Add 62 blog posts generated from git commit history

One-shot import of all bojemoi repo commits as Hugo posts.
Each post includes metadata, files changed, and diff stats.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

content/posts/commits/2026-01-20-commit-63dfe10.md

@@ -0,0 +1,20 @@
+---
+title: "Initial commit"
+date: 2026-01-20T19:35:18+01:00
+draft: false
+tags: ["commit", "bojemoi"]
+categories: ["Git Activity"]
+summary: "Commit 63dfe10 par Betty — 0
+0 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `63dfe10`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `63dfe106b62b7ee9c51d9e798741ac2e5615cf9d` |
+| **Date** | 2026-01-20 |

content/posts/commits/2026-01-20-commit-97c17d7.md

@@ -0,0 +1,31 @@
+---
+title: "Remove toto/ virtual environment"
+date: 2026-01-20T20:15:17+01:00
+draft: false
+tags: ["commit", "bojemoi"]
+categories: ["Git Activity"]
+summary: "Commit 97c17d7 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `97c17d7`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `97c17d702b9f291a65deb7e812f302fb59affc98` |
+| **Date** | 2026-01-20 |
+
+### Fichiers modifiés
+
+```
+A	CLAUDE.md
+```
+
+### Statistiques
+
+```
+ 1 file changed, 120 insertions(+)
+```

content/posts/commits/2026-01-21-commit-f33559b.md

@@ -0,0 +1,55 @@
+---
+title: "Fix orchestrator: XenServer real client, Gitea config, template mapping"
+date: 2026-01-21T22:32:43+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "orchestrator"]
+categories: ["Git Activity"]
+summary: "Commit f33559b par Betty — 12 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `f33559b`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `f33559b3fa433cccd0f6b4812140679a7f71191a` |
+| **Date** | 2026-01-21 |
+
+### Description
+
+- Use xenserver_client_real.py with XenAPI library
+- Add SSL ignore for self-signed certificates
+- Fix run_in_executor decorator for async calls
+- Add XenServer template mapping (alpine, ubuntu, debian, etc.)
+- Update config.py: env_file path, extra fields handling
+- Fix Docker image structure (/app/app/)
+- Add cloud-init example templates
+- Remove legacy docker-compose files
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	provisioning/Dockerfile.provisioning
+A	provisioning/examples/cloud-init/alpine/webserver.yaml
+A	provisioning/examples/cloud-init/debian/default.yaml
+A	provisioning/examples/cloud-init/ubuntu/default.yaml
+D	provisioning/orchestrator/Dockerfile
+D	provisioning/orchestrator/Makefile
+M	provisioning/orchestrator/app/config.py
+M	provisioning/orchestrator/app/main.py
+M	provisioning/orchestrator/app/models/schemas.py
+M	provisioning/orchestrator/app/services/xenserver_client_real.py
+D	provisioning/orchestrator/docker-compose.yml
+D	provisioning/orchestrator/requirements.txt
+```
+
+### Statistiques
+
+```
+ 12 files changed, 237 insertions(+), 202 deletions(-)
+```

content/posts/commits/2026-01-22-commit-1233f8c.md

@@ -0,0 +1,130 @@
+---
+title: "Fix stack YAML errors and remove orphaned provisioning1"
+date: 2026-01-22T17:00:52+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack", "orchestrator"]
+categories: ["Git Activity"]
+summary: "Commit 1233f8c par Betty — 85 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `1233f8c`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `1233f8c8d9c50db4f7bb99e2aec6b84a484bd7e8` |
+| **Date** | 2026-01-22 |
+
+### Description
+
+Stack fixes (01-service-hl.yml):
+- Remove stray quotes from prometheus labels (suricata-exporter, prometheus, rsync-master)
+- Fix postgres restart_policy indentation and uncomment condition
+- Fix postgres-exporter typo: ysslmode -> sslmode
+- Move postgres-exporter labels inside deploy block
+- Fix cadvisor prometheus.path: metrics -> /metrics
+
+Also:
+- Remove orphaned submodule reference for stack/
+- Delete unused provisioning1/ directory (82 files)
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+D	provisioning1/.env.example
+D	provisioning1/.gitignore
+D	provisioning1/CODE_OF_CONDUCT.md
+D	provisioning1/CONTRIBUTING.md
+D	provisioning1/Dockerfile
+D	provisioning1/Dockerfile.provisioning
+D	provisioning1/LICENSE
+D	provisioning1/Makefile
+D	provisioning1/README.md
+D	provisioning1/SECURITY.md
+D	provisioning1/backup/Dockerfile.provisioning
+D	provisioning1/backup/api/Dockerfile.provisioning
+D	provisioning1/backup/config.py
+D	provisioning1/backup/database.py
+D	provisioning1/backup/deployment-orchestrator(3).tar.gz
+D	provisioning1/backup/deployment-orchestrator/.env.example
+D	provisioning1/backup/deployment-orchestrator/.gitignore
+D	provisioning1/backup/deployment-orchestrator/ARCHITECTURE.md
+D	provisioning1/backup/deployment-orchestrator/Dockerfile
+D	provisioning1/backup/deployment-orchestrator/GITEA-STRUCTURE.md
+D	provisioning1/backup/deployment-orchestrator/Makefile
+D	provisioning1/backup/deployment-orchestrator/QUICKSTART.md
+D	provisioning1/backup/deployment-orchestrator/README.md
+D	provisioning1/backup/deployment-orchestrator/SWARM-DEPLOY.md
+D	provisioning1/backup/deployment-orchestrator/TRAEFIK.md
+D	provisioning1/backup/deployment-orchestrator/deploy-swarm.sh
+D	provisioning1/backup/deployment-orchestrator/docker-compose.swarm-external-db.yml
+D	provisioning1/backup/deployment-orchestrator/docker-compose.swarm.yml
+D	provisioning1/backup/deployment-orchestrator/docker-compose.yml
+D	provisioning1/backup/deployment-orchestrator/examples/manifest-container.yaml
+D	provisioning1/backup/deployment-orchestrator/examples/manifest-swarm.yaml
+D	provisioning1/backup/deployment-orchestrator/examples/manifest-vm.yaml
+D	provisioning1/backup/deployment-orchestrator/orchestrator_cli.sh
+D	provisioning1/backup/deployment-orchestrator/requirements.txt
+D	provisioning1/backup/deployment-orchestrator/test-installation.sh
+D	provisioning1/backup/deployment-orchestrator/traefik-labels.txt
+D	provisioning1/backup/docker_manager.py
+D	provisioning1/backup/gitea_manager.py
+D	provisioning1/backup/main.py
+D	provisioning1/backup/models.py
+D	provisioning1/backup/orchestrator.py
+D	provisioning1/backup/requirements.txt
+D	provisioning1/backup/test_installation.sh
+D	provisioning1/backup/toto
+D	provisioning1/backup/xenserver.py
+D	provisioning1/backups/.gitkeep
+D	provisioning1/bojemoi-orchestrator-1.0.0.tar.gz
+D	provisioning1/cli.py
+D	provisioning1/docker-compose.yml
+D	provisioning1/docs/README.md
+D	provisioning1/examples/cloud-init/base-ubuntu.yaml
+D	provisioning1/examples/containers/nginx-proxy.yaml
+D	provisioning1/examples/services/api-service.yaml
+D	provisioning1/examples/vms/web-server-01.yaml
+D	provisioning1/generate-bojemoi-orchestrator.sh
+D	provisioning1/logs/.gitkeep
+D	provisioning1/orchestrator.sh
+D	provisioning1/orchestrator/config.py
+D	provisioning1/orchestrator/database.py
+D	provisioning1/orchestrator/logging_config.py
+D	provisioning1/orchestrator/main.py
+D	provisioning1/orchestrator/managers/__init__.py
+D	provisioning1/orchestrator/managers/container_deployer.py
+D	provisioning1/orchestrator/managers/gitea_client.py
+D	provisioning1/orchestrator/managers/swarm_deployer.py
+D	provisioning1/orchestrator/managers/vm_deployer.py
+D	provisioning1/orchestrator/metrics.py
+D	provisioning1/orchestrator/models/__init__.py
+D	provisioning1/orchestrator/models/database.py
+D	provisioning1/orchestrator/models/deployment.py
+D	provisioning1/orchestrator/monitoring.py
+D	provisioning1/orchestrator/validators/__init__.py
+D	provisioning1/orchestrator/validators/schemas.py
+D	provisioning1/prometheus.yml
+D	provisioning1/requirements-dev.txt
+D	provisioning1/requirements.txt
+D	provisioning1/scripts/health-check.sh
+D	provisioning1/scripts/install.sh
+D	provisioning1/scripts/start.sh
+D	provisioning1/scripts/stop.sh
+D	provisioning1/tests/__init__.py
+D	provisioning1/tests/conftest.py
+D	provisioning1/tests/test_api.py
+D	stack
+A	stack/01-service-hl.yml
+```
+
+### Statistiques
+
+```
+ 85 files changed, 1213 insertions(+), 8679 deletions(-)
+```

content/posts/commits/2026-01-22-commit-97e4a8f.md

@@ -0,0 +1,50 @@
+---
+title: "Add Nuclei and VulnX vulnerability scanners to pentest orchestrator"
+date: 2026-01-22T22:11:11+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack", "samsonov"]
+categories: ["Git Activity"]
+summary: "Commit 97e4a8f par Betty — 9 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `97e4a8f`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `97e4a8f656b25210072ff11ed8203d8f0c4ead27` |
+| **Date** | 2026-01-22 |
+
+### Description
+
+- Add plugin_nuclei.py and plugin_vulnx.py to orchestrator plugins
+- Create Docker stacks for Nuclei (55) and VulnX (56) services
+- Add nuclei_api and vulnx_wrapper daemon services
+- Update scan sequences: full, web, network, vuln, cms types
+- Fix samsonov stack: remove Redis port conflict, rename from faraday
+- Update startover.sh with new stacks
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	samsonov/nuclei_api/main.py
+M	samsonov/pentest_orchestrator/main.py
+A	samsonov/pentest_orchestrator/plugins/plugin_nuclei.py
+A	samsonov/pentest_orchestrator/plugins/plugin_vulnx.py
+A	samsonov/vulnx_wrapper/main.py
+M	scripts/startover.sh
+A	stack/55-service-nuclei.yml
+A	stack/56-service-vulnx.yml
+M	stack/60-service-samsonov.yml
+```
+
+### Statistiques
+
+```
+ 9 files changed, 1300 insertions(+), 9 deletions(-)
+```

content/posts/commits/2026-01-22-commit-981cf8a.md

@@ -0,0 +1,73 @@
+---
+title: "Add all Docker Swarm stack files to version control"
+date: 2026-01-22T17:01:42+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack", "orchestrator"]
+categories: ["Git Activity"]
+summary: "Commit 981cf8a par Betty — 34 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `981cf8a`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `981cf8ac41857e110495f9487cfaf4466384e2ba` |
+| **Date** | 2026-01-22 |
+
+### Description
+
+Include all stack configurations and deployment scripts:
+- Service stacks (00-70): base services, monitoring, security tools
+- GitLab CI/CD pipeline configuration
+- Deployment automation scripts
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	stack/.gitignore
+A	stack/.gitlab-ci.yml
+A	stack/00-service-ll.yml
+A	stack/01-service-hl.yml.export
+A	stack/02-service-hl.yml
+A	stack/03-provisioning.Xyml
+A	stack/03-provisioning.yml
+A	stack/10-service-oblast.bis.yml
+A	stack/10-service-oblast.yml
+A	stack/11-service-zaproxy.yml
+A	stack/20-service-kyiv.yml
+A	stack/50-service-borodino.yml
+A	stack/50-service-tsushima.yml
+A	stack/60-service-samsonov.yml
+A	stack/70-service-zarovnik.yml
+A	stack/READ.me
+A	stack/README.md
+A	stack/_00-service-base.yml
+A	stack/_00-service-ll.yml
+A	stack/_01-service-rsync.yml
+A	stack/_10-service-oblast-1.yml
+A	stack/_20-service-kyiv.yml
+A	stack/_50-service-bojemoi-uzi.yml
+A	stack/_50-service-borodino
+A	stack/essais_nfs.yml
+A	stack/scripts/automate-deploy.sh
+A	stack/scripts/create-gitlab-token.sh
+A	stack/scripts/deploy/deploy.sh
+A	stack/scripts/deploy/health-check.sh
+A	stack/scripts/deploy/rollback.sh
+A	stack/scripts/gitlab-helper.sh
+A	stack/scripts/notify/notify.sh
+A	stack/scripts/security/zap-scan.sh
+A	stack/scripts/token
+```
+
+### Statistiques
+
+```
+ 34 files changed, 3365 insertions(+)
+```

content/posts/commits/2026-01-22-commit-c7d42c7.md

@@ -0,0 +1,48 @@
+---
+title: "Consolidate stack files and add Redis daemon mode to pentest orchestrator"
+date: 2026-01-22T21:41:38+01:00
+draft: false
+tags: ["commit", "bojemoi", "test", "stack", "samsonov", "orchestrator"]
+categories: ["Git Activity"]
+summary: "Commit c7d42c7 par Betty — 8 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `c7d42c7`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `c7d42c7f73fcaa0a35f672019dafe2e5cc059881` |
+| **Date** | 2026-01-22 |
+
+### Description
+
+- Add --daemon mode to pentest orchestrator for Redis pub/sub command listening
+- Consolidate orchestrator and protonmail-bridge services into 01-service-hl.yml
+- Remove redundant stack files (02-service-hl.yml, 03-provisioning.yml, essais_nfs.yml)
+- Update startover.sh to reflect consolidated stack structure
+- Configure orchestrator service with Redis environment variables
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	samsonov/pentest_orchestrator/main.py
+M	scripts/startover.sh
+M	stack/01-service-hl.yml
+D	stack/02-service-hl.yml
+D	stack/03-provisioning.Xyml
+D	stack/03-provisioning.yml
+M	stack/60-service-samsonov.yml
+D	stack/essais_nfs.yml
+```
+
+### Statistiques
+
+```
+ 8 files changed, 222 insertions(+), 330 deletions(-)
+```

content/posts/commits/2026-01-23-commit-352e6ad.md

@@ -0,0 +1,38 @@
+---
+title: "Add Faraday API token for zap-scanner service"
+date: 2026-01-23T17:55:14+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 352e6ad par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `352e6ad`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `352e6adb4c5c838ab852ed9c54b62aab492a2973` |
+| **Date** | 2026-01-23 |
+
+### Description
+
+Generated and configured API token for zap-scanner to authenticate
+with Faraday vulnerability management platform.
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/40-service-borodino.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+```

content/posts/commits/2026-01-23-commit-6994c56.md

@@ -0,0 +1,47 @@
+---
+title: "Consolidate stack files into single 40-service-borodino.yml"
+date: 2026-01-23T17:42:10+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 6994c56 par Betty — 9 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `6994c56`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `6994c56d8df315c09af016b0bae1c0480336972b` |
+| **Date** | 2026-01-23 |
+
+### Description
+
+Merged 7 stack files (10-oblast, 50-borodino, 50-tsushima, 55-nuclei,
+56-vulnx, 60-samsonov, 70-zarovnik) into one unified stack file.
+Updated startover.sh to deploy base + borodino stacks only.
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	scripts/startover.sh
+D	stack/10-service-oblast.yml
+A	stack/40-service-borodino.yml
+D	stack/50-service-borodino.yml
+D	stack/50-service-tsushima.yml
+D	stack/55-service-nuclei.yml
+D	stack/56-service-vulnx.yml
+D	stack/60-service-samsonov.yml
+D	stack/70-service-zarovnik.yml
+```
+
+### Statistiques
+
+```
+ 9 files changed, 672 insertions(+), 785 deletions(-)
+```

content/posts/commits/2026-01-23-commit-f375554.md

@@ -0,0 +1,48 @@
+---
+title: "Remove GitLab and update rsync slave discovery via node labels"
+date: 2026-01-23T20:51:52+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack"]
+categories: ["Git Activity"]
+summary: "Commit f375554 par Betty — 9 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `f375554`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `f3755548ef66178d3fb4620fd0f5afa335d812ee` |
+| **Date** | 2026-01-23 |
+
+### Description
+
+- Remove GitLab services, volumes, and network from borodino stack
+- Update rsync-master.py to discover slaves via node labels (rsync.slave=true)
+- Update rsync-slave deployment constraint to use node.labels.rsync.slave
+- Clean up obsolete stack files
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	koursk-2/scripts/rsync-master.py
+M	stack/01-service-hl.yml
+D	stack/01-service-hl.yml.export
+D	stack/10-service-oblast.bis.yml
+D	stack/11-service-zaproxy.yml
+D	stack/20-service-kyiv.yml
+M	stack/40-service-borodino.yml
+M	stack/_20-service-kyiv.yml
+D	toto.txt
+```
+
+### Statistiques
+
+```
+ 9 files changed, 55 insertions(+), 965 deletions(-)
+```

content/posts/commits/2026-01-24-commit-63c9ef2.md

@@ -0,0 +1,48 @@
+---
+title: "Add blockchain deployments and IP geolocation validation to orchestrator"
+date: 2026-01-24T17:49:51+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "orchestrator"]
+categories: ["Git Activity"]
+summary: "Commit 63c9ef2 par Betty — 7 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `63c9ef2`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `63c9ef2445243acf70aa54ec7262ce6bf256f98c` |
+| **Date** | 2026-01-24 |
+
+### Description
+
+- Add blockchain service with SHA-256 hash chain for immutable deployment logs
+- Add IP2Location client for country-based request filtering via CIDR queries
+- Add IPValidationMiddleware to block requests from non-allowed countries
+- Update deploy endpoints to log to blockchain with source IP/country tracking
+- Add /api/v1/blockchain/* endpoints for block listing and chain verification
+- Maintain backward compatibility with legacy deployments table
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	provisioning/orchestrator/app/config.py
+M	provisioning/orchestrator/app/main.py
+A	provisioning/orchestrator/app/middleware/__init__.py
+A	provisioning/orchestrator/app/middleware/ip_validation.py
+M	provisioning/orchestrator/app/models/schemas.py
+A	provisioning/orchestrator/app/services/blockchain.py
+A	provisioning/orchestrator/app/services/ip2location_client.py
+```
+
+### Statistiques
+
+```
+ 7 files changed, 1165 insertions(+), 48 deletions(-)
+```

content/posts/commits/2026-01-25-commit-5a6cf35.md

@@ -0,0 +1,36 @@
+---
+title: "Update rsync job names and fix rsync command path"
+date: 2026-01-25T18:22:20+01:00
+draft: false
+tags: ["commit", "bojemoi"]
+categories: ["Git Activity"]
+summary: "Commit 5a6cf35 par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `5a6cf35`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `5a6cf3594eb5255f296f8c4ee58f071444f3cff3` |
+| **Date** | 2026-01-25 |
+
+### Description
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	koursk-2/config/rsync_jobs.json
+M	koursk-2/scripts/rsync-master.py
+```
+
+### Statistiques
+
+```
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+```

content/posts/commits/2026-01-25-commit-e9af572.md

@@ -0,0 +1,42 @@
+---
+title: "Fix pymetasploit3 installation and cleanup unused resources"
+date: 2026-01-25T21:30:21+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack", "borodino"]
+categories: ["Git Activity"]
+summary: "Commit e9af572 par Betty — 3 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `e9af572`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `e9af5726377d73ba47e5787468e2dfae4685cdac` |
+| **Date** | 2026-01-25 |
+
+### Description
+
+- Fix pymetasploit3 in borodino image by installing msgpack and retry
+  dependencies via pip instead of conflicting Alpine packages
+- Remove unused wireguard service and wireguard_net network
+- Remove unused frontend network from stack configuration
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	borodino/Dockerfile.borodino
+D	stack/00-service-ll.yml
+M	stack/01-service-hl.yml
+```
+
+### Statistiques
+
+```
+ 3 files changed, 61 insertions(+), 105 deletions(-)
+```

content/posts/commits/2026-01-27-commit-032d6b1.md

@@ -0,0 +1,43 @@
+---
+title: "Remove stale Prometheus scrape targets"
+date: 2026-01-27T14:56:27+01:00
+draft: false
+tags: ["commit", "bojemoi", "config"]
+categories: ["Git Activity"]
+summary: "Commit 032d6b1 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `032d6b1`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `032d6b16763013a39a8abf589b40296d1571f5d9` |
+| **Date** | 2026-01-27 |
+
+### Description
+
+Removed non-existent/inactive service targets:
+- gitlab, gitlab-runner (not deployed)
+- zap, metasploit, faraday (security stack not running)
+- redis-exporter, pentest-exporter (samsonov stack not running)
+- nuclei-api (not deployed)
+- traefik static (redundant with swarm discovery)
+- docker-registry (no metrics endpoint)
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	volumes/prometheus/prometheus.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 65 deletions(-)
+```

content/posts/commits/2026-01-27-commit-050806e.md

@@ -0,0 +1,47 @@
+---
+title: "Update Prometheus labels and cleanup obsolete stack files"
+date: 2026-01-27T15:19:23+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack", "config"]
+categories: ["Git Activity"]
+summary: "Commit 050806e par Betty — 9 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `050806e`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `050806e574381d3522096efa030461be10f3011b` |
+| **Date** | 2026-01-27 |
+
+### Description
+
+Add prometheus metrics labels to borodino services and fix the
+prometheus.yml regex pattern for proper service name matching.
+Remove unused underscore-prefixed stack files.
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/40-service-borodino.yml
+D	stack/_00-service-base.yml
+D	stack/_00-service-ll.yml
+D	stack/_01-service-rsync.yml
+D	stack/_10-service-oblast-1.yml
+D	stack/_20-service-kyiv.yml
+D	stack/_50-service-bojemoi-uzi.yml
+D	stack/_50-service-borodino
+M	volumes/prometheus/prometheus.yml
+```
+
+### Statistiques
+
+```
+ 9 files changed, 9 insertions(+), 901 deletions(-)
+```

content/posts/commits/2026-01-27-commit-2f0bdc4.md

@@ -0,0 +1,42 @@
+---
+title: "Fix postfix config lock and Loki out-of-order write issues"
+date: 2026-01-27T14:51:12+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack", "config"]
+categories: ["Git Activity"]
+summary: "Commit 2f0bdc4 par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `2f0bdc4`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `2f0bdc4ae6605ac12de356f41adbc9f7ae046f71` |
+| **Date** | 2026-01-27 |
+
+### Description
+
+- Remove Docker config mount for postfix main.cf (read-only configs
+  conflict with postconf which modifies the file at runtime)
+- Enable unordered_writes in Loki to accept out-of-order log entries
+- Increase Loki max_chunk_age to 24h for better late entry handling
+- Enable WAL in Loki ingester for improved durability
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/01-service-hl.yml
+M	volumes/loki/loki-config.yml
+```
+
+### Statistiques
+
+```
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+```

content/posts/commits/2026-01-27-commit-674245f.md

@@ -0,0 +1,39 @@
+---
+title: "Add backend network to Prometheus for docker-socket-proxy access"
+date: 2026-01-27T14:20:29+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 674245f par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `674245f`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `674245f4a992e116c3577f8291e29c247d27d536` |
+| **Date** | 2026-01-27 |
+
+### Description
+
+Prometheus now uses docker-socket-proxy instead of direct Docker socket
+access for Swarm service discovery. This requires the backend network
+to resolve the docker-socket-proxy hostname.
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/01-service-hl.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 1 insertion(+)
+```

content/posts/commits/2026-01-27-commit-685a098.md

@@ -0,0 +1,38 @@
+---
+title: "Remove private SSH key from tracking and update .gitignore"
+date: 2026-01-27T14:24:24+01:00
+draft: false
+tags: ["commit", "bojemoi", "config"]
+categories: ["Git Activity"]
+summary: "Commit 685a098 par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `685a098`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `685a09864019d63e35c98c6f6ed783fd93e9c619` |
+| **Date** | 2026-01-27 |
+
+### Description
+
+Added patterns to ignore SSH private keys (id_rsa, id_ed25519, etc.)
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	.gitignore
+D	volumes/rsync/ssh-keys/id_rsa
+```
+
+### Statistiques
+
+```
+ 2 files changed, 4 insertions(+), 49 deletions(-)
+```

content/posts/commits/2026-01-27-commit-8c31a66.md

@@ -0,0 +1,42 @@
+---
+title: "Add Faraday plugin and result import scripts, update Prometheus config"
+date: 2026-01-27T19:05:44+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack", "samsonov"]
+categories: ["Git Activity"]
+summary: "Commit 8c31a66 par Betty — 3 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `8c31a66`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `8c31a663fa98be3d36f1aa1254a5c87bde3a6e63` |
+| **Date** | 2026-01-27 |
+
+### Description
+
+- Add plugin_faraday.py for importing scan results to Faraday
+- Add import_results.py for batch importing existing result files
+- Mount Prometheus rules directory in service stack
+- Remove obsolete SQL dump and Burp Suite jar
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	samsonov/pentest_orchestrator/import_results.py
+A	samsonov/pentest_orchestrator/plugins/plugin_faraday.py
+M	stack/01-service-hl.yml
+```
+
+### Statistiques
+
+```
+ 3 files changed, 733 insertions(+)
+```

content/posts/commits/2026-01-27-commit-bc2bfa1.md

@@ -0,0 +1,133 @@
+---
+title: "Track volumes/ config files in git"
+date: 2026-01-27T14:23:49+01:00
+draft: false
+tags: ["commit", "bojemoi", "orchestrator", "config"]
+categories: ["Git Activity"]
+summary: "Commit bc2bfa1 par Betty — 94 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `bc2bfa1`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `bc2bfa19ed035b4401f32e30fc9141fce9d45f1d` |
+| **Date** | 2026-01-27 |
+
+### Description
+
+Add service configuration files from volumes/ directory to version control.
+Updated .gitignore to:
+- Remove volumes/ exclusion (configs should be tracked)
+- Keep ignoring sensitive files (private keys, auth.txt, logs, sockets)
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	.gitignore
+A	volumes/READ.me
+A	volumes/alert_rules.yml
+A	volumes/alertmanager/alertmanager.yml
+A	volumes/alertmanager/alertmanager.yml.txt
+A	volumes/alloy/config/config.alloy
+A	volumes/crowdsec/config/acquis.yaml
+A	volumes/deploy.sh
+A	volumes/dnsmask/dnsmask.conf
+A	volumes/dnsmask/dnsmask.d/01-base.conf
+A	volumes/faraday/config/server.ini
+A	volumes/faraday/server.ini
+A	volumes/generate_configs.sh
+A	volumes/gitlab/cinc-stacktrace.out
+A	volumes/gitlab/config.toml
+A	volumes/gitlab/gitlab.rb
+A	volumes/grafana/dashboards/dashboard-security-minimal.json
+A	volumes/grafana/dashboards/dashboard.yml
+A	volumes/grafana/dashboards/pentest/pentest-overview.json
+A	volumes/grafana/datasources/prometheus.yml
+A	volumes/grafana/grafana.ini
+A	volumes/grafana/provisioning/dashboards/dashboards.yml
+A	volumes/grafana/provisioning/datasources/datasources.yml
+A	volumes/loki/loki-config.yml
+A	volumes/monitoring/alertmanager/templates/default.tmpl
+A	volumes/monitoring/grafana/provisioning/datasources/elasticsearch.yml
+A	volumes/monitoring/logstash/config/logstash.yml
+A	volumes/monitoring/logstash/pipeline/logstash.conf
+A	volumes/nginx/conf.d/default.conf
+A	volumes/nginx/conf.d/sites/faraday.conf
+A	volumes/nginx/conf.d/sites/grafana.conf
+A	volumes/nginx/conf.d/sites/prometheus.conf
+A	volumes/nginx/conf.d/sites/zap.conf
+A	volumes/nginx/conf.d/upstreams/upstreams.conf
+A	volumes/nginx/deploy.sh
+A	volumes/nginx/index.html
+A	volumes/nuclei/nuclei-config.yml
+A	volumes/openvpn/Read.me
+A	volumes/openvpn/openvpn-config/.firewall
+A	volumes/openvpn/openvpn-config/.firewall6
+A	volumes/openvpn/openvpn-config/client.ovpn
+A	volumes/openvpn/openvpn-config/fr.protonvpn.tcp.ovpn
+A	volumes/openvpn/script/setup_tun.sh
+A	volumes/openvpn/script/tun-check.sh
+A	volumes/openvpn/script/vpn-manager.sh
+A	volumes/postfix/main.cf
+A	volumes/prometheus/nodes.json
+A	volumes/prometheus/prometheus.yml
+A	volumes/prometheus/rules/alert_rules.yml
+A	volumes/prometheus/rules/alerts.yml
+A	volumes/prometheus/rules/recording_rules.yml
+A	volumes/provisioning/A.env
+A	volumes/registry/config.yml
+A	volumes/rsync/configs/rsyncd.conf
+A	volumes/rsync/keys/deploy-keys-to-docker.sh
+A	volumes/rsync/keys/distribute-public-keys.sh
+A	volumes/rsync/keys/generate-ssh-keys.sh
+A	volumes/rsync/keys/genkey.sh
+A	volumes/rsync/keys/rotate-ssh-keys.sh
+A	volumes/rsync/keys/test-ssh-keys.sh
+A	volumes/rsync/ssh-keys/id_rsa
+A	volumes/rsync/ssh-keys/id_rsa.pub
+A	volumes/suricata/classification.config
+A	volumes/suricata/reference.config
+A	volumes/suricata/suricata.yaml
+A	volumes/suricata/threshold.config
+A	volumes/suricata/update.yaml
+A	volumes/tempo/config/tempo.yaml
+A	volumes/traefik/certs/ca-cert.srl
+A	volumes/traefik/dynamic-config.yml
+A	volumes/traefik/key_gen.sh
+A	volumes/traefik/traefik-tls.yml
+A	volumes/wireguard/config/.donoteditthisfile
+A	volumes/wireguard/config/coredns/Corefile
+A	volumes/wireguard/config/peer1/peer1.conf
+A	volumes/wireguard/config/peer1/peer1.png
+A	volumes/wireguard/config/peer1/publickey-peer1
+A	volumes/wireguard/config/peer2/peer2.conf
+A	volumes/wireguard/config/peer2/peer2.png
+A	volumes/wireguard/config/peer2/publickey-peer2
+A	volumes/wireguard/config/peer3/peer3.conf
+A	volumes/wireguard/config/peer3/peer3.png
+A	volumes/wireguard/config/peer3/publickey-peer3
+A	volumes/wireguard/config/peer4/peer4.conf
+A	volumes/wireguard/config/peer4/peer4.png
+A	volumes/wireguard/config/peer4/publickey-peer4
+A	volumes/wireguard/config/peer5/peer5.conf
+A	volumes/wireguard/config/peer5/peer5.png
+A	volumes/wireguard/config/peer5/publickey-peer5
+A	volumes/wireguard/config/server/publickey-server
+A	volumes/wireguard/config/show-client.sh
+A	volumes/wireguard/config/templates/peer.conf
+A	volumes/wireguard/config/templates/server.conf
+A	volumes/wireguard/config/wg_confs/wg0.conf
+```
+
+### Statistiques
+
+```
+ 94 files changed, 14653 insertions(+), 1 deletion(-)
+```

content/posts/commits/2026-01-27-commit-f89ff93.md

@@ -0,0 +1,38 @@
+---
+title: "Update Alloy config to use docker-socket-proxy"
+date: 2026-01-27T14:28:11+01:00
+draft: false
+tags: ["commit", "bojemoi", "config"]
+categories: ["Git Activity"]
+summary: "Commit f89ff93 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `f89ff93`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `f89ff93287a7a92183b1a0812ee2c2ad6ed51965` |
+| **Date** | 2026-01-27 |
+
+### Description
+
+Changed discovery.docker and loki.source.docker components to use
+http://docker-socket-proxy:2375 instead of unix socket for Docker API access.
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	volumes/alloy/config/config.alloy
+```
+
+### Statistiques
+
+```
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+```

content/posts/commits/2026-01-28-commit-8b30908.md

@@ -0,0 +1,31 @@
+---
+title: "Add Redis commands documentation"
+date: 2026-01-28T22:27:33+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature"]
+categories: ["Git Activity"]
+summary: "Commit 8b30908 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `8b30908`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `8b309080e898c329686e8c397739882ffdbf45a7` |
+| **Date** | 2026-01-28 |
+
+### Fichiers modifiés
+
+```
+A	wiki/Pentest-Orchestrator.md
+```
+
+### Statistiques
+
+```
+ 1 file changed, 278 insertions(+)
+```

content/posts/commits/2026-01-29-commit-819f3d0.md

@@ -0,0 +1,45 @@
+---
+title: "Add cloud-init templates for Alpine Docker Swarm nodes"
+date: 2026-01-29T16:43:10+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature"]
+categories: ["Git Activity"]
+summary: "Commit 819f3d0 par Betty — 6 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `819f3d0`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `819f3d070e9ca63b1c0e2298fd32b9f5ed49cf67` |
+| **Date** | 2026-01-29 |
+
+### Description
+
+- user-data: Full cloud-init config with packages, users, services
+- network-config: DHCP and static IP variants
+- meta-data: Instance metadata template
+- Jinja2 templates for orchestrator integration
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	cloud-init/meta-data
+A	cloud-init/network-config
+A	cloud-init/network-config-static
+A	cloud-init/templates/alpine-docker-swarm.yaml.j2
+A	cloud-init/templates/network-config.yaml.j2
+A	cloud-init/user-data
+```
+
+### Statistiques
+
+```
+ 6 files changed, 566 insertions(+)
+```

content/posts/commits/2026-01-29-commit-ee2d9c7.md

@@ -0,0 +1,58 @@
+---
+title: "Security: Remove hardcoded credentials and add input validation"
+date: 2026-01-29T16:58:21+01:00
+draft: false
+tags: ["commit", "bojemoi", "samsonov", "orchestrator"]
+categories: ["Git Activity"]
+summary: "Commit ee2d9c7 par Betty — 6 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `ee2d9c7`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `ee2d9c7ff59ea9dbde783630d20eeac2027c567b` |
+| **Date** | 2026-01-29 |
+
+### Description
+
+BREAKING CHANGE: All secrets now require environment variables
+
+- config.py: Remove hardcoded POSTGRES_PASSWORD, GITEA_TOKEN, XENSERVER_PASS
+  - Add field validators to reject placeholder values
+  - CORS_ORIGINS now configurable (defaults to specific domains, not "*")
+- main.py: Fix CORS to use configured origins instead of wildcard
+  - Replace bare except: handlers with proper exception logging
+- schemas.py: Add input validation patterns
+  - VM/container names: alphanumeric, hyphens, underscores only
+  - Docker images: validate format (registry/image:tag)
+  - Port mappings: validate format and range (1-65535)
+  - Add max length constraints to prevent abuse
+- plugin_zap.py, plugin_burp.py: Load API keys from environment
+  - ZAP_API_KEY and BURP_API_KEY env vars required
+- .env.example: Document all required environment variables
+
+ACTION REQUIRED: Rotate exposed credentials in git history
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	provisioning/orchestrator/.env.example
+M	provisioning/orchestrator/app/config.py
+M	provisioning/orchestrator/app/main.py
+M	provisioning/orchestrator/app/models/schemas.py
+M	samsonov/pentest_orchestrator/plugins/plugin_burp.py
+M	samsonov/pentest_orchestrator/plugins/plugin_zap.py
+```
+
+### Statistiques
+
+```
+ 6 files changed, 353 insertions(+), 144 deletions(-)
+```

content/posts/commits/2026-01-30-commit-1a2b327.md

@@ -0,0 +1,44 @@
+---
+title: "Refactor: Move boot services to separate bojemoi_boot project"
+date: 2026-01-30T20:11:34+01:00
+draft: false
+tags: ["commit", "bojemoi", "refactor", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 1a2b327 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `1a2b327`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `1a2b327de0fc1509e8142f53ad8a9e452406e9e1` |
+| **Date** | 2026-01-30 |
+
+### Description
+
+- Remove docker-socket-proxy, registry, dnsmasq, traefik, crowdsec,
+  traefik-bouncer services (moved to /opt/bojemoi_boot)
+- Remove related volumes: registry_data, traefik-certificates,
+  traefik-logs, traefik-certs, crowdsec_data
+- Remove related configs: traefik_tls_config, dnsmask_config,
+  traefik_config, crowdsec_config, registry_config
+
+Boot services are now managed by /opt/bojemoi_boot/stack/01-boot-service.yml
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/01-service-hl.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 21 insertions(+), 337 deletions(-)
+```

content/posts/commits/2026-01-30-commit-3e35089.md

@@ -0,0 +1,39 @@
+---
+title: "Update stack images to use local registry and enhance push script"
+date: 2026-01-30T20:34:54+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 3e35089 par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `3e35089`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `3e3508944cdd5bb334ac84f04675a647e1e1a8a7` |
+| **Date** | 2026-01-30 |
+
+### Description
+
+- tempo, postfix-exporter, protonmail-bridge now use localhost:5000
+- Add image list and --all/--list options to push_registry_onebyone.sh
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	scripts/push_registry_onebyone.sh
+M	stack/01-service-hl.yml
+```
+
+### Statistiques
+
+```
+ 2 files changed, 72 insertions(+), 3 deletions(-)
+```

content/posts/commits/2026-02-03-commit-4427a20.md

@@ -0,0 +1,86 @@
+---
+title: "Add auth, metrics, Alembic migrations, and enhance pentest plugins"
+date: 2026-02-03T21:16:51+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack", "samsonov", "orchestrator", "config"]
+categories: ["Git Activity"]
+summary: "Commit 4427a20 par Betty — 43 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `4427a20`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `4427a20df144f87217c7681523441fdcd086d3ac` |
+| **Date** | 2026-02-03 |
+
+### Description
+
+- Add JWT authentication module with API key support
+- Add Prometheus metrics and middleware for request tracking
+- Add Alembic database migrations setup
+- Enhance blockchain service with stats endpoint
+- Add base plugin class and improve pentest orchestrator plugins
+- Add ML threat intel stack service
+- Update alertmanager and wiki documentation
+- Fix rsync-master to use docker.from_env()
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	.claude/commands/alerts.md
+A	.claude/commands/faraday.md
+A	.claude/commands/monitor.md
+A	.claude/commands/pentest.md
+A	.claude/commands/swarm.md
+M	CLAUDE.md
+M	koursk-2/scripts/rsync-master.py
+A	provisioning/orchestrator/alembic.ini
+A	provisioning/orchestrator/alembic/README.md
+A	provisioning/orchestrator/alembic/env.py
+A	provisioning/orchestrator/alembic/script.py.mako
+A	provisioning/orchestrator/alembic/versions/20260129_0001_001_initial_schema.py
+A	provisioning/orchestrator/app/auth/dependencies.py
+A	provisioning/orchestrator/app/auth/models.py
+A	provisioning/orchestrator/app/auth/router.py
+A	provisioning/orchestrator/app/auth/security.py
+M	provisioning/orchestrator/app/main.py
+A	provisioning/orchestrator/app/metrics.py
+A	provisioning/orchestrator/app/middleware/metrics.py
+M	provisioning/orchestrator/app/models/schemas.py
+M	provisioning/orchestrator/app/services/blockchain.py
+M	provisioning/orchestrator/app/services/gitea_client.py
+M	provisioning/orchestrator/app/services/xenserver_client_real.py
+A	provisioning/orchestrator/scripts/migrate.sh
+M	provisioning/requirements.txt
+M	samsonov/nuclei_api/main.py
+M	samsonov/pentest_orchestrator/main.py
+A	samsonov/pentest_orchestrator/plugins/__init__.py
+A	samsonov/pentest_orchestrator/plugins/base.py
+M	samsonov/pentest_orchestrator/plugins/plugin_masscan.py
+M	samsonov/pentest_orchestrator/plugins/plugin_vulnx.py
+M	scripts/startover.sh
+D	scripts/sync-stack-ilagrd.sh
+M	stack/01-service-hl.yml
+M	stack/40-service-borodino.yml
+A	stack/45-service-ml-threat-intel.yml
+M	volumes/alertmanager/alertmanager.yml
+A	wiki/Alertes.md
+A	wiki/Claude-Skills.md
+A	wiki/Docker-Swarm.md
+A	wiki/Faraday.md
+A	wiki/Home.md
+A	wiki/Monitoring.md
+```
+
+### Statistiques
+
+```
+ 43 files changed, 6728 insertions(+), 623 deletions(-)
+```

content/posts/commits/2026-02-04-commit-068a03f.md

@@ -0,0 +1,50 @@
+---
+title: "Remove unnecessary port exports and add Traefik routing"
+date: 2026-02-04T21:20:56+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 068a03f par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `068a03f`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `068a03f9753410116aa99e9e96d3c16b4d742cb8` |
+| **Date** | 2026-02-04 |
+
+### Description
+
+- Remove exposed ports for services accessible via Traefik proxy:
+  - grafana, prometheus, alertmanager, cadvisor, orchestrator, tempo API
+  - loki, alloy, suricata-exporter (internal services)
+  - rsync-master, zaproxy, karacho-blockchain, faraday
+
+- Add Traefik configuration for pentest services:
+  - zaproxy → zap.bojemoi.lab
+  - karacho-blockchain → karacho.bojemoi.lab
+  - nuclei-api → nuclei.bojemoi.lab
+
+- Keep essential ports: postgres (5432), postfix (25),
+  protonmail-bridge (1025/1143), tempo OTLP (4317/4318/9411),
+  node-exporter (9100 host mode)
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/01-service-hl.yml
+M	stack/40-service-borodino.yml
+```
+
+### Statistiques
+
+```
+ 2 files changed, 164 insertions(+), 45 deletions(-)
+```

content/posts/commits/2026-02-04-commit-592ac8e.md

@@ -0,0 +1,43 @@
+---
+title: "Add Alertmanager silence during stack deployments"
+date: 2026-02-04T21:29:18+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature"]
+categories: ["Git Activity"]
+summary: "Commit 592ac8e par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `592ac8e`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `592ac8e95f11e01e783a8ff3afd0519ebd04c318` |
+| **Date** | 2026-02-04 |
+
+### Description
+
+- startover.sh: Create 30-minute silence before full deployment,
+  add colored logging, error handling for each stack
+- swarm.md skill: Add instructions to create 15-minute silence
+  before any stack deployment to prevent alert spam
+
+Silences automatically expire after the configured duration.
+
+Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	.claude/commands/swarm.md
+M	scripts/startover.sh
+```
+
+### Statistiques
+
+```
+ 2 files changed, 121 insertions(+), 10 deletions(-)
+```

content/posts/commits/2026-02-06-commit-0004051.md

@@ -0,0 +1,38 @@
+---
+title: "Update .gitignore to exclude secrets, certs, logs, and scan results"
+date: 2026-02-06T19:08:43+01:00
+draft: false
+tags: ["commit", "bojemoi"]
+categories: ["Git Activity"]
+summary: "Commit 0004051 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `0004051`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `00040517095673e9d896d744edce6c583ea602dc` |
+| **Date** | 2026-02-06 |
+
+### Description
+
+Ignore private keys, .env files, SSL certificates, Wireguard keys,
+Suricata logs, pentest scan results, and archives.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	.gitignore
+```
+
+### Statistiques
+
+```
+ 1 file changed, 27 insertions(+)
+```

content/posts/commits/2026-02-06-commit-35d70b7.md

@@ -0,0 +1,39 @@
+---
+title: "Add comprehensive BUILD_PROMPT.md for full project reconstruction"
+date: 2026-02-06T19:06:19+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature"]
+categories: ["Git Activity"]
+summary: "Commit 35d70b7 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `35d70b7`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `35d70b742c1b2a5786c7ac20c241db93b7a86231` |
+| **Date** | 2026-02-06 |
+
+### Description
+
+Complete 22-section blueprint covering all components: stacks, orchestrator,
+pentest plugins, rsync backup, NFS, blockchain, cloud-init, CI/CD, ML threat
+intel, monitoring configs, scripts, and deployment workflows.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	BUILD_PROMPT.md
+```
+
+### Statistiques
+
+```
+ 1 file changed, 1129 insertions(+)
+```

content/posts/commits/2026-02-06-commit-41c2cf2.md

@@ -0,0 +1,44 @@
+---
+title: "Add .gitignore and remove tracked __pycache__ files"
+date: 2026-02-06T19:08:00+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "samsonov"]
+categories: ["Git Activity"]
+summary: "Commit 41c2cf2 par Betty — 10 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `41c2cf2`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `41c2cf265825f33851f272b88e37a7769824675a` |
+| **Date** | 2026-02-06 |
+
+### Description
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	.gitignore
+D	samsonov/pentest_orchestrator/__pycache__/main.cpython-312.pyc
+D	samsonov/pentest_orchestrator/plugins/__pycache__/plugin_burp.cpython-311.pyc
+D	samsonov/pentest_orchestrator/plugins/__pycache__/plugin_burp.cpython-312.pyc
+D	samsonov/pentest_orchestrator/plugins/__pycache__/plugin_masscan.cpython-311.pyc
+D	samsonov/pentest_orchestrator/plugins/__pycache__/plugin_masscan.cpython-312.pyc
+D	samsonov/pentest_orchestrator/plugins/__pycache__/plugin_metasploit.cpython-311.pyc
+D	samsonov/pentest_orchestrator/plugins/__pycache__/plugin_metasploit.cpython-312.pyc
+D	samsonov/pentest_orchestrator/plugins/__pycache__/plugin_zap.cpython-311.pyc
+D	samsonov/pentest_orchestrator/plugins/__pycache__/plugin_zap.cpython-312.pyc
+```
+
+### Statistiques
+
+```
+ 10 files changed, 2 insertions(+), 41 deletions(-)
+```

content/posts/commits/2026-02-06-commit-b4b6164.md

@@ -0,0 +1,38 @@
+---
+title: "Add Hugo blog CI/CD workflow template for Gitea Actions"
+date: 2026-02-06T20:06:01+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature"]
+categories: ["Git Activity"]
+summary: "Commit b4b6164 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `b4b6164`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `b4b616470d973ad2ce7e563567bf7ad7c4109f68` |
+| **Date** | 2026-02-06 |
+
+### Description
+
+Configures Alpine-based Hugo build with direct deployment
+to /var/www/blog.bojemoi.me via volume mount on act_runner.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	templates/hugo-workflow/.gitea/workflows/hugo-deploy.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 28 insertions(+)
+```

content/posts/commits/2026-02-06-commit-c2a866a.md

@@ -0,0 +1,49 @@
+---
+title: "Update rsync replication, externalize secrets, and simplify ML threat intel stack"
+date: 2026-02-06T14:07:28+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack", "samsonov", "config"]
+categories: ["Git Activity"]
+summary: "Commit c2a866a par Betty — 9 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `c2a866a`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `c2a866aa7053797be8fe49f60ab9091a78738200` |
+| **Date** | 2026-02-06 |
+
+### Description
+
+Add rsync modules for boot, telegram, and ml-threat services with network
+restrictions. Fix rsync-master to use source variable instead of hardcoded path.
+Externalize Docker secrets in hl stack, use local registry images for borodino,
+and consolidate ml-threat-intel to use shared postgres. Increase alertmanager
+group intervals to reduce notification noise.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	koursk-2/config/rsync_jobs.json
+M	koursk-2/config/rsyncd.conf
+M	koursk-2/scripts/rsync-master.py
+A	samsonov/pentest_orchestrator/Dockerfile
+M	stack/01-service-hl.yml
+M	stack/40-service-borodino.yml
+M	stack/45-service-ml-threat-intel.yml
+M	volumes/alertmanager/alertmanager.yml
+M	volumes/rsync/configs/rsyncd.conf
+```
+
+### Statistiques
+
+```
+ 9 files changed, 125 insertions(+), 64 deletions(-)
+```

content/posts/commits/2026-02-07-commit-129aa45.md

@@ -0,0 +1,39 @@
+---
+title: "Add comprehensive BUILD_PROMPT.md for full project recreation"
+date: 2026-02-07T20:56:31+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature"]
+categories: ["Git Activity"]
+summary: "Commit 129aa45 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `129aa45`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `129aa453955e1c98ea15c5650605e79a304ecb76` |
+| **Date** | 2026-02-07 |
+
+### Description
+
+Documents the entire Bojemoi Lab architecture across 19 sections:
+infrastructure, orchestrators, scanning services, monitoring,
+security layers, CI/CD, and step-by-step reconstruction guide.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	BUILD_PROMPT.md
+```
+
+### Statistiques
+
+```
+ 1 file changed, 695 insertions(+), 915 deletions(-)
+```

content/posts/commits/2026-02-07-commit-1ef1051.md

@@ -0,0 +1,40 @@
+---
+title: "Fix slow queries, connection leaks, and Dockerfile in zap-scanner"
+date: 2026-02-07T22:05:53+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix"]
+categories: ["Git Activity"]
+summary: "Commit 1ef1051 par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `1ef1051`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `1ef1051421db788da1cb5de069f621a7e48c46c7` |
+| **Date** | 2026-02-07 |
+
+### Description
+
+Replace ORDER BY random() with TABLESAMPLE SYSTEM() for host selection,
+use cursor context managers to prevent leaks, add auto-reconnect for
+stale connections, and fix missing && in Dockerfile.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	oblast-1/Dockerfile.oblast-1
+M	oblast-1/zap_scanner.py
+```
+
+### Statistiques
+
+```
+ 2 files changed, 47 insertions(+), 36 deletions(-)
+```

content/posts/commits/2026-02-07-commit-3c5ad95.md

@@ -0,0 +1,42 @@
+---
+title: "Fix borodino SQL queries: replace ORDER BY RANDOM() with TABLESAMPLE SYSTEM()"
+date: 2026-02-07T00:55:23+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "borodino"]
+categories: ["Git Activity"]
+summary: "Commit 3c5ad95 par Betty — 3 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `3c5ad95`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `3c5ad95aae949058e25c9b7ee4bb20ccf2620995` |
+| **Date** | 2026-02-07 |
+
+### Description
+
+ORDER BY RANDOM() on hosts table (6.15M rows) caused full sequential scans
+taking ~7.5s each, driving PostgreSQL to 459% CPU. TABLESAMPLE SYSTEM()
+samples random blocks at I/O level, reducing query time to milliseconds.
+Also fixes SQL injection in thearm_uzi via parameterized query.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	borodino/thearm_ak47
+M	borodino/thearm_bm12
+M	borodino/thearm_uzi
+```
+
+### Statistiques
+
+```
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+```

content/posts/commits/2026-02-07-commit-ecbf8c9.md

@@ -0,0 +1,38 @@
+---
+title: "Fix slow queries and connection leaks in bm12 scanner"
+date: 2026-02-07T21:55:45+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "borodino"]
+categories: ["Git Activity"]
+summary: "Commit ecbf8c9 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `ecbf8c9`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `ecbf8c989b95587f9fd3ea691a263ab6ea972388` |
+| **Date** | 2026-02-07 |
+
+### Description
+
+Replace ORDER BY RANDOM() with TABLESAMPLE SYSTEM() for host selection
+and explicitly close DB connections to prevent idle-in-transaction buildup.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	borodino/thearm_bm12
+```
+
+### Statistiques
+
+```
+ 1 file changed, 20 insertions(+), 8 deletions(-)
+```

content/posts/commits/2026-02-08-commit-332af04.md

@@ -0,0 +1,45 @@
+---
+title: "Move rsync configs to Docker configs and add new stack files"
+date: 2026-02-08T23:26:19+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack", "config"]
+categories: ["Git Activity"]
+summary: "Commit 332af04 par Betty — 6 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `332af04`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `332af046457f97946bde089df38ce6ca19441b8b` |
+| **Date** | 2026-02-08 |
+
+### Description
+
+- Remove COPY config/ from koursk-2 Dockerfile, use Docker configs instead
+- Add rsync_rsyncd and rsync_jobs configs to hl stack for master and slave
+- Add samsonov and telegram service stack files
+- Update BUILD_PROMPT.md
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	BUILD_PROMPT.md
+M	koursk-2/Dockerfile.koursk-2
+M	stack/01-service-hl.yml
+A	stack/60-service-samsonov.yml
+A	stack/60-service-telegram.yml
+A	volumes/rsync/configs/rsync_jobs.json
+```
+
+### Statistiques
+
+```
+ 6 files changed, 527 insertions(+), 796 deletions(-)
+```

content/posts/commits/2026-02-08-commit-a1084a4.md

@@ -0,0 +1,39 @@
+---
+title: "Fix rsync-master syncing to only one slave instead of all"
+date: 2026-02-08T23:24:16+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix"]
+categories: ["Git Activity"]
+summary: "Commit a1084a4 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `a1084a4`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `a1084a4c78586b08923f3aa327fa8a4fa8b339c1` |
+| **Date** | 2026-02-08 |
+
+### Description
+
+Move schedule.clear() out of setup_schedules() loop so schedules for
+all slave nodes are preserved. Also fix hardcoded source path in rsync
+command to use job config source.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	koursk-2/scripts/rsync-master.py
+```
+
+### Statistiques
+
+```
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+```

content/posts/commits/2026-02-09-commit-2ff1a97.md

@@ -0,0 +1,38 @@
+---
+title: "Update .gitignore: block large files that bloated git history"
+date: 2026-02-09T21:10:27+01:00
+draft: false
+tags: ["commit", "bojemoi"]
+categories: ["Git Activity"]
+summary: "Commit 2ff1a97 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `2ff1a97`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `2ff1a97f321c574644047e550dcaa786c2ceb184` |
+| **Date** | 2026-02-09 |
+
+### Description
+
+Prevent dump/, kyiv/, venv/, *.jar, *.sql.gz, and suricata rules
+from being committed again after history cleanup.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	.gitignore
+```
+
+### Statistiques
+
+```
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+```

content/posts/commits/2026-02-10-commit-1e269fe.md

@@ -0,0 +1,35 @@
+---
+title: "Add anthropic_api_key secret to ml-threat-intel stack"
+date: 2026-02-10T14:55:36+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 1e269fe par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `1e269fe`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `1e269fe964ea3adb8e8870bde54208db00a53fef` |
+| **Date** | 2026-02-10 |
+
+### Description
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/45-service-ml-threat-intel.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 4 insertions(+)
+```

content/posts/commits/2026-02-10-commit-72ed6b2.md

@@ -0,0 +1,42 @@
+---
+title: "Move honeypot SSH to port 22, add SSH configs and OSINT agent"
+date: 2026-02-10T22:08:30+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 72ed6b2 par Betty — 4 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `72ed6b2`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `72ed6b2fb81fa5ec7b5a62b8817b9bbb97c6b1aa` |
+| **Date** | 2026-02-10 |
+
+### Description
+
+Publish Medved honeypot SSH on port 22 (real SSH moved to 4422) to
+better capture attacker traffic. Add hardened sshd_config and banner
+for the real SSH service. Include OSINT gatherer agent definition.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	.claude/agents/osint-gatherer.md
+A	configs/ssh_banner
+A	configs/sshd_config_hardened
+M	stack/65-service-medved.yml
+```
+
+### Statistiques
+
+```
+ 4 files changed, 225 insertions(+), 1 deletion(-)
+```

content/posts/commits/2026-02-10-commit-abbecb5.md

@@ -0,0 +1,35 @@
+---
+title: "Pin ml-threat-intel to meta-70 (meta-68 has no outbound internet)"
+date: 2026-02-10T15:28:22+01:00
+draft: false
+tags: ["commit", "bojemoi", "stack"]
+categories: ["Git Activity"]
+summary: "Commit abbecb5 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `abbecb5`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `abbecb5d2f9fbee422f0c5473d6458736eced829` |
+| **Date** | 2026-02-10 |
+
+### Description
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/45-service-ml-threat-intel.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 3 insertions(+)
+```

content/posts/commits/2026-02-10-commit-cc52236.md

@@ -0,0 +1,55 @@
+---
+title: "Add Medved multi-protocol honeypot service"
+date: 2026-02-10T20:38:29+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack"]
+categories: ["Git Activity"]
+summary: "Commit cc52236 par Betty — 16 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `cc52236`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `cc522362c0f50e3edbc795a943c6dc2e930c77ca` |
+| **Date** | 2026-02-10 |
+
+### Description
+
+Deploy SSH, HTTP, RDP, SMB, FTP, and Telnet honeypots as a global
+swarm service on worker nodes. Logs all connection attempts and
+credentials to PostgreSQL (honeypot_events table) and reports
+findings to Faraday every 60s with severity mapping.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	medved/Dockerfile.medved
+A	medved/honeypot/__init__.py
+A	medved/honeypot/config.py
+A	medved/honeypot/db.py
+A	medved/honeypot/faraday_reporter.py
+A	medved/honeypot/main.py
+A	medved/honeypot/metrics.py
+A	medved/honeypot/protocols/__init__.py
+A	medved/honeypot/protocols/ftp_handler.py
+A	medved/honeypot/protocols/http_handler.py
+A	medved/honeypot/protocols/rdp_handler.py
+A	medved/honeypot/protocols/smb_handler.py
+A	medved/honeypot/protocols/ssh_handler.py
+A	medved/honeypot/protocols/telnet_handler.py
+A	medved/requirements.txt
+A	stack/65-service-medved.yml
+```
+
+### Statistiques
+
+```
+ 16 files changed, 1277 insertions(+)
+```

content/posts/commits/2026-02-11-commit-01d3c01.md

@@ -0,0 +1,45 @@
+---
+title: "Fix 61 Prometheus targets DOWN: cAdvisor, Traefik, Grafana scrape configs"
+date: 2026-02-11T19:04:12+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack", "config"]
+categories: ["Git Activity"]
+summary: "Commit 01d3c01 par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `01d3c01`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `01d3c01d62109ce656978ce2c47c6c8fbc2b138b` |
+| **Date** | 2026-02-11 |
+
+### Description
+
+- Replace broken docker-containers job (54 DOWN) with cadvisor DNS SD
+  targeting tasks.base_cadvisor:8080 instead of non-existent node:8088
+- Fix Grafana prometheus.port label: remove quotes around "3000" that
+  broke relabel regex matching (3 DOWN)
+- Fix suricata job: switch from static config to DNS SD for proper
+  multi-instance discovery
+- Clean up docker-swarm-services relabel: remove redundant drop rule
+  after keep, normalize whitespace
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/01-service-hl.yml
+M	volumes/prometheus/prometheus.yml
+```
+
+### Statistiques
+
+```
+ 2 files changed, 40 insertions(+), 64 deletions(-)
+```

content/posts/commits/2026-02-11-commit-160d83e.md

@@ -0,0 +1,40 @@
+---
+title: "Add retry loops to bm12 scanner for PostgreSQL and host availability"
+date: 2026-02-11T19:04:52+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "borodino"]
+categories: ["Git Activity"]
+summary: "Commit 160d83e par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `160d83e`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `160d83ee875764eed0fbabf37582fe141b2497ab` |
+| **Date** | 2026-02-11 |
+
+### Description
+
+- Wait indefinitely for PostgreSQL DNS resolution and readiness
+  instead of exiting immediately on failure
+- Continue scanning loop when no host is available instead of breaking
+- Prevents container restarts when PostgreSQL is temporarily unavailable
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	borodino/thearm_bm12
+```
+
+### Statistiques
+
+```
+ 1 file changed, 19 insertions(+), 10 deletions(-)
+```

content/posts/commits/2026-02-11-commit-2c863e8.md

@@ -0,0 +1,42 @@
+---
+title: "Fix medved SSH handler and move honeypot to manager node"
+date: 2026-02-11T13:23:00+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 2c863e8 par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `2c863e8`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `2c863e872992510d0cb2f73d6597fc7361d2c1dc` |
+| **Date** | 2026-02-11 |
+
+### Description
+
+- Fix ssh_handler.py: generate host key with asyncssh.generate_private_key()
+  instead of shelling out to ssh-keygen (fixes FileNotFoundError and
+  asyncssh serialization TypeError)
+- Move medved from workers to manager node (replicated 1 on manager)
+  to resolve overlay network connectivity to PostgreSQL
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	medved/honeypot/protocols/ssh_handler.py
+M	stack/65-service-medved.yml
+```
+
+### Statistiques
+
+```
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+```

content/posts/commits/2026-02-11-commit-2de7b82.md

@@ -0,0 +1,39 @@
+---
+title: "Fix suricata-exporter: share command socket via bind mount"
+date: 2026-02-11T19:16:31+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 2de7b82 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `2de7b82`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `2de7b826a243ad1b2ebf20a97038f5c0bc45568a` |
+| **Date** | 2026-02-11 |
+
+### Description
+
+Add /opt/bojemoi/volumes/suricata/run bind mount to both suricata and
+suricata-exporter services so the Unix command socket is accessible
+across containers. Fixes 9 SuricataDown/PrometheusTargetDown alerts.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/01-service-hl.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 2 insertions(+)
+```

content/posts/commits/2026-02-11-commit-30fe258.md

@@ -0,0 +1,45 @@
+---
+title: "Fix Faraday service: local registry image, Redis connectivity, and reporter config"
+date: 2026-02-11T14:39:07+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack", "samsonov", "config"]
+categories: ["Git Activity"]
+summary: "Commit 30fe258 par Betty — 4 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `30fe258`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `30fe25816284cf1e4b7a5992157253b835d7d91a` |
+| **Date** | 2026-02-11 |
+
+### Description
+
+- Use localhost:5000/faraday:latest instead of faradaysec/faraday:latest (workers have no internet)
+- Fix Celery Redis URLs in server.ini (redis -> redis://redis:6379/0)
+- Fix REDIS_SERVER env var (redis.bojemoi.lab -> redis service name)
+- Fix reporter config: use Traefik URL, set default workspace to honeypot
+- Fix config.json: remove invalid JSON comments
+- Fix plugin_faraday.py: handle paginated workspace response, add verify=False for self-signed certs
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	samsonov/pentest_orchestrator/config/config.json
+M	samsonov/pentest_orchestrator/plugins/plugin_faraday.py
+M	stack/40-service-borodino.yml
+M	volumes/faraday/config/server.ini
+```
+
+### Statistiques
+
+```
+ 4 files changed, 13 insertions(+), 14 deletions(-)
+```

content/posts/commits/2026-02-13-commit-446afb1.md

@@ -0,0 +1,52 @@
+---
+title: "Add Razvedka: Telegram CTI service for DDoS prediction"
+date: 2026-02-13T00:00:21+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 446afb1 par Betty — 12 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `446afb1`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `446afb143c6b531712c0073c465513d1a2e78cf0` |
+| **Date** | 2026-02-13 |
+
+### Description
+
+Monitors 7 hacktivist channels (CyberArmyofRussia, Killnet, XakNet,
+SolntsepekZ, etc.) via Telethon, extracts entities with spaCy + lingua
+language detection, scores intention and France-relevance, stores in
+PostgreSQL buzz_log, and alerts via Telegram/Alertmanager on cluster
+detection.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	razvedka/Dockerfile.razvedka
+A	razvedka/razvedka/__init__.py
+A	razvedka/razvedka/alerter.py
+A	razvedka/razvedka/config.py
+A	razvedka/razvedka/db.py
+A	razvedka/razvedka/extractor.py
+A	razvedka/razvedka/keywords.py
+A	razvedka/razvedka/main.py
+A	razvedka/razvedka/metrics.py
+A	razvedka/razvedka/scorer.py
+A	razvedka/requirements.txt
+A	stack/45-service-razvedka.yml
+```
+
+### Statistiques
+
+```
+ 12 files changed, 1033 insertions(+)
+```

content/posts/commits/2026-02-13-commit-7d2e3df.md

@@ -0,0 +1,53 @@
+---
+title: "Add X/Twitter as second CTI source to Razvedka"
+date: 2026-02-13T14:59:02+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 7d2e3df par Betty — 7 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `7d2e3df`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `7d2e3df0ec701750fc49b6cc61b62c64bc65b0df` |
+| **Date** | 2026-02-13 |
+
+### Description
+
+Razvedka now polls X/Twitter API v2 in parallel with Telegram monitoring.
+Both sources feed the same buzz_log table and extraction pipeline. Telegram
+is now optional (warning instead of exit) so Razvedka can run with either
+or both sources.
+
+- New twitter.py: async poll loop using tweepy, since_id tracking, rate limit handling
+- config.py: twitter_bearer_token, twitter_accounts, twitter_search_queries, twitter_poll_interval
+- db.py: source column with migration for existing deployments
+- main.py: Telegram extracted to helper, Twitter task launched in parallel
+- metrics.py: descriptions updated from "Telegram" to "CTI sources"
+- Stack: twitter_bearer_token secret + env vars for accounts/queries/interval
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	razvedka/razvedka/config.py
+M	razvedka/razvedka/db.py
+M	razvedka/razvedka/main.py
+M	razvedka/razvedka/metrics.py
+A	razvedka/razvedka/twitter.py
+M	razvedka/requirements.txt
+A	stack/46-service-razvedka.yml
+```
+
+### Statistiques
+
+```
+ 7 files changed, 332 insertions(+), 33 deletions(-)
+```

content/posts/commits/2026-02-13-commit-e9882bf.md

@@ -0,0 +1,46 @@
+---
+title: "Fix Razvedka Telegram session: graceful auth fallback, run on manager"
+date: 2026-02-13T18:40:50+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack"]
+categories: ["Git Activity"]
+summary: "Commit e9882bf par Betty — 2 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `e9882bf`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `e9882bfecdcd0703d43c7fad1e6a98df660b313c` |
+| **Date** | 2026-02-13 |
+
+### Description
+
+The service crashed in a loop because the Telethon session expired and
+prompted for an interactive auth code, which fails in Docker Swarm.
+
+- main.py: in non-interactive mode, only use existing session; if expired,
+  log error and fall back to Twitter-only instead of crashing. Support
+  TELEGRAM_INTERACTIVE=1 for explicit re-auth and TELEGRAM_CODE for
+  one-shot auth.
+- stack: move placement to manager node (session volume is node-local),
+  comment out twitter_bearer_token secret until created.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	razvedka/razvedka/main.py
+M	stack/46-service-razvedka.yml
+```
+
+### Statistiques
+
+```
+ 2 files changed, 27 insertions(+), 11 deletions(-)
+```

content/posts/commits/2026-02-13-commit-f83582c.md

@@ -0,0 +1,50 @@
+---
+title: "Add Vigie: CERT-FR security bulletin monitor"
+date: 2026-02-13T20:12:28+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack", "config"]
+categories: ["Git Activity"]
+summary: "Commit f83582c par Betty — 13 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `f83582c`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `f83582cec9ee21f54f44923efcc5ac253a46b1bc` |
+| **Date** | 2026-02-13 |
+
+### Description
+
+Polls ANSSI RSS feeds (alertes, avis, IOC), stores bulletins in PostgreSQL,
+filters by product watchlist, and alerts via Telegram + Alertmanager.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	stack/47-service-vigie.yml
+A	vigie/Dockerfile.vigie
+A	vigie/requirements.txt
+A	vigie/vigie/__init__.py
+A	vigie/vigie/__main__.py
+A	vigie/vigie/alerter.py
+A	vigie/vigie/config.py
+A	vigie/vigie/db.py
+A	vigie/vigie/feeds.py
+A	vigie/vigie/main.py
+A	vigie/vigie/matcher.py
+A	vigie/vigie/metrics.py
+A	volumes/grafana/dashboards/vigie.json
+```
+
+### Statistiques
+
+```
+ 13 files changed, 715 insertions(+)
+```

content/posts/commits/2026-02-14-commit-26fe30f.md

@@ -0,0 +1,57 @@
+---
+title: "Fix various service issues: Faraday auth, borodino startup, Razvedka DB, Vigie alerts"
+date: 2026-02-14T15:37:56+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack", "borodino"]
+categories: ["Git Activity"]
+summary: "Commit 26fe30f par Betty — 11 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `26fe30f`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `26fe30f47064d213204b16ba582b2fb180f7246e` |
+| **Date** | 2026-02-14 |
+
+### Description
+
+- borodino/ak47: Add PostgreSQL readiness retry loop instead of failing silently
+- medved: Switch Faraday auth from API token to session-based login, fix API
+  endpoint trailing slashes, add proper cookie caching
+- razvedka/db: Fix migration order (column migration before table creation),
+  wrap ALTER TABLE in existence check
+- vigie/alerter: Cast chat_id to int, add error response logging
+- stack/01: Remove suricata Docker configs (use bind mounts, rules exceed 4MB limit)
+- stack/40: Reduce borodino max_replicas_per_node to 3, disable uzi (0 replicas)
+- stack/45-razvedka: Remove deprecated stack file (replaced by 46)
+- stack/65-medved: Switch from token to user/password auth for Faraday
+- scripts/startover.sh: Fix telegram/medved stack paths
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	borodino/thearm_ak47
+M	medved/honeypot/config.py
+M	medved/honeypot/faraday_reporter.py
+A	razvedka/auth_helper.py
+M	razvedka/razvedka/db.py
+M	scripts/startover.sh
+M	stack/01-service-hl.yml
+M	stack/40-service-borodino.yml
+D	stack/45-service-razvedka.yml
+M	stack/65-service-medved.yml
+M	vigie/vigie/alerter.py
+```
+
+### Statistiques
+
+```
+ 11 files changed, 168 insertions(+), 125 deletions(-)
+```

content/posts/commits/2026-02-14-commit-c7af3a7.md

@@ -0,0 +1,46 @@
+---
+title: "Fix Suricata to capture real traffic: move to host networking"
+date: 2026-02-14T15:56:36+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack"]
+categories: ["Git Activity"]
+summary: "Commit c7af3a7 par Betty — 4 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `c7af3a7`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `c7af3a7340b2fdd15e343132ce4f4f81b5692bc9` |
+| **Date** | 2026-02-14 |
+
+### Description
+
+Suricata in Docker Swarm overlay network saw 0 packets (monitoring
+virtual VXLAN interface). Move to standalone docker compose with
+network_mode: host for real eth0 packet capture. Suricata-exporter
+stays in Swarm (reads socket/logs via bind mounts).
+
+Also filter private/reserved IPs (RFC1918, multicast, broadcast) from
+Dozor threat feeds to prevent false positives on internal Docker traffic.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	dozor/dozor/feeds.py
+M	scripts/startover.sh
+M	stack/01-service-hl.yml
+A	stack/01-suricata-host.yml
+```
+
+### Statistiques
+
+```
+ 4 files changed, 59 insertions(+), 48 deletions(-)
+```

content/posts/commits/2026-02-14-commit-d23f0d2.md

@@ -0,0 +1,51 @@
+---
+title: "Add Dozor: threat feed aggregator for Suricata blocklist rules"
+date: 2026-02-14T15:36:58+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature", "stack", "config"]
+categories: ["Git Activity"]
+summary: "Commit d23f0d2 par Betty — 11 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `d23f0d2`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `d23f0d240bda978db8bbb97a55dc3a1dad915513` |
+| **Date** | 2026-02-14 |
+
+### Description
+
+Downloads IPs/CIDRs from FireHOL L1/L2, abuse.ch ThreatFox, URLhaus,
+and Feodo C2 feeds. Generates chunked Suricata drop rules (200 IPs per
+rule) and writes blocklist.rules for automatic loading. Exposes
+Prometheus metrics on port 9302. Also fixes suricata default-rule-path
+to match the actual bind mount at /etc/suricata/rules.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	dozor/Dockerfile.dozor
+A	dozor/dozor/__init__.py
+A	dozor/dozor/__main__.py
+A	dozor/dozor/config.py
+A	dozor/dozor/feeds.py
+A	dozor/dozor/main.py
+A	dozor/dozor/metrics.py
+A	dozor/dozor/rules.py
+A	dozor/requirements.txt
+A	stack/48-service-dozor.yml
+M	volumes/suricata/suricata.yaml
+```
+
+### Statistiques
+
+```
+ 11 files changed, 432 insertions(+), 2 deletions(-)
+```

content/posts/commits/2026-02-15-commit-6a1a266.md

@@ -0,0 +1,47 @@
+---
+title: "Add connectivity skill: test external API and feed connections"
+date: 2026-02-15T21:43:51+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature"]
+categories: ["Git Activity"]
+summary: "Commit 6a1a266 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `6a1a266`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `6a1a2662c443bd173a2ce1b9d74004474052816b` |
+| **Date** | 2026-02-15 |
+
+### Description
+
+New /connectivity skill checks all external dependencies:
+- 11 public feeds (CERT-FR, FireHOL, abuse.ch, IP-API, IPInfo, IPWhois)
+- 5 authenticated APIs (VirusTotal, Shodan, AbuseIPDB, OTX, Anthropic)
+- Telegram Bot validation
+- Worker node egress (DNS + HTTPS)
+
+Supports arguments: apis, feeds, telegram for targeted checks.
+Reads secrets via SSH to worker nodes where containers run.
+
+Also replaced 4 placeholder Docker secrets with real API keys
+(vt_api_key, shodan_api_key, abuseipdb_api_key, otx_api_key).
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+A	.claude/commands/connectivity.md
+```
+
+### Statistiques
+
+```
+ 1 file changed, 241 insertions(+)
+```

content/posts/commits/2026-02-15-commit-e25b3dd.md

@@ -0,0 +1,42 @@
+---
+title: "Fix borodino alert storm: Ruby 3.5 crash, empty CIDR, replica constraints"
+date: 2026-02-15T11:43:51+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack", "borodino"]
+categories: ["Git Activity"]
+summary: "Commit e25b3dd par Betty — 3 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `e25b3dd`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `e25b3ddd39eeb5c921467a84383edd4245c92223` |
+| **Date** | 2026-02-15 |
+
+### Description
+
+- Replace Ruby 3.5.0-preview1 (incompatible native extensions) with stable
+  Ruby 3.3 and add bundle install for metasploit gems
+- Guard empty CIDR results from TABLESAMPLE in thearm_ak47
+- Increase max_replicas_per_node from 3 to 5 for full 15-replica capacity
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	borodino/Dockerfile.borodino
+M	borodino/thearm_ak47
+M	stack/40-service-borodino.yml
+```
+
+### Statistiques
+
+```
+ 3 files changed, 31 insertions(+), 169 deletions(-)
+```

content/posts/commits/2026-02-16-commit-8af07f6.md

@@ -0,0 +1,38 @@
+---
+title: "Add post-deploy health and connectivity checks to startover.sh"
+date: 2026-02-16T13:50:09+01:00
+draft: false
+tags: ["commit", "bojemoi", "feature"]
+categories: ["Git Activity"]
+summary: "Commit 8af07f6 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `8af07f6`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `8af07f674b152de1208b56a0bd35d19ae0e6e3e6` |
+| **Date** | 2026-02-16 |
+
+### Description
+
+Switch shebang to ash, add manager/worker role detection, and append
+service health + external connectivity checks after full stack deploy.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	scripts/startover.sh
+```
+
+### Statistiques
+
+```
+ 1 file changed, 143 insertions(+), 25 deletions(-)
+```

content/posts/commits/2026-02-16-commit-9eb88b1.md

@@ -0,0 +1,38 @@
+---
+title: "Fix borodino stack: use local registry for all images"
+date: 2026-02-16T15:13:09+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix", "stack"]
+categories: ["Git Activity"]
+summary: "Commit 9eb88b1 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `9eb88b1`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `9eb88b18b7d5daef22565b713c7b19e48c4aeeb0` |
+| **Date** | 2026-02-16 |
+
+### Description
+
+Workers can't pull from Docker Hub directly. Point nuclei, redis,
+and python images to localhost:5000 local registry.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	stack/40-service-borodino.yml
+```
+
+### Statistiques
+
+```
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+```

content/posts/commits/2026-02-16-commit-e83ddf5.md

@@ -0,0 +1,38 @@
+---
+title: "Fix BusyBox date compatibility in startover.sh"
+date: 2026-02-16T15:02:27+01:00
+draft: false
+tags: ["commit", "bojemoi", "fix"]
+categories: ["Git Activity"]
+summary: "Commit e83ddf5 par Betty — 1 fichier(s) modifié(s)"
+author: "Betty"
+---
+
+## Commit `e83ddf5`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Auteur** | Betty |
+| **Hash** | `e83ddf58adb451bf9817447809f4f32e8e5f85e1` |
+| **Date** | 2026-02-16 |
+
+### Description
+
+BusyBox date doesn't support GNU relative time expressions like
+"+30 minutes". Use epoch arithmetic instead for Alertmanager silence.
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+### Fichiers modifiés
+
+```
+M	scripts/startover.sh
+```
+
+### Statistiques
+
+```
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+```