bundlewrap

cronekorkn/bundlewrap

Fork 0

Commit graph

Author	SHA1	Message	Date
CroneKorkN	3afd4d60cc	left4me: add Mako templates for host.env and web.env SECRET_KEY pulled from node metadata (set via !32_random_bytes_as_base64_for: in the node file). SESSION_COOKIE_SECURE flips to true since nginx fronts gunicorn with TLS.	2026-05-10 17:14:36 +02:00
CroneKorkN	6db792ce6a	left4me: vendor privileged helpers + sudoers/sysctl/sandbox-resolv Copied verbatim from left4me/deploy/files/. Helpers are the trust unit the sudoers rules grant access to; left as static files (not generated) so the audit trail stays grep-able. Modes/owners are set via items.py in the next commit.	2026-05-10 17:10:17 +02:00

Author

SHA1

Message

Date

CroneKorkN

3afd4d60cc

left4me: add Mako templates for host.env and web.env

SECRET_KEY pulled from node metadata (set via !32_random_bytes_as_base64_for:
in the node file). SESSION_COOKIE_SECURE flips to true since nginx fronts
gunicorn with TLS.

2026-05-10 17:14:36 +02:00

CroneKorkN

6db792ce6a

left4me: vendor privileged helpers + sudoers/sysctl/sandbox-resolv

Copied verbatim from left4me/deploy/files/. Helpers are the trust unit
the sudoers rules grant access to; left as static files (not generated)
so the audit trail stays grep-able. Modes/owners are set via items.py
in the next commit.

2026-05-10 17:10:17 +02:00

2 commits