rob thijssen
7dd1ddcfba
Some checks failed
build-prerelease / Resolve version stamps + change detection (push) Failing after 11m1s
build-prerelease / Lint (fmt + clippy) (push) Has been cancelled
build-prerelease / Test (push) Has been cancelled
build-prerelease / Build cortex binary (push) Has been cancelled
build-prerelease / Build helexa-bench binary (push) Has been cancelled
build-prerelease / Build neuron-blackwell (push) Has been cancelled
build-prerelease / Build neuron-ampere (push) Has been cancelled
build-prerelease / Build neuron-ada (push) Has been cancelled
build-prerelease / Package cortex RPM (push) Has been cancelled
build-prerelease / Package helexa-bench RPM (push) Has been cancelled
build-prerelease / Package helexa-neuron-ada RPM (push) Has been cancelled
build-prerelease / Package helexa-neuron-ampere RPM (push) Has been cancelled
build-prerelease / Package helexa-neuron-blackwell RPM (push) Has been cancelled
build-prerelease / Publish to rpm.lair.cafe (unstable) (push) Has been cancelled
- cert_present() must `sudo test -d /etc/letsencrypt/live/...` (root-only 0700); without sudo it falsely reported "no cert" and downgraded the bench.helexa.ai vhost to the http-only bootstrap (dropping its 443 server). Now correctly keeps the full TLS vhost. - bench.internal initial cert: rsync the operator's JWK 'lair' provisioner password to the host transiently (root, 0600), issue via step ca certificate, then remove it (trap + belt-and-suspenders rm). Verified: bench.helexa.ai (LE) and bench.internal (lair CA) both serve the SPA + /api→bob; step@bench.timer renews; secret removed from host. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
14 KiB
Executable File
14 KiB
Executable File