every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2

Advance forge rollout, Ethereum rails, and NBC sources

Browse source
This commit is contained in:
every.channel 2026-04-01 15:58:49 -07:00
parent be26313225
commit 7d84510eac
No known key found for this signature in database
88 changed files with 11230 additions and 302 deletions
Download patch file Download diff file Expand all files Collapse all files

8
evolution/proposals/ECP-0082-unifi-pxe-runner-rollout.md
View file

@ -2,6 +2,8 @@
Status: Implemented
Note: Persistent declarative host operation is specified in ECP-0083.
## Context
Runner netboot artifacts now publish from CI, but there is no repository-native operating path for fleet provisioning on common prosumer networks (for example Unifi VLANs).
@ -17,6 +19,12 @@ Unifi DHCP can expose next-server/bootfile settings, but iPXE chainloading often
2. Keep Unifi DHCP as the IP authority; use ProxyDHCP only to supply bootfile logic.
3. Document a concrete NUC rollout sequence for same-VLAN provisioning.
4. Keep dependencies minimal (`curl`, `tar`, `python3`, `dnsmasq`) and avoid requiring image flashing workflows.
5. Support an optional UniFi-only mode by providing an embedded-script iPXE build path (`ec-ipxe.efi`) so clients can chainload without DHCP conditional logic.
6. Verify release artifact integrity during staging when `SHA256SUMS.txt` is published.
7. Harden serving/staging defaults:
- default to local iPXE artifacts (remote iPXE download requires explicit opt-in),
- support optional chain token protection for `netboot.ipxe`,
- support HTTP CIDR allowlists for artifact serving.
## Alternatives considered