- 05 Jul, 2026 2 commits
-
-
Vitaly Lipatov authored
Allow a group's gateway file to contain a kernel route-type keyword (blackhole/unreachable/prohibit/throw) instead of a next-hop. The script then installs routes of that type (ip route replace <kw> <dst> table N), so packets are rejected/dropped by the kernel instead of forwarded. unreachable/prohibit return ICMP to the client, giving instant failure (curl drops in ~2ms) vs hanging on a dead tunnel. Used on routes6.d/fr where the France egress (ikev2.fr) is IPv4-only and no IPv6 path exists: claude.ai AAAA now fast-rejects instead of timing out. Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
expand_volatile_subnets() iterated the whole volatile_ips/ directory and re-resolved every saved entry as a domain, never removing ones whose domain was no longer in the .list. As a result, a domain removed from a list kept re-injecting its (stale) IPs into the table forever — on igw this had accumulated ~40 stale domains in web-bypass plus claude.ai/anthropic in ai, shadowing the dedicated fr/claude.ai group. Pass the current list file to expand_volatile_subnets and prune volatile_ips entries whose domain is absent from the list before resolving. Co-Authored-By:Claude <noreply@anthropic.com>
-
- 04 Jul, 2026 12 commits
-
-
Vitaly Lipatov authored
Add memory: mail mysql credentials (mailro/mail@% split, full write-consumer list, proxymap restart); add mysql.auth SSH access Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
mail skill: document mailro (read) / mail (write) users + write-consumers (cyradm, sec); add cyradm + sec.office SSH access to memory Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude <noreply@anthropic.com>
-
- 11 Jun, 2026 2 commits
-
-
Downloader authored
-
Vitaly Lipatov authored
The shared base/ index already ships pkglist.gostcrypto/checkinstall, so apt sees these components but their RPMS.* payload was never mirrored, causing 404 on every package (e.g. apt-conf-branch-gostcrypto). Mirror the payload too, skipping branch/arch where the component is absent upstream. Co-Authored-By:Claude Opus 4.8 (1M context) <noreply@anthropic.com>
-
- 31 May, 2026 3 commits
-
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
-
- 27 May, 2026 1 commit
-
-
Vitaly Lipatov authored
When a .list is moved between groups whose `gateway` files differ in metric semantics (e.g., failover→multipath), the previous code only deleted state and kept the table. This caused stale routes with the old `metric N` to coexist with newly loaded multipath routes, because `ip route replace` keyed on dst+metric and treated them as distinct entries. Two related changes: - cleanup_state's "moved" branch now flushes the table before the new group loads it, so the table starts clean. - cleanup_state is invoked before process_routes so the flushes happen prior to the new group's load (otherwise a flush after load would wipe out the just-installed routes). Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
- 25 May, 2026 2 commits
-
-
Vitaly Lipatov authored
- lesson on anyssh.ru = 91.232.225.8 hidden behind shared jumphost - feedback: never add office-subnet routes on remote NAT peer Both incidents from ikev2.gr.egw setup where adding routes on parentglobal first killed reverse SSH access to the host. Co-Authored-By:Claude Opus 4.7 <noreply@anthropic.com>
-
Vitaly Lipatov authored
New CT 704 (ikev2.fr.egw, .140) and CT 706 (ikev2.gr.egw, .139) act as IKEv2 responders for peers behind NAT (RPi/Free.fr and parentglobal/Cosmote) that cannot accept inbound IKE. Peers initiate outbound; CT pins peer outer-IP to provider gw via updown script so encapsulated ESP doesn't loop through ipsec0 default. Docs updated; gateways added to web sidebar and CHECK_GATEWAYS for proxy health probing. Co-Authored-By:Claude Opus 4.7 <noreply@anthropic.com>
-
- 13 May, 2026 3 commits
-
-
Vitaly Lipatov authored
The input field had two Enter handlers running in parallel: the inline onkeydown calling checkDomain(), and an addEventListener calling addEntry('bypass'). preventDefault() in the inline handler does not cancel the second listener. Result: pressing Enter both checked the domain AND added it to the bypass list, clearing the input before the user could see the check results. Drop the addEventListener block — Enter now only triggers checkDomain(). Adding to bypass/direct/geo remains via the explicit buttons. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
- cyradm via admin user 'cyrus' (PLAIN auth) - Internal mailbox naming with ^ escape for . in usernames - IMAP admin proxy via SASL authzid for cross-user operations - .sub subscription files (not auto-updated on renm) - Roundcube SPECIAL-USE folders, legacy ACL on domain migration - autocreate triggers ONLY on INBOX creation Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Move host03 knowledge from memory to .claude/docs/host03.md: nginx+Apache architecture, certbot/webroot, SSL block template, sub_filter for legacy CMS that emit absolute http:// links. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
- 09 May, 2026 15 commits
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Searching only PTR records misses A-only entries; verify candidate IP in both office.etersoft.ru and 0.168.192.in-addr.arpa, then ping. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Direct skill confirmations (do not route through lavtomate) and the bug_create-confirmation flow (do not retry; check via confirmation_check). Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
When DNS times out, "dig +short" can emit ";; communications error to SERVER#53: timed out" to stdout (not just stderr). resolve_gw's grep -m1 '[0-9]' would accept that line as an "IP" (it contains "10#53"); gw_monitor_tag would carry it through sed and produce a multi-line tag. The latter ended up as state directory names like "gw-;; communications error to ...\\nikev2.hetzner.v6/". Wrap dig in 2>/dev/null and filter "^;" diagnostics; in gw_monitor_tag also take only the first PTR line.
-
Vitaly Lipatov authored
Refuses to delete a running resource; prints type/VMID/name/node/pool and requires the operator to retype the VM name to confirm. Uses --purge to clean up backups and references. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Generates a one-time .vv file via PVE spiceproxy API and launches remote-viewer. Uses short hostname for proxy and includes host-subject as required for TLS. VMs only (qemu), must be running. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Allocates the next free VMID, defaults the target pool to Testing. For running LXC sources, takes a temporary snapshot, clones from it and removes the snapshot afterwards. Reminds the operator to set the new IP before starting the cloned container. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Default is graceful shutdown; --force issues an immediate stop. No-op when the resource is already stopped. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
Vitaly Lipatov authored
Resolves VMID to its node via cluster resources, dispatches to qm/pct depending on type, no-op if the resource is already running. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-