Nethsecurity 8.8.0#1642
Open
gsanchietti wants to merge 48 commits into
Open
Conversation
Tbaile
force-pushed
the
nethsecurity-8.8
branch
3 times, most recently
from
bec5c03 to
12597d6
Compare
gsanchietti
force-pushed
the
nethsecurity-8.8
branch
from
50ddd7f to
1f60266
Compare
For the sake of god, avoid to loose the history at every reboot
Replace Netdata alerting with vmalert: - add vmalert init script (vmalert.initd) to start/stop vmalert service - add vmalert UCI configuration file (vmalert.conf) with datasource settings - add comprehensive alert rules - update Makefile to install vmalert configuration and rules - add detailed documentation of vmalert setup and metrics mapping - support for Mimir integration when configured via ns-plug - add ns-plug-alert-proxy that listens on 127.0.0.1:9095 and receives notifications from vmalert: the proxy verify if an alert is firing or resolved Then it translates selected alerts to the legacy portal format and forwards them to my.nethesis.it or my.nethserver.com - if Mimir credentials are present in ns-plug UCI config, the Mimir alertmanager endpoint is added as a second notifier alongside the proxy - port to Victoria Metrics also alert about non-encrypted backup - add telegraf-mwan Python script that reads /var/run/mwan3/iface_state/ to collect WAN interface connectivity state. - add telegraf-services Python script that queries ubus to collect the running state of all procd-managed services. Outputs JSON for Assisted-by: Copilot:Sonnet4.6
Changes: - migrate ping monitoring from netdata's fping plugin to telegraf's native ping input plugin - expose metrics to the UI The ping plugin uses native method (method="native") which sends ICMP packets directly without external ping command, requiring CAP_NET_RAW capability or root privileges. Metrics are tagged with influxdb_db="ping-metrics" for proper InfluxDB database routing. Assited-by: Copilot:Sonnet4.6
These plugins are required to replace all Netdata features
Netdata has been replaced by Victoria Metrics.
gsanchietti
force-pushed
the
nethsecurity-8.8
branch
from
ef5c857 to
f23b035
Compare
Sync the local adblock fork to upstream 4.5.5-3 while keeping the NethSecurity-specific ts-dns hooks, bypass migration, and nft bypass rules intact. Assisted-by: Copilot:gpt-5.4
Changes: - add a new `nft-reload` action inside adbblock.sh - trigger reload when the configuration has been updated - call nft-reload on reload The above changes will recreated the nft chain when the bypass configuration has been changed.
Store Threat Shield DNS local allow and block list edits in UCI so rapid API calls no longer rewrite adblock files or restart the service immediately. Write the physical adblock list files during the next reload, add a one-shot migration for existing list files, and document the staged workflow for the affected API methods. Refs #1572 Assisted-by: Copilot:gpt-5.4
The init file from upstream replaces the dpd_action option values. Notably it replaces `restart` with `start`, but `start` value is not supported by Strongswan 6. Make sure if `restart` is set, the value is preserved. From the manual: Action to perform for this CHILD_SA on DPD timeout. The default clear closes the CHILD_SA and does not take further action. trap installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand (note that this is redundant if start_action includes trap. restart immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces #1637