Commit graph

13 commits

Author SHA1 Message Date
sjat
ea7cf5ec03 feat(users): ensure named admin, disable default admin
Implements Task 6. Guards user creation with :if [find]; disables the built-in
admin (switch_disable_default_admin) now that sjat key login is proven. Verified
run-twice idempotent (changed=0); admin disabled=true, sjat reachable on bench.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:34:58 +02:00
sjat
cfc6ec9721 feat(identity): identity, DNS, NTP, service hardening
Implements Task 5. Disables telnet/ftp/www/www-ssl/api/api-ssl (winbox kept
for recovery), sets DNS + NTP client, ensures SSH on the configured port.
Verified run-twice idempotent (changed=0) against crs310-maker on the bench.
Also sets ansible_user=sjat in host_vars for day-2 key auth.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:33:48 +02:00
sjat
12001abac6 docs: README, role README, CLAUDE.md
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:22:43 +02:00
sjat
3fef7ba9e5 feat: bootstrap CRS310 on-site (sjat user + key + vaulted password)
Recorded device facts (CRS310-8G+2S+IN, serial HM40B8TDNDD, RouterOS 7.19.6,
pinned firmware_target 7.19.6). Added encrypted makerfloss-vault admin password
and excluded *.vault.yml from linters. Device bootstrapped over SSH: identity
set to crs310-maker, named user sjat (full) with operator ed25519 key + vaulted
password; key-based login verified from the controller. Default admin still
enabled (hardening + VLANs deferred to the day-2 task files).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 19:13:53 +02:00
sjat
bdfde1644c Merge: initial scaffolding + field guide + role skeleton (Tasks 1-3)
No-device tasks complete and two-stage reviewed:
- repo scaffolding (direnv, ansible.cfg, lint, requirements)
- makerfloss vault identity, inventory, connection group_vars
- role skeleton makerfloss.mikrotik_switch (stubbed domains), host_vars, play_switch.yml
- on-site makerspace field guide; plan carry-over notes

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 18:26:08 +02:00
sjat
0721ecc34c docs(plan): carry-over notes from skeleton code review
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-07 08:38:23 +02:00
sjat
ad2c00f84a feat: role skeleton, host_vars, day-2 play (stubbed domains)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-07 08:34:13 +02:00
sjat
5c04b3405b docs(group_vars): clarify ansible_user=admin is a bootstrap default
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-07 08:31:34 +02:00
sjat
3abb937a03 feat: inventory, connection group_vars, makerfloss vault identity
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-07 08:29:57 +02:00
sjat
be9ac7f78b chore: repo scaffolding (direnv, ansible.cfg, lint, requirements) 2026-06-07 08:26:09 +02:00
sjat
66a1aaad69 docs: on-site makerspace field guide for CRS310 prep
Standalone printable checklist: bring-list, access via WinBox MAC,
confirm RouterOS, upgrade+pin firmware, record facts, reset to
no-defaults, temp IP + SSH, addressing decisions, physical finish.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-07 08:24:10 +02:00
sjat
7731f98f15 docs: CRS310 Ansible implementation plan
Bite-sized, idempotency-verified plan: scaffolding -> vault/inventory ->
role skeleton -> bootstrap (key import) -> domain tasks (identity, users,
vlans, backup, firmware) -> docs/publish. Phase 0 gates device-dependent
work on physical switch prep + forgejo repo creation.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-07 08:12:15 +02:00
sjat
f1d7b3059c docs: CRS310 Ansible management design (brainstorming spec)
Initial design doc for managing the makerspace MikroTik CRS310-8G+2S+IN
switch as IaC over SSH with community.routeros. Single-switch scope,
fresh repo in AnsibleBaobabV4 conventions, separate makerfloss vault.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-07 08:04:56 +02:00