- 17 Feb, 2026 15 commits
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Update routes6.d structure: replace ogw with gre group (table 222) - Fix NETMAP prefix /120 → /118, show igw as gateway (not egw) - Add OpenVPN NAT66 and Xray L7 proxy sections - Update ip rule show to include gre (pref 2220), add IPv6 packet flow - Document --verbose flag and partial route loss detection (1% tolerance) Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Previously auto-recovery only triggered when routing table was completely empty. Now it also reloads when route count drops below 99% of expected (from resolved state file). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Add --verbose/-v flag with detailed logging at all decision points: group config, hash comparison, rule/route checks, resolve stats - Use ip -N (numeric) for rule show to avoid name vs number mismatch that could cause false-positive "no changes" when rules were missing Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Document routes6.d/ structure and IPv6 processing - Add GRE tunnel + NPTv6 prefix translation diagram - Document "default" keyword behavior for IPv4/IPv6 - Document IPv4 filtering in IPv6 mode - Document automatic rules/routes recovery - Note routes.d/ and routes6.d/ are site-specific (not in git) - Update state section with gateway tracking Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When processing routes6.d, pure-IP list files may contain IPv4 addresses/subnets. Filter them out by only passing lines with ":" (IPv6 addresses) in IPv6 mode. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
These directories contain deployment-specific config (gateways, tables, symlinks to local lists) that vary per installation. Add .gitignore. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Pass ip command to read_group_config() so "default" keyword resolves via "ip -6 route" for routes6.d groups instead of always using IPv4. Also detect address family from directory location instead of gateway content for --add/--del/--flush commands. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Replace fc00:eeee:eeee:eeee::1 placeholder with actual gateway 2a03:5a00:c:20::122 (CT 680 gre.hetzner). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When ip rules or routing tables are empty (e.g. after networkctl reconfigure), force reload even if list hashes match. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Support "default" keyword in gateway file to use the machine's default route. Add dgw route group (table 2, pref 20) to override ogw/egw for addresses that should go directly without tunnels. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 16 Feb, 2026 1 commit
-
-
Vitaly Lipatov authored
Skips the file hash check but keeps the resolved IP diff, so routes are only reloaded when DNS actually returns different IPs. Useful for cron: `*/15 * * * * ./route-update.sh --resolve` Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 15 Feb, 2026 1 commit
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 14 Feb, 2026 4 commits
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When gateway file contains multiple IPs, generate multipath routes with nexthop per gateway (weight 1 each). Kernel distributes traffic per-flow across gateways. Single gateway: route replace IP via GW table T Multiple: route replace IP table T nexthop via GW1 weight 1 nexthop via GW2 weight 1 Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Directory name is now a logical group name (egw, ogw) with gateway and table specified in files, same as routes6.d/. Unify process_v4 and process_v6 into a single process_routes function. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 13 Feb, 2026 12 commits
-
-
Vitaly Lipatov authored
Drop iif interface restriction so policy routes apply to both forwarded and locally-generated traffic. Suppress harmless "FIB table does not exist" errors on first flush. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Split .list files into pure-IP (antifilter) and domain lists. Pure IP files go through cat directly, avoiding slow per-line bash processing of 155k entries through cat_expanded and is_ipv4. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
154k lines of ipresolve.lst made while-read loop extremely slow. Use grep to instantly separate IPs from domains. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Replace ipset+mangle approach with pure ip route tables. Configuration via routes.d/ (IPv4) and routes6.d/ (IPv6) directories where each subdirectory = gateway and .list symlinks = domain/IP lists. Features: - Hash-based change detection (skip if lists unchanged) - Double check: file hash + resolved IPs diff - Batch route loading via ip -batch - Automatic cleanup of orphaned state - --show/--force/--add/--del/--flush options Also adds is_ipv6() and get_ipv6_list_bulk() to functions. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
System Administrator authored
-
System Administrator authored
-
System Administrator authored
-
System Administrator authored
Add echo before each append (>>) to ensure trailing newline, preventing IP corruption when files are concatenated. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
System Administrator authored
Add get_ipv4_list_bulk() to functions that resolves all domains at once via adnshost instead of sequential dig calls. Falls back to dig for domains with deep CNAME chains. DNS resolution: ~134s -> ~6s. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
System Administrator authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
System Administrator authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
System Administrator authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 19 Jan, 2026 1 commit
-
-
Vitaly Lipatov authored
Automatically add HTTP/<FQDN> SPN to machine account and update keytab when joining domain or refreshing keytab. This allows web services to use system keytab /etc/krb5.keytab instead of separate service account keytabs. Co-Authored-By:Claude Opus 4.5 <noreply@anthropic.com>
-
- 16 Jan, 2026 6 commits
-
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
- Remove --use-kerberos=required from leave (doesn't work with broken machine account) - Replace --use-kerberos=required with -U $ADMIN for join (more reliable) - Add comment explaining why --use-kerberos=required doesn't work Co-Authored-By:Claude Opus 4.5 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Use dnshostname=$(hostname -f) to register correct dNSHostName (e.g. host.office.etersoft.ru instead of host.etersoft.ru) - Replace deprecated -k with --use-kerberos=required - Add idempotency: check testjoin status before joining - If already joined, verify keytab has correct FQDN - If machine account is broken, leave and rejoin Note: requires msDS-AllowedDNSSuffixes on DC to include the DNS subdomain Co-Authored-By:Claude Opus 4.5 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Add comprehensive system administration instructions: - Debugging principles - Email sending via mail command - Remote access tools (xpra, xfreerdp) - Package management with epm - Service management with serv - VPN servers and access creation - NFS group management with samba-tool - Miscellaneous notes (Saby, gpush, etc)
-
Vitaly Lipatov authored
- Split report into "Изменения" and "Проверка распространения" sections - Show before→after values for each changed subdomain - Add separate propagation check for each subdomain - Remove generic A/AAAA format in favor of explicit subdomain listing
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By:Claude Sonnet 4.5 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Add comprehensive eterban section with commands and usage - Document access to priv.etersoft.ru (ssh -p 32 without root@) - Add eterban log locations and settings - Make DNS verification mandatory after changes - Add Cloudflare DNS to verification checklist - Improve DNS report format template
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By:Claude Sonnet 4.5 <noreply@anthropic.com>
-