codex/arch/skybastion_field_manual.md

# 🛡️ FIELD MANUAL: Bastion Network Deployment

**Codename:** SkyBastion  
**Theater:** Home Territory [Private Grid Alpha]  

---

## 🎖️ Mission Objective

Establish a hardened, structured digital perimeter for domestic operations using the Bastion-class designation system.  
All devices function as unified defense and communication units under the `sarmata5.com` network banner.

---

## 🧱 Bastion-Class Units (Infrastructure)

| Codename           | Role               | Description                                 |
|--------------------|--------------------|---------------------------------------------|
| `bastion-shield`   | Firewall / Gateway | Frontline perimeter. Filters ingress/egress. |
| `bastion-crux8`    | Switch (8-port)    | Network spinal node. Routes internal ops.   |
| `bastion-air1`     | Wi-Fi AP (zone A)  | Sky channel point alpha                     |
| `bastion-air2`     | Wi-Fi AP (zone B)  | Sky channel point beta                      |

---

## 🌐 Wireless Grid

| SSID           | Assignment             | Encryption | Band     |
|----------------|------------------------|------------|----------|
| `SkyBastion`   | Primary Ops Network    | WPA3       | 2.4GHz / 5GHz |

> **Note:** SSID is visible; treat as soft-layer ID.  
> Backbone routing remains encrypted and controlled at `bastion-shield`.

---

## 🧭 Operational Naming Conventions

- All core infrastructure is designated under `bastion-*`
- Devices scale by role, zone, or port-count (e.g., `bastion-crux24`, `bastion-air3`)
- Core personal devices use the `core-*` prefix
- Digital agents use `unit-*` in email and identity management

---

## 📡 Deployment Strategy

1. **Perimeter Lockdown** — Configure `bastion-shield` with aggressive ingress filtering
2. **Spinal Channeling** — Route all internal LAN traffic through `bastion-crux8`
3. **SkyNet Deployment** — Ensure `bastion-air1/2` provide full coverage and handoff
4. **SSID Broadcast** — `SkyBastion` for all primary connections; guests handled separately

---

## 🛠️ Maintenance Protocols

- Weekly health checks via `pingmap` and Unifi dashboard
- DNS reservations aligned with hostnames
- ARP table logs stored encrypted under `core-station`

---

## 🧾 Command Notes

> This infrastructure is part of the digital sovereignty doctrine.  
> Keep naming structured, symbolic, and scalable.  
> Bastions never fall. Not under your watch.

**— End of Manual —**
commited 2025-07-18 12:27:52 +02:00			`# 🛡️ FIELD MANUAL: Bastion Network Deployment`

			`Codename: SkyBastion`
			`Theater: Home Territory [Private Grid Alpha]`

			`---`

			`## 🎖️ Mission Objective`

			`Establish a hardened, structured digital perimeter for domestic operations using the Bastion-class designation system.`
			All devices function as unified defense and communication units under the `sarmata5.com` network banner.

			`---`

			`## 🧱 Bastion-Class Units (Infrastructure)`

			`\| Codename \| Role \| Description \|`
			`\|--------------------\|--------------------\|---------------------------------------------\|`
			\| `bastion-shield` \| Firewall / Gateway \| Frontline perimeter. Filters ingress/egress. \|
			\| `bastion-crux8` \| Switch (8-port) \| Network spinal node. Routes internal ops. \|
			\| `bastion-air1` \| Wi-Fi AP (zone A) \| Sky channel point alpha \|
			\| `bastion-air2` \| Wi-Fi AP (zone B) \| Sky channel point beta \|

			`---`

			`## 🌐 Wireless Grid`

			`\| SSID \| Assignment \| Encryption \| Band \|`
			`\|----------------\|------------------------\|------------\|----------\|`
			\| `SkyBastion` \| Primary Ops Network \| WPA3 \| 2.4GHz / 5GHz \|

			`> Note: SSID is visible; treat as soft-layer ID.`
			> Backbone routing remains encrypted and controlled at `bastion-shield`.

			`---`

			`## 🧭 Operational Naming Conventions`

			- All core infrastructure is designated under `bastion-*`
			- Devices scale by role, zone, or port-count (e.g., `bastion-crux24`, `bastion-air3`)
			- Core personal devices use the `core-*` prefix
			- Digital agents use `unit-*` in email and identity management

			`---`

			`## 📡 Deployment Strategy`

			1. Perimeter Lockdown — Configure `bastion-shield` with aggressive ingress filtering
			2. Spinal Channeling — Route all internal LAN traffic through `bastion-crux8`
			3. SkyNet Deployment — Ensure `bastion-air1/2` provide full coverage and handoff
			4. SSID Broadcast — `SkyBastion` for all primary connections; guests handled separately

			`---`

			`## 🛠️ Maintenance Protocols`

			- Weekly health checks via `pingmap` and Unifi dashboard
			`- DNS reservations aligned with hostnames`
			- ARP table logs stored encrypted under `core-station`

			`---`

			`## 🧾 Command Notes`

			`> This infrastructure is part of the digital sovereignty doctrine.`
			`> Keep naming structured, symbolic, and scalable.`
			`> Bastions never fall. Not under your watch.`

			`— End of Manual —`