Ansible modules
4 verified Ansible roles, statically validated with ansible-lint and publish-gated. Where marked live-tested, the role was run through converge → idempotence → verify → teardown on a real container — not just linted.
4 of 4 are live-tested — really applied, verified, then destroyed. The rest are static-validated, live-test pending. We never label a module “live-tested” without the real test — how we verify.
All Ansible modules
Baseline Linux Hardening
SSH hardening drop-in, sysctl security profile, login banner, and time sync. Original, live-tested (Molecule) role.
Nginx (verified role)
Verified wrapper around geerlingguy.nginx pinned at 3.3.0 plus an IaC Bazaar hardening overlay (server_tokens off, security headers, default-vhost removal); live-tested for idempotence and functionally verified: systemd unit active, HTTP 200, headers present, no version leak.
PostgreSQL Server (EL)
PostgreSQL server with guarded initdb, SCRAM-SHA-256 auth, managed conf.d drop-in, templated pg_hba, and app database + owner provisioning. Original, live-tested (Molecule/podman) role.
Prometheus node_exporter (verified)
Official node_exporter release (pinned v1.11.1) with sha256 checksum-verified install, dedicated shell-less system user, and a systemd unit on :9100; live-tested for idempotence with a functional /metrics verification.