dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

bd daemon sync: 2026-01-07 10:15:28

Browse source
This commit is contained in:
Dan 2026-01-07 10:15:28 -08:00
parent 53f7401a26
commit f666bca185
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.beads/issues.jsonl
View file

@ -59,6 +59,7 @@
{"id":"ops-jrz1-c0i","title":"Investigate intermittent DNS/connectivity issues","description":"SSH connections timing out intermittently. May be DNS resolution or network instability. Investigate: (1) DNS resolver config, (2) Network interface stability, (3) Firewall rules interaction, (4) VPS provider network issues.","status":"closed","priority":2,"issue_type":"bug","created_at":"2026-01-04T16:43:45.330599724-08:00","created_by":"dan","updated_at":"2026-01-04T16:56:24.821706332-08:00","closed_at":"2026-01-04T16:56:24.821706332-08:00","close_reason":"DNS healthy: 3-7ms resolution, 0% packet loss, interface stable. Timeout was transient."}
{"id":"ops-jrz1-cmv","title":"Add egress rate limiting (iptables)","description":"Hard limit outbound connections per user to prevent mass exfil/scanning.\n\n## Config\n```nix\nnetworking.firewall.extraCommands = ''\n # Rate limit new outbound connections for regular users (uid 1000+)\n iptables -A OUTPUT -m state --state NEW -m owner --uid-owner 1000:65534 \\\n -m limit --limit 30/min --limit-burst 60 -j ACCEPT\n iptables -A OUTPUT -m state --state NEW -m owner --uid-owner 1000:65534 \\\n -j LOG --log-prefix \"EGRESS-LIMIT: \"\n iptables -A OUTPUT -m state --state NEW -m owner --uid-owner 1000:65534 \\\n -j REJECT\n'';\n```\n\n## Behavior\n- 30 new connections/min sustained, burst of 60\n- Over limit: logged and rejected\n- Doesn't affect established connections\n\n## Testing\n- `for i in {1..100}; do curl -s ifconfig.me \u0026 done`\n- Should see EGRESS-LIMIT in journal after ~60","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-02T20:16:32.276607792-08:00","created_by":"dan","updated_at":"2026-01-02T21:12:35.5888406-08:00","closed_at":"2026-01-02T21:12:35.5888406-08:00","close_reason":"Closed"}
{"id":"ops-jrz1-cpm","title":"Add admin alerting when killswitch fires","description":"Killswitch only logs to journald. Consider external notification (email, Matrix message, webhook) when users are terminated.","status":"open","priority":4,"issue_type":"task","created_at":"2026-01-03T08:40:26.416998752-08:00","created_by":"dan","updated_at":"2026-01-03T08:40:26.416998752-08:00"}
{"id":"ops-jrz1-cs2","title":"Docs deployment strategy: AGENTS.md for bots, README.md for humans","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-07T10:15:27.94438992-08:00","created_by":"dan","updated_at":"2026-01-07T10:15:27.94438992-08:00"}
{"id":"ops-jrz1-d38","title":"Add tmux to system packages","description":"Add tmux for session persistence. Users can run bots in tmux, disconnect, reconnect.","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-02T15:13:58.514256583-08:00","created_by":"dan","updated_at":"2026-01-02T17:25:59.102158299-08:00","closed_at":"2026-01-02T17:25:59.102158299-08:00","close_reason":"Closed"}
{"id":"ops-jrz1-d58","title":"Build custom code-server container image","description":"Dockerfile with: code-server, opencode CLI, opencode VS Code extension (Open VSX), Python, Node, Git. Push to registry or build locally.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-05T17:16:54.507577308-08:00","updated_at":"2025-12-28T00:05:44.736614157-05:00","closed_at":"2025-12-28T00:05:44.736614157-05:00","close_reason":"Parent epic cancelled - browser-based dev approach abandoned","dependencies":[{"issue_id":"ops-jrz1-d58","depends_on_id":"ops-jrz1-3so","type":"parent-child","created_at":"2025-12-05T17:17:36.369590207-08:00","created_by":"daemon","metadata":"{}"}]}
{"id":"ops-jrz1-d8o","title":"Add --dry-run flag to dev-remove.sh","description":"scripts/dev-remove.sh has no way to preview what would be deleted before committing. Add --dry-run flag that shows actions without executing them.","status":"closed","priority":3,"issue_type":"task","created_at":"2026-01-05T15:44:33.81954695-08:00","created_by":"dan","updated_at":"2026-01-05T19:40:15.319784807-08:00","closed_at":"2026-01-05T19:40:15.319784807-08:00","close_reason":"Implemented --dry-run flag for dev-remove.sh"}