Commit graph

Select branches

Hide pull requests

all_units

alles_sets

apt_sources_as_dict

autoconfig

basic_auth

blog

blog_dirty

build_Server

conflecttest

crystal-buildserver

cya_hetzner

debian-13

deterministic_rsa

deterministic_rsa_test

dns_challenge

dns_challenge2

dns_challenge3

dnssec

dnssec_2

freescout

gpiod

hdict

homeassistant-supervised

htz.mails_debian_13

htz.mails_debian_13_squash

icinga

icinga2_local

icinga2_notifications

icinga2_remote

icinga2_remote_2

icinga_neumachen

icingaweb

iperf3

ipv6

ipv6_picking

l4d2

l4d2_the_next

ldap

left4dead2

mailman

master

mastodon

minimal_mailserver

modprobe

mseibert_yourls

multi-redis

n8n

network_metadata_rework

nextcloud_conf_in_metadata

picsort-pythoon

proxmox

proxmox_mergable

router

routeros

rtmp

rufbereitschafts-alarm

temp130752653

unitbug_isolation

whatsbroken

wireguard_clients

wordpress

wp

zfs_encrypt

#1

#10

#11

#12

#13

#14

#15

#16

#17

#18

#19

#2

#20

#21

#22

#23

#24

#25

#26

#27

#3

#4

#5

#6

#7

#8

#9

Mono Color

• 19d33b56a6
  
  left4me: wire LOG_LISTENER_{ADDR,BIND} into web.env master CroneKorkN 2026-05-20 10:13:38 +0200
• 14e055a5e0
  
  wol: share the wakeonlan command via wol-sleeper/waker_command CroneKorkN 2026-05-16 01:00:30 +0200
• f3122f3d0a
  
  refactor(zsh): replace oh-my-zsh with a hand-rolled zprofile CroneKorkN 2026-05-16 01:00:07 +0200
• 9d59d65fa0
  
  fix(.envrc): use uv -> layout uv CroneKorkN 2026-05-15 23:31:54 +0200
• 219f045399
  
  refactor: collapse venv chain into uv sync CroneKorkN 2026-05-15 23:16:39 +0200
• 77b5e01198
  
  refactor(left4me): collapse venv chain into uv sync CroneKorkN 2026-05-15 22:07:47 +0200
• a95a7e20e2
  
  left4me/README: describe symlink delivery + reactor scope after the reshape CroneKorkN 2026-05-15 19:49:11 +0200
• ae4bfc8db3
  
  left4me: symlink privileged helpers to the checkout CroneKorkN 2026-05-15 19:42:12 +0200
• 05ec7c9bee
  
  left4me: symlink /etc/sudoers.d/left4me to the checkout CroneKorkN 2026-05-15 19:30:23 +0200
• 4820b7193f
  
  left4me: add bw action verifying hardening drop-ins load on every apply CroneKorkN 2026-05-15 19:21:50 +0200
• d175c56e6c
  
  left4me: hardening lives in drop-ins owned by left4me; deliver via symlink CroneKorkN 2026-05-15 19:19:17 +0200
• b10c4d22fd
  
  left4me: symlink /etc/sysctl.d/99-left4me.conf to the checkout CroneKorkN 2026-05-15 19:10:23 +0200
• 6fae2fd324
  
  refactor(left4me): non-editable install + relocate runtime state to /var/lib/left4me CroneKorkN 2026-05-15 17:56:08 +0200
• f3fe49c60e
  
  fix(left4me): bind /var/lib/left4me/workshop_cache into server unit CroneKorkN 2026-05-15 17:11:17 +0200
• 9a4e184378
  
  left4me: drop +sv_lan 0 from srcds ExecStart CroneKorkN 2026-05-15 16:56:51 +0200
• 4339289bad
  
  fix(left4me): drop ProcSubset=pid from server unit too CroneKorkN 2026-05-15 16:44:22 +0200
• caf2332051
  
  fix(left4me): bind /var/lib/left4me/.steam + /opt/left4me/steam into server unit CroneKorkN 2026-05-15 16:42:17 +0200
• 6bba2b04f7
  
  fix(left4me): force +sv_lan 0 alongside +ip 0.0.0.0 CroneKorkN 2026-05-15 16:35:47 +0200
• f5bce30a4a
  
  fix(left4me): srcds binds RCON to all interfaces + close external TCP CroneKorkN 2026-05-15 16:30:00 +0200
• 656be1cf69
  
  fix(left4me): move ProcSubset=pid from COMMON to SERVER-only CroneKorkN 2026-05-15 16:14:33 +0200
• 3ce1ee486e
  
  bundles/left4me: drop l4d2-sandbox user; tighten /var/lib/left4me to 0755 CroneKorkN 2026-05-15 15:51:21 +0200
• 130b0b1c9c
  
  bundles/left4me: ship kernel.yama.ptrace_scope=2 sysctl drop-in CroneKorkN 2026-05-15 14:51:26 +0200
• c6721e7545
  
  bundles/left4me: spread HARDENING_WEB into left4me-web.service CroneKorkN 2026-05-15 14:49:10 +0200
• 640461c87a
  
  bundles/left4me: spread HARDENING_SERVER into left4me-server@.service CroneKorkN 2026-05-15 14:46:58 +0200
• 85b9af0aaa
  
  bundles/left4me: add HARDENING_{COMMON,SERVER,WEB} constants CroneKorkN 2026-05-15 14:42:26 +0200
• 91b7265136
  
  left4me: install_left4me_scripts reads from scripts/{libexec,sbin}/ CroneKorkN 2026-05-15 12:08:36 +0200
• 3ccaa919ee
  
  left4me: install privileged scripts from git_deploy artifact CroneKorkN 2026-05-15 00:46:31 +0200
• 9fbd84c3b5
  
  left4me: tighten host.env to 0640 root:left4me CroneKorkN 2026-05-12 22:57:21 +0200
• 1039e23671
  
  left4me: prefix steam_web_api_key vault value with !decrypt: CroneKorkN 2026-05-12 22:57:21 +0200
• 1445aaff0a
  
  left4me: wire STEAM_WEB_API_KEY through to web.env CroneKorkN 2026-05-12 22:42:51 +0200
• 7ad9bbcec3
  
  left4me: schedule daily workshop-refresh via systemd-timers CroneKorkN 2026-05-12 10:29:45 +0200
• 508111eb39
  
  AGENTS.md: drop the 6th ccc rule CroneKorkN 2026-05-11 00:26:12 +0200
• c6caf2a1cf
  
  left4me: per-node system_cpus set; pin HT siblings on ovh.left4me CroneKorkN 2026-05-11 00:20:28 +0200
• 1b3f3ecf97
  
  left4me: per-slice AllowedCPUs= driven by system_core_count CroneKorkN 2026-05-11 00:04:35 +0200
• 1d30830824
  
  left4me: install steamcmd + drop importability gate on pip_install CroneKorkN 2026-05-10 22:46:45 +0200
• 524ad6e89b
  
  nginx: SSE-friendly proxy_pass + unconditional $connection_upgrade map CroneKorkN 2026-05-10 22:12:03 +0200
• 99d68a5135
  
  AGENTS.md: soften 6th rule — ccc is an option, not a mandate CroneKorkN 2026-05-10 21:36:59 +0200
• 852a65a6f6
  
  AGENTS.md: 6th rule — try ccc search before grep for concept queries CroneKorkN 2026-05-10 21:32:08 +0200
• 09d236ded5
  
  left4me: trigger alembic_upgrade from git_deploy (catch migrations on code updates) CroneKorkN 2026-05-10 21:27:40 +0200
• 7265c4aab1
  
  letsencrypt: depend on bind9-dnsutils (dnsutils is a trixie transitional) CroneKorkN 2026-05-10 21:03:16 +0200
• b5662f7ea7
  
  left4me: explicit source for /usr/local/sbin/left4me (basename collides) CroneKorkN 2026-05-10 21:01:18 +0200
• b8648cb53f
  
  left4me: ship a /usr/local/sbin/left4me wrapper for the flask CLI CroneKorkN 2026-05-10 21:00:16 +0200
• 6f2073847d
  
  nginx/README: how port 80 is served + vm/cores requirement CroneKorkN 2026-05-10 20:47:47 +0200
• 6cc823613a
  
  bind/README: applying changes needs both master and slave nodes CroneKorkN 2026-05-10 20:46:00 +0200
• 05abe52221
  
  letsencrypt/README: first-apply, DNS-01 prereqs, negative-cache CroneKorkN 2026-05-10 20:43:52 +0200
• 7a579f27c5
  
  agents/bundles: file: source defaults to destination basename CroneKorkN 2026-05-10 20:40:42 +0200
• 0e88c4967e
  
  docs/specs: round-2 agents-md refactor design (gaps 7-12) CroneKorkN 2026-05-10 20:39:40 +0200
• 69bcac421a
  
  agents/bundles: triggers/triggered:True invariant + self-healing CroneKorkN 2026-05-10 20:29:10 +0200
• 59788f315a
  
  agents/bundles: reactors must read metadata or be defaults CroneKorkN 2026-05-10 20:28:31 +0200
• d3068ba8f6
  
  agents: nodes carry only node-specific metadata CroneKorkN 2026-05-10 20:27:52 +0200
• b5e72a3ac3
  
  agents: bundle validation needs a node attached CroneKorkN 2026-05-10 20:27:13 +0200
• 0a9f3dae88
  
  agents/commands: read-only command cheat sheet CroneKorkN 2026-05-10 20:26:27 +0200
• 422a275d97
  
  agents: drop bw bundles, add bw verify to read-only allowlist CroneKorkN 2026-05-10 20:25:43 +0200
• 3ed0264be6
  
  docs/specs: round-1 agents-md refactor design (gaps 1-6) CroneKorkN 2026-05-10 20:24:03 +0200
• d49259ff07
  
  nginx: move 80.conf to sites-available so it's actually included CroneKorkN 2026-05-10 19:59:17 +0200
• ed141a9300
  
  left4me: drop chown_src from git_deploy triggers (self-healing now) CroneKorkN 2026-05-10 18:58:30 +0200
• 9d17c69b22
  
  left4me: make chown_src self-healing too CroneKorkN 2026-05-10 18:57:50 +0200
• 5bf95cb065
  
  left4me: drop pip_install from pip_upgrade triggers (pip_install now always-runs) CroneKorkN 2026-05-10 18:56:30 +0200
• cac04a456b
  
  left4me: make pip_install self-healing on every apply CroneKorkN 2026-05-10 18:55:24 +0200
• c2cc3866f3
  
  left4me: chown /opt/left4me/src after git_deploy CroneKorkN 2026-05-10 18:52:37 +0200
• d548235dfe
  
  left4me: declare /opt/left4me/src as a directory: item CroneKorkN 2026-05-10 18:51:05 +0200
• 149ce6c870
  
  left4me: use https git URL so bw clones locally per-apply CroneKorkN 2026-05-10 18:49:10 +0200
• 0479c96ae9
  
  gitignore: add bundlewrap git_deploy_repos map (operator-specific paths) CroneKorkN 2026-05-10 18:43:59 +0200
• 5d69180466
  
  left4me: terse bundle-membership asserts CroneKorkN 2026-05-10 18:34:09 +0200
• 7d3554f8a5
  
  left4me: split derived_from_domain into one reactor per consumer CroneKorkN 2026-05-10 18:33:11 +0200
• fc66267656
  
  left4me: reuse nginx bundle's auto-monitoring via check_path CroneKorkN 2026-05-10 18:31:52 +0200
• 758660b131
  
  left4me: drop redundant letsencrypt/domains from reactor CroneKorkN 2026-05-10 18:29:15 +0200
• 7b291acca1
  
  left4me: refresh README + opt ovh.left4me in via groups CroneKorkN 2026-05-10 18:24:03 +0200
• 90f14b69e4
  
  left4me: pull node-agnostic metadata into the bundle CroneKorkN 2026-05-10 18:23:34 +0200
• 3bffd7b8f5
  
  bind-acme: guard against letsencrypt clients without internal LAN CroneKorkN 2026-05-10 18:23:21 +0200
• 43f0c57438
  
  groups: add applications/left4me CroneKorkN 2026-05-10 18:08:36 +0200
• d425afad02
  
  left4me: write bundle README CroneKorkN 2026-05-10 18:07:58 +0200
• f9bf289ef0
  
  left4me: assert nftables + systemd bundle membership CroneKorkN 2026-05-10 18:06:35 +0200
• a8fc3f2298
  
  left4me: fix bundle defects surfaced by real-node validation CroneKorkN 2026-05-10 18:05:38 +0200
• c82737b162
  
  left4me: contribute uid-based DSCP/priority marks to nftables/output CroneKorkN 2026-05-10 17:53:17 +0200
• b1edcac3c7
  
  left4me: enable+start left4me-web.service via systemd/services CroneKorkN 2026-05-10 17:49:50 +0200
• 72da6c0a8d
  
  left4me: pin EnvironmentFile order via tuples (was sets) CroneKorkN 2026-05-10 17:48:03 +0200
• 6965441e9a
  
  left4me: emit server@ template + game/build slice units CroneKorkN 2026-05-10 17:43:25 +0200
• 6bf46ce9a4
  
  left4me: emit left4me-web.service via systemd/units reactor CroneKorkN 2026-05-10 17:38:15 +0200
• def010c976
  
  left4me: git_deploy + venv/pip/alembic/seed action chain CroneKorkN 2026-05-10 17:32:19 +0200
• 433c403ddc
  
  left4me: validate sudoers file with visudo before install CroneKorkN 2026-05-10 17:29:01 +0200
• 80d2a79b97
  
  left4me: declare directories, users, files, sysctl-reload action CroneKorkN 2026-05-10 17:23:03 +0200
• e842e7caa6
  
  left4me: wire LEFT4ME_PORT_RANGE_{START,END} into web.env CroneKorkN 2026-05-10 17:19:02 +0200
• 3afd4d60cc
  
  left4me: add Mako templates for host.env and web.env CroneKorkN 2026-05-10 17:14:36 +0200
• 6db792ce6a
  
  left4me: vendor privileged helpers + sudoers/sysctl/sandbox-resolv CroneKorkN 2026-05-10 17:10:17 +0200
• 7547d041a2
  
  left4me: scaffold bundle (items/metadata/README stubs) CroneKorkN 2026-05-10 17:05:13 +0200
• cc1c6a5767
  
  systemd: accept .slice extension in unit-file routing CroneKorkN 2026-05-10 17:00:45 +0200
• af78e40fda
  
  left4me wireguard CroneKorkN 2026-05-10 16:57:52 +0200
• c6bf2e0fc8
  
  spec: banner stale sections so partial readers see the pivot CroneKorkN 2026-05-10 16:14:12 +0200
• d4dedde0ad
  
  add implementation plan to repo CroneKorkN 2026-05-10 16:07:35 +0200
• 7b44a8ad3a
  
  spec/handoff: record per-bundle README pivot CroneKorkN 2026-05-10 16:06:25 +0200
• 9e1bb2ac45
  
  docs: per-bundle docs are README.md, not AGENTS.md CroneKorkN 2026-05-10 16:02:24 +0200
• 04558a9189
  
  docs: scaffold agent-friendly entry points (Phase 1) CroneKorkN 2026-05-10 15:44:45 +0200
• 730625e36c
  
  libs/hooks/bin: add one-line module docstrings and # purpose: headers CroneKorkN 2026-05-10 15:36:19 +0200
• 136313e9c3
  
  add implementation handoff for the next session CroneKorkN 2026-05-10 15:28:34 +0200
• 1da70970e5
  
  README: drop stale 'install bw fork' instruction CroneKorkN 2026-05-10 15:19:44 +0200
• 3daf70dae7
  
  spec: incorporate fork pivot and bw-syntax corrections CroneKorkN 2026-05-10 15:19:17 +0200
• b804350f17
  
  add user-stories validation doc CroneKorkN 2026-05-10 15:14:38 +0200
• 7486c78ae1
  
  switch bundlewrap install to editable from CroneKorkN/bundlewrap@main CroneKorkN 2026-05-10 15:14:31 +0200
• c03b033ad9
  
  macbook dummy CroneKorkN 2026-05-10 11:57:26 +0200