diff options
| author | Craig Jennings <c@cjennings.net> | 2026-07-02 19:15:16 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-07-02 19:15:16 -0400 |
| commit | 83a351ed83c1e775fb9a1c67174375f34f274aa8 (patch) | |
| tree | a746c9197723a8a7d6c0a3b40a97841aeccffd32 | |
| parent | c688bea30ef86482ad6cc0751da2ee6e56b0ab3e (diff) | |
| download | archsetup-83a351ed83c1e775fb9a1c67174375f34f274aa8.tar.gz archsetup-83a351ed83c1e775fb9a1c67174375f34f274aa8.zip | |
docs(spec): tunnels phase 4 shipped
| -rw-r--r-- | todo.org | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -41,8 +41,8 @@ Connections gained a third sub-view (Available | Saved | Tunnels — a StackSwit *** 2026-07-02 Thu @ 19:11:47 -0400 Shipped phase 3 — diagnose/doctor tunnel awareness (dotfiles 31ba056) =overlays.default_route_owner()= classifies the default route's owner (tailscale prefix, wg/pvpn/proton/tun/tap prefixes, else the active NM connection's type — imports can name a wireguard device anything). diag's route step went three-way: overlay owner = informational pass row ("internet flows through the tailscale tunnel tailscale0"), other physical link = the old multi-homing warn. When the HTTP probe fails while a tunnel owns the route, a new "tunnel" edge row LEADS the evidence and the classifier returns fixable/action tunnel-down (the deferred-vpn verdict is retired — it was look-don't-touch, and it never caught tailscale at all since NM lists it unmanaged; an NM VPN that doesn't own the route now falls through to normal classification instead of being blamed). =repair_tunnel_down= dispatches by owner (tailscale CLI / protonvpn CLI for pvpn-named devs / nmcli connection down via active-connection lookup), verifies route ownership actually moved, and registered in ACTIONS so Get Me Online drives it. fake-ip gained FAKE_IP_DEFAULT_DEV_SEQ (head-first line consume, the UP_RC_SEQ idiom) so tests watch the owner change across the verify. 11 new tests, 2 old deferred-vpn pins rewritten to the new contract; 45 suites green; live read-only diagnose on velox clean (wlan owns the route — no tunnel rows, as designed). -*** TODO Phase 4 — waybar-net tunnel badge (dotfiles) :feature: -Badge on the net glyph riding phase 3's route-ownership detection; suite coverage. +*** 2026-07-02 Thu @ 19:14:58 -0400 Shipped phase 4 — bar tunnel badge (dotfiles b4010bf) +=net status= carries =tunnel_route= ({dev, kind} via =overlays.default_route_owner=, exception-guarded like the overlays list, present on the no-device path too). The indicator appends a small nf-md-vpn badge after the state glyph, emits =["<state>", "tunnel"]= as a waybar class list (string class unchanged when no tunnel), and the tooltip names the owner ("Tunnel: default route via tailscale0 (tailscale)"). No css edit — presence is the signal, themes can hook the class later, and the waybar/style.css drift test stays untouched. 4 new tests; StatusHarness gained fake-ip so the machine's real route can't leak into assertions (462 net tests, 45 suites green). Live payload on velox verified badge-free (wlp170s0 owns the route — correct); a badge render awaits the first real tunnel-owned route (phase 6's wg import or a tailscale exit node). *** TODO Phase 5 — archsetup: operator flag + package swap :feature: =tailscale set --operator= in the tailscale step; proton-vpn-cli replaces proton-vpn-gtk-app; VM assertions. |
