Search Results

Overview This book documents all n8n automation workflows currently deployed at Puffing Billy Railway (PBR). n8n is PBR's self-hosted workflow automation platform, running at https://n8n.pbr.org.au. It integrates internal systems, third-party APIs, and AI serv...

Overview FieldValue Workflow IDDmoxddEkpx854rYj n8n URLhttps://n8n.pbr.org.au/workflow/DmoxddEkpx854rYj StatusActive TriggerSchedule — every 24 hours SystemsBetterImpact (source), Swift Digital (destination), n8n Data Table (audit log) PredecessorBetterImpac...

Overview FieldValue Workflow IDqLw7S1Rr0eznKDhi n8n URLhttps://n8n.pbr.org.au/workflow/qLw7S1Rr0eznKDhi StatusActive TriggerWebhook — called by Jitbit AI as a registered External Tool Webhook URLhttps://n8n.pbr.org.au/webhook/jitbit-search-bookstack SystemsJ...

Overview FieldValue Workflow IDllP1pezJvYAGKjYA n8n URLhttps://n8n.pbr.org.au/workflow/llP1pezJvYAGKjYA StatusActive TriggerWebhook — called by a Jitbit automation rule on every new ticket Webhook URLhttps://n8n.pbr.org.au/webhook/jitbit-ticket-triage System...

Overview FieldValue Workflow IDl0KQdZd8IGiJNuLa n8n URLhttps://n8n.pbr.org.au/workflow/l0KQdZd8IGiJNuLa StatusInactive — manual execution only TriggerManual (Execute Workflow button in n8n) SystemsSwift Digital Purpose This is a utility workflow used to b...

Purpose This book documents PBR's Ansible-based configuration management for Linux infrastructure. It covers the ssh-baseline role, supporting playbooks, design rationale, deployment procedure, and operational reference. The ssh-baseline role establishes a h...

Purpose of this Page This page captures the rationale behind every non-obvious design choice in the ssh-baseline role. Each entry follows the pattern: What we did → Why → Trade-off accepted. Where possible, comments inside the role itself reference these dec...

When to Use This Runbook Follow this runbook when adding a new Ubuntu host to the SSH baseline. The procedure assumes: The host runs Ubuntu 22.04 or 24.04 LTS (the role's supported versions) The host has a real hostname (not ubuntu or localhost) The host ca...

Variable Source Hierarchy Variables resolve in standard Ansible precedence order. The role uses three layers: Role defaults — roles/ssh-baseline/defaults/main.yml (lowest precedence; the safe baseline) Group vars — inventory/group_vars/all/main.yml (organis...

Overview The role integrates Ubuntu hosts with Active Directory via SSSD using realm join. Once joined, AD users authenticate via Kerberos (with their AD password), are authorised via AD group membership, and have their SSH public keys retrieved from the sshP...

Scope Duo MFA is enforced in two places: SSH login (v2.3+) — via PAM keyboard-interactive after publickey auth sudo (v2.4+) — via PAM at the auth phase, with AD password as the post-Duo factor The role uses Duo Security's official duo-unix package, not Ub...

What This Page Covers This page walks through every directive in roles/ssh-baseline/templates/sshd_hardening.conf.j2 and explains how it lands on the target host. The deployed file is /etc/ssh/sshd_config.d/10-pbr-hardening.conf. The hardening is aligned wit...

Playbooks Overview The repository contains four playbooks under playbooks/: PlaybookPurposeChanges target? preflight.ymlVerify readiness; no changesNo ssh-baseline.ymlRun preflight then apply the baseline roleYes verify.ymlPost-deployment validationNo te...

Known Limitations & Accepted Risks LXC auditd compliance gap Affected hosts: pbr-graylog-kl1, pbr-thingsboard-kl1 Issue: auditd cannot run inside LXC containers. The kernel audit netlink interface is isolated from container namespaces. Forcing auditd to sta...