pic/api at 85d265187da6d01a295a2772215bb77dd036fe8c - pic - Gitea: Git with a cup of tea

roof/pic

Files

T

History

roof 85d265187d

Unit Tests / test (push) Successful in 7m32s

Details

fix: Caddy TLS cert acquisition — two DNS-01 blockers

1. caddy_manager: embed ddns.token (registration bearer token) in
   Caddyfile, not DDNS_TOTP_SECRET. The pic_ngo plugin sends the token
   to POST /api/v1/dns-challenge; using the TOTP secret caused 401 on
   every attempt.

2. firewall_manager: add _acme-challenge.<zone> forwarding block before
   each split-horizon zone in the Corefile. Without this, CoreDNS was
   authoritative for the challenge name and returned NODATA for TXT
   queries (wildcard A record matches but wrong type), blocking Caddy's
   internal DNS pre-verification step.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-08 10:45:15 -04:00

..

fix: WireGuard routing, DNS, service access, and UI improvements

2026-04-20 12:43:23 -04:00

fix: EmailManager route calls get_email_users not get_users

2026-06-08 10:12:24 -04:00

account_manager.py

fix: fall back to cell effective domain when email service domain not configured

2026-06-05 17:06:51 -04:00

API_DOCUMENTATION.md

init

2025-09-12 23:04:52 +03:00

app.py

fix: split-horizon DNS zone uses WireGuard IP, not Docker bridge IP

2026-06-08 02:11:01 -04:00

auth_manager.py

Fix CI unit test failures and DDNS config wiring

2026-05-10 04:20:19 -04:00

auth_routes.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

base_service_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

caddy_manager.py

fix: Caddy TLS cert acquisition — two DNS-01 blockers

2026-06-08 10:45:15 -04:00

calendar_manager.py

fix: service credential provisioning and install reliability

2026-06-07 13:41:41 -04:00

cell_cli.py

init

2025-09-12 23:04:52 +03:00

cell_link_manager.py

Fix: use domain_name (FQDN) in cell invite and conflict checks

2026-06-06 11:56:42 -04:00

cell_manager.py

init

2025-09-12 23:04:52 +03:00

config_manager.py

fix: split-horizon DNS zone uses WireGuard IP, not Docker bridge IP

2026-06-08 02:11:01 -04:00

config.py

init

2025-09-12 23:04:52 +03:00

connectivity_manager.py

Implement connectivity store services (wireguard-ext, openvpn-client, tor)

2026-05-30 10:06:48 -04:00

container_manager.py

fix: silent autosave, pending dedup, domain/cell_name pending, containers access

2026-04-24 07:16:13 -04:00

ddns_manager.py

fix: DDNS update token in body, webdav gating, regression tests

2026-06-07 16:56:12 -04:00

Dockerfile

fix: full-tunnel default, real host routing table, peer config tunnel mode

2026-04-20 15:20:55 -04:00

egress_manager.py

feat: add EgressManager — per-service egress enforcement via host iptables

2026-05-30 00:58:47 -04:00

email_manager.py

fix: service credential provisioning and install reliability

2026-06-07 13:41:41 -04:00

enhanced_cli.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

file_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

firewall_manager.py

fix: Caddy TLS cert acquisition — two DNS-01 blockers

2026-06-08 10:45:15 -04:00

ip_utils.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

legacy_cleanup.py

feat: Phase 5 — remove legacy service blocks, one-shot container cleanup

2026-05-29 15:57:45 -04:00

log_manager.py

fix: spurious health alerts, show rotated logs, clear history button

2026-04-21 03:05:04 -04:00

managers.py

fix: DNS split-horizon in DDNS mode, service access filter, health check, verbosity persistence

2026-06-07 13:05:58 -04:00

manifest_validator.py

Implement connectivity store services (wireguard-ext, openvpn-client, tor)

2026-05-30 10:06:48 -04:00

network_manager.py

fix: ensure DNS zone changes take effect immediately on startup

2026-06-07 03:41:19 -04:00

peer_registry.py

Phase 5: extended connectivity — WireGuard ext, OpenVPN, Tor exit routing

2026-05-09 10:48:20 -04:00

port_registry.py

feat: port conflict validation, autosave on Apply, extended integration tests

2026-04-24 04:45:47 -04:00

requirements.txt

Fix CI unit test failures and DDNS config wiring

2026-05-10 04:20:19 -04:00

routing_manager.py

feat(cells): fix PIC-to-PIC connection + add service-sharing permissions

2026-05-01 08:35:24 -04:00

service_bus.py

feat: make DDNS domain_name the effective domain across all services

2026-05-28 02:48:47 -04:00

service_composer.py

fix: service credential provisioning and install reliability

2026-06-07 13:41:41 -04:00

service_registry.py

feat: Phase 2 — remove builtins layer, ServiceRegistry is installed-only

2026-05-29 08:53:44 -04:00

service_store_manager.py

fix: peer access to /api/services/active and unconditional Caddy startup regen

2026-06-07 15:58:27 -04:00

setup_manager.py

feat: remove optional services step from setup wizard

2026-05-29 18:33:43 -04:00

test_enhanced_api.py

wip: make work Services Status

2025-09-13 14:23:31 +03:00

vault_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

wireguard_manager.py

fix: get_status returns actual configured WG address instead of hardcoded default

2026-06-06 14:48:49 -04:00