chore: add OpenSpec artifacts for fix-trojan-domain-undefined

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

openspec/changes/archive/2026-04-22-fix-trojan-domain-undefined/.openspec.yaml

@@ -0,0 +1,2 @@
+schema: spec-driven
+created: 2026-04-22

openspec/changes/archive/2026-04-22-fix-trojan-domain-undefined/design.md

@@ -0,0 +1,29 @@
+## Context
+
+The playbook has three host groups: `relay`, `landing`, and a `localhost` play for generating client configs. Trojan variables (`trojan_domain`, `trojan_port`, `trojan_password`, `trojan_fallback_port`) live in `group_vars/landing.yml`, scoped only to the `landing` group. The Surge template on `localhost` references these variables, but `localhost` is not in the `landing` group, so the variables are undefined.
+
+## Goals / Non-Goals
+
+**Goals:**
+- Make trojan variables available to the `localhost` play without duplicating values
+- Keep server-side variables (TLS cert paths, allowed ports) scoped to `landing` only
+
+**Non-Goals:**
+- Restructuring the entire inventory or variable hierarchy
+- Changing the Surge template itself
+
+## Decisions
+
+**Move trojan variables to `group_vars/all.yml`**
+
+These variables are consumed by two consumers: the `landing` server role and the `localhost` template render. `group_vars/all.yml` is the simplest way to share them. The alternative approaches considered:
+
+1. **Add `vars:` inline to the localhost play** — would duplicate values already in `landing.yml`
+2. **Use `hostvars[groups['landing'][0]]` in the template** — works but makes the template harder to read and debug
+3. **Add `localhost` to the `landing` group** — semantically wrong, localhost isn't a landing server
+
+Moving to `all.yml` is the cleanest: single source of truth, no duplication, template stays readable.
+
+## Risks / Trade-offs
+
+- [Variable scope broadening] → Only the four trojan connection variables move; TLS paths and firewall rules stay in `landing.yml` to avoid polluting unrelated plays

openspec/changes/archive/2026-04-22-fix-trojan-domain-undefined/proposal.md

@@ -0,0 +1,22 @@
+## Why
+
+The `localhost` play that generates `surge-client.conf` references `trojan_domain`, `trojan_port`, and `trojan_password`, but these variables are defined in `group_vars/landing.yml` which only applies to hosts in the `landing` group. Since `localhost` is not in any host group, these variables are undefined, causing the playbook to fail at the template rendering step.
+
+## What Changes
+
+- Move trojan-related variables (`trojan_domain`, `trojan_password`, `trojan_port`, `trojan_fallback_port`) from `group_vars/landing.yml` to `group_vars/all.yml` so they are available when rendering the Surge template on `localhost`
+- Keep `tls_cert_path` and `tls_key_path` in `group_vars/landing.yml` since they are only needed on the landing server itself
+
+## Capabilities
+
+### New Capabilities
+<!-- none -->
+
+### Modified Capabilities
+<!-- none -->
+
+## Impact
+
+- `group_vars/landing.yml`: loses trojan variable definitions (moved to `all.yml`)
+- `group_vars/all.yml`: gains trojan variable definitions
+- No change to `templates/surge-client.conf.j2` or `site.yml` — the fix is purely in variable scope

openspec/changes/archive/2026-04-22-fix-trojan-domain-undefined/specs/trojan-landing/spec.md

@@ -0,0 +1,8 @@
+## MODIFIED Requirements
+
+### Requirement: Trojan variables are available on localhost for config generation
+The variables `trojan_domain`, `trojan_port`, `trojan_password`, and `trojan_fallback_port` SHALL be defined in `group_vars/all.yml` so they are accessible during the localhost Surge config generation play, in addition to the landing server deployment role.
+
+#### Scenario: Variables available on localhost
+- **WHEN** the localhost play renders `surge-client.conf`
+- **THEN** `trojan_domain`, `trojan_port`, `trojan_password` resolve without undefined errors

openspec/changes/archive/2026-04-22-fix-trojan-domain-undefined/tasks.md

@@ -0,0 +1,7 @@
+## 1. Move trojan variables to all.yml
+
+- [x] 1.1 Move `trojan_domain`, `trojan_port`, `trojan_password`, `trojan_fallback_port` from `group_vars/landing.yml` to `group_vars/all.yml`
+
+## 2. Verify
+
+- [x] 2.1 Run `ansible-lint site.yml` or a dry-run `ansible-playbook site.yml --check` to confirm no undefined variable errors

openspec/specs/trojan-landing/spec.md

@@ -1,5 +1,12 @@
 ## ADDED Requirements
 
+### Requirement: Trojan variables are available on localhost for config generation
+The variables `trojan_domain`, `trojan_port`, `trojan_password`, and `trojan_fallback_port` SHALL be defined in `group_vars/all.yml` so they are accessible during the localhost Surge config generation play, in addition to the landing server deployment role.
+
+#### Scenario: Variables available on localhost
+- **WHEN** the localhost play renders `surge-client.conf`
+- **THEN** `trojan_domain`, `trojan_port`, `trojan_password` resolve without undefined errors
+
 ### Requirement: Trojan is installed on the landing server
 The trojan role SHALL download and install the Trojan binary (trojan-go or trojan-gfw) from release artifacts to a configurable path.