sjat
6ac5afaf67
A control-group VM that applies base with INPUT-only default-deny (forward policy accept; admin-addr SSH allow). verify.yml is now profile-aware via an integration_profile marker — the askari Docker/DNAT block is gated, and a ubongo block asserts input drop + forward accept + the admin-addr rule. Enables `make test-integration HOST=ubongo`. Mesh-hardening 2/3 (ADR-025). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
9 lines
176 B
JSON
9 lines
176 B
JSON
{
|
|
"groups": ["control"],
|
|
"applies": [
|
|
{"playbook": "site.yml", "tags": ["base"]}
|
|
],
|
|
"extra_vars_files": ["overrides/ubongo.yml"],
|
|
"mem_mib": 2048,
|
|
"vcpus": 2
|
|
}
|