|
|
19661ca0c6
|
feat(bootstrap): add HostEurope hardening playbook and workplan
railiance-tests / smoke (push) Has been cancelled
- workplans/RAIL-BS-WP-0002-hosteurope-bootstrap.md: new workplan for
Secure Single-Server Bootstrap at HostEurope (repo goal d7092599).
T01-T03 done; T04+T05 require ansible on a box with network access to
92.205.62.239 (hosts.ini is gitignored — recreate on new box).
- ansible/harden.yml: new playbook — disables root/password SSH auth,
enables UFW (allow 22/tcp 6443/tcp 8472/udp, deny-all default),
installs fail2ban with SSH jail, sets HISTCONTROL=ignorespace.
- ansible/bootstrap.yml: import_playbook harden.yml runs before k3s.
- ansible/hosts.ini.example: add [hosteurope] group template.
- QUICKSTART.md: document two-stage bootstrap (harden → k3s).
- CLAUDE.md: add goal_guidance handling to session protocol
(needs_workplan + alignment_warnings).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-03-08 22:50:51 +01:00 |
|
