boma/docs/README.md

# docs/

Project documentation.

- `decisions/` — Architecture Decision Records (ADRs): the "why" behind the design.
  Numbered from 001; each records context, the decision, and what was ruled out.
- `runbooks/` — step-by-step operational procedures (add a host, add a role, rotate
  secrets).
- `security/` — security baseline, accepted-risk register, per-service checklist +
  template (ADR-002/004).
- `testing/` — testing methodology artifacts + the `VERIFY.md` template (ADR-008/017).
- `access/` — operational-access doctrine + the `ACCESS.md` template (ADR-021).
- `backup/` — backup doctrine + the `BACKUP.md` template (ADR-022).
- `hardware/` — capacity reference + `/capacity-review` output (ADR-012).
- `reviews/` — `/review-repo` audit trail.
- `CAPABILITIES.md` / `ROADMAP.md` / `TODO.md` / `FRICTION.md` — what boma does, the
  build order, the backlog, and recurring-friction notes.

For what is actually **built vs only designed**, see `STATUS.md` at the repo root —
the ADRs describe intent, not necessarily current reality.
Add architecture decision records and runbooks Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-05-30 14:10:01 +02:00			`# docs/`

			`Project documentation.`

			- `decisions/` — Architecture Decision Records (ADRs): the "why" behind the design.
			`Numbered from 001; each records context, the decision, and what was ruled out.`
			- `runbooks/` — step-by-step operational procedures (add a host, add a role, rotate
			`secrets).`
docs: reconcile lower-severity review findings (O9-O24) - ADR-007: document ubongo on the legacy V4 net at 10.20.10.151 (transitional, outside the planned srv /24 until the LAN is re-cut) (O10); single authoritative boma.baobab.band -> boma.wingu.me transition note already added earlier - terraform tfvars.example + variables.tf (both envs): pve01 -> pve0 and <host>.boma.baobab.band per ADR-007 naming (O11) - ADR-012/013/015/016/017/018: convert "See also:" prose to `## Related` sections placed after Consequences, matching ADR-014/019-023 (O13) - docs/README + inventories/README: list the missing subdirs / offsite_hosts + offsite.yml merge behaviour (O14, O29 note) - ADR-009: drop the retired `nyumbani` example; use vaultwarden.wingu.me split-horizon (O19) - ROADMAP M2: askari shipped as cx23/x86 (CAX11/ARM out of stock) (O20) - ADR-020: 80/443/3478 opened in M4a (past tense); coordinator role is M4b (O21) - netbird -> netbird_coordinator across ROADMAP M4b, the M4b plan, ADR-024 (O23) - ADR-024: align the M1 DNS-01 wildcard scope wording with ROADMAP (O24) - capacity-scan.py: read the inventory directory so offsite.yml (askari) is seen (O28) - tf_to_inventory.py: generated header now warns it overwrites the manual control node (O9) - tests/tags.yml: proxy concern comment Traefik -> Caddy (missed in the O3 sweep) O9's existing stub hosts.yml header stays as-is (generator-owned, hook-protected); the fix lives in the generator for the next regeneration. make lint + pytest (57) green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-14 19:31:40 +02:00			- `security/` — security baseline, accepted-risk register, per-service checklist +
			`template (ADR-002/004).`
			- `testing/` — testing methodology artifacts + the `VERIFY.md` template (ADR-008/017).
			- `access/` — operational-access doctrine + the `ACCESS.md` template (ADR-021).
			- `backup/` — backup doctrine + the `BACKUP.md` template (ADR-022).
			- `hardware/` — capacity reference + `/capacity-review` output (ADR-012).
			- `reviews/` — `/review-repo` audit trail.
			- `CAPABILITIES.md` / `ROADMAP.md` / `TODO.md` / `FRICTION.md` — what boma does, the
			`build order, the backlog, and recurring-friction notes.`
Add architecture decision records and runbooks Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-05-30 14:10:01 +02:00
			For what is actually built vs only designed, see `STATUS.md` at the repo root —
			`the ADRs describe intent, not necessarily current reality.`