- 25 May, 2026 2 commits
-
-
Vitaly Lipatov authored
- lesson on anyssh.ru = 91.232.225.8 hidden behind shared jumphost - feedback: never add office-subnet routes on remote NAT peer Both incidents from ikev2.gr.egw setup where adding routes on parentglobal first killed reverse SSH access to the host. Co-Authored-By:Claude Opus 4.7 <noreply@anthropic.com>
-
Vitaly Lipatov authored
New CT 704 (ikev2.fr.egw, .140) and CT 706 (ikev2.gr.egw, .139) act as IKEv2 responders for peers behind NAT (RPi/Free.fr and parentglobal/Cosmote) that cannot accept inbound IKE. Peers initiate outbound; CT pins peer outer-IP to provider gw via updown script so encapsulated ESP doesn't loop through ipsec0 default. Docs updated; gateways added to web sidebar and CHECK_GATEWAYS for proxy health probing. Co-Authored-By:
-
- 13 May, 2026 3 commits
-
-
Vitaly Lipatov authored
The input field had two Enter handlers running in parallel: the inline onkeydown calling checkDomain(), and an addEventListener calling addEntry('bypass'). preventDefault() in the inline handler does not cancel the second listener. Result: pressing Enter both checked the domain AND added it to the bypass list, clearing the input before the user could see the check results. Drop the addEventListener block — Enter now only triggers checkDomain(). Adding to bypass/direct/geo remains via the explicit buttons. Co-Authored-By: -
Vitaly Lipatov authored
- cyradm via admin user 'cyrus' (PLAIN auth) - Internal mailbox naming with ^ escape for . in usernames - IMAP admin proxy via SASL authzid for cross-user operations - .sub subscription files (not auto-updated on renm) - Roundcube SPECIAL-USE folders, legacy ACL on domain migration - autocreate triggers ONLY on INBOX creation Co-Authored-By: -
Vitaly Lipatov authored
Move host03 knowledge from memory to .claude/docs/host03.md: nginx+Apache architecture, certbot/webroot, SSL block template, sub_filter for legacy CMS that emit absolute http:// links. Co-Authored-By:
-
- 09 May, 2026 17 commits
-
-
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Searching only PTR records misses A-only entries; verify candidate IP in both office.etersoft.ru and 0.168.192.in-addr.arpa, then ping. Co-Authored-By: -
Vitaly Lipatov authored
Direct skill confirmations (do not route through lavtomate) and the bug_create-confirmation flow (do not retry; check via confirmation_check). Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
When DNS times out, "dig +short" can emit ";; communications error to SERVER#53: timed out" to stdout (not just stderr). resolve_gw's grep -m1 '[0-9]' would accept that line as an "IP" (it contains "10#53"); gw_monitor_tag would carry it through sed and produce a multi-line tag. The latter ended up as state directory names like "gw-;; communications error to ...\\nikev2.hetzner.v6/". Wrap dig in 2>/dev/null and filter "^;" diagnostics; in gw_monitor_tag also take only the first PTR line.
-
Vitaly Lipatov authored
Refuses to delete a running resource; prints type/VMID/name/node/pool and requires the operator to retype the VM name to confirm. Uses --purge to clean up backups and references. Co-Authored-By: -
Vitaly Lipatov authored
Generates a one-time .vv file via PVE spiceproxy API and launches remote-viewer. Uses short hostname for proxy and includes host-subject as required for TLS. VMs only (qemu), must be running. Co-Authored-By: -
Vitaly Lipatov authored
Allocates the next free VMID, defaults the target pool to Testing. For running LXC sources, takes a temporary snapshot, clones from it and removes the snapshot afterwards. Reminds the operator to set the new IP before starting the cloned container. Co-Authored-By: -
Vitaly Lipatov authored
Default is graceful shutdown; --force issues an immediate stop. No-op when the resource is already stopped. Co-Authored-By: -
Vitaly Lipatov authored
Resolves VMID to its node via cluster resources, dispatches to qm/pct depending on type, no-op if the resource is already running. Co-Authored-By: -
Vitaly Lipatov authored
Default mode lists VM/CT with filters --node/--pool/--running/--stopped/ --user and a name pattern. With --templates lists LXC templates (vztmpl) discovered on cluster storages, deduplicated by storage name. Co-Authored-By: -
Vitaly Lipatov authored
Provides pvesh_cmd (uses ssh -n to avoid stdin consumption inside while-read loops), get_cluster_resources with caching, resolve_vmid that sets RES_TYPE/NODE/STATUS/NAME/POOL, and vm_cmd/vm_mgr helpers. Co-Authored-By:
-
- 05 May, 2026 2 commits
-
-
Vitaly Lipatov authored
Matches the physical layout of the 24-bay shelf on pve-backup (4 columns, 6 rows tall) rather than the previous 6x4. Co-Authored-By: -
Vitaly Lipatov authored
Maps slot -> block device via /sys/class/enclosure/, joins lsblk size/model and zpool membership, renders a text table plus a colored cols x rows grid of the physical shelf (slot 0 top-left, left to right). Geometry is configurable via COLS/ROWS env vars; default 6x4 fits a 24-bay shelf. Co-Authored-By:
-
- 20 Apr, 2026 1 commit
-
-
Vitaly Lipatov authored
Sync repo copy with the actual script on download: adds create_full_list / create_content_index functions and requires/filelist processing. Pass `--` to sed so filenames starting with `-` aren't parsed as options (a stray `--force` file appeared in epm-requires/epm-filelist and broke the run). Co-Authored-By:
-
- 16 Apr, 2026 2 commits
-
-
Vitaly Lipatov authored
Build dependency hints are out of scope here — packaging tasks go to alt-packaging-agents. Co-Authored-By: -
Vitaly Lipatov authored
Move memory files from ~/.claude/projects/... into the repo so other machines/users get them on clone. Credentials stay out of git in .claude/secrets/ (ignored by the existing .claude/* rule). Co-Authored-By:
-
- 15 Apr, 2026 1 commit
-
-
Vitaly Lipatov authored
- Add 7 skills: dns, pve, mail, eterban, vpn, network, sip - Add reference docs: dhash.ru, epm, nfs - Remove redundant agents (dns-manager, pve-manager) - Move SPICE docs from vz/pve-spice-connect.md into pve skill - Add skills table to CLAUDE.md - Update .gitignore to track only .claude/skills/ and .claude/docs/ Co-Authored-By:
-
- 02 Apr, 2026 7 commits
-
-
Vitaly Lipatov authored
mv preserves source file group (root), not sgid directory group. Explicit chgrp+chmod ensures routeweb can always read resolved files. Co-Authored-By: -
Vitaly Lipatov authored
- _flatten: sorted output for consistent ordering - JSON lists: sorted(set()) per list - Ensures no duplicates in text, mikrotik, and json formats Co-Authored-By: -
Vitaly Lipatov authored
When requesting group=gre,egw,zapret the same IP can appear in multiple lists. _flatten() now uses a set to remove duplicates while preserving order. Co-Authored-By: -
Vitaly Lipatov authored
route-update.sh: after writing resolved, run mapcidr -a and -aa in background to generate resolved.agg1 and resolved.agg2 route-web-api.py: read pre-aggregated files from cache instead of calling mapcidr on each request. Instant response for aggregate=1|2. Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
dnsx resolves CNAME chains natively and runs 50 threads in parallel. Whatsapp (2097 CNAME domains): 74 minutes → 0.06 seconds. Co-Authored-By: -
Vitaly Lipatov authored
route-web-api.py: - /api/export endpoint: filter by group/list/proto, text/mikrotik/json formats - /api/export/groups: list available groups with counts - aggregate=1 (exact) / aggregate=2 (approx via mapcidr) - Multiple groups support (group=gre,egw,zapret) - Resolved data from /var/lib/etersoft-router/state/ with in-memory cache (60s TTL) - Speed check: don't early-stop before checking first 2 gateways route-update.sh: - umask 022 for readable state files - chmod g+r on resolved after write - Per-list duration tracking (duration file in state) functions: - CNAME fallback: parallel dig (xargs -P 20) instead of sequential route-stats-metrics.sh: - New: collect route list counts and push to InfluxDB - Per-list duration metrics - Route-update total duration dns/chat-dns.sh: - Rewritten for split-view subzone chat.eterfund.ru via SSH to ns1 dns/telemt-metrics.sh: - Added upstream_success/fail/slow and handshake_timeout metrics Co-Authored-By:
-
- 31 Mar, 2026 1 commit
-
-
Vitaly Lipatov authored
Round-robin DNS management for MTProto proxy failover: on — set all three A records (91.232.225.3, 95.47.184.52, 217.12.37.55) off — keep only primary IP Uses nsupdate -l (local) for running on ns1. Co-Authored-By:
-
- 24 Mar, 2026 1 commit
-
-
Vitaly Lipatov authored
detect_volatile_domains() was resolving every domain via dig on each run, which took 30+ minutes for large lists (e.g. 2097 whatsapp domains). Cache domains confirmed as non-volatile (stable TTL, same IPs from different resolvers) and skip them on subsequent runs. Cache expires after 7 days and is ignored with --force. Co-Authored-By:
-
- 19 Mar, 2026 3 commits
-
-
Vitaly Lipatov authored
Tool to read, parse, modify and write ZFS vdev labels. Allows recovering a detached disk back into a mirror by copying labels between devices. Co-Authored-By: -
Vitaly Lipatov authored
- route-health.sh: query net_response from InfluxDB for SOCKS5 proxy status, include per-gateway proxy field and global proxy map in health.json - route-web-api.py: add proxy-dot indicators in egw/ogw/routers sidebar sections, updated from health.json proxy data - Telegraf net_response on telegraf CT (682) checks port 1080 on all gateway IPs every 30s Co-Authored-By: -
Vitaly Lipatov authored
Check TCP connectivity to port 1080 on each gateway IP. Result is included as "proxy":true/false in health.json for web UI display. Co-Authored-By:
-
