AVADO
Either we include tooling (nodejs) that is in the container
Benefit is that it is cleaner bc we pass though the wamp service bus.. drawback is that the docker images get larger bc we need to use a nodejs alpine image, which is way larger than a regular alpine image..
Or we try to call functions in other docker containers from the package , but is this feasible ? Can I call exec on another container from within another container ? Or is that just not the way to go ?
Benefit: we can control the functionalities in the dappmanager and maintain it there.
The update script needs to be aware of the version the core system is in.
We should be able to detect the version of the base OS to avoid running a script against a wrong version of the OS.
suggestion: use a file /usr/src/dappnode/VERSION that contains a semver version starting at 0.0.2
in absence of this file - we assume that the OS is in its first version 0.0.1
zerotier-cli listnetworks
wget -O - http://localhost:81/network/add/9b7e39e618
Option 1 : use same subnet
"ZT-client" -> "remote laptop" is bridged through ZT. How can we bridge between Z-client and AVADO network ?
Option 2 : use different subnet
"ZT-client" -> "remote laptop" is bridged through ZT. How can we route between Z-client and AVADO network ?
How does BIND find its way to the network 172.30.4.0 ?
We should set up a validator for SOLANA. There are 3 major milestones
Given a provisioned server with DEBIAN 11 on it - be able to run a script that installs the base system + create credentials that can be sent later to the user.
Procedure to reset access if user locks himself out.
We should be able to install AVADO on a server provisioned with Debian 11 , so that it ideally has no ports open other than what's strictly necessary to run solana.
Security checks
It should be impossible for outside actors to gain access to the AVADO other than using the existing methods (openVPN / Zt in the future)
WiFi should obviously be disabled for these kind of installs. Firewall should be set up that only access is possible through the known channels (OpenVPN or Zerotier). SSH should be disabled - and made possible only after connecting to the VPN / Zt.
SOLANA should be installed on the host system. We can run arbitrary scripts from the host through the dappmanager - using signed commands (shell command that have a crypto signature by AVADO). This way we should be able to run install & upgrade scripts from within a package.