Append to HOST-MATRIX §4, grounded in a verified DNS check:
- Forgejo + Vaultwarden both run on Vultr (different provider than osa/OVH —
good), but share ONE box = single point of failure for backups AND secrets;
that box needs its own off-box backup + test-restore.
- broaden MFA to every master-key account (OVH, Vultr, registrar, Forgejo,
Vaultwarden) + domain auto-renew (lapsed domain kills pkg.clawdie.si/ACME/SSH).
- billing hygiene (auto-renew/commitment/price-EOL windows).
- continuity plan is contractually required (GTS §6.3); multi-host survivability
is the recovery plan since provider SLA = credits only.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sam & Claude
40f119233b