railiance-infra

coulomb/railiance-infra

Fork 0

Commit Graph

Author	SHA1	Message	Date
Bernd Worsch	4afc2a0fd6	fix: correct Goss test suite to match actual server state Fixes found by running make verify against Railiance01: - Fix playbook_dir paths (ansible/playbooks/ is 2 levels from repo root) - age/sops are binary installs, not apt packages — use command checks - Admin user is tegwick, not admin; sudoers at /etc/sudoers.d/tegwick - sudo granted via sudoers file, not group membership — remove group assert - Ubuntu 24.04 socket-activates SSH; assert ssh.socket not ssh.service - SSH hardening lives in sshd_config.d/10-hardening.conf, not main config - UFW SSH rule uses app name "OpenSSH", not port 22/tcp - Replace /regex/i patterns with plain strings (Goss file.contents) - Update spec/server-baseline.yaml to match all findings All 27 assertions now pass. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 15:50:06 +00:00
tegwick	8f5799553e	feat: implement WP-0002 — Goss test suite, verify playbook, and ADR-002 - goss/baseline.yaml: assertions for all spec/server-baseline.yaml items (packages, services, SSH config, UFW rules, admin user, fail2ban, HISTCONTROL) - goss/vars/baseline-vars.yaml: parameterised ports and paths - ansible/roles/goss/: installs Goss binary (v0.4.9), deploys tests, runs assertions in TAP format, fetches report to reports/ - ansible/playbooks/verify.yaml: playbook wrapping the goss role - Makefile: add 'make verify' target; update 'make status' with hint - docs/adr/ADR-002: formal repo boundary — railiance-hosts vs railiance-bootstrap - workplans/RAIL-HO-WP-0002: registered workstream 8fed53c2, T03–T06 done Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-09 12:38:48 +01:00

Author

SHA1

Message

Date

Bernd Worsch

4afc2a0fd6

fix: correct Goss test suite to match actual server state

Fixes found by running make verify against Railiance01:

- Fix playbook_dir paths (ansible/playbooks/ is 2 levels from repo root)
- age/sops are binary installs, not apt packages — use command checks
- Admin user is tegwick, not admin; sudoers at /etc/sudoers.d/tegwick
- sudo granted via sudoers file, not group membership — remove group assert
- Ubuntu 24.04 socket-activates SSH; assert ssh.socket not ssh.service
- SSH hardening lives in sshd_config.d/10-hardening.conf, not main config
- UFW SSH rule uses app name "OpenSSH", not port 22/tcp
- Replace /regex/i patterns with plain strings (Goss file.contents)
- Update spec/server-baseline.yaml to match all findings

All 27 assertions now pass.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-09 15:50:06 +00:00

tegwick

8f5799553e

feat: implement WP-0002 — Goss test suite, verify playbook, and ADR-002

- goss/baseline.yaml: assertions for all spec/server-baseline.yaml items
  (packages, services, SSH config, UFW rules, admin user, fail2ban, HISTCONTROL)
- goss/vars/baseline-vars.yaml: parameterised ports and paths
- ansible/roles/goss/: installs Goss binary (v0.4.9), deploys tests,
  runs assertions in TAP format, fetches report to reports/
- ansible/playbooks/verify.yaml: playbook wrapping the goss role
- Makefile: add 'make verify' target; update 'make status' with hint
- docs/adr/ADR-002: formal repo boundary — railiance-hosts vs railiance-bootstrap
- workplans/RAIL-HO-WP-0002: registered workstream 8fed53c2, T03–T06 done

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-09 12:38:48 +01:00

2 Commits