Razvan Dimescu 695a8b963c feat(linux): run systemd service as unprivileged numa user ...

- numa.service: User=numa + CAP_NET_BIND_SERVICE + sandboxing block
  (ProtectSystem=strict, PrivateTmp, seccomp @system-service, etc)
- install_service_linux: create numa system user + chown data_dir
  before first start so TLS-cert generation and state writes land
  on a numa-owned tree

Runtime verified root-free on Linux — network_watch_loop only reads
/etc/resolv.conf; all system-DNS mutation stays in the installer,
which continues to run as root via sudo.

2026-04-18 07:56:59 +03:00

..

api.rs

feat: embed git SHA in version string via build.rs

2026-04-16 13:02:25 +03:00

blocklist.rs

fix: allowlist parent domain unblocks subdomains (#74)

2026-04-10 21:43:40 +03:00

buffer.rs

fix: escape DNS label text per RFC 1035 §5.1 (closes #36) (#54)

2026-04-10 08:53:46 +03:00

cache.rs

refactor: unify warm_stale/warm_domain, remove raw_wire alloc, add Freshness enum

2026-04-12 19:56:42 +03:00

config.rs

feat: accept array of upstreams in [[forwarding]]

2026-04-15 04:03:38 +03:00

ctx.rs

Merge main into feat/forwarding-array-upstream

2026-04-15 21:28:04 +03:00

dnssec.rs

fix: escape DNS label text per RFC 1035 §5.1 (closes #36) (#54)

2026-04-10 08:53:46 +03:00

doh.rs

refactor: return QueryPath from resolve_query, add mock upstream to tests

2026-04-13 07:51:14 +03:00

dot.rs

refactor: extract shared test infrastructure into testutil module

2026-04-13 07:56:47 +03:00

forward.rs

fix(forward): track SRTT for DoT upstreams, not just UDP

2026-04-17 03:39:21 +03:00

header.rs

add Makefile with clippy/rustfmt linting, fix all warnings

2026-03-10 05:04:31 +02:00

health.rs

feat: embed git SHA in version string via build.rs

2026-04-16 13:02:25 +03:00

lan.rs

feat: numa setup-phone — QR-based mobile DoT onboarding (#38)

2026-04-10 19:08:56 +03:00

lib.rs

fix(windows): unify config/data dir and add service log file

2026-04-16 19:12:42 +03:00

main.rs

fix(windows): unify config/data dir and add service log file

2026-04-16 19:12:42 +03:00

mobile_api.rs

feat: numa setup-phone — QR-based mobile DoT onboarding (#38)

2026-04-10 19:08:56 +03:00

mobileconfig.rs

feat: mobile setup — QR onboarding, Wi-Fi scoped mobileconfig (#73)

2026-04-10 22:21:51 +03:00

override_store.rs

feat: add memory footprint to /stats and dashboard (#26)

2026-04-01 09:09:44 +03:00

packet.rs

feat: add memory footprint to /stats and dashboard (#26)

2026-04-01 09:09:44 +03:00

proxy.rs

feat: DoH server endpoint + DoT enabled by default (#79)

2026-04-11 04:06:17 +03:00

query_log.rs

feat: transport protocol tracking (UDP/TCP/DoT/DoH) with dashboard visualization

2026-04-12 22:14:26 +03:00

question.rs

feat: recursive DNS + DNSSEC + TCP fallback (#17)

2026-03-28 04:03:47 +02:00

record.rs

feat: add memory footprint to /stats and dashboard (#26)

2026-04-01 09:09:44 +03:00

recursive.rs

fix: restore TCP_TIMEOUT to 400ms (test race was the real issue)

2026-04-12 18:40:46 +03:00

serve.rs

Merge branch 'main' into feat/forwarding-array-upstream

2026-04-17 03:14:09 +03:00

service_store.rs

fix: regenerate TLS cert when services change (hot-reload via ArcSwap)

2026-03-23 16:14:06 +02:00

setup_phone.rs

feat: numa setup-phone — QR-based mobile DoT onboarding (#38)

2026-04-10 19:08:56 +03:00

srtt.rs

feat: wire-level forwarding, cache, request hedging, and DoH keepalive

2026-04-12 18:39:48 +03:00

stats.rs

feat: distinguish UPSTREAM vs FORWARD in logs and stats

2026-04-14 18:18:32 +03:00

system_dns.rs

feat(linux): run systemd service as unprivileged numa user

2026-04-18 07:56:59 +03:00

testutil.rs

refactor: extract shared test infrastructure into testutil module

2026-04-13 07:56:47 +03:00

tls.rs

test: verify TLS cert SANs (wildcard, services, loopback, localhost, bare TLD)

2026-04-12 23:54:55 +03:00

windows_service.rs

fix(windows): defer DNS redirect until port 53 is free

2026-04-16 18:35:09 +03:00

wire.rs

refactor: unify warm_stale/warm_domain, remove raw_wire alloc, add Freshness enum

2026-04-12 19:56:42 +03:00