post: commit e8778da in bojemoi

content/posts/alertmanager-docker-secrets-fr.md

@@ -0,0 +1,174 @@
+---
+title: "Zéro credential en clair dans alertmanager.yml — Docker secrets à la rescousse"
+date: 2026-03-14T21:00:00+00:00
+draft: false
+tags: ["cybersecurity", "devops", "docker", "docker-swarm", "homelab", "selfhosted", "infosec", "opensource", "blue-team", "soc", "gitops", "debutant-en-cyber", "apprendre-la-cyber", "build-in-public", "french-tech"]
+summary: "Mon alertmanager.yml avait deux credentials en clair : un token Telegram et un mot de passe SMTP. Je les ai migrés vers des Docker secrets en dix minutes — sans patcher l'image ni écrire une ligne de script."
+description: "Migration pas-à-pas de credentials Alertmanager vers des Docker secrets en Swarm mode : bot_token_file et smtp_auth_password_file, sans entrypoint personnalisé."
+author: "Bojemoi"
+ShowToc: true
+ShowReadingTime: true
+---
+
+J'ai intégré Trivy dans mon pipeline CI pour scanner mes Dockerfiles. Premier résultat : Trivy me signale des secrets hardcodés dans mon propre `alertmanager.yml` commité en clair dans le repo.
+
+Ironie du sort — l'outil de scan de sécurité me trouve une faille dans ma configuration de monitoring.
+
+## Le Problème
+
+Mon `alertmanager.yml` contenait deux credentials en clair :
+
+```yaml
+global:
+  smtp_auth_password: '8_qz7oZmQVBGhkvo-U64tA'   # mot de passe SMTP Proton Mail Bridge
+
+receivers:
+  - name: 'telegram-perimeter'
+    telegram_configs:
+      - bot_token: '8174135689:AAH...'             # token du bot Telegram
+```
+
+Ces deux valeurs étaient commitées dans le repo Git. Toute personne ayant accès au repo (ou à un backup) pouvait :
+
+- Envoyer des messages à n'importe quel chat Telegram via le bot
+- S'authentifier sur le serveur SMTP du bridge Protonmail
+
+## La Solution Native d'Alertmanager
+
+Alertmanager supporte nativement la lecture de credentials depuis des fichiers, via les paramètres suffixés `_file`. Pas besoin de script d'entrypoint, pas besoin de patcher l'image.
+
+| Paramètre inline | Équivalent fichier |
+|---|---|
+| `bot_token` | `bot_token_file` |
+| `smtp_auth_password` | `smtp_auth_password_file` |
+| `api_key` (PagerDuty, etc.) | `api_key_file` |
+
+La documentation Alertmanager liste ces variantes pour la plupart des intégrations. C'est la façon propre de gérer les secrets en environnement conteneurisé.
+
+## Mise en Œuvre en Docker Swarm
+
+### 1. Créer les secrets Docker
+
+Le token Telegram existait déjà comme secret Swarm (`telegram_bot_token`, créé 6 semaines plus tôt pour le service Telegram). Réutilisation directe.
+
+Pour le mot de passe SMTP, création d'un nouveau secret :
+
+```bash
+echo -n '8_qz7oZmQVBGhkvo-U64tA' | docker secret create alertmanager_smtp_pass -
+```
+
+```bash
+docker secret ls | grep -E "telegram_bot|smtp"
+# rfi2cjxk...   telegram_bot_token      6 weeks ago
+# r5zodtm4...   alertmanager_smtp_pass  just now
+```
+
+### 2. Mettre à Jour alertmanager.yml
+
+```yaml
+global:
+  smtp_auth_password_file: /run/secrets/alertmanager_smtp_pass   # ← fichier
+
+receivers:
+  - name: 'telegram-perimeter'
+    telegram_configs:
+      - bot_token_file: /run/secrets/telegram_bot_token           # ← fichier
+```
+
+Les credentials en clair disparaissent du fichier. Le repo est propre.
+
+### 3. Monter les Secrets dans la Stack
+
+Dans la définition du service alertmanager (`stack/01-service-hl.yml`) :
+
+```yaml
+services:
+  alertmanager:
+    # ...
+    secrets:
+      - telegram_bot_token
+      - alertmanager_smtp_pass
+
+secrets:
+  telegram_bot_token:
+    external: true
+  alertmanager_smtp_pass:
+    external: true
+```
+
+### 4. Appliquer sans Rebuild
+
+Puisqu'il n'y a pas de changement d'image, un simple `service update` suffit :
+
+```bash
+# Première migration (bot token)
+docker service update \
+  --secret-add telegram_bot_token \
+  --force \
+  base_alertmanager
+
+# Deuxième migration (SMTP)
+docker service update \
+  --secret-add alertmanager_smtp_pass \
+  --force \
+  base_alertmanager
+```
+
+Docker Swarm monte automatiquement les secrets dans `/run/secrets/<nom>` à l'intérieur du container. Alertmanager lit les fichiers au démarrage.
+
+## Vérification
+
+```bash
+docker service ps base_alertmanager
+# Running   21 seconds ago   ← pas de crash
+
+docker service logs base_alertmanager --since 30s
+# level=INFO msg="Loading configuration file" ...
+# (pas d'erreur d'authentification)
+```
+
+Et dans `alertmanager.yml` désormais commité :
+
+```yaml
+global:
+  smtp_auth_password_file: /run/secrets/alertmanager_smtp_pass
+
+receivers:
+  - name: 'telegram-perimeter'
+    telegram_configs:
+      - bot_token_file: /run/secrets/telegram_bot_token
+```
+
+Aucun credential en clair. Trivy est content.
+
+## Ce que Docker Swarm Garantit sur les Secrets
+
+- Les secrets sont chiffrés au repos (dans la Raft store) et en transit (TLS mutuel entre les nœuds)
+- Montés en `tmpfs` dans le container — jamais écrits sur disque
+- Visibles uniquement par les tâches qui en ont besoin (déclaration explicite dans le service)
+- Non récupérables via `docker secret inspect` (seulement les métadonnées)
+
+Pour les faire tourner sur les bons nœuds, les contraintes de placement Swarm font déjà le travail.
+
+## Generalisation
+
+Ce pattern `*_file` n'est pas propre à Alertmanager. On le retrouve dans :
+
+- **Prometheus** : `bearer_token_file`, `password_file` dans les scrape configs
+- **Grafana** : `GF_DATABASE_PASSWORD__FILE`, `GF_SECURITY_ADMIN_PASSWORD__FILE`
+- **Loki** : idem via les variables d'environnement `_FILE`
+- **Traefik** : les providers supportent les fichiers de secrets
+
+Le principe est identique : paramètre standard remplacé par son équivalent `_file` pointant vers `/run/secrets/<nom>`.
+
+## Bilan
+
+| | Avant | Après |
+|---|---|---|
+| Credentials dans le repo | ✗ 2 en clair | ✓ 0 |
+| Alertmanager fonctionnel | ✓ | ✓ |
+| Changement d'image requis | — | Non |
+| Script d'entrypoint custom | — | Non |
+| Temps de migration | — | ~15 min |
+
+La leçon : avant d'écrire un script de substitution de variables ou de patcher une image, vérifier si l'outil ne supporte pas déjà nativement la lecture depuis des fichiers. Alertmanager, Prometheus, Grafana — la plupart des outils de l'écosystème Prometheus le font.

content/posts/commits/2026-03-18-commit-1041a8b.md

@@ -0,0 +1,39 @@
+---
+title: "[bojemoi] blog: add alertmanager Docker secrets post (FR)"
+date: 2026-03-18T13:52:12+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 1041a8b par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `1041a8b`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `1041a8bda741d876cf2219db23acbc10e7e304f0` |
+
+
+### Description
+
+Article sur la gestion des credentials alertmanager (SMTP, Telegram)
+via Docker secrets — zéro credential en clair dans les stack files.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	blog/alertmanager-docker-secrets-fr.md
+```
+
+### Diff Summary
+
+```
+ blog/alertmanager-docker-secrets-fr.md | 174 +++++++++++++++++++++++++++++++++
+ 1 file changed, 174 insertions(+)
+```

content/posts/commits/2026-03-18-commit-8671e81.md

@@ -0,0 +1,48 @@
+---
+title: "[bojemoi] feat: add breachforum CTI discovery service (stack 66)"
+date: 2026-03-18T13:50:59+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 8671e81 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `8671e81`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `8671e81c7066d225e67a59773637a06cc0471a0f` |
+
+
+### Description
+
+Multi-source .onion discovery: Ahmia, Reddit, Tor directories.
+Validates via embedded Tor SOCKS5, stores in PostgreSQL (bojemoi_cti),
+alerts Telegram PTaaS group on new discoveries. Runs hourly loop.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	discovery/Dockerfile
+A	discovery/breachforum_discovery_api.py
+A	discovery/breachforum_onion_discovery.py
+A	discovery/entrypoint.sh
+A	stack/66-service-discovery.yml
+```
+
+### Diff Summary
+
+```
+ discovery/Dockerfile                     |  34 +++
+ discovery/breachforum_discovery_api.py   | 259 +++++++++++++++++++
+ discovery/breachforum_onion_discovery.py | 421 +++++++++++++++++++++++++++++++
+ discovery/entrypoint.sh                  |  33 +++
+ stack/66-service-discovery.yml           |  73 ++++++
+ 5 files changed, 820 insertions(+)
+```

content/posts/commits/2026-03-18-commit-b93e503.md

@@ -0,0 +1,46 @@
+---
+title: "[bojemoi] feat(borodino/uzi): auto-detect LHOST, split LPORT_BIND, improve exploit targeting"
+date: 2026-03-18T13:52:08+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit b93e503 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `b93e503`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `b93e503aa9dad4480f64441469d4b9edfe7ea8be` |
+
+
+### Description
+
+- Auto-detect public IP via ipify/ifconfig.me (fallback to local IP)
+- Split LPORT (payload) vs LPORT_BIND (handler) for NAT environments
+- Listener binds 0.0.0.0 instead of LHOST
+- get_random_host: ILIKE + filter on purpose (server/device/router/firewall)
+- Handle RPORT from open_ports, set empty string for PASSWORD fields
+- Prioritize bind payloads over reverse for internet targets
+- Remove upfront linux module search (now per-host via build_targeted_exploits)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/thearm_uzi
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ borodino/thearm_uzi           | 53 +++++++++++++++++++++++++++++++++++--------
+ stack/40-service-borodino.yml |  5 ++--
+ 2 files changed, 46 insertions(+), 12 deletions(-)
+```

content/posts/commits/2026-03-18-commit-fced696.md

@@ -0,0 +1,58 @@
+---
+title: "[bojemoi] chore: add Discord bot scaffold + breachforum discovery scripts"
+date: 2026-03-18T13:52:16+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit fced696 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `fced696`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `fced6969ff26f0d023add39a0eb4bf764c2ef291` |
+
+
+### Description
+
+- discord/: structure.yml + create_structure.sh for Discord bot setup
+- scripts/: original breachforum discovery archive files (Dockerfile,
+  docker-compose, API, onion discovery, examples, integration guide)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	discord/.env.example
+A	discord/create_structure.sh
+A	discord/structure.yml
+A	scripts/Dockerfile.discovery
+A	scripts/INTEGRATION_GUIDE.sh
+A	scripts/README.md
+A	scripts/breachforum_discovery_api.py
+A	scripts/breachforum_onion_discovery.py
+A	scripts/docker-compose.discovery.yml
+A	scripts/examples_usage.py
+```
+
+### Diff Summary
+
+```
+ discord/.env.example                   |  17 ++
+ discord/create_structure.sh            |  68 +++++
+ discord/structure.yml                  |  38 +++
+ scripts/Dockerfile.discovery           |  34 +++
+ scripts/INTEGRATION_GUIDE.sh           | 205 +++++++++++++
+ scripts/README.md                      | 540 +++++++++++++++++++++++++++++++++
+ scripts/breachforum_discovery_api.py   | 259 ++++++++++++++++
+ scripts/breachforum_onion_discovery.py | 421 +++++++++++++++++++++++++
+ scripts/docker-compose.discovery.yml   |  99 ++++++
+ scripts/examples_usage.py              | 301 ++++++++++++++++++
+ 10 files changed, 1982 insertions(+)
+```

content/posts/commits/2026-03-21-commit-11a8e69.md

@@ -0,0 +1,49 @@
+---
+title: "[bojemoi] feat(borodino/uzi): use Claude AI to extract MSF search terms from service info"
+date: 2026-03-21T13:53:26+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 11a8e69 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `11a8e69`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `11a8e69e56d84465e551709e19aa64403cba2d6f` |
+
+
+### Description
+
+- Add `s.info` column to `get_host_services_by_address` query
+- Add `extract_search_terms_via_ai()` using Claude Haiku to parse service
+  info strings (e.g. "vsftpd 2.3.4" → "vsftpd", "UnrealIRCd" → "unreal")
+- Merge AI terms with static SERVICE_EXPLOIT_MAP in build_targeted_exploits
+- Fix tuple unpacking to handle 3-tuple (port, name, info)
+- Add `anthropic` pip package to Dockerfile.borodino
+- Add ANTHROPIC_API_KEY env var to uzi-service in stack
+- Set bm12-service DEBUG_MODE=1, replicas=1 for debug workflow
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/Dockerfile.borodino
+M	borodino/thearm_uzi
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino  |  3 +-
+ borodino/thearm_uzi           | 70 ++++++++++++++++++++++++++++++++++++++++---
+ stack/40-service-borodino.yml | 21 +++++--------
+ 3 files changed, 76 insertions(+), 18 deletions(-)
+```

content/posts/commits/2026-03-23-commit-392a1a2.md

@@ -0,0 +1,41 @@
+---
+title: "[bojemoi] feat(borodino/uzi): enrich meterpreter Telegram alerts with sysinfo/uid/pid"
+date: 2026-03-23T18:56:51+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 392a1a2 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `392a1a2`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `392a1a2a4a7be69eb0f597ac7f6eca2b20290355` |
+
+
+### Description
+
+- Add arch, tunnel_peer from MSF session dict to all alerts
+- Run sysinfo, getuid, getpid on meterpreter session after upgrade
+- Fix alert spam: send only new_shells (not all current sessions)
+- Add send_telegram_alert call on successful meterpreter upgrade
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/thearm_uzi
+```
+
+### Diff Summary
+
+```
+ borodino/thearm_uzi | 388 ++++++++++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 314 insertions(+), 74 deletions(-)
+```

content/posts/commits/2026-03-25-commit-27f5ef4.md

@@ -0,0 +1,53 @@
+---
+title: "[bojemoi] feat(orchestrator): add VulnHub VM automation endpoints"
+date: 2026-03-25T23:05:13+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 27f5ef4 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `27f5ef4`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `27f5ef454a4d419fd606a38a1272cdb13778148f` |
+
+
+### Description
+
+- Add VULNHUB_CATALOG with 8 VMs (metasploitable2/3, dvwa, dc-1,
+  kioptrix-1, basic-pentesting-1, lampiao, pwnlab-init)
+- VulnHubManager: asyncpg pool + host_debug upsert (multi-target,
+  unlike rapid7 which replaces)
+- Endpoints: GET catalog, GET targets, POST deploy/{vm_id},
+  DELETE {vm_id} — clone XenServer template → start → poll IP →
+  register in host_debug for bm12/uzi DEBUG_MODE scanning
+- Add Pydantic models: VulnHubDeployRequest/Response, VulnHubTargetsResponse
+- Add scripts/import_vulnhub_ova.sh: xe vm-import helper for
+  first-time OVA → template creation on XenServer host
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	provisioning/orchestrator/app/main.py
+M	provisioning/orchestrator/app/models/schemas.py
+A	provisioning/orchestrator/app/services/vulnhub_manager.py
+A	scripts/import_vulnhub_ova.sh
+```
+
+### Diff Summary
+
+```
+ provisioning/orchestrator/app/main.py              | 184 +++++++++++++++++++-
+ provisioning/orchestrator/app/models/schemas.py    |  53 ++++++
+ .../orchestrator/app/services/vulnhub_manager.py   | 188 +++++++++++++++++++++
+ scripts/import_vulnhub_ova.sh                      | 123 ++++++++++++++
+ 4 files changed, 547 insertions(+), 1 deletion(-)
+```

content/posts/commits/2026-03-25-commit-2c09e8b.md

@@ -0,0 +1,36 @@
+---
+title: "[bojemoi_boot] fix(docker-socket-proxy): enable POST/DELETE for orchestrator service management"
+date: 2026-03-25T23:19:24+01:00
+draft: false
+tags: ["commit", "bojemoi_boot", "main"]
+categories: ["Git Activity"]
+summary: "Commit 2c09e8b par Betty dans bojemoi_boot"
+author: "Betty"
+---
+
+## Commit `2c09e8b`
+
+| | |
+|---|---|
+| **Repository** | bojemoi_boot |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `2c09e8b58620567008227717cd3b4c1e6275b354` |
+
+
+### Description
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/01-boot-service.yml
+```
+
+### Diff Summary
+
+```
+ stack/01-boot-service.yml | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+```

content/posts/commits/2026-03-25-commit-5a9bdd9.md

@@ -0,0 +1,56 @@
+---
+title: "[bojemoi] feat(borodino): enrich bm12/uzi with VulnHub-style attack surface detection"
+date: 2026-03-25T22:52:46+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 5a9bdd9 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `5a9bdd9`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `5a9bdd9da9c03d43ef601a9663f565f51950dcde` |
+
+
+### Description
+
+bm12:
+- NSE: add http-shellshock, http-php-version, http-webdav-scan, http-auth-finder,
+  http-default-accounts to HTTP/HTTPS scripts
+- NSE: add smtp-open-relay, add nfs (nfs-ls,nfs-showmount,nfs-statfs,rpcinfo)
+- _VULN_INDICATORS: 20 patterns (vsftpd 2.3.4 backdoor, ProFTPD mod_copy, WordPress,
+  Joomla, Drupal, Shellshock CGI, Tomcat manager, WebDAV, phpMyAdmin, Jenkins,
+  Struts, Redis/MongoDB noauth, Samba old, SNMP public, SMTP open relay, NFS export)
+- detect_vuln_indicators(): parses service banners against _VULN_INDICATORS
+- run_scan(): call detect_vuln_indicators, store attack_surface in scan_details,
+  boost type=vuln_web when web vulns detected (after IoT priority)
+
+uzi:
+- _OS_EXPLOIT_PATHS: add vuln_web → exploit/unix/webapp/, multi/http/, unix/http/
+- _VULN_EXPLOIT_TERMS: maps 18 vuln indicators to MSF search terms
+- get_os_paths(): handle vuln_web type
+- build_targeted_exploits(): accept scan_details, extract attack_surface terms
+- main loop: pass scan_details, apply vuln_web type override, log attack_surface
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/thearm_bm12
+M	borodino/thearm_uzi
+```
+
+### Diff Summary
+
+```
+ borodino/thearm_bm12 | 98 +++++++++++++++++++++++++++++++++++++++++++++++++---
+ borodino/thearm_uzi  | 69 +++++++++++++++++++++++++++++-------
+ 2 files changed, 151 insertions(+), 16 deletions(-)
+```

content/posts/commits/2026-03-25-commit-a79479d.md

@@ -0,0 +1,108 @@
+---
+title: "[bojemoi] feat: multi-stage Dockerfiles, DVAR IoT target, bm12/uzi ARM enrichment"
+date: 2026-03-25T22:44:39+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit a79479d par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `a79479d`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `a79479d732a7eb95cb017eee5084f11e08946849` |
+
+
+### Description
+
+Dockerfiles:
+- Convert 8 Dockerfiles to multi-stage / virtual build-deps pattern:
+  - oblast/Dockerfile.zaproxy: remove make/ant/automake/autoconf/gcc from final stage, openjdk-jdk → jre
+  - telegram-bot, discovery: proper builder/runtime stages, gcc+libpq-dev removed from runtime
+  - tsushima: dedicated masscan-builder stage + --virtual .ruby-build-deps
+  - borodino/Dockerfile.borodino, berezina/Dockerfile.berezina: --virtual .build-deps removed after bundle install
+  - narva/Dockerfile.narva, borodino/Dockerfile.berezina: remove unused build tools (no bundle install)
+- Compile Python sources in: mcp-server, discovery, sentinel/collector, koursk-2
+- cccp.sh: docker buildx build --push (direct registry), ensure_registry() boot stack check
+
+DVAR IoT:
+- dvar/: Dockerfile.dvar (QEMU ARM emulation, cross-compiled vuln HTTP server), entrypoint, vuln_httpd.c
+- stack/56-service-dvar.yml: pentest + iot_network networks, worker placement
+- scripts/metasploitable2_exploit.py: Metasploitable2 exploit helper
+
+Borodino bm12/uzi:
+- thearm_bm12: arch detection (_ARCH_PATTERNS, _IOT_KEYWORDS), IoT/ARM banner parsing, stores arch in hosts.arch
+- thearm_uzi: ARM/MIPS payload selection, IoT OS path, host_arch from DB, generic IoT support
+- stack/40-service-borodino.yml: bm12_v3 scan_status target, updated service config
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	.dockerignore
+M	berezina/Dockerfile.berezina
+M	borodino/.dockerignore
+M	borodino/Dockerfile.berezina
+M	borodino/Dockerfile.borodino
+M	borodino/thearm_bm12
+M	borodino/thearm_uzi
+M	borodino/toto
+M	discovery/Dockerfile
+M	discovery/breachforum_onion_discovery.py
+M	discovery/entrypoint.sh
+A	dvar/Dockerfile.dvar
+A	dvar/entrypoint.sh
+A	dvar/src/vuln_httpd.c
+M	koursk-2/Dockerfile.koursk-2
+M	koursk-2/scripts/rsync-start.sh
+M	mcp-server/Dockerfile
+M	narva/Dockerfile.narva
+M	oblast/Dockerfile.zaproxy
+M	scripts/cccp.sh
+A	scripts/metasploitable2_exploit.py
+M	scripts/startover.sh
+M	sentinel/collector/Dockerfile
+M	stack/40-service-borodino.yml
+A	stack/56-service-dvar.yml
+A	toto
+M	tsushima/Dockerfile.tsushima
+```
+
+### Diff Summary
+
+```
+ .dockerignore                            |    1 +
+ berezina/Dockerfile.berezina             |   73 +-
+ borodino/.dockerignore                   |    1 +
+ borodino/Dockerfile.berezina             |   29 +-
+ borodino/Dockerfile.borodino             |   51 +-
+ borodino/thearm_bm12                     |  151 ++++-
+ borodino/thearm_uzi                      |  579 ++++++++++------
+ borodino/toto                            | 1092 ++++++++++++++++++++++++++----
+ discovery/Dockerfile                     |   27 +-
+ discovery/breachforum_onion_discovery.py |  160 ++++-
+ discovery/entrypoint.sh                  |    2 +-
+ dvar/Dockerfile.dvar                     |   55 ++
+ dvar/entrypoint.sh                       |   87 +++
+ dvar/src/vuln_httpd.c                    |  194 ++++++
+ koursk-2/Dockerfile.koursk-2             |    5 +
+ koursk-2/scripts/rsync-start.sh          |    2 +-
+ mcp-server/Dockerfile                    |    6 +-
+ narva/Dockerfile.narva                   |   14 +-
+ oblast/Dockerfile.zaproxy                |    7 +-
+ scripts/cccp.sh                          |  173 +++--
+ scripts/metasploitable2_exploit.py       |  388 +++++++++++
+ scripts/startover.sh                     |    1 +
+ sentinel/collector/Dockerfile            |    6 +-
+ stack/40-service-borodino.yml            |   18 +-
+ stack/56-service-dvar.yml                |   55 ++
+ toto                                     |  945 ++++++++++++++++++++++++++
+ tsushima/Dockerfile.tsushima             |   84 +--
+ 27 files changed, 3504 insertions(+), 702 deletions(-)
+```

content/posts/commits/2026-03-25-commit-d3bbec7.md

@@ -0,0 +1,43 @@
+---
+title: "[bojemoi] fix(orchestrator): use docker-socket-proxy instead of direct socket"
+date: 2026-03-25T23:19:08+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit d3bbec7 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `d3bbec7`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `d3bbec7b84da8e313944c74b1f56efe8c9822820` |
+
+
+### Description
+
+- Remove /var/run/docker.sock bind mount from orchestrator service
+  (was failing with PermissionError since container now runs non-root)
+- Add DOCKER_SWARM_URL=tcp://docker-socket-proxy:2375 env var
+- Enable POST=1 DELETE=1 on boot/docker-socket-proxy (needed for
+  service create/delete via orchestrator API)
+- Fix config mode 0440→0444 so non-root appuser can read .env config
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/01-service-hl.yml
+```
+
+### Diff Summary
+
+```
+ stack/01-service-hl.yml | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+```

content/posts/commits/2026-03-26-commit-2195edf.md

@@ -0,0 +1,42 @@
+---
+title: "[bojemoi] fix(zap-scanner): handle DOES_NOT_EXIST + add timeout to scan wait loops"
+date: 2026-03-26T18:34:02+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 2195edf par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `2195edf`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `2195edf5009018178f410e8e1a197ae412d059d4` |
+
+
+### Description
+
+- wait_for_active_scan_completion: break on DOES_NOT_EXIST response
+  (ZAP restarted → old scan ID gone), add 3600s timeout
+- wait_for_spider_completion: same fix, 1800s timeout
+- Add timeout=10s to requests.get() calls in both loops
+- Scanner was stuck since 2026-03-20 polling dead scan ID 3
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	oblast-1/zap_scanner.py
+```
+
+### Diff Summary
+
+```
+ oblast-1/zap_scanner.py | 55 +++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 37 insertions(+), 18 deletions(-)
+```

content/posts/commits/2026-03-26-commit-2a51f30.md

@@ -0,0 +1,54 @@
+---
+title: "[bojemoi] refactor(zap-scanner): Redis queue + zap_scan_log + Faraday + concurrency"
+date: 2026-03-26T18:51:18+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 2a51f30 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `2a51f30`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `2a51f3001b29121a572207ae8f42aa46964ac772` |
+
+
+### Description
+
+Architecture v2:
+- DbFeeder thread: charge hosts web non scannés depuis msf.hosts
+  (NOT IN zap_scan_log) → Redis queue zap:targets toutes les 300s
+- ScanWorker: N scans ZAP concurrents (défaut 3), spider→active scan,
+  DOES_NOT_EXIST/timeout gérés proprement
+- zap_scan_log table: tracking persistant (host_id PK, alerts, status)
+  — plus de rescans aléatoires des mêmes hosts
+- Faraday export: POST vulns via API v3 après chaque scan
+- Fix: DB_NAME 'msg' → 'msf', Redis connection error ne crashe plus
+- Stack: add REDIS_HOST/PORT, ZAP_CONCURRENCY, FARADAY_WORKSPACE,
+  scanner sur réseau pentest+backend pour atteindre Redis et ZAP
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	oblast-1/Dockerfile.oblast-1
+M	oblast-1/requirements.txt
+M	oblast-1/zap_scanner.py
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ oblast-1/Dockerfile.oblast-1  |  31 +-
+ oblast-1/requirements.txt     |   2 +-
+ oblast-1/zap_scanner.py       | 737 ++++++++++++++++++++----------------------
+ stack/40-service-borodino.yml |  42 ++-
+ 4 files changed, 388 insertions(+), 424 deletions(-)
+```

content/posts/commits/2026-03-26-commit-9a69b23.md

@@ -0,0 +1,50 @@
+---
+title: "[bojemoi] refactor(borodino): standardize env var management across ak47/bm12/uzi"
+date: 2026-03-26T18:05:51+01:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 9a69b23 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `9a69b23`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `9a69b23259505b2016fee26c42a285a4896d92a2` |
+
+
+### Description
+
+- Stack: add PG_HOST/PORT/USER/PASSWORD/DBNAME to all 3 services;
+  add IP2LOC_DBNAME for ak47
+- ak47: replace hardcoded user/password/dbname + ping-based IP
+  resolution with $PG_* env vars; use pg_isready with hostname directly
+- bm12: PG_HOST was hardcoded "postgres" → os.getenv(); remove
+  hardcoded PG_PASSWORD default; add PG_PORT to psycopg2.connect()
+- uzi: same as bm12; MODE_RUN was hardcoded 1 → os.getenv("MODE_RUN")
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/thearm_ak47
+M	borodino/thearm_bm12
+M	borodino/thearm_uzi
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ borodino/thearm_ak47          | 40 ++++++++++++++++++----------------------
+ borodino/thearm_bm12          |  7 ++++---
+ borodino/thearm_uzi           | 23 +++++++++++------------
+ stack/40-service-borodino.yml | 16 ++++++++++++++++
+ 4 files changed, 49 insertions(+), 37 deletions(-)
+```

content/posts/commits/2026-03-30-commit-631b96e.md

@@ -0,0 +1,56 @@
+---
+title: "[bojemoi] feat(borodino): OpenVPN gateway + fix ak47/bm12 env vars"
+date: 2026-03-30T21:24:58+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 631b96e par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `631b96e`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `631b96e0ca6c8c73c1b320dc3ca9d3ef9ec3e44c` |
+
+
+### Description
+
+- Switch wg-gateway from WireGuard to OpenVPN (ProtonVPN TCP config)
+  - Dockerfile.wg-gateway: wireguard-tools → openvpn
+  - wg-gateway-start.sh: wg-quick → openvpn daemon, wait for tun0, NAT via tun0
+  - Secrets: protonvpn_wg → protonvpn_ovpn + protonvpn_auth
+- Add route-setup.sh: split-tunnel wrapper for ak47/bm12 (RFC1918 via
+  overlay, internet via VPN gateway)
+- Fix ak47/bm12 environment sections: YAML merge replaces lists, so
+  postgres credentials were missing after adding SCAN_GATEWAY_HOST
+- Add .claude/commands/borodino.md skill for C2 stack operations
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	.claude/commands/borodino.md
+M	borodino/Dockerfile.borodino
+A	borodino/Dockerfile.wg-gateway
+A	borodino/route-setup.sh
+A	borodino/wg-gateway-start.sh
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ .claude/commands/borodino.md   | 156 +++++++++++++++++++++++++++++++++++++++++
+ borodino/Dockerfile.borodino   |   2 +
+ borodino/Dockerfile.wg-gateway |  16 +++++
+ borodino/route-setup.sh        |  37 ++++++++++
+ borodino/wg-gateway-start.sh   |  67 ++++++++++++++++++
+ stack/40-service-borodino.yml  |  75 +++++++++++++++++++-
+ 6 files changed, 351 insertions(+), 2 deletions(-)
+```

content/posts/commits/2026-03-30-commit-9eb4c92.md

@@ -0,0 +1,106 @@
+---
+title: "[bojemoi] feat(c2): multi-redirector infrastructure + split borodino images"
+date: 2026-03-30T16:51:02+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 9eb4c92 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `9eb4c92`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `9eb4c9236b88b18f05b572b6459a3b331190a5ab` |
+
+
+### Description
+
+C2 redirector infrastructure:
+- redirector/: nginx GeoIP2 container (debian:bookworm-slim) proxying to bojemoi.me:8443
+- scripts/c2-vpn-init-pki.sh: EasyRSA PKI init (CA + server cert + lab-manager client)
+- scripts/provision-redirector.sh: Fly.io redirector provisioning
+- scripts/c2-manage.sh: start/stop/list/delete management script
+- cloud-init/redirector-template.yaml: VPS cloud-init template
+
+Architecture: Implants → Redirectors → bojemoi.me:8443 → VPN → 192.168.1.x:4444
+
+Borodino image split:
+- Dockerfile.borodino: lightweight Alpine (ak47 + bm12, ~150 MB, no MSF)
+- Dockerfile.borodino-msf: full Ruby+MSF image (uzi + msf-teamserver, ~4 GB)
+- start_msf_server.sh: msfrpcd teamserver on 0.0.0.0:55553 (shared by all uzi workers)
+- start_uzi.sh: MSF_HOST support (local vs remote teamserver)
+- thearm_uzi: _pick_redirector() reads C2_REDIRECTORS env, MSF_HOST configurable
+
+Stack borodino:
+- New msf-teamserver service (1 replica worker, borodino-msf image)
+- uzi-service: MSF_HOST=msf-teamserver, C2_REDIRECTORS=37.16.12.4
+- ak47/bm12: now use lightweight borodino image
+
+Remove discovery service (breachforum scraper deprecated)
+volumes/c2-vpn/.gitignore: exclude PKI keys/certs from git
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/Dockerfile.borodino
+A	borodino/Dockerfile.borodino-msf
+A	borodino/start_msf_server.sh
+M	borodino/start_uzi.sh
+M	borodino/thearm_uzi
+A	cloud-init/redirector-template.yaml
+D	discovery/Dockerfile
+D	discovery/breachforum_discovery_api.py
+D	discovery/breachforum_onion_discovery.py
+D	discovery/entrypoint.sh
+A	redirector/Dockerfile
+A	redirector/c2-proxy.conf
+A	redirector/nginx.conf
+D	scripts/Dockerfile.discovery
+D	scripts/breachforum_discovery_api.py
+D	scripts/breachforum_onion_discovery.py
+A	scripts/c2-manage.sh
+A	scripts/c2-vpn-init-pki.sh
+D	scripts/docker-compose.discovery.yml
+A	scripts/provision-redirector.sh
+M	stack/40-service-borodino.yml
+D	stack/66-service-discovery.yml
+A	volumes/c2-vpn/.gitignore
+A	volumes/c2-vpn/README.md
+```
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino             |  62 +---
+ borodino/Dockerfile.borodino-msf         |  58 ++++
+ borodino/start_msf_server.sh             |  51 +++
+ borodino/start_uzi.sh                    |  68 ++--
+ borodino/thearm_uzi                      |  84 ++++-
+ cloud-init/redirector-template.yaml      | 317 ++++++++++++++++++
+ discovery/Dockerfile                     |  35 --
+ discovery/breachforum_discovery_api.py   | 259 ---------------
+ discovery/breachforum_onion_discovery.py | 529 -------------------------------
+ discovery/entrypoint.sh                  |  33 --
+ redirector/Dockerfile                    |  33 ++
+ redirector/c2-proxy.conf                 |  39 +++
+ redirector/nginx.conf                    |  43 +++
+ scripts/Dockerfile.discovery             |  34 --
+ scripts/breachforum_discovery_api.py     | 259 ---------------
+ scripts/breachforum_onion_discovery.py   | 421 ------------------------
+ scripts/c2-manage.sh                     | 415 ++++++++++++++++++++++++
+ scripts/c2-vpn-init-pki.sh               | 255 +++++++++++++++
+ scripts/docker-compose.discovery.yml     |  99 ------
+ scripts/provision-redirector.sh          |  91 ++++++
+ stack/40-service-borodino.yml            |  76 ++++-
+ stack/66-service-discovery.yml           |  73 -----
+ volumes/c2-vpn/.gitignore                |   6 +
+ volumes/c2-vpn/README.md                 |  46 +++
+ 24 files changed, 1559 insertions(+), 1827 deletions(-)
+```

content/posts/commits/2026-03-30-commit-dc4caca.md

@@ -0,0 +1,48 @@
+---
+title: "[bojemoi] feat(ak47): nmap local + msfrpc import via msf-teamserver (Option B)"
+date: 2026-03-30T22:05:23+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit dc4caca par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `dc4caca`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `dc4caca53147c67b9895a9badf7dcd262229b306` |
+
+
+### Description
+
+Replace msfconsole db_nmap with split approach:
+- nmap -oX scan on ak47 (via ProtonVPN, no MSF required)
+- msf_import.py: import XML via db.import_data msfrpc call
+- Skip import if no hosts up (avoids RPC overhead for empty scans)
+- Add msgpack to borodino:latest pip deps
+- Add iproute2 + route-setup.sh to borodino-msf for uzi VPN routing
+- Add MSF_HOST/MSF_PORT env vars to ak47-service
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/Dockerfile.borodino
+A	borodino/msf_import.py
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino  |  7 +++--
+ borodino/msf_import.py        | 69 +++++++++++++++++++++++++++++++++++++++++++
+ stack/40-service-borodino.yml |  2 ++
+ 3 files changed, 75 insertions(+), 3 deletions(-)
+```

content/posts/commits/2026-03-30-commit-ea02190.md

@@ -0,0 +1,47 @@
+---
+title: "[bojemoi] feat(uzi): route exploit traffic via ProtonVPN gateway"
+date: 2026-03-30T21:37:22+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit ea02190 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `ea02190`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `ea02190a0546a0295e329eb710256cc0f3030ddb` |
+
+
+### Description
+
+Add VPN routing to uzi-service (same pattern as ak47/bm12):
+- Dockerfile.borodino-msf: add iproute2 + route-setup.sh
+- uzi-service: add scan_net network, NET_ADMIN cap, SCAN_GATEWAY_HOST
+- command: route-setup.sh wrapper before start_uzi.sh
+
+Exploit delivery traffic now exits via ProtonVPN (149.102.244.100),
+masking worker node IPs. C2 sessions (inbound to msf-teamserver) are
+unaffected (RFC1918 routes preserved via overlay gateway).
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/Dockerfile.borodino-msf
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino-msf | 3 ++-
+ stack/40-service-borodino.yml    | 9 ++++++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+```

content/posts/commits/2026-03-31-commit-4c71a4d.md

@@ -0,0 +1,40 @@
+---
+title: "[bojemoi] feat(nuclei-api): route scans via ProtonVPN (wg-gateway)"
+date: 2026-03-31T21:04:31+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 4c71a4d par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `4c71a4d`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `4c71a4d3b9a32e326635d57f8435ef4b773b1f76` |
+
+
+### Description
+
+Add scan_net + NET_ADMIN to nuclei-api. Run apk/pip/nuclei-update
+first (default route), then configure routing via wg-gateway before
+starting uvicorn. Use $$ escaping for shell vars in Docker stack YAML.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ stack/40-service-borodino.yml | 21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+```

content/posts/commits/2026-03-31-commit-b5b5641.md

@@ -0,0 +1,77 @@
+---
+title: "[bojemoi] feat(nuclei): Redis queue pipeline + dedicated Faraday workspaces + Redis Commander"
+date: 2026-03-31T20:36:25+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit b5b5641 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `b5b5641`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `b5b56414da22c77a1827f2b4591659727d4e3c44` |
+
+
+### Description
+
+- thearm_bm12: LPUSH pentest:nuclei_queue after bm12_v3 classification (event-driven)
+- thearm_nuclei: replace DB polling with BRPOP (0 CPU idle) + 30s backfill fallback
+- thearm_logpull: pull nginx logs from Fly.io redirectors + Lightsail → redirector_hits
+- redirector/nginx.conf: real IP via fly-client-ip header, log to stdout
+- redirector/entrypoint.sh: symlink nginx logs to stdout/stderr
+- Dockerfile.borodino: add redis + openssh-client, include thearm_nuclei/logpull
+- nuclei_api/main.py: push findings to Faraday after scan
+- plugin_nuclei.py: add push_to_faraday() helper
+- stack/40-service-borodino.yml:
+  - nuclei-worker: BRPOP mode, REDIS_HOST/PORT, dedicated workspace=nuclei
+  - nuclei-api: workspace=nuclei, FARADAY_URL=http://faraday:5985
+  - zap-scanner: workspace=zap
+  - uzi-service: workspace=uzi
+  - logpull service: nginx log pull worker (manager placement)
+  - redis-commander: web UI at redis.bojemoi.lab
+- Remove Burp Suite plugin + stack export (replaced by Nuclei)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/Dockerfile.borodino
+A	borodino/redirector/Dockerfile
+A	borodino/redirector/entrypoint.sh
+A	borodino/redirector/nginx.conf
+M	borodino/thearm_bm12
+A	borodino/thearm_logpull
+A	borodino/thearm_nuclei
+M	samsonov/nuclei_api/main.py
+D	samsonov/pentest_orchestrator/plugins/plugin_burp.py
+M	samsonov/pentest_orchestrator/plugins/plugin_nuclei.py
+D	scripts/gameover.sh
+D	scripts/stack_burp.export
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino                       |   6 +-
+ borodino/redirector/Dockerfile                     |  18 +
+ borodino/redirector/entrypoint.sh                  |  77 ++++
+ borodino/redirector/nginx.conf                     |  63 ++++
+ borodino/thearm_bm12                               |  23 +-
+ borodino/thearm_logpull                            | 212 +++++++++++
+ borodino/thearm_nuclei                             | 410 +++++++++++++++++++++
+ samsonov/nuclei_api/main.py                        | 116 +++++-
+ .../pentest_orchestrator/plugins/plugin_burp.py    | 326 ----------------
+ .../pentest_orchestrator/plugins/plugin_nuclei.py  |  28 ++
+ scripts/gameover.sh                                |  18 -
+ scripts/stack_burp.export                          |  57 ---
+ stack/40-service-borodino.yml                      | 139 ++++++-
+ 13 files changed, 1082 insertions(+), 411 deletions(-)
+```

content/posts/commits/2026-04-03-commit-f6b4ac5.md

@@ -0,0 +1,85 @@
+---
+title: "[bojemoi] feat: Ollama/Mistral local inference + remove Burp Suite + C2 listener auto-start"
+date: 2026-04-03T16:11:02+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit f6b4ac5 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `f6b4ac5`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `f6b4ac5822c8eb8186be28a2bc30af8d332757db` |
+
+
+### Description
+
+Ollama/Mistral migration (ml-threat):
+- Add 51-service-ollama.yml: Ollama GPU stack on meta-68 (T400), OLLAMA_LOAD_TIMEOUT=300
+- Replace Anthropic API with Ollama OpenAI-compatible endpoint in 45-service-ml-threat-intel.yml
+- Remove anthropic_api_key secret, add OLLAMA_BASE_URL env var
+
+Remove Burp Suite integration:
+- Drop plugin_burp from pentest orchestrator, commands, wiki, test scripts
+- Remove burp config block from config.json
+
+MSF teamserver:
+- Auto-start C2 multi/handler (windows/x64/meterpreter/reverse_https) on startup
+- Support C2_REDIRECTORS env for OverrideLHOST/LPORT
+
+ak47: switch from msfconsole db_nmap to local nmap + msf_import.pyc
+
+ZAP scanner:
+- Replace token auth with basic auth (FARADAY_USER/FARADAY_PASSWORD)
+- Add faraday_get_or_create_host() for v3 API compliance
+- Skip active scan when spider finds 0 URLs (host unreachable)
+- Fix CIDR mask in build_url() and Faraday host IP
+
+provision-redirector.sh: embed VPN config + MSF target as Fly secrets
+
+Prometheus: update basicauth hash
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	.claude/commands/pentest.md
+M	borodino/start_msf_server.sh
+M	borodino/thearm_ak47
+M	oblast-1/zap_scanner.py
+M	samsonov/pentest_orchestrator/config/config.json
+M	samsonov/pentest_orchestrator/main.py
+M	scripts/provision-redirector.sh
+M	scripts/test_wget.sh
+M	stack/01-service-hl.yml
+M	stack/45-service-ml-threat-intel.yml
+A	stack/51-service-ollama.yml
+M	stack/READ.me
+M	wiki/Pentest-Orchestrator.md
+```
+
+### Diff Summary
+
+```
+ .claude/commands/pentest.md                      |  2 +-
+ borodino/start_msf_server.sh                     | 25 +++++++-
+ borodino/thearm_ak47                             |  7 +-
+ oblast-1/zap_scanner.py                          | 81 +++++++++++++++++++-----
+ samsonov/pentest_orchestrator/config/config.json |  7 +-
+ samsonov/pentest_orchestrator/main.py            |  4 +-
+ scripts/provision-redirector.sh                  | 27 +++++++-
+ scripts/test_wget.sh                             |  2 -
+ stack/01-service-hl.yml                          |  5 +-
+ stack/45-service-ml-threat-intel.yml             |  5 +-
+ stack/51-service-ollama.yml                      | 51 +++++++++++++++
+ stack/READ.me                                    |  2 +-
+ wiki/Pentest-Orchestrator.md                     |  1 -
+ 13 files changed, 179 insertions(+), 40 deletions(-)
+```

content/posts/commits/2026-04-04-commit-fb7c5ff.md

@@ -0,0 +1,77 @@
+---
+title: "[bojemoi] feat: Ollama AI template gen, C2 proxy_proto, ZAP throttle, vulnx removal"
+date: 2026-04-04T00:23:54+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit fb7c5ff par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `fb7c5ff`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `fb7c5ffb383f76bef73929f3d716a83cbf252e23` |
+
+
+### Description
+
+Ollama × Nuclei AI (option 1):
+- nuclei_ai.py: NucleiAI class with suggest_tags(), analyze_findings(),
+  generate_templates() (up to 2 custom YAML templates per scan context)
+- main.py: scan_details field in ScanRequest, AI template pre-scan pass,
+  merge results, pyyaml added to pip install
+- thearm_nuclei: enrich_tags() via Ollama, submit_scan() passes scan_details
+- 51-service-ollama.yml: placement via node.labels.nvidia.vgpu instead of hostname
+
+C2 redirector Proxy Protocol (real client IPs in redirector_hits):
+- nginx.conf: listen 443 ssl proxy_protocol, log $proxy_protocol_addr
+- provision-redirector.sh: --port 443:443/tcp:proxy_proto
+- thearm_logpull: FLY_API_TOKEN env var (fix broken --access-token flag),
+  level_re parser (fix rfind(']') bug finding wrong bracket)
+
+ZAP/Faraday CPU fix (periodic 100% CPU on meta-69):
+- zap_scanner.py: time.sleep(0.15) throttle between Faraday POSTs
+- ZAP_CONCURRENCY 3→1, resource limits on zaproxy (2CPU/4G),
+  zap-scanner (0.5CPU/256M), faraday (1.5CPU/2G)
+
+Housekeeping:
+- startover.sh: force-restart nuclei-api after borodino deploy
+- Remove vulnx service (orphaned, superseded by nuclei)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/redirector/nginx.conf
+M	borodino/thearm_logpull
+M	borodino/thearm_nuclei
+M	oblast-1/zap_scanner.py
+M	samsonov/nuclei_api/main.py
+A	samsonov/nuclei_api/nuclei_ai.py
+M	scripts/provision-redirector.sh
+M	scripts/startover.sh
+M	stack/40-service-borodino.yml
+M	stack/51-service-ollama.yml
+```
+
+### Diff Summary
+
+```
+ borodino/redirector/nginx.conf   |  12 +-
+ borodino/thearm_logpull          |  24 ++--
+ borodino/thearm_nuclei           |  82 ++++++++++-
+ oblast-1/zap_scanner.py          |   1 +
+ samsonov/nuclei_api/main.py      |  52 ++++++-
+ samsonov/nuclei_api/nuclei_ai.py | 298 +++++++++++++++++++++++++++++++++++++++
+ scripts/provision-redirector.sh  |   2 +-
+ scripts/startover.sh             |   6 +
+ stack/40-service-borodino.yml    |  79 ++++-------
+ stack/51-service-ollama.yml      |   4 +-
+ 10 files changed, 482 insertions(+), 78 deletions(-)
+```

content/posts/commits/2026-04-05-commit-002f809.md

@@ -0,0 +1,59 @@
+---
+title: "[bojemoi] feat: uzi_scan_log + zap severity breakdown + nuclei [][]fix + eve-cleaner merge"
+date: 2026-04-05T00:12:44+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 002f809 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `002f809`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `002f809c64fe9361aa36bf46aea23b5e6fe9bf01` |
+
+
+### Description
+
+- borodino/thearm_uzi: add ensure_uzi_scan_log()/mark_uzi_result(), dedup via
+  NOT IN uzi_scan_log, faraday_ok tracking, PG vars fix (YAML merge caveat)
+- oblast-1/zap_scanner.py: add critical/high/medium/low/info columns + faraday_ok
+  to zap_scan_log, severity_breakdown(), faraday_post_vulns() returns int
+- samsonov/nuclei_api/main.py: fix [][]bug (skip empty array lines on AI append),
+  validate JSON in JSONL counter, ai_analysis stored in Redis
+- stack/01-suricata-host.yml: merge dozor eve-cleaner into single service
+- stack/40-service-borodino.yml: add PG vars to uzi-service (YAML merge fix)
+- stack/48-service-dozor.yml: remove eve-cleaner (merged into suricata stack)
+- stack/51-service-ollama.yml: minor update
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/thearm_uzi
+M	oblast-1/zap_scanner.py
+M	samsonov/nuclei_api/main.py
+M	stack/01-suricata-host.yml
+M	stack/40-service-borodino.yml
+M	stack/48-service-dozor.yml
+M	stack/51-service-ollama.yml
+```
+
+### Diff Summary
+
+```
+ borodino/thearm_uzi           | 114 ++++++++++++++++++++++++++++++++++++----
+ oblast-1/zap_scanner.py       | 117 ++++++++++++++++++++++++++++++++++++------
+ samsonov/nuclei_api/main.py   |  61 +++++++++++++++++++---
+ stack/01-suricata-host.yml    |  21 ++++++--
+ stack/40-service-borodino.yml |   5 ++
+ stack/48-service-dozor.yml    |  33 ------------
+ stack/51-service-ollama.yml   |   2 +-
+ 7 files changed, 282 insertions(+), 71 deletions(-)
+```

content/posts/commits/2026-04-05-commit-24c1a17.md

@@ -0,0 +1,61 @@
+---
+title: "[bojemoi] feat(grafana): dashboards bind mount + scan-results dashboard + config swap fix"
+date: 2026-04-05T00:48:14+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 24c1a17 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `24c1a17`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `24c1a17329f8046482acedb7cf6b714be7253f20` |
+
+
+### Description
+
+- stack/01-service-hl.yml:
+  - Grafana: bind mount /opt/bojemoi/volumes/grafana/dashboards → /var/lib/grafana/dashboards
+  - Grafana: rename Docker configs (grafana-datasources_v2, grafana-dashboards-provider_v2)
+    to fix immutability error + correct the datasource/dashboard config swap
+  - Loki: publish port 3100 on host (mode: host) for redirector log drain via VPN
+
+- volumes/grafana/provisioning/dashboards/dashboards.yml:
+  - Cleaned (removed embedded K8s ConfigMap garbage)
+  - 3 providers: Pentest, Security, Attack Heatmap
+
+- volumes/grafana/provisioning/datasources/datasources.yml:
+  - Added PostgreSQL-MSF datasource (postgres:5432/msf) for scan log queries
+
+- volumes/grafana/dashboards/pentest/scan-results.json (NEW):
+  - Dashboard with 3 sections: Nuclei / ZAP / UZI
+  - Stats: total scans, findings/alerts, critical/high, faraday_ok
+  - Tables: top vulns per tool
+  - Pie charts: status breakdown
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/01-service-hl.yml
+A	volumes/grafana/dashboards/pentest/scan-results.json
+M	volumes/grafana/provisioning/dashboards/dashboards.yml
+M	volumes/grafana/provisioning/datasources/datasources.yml
+```
+
+### Diff Summary
+
+```
+ stack/01-service-hl.yml                            |  20 +-
+ .../grafana/dashboards/pentest/scan-results.json   | 202 +++++
+ .../grafana/provisioning/dashboards/dashboards.yml | 838 +--------------------
+ .../provisioning/datasources/datasources.yml       |  18 +
+ 4 files changed, 249 insertions(+), 829 deletions(-)
+```

content/posts/commits/2026-04-05-commit-440a412.md

@@ -0,0 +1,84 @@
+---
+title: "[bojemoi] feat: make project distributable — templatize stacks + install wizard"
+date: 2026-04-05T22:08:33+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 440a412 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `440a412`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `440a4121d9e4b987ff859b4649c06ec9b63dbbd3` |
+
+
+### Description
+
+- Add .env.example with 70+ documented variables (passwords, domains, IPs, paths)
+- Add install.sh: interactive wizard → generates .env → deploys stacks
+- Add scripts/create-secrets.sh: creates all Docker Swarm secrets interactively
+- Rewrite README.md: quickstart, architecture diagram, stack reference, ops guide
+- Templatize all 16 stack files: replace hardcoded values with ${VAR} references
+  - localhost:5000 → ${IMAGE_REGISTRY}
+  - bojemoi.lab → ${LAB_DOMAIN}
+  - /opt/bojemoi → ${BOJEMOI_BASE_PATH}
+  - passwords (bojemoi, bojemoi2, totototo) → ${POSTGRES_PASSWORD}, ${FARADAY_PASSWORD}, etc.
+  - IPs, node hostnames, Telegram chat ID, C2 redirectors → env vars
+- Update .gitignore: add .env.local, .env.*.local
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	.env.example
+M	.gitignore
+M	README.md
+A	install.sh
+A	scripts/create-secrets.sh
+M	stack/01-service-hl.yml
+M	stack/01-suricata-host.yml
+M	stack/40-service-borodino.yml
+M	stack/45-service-ml-threat-intel.yml
+M	stack/46-service-razvedka.yml
+M	stack/47-service-vigie.yml
+M	stack/48-service-dozor.yml
+M	stack/49-service-mcp.yml
+M	stack/50-service-trivy.yml
+M	stack/51-service-ollama.yml
+M	stack/55-service-sentinel.yml
+M	stack/56-service-dvar.yml
+M	stack/60-service-telegram.yml
+M	stack/65-service-medved.yml
+```
+
+### Diff Summary
+
+```
+ .env.example                         | 224 +++++++++++++++++++
+ .gitignore                           |   2 +
+ README.md                            | 225 +++++++++++++++----
+ install.sh                           | 415 +++++++++++++++++++++++++++++++++++
+ scripts/create-secrets.sh            | 212 ++++++++++++++++++
+ stack/01-service-hl.yml              | 200 ++++++++---------
+ stack/01-suricata-host.yml           |  18 +-
+ stack/40-service-borodino.yml        | 136 ++++++------
+ stack/45-service-ml-threat-intel.yml |   8 +-
+ stack/46-service-razvedka.yml        |   4 +-
+ stack/47-service-vigie.yml           |   4 +-
+ stack/48-service-dozor.yml           |   6 +-
+ stack/49-service-mcp.yml             |   2 +-
+ stack/50-service-trivy.yml           |   2 +-
+ stack/51-service-ollama.yml          |  40 +++-
+ stack/55-service-sentinel.yml        |   4 +-
+ stack/56-service-dvar.yml            |   4 +-
+ stack/60-service-telegram.yml        |   4 +-
+ stack/65-service-medved.yml          |   2 +-
+ 19 files changed, 1280 insertions(+), 232 deletions(-)
+```

content/posts/commits/2026-04-05-commit-454674c.md

@@ -0,0 +1,51 @@
+---
+title: "[bojemoi] feat(redirector): Loki log drain via VPN"
+date: 2026-04-05T00:34:18+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 454674c par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `454674c`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `454674c1bdfe9f430e84739cd50ef00fe4e3a8bf` |
+
+
+### Description
+
+- Publish Loki port 3100 on manager host (mode: host)
+- Add loki-shipper.py: tails nginx access.log, batches to Loki every 5s
+- Dockerfile: add python3 + loki-shipper.py
+- entrypoint.sh: real log files (not stdout symlink) + tail for fly logs
+  + start shipper after VPN tunnel is up
+- Fly.io machine updated: REDIRECTOR_NAME=redirector-1, LOKI_URL set
+
+Labels: job=nginx-redirector, app=redirector-1, region=cdg
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/redirector/Dockerfile
+M	borodino/redirector/entrypoint.sh
+A	borodino/redirector/loki-shipper.py
+M	stack/01-service-hl.yml
+```
+
+### Diff Summary
+
+```
+ borodino/redirector/Dockerfile      |  2 +
+ borodino/redirector/entrypoint.sh   | 13 +++++--
+ borodino/redirector/loki-shipper.py | 73 +++++++++++++++++++++++++++++++++++++
+ stack/01-service-hl.yml             |  6 ++-
+ 4 files changed, 90 insertions(+), 4 deletions(-)
+```

content/posts/commits/2026-04-09-commit-0699664.md

@@ -0,0 +1,120 @@
+---
+title: "[bojemoi] feat: multi-service updates — nuclei API, nym-proxy, grafana reorg, prometheus rules"
+date: 2026-04-09T21:55:44+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 0699664 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `0699664`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `06996646ee1025939b579d5e88de77c06bc310e1` |
+
+
+### Description
+
+Services:
+- samsonov/nuclei_api: new Dockerfile + entrypoint; main.py updates
+- samsonov: add Dockerfile.nuclei
+- nym-proxy: new service (Dockerfile + entrypoint)
+- stack: add 02-service-maintenance.yml, 41-service-nym.yml
+- oblast-1: Dockerfile + zap_scanner.py updates
+- tsushima: masscan_msf_script.py updates
+- borodino: osint_lookup.py updates; thearm_ak47/bm12/logpull/nuclei refinements
+- scripts/cccp.sh: orchestration improvements
+
+Grafana / monitoring:
+- dashboards/security/: reorganize sentinel + vigie + security-minimal into subdir
+- dashboards/general/: add loki-stack-monitoring + nvidia-dcgm dashboards
+- dashboards/pentest/: update pentest-overview + scan-results; add vuln-management
+- provisioning/dashboards.yml: reflect new layout
+- prometheus.yml + alert_rules.yml + alerts.yml: rule updates
+- alloy/config.alloy: minor update
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/osint_lookup.py
+M	borodino/thearm_ak47
+M	borodino/thearm_bm12
+M	borodino/thearm_logpull
+M	borodino/thearm_nuclei
+A	nym-proxy/Dockerfile
+A	nym-proxy/entrypoint.sh
+M	oblast-1/Dockerfile.oblast-1
+M	oblast-1/zap_scanner.py
+A	samsonov/Dockerfile.nuclei
+A	samsonov/nuclei_api/Dockerfile
+A	samsonov/nuclei_api/entrypoint.sh
+M	samsonov/nuclei_api/main.py
+A	samsonov/nuclei_api/requirements.txt
+M	scripts/cccp.sh
+A	stack/02-service-maintenance.yml
+A	stack/41-service-nym.yml
+M	tsushima/masscan_msf_script.py
+M	volumes/alloy/config/config.alloy
+D	volumes/grafana/dashboards/dashboard-security-minimal.json
+A	volumes/grafana/dashboards/general/loki-stack-monitoring.json
+A	volumes/grafana/dashboards/general/nvidia-dcgm.json
+M	volumes/grafana/dashboards/pentest/pentest-overview.json
+M	volumes/grafana/dashboards/pentest/scan-results.json
+A	volumes/grafana/dashboards/pentest/vuln-management.json
+A	volumes/grafana/dashboards/security/dashboard-security-minimal.json
+A	volumes/grafana/dashboards/security/sentinel.json
+A	volumes/grafana/dashboards/security/vigie.json
+D	volumes/grafana/dashboards/sentinel.json
+D	volumes/grafana/dashboards/vigie.json
+M	volumes/grafana/provisioning/dashboards/dashboards.yml
+M	volumes/prometheus/prometheus.yml
+M	volumes/prometheus/rules/alert_rules.yml
+M	volumes/prometheus/rules/alerts.yml
+```
+
+### Diff Summary
+
+```
+ borodino/osint_lookup.py                           |   23 +-
+ borodino/thearm_ak47                               |    3 +-
+ borodino/thearm_bm12                               |   19 +-
+ borodino/thearm_logpull                            |   19 +-
+ borodino/thearm_nuclei                             |   19 +-
+ nym-proxy/Dockerfile                               |   19 +
+ nym-proxy/entrypoint.sh                            |   24 +
+ oblast-1/Dockerfile.oblast-1                       |   10 +-
+ oblast-1/zap_scanner.py                            |   26 +-
+ samsonov/Dockerfile.nuclei                         |    1 +
+ samsonov/nuclei_api/Dockerfile                     |   24 +
+ samsonov/nuclei_api/entrypoint.sh                  |   28 +
+ samsonov/nuclei_api/main.py                        |   34 +-
+ samsonov/nuclei_api/requirements.txt               |    6 +
+ scripts/cccp.sh                                    |  474 +++++----
+ stack/02-service-maintenance.yml                   |   31 +
+ stack/41-service-nym.yml                           |   67 ++
+ tsushima/masscan_msf_script.py                     |   26 +-
+ volumes/alloy/config/config.alloy                  |    2 +-
+ .../dashboards/dashboard-security-minimal.json     |   35 -
+ .../dashboards/general/loki-stack-monitoring.json  |  239 +++++
+ .../grafana/dashboards/general/nvidia-dcgm.json    |  804 ++++++++++++++
+ .../dashboards/pentest/pentest-overview.json       |  187 +++-
+ .../grafana/dashboards/pentest/scan-results.json   | 1112 +++++++++++++++++---
+ .../dashboards/pentest/vuln-management.json        |  766 ++++++++++++++
+ .../security/dashboard-security-minimal.json       |   35 +
+ volumes/grafana/dashboards/security/sentinel.json  |  235 +++++
+ volumes/grafana/dashboards/security/vigie.json     |  146 +++
+ volumes/grafana/dashboards/sentinel.json           |  235 -----
+ volumes/grafana/dashboards/vigie.json              |  146 ---
+ .../grafana/provisioning/dashboards/dashboards.yml |   12 +-
+ volumes/prometheus/prometheus.yml                  |   17 +
+ volumes/prometheus/rules/alert_rules.yml           |   15 +-
+ volumes/prometheus/rules/alerts.yml                |   28 +-
+ 34 files changed, 3977 insertions(+), 890 deletions(-)
+```

content/posts/commits/2026-04-09-commit-0e0519a.md

@@ -0,0 +1,51 @@
+---
+title: "[bojemoi] feat(uzi): brute-force credentials Phase 0 sur 15 services"
+date: 2026-04-09T16:22:46+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 0e0519a par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `0e0519a`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `0e0519a10341ca2a19066b4ef4d5a808477f66a6` |
+
+
+### Description
+
+Remplace run_ssh_bruteforce() par une architecture générique :
+- BRUTE_MODULES dict : 15 services (ssh, ftp, telnet, smb, mysql,
+  postgresql, mssql, vnc, snmp, imap, pop3, smtp, http/https,
+  tomcat, mongodb) avec module MSF, ports, wordlists et options
+- run_brute_force_service() : fonction générique auxiliary MSF,
+  gère USER_FILE/PASS_FILE optionnels, THREADS, extra opts,
+  détection sessions et reporting Faraday
+- run_bruteforce_phase() : Phase 0 orchestre tous les services
+  détectés, déduplique par module, respecte attack_surface_key
+  (ex: tomcat uniquement si bm12 l'a confirmé)
+- Toutes les wordlists configurables via env vars (surchargeables
+  dans le stack sans rebuild)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/thearm_uzi
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ borodino/thearm_uzi           | 303 +++++++++++++++++++++++++++++++++++++++++-
+ stack/40-service-borodino.yml | 143 +++++++++++++-------
+ 2 files changed, 395 insertions(+), 51 deletions(-)
+```

content/posts/commits/2026-04-09-commit-10af16e.md

@@ -0,0 +1,58 @@
+---
+title: "[bojemoi] feat(redirector): OPSEC hardening — Let's Encrypt + header suppression + MSF keepalive"
+date: 2026-04-09T21:55:35+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 10af16e par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `10af16e`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `10af16e9fdf0d0548b10291c972dee0b08665722` |
+
+
+### Description
+
+- entrypoint.sh: acquire Let's Encrypt cert via acme.sh at startup (webroot
+  HTTP-01 on redirector-1.fly.dev); fallback self-signed uses CN=api.microsoft.com
+  instead of CN=localhost; register-account step to avoid invalidContact error
+- nginx.conf: load headers_more module + more_clear_headers Server; add ACME
+  challenge location /.well-known/acme-challenge/ and /healthz on port 80
+- Dockerfile: add ca-certificates, libnginx-mod-http-headers-more-filter, socat;
+  download acme.sh script directly (avoids silent pipe install failure)
+- start_msf_server.sh: pipe stdin keepalive (tail -f /dev/null | msfconsole) to
+  prevent handler exit on EOF; add watchdog loop + port 4444 readiness check
+- .claude/commands/opsec-check.md: new /opsec-check skill (6-phase C2 OPSEC audit)
+- .claude/commands/topology.md: new /topology skill (swarm service dependency check)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	.claude/commands/opsec-check.md
+A	.claude/commands/topology.md
+M	borodino/redirector/Dockerfile
+M	borodino/redirector/entrypoint.sh
+M	borodino/redirector/nginx.conf
+M	borodino/start_msf_server.sh
+```
+
+### Diff Summary
+
+```
+ .claude/commands/opsec-check.md   | 242 ++++++++++++++++++++++++++++++++++++++
+ .claude/commands/topology.md      | 150 +++++++++++++++++++++++
+ borodino/redirector/Dockerfile    |  14 ++-
+ borodino/redirector/entrypoint.sh |  54 +++++++--
+ borodino/redirector/nginx.conf    |  21 +++-
+ borodino/start_msf_server.sh      |  37 +++++-
+ 6 files changed, 503 insertions(+), 15 deletions(-)
+```

content/posts/commits/2026-04-09-commit-1e20eb6.md

@@ -0,0 +1,40 @@
+---
+title: "[bojemoi] fix(security): remove postgres port 5432 from public ingress"
+date: 2026-04-09T22:19:57+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 1e20eb6 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `1e20eb6`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `1e20eb638e74ba5a2c1e0595a5992322d141a571` |
+
+
+### Description
+
+Port 5432:5432 was published in ingress mode on base_postgres, making
+PostgreSQL accessible on all Swarm node IPs. Removed — postgres is only
+reachable via the backend overlay network (internal services only).
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/01-service-hl.yml
+```
+
+### Diff Summary
+
+```
+ stack/01-service-hl.yml | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+```

content/posts/commits/2026-04-09-commit-1f2d521.md

@@ -0,0 +1,46 @@
+---
+title: "[bojemoi] feat(opsec-check): +3 phases — DNS empreinte, segmentation pivot, iptables"
+date: 2026-04-09T22:01:00+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 1f2d521 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `1f2d521`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `1f2d52187073118c7ef0a4b4b84cf2449db75128` |
+
+
+### Description
+
+Phase 7 (dns): PTR inverse, crt.sh Certificate Transparency (détecter lien
+cert entre C2 et labo), WHOIS privacy check
+Phase 8 (segmentation): pivot latéral depuis borodino_ak47 — tente grafana,
+gitea, traefik, prometheus; vérifie que postgres/redis/faraday restent joignables
+Phase 9 (iptables): audit DOCKER-USER + FORWARD sur les 4 nœuds Swarm via SSH
+
+Fix phase 3 (scan): borodino_scan_net n'est pas attachable directement —
+exec depuis container ak47 existant via SSH sur le nœud worker
+Fix ProtonVPN detection: accept anapaya/proton orgs (exit IP varie selon serveur)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	.claude/commands/opsec-check.md
+```
+
+### Diff Summary
+
+```
+ .claude/commands/opsec-check.md | 157 +++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 146 insertions(+), 11 deletions(-)
+```

content/posts/commits/2026-04-09-commit-7eedf64.md

@@ -0,0 +1,49 @@
+---
+title: "[bojemoi] feat(uzi): SecLists wordlists + USERPASS_FILE support"
+date: 2026-04-09T16:54:51+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 7eedf64 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `7eedf64`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `7eedf64729b135c3d2ee9bf087b18b3cbf801fd0` |
+
+
+### Description
+
+- SecLists cloné dans /opt/bojemoi/SecLists (gitignore, rsync vers workers)
+- BRUTE_MODULES : USERPASS_FILE prioritaire (user:pass SecLists Default-Credentials)
+  pour ssh/ftp/telnet/mysql/postgresql/mssql/tomcat + fallback USER_FILE/PASS_FILE
+- VNC/SNMP : PASS_FILE only (vnc-betterdefaultpasslist / snmp_default_pass)
+- SMB/IMAP/POP3/SMTP/HTTP/MongoDB : cirt-default-usernames + 10k-most-common
+- run_brute_force_service() : détecte USERPASS_FILE et set aux['USERPASS_FILE']
+- Stack YAML : bind mount /opt/bojemoi/SecLists ro dans uzi
+- Bind mount source corrigé en /opt/bojemoi/SecLists (sous rsync scope)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	.gitignore
+M	borodino/thearm_uzi
+M	stack/40-service-borodino.yml
+```
+
+### Diff Summary
+
+```
+ .gitignore                    |   1 +
+ borodino/thearm_uzi           | 200 ++++++++++++++++++++++++------------------
+ stack/40-service-borodino.yml |  78 +++++++++-------
+ 3 files changed, 160 insertions(+), 119 deletions(-)
+```

content/posts/commits/2026-04-09-commit-e2761e1.md

@@ -0,0 +1,43 @@
+---
+title: "[bojemoi_boot] fix(security): remove dnsmasq webproc port 8080 from public ingress"
+date: 2026-04-09T22:29:01+02:00
+draft: false
+tags: ["commit", "bojemoi_boot", "main"]
+categories: ["Git Activity"]
+summary: "Commit e2761e1 par Betty dans bojemoi_boot"
+author: "Betty"
+---
+
+## Commit `e2761e1`
+
+| | |
+|---|---|
+| **Repository** | bojemoi_boot |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `e2761e17dbeb6ea4e6344ca349d4c3fd4fde1b0b` |
+
+
+### Description
+
+Port 8080 (webproc admin UI) was published directly, accessible from any
+container on the backend/overlay networks. A compromised container could
+rewrite dnsmasq config to redirect internal domains.
+
+Admin UI remains accessible via Traefik at dnsmasq.bojemoi.lab (HTTPS).
+Port 53 (DNS resolution) unchanged.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/01-boot-service.yml
+```
+
+### Diff Summary
+
+```
+ stack/01-boot-service.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+```

content/posts/commits/2026-04-15-commit-4fa26f4.md

@@ -0,0 +1,97 @@
+---
+title: "[bojemoi] feat(vuln-mgmt): migrate Faraday CE → DefectDojo"
+date: 2026-04-15T23:00:02+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 4fa26f4 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `4fa26f4`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `4fa26f4a4ccf477472a6642963dcd9578daf9b83` |
+
+
+### Description
+
+Replace Faraday CE with DefectDojo across the full stack:
+
+- stack/70-service-defectdojo.yml: new stack (nginx+uwsgi+celery+initializer+triage)
+- mcp-server/tools/defectdojo.py: DefectDojo API v2 client (list_products, get_findings, add_finding)
+- medved/honeypot/defectdojo_reporter.py: token-based reporter, idempotent DB column migration
+- faraday-triage/triage.py: rewrite to use REST API instead of direct PostgreSQL access
+- borodino, nuclei-api, zap-scanner: FARADAY_* → DEFECTDOJO_* env vars + dojo_api_token secret
+- nginx: faraday.conf → defectdojo.conf, upstream faraday → defectdojo
+- prometheus: FaradayDown → DefectDojoDown, faraday_vulnerabilities → triage_findings_pending
+
+Fixes: NYM_PROXY :+ interpolation, postgres role password sync, uwsgi DNS alias,
+       node.labels.defectdojo=true on meta-68, old honeypot stack removal.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	faraday-triage/Dockerfile
+A	faraday-triage/requirements.txt
+A	faraday-triage/triage.py
+M	mcp-server/server.py
+A	mcp-server/tools/defectdojo.py
+D	mcp-server/tools/faraday.py
+M	medved/honeypot/config.py
+M	medved/honeypot/db.py
+A	medved/honeypot/defectdojo_reporter.py
+D	medved/honeypot/faraday_reporter.py
+M	medved/honeypot/main.py
+M	medved/honeypot/metrics.py
+M	oblast-1/zap_scanner.py
+M	samsonov/nuclei_api/main.py
+D	samsonov/pentest_orchestrator/plugins/plugin_faraday.py
+M	stack/40-service-borodino.yml
+M	stack/49-service-mcp.yml
+M	stack/65-service-medved.yml
+A	stack/70-service-defectdojo.yml
+M	volumes/nginx/conf.d/default.conf
+A	volumes/nginx/conf.d/sites/defectdojo.conf
+D	volumes/nginx/conf.d/sites/faraday.conf
+M	volumes/nginx/conf.d/upstreams/upstreams.conf
+M	volumes/prometheus/rules/alert_rules.yml
+M	volumes/prometheus/rules/alerts.yml
+```
+
+### Diff Summary
+
+```
+ faraday-triage/Dockerfile                          |  10 +
+ faraday-triage/requirements.txt                    |   3 +
+ faraday-triage/triage.py                           | 354 ++++++++++++++
+ mcp-server/server.py                               |  49 +-
+ mcp-server/tools/defectdojo.py                     | 190 ++++++++
+ mcp-server/tools/faraday.py                        | 126 -----
+ medved/honeypot/config.py                          |  16 +-
+ medved/honeypot/db.py                              |  29 +-
+ medved/honeypot/defectdojo_reporter.py             | 234 +++++++++
+ medved/honeypot/faraday_reporter.py                | 200 --------
+ medved/honeypot/main.py                            |   6 +-
+ medved/honeypot/metrics.py                         |   6 +-
+ oblast-1/zap_scanner.py                            | 212 ++++++---
+ samsonov/nuclei_api/main.py                        | 212 +++++----
+ .../pentest_orchestrator/plugins/plugin_faraday.py | 522 ---------------------
+ stack/40-service-borodino.yml                      |  99 +---
+ stack/49-service-mcp.yml                           |   7 +-
+ stack/65-service-medved.yml                        |  14 +-
+ stack/70-service-defectdojo.yml                    | 295 ++++++++++++
+ volumes/nginx/conf.d/default.conf                  |   6 +-
+ volumes/nginx/conf.d/sites/defectdojo.conf         |  31 ++
+ volumes/nginx/conf.d/sites/faraday.conf            |  65 ---
+ volumes/nginx/conf.d/upstreams/upstreams.conf      |   6 +-
+ volumes/prometheus/rules/alert_rules.yml           |   8 +-
+ volumes/prometheus/rules/alerts.yml                |  52 +-
+ 25 files changed, 1502 insertions(+), 1250 deletions(-)
+```

content/posts/commits/2026-04-16-commit-091a227.md

@@ -0,0 +1,41 @@
+---
+title: "[bojemoi] fix(nuclei): migrate faraday_ok → dojo_imported in thearm_nuclei"
+date: 2026-04-16T10:16:50+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 091a227 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `091a227`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `091a2271ea7dbfd11685b115c4a6e4f67a24e2fe` |
+
+
+### Description
+
+- thearm_nuclei: mark_result() uses dojo_imported (int) instead of faraday_ok (bool)
+- reads dojo_imported from nuclei-api scan response (was faraday_imported)
+- log message updated: faraday= → dojo=
+- DB migration applied: nuclei_scan_log.faraday_ok BOOLEAN → dojo_imported INTEGER
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/thearm_nuclei
+```
+
+### Diff Summary
+
+```
+ borodino/thearm_nuclei | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+```

content/posts/commits/2026-04-16-commit-37b5b4b.md

@@ -0,0 +1,42 @@
+---
+title: "[bojemoi] feat(triage): enable dojo-triage agent (DRY_RUN=false)"
+date: 2026-04-16T17:36:14+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 37b5b4b par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `37b5b4b`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `37b5b4bd32050b4036029d51e0ac415cb475f8bd` |
+
+
+### Description
+
+Triage agent now applies decisions on DefectDojo findings:
+- Closes honeypot findings
+- Risk-accepts: scanner noise (User Agent Fuzzer, ZAP Out of Date),
+  header hygiene findings, Low/Info with no CVE
+- Sends ambiguous cases to Mistral 7b via Ollama
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/70-service-defectdojo.yml
+```
+
+### Diff Summary
+
+```
+ stack/70-service-defectdojo.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+```

content/posts/commits/2026-04-16-commit-497faba.md

@@ -0,0 +1,43 @@
+---
+title: "[bojemoi] fix(uzi): fix Optional import + pymetasploit3 msgpack>=1.0 compatibility"
+date: 2026-04-16T14:23:16+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 497faba par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `497faba`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `497faba5cd7be8edbde2ae3a9d176c31f261f19b` |
+
+
+### Description
+
+- Add missing `from typing import Optional` in thearm_uzi
+- Patch pymetasploit3 msfrpc.py at build time: add raw=False to all
+  msgpack.unpackb() calls to decode bytes keys as strings (msgpack>=1.0
+  changed default from raw=False to raw=True, breaking auth.login check)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/Dockerfile.borodino-msf
+M	borodino/thearm_uzi
+```
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino-msf | 5 ++++-
+ borodino/thearm_uzi              | 1 +
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+```

content/posts/commits/2026-04-16-commit-6d98c32.md

@@ -0,0 +1,42 @@
+---
+title: "[bojemoi] fix(nuclei): add found_by + numerical_severity, fix endpoints format in DefectDojo push"
+date: 2026-04-16T13:46:18+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 6d98c32 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `6d98c32`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `6d98c32d0d45a8671072e6c98828e1805523b52a` |
+
+
+### Description
+
+- Add _NUCLEI_NUM_SEV mapping (S0-S4)
+- _dojo_get_or_create_test now returns (test_id, test_type_id, product_id)
+- Add _dojo_get_or_create_endpoint helper to create proper endpoint IDs
+- push_to_defectdojo: inject found_by, numerical_severity, endpoint IDs
+- Remove invalid endpoints: [{"host": ip}] format (was silently rejected)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	samsonov/nuclei_api/main.py
+```
+
+### Diff Summary
+
+```
+ samsonov/nuclei_api/main.py | 61 ++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 47 insertions(+), 14 deletions(-)
+```

content/posts/commits/2026-04-16-commit-901f0d3.md

@@ -0,0 +1,41 @@
+---
+title: "[bojemoi] fix(zap): create proper DefectDojo endpoints with IDs instead of inline objects"
+date: 2026-04-16T17:27:37+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 901f0d3 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `901f0d3`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `901f0d34cf4915fb56c44dfecea724682aba835d` |
+
+
+### Description
+
+- Add _dojo_product_cache and _dojo_endpoint_cache dicts
+- _dojo_get_or_create_test now also stores product_id in cache
+- Add _dojo_get_or_create_endpoint helper (GET or POST /api/v2/endpoints/)
+- dojo_post_vulns: use endpoint ID in findings instead of {"host": ip} dict
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	oblast-1/zap_scanner.py
+```
+
+### Diff Summary
+
+```
+ oblast-1/zap_scanner.py | 40 +++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 37 insertions(+), 3 deletions(-)
+```

content/posts/commits/2026-04-16-commit-907b0c3.md

@@ -0,0 +1,55 @@
+---
+title: "[bojemoi] fix(vuln-mgmt): wire uzi + zap → DefectDojo, fix dnsmasq"
+date: 2026-04-16T10:08:37+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 907b0c3 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `907b0c3`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `907b0c321c47781a69d53a787b71dab77dc91c7f` |
+
+
+### Description
+
+- borodino/thearm_uzi: migrate Faraday → DefectDojo
+  - Read token from /run/secrets/dojo_api_token (no env vars)
+  - Replace faraday_get_or_create_host + faraday_report_pwn
+    with _dojo_get_or_create_test + dojo_report_pwn
+  - Auto-creates Product/Engagement/Test hierarchy on first pwn
+- oblast-1/zap_scanner.py: fix required DefectDojo fields
+  - Add numerical_severity (S0-S4) to findings
+  - Add found_by (test_type_id) via _dojo_test_type_cache
+  - Use ZAP Scan test_type instead of Manual
+- stack/70-service-defectdojo.yml: remove bad prometheus label (port 9113)
+- volumes/dnsmask/01-base.conf: dojo.bojemoi.lab + defectdojo.bojemoi.lab,
+  remove duplicate faraday entries
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/thearm_uzi
+M	oblast-1/zap_scanner.py
+M	stack/70-service-defectdojo.yml
+M	volumes/dnsmask/dnsmask.d/01-base.conf
+```
+
+### Diff Summary
+
+```
+ borodino/thearm_uzi                    | 192 +++++++++++++++++++++------------
+ oblast-1/zap_scanner.py                |  20 +++-
+ stack/70-service-defectdojo.yml        |   3 -
+ volumes/dnsmask/dnsmask.d/01-base.conf |   5 +-
+ 4 files changed, 142 insertions(+), 78 deletions(-)
+```

content/posts/commits/2026-04-16-commit-93d5ceb.md

@@ -0,0 +1,40 @@
+---
+title: "[bojemoi] feat(grafana): add DefectDojo section to vuln-management dashboard"
+date: 2026-04-16T10:21:05+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 93d5ceb par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `93d5ceb`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `93d5ceb634e132427c14c83c734e727d20d3853c` |
+
+
+### Description
+
+8 new panels: pending findings by severity (Critical/High/Medium stats),
+ZAP + nuclei import totals, LLM triage errors, findings timeseries.
+Sources: Prometheus (triage metrics) + PostgreSQL (scan logs).
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	volumes/grafana/dashboards/pentest/vuln-management.json
+```
+
+### Diff Summary
+
+```
+ .../dashboards/pentest/vuln-management.json        | 1197 +++++++++++++++++++-
+ 1 file changed, 1196 insertions(+), 1 deletion(-)
+```

content/posts/commits/2026-04-17-commit-047a7a8.md

@@ -0,0 +1,57 @@
+---
+title: "[bojemoi] docs: update ARCHITECTURE + README, add runbook"
+date: 2026-04-17T13:23:30+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 047a7a8 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `047a7a8`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `047a7a8b405d067390dec85e75fe966211fea33b` |
+
+
+### Description
+
+- ARCHITECTURE.md: Faraday → DefectDojo, add dojo/ptaas-init/c2-monitor stacks,
+  fix MCP tools (list_products/get_findings/add_finding), fix postgres dir
+- README.md: Faraday → DefectDojo, fix medved description, add dojo stack
+- docs/runbook/: 6 runbooks ops (protonmail, borodino, secrets, nodes, stacks, postgres-ssl)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	ARCHITECTURE.md
+M	README.md
+A	docs/runbook/README.md
+A	docs/runbook/borodino-rebuild.md
+A	docs/runbook/docker-secrets.md
+A	docs/runbook/node-access.md
+A	docs/runbook/postgres-ssl.md
+A	docs/runbook/protonmail-bridge.md
+A	docs/runbook/stack-deploy.md
+```
+
+### Diff Summary
+
+```
+ ARCHITECTURE.md                   | 20 ++++++-----
+ README.md                         | 13 +++----
+ docs/runbook/README.md            | 12 +++++++
+ docs/runbook/borodino-rebuild.md  | 44 ++++++++++++++++++++++++
+ docs/runbook/docker-secrets.md    | 54 +++++++++++++++++++++++++++++
+ docs/runbook/node-access.md       | 49 ++++++++++++++++++++++++++
+ docs/runbook/postgres-ssl.md      | 52 ++++++++++++++++++++++++++++
+ docs/runbook/protonmail-bridge.md | 69 +++++++++++++++++++++++++++++++++++++
+ docs/runbook/stack-deploy.md      | 72 +++++++++++++++++++++++++++++++++++++++
+ 9 files changed, 371 insertions(+), 14 deletions(-)
+```

content/posts/commits/2026-04-17-commit-081acdb.md

@@ -0,0 +1,40 @@
+---
+title: "[bojemoi] feat(monitoring): prometheus targets + alert rules + alloy config"
+date: 2026-04-17T13:20:11+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 081acdb par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `081acdb`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `081acdb0c6ee7a6fb2cd6569119f19627db62fb0` |
+
+
+### Description
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	volumes/alloy/config/config.alloy
+M	volumes/prometheus/prometheus.yml
+M	volumes/prometheus/rules/alerts.yml
+```
+
+### Diff Summary
+
+```
+ volumes/alloy/config/config.alloy   |  4 ++--
+ volumes/prometheus/prometheus.yml   |  5 +++++
+ volumes/prometheus/rules/alerts.yml | 21 +++++++++++++++++++++
+ 3 files changed, 28 insertions(+), 2 deletions(-)
+```

content/posts/commits/2026-04-17-commit-13e2bf9.md

@@ -0,0 +1,51 @@
+---
+title: "[bojemoi] fix: borodino/nym/zap/nuclei — pending fixes"
+date: 2026-04-17T13:20:04+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 13e2bf9 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `13e2bf9`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `13e2bf9dcf422f9eef2557f5cc3b3abfb1767952` |
+
+
+### Description
+
+- borodino: msf_server startup + uzi Optional import fix
+- nym-proxy: Dockerfile update
+- oblast-1: Dockerfile + zap_scanner.py DefectDojo endpoints fix
+- nuclei_api: found_by + numerical_severity + endpoints format
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	borodino/start_msf_server.sh
+M	borodino/thearm_uzi
+M	nym-proxy/Dockerfile
+M	oblast-1/Dockerfile.oblast-1
+M	oblast-1/zap_scanner.py
+M	samsonov/nuclei_api/main.py
+```
+
+### Diff Summary
+
+```
+ borodino/start_msf_server.sh | 25 +++++++++++++++++++++++--
+ borodino/thearm_uzi          |  7 ++++++-
+ nym-proxy/Dockerfile         |  2 +-
+ oblast-1/Dockerfile.oblast-1 |  2 --
+ oblast-1/zap_scanner.py      |  8 +++++++-
+ samsonov/nuclei_api/main.py  |  7 ++++++-
+ 6 files changed, 43 insertions(+), 8 deletions(-)
+```

content/posts/commits/2026-04-17-commit-1c2ee83.md

@@ -0,0 +1,44 @@
+---
+title: "[bojemoi] feat(postgres): init SQL — create all databases on first start"
+date: 2026-04-17T13:35:01+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 1c2ee83 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `1c2ee83`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `1c2ee83151ef77c8f92365a2b126e06a8372d4c6` |
+
+
+### Description
+
+- volumes/postgres/init/01-create-databases.sql: CREATE DATABASE for
+  msf, grafana, ip2location, karacho, bojemoi_threat_intel,
+  defectdojo, razvedka, vigie, sentinel
+- stack/01-service-hl.yml: mount init SQL via Docker config
+  at /docker-entrypoint-initdb.d/ (executed once on empty data dir)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/01-service-hl.yml
+A	volumes/postgres/init/01-create-databases.sql
+```
+
+### Diff Summary
+
+```
+ stack/01-service-hl.yml                       |  7 +++
+ volumes/postgres/init/01-create-databases.sql | 76 +++++++++++++++++++++++++++
+ 2 files changed, 83 insertions(+)
+```

content/posts/commits/2026-04-17-commit-4adce3e.md

@@ -0,0 +1,66 @@
+---
+title: "[bojemoi] feat: new components — c2-monitor, ptaas-init, postgres-ssl, RIPE import"
+date: 2026-04-17T13:20:30+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 4adce3e par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `4adce3e`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `4adce3e1621ea335306353b5fda41d5cf24274d3` |
+
+
+### Description
+
+- ARCHITECTURE.md: full architecture document
+- c2-monitor/: C2 session monitoring service
+- ptaas-init/: PTaaS initialization service
+- borodino/Dockerfile.postgres-ssl: postgres with SSL support
+- volumes/postgres/: custom entrypoint + postgresql.conf
+- scripts/import_ripe_cidrs.py: RIPE CIDR import tool
+- stack/02-init-ptaas.yml: PTaaS init stack
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	ARCHITECTURE.md
+A	borodino/Dockerfile.postgres-ssl
+A	c2-monitor/Dockerfile
+A	c2-monitor/monitor.py
+A	c2-monitor/requirements.txt
+A	ptaas-init/Dockerfile
+A	ptaas-init/init.py
+A	ptaas-init/requirements.txt
+A	scripts/import_ripe_cidrs.py
+A	stack/02-init-ptaas.yml
+A	volumes/postgres/conf/pg_hba.conf
+A	volumes/postgres/postgres-entrypoint.sh
+```
+
+### Diff Summary
+
+```
+ ARCHITECTURE.md                         | 319 ++++++++++++++++++++++++++++++++
+ borodino/Dockerfile.postgres-ssl        |   6 +
+ c2-monitor/Dockerfile                   |  10 +
+ c2-monitor/monitor.py                   | 205 ++++++++++++++++++++
+ c2-monitor/requirements.txt             |   4 +
+ ptaas-init/Dockerfile                   |  12 ++
+ ptaas-init/init.py                      | 241 ++++++++++++++++++++++++
+ ptaas-init/requirements.txt             |   3 +
+ scripts/import_ripe_cidrs.py            | 113 +++++++++++
+ stack/02-init-ptaas.yml                 |  64 +++++++
+ volumes/postgres/conf/pg_hba.conf       |  22 +++
+ volumes/postgres/postgres-entrypoint.sh |  14 ++
+ 12 files changed, 1013 insertions(+)
+```

content/posts/commits/2026-04-17-commit-4e1f103.md

@@ -0,0 +1,68 @@
+---
+title: "[bojemoi] chore: exclude postgres SSL certs + remove obsolete scripts"
+date: 2026-04-17T13:19:58+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 4e1f103 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `4e1f103`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `4e1f103ac7d679c59333e5c470d3d40a586c5ef2` |
+
+
+### Description
+
+- .gitignore: add volumes/postgres/ssl/ (private keys)
+- scripts: rm 14 obsolete files (v1 backups, .export snapshots,
+  Faraday migration scripts, test stubs, duplicate versions)
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	.gitignore
+D	scripts/cccp-v2.sh
+D	scripts/cccp.sh.1
+D	scripts/check_image_v1.py
+D	scripts/import_2_faraday.py
+D	scripts/mockba-v1.sh
+D	scripts/orchestrator-zap-nuclei-faraday.sh
+D	scripts/stack_armement.export
+D	scripts/stack_base.export
+D	scripts/stack_faraday.export
+D	scripts/stack_masscan.export
+D	scripts/stack_owasp.export
+D	scripts/test_deploiement.sh
+D	scripts/test_reso.sh
+D	scripts/test_wget.sh
+```
+
+### Diff Summary
+
+```
+ .gitignore                                 |   1 +
+ scripts/cccp-v2.sh                         | 195 -------------
+ scripts/cccp.sh.1                          | 138 ---------
+ scripts/check_image_v1.py                  | 451 -----------------------------
+ scripts/import_2_faraday.py                | 118 --------
+ scripts/mockba-v1.sh                       | 114 --------
+ scripts/orchestrator-zap-nuclei-faraday.sh | 154 ----------
+ scripts/stack_armement.export              | 113 --------
+ scripts/stack_base.export                  | 431 ---------------------------
+ scripts/stack_faraday.export               |  51 ----
+ scripts/stack_masscan.export               |  42 ---
+ scripts/stack_owasp.export                 |  66 -----
+ scripts/test_deploiement.sh                |  10 -
+ scripts/test_reso.sh                       |   6 -
+ scripts/test_wget.sh                       |  48 ---
+ 15 files changed, 1 insertion(+), 1937 deletions(-)
+```

content/posts/commits/2026-04-17-commit-9e5b612.md

@@ -0,0 +1,51 @@
+---
+title: "[bojemoi] feat(grafana): update pentest + security dashboards"
+date: 2026-04-17T13:20:16+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 9e5b612 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `9e5b612`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `9e5b61253fc0cfcb99b714f8e0befb943bfd7d15` |
+
+
+### Description
+
+- pentest-overview: extended panels
+- scan-results: refactor
+- c2-sessions: new dashboard
+- security: sentinel, vigie, dashboard-security-minimal updates
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	volumes/grafana/dashboards/pentest/c2-sessions.json
+M	volumes/grafana/dashboards/pentest/pentest-overview.json
+M	volumes/grafana/dashboards/pentest/scan-results.json
+M	volumes/grafana/dashboards/security/dashboard-security-minimal.json
+M	volumes/grafana/dashboards/security/sentinel.json
+M	volumes/grafana/dashboards/security/vigie.json
+```
+
+### Diff Summary
+
+```
+ .../grafana/dashboards/pentest/c2-sessions.json    | 198 +++++
+ .../dashboards/pentest/pentest-overview.json       | 256 +++++-
+ .../grafana/dashboards/pentest/scan-results.json   | 966 +++++----------------
+ .../security/dashboard-security-minimal.json       |   2 +-
+ volumes/grafana/dashboards/security/sentinel.json  |  14 +-
+ volumes/grafana/dashboards/security/vigie.json     |  12 +-
+ 6 files changed, 678 insertions(+), 770 deletions(-)
+```

content/posts/commits/2026-04-17-commit-b9abb6d.md

@@ -0,0 +1,44 @@
+---
+title: "[bojemoi] feat(stacks): update base, borodino, nym, dozor, ollama"
+date: 2026-04-17T13:20:08+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit b9abb6d par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `b9abb6d`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `b9abb6d91f5394729b4d1ecedeb87dc234687111` |
+
+
+### Description
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	stack/01-service-hl.yml
+M	stack/40-service-borodino.yml
+M	stack/41-service-nym.yml
+M	stack/48-service-dozor.yml
+M	stack/51-service-ollama.yml
+```
+
+### Diff Summary
+
+```
+ stack/01-service-hl.yml       | 65 ++++++++++++++++++++++++++++++++++--------
+ stack/40-service-borodino.yml | 66 +++++++++++++++++++++++++++++++++++++++++++
+ stack/41-service-nym.yml      |  6 ++--
+ stack/48-service-dozor.yml    |  3 ++
+ stack/51-service-ollama.yml   |  3 ++
+ 5 files changed, 129 insertions(+), 14 deletions(-)
+```

content/posts/commits/2026-04-17-commit-cf02179.md

@@ -0,0 +1,36 @@
+---
+title: "[bojemoi] chore(claude): update monitor command"
+date: 2026-04-17T13:20:20+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit cf02179 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `cf02179`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `cf02179d21e380fa07b6c8ed6cc36bb3b32ac5fc` |
+
+
+### Description
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	.claude/commands/monitor.md
+```
+
+### Diff Summary
+
+```
+ .claude/commands/monitor.md | 48 ++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 47 insertions(+), 1 deletion(-)
+```

content/posts/commits/2026-04-17-commit-eb9a1ee.md

@@ -0,0 +1,48 @@
+---
+title: "[bojemoi] feat(packaging): package-dist.sh + Makefile + install/env fixes"
+date: 2026-04-17T13:37:34+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit eb9a1ee par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `eb9a1ee`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `eb9a1ee7a3e8e4ebd4fcc2eaed96bccb017bb639` |
+
+
+### Description
+
+- scripts/package-dist.sh: génère archive de distribution
+  (.pyc only, stacks défensifs, Dockerfiles, configs, docs)
+- Makefile: targets build/push/deploy/status/validate/clean/nodes
+- install.sh: Faraday → DefectDojo, add dojo stack
+- .env.example: Faraday → DefectDojo section
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	.env.example
+A	Makefile
+M	install.sh
+A	scripts/package-dist.sh
+```
+
+### Diff Summary
+
+```
+ .env.example            |  18 +--
+ Makefile                | 108 +++++++++++++++++
+ install.sh              |  19 +--
+ scripts/package-dist.sh | 305 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 432 insertions(+), 18 deletions(-)
+```

content/posts/commits/2026-04-24-commit-4aba669.md

@@ -0,0 +1,79 @@
+---
+title: "[bojemoi] feat(orchestrator): local cloud-init templates — remove Gitea runtime dependency"
+date: 2026-04-24T22:34:13+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 4aba669 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `4aba669`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `4aba669f0e4971f0d1a4da8bd6e68d3883474c54` |
+
+
+### Description
+
+Templates are now stored in provisioning/cloud-init/ (synced from Gitea
+bojemoi-configs via SSH) and mounted read-only into the orchestrator container
+at /app/cloud-init.
+
+- Add LocalTemplateClient (mirrors GiteaClient interface, reads from disk)
+- Add TEMPLATES_DIR setting in config.py (default /app/cloud-init)
+- Swap all template calls in main.py from gitea_client → template_client
+- CloudInitGenerator now receives template_client instead of gitea_client
+- Add bind-mount in stack/01-service-hl.yml: provisioning/cloud-init → /app/cloud-init:ro
+- Gitea client retained only for health-check ping
+
+Fixes: VM deploys silently failing when Gitea TLS cert expires.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	provisioning/cloud-init/alpine/database.yaml
+A	provisioning/cloud-init/alpine/minimal.yaml
+A	provisioning/cloud-init/alpine/webserver.yaml
+A	provisioning/cloud-init/common/hardening.sh
+A	provisioning/cloud-init/common/setup_docker.sh
+A	provisioning/cloud-init/common/setup_monitoring.sh
+A	provisioning/cloud-init/debian/default.yaml
+A	provisioning/cloud-init/debian/webserver.yaml
+A	provisioning/cloud-init/ubuntu/database.yaml
+A	provisioning/cloud-init/ubuntu/default.yaml
+A	provisioning/cloud-init/ubuntu/webserver.yaml
+M	provisioning/orchestrator/app/config.py
+M	provisioning/orchestrator/app/main.py
+M	provisioning/orchestrator/app/services/cloudinit_gen.py
+A	provisioning/orchestrator/app/services/local_template_client.py
+M	stack/01-service-hl.yml
+```
+
+### Diff Summary
+
+```
+ provisioning/cloud-init/alpine/database.yaml       |  62 +++++++
+ provisioning/cloud-init/alpine/minimal.yaml        |  41 +++++
+ provisioning/cloud-init/alpine/webserver.yaml      |  65 +++++++
+ provisioning/cloud-init/common/hardening.sh        |  92 ++++++++++
+ provisioning/cloud-init/common/setup_docker.sh     |  64 +++++++
+ provisioning/cloud-init/common/setup_monitoring.sh |  50 ++++++
+ provisioning/cloud-init/debian/default.yaml        |  54 ++++++
+ provisioning/cloud-init/debian/webserver.yaml      |  72 ++++++++
+ provisioning/cloud-init/ubuntu/database.yaml       |  73 ++++++++
+ provisioning/cloud-init/ubuntu/default.yaml        |  54 ++++++
+ provisioning/cloud-init/ubuntu/webserver.yaml      |  72 ++++++++
+ provisioning/orchestrator/app/config.py            |  54 ++++--
+ provisioning/orchestrator/app/main.py              | 191 ++++++---------------
+ .../orchestrator/app/services/cloudinit_gen.py     |   8 +-
+ .../app/services/local_template_client.py          | 159 +++++++++++++++++
+ stack/01-service-hl.yml                            |  88 ++++++----
+ 16 files changed, 998 insertions(+), 201 deletions(-)
+```

content/posts/commits/2026-04-24-commit-760c08d.md

@@ -0,0 +1,41 @@
+---
+title: "[bojemoi] docs(orchestrator): add user manual — provisioning/MANUAL.md"
+date: 2026-04-24T22:38:08+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit 760c08d par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `760c08d`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `760c08d40031e164fca4bd6a12afa63f75add97b` |
+
+
+### Description
+
+Covers all API endpoints (VM deploy, container deploy, Rapid7 debug VM,
+VulnHub catalogue, host_debug, templates, blockchain, metrics), IP
+validation, ops procedures (rebuild/redeploy, template sync), and
+Jinja2 template authoring guide.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+A	provisioning/MANUAL.md
+```
+
+### Diff Summary
+
+```
+ provisioning/MANUAL.md | 581 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 581 insertions(+)
+```

content/posts/commits/2026-04-24-commit-e8778da.md

@@ -0,0 +1,69 @@
+---
+title: "[bojemoi] feat(orchestrator): xe-guest-utilities in cloud-init, IP detection, boot disk from VDI"
+date: 2026-04-24T23:00:22+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit e8778da par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `e8778da`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `e8778da95365c0e582aa011e7b12243abd6cf380` |
+
+
+### Description
+
+Problem: alpine-meta XenServer template has no disk (CD-only); VMs halted
+immediately. IP was never detected because XenTools had nothing to run on.
+
+Changes:
+- cloud-init alpine/minimal,webserver,database: add xe-guest-utilities to
+  packages, rc-update add + rc-service start in runcmd so XenStore gets
+  the guest IP after first boot
+- xenserver_client_real.py create_vm: after VM.provision(), check if any
+  disk VBD exists. If not and boot_vdi_uuid is provided, copy the source
+  VDI into the same SR, resize to requested disk size, and attach as
+  primary bootable disk (userdevice=0, type=Disk, bootable=True).
+  Removed the old step-4 pre-provision resize loop (now handled post-provision).
+- config.py: add ALPINE_BOOT_VDI_UUID (df288d22-..., "alpine root" VDI)
+- main.py: pass boot_vdi_uuid=settings.ALPINE_BOOT_VDI_UUID for alpine
+  deploys; poll for guest IP after VM creation; register real IP in
+  host_debug (fallback to UUID if XenTools not ready within timeout)
+- schemas.py: add ip_poll_timeout to VMDeployRequest (default 120s, 0=skip);
+  add ip_address to DeploymentResponse
+
+Tested: test-alpine-01 deployed, IP=192.168.1.247, host_debug id=5.
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	provisioning/cloud-init/alpine/database.yaml
+M	provisioning/cloud-init/alpine/minimal.yaml
+M	provisioning/cloud-init/alpine/webserver.yaml
+M	provisioning/orchestrator/app/config.py
+M	provisioning/orchestrator/app/main.py
+M	provisioning/orchestrator/app/models/schemas.py
+M	provisioning/orchestrator/app/services/xenserver_client_real.py
+```
+
+### Diff Summary
+
+```
+ provisioning/cloud-init/alpine/database.yaml       |  4 ++
+ provisioning/cloud-init/alpine/minimal.yaml        |  4 ++
+ provisioning/cloud-init/alpine/webserver.yaml      |  4 ++
+ provisioning/orchestrator/app/config.py            |  3 +
+ provisioning/orchestrator/app/main.py              | 32 +++++++--
+ provisioning/orchestrator/app/models/schemas.py    |  7 ++
+ .../app/services/xenserver_client_real.py          | 75 ++++++++++++++++++----
+ 7 files changed, 109 insertions(+), 20 deletions(-)
+```

content/posts/commits/2026-04-24-commit-fad9bc3.md

@@ -0,0 +1,144 @@
+---
+title: "[bojemoi] feat: merge DefectDojo into borodino stack, add alert-agent, discord, suricata-exporter"
+date: 2026-04-24T22:36:02+02:00
+draft: false
+tags: ["commit", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Commit fad9bc3 par Betty dans bojemoi"
+author: "Betty"
+---
+
+## Commit `fad9bc3`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Author** | Betty |
+| **Hash** | `fad9bc309a6829eab6c423395fcbdaf8e043a282` |
+
+
+### Description
+
+Stack consolidation:
+- Move DefectDojo (nginx, uWSGI, Celery Beat/Worker, initializer, dojo-triage)
+  from standalone 70-service-defectdojo.yml into 40-service-borodino.yml
+- Move nym-proxy from 41-service-nym.yml into borodino stack
+- Delete stack/70-service-defectdojo.yml and stack/41-service-nym.yml
+- Add c2-monitor service to borodino stack
+
+New components:
+- alert-agent/ + stack/48-service-alert-agent.yml — alert routing agent
+- suricata-exporter/ — Prometheus exporter for Suricata
+- discord/ — Discord channel provisioning scripts (populate, post_architecture,
+  post_blueteam, post_infra_channels, post_intel_channels, cleanup)
+- scripts/gameover.sh — full teardown script
+- scripts/startover.sh — full deploy with Alertmanager silence support
+
+Service updates:
+- razvedka: Dockerfile + config update
+- vigie: Dockerfile + config update
+- provisioning/orchestrator/app/services/database.py: refactored
+- stack/01-suricata-host.yml, 02-service-maintenance.yml,
+  45-service-ml-threat-intel.yml, 60-service-telegram.yml: minor fixes
+- volumes/alertmanager/alertmanager.yml, dnsmask.conf, suricata.yaml: config updates
+
+Docs:
+- ARCHITECTURE.md: update node labels, stack table, DefectDojo section, c2-monitor flow
+
+Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
+
+### Files Changed
+
+```
+M	ARCHITECTURE.md
+A	alert-agent/Dockerfile.alert-agent
+A	alert-agent/alert_agent/__init__.py
+A	alert-agent/alert_agent/__main__.py
+A	alert-agent/alert_agent/actions.py
+A	alert-agent/alert_agent/alerter.py
+A	alert-agent/alert_agent/config.py
+A	alert-agent/alert_agent/db.py
+A	alert-agent/alert_agent/enricher.py
+A	alert-agent/alert_agent/llm.py
+A	alert-agent/alert_agent/metrics.py
+A	alert-agent/alert_agent/webhook.py
+A	alert-agent/requirements.txt
+A	discord/ARCHITECTURE.md
+A	discord/cleanup.py
+A	discord/populate.py
+A	discord/post_architecture.py
+A	discord/post_blueteam.py
+A	discord/post_infra_channels.py
+A	discord/post_intel_channels.py
+M	provisioning/orchestrator/app/services/database.py
+M	razvedka/Dockerfile.razvedka
+M	razvedka/auth_helper.py
+M	razvedka/razvedka/config.py
+A	scripts/gameover.sh
+M	scripts/startover.sh
+M	stack/01-suricata-host.yml
+M	stack/02-service-maintenance.yml
+M	stack/40-service-borodino.yml
+D	stack/41-service-nym.yml
+M	stack/45-service-ml-threat-intel.yml
+M	stack/46-service-razvedka.yml
+M	stack/47-service-vigie.yml
+A	stack/48-service-alert-agent.yml
+M	stack/60-service-telegram.yml
+D	stack/70-service-defectdojo.yml
+A	suricata-exporter/Dockerfile
+M	vigie/Dockerfile.vigie
+M	vigie/vigie/config.py
+M	volumes/alertmanager/alertmanager.yml
+M	volumes/dnsmask/dnsmask.conf
+M	volumes/suricata/suricata.yaml
+```
+
+### Diff Summary
+
+```
+ ARCHITECTURE.md                                    |  65 +++-
+ alert-agent/Dockerfile.alert-agent                 |  17 +
+ alert-agent/alert_agent/__init__.py                |   0
+ alert-agent/alert_agent/__main__.py                |  45 +++
+ alert-agent/alert_agent/actions.py                 | 146 +++++++
+ alert-agent/alert_agent/alerter.py                 |  58 +++
+ alert-agent/alert_agent/config.py                  |  58 +++
+ alert-agent/alert_agent/db.py                      | 107 ++++++
+ alert-agent/alert_agent/enricher.py                | 105 ++++++
+ alert-agent/alert_agent/llm.py                     |  99 +++++
+ alert-agent/alert_agent/metrics.py                 |  25 ++
+ alert-agent/alert_agent/webhook.py                 | 125 ++++++
+ alert-agent/requirements.txt                       |   6 +
+ discord/ARCHITECTURE.md                            |   0
+ discord/cleanup.py                                 |  47 +++
+ discord/populate.py                                | 420 +++++++++++++++++++++
+ discord/post_architecture.py                       |  88 +++++
+ discord/post_blueteam.py                           | 175 +++++++++
+ discord/post_infra_channels.py                     | 321 ++++++++++++++++
+ discord/post_intel_channels.py                     | 242 ++++++++++++
+ provisioning/orchestrator/app/services/database.py | 231 +++---------
+ razvedka/Dockerfile.razvedka                       |   3 +
+ razvedka/auth_helper.py                            |  10 +-
+ razvedka/razvedka/config.py                        |   4 +
+ scripts/gameover.sh                                | 142 +++++++
+ scripts/startover.sh                               |  40 +-
+ stack/01-suricata-host.yml                         |  98 +++--
+ stack/02-service-maintenance.yml                   |   2 +-
+ stack/40-service-borodino.yml                      | 371 +++++++++++++++++-
+ stack/41-service-nym.yml                           |  67 ----
+ stack/45-service-ml-threat-intel.yml               |   5 +-
+ stack/46-service-razvedka.yml                      |  21 +-
+ stack/47-service-vigie.yml                         |  21 +-
+ stack/48-service-alert-agent.yml                   |  73 ++++
+ stack/60-service-telegram.yml                      |   9 +-
+ stack/70-service-defectdojo.yml                    | 292 --------------
+ suricata-exporter/Dockerfile                       |  10 +
+ vigie/Dockerfile.vigie                             |   3 +
+ vigie/vigie/config.py                              |   4 +
+ volumes/alertmanager/alertmanager.yml              |   8 +
+ volumes/dnsmask/dnsmask.conf                       |   2 +
+ volumes/suricata/suricata.yaml                     |   1 +
+ 42 files changed, 2951 insertions(+), 615 deletions(-)
+```

content/posts/pushes/2026-03-14-push-bojemoi-main-8d7722b.md

@@ -0,0 +1,31 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-14T22:01:42+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **8d7722b** sec: move alertmanager SMTP password to Docker secret (Betty)
+
+
+### Diff Summary
+
+```
+ stack/01-service-hl.yml               | 3 +++
+ volumes/alertmanager/alertmanager.yml | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+```

content/posts/pushes/2026-03-18-push-bojemoi-main-8671e81.md

@@ -0,0 +1,34 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-18T13:50:59+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **8671e81** feat: add breachforum CTI discovery service (stack 66) (Betty)
+
+
+### Diff Summary
+
+```
+ discovery/Dockerfile                     |  34 +++
+ discovery/breachforum_discovery_api.py   | 259 +++++++++++++++++++
+ discovery/breachforum_onion_discovery.py | 421 +++++++++++++++++++++++++++++++
+ discovery/entrypoint.sh                  |  33 +++
+ stack/66-service-discovery.yml           |  73 ++++++
+ 5 files changed, 820 insertions(+)
+```

content/posts/pushes/2026-03-18-push-bojemoi-main-fced696.md

@@ -0,0 +1,44 @@
+---
+title: "[bojemoi] Push 3 commit(s) to main"
+date: 2026-03-18T13:52:16+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 3 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 3 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **fced696** chore: add Discord bot scaffold + breachforum discovery scripts (Betty)
+- **1041a8b** blog: add alertmanager Docker secrets post (FR) (Betty)
+- **b93e503** feat(borodino/uzi): auto-detect LHOST, split LPORT_BIND, improve exploit targeting (Betty)
+
+
+### Diff Summary
+
+```
+ blog/alertmanager-docker-secrets-fr.md | 174 +++++++++++
+ borodino/thearm_uzi                    |  53 +++-
+ discord/.env.example                   |  17 ++
+ discord/create_structure.sh            |  68 +++++
+ discord/structure.yml                  |  38 +++
+ scripts/Dockerfile.discovery           |  34 +++
+ scripts/INTEGRATION_GUIDE.sh           | 205 +++++++++++++
+ scripts/README.md                      | 540 +++++++++++++++++++++++++++++++++
+ scripts/breachforum_discovery_api.py   | 259 ++++++++++++++++
+ scripts/breachforum_onion_discovery.py | 421 +++++++++++++++++++++++++
+ scripts/docker-compose.discovery.yml   |  99 ++++++
+ scripts/examples_usage.py              | 301 ++++++++++++++++++
+ stack/40-service-borodino.yml          |   5 +-
+ 13 files changed, 2202 insertions(+), 12 deletions(-)
+```

content/posts/pushes/2026-03-23-push-bojemoi-main-392a1a2.md

@@ -0,0 +1,33 @@
+---
+title: "[bojemoi] Push 2 commit(s) to main"
+date: 2026-03-23T18:56:51+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 2 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **392a1a2** feat(borodino/uzi): enrich meterpreter Telegram alerts with sysinfo/uid/pid (Betty)
+- **11a8e69** feat(borodino/uzi): use Claude AI to extract MSF search terms from service info (Betty)
+
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino  |   3 +-
+ borodino/thearm_uzi           | 436 +++++++++++++++++++++++++++++++++++-------
+ stack/40-service-borodino.yml |  21 +-
+ 3 files changed, 379 insertions(+), 81 deletions(-)
+```

content/posts/pushes/2026-03-25-push-bojemoi-main-27f5ef4.md

@@ -0,0 +1,33 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-25T23:05:13+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **27f5ef4** feat(orchestrator): add VulnHub VM automation endpoints (Betty)
+
+
+### Diff Summary
+
+```
+ provisioning/orchestrator/app/main.py              | 184 +++++++++++++++++++-
+ provisioning/orchestrator/app/models/schemas.py    |  53 ++++++
+ .../orchestrator/app/services/vulnhub_manager.py   | 188 +++++++++++++++++++++
+ scripts/import_vulnhub_ova.sh                      | 123 ++++++++++++++
+ 4 files changed, 547 insertions(+), 1 deletion(-)
+```

content/posts/pushes/2026-03-25-push-bojemoi-main-5a9bdd9.md

@@ -0,0 +1,31 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-25T22:52:46+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **5a9bdd9** feat(borodino): enrich bm12/uzi with VulnHub-style attack surface detection (Betty)
+
+
+### Diff Summary
+
+```
+ borodino/thearm_bm12 | 98 +++++++++++++++++++++++++++++++++++++++++++++++++---
+ borodino/thearm_uzi  | 69 +++++++++++++++++++++++++++++-------
+ 2 files changed, 151 insertions(+), 16 deletions(-)
+```

content/posts/pushes/2026-03-25-push-bojemoi-main-a79479d.md

@@ -0,0 +1,56 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-25T22:44:39+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **a79479d** feat: multi-stage Dockerfiles, DVAR IoT target, bm12/uzi ARM enrichment (Betty)
+
+
+### Diff Summary
+
+```
+ .dockerignore                            |    1 +
+ berezina/Dockerfile.berezina             |   73 +-
+ borodino/.dockerignore                   |    1 +
+ borodino/Dockerfile.berezina             |   29 +-
+ borodino/Dockerfile.borodino             |   51 +-
+ borodino/thearm_bm12                     |  151 ++++-
+ borodino/thearm_uzi                      |  579 ++++++++++------
+ borodino/toto                            | 1092 ++++++++++++++++++++++++++----
+ discovery/Dockerfile                     |   27 +-
+ discovery/breachforum_onion_discovery.py |  160 ++++-
+ discovery/entrypoint.sh                  |    2 +-
+ dvar/Dockerfile.dvar                     |   55 ++
+ dvar/entrypoint.sh                       |   87 +++
+ dvar/src/vuln_httpd.c                    |  194 ++++++
+ koursk-2/Dockerfile.koursk-2             |    5 +
+ koursk-2/scripts/rsync-start.sh          |    2 +-
+ mcp-server/Dockerfile                    |    6 +-
+ narva/Dockerfile.narva                   |   14 +-
+ oblast/Dockerfile.zaproxy                |    7 +-
+ scripts/cccp.sh                          |  173 +++--
+ scripts/metasploitable2_exploit.py       |  388 +++++++++++
+ scripts/startover.sh                     |    1 +
+ sentinel/collector/Dockerfile            |    6 +-
+ stack/40-service-borodino.yml            |   18 +-
+ stack/56-service-dvar.yml                |   55 ++
+ toto                                     |  945 ++++++++++++++++++++++++++
+ tsushima/Dockerfile.tsushima             |   84 +--
+ 27 files changed, 3504 insertions(+), 702 deletions(-)
+```

content/posts/pushes/2026-03-25-push-bojemoi-main-d3bbec7.md

@@ -0,0 +1,30 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-25T23:19:08+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **d3bbec7** fix(orchestrator): use docker-socket-proxy instead of direct socket (Betty)
+
+
+### Diff Summary
+
+```
+ stack/01-service-hl.yml | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+```

content/posts/pushes/2026-03-26-push-bojemoi-main-9a69b23.md

@@ -0,0 +1,33 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-26T18:05:51+01:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **9a69b23** refactor(borodino): standardize env var management across ak47/bm12/uzi (Betty)
+
+
+### Diff Summary
+
+```
+ borodino/thearm_ak47          | 40 ++++++++++++++++++----------------------
+ borodino/thearm_bm12          |  7 ++++---
+ borodino/thearm_uzi           | 23 +++++++++++------------
+ stack/40-service-borodino.yml | 16 ++++++++++++++++
+ 4 files changed, 49 insertions(+), 37 deletions(-)
+```

content/posts/pushes/2026-03-30-push-bojemoi-main-631b96e.md

@@ -0,0 +1,35 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-30T21:24:58+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **631b96e** feat(borodino): OpenVPN gateway + fix ak47/bm12 env vars (Betty)
+
+
+### Diff Summary
+
+```
+ .claude/commands/borodino.md   | 156 +++++++++++++++++++++++++++++++++++++++++
+ borodino/Dockerfile.borodino   |   2 +
+ borodino/Dockerfile.wg-gateway |  16 +++++
+ borodino/route-setup.sh        |  37 ++++++++++
+ borodino/wg-gateway-start.sh   |  67 ++++++++++++++++++
+ stack/40-service-borodino.yml  |  75 +++++++++++++++++++-
+ 6 files changed, 351 insertions(+), 2 deletions(-)
+```

content/posts/pushes/2026-03-30-push-bojemoi-main-9eb4c92.md

@@ -0,0 +1,53 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-30T16:51:02+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **9eb4c92** feat(c2): multi-redirector infrastructure + split borodino images (Betty)
+
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino             |  62 +---
+ borodino/Dockerfile.borodino-msf         |  58 ++++
+ borodino/start_msf_server.sh             |  51 +++
+ borodino/start_uzi.sh                    |  68 ++--
+ borodino/thearm_uzi                      |  84 ++++-
+ cloud-init/redirector-template.yaml      | 317 ++++++++++++++++++
+ discovery/Dockerfile                     |  35 --
+ discovery/breachforum_discovery_api.py   | 259 ---------------
+ discovery/breachforum_onion_discovery.py | 529 -------------------------------
+ discovery/entrypoint.sh                  |  33 --
+ redirector/Dockerfile                    |  33 ++
+ redirector/c2-proxy.conf                 |  39 +++
+ redirector/nginx.conf                    |  43 +++
+ scripts/Dockerfile.discovery             |  34 --
+ scripts/breachforum_discovery_api.py     | 259 ---------------
+ scripts/breachforum_onion_discovery.py   | 421 ------------------------
+ scripts/c2-manage.sh                     | 415 ++++++++++++++++++++++++
+ scripts/c2-vpn-init-pki.sh               | 255 +++++++++++++++
+ scripts/docker-compose.discovery.yml     |  99 ------
+ scripts/provision-redirector.sh          |  91 ++++++
+ stack/40-service-borodino.yml            |  76 ++++-
+ stack/66-service-discovery.yml           |  73 -----
+ volumes/c2-vpn/.gitignore                |   6 +
+ volumes/c2-vpn/README.md                 |  46 +++
+ 24 files changed, 1559 insertions(+), 1827 deletions(-)
+```

content/posts/pushes/2026-03-31-push-bojemoi-main-b5b5641.md

@@ -0,0 +1,42 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-03-31T20:36:25+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **b5b5641** feat(nuclei): Redis queue pipeline + dedicated Faraday workspaces + Redis Commander (Betty)
+
+
+### Diff Summary
+
+```
+ borodino/Dockerfile.borodino                       |   6 +-
+ borodino/redirector/Dockerfile                     |  18 +
+ borodino/redirector/entrypoint.sh                  |  77 ++++
+ borodino/redirector/nginx.conf                     |  63 ++++
+ borodino/thearm_bm12                               |  23 +-
+ borodino/thearm_logpull                            | 212 +++++++++++
+ borodino/thearm_nuclei                             | 410 +++++++++++++++++++++
+ samsonov/nuclei_api/main.py                        | 116 +++++-
+ .../pentest_orchestrator/plugins/plugin_burp.py    | 326 ----------------
+ .../pentest_orchestrator/plugins/plugin_nuclei.py  |  28 ++
+ scripts/gameover.sh                                |  18 -
+ scripts/stack_burp.export                          |  57 ---
+ stack/40-service-borodino.yml                      | 139 ++++++-
+ 13 files changed, 1082 insertions(+), 411 deletions(-)
+```

content/posts/pushes/2026-04-03-push-bojemoi-main-f6b4ac5.md

@@ -0,0 +1,42 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-04-03T16:11:02+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **f6b4ac5** feat: Ollama/Mistral local inference + remove Burp Suite + C2 listener auto-start (Betty)
+
+
+### Diff Summary
+
+```
+ .claude/commands/pentest.md                      |  2 +-
+ borodino/start_msf_server.sh                     | 25 +++++++-
+ borodino/thearm_ak47                             |  7 +-
+ oblast-1/zap_scanner.py                          | 81 +++++++++++++++++++-----
+ samsonov/pentest_orchestrator/config/config.json |  7 +-
+ samsonov/pentest_orchestrator/main.py            |  4 +-
+ scripts/provision-redirector.sh                  | 27 +++++++-
+ scripts/test_wget.sh                             |  2 -
+ stack/01-service-hl.yml                          |  5 +-
+ stack/45-service-ml-threat-intel.yml             |  5 +-
+ stack/51-service-ollama.yml                      | 51 +++++++++++++++
+ stack/READ.me                                    |  2 +-
+ wiki/Pentest-Orchestrator.md                     |  1 -
+ 13 files changed, 179 insertions(+), 40 deletions(-)
+```

content/posts/pushes/2026-04-05-push-bojemoi-main-002f809.md

@@ -0,0 +1,43 @@
+---
+title: "[bojemoi] Push 2 commit(s) to main"
+date: 2026-04-05T00:12:44+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 2 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **002f809** feat: uzi_scan_log + zap severity breakdown + nuclei [][]fix + eve-cleaner merge (Betty)
+- **fb7c5ff** feat: Ollama AI template gen, C2 proxy_proto, ZAP throttle, vulnx removal (Betty)
+
+
+### Diff Summary
+
+```
+ borodino/redirector/nginx.conf   |  12 +-
+ borodino/thearm_logpull          |  24 ++--
+ borodino/thearm_nuclei           |  82 ++++++++++-
+ borodino/thearm_uzi              | 114 +++++++++++++--
+ oblast-1/zap_scanner.py          | 118 +++++++++++++---
+ samsonov/nuclei_api/main.py      | 111 +++++++++++++--
+ samsonov/nuclei_api/nuclei_ai.py | 298 +++++++++++++++++++++++++++++++++++++++
+ scripts/provision-redirector.sh  |   2 +-
+ scripts/startover.sh             |   6 +
+ stack/01-suricata-host.yml       |  21 ++-
+ stack/40-service-borodino.yml    |  84 +++++------
+ stack/48-service-dozor.yml       |  33 -----
+ stack/51-service-ollama.yml      |   6 +-
+ 13 files changed, 763 insertions(+), 148 deletions(-)
+```

content/posts/pushes/2026-04-05-push-bojemoi-main-24c1a17.md

@@ -0,0 +1,37 @@
+---
+title: "[bojemoi] Push 2 commit(s) to main"
+date: 2026-04-05T00:48:14+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 2 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **24c1a17** feat(grafana): dashboards bind mount + scan-results dashboard + config swap fix (Betty)
+- **454674c** feat(redirector): Loki log drain via VPN (Betty)
+
+
+### Diff Summary
+
+```
+ borodino/redirector/Dockerfile                     |   2 +
+ borodino/redirector/entrypoint.sh                  |  13 +-
+ borodino/redirector/loki-shipper.py                |  73 ++
+ stack/01-service-hl.yml                            |  26 +-
+ .../grafana/dashboards/pentest/scan-results.json   | 202 +++++
+ .../grafana/provisioning/dashboards/dashboards.yml | 838 +--------------------
+ .../provisioning/datasources/datasources.yml       |  18 +
+ 7 files changed, 339 insertions(+), 833 deletions(-)
+```

content/posts/pushes/2026-04-09-push-bojemoi-main-0699664.md

@@ -0,0 +1,67 @@
+---
+title: "[bojemoi] Push 2 commit(s) to main"
+date: 2026-04-09T21:55:44+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 2 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **0699664** feat: multi-service updates — nuclei API, nym-proxy, grafana reorg, prometheus rules (Betty)
+- **10af16e** feat(redirector): OPSEC hardening — Let's Encrypt + header suppression + MSF keepalive (Betty)
+
+
+### Diff Summary
+
+```
+ .claude/commands/opsec-check.md                    |  242 +++++
+ .claude/commands/topology.md                       |  150 +++
+ borodino/osint_lookup.py                           |   23 +-
+ borodino/redirector/Dockerfile                     |   14 +-
+ borodino/redirector/entrypoint.sh                  |   54 +-
+ borodino/redirector/nginx.conf                     |   21 +-
+ borodino/start_msf_server.sh                       |   37 +-
+ borodino/thearm_ak47                               |    3 +-
+ borodino/thearm_bm12                               |   19 +-
+ borodino/thearm_logpull                            |   19 +-
+ borodino/thearm_nuclei                             |   19 +-
+ nym-proxy/Dockerfile                               |   19 +
+ nym-proxy/entrypoint.sh                            |   24 +
+ oblast-1/Dockerfile.oblast-1                       |   10 +-
+ oblast-1/zap_scanner.py                            |   26 +-
+ samsonov/Dockerfile.nuclei                         |    1 +
+ samsonov/nuclei_api/Dockerfile                     |   24 +
+ samsonov/nuclei_api/entrypoint.sh                  |   28 +
+ samsonov/nuclei_api/main.py                        |   34 +-
+ samsonov/nuclei_api/requirements.txt               |    6 +
+ scripts/cccp.sh                                    |  474 +++++----
+ stack/02-service-maintenance.yml                   |   31 +
+ stack/41-service-nym.yml                           |   67 ++
+ tsushima/masscan_msf_script.py                     |   26 +-
+ volumes/alloy/config/config.alloy                  |    2 +-
+ .../dashboards/general/loki-stack-monitoring.json  |  239 +++++
+ .../grafana/dashboards/general/nvidia-dcgm.json    |  804 ++++++++++++++
+ .../dashboards/pentest/pentest-overview.json       |  187 +++-
+ .../grafana/dashboards/pentest/scan-results.json   | 1112 +++++++++++++++++---
+ .../dashboards/pentest/vuln-management.json        |  766 ++++++++++++++
+ .../{ => security}/dashboard-security-minimal.json |    0
+ .../dashboards/{ => security}/sentinel.json        |    0
+ .../grafana/dashboards/{ => security}/vigie.json   |    0
+ .../grafana/provisioning/dashboards/dashboards.yml |   12 +-
+ volumes/prometheus/prometheus.yml                  |   17 +
+ volumes/prometheus/rules/alert_rules.yml           |   15 +-
+ volumes/prometheus/rules/alerts.yml                |   28 +-
+ 37 files changed, 4064 insertions(+), 489 deletions(-)
+```

content/posts/pushes/2026-04-09-push-bojemoi-main-0e0519a.md

@@ -0,0 +1,50 @@
+---
+title: "[bojemoi] Push 2 commit(s) to main"
+date: 2026-04-09T16:22:46+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 2 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 2 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **0e0519a** feat(uzi): brute-force credentials Phase 0 sur 15 services (Betty)
+- **440a412** feat: make project distributable — templatize stacks + install wizard (Betty)
+
+
+### Diff Summary
+
+```
+ .env.example                         | 224 +++++++++++++++++++
+ .gitignore                           |   2 +
+ README.md                            | 225 +++++++++++++++----
+ borodino/thearm_uzi                  | 303 ++++++++++++++++++++++++-
+ install.sh                           | 415 +++++++++++++++++++++++++++++++++++
+ scripts/create-secrets.sh            | 212 ++++++++++++++++++
+ stack/01-service-hl.yml              | 200 ++++++++---------
+ stack/01-suricata-host.yml           |  18 +-
+ stack/40-service-borodino.yml        | 241 ++++++++++++--------
+ stack/45-service-ml-threat-intel.yml |   8 +-
+ stack/46-service-razvedka.yml        |   4 +-
+ stack/47-service-vigie.yml           |   4 +-
+ stack/48-service-dozor.yml           |   6 +-
+ stack/49-service-mcp.yml             |   2 +-
+ stack/50-service-trivy.yml           |   2 +-
+ stack/51-service-ollama.yml          |  40 +++-
+ stack/55-service-sentinel.yml        |   4 +-
+ stack/56-service-dvar.yml            |   4 +-
+ stack/60-service-telegram.yml        |   4 +-
+ stack/65-service-medved.yml          |   2 +-
+ 20 files changed, 1656 insertions(+), 264 deletions(-)
+```

content/posts/pushes/2026-04-09-push-bojemoi-main-7eedf64.md

@@ -0,0 +1,32 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-04-09T16:54:51+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **7eedf64** feat(uzi): SecLists wordlists + USERPASS_FILE support (Betty)
+
+
+### Diff Summary
+
+```
+ .gitignore                    |   1 +
+ borodino/thearm_uzi           | 200 ++++++++++++++++++++++++------------------
+ stack/40-service-borodino.yml |  78 +++++++++-------
+ 3 files changed, 160 insertions(+), 119 deletions(-)
+```

content/posts/pushes/2026-04-15-push-bojemoi-main-4fa26f4.md

@@ -0,0 +1,54 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-04-15T23:00:02+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **4fa26f4** feat(vuln-mgmt): migrate Faraday CE → DefectDojo (Betty)
+
+
+### Diff Summary
+
+```
+ faraday-triage/Dockerfile                          |  10 +
+ faraday-triage/requirements.txt                    |   3 +
+ faraday-triage/triage.py                           | 354 ++++++++++++++
+ mcp-server/server.py                               |  49 +-
+ mcp-server/tools/defectdojo.py                     | 190 ++++++++
+ mcp-server/tools/faraday.py                        | 126 -----
+ medved/honeypot/config.py                          |  16 +-
+ medved/honeypot/db.py                              |  29 +-
+ medved/honeypot/defectdojo_reporter.py             | 234 +++++++++
+ medved/honeypot/faraday_reporter.py                | 200 --------
+ medved/honeypot/main.py                            |   6 +-
+ medved/honeypot/metrics.py                         |   6 +-
+ oblast-1/zap_scanner.py                            | 212 ++++++---
+ samsonov/nuclei_api/main.py                        | 212 +++++----
+ .../pentest_orchestrator/plugins/plugin_faraday.py | 522 ---------------------
+ stack/40-service-borodino.yml                      |  99 +---
+ stack/49-service-mcp.yml                           |   7 +-
+ stack/65-service-medved.yml                        |  14 +-
+ stack/70-service-defectdojo.yml                    | 295 ++++++++++++
+ volumes/nginx/conf.d/default.conf                  |   6 +-
+ volumes/nginx/conf.d/sites/defectdojo.conf         |  31 ++
+ volumes/nginx/conf.d/sites/faraday.conf            |  65 ---
+ volumes/nginx/conf.d/upstreams/upstreams.conf      |   6 +-
+ volumes/prometheus/rules/alert_rules.yml           |   8 +-
+ volumes/prometheus/rules/alerts.yml                |  52 +-
+ 25 files changed, 1502 insertions(+), 1250 deletions(-)
+```

content/posts/pushes/2026-04-16-push-bojemoi-main-907b0c3.md

@@ -0,0 +1,33 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-04-16T10:08:37+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **907b0c3** fix(vuln-mgmt): wire uzi + zap → DefectDojo, fix dnsmasq (Betty)
+
+
+### Diff Summary
+
+```
+ borodino/thearm_uzi                    | 192 +++++++++++++++++++++------------
+ oblast-1/zap_scanner.py                |  20 +++-
+ stack/70-service-defectdojo.yml        |   3 -
+ volumes/dnsmask/dnsmask.d/01-base.conf |   5 +-
+ 4 files changed, 142 insertions(+), 78 deletions(-)
+```

content/posts/pushes/2026-04-16-push-bojemoi-main-93d5ceb.md

@@ -0,0 +1,30 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-04-16T10:21:05+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **93d5ceb** feat(grafana): add DefectDojo section to vuln-management dashboard (Betty)
+
+
+### Diff Summary
+
+```
+ .../dashboards/pentest/vuln-management.json        | 1197 +++++++++++++++++++-
+ 1 file changed, 1196 insertions(+), 1 deletion(-)
+```

content/posts/pushes/2026-04-24-push-bojemoi-main-4aba669.md

@@ -0,0 +1,115 @@
+---
+title: "[bojemoi] Push 11 commit(s) to main"
+date: 2026-04-24T22:34:13+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 11 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 11 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **4aba669** feat(orchestrator): local cloud-init templates — remove Gitea runtime dependency (Betty)
+- **eb9a1ee** feat(packaging): package-dist.sh + Makefile + install/env fixes (Betty)
+- **1c2ee83** feat(postgres): init SQL — create all databases on first start (Betty)
+- **047a7a8** docs: update ARCHITECTURE + README, add runbook (Betty)
+- **4adce3e** feat: new components — c2-monitor, ptaas-init, postgres-ssl, RIPE import (Betty)
+- **cf02179** chore(claude): update monitor command (Betty)
+- **9e5b612** feat(grafana): update pentest + security dashboards (Betty)
+- **081acdb** feat(monitoring): prometheus targets + alert rules + alloy config (Betty)
+- **b9abb6d** feat(stacks): update base, borodino, nym, dozor, ollama (Betty)
+- **13e2bf9** fix: borodino/nym/zap/nuclei — pending fixes (Betty)
+- **4e1f103** chore: exclude postgres SSL certs + remove obsolete scripts (Betty)
+
+
+### Diff Summary
+
+```
+ .claude/commands/monitor.md                        |  48 +-
+ .env.example                                       |  18 +-
+ .gitignore                                         |   1 +
+ ARCHITECTURE.md                                    | 323 +++++++
+ Makefile                                           | 108 +++
+ README.md                                          |  13 +-
+ borodino/Dockerfile.postgres-ssl                   |   6 +
+ borodino/start_msf_server.sh                       |  25 +-
+ borodino/thearm_uzi                                |   7 +-
+ c2-monitor/Dockerfile                              |  10 +
+ c2-monitor/monitor.py                              | 205 +++++
+ c2-monitor/requirements.txt                        |   4 +
+ docs/runbook/README.md                             |  12 +
+ docs/runbook/borodino-rebuild.md                   |  44 +
+ docs/runbook/docker-secrets.md                     |  54 ++
+ docs/runbook/node-access.md                        |  49 ++
+ docs/runbook/postgres-ssl.md                       |  52 ++
+ docs/runbook/protonmail-bridge.md                  |  69 ++
+ docs/runbook/stack-deploy.md                       |  72 ++
+ install.sh                                         |  19 +-
+ nym-proxy/Dockerfile                               |   2 +-
+ oblast-1/Dockerfile.oblast-1                       |   2 -
+ oblast-1/zap_scanner.py                            |   8 +-
+ provisioning/cloud-init/alpine/database.yaml       |  62 ++
+ provisioning/cloud-init/alpine/minimal.yaml        |  41 +
+ provisioning/cloud-init/alpine/webserver.yaml      |  65 ++
+ provisioning/cloud-init/common/hardening.sh        |  92 ++
+ provisioning/cloud-init/common/setup_docker.sh     |  64 ++
+ provisioning/cloud-init/common/setup_monitoring.sh |  50 ++
+ provisioning/cloud-init/debian/default.yaml        |  54 ++
+ provisioning/cloud-init/debian/webserver.yaml      |  72 ++
+ provisioning/cloud-init/ubuntu/database.yaml       |  73 ++
+ provisioning/cloud-init/ubuntu/default.yaml        |  54 ++
+ provisioning/cloud-init/ubuntu/webserver.yaml      |  72 ++
+ provisioning/orchestrator/app/config.py            |  54 +-
+ provisioning/orchestrator/app/main.py              | 191 +---
+ .../orchestrator/app/services/cloudinit_gen.py     |   8 +-
+ .../app/services/local_template_client.py          | 159 ++++
+ ptaas-init/Dockerfile                              |  12 +
+ ptaas-init/init.py                                 | 241 +++++
+ ptaas-init/requirements.txt                        |   3 +
+ samsonov/nuclei_api/main.py                        |   7 +-
+ scripts/cccp-v2.sh                                 | 195 -----
+ scripts/cccp.sh.1                                  | 138 ---
+ scripts/check_image_v1.py                          | 451 ----------
+ scripts/import_2_faraday.py                        | 118 ---
+ scripts/import_ripe_cidrs.py                       | 113 +++
+ scripts/mockba-v1.sh                               | 114 ---
+ scripts/orchestrator-zap-nuclei-faraday.sh         | 154 ----
+ scripts/package-dist.sh                            | 305 +++++++
+ scripts/stack_armement.export                      | 113 ---
+ scripts/stack_base.export                          | 431 ---------
+ scripts/stack_faraday.export                       |  51 --
+ scripts/stack_masscan.export                       |  42 -
+ scripts/stack_owasp.export                         |  66 --
+ scripts/test_deploiement.sh                        |  10 -
+ scripts/test_reso.sh                               |   6 -
+ scripts/test_wget.sh                               |  48 -
+ stack/01-service-hl.yml                            | 156 +++-
+ stack/02-init-ptaas.yml                            |  64 ++
+ stack/40-service-borodino.yml                      |  66 ++
+ stack/41-service-nym.yml                           |   6 +-
+ stack/48-service-dozor.yml                         |   3 +
+ stack/51-service-ollama.yml                        |   3 +
+ volumes/alloy/config/config.alloy                  |   4 +-
+ .../grafana/dashboards/pentest/c2-sessions.json    | 198 +++++
+ .../dashboards/pentest/pentest-overview.json       | 256 +++++-
+ .../grafana/dashboards/pentest/scan-results.json   | 966 +++++----------------
+ .../security/dashboard-security-minimal.json       |   2 +-
+ volumes/grafana/dashboards/security/sentinel.json  |  14 +-
+ volumes/grafana/dashboards/security/vigie.json     |  12 +-
+ volumes/postgres/conf/pg_hba.conf                  |  22 +
+ volumes/postgres/init/01-create-databases.sql      |  76 ++
+ volumes/postgres/postgres-entrypoint.sh            |  14 +
+ volumes/prometheus/prometheus.yml                  |   5 +
+ volumes/prometheus/rules/alerts.yml                |  21 +
+ 76 files changed, 3813 insertions(+), 2955 deletions(-)
+```

content/posts/pushes/2026-04-24-push-bojemoi-main-fad9bc3.md

@@ -0,0 +1,71 @@
+---
+title: "[bojemoi] Push 1 commit(s) to main"
+date: 2026-04-24T22:36:02+02:00
+draft: false
+tags: ["push", "bojemoi", "main"]
+categories: ["Git Activity"]
+summary: "Push de 1 commit(s) par Betty dans bojemoi/main"
+author: "Betty"
+---
+
+## Push to `bojemoi/main`
+
+| | |
+|---|---|
+| **Repository** | bojemoi |
+| **Branch** | `main` |
+| **Commits** | 1 |
+| **Pushed by** | Betty |
+
+### Commits
+
+- **fad9bc3** feat: merge DefectDojo into borodino stack, add alert-agent, discord, suricata-exporter (Betty)
+
+
+### Diff Summary
+
+```
+ ARCHITECTURE.md                                    |  65 +++-
+ alert-agent/Dockerfile.alert-agent                 |  17 +
+ alert-agent/alert_agent/__init__.py                |   0
+ alert-agent/alert_agent/__main__.py                |  45 +++
+ alert-agent/alert_agent/actions.py                 | 146 +++++++
+ alert-agent/alert_agent/alerter.py                 |  58 +++
+ alert-agent/alert_agent/config.py                  |  58 +++
+ alert-agent/alert_agent/db.py                      | 107 ++++++
+ alert-agent/alert_agent/enricher.py                | 105 ++++++
+ alert-agent/alert_agent/llm.py                     |  99 +++++
+ alert-agent/alert_agent/metrics.py                 |  25 ++
+ alert-agent/alert_agent/webhook.py                 | 125 ++++++
+ alert-agent/requirements.txt                       |   6 +
+ discord/ARCHITECTURE.md                            |   0
+ discord/cleanup.py                                 |  47 +++
+ discord/populate.py                                | 420 +++++++++++++++++++++
+ discord/post_architecture.py                       |  88 +++++
+ discord/post_blueteam.py                           | 175 +++++++++
+ discord/post_infra_channels.py                     | 321 ++++++++++++++++
+ discord/post_intel_channels.py                     | 242 ++++++++++++
+ provisioning/orchestrator/app/services/database.py | 231 +++---------
+ razvedka/Dockerfile.razvedka                       |   3 +
+ razvedka/auth_helper.py                            |  10 +-
+ razvedka/razvedka/config.py                        |   4 +
+ scripts/gameover.sh                                | 142 +++++++
+ scripts/startover.sh                               |  40 +-
+ stack/01-suricata-host.yml                         |  98 +++--
+ stack/02-service-maintenance.yml                   |   2 +-
+ stack/40-service-borodino.yml                      | 371 +++++++++++++++++-
+ stack/41-service-nym.yml                           |  67 ----
+ stack/45-service-ml-threat-intel.yml               |   5 +-
+ stack/46-service-razvedka.yml                      |  21 +-
+ stack/47-service-vigie.yml                         |  21 +-
+ stack/48-service-alert-agent.yml                   |  73 ++++
+ stack/60-service-telegram.yml                      |   9 +-
+ stack/70-service-defectdojo.yml                    | 292 --------------
+ suricata-exporter/Dockerfile                       |  10 +
+ vigie/Dockerfile.vigie                             |   3 +
+ vigie/vigie/config.py                              |   4 +
+ volumes/alertmanager/alertmanager.yml              |   8 +
+ volumes/dnsmask/dnsmask.conf                       |   2 +
+ volumes/suricata/suricata.yaml                     |   1 +
+ 42 files changed, 2951 insertions(+), 615 deletions(-)
+```