bastion/stack/docker-compose.yml

services:
  bastion:
    build:
      context: ..
      dockerfile: stack/Dockerfile
    network_mode: host
    restart: unless-stopped
    env_file: .env
    volumes:
      - bastion-state:/data/state
      - bastion-tftp:/data/tftp
      - bastion-http:/data/http
      - ${SSH_KEY_PATH:-~/.ssh}:/root/.ssh:ro
    cap_add:
      - NET_ADMIN
      - NET_RAW

  cockroachdb:
    image: cockroachdb/cockroach:latest-v24.3
    command: start-single-node --insecure --store=type=mem,size=256MiB
    ports:
      - "26257:26257"
      - "8081:8080"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health?ready=1"]
      interval: 5s
      timeout: 5s
      retries: 10

volumes:
  bastion-state:
  bastion-tftp:
  bastion-http:
feat: TypeScript bastion rewrite (initial scaffold) Full rewrite of the bash bastion.sh into a TypeScript application: - Fastify HTTP server with typed routes (dispatch, kickstart, API) - Commander CLI (serve, install, list, reprovision) - Kickstart templates as TypeScript template literals (no more heredoc hell) - dnsmasq management via execa subprocess - Merged machine list view (hardware + install info in one table) - Containerized via podman-compose (Dockerfile + docker-compose.yml) - All partition logic preserved (LVM, reprovision detection, role-based) Not yet tested end-to-end — needs VM validation before replacing bash version. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-17 02:55:52 +00:00			`services:`
			`bastion:`
			`build:`
			`context: ..`
			`dockerfile: stack/Dockerfile`
			`network_mode: host`
			`restart: unless-stopped`
			`env_file: .env`
			`volumes:`
			`- bastion-state:/data/state`
			`- bastion-tftp:/data/tftp`
			`- bastion-http:/data/http`
			`- ${SSH_KEY_PATH:-~/.ssh}:/root/.ssh:ro`
			`cap_add:`
			`- NET_ADMIN`
			`- NET_RAW`

feat: scaffold labd — master daemon with CockroachDB + Prisma New @lab/labd workspace package: - Fastify HTTP server + WebSocket for agent connections - Prisma schema (CockroachDB): Server, Agent, User, Role, Permission, UserRole, JoinToken, AuditLog, PulumiRun, Cluster models - Health endpoint with DB connectivity check - Server listing with cloud/env/status filters - Auth routes: agent enrollment, join token management - Placeholder mTLS auth middleware - Dev stack: CockroachDB single-node in docker-compose - 32 tests passing (2 new for labd health) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 00:13:16 +00:00			`cockroachdb:`
			`image: cockroachdb/cockroach:latest-v24.3`
			`command: start-single-node --insecure --store=type=mem,size=256MiB`
			`ports:`
			`- "26257:26257"`
			`- "8081:8080"`
			`healthcheck:`
			`test: ["CMD", "curl", "-f", "http://localhost:8080/health?ready=1"]`
			`interval: 5s`
			`timeout: 5s`
			`retries: 10`

feat: TypeScript bastion rewrite (initial scaffold) Full rewrite of the bash bastion.sh into a TypeScript application: - Fastify HTTP server with typed routes (dispatch, kickstart, API) - Commander CLI (serve, install, list, reprovision) - Kickstart templates as TypeScript template literals (no more heredoc hell) - dnsmasq management via execa subprocess - Merged machine list view (hardware + install info in one table) - Containerized via podman-compose (Dockerfile + docker-compose.yml) - All partition logic preserved (LVM, reprovision detection, role-based) Not yet tested end-to-end — needs VM validation before replacing bash version. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-17 02:55:52 +00:00			`volumes:`
			`bastion-state:`
			`bastion-tftp:`
			`bastion-http:`