bogdan / LocalAuthority
Madagascar Local Authority
1 Branch 0 Tags
  • Copy URL to clipboard
ZIP tar.gz
bogdan Harden host edit modal and switch hosts to HTTPS
fbeba9c 2 hours ago 30 Commits
README

Madagascar Local Authority

Local authority for Madagascar hosts, DNS manifests, work orders, and host certificates.

The development checkout lives locally at:

/Users/bogdan/Documents/Workspaces/Xdev/Madagascar/LocalAuthority

The canonical GitPrep repository is:

git@192.168.2.102:repositories/bogdan/LocalAuthority.git

The runtime instance lives on jumper and remains the local source for operational registry data:

  • config/hosts.yaml - git-versioned host registry
  • config/local-hosts.tsv - DNS manifest exported for local resolvers
  • config/work-orders.yaml - confirmable operational changes
  • scripts/host_manager.pl - Perl-only web app
  • scripts/sync_local_hosts.sh - local DNS sync to jumper and as01
  • scripts/ca_manager.sh - local OpenSSL CA helper for host certificates

The public xdev.ro zone is maintained in the separate DNS public-zone repository.

Runtime path:

/usr/local/xdev-host-manager

Secrets live outside git in /etc/xdev/host-manager.env.

The product name is Madagascar Local Authority. The technical service, Unix user, repository path, and environment files still use host-manager.

The web UI is OTP-protected for all registry data, downloads, exports, and writes. Automation should consume this repository through git with dedicated read-only keys, not through unauthenticated HTTP.

For agent/operator context, see:

Local development and deployment

Work on application code locally, commit changes, then deploy to jumper:

cd /Users/bogdan/Documents/Workspaces/Xdev/Madagascar/LocalAuthority
scripts/deploy_to_jumper.sh

The deploy script copies code, docs and deployment assets, restarts host-manager, and checks /healthz.

config/ is not deployed by default because hosts.yaml, local-hosts.tsv, and work-orders.yaml are operational data that may be changed on jumper by the application. Deploy config only when intentionally replacing runtime registry data:

scripts/deploy_to_jumper.sh --include-config

The default internal domain is madagascar.xdev.ro. Short aliases are derived automatically from FQDNs, so autonas01.madagascar.xdev.ro also publishes autonas01 without declaring it separately.

Name removals with operational impact go through a Work Order. A WO records intent first; the operational checklist must be completed before confirmation can update hosts.yaml, mark the WO as confirmed, and regenerate local-hosts.tsv. Resolver sync remains an explicit operator step.

The local host CA stores private material outside git under var/ca. Initialize it on jumper with:

sudo scripts/ca_manager.sh init
Gitprep Version v2.6.2 build on Mojolicious
DBViewer