No description

Find a file

mwiegand 593611e194 fix(deploy): drop PrivateTmp on web service so fuse mounts propagate PrivateTmp=true gives the unit a private mount namespace. The worker's fuse-overlayfs mount lives only inside that namespace, so the host cannot see it and the gameserver unit (started via systemctl, with its own namespace inherited from the host) also cannot see it. The gameserver unit then fails CHDIR on /var/lib/left4me/runtime/<name>/merged/left4dead2. The mount must land in the host namespace so the gameserver unit inherits it at unshare time. Remaining hardening: dedicated user, ProtectSystem=full, ReadWritePaths, sudoers allowlist limited to two helper scripts. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-05-07 01:57:43 +02:00
deploy	fix(deploy): drop PrivateTmp on web service so fuse mounts propagate	2026-05-07 01:57:43 +02:00
docs/superpowers	docs: add server port constraint implementation plan	2026-05-06 20:53:50 +02:00
l4d2host	security: harden boundary inputs and production defaults	2026-05-07 00:53:33 +02:00
l4d2web	feat(web): blueprint-prefilled create-server flow + empty-state CTA	2026-05-07 01:47:33 +02:00
.gitignore	chore: ignore code index files	2026-05-05 23:48:39 +02:00
AGENTS.md	feat(deploy): add production-like test deployment	2026-05-06 19:30:10 +02:00
README.md	feat(deploy): add production-like test deployment	2026-05-06 19:30:10 +02:00

README.md

left4me

left4me is a local L4D2 server management platform with two planned components:

l4d2host + l4d2ctl (host library + CLI)
l4d2-web-app (Flask web app for users, blueprints, servers, jobs, and logs)

Status

Implementation plans remain the source of truth for architecture and task sequencing:

docs/superpowers/plans/2026-04-22-l4d2-host-lib-v1.md
docs/superpowers/plans/2026-04-23-l4d2-web-app-v1.md

Locked v1 Decisions

Naming is strictly l4d2 (not l4d).
Host library and web app are separate components.
Host CLI write commands are fixed to:
- install
- initialize <name> -f <spec.yaml>
- start <name>
- stop <name>
- delete <name>
Host CLI read commands are available for the web/host boundary:
- status <name> --json
- logs <name> --lines <n> --follow/--no-follow
The web app calls host operations through l4d2ctl, not direct l4d2host imports.
Deployment uses /var/lib/left4me for runtime state, /opt/left4me for repository contents and the virtualenv, /etc/left4me for environment files, and global units under /usr/local/lib/systemd/system.
Overlay handling is directory-based and externally populated.
No lock manager, no rollback, no preflight checks in host library.
CLI propagates subprocess failures via stderr and return code.
delete on missing instance is no-op success.
Blueprint model (web app):
- user-private in v1
- servers are live-linked to blueprint
- no per-server overrides
- delete blueprint blocked when linked servers exist
- blueprint changes apply on next action
- server can reassign blueprint anytime

Planned Repository Layout

l4d2host/
l4d2web/
deploy/
docs/superpowers/plans/

Deployment

See deploy/README.md for the Linux test deployment contract, including the runtime user, target filesystem layout, systemd units, privileged helpers, sudoers rules, admin bootstrap, and overlay reference rules.

Tech Stack (planned)

Python 3.12+
Typer, PyYAML, pytest
Flask, SQLAlchemy, Alembic
HTMX (vendored locally), custom CSS, SSE
systemd user units, fuse-overlayfs, steamcmd

Recommended Implementation Order

Implement l4d2host plan first.
Implement l4d2web plan second.
Keep tests green task-by-task (TDD flow from plans).
Keep commits small and aligned with plan tasks.

Contributing Notes

Follow plan task order unless explicitly re-planned.
Keep contracts above unchanged unless the user asks to change them.
Update plan docs when scope or behavior changes.