boma/STATUS.md

# Project status — what's real vs planned

This repo is partly aspirational: the ADRs in `docs/decisions/` describe the
*intended* design, and some of it is **not built yet**. This file is the ground
truth. **Before relying on a role, provider, or pipeline existing, check here.**
If something is listed as "designed, not built", do not assume it works.

_Last reviewed: 2026-05-30._

## Real and working today

| Thing | State |
|---|---|
| `playbooks/bootstrap.yml` | Works — self-contained (installs Python, creates the `ansible` user + sudoers) |
| `scripts/tf_to_inventory.py` | Works — stdlib only; `terraform output -json` → `hosts.yml` |
| `.docker/molecule-debian13/Dockerfile` | Present — custom Molecule test image (ADR-008) |
| `docs/decisions/*`, `docs/runbooks/*` | Current and mutually reconciled |
| `Makefile`, lint config (`.ansible-lint`, `.yamllint`), `.gitignore` | Present and used |
| `git` (local) | Initialized — trunk-based on `main`. Off-machine remote (Forgejo) being set up separately. |
| Pre-commit hooks | Configured: lint, gitleaks, vault-encryption guard. Activate with `pre-commit install` after `make setup`. |
| Terraform HCL (`terraform/`) | Written (proxmox VM module + envs) — but never run; see below |

## Scaffolded but empty — NOT implemented

| Thing | State |
|---|---|
| `roles/base/` | Empty directory. `site.yml` references it, but it applies nothing. |
| `roles/docker_host/` | Empty directory. Same. |
| `inventories/*/hosts.yml` | Placeholder stubs (commented examples); regenerated by `make tf-inventory` once Terraform has hosts |
| `inventories/production/group_vars/{docker_hosts,proxmox_hosts}/` | Empty dirs |

So `make deploy PLAYBOOK=site` currently does effectively nothing — the roles it
calls are empty.

## Designed but not built

| Thing | Designed in | Notes |
|---|---|---|
| `dns` role (renders the internal zone) | ADR-007 / ADR-009 | Does not exist. Internal DNS ownership is assigned to it by design. |
| Terraform actually provisioning | ADR-006 / ADR-009 | Never `terraform init`ed: no `.terraform.lock.hcl`, no state, no real `local.vms` entries |
| CI (Forgejo Actions) | ADR-003 / ADR-008 | Pipeline described; not implemented |
| Level 2 / 3 testing (staging, `askari` smoke) | ADR-008 | Depends on real VMs / `askari`, which don't exist yet |
| Per-service roles | ADR-004 | Model defined; no service roles built |
| Forgejo remote + CI | ADR-003 / ADR-008 | Local git is live; pushing to `git.baobab.band` and Actions CI are being set up |

## Keeping this honest

Update this file whenever you build, stub, or remove something. It is the first
place an AI tool or new contributor should look to learn what they can actually
rely on. When a row moves from "designed" to "working", move it up — don't leave
stale optimism here.
Add project orientation and contributor docs Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-05-30 14:10:01 +02:00			`# Project status — what's real vs planned`

			This repo is partly aspirational: the ADRs in `docs/decisions/` describe the
			`intended design, and some of it is not built yet. This file is the ground`
			`truth. Before relying on a role, provider, or pipeline existing, check here.`
			`If something is listed as "designed, not built", do not assume it works.`

			`_Last reviewed: 2026-05-30._`

			`## Real and working today`

			`\| Thing \| State \|`
			`\|---\|---\|`
			\| `playbooks/bootstrap.yml` \| Works — self-contained (installs Python, creates the `ansible` user + sudoers) \|
			\| `scripts/tf_to_inventory.py` \| Works — stdlib only; `terraform output -json` → `hosts.yml` \|
			\| `.docker/molecule-debian13/Dockerfile` \| Present — custom Molecule test image (ADR-008) \|
			\| `docs/decisions/`, `docs/runbooks/` \| Current and mutually reconciled \|
			\| `Makefile`, lint config (`.ansible-lint`, `.yamllint`), `.gitignore` \| Present and used \|
			\| `git` (local) \| Initialized — trunk-based on `main`. Off-machine remote (Forgejo) being set up separately. \|
			\| Pre-commit hooks \| Configured: lint, gitleaks, vault-encryption guard. Activate with `pre-commit install` after `make setup`. \|
			\| Terraform HCL (`terraform/`) \| Written (proxmox VM module + envs) — but never run; see below \|

			`## Scaffolded but empty — NOT implemented`

			`\| Thing \| State \|`
			`\|---\|---\|`
			\| `roles/base/` \| Empty directory. `site.yml` references it, but it applies nothing. \|
			\| `roles/docker_host/` \| Empty directory. Same. \|
			\| `inventories/*/hosts.yml` \| Placeholder stubs (commented examples); regenerated by `make tf-inventory` once Terraform has hosts \|
			\| `inventories/production/group_vars/{docker_hosts,proxmox_hosts}/` \| Empty dirs \|

			So `make deploy PLAYBOOK=site` currently does effectively nothing — the roles it
			`calls are empty.`

			`## Designed but not built`

			`\| Thing \| Designed in \| Notes \|`
			`\|---\|---\|---\|`
			\| `dns` role (renders the internal zone) \| ADR-007 / ADR-009 \| Does not exist. Internal DNS ownership is assigned to it by design. \|
			\| Terraform actually provisioning \| ADR-006 / ADR-009 \| Never `terraform init`ed: no `.terraform.lock.hcl`, no state, no real `local.vms` entries \|
			`\| CI (Forgejo Actions) \| ADR-003 / ADR-008 \| Pipeline described; not implemented \|`
			\| Level 2 / 3 testing (staging, `askari` smoke) \| ADR-008 \| Depends on real VMs / `askari`, which don't exist yet \|
			`\| Per-service roles \| ADR-004 \| Model defined; no service roles built \|`
			\| Forgejo remote + CI \| ADR-003 / ADR-008 \| Local git is live; pushing to `git.baobab.band` and Actions CI are being set up \|

			`## Keeping this honest`

			`Update this file whenever you build, stub, or remove something. It is the first`
			`place an AI tool or new contributor should look to learn what they can actually`
			`rely on. When a row moves from "designed" to "working", move it up — don't leave`
			`stale optimism here.`