sjat/boma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
boma/roles/base/tasks
History
sjat f83d68d7a0 feat(base): pin the NetBird coordinator FQDN in /etc/hosts (mesh DNS-resilience) 
Adds base__mesh_coordinator_pin (default empty = no-op). When set + base__mesh_enabled,
a lineinfile task writes "<ip> <fqdn>" to /etc/hosts so a managed mesh host survives a
local-DNS hiccup (the 2026-06-18 incident class). FQDN derived from base__mesh_management_url
via regex_replace (no community.general). Gated on base__mesh_enabled | bool and pin length;
the coordinator host (askari/offsite_hosts) stays exempt. Production pin wired for ubongo
(77.42.120.136). Molecule dns_servers fix included (Docker/NetBird DNS incompatibility).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20 11:22:40 +02:00
..
fail2ban.yml fix(base): propagate hardening tag to included tasks; check-mode-safe fail2ban 2026-06-14 16:54:23 +02:00
firewall.yml fix(base): make rollback snapshot restorable (flush-prefixed) 2026-06-06 19:15:38 +02:00
main.yml feat(base): codify AI-worker NOPASSWD sudo (ADR-015 amended) 2026-06-18 21:36:31 +02:00
mesh.yml feat(base): pin the NetBird coordinator FQDN in /etc/hosts (mesh DNS-resilience) 2026-06-20 11:22:40 +02:00
operational_access.yml feat(base): codify AI-worker NOPASSWD sudo (ADR-015 amended) 2026-06-18 21:36:31 +02:00
ssh.yml feat(base): opt-in sshd ListenAddress on the mesh IP (fail-closed) 2026-06-17 20:43:08 +02:00