boma/tests
sjat 3b30e70ba5 feat(firewall): public zone + askari's public services in the catalog
Adds a public (0.0.0.0/0) zone and askari's Caddy (80/443) + NetBird STUN
(3478/udp) ingress so the base nftables default-deny does not drop the live
public services when applied to askari. Molecule + filter unit test cover the
public-zone rendering. Mesh-hardening 1/3 (ADR-020/024/016).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 20:46:03 +02:00
..
tags.yml feat(base): add the 'mesh' concern tag (NetBird agent, ADR-016) 2026-06-17 16:01:33 +02:00
test_capacity_scan.py Complete capacity-scan.py: usage stub, subprocess glue, main() 2026-06-01 10:30:45 +02:00
test_check_tags.py fix(tags): recognize name: role key; only check roles: in plays 2026-06-06 15:20:09 +02:00
test_firewall_rules.py feat(firewall): public zone + askari's public services in the catalog 2026-06-17 20:46:03 +02:00
test_friction_scan.py docs(kaizen): bind-mount gotcha + consume 7 signals into the ledger (2026-06-17) 2026-06-17 17:50:17 +02:00
test_public_dns.py fix(public_dns): drop null-MX (Gandi rejects '0 .'); remove MX instead 2026-06-14 10:53:54 +02:00
test_repo_scan.py feat(scan): repo-scan rename-incomplete check (kaizen) 2026-06-17 17:49:41 +02:00
test_tf_to_inventory.py test(tf): lock the offsite_hosts inventory handoff 2026-06-14 12:06:26 +02:00