Settles the M1 design: full registrar transfer Cloudflare -> Gandi; three-tier naming scheme (host.boma / service.bare / service.askari), nyumbani dropped, mesh/LAN-only default; public-DNS-as-code via a control-node `public_dns` role driven by group_vars data, using community.general.gandi_livedns with a PAT (api_key is deprecated/rejected by Gandi — verified per ADR-014). Stale records + unused MX cleaned by omission. Cert scope is DNS+PAT only (issuance deferred to M4/Phase 2). Human/agent division of labour + token-scoping recorded. Resolves TODO 4 and review finding O12 once the ADR-007 amendment lands. Point ROADMAP.md M1 at the spec. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| plans | ||
| specs | ||