# Xdev Host Manager

Local host registry and management UI for the Madagascar network.

This project lives on jumper and is the local source for:

- `config/hosts.yaml` - git-versioned host registry
- `config/local-hosts.tsv` - DNS manifest exported for local resolvers
- `config/work-orders.yaml` - confirmable operational changes
- `scripts/host_manager.pl` - Perl-only web app
- `scripts/sync_local_hosts.sh` - local DNS sync to jumper and as01
- `scripts/ca_manager.sh` - local OpenSSL CA helper for host certificates

The public `xdev.ro` zone is maintained in the separate DNS public-zone repository.

Runtime path:

```text
/usr/local/xdev-host-manager
```

Secrets live outside git in `/etc/xdev/host-manager.env`.

The web UI is OTP-protected for all registry data, downloads, exports, and writes. Automation should consume this repository through git with dedicated read-only keys, not through unauthenticated HTTP.

The default internal domain is `madagascar.xdev.ro`. Short aliases are derived automatically from FQDNs, so `autonas01.madagascar.xdev.ro` also publishes `autonas01` without declaring it separately.

Name removals with operational impact go through a Work Order. Confirming a WO updates `hosts.yaml`, marks the WO as confirmed, and regenerates `local-hosts.tsv`; resolver sync remains an explicit operator step.

The local host CA stores private material outside git under `var/ca`. Initialize it on jumper with:

```bash
sudo scripts/ca_manager.sh init
```