boma/docs/superpowers/plans
sjat 9e0c264658 docs: reconcile lower-severity review findings (O9-O24)
- ADR-007: document ubongo on the legacy V4 net at 10.20.10.151 (transitional,
  outside the planned srv /24 until the LAN is re-cut) (O10); single authoritative
  boma.baobab.band -> boma.wingu.me transition note already added earlier
- terraform tfvars.example + variables.tf (both envs): pve01 -> pve0 and
  <host>.boma.baobab.band per ADR-007 naming (O11)
- ADR-012/013/015/016/017/018: convert "See also:" prose to `## Related` sections
  placed after Consequences, matching ADR-014/019-023 (O13)
- docs/README + inventories/README: list the missing subdirs / offsite_hosts +
  offsite.yml merge behaviour (O14, O29 note)
- ADR-009: drop the retired `nyumbani` example; use vaultwarden.wingu.me split-horizon (O19)
- ROADMAP M2: askari shipped as cx23/x86 (CAX11/ARM out of stock) (O20)
- ADR-020: 80/443/3478 opened in M4a (past tense); coordinator role is M4b (O21)
- netbird -> netbird_coordinator across ROADMAP M4b, the M4b plan, ADR-024 (O23)
- ADR-024: align the M1 DNS-01 wildcard scope wording with ROADMAP (O24)
- capacity-scan.py: read the inventory directory so offsite.yml (askari) is seen (O28)
- tf_to_inventory.py: generated header now warns it overwrites the manual control node (O9)
- tests/tags.yml: proxy concern comment Traefik -> Caddy (missed in the O3 sweep)

O9's existing stub hosts.yml header stays as-is (generator-owned, hook-protected);
the fix lives in the generator for the next regeneration. make lint + pytest (57) green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 19:31:40 +02:00
..
2026-06-01-hardware-capacity.md Add implementation plan for hardware capacity tooling 2026-06-01 10:04:59 +02:00
2026-06-05-mesh-vpn-netbird.md Add implementation plan for NetBird mesh VPN 2026-06-05 11:44:05 +02:00
2026-06-05-service-ui-verification.md Add implementation plan for service-UI verification (Level 4) 2026-06-05 13:11:43 +02:00
2026-06-05-ubongo-control-host.md Add implementation plan for ubongo control host 2026-06-05 09:29:10 +02:00
2026-06-06-firewall-strategy.md docs(plan): firewall strategy ADR-020 landing plan 2026-06-06 15:42:17 +02:00
2026-06-06-host-nftables-firewall.md docs(plan): host nftables firewall implementation plan 2026-06-06 18:47:48 +02:00
2026-06-06-logging-log-integrity.md Add implementation plan for logging + log integrity (ADR-018) 2026-06-06 06:59:58 +02:00
2026-06-06-tagging-strategy.md docs(plan): tagging standard implementation plan (ADR-019) 2026-06-06 09:21:15 +02:00
2026-06-09-operational-access.md docs(access): implementation plan for ADR-021 operational access 2026-06-09 17:16:49 +02:00
2026-06-10-adr-structure.md docs(adr): add Proposed lifecycle state; mark ADR-011 Proposed 2026-06-10 14:48:55 +02:00
2026-06-10-backup-strategy.md docs(backup): add foundation-layer implementation plan (ADR-022) 2026-06-10 11:05:17 +02:00
2026-06-11-dev-env-role.md Add dev_env role: zsh/tmux/nvim for workstation-class hosts 2026-06-11 13:50:11 +02:00
2026-06-11-ubongo-build.md plan: record ubongo build outcome (done/deferred/follow-ups) 2026-06-11 10:33:18 +02:00
2026-06-14-askari-provisioning-m2.md docs(plan): M2 — askari provisioning (Terraform + Hetzner Cloud) 2026-06-14 11:53:08 +02:00
2026-06-14-base-ssh-fail2ban-m3.md docs(spec,plan): M3 — base ssh hardening + fail2ban 2026-06-14 16:38:38 +02:00
2026-06-14-m4a-docker-caddy.md docs(plan): M4a — Docker + Caddy reverse proxy platform 2026-06-14 17:20:53 +02:00
2026-06-14-m4b-netbird.md docs: reconcile lower-severity review findings (O9-O24) 2026-06-14 19:31:40 +02:00
2026-06-14-public-dns-m1.md docs(plan): M1 — public_dns implementation plan 2026-06-14 10:23:26 +02:00