chore: initial commit — chat-saiden web chat baseline
This commit is contained in:
marauder-actual
@@ -0,0 +1,26 @@
|
||||
# cloudflared config for the chat-saiden tunnel.
|
||||
# Installed to: /etc/cloudflared/chat-saiden/chat-saiden.yml
|
||||
#
|
||||
# Tunnel created from fuji via:
|
||||
# cloudflared tunnel create chat-saiden
|
||||
# cloudflared tunnel route dns chat-saiden chat.saiden.dev
|
||||
# (CNAME corrected manually — auto-zone-detection landed it in the wrong
|
||||
# zone; flarectl was used to recreate in saiden.dev)
|
||||
#
|
||||
# Credentials JSON was scp'd from fuji ~/.cloudflared/<UUID>.json
|
||||
|
||||
tunnel: f03da7b7-7219-4039-95ca-a3293152781b
|
||||
credentials-file: /etc/cloudflared/chat-saiden/chat-saiden.json
|
||||
|
||||
ingress:
|
||||
- hostname: chat.saiden.dev
|
||||
service: http://localhost:7681
|
||||
originRequest:
|
||||
# ttyd uses websockets — long-lived connections
|
||||
connectTimeout: 30s
|
||||
tcpKeepAlive: 30s
|
||||
keepAliveTimeout: 90s
|
||||
- service: http_status:404
|
||||
|
||||
metrics: localhost:42041
|
||||
no-autoupdate: true
|
||||
@@ -0,0 +1,26 @@
|
||||
[Unit]
|
||||
Description=Cloudflare Tunnel — chat.saiden.dev
|
||||
After=network-online.target ttyd-chat.service
|
||||
Wants=network-online.target
|
||||
# Don't start tunnel if ttyd isn't there — origin would 502
|
||||
Requires=ttyd-chat.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=chi
|
||||
Group=chi
|
||||
WorkingDirectory=/home/chi
|
||||
ExecStart=/usr/bin/cloudflared --no-autoupdate tunnel --config /etc/cloudflared/chat-saiden/chat-saiden.yml run
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
|
||||
NoNewPrivileges=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=read-only
|
||||
ReadOnlyPaths=/etc/cloudflared/chat-saiden
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -0,0 +1,55 @@
|
||||
[Unit]
|
||||
Description=ttyd — chat.saiden.dev web terminal (BT-7274 bridge)
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=chi
|
||||
Group=chi
|
||||
WorkingDirectory=/home/chi
|
||||
Environment=HOME=/home/chi
|
||||
Environment=TERM=xterm-256color
|
||||
Environment=LANG=en_US.UTF-8
|
||||
|
||||
# ttyd flags:
|
||||
# -p 7681 : listen on this port
|
||||
# -i lo : LOCALHOST ONLY — public path is via cloudflared
|
||||
# -W : enable writable terminal (input from browser)
|
||||
# -t titleFixed=... : browser tab title
|
||||
# -t fontFamily=... : font
|
||||
# -t fontSize=14
|
||||
# -t cursorBlink=true
|
||||
# -t theme={...} : Saiden dark palette
|
||||
# -T xterm-256color
|
||||
# -O : check origin (CSRF defense)
|
||||
# -c chi:DUMMY : ttyd basic auth — ignored, CF Access is the real gate,
|
||||
# but enabling -c blocks accidental direct access
|
||||
ExecStart=/home/linuxbrew/.linuxbrew/bin/ttyd \
|
||||
-p 7681 \
|
||||
-i lo \
|
||||
-W \
|
||||
-O \
|
||||
-T xterm-256color \
|
||||
-t titleFixed='BT-7274 — chat.saiden.dev' \
|
||||
-t fontFamily='JetBrains Mono, Menlo, monospace' \
|
||||
-t fontSize=14 \
|
||||
-t cursorBlink=true \
|
||||
-t cursorStyle=bar \
|
||||
-t 'theme={"background":"#0a0d10","foreground":"#c8d3d8","cursor":"#7fb069","cursorAccent":"#0a0d10","selectionBackground":"#1f2a30","black":"#0a0d10","red":"#c94f4f","green":"#7fb069","yellow":"#d4a85a","blue":"#5c8fb8","magenta":"#a070b8","cyan":"#5cb8a8","white":"#c8d3d8","brightBlack":"#3a4248","brightRed":"#e06a6a","brightGreen":"#9ec77f","brightYellow":"#e8c275","brightBlue":"#7eb0d4","brightMagenta":"#bb8fce","brightCyan":"#7fd4c4","brightWhite":"#e8edf0"}' \
|
||||
/home/chi/.local/bin/ttyd-wrapper.sh
|
||||
|
||||
Restart=on-failure
|
||||
RestartSec=3
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
|
||||
# Hardening — ttyd doesn't need much
|
||||
NoNewPrivileges=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=read-only
|
||||
ReadWritePaths=/home/chi/.marauder /home/chi/.claude /tmp
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Executable
+24
@@ -0,0 +1,24 @@
|
||||
#!/usr/bin/env bash
|
||||
# ttyd-wrapper.sh — entrypoint launched by ttyd for each browser session.
|
||||
# Ensures bt7274 cart is active, then handoff to `claude`.
|
||||
set -euo pipefail
|
||||
|
||||
# Make sure marauder + claude on PATH for non-login shells
|
||||
export PATH="/home/chi/.local/bin:/home/linuxbrew/.linuxbrew/bin:$PATH"
|
||||
|
||||
# Set the persona for this session (idempotent if already active globally)
|
||||
marauder cart use bt7274 >/dev/null 2>&1 || true
|
||||
|
||||
# Optional banner — confirms this is the right channel
|
||||
cat <<'BANNER'
|
||||
╔════════════════════════════════════════════════════════════════╗
|
||||
║ SAIDEN TACTICAL SYSTEMS — MARAUDER REMOTE BRIDGE ║
|
||||
║ Operator: BT-7274 • Channel: chat.saiden.dev ║
|
||||
║ Host: junkpile • Authenticated via CF Access ║
|
||||
║ ║
|
||||
║ Sign out: https://chat.saiden.dev/cdn-cgi/access/logout ║
|
||||
╚════════════════════════════════════════════════════════════════╝
|
||||
BANNER
|
||||
|
||||
# Hand off to the Pilot's Titan
|
||||
exec claude
|
||||
Reference in New Issue
Block a user