amarth

incident-response

Configure Forgejo runners for running OpenTofu jobs

#45 opened 2025-09-01 14:19:26 +00:00 by chris

forgejo

runners

Deploy kube-state-metrics and configure per-namespace metrics

#50 opened 2025-09-01 14:22:20 +00:00 by chris

monitoring

prometheus

Create starter Terraform/OpenTofu templates for tenants

#49 opened 2025-09-01 14:21:50 +00:00 by chris

developer-experience

templates

Deploy k3s cluster on C1/C2/C3

#41 opened 2025-09-01 14:16:56 +00:00 by chris

infra

k3s

kubernetes

Implement billing worker prototype (hourly aggregates + credits)

#51 opened 2025-09-01 14:22:53 +00:00 by chris

backend

prototype

Deploy Rook operator + Ceph cluster across C1–C3

#42 opened 2025-09-01 14:17:30 +00:00 by chris

ceph

rook

Add billing UI to owner portal (assign credits, 100% discount)

#52 opened 2025-09-01 14:23:23 +00:00 by chris

portal

Prepare C1, C2, C3: disk layout, NixOS base config

#40 opened 2025-09-01 14:15:54 +00:00 by chris

nodes

Deploy Cilium for policy + MetalLB for LB

#43 opened 2025-09-01 14:18:13 +00:00 by chris

k8s

networking

Integrate payment gateway (manual invoicing for MVP)

#59 opened 2025-09-01 14:27:31 +00:00 by chris

F - Polish & Onboarding

payments

Implement scheduled backups and DR test

#54 opened 2025-09-01 14:24:49 +00:00 by chris

backup

disaster-recovery

Implement sops/agenix for secrets in repo; plan Vault for future

#56 opened 2025-09-01 14:25:53 +00:00 by chris

infra

secrets

Write onboarding docs and user-friendly templates

#58 opened 2025-09-01 14:27:03 +00:00 by chris

F - Polish & Onboarding

onboarding

Configure MinIO backend and Consul locking for OpenTofu runs

#47 opened 2025-09-01 14:20:36 +00:00 by chris

opentofu

terraform

Create tenant namespace template and enforcement

#44 opened 2025-09-01 14:18:54 +00:00 by chris

k8s

multi-tenancy

Deploy Falco for runtime detection and Kyverno for admission policies

#55 opened 2025-09-01 14:25:23 +00:00 by chris

policies

runtime

Automate tenant-scoped service accounts & kubeconfigs

#46 opened 2025-09-01 14:20:02 +00:00 by chris

automation

k8s

Document multi-region expansion playbook

#57 opened 2025-09-01 14:26:34 +00:00 by chris

architecture

design

Implement plan → approval → apply workflow for IaC runs

#48 opened 2025-09-01 14:21:11 +00:00 by chris

workflow

Create Prometheus alerts for tenant burn-rate & quota exceed

#53 opened 2025-09-01 14:24:15 +00:00 by chris

alerts

monitoring

ToDo

Harden M1 OS: SSH key-only, firewall, audit

#33 opened 2025-09-01 14:10:01 +00:00 by chris

hardening

nix

Deploy Caddy on M1 + automate Let's Encrypt for public services

#34 opened 2025-09-01 14:10:49 +00:00 by chris

networking

tls

Install Forgejo on M1 + create repos (infra, portal, billing)

#35 opened 2025-09-01 14:11:12 +00:00 by chris

git

Deploy MinIO on M1 and secure for Terraform state

#36 opened 2025-09-01 14:12:13 +00:00 by chris

terraform

Deploy Consul: 3-node cluster (M1 + C1 + C2) for locking

#37 opened 2025-09-01 14:12:50 +00:00 by chris

consul

Deploy Postgres on M1 and schedule backups

#38 opened 2025-09-01 14:14:33 +00:00 by chris

backup

database

Deploy Prometheus + Grafana + Loki on M1 (central)

#39 opened 2025-09-01 14:15:16 +00:00 by chris

grafana

monitoring

prometheus

In Progress

Prep & inventory (machine specs, network, domains, SSH keys)

#31 opened 2025-09-01 14:08:55 +00:00 by chris

setup

Create Nix Flakes repo & deploy-rs skeleton

#32 opened 2025-09-01 14:09:29 +00:00 by chris