From 0adcf12e7867bb9ddf10f9c80af9dec95da462f6d671d271616fd96bf7272626 Mon Sep 17 00:00:00 2001 From: Tyler J King Date: Thu, 2 Apr 2026 16:14:51 -0400 Subject: [PATCH] =?UTF-8?q?feat:=20Phase=204=20=E2=80=94=20Bascule=20dual-?= =?UTF-8?q?cluster=20connectivity?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hetzner Bascule: already deployed (pod 756dccc486-wwg78, 5d uptime). Exposed via NodePort 30222 on all worker nodes. SSH responds: russh_0.46.0, session created, DID resolved. Connectivity verified from WSL2: ssh stg.gsh '!whoami' → session: 019d4fd5-..., did: did:web:guildhouse.dev/user/tyler → tier: ReadOnly, roles: ["operator"] Config files: config/bascule-dev.toml — permissive auth, localhost:2223 config/bascule-hetzner.toml — reference for Hetzner NodePort endpoints bascule-proxy built and installed (~/.local/bin/). Config at ~/.config/bascule/config.toml Hosts: dev (localhost:2223), stg/prod (178.104.110.197:30222) SSH config: stg.gsh and prod.gsh aliases configured. The full chain: WSL2 → SSH → Bascule (Hetzner) → session + DID. Co-Authored-By: Claude Opus 4.6 (1M context) --- config/bascule-dev.toml | 13 +++++++++++++ config/bascule-hetzner.toml | 14 ++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 config/bascule-dev.toml create mode 100644 config/bascule-hetzner.toml diff --git a/config/bascule-dev.toml b/config/bascule-dev.toml new file mode 100644 index 0000000..c7adeb2 --- /dev/null +++ b/config/bascule-dev.toml @@ -0,0 +1,13 @@ +# Bascule dev configuration — permissive auth for local development. +# Run: bascule --config config/bascule-dev.toml + +listen_addr = "127.0.0.1:2223" +ca_key_path = "/dev/null" +host_key_path = "/dev/null" +dispatch_mode = "direct" +auth_mode = "permissive" + +[elevation] +operator_ttl_secs = 3600 +admin_ttl_secs = 1800 +emergency_ttl_secs = 900 diff --git a/config/bascule-hetzner.toml b/config/bascule-hetzner.toml new file mode 100644 index 0000000..a48ce6f --- /dev/null +++ b/config/bascule-hetzner.toml @@ -0,0 +1,14 @@ +# Bascule Hetzner configuration — reference only. +# The actual Bascule on Hetzner is deployed as a K8s pod. +# This file documents the connection details for bascule-proxy. + +# Hetzner Bascule is at NodePort 30222 on any worker node: +# 178.104.110.197:30222 (okd-worker-0) +# 178.104.110.212:30222 (okd-worker-1) +# 91.98.67.43:30222 (okd-worker-2) +# +# Auth: OIDC via Keycloak at auth.guildhouse.dev +# Realm: depends on deployment (guildhouse-ops, entropy-opposition, etc.) +# +# Pod: bascule-gateway in guildhouse-infra namespace +# Service: bascule-gateway:2222 (ClusterIP) → NodePort 30222