tegwick
8f5799553e
- goss/baseline.yaml: assertions for all spec/server-baseline.yaml items (packages, services, SSH config, UFW rules, admin user, fail2ban, HISTCONTROL) - goss/vars/baseline-vars.yaml: parameterised ports and paths - ansible/roles/goss/: installs Goss binary (v0.4.9), deploys tests, runs assertions in TAP format, fetches report to reports/ - ansible/playbooks/verify.yaml: playbook wrapping the goss role - Makefile: add 'make verify' target; update 'make status' with hint - docs/adr/ADR-002: formal repo boundary — railiance-hosts vs railiance-bootstrap - workplans/RAIL-HO-WP-0002: registered workstream 8fed53c2, T03–T06 done Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
12 lines
257 B
YAML
12 lines
257 B
YAML
# Parameterised values used in goss/baseline.yaml
|
|
# Override per host group if defaults differ.
|
|
|
|
firewall_ports:
|
|
ssh: "22/tcp"
|
|
k3s_api: "6443/tcp"
|
|
flannel_vxlan: "8472/udp"
|
|
|
|
admin_user: admin
|
|
goss_binary: /usr/local/bin/goss
|
|
goss_tests_dir: /etc/goss
|