tegwick
19661ca0c6
Some checks failed
railiance-tests / smoke (push) Has been cancelled
- workplans/RAIL-BS-WP-0002-hosteurope-bootstrap.md: new workplan for Secure Single-Server Bootstrap at HostEurope (repo goal d7092599). T01-T03 done; T04+T05 require ansible on a box with network access to 92.205.62.239 (hosts.ini is gitignored — recreate on new box). - ansible/harden.yml: new playbook — disables root/password SSH auth, enables UFW (allow 22/tcp 6443/tcp 8472/udp, deny-all default), installs fail2ban with SSH jail, sets HISTCONTROL=ignorespace. - ansible/bootstrap.yml: import_playbook harden.yml runs before k3s. - ansible/hosts.ini.example: add [hosteurope] group template. - QUICKSTART.md: document two-stage bootstrap (harden → k3s). - CLAUDE.md: add goal_guidance handling to session protocol (needs_workplan + alignment_warnings). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
24 lines
572 B
Plaintext
24 lines
572 B
Plaintext
# Ansible inventory template for Railiance
|
|
|
|
# Single seed host (first node)
|
|
[seed]
|
|
# 203.0.113.10 ansible_user=ubuntu ansible_become=true
|
|
|
|
# HostEurope server (second Kubernetes host)
|
|
[hosteurope]
|
|
# <IP> ansible_user=ubuntu ansible_become=true
|
|
|
|
# Optional: control plane / workers (future multi-node)
|
|
#[k3s_master]
|
|
# 203.0.113.11 ansible_user=ubuntu ansible_become=true
|
|
|
|
#[k3s_workers]
|
|
# 203.0.113.21 ansible_user=ubuntu ansible_become=true
|
|
# 203.0.113.22 ansible_user=ubuntu ansible_become=true
|
|
|
|
# Combine groups for convenience
|
|
#[k3s:children]
|
|
#k3s_master
|
|
#k3s_workers
|
|
|