feat(boundary): remove OS-hardening overlap; add k3s baseline workplan
Per ADR-002 (railiance-hosts/docs/adr/ADR-002-repo-boundary-hosts-vs-bootstrap.md): - ansible/harden.yml: replaced with tombstone pointing to railiance-hosts - ansible/bootstrap.yml: remove `import_playbook: harden.yml`; add pre-condition comment; OS hardening is no longer this repo's concern - docs/first_host.md: rewritten to reflect 3-step flow: converge railiance-hosts → railiance-bootstrap k3s install → smoke test - workplans/RAIL-BS-WP-0002-k3s-baseline.md: new workplan for k3s + Helm + Kubernetes platform baseline; linked to repo goal 70ab2379 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,8 +1,9 @@
|
||||
---
|
||||
# Stage 1: Harden the server before anything else is installed.
|
||||
- import_playbook: harden.yml
|
||||
# Pre-condition: the target host must already be converged by railiance-hosts
|
||||
# (`make converge` in that repo) before running this playbook.
|
||||
# OS hardening (SSH, UFW, fail2ban) is owned by railiance-hosts — see ADR-002.
|
||||
|
||||
# Stage 2: Install base packages and k3s.
|
||||
# Install base packages and k3s.
|
||||
- name: Railiance host bootstrap
|
||||
hosts: all
|
||||
become: true
|
||||
|
||||
Reference in New Issue
Block a user