sjat

0 followers · 0 following

• Joined on 2026-03-22

Repositories

2

Projects Packages Public activity Starred repositories

sjat pushed to main at sjat/boma 2026-06-14 20:22:34 +02:00

9e0c264658 docs: reconcile lower-severity review findings (O9-O24)

9b5851ba4b chore(roles): role/test hygiene from review (O16,O17,O25,O26)

175777e36a docs: reconcile 2026-06-14 review findings (O1-O7,O18,O22)

cb8f924d4b docs(reverse_proxy): service-role SECURITY/VERIFY/ACCESS records (O12)

718781053f fix(dev_env): make concern tags reach included tasks (O8)

Compare 6 commits »

sjat pushed to main at sjat/boma 2026-06-14 18:20:06 +02:00

e3461375f5 docs(plan): M4b — NetBird coordinator service role

sjat pushed to main at sjat/boma 2026-06-14 18:14:41 +02:00

1862b7a828 docs(m4a): HTTP-01 for askari; ADR-024 cert-method-follows-exposure; STATUS/roadmap/friction

b7e919d6b3 refactor(reverse_proxy): vanilla Caddy + HTTP-01 (drop DNS-01 custom image)

9c169561d7 feat(offsite): *.askari.wingu.me wildcard + offsite.yml (docker_host + reverse_proxy)

1ee343dfca feat(tf): open Caddy 80/443 + NetBird 3478 on askari (public_web)

50b6445bdd feat(reverse_proxy): Caddy role (Gandi DNS-01, on-host image build, route catalog)

Compare 7 commits »

sjat pushed to main at sjat/boma 2026-06-14 17:20:54 +02:00

dd8c6825ba docs(plan): M4a — Docker + Caddy reverse proxy platform

sjat pushed to main at sjat/boma 2026-06-14 17:19:23 +02:00

65cf20a993 docs(spec): M4 — NetBird coordinator on askari + Caddy reverse proxy

sjat pushed to main at sjat/boma 2026-06-14 16:56:24 +02:00

181a02fd3a docs(friction): include_tasks tag-propagation + check-mode gotchas (M3)

9d787a4f53 docs(base): M3 done — ssh hardening + fail2ban applied to askari; STATUS + roadmap

db1e5db138 fix(base): propagate hardening tag to included tasks; check-mode-safe fail2ban

a111a20cc8 test(base): Molecule coverage for ssh hardening + fail2ban

deec75de0f feat(base): ssh hardening + fail2ban (hardening concern, ADR-002)

Compare 6 commits »

sjat pushed to main at sjat/boma 2026-06-14 16:38:40 +02:00

cff368ece2 docs(spec,plan): M3 — base ssh hardening + fail2ban

sjat pushed to main at sjat/boma 2026-06-14 16:26:29 +02:00

a1c0f4814b feat(askari): publish askari.wingu.me; mark M2 applied (askari live)

917005174a feat(tf): provision askari — cx23/hel1 (CAX11 ARM was out of stock)

Compare 2 commits »

sjat pushed to main at sjat/boma 2026-06-14 16:15:25 +02:00

e83c777b44 docs(friction): TF child-module required_providers gotcha (caught by live init)

sjat pushed to main at sjat/boma 2026-06-14 16:14:06 +02:00

839fc632a1 fix(tf): declare required_providers in modules; pin offsite lock

sjat pushed to main at sjat/boma 2026-06-14 15:40:38 +02:00

9d4a49d49d feat(vault): CHANGEME placeholder convention + check-vault flags them

sjat pushed to main at sjat/boma 2026-06-14 12:20:09 +02:00

09b0aad342 fix(tf): cloud-init heredoc column-0 + firewall uses ubongo's WAN IP

3588904528 docs(askari): amend ADR-006/009/020/007/016 for TF-provisioned offsite host; STATUS (apply pending)

fd86ec6848 test(tf): lock the offsite_hosts inventory handoff

07af037ff3 feat(make): offsite TF token injection + directory inventory + tf-inventory-offsite

127ade59a3 feat(tf): offsite environment — askari (CAX11/hel1/debian-13)

Compare 7 commits »

sjat pushed to main at sjat/boma 2026-06-14 10:58:06 +02:00

993d7885e4 docs: mark M1 applied (STATUS); log item.values + Gandi null-MX gotchas

76bd1d63fc fix(public_dns): index loop keys with item['key'] not item.key

078d1ad9d9 fix(public_dns): drop null-MX (Gandi rejects '0 .'); remove MX instead

Compare 3 commits »

sjat pushed to main at sjat/boma 2026-06-14 10:48:27 +02:00

3cb6436ad2 docs(adr-007): fix askari FQDN to askari.wingu.me (review nit)

f170ffd936 docs(public_dns): amend ADR-007 to wingu.me/Gandi; resolve TODO 4; STATUS + CAPABILITIES

e247af6e55 test(public_dns): Molecule scenario (apply disabled, no live API)

a0a3e4d356 feat(public_dns): dns.yml play (control-node, Gandi LiveDNS)

bd84dd0213 feat(public_dns): role tasks, defaults, meta, README

Compare 21 commits »

sjat pushed to main at sjat/boma 2026-06-11 14:21:38 +02:00

67f2aba9d8 STATUS: record dev_env (built+applied) and working deploy path

aea4f8c3d6 dev_env: install Node.js from pinned tarball, drop npm bloat

Compare 2 commits »

sjat pushed to main at sjat/boma 2026-06-11 14:09:21 +02:00

6203513220 inventory: manage ubongo (control node) as the operator account

607423d0e7 dev_env: install acl for become_user file copies

a2bb99928c fix(deploy): make check/deploy actually run

Compare 3 commits »

sjat pushed to main at sjat/boma 2026-06-11 13:54:37 +02:00

f3f382ae69 Add dev_env role: zsh/tmux/nvim for workstation-class hosts

sjat pushed to main at sjat/boma 2026-06-11 13:00:17 +02:00

b9daf2a0ad plan: record ubongo build outcome (done/deferred/follow-ups)

349d10d65c docs: record ubongo physical build (2026-06-11)

7b5fd17e55 inventory: add ubongo to control group; set ssh-from-control addr

7b190e4313 Add ubongo physical-build plan (2026-06-11 session)

Compare 4 commits »

sjat pushed to main at sjat/boma 2026-06-10 15:20:26 +02:00

7ebbc113ab Merge feat/adr-structure: ADR-023 structure & lifecycle + back-catalogue conformance

fa3db421dc docs(kaizen): FRICTION signal — controller must diff-audit subagent restructures

d0a3307822 docs(adr): fix 007/008 heading nesting; require date in Superseded status

0df24909e3 docs(adr): restructure ADRs 016-018 to ADR-023 conformance

40a428975a docs(adr): restructure ADR-003 to ADR-023 conformance

Compare 17 commits »

sjat pushed to main at sjat/boma 2026-06-10 12:51:52 +02:00

4116286ed0 feat(hooks): Stop guard blocking the execution-mode menu

91713127cb docs(kaizen): migrate gotchas to docs; curate FRICTION log (2026-06-10 review)

2dbcac11a0 chore(tooling): scope ansible-lint to ansible content; venv PATH in make test

Compare 3 commits »