Commit graph

3 commits

Author SHA1 Message Date
db47037bdc feat(offsite-backup): olsitec-foundation bucket + scoped creds on home MinIO
CONTRACT_004 offsite target (ADR-004 'second self-hosted location'). @pulumi/minio
program (modeled on olsicloud4 modules/minio): bucket 'olsitec-foundation' +
scoped IAM user/policy + service account on minio.wob.olsitec.de:19000.

Verified: scoped SA can put/list/delete in its bucket, DENIED cross-bucket. Admin
creds + scoped creds via ENV/state only (gitignored), never committed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 20:34:55 +02:00
80a99c6f7e feat(provision): Phase-0 throwaway test VM via vendored @olsitec/pulumi-hetzner
- Vendor hetzner module (Stage-1, trimmed to @pulumi/hcloud+js-yaml; dropped unused
  types.ts + bcrypt/axios/tls/vault deps). GOTCHA documented: cloud-init moves SSH
  to port 222.
- provision/: isolated stack (platformName foundation-test, no collision with
  olsicloud4-*) — one cx23 in nbg1-dc3 + firewall (222/80/443/2222) + Docker cloud-init.
  Dedicated throwaway ed25519 key (operator id_rsa already registered → uniqueness_error).
- Provisioned + verified: foundation-test @ 91.98.117.152, Docker 29.6.1, docker-over-SSH OK.

Token via ENV (pass), never committed; provision/state gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 18:57:54 +02:00
f18676e6b3 chore: scaffold olsitec-foundation mono-repo
Repo topology, baseline overlay, planning docs (PLAN-001/002), ADR-004/005,
and the bootstrap/packages/documentation skeleton. Implementation (T00+) not started.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 17:10:46 +02:00