coulomb/railiance-cluster
2
0
Fork 0
Code Issues Pull Requests Actions 2 Projects Releases Wiki Activity
41 Commits 1 Branch 0 Tags
ada406f3279432380dec3b6396a52c0d7d8c4e0f
Commit Graph

5 Commits

Author SHA1 Message Date
Bernd Worsch
ada406f327 fix(bootstrap): commit full bootstrap.yml — Helm + kubeconfig tasks 
The previous commit only included the staged portion (k3s tasks).
The working-tree additions (Helm install, kubeconfig fetch, version vars)
were never staged and were left behind.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 09:52:36 +00:00
tegwick
5891f1a881 chore(workplan): update WP-0002 references after repo rename 
- railiance-hosts → railiance-infra throughout
- ADR-002 → ADR-003 boundary reference
- Remove 'railiance-apps decision pending' note (resolved)

Tasks T01–T05 unchanged — all still todo.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 00:52:07 +01:00
tegwick
783c8cebbd feat(boundary): remove OS-hardening overlap; add k3s baseline workplan 
Per ADR-002 (railiance-hosts/docs/adr/ADR-002-repo-boundary-hosts-vs-bootstrap.md):
- ansible/harden.yml: replaced with tombstone pointing to railiance-hosts
- ansible/bootstrap.yml: remove `import_playbook: harden.yml`; add
  pre-condition comment; OS hardening is no longer this repo's concern
- docs/first_host.md: rewritten to reflect 3-step flow:
  converge railiance-hosts → railiance-bootstrap k3s install → smoke test
- workplans/RAIL-BS-WP-0002-k3s-baseline.md: new workplan for k3s +
  Helm + Kubernetes platform baseline; linked to repo goal 70ab2379

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 19:53:22 +01:00
tegwick
19661ca0c6 feat(bootstrap): add HostEurope hardening playbook and workplan
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details 
- workplans/RAIL-BS-WP-0002-hosteurope-bootstrap.md: new workplan for
  Secure Single-Server Bootstrap at HostEurope (repo goal d7092599).
  T01-T03 done; T04+T05 require ansible on a box with network access to
  92.205.62.239 (hosts.ini is gitignored — recreate on new box).

- ansible/harden.yml: new playbook — disables root/password SSH auth,
  enables UFW (allow 22/tcp 6443/tcp 8472/udp, deny-all default),
  installs fail2ban with SSH jail, sets HISTCONTROL=ignorespace.

- ansible/bootstrap.yml: import_playbook harden.yml runs before k3s.

- ansible/hosts.ini.example: add [hosteurope] group template.

- QUICKSTART.md: document two-stage bootstrap (harden → k3s).

- CLAUDE.md: add goal_guidance handling to session protocol
  (needs_workplan + alignment_warnings).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-08 22:50:51 +01:00
Bernd Worsch
6b9307289b railiance: initial bootstrap scaffold
Some checks failed
railiance-tests / smoke (push) Has been cancelled
Details
2025-09-12 01:46:14 +02:00