boma/terraform/environments/offsite
sjat b0511179cb feat(tf/offsite): retire askari's WAN :22 (mesh-only SSH)
The Hetzner Cloud Firewall SSH rule is now conditional on a non-empty
ssh_admin_cidrs (default []); askari sets it empty so the WAN :22 rule is
removed on the next apply. SSH is reached over wt0; break-glass is the Hetzner
console. Apply is the live cutover (Task 5). Mesh-hardening 1/3.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 20:51:24 +02:00
..
.terraform.lock.hcl fix(tf): declare required_providers in modules; pin offsite lock 2026-06-14 16:14:05 +02:00
backend.tf feat(tf): offsite environment — askari (CAX11/hel1/debian-13) 2026-06-14 12:03:31 +02:00
main.tf feat(tf/offsite): retire askari's WAN :22 (mesh-only SSH) 2026-06-17 20:51:24 +02:00
outputs.tf feat(tf): offsite environment — askari (CAX11/hel1/debian-13) 2026-06-14 12:03:31 +02:00
providers.tf docs(review): 2026-06-14 repo audit — M4a doc drift + Traefik→Caddy lag 2026-06-14 18:37:54 +02:00
terraform.tfvars.example fix(tf): cloud-init heredoc column-0 + firewall uses ubongo's WAN IP 2026-06-14 12:19:45 +02:00
variables.tf feat(tf): offsite environment — askari (CAX11/hel1/debian-13) 2026-06-14 12:03:31 +02:00