From 7ac1bd5f4f2cea314f2c510b16bf0dbf1e30c898 Mon Sep 17 00:00:00 2001 From: Betty Date: Tue, 17 Feb 2026 14:16:05 +0100 Subject: [PATCH] Add 62 blog posts generated from git commit history One-shot import of all bojemoi repo commits as Hugo posts. Each post includes metadata, files changed, and diff stats. Co-Authored-By: Claude Opus 4.6 --- .../commits/2026-01-20-commit-63dfe10.md | 20 +++ .../commits/2026-01-20-commit-97c17d7.md | 31 ++++ .../commits/2026-01-21-commit-f33559b.md | 55 ++++++++ .../commits/2026-01-22-commit-1233f8c.md | 130 +++++++++++++++++ .../commits/2026-01-22-commit-97e4a8f.md | 50 +++++++ .../commits/2026-01-22-commit-981cf8a.md | 73 ++++++++++ .../commits/2026-01-22-commit-c7d42c7.md | 48 +++++++ .../commits/2026-01-23-commit-352e6ad.md | 38 +++++ .../commits/2026-01-23-commit-6994c56.md | 47 +++++++ .../commits/2026-01-23-commit-f375554.md | 48 +++++++ .../commits/2026-01-24-commit-63c9ef2.md | 48 +++++++ .../commits/2026-01-25-commit-5a6cf35.md | 36 +++++ .../commits/2026-01-25-commit-e9af572.md | 42 ++++++ .../commits/2026-01-27-commit-032d6b1.md | 43 ++++++ .../commits/2026-01-27-commit-050806e.md | 47 +++++++ .../commits/2026-01-27-commit-2f0bdc4.md | 42 ++++++ .../commits/2026-01-27-commit-674245f.md | 39 +++++ .../commits/2026-01-27-commit-685a098.md | 38 +++++ .../commits/2026-01-27-commit-8c31a66.md | 42 ++++++ .../commits/2026-01-27-commit-bc2bfa1.md | 133 ++++++++++++++++++ .../commits/2026-01-27-commit-f89ff93.md | 38 +++++ .../commits/2026-01-28-commit-8b30908.md | 31 ++++ .../commits/2026-01-29-commit-819f3d0.md | 45 ++++++ .../commits/2026-01-29-commit-ee2d9c7.md | 58 ++++++++ .../commits/2026-01-30-commit-1a2b327.md | 44 ++++++ .../commits/2026-01-30-commit-3e35089.md | 39 +++++ .../commits/2026-02-03-commit-4427a20.md | 86 +++++++++++ .../commits/2026-02-04-commit-068a03f.md | 50 +++++++ .../commits/2026-02-04-commit-592ac8e.md | 43 ++++++ .../commits/2026-02-06-commit-0004051.md | 38 +++++ .../commits/2026-02-06-commit-35d70b7.md | 39 +++++ .../commits/2026-02-06-commit-41c2cf2.md | 44 ++++++ .../commits/2026-02-06-commit-b4b6164.md | 38 +++++ .../commits/2026-02-06-commit-c2a866a.md | 49 +++++++ .../commits/2026-02-07-commit-129aa45.md | 39 +++++ .../commits/2026-02-07-commit-1ef1051.md | 40 ++++++ .../commits/2026-02-07-commit-3c5ad95.md | 42 ++++++ .../commits/2026-02-07-commit-ecbf8c9.md | 38 +++++ .../commits/2026-02-08-commit-332af04.md | 45 ++++++ .../commits/2026-02-08-commit-a1084a4.md | 39 +++++ .../commits/2026-02-09-commit-2ff1a97.md | 38 +++++ .../commits/2026-02-10-commit-1e269fe.md | 35 +++++ .../commits/2026-02-10-commit-72ed6b2.md | 42 ++++++ .../commits/2026-02-10-commit-abbecb5.md | 35 +++++ .../commits/2026-02-10-commit-cc52236.md | 55 ++++++++ .../commits/2026-02-11-commit-01d3c01.md | 45 ++++++ .../commits/2026-02-11-commit-160d83e.md | 40 ++++++ .../commits/2026-02-11-commit-2c863e8.md | 42 ++++++ .../commits/2026-02-11-commit-2de7b82.md | 39 +++++ .../commits/2026-02-11-commit-30fe258.md | 45 ++++++ .../commits/2026-02-13-commit-446afb1.md | 52 +++++++ .../commits/2026-02-13-commit-7d2e3df.md | 53 +++++++ .../commits/2026-02-13-commit-e9882bf.md | 46 ++++++ .../commits/2026-02-13-commit-f83582c.md | 50 +++++++ .../commits/2026-02-14-commit-26fe30f.md | 57 ++++++++ .../commits/2026-02-14-commit-c7af3a7.md | 46 ++++++ .../commits/2026-02-14-commit-d23f0d2.md | 51 +++++++ .../commits/2026-02-15-commit-6a1a266.md | 47 +++++++ .../commits/2026-02-15-commit-e25b3dd.md | 42 ++++++ .../commits/2026-02-16-commit-8af07f6.md | 38 +++++ .../commits/2026-02-16-commit-9eb88b1.md | 38 +++++ .../commits/2026-02-16-commit-e83ddf5.md | 38 +++++ 62 files changed, 2909 insertions(+) create mode 100644 content/posts/commits/2026-01-20-commit-63dfe10.md create mode 100644 content/posts/commits/2026-01-20-commit-97c17d7.md create mode 100644 content/posts/commits/2026-01-21-commit-f33559b.md create mode 100644 content/posts/commits/2026-01-22-commit-1233f8c.md create mode 100644 content/posts/commits/2026-01-22-commit-97e4a8f.md create mode 100644 content/posts/commits/2026-01-22-commit-981cf8a.md create mode 100644 content/posts/commits/2026-01-22-commit-c7d42c7.md create mode 100644 content/posts/commits/2026-01-23-commit-352e6ad.md create mode 100644 content/posts/commits/2026-01-23-commit-6994c56.md create mode 100644 content/posts/commits/2026-01-23-commit-f375554.md create mode 100644 content/posts/commits/2026-01-24-commit-63c9ef2.md create mode 100644 content/posts/commits/2026-01-25-commit-5a6cf35.md create mode 100644 content/posts/commits/2026-01-25-commit-e9af572.md create mode 100644 content/posts/commits/2026-01-27-commit-032d6b1.md create mode 100644 content/posts/commits/2026-01-27-commit-050806e.md create mode 100644 content/posts/commits/2026-01-27-commit-2f0bdc4.md create mode 100644 content/posts/commits/2026-01-27-commit-674245f.md create mode 100644 content/posts/commits/2026-01-27-commit-685a098.md create mode 100644 content/posts/commits/2026-01-27-commit-8c31a66.md create mode 100644 content/posts/commits/2026-01-27-commit-bc2bfa1.md create mode 100644 content/posts/commits/2026-01-27-commit-f89ff93.md create mode 100644 content/posts/commits/2026-01-28-commit-8b30908.md create mode 100644 content/posts/commits/2026-01-29-commit-819f3d0.md create mode 100644 content/posts/commits/2026-01-29-commit-ee2d9c7.md create mode 100644 content/posts/commits/2026-01-30-commit-1a2b327.md create mode 100644 content/posts/commits/2026-01-30-commit-3e35089.md create mode 100644 content/posts/commits/2026-02-03-commit-4427a20.md create mode 100644 content/posts/commits/2026-02-04-commit-068a03f.md create mode 100644 content/posts/commits/2026-02-04-commit-592ac8e.md create mode 100644 content/posts/commits/2026-02-06-commit-0004051.md create mode 100644 content/posts/commits/2026-02-06-commit-35d70b7.md create mode 100644 content/posts/commits/2026-02-06-commit-41c2cf2.md create mode 100644 content/posts/commits/2026-02-06-commit-b4b6164.md create mode 100644 content/posts/commits/2026-02-06-commit-c2a866a.md create mode 100644 content/posts/commits/2026-02-07-commit-129aa45.md create mode 100644 content/posts/commits/2026-02-07-commit-1ef1051.md create mode 100644 content/posts/commits/2026-02-07-commit-3c5ad95.md create mode 100644 content/posts/commits/2026-02-07-commit-ecbf8c9.md create mode 100644 content/posts/commits/2026-02-08-commit-332af04.md create mode 100644 content/posts/commits/2026-02-08-commit-a1084a4.md create mode 100644 content/posts/commits/2026-02-09-commit-2ff1a97.md create mode 100644 content/posts/commits/2026-02-10-commit-1e269fe.md create mode 100644 content/posts/commits/2026-02-10-commit-72ed6b2.md create mode 100644 content/posts/commits/2026-02-10-commit-abbecb5.md create mode 100644 content/posts/commits/2026-02-10-commit-cc52236.md create mode 100644 content/posts/commits/2026-02-11-commit-01d3c01.md create mode 100644 content/posts/commits/2026-02-11-commit-160d83e.md create mode 100644 content/posts/commits/2026-02-11-commit-2c863e8.md create mode 100644 content/posts/commits/2026-02-11-commit-2de7b82.md create mode 100644 content/posts/commits/2026-02-11-commit-30fe258.md create mode 100644 content/posts/commits/2026-02-13-commit-446afb1.md create mode 100644 content/posts/commits/2026-02-13-commit-7d2e3df.md create mode 100644 content/posts/commits/2026-02-13-commit-e9882bf.md create mode 100644 content/posts/commits/2026-02-13-commit-f83582c.md create mode 100644 content/posts/commits/2026-02-14-commit-26fe30f.md create mode 100644 content/posts/commits/2026-02-14-commit-c7af3a7.md create mode 100644 content/posts/commits/2026-02-14-commit-d23f0d2.md create mode 100644 content/posts/commits/2026-02-15-commit-6a1a266.md create mode 100644 content/posts/commits/2026-02-15-commit-e25b3dd.md create mode 100644 content/posts/commits/2026-02-16-commit-8af07f6.md create mode 100644 content/posts/commits/2026-02-16-commit-9eb88b1.md create mode 100644 content/posts/commits/2026-02-16-commit-e83ddf5.md diff --git a/content/posts/commits/2026-01-20-commit-63dfe10.md b/content/posts/commits/2026-01-20-commit-63dfe10.md new file mode 100644 index 0000000..18d213b --- /dev/null +++ b/content/posts/commits/2026-01-20-commit-63dfe10.md @@ -0,0 +1,20 @@ +--- +title: "Initial commit" +date: 2026-01-20T19:35:18+01:00 +draft: false +tags: ["commit", "bojemoi"] +categories: ["Git Activity"] +summary: "Commit 63dfe10 par Betty — 0 +0 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `63dfe10` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `63dfe106b62b7ee9c51d9e798741ac2e5615cf9d` | +| **Date** | 2026-01-20 | diff --git a/content/posts/commits/2026-01-20-commit-97c17d7.md b/content/posts/commits/2026-01-20-commit-97c17d7.md new file mode 100644 index 0000000..2191c97 --- /dev/null +++ b/content/posts/commits/2026-01-20-commit-97c17d7.md @@ -0,0 +1,31 @@ +--- +title: "Remove toto/ virtual environment" +date: 2026-01-20T20:15:17+01:00 +draft: false +tags: ["commit", "bojemoi"] +categories: ["Git Activity"] +summary: "Commit 97c17d7 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `97c17d7` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `97c17d702b9f291a65deb7e812f302fb59affc98` | +| **Date** | 2026-01-20 | + +### Fichiers modifiés + +``` +A CLAUDE.md +``` + +### Statistiques + +``` + 1 file changed, 120 insertions(+) +``` diff --git a/content/posts/commits/2026-01-21-commit-f33559b.md b/content/posts/commits/2026-01-21-commit-f33559b.md new file mode 100644 index 0000000..f9a5e68 --- /dev/null +++ b/content/posts/commits/2026-01-21-commit-f33559b.md @@ -0,0 +1,55 @@ +--- +title: "Fix orchestrator: XenServer real client, Gitea config, template mapping" +date: 2026-01-21T22:32:43+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "orchestrator"] +categories: ["Git Activity"] +summary: "Commit f33559b par Betty — 12 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `f33559b` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `f33559b3fa433cccd0f6b4812140679a7f71191a` | +| **Date** | 2026-01-21 | + +### Description + +- Use xenserver_client_real.py with XenAPI library +- Add SSL ignore for self-signed certificates +- Fix run_in_executor decorator for async calls +- Add XenServer template mapping (alpine, ubuntu, debian, etc.) +- Update config.py: env_file path, extra fields handling +- Fix Docker image structure (/app/app/) +- Add cloud-init example templates +- Remove legacy docker-compose files + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M provisioning/Dockerfile.provisioning +A provisioning/examples/cloud-init/alpine/webserver.yaml +A provisioning/examples/cloud-init/debian/default.yaml +A provisioning/examples/cloud-init/ubuntu/default.yaml +D provisioning/orchestrator/Dockerfile +D provisioning/orchestrator/Makefile +M provisioning/orchestrator/app/config.py +M provisioning/orchestrator/app/main.py +M provisioning/orchestrator/app/models/schemas.py +M provisioning/orchestrator/app/services/xenserver_client_real.py +D provisioning/orchestrator/docker-compose.yml +D provisioning/orchestrator/requirements.txt +``` + +### Statistiques + +``` + 12 files changed, 237 insertions(+), 202 deletions(-) +``` diff --git a/content/posts/commits/2026-01-22-commit-1233f8c.md b/content/posts/commits/2026-01-22-commit-1233f8c.md new file mode 100644 index 0000000..3f7ac9e --- /dev/null +++ b/content/posts/commits/2026-01-22-commit-1233f8c.md @@ -0,0 +1,130 @@ +--- +title: "Fix stack YAML errors and remove orphaned provisioning1" +date: 2026-01-22T17:00:52+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack", "orchestrator"] +categories: ["Git Activity"] +summary: "Commit 1233f8c par Betty — 85 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `1233f8c` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `1233f8c8d9c50db4f7bb99e2aec6b84a484bd7e8` | +| **Date** | 2026-01-22 | + +### Description + +Stack fixes (01-service-hl.yml): +- Remove stray quotes from prometheus labels (suricata-exporter, prometheus, rsync-master) +- Fix postgres restart_policy indentation and uncomment condition +- Fix postgres-exporter typo: ysslmode -> sslmode +- Move postgres-exporter labels inside deploy block +- Fix cadvisor prometheus.path: metrics -> /metrics + +Also: +- Remove orphaned submodule reference for stack/ +- Delete unused provisioning1/ directory (82 files) + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +D provisioning1/.env.example +D provisioning1/.gitignore +D provisioning1/CODE_OF_CONDUCT.md +D provisioning1/CONTRIBUTING.md +D provisioning1/Dockerfile +D provisioning1/Dockerfile.provisioning +D provisioning1/LICENSE +D provisioning1/Makefile +D provisioning1/README.md +D provisioning1/SECURITY.md +D provisioning1/backup/Dockerfile.provisioning +D provisioning1/backup/api/Dockerfile.provisioning +D provisioning1/backup/config.py +D provisioning1/backup/database.py +D provisioning1/backup/deployment-orchestrator(3).tar.gz +D provisioning1/backup/deployment-orchestrator/.env.example +D provisioning1/backup/deployment-orchestrator/.gitignore +D provisioning1/backup/deployment-orchestrator/ARCHITECTURE.md +D provisioning1/backup/deployment-orchestrator/Dockerfile +D provisioning1/backup/deployment-orchestrator/GITEA-STRUCTURE.md +D provisioning1/backup/deployment-orchestrator/Makefile +D provisioning1/backup/deployment-orchestrator/QUICKSTART.md +D provisioning1/backup/deployment-orchestrator/README.md +D provisioning1/backup/deployment-orchestrator/SWARM-DEPLOY.md +D provisioning1/backup/deployment-orchestrator/TRAEFIK.md +D provisioning1/backup/deployment-orchestrator/deploy-swarm.sh +D provisioning1/backup/deployment-orchestrator/docker-compose.swarm-external-db.yml +D provisioning1/backup/deployment-orchestrator/docker-compose.swarm.yml +D provisioning1/backup/deployment-orchestrator/docker-compose.yml +D provisioning1/backup/deployment-orchestrator/examples/manifest-container.yaml +D provisioning1/backup/deployment-orchestrator/examples/manifest-swarm.yaml +D provisioning1/backup/deployment-orchestrator/examples/manifest-vm.yaml +D provisioning1/backup/deployment-orchestrator/orchestrator_cli.sh +D provisioning1/backup/deployment-orchestrator/requirements.txt +D provisioning1/backup/deployment-orchestrator/test-installation.sh +D provisioning1/backup/deployment-orchestrator/traefik-labels.txt +D provisioning1/backup/docker_manager.py +D provisioning1/backup/gitea_manager.py +D provisioning1/backup/main.py +D provisioning1/backup/models.py +D provisioning1/backup/orchestrator.py +D provisioning1/backup/requirements.txt +D provisioning1/backup/test_installation.sh +D provisioning1/backup/toto +D provisioning1/backup/xenserver.py +D provisioning1/backups/.gitkeep +D provisioning1/bojemoi-orchestrator-1.0.0.tar.gz +D provisioning1/cli.py +D provisioning1/docker-compose.yml +D provisioning1/docs/README.md +D provisioning1/examples/cloud-init/base-ubuntu.yaml +D provisioning1/examples/containers/nginx-proxy.yaml +D provisioning1/examples/services/api-service.yaml +D provisioning1/examples/vms/web-server-01.yaml +D provisioning1/generate-bojemoi-orchestrator.sh +D provisioning1/logs/.gitkeep +D provisioning1/orchestrator.sh +D provisioning1/orchestrator/config.py +D provisioning1/orchestrator/database.py +D provisioning1/orchestrator/logging_config.py +D provisioning1/orchestrator/main.py +D provisioning1/orchestrator/managers/__init__.py +D provisioning1/orchestrator/managers/container_deployer.py +D provisioning1/orchestrator/managers/gitea_client.py +D provisioning1/orchestrator/managers/swarm_deployer.py +D provisioning1/orchestrator/managers/vm_deployer.py +D provisioning1/orchestrator/metrics.py +D provisioning1/orchestrator/models/__init__.py +D provisioning1/orchestrator/models/database.py +D provisioning1/orchestrator/models/deployment.py +D provisioning1/orchestrator/monitoring.py +D provisioning1/orchestrator/validators/__init__.py +D provisioning1/orchestrator/validators/schemas.py +D provisioning1/prometheus.yml +D provisioning1/requirements-dev.txt +D provisioning1/requirements.txt +D provisioning1/scripts/health-check.sh +D provisioning1/scripts/install.sh +D provisioning1/scripts/start.sh +D provisioning1/scripts/stop.sh +D provisioning1/tests/__init__.py +D provisioning1/tests/conftest.py +D provisioning1/tests/test_api.py +D stack +A stack/01-service-hl.yml +``` + +### Statistiques + +``` + 85 files changed, 1213 insertions(+), 8679 deletions(-) +``` diff --git a/content/posts/commits/2026-01-22-commit-97e4a8f.md b/content/posts/commits/2026-01-22-commit-97e4a8f.md new file mode 100644 index 0000000..e5211d7 --- /dev/null +++ b/content/posts/commits/2026-01-22-commit-97e4a8f.md @@ -0,0 +1,50 @@ +--- +title: "Add Nuclei and VulnX vulnerability scanners to pentest orchestrator" +date: 2026-01-22T22:11:11+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack", "samsonov"] +categories: ["Git Activity"] +summary: "Commit 97e4a8f par Betty — 9 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `97e4a8f` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `97e4a8f656b25210072ff11ed8203d8f0c4ead27` | +| **Date** | 2026-01-22 | + +### Description + +- Add plugin_nuclei.py and plugin_vulnx.py to orchestrator plugins +- Create Docker stacks for Nuclei (55) and VulnX (56) services +- Add nuclei_api and vulnx_wrapper daemon services +- Update scan sequences: full, web, network, vuln, cms types +- Fix samsonov stack: remove Redis port conflict, rename from faraday +- Update startover.sh with new stacks + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +A samsonov/nuclei_api/main.py +M samsonov/pentest_orchestrator/main.py +A samsonov/pentest_orchestrator/plugins/plugin_nuclei.py +A samsonov/pentest_orchestrator/plugins/plugin_vulnx.py +A samsonov/vulnx_wrapper/main.py +M scripts/startover.sh +A stack/55-service-nuclei.yml +A stack/56-service-vulnx.yml +M stack/60-service-samsonov.yml +``` + +### Statistiques + +``` + 9 files changed, 1300 insertions(+), 9 deletions(-) +``` diff --git a/content/posts/commits/2026-01-22-commit-981cf8a.md b/content/posts/commits/2026-01-22-commit-981cf8a.md new file mode 100644 index 0000000..a242715 --- /dev/null +++ b/content/posts/commits/2026-01-22-commit-981cf8a.md @@ -0,0 +1,73 @@ +--- +title: "Add all Docker Swarm stack files to version control" +date: 2026-01-22T17:01:42+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack", "orchestrator"] +categories: ["Git Activity"] +summary: "Commit 981cf8a par Betty — 34 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `981cf8a` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `981cf8ac41857e110495f9487cfaf4466384e2ba` | +| **Date** | 2026-01-22 | + +### Description + +Include all stack configurations and deployment scripts: +- Service stacks (00-70): base services, monitoring, security tools +- GitLab CI/CD pipeline configuration +- Deployment automation scripts + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +A stack/.gitignore +A stack/.gitlab-ci.yml +A stack/00-service-ll.yml +A stack/01-service-hl.yml.export +A stack/02-service-hl.yml +A stack/03-provisioning.Xyml +A stack/03-provisioning.yml +A stack/10-service-oblast.bis.yml +A stack/10-service-oblast.yml +A stack/11-service-zaproxy.yml +A stack/20-service-kyiv.yml +A stack/50-service-borodino.yml +A stack/50-service-tsushima.yml +A stack/60-service-samsonov.yml +A stack/70-service-zarovnik.yml +A stack/READ.me +A stack/README.md +A stack/_00-service-base.yml +A stack/_00-service-ll.yml +A stack/_01-service-rsync.yml +A stack/_10-service-oblast-1.yml +A stack/_20-service-kyiv.yml +A stack/_50-service-bojemoi-uzi.yml +A stack/_50-service-borodino +A stack/essais_nfs.yml +A stack/scripts/automate-deploy.sh +A stack/scripts/create-gitlab-token.sh +A stack/scripts/deploy/deploy.sh +A stack/scripts/deploy/health-check.sh +A stack/scripts/deploy/rollback.sh +A stack/scripts/gitlab-helper.sh +A stack/scripts/notify/notify.sh +A stack/scripts/security/zap-scan.sh +A stack/scripts/token +``` + +### Statistiques + +``` + 34 files changed, 3365 insertions(+) +``` diff --git a/content/posts/commits/2026-01-22-commit-c7d42c7.md b/content/posts/commits/2026-01-22-commit-c7d42c7.md new file mode 100644 index 0000000..df4c809 --- /dev/null +++ b/content/posts/commits/2026-01-22-commit-c7d42c7.md @@ -0,0 +1,48 @@ +--- +title: "Consolidate stack files and add Redis daemon mode to pentest orchestrator" +date: 2026-01-22T21:41:38+01:00 +draft: false +tags: ["commit", "bojemoi", "test", "stack", "samsonov", "orchestrator"] +categories: ["Git Activity"] +summary: "Commit c7d42c7 par Betty — 8 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `c7d42c7` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `c7d42c7f73fcaa0a35f672019dafe2e5cc059881` | +| **Date** | 2026-01-22 | + +### Description + +- Add --daemon mode to pentest orchestrator for Redis pub/sub command listening +- Consolidate orchestrator and protonmail-bridge services into 01-service-hl.yml +- Remove redundant stack files (02-service-hl.yml, 03-provisioning.yml, essais_nfs.yml) +- Update startover.sh to reflect consolidated stack structure +- Configure orchestrator service with Redis environment variables + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M samsonov/pentest_orchestrator/main.py +M scripts/startover.sh +M stack/01-service-hl.yml +D stack/02-service-hl.yml +D stack/03-provisioning.Xyml +D stack/03-provisioning.yml +M stack/60-service-samsonov.yml +D stack/essais_nfs.yml +``` + +### Statistiques + +``` + 8 files changed, 222 insertions(+), 330 deletions(-) +``` diff --git a/content/posts/commits/2026-01-23-commit-352e6ad.md b/content/posts/commits/2026-01-23-commit-352e6ad.md new file mode 100644 index 0000000..5d32ed8 --- /dev/null +++ b/content/posts/commits/2026-01-23-commit-352e6ad.md @@ -0,0 +1,38 @@ +--- +title: "Add Faraday API token for zap-scanner service" +date: 2026-01-23T17:55:14+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack"] +categories: ["Git Activity"] +summary: "Commit 352e6ad par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `352e6ad` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `352e6adb4c5c838ab852ed9c54b62aab492a2973` | +| **Date** | 2026-01-23 | + +### Description + +Generated and configured API token for zap-scanner to authenticate +with Faraday vulnerability management platform. + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M stack/40-service-borodino.yml +``` + +### Statistiques + +``` + 1 file changed, 1 insertion(+), 1 deletion(-) +``` diff --git a/content/posts/commits/2026-01-23-commit-6994c56.md b/content/posts/commits/2026-01-23-commit-6994c56.md new file mode 100644 index 0000000..9dcb398 --- /dev/null +++ b/content/posts/commits/2026-01-23-commit-6994c56.md @@ -0,0 +1,47 @@ +--- +title: "Consolidate stack files into single 40-service-borodino.yml" +date: 2026-01-23T17:42:10+01:00 +draft: false +tags: ["commit", "bojemoi", "stack"] +categories: ["Git Activity"] +summary: "Commit 6994c56 par Betty — 9 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `6994c56` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `6994c56d8df315c09af016b0bae1c0480336972b` | +| **Date** | 2026-01-23 | + +### Description + +Merged 7 stack files (10-oblast, 50-borodino, 50-tsushima, 55-nuclei, +56-vulnx, 60-samsonov, 70-zarovnik) into one unified stack file. +Updated startover.sh to deploy base + borodino stacks only. + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M scripts/startover.sh +D stack/10-service-oblast.yml +A stack/40-service-borodino.yml +D stack/50-service-borodino.yml +D stack/50-service-tsushima.yml +D stack/55-service-nuclei.yml +D stack/56-service-vulnx.yml +D stack/60-service-samsonov.yml +D stack/70-service-zarovnik.yml +``` + +### Statistiques + +``` + 9 files changed, 672 insertions(+), 785 deletions(-) +``` diff --git a/content/posts/commits/2026-01-23-commit-f375554.md b/content/posts/commits/2026-01-23-commit-f375554.md new file mode 100644 index 0000000..8305978 --- /dev/null +++ b/content/posts/commits/2026-01-23-commit-f375554.md @@ -0,0 +1,48 @@ +--- +title: "Remove GitLab and update rsync slave discovery via node labels" +date: 2026-01-23T20:51:52+01:00 +draft: false +tags: ["commit", "bojemoi", "stack"] +categories: ["Git Activity"] +summary: "Commit f375554 par Betty — 9 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `f375554` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `f3755548ef66178d3fb4620fd0f5afa335d812ee` | +| **Date** | 2026-01-23 | + +### Description + +- Remove GitLab services, volumes, and network from borodino stack +- Update rsync-master.py to discover slaves via node labels (rsync.slave=true) +- Update rsync-slave deployment constraint to use node.labels.rsync.slave +- Clean up obsolete stack files + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M koursk-2/scripts/rsync-master.py +M stack/01-service-hl.yml +D stack/01-service-hl.yml.export +D stack/10-service-oblast.bis.yml +D stack/11-service-zaproxy.yml +D stack/20-service-kyiv.yml +M stack/40-service-borodino.yml +M stack/_20-service-kyiv.yml +D toto.txt +``` + +### Statistiques + +``` + 9 files changed, 55 insertions(+), 965 deletions(-) +``` diff --git a/content/posts/commits/2026-01-24-commit-63c9ef2.md b/content/posts/commits/2026-01-24-commit-63c9ef2.md new file mode 100644 index 0000000..0cfcf9d --- /dev/null +++ b/content/posts/commits/2026-01-24-commit-63c9ef2.md @@ -0,0 +1,48 @@ +--- +title: "Add blockchain deployments and IP geolocation validation to orchestrator" +date: 2026-01-24T17:49:51+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "orchestrator"] +categories: ["Git Activity"] +summary: "Commit 63c9ef2 par Betty — 7 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `63c9ef2` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `63c9ef2445243acf70aa54ec7262ce6bf256f98c` | +| **Date** | 2026-01-24 | + +### Description + +- Add blockchain service with SHA-256 hash chain for immutable deployment logs +- Add IP2Location client for country-based request filtering via CIDR queries +- Add IPValidationMiddleware to block requests from non-allowed countries +- Update deploy endpoints to log to blockchain with source IP/country tracking +- Add /api/v1/blockchain/* endpoints for block listing and chain verification +- Maintain backward compatibility with legacy deployments table + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M provisioning/orchestrator/app/config.py +M provisioning/orchestrator/app/main.py +A provisioning/orchestrator/app/middleware/__init__.py +A provisioning/orchestrator/app/middleware/ip_validation.py +M provisioning/orchestrator/app/models/schemas.py +A provisioning/orchestrator/app/services/blockchain.py +A provisioning/orchestrator/app/services/ip2location_client.py +``` + +### Statistiques + +``` + 7 files changed, 1165 insertions(+), 48 deletions(-) +``` diff --git a/content/posts/commits/2026-01-25-commit-5a6cf35.md b/content/posts/commits/2026-01-25-commit-5a6cf35.md new file mode 100644 index 0000000..b56b5a9 --- /dev/null +++ b/content/posts/commits/2026-01-25-commit-5a6cf35.md @@ -0,0 +1,36 @@ +--- +title: "Update rsync job names and fix rsync command path" +date: 2026-01-25T18:22:20+01:00 +draft: false +tags: ["commit", "bojemoi"] +categories: ["Git Activity"] +summary: "Commit 5a6cf35 par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `5a6cf35` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `5a6cf3594eb5255f296f8c4ee58f071444f3cff3` | +| **Date** | 2026-01-25 | + +### Description + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M koursk-2/config/rsync_jobs.json +M koursk-2/scripts/rsync-master.py +``` + +### Statistiques + +``` + 2 files changed, 5 insertions(+), 5 deletions(-) +``` diff --git a/content/posts/commits/2026-01-25-commit-e9af572.md b/content/posts/commits/2026-01-25-commit-e9af572.md new file mode 100644 index 0000000..e3ebc31 --- /dev/null +++ b/content/posts/commits/2026-01-25-commit-e9af572.md @@ -0,0 +1,42 @@ +--- +title: "Fix pymetasploit3 installation and cleanup unused resources" +date: 2026-01-25T21:30:21+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack", "borodino"] +categories: ["Git Activity"] +summary: "Commit e9af572 par Betty — 3 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `e9af572` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `e9af5726377d73ba47e5787468e2dfae4685cdac` | +| **Date** | 2026-01-25 | + +### Description + +- Fix pymetasploit3 in borodino image by installing msgpack and retry + dependencies via pip instead of conflicting Alpine packages +- Remove unused wireguard service and wireguard_net network +- Remove unused frontend network from stack configuration + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M borodino/Dockerfile.borodino +D stack/00-service-ll.yml +M stack/01-service-hl.yml +``` + +### Statistiques + +``` + 3 files changed, 61 insertions(+), 105 deletions(-) +``` diff --git a/content/posts/commits/2026-01-27-commit-032d6b1.md b/content/posts/commits/2026-01-27-commit-032d6b1.md new file mode 100644 index 0000000..14139be --- /dev/null +++ b/content/posts/commits/2026-01-27-commit-032d6b1.md @@ -0,0 +1,43 @@ +--- +title: "Remove stale Prometheus scrape targets" +date: 2026-01-27T14:56:27+01:00 +draft: false +tags: ["commit", "bojemoi", "config"] +categories: ["Git Activity"] +summary: "Commit 032d6b1 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `032d6b1` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `032d6b16763013a39a8abf589b40296d1571f5d9` | +| **Date** | 2026-01-27 | + +### Description + +Removed non-existent/inactive service targets: +- gitlab, gitlab-runner (not deployed) +- zap, metasploit, faraday (security stack not running) +- redis-exporter, pentest-exporter (samsonov stack not running) +- nuclei-api (not deployed) +- traefik static (redundant with swarm discovery) +- docker-registry (no metrics endpoint) + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M volumes/prometheus/prometheus.yml +``` + +### Statistiques + +``` + 1 file changed, 65 deletions(-) +``` diff --git a/content/posts/commits/2026-01-27-commit-050806e.md b/content/posts/commits/2026-01-27-commit-050806e.md new file mode 100644 index 0000000..287e334 --- /dev/null +++ b/content/posts/commits/2026-01-27-commit-050806e.md @@ -0,0 +1,47 @@ +--- +title: "Update Prometheus labels and cleanup obsolete stack files" +date: 2026-01-27T15:19:23+01:00 +draft: false +tags: ["commit", "bojemoi", "stack", "config"] +categories: ["Git Activity"] +summary: "Commit 050806e par Betty — 9 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `050806e` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `050806e574381d3522096efa030461be10f3011b` | +| **Date** | 2026-01-27 | + +### Description + +Add prometheus metrics labels to borodino services and fix the +prometheus.yml regex pattern for proper service name matching. +Remove unused underscore-prefixed stack files. + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M stack/40-service-borodino.yml +D stack/_00-service-base.yml +D stack/_00-service-ll.yml +D stack/_01-service-rsync.yml +D stack/_10-service-oblast-1.yml +D stack/_20-service-kyiv.yml +D stack/_50-service-bojemoi-uzi.yml +D stack/_50-service-borodino +M volumes/prometheus/prometheus.yml +``` + +### Statistiques + +``` + 9 files changed, 9 insertions(+), 901 deletions(-) +``` diff --git a/content/posts/commits/2026-01-27-commit-2f0bdc4.md b/content/posts/commits/2026-01-27-commit-2f0bdc4.md new file mode 100644 index 0000000..23d4ad5 --- /dev/null +++ b/content/posts/commits/2026-01-27-commit-2f0bdc4.md @@ -0,0 +1,42 @@ +--- +title: "Fix postfix config lock and Loki out-of-order write issues" +date: 2026-01-27T14:51:12+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack", "config"] +categories: ["Git Activity"] +summary: "Commit 2f0bdc4 par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `2f0bdc4` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `2f0bdc4ae6605ac12de356f41adbc9f7ae046f71` | +| **Date** | 2026-01-27 | + +### Description + +- Remove Docker config mount for postfix main.cf (read-only configs + conflict with postconf which modifies the file at runtime) +- Enable unordered_writes in Loki to accept out-of-order log entries +- Increase Loki max_chunk_age to 24h for better late entry handling +- Enable WAL in Loki ingester for improved durability + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M stack/01-service-hl.yml +M volumes/loki/loki-config.yml +``` + +### Statistiques + +``` + 2 files changed, 11 insertions(+), 5 deletions(-) +``` diff --git a/content/posts/commits/2026-01-27-commit-674245f.md b/content/posts/commits/2026-01-27-commit-674245f.md new file mode 100644 index 0000000..d306ed6 --- /dev/null +++ b/content/posts/commits/2026-01-27-commit-674245f.md @@ -0,0 +1,39 @@ +--- +title: "Add backend network to Prometheus for docker-socket-proxy access" +date: 2026-01-27T14:20:29+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack"] +categories: ["Git Activity"] +summary: "Commit 674245f par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `674245f` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `674245f4a992e116c3577f8291e29c247d27d536` | +| **Date** | 2026-01-27 | + +### Description + +Prometheus now uses docker-socket-proxy instead of direct Docker socket +access for Swarm service discovery. This requires the backend network +to resolve the docker-socket-proxy hostname. + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M stack/01-service-hl.yml +``` + +### Statistiques + +``` + 1 file changed, 1 insertion(+) +``` diff --git a/content/posts/commits/2026-01-27-commit-685a098.md b/content/posts/commits/2026-01-27-commit-685a098.md new file mode 100644 index 0000000..ec3cd67 --- /dev/null +++ b/content/posts/commits/2026-01-27-commit-685a098.md @@ -0,0 +1,38 @@ +--- +title: "Remove private SSH key from tracking and update .gitignore" +date: 2026-01-27T14:24:24+01:00 +draft: false +tags: ["commit", "bojemoi", "config"] +categories: ["Git Activity"] +summary: "Commit 685a098 par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `685a098` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `685a09864019d63e35c98c6f6ed783fd93e9c619` | +| **Date** | 2026-01-27 | + +### Description + +Added patterns to ignore SSH private keys (id_rsa, id_ed25519, etc.) + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M .gitignore +D volumes/rsync/ssh-keys/id_rsa +``` + +### Statistiques + +``` + 2 files changed, 4 insertions(+), 49 deletions(-) +``` diff --git a/content/posts/commits/2026-01-27-commit-8c31a66.md b/content/posts/commits/2026-01-27-commit-8c31a66.md new file mode 100644 index 0000000..11d023b --- /dev/null +++ b/content/posts/commits/2026-01-27-commit-8c31a66.md @@ -0,0 +1,42 @@ +--- +title: "Add Faraday plugin and result import scripts, update Prometheus config" +date: 2026-01-27T19:05:44+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack", "samsonov"] +categories: ["Git Activity"] +summary: "Commit 8c31a66 par Betty — 3 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `8c31a66` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `8c31a663fa98be3d36f1aa1254a5c87bde3a6e63` | +| **Date** | 2026-01-27 | + +### Description + +- Add plugin_faraday.py for importing scan results to Faraday +- Add import_results.py for batch importing existing result files +- Mount Prometheus rules directory in service stack +- Remove obsolete SQL dump and Burp Suite jar + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +A samsonov/pentest_orchestrator/import_results.py +A samsonov/pentest_orchestrator/plugins/plugin_faraday.py +M stack/01-service-hl.yml +``` + +### Statistiques + +``` + 3 files changed, 733 insertions(+) +``` diff --git a/content/posts/commits/2026-01-27-commit-bc2bfa1.md b/content/posts/commits/2026-01-27-commit-bc2bfa1.md new file mode 100644 index 0000000..3788180 --- /dev/null +++ b/content/posts/commits/2026-01-27-commit-bc2bfa1.md @@ -0,0 +1,133 @@ +--- +title: "Track volumes/ config files in git" +date: 2026-01-27T14:23:49+01:00 +draft: false +tags: ["commit", "bojemoi", "orchestrator", "config"] +categories: ["Git Activity"] +summary: "Commit bc2bfa1 par Betty — 94 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `bc2bfa1` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `bc2bfa19ed035b4401f32e30fc9141fce9d45f1d` | +| **Date** | 2026-01-27 | + +### Description + +Add service configuration files from volumes/ directory to version control. +Updated .gitignore to: +- Remove volumes/ exclusion (configs should be tracked) +- Keep ignoring sensitive files (private keys, auth.txt, logs, sockets) + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M .gitignore +A volumes/READ.me +A volumes/alert_rules.yml +A volumes/alertmanager/alertmanager.yml +A volumes/alertmanager/alertmanager.yml.txt +A volumes/alloy/config/config.alloy +A volumes/crowdsec/config/acquis.yaml +A volumes/deploy.sh +A volumes/dnsmask/dnsmask.conf +A volumes/dnsmask/dnsmask.d/01-base.conf +A volumes/faraday/config/server.ini +A volumes/faraday/server.ini +A volumes/generate_configs.sh +A volumes/gitlab/cinc-stacktrace.out +A volumes/gitlab/config.toml +A volumes/gitlab/gitlab.rb +A volumes/grafana/dashboards/dashboard-security-minimal.json +A volumes/grafana/dashboards/dashboard.yml +A volumes/grafana/dashboards/pentest/pentest-overview.json +A volumes/grafana/datasources/prometheus.yml +A volumes/grafana/grafana.ini +A volumes/grafana/provisioning/dashboards/dashboards.yml +A volumes/grafana/provisioning/datasources/datasources.yml +A volumes/loki/loki-config.yml +A volumes/monitoring/alertmanager/templates/default.tmpl +A volumes/monitoring/grafana/provisioning/datasources/elasticsearch.yml +A volumes/monitoring/logstash/config/logstash.yml +A volumes/monitoring/logstash/pipeline/logstash.conf +A volumes/nginx/conf.d/default.conf +A volumes/nginx/conf.d/sites/faraday.conf +A volumes/nginx/conf.d/sites/grafana.conf +A volumes/nginx/conf.d/sites/prometheus.conf +A volumes/nginx/conf.d/sites/zap.conf +A volumes/nginx/conf.d/upstreams/upstreams.conf +A volumes/nginx/deploy.sh +A volumes/nginx/index.html +A volumes/nuclei/nuclei-config.yml +A volumes/openvpn/Read.me +A volumes/openvpn/openvpn-config/.firewall +A volumes/openvpn/openvpn-config/.firewall6 +A volumes/openvpn/openvpn-config/client.ovpn +A volumes/openvpn/openvpn-config/fr.protonvpn.tcp.ovpn +A volumes/openvpn/script/setup_tun.sh +A volumes/openvpn/script/tun-check.sh +A volumes/openvpn/script/vpn-manager.sh +A volumes/postfix/main.cf +A volumes/prometheus/nodes.json +A volumes/prometheus/prometheus.yml +A volumes/prometheus/rules/alert_rules.yml +A volumes/prometheus/rules/alerts.yml +A volumes/prometheus/rules/recording_rules.yml +A volumes/provisioning/A.env +A volumes/registry/config.yml +A volumes/rsync/configs/rsyncd.conf +A volumes/rsync/keys/deploy-keys-to-docker.sh +A volumes/rsync/keys/distribute-public-keys.sh +A volumes/rsync/keys/generate-ssh-keys.sh +A volumes/rsync/keys/genkey.sh +A volumes/rsync/keys/rotate-ssh-keys.sh +A volumes/rsync/keys/test-ssh-keys.sh +A volumes/rsync/ssh-keys/id_rsa +A volumes/rsync/ssh-keys/id_rsa.pub +A volumes/suricata/classification.config +A volumes/suricata/reference.config +A volumes/suricata/suricata.yaml +A volumes/suricata/threshold.config +A volumes/suricata/update.yaml +A volumes/tempo/config/tempo.yaml +A volumes/traefik/certs/ca-cert.srl +A volumes/traefik/dynamic-config.yml +A volumes/traefik/key_gen.sh +A volumes/traefik/traefik-tls.yml +A volumes/wireguard/config/.donoteditthisfile +A volumes/wireguard/config/coredns/Corefile +A volumes/wireguard/config/peer1/peer1.conf +A volumes/wireguard/config/peer1/peer1.png +A volumes/wireguard/config/peer1/publickey-peer1 +A volumes/wireguard/config/peer2/peer2.conf +A volumes/wireguard/config/peer2/peer2.png +A volumes/wireguard/config/peer2/publickey-peer2 +A volumes/wireguard/config/peer3/peer3.conf +A volumes/wireguard/config/peer3/peer3.png +A volumes/wireguard/config/peer3/publickey-peer3 +A volumes/wireguard/config/peer4/peer4.conf +A volumes/wireguard/config/peer4/peer4.png +A volumes/wireguard/config/peer4/publickey-peer4 +A volumes/wireguard/config/peer5/peer5.conf +A volumes/wireguard/config/peer5/peer5.png +A volumes/wireguard/config/peer5/publickey-peer5 +A volumes/wireguard/config/server/publickey-server +A volumes/wireguard/config/show-client.sh +A volumes/wireguard/config/templates/peer.conf +A volumes/wireguard/config/templates/server.conf +A volumes/wireguard/config/wg_confs/wg0.conf +``` + +### Statistiques + +``` + 94 files changed, 14653 insertions(+), 1 deletion(-) +``` diff --git a/content/posts/commits/2026-01-27-commit-f89ff93.md b/content/posts/commits/2026-01-27-commit-f89ff93.md new file mode 100644 index 0000000..db26896 --- /dev/null +++ b/content/posts/commits/2026-01-27-commit-f89ff93.md @@ -0,0 +1,38 @@ +--- +title: "Update Alloy config to use docker-socket-proxy" +date: 2026-01-27T14:28:11+01:00 +draft: false +tags: ["commit", "bojemoi", "config"] +categories: ["Git Activity"] +summary: "Commit f89ff93 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `f89ff93` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `f89ff93287a7a92183b1a0812ee2c2ad6ed51965` | +| **Date** | 2026-01-27 | + +### Description + +Changed discovery.docker and loki.source.docker components to use +http://docker-socket-proxy:2375 instead of unix socket for Docker API access. + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M volumes/alloy/config/config.alloy +``` + +### Statistiques + +``` + 1 file changed, 2 insertions(+), 2 deletions(-) +``` diff --git a/content/posts/commits/2026-01-28-commit-8b30908.md b/content/posts/commits/2026-01-28-commit-8b30908.md new file mode 100644 index 0000000..55a3a90 --- /dev/null +++ b/content/posts/commits/2026-01-28-commit-8b30908.md @@ -0,0 +1,31 @@ +--- +title: "Add Redis commands documentation" +date: 2026-01-28T22:27:33+01:00 +draft: false +tags: ["commit", "bojemoi", "feature"] +categories: ["Git Activity"] +summary: "Commit 8b30908 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `8b30908` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `8b309080e898c329686e8c397739882ffdbf45a7` | +| **Date** | 2026-01-28 | + +### Fichiers modifiés + +``` +A wiki/Pentest-Orchestrator.md +``` + +### Statistiques + +``` + 1 file changed, 278 insertions(+) +``` diff --git a/content/posts/commits/2026-01-29-commit-819f3d0.md b/content/posts/commits/2026-01-29-commit-819f3d0.md new file mode 100644 index 0000000..9dea83a --- /dev/null +++ b/content/posts/commits/2026-01-29-commit-819f3d0.md @@ -0,0 +1,45 @@ +--- +title: "Add cloud-init templates for Alpine Docker Swarm nodes" +date: 2026-01-29T16:43:10+01:00 +draft: false +tags: ["commit", "bojemoi", "feature"] +categories: ["Git Activity"] +summary: "Commit 819f3d0 par Betty — 6 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `819f3d0` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `819f3d070e9ca63b1c0e2298fd32b9f5ed49cf67` | +| **Date** | 2026-01-29 | + +### Description + +- user-data: Full cloud-init config with packages, users, services +- network-config: DHCP and static IP variants +- meta-data: Instance metadata template +- Jinja2 templates for orchestrator integration + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +A cloud-init/meta-data +A cloud-init/network-config +A cloud-init/network-config-static +A cloud-init/templates/alpine-docker-swarm.yaml.j2 +A cloud-init/templates/network-config.yaml.j2 +A cloud-init/user-data +``` + +### Statistiques + +``` + 6 files changed, 566 insertions(+) +``` diff --git a/content/posts/commits/2026-01-29-commit-ee2d9c7.md b/content/posts/commits/2026-01-29-commit-ee2d9c7.md new file mode 100644 index 0000000..4a9aeae --- /dev/null +++ b/content/posts/commits/2026-01-29-commit-ee2d9c7.md @@ -0,0 +1,58 @@ +--- +title: "Security: Remove hardcoded credentials and add input validation" +date: 2026-01-29T16:58:21+01:00 +draft: false +tags: ["commit", "bojemoi", "samsonov", "orchestrator"] +categories: ["Git Activity"] +summary: "Commit ee2d9c7 par Betty — 6 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `ee2d9c7` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `ee2d9c7ff59ea9dbde783630d20eeac2027c567b` | +| **Date** | 2026-01-29 | + +### Description + +BREAKING CHANGE: All secrets now require environment variables + +- config.py: Remove hardcoded POSTGRES_PASSWORD, GITEA_TOKEN, XENSERVER_PASS + - Add field validators to reject placeholder values + - CORS_ORIGINS now configurable (defaults to specific domains, not "*") +- main.py: Fix CORS to use configured origins instead of wildcard + - Replace bare except: handlers with proper exception logging +- schemas.py: Add input validation patterns + - VM/container names: alphanumeric, hyphens, underscores only + - Docker images: validate format (registry/image:tag) + - Port mappings: validate format and range (1-65535) + - Add max length constraints to prevent abuse +- plugin_zap.py, plugin_burp.py: Load API keys from environment + - ZAP_API_KEY and BURP_API_KEY env vars required +- .env.example: Document all required environment variables + +ACTION REQUIRED: Rotate exposed credentials in git history + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M provisioning/orchestrator/.env.example +M provisioning/orchestrator/app/config.py +M provisioning/orchestrator/app/main.py +M provisioning/orchestrator/app/models/schemas.py +M samsonov/pentest_orchestrator/plugins/plugin_burp.py +M samsonov/pentest_orchestrator/plugins/plugin_zap.py +``` + +### Statistiques + +``` + 6 files changed, 353 insertions(+), 144 deletions(-) +``` diff --git a/content/posts/commits/2026-01-30-commit-1a2b327.md b/content/posts/commits/2026-01-30-commit-1a2b327.md new file mode 100644 index 0000000..8be370d --- /dev/null +++ b/content/posts/commits/2026-01-30-commit-1a2b327.md @@ -0,0 +1,44 @@ +--- +title: "Refactor: Move boot services to separate bojemoi_boot project" +date: 2026-01-30T20:11:34+01:00 +draft: false +tags: ["commit", "bojemoi", "refactor", "stack"] +categories: ["Git Activity"] +summary: "Commit 1a2b327 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `1a2b327` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `1a2b327de0fc1509e8142f53ad8a9e452406e9e1` | +| **Date** | 2026-01-30 | + +### Description + +- Remove docker-socket-proxy, registry, dnsmasq, traefik, crowdsec, + traefik-bouncer services (moved to /opt/bojemoi_boot) +- Remove related volumes: registry_data, traefik-certificates, + traefik-logs, traefik-certs, crowdsec_data +- Remove related configs: traefik_tls_config, dnsmask_config, + traefik_config, crowdsec_config, registry_config + +Boot services are now managed by /opt/bojemoi_boot/stack/01-boot-service.yml + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M stack/01-service-hl.yml +``` + +### Statistiques + +``` + 1 file changed, 21 insertions(+), 337 deletions(-) +``` diff --git a/content/posts/commits/2026-01-30-commit-3e35089.md b/content/posts/commits/2026-01-30-commit-3e35089.md new file mode 100644 index 0000000..fc9ff65 --- /dev/null +++ b/content/posts/commits/2026-01-30-commit-3e35089.md @@ -0,0 +1,39 @@ +--- +title: "Update stack images to use local registry and enhance push script" +date: 2026-01-30T20:34:54+01:00 +draft: false +tags: ["commit", "bojemoi", "stack"] +categories: ["Git Activity"] +summary: "Commit 3e35089 par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `3e35089` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `3e3508944cdd5bb334ac84f04675a647e1e1a8a7` | +| **Date** | 2026-01-30 | + +### Description + +- tempo, postfix-exporter, protonmail-bridge now use localhost:5000 +- Add image list and --all/--list options to push_registry_onebyone.sh + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +A scripts/push_registry_onebyone.sh +M stack/01-service-hl.yml +``` + +### Statistiques + +``` + 2 files changed, 72 insertions(+), 3 deletions(-) +``` diff --git a/content/posts/commits/2026-02-03-commit-4427a20.md b/content/posts/commits/2026-02-03-commit-4427a20.md new file mode 100644 index 0000000..61e6053 --- /dev/null +++ b/content/posts/commits/2026-02-03-commit-4427a20.md @@ -0,0 +1,86 @@ +--- +title: "Add auth, metrics, Alembic migrations, and enhance pentest plugins" +date: 2026-02-03T21:16:51+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack", "samsonov", "orchestrator", "config"] +categories: ["Git Activity"] +summary: "Commit 4427a20 par Betty — 43 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `4427a20` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `4427a20df144f87217c7681523441fdcd086d3ac` | +| **Date** | 2026-02-03 | + +### Description + +- Add JWT authentication module with API key support +- Add Prometheus metrics and middleware for request tracking +- Add Alembic database migrations setup +- Enhance blockchain service with stats endpoint +- Add base plugin class and improve pentest orchestrator plugins +- Add ML threat intel stack service +- Update alertmanager and wiki documentation +- Fix rsync-master to use docker.from_env() + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +A .claude/commands/alerts.md +A .claude/commands/faraday.md +A .claude/commands/monitor.md +A .claude/commands/pentest.md +A .claude/commands/swarm.md +M CLAUDE.md +M koursk-2/scripts/rsync-master.py +A provisioning/orchestrator/alembic.ini +A provisioning/orchestrator/alembic/README.md +A provisioning/orchestrator/alembic/env.py +A provisioning/orchestrator/alembic/script.py.mako +A provisioning/orchestrator/alembic/versions/20260129_0001_001_initial_schema.py +A provisioning/orchestrator/app/auth/dependencies.py +A provisioning/orchestrator/app/auth/models.py +A provisioning/orchestrator/app/auth/router.py +A provisioning/orchestrator/app/auth/security.py +M provisioning/orchestrator/app/main.py +A provisioning/orchestrator/app/metrics.py +A provisioning/orchestrator/app/middleware/metrics.py +M provisioning/orchestrator/app/models/schemas.py +M provisioning/orchestrator/app/services/blockchain.py +M provisioning/orchestrator/app/services/gitea_client.py +M provisioning/orchestrator/app/services/xenserver_client_real.py +A provisioning/orchestrator/scripts/migrate.sh +M provisioning/requirements.txt +M samsonov/nuclei_api/main.py +M samsonov/pentest_orchestrator/main.py +A samsonov/pentest_orchestrator/plugins/__init__.py +A samsonov/pentest_orchestrator/plugins/base.py +M samsonov/pentest_orchestrator/plugins/plugin_masscan.py +M samsonov/pentest_orchestrator/plugins/plugin_vulnx.py +M scripts/startover.sh +D scripts/sync-stack-ilagrd.sh +M stack/01-service-hl.yml +M stack/40-service-borodino.yml +A stack/45-service-ml-threat-intel.yml +M volumes/alertmanager/alertmanager.yml +A wiki/Alertes.md +A wiki/Claude-Skills.md +A wiki/Docker-Swarm.md +A wiki/Faraday.md +A wiki/Home.md +A wiki/Monitoring.md +``` + +### Statistiques + +``` + 43 files changed, 6728 insertions(+), 623 deletions(-) +``` diff --git a/content/posts/commits/2026-02-04-commit-068a03f.md b/content/posts/commits/2026-02-04-commit-068a03f.md new file mode 100644 index 0000000..b74d1bb --- /dev/null +++ b/content/posts/commits/2026-02-04-commit-068a03f.md @@ -0,0 +1,50 @@ +--- +title: "Remove unnecessary port exports and add Traefik routing" +date: 2026-02-04T21:20:56+01:00 +draft: false +tags: ["commit", "bojemoi", "stack"] +categories: ["Git Activity"] +summary: "Commit 068a03f par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `068a03f` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `068a03f9753410116aa99e9e96d3c16b4d742cb8` | +| **Date** | 2026-02-04 | + +### Description + +- Remove exposed ports for services accessible via Traefik proxy: + - grafana, prometheus, alertmanager, cadvisor, orchestrator, tempo API + - loki, alloy, suricata-exporter (internal services) + - rsync-master, zaproxy, karacho-blockchain, faraday + +- Add Traefik configuration for pentest services: + - zaproxy → zap.bojemoi.lab + - karacho-blockchain → karacho.bojemoi.lab + - nuclei-api → nuclei.bojemoi.lab + +- Keep essential ports: postgres (5432), postfix (25), + protonmail-bridge (1025/1143), tempo OTLP (4317/4318/9411), + node-exporter (9100 host mode) + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M stack/01-service-hl.yml +M stack/40-service-borodino.yml +``` + +### Statistiques + +``` + 2 files changed, 164 insertions(+), 45 deletions(-) +``` diff --git a/content/posts/commits/2026-02-04-commit-592ac8e.md b/content/posts/commits/2026-02-04-commit-592ac8e.md new file mode 100644 index 0000000..6795d91 --- /dev/null +++ b/content/posts/commits/2026-02-04-commit-592ac8e.md @@ -0,0 +1,43 @@ +--- +title: "Add Alertmanager silence during stack deployments" +date: 2026-02-04T21:29:18+01:00 +draft: false +tags: ["commit", "bojemoi", "feature"] +categories: ["Git Activity"] +summary: "Commit 592ac8e par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `592ac8e` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `592ac8e95f11e01e783a8ff3afd0519ebd04c318` | +| **Date** | 2026-02-04 | + +### Description + +- startover.sh: Create 30-minute silence before full deployment, + add colored logging, error handling for each stack +- swarm.md skill: Add instructions to create 15-minute silence + before any stack deployment to prevent alert spam + +Silences automatically expire after the configured duration. + +Co-Authored-By: Claude Opus 4.5 + +### Fichiers modifiés + +``` +M .claude/commands/swarm.md +M scripts/startover.sh +``` + +### Statistiques + +``` + 2 files changed, 121 insertions(+), 10 deletions(-) +``` diff --git a/content/posts/commits/2026-02-06-commit-0004051.md b/content/posts/commits/2026-02-06-commit-0004051.md new file mode 100644 index 0000000..d188f6b --- /dev/null +++ b/content/posts/commits/2026-02-06-commit-0004051.md @@ -0,0 +1,38 @@ +--- +title: "Update .gitignore to exclude secrets, certs, logs, and scan results" +date: 2026-02-06T19:08:43+01:00 +draft: false +tags: ["commit", "bojemoi"] +categories: ["Git Activity"] +summary: "Commit 0004051 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `0004051` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `00040517095673e9d896d744edce6c583ea602dc` | +| **Date** | 2026-02-06 | + +### Description + +Ignore private keys, .env files, SSL certificates, Wireguard keys, +Suricata logs, pentest scan results, and archives. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M .gitignore +``` + +### Statistiques + +``` + 1 file changed, 27 insertions(+) +``` diff --git a/content/posts/commits/2026-02-06-commit-35d70b7.md b/content/posts/commits/2026-02-06-commit-35d70b7.md new file mode 100644 index 0000000..1e00930 --- /dev/null +++ b/content/posts/commits/2026-02-06-commit-35d70b7.md @@ -0,0 +1,39 @@ +--- +title: "Add comprehensive BUILD_PROMPT.md for full project reconstruction" +date: 2026-02-06T19:06:19+01:00 +draft: false +tags: ["commit", "bojemoi", "feature"] +categories: ["Git Activity"] +summary: "Commit 35d70b7 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `35d70b7` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `35d70b742c1b2a5786c7ac20c241db93b7a86231` | +| **Date** | 2026-02-06 | + +### Description + +Complete 22-section blueprint covering all components: stacks, orchestrator, +pentest plugins, rsync backup, NFS, blockchain, cloud-init, CI/CD, ML threat +intel, monitoring configs, scripts, and deployment workflows. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +A BUILD_PROMPT.md +``` + +### Statistiques + +``` + 1 file changed, 1129 insertions(+) +``` diff --git a/content/posts/commits/2026-02-06-commit-41c2cf2.md b/content/posts/commits/2026-02-06-commit-41c2cf2.md new file mode 100644 index 0000000..a67cba4 --- /dev/null +++ b/content/posts/commits/2026-02-06-commit-41c2cf2.md @@ -0,0 +1,44 @@ +--- +title: "Add .gitignore and remove tracked __pycache__ files" +date: 2026-02-06T19:08:00+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "samsonov"] +categories: ["Git Activity"] +summary: "Commit 41c2cf2 par Betty — 10 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `41c2cf2` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `41c2cf265825f33851f272b88e37a7769824675a` | +| **Date** | 2026-02-06 | + +### Description + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M .gitignore +D samsonov/pentest_orchestrator/__pycache__/main.cpython-312.pyc +D samsonov/pentest_orchestrator/plugins/__pycache__/plugin_burp.cpython-311.pyc +D samsonov/pentest_orchestrator/plugins/__pycache__/plugin_burp.cpython-312.pyc +D samsonov/pentest_orchestrator/plugins/__pycache__/plugin_masscan.cpython-311.pyc +D samsonov/pentest_orchestrator/plugins/__pycache__/plugin_masscan.cpython-312.pyc +D samsonov/pentest_orchestrator/plugins/__pycache__/plugin_metasploit.cpython-311.pyc +D samsonov/pentest_orchestrator/plugins/__pycache__/plugin_metasploit.cpython-312.pyc +D samsonov/pentest_orchestrator/plugins/__pycache__/plugin_zap.cpython-311.pyc +D samsonov/pentest_orchestrator/plugins/__pycache__/plugin_zap.cpython-312.pyc +``` + +### Statistiques + +``` + 10 files changed, 2 insertions(+), 41 deletions(-) +``` diff --git a/content/posts/commits/2026-02-06-commit-b4b6164.md b/content/posts/commits/2026-02-06-commit-b4b6164.md new file mode 100644 index 0000000..aa3501f --- /dev/null +++ b/content/posts/commits/2026-02-06-commit-b4b6164.md @@ -0,0 +1,38 @@ +--- +title: "Add Hugo blog CI/CD workflow template for Gitea Actions" +date: 2026-02-06T20:06:01+01:00 +draft: false +tags: ["commit", "bojemoi", "feature"] +categories: ["Git Activity"] +summary: "Commit b4b6164 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `b4b6164` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `b4b616470d973ad2ce7e563567bf7ad7c4109f68` | +| **Date** | 2026-02-06 | + +### Description + +Configures Alpine-based Hugo build with direct deployment +to /var/www/blog.bojemoi.me via volume mount on act_runner. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +A templates/hugo-workflow/.gitea/workflows/hugo-deploy.yml +``` + +### Statistiques + +``` + 1 file changed, 28 insertions(+) +``` diff --git a/content/posts/commits/2026-02-06-commit-c2a866a.md b/content/posts/commits/2026-02-06-commit-c2a866a.md new file mode 100644 index 0000000..44fbf57 --- /dev/null +++ b/content/posts/commits/2026-02-06-commit-c2a866a.md @@ -0,0 +1,49 @@ +--- +title: "Update rsync replication, externalize secrets, and simplify ML threat intel stack" +date: 2026-02-06T14:07:28+01:00 +draft: false +tags: ["commit", "bojemoi", "stack", "samsonov", "config"] +categories: ["Git Activity"] +summary: "Commit c2a866a par Betty — 9 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `c2a866a` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `c2a866aa7053797be8fe49f60ab9091a78738200` | +| **Date** | 2026-02-06 | + +### Description + +Add rsync modules for boot, telegram, and ml-threat services with network +restrictions. Fix rsync-master to use source variable instead of hardcoded path. +Externalize Docker secrets in hl stack, use local registry images for borodino, +and consolidate ml-threat-intel to use shared postgres. Increase alertmanager +group intervals to reduce notification noise. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M koursk-2/config/rsync_jobs.json +M koursk-2/config/rsyncd.conf +M koursk-2/scripts/rsync-master.py +A samsonov/pentest_orchestrator/Dockerfile +M stack/01-service-hl.yml +M stack/40-service-borodino.yml +M stack/45-service-ml-threat-intel.yml +M volumes/alertmanager/alertmanager.yml +M volumes/rsync/configs/rsyncd.conf +``` + +### Statistiques + +``` + 9 files changed, 125 insertions(+), 64 deletions(-) +``` diff --git a/content/posts/commits/2026-02-07-commit-129aa45.md b/content/posts/commits/2026-02-07-commit-129aa45.md new file mode 100644 index 0000000..e3b955d --- /dev/null +++ b/content/posts/commits/2026-02-07-commit-129aa45.md @@ -0,0 +1,39 @@ +--- +title: "Add comprehensive BUILD_PROMPT.md for full project recreation" +date: 2026-02-07T20:56:31+01:00 +draft: false +tags: ["commit", "bojemoi", "feature"] +categories: ["Git Activity"] +summary: "Commit 129aa45 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `129aa45` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `129aa453955e1c98ea15c5650605e79a304ecb76` | +| **Date** | 2026-02-07 | + +### Description + +Documents the entire Bojemoi Lab architecture across 19 sections: +infrastructure, orchestrators, scanning services, monitoring, +security layers, CI/CD, and step-by-step reconstruction guide. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M BUILD_PROMPT.md +``` + +### Statistiques + +``` + 1 file changed, 695 insertions(+), 915 deletions(-) +``` diff --git a/content/posts/commits/2026-02-07-commit-1ef1051.md b/content/posts/commits/2026-02-07-commit-1ef1051.md new file mode 100644 index 0000000..f6d9ae1 --- /dev/null +++ b/content/posts/commits/2026-02-07-commit-1ef1051.md @@ -0,0 +1,40 @@ +--- +title: "Fix slow queries, connection leaks, and Dockerfile in zap-scanner" +date: 2026-02-07T22:05:53+01:00 +draft: false +tags: ["commit", "bojemoi", "fix"] +categories: ["Git Activity"] +summary: "Commit 1ef1051 par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `1ef1051` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `1ef1051421db788da1cb5de069f621a7e48c46c7` | +| **Date** | 2026-02-07 | + +### Description + +Replace ORDER BY random() with TABLESAMPLE SYSTEM() for host selection, +use cursor context managers to prevent leaks, add auto-reconnect for +stale connections, and fix missing && in Dockerfile. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M oblast-1/Dockerfile.oblast-1 +M oblast-1/zap_scanner.py +``` + +### Statistiques + +``` + 2 files changed, 47 insertions(+), 36 deletions(-) +``` diff --git a/content/posts/commits/2026-02-07-commit-3c5ad95.md b/content/posts/commits/2026-02-07-commit-3c5ad95.md new file mode 100644 index 0000000..240e8cd --- /dev/null +++ b/content/posts/commits/2026-02-07-commit-3c5ad95.md @@ -0,0 +1,42 @@ +--- +title: "Fix borodino SQL queries: replace ORDER BY RANDOM() with TABLESAMPLE SYSTEM()" +date: 2026-02-07T00:55:23+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "borodino"] +categories: ["Git Activity"] +summary: "Commit 3c5ad95 par Betty — 3 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `3c5ad95` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `3c5ad95aae949058e25c9b7ee4bb20ccf2620995` | +| **Date** | 2026-02-07 | + +### Description + +ORDER BY RANDOM() on hosts table (6.15M rows) caused full sequential scans +taking ~7.5s each, driving PostgreSQL to 459% CPU. TABLESAMPLE SYSTEM() +samples random blocks at I/O level, reducing query time to milliseconds. +Also fixes SQL injection in thearm_uzi via parameterized query. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M borodino/thearm_ak47 +M borodino/thearm_bm12 +M borodino/thearm_uzi +``` + +### Statistiques + +``` + 3 files changed, 3 insertions(+), 3 deletions(-) +``` diff --git a/content/posts/commits/2026-02-07-commit-ecbf8c9.md b/content/posts/commits/2026-02-07-commit-ecbf8c9.md new file mode 100644 index 0000000..c941204 --- /dev/null +++ b/content/posts/commits/2026-02-07-commit-ecbf8c9.md @@ -0,0 +1,38 @@ +--- +title: "Fix slow queries and connection leaks in bm12 scanner" +date: 2026-02-07T21:55:45+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "borodino"] +categories: ["Git Activity"] +summary: "Commit ecbf8c9 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `ecbf8c9` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `ecbf8c989b95587f9fd3ea691a263ab6ea972388` | +| **Date** | 2026-02-07 | + +### Description + +Replace ORDER BY RANDOM() with TABLESAMPLE SYSTEM() for host selection +and explicitly close DB connections to prevent idle-in-transaction buildup. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M borodino/thearm_bm12 +``` + +### Statistiques + +``` + 1 file changed, 20 insertions(+), 8 deletions(-) +``` diff --git a/content/posts/commits/2026-02-08-commit-332af04.md b/content/posts/commits/2026-02-08-commit-332af04.md new file mode 100644 index 0000000..e8977ab --- /dev/null +++ b/content/posts/commits/2026-02-08-commit-332af04.md @@ -0,0 +1,45 @@ +--- +title: "Move rsync configs to Docker configs and add new stack files" +date: 2026-02-08T23:26:19+01:00 +draft: false +tags: ["commit", "bojemoi", "stack", "config"] +categories: ["Git Activity"] +summary: "Commit 332af04 par Betty — 6 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `332af04` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `332af046457f97946bde089df38ce6ca19441b8b` | +| **Date** | 2026-02-08 | + +### Description + +- Remove COPY config/ from koursk-2 Dockerfile, use Docker configs instead +- Add rsync_rsyncd and rsync_jobs configs to hl stack for master and slave +- Add samsonov and telegram service stack files +- Update BUILD_PROMPT.md + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M BUILD_PROMPT.md +M koursk-2/Dockerfile.koursk-2 +M stack/01-service-hl.yml +A stack/60-service-samsonov.yml +A stack/60-service-telegram.yml +A volumes/rsync/configs/rsync_jobs.json +``` + +### Statistiques + +``` + 6 files changed, 527 insertions(+), 796 deletions(-) +``` diff --git a/content/posts/commits/2026-02-08-commit-a1084a4.md b/content/posts/commits/2026-02-08-commit-a1084a4.md new file mode 100644 index 0000000..249b2bc --- /dev/null +++ b/content/posts/commits/2026-02-08-commit-a1084a4.md @@ -0,0 +1,39 @@ +--- +title: "Fix rsync-master syncing to only one slave instead of all" +date: 2026-02-08T23:24:16+01:00 +draft: false +tags: ["commit", "bojemoi", "fix"] +categories: ["Git Activity"] +summary: "Commit a1084a4 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `a1084a4` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `a1084a4c78586b08923f3aa327fa8a4fa8b339c1` | +| **Date** | 2026-02-08 | + +### Description + +Move schedule.clear() out of setup_schedules() loop so schedules for +all slave nodes are preserved. Also fix hardcoded source path in rsync +command to use job config source. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M koursk-2/scripts/rsync-master.py +``` + +### Statistiques + +``` + 1 file changed, 3 insertions(+), 4 deletions(-) +``` diff --git a/content/posts/commits/2026-02-09-commit-2ff1a97.md b/content/posts/commits/2026-02-09-commit-2ff1a97.md new file mode 100644 index 0000000..ea8513f --- /dev/null +++ b/content/posts/commits/2026-02-09-commit-2ff1a97.md @@ -0,0 +1,38 @@ +--- +title: "Update .gitignore: block large files that bloated git history" +date: 2026-02-09T21:10:27+01:00 +draft: false +tags: ["commit", "bojemoi"] +categories: ["Git Activity"] +summary: "Commit 2ff1a97 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `2ff1a97` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `2ff1a97f321c574644047e550dcaa786c2ceb184` | +| **Date** | 2026-02-09 | + +### Description + +Prevent dump/, kyiv/, venv/, *.jar, *.sql.gz, and suricata rules +from being committed again after history cleanup. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M .gitignore +``` + +### Statistiques + +``` + 1 file changed, 18 insertions(+), 1 deletion(-) +``` diff --git a/content/posts/commits/2026-02-10-commit-1e269fe.md b/content/posts/commits/2026-02-10-commit-1e269fe.md new file mode 100644 index 0000000..7a07948 --- /dev/null +++ b/content/posts/commits/2026-02-10-commit-1e269fe.md @@ -0,0 +1,35 @@ +--- +title: "Add anthropic_api_key secret to ml-threat-intel stack" +date: 2026-02-10T14:55:36+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack"] +categories: ["Git Activity"] +summary: "Commit 1e269fe par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `1e269fe` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `1e269fe964ea3adb8e8870bde54208db00a53fef` | +| **Date** | 2026-02-10 | + +### Description + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M stack/45-service-ml-threat-intel.yml +``` + +### Statistiques + +``` + 1 file changed, 4 insertions(+) +``` diff --git a/content/posts/commits/2026-02-10-commit-72ed6b2.md b/content/posts/commits/2026-02-10-commit-72ed6b2.md new file mode 100644 index 0000000..199ee8a --- /dev/null +++ b/content/posts/commits/2026-02-10-commit-72ed6b2.md @@ -0,0 +1,42 @@ +--- +title: "Move honeypot SSH to port 22, add SSH configs and OSINT agent" +date: 2026-02-10T22:08:30+01:00 +draft: false +tags: ["commit", "bojemoi", "stack"] +categories: ["Git Activity"] +summary: "Commit 72ed6b2 par Betty — 4 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `72ed6b2` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `72ed6b2fb81fa5ec7b5a62b8817b9bbb97c6b1aa` | +| **Date** | 2026-02-10 | + +### Description + +Publish Medved honeypot SSH on port 22 (real SSH moved to 4422) to +better capture attacker traffic. Add hardened sshd_config and banner +for the real SSH service. Include OSINT gatherer agent definition. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +A .claude/agents/osint-gatherer.md +A configs/ssh_banner +A configs/sshd_config_hardened +M stack/65-service-medved.yml +``` + +### Statistiques + +``` + 4 files changed, 225 insertions(+), 1 deletion(-) +``` diff --git a/content/posts/commits/2026-02-10-commit-abbecb5.md b/content/posts/commits/2026-02-10-commit-abbecb5.md new file mode 100644 index 0000000..11da4e8 --- /dev/null +++ b/content/posts/commits/2026-02-10-commit-abbecb5.md @@ -0,0 +1,35 @@ +--- +title: "Pin ml-threat-intel to meta-70 (meta-68 has no outbound internet)" +date: 2026-02-10T15:28:22+01:00 +draft: false +tags: ["commit", "bojemoi", "stack"] +categories: ["Git Activity"] +summary: "Commit abbecb5 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `abbecb5` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `abbecb5d2f9fbee422f0c5473d6458736eced829` | +| **Date** | 2026-02-10 | + +### Description + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M stack/45-service-ml-threat-intel.yml +``` + +### Statistiques + +``` + 1 file changed, 3 insertions(+) +``` diff --git a/content/posts/commits/2026-02-10-commit-cc52236.md b/content/posts/commits/2026-02-10-commit-cc52236.md new file mode 100644 index 0000000..20eb6d7 --- /dev/null +++ b/content/posts/commits/2026-02-10-commit-cc52236.md @@ -0,0 +1,55 @@ +--- +title: "Add Medved multi-protocol honeypot service" +date: 2026-02-10T20:38:29+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack"] +categories: ["Git Activity"] +summary: "Commit cc52236 par Betty — 16 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `cc52236` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `cc522362c0f50e3edbc795a943c6dc2e930c77ca` | +| **Date** | 2026-02-10 | + +### Description + +Deploy SSH, HTTP, RDP, SMB, FTP, and Telnet honeypots as a global +swarm service on worker nodes. Logs all connection attempts and +credentials to PostgreSQL (honeypot_events table) and reports +findings to Faraday every 60s with severity mapping. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +A medved/Dockerfile.medved +A medved/honeypot/__init__.py +A medved/honeypot/config.py +A medved/honeypot/db.py +A medved/honeypot/faraday_reporter.py +A medved/honeypot/main.py +A medved/honeypot/metrics.py +A medved/honeypot/protocols/__init__.py +A medved/honeypot/protocols/ftp_handler.py +A medved/honeypot/protocols/http_handler.py +A medved/honeypot/protocols/rdp_handler.py +A medved/honeypot/protocols/smb_handler.py +A medved/honeypot/protocols/ssh_handler.py +A medved/honeypot/protocols/telnet_handler.py +A medved/requirements.txt +A stack/65-service-medved.yml +``` + +### Statistiques + +``` + 16 files changed, 1277 insertions(+) +``` diff --git a/content/posts/commits/2026-02-11-commit-01d3c01.md b/content/posts/commits/2026-02-11-commit-01d3c01.md new file mode 100644 index 0000000..b449013 --- /dev/null +++ b/content/posts/commits/2026-02-11-commit-01d3c01.md @@ -0,0 +1,45 @@ +--- +title: "Fix 61 Prometheus targets DOWN: cAdvisor, Traefik, Grafana scrape configs" +date: 2026-02-11T19:04:12+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack", "config"] +categories: ["Git Activity"] +summary: "Commit 01d3c01 par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `01d3c01` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `01d3c01d62109ce656978ce2c47c6c8fbc2b138b` | +| **Date** | 2026-02-11 | + +### Description + +- Replace broken docker-containers job (54 DOWN) with cadvisor DNS SD + targeting tasks.base_cadvisor:8080 instead of non-existent node:8088 +- Fix Grafana prometheus.port label: remove quotes around "3000" that + broke relabel regex matching (3 DOWN) +- Fix suricata job: switch from static config to DNS SD for proper + multi-instance discovery +- Clean up docker-swarm-services relabel: remove redundant drop rule + after keep, normalize whitespace + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M stack/01-service-hl.yml +M volumes/prometheus/prometheus.yml +``` + +### Statistiques + +``` + 2 files changed, 40 insertions(+), 64 deletions(-) +``` diff --git a/content/posts/commits/2026-02-11-commit-160d83e.md b/content/posts/commits/2026-02-11-commit-160d83e.md new file mode 100644 index 0000000..df9541e --- /dev/null +++ b/content/posts/commits/2026-02-11-commit-160d83e.md @@ -0,0 +1,40 @@ +--- +title: "Add retry loops to bm12 scanner for PostgreSQL and host availability" +date: 2026-02-11T19:04:52+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "borodino"] +categories: ["Git Activity"] +summary: "Commit 160d83e par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `160d83e` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `160d83ee875764eed0fbabf37582fe141b2497ab` | +| **Date** | 2026-02-11 | + +### Description + +- Wait indefinitely for PostgreSQL DNS resolution and readiness + instead of exiting immediately on failure +- Continue scanning loop when no host is available instead of breaking +- Prevents container restarts when PostgreSQL is temporarily unavailable + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M borodino/thearm_bm12 +``` + +### Statistiques + +``` + 1 file changed, 19 insertions(+), 10 deletions(-) +``` diff --git a/content/posts/commits/2026-02-11-commit-2c863e8.md b/content/posts/commits/2026-02-11-commit-2c863e8.md new file mode 100644 index 0000000..8546766 --- /dev/null +++ b/content/posts/commits/2026-02-11-commit-2c863e8.md @@ -0,0 +1,42 @@ +--- +title: "Fix medved SSH handler and move honeypot to manager node" +date: 2026-02-11T13:23:00+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack"] +categories: ["Git Activity"] +summary: "Commit 2c863e8 par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `2c863e8` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `2c863e872992510d0cb2f73d6597fc7361d2c1dc` | +| **Date** | 2026-02-11 | + +### Description + +- Fix ssh_handler.py: generate host key with asyncssh.generate_private_key() + instead of shelling out to ssh-keygen (fixes FileNotFoundError and + asyncssh serialization TypeError) +- Move medved from workers to manager node (replicated 1 on manager) + to resolve overlay network connectivity to PostgreSQL + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M medved/honeypot/protocols/ssh_handler.py +M stack/65-service-medved.yml +``` + +### Statistiques + +``` + 2 files changed, 7 insertions(+), 7 deletions(-) +``` diff --git a/content/posts/commits/2026-02-11-commit-2de7b82.md b/content/posts/commits/2026-02-11-commit-2de7b82.md new file mode 100644 index 0000000..5bc9967 --- /dev/null +++ b/content/posts/commits/2026-02-11-commit-2de7b82.md @@ -0,0 +1,39 @@ +--- +title: "Fix suricata-exporter: share command socket via bind mount" +date: 2026-02-11T19:16:31+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack"] +categories: ["Git Activity"] +summary: "Commit 2de7b82 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `2de7b82` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `2de7b826a243ad1b2ebf20a97038f5c0bc45568a` | +| **Date** | 2026-02-11 | + +### Description + +Add /opt/bojemoi/volumes/suricata/run bind mount to both suricata and +suricata-exporter services so the Unix command socket is accessible +across containers. Fixes 9 SuricataDown/PrometheusTargetDown alerts. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M stack/01-service-hl.yml +``` + +### Statistiques + +``` + 1 file changed, 2 insertions(+) +``` diff --git a/content/posts/commits/2026-02-11-commit-30fe258.md b/content/posts/commits/2026-02-11-commit-30fe258.md new file mode 100644 index 0000000..5be5b51 --- /dev/null +++ b/content/posts/commits/2026-02-11-commit-30fe258.md @@ -0,0 +1,45 @@ +--- +title: "Fix Faraday service: local registry image, Redis connectivity, and reporter config" +date: 2026-02-11T14:39:07+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack", "samsonov", "config"] +categories: ["Git Activity"] +summary: "Commit 30fe258 par Betty — 4 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `30fe258` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `30fe25816284cf1e4b7a5992157253b835d7d91a` | +| **Date** | 2026-02-11 | + +### Description + +- Use localhost:5000/faraday:latest instead of faradaysec/faraday:latest (workers have no internet) +- Fix Celery Redis URLs in server.ini (redis -> redis://redis:6379/0) +- Fix REDIS_SERVER env var (redis.bojemoi.lab -> redis service name) +- Fix reporter config: use Traefik URL, set default workspace to honeypot +- Fix config.json: remove invalid JSON comments +- Fix plugin_faraday.py: handle paginated workspace response, add verify=False for self-signed certs + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M samsonov/pentest_orchestrator/config/config.json +M samsonov/pentest_orchestrator/plugins/plugin_faraday.py +M stack/40-service-borodino.yml +M volumes/faraday/config/server.ini +``` + +### Statistiques + +``` + 4 files changed, 13 insertions(+), 14 deletions(-) +``` diff --git a/content/posts/commits/2026-02-13-commit-446afb1.md b/content/posts/commits/2026-02-13-commit-446afb1.md new file mode 100644 index 0000000..af55989 --- /dev/null +++ b/content/posts/commits/2026-02-13-commit-446afb1.md @@ -0,0 +1,52 @@ +--- +title: "Add Razvedka: Telegram CTI service for DDoS prediction" +date: 2026-02-13T00:00:21+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack"] +categories: ["Git Activity"] +summary: "Commit 446afb1 par Betty — 12 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `446afb1` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `446afb143c6b531712c0073c465513d1a2e78cf0` | +| **Date** | 2026-02-13 | + +### Description + +Monitors 7 hacktivist channels (CyberArmyofRussia, Killnet, XakNet, +SolntsepekZ, etc.) via Telethon, extracts entities with spaCy + lingua +language detection, scores intention and France-relevance, stores in +PostgreSQL buzz_log, and alerts via Telegram/Alertmanager on cluster +detection. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +A razvedka/Dockerfile.razvedka +A razvedka/razvedka/__init__.py +A razvedka/razvedka/alerter.py +A razvedka/razvedka/config.py +A razvedka/razvedka/db.py +A razvedka/razvedka/extractor.py +A razvedka/razvedka/keywords.py +A razvedka/razvedka/main.py +A razvedka/razvedka/metrics.py +A razvedka/razvedka/scorer.py +A razvedka/requirements.txt +A stack/45-service-razvedka.yml +``` + +### Statistiques + +``` + 12 files changed, 1033 insertions(+) +``` diff --git a/content/posts/commits/2026-02-13-commit-7d2e3df.md b/content/posts/commits/2026-02-13-commit-7d2e3df.md new file mode 100644 index 0000000..7e58bed --- /dev/null +++ b/content/posts/commits/2026-02-13-commit-7d2e3df.md @@ -0,0 +1,53 @@ +--- +title: "Add X/Twitter as second CTI source to Razvedka" +date: 2026-02-13T14:59:02+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack"] +categories: ["Git Activity"] +summary: "Commit 7d2e3df par Betty — 7 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `7d2e3df` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `7d2e3df0ec701750fc49b6cc61b62c64bc65b0df` | +| **Date** | 2026-02-13 | + +### Description + +Razvedka now polls X/Twitter API v2 in parallel with Telegram monitoring. +Both sources feed the same buzz_log table and extraction pipeline. Telegram +is now optional (warning instead of exit) so Razvedka can run with either +or both sources. + +- New twitter.py: async poll loop using tweepy, since_id tracking, rate limit handling +- config.py: twitter_bearer_token, twitter_accounts, twitter_search_queries, twitter_poll_interval +- db.py: source column with migration for existing deployments +- main.py: Telegram extracted to helper, Twitter task launched in parallel +- metrics.py: descriptions updated from "Telegram" to "CTI sources" +- Stack: twitter_bearer_token secret + env vars for accounts/queries/interval + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M razvedka/razvedka/config.py +M razvedka/razvedka/db.py +M razvedka/razvedka/main.py +M razvedka/razvedka/metrics.py +A razvedka/razvedka/twitter.py +M razvedka/requirements.txt +A stack/46-service-razvedka.yml +``` + +### Statistiques + +``` + 7 files changed, 332 insertions(+), 33 deletions(-) +``` diff --git a/content/posts/commits/2026-02-13-commit-e9882bf.md b/content/posts/commits/2026-02-13-commit-e9882bf.md new file mode 100644 index 0000000..573785e --- /dev/null +++ b/content/posts/commits/2026-02-13-commit-e9882bf.md @@ -0,0 +1,46 @@ +--- +title: "Fix Razvedka Telegram session: graceful auth fallback, run on manager" +date: 2026-02-13T18:40:50+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack"] +categories: ["Git Activity"] +summary: "Commit e9882bf par Betty — 2 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `e9882bf` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `e9882bfecdcd0703d43c7fad1e6a98df660b313c` | +| **Date** | 2026-02-13 | + +### Description + +The service crashed in a loop because the Telethon session expired and +prompted for an interactive auth code, which fails in Docker Swarm. + +- main.py: in non-interactive mode, only use existing session; if expired, + log error and fall back to Twitter-only instead of crashing. Support + TELEGRAM_INTERACTIVE=1 for explicit re-auth and TELEGRAM_CODE for + one-shot auth. +- stack: move placement to manager node (session volume is node-local), + comment out twitter_bearer_token secret until created. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M razvedka/razvedka/main.py +M stack/46-service-razvedka.yml +``` + +### Statistiques + +``` + 2 files changed, 27 insertions(+), 11 deletions(-) +``` diff --git a/content/posts/commits/2026-02-13-commit-f83582c.md b/content/posts/commits/2026-02-13-commit-f83582c.md new file mode 100644 index 0000000..19fe93c --- /dev/null +++ b/content/posts/commits/2026-02-13-commit-f83582c.md @@ -0,0 +1,50 @@ +--- +title: "Add Vigie: CERT-FR security bulletin monitor" +date: 2026-02-13T20:12:28+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack", "config"] +categories: ["Git Activity"] +summary: "Commit f83582c par Betty — 13 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `f83582c` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `f83582cec9ee21f54f44923efcc5ac253a46b1bc` | +| **Date** | 2026-02-13 | + +### Description + +Polls ANSSI RSS feeds (alertes, avis, IOC), stores bulletins in PostgreSQL, +filters by product watchlist, and alerts via Telegram + Alertmanager. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +A stack/47-service-vigie.yml +A vigie/Dockerfile.vigie +A vigie/requirements.txt +A vigie/vigie/__init__.py +A vigie/vigie/__main__.py +A vigie/vigie/alerter.py +A vigie/vigie/config.py +A vigie/vigie/db.py +A vigie/vigie/feeds.py +A vigie/vigie/main.py +A vigie/vigie/matcher.py +A vigie/vigie/metrics.py +A volumes/grafana/dashboards/vigie.json +``` + +### Statistiques + +``` + 13 files changed, 715 insertions(+) +``` diff --git a/content/posts/commits/2026-02-14-commit-26fe30f.md b/content/posts/commits/2026-02-14-commit-26fe30f.md new file mode 100644 index 0000000..50248d9 --- /dev/null +++ b/content/posts/commits/2026-02-14-commit-26fe30f.md @@ -0,0 +1,57 @@ +--- +title: "Fix various service issues: Faraday auth, borodino startup, Razvedka DB, Vigie alerts" +date: 2026-02-14T15:37:56+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack", "borodino"] +categories: ["Git Activity"] +summary: "Commit 26fe30f par Betty — 11 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `26fe30f` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `26fe30f47064d213204b16ba582b2fb180f7246e` | +| **Date** | 2026-02-14 | + +### Description + +- borodino/ak47: Add PostgreSQL readiness retry loop instead of failing silently +- medved: Switch Faraday auth from API token to session-based login, fix API + endpoint trailing slashes, add proper cookie caching +- razvedka/db: Fix migration order (column migration before table creation), + wrap ALTER TABLE in existence check +- vigie/alerter: Cast chat_id to int, add error response logging +- stack/01: Remove suricata Docker configs (use bind mounts, rules exceed 4MB limit) +- stack/40: Reduce borodino max_replicas_per_node to 3, disable uzi (0 replicas) +- stack/45-razvedka: Remove deprecated stack file (replaced by 46) +- stack/65-medved: Switch from token to user/password auth for Faraday +- scripts/startover.sh: Fix telegram/medved stack paths + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M borodino/thearm_ak47 +M medved/honeypot/config.py +M medved/honeypot/faraday_reporter.py +A razvedka/auth_helper.py +M razvedka/razvedka/db.py +M scripts/startover.sh +M stack/01-service-hl.yml +M stack/40-service-borodino.yml +D stack/45-service-razvedka.yml +M stack/65-service-medved.yml +M vigie/vigie/alerter.py +``` + +### Statistiques + +``` + 11 files changed, 168 insertions(+), 125 deletions(-) +``` diff --git a/content/posts/commits/2026-02-14-commit-c7af3a7.md b/content/posts/commits/2026-02-14-commit-c7af3a7.md new file mode 100644 index 0000000..5c77421 --- /dev/null +++ b/content/posts/commits/2026-02-14-commit-c7af3a7.md @@ -0,0 +1,46 @@ +--- +title: "Fix Suricata to capture real traffic: move to host networking" +date: 2026-02-14T15:56:36+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack"] +categories: ["Git Activity"] +summary: "Commit c7af3a7 par Betty — 4 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `c7af3a7` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `c7af3a7340b2fdd15e343132ce4f4f81b5692bc9` | +| **Date** | 2026-02-14 | + +### Description + +Suricata in Docker Swarm overlay network saw 0 packets (monitoring +virtual VXLAN interface). Move to standalone docker compose with +network_mode: host for real eth0 packet capture. Suricata-exporter +stays in Swarm (reads socket/logs via bind mounts). + +Also filter private/reserved IPs (RFC1918, multicast, broadcast) from +Dozor threat feeds to prevent false positives on internal Docker traffic. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M dozor/dozor/feeds.py +M scripts/startover.sh +M stack/01-service-hl.yml +A stack/01-suricata-host.yml +``` + +### Statistiques + +``` + 4 files changed, 59 insertions(+), 48 deletions(-) +``` diff --git a/content/posts/commits/2026-02-14-commit-d23f0d2.md b/content/posts/commits/2026-02-14-commit-d23f0d2.md new file mode 100644 index 0000000..5a243fc --- /dev/null +++ b/content/posts/commits/2026-02-14-commit-d23f0d2.md @@ -0,0 +1,51 @@ +--- +title: "Add Dozor: threat feed aggregator for Suricata blocklist rules" +date: 2026-02-14T15:36:58+01:00 +draft: false +tags: ["commit", "bojemoi", "feature", "stack", "config"] +categories: ["Git Activity"] +summary: "Commit d23f0d2 par Betty — 11 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `d23f0d2` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `d23f0d240bda978db8bbb97a55dc3a1dad915513` | +| **Date** | 2026-02-14 | + +### Description + +Downloads IPs/CIDRs from FireHOL L1/L2, abuse.ch ThreatFox, URLhaus, +and Feodo C2 feeds. Generates chunked Suricata drop rules (200 IPs per +rule) and writes blocklist.rules for automatic loading. Exposes +Prometheus metrics on port 9302. Also fixes suricata default-rule-path +to match the actual bind mount at /etc/suricata/rules. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +A dozor/Dockerfile.dozor +A dozor/dozor/__init__.py +A dozor/dozor/__main__.py +A dozor/dozor/config.py +A dozor/dozor/feeds.py +A dozor/dozor/main.py +A dozor/dozor/metrics.py +A dozor/dozor/rules.py +A dozor/requirements.txt +A stack/48-service-dozor.yml +M volumes/suricata/suricata.yaml +``` + +### Statistiques + +``` + 11 files changed, 432 insertions(+), 2 deletions(-) +``` diff --git a/content/posts/commits/2026-02-15-commit-6a1a266.md b/content/posts/commits/2026-02-15-commit-6a1a266.md new file mode 100644 index 0000000..85477dd --- /dev/null +++ b/content/posts/commits/2026-02-15-commit-6a1a266.md @@ -0,0 +1,47 @@ +--- +title: "Add connectivity skill: test external API and feed connections" +date: 2026-02-15T21:43:51+01:00 +draft: false +tags: ["commit", "bojemoi", "feature"] +categories: ["Git Activity"] +summary: "Commit 6a1a266 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `6a1a266` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `6a1a2662c443bd173a2ce1b9d74004474052816b` | +| **Date** | 2026-02-15 | + +### Description + +New /connectivity skill checks all external dependencies: +- 11 public feeds (CERT-FR, FireHOL, abuse.ch, IP-API, IPInfo, IPWhois) +- 5 authenticated APIs (VirusTotal, Shodan, AbuseIPDB, OTX, Anthropic) +- Telegram Bot validation +- Worker node egress (DNS + HTTPS) + +Supports arguments: apis, feeds, telegram for targeted checks. +Reads secrets via SSH to worker nodes where containers run. + +Also replaced 4 placeholder Docker secrets with real API keys +(vt_api_key, shodan_api_key, abuseipdb_api_key, otx_api_key). + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +A .claude/commands/connectivity.md +``` + +### Statistiques + +``` + 1 file changed, 241 insertions(+) +``` diff --git a/content/posts/commits/2026-02-15-commit-e25b3dd.md b/content/posts/commits/2026-02-15-commit-e25b3dd.md new file mode 100644 index 0000000..eaca752 --- /dev/null +++ b/content/posts/commits/2026-02-15-commit-e25b3dd.md @@ -0,0 +1,42 @@ +--- +title: "Fix borodino alert storm: Ruby 3.5 crash, empty CIDR, replica constraints" +date: 2026-02-15T11:43:51+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack", "borodino"] +categories: ["Git Activity"] +summary: "Commit e25b3dd par Betty — 3 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `e25b3dd` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `e25b3ddd39eeb5c921467a84383edd4245c92223` | +| **Date** | 2026-02-15 | + +### Description + +- Replace Ruby 3.5.0-preview1 (incompatible native extensions) with stable + Ruby 3.3 and add bundle install for metasploit gems +- Guard empty CIDR results from TABLESAMPLE in thearm_ak47 +- Increase max_replicas_per_node from 3 to 5 for full 15-replica capacity + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M borodino/Dockerfile.borodino +M borodino/thearm_ak47 +M stack/40-service-borodino.yml +``` + +### Statistiques + +``` + 3 files changed, 31 insertions(+), 169 deletions(-) +``` diff --git a/content/posts/commits/2026-02-16-commit-8af07f6.md b/content/posts/commits/2026-02-16-commit-8af07f6.md new file mode 100644 index 0000000..796bfea --- /dev/null +++ b/content/posts/commits/2026-02-16-commit-8af07f6.md @@ -0,0 +1,38 @@ +--- +title: "Add post-deploy health and connectivity checks to startover.sh" +date: 2026-02-16T13:50:09+01:00 +draft: false +tags: ["commit", "bojemoi", "feature"] +categories: ["Git Activity"] +summary: "Commit 8af07f6 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `8af07f6` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `8af07f674b152de1208b56a0bd35d19ae0e6e3e6` | +| **Date** | 2026-02-16 | + +### Description + +Switch shebang to ash, add manager/worker role detection, and append +service health + external connectivity checks after full stack deploy. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M scripts/startover.sh +``` + +### Statistiques + +``` + 1 file changed, 143 insertions(+), 25 deletions(-) +``` diff --git a/content/posts/commits/2026-02-16-commit-9eb88b1.md b/content/posts/commits/2026-02-16-commit-9eb88b1.md new file mode 100644 index 0000000..0e93f54 --- /dev/null +++ b/content/posts/commits/2026-02-16-commit-9eb88b1.md @@ -0,0 +1,38 @@ +--- +title: "Fix borodino stack: use local registry for all images" +date: 2026-02-16T15:13:09+01:00 +draft: false +tags: ["commit", "bojemoi", "fix", "stack"] +categories: ["Git Activity"] +summary: "Commit 9eb88b1 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `9eb88b1` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `9eb88b18b7d5daef22565b713c7b19e48c4aeeb0` | +| **Date** | 2026-02-16 | + +### Description + +Workers can't pull from Docker Hub directly. Point nuclei, redis, +and python images to localhost:5000 local registry. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M stack/40-service-borodino.yml +``` + +### Statistiques + +``` + 1 file changed, 4 insertions(+), 4 deletions(-) +``` diff --git a/content/posts/commits/2026-02-16-commit-e83ddf5.md b/content/posts/commits/2026-02-16-commit-e83ddf5.md new file mode 100644 index 0000000..3f46e38 --- /dev/null +++ b/content/posts/commits/2026-02-16-commit-e83ddf5.md @@ -0,0 +1,38 @@ +--- +title: "Fix BusyBox date compatibility in startover.sh" +date: 2026-02-16T15:02:27+01:00 +draft: false +tags: ["commit", "bojemoi", "fix"] +categories: ["Git Activity"] +summary: "Commit e83ddf5 par Betty — 1 fichier(s) modifié(s)" +author: "Betty" +--- + +## Commit `e83ddf5` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Auteur** | Betty | +| **Hash** | `e83ddf58adb451bf9817447809f4f32e8e5f85e1` | +| **Date** | 2026-02-16 | + +### Description + +BusyBox date doesn't support GNU relative time expressions like +"+30 minutes". Use epoch arithmetic instead for Alertmanager silence. + +Co-Authored-By: Claude Opus 4.6 + +### Fichiers modifiés + +``` +M scripts/startover.sh +``` + +### Statistiques + +``` + 1 file changed, 2 insertions(+), 1 deletion(-) +```