Addresses HOST-MATRIX §4 backup-independence: the Vultr box (Forgejo+Vaultwarden)
is a single point of failure for backups AND secrets. This pulls its dumps to
domedog (already paid, on-tailnet, 51G free) — zero new cost.
- PULL direction: a compromised Vultr can't reach into / destroy the backup history
- verifies integrity (forgejo dump zip + vault sqlite PRAGMA integrity_check)
- encrypts at rest with age (vault dump = secret material; private key stays off-host)
- dated snapshots + retention (versioned, not a single overwritten mirror)
- opt-in Colibri board status (transition a task done/failed = backup health signal)
- config (host + age recipient) lives in ~/.config (gitignored); no hosts/keys in repo
Vultr side stays responsible only for producing consistent dumps (forgejo dump +
sqlite .backup) and exposing them read-only. bash -n clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
