sjat/boma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Commit graph

  • 4cfc3cddd5 docs(friction): re-asked operator about push + execution mode (settled) sjat 2026-06-17 15:58:26 +02:00
  • 55776fb03c docs(plan): M5 mesh-enrollment implementation plan sjat 2026-06-17 15:49:28 +02:00
  • 4142bb15f8 docs(spec): M5 mesh-enrollment design (reachability-only) sjat 2026-06-17 15:44:13 +02:00
  • 94dd6da14c docs(netbird): describe gRPC routing as the deployed Content-Type matcher sjat 2026-06-16 07:54:09 +02:00
  • 684718f4a5 docs(netbird): M4b done — STATUS/ROADMAP/risks/friction sjat 2026-06-16 07:48:53 +02:00
  • 3a31b8e6f4 fix(reverse_proxy): bind-mount the Caddy config dir so reload sees changes sjat 2026-06-16 07:44:45 +02:00
  • 0e8d448f2b feat(offsite): apply netbird_coordinator after reverse_proxy sjat 2026-06-15 18:05:12 +02:00
  • 070d6f293b docs(netbird): service-role standard files (SECURITY/VERIFY/ACCESS/BACKUP) sjat 2026-06-15 18:01:29 +02:00
  • 1333ec181f feat(reverse_proxy): raw-directive route type; wire NetBird (gRPC/WS) route sjat 2026-06-15 17:55:05 +02:00
  • 3762be4622 feat(netbird): vault secrets — auth_secret + datastore_key sjat 2026-06-15 17:52:16 +02:00
  • ab1b0678ab feat(netbird): coordinator service role (combined server + dashboard, v0.72.4) sjat 2026-06-15 17:39:56 +02:00
  • 19e675fa5a docs(friction): log registry-push auth gotcha (no creds in vault) sjat 2026-06-15 06:58:45 +02:00
  • b3468b34e4 docs: record Caddy/Gandi DNS-01 as resolved + proven (was M4a deferral) sjat 2026-06-15 06:57:55 +02:00
  • 6e38693499 feat(reverse_proxy): optional ACME DNS-01 via Gandi (wildcard / LAN-only) sjat 2026-06-15 06:57:47 +02:00
  • d407aeabb2 feat(docker): custom Caddy image with the Gandi DNS-01 plugin sjat 2026-06-15 06:57:38 +02:00
  • 293c1f88d8 docs(todo): collapse done items to one-line pointers; open-only convention sjat 2026-06-14 22:00:53 +02:00
  • 13ae674cc9 chore(kaizen): first /kaizen run — curate 12 friction signals sjat 2026-06-14 21:46:23 +02:00
  • d1e1e38879 feat(kaizen): nudge in /review-repo; STATUS + TODO sjat 2026-06-14 21:27:23 +02:00
  • 8d2f564382 feat(kaizen): /kaizen command — interactive friction curation sjat 2026-06-14 21:26:21 +02:00
  • fd1e83a378 fix(kaizen): scope still_exists to repo paths; test age nudge; tidy --today sjat 2026-06-14 21:25:03 +02:00
  • b185ac4765 feat(kaizen): friction-scan CLI (--json default, --nudge) sjat 2026-06-14 21:18:16 +02:00
  • c6f66ee634 feat(kaizen): recurrence count + referenced-path existence sjat 2026-06-14 21:17:39 +02:00
  • 72b9262f34 feat(kaizen): parse tag/first_seen/age per signal sjat 2026-06-14 21:17:03 +02:00
  • 859732b04d feat(kaizen): friction-scan section extraction + signal split sjat 2026-06-14 21:16:36 +02:00
  • d14639e80a docs(plan): /kaizen command — implementation plan (TODO 11) sjat 2026-06-14 21:09:29 +02:00
  • 1a0e30e278 docs(spec): /kaizen — kaizen-loop command (TODO 11) sjat 2026-06-14 21:05:09 +02:00
  • e5867422d0 docs(todo): defer kaizen-loop automation to the notify + cron stack sjat 2026-06-14 20:49:26 +02:00
  • f821006e9e docs(friction): log 2026-06-14 review+follow-up signals sjat 2026-06-14 20:28:15 +02:00
  • 9e0c264658 docs: reconcile lower-severity review findings (O9-O24) sjat 2026-06-14 19:31:40 +02:00
  • 9b5851ba4b chore(roles): role/test hygiene from review (O16,O17,O25,O26) sjat 2026-06-14 19:31:23 +02:00
  • 175777e36a docs: reconcile 2026-06-14 review findings (O1-O7,O18,O22) sjat 2026-06-14 19:06:33 +02:00
  • cb8f924d4b docs(reverse_proxy): service-role SECURITY/VERIFY/ACCESS records (O12) sjat 2026-06-14 19:06:23 +02:00
  • 718781053f fix(dev_env): make concern tags reach included tasks (O8) sjat 2026-06-14 19:06:15 +02:00
  • 64f1e821d8 docs(review): 2026-06-14 repo audit — M4a doc drift + Traefik→Caddy lag sjat 2026-06-14 18:37:54 +02:00
  • e3461375f5 docs(plan): M4b — NetBird coordinator service role sjat 2026-06-14 18:20:04 +02:00
  • 1862b7a828 docs(m4a): HTTP-01 for askari; ADR-024 cert-method-follows-exposure; STATUS/roadmap/friction sjat 2026-06-14 18:14:38 +02:00
  • b7e919d6b3 refactor(reverse_proxy): vanilla Caddy + HTTP-01 (drop DNS-01 custom image) sjat 2026-06-14 18:11:20 +02:00
  • 9c169561d7 feat(offsite): *.askari.wingu.me wildcard + offsite.yml (docker_host + reverse_proxy) sjat 2026-06-14 17:39:44 +02:00
  • 1ee343dfca feat(tf): open Caddy 80/443 + NetBird 3478 on askari (public_web) sjat 2026-06-14 17:38:51 +02:00
  • 50b6445bdd feat(reverse_proxy): Caddy role (Gandi DNS-01, on-host image build, route catalog) sjat 2026-06-14 17:36:58 +02:00
  • 456c27d12b feat(docker_host): install Docker engine + compose plugin sjat 2026-06-14 17:28:51 +02:00
  • d10f6de84b docs(adr): ADR-024 — Caddy is boma's reverse proxy sjat 2026-06-14 17:28:42 +02:00
  • dd8c6825ba docs(plan): M4a — Docker + Caddy reverse proxy platform sjat 2026-06-14 17:20:53 +02:00
  • 65cf20a993 docs(spec): M4 — NetBird coordinator on askari + Caddy reverse proxy sjat 2026-06-14 17:19:21 +02:00
  • 181a02fd3a docs(friction): include_tasks tag-propagation + check-mode gotchas (M3) sjat 2026-06-14 16:56:23 +02:00
  • 9d787a4f53 docs(base): M3 done — ssh hardening + fail2ban applied to askari; STATUS + roadmap sjat 2026-06-14 16:55:22 +02:00
  • db1e5db138 fix(base): propagate hardening tag to included tasks; check-mode-safe fail2ban sjat 2026-06-14 16:54:23 +02:00
  • a111a20cc8 test(base): Molecule coverage for ssh hardening + fail2ban sjat 2026-06-14 16:47:42 +02:00
  • deec75de0f feat(base): ssh hardening + fail2ban (hardening concern, ADR-002) sjat 2026-06-14 16:42:56 +02:00
  • 22021210c4 feat(make): optional LIMIT= and TAGS= passthrough on check/deploy sjat 2026-06-14 16:41:59 +02:00
  • cff368ece2 docs(spec,plan): M3 — base ssh hardening + fail2ban sjat 2026-06-14 16:38:38 +02:00
  • a1c0f4814b feat(askari): publish askari.wingu.me; mark M2 applied (askari live) sjat 2026-06-14 16:26:26 +02:00
  • 917005174a feat(tf): provision askari — cx23/hel1 (CAX11 ARM was out of stock) sjat 2026-06-14 16:23:01 +02:00
  • e83c777b44 docs(friction): TF child-module required_providers gotcha (caught by live init) sjat 2026-06-14 16:15:23 +02:00
  • 839fc632a1 fix(tf): declare required_providers in modules; pin offsite lock sjat 2026-06-14 16:14:05 +02:00
  • 9d4a49d49d feat(vault): CHANGEME placeholder convention + check-vault flags them sjat 2026-06-14 15:40:37 +02:00
  • 09b0aad342 fix(tf): cloud-init heredoc column-0 + firewall uses ubongo's WAN IP sjat 2026-06-14 12:19:45 +02:00
  • 3588904528 docs(askari): amend ADR-006/009/020/007/016 for TF-provisioned offsite host; STATUS (apply pending) sjat 2026-06-14 12:09:20 +02:00
  • fd86ec6848 test(tf): lock the offsite_hosts inventory handoff sjat 2026-06-14 12:06:26 +02:00
  • 07af037ff3 feat(make): offsite TF token injection + directory inventory + tf-inventory-offsite sjat 2026-06-14 12:05:41 +02:00
  • 127ade59a3 feat(tf): offsite environment — askari (CAX11/hel1/debian-13) sjat 2026-06-14 12:03:31 +02:00
  • bbc287900a feat(tf): hetzner_vm module (server + firewall + ssh key + cloud-init) sjat 2026-06-14 12:03:01 +02:00
  • 29921428c4 docs(plan): M2 — askari provisioning (Terraform + Hetzner Cloud) sjat 2026-06-14 11:53:08 +02:00
  • 993d7885e4 docs: mark M1 applied (STATUS); log item.values + Gandi null-MX gotchas sjat 2026-06-14 10:58:03 +02:00
  • 76bd1d63fc fix(public_dns): index loop keys with item['key'] not item.key sjat 2026-06-14 10:57:23 +02:00
  • 078d1ad9d9 fix(public_dns): drop null-MX (Gandi rejects '0 .'); remove MX instead sjat 2026-06-14 10:53:54 +02:00
  • 3cb6436ad2 docs(adr-007): fix askari FQDN to askari.wingu.me (review nit) sjat 2026-06-14 10:44:21 +02:00
  • f170ffd936 docs(public_dns): amend ADR-007 to wingu.me/Gandi; resolve TODO 4; STATUS + CAPABILITIES sjat 2026-06-14 10:38:45 +02:00
  • e247af6e55 test(public_dns): Molecule scenario (apply disabled, no live API) sjat 2026-06-14 10:36:40 +02:00
  • a0a3e4d356 feat(public_dns): dns.yml play (control-node, Gandi LiveDNS) sjat 2026-06-14 10:35:30 +02:00
  • bd84dd0213 feat(public_dns): role tasks, defaults, meta, README sjat 2026-06-14 10:34:42 +02:00
  • 9311968363 feat(public_dns): wingu.me record data + validation test sjat 2026-06-14 10:33:07 +02:00
  • 91ad629c02 secrets(vault): rotate Gandi PAT (via make edit-vault) sjat 2026-06-14 10:30:58 +02:00
  • 70c302d7e5 scaffold(public_dns): empty role structure sjat 2026-06-14 10:30:02 +02:00
  • 6f5c7b2bfb deps: add community.general for gandi_livedns (public_dns) sjat 2026-06-14 10:29:57 +02:00
  • e96480692d docs(friction): execution-mode menu recurred despite the 06-10 mechanical fix sjat 2026-06-14 10:26:43 +02:00
  • b131ee317e docs(plan): M1 — public_dns implementation plan sjat 2026-06-14 10:23:26 +02:00
  • 602550fdaa docs(spec): M2 — provision askari via Terraform + Hetzner Cloud sjat 2026-06-14 10:12:10 +02:00
  • 32d480efcf docs(spec): note project (boma) vs domain (wingu.me) in the naming scheme sjat 2026-06-14 09:47:13 +02:00
  • 79f2315eee feat(make): add edit-vault + check-vault targets sjat 2026-06-14 09:36:15 +02:00
  • 43e5a4aa53 secrets(vault): add Gandi LiveDNS PAT as vault.gandi.pat sjat 2026-06-14 09:14:10 +02:00
  • f7fac5f5e3 docs(spec): M1 — finalize for wingu.me (greenfield), record Gandi-defaults purge sjat 2026-06-14 09:14:10 +02:00
  • 7a47dd9dec docs(spec): M1 — public DNS migration to Gandi (DNS-as-code) design sjat 2026-06-11 23:17:19 +02:00
  • be2679cc66 docs(roadmap): record decided DNS naming scheme in M1 sjat 2026-06-11 22:17:28 +02:00
  • 3cfcb1c2e9 docs(roadmap): add ROADMAP.md — remote-access-first build order sjat 2026-06-11 22:12:38 +02:00
  • 03d33f83dd fix(O1): scaffold docker_host role so make lint passes on main sjat 2026-06-11 14:53:55 +02:00
  • 1da117d65b docs(review): 2026-06-11 repo audit — fix build-wave doc drift sjat 2026-06-11 14:48:00 +02:00
  • 67f2aba9d8 STATUS: record dev_env (built+applied) and working deploy path sjat 2026-06-11 14:21:36 +02:00
  • aea4f8c3d6 dev_env: install Node.js from pinned tarball, drop npm bloat sjat 2026-06-11 14:21:33 +02:00
  • 6203513220 inventory: manage ubongo (control node) as the operator account sjat 2026-06-11 14:09:15 +02:00
  • 607423d0e7 dev_env: install acl for become_user file copies sjat 2026-06-11 14:09:12 +02:00
  • a2bb99928c fix(deploy): make check/deploy actually run sjat 2026-06-11 14:09:12 +02:00
  • f3f382ae69 Add dev_env role: zsh/tmux/nvim for workstation-class hosts sjat 2026-06-11 13:50:11 +02:00
  • b9daf2a0ad plan: record ubongo build outcome (done/deferred/follow-ups) sjat 2026-06-11 10:33:18 +02:00
  • 349d10d65c docs: record ubongo physical build (2026-06-11) sjat 2026-06-11 10:32:26 +02:00
  • 7b5fd17e55 inventory: add ubongo to control group; set ssh-from-control addr sjat 2026-06-11 10:32:24 +02:00
  • 7b190e4313 Add ubongo physical-build plan (2026-06-11 session) sjat 2026-06-11 10:01:41 +02:00
  • 7ebbc113ab Merge feat/adr-structure: ADR-023 structure & lifecycle + back-catalogue conformance sjat 2026-06-10 15:18:48 +02:00
  • fa3db421dc docs(kaizen): FRICTION signal — controller must diff-audit subagent restructures sjat 2026-06-10 15:01:21 +02:00
  • d0a3307822 docs(adr): fix 007/008 heading nesting; require date in Superseded status sjat 2026-06-10 15:00:58 +02:00