boma/inventories/production/group_vars/all
sjat c1323a3f29 feat(make): registry-login via vaulted Forgejo token (kaizen)
scripts/registry-login.sh reads vault.forgejo.registry_token and pipes it to
docker login --password-stdin (never echoed, never on argv); 'make registry-login'
wires it with the venv binaries. Adds the operator-minted CHANGEME vault stub
(fill via make edit-vault) and a per-machine prereq note in the claude-code-setup
runbook, so 'make caddy-image-push'/'molecule-image-push' become agent-completable
non-interactively. Consumes the 2026-06-15 signal in docs/FRICTION.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 17:50:07 +02:00
..
firewall.yml feat(base): shared firewall catalog/zones + firewall defaults 2026-06-06 18:49:40 +02:00
public_dns.yml docs(review): 2026-06-14 repo audit — M4a doc drift + Traefik→Caddy lag 2026-06-14 18:37:54 +02:00
reverse_proxy.yml feat(reverse_proxy): raw-directive route type; wire NetBird (gRPC/WS) route 2026-06-15 17:55:05 +02:00
vars.yml docs: reconcile lower-severity review findings (O9-O24) 2026-06-14 19:31:40 +02:00
vault.yml feat(make): registry-login via vaulted Forgejo token (kaizen) 2026-06-17 17:50:07 +02:00