roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 925ab1f696 Overhaul setup wizard: domain config, password strength, field alignment main roof 2026-05-11 07:27:59 -04:00
  • 439886624e Fix config/data ownership — chown to invoking user after make install roof 2026-05-11 06:46:12 -04:00
  • 24877df976 Fix setup wizard and installer for fresh-install flow roof 2026-05-11 06:08:55 -04:00
  • bfa0d99dd1 Fix git safe.directory error for non-root users after install roof 2026-05-11 05:46:40 -04:00
  • 1e2cf5580f Fix setup wizard: align field names with API (domain_type→domain_mode, services→services_enabled) roof 2026-05-11 05:36:18 -04:00
  • 1989dfa0a3 Fix: exempt /api/setup/* from enforce_auth so setup wizard works on fresh install roof 2026-05-11 05:03:44 -04:00
  • 5dab6377bc Restore https:// now that git.pic.ngo has a TLS certificate roof 2026-05-11 04:33:51 -04:00
  • 0a24d20bbc Update QUICKSTART: use http for install.pic.ngo and git.pic.ngo (no HTTPS yet) roof 2026-05-11 02:58:48 -04:00
  • 46599bd37e Fix installer: use http://git.pic.ngo without port (nginx forwards) roof 2026-05-11 02:57:13 -04:00
  • dde4d9a53f Rewrite CLAUDE.md following article best practices roof 2026-05-10 07:25:53 -04:00
  • 674a66f7a0 Revert registry port: git.pic.ngo uses standard port (DNS fix pending) roof 2026-05-10 06:59:13 -04:00
  • 9df3bf6a17 Fix release workflow: registry is git.pic.ngo:3000 not port 80 roof 2026-05-10 06:52:42 -04:00
  • 0773179962 Gitignore .coverage files roof 2026-05-10 06:28:40 -04:00
  • 3a35cf72d3 Fix CI failures on root — mock OSError instead of relying on filesystem roof 2026-05-10 06:19:24 -04:00
  • 515f3d5075 Update QUICKSTART: lead with curl installer, document all domain modes roof 2026-05-10 05:05:08 -04:00
  • 35993bc79d Update all documentation to reflect current architecture roof 2026-05-10 04:35:37 -04:00
  • f1b48208fc Fix CI unit test failures and DDNS config wiring roof 2026-05-10 04:20:19 -04:00
  • ffe1dbeed6 Integrate DDNS registration and IP update into installer roof 2026-05-10 02:28:02 -04:00
  • 15376b67c7 Add runtime-generated config paths to .gitignore roof 2026-05-09 13:26:03 -04:00
  • 8efe8c1225 Merge PIC v2 — phases 1-5 + CI/CD: wizard, HTTPS, DDNS, service store, connectivity roof 2026-05-09 12:11:15 -04:00
  • 64e60dc577 Add Gitea Actions CI workflows — unit tests on push, image builds on tag feature/fix-cross-cell-domain-access roof 2026-05-09 10:59:29 -04:00
  • e38bd4e81f Phase 5: extended connectivity — WireGuard ext, OpenVPN, Tor exit routing roof 2026-05-09 10:48:20 -04:00
  • 0a21f22076 Phase 4: service store — manifest validation, install/remove, Store UI roof 2026-05-09 10:19:39 -04:00
  • f77d7fabcd Phase 3: ddns_manager — DDNS client, provider adapters, IP heartbeat roof 2026-05-09 09:42:00 -04:00
  • 7d290c12c4 Phase 2: caddy_manager — Caddyfile generation, health monitor, DNS-01 support roof 2026-05-09 09:04:11 -04:00
  • c1b1686cd9 Add frontend wiring for setup wizard — setupAPI, SetupGuard, /setup route roof 2026-05-09 08:27:13 -04:00
  • cf1b9672f4 Phase 1: first-run setup wizard, bash installer, Docker profiles roof 2026-05-09 08:05:38 -04:00
  • 6dbd0dff46 Add Gitea Actions CI workflows — unit tests on push, image build on tag roof 2026-05-09 07:21:35 -04:00
  • 7391d7f7a2 Add e2e latency consistency test for WireGuard tunnel roof 2026-05-07 15:13:27 -04:00
  • b8e57b6e51 Fix race condition in ensure_forward_stateful: add threading.Lock roof 2026-05-07 10:12:18 -04:00
  • 1b61e9e290 Fix ICMP latency: re-anchor ESTABLISHED,RELATED to FORWARD position 1 on every health tick roof 2026-05-05 18:51:38 -04:00
  • 6f84a3ffe1 Fix e2e fixture: use Table=off + manual routes to avoid wg-quick conflict roof 2026-05-05 13:31:53 -04:00
  • 0042b3b1bb Use alpine instead of busybox for cell subnet route injection roof 2026-05-05 12:59:23 -04:00
  • e2c50c381a Fix cross-cell domain access: scope DNAT rules, add Docker→wg0 routing roof 2026-05-05 12:37:02 -04:00
  • 1e1bda4679 Fix cross-cell ICMP routing: state-based cell DROP + e2e test roof 2026-05-05 10:59:11 -04:00
  • 5a4e292440 fix: allow reply traffic from connected cells through FORWARD chain roof 2026-05-04 15:13:59 -04:00
  • c2d215ee2e fix: cross-cell routing for split-tunnel peers roof 2026-05-04 14:36:28 -04:00
  • 8ee1d88e37 Add subnet conflict validation for wireguard.address and ip_range changes roof 2026-05-04 10:00:58 -04:00
  • c658d2b16c Add domain conflict validation when changing domain or accepting heal invite roof 2026-05-04 09:46:58 -04:00
  • ac0c16c97b Fix session cookie name collision when running multiple PIC instances on localhost roof 2026-05-04 09:15:42 -04:00
  • 28a193e430 Fix ensure_postup_dnat to strip-and-replace all DNAT rules idempotently roof 2026-05-04 06:54:20 -04:00
  • d36fe88e16 feat(ui): add show/hide password toggle to login and account settings roof 2026-05-04 06:05:46 -04:00
  • 67362349d1 test: add loop detection tests for PUT /api/peers/<peer>/route-via roof 2026-05-04 04:24:02 -04:00
  • dc2606541c feat: Phase 4 hardening — retry/backoff, loop detection, sync status UI + tests roof 2026-05-04 04:18:36 -04:00
  • 960a4ecc51 fix: WG address change now queues pending restart + heals cell connections roof 2026-05-02 08:29:18 -04:00
  • 0e16d6968a fix: prevent test runs from corrupting live WG state; sync wg0.conf on IP change roof 2026-05-02 07:45:28 -04:00
  • 99c1d9cd92 feat: auto mutual WG pairing + subnet/domain conflict detection roof 2026-05-02 06:24:46 -04:00
  • 1a611e0474 fix: UI always accessible; fix exit-relay AllowedIPs not updating roof 2026-05-02 05:41:22 -04:00
  • c521fab1cb fix: merge CoreDNS ACL per-service and add reload plugin; add peer/cell e2e tests roof 2026-05-02 04:57:37 -04:00
  • f1666ba19c fix: embed DNAT rules in wg0.conf PostUp for persistence + fix dns_ip in server config roof 2026-05-02 04:07:10 -04:00
  • 9a800e3b6b feat: fix cross-cell service access — DNS DNAT, service DNAT, Caddy routing roof 2026-05-02 03:12:09 -04:00
  • f2f15eb17e fix: restore cell WG peer blocks lost from wg0.conf on startup roof 2026-05-02 01:52:47 -04:00
  • 68c27b4521 security: replace WireGuard catch-all ACCEPT with DROP roof 2026-05-02 00:31:55 -04:00
  • 2b93c8aec5 chore: add webui package-lock.json roof 2026-05-01 23:25:27 -04:00
  • 94957abd23 feat(webui): internet sharing UI — exit-offer toggle + peer route-via selector roof 2026-05-01 23:07:50 -04:00
  • 8ea834e108 feat: Phase 3 - per-peer internet routing via exit cell roof 2026-05-01 16:23:31 -04:00
  • dcee03dd3f feat(cells): Phase 2 — exit-offer signaling between connected cells roof 2026-05-01 15:49:21 -04:00
  • 7da0cbb714 fix: add X-Forwarded-For WG IP to peer-sync push curl command roof 2026-05-01 15:24:08 -04:00
  • 59927b6ad7 fix: whitelist peer-sync endpoint from session auth + CSRF roof 2026-05-01 14:59:57 -04:00
  • 4a9c4cc58b fix: add kernel routes for cell peers after wg set roof 2026-05-01 14:47:22 -04:00
  • ea6731d62c Fix FORWARD rule ordering: embed API-sync ACCEPT inside apply_cell_rules roof 2026-05-01 14:05:49 -04:00
  • 4ba79fd614 Fix Phase 1 permission sync: route push via cell-wireguard + DNAT receive roof 2026-05-01 13:48:49 -04:00
  • a3d0cd5a48 feat(cells): Phase 1 — permission sync between connected PICs roof 2026-05-01 13:12:30 -04:00
  • 37d023659a fix(ui): parse getPeerStatuses dict response correctly in CellNetwork roof 2026-05-01 12:25:12 -04:00
  • 29390f064a fix(scripts): api code lives at /app/api/ inside container, not /app/ roof 2026-05-01 11:50:56 -04:00
  • a8a1de1cba fix(scripts): detect container vs host layout reliably in reset_admin_password roof 2026-05-01 11:49:19 -04:00
  • 56d677e925 fix: copy button HTTP fallback, reset-admin-password in Docker, scripts volume roof 2026-05-01 11:34:38 -04:00
  • e8b3288a41 Merge feature/security-fixes-and-qa into main roof 2026-05-01 11:09:34 -04:00
  • 562d866a65 feat(cells): Phase 3 tests + Phase 4 UI for cell service-sharing roof 2026-05-01 08:45:32 -04:00
  • 0b103ffafb feat(cells): fix PIC-to-PIC connection + add service-sharing permissions roof 2026-05-01 08:35:24 -04:00
  • f3118ff401 fix(vpn): sync WireGuard server key on startup; fix DNS zone cell_name/SOA; fix peer status UI roof 2026-05-01 08:05:45 -04:00
  • 5d0238ff3c A5: Extract config routes into blueprint (app.py 1294 → 579 lines) roof 2026-05-01 06:53:24 -04:00
  • 09138fbc18 A5: Extract all route groups into Flask blueprints (app.py -1735 lines) roof 2026-05-01 06:11:21 -04:00
  • d54844cd44 fix(P2): peer add rollback, helper failure recovery, manager extraction (A2/A3/A5) roof 2026-05-01 05:27:39 -04:00
  • 2455fe189e fix: apply_cell_name regex now matches zone files with TTL field roof 2026-04-29 09:32:51 -04:00
  • 10eac1fda1 fix: make update stashes runtime config before pull to avoid merge conflicts roof 2026-04-29 09:10:00 -04:00
  • caadcaf5c9 fix: untrack runtime config files and add them to .gitignore roof 2026-04-29 09:07:27 -04:00
  • ede01b316e fix: untrack runtime config files and add them to .gitignore roof 2026-04-29 09:02:22 -04:00
  • fcb338b659 merge: feature/security-fixes-and-qa — security audit fixes, CSRF, test coverage roof 2026-04-29 08:58:54 -04:00
  • 9aaacd11cc fix: CSRF regression — grace period for old sessions, GET check-port/refresh-ip, Peers.jsx native fetch tokens roof 2026-04-27 12:18:02 -04:00
  • a43f9fbf0d fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests roof 2026-04-27 11:30:21 -04:00
  • 0c12e3fc97 fix: change domain from dev to lan to avoid browser HSTS preload blocking HTTP roof 2026-04-27 01:54:33 -04:00
  • 32272420cb test: add E2E coverage for peer dashboard/services, DNS records, and WG domain access roof 2026-04-26 17:41:21 -04:00
  • 3690c6d955 fix: correct DNS records, peer dashboard field names, and services API response roof 2026-04-26 17:11:21 -04:00
  • e5d59fd94d fix: sync API key-store from wg0.conf to prevent WireGuard handshake failure roof 2026-04-26 16:40:21 -04:00
  • 9418c3da5b feat: restore WireGuard peers after bootstrap and add VPN routing tests roof 2026-04-26 15:33:57 -04:00
  • 78706d685f merge: feature/security-fixes-and-qa — WireGuard fixes, test infrastructure, port propagation roof 2026-04-26 15:06:17 -04:00
  • 580d8af7ae fix: port changes now propagate to containers via env file in-place writes roof 2026-04-26 15:00:43 -04:00
  • 729c401c33 fix: apply_config bootstraps wg0.conf when file is empty roof 2026-04-26 09:25:02 -04:00
  • de5ff75a2e fix: wireguard_port identity change and check_port_open verification roof 2026-04-26 08:41:22 -04:00
  • 9677755b4f fix: e2e/integration test infrastructure and Makefile test targets roof 2026-04-26 08:27:27 -04:00
  • 420dced9ff fix: WireGuard peer sync, privileged mode, E2E and integration test correctness roof 2026-04-26 06:04:40 -04:00
  • 31a7951ffd fix: 4 issues — admin password sudo, peer modal, WireGuard fetch creds, port check roof 2026-04-26 03:33:11 -04:00
  • ec9ceec7a7 feat: add show-admin-password and reset-admin-password make targets roof 2026-04-26 03:17:38 -04:00
  • 7d2979b8af fix: integration and E2E test correctness after auth enforcement roof 2026-04-25 18:14:38 -04:00
  • 828dc8cb8f fix: Makefile test targets for Debian system Python and sudo roof 2026-04-25 17:42:32 -04:00
  • a98e095e10 fix: enrich peer dashboard and services API endpoints roof 2026-04-25 16:49:10 -04:00
  • 0d32038150 feat: add comprehensive E2E test suite (Playwright + WireGuard + API) roof 2026-04-25 16:41:13 -04:00
  • 1e81b3b618 Fix webui port binding: restore public access on 8081 roof 2026-04-25 16:10:49 -04:00
  • fc3cfc9741 Fix post-deploy auth issues: best-effort service provisioning, integration test auth, test mock corrections roof 2026-04-25 15:42:03 -04:00