTypedContent . toJSON
 instance ToContent VersionLatestRes where
@@ -36,6 +38,8 @@ data ServerRes = ServerRes
     , serverSsh                    :: [SshKeyFingerprint]
     , serverAlternativeRegistryUrl :: Maybe Text
     , serverSpecs                  :: SpecsRes
+    , serverWelcomeAck             :: Bool
+    , serverAutoCheckUpdates       :: Bool
     }
     deriving (Eq, Show)
 
@@ -51,12 +55,13 @@ instance ToJSON ServerRes where
             Nothing   -> String "UPDATING"
             Just stat -> toJSON stat
         , "versionInstalled" .= serverVersionInstalled
-        , "versionLatest" .= Null
         , "notifications" .= serverNotifications
         , "wifi" .= serverWifi
         , "ssh" .= serverSsh
         , "alternativeRegistryUrl" .= serverAlternativeRegistryUrl
         , "specs" .= serverSpecs
+        , "welcomeAck" .= serverWelcomeAck
+        , "autoCheckUpdates" .= serverAutoCheckUpdates
         ]
 instance ToTypedContent ServerRes where
     toTypedContent = toTypedContent . toJSON

agent/src/Handler/Types/V0/Specs.hs

@@ -16,6 +16,7 @@ data SpecsRes = SpecsRes
     , specsNetworkId    :: Text
     , specsAgentVersion :: Version
     , specsTorAddress   :: Text
+    , specsLanAddress   :: Text
     }
     deriving (Eq, Show)
 
@@ -23,6 +24,7 @@ instance ToJSON SpecsRes where
     toJSON SpecsRes {..} = object
         [ "EmbassyOS Version" .= specsAgentVersion
         , "Tor Address" .= specsTorAddress
+        , "LAN Address" .= specsLanAddress
         , "Network ID" .= specsNetworkId
         , "CPU" .= specsCPU
         , "Memory" .= specsMem
@@ -33,6 +35,7 @@ instance ToJSON SpecsRes where
             . fold
             $ [ "EmbassyOS Version" .= specsAgentVersion
               , "Tor Address" .= specsTorAddress
+              , "LAN Address" .= specsLanAddress
               , "Network ID" .= specsNetworkId
               , "CPU" .= specsCPU
               , "Memory" .= specsMem

agent/src/Handler/V0.hs

@@ -8,7 +8,7 @@ import           Control.Carrier.Lift           ( runM )
 import           Data.Aeson
 import           Data.IORef
 import qualified Data.Text                     as T
-import           Database.Persist
+import           Database.Persist              as Persist
 import           Yesod.Core.Handler
 import           Yesod.Persist.Core
 import           Yesod.Core.Json
@@ -30,6 +30,7 @@ import           Lib.SystemPaths
 import           Lib.Ssh
 import           Lib.Tor
 import           Lib.Types.Core
+import           Lib.Types.Emver
 import           Model
 import           Settings
 import           Util.Function
@@ -37,7 +38,8 @@ import           Util.Function
 
 getServerR :: Handler (JsonEncoding ServerRes)
 getServerR = handleS9ErrT $ do
-    settings   <- getsYesod appSettings
+    agentCtx <- getYesod
+    let settings = appSettings agentCtx
     now        <- liftIO getCurrentTime
     isUpdating <- getsYesod appIsUpdating >>= liftIO . readIORef
 
@@ -53,8 +55,11 @@ getServerR = handleS9ErrT $ do
     alternativeRegistryUrl <- runM $ injectFilesystemBaseFromContext settings $ readSystemPath altRegistryUrlPath
     name                   <- runM $ injectFilesystemBaseFromContext settings $ readSystemPath serverNamePath
     ssh                    <- readFromPath settings sshKeysFilePath >>= parseSshKeys
-    wifi                   <- WpaSupplicant.runWlan0 $ liftA2 WifiList WpaSupplicant.getCurrentNetwork WpaSupplicant.listNetworks
+    wifi <- WpaSupplicant.runWlan0 $ liftA2 WifiList WpaSupplicant.getCurrentNetwork WpaSupplicant.listNetworks
     specs                  <- getSpecs settings
+    welcomeAck             <- fmap isJust . lift . runDB . Persist.get $ WelcomeAckKey agentVersion
+    autoCheckUpdates       <- runM $ injectFilesystemBaseFromContext settings $ fmap not (existsSystemPath disableAutoCheckUpdatesPath)
+
     let sid = T.drop 7 $ specsNetworkId specs
 
     jsonEncode ServerRes { serverId                     = specsNetworkId specs
@@ -67,6 +72,8 @@ getServerR = handleS9ErrT $ do
                          , serverSsh                    = ssh
                          , serverAlternativeRegistryUrl = alternativeRegistryUrl
                          , serverSpecs                  = specs
+                         , serverWelcomeAck             = welcomeAck
+                         , serverAutoCheckUpdates       = autoCheckUpdates
                          }
     where
         parseSshKeys :: Text -> S9ErrT Handler [SshKeyFingerprint]
@@ -76,6 +83,9 @@ getServerR = handleS9ErrT $ do
                 Left  e  -> throwE $ InvalidSshKeyE (toS e)
                 Right as -> pure $ uncurry3 SshKeyFingerprint <$> as
 
+postWelcomeR :: Version -> Handler ()
+postWelcomeR version = runDB $ repsert (WelcomeAckKey version) WelcomeAck
+
 getSpecs :: MonadIO m => AppSettings -> S9ErrT m SpecsRes
 getSpecs settings = do
     specsCPU        <- liftIO getCpuInfo
@@ -83,6 +93,7 @@ getSpecs settings = do
     specsDisk       <- fmap show . metricDiskSize <$> getDfMetrics
     specsNetworkId  <- runM $ injectFilesystemBaseFromContext settings getStart9AgentHostname
     specsTorAddress <- runM $ injectFilesystemBaseFromContext settings getAgentHiddenServiceUrl
+    specsLanAddress <- fmap (<> ".local") . runM $ injectFilesystemBaseFromContext settings getStart9AgentHostname
 
     let specsAgentVersion = agentVersion
     pure $ SpecsRes { .. }
@@ -102,9 +113,22 @@ newtype NullablePatchReq = NullablePatchReq { mpatchValue :: Maybe Text } derivi
 instance FromJSON NullablePatchReq where
     parseJSON = withObject "Nullable Patch Request" $ \o -> NullablePatchReq <$> o .:? "value"
 
+newtype BoolPatchReq = BoolPatchReq { bpatchValue :: Bool } deriving (Eq, Show)
+
+instance FromJSON BoolPatchReq where
+    parseJSON = withObject "Patch Request" $ \o -> BoolPatchReq <$> o .: "value"
+
 patchNameR :: Handler ()
 patchNameR = patchFile serverNamePath
 
+patchAutoCheckUpdatesR :: Handler ()
+patchAutoCheckUpdatesR = do
+    settings         <- getsYesod appSettings
+    BoolPatchReq val <- requireCheckJsonBody
+    runM $ injectFilesystemBaseFromContext settings $ if val
+        then deleteSystemPath disableAutoCheckUpdatesPath
+        else writeSystemPath disableAutoCheckUpdatesPath ""
+
 patchFile :: SystemPath -> Handler ()
 patchFile path = do
     settings     <- getsYesod appSettings

agent/src/Lib/Algebra/Domain/AppMgr.hs

@@ -25,12 +25,11 @@ import qualified Data.HashMap.Strict           as HM
 import           Data.Singletons.Prelude hiding ( Error )
 import           Data.Singletons.Prelude.Either
 import qualified Data.String                   as String
-import           Exinst
 
 import           Lib.Algebra.Domain.AppMgr.Types
 import           Lib.Algebra.Domain.AppMgr.TH
 import           Lib.Error
-import           Lib.External.AppManifest
+import qualified Lib.External.AppManifest      as Manifest
 import           Lib.TyFam.ConditionalData
 import           Lib.Types.Core                 ( AppId(..)
                                                 , AppContainerStatus(..)
@@ -51,6 +50,7 @@ import           Control.Monad.Trans.Control    ( defaultLiftBaseWith
                                                 , MonadBaseControl(..)
                                                 )
 import qualified Data.ByteString.Char8         as C8
+import           System.Process
 
 
 type InfoRes :: Either OnlyInfoFlag [IncludeInfoFlag] -> Type
@@ -67,7 +67,7 @@ data InfoRes a = InfoRes
               (Either_ (DefaultEqSym1 'OnlyDependencies) (ElemSym1 'IncludeDependencies) a)
               (HM.HashMap AppId DependencyInfo)
     , infoResManifest
-          :: Include (Either_ (DefaultEqSym1 'OnlyManifest) (ElemSym1 'IncludeManifest) a) (Some1 AppManifest)
+          :: Include (Either_ (DefaultEqSym1 'OnlyManifest) (ElemSym1 'IncludeManifest) a) Manifest.AppManifest
     , infoResStatus :: Include (Either_ (DefaultEqSym1 'OnlyStatus) (ElemSym1 'IncludeStatus) a) AppContainerStatus
     }
 instance SingI (a :: Either OnlyInfoFlag [IncludeInfoFlag]) => FromJSON (InfoRes a) where
@@ -271,6 +271,8 @@ data AppMgr (m :: Type -> Type) k where
     -- Tor ::_
     Update ::DryRun -> AppId -> Maybe VersionRange -> AppMgr m BreakageMap
     -- Verify ::_
+    LanEnable ::AppMgr m ()
+    Action ::AppId -> Text -> AppMgr m (HM.HashMap Text Value)
 makeSmartConstructors ''AppMgr
 
 newtype AppMgrCliC m a = AppMgrCliC { runAppMgrCliC :: m a }
@@ -422,6 +424,16 @@ instance (Has (Error S9Error) sig m, Algebra sig m, MonadIO m) => Algebra (AppMg
                 ExitFailure 6 ->
                     throwError $ NotFoundE "appId@version" ([i|#{appId}#{maybe "" (('@':) . show) version}|])
                 ExitFailure n -> throwError $ AppMgrE (toS $ String.unwords args) n
+        (L LanEnable            ) -> liftIO $ callProcess "appmgr" ["lan", "enable"] $> ctx
+        (L (Action appId action)) -> do
+            let args = ["actions", show appId, toS action]
+            (ec, out) <- readProcessInheritStderr "appmgr" args ""
+            case ec of
+                ExitSuccess -> case eitherDecodeStrict out of
+                    Left  e -> throwError $ AppMgrParseE (toS $ String.unwords args) (decodeUtf8 out) e
+                    Right x -> pure $ ctx $> x
+                ExitFailure 6 -> throwError $ NotFoundE "appId" (show appId)
+                ExitFailure n -> throwError $ AppMgrE (toS $ String.unwords args) n
         R other -> AppMgrCliC $ alg (runAppMgrCliC . hdl) other ctx
         where
             versionSpec :: (IsString a, Semigroup a, ConvertText String a) => Maybe VersionRange -> a -> a

agent/src/Lib/Error.hs

@@ -31,6 +31,7 @@ data S9Error =
     | AppMgrParseE Text Text String
     | AppMgrInvalidConfigE Text
     | AppMgrE Text Int
+    | EjectE Int
     | AvahiE Text
     | MetricE Text
     | AppMgrVersionE Version VersionRange
@@ -51,6 +52,7 @@ data S9Error =
     | WifiOrphaningE
     | NoPasswordExistsE
     | HostsParamsE Text
+    | ParamsE Text
     | MissingFileE SystemPath
     | ClientCryptographyE Text
     | TTLExpirationE Text
@@ -86,6 +88,7 @@ toError = \case
     AppMgrParseE cmd result e ->
         ErrorResponse APPMGR_PARSE_ERROR [i|"appmgr #{cmd}" yielded an unparseable result:#{result}\nError: #{e}|]
     AppMgrE cmd code -> ErrorResponse APPMGR_ERROR [i|"appmgr #{cmd}" exited with #{code}|]
+    EjectE code -> ErrorResponse EJECT_ERROR [i|"eject" command exited with #{code}|]
     AppMgrVersionE av avs ->
         ErrorResponse APPMGR_ERROR [i|"appmgr version #{av}" fails to satisfy requisite spec #{avs}|]
     AvahiE  e               -> ErrorResponse AVAHI_ERROR [i|#{e}|]
@@ -136,6 +139,7 @@ toError = \case
     TTLExpirationE      desc  -> ErrorResponse REGISTRATION_ERROR [i|TTL Expiration failure: #{desc}|]
     EnvironmentValE     appId -> ErrorResponse SYNCHRONIZATION_ERROR [i|Could not read environment values for #{appId}|]
     HostsParamsE        key   -> ErrorResponse REGISTRATION_ERROR [i|Missing or invalid parameter #{key}|]
+    ParamsE             key   -> ErrorResponse INVALID_REQUEST [i|Missing or invalid parameter #{key}|]
     InternalE           msg   -> ErrorResponse INTERNAL_ERROR msg
     BackupE appId reason      -> ErrorResponse BACKUP_ERROR [i|Backup failed for #{appId}: #{reason}|]
     BackupPassInvalidE        -> ErrorResponse BACKUP_ERROR [i|Password provided for backups is invalid|]
@@ -151,6 +155,7 @@ data ErrorCode =
     | APPMGR_CONFIG_ERROR
     | APPMGR_PARSE_ERROR
     | APPMGR_ERROR
+    | EJECT_ERROR
     | AVAHI_ERROR
     | REGISTRY_ERROR
     | APP_NOT_INSTALLED
@@ -201,6 +206,7 @@ toStatus = \case
     AppMgrParseE{}         -> status500
     AppMgrInvalidConfigE _ -> status400
     AppMgrE        _ _     -> status500
+    EjectE  _              -> status500
     AppMgrVersionE _ _     -> status500
     AvahiE  _              -> status500
     MetricE _              -> status500
@@ -238,6 +244,7 @@ toStatus = \case
     TTLExpirationE      _   -> status403
     EnvironmentValE     _   -> status500
     HostsParamsE        _   -> status400
+    ParamsE             _   -> status400
     BackupE _ _             -> status500
     BackupPassInvalidE      -> status403
     InternalE _             -> status500

agent/src/Lib/External/AppManifest.hs

@@ -6,17 +6,15 @@ import           Startlude               hiding ( ask )
 
 import           Control.Effect.Reader.Labelled
 import           Data.Aeson
-import           Data.Singletons.TypeLits
 import qualified Data.HashMap.Strict           as HM
 import qualified Data.Yaml                     as Yaml
-import           Exinst
 
+import           Control.Monad.Fail             ( MonadFail(fail) )
 import           Lib.Error
 import           Lib.SystemPaths
 import           Lib.Types.Core
 import           Lib.Types.Emver
 import           Lib.Types.Emver.Orphans        ( )
-import           Control.Monad.Fail             ( MonadFail(fail) )
 
 data ImageType = ImageTypeTar
     deriving (Eq, Show)
@@ -49,52 +47,107 @@ instance FromJSON AssetMapping where
         assetMappingOverwrite <- o .: "overwrite"
         pure $ AssetMapping { .. }
 
-data AppManifest (n :: Nat) where
-    AppManifestV0 ::{ appManifestV0Id :: AppId
-                    , appManifestV0Version :: Version
-                    , appManifestV0Title :: Text
-                    , appManifestV0DescShort :: Text
-                    , appManifestV0DescLong :: Text
-                    , appManifestV0ReleaseNotes :: Text
-                    , appManifestV0PortMapping :: HM.HashMap Word16 Word16
-                    , appManifestV0ImageType :: ImageType
-                    , appManifestV0Mount :: FilePath
-                    , appManifestV0Assets :: [AssetMapping]
-                    , appManifestV0OnionVersion :: OnionVersion
-                    , appManifestV0Dependencies :: HM.HashMap AppId VersionRange
-                    } -> AppManifest 0
+data Action = Action
+    { actionId              :: Text
+    , actionName            :: Text
+    , actionDescription     :: Text
+    , actionWarning         :: Maybe Text
+    , actionAllowedStatuses :: [AppContainerStatus]
+    }
+    deriving Show
+instance FromJSON Action where
+    parseJSON = withObject "AppAction" $ \o -> do
+        actionId              <- o .: "id"
+        actionName            <- o .: "name"
+        actionDescription     <- o .: "description"
+        actionWarning         <- o .:? "warning"
+        actionAllowedStatuses <- o .: "allowed-statuses"
+        pure Action { .. }
+instance ToJSON Action where
+    toJSON Action {..} =
+        object
+            $  [ "id" .= actionId
+               , "name" .= actionName
+               , "description" .= actionDescription
+               , "allowedStatuses" .= actionAllowedStatuses
+               ]
+            <> maybeToList (("warning" .=) <$> actionWarning)
 
-instance FromJSON (Some1 AppManifest) where
-    parseJSON = withObject "App Manifest" $ \o -> do
-        o .: "compat" >>= \case
-            ("v0" :: Text) -> Some1 (SNat @0) <$> parseJSON (Object o)
-            compat         -> fail $ "Unknown Manifest Version: " <> toS compat
 
-instance FromJSON (AppManifest 0) where
-    parseJSON = withObject "App Manifest V0" $ \o -> do
-        appManifestV0Id           <- o .: "id"
-        appManifestV0Version      <- o .: "version"
-        appManifestV0Title        <- o .: "title"
-        appManifestV0DescShort    <- o .: "description" >>= (.: "short")
-        appManifestV0DescLong     <- o .: "description" >>= (.: "long")
-        appManifestV0ReleaseNotes <- o .: "release-notes"
-        appManifestV0PortMapping  <- o .: "ports" >>= fmap HM.fromList . traverse parsePortMapping
-        appManifestV0ImageType    <- o .: "image" >>= (.: "type")
-        appManifestV0Mount        <- o .: "mount"
-        appManifestV0Assets       <- o .: "assets" >>= traverse parseJSON
-        appManifestV0OnionVersion <- o .: "hidden-service-version"
-        appManifestV0Dependencies <- o .:? "dependencies" .!= HM.empty >>= traverse parseDepInfo
-        pure $ AppManifestV0 { .. }
-        where
-            parsePortMapping = withObject "Port Mapping" $ \o -> liftA2 (,) (o .: "tor") (o .: "internal")
-            parseDepInfo     = withObject "Dep Info" $ (.: "version")
+data AppManifest where
+     AppManifest ::{ appManifestId :: AppId
+                    , appManifestVersion :: Version
+                    , appManifestTitle :: Text
+                    , appManifestDescShort :: Text
+                    , appManifestDescLong :: Text
+                    , appManifestReleaseNotes :: Text
+                    , appManifestPortMapping :: [PortMapEntry]
+                    , appManifestImageType :: ImageType
+                    , appManifestMount :: FilePath
+                    , appManifestAssets :: [AssetMapping]
+                    , appManifestOnionVersion :: OnionVersion
+                    , appManifestDependencies :: HM.HashMap AppId VersionRange
+                    , appManifestUninstallAlert :: Maybe Text
+                    , appManifestRestoreAlert   :: Maybe Text
+                    , appManifestStartAlert :: Maybe Text
+                    , appManifestActions :: [Action]
+                    } -> AppManifest
+deriving instance Show AppManifest
 
-getAppManifest :: (MonadIO m, HasFilesystemBase sig m) => AppId -> S9ErrT m (Maybe (Some1 AppManifest))
+torUiAvailable :: AppManifest -> Bool
+torUiAvailable AppManifest {..} = any (== 80) $ portMapEntryTor <$> appManifestPortMapping
+
+lanUiAvailable :: AppManifest -> Bool
+lanUiAvailable AppManifest {..} = any id $ fmap portMapEntryLan appManifestPortMapping <&> \case
+    Just Standard     -> True
+    Just (Custom 443) -> True
+    Just (Custom 80 ) -> True
+    _                 -> False
+
+instance FromJSON AppManifest where
+    parseJSON = withObject "App Manifest " $ \o -> do
+        appManifestId             <- o .: "id"
+        appManifestVersion        <- o .: "version"
+        appManifestTitle          <- o .: "title"
+        appManifestDescShort      <- o .: "description" >>= (.: "short")
+        appManifestDescLong       <- o .: "description" >>= (.: "long")
+        appManifestReleaseNotes   <- o .: "release-notes"
+        appManifestPortMapping    <- o .: "ports"
+        appManifestImageType      <- o .: "image" >>= (.: "type")
+        appManifestMount          <- o .: "mount"
+        appManifestAssets         <- o .: "assets" >>= traverse parseJSON
+        appManifestOnionVersion   <- o .: "hidden-service-version"
+        appManifestDependencies   <- o .:? "dependencies" .!= HM.empty >>= traverse parseDepInfo
+        appManifestUninstallAlert <- o .:? "uninstall-alert"
+        appManifestRestoreAlert   <- o .:? "restore-alert"
+        appManifestStartAlert     <- o .:? "start-alert"
+        appManifestActions        <- o .: "actions"
+        pure $ AppManifest { .. }
+        where parseDepInfo = withObject "Dep Info" $ (.: "version")
+
+getAppManifest :: (MonadIO m, HasFilesystemBase sig m) => AppId -> S9ErrT m (Maybe AppManifest)
 getAppManifest appId = do
     base <- ask @"filesystemBase"
     ExceptT $ first (ManifestParseE appId) <$> liftIO
         (Yaml.decodeFileEither . toS $ (appMgrAppPath appId <> "manifest.yaml") `relativeTo` base)
 
-uiAvailable :: AppManifest n -> Bool
-uiAvailable = \case
-    AppManifestV0 { appManifestV0PortMapping } -> elem 80 (HM.keys appManifestV0PortMapping)
+data LanConfiguration = Standard | Custom Word16 deriving (Eq, Show)
+instance FromJSON LanConfiguration where
+    parseJSON = liftA2 (<|>) standard custom
+        where
+            standard =
+                withText "Standard Lan" \t -> if t == "standard" then pure Standard else fail "Not Standard Lan Conf"
+            custom = withObject "Custom Lan" $ \o -> do
+                Custom <$> (o .: "custom" >>= (.: "port"))
+data PortMapEntry = PortMapEntry
+    { portMapEntryInternal :: Word16
+    , portMapEntryTor      :: Word16
+    , portMapEntryLan      :: Maybe LanConfiguration
+    }
+    deriving (Eq, Show)
+instance FromJSON PortMapEntry where
+    parseJSON = withObject "Port Map Entry" $ \o -> do
+        portMapEntryInternal <- o .: "internal"
+        portMapEntryTor      <- o .: "tor"
+        portMapEntryLan      <- o .:? "lan"
+        pure PortMapEntry { .. }

agent/src/Lib/External/Registry.hs

@@ -36,6 +36,7 @@ import           Lib.SystemPaths
 import           Lib.Types.Core
 import           Lib.Types.Emver
 import           Lib.Types.ServerApp
+import           Data.Time.ISO8601              ( parseISO8601 )
 
 newtype AppManifestRes = AppManifestRes
     { storeApps :: [StoreApp] } deriving (Eq, Show)
@@ -135,6 +136,7 @@ parseAppData = do
         storeAppVersions         <- ad .: "version-info" >>= \case
             []       -> fail "No Valid Version Info"
             (x : xs) -> pure $ x :| xs
+        storeAppTimestamp <- ad .: "timestamp" >>= maybe (fail "Invalid ISO8601 Timestamp") pure . parseISO8601
         pure StoreApp { .. }
 
 getAppVersionForSpec :: (Has RegistryUrl sig m, Has (Error S9Error) sig m, MonadIO m)
@@ -148,12 +150,13 @@ getAppVersionForSpec appId spec = do
         v <- o .: "version"
         pure v
 
-getLatestAgentVersion :: (Has RegistryUrl sig m, Has (Error S9Error) sig m, MonadIO m) => m Version
+getLatestAgentVersion :: (Has RegistryUrl sig m, Has (Error S9Error) sig m, MonadIO m) => m (Version, Maybe Text)
 getLatestAgentVersion = do
     val <- registryRequest agentVersionPath
     parseOrThrow agentVersionPath val $ withObject "version response" $ \o -> do
-        v <- o .: "version"
-        pure v
+        v  <- o .: "version"
+        rn <- o .:? "release-notes"
+        pure (v, rn)
     where agentVersionPath = "sys/version/agent"
 
 getLatestAgentVersionForSpec :: (Has RegistryUrl sig m, Has (Lift IO) sig m, Has (Error S9Error) sig m)

agent/src/Lib/Synchronizers.hs

@@ -11,9 +11,9 @@ import           Startlude               hiding ( check
 import qualified Startlude.ByteStream          as ByteStream
 import qualified Startlude.ByteStream.Char8    as ByteStream
 
+import           Control.Carrier.Lift           ( runM )
 import qualified Control.Effect.Reader.Labelled
                                                as Fused
-import           Control.Carrier.Lift           ( runM )
 import           Control.Monad.Trans.Reader     ( mapReaderT )
 import           Control.Monad.Trans.Resource
 import           Data.Attoparsec.Text
@@ -21,51 +21,52 @@ import qualified Data.ByteString               as BS
 import qualified Data.ByteString.Char8         as B8
 import qualified Data.Conduit                  as Conduit
 import qualified Data.Conduit.Combinators      as Conduit
-import qualified Data.Conduit.Tar              as Conduit
 import           Data.Conduit.Shell      hiding ( arch
+                                                , hostname
                                                 , patch
                                                 , stream
-                                                , hostname
                                                 )
+import qualified Data.Conduit.Tar              as Conduit
 import           Data.FileEmbed
 import qualified Data.HashMap.Strict           as HM
 import           Data.IORef
 import           Data.String.Interpolate.IsString
 import qualified Data.Yaml                     as Yaml
 import           Exinst
-import           System.FilePath                ( splitPath
+import qualified Streaming.Conduit             as Conduit
+import qualified Streaming.Prelude             as Stream
+import qualified Streaming.Zip                 as Stream
+import           System.Directory
+import           System.FilePath                ( (</>)
                                                 , joinPath
-                                                , (</>)
+                                                , splitPath
                                                 )
 import           System.FilePath.Posix          ( takeDirectory )
-import           System.Directory
 import           System.IO.Error
 import           System.Posix.Files
 import           System.Process                 ( callCommand )
-import qualified Streaming.Prelude             as Stream
-import qualified Streaming.Conduit             as Conduit
-import qualified Streaming.Zip                 as Stream
 
 import           Constants
+import           Control.Effect.Error    hiding ( run )
+import           Daemon.ZeroConf                ( getStart9AgentHostname )
+import qualified Data.Text                     as T
 import           Foundation
+import           Handler.Network
+import qualified Lib.Algebra.Domain.AppMgr     as AppMgr2
 import           Lib.ClientManifest
 import           Lib.Error
 import qualified Lib.External.AppMgr           as AppMgr
 import           Lib.External.Registry
 import           Lib.Sound
 import           Lib.Ssl
-import           Lib.Tor
-import           Lib.Types.Core
-import           Lib.Types.NetAddress
-import           Lib.Types.Emver
 import           Lib.SystemCtl
 import           Lib.SystemPaths         hiding ( (</>) )
+import           Lib.Tor
+import           Lib.Types.Core
+import           Lib.Types.Emver
+import           Lib.Types.NetAddress
 import           Settings
 import           Util.File
-import qualified Lib.Algebra.Domain.AppMgr     as AppMgr2
-import           Daemon.ZeroConf                ( getStart9AgentHostname )
-import qualified Data.Text                     as T
-import           Control.Effect.Error    hiding ( run )
 
 
 data Synchronizer = Synchronizer
@@ -96,15 +97,16 @@ parseKernelVersion = do
     pure $ KernelVersion (Version (major', minor', patch', 0)) arch
 
 synchronizer :: Synchronizer
-synchronizer = sync_0_2_7
+synchronizer = sync_0_2_9
 {-# INLINE synchronizer #-}
 
-sync_0_2_7 :: Synchronizer
-sync_0_2_7 = Synchronizer
-    "0.2.7"
+sync_0_2_9 :: Synchronizer
+sync_0_2_9 = Synchronizer
+    "0.2.9"
     [ syncCreateAgentTmp
     , syncCreateSshDir
     , syncRemoveAvahiSystemdDependency
+    , syncInstallLibAvahi
     , syncInstallAppMgr
     , syncFullUpgrade
     , sync32BitKernel
@@ -113,6 +115,7 @@ sync_0_2_7 = Synchronizer
     , syncInstallDuplicity
     , syncInstallExfatFuse
     , syncInstallExfatUtils
+    , syncUpgradeTor
     , syncInstallAmbassadorUI
     , syncOpenHttpPorts
     , syncUpgradeLifeline
@@ -121,6 +124,7 @@ sync_0_2_7 = Synchronizer
     , syncPersistLogs
     , syncConvertEcdsaCerts
     , syncRestarterService
+    , syncInstallEject
     ]
 
 syncCreateAgentTmp :: SyncOp
@@ -169,8 +173,8 @@ syncFullUpgrade = SyncOp "Full Upgrade" check migrate True
                 Just (Done _ (KernelVersion (Version av) _)) -> if av < (4, 19, 118, 0) then pure True else pure False
                 _ -> pure False
         migrate = liftIO . run $ do
-            shell "apt update"
-            shell "apt full-upgrade -y"
+            shell "apt-get update"
+            shell "apt-get full-upgrade -y"
 
 sync32BitKernel :: SyncOp
 sync32BitKernel = SyncOp "32 Bit Kernel Switch" check migrate True
@@ -194,16 +198,24 @@ syncInstallNginx = SyncOp "Install Nginx" check migrate False
     where
         check   = liftIO . run $ fmap isNothing (shell [i|which nginx || true|] $| conduit await)
         migrate = liftIO . run $ do
-            apt "update"
-            apt "install" "nginx" "-y"
+            shell "apt-get update"
+            shell "apt-get install nginx -y"
+
+syncInstallEject :: SyncOp
+syncInstallEject = SyncOp "Install Eject" check migrate False
+    where
+        check   = liftIO . run $ fmap isNothing (shell [i|which eject || true|] $| conduit await)
+        migrate = liftIO . run $ do
+            shell "apt-get update"
+            shell "apt-get install eject -y"
 
 syncInstallDuplicity :: SyncOp
 syncInstallDuplicity = SyncOp "Install duplicity" check migrate False
     where
         check   = liftIO . run $ fmap isNothing (shell [i|which duplicity || true|] $| conduit await)
         migrate = liftIO . run $ do
-            apt "update"
-            apt "install" "-y" "duplicity"
+            shell "apt-get update"
+            shell "apt-get install -y duplicity"
 
 syncInstallExfatFuse :: SyncOp
 syncInstallExfatFuse = SyncOp "Install exfat-fuse" check migrate False
@@ -215,8 +227,8 @@ syncInstallExfatFuse = SyncOp "Install exfat-fuse" check migrate False
                             ProcessException _ (ExitFailure 1) -> pure True
                             _ -> throwIO e
         migrate = liftIO . run $ do
-            apt "update"
-            apt "install" "-y" "exfat-fuse"
+            shell "apt-get update"
+            shell "apt-get install -y exfat-fuse"
 
 syncInstallExfatUtils :: SyncOp
 syncInstallExfatUtils = SyncOp "Install exfat-utils" check migrate False
@@ -228,8 +240,21 @@ syncInstallExfatUtils = SyncOp "Install exfat-utils" check migrate False
                             ProcessException _ (ExitFailure 1) -> pure True
                             _ -> throwIO e
         migrate = liftIO . run $ do
-            apt "update"
-            apt "install" "-y" "exfat-utils"
+            shell "apt-get update"
+            shell "apt-get install -y exfat-utils"
+
+syncInstallLibAvahi :: SyncOp
+syncInstallLibAvahi = SyncOp "Install libavahi-client" check migrate False
+    where
+        check =
+            liftIO
+                $       (run (shell [i|dpkg -l|] $| shell [i|grep libavahi-client3|] $| conduit await) $> False)
+                `catch` \(e :: ProcessException) -> case e of
+                            ProcessException _ (ExitFailure 1) -> pure True
+                            _ -> throwIO e
+        migrate = liftIO . run $ do
+            shell "apt-get update"
+            shell "apt-get install -y libavahi-client3"
 
 syncWriteConf :: Text -> ByteString -> SystemPath -> SyncOp
 syncWriteConf name contents' confLocation = SyncOp [i|Write #{name} Conf|] check migrate False
@@ -414,6 +439,7 @@ syncInstallAppMgr = SyncOp "Install AppMgr" check migrate False
             avs <- asks $ appMgrVersionSpec . appSettings
             av  <- AppMgr.installNewAppMgr avs
             unless (av <|| avs) $ throwE $ AppMgrVersionE av avs
+            postResetLanLogic -- to accommodate 0.2.x -> 0.2.9 where previous appmgr didn't correctly set up lan
 
 syncUpgradeLifeline :: SyncOp
 syncUpgradeLifeline = SyncOp "Upgrade Lifeline" check migrate False
@@ -471,7 +497,7 @@ replaceDerivativeCerts :: (HasFilesystemBase sig m, Fused.Has (Error S9Error) si
 replaceDerivativeCerts = do
     sid <- getStart9AgentHostname
     let hostname = sid <> ".local"
-    tor            <- getAgentHiddenServiceUrl
+    torAddr        <- getAgentHiddenServiceUrl
 
     caKeyPath      <- toS <$> getAbsoluteLocationFor rootCaKeyPath
     caConfPath     <- toS <$> getAbsoluteLocationFor rootCaOpenSslConfPath
@@ -522,7 +548,7 @@ replaceDerivativeCerts = do
                           , duration          = 365
                           }
         hostname
-        tor
+        torAddr
     liftIO $ do
         putStrLn @Text "openssl logs"
         putStrLn @Text "exit code: "
@@ -554,6 +580,21 @@ syncRestarterService = SyncOp "Install Restarter Service" check migrate True
             liftIO $ callCommand "systemctl enable restarter.service"
             liftIO $ callCommand "systemctl enable restarter.timer"
 
+syncUpgradeTor :: SyncOp
+syncUpgradeTor = SyncOp "Install Tor 0.3.5.12-1" check migrate False
+    where
+        check =
+            liftIO
+                $       (  run (shell [i|dpkg -l|] $| shell [i|grep tor|] $| shell [i|grep 0.3.5.12-1|] $| conduit await)
+                        $> False
+                        )
+                `catch` \(e :: ProcessException) -> case e of
+                            ProcessException _ (ExitFailure 1) -> pure True
+                            _ -> throwIO e
+        migrate = liftIO . run $ do
+            shell "apt-get update"
+            shell "apt-get install -y tor=0.3.5.12-1"
+
 failUpdate :: S9Error -> ExceptT Void (ReaderT AgentCtx IO) ()
 failUpdate e = do
     ref <- asks appIsUpdateFailed

agent/src/Lib/SystemPaths.hs

@@ -80,6 +80,11 @@ readSystemPath path = do
         $       (Just <$> readFile (toS loadPath))
         `catch` (\(e :: IOException) -> if isDoesNotExistError e then pure Nothing else throwIO e)
 
+existsSystemPath :: (HasFilesystemBase sig m, MonadIO m) => SystemPath -> m Bool
+existsSystemPath path = do
+    checkPath <- getAbsoluteLocationFor path
+    liftIO . doesPathExist $ toS checkPath
+
 -- like the above, but throws IO error if file not found
 readSystemPath' :: (HasFilesystemBase sig m, MonadIO m) => SystemPath -> m Text
 readSystemPath' path = do
@@ -188,6 +193,9 @@ agentTorHiddenServicePrivateKeyPath = agentTorHiddenServiceDirectory <> "/hs_ed2
 serverNamePath :: SystemPath
 serverNamePath = "/root/agent/name.txt"
 
+disableAutoCheckUpdatesPath :: SystemPath
+disableAutoCheckUpdatesPath = "/root/agent/.disableAutoCheckUpdates"
+
 altRegistryUrlPath :: SystemPath
 altRegistryUrlPath = "/root/agent/alt_registry_url.txt"
 

agent/src/Lib/Tor.hs

@@ -3,11 +3,20 @@ module Lib.Tor where
 import           Startlude
 
 import qualified Data.Text                     as T
+import           Network.HTTP.Client
+import           Network.Connection
 
 import           Lib.SystemPaths
+import           Network.HTTP.Client.TLS        ( mkManagerSettings )
+import           Data.Default
 
 getAgentHiddenServiceUrl :: (HasFilesystemBase sig m, MonadIO m) => m Text
 getAgentHiddenServiceUrl = T.strip <$> readSystemPath' agentTorHiddenServiceHostnamePath
 
 getAgentHiddenServiceUrlMaybe :: (HasFilesystemBase sig m, MonadIO m) => m (Maybe Text)
 getAgentHiddenServiceUrlMaybe = fmap T.strip <$> readSystemPath agentTorHiddenServiceHostnamePath
+
+-- | 'newTorManager' currently assumes the tor client lives on the localhost. The port comes in over an argument.
+-- If this is insufficient in the future, feel free to parameterize the host.
+newTorManager :: Word16 -> IO Manager
+newTorManager = newManager . mkManagerSettings def . Just . SockSettingsSimple "127.0.0.1" . fromIntegral

agent/src/Lib/Types/Emver.hs

@@ -56,6 +56,10 @@ instance Show Version where
         let postfix = if q == 0 then "" else '.' : show q in show x <> "." <> show y <> "." <> show z <> postfix
 instance IsString Version where
     fromString s = either error id $ Atto.parseOnly parseVersion (T.pack s)
+instance Read Version where
+    readsPrec _ s = case Atto.parseOnly parseVersion (T.pack s) of
+        Left _ -> []
+        Right a -> [(a, "")]
 
 -- | A change in the value found at 'major' implies a breaking change in the API that this version number describes
 major :: Version -> Word

agent/src/Lib/Types/Emver/Orphans.hs

@@ -3,16 +3,17 @@ module Lib.Types.Emver.Orphans where
 
 import           Startlude
 
+import           Control.Monad.Fail
 import           Data.Aeson
-
-import           Lib.Types.Emver
+import qualified Data.Attoparsec.Text          as Atto
+import qualified Data.Text                     as T
 import           Database.Persist
 import           Database.Persist.Sql
-import qualified Data.Attoparsec.Text          as Atto
-import           Control.Monad.Fail
-import qualified Data.Text                     as T
+import           Web.HttpApiData
 import           Yesod.Core.Dispatch
 
+import           Lib.Types.Emver
+
 instance ToJSON Version where
     toJSON = String . show
 instance FromJSON Version where
@@ -31,9 +32,16 @@ instance FromJSON VersionRange where
 instance PersistField Version where
     toPersistValue   = toPersistValue @Text . show
     fromPersistValue = first T.pack . Atto.parseOnly parseVersion <=< fromPersistValue
-
 instance PersistFieldSql Version where
     sqlType _ = SqlString
+instance FromHttpApiData Version where
+    parseUrlPiece = first toS . Atto.parseOnly parseVersion
+instance ToHttpApiData Version where
+    toUrlPiece = show
+
+instance PathPiece Version where
+    toPathPiece   = show
+    fromPathPiece = hush . Atto.parseOnly parseVersion
 
 instance PathPiece VersionRange where
     toPathPiece   = show

agent/src/Lib/Types/NetAddress.hs

@@ -7,6 +7,10 @@ newtype TorAddress = TorAddress { unTorAddress :: Text } deriving (Eq)
 instance Show TorAddress where
     show = toS . unTorAddress
 
+newtype LanAddress = LanAddress { unLanAddress :: Text } deriving (Eq)
+instance Show LanAddress where
+    show = toS . unLanAddress
+
 newtype LanIp = LanIp { unLanIp :: Text } deriving (Eq)
 instance Show LanIp where
     show = toS . unLanIp

agent/src/Lib/Types/ServerApp.hs

@@ -20,12 +20,14 @@ data StoreApp = StoreApp
     , storeAppDescriptionLong  :: Text
     , storeAppIconUrl          :: Text
     , storeAppVersions         :: NonEmpty StoreAppVersionInfo
+    , storeAppTimestamp        :: UTCTime
     }
     deriving (Eq, Show)
 
 data StoreAppVersionInfo = StoreAppVersionInfo
     { storeAppVersionInfoVersion      :: Version
     , storeAppVersionInfoReleaseNotes :: Text
+    , storeAppVersionInfoInstallAlert :: Maybe Text
     }
     deriving (Eq, Show)
 instance Ord StoreAppVersionInfo where
@@ -34,6 +36,7 @@ instance FromJSON StoreAppVersionInfo where
     parseJSON = withObject "Store App Version Info" $ \o -> do
         storeAppVersionInfoVersion      <- o .: "version"
         storeAppVersionInfoReleaseNotes <- o .: "release-notes"
+        storeAppVersionInfoInstallAlert <- o .:? "install-alert"
         pure StoreAppVersionInfo { .. }
 instance ToJSON StoreAppVersionInfo where
     toJSON StoreAppVersionInfo {..} =

agent/src/Lib/WebServer.hs

@@ -45,6 +45,7 @@ import           Handler.Backups
 import           Handler.Hosts
 import           Handler.Icons
 import           Handler.Login
+import           Handler.Network
 import           Handler.Notifications
 import           Handler.PasswordUpdate
 import           Handler.PowerOff

agent/src/Model.hs

@@ -59,4 +59,7 @@ BackupRecord sql=backup
 IconDigest
     Id AppId
     tag (Digest MD5)
+
+WelcomeAck
+    Id Version
 |]

agent/src/Settings.hs

@@ -41,6 +41,9 @@ data AppSettings = AppSettings
     -- ^ Should all log messages be displayed?
     , appMgrVersionSpec         :: VersionRange
     , appFilesystemBase         :: Text
+    , appTorSocksPort           :: Word16
+    -- ^ Port on localhost where the tor client is listening, defaults to 9050
+    , appTorRestartCooldown     :: NominalDiffTime
     }
     deriving Show
 
@@ -63,6 +66,8 @@ instance FromJSON AppSettings where
 
         appMgrVersionSpec         <- o .: "app-mgr-version-spec"
         appFilesystemBase         <- o .: "filesystem-base"
+        appTorSocksPort           <- o .:? "tor-socks-port" .!= 9050
+        appTorRestartCooldown     <- o .:? "tor-restart-cooldown" .!= (secondsToNominalDiffTime 600)
         return AppSettings { .. }
 
 -- | Raw bytes at compile time of @config/settings.yml@

agent/src/Startlude.hs

@@ -69,12 +69,12 @@ instance MonadResource m => MonadResource (FE.ReaderC r m)  where
 instance MonadResource m => MonadResource (FE.ErrorC e m) where
     liftResourceT = lift . liftResourceT
 
-
 instance MonadThrow (sub m) => MonadThrow (FE.Labelled label sub m) where
     throwM = FE.Labelled . throwM
 instance MonadThrow m => MonadThrow (FE.LiftC m) where
     throwM = FE.LiftC . throwM
 
+instance MonadLogger m => MonadLogger (FE.ErrorC e m) where
 instance MonadLogger m => MonadLogger (FE.LiftC m) where
 instance MonadLogger (sub m) => MonadLogger (FE.Labelled label sub m) where
     monadLoggerLog a b c d = FE.Labelled $ monadLoggerLog a b c d
@@ -91,6 +91,13 @@ instance MonadHandler (sub m) => MonadHandler (FE.Labelled label sub m) where
     liftHandler    = FE.Labelled . liftHandler
     liftSubHandler = FE.Labelled . liftSubHandler
 
+
+instance MonadHandler m => MonadHandler (FE.ErrorC e m) where
+    type HandlerSite (FE.ErrorC e m) = HandlerSite m
+    type SubHandlerSite (FE.ErrorC e m) = SubHandlerSite m
+    liftHandler    = lift . liftHandler
+    liftSubHandler = lift . liftSubHandler
+
 instance MonadTransControl t => MonadTransControl (FE.Labelled k t) where
     type StT (FE.Labelled k t) a = StT t a
     liftWith f = FE.Labelled $ liftWith $ \run -> f (run . FE.runLabelled)

agent/test/Lib/External/AppManifestSpec.hs

@@ -66,12 +66,65 @@ assets:
 hidden-service-version: v3
 |]
 
+mastodon330Manifest :: ByteString
+mastodon330Manifest = [i|
+---
+id: mastodon
+version: 3.3.0.1
+title: Mastodon
+description:
+  short: "A free, open-source social network server."
+  long: "Mastodon is a free, open-source social network server based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub)!"
+release-notes: Added an acation to reset the admin password
+install-alert: "After starting mastodon for the first time, it can take a long time (several minutes) to be ready.\nPlease be patient. On future starts of the service, it will be faster, but still takes longer than other services.\nMake sure to sign up for a user before giving out your link. The first user to sign up is set as the admin user.\n"
+uninstall-alert: ~
+restore-alert: ~
+start-alert: "It may take several minutes after startup for this service to be ready for use.\n"
+has-instructions: true
+os-version-required: ">=0.2.8"
+os-version-recommended: ">=0.2.8"
+ports:
+  - internal: 80
+    tor: 80
+    lan: standard
+  - internal: 443
+    tor: 443
+    lan:
+      custom:
+        port: 443
+  - internal: 3000
+    tor: 3000
+    lan: ~
+  - internal: 4000
+    tor: 4000
+    lan: ~
+image:
+  type: tar
+shm-size-mb: ~
+mount: /root/persistence
+public: ~
+shared: ~
+assets: []
+hidden-service-version: v3
+dependencies: {}
+actions:
+  - id: reset-admin-password
+    name: Reset Admin Password
+    description: This action will reset your admin password to a random value
+    allowed-statuses:
+      - RUNNING
+    command:
+      - docker_entrypoint.sh
+      - reset_admin_password.sh
+|]
+
+
 spec :: Spec
 spec = do
-    describe "parsing app manifest ports" $ do
-        it "should yield true for cups 0.2.3" $ do
-            res <- decodeThrow @IO @(AppManifest 0) cups023Manifest
-            uiAvailable res `shouldBe` True
-        it "should yield false for cups 0.2.3 Mod" $ do
-            res <- decodeThrow @IO @(AppManifest 0) cups023ManifestModNoUI
-            uiAvailable res `shouldBe` False
+  describe "parsing app manifest ports" $ do
+    it "should parse mastodon 3.3.0" $ do
+      res <- decodeThrow @IO @AppManifest mastodon330Manifest
+      print res
+      lanUiAvailable res `shouldBe` True
+      torUiAvailable res `shouldBe` True
+

appmgr/Cargo.toml

@@ -1,8 +1,8 @@
 [package]
-name = "appmgr"
-version = "0.2.7"
 authors = ["Aiden McClelland <me@drbonez.dev>"]
 edition = "2018"
+name = "appmgr"
+version = "0.2.9"
 
 [lib]
 name = "appmgrlib"
@@ -13,25 +13,30 @@ name = "appmgr"
 path = "src/main.rs"
 
 [features]
-default = []
+avahi = ["avahi-sys"]
+default = ["avahi"]
 portable = []
 production = []
 
 [dependencies]
-emver = { version = "0.1.0", features = ["serde"] }
-argonautica = "0.2.0"
 async-trait = "0.1.42"
+avahi-sys = { git = "https://github.com/Start9Labs/avahi-sys", branch = "feature/dynamic-linking", features = ["dynamic"], optional = true }
 base32 = "0.4.0"
 clap = "2.33"
+ctrlc = "3.1.7"
 ed25519-dalek = "1.0.1"
+emver = { version = "0.1.0", features = ["serde"] }
 failure = "0.1.8"
 file-lock = "1.1"
 futures = "0.3.8"
 git-version = "0.3.4"
+http = "0.2.3"
 itertools = "0.9.0"
 lazy_static = "1.4"
+libc = "0.2.86"
 linear-map = { version = "1.2", features = ["serde_impl"] }
 log = "0.4.11"
+nix = "0.19.1"
 openssl = "0.10.30"
 pest = "2.1"
 pest_derive = "2.1"
@@ -40,11 +45,14 @@ rand = "0.7.3"
 regex = "1.4.2"
 reqwest = { version = "0.10.9", features = ["stream", "json"] }
 rpassword = "5.0.0"
+rust-argon2 = "0.8.3"
+scopeguard = "1.1" # because avahi-sys fucks your shit up
 serde = { version = "1.0.118", features = ["derive", "rc"] }
-serde_yaml = "0.8.14"
 serde_cbor = "0.11.1"
 serde_json = "1.0.59"
+serde_yaml = "0.8.14"
 simple-logging = "2.0"
 tokio = { version = "0.3.5", features = ["full"] }
 tokio-compat-02 = "0.1.2"
-tokio-tar = { version = "0.3.0", git = "https://github.com/dr-bonez/tokio-tar.git" }
+tokio-tar = { version = "0.3.0", git = "https://github.com/dr-bonez/tokio-tar.git", rev = "1ba710f3" }
+yajrc = { version = "0.1.0", git = "https://github.com/dr-bonez/yajrc", rev = "c2952a4a21c50f7be6f8003afa37ee77deb66d56" }

appmgr/build-dev.sh

@@ -6,4 +6,4 @@ shopt -s expand_aliases
 alias 'rust-arm-builder'='docker run --rm -it -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$(pwd)":/home/rust/src start9/rust-arm-cross:latest'
 
 cd ..
-rust-arm-builder sh -c "(cd appmgr && cargo build --release)"
+rust-arm-builder sh -c "(cd appmgr && cargo build)"

appmgr/src/actions.rs

@@ -0,0 +1,116 @@
+use std::os::unix::process::ExitStatusExt;
+use std::process::Stdio;
+
+use linear_map::set::LinearSet;
+use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt, Error as IoError};
+use yajrc::RpcError;
+
+use crate::apps::DockerStatus;
+
+pub const STATUS_NOT_ALLOWED: i32 = -2;
+pub const INVALID_COMMAND: i32 = -3;
+
+#[derive(Debug, Clone, serde::Deserialize, serde::Serialize)]
+#[serde(rename_all = "kebab-case")]
+pub struct Action {
+    pub id: String,
+    pub name: String,
+    pub description: String,
+    #[serde(default)]
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub warning: Option<String>,
+    pub allowed_statuses: LinearSet<DockerStatus>,
+    pub command: Vec<String>,
+}
+
+async fn tee<R: AsyncRead + Unpin, W: AsyncWrite + Unpin>(
+    mut r: R,
+    mut w: W,
+) -> Result<Vec<u8>, IoError> {
+    let mut res = Vec::new();
+    let mut buf = vec![0; 2048];
+    let mut bytes;
+    while {
+        bytes = r.read(&mut buf).await?;
+        bytes != 0
+    } {
+        res.extend_from_slice(&buf[..bytes]);
+        w.write_all(&buf[..bytes]).await?;
+    }
+    w.flush().await?;
+    Ok(res)
+}
+
+impl Action {
+    pub async fn perform(&self, app_id: &str) -> Result<String, RpcError> {
+        let man = crate::apps::manifest(app_id)
+            .await
+            .map_err(failure::Error::from)
+            .map_err(failure::Error::compat)?;
+        let status = crate::apps::status(app_id, true)
+            .await
+            .map_err(failure::Error::from)
+            .map_err(failure::Error::compat)?
+            .status;
+        if !self.allowed_statuses.contains(&status) {
+            return Err(RpcError {
+                code: STATUS_NOT_ALLOWED,
+                message: format!(
+                    "{} is in status {:?} which is not allowed by {}",
+                    app_id, status, self.id
+                ),
+                data: None,
+            });
+        }
+        let mut cmd = if status == DockerStatus::Running {
+            let mut cmd = tokio::process::Command::new("docker");
+            cmd.arg("exec").arg(&app_id).args(&self.command);
+            cmd
+        } else {
+            let mut cmd = tokio::process::Command::new("docker");
+            let entrypoint = self.command.get(0).ok_or_else(|| RpcError {
+                code: INVALID_COMMAND,
+                message: "Command Cannot Be Empty".to_owned(),
+                data: None,
+            })?;
+            cmd.arg("run")
+                .arg("--rm")
+                .arg("--name")
+                .arg(format!("{}_{}", app_id, self.id))
+                .arg("--mount")
+                .arg(format!(
+                    "type=bind,src={}/{},dst={}",
+                    crate::VOLUMES,
+                    app_id,
+                    man.mount.display()
+                ))
+                .arg("--entrypoint")
+                .arg(entrypoint)
+                .arg(format!("start9/{}", app_id))
+                .args(&self.command[1..]);
+            // TODO: 0.3.0: net, tor, shm
+            cmd
+        };
+        cmd.stdout(Stdio::piped());
+        cmd.stderr(Stdio::piped());
+        let mut child = cmd.spawn()?;
+
+        let (stdout, stderr) = futures::try_join!(
+            tee(child.stdout.take().unwrap(), tokio::io::sink()),
+            tee(child.stderr.take().unwrap(), tokio::io::sink())
+        )?;
+
+        let status = child.wait().await?;
+        if status.success() {
+            String::from_utf8(stdout).map_err(From::from)
+        } else {
+            Err(RpcError {
+                code: status
+                    .code()
+                    .unwrap_or_else(|| status.signal().unwrap_or(0) + 128),
+                message: String::from_utf8(stderr)?,
+                data: None,
+            })
+        }
+    }
+}

appmgr/src/backup.rs

@@ -1,15 +1,26 @@
 use std::path::Path;
 
-use argonautica::{Hasher, Verifier};
+use argon2::Config;
+use emver::Version;
 use futures::try_join;
 use futures::TryStreamExt;
+use rand::Rng;
+use serde::Serialize;
 
-use crate::apps;
 use crate::util::from_yaml_async_reader;
+use crate::util::to_yaml_async_writer;
 use crate::util::Invoke;
+use crate::version::VersionT;
 use crate::Error;
 use crate::ResultExt;
 
+#[derive(Debug, Clone, Serialize)]
+#[serde(rename_all = "kebab-case")]
+pub struct Metadata {
+    pub app_version: Version,
+    pub os_version: &'static Version,
+}
+
 pub async fn create_backup<P: AsRef<Path>>(
     path: P,
     app_id: &str,
@@ -21,6 +32,7 @@ pub async fn create_backup<P: AsRef<Path>>(
         crate::error::FILESYSTEM_ERROR,
         "Backup Path Must Be Directory"
     );
+    let metadata_path = path.join("metadata.yaml");
     let pw_path = path.join("password");
     let data_path = path.join("data");
     let tor_path = path.join("tor");
@@ -35,10 +47,7 @@ pub async fn create_backup<P: AsRef<Path>>(
         let mut hash = String::new();
         f.read_to_string(&mut hash).await?;
         crate::ensure_code!(
-            Verifier::new()
-                .with_password(password)
-                .with_hash(hash)
-                .verify()
+            argon2::verify_encoded(&hash, password.as_bytes())
                 .with_code(crate::error::INVALID_BACKUP_PASSWORD)?,
             crate::error::INVALID_BACKUP_PASSWORD,
             "Invalid Backup Decryption Password"
@@ -47,15 +56,23 @@ pub async fn create_backup<P: AsRef<Path>>(
     {
         // save password
         use tokio::io::AsyncWriteExt;
-
-        let mut hasher = Hasher::default();
-        hasher.opt_out_of_secret_key(true);
-        let hash = hasher.with_password(password).hash().no_code()?;
+        let salt = rand::thread_rng().gen::<[u8; 32]>();
+        let hash = argon2::hash_encoded(password.as_bytes(), &salt, &Config::default()).unwrap(); // this is safe because apparently the API was poorly designed
         let mut f = tokio::fs::File::create(pw_path).await?;
         f.write_all(hash.as_bytes()).await?;
         f.flush().await?;
     }
 
+    let info = crate::apps::info(app_id).await?;
+    to_yaml_async_writer(
+        tokio::fs::File::create(metadata_path).await?,
+        &Metadata {
+            app_version: info.version,
+            os_version: crate::version::Current::new().semver(),
+        },
+    )
+    .await?;
+
     let status = crate::apps::status(app_id, false).await?;
     let exclude = if volume_path.is_dir() {
         let ignore_path = volume_path.join(".backupignore");
@@ -124,6 +141,7 @@ pub async fn restore_backup<P: AsRef<Path>>(
         crate::error::FILESYSTEM_ERROR,
         "Backup Path Must Be Directory"
     );
+    let metadata_path = path.join("metadata.yaml");
     let pw_path = path.join("password");
     let data_path = path.join("data");
     let tor_path = path.join("tor");
@@ -138,10 +156,7 @@ pub async fn restore_backup<P: AsRef<Path>>(
         let mut hash = String::new();
         f.read_to_string(&mut hash).await?;
         crate::ensure_code!(
-            Verifier::new()
-                .with_password(password)
-                .with_hash(hash)
-                .verify()
+            argon2::verify_encoded(&hash, password.as_bytes())
                 .with_code(crate::error::INVALID_BACKUP_PASSWORD)?,
             crate::error::INVALID_BACKUP_PASSWORD,
             "Invalid Backup Decryption Password"
@@ -181,12 +196,21 @@ pub async fn restore_backup<P: AsRef<Path>>(
     );
 
     // Fix the tor address in apps.yaml
-    let mut yhdl = apps::list_info_mut().await?;
+    let mut yhdl = crate::apps::list_info_mut().await?;
     if let Some(app_info) = yhdl.get_mut(app_id) {
         app_info.tor_address = Some(crate::tor::read_tor_address(app_id, None).await?);
     }
     yhdl.commit().await?;
 
+    tokio::fs::copy(
+        metadata_path,
+        Path::new(crate::VOLUMES)
+            .join(app_id)
+            .join("start9")
+            .join("restore.yaml"),
+    )
+    .await?;
+
     // Attempt to configure the service with the config coming from restoration
     let cfg_path = Path::new(crate::VOLUMES)
         .join(app_id)

appmgr/src/cert-local.csr.conf.template

@@ -0,0 +1,10 @@
+[req]
+default_bits = 4096
+default_md = sha256
+distinguished_name = req_distinguished_name
+prompt = no
+
+[req_distinguished_name]
+CN = {hostname}.local
+O = Start9 Labs
+OU = Embassy

appmgr/src/config/spec.rs

@@ -1864,6 +1864,9 @@ mod test {
             hidden_service_version: crate::tor::HiddenServiceVersion::V3,
             dependencies: deps,
             extra: LinearMap::new(),
+            install_alert: None,
+            restore_alert: None,
+            uninstall_alert: None,
         })
         .unwrap();
         let config = spec

appmgr/src/index.rs

@@ -30,6 +30,7 @@ pub struct VersionInfo {
     pub release_notes: String,
     pub os_version_required: VersionRange,
     pub os_version_recommended: VersionRange,
+    pub install_alert: Option<String>,
 }
 
 const NULL_VERSION: Version = Version::new(0, 0, 0, 0);
@@ -52,6 +53,7 @@ impl AppIndex {
                 release_notes: manifest.release_notes,
                 os_version_required: manifest.os_version_required,
                 os_version_recommended: manifest.os_version_recommended,
+                install_alert: manifest.install_alert,
             });
             entry
                 .version_info
@@ -68,6 +70,7 @@ impl AppIndex {
                         release_notes: manifest.release_notes,
                         os_version_required: manifest.os_version_required,
                         os_version_recommended: manifest.os_version_recommended,
+                        install_alert: manifest.install_alert,
                     }],
                     icon_type: "png".to_owned(), // TODO
                 },

appmgr/src/install.rs

@@ -256,6 +256,19 @@ pub async fn install_v0<R: AsyncRead + Unpin + Send + Sync>(
             "Package Name Does Not Match Expected"
         );
     }
+
+    log::info!(
+        "Creating metadata directory: {}/apps/{}",
+        crate::PERSISTENCE_DIR,
+        manifest.id
+    );
+    let app_dir = PersistencePath::from_ref("apps").join(&manifest.id);
+    let app_dir_path = app_dir.path();
+    if app_dir_path.exists() {
+        tokio::fs::remove_dir_all(&app_dir_path).await?;
+    }
+    tokio::fs::create_dir_all(&app_dir_path).await?;
+
     let (ip, tor_addr, tor_key) = crate::tor::set_svc(
         &manifest.id,
         crate::tor::NewService {
@@ -270,12 +283,6 @@ pub async fn install_v0<R: AsyncRead + Unpin + Send + Sync>(
     log::info!("Creating volume {}/{}.", crate::VOLUMES, manifest.id);
     tokio::fs::create_dir_all(Path::new(crate::VOLUMES).join(&manifest.id)).await?;
 
-    let app_dir = PersistencePath::from_ref("apps").join(&manifest.id);
-    let app_dir_path = app_dir.path();
-    if app_dir_path.exists() {
-        tokio::fs::remove_dir_all(&app_dir_path).await?;
-    }
-    tokio::fs::create_dir_all(&app_dir_path).await?;
     let _lock = app_dir.lock(true).await?;
     log::info!("Saving manifest.");
     let mut manifest_out = app_dir.join("manifest.yaml").write(None).await?;
@@ -478,7 +485,7 @@ pub async fn install_v0<R: AsyncRead + Unpin + Send + Sync>(
     let mut args = vec![
         Cow::Borrowed(OsStr::new("create")),
         Cow::Borrowed(OsStr::new("--restart")),
-        Cow::Borrowed(OsStr::new("on-failure")),
+        Cow::Borrowed(OsStr::new("no")),
         Cow::Borrowed(OsStr::new("--name")),
         Cow::Borrowed(OsStr::new(&manifest.id)),
         Cow::Borrowed(OsStr::new("--mount")),

appmgr/src/lan.rs

@@ -0,0 +1,93 @@
+use crate::Error;
+use avahi_sys;
+use futures::future::pending;
+
+#[derive(Clone, Debug, Eq, PartialEq, Hash)]
+pub struct AppId {
+    pub un_app_id: String,
+}
+
+pub async fn enable_lan() -> Result<(), Error> {
+    unsafe {
+        let app_list = crate::apps::list_info().await?;
+
+        let simple_poll = avahi_sys::avahi_simple_poll_new();
+        let poll = avahi_sys::avahi_simple_poll_get(simple_poll);
+        let mut stack_err = 0;
+        let err_c: *mut i32 = &mut stack_err;
+        let avahi_client = avahi_sys::avahi_client_new(
+            poll,
+            avahi_sys::AvahiClientFlags::AVAHI_CLIENT_NO_FAIL,
+            None,
+            std::ptr::null_mut(),
+            err_c,
+        );
+        let group =
+            avahi_sys::avahi_entry_group_new(avahi_client, Some(noop), std::ptr::null_mut());
+        let hostname_raw = avahi_sys::avahi_client_get_host_name_fqdn(avahi_client);
+        let hostname_bytes = std::ffi::CStr::from_ptr(hostname_raw).to_bytes_with_nul();
+        const HOSTNAME_LEN: usize = 1 + 15 + 1 + 5; // leading byte, main address, dot, "local"
+        debug_assert_eq!(hostname_bytes.len(), HOSTNAME_LEN);
+        let mut hostname_buf = [0; HOSTNAME_LEN + 1];
+        hostname_buf[1..].copy_from_slice(hostname_bytes);
+        // assume fixed length prefix on hostname due to local address
+        hostname_buf[0] = 15; // set the prefix length to 15 for the main address
+        hostname_buf[16] = 5; // set the prefix length to 5 for "local"
+
+        for (app_id, app_info) in app_list {
+            let man = crate::apps::manifest(&app_id).await?;
+            if man
+                .ports
+                .iter()
+                .filter(|p| p.lan.is_some())
+                .next()
+                .is_none()
+            {
+                continue;
+            }
+            let tor_address = if let Some(addr) = app_info.tor_address {
+                addr
+            } else {
+                continue;
+            };
+            let lan_address = tor_address
+                .strip_suffix(".onion")
+                .ok_or_else(|| failure::format_err!("Invalid Tor Address: {:?}", tor_address))?
+                .to_owned()
+                + ".local";
+            let lan_address_ptr = std::ffi::CString::new(lan_address)
+                .expect("Could not cast lan address to c string");
+            let _ = avahi_sys::avahi_entry_group_add_record(
+                group,
+                avahi_sys::AVAHI_IF_UNSPEC,
+                avahi_sys::AVAHI_PROTO_UNSPEC,
+                avahi_sys::AvahiPublishFlags_AVAHI_PUBLISH_USE_MULTICAST
+                    | avahi_sys::AvahiPublishFlags_AVAHI_PUBLISH_ALLOW_MULTIPLE,
+                lan_address_ptr.as_ptr(),
+                avahi_sys::AVAHI_DNS_CLASS_IN as u16,
+                avahi_sys::AVAHI_DNS_TYPE_CNAME as u16,
+                avahi_sys::AVAHI_DEFAULT_TTL,
+                hostname_buf.as_ptr().cast(),
+                hostname_buf.len(),
+            );
+            log::info!("Published {:?}", lan_address_ptr);
+        }
+        avahi_sys::avahi_entry_group_commit(group);
+        ctrlc::set_handler(move || {
+            // please the borrow checker with the below semantics
+            // avahi_sys::avahi_entry_group_free(group);
+            // avahi_sys::avahi_client_free(avahi_client);
+            // drop(Box::from_raw(err_c));
+            std::process::exit(0);
+        })
+        .expect("Error setting signal handler");
+    }
+    pending().await
+}
+
+unsafe extern "C" fn noop(
+    _group: *mut avahi_sys::AvahiEntryGroup,
+    _state: avahi_sys::AvahiEntryGroupState,
+    _userdata: *mut core::ffi::c_void,
+) {
+}

appmgr/src/lib.rs

@@ -20,6 +20,7 @@ lazy_static::lazy_static! {
     pub static ref QUIET: tokio::sync::RwLock<bool> = tokio::sync::RwLock::new(!std::env::var("APPMGR_QUIET").map(|a| a == "0").unwrap_or(true));
 }
 
+pub mod actions;
 pub mod apps;
 pub mod backup;
 pub mod config;
@@ -30,6 +31,8 @@ pub mod error;
 pub mod index;
 pub mod inspect;
 pub mod install;
+#[cfg(feature = "avahi")]
+pub mod lan;
 pub mod logs;
 pub mod manifest;
 pub mod pack;

appmgr/src/main.rs

@@ -162,6 +162,17 @@ async fn inner_main() -> Result<(), Error> {
                 ),
         );
 
+    #[cfg(feature = "avahi")]
+    #[allow(unused_mut)]
+    let mut app = app.subcommand(
+        SubCommand::with_name("lan")
+            .about("Configures LAN services")
+            .subcommand(
+                SubCommand::with_name("enable")
+                    .about("Publishes the LAN addresses for all services"),
+            ),
+    );
+
     #[cfg(not(feature = "portable"))]
     let mut app = app
         .subcommand(
@@ -399,7 +410,6 @@ async fn inner_main() -> Result<(), Error> {
                 .about("Removes an installed app")
                 .arg(
                     Arg::with_name("purge")
-                        .short("p")
                         .long("purge")
                         .help("Deletes all application data"),
                 )
@@ -820,6 +830,16 @@ async fn inner_main() -> Result<(), Error> {
         )
         .subcommand(
             SubCommand::with_name("repair-app-status").about("Restarts crashed apps"), // TODO: remove
+        )
+        .subcommand(
+            SubCommand::with_name("actions")
+                .about("Perform an action for a service")
+                .arg(
+                    Arg::with_name("SERVICE")
+                        .help("ID of the service to perform an action on")
+                        .required(true),
+                )
+                .arg(Arg::with_name("ACTION").help("ID of the action to perform")),
         );
 
     let matches = app.clone().get_matches();
@@ -1178,6 +1198,15 @@ async fn inner_main() -> Result<(), Error> {
                 std::process::exit(1);
             }
         },
+        #[cfg(feature = "avahi")]
+        #[cfg(not(feature = "portable"))]
+        ("lan", Some(sub_m)) => match sub_m.subcommand() {
+            ("enable", _) => crate::lan::enable_lan().await?,
+            _ => {
+                println!("{}", sub_m.usage());
+                std::process::exit(1);
+            }
+        },
         #[cfg(not(feature = "portable"))]
         ("info", Some(sub_m)) => {
             let name = sub_m.value_of("ID").unwrap();
@@ -1547,6 +1576,34 @@ async fn inner_main() -> Result<(), Error> {
         ("repair-app-status", _) => {
             control::repair_app_status().await?;
         }
+        #[cfg(not(feature = "portable"))]
+        ("actions", Some(sub_m)) => {
+            use yajrc::{GenericRpcMethod, RpcResponse};
+
+            let man = apps::manifest(sub_m.value_of("SERVICE").unwrap()).await?;
+            let action_id = sub_m.value_of("ACTION").unwrap();
+            println!(
+                "{}",
+                serde_json::to_string(&RpcResponse::<GenericRpcMethod>::from_result(
+                    man.actions
+                        .iter()
+                        .filter(|a| &a.id == &action_id)
+                        .next()
+                        .ok_or_else(|| {
+                            failure::format_err!(
+                                "action {} does not exist for {}",
+                                action_id,
+                                man.id
+                            )
+                        })
+                        .with_code(error::NOT_FOUND)?
+                        .perform(&man.id)
+                        .await
+                        .map(serde_json::Value::String)
+                ))
+                .with_code(error::SERDE_ERROR)?
+            )
+        }
         ("pack", Some(sub_m)) => {
             pack(
                 sub_m.value_of("PATH").unwrap(),

appmgr/src/manifest.rs

@@ -2,6 +2,7 @@ use std::path::PathBuf;
 
 use linear_map::LinearMap;
 
+use crate::actions::Action;
 use crate::dependencies::Dependencies;
 use crate::tor::HiddenServiceVersion;
 use crate::tor::PortMapping;
@@ -37,6 +38,14 @@ pub struct ManifestV0 {
     pub description: Description,
     pub release_notes: String,
     #[serde(default)]
+    pub install_alert: Option<String>,
+    #[serde(default)]
+    pub uninstall_alert: Option<String>,
+    #[serde(default)]
+    pub restore_alert: Option<String>,
+    #[serde(default)]
+    pub start_alert: Option<String>,
+    #[serde(default)]
     pub has_instructions: bool,
     #[serde(default = "emver::VersionRange::any")]
     pub os_version_required: emver::VersionRange,
@@ -57,6 +66,8 @@ pub struct ManifestV0 {
     pub hidden_service_version: HiddenServiceVersion,
     #[serde(default)]
     pub dependencies: Dependencies,
+    #[serde(default)]
+    pub actions: Vec<Action>,
     #[serde(flatten)]
     pub extra: LinearMap<String, serde_yaml::Value>,
 }

appmgr/src/nginx-standard.conf.template

@@ -0,0 +1,18 @@
+server {{
+    listen 443 ssl;
+    server_name {hostname}.local;
+    ssl_certificate /root/appmgr/apps/{app_id}/cert-local.fullchain.crt.pem;
+    ssl_certificate_key /root/appmgr/apps/{app_id}/cert-local.key.pem;
+    location / {{
+        proxy_pass http://{app_ip}:{internal_port}/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }}
+}}
+server {{
+    listen 80;
+    server_name {hostname}.local;
+    return 301 https://$host$request_uri;
+}}

appmgr/src/nginx.conf.template

@@ -0,0 +1,8 @@
+server {{
+    listen {port};
+    server_name {hostname}.local;
+    location / {{
+        proxy_pass http://{app_ip}:{internal_port}/;
+        proxy_set_header Host $host;
+    }}
+}}

appmgr/src/pack.rs

@@ -25,14 +25,6 @@ pub enum Error {
 pub async fn pack(path: &str, output: &str) -> Result<(), failure::Error> {
     let path = Path::new(path.trim_end_matches("/"));
     let output = Path::new(output);
-    ensure!(
-        output
-            .extension()
-            .and_then(|a| a.to_str())
-            .ok_or_else(|| Error::InvalidOutputPath(format!("{}", output.display())))?
-            == "s9pk",
-        "Extension Must Be '.s9pk'"
-    );
     log::info!(
         "Starting pack of {} to {}.",
         path.file_name()
@@ -74,9 +66,6 @@ pub async fn pack(path: &str, output: &str) -> Result<(), failure::Error> {
             .with_context(|e| format!("{}: config_spec.yaml", e))?,
     )
     .await?;
-    config_spec.validate(&manifest)?;
-    let config = config_spec.gen(&mut rand::rngs::StdRng::from_entropy(), &None)?;
-    config_spec.matches(&config)?;
     log::info!("Writing config spec to archive.");
     let bin_config_spec = serde_cbor::to_vec(&config_spec)?;
     let mut config_spec_header = tar::Header::new_gnu();
@@ -94,12 +83,6 @@ pub async fn pack(path: &str, output: &str) -> Result<(), failure::Error> {
             .with_context(|e| format!("{}: config_rules.yaml", e))?,
     )
     .await?;
-    let mut cfgs = LinearMap::new();
-    cfgs.insert(manifest.id.as_str(), Cow::Borrowed(&config));
-    for rule in &config_rules {
-        rule.check(&config, &cfgs)
-            .with_context(|e| format!("Default Config does not satisfy: {}", e))?;
-    }
     log::info!("Writing config rules to archive.");
     let bin_config_rules = serde_cbor::to_vec(&config_rules)?;
     let mut config_rules_header = tar::Header::new_gnu();
@@ -234,6 +217,13 @@ pub async fn verify(path: &str) -> Result<(), failure::Error> {
     if let Some(shared) = &manifest.shared {
         validate_path(shared)?;
     }
+    for action in &manifest.actions {
+        ensure!(
+            !action.command.is_empty(),
+            "Command Cannot Be Empty: {}",
+            action.id
+        );
+    }
     log::info!("Opening config spec from archive.");
     let config_spec = entries
         .next()

appmgr/src/tor.rs

@@ -8,17 +8,62 @@ use failure::ResultExt as _;
 use tokio::io::AsyncReadExt;
 use tokio::io::AsyncWriteExt;
 
-use crate::util::{PersistencePath, YamlUpdateHandle};
+use crate::util::{Invoke, PersistencePath, YamlUpdateHandle};
 use crate::{Error, ResultExt as _};
 
 #[derive(Debug, Clone, Copy, serde::Deserialize, serde::Serialize)]
+#[serde(rename_all = "kebab-case")]
+pub enum LanOptions {
+    Standard,
+    Custom { port: u16 },
+}
+
+#[derive(Debug, Clone, Copy, serde::Serialize)]
 pub struct PortMapping {
     pub internal: u16,
     pub tor: u16,
+    pub lan: Option<LanOptions>, // only for http interfaces
+}
+impl<'de> serde::de::Deserialize<'de> for PortMapping {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: serde::de::Deserializer<'de>,
+    {
+        #[derive(serde::Deserialize)]
+        pub struct PortMappingIF {
+            pub internal: u16,
+            pub tor: u16,
+            #[serde(default, deserialize_with = "deserialize_some")]
+            pub lan: Option<Option<LanOptions>>,
+        }
+
+        fn deserialize_some<'de, T, D>(deserializer: D) -> Result<Option<T>, D::Error>
+        where
+            T: serde::de::Deserialize<'de>,
+            D: serde::de::Deserializer<'de>,
+        {
+            serde::de::Deserialize::deserialize(deserializer).map(Some)
+        }
+
+        let input_format: PortMappingIF = serde::de::Deserialize::deserialize(deserializer)?;
+        Ok(PortMapping {
+            internal: input_format.internal,
+            tor: input_format.tor,
+            lan: if let Some(lan) = input_format.lan {
+                lan
+            } else if input_format.tor == 80 {
+                Some(LanOptions::Standard)
+            } else {
+                None
+            },
+        })
+    }
 }
 
 pub const ETC_TOR_RC: &'static str = "/etc/tor/torrc";
 pub const HIDDEN_SERVICE_DIR_ROOT: &'static str = "/var/lib/tor";
+pub const ETC_HOSTNAME: &'static str = "/etc/hostname";
+pub const ETC_NGINX_SERVICES_CONF: &'static str = "/etc/nginx/sites-available/start9-services.conf";
 
 #[derive(Debug, Clone, Copy, serde::Deserialize, serde::Serialize)]
 #[serde(rename_all = "lowercase")]
@@ -179,6 +224,167 @@ pub async fn write_services(hidden_services: &ServicesMap) -> Result<(), Error>
     Ok(())
 }
 
+pub async fn write_lan_services(hidden_services: &ServicesMap) -> Result<(), Error> {
+    let mut f = tokio::fs::File::create(ETC_NGINX_SERVICES_CONF).await?;
+    for (app_id, service) in &hidden_services.map {
+        let hostname = tokio::fs::read_to_string(
+            Path::new(HIDDEN_SERVICE_DIR_ROOT)
+                .join(format!("app-{}", app_id))
+                .join("hostname"),
+        )
+        .await
+        .with_context(|e| format!("{}/app-{}/hostname: {}", HIDDEN_SERVICE_DIR_ROOT, app_id, e))
+        .with_code(crate::error::FILESYSTEM_ERROR)?;
+        let hostname_str = hostname
+            .trim()
+            .strip_suffix(".onion")
+            .ok_or_else(|| failure::format_err!("invalid tor hostname"))
+            .no_code()?;
+        for mapping in &service.ports {
+            match &mapping.lan {
+                Some(LanOptions::Standard) => {
+                    log::info!("Writing LAN certificates for {}", app_id);
+                    let base_path = PersistencePath::from_ref("apps").join(&app_id);
+                    let key_path = base_path.join("cert-local.key.pem").path();
+                    if tokio::fs::metadata(&key_path).await.is_err() {
+                        tokio::process::Command::new("openssl")
+                            .arg("ecparam")
+                            .arg("-genkey")
+                            .arg("-name")
+                            .arg("prime256v1")
+                            .arg("-noout")
+                            .arg("-out")
+                            .arg(&key_path)
+                            .invoke("OpenSSL GenKey")
+                            .await?;
+                    }
+                    let conf_path = base_path.join("cert-local.csr.conf").path();
+                    if tokio::fs::metadata(&conf_path).await.is_err() {
+                        tokio::fs::write(
+                            &conf_path,
+                            format!(
+                                include_str!("cert-local.csr.conf.template"),
+                                hostname = hostname_str
+                            ),
+                        )
+                        .await?;
+                    }
+                    let req_path = base_path.join("cert-local.csr").path();
+                    if tokio::fs::metadata(&req_path).await.is_err() {
+                        tokio::process::Command::new("openssl")
+                            .arg("req")
+                            .arg("-config")
+                            .arg(&conf_path)
+                            .arg("-key")
+                            .arg(&key_path)
+                            .arg("-new")
+                            .arg("-addext")
+                            .arg(format!(
+                                "subjectAltName=DNS:{hostname}.local",
+                                hostname = hostname_str
+                            ))
+                            .arg("-out")
+                            .arg(&req_path)
+                            .invoke("OpenSSL Req")
+                            .await?;
+                    }
+                    let cert_path = base_path.join("cert-local.crt.pem").path();
+                    if tokio::fs::metadata(&cert_path).await.is_err() {
+                        tokio::process::Command::new("openssl")
+                            .arg("ca")
+                            .arg("-batch")
+                            .arg("-config")
+                            .arg("/root/agent/ca/intermediate/openssl.conf")
+                            .arg("-rand_serial")
+                            .arg("-keyfile")
+                            .arg("/root/agent/ca/intermediate/private/embassy-int-ca.key.pem")
+                            .arg("-cert")
+                            .arg("/root/agent/ca/intermediate/certs/embassy-int-ca.crt.pem")
+                            .arg("-extensions")
+                            .arg("server_cert")
+                            .arg("-days")
+                            .arg("365")
+                            .arg("-notext")
+                            .arg("-in")
+                            .arg(&req_path)
+                            .arg("-out")
+                            .arg(&cert_path)
+                            .invoke("OpenSSL CA")
+                            .await?;
+                    }
+                    let fullchain_path = base_path.join("cert-local.fullchain.crt.pem");
+                    if !fullchain_path.exists().await {
+                        log::info!("Writing fullchain to: {}", fullchain_path.path().display());
+                        let mut fullchain_file = fullchain_path.write(None).await?;
+                        tokio::io::copy(
+                            &mut tokio::fs::File::open(&cert_path).await?,
+                            &mut *fullchain_file,
+                        )
+                        .await?;
+                        tokio::io::copy(
+                            &mut tokio::fs::File::open(
+                                "/root/agent/ca/intermediate/certs/embassy-int-ca.crt.pem",
+                            )
+                            .await
+                            .with_context(|e| {
+                                format!(
+                                    "{}: /root/agent/ca/intermediate/certs/embassy-int-ca.crt.pem",
+                                    e
+                                )
+                            })
+                            .with_code(crate::error::FILESYSTEM_ERROR)?,
+                            &mut *fullchain_file,
+                        )
+                        .await?;
+                        tokio::io::copy(
+                            &mut tokio::fs::File::open(
+                                "/root/agent/ca/certs/embassy-root-ca.cert.pem",
+                            )
+                            .await
+                            .with_context(|e| {
+                                format!("{}: /root/agent/ca/certs/embassy-root-ca.cert.pem", e)
+                            })
+                            .with_code(crate::error::FILESYSTEM_ERROR)?,
+                            &mut *fullchain_file,
+                        )
+                        .await?;
+                        fullchain_file.commit().await?;
+                        log::info!("{} written successfully", fullchain_path.path().display());
+                    }
+                    f.write_all(
+                        format!(
+                            include_str!("nginx-standard.conf.template"),
+                            hostname = hostname_str,
+                            app_ip = service.ip,
+                            internal_port = mapping.internal,
+                            app_id = app_id,
+                        )
+                        .as_bytes(),
+                    )
+                    .await?;
+                    f.sync_all().await?;
+                }
+                Some(LanOptions::Custom { port }) => {
+                    f.write_all(
+                        format!(
+                            include_str!("nginx.conf.template"),
+                            hostname = hostname_str,
+                            app_ip = service.ip,
+                            port = port,
+                            internal_port = mapping.internal,
+                        )
+                        .as_bytes(),
+                    )
+                    .await?
+                }
+                None => (),
+            }
+        }
+    }
+
+    Ok(())
+}
+
 pub async fn read_tor_address(name: &str, timeout: Option<Duration>) -> Result<String, Error> {
     log::info!("Retrieving Tor hidden service address for {}.", name);
     let addr_path = Path::new(HIDDEN_SERVICE_DIR_ROOT)
@@ -217,7 +423,7 @@ pub async fn read_tor_key(
     version: HiddenServiceVersion,
     timeout: Option<Duration>,
 ) -> Result<String, Error> {
-    log::info!("Retrieving Tor hidden service address for {}.", name);
+    log::info!("Retrieving Tor hidden service key for {}.", name);
     let addr_path = Path::new(HIDDEN_SERVICE_DIR_ROOT)
         .join(format!("app-{}", name))
         .join(match version {
@@ -277,7 +483,18 @@ pub async fn set_svc(
     let ip = hidden_services.add(name.to_owned(), service);
     log::info!("Adding Tor hidden service {} to {}.", name, ETC_TOR_RC);
     write_services(&hidden_services).await?;
-    hidden_services.commit().await?;
+    let addr_path = Path::new(HIDDEN_SERVICE_DIR_ROOT)
+        .join(format!("app-{}", name))
+        .join("hostname");
+    tokio::fs::remove_file(addr_path).await.or_else(|e| {
+        if e.kind() == std::io::ErrorKind::NotFound {
+            Ok(())
+        } else {
+            Err(e)
+        }
+    })?;
+    #[cfg(target_os = "linux")]
+    nix::unistd::sync();
     log::info!("Reloading Tor.");
     let svc_exit = std::process::Command::new("service")
         .args(&["tor", "reload"])
@@ -291,19 +508,32 @@ pub async fn set_svc(
             .or_else(|| { svc_exit.signal().map(|a| 128 + a) })
             .unwrap_or(0)
     );
-    Ok((
-        ip,
-        if is_listening {
-            Some(read_tor_address(name, Some(Duration::from_secs(30))).await?)
-        } else {
-            None
-        },
-        if is_listening {
-            Some(read_tor_key(name, ver, Some(Duration::from_secs(30))).await?)
-        } else {
-            None
-        },
-    ))
+    let addr = if is_listening {
+        Some(read_tor_address(name, Some(Duration::from_secs(30))).await?)
+    } else {
+        None
+    };
+    let key = if is_listening {
+        Some(read_tor_key(name, ver, Some(Duration::from_secs(30))).await?)
+    } else {
+        None
+    };
+    write_lan_services(&hidden_services).await?;
+    log::info!("Reloading Nginx.");
+    let svc_exit = std::process::Command::new("service")
+        .args(&["nginx", "reload"])
+        .status()?;
+    crate::ensure_code!(
+        svc_exit.success(),
+        crate::error::GENERAL_ERROR,
+        "Failed to Reload Nginx: {}",
+        svc_exit
+            .code()
+            .or_else(|| { svc_exit.signal().map(|a| 128 + a) })
+            .unwrap_or(0)
+    );
+    hidden_services.commit().await?;
+    Ok((ip, addr, key))
 }
 
 pub async fn rm_svc(name: &str) -> Result<(), Error> {
@@ -322,7 +552,6 @@ pub async fn rm_svc(name: &str) -> Result<(), Error> {
     }
     log::info!("Removing Tor hidden service {} from {}.", name, ETC_TOR_RC);
     write_services(&hidden_services).await?;
-    hidden_services.commit().await?;
     log::info!("Reloading Tor.");
     let svc_exit = std::process::Command::new("service")
         .args(&["tor", "reload"])
@@ -333,6 +562,21 @@ pub async fn rm_svc(name: &str) -> Result<(), Error> {
         "Failed to Reload Tor: {}",
         svc_exit.code().unwrap_or(0)
     );
+    write_lan_services(&hidden_services).await?;
+    log::info!("Reloading Nginx.");
+    let svc_exit = std::process::Command::new("service")
+        .args(&["nginx", "reload"])
+        .status()?;
+    crate::ensure_code!(
+        svc_exit.success(),
+        crate::error::GENERAL_ERROR,
+        "Failed to Reload Nginx: {}",
+        svc_exit
+            .code()
+            .or_else(|| { svc_exit.signal().map(|a| 128 + a) })
+            .unwrap_or(0)
+    );
+    hidden_services.commit().await?;
     Ok(())
 }
 

appmgr/src/util.rs

@@ -137,6 +137,7 @@ impl PersistenceFile {
         if let Some(mut file) = self.file.take() {
             file.flush().await?;
             file.shutdown().await?;
+            file.sync_all().await?;
             drop(file);
         }
         if let Some(path) = self.needs_commit.take() {
@@ -156,10 +157,6 @@ impl PersistenceFile {
                     .await
                     .with_context(|e| format!("{}.lock: {}", path.path().display(), e))
                     .with_code(crate::error::FILESYSTEM_ERROR)?;
-                tokio::fs::remove_file(format!("{}.lock", path.path().display()))
-                    .await
-                    .with_context(|e| format!("{}.lock: {}", path.path().display(), e))
-                    .with_code(crate::error::FILESYSTEM_ERROR)?;
             }
 
             Ok(())

appmgr/src/version/mod.rs

@@ -23,8 +23,10 @@ mod v0_2_4;
 mod v0_2_5;
 mod v0_2_6;
 mod v0_2_7;
+mod v0_2_8;
+mod v0_2_9;
 
-pub use v0_2_7::Version as Current;
+pub use v0_2_9::Version as Current;
 
 #[derive(serde::Serialize, serde::Deserialize)]
 #[serde(untagged)]
@@ -44,6 +46,8 @@ enum Version {
     V0_2_5(Wrapper<v0_2_5::Version>),
     V0_2_6(Wrapper<v0_2_6::Version>),
     V0_2_7(Wrapper<v0_2_7::Version>),
+    V0_2_8(Wrapper<v0_2_8::Version>),
+    V0_2_9(Wrapper<v0_2_9::Version>),
     Other(emver::Version),
 }
 
@@ -153,6 +157,8 @@ pub async fn init() -> Result<(), failure::Error> {
             Version::V0_2_5(v) => v.0.migrate_to(&Current::new()).await?,
             Version::V0_2_6(v) => v.0.migrate_to(&Current::new()).await?,
             Version::V0_2_7(v) => v.0.migrate_to(&Current::new()).await?,
+            Version::V0_2_8(v) => v.0.migrate_to(&Current::new()).await?,
+            Version::V0_2_9(v) => v.0.migrate_to(&Current::new()).await?,
             Version::Other(_) => (),
             // TODO find some way to automate this?
         }
@@ -169,7 +175,8 @@ pub async fn self_update(requirement: emver::VersionRange) -> Result<(), Error>
         .collect();
     let url = format!("{}/appmgr?spec={}", &*crate::SYS_REGISTRY_URL, req_str);
     log::info!("Fetching new version from {}", url);
-    let response = reqwest::get(&url).compat()
+    let response = reqwest::get(&url)
+        .compat()
         .await
         .with_code(crate::error::NETWORK_ERROR)?
         .error_for_status()
@@ -240,6 +247,8 @@ pub async fn self_update(requirement: emver::VersionRange) -> Result<(), Error>
         Version::V0_2_5(v) => Current::new().migrate_to(&v.0).await?,
         Version::V0_2_6(v) => Current::new().migrate_to(&v.0).await?,
         Version::V0_2_7(v) => Current::new().migrate_to(&v.0).await?,
+        Version::V0_2_8(v) => Current::new().migrate_to(&v.0).await?,
+        Version::V0_2_9(v) => Current::new().migrate_to(&v.0).await?,
         Version::Other(_) => (),
         // TODO find some way to automate this?
     };

appmgr/src/version/v0_2_8.rs

@@ -0,0 +1,36 @@
+use super::*;
+use crate::util::Invoke;
+
+const V0_2_8: emver::Version = emver::Version::new(0, 2, 8, 0);
+
+pub struct Version;
+#[async_trait]
+impl VersionT for Version {
+    type Previous = v0_2_7::Version;
+    fn new() -> Self {
+        Version
+    }
+    fn semver(&self) -> &'static emver::Version {
+        &V0_2_8
+    }
+    async fn up(&self) -> Result<(), Error> {
+        for (app_id, _) in crate::apps::list_info().await? {
+            tokio::process::Command::new("docker")
+                .arg("stop")
+                .arg(&app_id)
+                .invoke("Docker")
+                .await?;
+            tokio::process::Command::new("docker")
+                .arg("update")
+                .arg("--restart")
+                .arg("no")
+                .arg(&app_id)
+                .invoke("Docker")
+                .await?;
+        }
+        Ok(())
+    }
+    async fn down(&self) -> Result<(), Error> {
+        Ok(())
+    }
+}

appmgr/src/version/v0_2_9.rs

@@ -0,0 +1,75 @@
+use std::os::unix::process::ExitStatusExt;
+
+use super::*;
+
+const V0_2_9: emver::Version = emver::Version::new(0, 2, 9, 0);
+
+pub struct Version;
+#[async_trait]
+impl VersionT for Version {
+    type Previous = v0_2_8::Version;
+    fn new() -> Self {
+        Version
+    }
+    fn semver(&self) -> &'static emver::Version {
+        &V0_2_9
+    }
+    async fn up(&self) -> Result<(), Error> {
+        crate::tor::write_lan_services(
+            &crate::tor::services_map(&PersistencePath::from_ref(crate::SERVICES_YAML)).await?,
+        )
+        .await?;
+        tokio::fs::os::unix::symlink(
+            crate::tor::ETC_NGINX_SERVICES_CONF,
+            "/etc/nginx/sites-enabled/start9-services.conf",
+        )
+        .await
+        .or_else(|e| {
+            if e.kind() == std::io::ErrorKind::AlreadyExists {
+                Ok(())
+            } else {
+                Err(e)
+            }
+        })?;
+        let svc_exit = std::process::Command::new("service")
+            .args(&["nginx", "reload"])
+            .status()?;
+        crate::ensure_code!(
+            svc_exit.success(),
+            crate::error::GENERAL_ERROR,
+            "Failed to Reload Nginx: {}",
+            svc_exit
+                .code()
+                .or_else(|| { svc_exit.signal().map(|a| 128 + a) })
+                .unwrap_or(0)
+        );
+        Ok(())
+    }
+    async fn down(&self) -> Result<(), Error> {
+        tokio::fs::remove_file("/etc/nginx/sites-enabled/start9-services.conf")
+            .await
+            .or_else(|e| match e {
+                e if e.kind() == std::io::ErrorKind::NotFound => Ok(()),
+                e => Err(e),
+            })?;
+        tokio::fs::remove_file(crate::tor::ETC_NGINX_SERVICES_CONF)
+            .await
+            .or_else(|e| match e {
+                e if e.kind() == std::io::ErrorKind::NotFound => Ok(()),
+                e => Err(e),
+            })?;
+        let svc_exit = std::process::Command::new("service")
+            .args(&["nginx", "reload"])
+            .status()?;
+        crate::ensure_code!(
+            svc_exit.success(),
+            crate::error::GENERAL_ERROR,
+            "Failed to Reload Nginx: {}",
+            svc_exit
+                .code()
+                .or_else(|| { svc_exit.signal().map(|a| 128 + a) })
+                .unwrap_or(0)
+        );
+        Ok(())
+    }
+}

appmgr/taplo.toml

@@ -0,0 +1,30 @@
+include = ["Cargo.toml"]
+
+[formatting]
+# Align consecutive entries vertically.
+align_entries = false
+# Append trailing commas for multi-line arrays.
+array_trailing_comma = true
+# Expand arrays to multiple lines that exceed the maximum column width.
+array_auto_expand = true
+# Collapse arrays that don't exceed the maximum column width and don't contain comments.
+array_auto_collapse = true
+# Omit white space padding from single-line arrays
+compact_arrays = true
+# Omit white space padding from the start and end of inline tables.
+compact_inline_tables = false
+# Maximum column width in characters, affects array expansion and collapse, this doesn't take whitespace into account.
+# Note that this is not set in stone, and works on a best-effort basis.
+column_width = 80
+# Indent based on tables and arrays of tables and their subtables, subtables out of order are not indented.
+indent_tables = false
+# The substring that is used for indentation, should be tabs or spaces (but technically can be anything).
+indent_string = '  '
+# Add trailing newline at the end of the file if not present.
+trailing_newline = true
+# Alphabetically reorder keys that are not separated by empty lines.
+reorder_keys = true
+# Maximum amount of allowed consecutive blank lines. This does not affect the whitespace at the end of the document, as it is always stripped.
+allowed_blank_lines = 2
+# Use CRLF for line endings.
+crlf = false

docker-daemon.json

@@ -0,0 +1,3 @@
+{
+    "log-driver": "journald"
+}

lifeline/.gitignore

@@ -0,0 +1,2 @@
+/target
+**/*.rs.bk

lifeline/Cargo.lock

@@ -0,0 +1,6 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+[[package]]
+name = "lifeline"
+version = "0.1.0"
+

lifeline/Cargo.toml

@@ -0,0 +1,9 @@
+[package]
+name = "lifeline"
+version = "0.1.0"
+authors = ["Keagan McClelland <keagan.mcclelland@gmail.com>"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]

lifeline/lifeline.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Boot process for system reset.
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/lifeline
+RemainAfterExit=true
+
+[Install]
+WantedBy=multi-user.target

lifeline/rustfmt.toml

@@ -0,0 +1 @@
+max_width = 120

lifeline/src/main.rs

@@ -0,0 +1,14 @@
+use std::time::Duration;
+
+mod sound;
+
+use sound::{notes::*, Song};
+
+const SUCCESS_SONG: Song = Song(&[(Some(A_4), Duration::from_millis(100))]);
+
+fn main() {
+    std::fs::write("/sys/class/pwm/pwmchip0/export", "0").unwrap();
+    let res = SUCCESS_SONG.play();
+    std::fs::write("/sys/class/pwm/pwmchip0/unexport", "0").unwrap();
+    res.unwrap();
+}

lifeline/src/sound.rs

@@ -0,0 +1,93 @@
+#![allow(dead_code)]
+
+use std::io::Error;
+use std::time::Duration;
+
+pub mod notes {
+    pub const A_4: f64 = 440.0;
+    pub const B_4: f64 = 493.88;
+    pub const C_5: f64 = 523.25;
+    pub const D_5: f64 = 587.33;
+    pub const E_5: f64 = 659.25;
+    pub const F_5: f64 = 698.46;
+    pub const G_5: f64 = 783.99;
+    pub const A_5: f64 = 880.00;
+    pub const B_5: f64 = 987.77;
+    pub const E_6: f64 = 1318.51;
+}
+
+pub fn freq_to_period(freq: f64) -> Duration {
+    Duration::from_secs(1).div_f64(freq)
+}
+
+pub fn play(freq: f64) -> Result<(), Error> {
+    // set freq
+    let period = freq_to_period(freq);
+    let period_bytes = std::fs::read("/sys/class/pwm/pwmchip0/pwm0/period")?;
+    if period_bytes == b"0\n" {
+        std::fs::write("/sys/class/pwm/pwmchip0/pwm0/period", format!("{}", 1000))?;
+    }
+    std::fs::write("/sys/class/pwm/pwmchip0/pwm0/duty_cycle", "0")?;
+    std::fs::write("/sys/class/pwm/pwmchip0/pwm0/period", format!("{}", period.as_nanos()))?;
+    std::fs::write(
+        "/sys/class/pwm/pwmchip0/pwm0/duty_cycle",
+        format!("{}", (period / 2).as_nanos()),
+    )?;
+    // enable the thing
+    std::fs::write("/sys/class/pwm/pwmchip0/pwm0/enable", "1")?;
+    Ok(())
+}
+
+pub fn stop() -> Result<(), Error> {
+    // disable the thing
+    std::fs::write("/sys/class/pwm/pwmchip0/pwm0/enable", "0")?;
+    // sleep small amount
+    std::thread::sleep(Duration::from_micros(30));
+    Ok(())
+}
+
+pub fn play_for_duration(freq: f64, duration: Duration) -> Result<(), Error> {
+    play(freq)?;
+    std::thread::sleep(duration);
+    stop()
+}
+
+#[derive(Clone, Debug)]
+pub struct Song<'a>(pub &'a [(Option<f64>, Duration)]);
+impl<'a> Song<'a> {
+    pub fn play(&self) -> Result<(), Error> {
+        for (note, duration) in self.0 {
+            if let Some(note) = note {
+                play_for_duration(*note, *duration)?;
+            } else {
+                std::thread::sleep(*duration);
+            }
+        }
+        Ok(())
+    }
+}
+
+impl Song<'static> {
+    pub fn play_while<T, F: FnOnce() -> T>(&'static self, f: F) -> T {
+        let run = std::sync::Arc::new(std::sync::atomic::AtomicBool::new(true));
+        let t_run = run.clone();
+        let handle = std::thread::spawn(move || -> Result<(), Error> {
+            while t_run.load(std::sync::atomic::Ordering::SeqCst) {
+                self.play()?;
+            }
+            Ok(())
+        });
+        let res = f();
+        run.store(false, std::sync::atomic::Ordering::SeqCst);
+        let e = handle.join().unwrap().err();
+        if let Some(e) = e {
+            eprintln!("ERROR PLAYING SOUND: {}\n{:?}", e, e);
+        }
+        res
+    }
+}
+impl<'a> From<&'a [(Option<f64>, Duration)]> for Song<'a> {
+    fn from(t: &'a [(Option<f64>, Duration)]) -> Self {
+        Song(t)
+    }
+}

make_image.sh

@@ -1,5 +1,37 @@
-#!/bin/sh
+#!/bin/bash
 
->&2 echo "As of 0.2.5, it is not possible to programmatically generate an Embassy image."
->&2 echo "The image must be setup manually by copying over the artifacts, and installing the necessary dependencies."
-exit 1
+mv buster.img embassy.img
+product_key=$(cat product_key)
+loopdev=$(losetup -f -P embassy.img --show)
+root_mountpoint="/mnt/start9-${product_key}-root"
+boot_mountpoint="/mnt/start9-${product_key}-boot"
+mkdir -p "${root_mountpoint}"
+mkdir -p "${boot_mountpoint}"
+mount "${loopdev}p2" "${root_mountpoint}"
+mount "${loopdev}p1" "${boot_mountpoint}"
+echo "${product_key}" > "${root_mountpoint}/root/agent/product_key"
+echo -n "start9-" > "${root_mountpoint}/etc/hostname"
+echo -n "${product_key}" | shasum -t -a 256 | cut -c1-8 >> "${root_mountpoint}/etc/hostname"
+cat "${root_mountpoint}/etc/hosts" | grep -v "127.0.1.1" > "${root_mountpoint}/etc/hosts.tmp"
+echo -ne "127.0.1.1\tstart9-" >> "${root_mountpoint}/etc/hosts.tmp"
+echo -n "${product_key}" | shasum -t -a 256 | cut -c1-8 >> "${root_mountpoint}/etc/hosts.tmp"
+mv "${root_mountpoint}/etc/hosts.tmp" "${root_mountpoint}/etc/hosts"
+cp agent/dist/agent "${root_mountpoint}/usr/local/bin/agent"
+chmod 700 "${root_mountpoint}/usr/local/bin/agent"
+cp appmgr/target/armv7-unknown-linux-musleabihf/release/appmgr "${root_mountpoint}/usr/local/bin/appmgr"
+chmod 700 "${root_mountpoint}/usr/local/bin/appmgr"
+cp lifeline/target/armv7-unknown-linux-musleabihf/release/lifeline "${root_mountpoint}/usr/local/bin/lifeline"
+chmod 700 "${root_mountpoint}/usr/local/bin/lifeline"
+cp docker-daemon.json "${root_mountpoint}/etc/docker/daemon.json"
+cp setup.sh "${root_mountpoint}/root/setup.sh"
+chmod 700 "${root_mountpoint}/root/setup.sh"
+cp setup.service /etc/systemd/system/setup.service
+cp lifeline/lifeline.service /etc/systemd/system/lifeline.service
+cp agent/config/agent.service /etc/systemd/system/agent.service
+cat "${boot_mountpoint}/config.txt" | grep -v "dtoverlay=pwm-2chan" > "${boot_mountpoint}/config.txt.tmp"
+echo "dtoverlay=pwm-2chan" >> "${boot_mountpoint}/config.txt.tmp"
+umount "${root_mountpoint}"
+rm -r "${root_mountpoint}"
+umount "${boot_mountpoint}"
+rm -r "${boot_mountpoint}"
+losetup -d ${loopdev}

setup.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Boot process for system setup.
+
+[Service]
+Type=oneshot
+ExecStart=/root/setup.sh
+RemainAfterExit=true
+
+[Install]
+WantedBy=multi-user.target

setup.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+apt update
+apt install -y libsecp256k1-0
+apt install -y tor
+apt install -y docker.io
+apt install -y iotop
+apt install -y bmon
+apt autoremove -y
+mkdir -p /root/volumes
+mkdir -p /root/tmp/appmgr
+mkdir -p /root/agent
+mkdir -p /root/appmgr/tor
+systemctl enable lifeline
+systemctl enable agent
+systemctl enable ssh
+systemctl enable avahi-daemon
+passwd -l root
+passwd -l pi
+sync
+systemctl disable setup.service
+reboot

ui/angular.json

@@ -29,6 +29,11 @@
                 "glob": "**/*.svg",
                 "input": "node_modules/ionicons/dist/ionicons/svg",
                 "output": "./svg"
+              },
+              {
+                "glob": "**/*.svg",
+                "input": "src/assets/icon",
+                "output": "./svg"
               }
             ],
             "styles": [

ui/build-send-beta.sh

@@ -3,6 +3,7 @@ set -e
 
 echo "turn off mocks"
 echo "$( jq '.useMocks = false' use-mocks.json )" > use-mocks.json
+echo "$( jq '.skipStartupAlerts = false' use-mocks.json )" > use-mocks.json
 
 echo "FILTER: rm -rf www"
 rm -rf www

ui/build-send.sh

@@ -10,14 +10,6 @@ rm -rf www
 echo "FILTER: ionic build"
 npm run build-prod
 
-echo "FILTER: cp client-manifest.yaml www"
-cp client-manifest.yaml www
-
-echo "FILTER: git hash"
-touch git-hash.txt
-git log | head -n1 > git-hash.txt
-mv git-hash.txt www
-
 echo "FILTER: ssh + rm -rf /var/www/html/start9-ambassador/"
 ssh root@start9-$1.local "rm -rf /var/www/html/start9-ambassador"
 

ui/client-manifest.yaml

@@ -1,6 +1,6 @@
 manifest-version: 0
 app-id: start9-ambassador
-app-version: 0.2.7
+app-version: 0.2.9
 uri-rewrites:
     - =/api -> http://{{start9-ambassador}}:5959/authenticate
     - /api/ -> http://{{start9-ambassador}}:5959/

ui/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "embassy-ui",
-  "version": "0.2.7",
+  "version": "0.2.9",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -375,79 +375,35 @@
       }
     },
     "@angular-devkit/core": {
-      "version": "10.2.0",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-10.2.0.tgz",
-      "integrity": "sha512-XAszFhSF3mZw1VjoOsYGbArr5NJLcStjOvcCGjBPl1UBM2AKpuCQXHxI9XJGYKL3B93Vp5G58d8qkHvamT53OA==",
+      "version": "11.0.5",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-11.0.5.tgz",
+      "integrity": "sha512-hwV8fjF8JNPJkiVWw8MNzeIfDo01aD/OAOlC4L5rQnVHn+i2EiU3brSDmFqyeHPPV3h/QjuBkS3tkN7gSnVWaQ==",
       "dev": true,
       "requires": {
-        "ajv": "6.12.4",
+        "ajv": "6.12.6",
         "fast-json-stable-stringify": "2.1.0",
         "magic-string": "0.25.7",
-        "rxjs": "6.6.2",
+        "rxjs": "6.6.3",
         "source-map": "0.7.3"
       },
       "dependencies": {
-        "ajv": {
-          "version": "6.12.4",
-          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.4.tgz",
-          "integrity": "sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==",
-          "dev": true,
-          "requires": {
-            "fast-deep-equal": "^3.1.1",
-            "fast-json-stable-stringify": "^2.0.0",
-            "json-schema-traverse": "^0.4.1",
-            "uri-js": "^4.2.2"
-          }
-        },
-        "rxjs": {
-          "version": "6.6.2",
-          "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.2.tgz",
-          "integrity": "sha512-BHdBMVoWC2sL26w//BCu3YzKT4s2jip/WhwsGEDmeKYBhKDZeYezVUnHatYB7L85v5xs0BAQmg6BEYJEKxBabg==",
-          "dev": true,
-          "requires": {
-            "tslib": "^1.9.0"
-          }
-        },
         "source-map": {
           "version": "0.7.3",
           "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
           "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
           "dev": true
-        },
-        "tslib": {
-          "version": "1.14.1",
-          "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-          "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-          "dev": true
         }
       }
     },
     "@angular-devkit/schematics": {
-      "version": "10.2.0",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-10.2.0.tgz",
-      "integrity": "sha512-TQI5NnE6iM3ChF5gZQ9qb+lZgMWa7aLoF5ksOyT3zrmOuICiQYJhA6SsjV95q7J4M55qYymwBib8KTqU/xuQww==",
+      "version": "11.0.5",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-11.0.5.tgz",
+      "integrity": "sha512-0NKGC8Nf/4vvDpWKB7bwxIazvNnNHnZBX6XlyBXNl+fW8tpTef3PNMJMSErTz9LFnuv61vsKbc36u/Ek2YChWg==",
       "dev": true,
       "requires": {
-        "@angular-devkit/core": "10.2.0",
-        "ora": "5.0.0",
-        "rxjs": "6.6.2"
-      },
-      "dependencies": {
-        "rxjs": {
-          "version": "6.6.2",
-          "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.2.tgz",
-          "integrity": "sha512-BHdBMVoWC2sL26w//BCu3YzKT4s2jip/WhwsGEDmeKYBhKDZeYezVUnHatYB7L85v5xs0BAQmg6BEYJEKxBabg==",
-          "dev": true,
-          "requires": {
-            "tslib": "^1.9.0"
-          }
-        },
-        "tslib": {
-          "version": "1.14.1",
-          "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-          "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-          "dev": true
-        }
+        "@angular-devkit/core": "11.0.5",
+        "ora": "5.1.0",
+        "rxjs": "6.6.3"
       }
     },
     "@angular/cli": {
@@ -1919,16 +1875,17 @@
       }
     },
     "@ionic/angular-toolkit": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/@ionic/angular-toolkit/-/angular-toolkit-2.3.3.tgz",
-      "integrity": "sha512-r87mApDLWbLaUtd5LvNHrRlZWxjQhaBBM1yPlk9M98dHOxcX3jy7kv60ZurGZutuvbhXISGvHcvvR90yywDC1A==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@ionic/angular-toolkit/-/angular-toolkit-3.0.0.tgz",
+      "integrity": "sha512-H6SX8k+uPTdcsZAHEOaH5oIuQWSeIqEqEjjPqiD0e5+wmqc94RANNC/cRX/3cnVsWQiqcUY75CbpGec4xRvWoA==",
       "dev": true,
       "requires": {
-        "@schematics/angular": ">=8.0.0",
+        "@schematics/angular": "^11.0.0",
         "cheerio": "1.0.0-rc.3",
         "colorette": "1.1.0",
-        "copy-webpack-plugin": "^6.0.3",
-        "tslib": "^1.9.0",
+        "copy-webpack-plugin": "^6.2.1",
+        "tapable": "^2.1.1",
+        "tslib": "^2.0.3",
         "ws": "^7.0.1"
       },
       "dependencies": {
@@ -1938,16 +1895,10 @@
           "integrity": "sha512-6S062WDQUXi6hOfkO/sBPVwE5ASXY4G2+b4atvhJfSsuUUhIaUKlkjLe9692Ipyt5/a+IPF5aVTu3V5gvXq5cg==",
           "dev": true
         },
-        "tslib": {
-          "version": "1.14.1",
-          "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-          "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-          "dev": true
-        },
         "ws": {
-          "version": "7.4.0",
-          "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.0.tgz",
-          "integrity": "sha512-kyFwXuV/5ymf+IXhS6f0+eAFvydbaBW3zjpT6hUdAh/hbVjTIB5EHBGi0bPoCLSK2wcuz3BrEkB9LrYv1Nm4NQ==",
+          "version": "7.4.1",
+          "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.1.tgz",
+          "integrity": "sha512-pTsP8UAfhy3sk1lSk/O/s4tjD0CRwvMnzvwr4OKGX7ZvqZtUyx4KIJB5JWbkykPoc55tixMGgTNoh3k4FkNGFQ==",
           "dev": true
         }
       }
@@ -2490,14 +2441,14 @@
       }
     },
     "@schematics/angular": {
-      "version": "10.2.0",
-      "resolved": "https://registry.npmjs.org/@schematics/angular/-/angular-10.2.0.tgz",
-      "integrity": "sha512-rJRTTTL8CMMFb3ebCvAVHKHxuNzRqy/HtbXhJ82l5Xo/jXcm74eV2Q0RBUrNo1yBKWFIR+FIwiXLJaGcC/R9Pw==",
+      "version": "11.0.5",
+      "resolved": "https://registry.npmjs.org/@schematics/angular/-/angular-11.0.5.tgz",
+      "integrity": "sha512-7p2wweoJYhim8YUy3ih1SrPGqRsa6+aEFbYgo9v4zt7b3tOva8SvkbC2alayK74fclzQ7umqa6xAwvWhy8ORvg==",
       "dev": true,
       "requires": {
-        "@angular-devkit/core": "10.2.0",
-        "@angular-devkit/schematics": "10.2.0",
-        "jsonc-parser": "2.3.0"
+        "@angular-devkit/core": "11.0.5",
+        "@angular-devkit/schematics": "11.0.5",
+        "jsonc-parser": "2.3.1"
       }
     },
     "@schematics/update": {
@@ -4449,21 +4400,21 @@
       "dev": true
     },
     "copy-webpack-plugin": {
-      "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-6.0.3.tgz",
-      "integrity": "sha512-q5m6Vz4elsuyVEIUXr7wJdIdePWTubsqVbEMvf1WQnHGv0Q+9yPRu7MtYFPt+GBOXRav9lvIINifTQ1vSCs+eA==",
+      "version": "6.4.1",
+      "resolved": "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-6.4.1.tgz",
+      "integrity": "sha512-MXyPCjdPVx5iiWyl40Va3JGh27bKzOTNY3NjUTrosD2q7dR/cLD0013uqJ3BpFbUjyONINjb6qI7nDIJujrMbA==",
       "dev": true,
       "requires": {
-        "cacache": "^15.0.4",
+        "cacache": "^15.0.5",
         "fast-glob": "^3.2.4",
         "find-cache-dir": "^3.3.1",
         "glob-parent": "^5.1.1",
         "globby": "^11.0.1",
         "loader-utils": "^2.0.0",
         "normalize-path": "^3.0.0",
-        "p-limit": "^3.0.1",
-        "schema-utils": "^2.7.0",
-        "serialize-javascript": "^4.0.0",
+        "p-limit": "^3.0.2",
+        "schema-utils": "^3.0.0",
+        "serialize-javascript": "^5.0.1",
         "webpack-sources": "^1.4.3"
       },
       "dependencies": {
@@ -4475,6 +4426,26 @@
           "requires": {
             "yocto-queue": "^0.1.0"
           }
+        },
+        "schema-utils": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.0.0.tgz",
+          "integrity": "sha512-6D82/xSzO094ajanoOSbe4YvXWMfn2A//8Y1+MUqFAJul5Bs+yn36xbK9OtNDcRVSBJ9jjeoXftM6CfztsjOAA==",
+          "dev": true,
+          "requires": {
+            "@types/json-schema": "^7.0.6",
+            "ajv": "^6.12.5",
+            "ajv-keywords": "^3.5.2"
+          }
+        },
+        "serialize-javascript": {
+          "version": "5.0.1",
+          "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz",
+          "integrity": "sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA==",
+          "dev": true,
+          "requires": {
+            "randombytes": "^2.1.0"
+          }
         }
       }
     },
@@ -7516,9 +7487,9 @@
       }
     },
     "jsonc-parser": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-2.3.0.tgz",
-      "integrity": "sha512-b0EBt8SWFNnixVdvoR2ZtEGa9ZqLhbJnOjezn+WP+8kspFm+PFYDN8Z4Bc7pRlDjvuVcADSUkroIuTWWn/YiIA==",
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-2.3.1.tgz",
+      "integrity": "sha512-H8jvkz1O50L3dMZCsLqiuB2tA7muqbSg1AtGEkN0leAqGjsUzDJir3Zwr02BhqdcITPg3ei3mZ+HjMocAknhhg==",
       "dev": true
     },
     "jsonfile": {
@@ -7932,9 +7903,9 @@
       }
     },
     "marked": {
-      "version": "1.2.5",
-      "resolved": "https://registry.npmjs.org/marked/-/marked-1.2.5.tgz",
-      "integrity": "sha512-2AlqgYnVPOc9WDyWu7S5DJaEZsfk6dNh/neatQ3IHUW4QLutM/VPSH9lG7bif+XjFWc9K9XR3QvR+fXuECmfdA=="
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-2.0.0.tgz",
+      "integrity": "sha512-NqRSh2+LlN2NInpqTQnS614Y/3NkVMFFU6sJlRFEpxJ/LHuK/qJECH7/fXZjk4VZstPW/Pevjil/VtSONsLc7Q=="
     },
     "md5.js": {
       "version": "1.3.5",
@@ -8815,9 +8786,9 @@
       }
     },
     "ora": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/ora/-/ora-5.0.0.tgz",
-      "integrity": "sha512-s26qdWqke2kjN/wC4dy+IQPBIMWBJlSU/0JZhk30ZDBLelW25rv66yutUWARMigpGPzcXHb+Nac5pNhN/WsARw==",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/ora/-/ora-5.1.0.tgz",
+      "integrity": "sha512-9tXIMPvjZ7hPTbk8DFq1f7Kow/HU/pQYB60JbNq+QnGwcyhWVZaQ4hM9zQDEsPxw/muLpgiHSaumUZxCAmod/w==",
       "dev": true,
       "requires": {
         "chalk": "^4.1.0",

ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "embassy-ui",
-  "version": "0.2.7",
+  "version": "0.2.9",
   "description": "GUI for EmbassyOS",
   "author": "Start9 Labs",
   "homepage": "https://github.com/Start9Labs/embassy-ui",
@@ -8,7 +8,7 @@
     "ng": "ng",
     "start": "ng serve",
     "build": "ng build",
-    "build-prod": "ng build --prod && tsc postprocess.ts && node postprocess.js",
+    "build-prod": "ng build --prod && tsc postprocess.ts && node postprocess.js && cp client-manifest.yaml www && git log | head -n1 > www/git-hash.txt",
     "test": "ng test",
     "lint": "ng lint",
     "e2e": "ng e2e"
@@ -36,7 +36,7 @@
     "json-pointer": "^0.6.1",
     "jsonpointerx": "^1.0.30",
     "jsontokens": "^3.0.0",
-    "marked": "^1.2.0",
+    "marked": "^2.0.0",
     "rxjs": "^6.6.3",
     "uuid": "^8.3.1",
     "zone.js": "^0.11.2"

ui/src/app/app-routing.module.ts

@@ -33,6 +33,11 @@ const routes: Routes = [
     canActivateChild: [AuthGuard],
     loadChildren: () => import('./pages/apps-routes/apps-routing.module').then(m => m.AppsRoutingModule),
   },
+  // {
+  //   path: 'drives',
+  //   canActivate: [AuthGuard],
+  //   loadChildren: () => import('./pages/server-routes/external-drives/external-drives.module').then( m => m.ExternalDrivesPageModule),
+  // },
 ]
 
 @NgModule({

ui/src/app/app.component.html

@@ -70,7 +70,6 @@
       <ion-icon name="arrow-forward"></ion-icon>
       <ion-icon name="arrow-up"></ion-icon>
       <ion-icon name="bookmark-outline"></ion-icon>
-      <ion-icon name="cart-outline"></ion-icon>
       <ion-icon name="chevron-down"></ion-icon>
       <ion-icon name="chevron-up"></ion-icon>
       <ion-icon name="close"></ion-icon>
@@ -86,19 +85,22 @@
       <ion-icon name="eye-off-outline"></ion-icon>
       <ion-icon name="eye-outline"></ion-icon>
       <ion-icon name="file-tray-stacked-outline"></ion-icon>
+      <ion-icon name="flash-outline"></ion-icon>
       <ion-icon name="grid-outline"></ion-icon>
       <ion-icon name="help-circle-outline"></ion-icon>
       <ion-icon name="home-outline"></ion-icon>
       <ion-icon name="information-circle-outline"></ion-icon>
       <ion-icon name="list-outline"></ion-icon>
       <ion-icon name="newspaper-outline"></ion-icon>
-      <ion-icon name="notifications-outline"></ion-icon> 
+      <ion-icon name="notifications-outline"></ion-icon>
+      <ion-icon name="rocket-outline"></ion-icon>
       <ion-icon name="power"></ion-icon>
       <ion-icon name="pulse"></ion-icon>
       <ion-icon name="qr-code-outline"></ion-icon>
       <ion-icon name="reload-outline"></ion-icon>
       <ion-icon name="refresh-outline"></ion-icon>
       <ion-icon name="save-outline"></ion-icon>
+      <ion-icon name="storefront-outline"></ion-icon>
       <ion-icon name="terminal-outline"></ion-icon>
       <ion-icon name="trash-outline"></ion-icon>
       <ion-icon name="warning-outline"></ion-icon>
@@ -128,7 +130,7 @@
         <ion-infinite-scroll-content loadingSpinner="lines"></ion-infinite-scroll-content>
       </ion-content>
       <ion-input></ion-input>
-      <ion-input type="password" value="getdots"></ion-input>
+      <ion-input *ngIf="untilLoaded" type="password" value="getdots"></ion-input>
       <ion-item></ion-item>
       <ion-item-divider></ion-item-divider>
       <ion-item-group></ion-item-group>
@@ -147,6 +149,7 @@
       <ion-spinner name="dots"></ion-spinner>
       <ion-spinner name="lines"></ion-spinner>
       <ion-text></ion-text>
+      <ion-text style="font-weight: bold">load bold</ion-text>
       <ion-textarea></ion-textarea>
       <ion-title></ion-title>
       <ion-toast></ion-toast>

ui/src/app/app.component.ts

@@ -13,6 +13,7 @@ import { LoaderService } from './services/loader.service'
 import { Emver } from './services/emver.service'
 import { SplitPaneTracker } from './services/split-pane.service'
 import { LoadingOptions } from '@ionic/core'
+import { pauseFor } from './util/misc.util'
 
 @Component({
   selector: 'app-root',
@@ -26,6 +27,7 @@ export class AppComponent {
   serverName$ : Observable<string>
   serverBadge$: Observable<number>
   selectedIndex = 0
+  untilLoaded = true
   appPages = [
     {
       title: 'Services',
@@ -40,13 +42,18 @@ export class AppComponent {
     {
       title: 'Marketplace',
       url: '/services/marketplace',
-      icon: 'cart-outline',
+      icon: 'storefront-outline',
     },
     {
       title: 'Notifications',
       url: '/notifications',
       icon: 'notifications-outline',
     },
+    // {
+    //   title: 'Backup drives',
+    //   url: '/drives',
+    //   icon: 'albums-outline',
+    // },
   ]
 
   constructor (
@@ -69,6 +76,12 @@ export class AppComponent {
     this.init()
   }
 
+  ionViewDidEnter () {
+    // weird bug where a browser grabbed the value 'getdots' from the app.component.html preload input field.
+    // this removes that field after prleloading occurs.
+    pauseFor(500).then(() => this.untilLoaded = false)
+  }
+
   async init () {
     let fromFresh = true
     await this.storage.ready()
@@ -175,7 +188,7 @@ export class AppComponent {
     await alert.present()
   }
 
-  splitPaneVisible (e) {
+  splitPaneVisible (e: any) {
     this.splitPane.$menuFixedOpenOnLeft$.next(e.detail.visible)
   }
 }

ui/src/app/app.module.ts

@@ -15,6 +15,7 @@ import { ConfigService } from './services/config.service'
 import { QRCodeModule } from 'angularx-qrcode'
 import { APP_CONFIG_COMPONENT_MAPPING } from './modals/app-config-injectable/modal-injectable-token'
 import { appConfigComponents } from './modals/app-config-injectable/modal-injectable-value';
+import { OSWelcomePageModule } from './modals/os-welcome/os-welcome.module'
 
 @NgModule({
   declarations: [AppComponent],
@@ -26,6 +27,7 @@ import { appConfigComponents } from './modals/app-config-injectable/modal-inject
     AppRoutingModule,
     IonicStorageModule.forRoot(),
     QRCodeModule,
+    OSWelcomePageModule,
   ],
   providers: [
     { provide: RouteReuseStrategy, useClass: IonicRouteStrategy },

ui/src/app/components/app-backup-confirmation/app-backup-confirmation.component.html

@@ -0,0 +1,26 @@
+<!-- TODO: EJECT-DISKS, add a check box to allow a user to eject a disk on backup completion. -->
+<ion-content>
+  <div style="height: 85%; margin: 20px; display: flex; flex-direction: column; justify-content: space-between;">
+    <div>
+      <h4><ion-text color="dark">Ready to Backup</ion-text></h4>
+      <p><ion-text color="medium">Enter your master password to create an encrypted backup.</ion-text></p>  
+    </div>
+    <div>
+      <ion-item lines="none" style="--background: var(--ion-background-color); --border-color: var(--ion-color-medium);">
+        <ion-label style="font-size: small" position="floating">Master Password</ion-label>
+        <ion-input style="border-style: solid; border-width: 0px 0px 1px 0px; border-color: var(--ion-color-dark);" [(ngModel)]="password" type="password" (ionChange)="$error$.next('')"></ion-input>
+      </ion-item>
+      <ion-item *ngIf="$error$ | async as e" lines="none" style="--background: var(--ion-background-color);">
+        <ion-label style="font-size: small" color="danger" class="ion-text-wrap">{{e}}</ion-label>
+      </ion-item>
+    </div>
+    <div style="display: flex; justify-content: flex-end; align-items: center;">
+      <ion-button fill="clear" color="medium" (click)="cancel()">
+        Cancel
+      </ion-button>
+      <ion-button fill="clear" color="primary" (click)="submit()">
+        Create Backup
+      </ion-button>
+    </div>
+  </div>
+</ion-content>

ui/src/app/components/app-backup-confirmation/app-backup-confirmation.component.module.ts

@@ -0,0 +1,22 @@
+import { NgModule } from '@angular/core'
+import { CommonModule } from '@angular/common'
+import { AppBackupConfirmationComponent } from './app-backup-confirmation.component'
+import { IonicModule } from '@ionic/angular'
+import { RouterModule } from '@angular/router'
+import { SharingModule } from 'src/app/modules/sharing.module'
+import { FormsModule } from '@angular/forms';
+
+@NgModule({
+  declarations: [
+    AppBackupConfirmationComponent,
+  ],
+  imports: [
+    CommonModule,
+    IonicModule,
+    RouterModule.forChild([]),
+    SharingModule,
+    FormsModule,
+  ],
+  exports: [AppBackupConfirmationComponent],
+})
+export class AppBackupConfirmationComponentModule { }

ui/src/app/components/app-backup-confirmation/app-backup-confirmation.component.ts

@@ -0,0 +1,45 @@
+import { Component, Input, OnInit } from '@angular/core'
+import { ModalController } from '@ionic/angular'
+import { BehaviorSubject } from 'rxjs'
+import { AppInstalledFull } from 'src/app/models/app-types'
+import { DiskPartition } from 'src/app/models/server-model'
+
+@Component({
+  selector: 'app-backup-confirmation',
+  templateUrl: './app-backup-confirmation.component.html',
+  styleUrls: ['./app-backup-confirmation.component.scss'],
+})
+export class AppBackupConfirmationComponent implements OnInit {
+  unmasked = false
+  password: string
+  $error$: BehaviorSubject<string> = new BehaviorSubject('')
+
+  // TODO: EJECT-DISKS pass this through the modalCtrl once ejecting disks is an option in the UI.
+  eject = true
+  message: string
+
+  @Input() app: AppInstalledFull
+  @Input() partition: DiskPartition
+
+  constructor (private readonly modalCtrl: ModalController) { }
+  ngOnInit () {
+    this.message = `Enter your master password to create an encrypted backup of ${this.app.title} to "${this.partition.label || this.partition.logicalname}".`
+  }
+
+  toggleMask () {
+    this.unmasked = !this.unmasked
+  }
+
+  cancel () {
+    this.modalCtrl.dismiss({ cancel: true })
+  }
+
+  submit () {
+    if (!this.password || this.password.length < 12) {
+      this.$error$.next('Password must be at least 12 characters in length.')
+      return
+    }
+    const { password } = this
+    this.modalCtrl.dismiss({ password })
+  }
+}

ui/src/app/components/install-wizard/install-wizard.component.html

@@ -11,6 +11,7 @@
   <ion-slides *ngIf="!($error$ | async)" id="slide-show" style="--bullet-background: white" pager="false">
     <ion-slide *ngFor="let slide of params.slideDefinitions">
       <dependencies #components *ngIf="slide.selector === 'dependencies'" [params]="slide.params"></dependencies>
+      <notes #components *ngIf="slide.selector === 'notes'" [params]="slide.params"></notes>
       <dependents #components *ngIf="slide.selector === 'dependents'" [params]="slide.params" [finished]="finished"></dependents>
       <complete #components *ngIf="slide.selector === 'complete'" [params]="slide.params" [finished]="finished"></complete>
     </ion-slide>
@@ -42,8 +43,8 @@
         <ion-text *ngIf="cancel.text as t">{{t}}</ion-text>
         <ion-icon *ngIf="!cancel.text" name="close-outline"></ion-icon>
       </ion-button>
-      <ion-button slot="end" *ngIf="currentSlideDef.nextButton as nextButton" (click)="finished({})" [disabled]="$anythingLoading$ | async" fill="outline" class="toolbar-button" color="primary"><ion-text [class.smaller-text]="nextButton.length > 16">{{nextButton}}</ion-text></ion-button>
-      <ion-button slot="end" *ngIf="currentSlideDef.finishButton as finishButton" (click)="finished({ final: true })" [disabled]="$anythingLoading$ | async" fill="outline" class="toolbar-button" color="primary"><ion-text [class.smaller-text]="finishButton.length > 16">{{finishButton}}</ion-text></ion-button>
+      <ion-button slot="end" *ngIf="!($anythingLoading$ | async) && currentSlideDef.nextButton as nextButton" (click)="finished({})" fill="outline" class="toolbar-button" color="primary"><ion-text [class.smaller-text]="nextButton.length > 16">{{nextButton}}</ion-text></ion-button>
+      <ion-button slot="end" *ngIf="!($anythingLoading$ | async) && currentSlideDef.finishButton as finishButton" (click)="finished({ final: true })" fill="outline" class="toolbar-button" color="primary"><ion-text [class.smaller-text]="finishButton.length > 16">{{finishButton}}</ion-text></ion-button>
     </ng-container>
     <ng-container *ngIf="$error$ | async">
       <ion-button slot="start" (click)="finished({ final: true })" style="text-transform: capitalize; font-weight: bolder;" color="danger">Dismiss</ion-button>

ui/src/app/components/install-wizard/install-wizard.component.module.ts

@@ -7,6 +7,7 @@ import { SharingModule } from 'src/app/modules/sharing.module'
 import { DependenciesComponentModule } from './dependencies/dependencies.component.module'
 import { DependentsComponentModule } from './dependents/dependents.component.module'
 import { CompleteComponentModule } from './complete/complete.component.module'
+import { NotesComponentModule } from './notes/notes.component.module'
 
 @NgModule({
   declarations: [
@@ -20,6 +21,7 @@ import { CompleteComponentModule } from './complete/complete.component.module'
     DependenciesComponentModule,
     DependentsComponentModule,
     CompleteComponentModule,
+    NotesComponentModule,
   ],
   exports: [InstallWizardComponent],
 })

ui/src/app/components/install-wizard/install-wizard.component.scss

@@ -47,6 +47,7 @@
   font-size: small;
   border-width: 0px 0px 1px 0px;
   border-color: #393b40;
+  text-align: left;
 }
 
 @media (min-width:500px) {
@@ -57,6 +58,7 @@
     font-size: medium;
     border-width: 0px 0px 1px 0px;
     border-color: #393b40;
+    text-align: left;
   }
 }
 

ui/src/app/components/install-wizard/install-wizard.component.ts

@@ -1,12 +1,13 @@
-import { Component, Input, OnInit, QueryList, ViewChild, ViewChildren } from '@angular/core'
+import { Component, Input, NgZone, OnInit, QueryList, ViewChild, ViewChildren } from '@angular/core'
 import { IonContent, IonSlides, ModalController } from '@ionic/angular'
 import { BehaviorSubject, combineLatest, Subscription } from 'rxjs'
 import { map } from 'rxjs/operators'
 import { Cleanup } from 'src/app/util/cleanup'
-import { capitalizeFirstLetter } from 'src/app/util/misc.util'
+import { capitalizeFirstLetter, pauseFor } from 'src/app/util/misc.util'
 import { CompleteComponent } from './complete/complete.component'
 import { DependenciesComponent } from './dependencies/dependencies.component'
 import { DependentsComponent } from './dependents/dependents.component'
+import { NotesComponent } from './notes/notes.component'
 import { Colorable, Loadable } from './loadable'
 import { WizardAction } from './wizard-types'
 
@@ -49,7 +50,7 @@ export class InstallWizardComponent extends Cleanup implements OnInit {
   $currentColor$: BehaviorSubject<string> = new BehaviorSubject('medium')
   $error$ = new BehaviorSubject(undefined)
 
-  constructor (private readonly modalController: ModalController) { super() }
+  constructor (private readonly modalController: ModalController, private readonly zone: NgZone) { super() }
   ngOnInit () { }
 
   ngAfterViewInit () {
@@ -79,23 +80,27 @@ export class InstallWizardComponent extends Cleanup implements OnInit {
 
   private async slide () {
     if (this.slideComponents[this.slideIndex + 1] === undefined) { return this.finished({ final: true }) }
-    this.slideIndex += 1
-    await this.slideContainer.lockSwipes(false)
-    await Promise.all([this.contentContainer.scrollToTop(), this.slideContainer.slideNext()])
-    await this.slideContainer.lockSwipes(true)
-    this.currentSlide.load()
+    this.zone.run(async () => {
+      this.slideComponents[this.slideIndex + 1].load()
+      await pauseFor(50)
+      this.slideIndex += 1
+      await this.slideContainer.lockSwipes(false)
+      await this.contentContainer.scrollToTop()
+      await this.slideContainer.slideNext(500)
+      await this.slideContainer.lockSwipes(true)
+    })
   }
 }
 
 export interface SlideCommon {
-  selector: string
+  selector: string // component http selector
   cancelButton: {
     // indicates the existence of a cancel button, and whether to have text or an icon 'x' by default.
     afterLoading?: { text?: string },
     whileLoading?: { text?: string }
   }
-  nextButton?: string,
-  finishButton?: string
+  nextButton?: string, // existence and content of next button
+  finishButton?: string // existence and content of finish button
 }
 
 export type SlideDefinition = SlideCommon & (
@@ -108,6 +113,9 @@ export type SlideDefinition = SlideCommon & (
   } | {
     selector: 'complete',
     params: CompleteComponent['params']
+  } | {
+    selector: 'notes',
+    params: NotesComponent['params']
   }
 )
 

ui/src/app/components/install-wizard/notes/notes.component.html

@@ -0,0 +1,10 @@
+<div class="slide-content">
+  <div style="margin-top: 25px;">
+    <div style="margin: 15px; display: flex; justify-content: center; align-items: center;">
+      <ion-label [color]="$color$ | async" style="font-size: xx-large; font-weight: bold;">
+        {{params.title}}
+      </ion-label>
+    </div>
+    <div class="long-message" [innerHTML]="params.notes | markdown"></div>
+  </div>
+</div>

ui/src/app/components/install-wizard/notes/notes.component.module.ts

@@ -0,0 +1,20 @@
+import { NgModule } from '@angular/core'
+import { CommonModule } from '@angular/common'
+import { NotesComponent } from './notes.component'
+import { IonicModule } from '@ionic/angular'
+import { RouterModule } from '@angular/router'
+import { SharingModule } from 'src/app/modules/sharing.module'
+
+@NgModule({
+  declarations: [
+    NotesComponent,
+  ],
+  imports: [
+    CommonModule,
+    IonicModule,
+    RouterModule.forChild([]),
+    SharingModule,
+  ],
+  exports: [NotesComponent],
+})
+export class NotesComponentModule { }

ui/src/app/components/install-wizard/notes/notes.component.ts

@@ -0,0 +1,27 @@
+import { Component, Input, OnInit } from '@angular/core'
+import { BehaviorSubject, Subject } from 'rxjs'
+import { Colorable, Loadable } from '../loadable'
+import { WizardAction } from '../wizard-types'
+
+@Component({
+  selector: 'notes',
+  templateUrl: './notes.component.html',
+  styleUrls: ['../install-wizard.component.scss'],
+})
+export class NotesComponent implements OnInit, Loadable, Colorable {
+  @Input() params: {
+    action: WizardAction
+    notes: string
+    title: string
+    titleColor: string
+  }
+
+  $loading$ = new BehaviorSubject(false)
+  $color$ = new BehaviorSubject('light')
+  $cancel$ = new Subject<void>()
+
+  load () { }
+
+  constructor () { }
+  ngOnInit () { this.$color$.next(this.params.titleColor) }
+}

ui/src/app/components/install-wizard/prebaked-wizards.ts

@@ -1,17 +1,23 @@
 import { Injectable } from '@angular/core'
 import { AppModel, AppStatus } from 'src/app/models/app-model'
+import { OsUpdateService } from 'src/app/services/os-update.service'
+import { exists } from 'src/app/util/misc.util'
 import { AppDependency, DependentBreakage, AppInstalledPreview } from '../../models/app-types'
 import { ApiService } from '../../services/api/api.service'
 import { InstallWizardComponent, SlideDefinition, TopbarParams } from './install-wizard.component'
 
 @Injectable({ providedIn: 'root' })
 export class WizardBaker {
-  constructor (private readonly apiService: ApiService, private readonly appModel: AppModel) { }
+  constructor (
+    private readonly apiService: ApiService,
+    private readonly updateService: OsUpdateService,
+    private readonly appModel: AppModel
+  ) { }
 
   install (values: {
-    id: string, title: string, version: string, serviceRequirements: AppDependency[]
+    id: string, title: string, version: string, serviceRequirements: AppDependency[], installAlert?: string
   }): InstallWizardComponent['params'] {
-    const { id, title, version, serviceRequirements } = values
+    const { id, title, version, serviceRequirements, installAlert } = values
 
     validate(id, exists, 'missing id')
     validate(title, exists, 'missing title')
@@ -22,6 +28,9 @@ export class WizardBaker {
     const toolbar: TopbarParams  = { action, title, version }
 
     const slideDefinitions: SlideDefinition[] = [
+      installAlert ? { selector: 'notes', cancelButton: { afterLoading: { text: 'Cancel' } }, nextButton: 'Next', params: {
+        action, notes: installAlert, title: 'Warning', titleColor: 'warning',
+      }} : undefined,
       { selector: 'dependencies', cancelButton: { afterLoading: { text: 'Cancel' } }, nextButton: 'Install', params: {
         action, title, version, serviceRequirements,
       }},
@@ -31,13 +40,14 @@ export class WizardBaker {
         }),
       }},
     ]
-    return { toolbar, slideDefinitions }
+    return { toolbar, slideDefinitions: slideDefinitions.filter(exists) }
   }
 
   update (values: {
-    id: string, title: string, version: string, serviceRequirements: AppDependency[]
+    id: string, title: string, version: string, serviceRequirements: AppDependency[], installAlert?: string
   }): InstallWizardComponent['params'] {
-    const { id, title, version, serviceRequirements } = values
+    const { id, title, version, serviceRequirements, installAlert } = values
+
     validate(id, exists, 'missing id')
     validate(title, exists, 'missing title')
     validate(version, exists, 'missing version')
@@ -47,6 +57,9 @@ export class WizardBaker {
     const toolbar: TopbarParams  = { action, title, version }
 
     const slideDefinitions: SlideDefinition[] = [
+      installAlert ? { selector: 'notes', cancelButton: { afterLoading: { text: 'Cancel' } }, nextButton: 'Next', params: {
+        action, notes: installAlert, title: 'Warning', titleColor: 'warning',
+      }} : undefined,
       { selector: 'dependencies', cancelButton: { afterLoading: { text: 'Cancel' } }, nextButton: 'Update', params: {
         action, title, version, serviceRequirements,
       }},
@@ -59,13 +72,33 @@ export class WizardBaker {
         }),
       }},
     ]
-    return { toolbar, slideDefinitions }
+    return { toolbar, slideDefinitions: slideDefinitions.filter(exists) }
+  }
+
+  updateOS (values: {
+    version: string, releaseNotes: string
+  }): InstallWizardComponent['params'] {
+    const { version, releaseNotes } = values
+
+    const action = 'update'
+    const title = 'EmbassyOS'
+    const toolbar: TopbarParams  = { action, title, version }
+
+    const slideDefinitions: SlideDefinition[] = [
+      { selector: 'notes', cancelButton: { afterLoading: { text: 'Cancel' } }, nextButton: 'Update OS', params: {
+        action, notes: releaseNotes || 'No release notes for this version', title: 'Release Notes', titleColor: 'dark',
+      }},
+      { selector: 'complete', finishButton: 'Dismiss', cancelButton: { whileLoading: { } }, params: {
+        action, verb: 'beginning update for', title, executeAction: () => this.updateService.updateEmbassyOS(version),
+      }},
+    ]
+    return { toolbar, slideDefinitions: slideDefinitions.filter(exists) }
   }
 
   downgrade (values: {
-    id: string, title: string, version: string, serviceRequirements: AppDependency[]
+    id: string, title: string, version: string, serviceRequirements: AppDependency[], installAlert?: string
   }): InstallWizardComponent['params'] {
-    const { id, title, version, serviceRequirements } = values
+    const { id, title, version, serviceRequirements, installAlert } = values
 
     validate(id, exists, 'missing id')
     validate(title, exists, 'missing title')
@@ -76,6 +109,9 @@ export class WizardBaker {
     const toolbar: TopbarParams  = { action, title, version }
 
     const slideDefinitions: SlideDefinition[] = [
+      installAlert ? { selector: 'notes', cancelButton: { afterLoading: { text: 'Cancel' } }, nextButton: 'Next', params: {
+        action, notes: installAlert, title: 'Warning', titleColor: 'warning',
+      }} : undefined,
       { selector: 'dependencies', cancelButton: { afterLoading: { text: 'Cancel' } }, nextButton: 'Downgrade', params: {
         action, title, version, serviceRequirements,
       }},
@@ -88,13 +124,13 @@ export class WizardBaker {
         }),
       }},
     ]
-    return { toolbar, slideDefinitions }
+    return { toolbar, slideDefinitions: slideDefinitions.filter(exists) }
   }
 
   uninstall (values: {
-    id: string, title: string, version: string
+    id: string, title: string, version: string, uninstallAlert?: string
   }): InstallWizardComponent['params'] {
-    const { id, title, version } = values
+    const { id, title, version, uninstallAlert } = values
 
     validate(id, exists, 'missing id')
     validate(title, exists, 'missing title')
@@ -104,6 +140,9 @@ export class WizardBaker {
     const toolbar: TopbarParams  = { action, title, version }
 
     const slideDefinitions: SlideDefinition[] = [
+      { selector: 'notes', cancelButton: { afterLoading: { text: 'Cancel' } }, nextButton: 'Continue', params: {
+        action, notes: uninstallAlert || defaultUninstallationWarning(title), title: 'Warning', titleColor: 'warning' },
+      },
       { selector: 'dependents', cancelButton: { whileLoading: { }, afterLoading: { text: 'Cancel' } }, nextButton: 'Uninstall', params: {
         action, verb: 'uninstalling', title, fetchBreakages: () => this.apiService.uninstallApp(id, true).then( ({ breakages }) => breakages ),
       }},
@@ -111,7 +150,7 @@ export class WizardBaker {
         action, verb: 'uninstalling', title, executeAction: () => this.apiService.uninstallApp(id).then(() => this.appModel.delete(id)),
       }},
     ]
-    return { toolbar, slideDefinitions }
+    return { toolbar, slideDefinitions: slideDefinitions.filter(exists) }
   }
 
   stop (values: {
@@ -158,4 +197,5 @@ function validate<T> (t: T, test: (t: T) => Boolean, desc: string) {
   }
 }
 
-const exists = t => !!t
+
+const defaultUninstallationWarning = serviceName => `Uninstalling ${ serviceName } will result in the deletion of its data.`

ui/src/app/components/update-os-banner/update-os-banner.component.html

@@ -0,0 +1,5 @@
+<ion-item button lines="none" *ngIf="updateAvailable$ | async as res" (click)="confirmUpdate(res)">
+  <ion-label>
+    New EmbassyOS Version {{res.versionLatest | displayEmver}} Available!
+  </ion-label>
+</ion-item>

ui/src/app/components/update-os-banner/update-os-banner.component.module.ts

@@ -0,0 +1,18 @@
+import { NgModule } from '@angular/core'
+import { CommonModule } from '@angular/common'
+import { UpdateOsBannerComponent } from './update-os-banner.component'
+import { IonicModule } from '@ionic/angular'
+import { SharingModule } from 'src/app/modules/sharing.module'
+
+@NgModule({
+  declarations: [
+    UpdateOsBannerComponent,
+  ],
+  imports: [
+    CommonModule,
+    IonicModule,
+    SharingModule,
+  ],
+  exports: [UpdateOsBannerComponent],
+})
+export class UpdateOsBannerComponentModule { }

ui/src/app/components/update-os-banner/update-os-banner.component.scss

@@ -0,0 +1,11 @@
+ion-item {
+
+  --background: linear-gradient(90deg, var(--ion-color-light), var(--ion-color-primary));
+  --min-height: 0px;
+  ion-label {
+    font-family: 'Open Sans';
+    font-size: small;
+    text-align: center;
+    font-weight: bold;
+  }
+}

ui/src/app/components/update-os-banner/update-os-banner.component.ts

@@ -0,0 +1,35 @@
+import { Component } from '@angular/core'
+import { OsUpdateService } from 'src/app/services/os-update.service'
+import { Observable } from 'rxjs'
+import { ModalController } from '@ionic/angular'
+import { WizardBaker } from '../install-wizard/prebaked-wizards'
+import { wizardModal } from '../install-wizard/install-wizard.component'
+import { ReqRes } from 'src/app/services/api/api.service'
+
+@Component({
+  selector: 'update-os-banner',
+  templateUrl: './update-os-banner.component.html',
+  styleUrls: ['./update-os-banner.component.scss'],
+})
+export class UpdateOsBannerComponent {
+  updateAvailable$: Observable<undefined | ReqRes.GetVersionLatestRes>
+  constructor (
+    private readonly osUpdateService: OsUpdateService,
+    private readonly modalCtrl: ModalController,
+    private readonly wizardBaker: WizardBaker,
+  ) {
+    this.updateAvailable$ = this.osUpdateService.watchForUpdateAvailable$()
+  }
+
+  ngOnInit () { }
+
+  async confirmUpdate (res: ReqRes.GetVersionLatestRes) {
+    await wizardModal(
+      this.modalCtrl,
+      this.wizardBaker.updateOS({
+        version: res.versionLatest,
+        releaseNotes: res.releaseNotes,
+      }),
+    )
+  }
+}

ui/src/app/modals/app-backup/app-backup.module.ts

@@ -2,12 +2,14 @@ import { NgModule } from '@angular/core'
 import { CommonModule } from '@angular/common'
 import { IonicModule } from '@ionic/angular'
 import { AppBackupPage } from './app-backup.page'
+import { AppBackupConfirmationComponentModule } from 'src/app/components/app-backup-confirmation/app-backup-confirmation.component.module'
 
 @NgModule({
   declarations: [AppBackupPage],
   imports: [
     CommonModule,
     IonicModule,
+    AppBackupConfirmationComponentModule,
   ],
   entryComponents: [AppBackupPage],
   exports: [AppBackupPage],

ui/src/app/modals/app-backup/app-backup.page.html

@@ -27,14 +27,25 @@
   <ion-spinner *ngIf="loading" class="center" name="lines" color="warning"></ion-spinner>
 
   <ng-container *ngIf="!loading">
+    <ion-item *ngIf="type === 'restore' && (app.restoreAlert || defaultRestoreAlert) as restore" class="notifier-item" style="box-shadow: 0 0 5px 1px var(--ion-color-danger); margin-bottom: 40px">
+      <ion-label class="ion-text-wrap">
+        <h2 style="display: flex; align-items: center; margin-bottom: 3px;">
+          <ion-icon style="margin-right: 5px;" slot="start" color="danger" slot="start" name="warning-outline"></ion-icon>
+          <ion-text color="danger" style="font-size: medium; font-weight: bold">Warning</ion-text>
+        </h2>
+        <p style="font-size: small">{{restore}}</p>
+      </ion-label>
+    </ion-item>
+
     <ion-item *ngIf="allPartitionsMounted">
       <ion-text *ngIf="type === 'create'" class="ion-text-wrap" color="warning">No partitions available. To begin a backup, insert a storage device into your Embassy.</ion-text>
       <ion-text *ngIf="type === 'restore'" class="ion-text-wrap" color="warning">No partitions available. Insert the storage device containing the backup you wish to restore.</ion-text>
     </ion-item>
+
     <ion-item-group *ngFor="let d of disks">
       <ion-item-divider>{{ d.logicalname }} ({{ d.size }})</ion-item-divider>
       <ion-item-group>
-        <ion-item button [disabled]="p.isMounted" *ngFor="let p of d.partitions" (click)="presentAlert(p)">
+        <ion-item button [disabled]="p.isMounted" *ngFor="let p of d.partitions" (click)="presentAlert(d, p)">
           <ion-icon slot="start" name="save-outline"></ion-icon>
           <ion-label>
             <h2>{{ p.label || p.logicalname }}</h2>