2026-05-30 14:10:01 +02:00
|
|
|
# Project status — what's real vs planned
|
|
|
|
|
|
|
|
|
|
This repo is partly aspirational: the ADRs in `docs/decisions/` describe the
|
|
|
|
|
*intended* design, and some of it is **not built yet**. This file is the ground
|
|
|
|
|
truth. **Before relying on a role, provider, or pipeline existing, check here.**
|
|
|
|
|
If something is listed as "designed, not built", do not assume it works.
|
|
|
|
|
|
|
|
|
|
_Last reviewed: 2026-05-30._
|
|
|
|
|
|
|
|
|
|
## Real and working today
|
|
|
|
|
|
|
|
|
|
| Thing | State |
|
|
|
|
|
|---|---|
|
|
|
|
|
| `playbooks/bootstrap.yml` | Works — self-contained (installs Python, creates the `ansible` user + sudoers) |
|
|
|
|
|
| `scripts/tf_to_inventory.py` | Works — stdlib only; `terraform output -json` → `hosts.yml` |
|
|
|
|
|
| `.docker/molecule-debian13/Dockerfile` | Present — custom Molecule test image (ADR-008) |
|
|
|
|
|
| `docs/decisions/*`, `docs/runbooks/*` | Current and mutually reconciled |
|
|
|
|
|
| `Makefile`, lint config (`.ansible-lint`, `.yamllint`), `.gitignore` | Present and used |
|
2026-05-30 18:16:35 +02:00
|
|
|
| `git` | Initialized, trunk-based on `main`, pushed to `origin` (`forgejo.nyumbani.baobab.band:7577`). |
|
2026-05-30 14:10:01 +02:00
|
|
|
| Pre-commit hooks | Configured: lint, gitleaks, vault-encryption guard. Activate with `pre-commit install` after `make setup`. |
|
2026-05-30 18:16:35 +02:00
|
|
|
| Vault password client | `scripts/vault-pass-client.sh` fetches the master password from Vaultwarden via `rbw` (wired as `vault_password_file`). Requires `rbw` installed + `rbw unlock`. |
|
2026-05-30 18:56:01 +02:00
|
|
|
| `/review-repo` | Repo audit: `scripts/repo-scan.py` (Phase 0) + `.claude/commands/review-repo.md`, reports to `docs/reviews/`. On-demand only; cron + email deferred (`docs/todo.md`). |
|
2026-05-30 14:10:01 +02:00
|
|
|
| Terraform HCL (`terraform/`) | Written (proxmox VM module + envs) — but never run; see below |
|
|
|
|
|
|
|
|
|
|
## Scaffolded but empty — NOT implemented
|
|
|
|
|
|
|
|
|
|
| Thing | State |
|
|
|
|
|
|---|---|
|
|
|
|
|
| `roles/base/` | Empty directory. `site.yml` references it, but it applies nothing. |
|
|
|
|
|
| `roles/docker_host/` | Empty directory. Same. |
|
|
|
|
|
| `inventories/*/hosts.yml` | Placeholder stubs (commented examples); regenerated by `make tf-inventory` once Terraform has hosts |
|
|
|
|
|
| `inventories/production/group_vars/{docker_hosts,proxmox_hosts}/` | Empty dirs |
|
|
|
|
|
|
|
|
|
|
So `make deploy PLAYBOOK=site` currently does effectively nothing — the roles it
|
|
|
|
|
calls are empty.
|
|
|
|
|
|
|
|
|
|
## Designed but not built
|
|
|
|
|
|
|
|
|
|
| Thing | Designed in | Notes |
|
|
|
|
|
|---|---|---|
|
|
|
|
|
| `dns` role (renders the internal zone) | ADR-007 / ADR-009 | Does not exist. Internal DNS ownership is assigned to it by design. |
|
|
|
|
|
| Terraform actually provisioning | ADR-006 / ADR-009 | Never `terraform init`ed: no `.terraform.lock.hcl`, no state, no real `local.vms` entries |
|
|
|
|
|
| CI (Forgejo Actions) | ADR-003 / ADR-008 | Pipeline described; not implemented |
|
|
|
|
|
| Level 2 / 3 testing (staging, `askari` smoke) | ADR-008 | Depends on real VMs / `askari`, which don't exist yet |
|
|
|
|
|
| Per-service roles | ADR-004 | Model defined; no service roles built |
|
2026-05-30 18:16:35 +02:00
|
|
|
| Forgejo Actions CI | ADR-003 / ADR-008 | Remote is live (pushed); Actions/`act_runner` pipeline not yet built |
|
2026-05-30 14:10:01 +02:00
|
|
|
|
|
|
|
|
## Keeping this honest
|
|
|
|
|
|
|
|
|
|
Update this file whenever you build, stub, or remove something. It is the first
|
|
|
|
|
place an AI tool or new contributor should look to learn what they can actually
|
|
|
|
|
rely on. When a row moves from "designed" to "working", move it up — don't leave
|
|
|
|
|
stale optimism here.
|
