- 05 Jul, 2026 3 commits
-
-
Vitaly Lipatov authored
ip rule pref is otherwise derived from alphabetical group order, so a group cannot be consulted before a lexicographically-earlier one (e.g. fr vs egw) without renaming it — and digits sort after letters in ru_RU.UTF-8, so even a '0-fr' rename goes the wrong way. Allow an options line "pref N" to set the group's pref base directly, independent of name or locale. Used on fr (pref 900) so claude.ai via fr wins over the egw/ai table (pref 1210). Also call _fixup_rule_pref on the "resolved unchanged" skip path, so an options-only change actually migrates the ip rule to the new pref (previously the rule kept its old pref because load was skipped). Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Allow a group's gateway file to contain a kernel route-type keyword (blackhole/unreachable/prohibit/throw) instead of a next-hop. The script then installs routes of that type (ip route replace <kw> <dst> table N), so packets are rejected/dropped by the kernel instead of forwarded. unreachable/prohibit return ICMP to the client, giving instant failure (curl drops in ~2ms) vs hanging on a dead tunnel. Used on routes6.d/fr where the France egress (ikev2.fr) is IPv4-only and no IPv6 path exists: claude.ai AAAA now fast-rejects instead of timing out. Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
expand_volatile_subnets() iterated the whole volatile_ips/ directory and re-resolved every saved entry as a domain, never removing ones whose domain was no longer in the .list. As a result, a domain removed from a list kept re-injecting its (stale) IPs into the table forever — on igw this had accumulated ~40 stale domains in web-bypass plus claude.ai/anthropic in ai, shadowing the dedicated fr/claude.ai group. Pass the current list file to expand_volatile_subnets and prune volatile_ips entries whose domain is absent from the list before resolving. Co-Authored-By:Claude <noreply@anthropic.com>
-
- 04 Jul, 2026 12 commits
-
-
Vitaly Lipatov authored
Add memory: mail mysql credentials (mailro/mail@% split, full write-consumer list, proxymap restart); add mysql.auth SSH access Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
mail skill: document mailro (read) / mail (write) users + write-consumers (cyradm, sec); add cyradm + sec.office SSH access to memory Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
- 11 Jun, 2026 2 commits
-
-
Downloader authored
-
Vitaly Lipatov authored
The shared base/ index already ships pkglist.gostcrypto/checkinstall, so apt sees these components but their RPMS.* payload was never mirrored, causing 404 on every package (e.g. apt-conf-branch-gostcrypto). Mirror the payload too, skipping branch/arch where the component is absent upstream. Co-Authored-By:Claude Opus 4.8 (1M context) <noreply@anthropic.com>
-
- 31 May, 2026 3 commits
-
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
-
- 27 May, 2026 1 commit
-
-
Vitaly Lipatov authored
When a .list is moved between groups whose `gateway` files differ in metric semantics (e.g., failover→multipath), the previous code only deleted state and kept the table. This caused stale routes with the old `metric N` to coexist with newly loaded multipath routes, because `ip route replace` keyed on dst+metric and treated them as distinct entries. Two related changes: - cleanup_state's "moved" branch now flushes the table before the new group loads it, so the table starts clean. - cleanup_state is invoked before process_routes so the flushes happen prior to the new group's load (otherwise a flush after load would wipe out the just-installed routes). Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
- 25 May, 2026 2 commits
-
-
Vitaly Lipatov authored
- lesson on anyssh.ru = 91.232.225.8 hidden behind shared jumphost - feedback: never add office-subnet routes on remote NAT peer Both incidents from ikev2.gr.egw setup where adding routes on parentglobal first killed reverse SSH access to the host. Co-Authored-By:Claude Opus 4.7 <noreply@anthropic.com>
-
Vitaly Lipatov authored
New CT 704 (ikev2.fr.egw, .140) and CT 706 (ikev2.gr.egw, .139) act as IKEv2 responders for peers behind NAT (RPi/Free.fr and parentglobal/Cosmote) that cannot accept inbound IKE. Peers initiate outbound; CT pins peer outer-IP to provider gw via updown script so encapsulated ESP doesn't loop through ipsec0 default. Docs updated; gateways added to web sidebar and CHECK_GATEWAYS for proxy health probing. Co-Authored-By:Claude Opus 4.7 <noreply@anthropic.com>
-
- 13 May, 2026 3 commits
-
-
Vitaly Lipatov authored
The input field had two Enter handlers running in parallel: the inline onkeydown calling checkDomain(), and an addEventListener calling addEntry('bypass'). preventDefault() in the inline handler does not cancel the second listener. Result: pressing Enter both checked the domain AND added it to the bypass list, clearing the input before the user could see the check results. Drop the addEventListener block — Enter now only triggers checkDomain(). Adding to bypass/direct/geo remains via the explicit buttons. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
- cyradm via admin user 'cyrus' (PLAIN auth) - Internal mailbox naming with ^ escape for . in usernames - IMAP admin proxy via SASL authzid for cross-user operations - .sub subscription files (not auto-updated on renm) - Roundcube SPECIAL-USE folders, legacy ACL on domain migration - autocreate triggers ONLY on INBOX creation Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Move host03 knowledge from memory to .claude/docs/host03.md: nginx+Apache architecture, certbot/webroot, SSL block template, sub_filter for legacy CMS that emit absolute http:// links. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
- 09 May, 2026 14 commits
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Searching only PTR records misses A-only entries; verify candidate IP in both office.etersoft.ru and 0.168.192.in-addr.arpa, then ping. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Direct skill confirmations (do not route through lavtomate) and the bug_create-confirmation flow (do not retry; check via confirmation_check). Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
When DNS times out, "dig +short" can emit ";; communications error to SERVER#53: timed out" to stdout (not just stderr). resolve_gw's grep -m1 '[0-9]' would accept that line as an "IP" (it contains "10#53"); gw_monitor_tag would carry it through sed and produce a multi-line tag. The latter ended up as state directory names like "gw-;; communications error to ...\\nikev2.hetzner.v6/". Wrap dig in 2>/dev/null and filter "^;" diagnostics; in gw_monitor_tag also take only the first PTR line.
-
Vitaly Lipatov authored
Refuses to delete a running resource; prints type/VMID/name/node/pool and requires the operator to retype the VM name to confirm. Uses --purge to clean up backups and references. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Generates a one-time .vv file via PVE spiceproxy API and launches remote-viewer. Uses short hostname for proxy and includes host-subject as required for TLS. VMs only (qemu), must be running. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Allocates the next free VMID, defaults the target pool to Testing. For running LXC sources, takes a temporary snapshot, clones from it and removes the snapshot afterwards. Reminds the operator to set the new IP before starting the cloned container. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Default is graceful shutdown; --force issues an immediate stop. No-op when the resource is already stopped. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-