From 85cff64466d5478e86e0e1a47c042f17dc51d868 Mon Sep 17 00:00:00 2001
From: Betty <betty.bombers@proyon.me>
Date: Sat, 14 Mar 2026 21:52:42 +0100
Subject: [PATCH] post: commit 487dbeb in bojemoi

---
 .../commits/2026-03-14-commit-487dbeb.md      | 137 ++++++++++++++++++
 1 file changed, 137 insertions(+)
 create mode 100644 content/posts/commits/2026-03-14-commit-487dbeb.md

diff --git a/content/posts/commits/2026-03-14-commit-487dbeb.md b/content/posts/commits/2026-03-14-commit-487dbeb.md
new file mode 100644
index 0000000..4a0910f
--- /dev/null
+++ b/content/posts/commits/2026-03-14-commit-487dbeb.md
@@ -0,0 +1,137 @@
+---
+title: "[bojemoi] feat: sentinel IoT detector, trivy CI split, MCP server, provisioning hardening"
+date: 2026-03-14T21:52:42+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 487dbeb par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `487dbeb`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `487dbeb8e3c3b20fbe5aef6bb0a7ee9dd7db82ea` |
+
+
+### Description
+
+sentinel:
+- mosquitto config renamed to mosquitto_passwd_v2 (external)
+- collector: Docker secrets support for MQTT/PG passwords
+- SQL: fix timezone-aware index (DATE(first_seen AT TIME ZONE 'UTC'))
+- alertmanager: Telegram receiver for perimeter alerts (immediate routing)
+- prometheus: add sentinel-collector scrape config + alert rules
+- grafana: sentinel dashboard + postgres datasource
+- startover: add sentinel (stack 55) to boot sequence
+
+trivy:
+- CI: split into security:trivy:dockerfile (config scan) + security:trivy:images (registry scan)
+- images job: pulls localhost:5000 images, CRITICAL blocks, HIGH logged
+- SARIF artifacts for both jobs
+- new stack/50-service-trivy.yml + trivy-scanner/
+- startover: add trivy (stack 50) to boot sequence
+
+mcp-server:
+- new mcp-server/ (server.py, tools/nmap.py, tools/osint.py)
+- .mcp.json: Claude Code MCP config → http://localhost:8001/sse
+
+provisioning:
+- Dockerfile: multi-stage build, non-root user, no curl (urllib healthcheck)
+- runtime: libpq5 only (no -dev), compiled .pyc, no source files
+
+borodino:
+- uzi: DEBUG_MODE=1 (test against Metasploitable 192.168.1.2)
+
+grafana:
+- stack 01: add SENTINEL_PG_PASS env var
+
+blog: 10 new posts (MCP, Trivy, architecture, DockerHub, Alpine)
+archi.md: architecture overview doc
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	.mcp.json
+A	archi.md
+A	blog/architecture-bojemoi-lab-linkedin.md
+A	blog/architecture-bojemoi-lab-telegram.md
+A	blog/bojemoi-lab-sur-dockerhub.md
+A	blog/choisir alpine linux.md
+A	blog/mcp-server-bojemoi-lab.md
+A	blog/trivy-gitea-actions-en.md
+A	blog/trivy-gitea-actions-fr.md
+A	blog/tryvi implement.md
+A	blog/turn into MCP.md
+A	claude/Dockerfile
+A	claude/claude.sh
+A	mcp-server/Dockerfile
+A	mcp-server/requirements.txt
+A	mcp-server/server.py
+A	mcp-server/tools/__init__.py
+A	mcp-server/tools/nmap.py
+A	mcp-server/tools/osint.py
+M	provisioning/Dockerfile.provisioning
+M	scripts/startover.sh
+M	sentinel/collector/collector.py
+M	sentinel/sql/02-tables.sql
+M	stack/.gitlab-ci.yml
+M	stack/01-service-hl.yml
+M	stack/40-service-borodino.yml
+A	stack/50-service-trivy.yml
+M	stack/55-service-sentinel.yml
+A	trivy-scanner/Dockerfile
+A	trivy-scanner/scan-images.sh
+M	volumes/alertmanager/alertmanager.yml
+A	volumes/grafana/dashboards/sentinel.json
+A	volumes/grafana/datasources/sentinel-postgres.yml
+M	volumes/prometheus/prometheus.yml
+A	volumes/prometheus/rules/sentinel_alerts.yml
+```
+
+### Diff Summary
+
+```
+ .mcp.json                                         |   8 +
+ archi.md                                          | 165 +++++++++++++
+ blog/architecture-bojemoi-lab-linkedin.md         |  26 ++
+ blog/architecture-bojemoi-lab-telegram.md         |  23 ++
+ blog/bojemoi-lab-sur-dockerhub.md                 | 160 ++++++++++++
+ blog/choisir alpine linux.md                      |  37 +++
+ blog/mcp-server-bojemoi-lab.md                    | 125 ++++++++++
+ blog/trivy-gitea-actions-en.md                    | 104 ++++++++
+ blog/trivy-gitea-actions-fr.md                    | 104 ++++++++
+ blog/tryvi implement.md                           |  95 +++++++
+ blog/turn into MCP.md                             | 223 +++++++++++++++++
+ claude/Dockerfile                                 |   3 +
+ claude/claude.sh                                  |   9 +
+ mcp-server/Dockerfile                             |  22 ++
+ mcp-server/requirements.txt                       |   6 +
+ mcp-server/server.py                              | 288 ++++++++++++++++++++++
+ mcp-server/tools/__init__.py                      |   0
+ mcp-server/tools/nmap.py                          |  95 +++++++
+ mcp-server/tools/osint.py                         | 140 +++++++++++
+ provisioning/Dockerfile.provisioning              |  55 +++--
+ scripts/startover.sh                              |   2 +
+ sentinel/collector/collector.py                   |  15 +-
+ sentinel/sql/02-tables.sql                        |   2 +-
+ stack/.gitlab-ci.yml                              | 107 +++++++-
+ stack/01-service-hl.yml                           |   1 +
+ stack/40-service-borodino.yml                     |   2 +-
+ stack/50-service-trivy.yml                        |  23 ++
+ stack/55-service-sentinel.yml                     |   4 +-
+ trivy-scanner/Dockerfile                          |  14 ++
+ trivy-scanner/scan-images.sh                      |  78 ++++++
+ volumes/alertmanager/alertmanager.yml             |  29 +++
+ volumes/grafana/dashboards/sentinel.json          | 235 ++++++++++++++++++
+ volumes/grafana/datasources/sentinel-postgres.yml |  16 ++
+ volumes/prometheus/prometheus.yml                 |   7 +
+ volumes/prometheus/rules/sentinel_alerts.yml      |  52 ++++
+ 35 files changed, 2244 insertions(+), 31 deletions(-)
+```