Phase 8 — Coordinated OS Patching

Date: 2026-06-23

Context

The homelab monorepo was originally motivated by aligning Linux patching to a single command-and-control host. Phases 0–7R built inventory, ansible-pull, monitoring, backups, and network — but never implemented coordinated OS updates.

What shipped in repo

• Phase 8 added to PLAN.md (former Phase 8–10 renumbered to 9–11)
• roles/patching/ + roles/patch-controller/ + playbooks/patch.yml
• Inventory groups: patch_controller, patching_targets, patching_wave0|1|2
• Weekly homelab-patch-orchestrate.timer on infra-services (design)
• Pass-1 observability: orchestrator metrics, Discord summary, ntfy critical, Prometheus/Alertmanager alerts, Grafana dashboard, ansible_pull.prom fix
• Docs: architecture/patching.md, runbooks/coordinated-os-patching.md

Owner follow-up (live deploy)

1. Commit + push; wait for ansible-pull on infra-services (or trigger manually)
2. Verify timer: systemctl list-timers homelab-patch-orchestrate.timer
3. Dry-run patch playbook (--check), then one live manual run
4. Confirm patch.prom on saltierpoop, prox, infra-services

Wave order

saltierpoop → prox → infra-services (C&C last).