---
title: "[bojemoi] feat: sentinel IoT detector, trivy CI split, MCP server, provisioning hardening"
date: 2026-03-14T21:52:42+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 487dbeb par Betty dans bojemoi"
author: "Betty"
---

## Commit `487dbeb`

| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `487dbeb8e3c3b20fbe5aef6bb0a7ee9dd7db82ea` |


### Description

sentinel:
- mosquitto config renamed to mosquitto_passwd_v2 (external)
- collector: Docker secrets support for MQTT/PG passwords
- SQL: fix timezone-aware index (DATE(first_seen AT TIME ZONE 'UTC'))
- alertmanager: Telegram receiver for perimeter alerts (immediate routing)
- prometheus: add sentinel-collector scrape config + alert rules
- grafana: sentinel dashboard + postgres datasource
- startover: add sentinel (stack 55) to boot sequence

trivy:
- CI: split into security:trivy:dockerfile (config scan) + security:trivy:images (registry scan)
- images job: pulls localhost:5000 images, CRITICAL blocks, HIGH logged
- SARIF artifacts for both jobs
- new stack/50-service-trivy.yml + trivy-scanner/
- startover: add trivy (stack 50) to boot sequence

mcp-server:
- new mcp-server/ (server.py, tools/nmap.py, tools/osint.py)
- .mcp.json: Claude Code MCP config → http://localhost:8001/sse

provisioning:
- Dockerfile: multi-stage build, non-root user, no curl (urllib healthcheck)
- runtime: libpq5 only (no -dev), compiled .pyc, no source files

borodino:
- uzi: DEBUG_MODE=1 (test against Metasploitable 192.168.1.2)

grafana:
- stack 01: add SENTINEL_PG_PASS env var

blog: 10 new posts (MCP, Trivy, architecture, DockerHub, Alpine)
archi.md: architecture overview doc

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

### Files Changed

```
A	.mcp.json
A	archi.md
A	blog/architecture-bojemoi-lab-linkedin.md
A	blog/architecture-bojemoi-lab-telegram.md
A	blog/bojemoi-lab-sur-dockerhub.md
A	blog/choisir alpine linux.md
A	blog/mcp-server-bojemoi-lab.md
A	blog/trivy-gitea-actions-en.md
A	blog/trivy-gitea-actions-fr.md
A	blog/tryvi implement.md
A	blog/turn into MCP.md
A	claude/Dockerfile
A	claude/claude.sh
A	mcp-server/Dockerfile
A	mcp-server/requirements.txt
A	mcp-server/server.py
A	mcp-server/tools/__init__.py
A	mcp-server/tools/nmap.py
A	mcp-server/tools/osint.py
M	provisioning/Dockerfile.provisioning
M	scripts/startover.sh
M	sentinel/collector/collector.py
M	sentinel/sql/02-tables.sql
M	stack/.gitlab-ci.yml
M	stack/01-service-hl.yml
M	stack/40-service-borodino.yml
A	stack/50-service-trivy.yml
M	stack/55-service-sentinel.yml
A	trivy-scanner/Dockerfile
A	trivy-scanner/scan-images.sh
M	volumes/alertmanager/alertmanager.yml
A	volumes/grafana/dashboards/sentinel.json
A	volumes/grafana/datasources/sentinel-postgres.yml
M	volumes/prometheus/prometheus.yml
A	volumes/prometheus/rules/sentinel_alerts.yml
```

### Diff Summary

```
 .mcp.json                                         |   8 +
 archi.md                                          | 165 +++++++++++++
 blog/architecture-bojemoi-lab-linkedin.md         |  26 ++
 blog/architecture-bojemoi-lab-telegram.md         |  23 ++
 blog/bojemoi-lab-sur-dockerhub.md                 | 160 ++++++++++++
 blog/choisir alpine linux.md                      |  37 +++
 blog/mcp-server-bojemoi-lab.md                    | 125 ++++++++++
 blog/trivy-gitea-actions-en.md                    | 104 ++++++++
 blog/trivy-gitea-actions-fr.md                    | 104 ++++++++
 blog/tryvi implement.md                           |  95 +++++++
 blog/turn into MCP.md                             | 223 +++++++++++++++++
 claude/Dockerfile                                 |   3 +
 claude/claude.sh                                  |   9 +
 mcp-server/Dockerfile                             |  22 ++
 mcp-server/requirements.txt                       |   6 +
 mcp-server/server.py                              | 288 ++++++++++++++++++++++
 mcp-server/tools/__init__.py                      |   0
 mcp-server/tools/nmap.py                          |  95 +++++++
 mcp-server/tools/osint.py                         | 140 +++++++++++
 provisioning/Dockerfile.provisioning              |  55 +++--
 scripts/startover.sh                              |   2 +
 sentinel/collector/collector.py                   |  15 +-
 sentinel/sql/02-tables.sql                        |   2 +-
 stack/.gitlab-ci.yml                              | 107 +++++++-
 stack/01-service-hl.yml                           |   1 +
 stack/40-service-borodino.yml                     |   2 +-
 stack/50-service-trivy.yml                        |  23 ++
 stack/55-service-sentinel.yml                     |   4 +-
 trivy-scanner/Dockerfile                          |  14 ++
 trivy-scanner/scan-images.sh                      |  78 ++++++
 volumes/alertmanager/alertmanager.yml             |  29 +++
 volumes/grafana/dashboards/sentinel.json          | 235 ++++++++++++++++++
 volumes/grafana/datasources/sentinel-postgres.yml |  16 ++
 volumes/prometheus/prometheus.yml                 |   7 +
 volumes/prometheus/rules/sentinel_alerts.yml      |  52 ++++
 35 files changed, 2244 insertions(+), 31 deletions(-)
```