boma/inventories/production/group_vars
sjat b3e14decb4 feat(inventory): ubongo gets INPUT-only host firewall + mamba LAN SSH
Enables base__firewall_input_only on the control group (forward chain stays
permissive so Docker egress + the integration-test libvirt NAT survive) and
allows the operator workstations' LAN IPs (mamba 10.20.10.50 + 10.20.10.17;
raw leases, backstopped by wt0). Mesh-hardening 2/3.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 09:42:49 +02:00
..
all feat(firewall): public zone + askari's public services in the catalog 2026-06-17 20:46:03 +02:00
control feat(inventory): ubongo gets INPUT-only host firewall + mamba LAN SSH 2026-06-19 09:42:49 +02:00
offsite_hosts revert: back out mesh-hardening 1/3 on askari after it broke the Docker host 2026-06-17 22:16:17 +02:00