cronekorkn/left4me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
left4me/docs/superpowers/specs
History
mwiegand a9bbc209ae
spec: handoff for replacing script-sandbox helper with template unit 
The build-time idmap landing today required a nsenter self-wrap in
left4me-script-sandbox to escape the web app's PrivateTmp namespace
before pre-creating the idmapped staging bind. Working but band-aid:
the helper is reinventing what a systemd template unit would do
declaratively. Mirror the left4me-server@.service pattern with a
build-overlay@.service template — ExecStartPre does the idmap bind in
PID 1's namespace by default, the hardening flags live in the unit
file, ExecStopPost tears down. Worker switches to sudo systemctl start.

Doc captures full proposed unit, worker rewrite sketch, sudoers
update, migration order, verification steps, and the ~5h estimate
so a future session can pick this up cold and execute.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-15 01:52:57 +02:00
..
2026-05-05-l4d2-host-smoke-test-design.md chore(l4d2): flatten component layout 2026-05-05 23:47:06 +02:00
2026-05-06-l4d2-install-logging-design.md fix(deploy): add venv to PATH in left4me-web systemd service 2026-05-06 20:45:37 +02:00
2026-05-06-l4d2-web-auth-pages-design.md fix(l4d2-web): reject encoded unsafe redirects 2026-05-06 13:24:04 +02:00
2026-05-06-l4d2-web-ui-design.md docs(l4d2-web): plan functional web ui 2026-05-06 11:34:23 +02:00
2026-05-06-l4d2host-step-logging-design.md fix(deploy): add venv to PATH in left4me-web systemd service 2026-05-06 20:45:37 +02:00
2026-05-06-left4me-deployment-design.md feat(deploy): add production-like test deployment 2026-05-06 19:30:10 +02:00
2026-05-07-l4d2-global-map-overlays-design.md feat(l4d2-web): managed global map overlays with daily refresh 2026-05-08 08:05:14 +02:00
2026-05-07-l4d2-workshop-overlays-design.md docs(workshop): spec and plan for steam workshop overlays 2026-05-07 16:25:13 +02:00
2026-05-08-kernel-overlayfs-helper-design.md docs(specs): kernel overlayfs migration design + plan 2026-05-08 12:19:26 +02:00
2026-05-08-l4d2-blueprint-overlay-picker-design.md docs(specs): blueprint overlay picker — drag-list + add-dropdown 2026-05-08 21:32:45 +02:00
2026-05-08-l4d2-script-overlays-design.md docs(specs): script overlay type — design + implementation plan 2026-05-08 15:27:14 +02:00
2026-05-08-l4d2-script-sandbox-v2-systemd.md docs(specs): script sandbox v2 — systemd-only design + plan 2026-05-08 16:46:13 +02:00
2026-05-08-l4d2-script-sandbox-v3-egress-filter.md docs(specs): script sandbox v3 — egress filter design + plan 2026-05-08 17:08:47 +02:00
2026-05-08-overlay-file-tree-design.md fix(l4d2-web): file tree fetches in plain JS — vendored htmx is a stub 2026-05-08 20:23:04 +02:00
2026-05-08-server-id-as-host-identifier-design.md feat(l4d2-web): server identity by id, name as display label 2026-05-08 19:22:09 +02:00
2026-05-09-files-overlay-design.md feat(files-overlay): user-managed file content as a third overlay type 2026-05-09 18:59:32 +02:00
2026-05-09-l4d2-cpu-isolation-design.md docs(specs): l4d2 cpu isolation — design 2026-05-09 11:03:37 +02:00
2026-05-09-l4d2-cpu-pinning-decision.md docs(specs): l4d2 cpu pinning — decision record (deferred) 2026-05-09 12:41:40 +02:00
2026-05-09-l4d2-server-host-perf-baseline-design.md docs(specs): perf baseline — fix transient-service phrasing 2026-05-09 09:39:12 +02:00
2026-05-09-l4d2-server-lifecycle-reboot-and-drift-design.md docs(specs): perf baseline lifecycle — premise check on system vs user units 2026-05-09 12:25:34 +02:00
2026-05-10-l4d2-network-shaping-design.md docs(specs): l4d2 network shaping & marking — design 2026-05-10 00:05:44 +02:00
2026-05-11-profile-password-change-design.md docs: design for profile page with self-service password change 2026-05-11 22:21:40 +02:00
2026-05-11-workshop-auto-download-design.md docs: design for workshop auto-download 2026-05-11 22:28:20 +02:00
2026-05-12-server-live-state-display-design.md refactor(rcon): harden _parse_duration; surface fixture handler errors 2026-05-12 21:39:32 +02:00
2026-05-13-rcon-password-display-design.md docs: add rcon password display design spec 2026-05-13 11:35:46 +02:00
2026-05-13-server-hostname-design.md docs: add server hostname cvar design spec 2026-05-13 14:19:57 +02:00
2026-05-15-build-overlay-unit-design.md spec: handoff for replacing script-sandbox helper with template unit 2026-05-15 01:52:57 +02:00
2026-05-15-deploy-dir-rethink-design.md spec: handoff doc for rethinking deploy/ dir architecture 2026-05-15 00:53:55 +02:00