One-command vault edit (replace flossfw.public_key) + wireguard-server redeploy + verify handshake, for when the TaPPaaS operator sends their WireGuard public key. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
24 lines
1.1 KiB
Markdown
24 lines
1.1 KiB
Markdown
# Runbooks
|
|
|
|
Task-focused troubleshooting guides. Thin — they point at the source repos for
|
|
authoritative config and commands rather than duplicating them.
|
|
|
|
## Index
|
|
|
|
| Runbook | Covers |
|
|
|---------|--------|
|
|
| [switch-crs310.md](switch-crs310.md) | The MikroTik CRS310 switch — connectivity, VLANs, mgmt-plane lockout recovery, Ansible reconfig. |
|
|
| [publishing-services-mf01.md](publishing-services-mf01.md) | Publishing HTTP services on mf01 as `<svc>.mf01.makerfloss.eu` (VPS-terminated TLS over wg1). |
|
|
| [swap-flossfw-wg-key.md](swap-flossfw-wg-key.md) | Swap the `flossfw` wg1 peer public key on the VPS when the TaPPaaS operator sends theirs (one-value vault edit + redeploy). |
|
|
|
|
## Adding a runbook
|
|
|
|
Keep it lean. Good structure:
|
|
|
|
1. **Symptom** — what you observe.
|
|
2. **Reach** — which [access.md](../access.md) path applies.
|
|
3. **Diagnose** — concrete checks (commands, what good/bad looks like).
|
|
4. **Fix** — where the change lands (source repo + file), and the safety rules
|
|
for applying it to live infra.
|
|
5. **Verify** — how you confirm it's actually fixed (evidence, not assertion).
|
|
6. **Links** — source-repo specs/runbooks.
|