Ronni Baslund
3831c85285
Host provisioning for the single-server production target: SSH + firewall hardening (nftables allowlist), k3s node registration, bare-metal Stalwart install with systemd units and TLS cert-sync from the cluster secret, and Restic encrypted backup/restore (primary + DR) with timer units. Host-specific secrets live in config.env (gitignored); config.env.example is the template. Also gitignores MemPalace per-project files.
51 lines
701 B
Plaintext
51 lines
701 B
Plaintext
# Environment files
|
|
.env
|
|
.env.local
|
|
.env.*.local
|
|
|
|
# Production host config (real IPs / SSH key — keep out of git)
|
|
infrastructure/production/host/config.env
|
|
|
|
# TLS certificates (mkcert generated)
|
|
infrastructure/docker-compose/certs/*.pem
|
|
|
|
# Node
|
|
node_modules/
|
|
.pnpm-store/
|
|
dist/
|
|
.nuxt/
|
|
.output/
|
|
.nitro/
|
|
.cache/
|
|
|
|
# Build artifacts
|
|
*.tsbuildinfo
|
|
|
|
# Logs
|
|
*.log
|
|
logs/
|
|
|
|
# IDE
|
|
.vscode/
|
|
.idea/
|
|
*.swp
|
|
*.swo
|
|
.DS_Store
|
|
|
|
# Docker volumes data (when bind-mounted) at the infra layer
|
|
data/
|
|
# But keep app-level data/ dirs — operator carries mock fixtures there.
|
|
!apps/*/data/
|
|
!apps/*/data/**
|
|
|
|
# Coverage
|
|
coverage/
|
|
|
|
# Temporary
|
|
tmp/
|
|
.tmp/
|
|
|
|
# MemPalace per-project files (issue #185)
|
|
mempalace.yaml
|
|
entities.json
|