bojemoi/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
16ae10287e09a146de76900a4b1663cebb48be18
blog/content/posts/commits/2026-03-14-commit-487dbeb.md
Betty 85cff64466
Some checks failed
Hugo Build & Deploy / build-deploy (push) Has been cancelled
Details
post: commit 487dbeb in bojemoi
2026-03-14 21:52:43 +01:00

138 lines
5.1 KiB
Markdown
Raw Blame History

---
title: "[bojemoi] feat: sentinel IoT detector, trivy CI split, MCP server, provisioning hardening"
date: 2026-03-14T21:52:42+01:00
draft: false
tags: ["commit", "bojemoi", "main"]
categories: ["Git Activity"]
summary: "Commit 487dbeb par Betty dans bojemoi"
author: "Betty"
---
## Commit `487dbeb`
| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Author** | Betty |
| **Hash** | `487dbeb8e3c3b20fbe5aef6bb0a7ee9dd7db82ea` |
### Description
sentinel:
- mosquitto config renamed to mosquitto_passwd_v2 (external)
- collector: Docker secrets support for MQTT/PG passwords
- SQL: fix timezone-aware index (DATE(first_seen AT TIME ZONE 'UTC'))
- alertmanager: Telegram receiver for perimeter alerts (immediate routing)
- prometheus: add sentinel-collector scrape config + alert rules
- grafana: sentinel dashboard + postgres datasource
- startover: add sentinel (stack 55) to boot sequence
trivy:
- CI: split into security:trivy:dockerfile (config scan) + security:trivy:images (registry scan)
- images job: pulls localhost:5000 images, CRITICAL blocks, HIGH logged
- SARIF artifacts for both jobs
- new stack/50-service-trivy.yml + trivy-scanner/
- startover: add trivy (stack 50) to boot sequence
mcp-server:
- new mcp-server/ (server.py, tools/nmap.py, tools/osint.py)
- .mcp.json: Claude Code MCP config → http://localhost:8001/sse
provisioning:
- Dockerfile: multi-stage build, non-root user, no curl (urllib healthcheck)
- runtime: libpq5 only (no -dev), compiled .pyc, no source files
borodino:
- uzi: DEBUG_MODE=1 (test against Metasploitable 192.168.1.2)
grafana:
- stack 01: add SENTINEL_PG_PASS env var
blog: 10 new posts (MCP, Trivy, architecture, DockerHub, Alpine)
archi.md: architecture overview doc
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
### Files Changed
```
A .mcp.json
A archi.md
A blog/architecture-bojemoi-lab-linkedin.md
A blog/architecture-bojemoi-lab-telegram.md
A blog/bojemoi-lab-sur-dockerhub.md
A blog/choisir alpine linux.md
A blog/mcp-server-bojemoi-lab.md
A blog/trivy-gitea-actions-en.md
A blog/trivy-gitea-actions-fr.md
A blog/tryvi implement.md
A blog/turn into MCP.md
A claude/Dockerfile
A claude/claude.sh
A mcp-server/Dockerfile
A mcp-server/requirements.txt
A mcp-server/server.py
A mcp-server/tools/__init__.py
A mcp-server/tools/nmap.py
A mcp-server/tools/osint.py
M provisioning/Dockerfile.provisioning
M scripts/startover.sh
M sentinel/collector/collector.py
M sentinel/sql/02-tables.sql
M stack/.gitlab-ci.yml
M stack/01-service-hl.yml
M stack/40-service-borodino.yml
A stack/50-service-trivy.yml
M stack/55-service-sentinel.yml
A trivy-scanner/Dockerfile
A trivy-scanner/scan-images.sh
M volumes/alertmanager/alertmanager.yml
A volumes/grafana/dashboards/sentinel.json
A volumes/grafana/datasources/sentinel-postgres.yml
M volumes/prometheus/prometheus.yml
A volumes/prometheus/rules/sentinel_alerts.yml
```
### Diff Summary
```
.mcp.json | 8 +
archi.md | 165 +++++++++++++
blog/architecture-bojemoi-lab-linkedin.md | 26 ++
blog/architecture-bojemoi-lab-telegram.md | 23 ++
blog/bojemoi-lab-sur-dockerhub.md | 160 ++++++++++++
blog/choisir alpine linux.md | 37 +++
blog/mcp-server-bojemoi-lab.md | 125 ++++++++++
blog/trivy-gitea-actions-en.md | 104 ++++++++
blog/trivy-gitea-actions-fr.md | 104 ++++++++
blog/tryvi implement.md | 95 +++++++
blog/turn into MCP.md | 223 +++++++++++++++++
claude/Dockerfile | 3 +
claude/claude.sh | 9 +
mcp-server/Dockerfile | 22 ++
mcp-server/requirements.txt | 6 +
mcp-server/server.py | 288 ++++++++++++++++++++++
mcp-server/tools/__init__.py | 0
mcp-server/tools/nmap.py | 95 +++++++
mcp-server/tools/osint.py | 140 +++++++++++
provisioning/Dockerfile.provisioning | 55 +++--
scripts/startover.sh | 2 +
sentinel/collector/collector.py | 15 +-
sentinel/sql/02-tables.sql | 2 +-
stack/.gitlab-ci.yml | 107 +++++++-
stack/01-service-hl.yml | 1 +
stack/40-service-borodino.yml | 2 +-
stack/50-service-trivy.yml | 23 ++
stack/55-service-sentinel.yml | 4 +-
trivy-scanner/Dockerfile | 14 ++
trivy-scanner/scan-images.sh | 78 ++++++
volumes/alertmanager/alertmanager.yml | 29 +++
volumes/grafana/dashboards/sentinel.json | 235 ++++++++++++++++++
volumes/grafana/datasources/sentinel-postgres.yml | 16 ++
volumes/prometheus/prometheus.yml | 7 +
volumes/prometheus/rules/sentinel_alerts.yml | 52 ++++
35 files changed, 2244 insertions(+), 31 deletions(-)
```
Reference in New Issue View Git Blame Copy Permalink