--- # Integration-test overlay for the "askari" profile (ADR-025). Passed via `-e @`. # Reproduces the 2026-06-17 incident: apply base's nftables default-deny to a Docker host. base__firewall_apply: true # Keep a break-glass: sshd stays on all interfaces (never wt0-only in a throwaway VM). base__ssh_listen_mesh_only: false # The VM is isolated; it must never touch the real mesh. base__mesh_enabled: false