Commit graph

17 commits

Author SHA1 Message Date
c664aebd1d RAIL-HO-WP-0005: record tier 2.5 railiance stack Forgejo promotion
All checks were successful
CI Smoke / host-smoke (push) Successful in 0s
CI Smoke / container-smoke (push) Successful in 1s
Inventory and workplan updates for enablement templates, tegwick SSH, and
railiance-* repos canonical on forgejo-remote.
2026-07-04 12:51:05 +02:00
092315895f RAIL-HO-WP-0005-T09: Forgejo backup/restore drill assets and evidence
Add isolated-namespace restore drill (CNPG cluster, PVC, orchestration script)
and document successful 2026-07-04 run: production forgejo dump restored with
health 200 and pilot repos visible via API. Scheduled backups remain open.
2026-07-04 11:26:50 +02:00
2d62317ada RAIL-HO-WP-0005-T10: tier-2 key-cape image pilot complete
Records successful key-cape Forgejo migration, image CI workflow, and
railiance01 registry pull; tiers 0-2 of migration ladder now satisfied.
2026-07-04 10:26:28 +02:00
67b259f6dc Adapt RAIL-HO-WP-0005 for production Forgejo and staged repo ladder
Reflects live railiance01 deploy, cancels isolated probe T03 in favor of
in-production pilots, marks T08/T10 progress (forgejo-actions-probe,
glas-harness), and documents tier 0-3 migration sequencing before state-hub.
2026-07-04 01:02:42 +02:00
6b0ededee2 ADR-004: Forgejo in-cluster Actions runner on railiance01
Decides long-lived runner Deployment with DinD sidecar; updates
RAIL-HO-WP-0005 runner model decision.
2026-07-03 22:29:28 +02:00
2ad38b4a1a docs: start Forgejo migration inventory 2026-06-04 01:34:33 +02:00
2d7e0101bc feat(infra): UFW k3s routing + full deploy runbook
- base role: allow UFW routing direction (required for k3s flannel
  pod networking to function across nodes)
- docs/deploy-stack.md: full S1→S5 ordered deploy runbook with
  pre-conditions checklist and layer-by-layer steps

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-27 02:28:51 +01:00
a680fb51af feat(adr): add ADR-003 (5-repo OAS stack); supersede ADR-002
ADR-003 formalises the 5-repo structure aligned with OAS Stack S1-S5:
railiance-infra, railiance-cluster, railiance-platform,
railiance-enablement, railiance-apps. Defines boundary rule, pre-condition
chain, and content relocation table. ADR-002 marked superseded.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 00:27:18 +01:00
b32dfd4f5a docs: add verification guide, close WP-0002
- docs/verification.md: explains spec/server-baseline.yaml, goss/baseline.yaml,
  make verify workflow, assertion mapping table, and how to add new checks
- docs/convergence.md: replace manual spot-check snippet with make verify reference
- workplans/RAIL-HO-WP-0002: mark completed (all tasks done, workstream closed)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-09 19:37:10 +01:00
8f5799553e feat: implement WP-0002 — Goss test suite, verify playbook, and ADR-002
- goss/baseline.yaml: assertions for all spec/server-baseline.yaml items
  (packages, services, SSH config, UFW rules, admin user, fail2ban, HISTCONTROL)
- goss/vars/baseline-vars.yaml: parameterised ports and paths
- ansible/roles/goss/: installs Goss binary (v0.4.9), deploys tests,
  runs assertions in TAP format, fetches report to reports/
- ansible/playbooks/verify.yaml: playbook wrapping the goss role
- Makefile: add 'make verify' target; update 'make status' with hint
- docs/adr/ADR-002: formal repo boundary — railiance-hosts vs railiance-bootstrap
- workplans/RAIL-HO-WP-0002: registered workstream 8fed53c2, T03–T06 done

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-09 12:38:48 +01:00
492f605895 docs: establishing baseline security and tools 2025-09-14 04:10:57 +02:00
26d2854c07 docs: added fast path documentation 2025-09-14 01:08:26 +02:00
389c20478f docs: add documentation for provisioning a server 2025-09-14 00:57:26 +02:00
75af105f6c docs: added documentation about setting up ssh-access 2025-09-14 00:47:41 +02:00
1192a0cece docs: added secrets handling digest 2025-09-13 22:52:18 +02:00
59bc9bbcf4 docs: improved masterkey setup documentation 2025-09-13 22:48:15 +02:00
31f30373a0 docs: add documentation about secret key generation 2025-09-13 20:47:24 +02:00