boma/inventories/production/group_vars/all
sjat 3b30e70ba5 feat(firewall): public zone + askari's public services in the catalog
Adds a public (0.0.0.0/0) zone and askari's Caddy (80/443) + NetBird STUN
(3478/udp) ingress so the base nftables default-deny does not drop the live
public services when applied to askari. Molecule + filter unit test cover the
public-zone rendering. Mesh-hardening 1/3 (ADR-020/024/016).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 20:46:03 +02:00
..
firewall.yml feat(firewall): public zone + askari's public services in the catalog 2026-06-17 20:46:03 +02:00
public_dns.yml docs(review): 2026-06-14 repo audit — M4a doc drift + Traefik→Caddy lag 2026-06-14 18:37:54 +02:00
reverse_proxy.yml feat(reverse_proxy): raw-directive route type; wire NetBird (gRPC/WS) route 2026-06-15 17:55:05 +02:00
vars.yml docs: reconcile lower-severity review findings (O9-O24) 2026-06-14 19:31:40 +02:00
vault.yml chore(vault): Forgejo registry_token supplied (operator-minted, encrypted) 2026-06-17 18:37:11 +02:00