cronekorkn/left4me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
left4me/README.md
mwiegand 9985ecc56c
chore(deploy): cleanup left4me-web hardening + docs for kernel overlayfs 
Drop MountFlags=shared (the assumption that it propagated fuse mounts
to host was incorrect on systemd 257 with ProtectSystem+ReadWritePaths).
Restore PrivateTmp=true (was dropped in 593611e for fuse propagation
that did not work). Rewrite the comment block to describe the new
model: mounts go through the left4me-overlay helper which nsenters
into PID 1's mount namespace, so the unit's mount-ns layout is no
longer load-bearing.

Update the three user-facing READMEs (root, l4d2host, deploy) to drop
fuse-overlayfs / fusermount3 prereqs and call out the kernel overlayfs
mount path through the privileged helper.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 12:29:49 +02:00

72 lines
2.6 KiB
Markdown
Raw Blame History

# left4me
`left4me` is a local L4D2 server management platform with two planned components:
1. `l4d2host` + `l4d2ctl` (host library + CLI)
2. `l4d2-web-app` (Flask web app for users, blueprints, servers, jobs, and logs)
## Status
Implementation plans remain the source of truth for architecture and task sequencing:
- `docs/superpowers/plans/2026-04-22-l4d2-host-lib-v1.md`
- `docs/superpowers/plans/2026-04-23-l4d2-web-app-v1.md`
## Locked v1 Decisions
- Naming is strictly `l4d2` (not `l4d`).
- Host library and web app are separate components.
- Host CLI write commands are fixed to:
- `install`
- `initialize <name> -f <spec.yaml>`
- `start <name>`
- `stop <name>`
- `delete <name>`
- Host CLI read commands are available for the web/host boundary:
- `status <name> --json`
- `logs <name> --lines <n> --follow/--no-follow`
- The web app calls host operations through `l4d2ctl`, not direct `l4d2host` imports.
- Deployment uses `/var/lib/left4me` for runtime state, `/opt/left4me` for repository contents and the virtualenv, `/etc/left4me` for environment files, and global units under `/usr/local/lib/systemd/system`.
- Overlay handling is directory-based; the web app populates each overlay (workshop downloads, managed-global refresh).
- No lock manager, no rollback, no preflight checks in host library.
- CLI propagates subprocess failures via stderr and return code.
- `delete` on missing instance is no-op success.
- Blueprint model (web app):
- user-private in v1
- servers are live-linked to blueprint
- no per-server overrides
- delete blueprint blocked when linked servers exist
- blueprint changes apply on next action
- server can reassign blueprint anytime
## Planned Repository Layout
- `l4d2host/`
- `l4d2web/`
- `deploy/`
- `docs/superpowers/plans/`
## Deployment
See `deploy/README.md` for the Linux test deployment contract, including the runtime user, target filesystem layout, systemd units, privileged helpers, sudoers rules, admin bootstrap, and overlay reference rules.
## Tech Stack (planned)
- Python 3.12+
- Typer, PyYAML, pytest
- Flask, SQLAlchemy, Alembic
- HTMX (vendored locally), custom CSS, SSE
- systemd units, kernel overlayfs (mounted via the `left4me-overlay` privileged helper), steamcmd
## Recommended Implementation Order
1. Implement `l4d2host` plan first.
2. Implement `l4d2web` plan second.
3. Keep tests green task-by-task (TDD flow from plans).
4. Keep commits small and aligned with plan tasks.
## Contributing Notes
- Follow plan task order unless explicitly re-planned.
- Keep contracts above unchanged unless the user asks to change them.
- Update plan docs when scope or behavior changes.
Reference in a new issue View git blame Copy permalink