feat: TypeScript bastion rewrite (initial scaffold)

Full rewrite of the bash bastion.sh into a TypeScript application: - Fastify HTTP server with typed routes (dispatch, kickstart, API) - Commander CLI (serve, install, list, reprovision) - Kickstart templates as TypeScript template literals (no more heredoc hell) - dnsmasq management via execa subprocess - Merged machine list view (hardware + install info in one table) - Containerized via podman-compose (Dockerfile + docker-compose.yml) - All partition logic preserved (LVM, reprovision detection, role-based) Not yet tested end-to-end — needs VM validation before replacing bash version. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 02:55:52 +00:00
parent fac14b6d4a
commit 177e993736
27 changed files with 4025 additions and 0 deletions
--- a/bastion/stack/.env.example
+++ b/bastion/stack/.env.example
@@ -0,0 +1,33 @@
+# Lab PXE Bastion -- Environment Configuration
+#
+# Copy this file to .env and adjust as needed.
+
+# Fedora version to install
+FEDORA_VERSION=43
+
+# Target architecture
+ARCH=x86_64
+
+# HTTP server port
+HTTP_PORT=8080
+
+# System locale and timezone for installed machines
+TIMEZONE=Europe/London
+LOCALE=en_GB.UTF-8
+
+# Data directory (inside container)
+BASTION_DIR=/data
+
+# Internal domain for hostnames (e.g., node1.ad.itaz.eu)
+DOMAIN=ad.itaz.eu
+
+# DHCP mode: "proxy" works alongside existing DHCP (e.g., UniFi)
+#             "full" means bastion is the only DHCP server
+DHCP_MODE=proxy
+
+# Only used in full DHCP mode -- auto-derived from network if empty
+DHCP_RANGE_START=
+DHCP_RANGE_END=
+
+# Path to SSH keys directory on host (mounted read-only)
+SSH_KEY_PATH=~/.ssh