left4me

History

mwiegand 3256ed2ab1 spec(hardening-refactor): design — drop-ins owned by left4me, ckn-bw deploys Hardening composition is application knowledge (which paths to bind, that srcds is i386, what breaks sudo). It belongs in the left4me repo as drop-in .conf files under deploy/files/etc/systemd/system/<unit>.d/. ckn-bw shrinks: keeps the base units in its reactor, removes the hardening keys, ships the drop-ins to /etc/systemd/system/. Existing educational reference units in deploy/files/.../*.service are deleted in favor of the drop-ins, which carry per-directive comments. Broader configmgmt-responsibility reshape (base units leaving the reactor) deliberately deferred to a future session. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-15 14:05:38 +02:00
..
plans	spec(deploy-dir-rethink): plan + mark adjacent specs resolved	2026-05-15 12:05:53 +02:00
specs	spec(hardening-refactor): design — drop-ins owned by left4me, ckn-bw deploys	2026-05-15 14:05:38 +02:00

spec(hardening-refactor): design — drop-ins owned by left4me, ckn-bw deploys

Hardening composition is application knowledge (which paths to bind, that
srcds is i386, what breaks sudo). It belongs in the left4me repo as
drop-in .conf files under deploy/files/etc/systemd/system/<unit>.d/.
ckn-bw shrinks: keeps the base units in its reactor, removes the
hardening keys, ships the drop-ins to /etc/systemd/system/. Existing
educational reference units in deploy/files/.../*.service are deleted in
favor of the drop-ins, which carry per-directive comments. Broader
configmgmt-responsibility reshape (base units leaving the reactor)
deliberately deferred to a future session.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-15 14:05:38 +02:00

plans

spec(deploy-dir-rethink): plan + mark adjacent specs resolved

2026-05-15 12:05:53 +02:00

specs

spec(hardening-refactor): design — drop-ins owned by left4me, ckn-bw deploys

2026-05-15 14:05:38 +02:00