Skip to content

Glyndor/panel-agent

BranchesTags

Repository files navigation

panel-agent

lynx-agent — hardened server-side daemon for the Lynx panel.

It runs on each managed VPS and executes commands sent by the dashboard: containers (rootless Podman), firewall (nftables), tunnels (WireGuard) and system maintenance.

Security model

  • Transport — WireGuard + mTLS. The agent never accepts plain connections.
  • Command integrity — every command is Ed25519-signed with a nonce and a 30-second timestamp window; replays are rejected even on a compromised transport.
  • Audit log — hash-chained, append-only, synced to the dashboard in real time.
  • Auto-update — binaries are Ed25519-signature-verified before any swap.

Build

cargo build --release
cargo test

Depends on podup as a git dependency.

Install

The agent is installed and updated by the panel installer — see Glyndor/panel. setup-agent.sh and update-agent.sh in this repository are invoked by that flow.

Contributing & security

See the org-wide contributing guide. Report vulnerabilities privately via the Security tab — never in a public issue.

License

Apache-2.0

About

Hardened server-side agent for the Glyndor panel — executes Ed25519-signed commands and reports server telemetry over WireGuard + mTLS. Rust.

Topics

agent rust security daemon telemetry vps self-hosted ed25519 wireguard nftables mtls podman

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

v1.3.1 Latest
Jun 6, 2026
+ 1 release

Sponsor this project

 
Learn more about GitHub Sponsors

Contributors

Languages