2025-09-02 - 2025-09-09
Overview
30 unresolved conversations
Open
#32
Create Nix Flakes repo & deploy-rs skeleton
Open
#31
Prep & inventory (machine specs, network, domains, SSH keys)
Open
#34
Deploy Caddy on M1 + automate Let's Encrypt for public services
Open
#35
Install Forgejo on M1 + create repos (infra, portal, billing)
Open
#41
Deploy k3s cluster on C1/C2/C3
Open
#39
Deploy Prometheus + Grafana + Loki on M1 (central)
Open
#50
Deploy kube-state-metrics and configure per-namespace metrics
Open
#37
Deploy Consul: 3-node cluster (M1 + C1 + C2) for locking
Open
#49
Create starter Terraform/OpenTofu templates for tenants
Open
#36
Deploy MinIO on M1 and secure for Terraform state
Open
#42
Deploy Rook operator + Ceph cluster across C1–C3
Open
#40
Prepare C1, C2, C3: disk layout, NixOS base config
Open
#43
Deploy Cilium for policy + MetalLB for LB
Open
#59
Integrate payment gateway (manual invoicing for MVP)
Open
#54
Implement scheduled backups and DR test
Open
#56
Implement sops/agenix for secrets in repo; plan Vault for future
Open
#58
Write onboarding docs and user-friendly templates
Open
#51
Implement billing worker prototype (hourly aggregates + credits)
Open
#38
Deploy Postgres on M1 and schedule backups
Open
#52
Add billing UI to owner portal (assign credits, 100% discount)
Open
#47
Configure MinIO backend and Consul locking for OpenTofu runs
Open
#44
Create tenant namespace template and enforcement
Open
#46
Automate tenant-scoped service accounts & kubeconfigs
Open
#57
Document multi-region expansion playbook
Open
#48
Implement plan → approval → apply workflow for IaC runs
Open
#53
Create Prometheus alerts for tenant burn-rate & quota exceed
Open
#55
Deploy Falco for runtime detection and Kyverno for admission policies
Open
#45
Configure Forgejo runners for running OpenTofu jobs
Open
#33
Harden M1 OS: SSH key-only, firewall, audit
Open
#60
Create incident response runbook and escalation path