sjat

0 followers · 0 following

• Joined on 2026-03-22

Repositories

2

Projects Packages Public activity Starred repositories

sjat pushed to main at sjat/boma 2026-06-17 22:16:18 +02:00

847d9885e2 revert: back out mesh-hardening 1/3 on askari after it broke the Docker host

sjat pushed to main at sjat/boma 2026-06-17 20:58:02 +02:00

b0511179cb feat(tf/offsite): retire askari's WAN :22 (mesh-only SSH)

cc21344ab1 feat(inventory): manage askari over wt0 + enable mesh-only SSH

3b30e70ba5 feat(firewall): public zone + askari's public services in the catalog

39d2ad38ca feat(base): opt-in sshd ListenAddress on the mesh IP (fail-closed)

Compare 4 commits »

sjat pushed to main at sjat/boma 2026-06-17 20:26:02 +02:00

dfa363cecd docs(plan): mesh-hardening 1/3 — askari SSH onto wt0 implementation plan

sjat pushed to main at sjat/boma 2026-06-17 20:15:14 +02:00

292c204752 docs(spec): mesh-hardening 1/3 — move askari SSH onto wt0

sjat pushed to main at sjat/boma 2026-06-17 18:39:09 +02:00

e5a8e5d3b9 docs(roadmap): Phase 1 complete — point Next step at mesh-hardening follow-on

sjat pushed to main at sjat/boma 2026-06-17 18:37:12 +02:00

5947ba8756 chore(vault): Forgejo registry_token supplied (operator-minted, encrypted)

sjat pushed to main at sjat/boma 2026-06-17 17:50:40 +02:00

a0762c563e docs(kaizen): bind-mount gotcha + consume 7 signals into the ledger (2026-06-17)

c1323a3f29 feat(make): registry-login via vaulted Forgejo token (kaizen)

39904a778a fix(hooks): scope vault-preflight to staged ansible; catch prose exec re-asks

8f1c7d47ec fix(reverse_proxy,netbird_coordinator): create scaffold dirs in check mode

b0c0150db2 feat(scan): repo-scan rename-incomplete check (kaizen)

Compare 6 commits »

sjat pushed to main at sjat/boma 2026-06-17 17:11:34 +02:00

5d14efc864 docs: Phase 1 complete — clients enrolled + NetBird client runbook

sjat pushed to main at sjat/boma 2026-06-17 16:45:30 +02:00

8d2a064542 chore(vault): NetBird setup_key supplied (operator-minted, encrypted)

4c8fb9e03b docs: M5 mesh enrollment — ubongo + askari on the mesh

d202b89480 feat(base): vault setup_key stub + enable mesh on ubongo + askari

9b3f8f826f test(base): molecule coverage for the mesh concern (manage-off no-op)

44c4978b5f feat(base): NetBird agent enrollment concern (mesh)

Compare 6 commits »

sjat pushed to feat/m5-mesh-enrollment at sjat/boma 2026-06-17 16:40:59 +02:00

8d2a064542 chore(vault): NetBird setup_key supplied (operator-minted, encrypted)

4c8fb9e03b docs: M5 mesh enrollment — ubongo + askari on the mesh

Compare 2 commits »

sjat created branch feat/m5-mesh-enrollment in sjat/boma 2026-06-17 16:13:03 +02:00

sjat pushed to feat/m5-mesh-enrollment at sjat/boma 2026-06-17 16:13:03 +02:00

d202b89480 feat(base): vault setup_key stub + enable mesh on ubongo + askari

9b3f8f826f test(base): molecule coverage for the mesh concern (manage-off no-op)

44c4978b5f feat(base): NetBird agent enrollment concern (mesh)

98eb09d8ba feat(base): add the 'mesh' concern tag (NetBird agent, ADR-016)

Compare 4 commits »

sjat pushed to main at sjat/boma 2026-06-17 15:58:28 +02:00

4cfc3cddd5 docs(friction): re-asked operator about push + execution mode (settled)

55776fb03c docs(plan): M5 mesh-enrollment implementation plan

4142bb15f8 docs(spec): M5 mesh-enrollment design (reachability-only)

Compare 3 commits »

sjat pushed to main at sjat/boma 2026-06-17 07:35:10 +02:00

94dd6da14c docs(netbird): describe gRPC routing as the deployed Content-Type matcher

684718f4a5 docs(netbird): M4b done — STATUS/ROADMAP/risks/friction

3a31b8e6f4 fix(reverse_proxy): bind-mount the Caddy config dir so reload sees changes

0e8d448f2b feat(offsite): apply netbird_coordinator after reverse_proxy

070d6f293b docs(netbird): service-role standard files (SECURITY/VERIFY/ACCESS/BACKUP)

Compare 8 commits »

sjat pushed to main at sjat/boma 2026-06-15 17:24:00 +02:00

19e675fa5a docs(friction): log registry-push auth gotcha (no creds in vault)

b3468b34e4 docs: record Caddy/Gandi DNS-01 as resolved + proven (was M4a deferral)

6e38693499 feat(reverse_proxy): optional ACME DNS-01 via Gandi (wildcard / LAN-only)

d407aeabb2 feat(docker): custom Caddy image with the Gandi DNS-01 plugin

Compare 4 commits »

sjat pushed to main at sjat/boma 2026-06-14 22:00:54 +02:00

293c1f88d8 docs(todo): collapse done items to one-line pointers; open-only convention

sjat pushed to main at sjat/boma 2026-06-14 21:46:24 +02:00

13ae674cc9 chore(kaizen): first /kaizen run — curate 12 friction signals

sjat pushed to main at sjat/boma 2026-06-14 21:29:27 +02:00

d1e1e38879 feat(kaizen): nudge in /review-repo; STATUS + TODO

8d2f564382 feat(kaizen): /kaizen command — interactive friction curation

fd1e83a378 fix(kaizen): scope still_exists to repo paths; test age nudge; tidy --today

b185ac4765 feat(kaizen): friction-scan CLI (--json default, --nudge)

c6f66ee634 feat(kaizen): recurrence count + referenced-path existence

Compare 7 commits »

sjat pushed to main at sjat/boma 2026-06-14 21:09:51 +02:00

d14639e80a docs(plan): /kaizen command — implementation plan (TODO 11)

1a0e30e278 docs(spec): /kaizen — kaizen-loop command (TODO 11)

e5867422d0 docs(todo): defer kaizen-loop automation to the notify + cron stack

Compare 3 commits »

sjat pushed to main at sjat/boma 2026-06-14 20:30:39 +02:00

f821006e9e docs(friction): log 2026-06-14 review+follow-up signals