olsitec-foundation platform repo
Rehearsed and validated. The destructive sibling of backup/restore.sh:
rebuilds the ENTIRE egg on a fresh, Docker-equipped VM from the offsite,
age-encrypted bundle, in the mandated order (CONTRACT_004 §4.4):
Vault -> Postgres -> RustFS -> Forgejo.
- restore-to-fresh-vm.sh (operator): pulls the disaster-survivable secret set
from passphrase-encrypted config (age identity + Vault OLD unseal keys/root
token), ships VERSIONS + the VM-side restorer, runs it (secrets on stdin).
- restore-to-fresh-vm-remote.sh (VM-side): decrypt+verify bundle; restore Vault
(init throwaway -> raft snapshot restore -force -> re-unseal with OLD keys,
with a settle+retry loop because -force re-seals asynchronously); read every
other service's creds back out of the restored Vault; restore Postgres, RustFS
(buckets + scoped service account + blobs), and Forgejo (full /data incl.
app.ini); publish git :22 only when free.
- RUNBOOK.md: the human procedure, the {repo+passphrase+offsite} trust chain,
and §5 re-establish-ingress (DNS, Caddy, runner, re-key).
Rehearsal (throwaway cx33, offsite source, then destroyed): DR RESTORE OK —
Vault unsealed with OLD keys, postgres rows=2, forge healthy against restored
DB+S3, `git clone ssh://git@<vm>:2222/olsitec/foundation.git` returns all 28
commits, ai-baseline present. Trust chain proven end-to-end.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .forgejo/workflows | ||
| backup | ||
| bootstrap | ||
| containers/caddy-cloudflare | ||
| documentation | ||
| dr | ||
| offsite-backup | ||
| packages | ||
| preflight | ||
| provision | ||
| .gitignore | ||
| bun.lock | ||
| package.json | ||
| README.md | ||
| VERSIONS | ||
olsitec-foundation
The self-hosting platform "egg": a single Pulumi project that brings up Forgejo (+ Actions +
OCI/npm registry), PostgreSQL, HashiCorp Vault, RustFS (S3), and a reverse proxy as plain OCI
containers on one VM — recoverable from {a VM, this repo, the master passphrase}.
This is Layer 0. Kubernetes, ArgoCD and everything else are Layer-1 consumers of this foundation (see ADR-004).
Layout
bootstrap/— the egg Pulumi project (phases, components, config).packages/— shared, publishable Pulumi modules (@olsitec/pulumi-*).preflight/— host & toolchain validation (run before any deploy).backup/,dr/— backup + disaster-recovery automation..forgejo/workflows/— CI (preflight, pulumi preview/up, backup-verify).documentation/— planning, ADRs, contracts, baseline overlay. Readdocumentation/000_baseline.mdanddocumentation/000_TOPOLOGY.mdfirst.
Status
Planning complete (PLAN-001 vision, PLAN-002 strategy, ADR-004/005 accepted). Implementation not yet started — next step is T00 (contracts) per PLAN-002 §10.
Recovery in one line
git clone this repo → set PULUMI_CONFIG_PASSPHRASE → ./preflight/preflight.sh →
pulumi up → restore latest offsite backup. Full procedure: dr/RUNBOOK.md (TBD, task T13).