coulomb/railiance-infra
0
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity
1,978 Commits 1 Branch 0 Tags
main
Commit Graph

19 Commits

Author SHA1 Message Date
tegwick
2ad38b4a1a docs: start Forgejo migration inventory 2026-06-04 01:34:33 +02:00
tegwick
c47930e2f9 RAIL-HO-WP-0004 stale workplan cleanup 2026-05-22 16:40:02 +02:00
tegwick
dd1787f511 New workplan to migrate from gitea to forgejo 2026-05-14 14:55:28 +02:00
tegwick
301a63d843 Reviewed state and next todos 2026-05-03 00:03:29 +02:00
tegwick
93080128fd chore(workplan): mark T06 done (Gitea values → railiance-apps) 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 13:41:21 +01:00
tegwick
afd664b248 chore(workplan): mark T05 done — Valkey standalone S3 asset deployed 
bitnami/valkey 5.4.9 in platform namespace; gitea-valkey-cluster
subchart decommissioned; Gitea cache/session/queue verified working.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 10:03:14 +01:00
tegwick
7bff1f211d chore(workplan): mark T04 done — Gitea migrated to cnpg gitea-db 
postgresql-ha subchart decommissioned; 4 users, 26 repos verified intact;
NetworkPolicy for default→databases ingress applied.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 09:12:22 +01:00
tegwick
11a2c37bde chore(workplan): mark T03 and T08 done in WP-0004 
T03 (gitea-db cnpg cluster): cluster healthy after adding missing
NetworkPolicies for databases namespace default-deny-all policy.
T08 (deploy-stack docs): docs/deploy-stack.md written last session.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 02:24:07 +01:00
tegwick
ff59d4e0f8 feat(ansible): add swapfile + resource_limits roles; add CoulombCore to inventory 
T01: roles/swapfile — idempotent 4GB swapfile, vm.swappiness=10, fstab entry
T02: roles/resource_limits — PAM nproc caps (512/1024), systemd user-1000.slice
     memory limits (1500M/512M); templated per-host via host_vars
- inventory/host_vars/CoulombCore.yml — host-specific vars for both roles
- inventory/servers.yaml — add CoulombCore with id_ops SSH key
- inventory_from_yaml.py — load host_vars files into Ansible hostvars
- playbooks/bootstrap.yaml — include swapfile + resource_limits roles
- workplans/WP-0004 — flag T04/T09/T10 needs_human, add CoulombCore-local convergence note

Codifies manual INC-002 hardening. See RAIL-HO-WP-0004-T01/T02.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 01:49:35 +01:00
tegwick
caa6ae36da feat(workplan): add RAIL-HO-WP-0004 production-readiness workplan 
10-task cross-layer workplan covering: Ansible hardening codification (T01-T02),
cnpg platform baseline superseding stale WP-0001 (T03-T05), S2→S5 Gitea boundary
fix (T06), SSH git automation on CoulombCore (T07, done), deploy-stack docs (T08),
state-hub + activity-core migration to cluster (T09-T10).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-27 01:01:47 +01:00
tegwick
2634102ce2 chore(workplan): mark WP-0003 completed — all tasks done 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 00:36:56 +01:00
tegwick
703c57d91c chore(rename): railiance-hosts → railiance-infra 
Update all operational references to reflect the new repo name per
ADR-003 (OAS S1 Infrastructure Substrate). Historical text in ADRs
and state-hub-inbox files preserved as-is. Gitea remote URL updated
locally (Gitea repo rename is a manual step).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-10 00:34:18 +01:00
tegwick
d9f6848a5b feat(workplan): add WP-0003 for 5-repo OAS stack restructure 
Plans the rename of railiance-hosts→infra and railiance-bootstrap→cluster,
creation of railiance-platform/enablement/apps, ADR-003 (supersedes ADR-002),
content relocations, state hub re-registration, and resolution of the
pending railiance-apps decision (7cddead6).

7 tasks; state_hub_workstream_id: 3ae0afc5-13f2-4e6c-aea7-1c1fb9f1ab81

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 23:53:49 +01:00
tegwick
15bb2978cc feat(tunnel): add make tunnel target; complete WP-0001 
- Add `make tunnel` to Makefile: reads first host from
  inventory/servers.yaml and opens a reverse SSH tunnel
  forwarding local state-hub (port 8000) to the remote host
- Mark T02 done and close WP-0001 (all tasks complete)
- WP-0002 T01/T02 task IDs backfilled by consistency checker

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 19:53:10 +01:00
tegwick
b32dfd4f5a docs: add verification guide, close WP-0002 
- docs/verification.md: explains spec/server-baseline.yaml, goss/baseline.yaml,
  make verify workflow, assertion mapping table, and how to add new checks
- docs/convergence.md: replace manual spot-check snippet with make verify reference
- workplans/RAIL-HO-WP-0002: mark completed (all tasks done, workstream closed)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 19:37:10 +01:00
tegwick
8f5799553e feat: implement WP-0002 — Goss test suite, verify playbook, and ADR-002 
- goss/baseline.yaml: assertions for all spec/server-baseline.yaml items
  (packages, services, SSH config, UFW rules, admin user, fail2ban, HISTCONTROL)
- goss/vars/baseline-vars.yaml: parameterised ports and paths
- ansible/roles/goss/: installs Goss binary (v0.4.9), deploys tests,
  runs assertions in TAP format, fetches report to reports/
- ansible/playbooks/verify.yaml: playbook wrapping the goss role
- Makefile: add 'make verify' target; update 'make status' with hint
- docs/adr/ADR-002: formal repo boundary — railiance-hosts vs railiance-bootstrap
- workplans/RAIL-HO-WP-0002: registered workstream 8fed53c2, T03–T06 done

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 12:38:48 +01:00
Bernd Worsch
2be5de2a3a feat: add server baseline spec, status command, and test suite workplan 
- Fix duplicate `converge` Makefile target (was causing warnings)
- Fix `make status` SSH hardening check (use grep on sshd_config instead
  of sshd -T which fails without hostkeys)
- Add `make status` target with connectivity, UFW, fail2ban, SSH checks
- Add spec/server-baseline.yaml — authoritative target-state spec for
  all managed nodes (firewall, SSH, services, packages, users)
- Add workplan RAIL-HO-WP-0002 for Goss test suite and repo boundary ADR

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-09 11:10:27 +00:00
Bernd Worsch
679d0d67b1 feat: bootstrap and harden Railiance01 at HostEurope 
- Extend base role with fail2ban, UFW k3s/Flannel rules, HISTCONTROL
- Add handlers dir for fail2ban restart
- Fix inventory script to emit correct dynamic inventory JSON format
- Add roles_path to ansible.cfg so playbook finds roles
- Add Railiance01 (92.205.62.239) to inventory/servers.yaml
- Mark workplan T03/T04/T05 as done

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-08 22:53:38 +00:00
tegwick
5187e63504 Link to state-hub and hosteurope integration 2026-03-08 23:28:59 +01:00