boma/terraform/environments
sjat b0511179cb feat(tf/offsite): retire askari's WAN :22 (mesh-only SSH)
The Hetzner Cloud Firewall SSH rule is now conditional on a non-empty
ssh_admin_cidrs (default []); askari sets it empty so the WAN :22 rule is
removed on the next apply. SSH is reached over wt0; break-glass is the Hetzner
console. Apply is the live cutover (Task 5). Mesh-hardening 1/3.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 20:51:24 +02:00
..
offsite feat(tf/offsite): retire askari's WAN :22 (mesh-only SSH) 2026-06-17 20:51:24 +02:00
production docs: reconcile lower-severity review findings (O9-O24) 2026-06-14 19:31:40 +02:00
staging docs: reconcile lower-severity review findings (O9-O24) 2026-06-14 19:31:40 +02:00