sjat
cc21344ab1
host_vars/askari.yml points ansible_host at the wt0 IP (overriding the generated offsite.yml); offsite_hosts sets base__ssh_listen_mesh_only. Mesh-hardening 1/3. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
6 lines
419 B
YAML
6 lines
419 B
YAML
---
|
|
# Manage askari over the NetBird mesh (wt0), not its WAN IP. This OVERRIDES the
|
|
# TF-generated inventories/production/offsite.yml (ansible_host = 77.42.120.136); host_vars
|
|
# outrank the generated inventory and are NOT touched by `make tf-inventory-offsite`.
|
|
# Mesh-hardening 1/3 — once SSH is wt0-only, the WAN IP is no longer reachable for SSH.
|
|
ansible_host: 100.99.226.39 # askari's wt0 address (NetBird, M5)
|