fix: container security hardening, onboarding viewport scaling, boot screen cleanup
Container security: - Add --cap-drop ALL + --security-opt no-new-privileges:true to 12 containers missing hardening in first-boot-containers.sh (mempool-db, electrumx, mempool-api, mempool-web, electrs-ui, btcpay-db, nbxplorer, nostr-rs-relay, strfry, tailscale, bitcoin-ui, lnd-ui) - Mirror same hardening in deploy-to-target.sh for consistency - Add --read-only + tmpfs to nostr-rs-relay - Fix filebrowser deploy to include security flags - Remove duplicate UI image definitions in image-versions.sh - Separate Jellyfin capabilities (needs FOWNER, exec tmpfs for CoreCLR JIT) - Harden archy-net creation with existence check and error handling UI fixes: - Fix onboarding viewport scaling: all 7 screens now use h-full + max-h-full pattern so containers never overflow viewport regardless of padding - Remove path-option-card wrappers from seed verify inputs, left-justify labels - Remove batteries/barbarian icons from boot screen (keep bitcoin, cloud, github, save) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -36,7 +36,7 @@ JELLYFIN_IMAGE="$ARCHY_REGISTRY/jellyfin:10.8.13"
|
||||
PHOTOPRISM_IMAGE="$ARCHY_REGISTRY/photoprism:240915"
|
||||
OLLAMA_IMAGE="$ARCHY_REGISTRY/ollama:latest"
|
||||
VAULTWARDEN_IMAGE="$ARCHY_REGISTRY/vaultwarden:1.30.0-alpine"
|
||||
NEXTCLOUD_IMAGE="$ARCHY_REGISTRY/nextcloud:28"
|
||||
NEXTCLOUD_IMAGE="$ARCHY_REGISTRY/nextcloud:29"
|
||||
SEARXNG_IMAGE="$ARCHY_REGISTRY/searxng:latest"
|
||||
ONLYOFFICE_IMAGE="$ARCHY_REGISTRY/onlyoffice:latest"
|
||||
FILEBROWSER_IMAGE="$ARCHY_REGISTRY/filebrowser:v2.27.0"
|
||||
@@ -82,11 +82,7 @@ PENPOT_EXPORTER_IMAGE="$ARCHY_REGISTRY/penpot-exporter:2.4"
|
||||
PENPOT_FRONTEND_IMAGE="$ARCHY_REGISTRY/penpot-frontend:2.4"
|
||||
|
||||
# Custom UI containers (built from docker/ dirs, pushed to registry)
|
||||
BITCOIN_UI_IMAGE="$ARCHY_REGISTRY/bitcoin-ui:latest"
|
||||
LND_UI_IMAGE="$ARCHY_REGISTRY/lnd-ui:latest"
|
||||
ELECTRS_UI_IMAGE="$ARCHY_REGISTRY/electrs-ui:latest"
|
||||
|
||||
# Custom UI containers (companion dashboards for headless services)
|
||||
# These use :latest because they're internally built and pushed — acceptable for self-hosted images
|
||||
BITCOIN_UI_IMAGE="$ARCHY_REGISTRY/bitcoin-ui:latest"
|
||||
LND_UI_IMAGE="$ARCHY_REGISTRY/lnd-ui:latest"
|
||||
ELECTRS_UI_IMAGE="$ARCHY_REGISTRY/electrs-ui:latest"
|
||||
|
||||
Reference in New Issue
Block a user