bolyai/CIS490

History

elliott 786b8da600 fix: ca_bundle in lab-host.toml.example pointed at client CA, not Caddy root wg-ca.pem (from the bootstrap tarball) is the CIS490 Lab-Host Client CA — the receiver's trust anchor for our client cert. The shipper's ca_bundle is used to verify the server's TLS cert on collector.wg, which is signed by the Caddy Local Authority. Point ca_bundle at /opt/cis490/etc/caddy-root.crt (the Caddy root bundled in the repo) so TLS verification succeeds. Closes spectral/CIS490#12 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-30 15:34:10 -06:00
..
caddy-root.crt	bootstrap: auto-issue mTLS leaves to enrolled lab hosts (closes #9 , refs #3 )	2026-04-30 01:30:29 -05:00
cis490-bootstrap.service	bootstrap: auto-issue mTLS leaves to enrolled lab hosts (closes #9 , refs #3 )	2026-04-30 01:30:29 -05:00
cis490-orchestrator.service	fleet: fix per-slot run-dir collision so concurrent VMs actually run	2026-04-30 01:55:56 -05:00
cis490-receiver.service	Add receiver: PUT /v1/episodes ingest with sha256 verify and idempotency	2026-04-28 23:34:04 -06:00
cis490-shipper.service	Lab-host shipper + receiver /v1/ping + install scripts	2026-04-29 23:41:32 -05:00
lab-host.toml.example	fix: ca_bundle in lab-host.toml.example pointed at client CA, not Caddy root	2026-04-30 15:34:10 -06:00
README.md	Add receiver: PUT /v1/episodes ingest with sha256 verify and idempotency	2026-04-28 23:34:04 -06:00
receiver.toml.example	receiver: default to 127.0.0.1:8444 (avoid wg-enroll-listener on 8443)	2026-04-29 23:45:23 -05:00

README.md

etc/

Templates for system-level files installed by scripts/install-*.sh:

cis490-receiver.service — systemd unit for the receiver
receiver.toml.example — config template for the receiver
cis490-orchestrator.service (TODO) — systemd unit for the orchestrator
cis490-shipper.service (TODO) — systemd unit for the shipper
lab-host.toml.example (TODO) — config template for the lab host

See docs/deploy.md for the install flow.