Commit graph

6 commits

Author SHA1 Message Date
sjat
33dc378c3c feat(vlans): VLAN-aware bridge, ports, mgmt interface (mechanism)
Implements Task 7. Deliberate lockout-safe ordering (vlan-filtering LAST) with
:if [find] guards that adopt the existing defconf bridge/ports rather than
recreating them. Membership Jinja: trunk ports tagged per tagged_vlans, access
ports untagged per pvid, bridge/CPU tagged only on the mgmt VLAN; else={set} makes
membership declarative. Jinja render validated offline against the placeholder
topology. Device run DEFERRED to an on-site session with a recovery channel
(remote bench has no serial/WinBox-MAC fallback). Topology stays placeholder.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:39:04 +02:00
sjat
39a12ae23b feat(backup): export + binary backup, fetch into repo
Implements Task 8. play_backup.yml ensures the local dir then includes backup.yml,
which runs /export + /system backup save and pulls both over SCP (net_get).
Binary .backup is gitignored (may contain secrets); export.rsc is committed.
Verified against crs310-maker on the bench: both artifacts fetched non-empty.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:36:14 +02:00
sjat
ea7cf5ec03 feat(users): ensure named admin, disable default admin
Implements Task 6. Guards user creation with :if [find]; disables the built-in
admin (switch_disable_default_admin) now that sjat key login is proven. Verified
run-twice idempotent (changed=0); admin disabled=true, sjat reachable on bench.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:34:58 +02:00
sjat
cfc6ec9721 feat(identity): identity, DNS, NTP, service hardening
Implements Task 5. Disables telnet/ftp/www/www-ssl/api/api-ssl (winbox kept
for recovery), sets DNS + NTP client, ensures SSH on the configured port.
Verified run-twice idempotent (changed=0) against crs310-maker on the bench.
Also sets ansible_user=sjat in host_vars for day-2 key auth.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:33:48 +02:00
sjat
12001abac6 docs: README, role README, CLAUDE.md
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:22:43 +02:00
sjat
ad2c00f84a feat: role skeleton, host_vars, day-2 play (stubbed domains)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-07 08:34:13 +02:00