feat(offsite-backup): olsitec-foundation bucket + scoped creds on home MinIO

CONTRACT_004 offsite target (ADR-004 'second self-hosted location'). @pulumi/minio
program (modeled on olsicloud4 modules/minio): bucket 'olsitec-foundation' +
scoped IAM user/policy + service account on minio.wob.olsitec.de:19000.

Verified: scoped SA can put/list/delete in its bucket, DENIED cross-bucket. Admin
creds + scoped creds via ENV/state only (gitignored), never committed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andreas Niemann 2026-06-30 20:34:55 +02:00
parent 42f0aec52a
commit db47037bdc
8 changed files with 124 additions and 1 deletions

View file

@ -0,0 +1,6 @@
name: foundation-offsite-backup
description: Offsite backup target — olsitec-foundation bucket + scoped creds on the home Synology MinIO (CONTRACT_004 offsite).
runtime:
name: nodejs
options:
packagemanager: bun