- Add secharden-audit-agents functionality to security-hardening
- Create unattended-upgrades initializer for automatic security updates
- Port Dell-specific scripts (fixcpuperf, fixeth, omsa) to dell-config
- Port sslStackFromSource.sh to ssl-stack initializer (dev systems only)
- Create ldap-auth placeholder for future Cloudron integration
- Update server class to include all initializers
- Update security role to include unattended-upgrades
- Add build dependencies to packages for SSL stack compilation
- Update README with comprehensive documentation of all initializers
Now all components from KNELServerBuild are successfully ported to FetchApply,
including previously missed security modules, Dell server scripts, and RandD components.
Future migration path clear: Salt for ongoing management, Ansible for ComplianceAsCode.
💘 Generated with Crush
Assisted-by: GLM-4.6 via Crush <crush@charm.land>
- Add MENTALMODEL.md documenting architecture and tool responsibilities
- Clarify Salt is for ongoing configuration management and automation
- Clarify Ansible is for ComplianceAsCode deployment from github.com/ComplianceAsCode/content
- Update README.md to reflect correct understanding of tool purposes
- Update decision matrix for when to use each tool
- Document migration path and future service plans (Beszel, Netbird via Salt)
Establishes clear separation of concerns across the configuration management ecosystem.
💘 Generated with Crush
Assisted-by: GLM-4.6 via Crush <crush@charm.land>
- Remove all librenms references from initializers and configuration
- Keep tailscale as requested (remove netbird plans)
- Add ansible-core (already present) and salt-minion packages
- Create salt-client initializer for minion configuration
- Update roles to replace librenms-agent with salt-client
- Simplify oam initializer to only handle up2date script
- Update README to reflect new architecture and tools
Prepares infrastructure for migration to Salt configuration management
while maintaining tailscale for VPN connectivity.
💘 Generated with Crush
Assisted-by: GLM-4.6 via Crush <crush@charm.land>
- Configure all server classes (physical, virtual, database, webserver, ntp-server, librenms, dev-workstation)
- Set appropriate initializers, modules, and roles for each class
- Define class-specific configurations based on server type
- Standardize configuration across all server types
💘 Generated with Crush
Assisted-by: GLM-4.6 via Crush <crush@charm.land>
- Created base FetchApply directory structure with classes, initializers, modules, roles, and variables
- Ported SetupNewSystem.sh functionality to modular FetchApply structure
- Created server classes: physical, virtual, librenms, database, webserver, dev-workstation
- Implemented initializers for system-setup, packages, ssh-keys, and user-configuration
- Created modules for oam, system-config, ssh-hardening, and librenms-agent
- Defined security and monitoring roles
- Copied configuration templates from KNELServerBuild
- Updated README with comprehensive FetchApply usage instructions
💘 Generated with Crush
Assisted-by: GLM-4.6 via Crush <crush@charm.land>
