blog/content/posts/commits/2026-03-14-commit-487dbeb.md at 6af7aff46cf089ad31fb9e5aca8583b037323dbf

bojemoi/blog

Fork 0

Files

Betty 85cff64466

Hugo Build & Deploy / build-deploy (push) Has been cancelled

Details

post: commit 487dbeb in bojemoi

2026-03-14 21:52:43 +01:00

5.1 KiB

Raw Blame History

title, date, draft, tags, categories, summary, author

title

date

draft

Commit `487dbeb`


Repository	bojemoi
Branch	`main`
Author	Betty
Hash	`487dbeb8e3c3b20fbe5aef6bb0a7ee9dd7db82ea`

Description

sentinel:

mosquitto config renamed to mosquitto_passwd_v2 (external)
collector: Docker secrets support for MQTT/PG passwords
SQL: fix timezone-aware index (DATE(first_seen AT TIME ZONE 'UTC'))
alertmanager: Telegram receiver for perimeter alerts (immediate routing)
prometheus: add sentinel-collector scrape config + alert rules
grafana: sentinel dashboard + postgres datasource
startover: add sentinel (stack 55) to boot sequence

trivy:

CI: split into security:trivy:dockerfile (config scan) + security:trivy:images (registry scan)
images job: pulls localhost:5000 images, CRITICAL blocks, HIGH logged
SARIF artifacts for both jobs
new stack/50-service-trivy.yml + trivy-scanner/
startover: add trivy (stack 50) to boot sequence

mcp-server:

new mcp-server/ (server.py, tools/nmap.py, tools/osint.py)
.mcp.json: Claude Code MCP config → http://localhost:8001/sse

provisioning:

Dockerfile: multi-stage build, non-root user, no curl (urllib healthcheck)
runtime: libpq5 only (no -dev), compiled .pyc, no source files

borodino:

uzi: DEBUG_MODE=1 (test against Metasploitable 192.168.1.2)

grafana:

stack 01: add SENTINEL_PG_PASS env var

blog: 10 new posts (MCP, Trivy, architecture, DockerHub, Alpine) archi.md: architecture overview doc

Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com

Files Changed

A	.mcp.json
A	archi.md
A	blog/architecture-bojemoi-lab-linkedin.md
A	blog/architecture-bojemoi-lab-telegram.md
A	blog/bojemoi-lab-sur-dockerhub.md
A	blog/choisir alpine linux.md
A	blog/mcp-server-bojemoi-lab.md
A	blog/trivy-gitea-actions-en.md
A	blog/trivy-gitea-actions-fr.md
A	blog/tryvi implement.md
A	blog/turn into MCP.md
A	claude/Dockerfile
A	claude/claude.sh
A	mcp-server/Dockerfile
A	mcp-server/requirements.txt
A	mcp-server/server.py
A	mcp-server/tools/__init__.py
A	mcp-server/tools/nmap.py
A	mcp-server/tools/osint.py
M	provisioning/Dockerfile.provisioning
M	scripts/startover.sh
M	sentinel/collector/collector.py
M	sentinel/sql/02-tables.sql
M	stack/.gitlab-ci.yml
M	stack/01-service-hl.yml
M	stack/40-service-borodino.yml
A	stack/50-service-trivy.yml
M	stack/55-service-sentinel.yml
A	trivy-scanner/Dockerfile
A	trivy-scanner/scan-images.sh
M	volumes/alertmanager/alertmanager.yml
A	volumes/grafana/dashboards/sentinel.json
A	volumes/grafana/datasources/sentinel-postgres.yml
M	volumes/prometheus/prometheus.yml
A	volumes/prometheus/rules/sentinel_alerts.yml

Diff Summary

 .mcp.json                                         |   8 +
 archi.md                                          | 165 +++++++++++++
 blog/architecture-bojemoi-lab-linkedin.md         |  26 ++
 blog/architecture-bojemoi-lab-telegram.md         |  23 ++
 blog/bojemoi-lab-sur-dockerhub.md                 | 160 ++++++++++++
 blog/choisir alpine linux.md                      |  37 +++
 blog/mcp-server-bojemoi-lab.md                    | 125 ++++++++++
 blog/trivy-gitea-actions-en.md                    | 104 ++++++++
 blog/trivy-gitea-actions-fr.md                    | 104 ++++++++
 blog/tryvi implement.md                           |  95 +++++++
 blog/turn into MCP.md                             | 223 +++++++++++++++++
 claude/Dockerfile                                 |   3 +
 claude/claude.sh                                  |   9 +
 mcp-server/Dockerfile                             |  22 ++
 mcp-server/requirements.txt                       |   6 +
 mcp-server/server.py                              | 288 ++++++++++++++++++++++
 mcp-server/tools/__init__.py                      |   0
 mcp-server/tools/nmap.py                          |  95 +++++++
 mcp-server/tools/osint.py                         | 140 +++++++++++
 provisioning/Dockerfile.provisioning              |  55 +++--
 scripts/startover.sh                              |   2 +
 sentinel/collector/collector.py                   |  15 +-
 sentinel/sql/02-tables.sql                        |   2 +-
 stack/.gitlab-ci.yml                              | 107 +++++++-
 stack/01-service-hl.yml                           |   1 +
 stack/40-service-borodino.yml                     |   2 +-
 stack/50-service-trivy.yml                        |  23 ++
 stack/55-service-sentinel.yml                     |   4 +-
 trivy-scanner/Dockerfile                          |  14 ++
 trivy-scanner/scan-images.sh                      |  78 ++++++
 volumes/alertmanager/alertmanager.yml             |  29 +++
 volumes/grafana/dashboards/sentinel.json          | 235 ++++++++++++++++++
 volumes/grafana/datasources/sentinel-postgres.yml |  16 ++
 volumes/prometheus/prometheus.yml                 |   7 +
 volumes/prometheus/rules/sentinel_alerts.yml      |  52 ++++
 35 files changed, 2244 insertions(+), 31 deletions(-)

5.1 KiB Raw Blame History

Commit 487dbeb

Description

Files Changed

Diff Summary

5.1 KiB

Raw Blame History

Commit `487dbeb`