Builder & Core Services

Builder & Core Services βœ… #

Builder infrastructure, network automation, and core services required to provision and rebuild the dvntm (mobile) site from bare metal.

✓ 30 | ↻ 0 | ⏳ 0 (30 total)

Legend: βœ… Complete | πŸ”„ In Progress | ⏳ Planned

Project Vision & Scope #

Achieve fully automated, repeatable provisioning of the dvntm (mobile) site from bare metal to running core services, with complete air-gap recovery capability.

In Scope

  • Bare-metal provisioning (PXE, Ansible)
  • Network infrastructure automation (switching, wireless, routing)
  • Image factory for all platforms
  • Full air-gap rebuild capability

Out of Scope

  • Extended management plane (logging, telemetry, secrets, identity β€” separate project)
  • Patch automation and firmware upgrades β€” see Patch Automation
  • Full site rebuild event β€” see Full Site Rebuild
  • Application/tenant workload automation (separate per-tenant)
  • Cloud infrastructure (this is on-prem only)
Requirements β€” Complete

Requirements βœ… #

  • βœ… Define substrate inventory and MAC addresses

  • βœ… Define network topology and VLANs

  • βœ… Define air-gap artifact requirements

Substrate Provisioning β€” Complete

Substrate Provisioning βœ… #

Core infrastructure for building and deploying the substrate.

  • βœ… Builder Node Ansible Collection (deevnet.builder)

  • βœ… Image Packaging - Proxmox Fedora template

  • βœ… Image Packaging - Proxmox installer

  • βœ… Image Packaging - Raspberry Pi Base Image

  • βœ… Bootstrap Node Provisioning Playbook

  • βœ… Proxmox Automated Install via PXE

  • βœ… Full Air-Gap Support (Fedora Mirror)

Inventory & Standards β€” Complete

Inventory & Standards βœ… #

Documentation and inventory definitions.

  • βœ… Hugo-based Documentation Site

  • βœ… Standards and Correctness Docs

  • βœ… dvntm Site Bare-Metal Inventory (MAC addresses)

Network Automation β€” Complete

Network Automation βœ… #

Automated configuration of network infrastructure. Migration from flat 192.168.10.0/24 to segmented 10.20.x.0/24 VLANs completed 2026-03-25. Authority transition automation completed 2026-03-26.

  • βœ… OPNsense Alternatives Evaluation

  • βœ… Document network build/rebuild steps in recovery plan

  • βœ… dvntm VLAN Plan

  • βœ… DNS Automation

  • βœ… DHCP Automation (Kea subnets auto-created, interface enablement automated)

  • βœ… Core Router Automation (OPNsense VLAN creation, firewall rules via API)

  • βœ… Access Switch Automation (SG2218 General mode, VLANs, trunk, access ports, default gateway)

  • βœ… Implement Network Segmentation (12 VLANs, zone-based firewall policy)

  • βœ… Migrate to RFC1918 10 space (10.20.x.0/24 subnets live)

  • βœ… Wireless AP SSID-to-VLAN configuration (manual via standalone UI β€” automation gap documented)

  • βœ… Document automation shortcomings and improvement backlog (see migration runbook and Patch Automation project)

  • βœ… Authority transition automation (bootstrap-auth/core-auth playbooks, DNS/DHCP host records from inventory, IP swap)

  • βœ… Unify build sequence documentation (authority transitions and network segmentation inline)

Page last modified: March 26, 2026