cronekorkn

0 followers · 0 following

• Joined on 2021-06-13

Repositories

22

Projects Packages Code Public activity Starred repositories

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 19:38:46 +02:00

2834ad4911 deploy: move scripts/{libexec,sbin}/ into deploy/scripts/

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 19:30:36 +02:00

55d5ab4017 plan(deployment-responsibility): mark Task 3 done

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 19:28:49 +02:00

2c4bf1a27f deploy/tests: add visudo syntax test for the sudoers drop-in

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 19:24:36 +02:00

3703749252 deploy/hardening: drop ProcSubset=pid from the server drop-in (regression fix)

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 19:17:03 +02:00

e9c172a619 deploy: extract hardening into drop-in files alongside the units

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 19:00:39 +02:00

949f1bae78 deploy/sysctl: absorb kernel.yama.ptrace_scope into the drop-in

672fd9660b plan(deployment-responsibility): five-task migration with sysctl canary

ddf97b3a05 spec(deployment-responsibility): mark handoff resolved by the design doc

c446f6c8eb spec(deployment-responsibility): design — symlink hardening drop-ins, sudoers, sysctl, helpers

434ee20339 refactor(deploy): venv + steam now under /var/lib/left4me

Compare 6 commits »

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 17:11:18 +02:00

f3fe49c60e fix(left4me): bind /var/lib/left4me/workshop_cache into server unit

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 16:56:53 +02:00

9a4e184378 left4me: drop +sv_lan 0 from srcds ExecStart

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 16:44:23 +02:00

4339289bad fix(left4me): drop ProcSubset=pid from server unit too

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 16:42:18 +02:00

caf2332051 fix(left4me): bind /var/lib/left4me/.steam + /opt/left4me/steam into server unit

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 16:35:49 +02:00

6bba2b04f7 fix(left4me): force +sv_lan 0 alongside +ip 0.0.0.0

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 16:30:02 +02:00

f5bce30a4a fix(left4me): srcds binds RCON to all interfaces + close external TCP

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 16:14:42 +02:00

6cf4517a88 fix(deploy/files): drop ProcSubset=pid from web reference unit

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 16:14:35 +02:00

656be1cf69 fix(left4me): move ProcSubset=pid from COMMON to SERVER-only

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 15:56:40 +02:00

15c620f95c spec(deployment-responsibility): handoff for brainstorming the deploy split

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 15:51:30 +02:00

3ce1ee486e bundles/left4me: drop l4d2-sandbox user; tighten /var/lib/left4me to 0755

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 15:51:25 +02:00

8971b23617 refactor(sandbox): collapse l4d2-sandbox user into left4me

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 15:39:52 +02:00

146cb01450 plan(uid-collapse): drop l4d2-sandbox user; handoff to next session

cronekorkn pushed to master at cronekorkn/left4me 2026-05-15 15:17:08 +02:00

f5f8db84ef spec(session-handoff): hardening refactor landed and verified on left4.me

cronekorkn pushed to master at cronekorkn/bundlewrap 2026-05-15 14:59:55 +02:00

130b0b1c9c bundles/left4me: ship kernel.yama.ptrace_scope=2 sysctl drop-in

c6721e7545 bundles/left4me: spread HARDENING_WEB into left4me-web.service

640461c87a bundles/left4me: spread HARDENING_SERVER into left4me-server@.service

85b9af0aaa bundles/left4me: add HARDENING_{COMMON,SERVER,WEB} constants

91b7265136 left4me: install_left4me_scripts reads from scripts/{libexec,sbin}/

Compare 6 commits »