|
|
7daef079c2
|
feat(secrets): encrypt gitea Helm values with SOPS (age)
railiance-tests / smoke (push) Has been cancelled
Add .sops.yaml policy targeting *.sops.yaml files using the shared age
key from railiance-infra. Migrate helm/gitea-values.yaml to encrypted
helm/gitea-values.sops.yaml.
Pins all postgresql-ha passwords (postgresql, postgres, repmgr, pgpool,
pgpool-admin, sr-check) so helm upgrade never regenerates secrets and
breaks the running cluster. Fixes WP-0003 T01.
Usage: helm upgrade gitea gitea/gitea -n default -f <(sops -d helm/gitea-values.sops.yaml)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-03-10 13:37:22 +00:00 |
|
|
|
4381a079a2
|
feat: backup + preflight commands, decisions log, gitignore update
- tools/cmd/railiance-backup: pg_dump + config snapshot, age-encrypted,
uploaded to Nextcloud file drop via curl PUT. Daily cron target.
- tools/cmd/railiance-preflight: pre-migration safety gate — checks backup
freshness, all repos clean/pushed, age key present.
- bin/railiance: added backup and preflight subcommands.
- DECISIONS.md: decision log (D1 ingress Nginx+Traefik, D2 Nextcloud backup).
- .gitignore: exclude *backup-dropoff-link* files (contain upload tokens).
- CLAUDE.md: state hub session protocol update.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-02-25 23:59:28 +01:00 |
|
