username/bouncer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50 Commits 1 Branch 0 Tags
2b893969d2737c79ccfd2f5646482ca01d2d2b88
Commit Graph

6 Commits

Author SHA1 Message Date
user
2b893969d2 fix: switch to alpine base image and upgrade pip
All checks were successful
CI / secrets (push) Successful in 8s
Details
CI / lint (push) Successful in 11s
Details
CI / test (push) Successful in 26s
Details
CI / build (push) Successful in 31s
Details 
Replace python:3.12-slim (Debian) with python:3.12-alpine to reduce
image size and eliminate 68 Debian-inherited CVEs. Upgrade pip to
resolve CVE-2025-8869. Build deps installed temporarily for native
extensions (cryptography) and removed after pip install.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-24 12:54:16 +01:00
user
f9f38adadc fix: bake source into container image for production builds
All checks were successful
CI / secrets (push) Successful in 9s
Details
CI / lint (push) Successful in 13s
Details
CI / test (push) Successful in 24s
Details
CI / build (push) Successful in 21s
Details 
Install deps from requirements.txt for better layer caching and COPY
src/ into the image so pushed artifacts are self-contained. Remove
VOLUME /app/src -- runtime config mount (/data) is sufficient.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 22:54:42 +01:00
user
2f40f5e508 feat: add CertFP authentication with SASL EXTERNAL 
Per-network, per-nick client certificates (EC P-256, self-signed,
10-year validity) stored as combined PEM files. Authentication
cascade: SASL EXTERNAL > SASL PLAIN > NickServ IDENTIFY.

New commands: GENCERT, CERTFP, DELCERT. GENCERT auto-registers
the fingerprint with NickServ CERT ADD when the network is connected.

Includes email verification module for NickServ registration and
expanded NickServ interaction (IDENTIFY, REGISTER, VERIFY).
 2026-02-21 01:15:25 +01:00
user
280d0c3949 feat: host-derived nicks and generic identity 
Nick is now deterministically generated from the exit endpoint
hostname via seeded markov chain. Same exit IP always produces the
same nick. Config nick field is optional fallback only.

Registration uses generic ident (user/ident) and realname
(realname/unknown) instead of random markov words.

Also fixes compose env vars and build target to use podman-compose.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 22:22:16 +01:00
user
48459c8506 fix: mount source via volume instead of baking into image 
Containerfile now only installs dependencies; source code and config
are mounted at runtime via compose volumes. Adds k8s-file log driver
and PYTHONUNBUFFERED for reliable container logging.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 18:47:39 +01:00
user
d2144fc029 feat: add Containerfile and podman-compose setup 
Host network mode for direct access to SOCKS5 proxy on localhost.
Config volume mounted from ./config. Makefile targets: build, up,
down, logs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 18:34:48 +01:00