tegwick
ff59d4e0f8
T01: roles/swapfile — idempotent 4GB swapfile, vm.swappiness=10, fstab entry
T02: roles/resource_limits — PAM nproc caps (512/1024), systemd user-1000.slice
memory limits (1500M/512M); templated per-host via host_vars
- inventory/host_vars/CoulombCore.yml — host-specific vars for both roles
- inventory/servers.yaml — add CoulombCore with id_ops SSH key
- inventory_from_yaml.py — load host_vars files into Ansible hostvars
- playbooks/bootstrap.yaml — include swapfile + resource_limits roles
- workplans/WP-0004 — flag T04/T09/T10 needs_human, add CoulombCore-local convergence note
Codifies manual INC-002 hardening. See RAIL-HO-WP-0004-T01/T02.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
15 lines
367 B
YAML
15 lines
367 B
YAML
# Host-specific variables for CoulombCore (92.205.130.254)
|
|
# k3s single-node cluster host — HostEurope
|
|
|
|
# Swapfile (T01)
|
|
swap_size_gb: 4
|
|
swap_swappiness: 10
|
|
|
|
# Resource limits (T02) — prevents runaway agents (see INC-002)
|
|
resource_limit_user: tegwick
|
|
resource_limit_uid: 1000
|
|
nproc_soft: 512
|
|
nproc_hard: 1024
|
|
user_memory_max: "1500M"
|
|
user_memory_swap_max: "512M"
|