roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity
Files
c7e01d4aa79ed153a71419f0bbe6b84c0a70c197
pic/api
T
History
roof c7e01d4aa7
Unit Tests / test (push) Successful in 9m46s
Details
fix: LAN Caddyfile serves TLS on an https:// site, not an http:// one 
_caddyfile_lan emitted the internal-CA `tls` directive inside an
`http://<cell>.cell, http://172.20.0.2:80` block. Caddy rejects a tls
directive on a port-80 (HTTP) listener ("server listening on [:80] is HTTP,
but attempts to configure TLS connection policies"), so cell-caddy crash-looped
in LAN mode. Split into a `https://<cell>.cell` site (internal-CA tls) plus a
separate plain-HTTP block for :80 — both needed because the WireGuard server
DNATs peer traffic to Caddy on 80 and 443.

Note: LAN mode still needs the internal serving cert wired to the mounted certs
dir (a separate gap) before cell-caddy comes fully up.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-16 07:26:15 -04:00
..
config
fix: WireGuard routing, DNS, service access, and UI improvements
2026-04-20 12:43:23 -04:00
routes
fix: advertise WireGuard endpoint by domain, and reach linked cells over HTTPS
2026-06-16 04:21:16 -04:00
account_manager.py
fix: fall back to cell effective domain when email service domain not configured
2026-06-05 17:06:51 -04:00
app.py
feat: connectivity redesign phase 3+4 — per-connection health, per-peer fallback, connection CRUD API
2026-06-10 21:50:45 -04:00
audit_manager.py
feat: audit/change log — owner-visible record of who changed what
2026-06-10 20:19:38 -04:00
auth_manager.py
Fix CI unit test failures and DDNS config wiring
2026-05-10 04:20:19 -04:00
auth_routes.py
feat: audit/change log — owner-visible record of who changed what
2026-06-10 20:19:38 -04:00
backup_crypto.py
fix: overhaul backup/restore — full secrets coverage, ordered reapply, optional passphrase encryption
2026-06-10 15:41:10 -04:00
base_service_manager.py
fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests
2026-04-27 11:30:21 -04:00
caddy_manager.py
fix: LAN Caddyfile serves TLS on an https:// site, not an http:// one
2026-06-16 07:26:15 -04:00
calendar_manager.py
fix: service credential provisioning and install reliability
2026-06-07 13:41:41 -04:00
cell_cli.py
init
2025-09-12 23:04:52 +03:00
cell_link_manager.py
fix: advertise WireGuard endpoint by domain, and reach linked cells over HTTPS
2026-06-16 04:21:16 -04:00
cell_manager.py
init
2025-09-12 23:04:52 +03:00
config_manager.py
feat: secure build phase 2 — enforce image verification by default
2026-06-11 14:12:58 -04:00
connectivity_manager.py
fix: unblock instanceable connectivity store-service install + clean up on delete
2026-06-15 08:45:32 -04:00
constants.py
refactor: Network Services rebuilt, DHCP decommissioned, infra cleanup
2026-06-10 08:50:00 -04:00
container_manager.py
fix: silent autosave, pending dedup, domain/cell_name pending, containers access
2026-04-24 07:16:13 -04:00
ddns_manager.py
fix: P0/P1 audit fixes — DDNS correctness, peer provisioning gates, honest stubs
2026-06-10 08:23:00 -04:00
Dockerfile
fix: unblock instanceable connectivity store-service install + clean up on delete
2026-06-15 08:45:32 -04:00
egress_manager.py
feat: connectivity redesign phase 2 — instance-aware routing + reference connections by id
2026-06-10 17:35:28 -04:00
email_manager.py
fix: service credential provisioning and install reliability
2026-06-07 13:41:41 -04:00
enhanced_cli.py
fix: all 214 tests passing (from 36 failures)
2026-04-19 16:43:07 -04:00
file_manager.py
fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests
2026-04-27 11:30:21 -04:00
firewall_manager.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
ip_utils.py
harden containers: drop WG privileged, slim images, digest pins; fix WG path + empty chrony.conf
2026-06-10 14:07:54 -04:00
legacy_cleanup.py
feat: Phase 5 — remove legacy service blocks, one-shot container cleanup
2026-05-29 15:57:45 -04:00
log_manager.py
fix: logging verbosity now actually applies + per-service log levels
2026-06-10 19:14:01 -04:00
managers.py
feat: connectivity redesign phase 7 — cell-relay as a connection type
2026-06-10 23:58:19 -04:00
manifest_validator.py
fix: unblock instanceable connectivity store-service install + clean up on delete
2026-06-15 08:45:32 -04:00
network_manager.py
refactor: Network Services rebuilt, DHCP decommissioned, infra cleanup
2026-06-10 08:50:00 -04:00
peer_registry.py
feat: connectivity redesign phase 2 — instance-aware routing + reference connections by id
2026-06-10 17:35:28 -04:00
port_registry.py
feat: port conflict validation, autosave on Apply, extended integration tests
2026-04-24 04:45:47 -04:00
requirements.txt
Fix CI unit test failures and DDNS config wiring
2026-05-10 04:20:19 -04:00
routing_manager.py
feat(cells): fix PIC-to-PIC connection + add service-sharing permissions
2026-05-01 08:35:24 -04:00
service_bus.py
feat: connectivity — registry-driven peer table, sshuttle/proxy egress, egress UI
2026-06-10 08:36:15 -04:00
service_composer.py
fix: restore cosign pubkey on setup so clean reinstall keeps image verification
2026-06-15 11:32:19 -04:00
service_registry.py
feat: Phase 2 — remove builtins layer, ServiceRegistry is installed-only
2026-05-29 08:53:44 -04:00
service_store_manager.py
fix: unblock instanceable connectivity store-service install + clean up on delete
2026-06-15 08:45:32 -04:00
setup_manager.py
fix: DNS first-install — split-horizon zone creation + CoreDNS inode bind-mount
2026-06-10 12:48:37 -04:00
test_enhanced_api.py
wip: make work Services Status
2025-09-13 14:23:31 +03:00
vault_manager.py
fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests
2026-04-27 11:30:21 -04:00
wireguard_manager.py
fix: advertise WireGuard endpoint by domain, and reach linked cells over HTTPS
2026-06-16 04:21:16 -04:00