sjat/boma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
boma/inventories
History
sjat 43e5a4aa53 secrets(vault): add Gandi LiveDNS PAT as vault.gandi.pat 
Personal Access Token for wingu.me LiveDNS, used by the M1 public_dns role via
community.general.gandi_livedns. Stored under the nested vault.<service>.<key> map
(CLAUDE.md); the placeholder canary is preserved. Verified the token authenticates
+ is scoped to wingu.me, and that the file round-trips (decrypts to the expected
structure). PAT to be rotated after M1 (transmitted in plaintext during setup).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 09:14:10 +02:00
..
production secrets(vault): add Gandi LiveDNS PAT as vault.gandi.pat 2026-06-14 09:14:10 +02:00
staging feat(base): shared firewall catalog/zones + firewall defaults 2026-06-06 18:49:40 +02:00
README.md Add core Ansible scaffold, tooling, and pre-commit guards 2026-05-30 14:10:01 +02:00

README.md

inventories/

Ansible inventories, one directory per environment (staging/, production/). Defines which hosts exist and their group membership; group_vars/ and host_vars/ hold per-group and per-host configuration.

  • hosts.yml is generated from Terraform outputs by make tf-inventory — do not hand-edit. The control node is the one manual exception.
  • Terraform→inventory data flow and the data contract: ADR-009.
  • Addressing conventions (subnets, ranges): ADR-007.
  • Layout and host groups: see CLAUDE.md ("Inventory structure").