boma/inventories/production
sjat b3e14decb4 feat(inventory): ubongo gets INPUT-only host firewall + mamba LAN SSH
Enables base__firewall_input_only on the control group (forward chain stays
permissive so Docker egress + the integration-test libvirt NAT survive) and
allows the operator workstations' LAN IPs (mamba 10.20.10.50 + 10.20.10.17;
raw leases, backstopped by wt0). Mesh-hardening 2/3.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 09:42:49 +02:00
..
group_vars feat(inventory): ubongo gets INPUT-only host firewall + mamba LAN SSH 2026-06-19 09:42:49 +02:00
hosts.yml inventory: add ubongo to control group; set ssh-from-control addr 2026-06-11 10:32:24 +02:00
offsite.yml feat(tf): provision askari — cx23/hel1 (CAX11 ARM was out of stock) 2026-06-14 16:23:01 +02:00