Fixes found by running make verify against Railiance01:
- Fix playbook_dir paths (ansible/playbooks/ is 2 levels from repo root)
- age/sops are binary installs, not apt packages — use command checks
- Admin user is tegwick, not admin; sudoers at /etc/sudoers.d/tegwick
- sudo granted via sudoers file, not group membership — remove group assert
- Ubuntu 24.04 socket-activates SSH; assert ssh.socket not ssh.service
- SSH hardening lives in sshd_config.d/10-hardening.conf, not main config
- UFW SSH rule uses app name "OpenSSH", not port 22/tcp
- Replace /regex/i patterns with plain strings (Goss file.contents)
- Update spec/server-baseline.yaml to match all findings
All 27 assertions now pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Missing tool discovered during offline-inbox drain — repo_goal_id on
workstream bf40b47e is null in DB but correctly set in the workplan file.
No MCP path to fix this without a direct API call.
Contribution id: 0450a858-bccc-4cbf-8052-38c1654aa005
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
State Hub was unreachable during the offline session that bootstrapped
Railiance01. Inbox event drained and T03/T04/T05 task statuses synced
to the hub (C-10 drift fixed via check_repo_consistency --fix).
Progress event id: de18d727-eea5-4dfa-913c-8fe62245cda4
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- state-hub-inbox/: convention for queuing progress events during
degraded-mode sessions (no tunnel to State Hub)
- First pending event: Railiance01 bootstrap milestone (T03-T05)
- contrib/feature-requests/: FR for automated inbox ingest in state-hub
- README documents the drain procedure until automation is in place
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Extend base role with fail2ban, UFW k3s/Flannel rules, HISTCONTROL
- Add handlers dir for fail2ban restart
- Fix inventory script to emit correct dynamic inventory JSON format
- Add roles_path to ansible.cfg so playbook finds roles
- Add Railiance01 (92.205.62.239) to inventory/servers.yaml
- Mark workplan T03/T04/T05 as done
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
