2025-08-10 - 2025-09-10
Overview
30 issues created by 1 user
Opened
#31 Prep & inventory (machine specs, network, domains, SSH keys)
Opened
#32 Create Nix Flakes repo & deploy-rs skeleton
Opened
#33 Harden M1 OS: SSH key-only, firewall, audit
Opened
#34 Deploy Caddy on M1 + automate Let's Encrypt for public services
Opened
#35 Install Forgejo on M1 + create repos (infra, portal, billing)
Opened
#36 Deploy MinIO on M1 and secure for Terraform state
Opened
#37 Deploy Consul: 3-node cluster (M1 + C1 + C2) for locking
Opened
#38 Deploy Postgres on M1 and schedule backups
Opened
#39 Deploy Prometheus + Grafana + Loki on M1 (central)
Opened
#40 Prepare C1, C2, C3: disk layout, NixOS base config
Opened
#41 Deploy k3s cluster on C1/C2/C3
Opened
#42 Deploy Rook operator + Ceph cluster across C1–C3
Opened
#43 Deploy Cilium for policy + MetalLB for LB
Opened
#44 Create tenant namespace template and enforcement
Opened
#45 Configure Forgejo runners for running OpenTofu jobs
Opened
#46 Automate tenant-scoped service accounts & kubeconfigs
Opened
#47 Configure MinIO backend and Consul locking for OpenTofu runs
Opened
#48 Implement plan → approval → apply workflow for IaC runs
Opened
#49 Create starter Terraform/OpenTofu templates for tenants
Opened
#50 Deploy kube-state-metrics and configure per-namespace metrics
Opened
#51 Implement billing worker prototype (hourly aggregates + credits)
Opened
#52 Add billing UI to owner portal (assign credits, 100% discount)
Opened
#53 Create Prometheus alerts for tenant burn-rate & quota exceed
Opened
#54 Implement scheduled backups and DR test
Opened
#55 Deploy Falco for runtime detection and Kyverno for admission policies
Opened
#56 Implement sops/agenix for secrets in repo; plan Vault for future
Opened
#57 Document multi-region expansion playbook
Opened
#58 Write onboarding docs and user-friendly templates
Opened
#59 Integrate payment gateway (manual invoicing for MVP)
Opened
#60 Create incident response runbook and escalation path