feat(infra): production host bootstrap and bare-metal Stalwart scaffolding
Host provisioning for the single-server production target: SSH + firewall hardening (nftables allowlist), k3s node registration, bare-metal Stalwart install with systemd units and TLS cert-sync from the cluster secret, and Restic encrypted backup/restore (primary + DR) with timer units. Host-specific secrets live in config.env (gitignored); config.env.example is the template. Also gitignores MemPalace per-project files.
This commit is contained in:
Ronni Baslund
@@ -3,6 +3,9 @@
|
||||
.env.local
|
||||
.env.*.local
|
||||
|
||||
# Production host config (real IPs / SSH key — keep out of git)
|
||||
infrastructure/production/host/config.env
|
||||
|
||||
# TLS certificates (mkcert generated)
|
||||
infrastructure/docker-compose/certs/*.pem
|
||||
|
||||
@@ -41,3 +44,7 @@ coverage/
|
||||
# Temporary
|
||||
tmp/
|
||||
.tmp/
|
||||
|
||||
# MemPalace per-project files (issue #185)
|
||||
mempalace.yaml
|
||||
entities.json
|
||||
|
||||
Reference in New Issue
Block a user