Sam & Claude
6bf2951fec
Addresses HOST-MATRIX §4 backup-independence: the Vultr box (Forgejo+Vaultwarden) is a single point of failure for backups AND secrets. This pulls its dumps to domedog (already paid, on-tailnet, 51G free) — zero new cost. - PULL direction: a compromised Vultr can't reach into / destroy the backup history - verifies integrity (forgejo dump zip + vault sqlite PRAGMA integrity_check) - encrypts at rest with age (vault dump = secret material; private key stays off-host) - dated snapshots + retention (versioned, not a single overwritten mirror) - opt-in Colibri board status (transition a task done/failed = backup health signal) - config (host + age recipient) lives in ~/.config (gitignored); no hosts/keys in repo Vultr side stays responsible only for producing consistent dumps (forgejo dump + sqlite .backup) and exposing them read-only. bash -n clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| check-format.sh | ||
| ci-checks.sh | ||
| clawdie-backup-pull.sh | ||
| clawdie-backup.env.example | ||
| colibri_poll.py | ||
| colibri_task_done.py | ||
| fake-pi-agent.py | ||
| glasspane-stress-test.sh | ||
| headroom-sidecar.py | ||
| import-layered-soul.sh | ||