cronekorkn/left4me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Commit graph

  • a7580ea759
         deploy/tests: assert both hardening drop-ins allow x86 syscalls mwiegand 2026-05-15 20:35:18 +0200
  • e28d4fad8c
         l4d2web/csp: allow Steam avatar CDN in img-src mwiegand 2026-05-15 20:23:29 +0200
  • b13d164931
         spec(uv-workspace): handoff for the venv-chain → uv workspace migration mwiegand 2026-05-15 20:16:38 +0200
  • 55b013833b
         deploy/hardening: allow x86 syscalls on web drop-in (steamcmd is 32-bit) mwiegand 2026-05-15 20:14:26 +0200
  • 450f9f1591
         deploy/docs+cleanup: describe symlink model; drop stale scripts/ tracked paths mwiegand 2026-05-15 19:48:59 +0200
  • 2834ad4911
         deploy: move scripts/{libexec,sbin}/ into deploy/scripts/ mwiegand 2026-05-15 19:38:42 +0200
  • 55d5ab4017
         plan(deployment-responsibility): mark Task 3 done mwiegand 2026-05-15 19:30:35 +0200
  • 2c4bf1a27f
         deploy/tests: add visudo syntax test for the sudoers drop-in mwiegand 2026-05-15 19:28:45 +0200
  • 3703749252
         deploy/hardening: drop ProcSubset=pid from the server drop-in (regression fix) mwiegand 2026-05-15 19:24:34 +0200
  • e9c172a619
         deploy: extract hardening into drop-in files alongside the units mwiegand 2026-05-15 19:16:59 +0200
  • 949f1bae78
         deploy/sysctl: absorb kernel.yama.ptrace_scope into the drop-in mwiegand 2026-05-15 19:00:35 +0200
  • 672fd9660b
         plan(deployment-responsibility): five-task migration with sysctl canary mwiegand 2026-05-15 18:57:45 +0200
  • ddf97b3a05
         spec(deployment-responsibility): mark handoff resolved by the design doc mwiegand 2026-05-15 18:51:12 +0200
  • c446f6c8eb
         spec(deployment-responsibility): design — symlink hardening drop-ins, sudoers, sysctl, helpers mwiegand 2026-05-15 18:48:13 +0200
  • 434ee20339
         refactor(deploy): venv + steam now under /var/lib/left4me mwiegand 2026-05-15 17:56:32 +0200
  • ff2b5c4c5a
         spec(noneditable-install): handoff for the install refactor prereq mwiegand 2026-05-15 16:53:19 +0200
  • 6cf4517a88
         fix(deploy/files): drop ProcSubset=pid from web reference unit mwiegand 2026-05-15 16:14:40 +0200
  • 15c620f95c
         spec(deployment-responsibility): handoff for brainstorming the deploy split mwiegand 2026-05-15 15:56:38 +0200
  • 8971b23617
         refactor(sandbox): collapse l4d2-sandbox user into left4me mwiegand 2026-05-15 15:50:57 +0200
  • 146cb01450
         plan(uid-collapse): drop l4d2-sandbox user; handoff to next session mwiegand 2026-05-15 15:39:51 +0200
  • f5f8db84ef
         spec(session-handoff): hardening refactor landed and verified on left4.me mwiegand 2026-05-15 15:17:06 +0200
  • f615d0de75
         spec(user-uid-split): mark superseded by the hardening refactor mwiegand 2026-05-15 14:59:13 +0200
  • 37309ba399
         spec(hardening-test-plan): fix four bugs surfaced by executor mwiegand 2026-05-15 14:58:46 +0200
  • 8e678b6765
         deploy/files: annotate reference units with per-directive hardening comments mwiegand 2026-05-15 14:54:10 +0200
  • 7c64910c90
         spec(hardening-refactor): resolve emitter open items mwiegand 2026-05-15 14:39:11 +0200
  • b1293f9952
         plan(hardening-refactor): implementation plan against the proven composition mwiegand 2026-05-15 14:25:25 +0200
  • 81dc29a9c3
         spec(hardening-refactor): revise design — inline-in-reactor, defer drop-in reshape mwiegand 2026-05-15 14:16:02 +0200
  • 3256ed2ab1
         spec(hardening-refactor): design — drop-ins owned by left4me, ckn-bw deploys mwiegand 2026-05-15 14:05:38 +0200
  • 152c313315
         spec(session-handoff): point next session at hardening-refactor plan mwiegand 2026-05-15 13:43:37 +0200
  • 461b8d028f
         spec(hardening): test plan executed on left4.me — results recorded mwiegand 2026-05-15 13:39:50 +0200
  • 1df811e62a
         spec(hardening): threat model + defenses survey + test plan; pivot handoff mwiegand 2026-05-15 13:07:40 +0200
  • 9a2ab974e6
         spec: session handoff pointing next session at uid-split mwiegand 2026-05-15 12:17:55 +0200
  • 4aa69c2461
         spec(janitorial): mark items 8, 9 resolved after on-host verification mwiegand 2026-05-15 12:14:34 +0200
  • 8f30dd7754
         docs: correct stale bubblewrap references in v1 spec + live docstring mwiegand 2026-05-15 12:12:31 +0200
  • 160911fbca
         spec(deploy-dir-rethink): plan + mark adjacent specs resolved mwiegand 2026-05-15 12:05:53 +0200
  • 5284e28af7
         refactor: move privileged scripts to scripts/{libexec,sbin}/; deploy/ is reference mwiegand 2026-05-15 12:05:30 +0200
  • e38b844978
         docs: janitorial cleanup checklist + L4D2 server cvar reference mwiegand 2026-05-15 02:05:12 +0200
  • a450491a90
         spec(uid-split): note these are system units, not user units mwiegand 2026-05-15 01:59:56 +0200
  • 62cf6cdd56
         spec: handoff for revisiting 1/2/3-user split for left4me mwiegand 2026-05-15 01:58:09 +0200
  • 28b0ff951b
         spec(build-overlay-unit): flag DB-fetch-in-ExecStartPre as an option mwiegand 2026-05-15 01:54:41 +0200
  • a9bbc209ae
         spec: handoff for replacing script-sandbox helper with template unit mwiegand 2026-05-15 01:52:57 +0200
  • 7a25c2453c
         fix(left4me-script-sandbox): self-wrap into PID 1's mount namespace mwiegand 2026-05-15 01:33:13 +0200
  • 48381089d3
         refactor(left4me-overlay): move uid translation to script-sandbox build mwiegand 2026-05-15 01:20:39 +0200
  • bc25d423aa
         plan(left4me): move idmap from gameserver mount to script-sandbox build mwiegand 2026-05-15 01:15:46 +0200
  • dd918aca4b
         fix(left4me-overlay): use /proc/self/mountinfo to detect bind mounts mwiegand 2026-05-15 01:02:18 +0200
  • 2b20bffeb8
         spec: handoff doc for rethinking deploy/ dir architecture mwiegand 2026-05-15 00:53:55 +0200
  • f5e36eef79
         deploy: claim /usr/local/sbin/left4me admin CLI in deploy/files mwiegand 2026-05-15 00:41:06 +0200
  • f231ebcb0d
         doc(deploy): clarify ckn-bw verbatim-sync workflow for shipped files mwiegand 2026-05-14 23:57:31 +0200
  • e4101de7a5
         test(deploy): assert left4me-overlay idmaps sandbox-owned lowerdirs mwiegand 2026-05-14 23:56:36 +0200
  • 90531864b3
         harden(left4me-overlay): fix idmap collision risk, gate test stubs on PRINT_ONLY, wrap os.stat mwiegand 2026-05-14 23:53:32 +0200
  • 2f6a9cfba0
         feat(left4me-overlay): idmap bind mounts for l4d2-sandbox-owned lowerdirs mwiegand 2026-05-14 23:48:07 +0200
  • 3a2c379b71
         plan(left4me-overlay): idmap lowerdir bind mounts for cross-uid copy-up mwiegand 2026-05-14 23:42:36 +0200
  • bbb2b983bc
         harden(l4d2web): per-username login rate limit alongside per-IP mwiegand 2026-05-14 22:26:20 +0200
  • 0e2a78e065
         secure(l4d2web): block non-admin writes on system overlays; last-admin guard on deactivate mwiegand 2026-05-14 22:24:19 +0200
  • 74b7f61437
         harden(l4d2web): default security response headers and generic error handlers mwiegand 2026-05-14 22:21:36 +0200
  • 2902c9cc82
         harden(l4d2web): auth/session — clear on login+logout, constant-time CSRF, role-change invalidation mwiegand 2026-05-14 22:18:46 +0200
  • 66d14feca5
         refactor(l4d2-web): harden console-history.js against HTMX version drift and races mwiegand 2026-05-14 21:42:05 +0200
  • 6f49efd44a
         feat(l4d2-web): console panel UI on server detail page mwiegand 2026-05-14 21:39:21 +0200
  • ecc4aa28c6
         refactor(l4d2-web): tighten console route limit test and dedupe is_error mwiegand 2026-05-14 21:35:22 +0200
  • 553b280e40
         feat(l4d2-web): backend for RCON console with persisted transcript mwiegand 2026-05-14 21:32:13 +0200
  • c4dffd471b
         feat(l4d2-web): add command_history table for RCON console transcript mwiegand 2026-05-14 21:26:56 +0200
  • 9ef9ffdbde
         chore(l4d2-web): clarify rcon req_id constants and helper docstring mwiegand 2026-05-14 21:24:41 +0200
  • 085fd714a5
         feat(l4d2-web): add execute_command to rcon service with full test coverage mwiegand 2026-05-14 21:21:41 +0200
  • 1d3eb51871
         docs(plan): RCON console on server detail page mwiegand 2026-05-14 21:14:06 +0200
  • 6cc1736f17
         feat(l4d2-web): add hostname edit form to server detail page mwiegand 2026-05-13 15:42:46 +0200
  • 963851c0e1
         feat(l4d2-web): emit hostname in spec config with ephemeral fallback mwiegand 2026-05-13 15:31:12 +0200
  • d42383dc37
         chore: add dev.db and opencode.json to gitignore mwiegand 2026-05-13 14:29:57 +0200
  • 69d93dda4f
         feat(l4d2-web): accept hostname on server update, default empty on create mwiegand 2026-05-13 14:26:46 +0200
  • 0a7f48f174
         feat(l4d2-web): add hostname column to Server model mwiegand 2026-05-13 14:24:47 +0200
  • f3f0a8927a
         docs: add server hostname implementation plan mwiegand 2026-05-13 14:21:30 +0200
  • fcf3143b39
         docs: add server hostname cvar design spec mwiegand 2026-05-13 14:19:57 +0200
  • fe43f67b51
         feat: include password-reveal.js in base template mwiegand 2026-05-13 11:37:47 +0200
  • ab83f5fd2b
         feat: add RCON password row to server detail page mwiegand 2026-05-13 11:37:28 +0200
  • d9aa6bd395
         feat: add password reveal toggle JS mwiegand 2026-05-13 11:36:40 +0200
  • e75feb0649
         docs: add rcon password display implementation plan mwiegand 2026-05-13 11:36:08 +0200
  • 358a835d65
         docs: add rcon password display design spec mwiegand 2026-05-13 11:35:46 +0200
  • d113b7821c
         fix(live-state): remove loading=lazy from avatars to fix Firefox/Safari flash mwiegand 2026-05-12 23:34:53 +0200
  • 175e4e653c
         fix(live-state): eliminate flash on poll by switching to innerHTML swap mwiegand 2026-05-12 23:26:54 +0200
  • 096d18ac64
         feat(live-state): use Steam avatarfull (184x184), downscale in CSS mwiegand 2026-05-12 23:17:51 +0200
  • 6cbe7dc9f2
         feat(live-state): link player cards to their Steam profile mwiegand 2026-05-12 22:51:50 +0200
  • 674c4df360
         deploy: add STEAM_WEB_API_KEY to web.env template mwiegand 2026-05-12 22:25:03 +0200
  • 37a9ad68a2
         fix(live-state): cast poll_seconds to int for HTMX hx-trigger mwiegand 2026-05-12 22:23:15 +0200
  • 9aaa26d9a9
         feat(servers): add live-state panel with current and recent players mwiegand 2026-05-12 22:20:01 +0200
  • b00a3cceea
         test(live-state): assert stale server's map is not rendered in the badge mwiegand 2026-05-12 22:17:02 +0200
  • 072d9f78e7
         feat(servers): show live counts + map badge in server list mwiegand 2026-05-12 22:14:57 +0200
  • 0dc61d5de4
         feat(live-state): start daemon poller, prune history, close stuck sessions mwiegand 2026-05-12 22:10:55 +0200
  • be476112ee
         feat(live-state): enrich roster with cached Steam profiles mwiegand 2026-05-12 22:02:58 +0200
  • 33899f8c17
         feat(live-state): reconcile player sessions on each poll mwiegand 2026-05-12 21:58:30 +0200
  • c9cd2557fd
         style(live-state): drop unused imports staged for later tasks mwiegand 2026-05-12 21:55:36 +0200
  • f48d624dcc
         feat(live-state): poller writes RLE snapshots to server_live_state mwiegand 2026-05-12 21:53:58 +0200
  • f88d07a473
         feat(steam): add GetPlayerSummaries client mwiegand 2026-05-12 21:48:02 +0200
  • 465a103c3a
         feat(servers): generate rcon_password on server create mwiegand 2026-05-12 21:43:56 +0200
  • 2a440dae45
         feat(facade): append rcon_password as final server.cfg line mwiegand 2026-05-12 21:40:56 +0200
  • 83d2a9932c
         refactor(rcon): harden _parse_duration; surface fixture handler errors mwiegand 2026-05-12 21:39:32 +0200
  • b95a82b8a4
         feat(rcon): add Source RCON client + status parser mwiegand 2026-05-12 21:31:32 +0200
  • e25e7098f6
         refactor(live-state): drop redundant ix_sps_server_recent index mwiegand 2026-05-12 21:27:01 +0200
  • 0f825686c6
         feat(live-state): add schema for snapshots, sessions, steam profiles mwiegand 2026-05-12 21:18:24 +0200
  • a5f7b736a2
         docs/plan: server live-state display implementation plan mwiegand 2026-05-12 21:10:33 +0200
  • 202026e11a
         docs/spec: add server live-state display design mwiegand 2026-05-12 21:03:26 +0200
  • e52219b1e9
         deploy: weaken refresh-timer dep on web.service from Requires to Wants mwiegand 2026-05-11 23:22:42 +0200