Data-only restic backups, rebuild-from-code recovery (Model A); central off-cluster pull node (fisi) with 8TB mirror; 3-2-1 via pCloud (rclone) + rotated USB air-gap. Per-service backup__* contract + BACKUP.md as a hard convention. Two-tier restore testing (ubongo container restore-verify + semi-annual staging DR rehearsal). One restic password escrowed to Vaultwarden + paper (restic + vault passwords) for a non-circular break-glass. Dead-man's-switch alerting via Uptime Kuma. Resolves TODO 3.8; grounds ADR-011's backup-first assumption. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| access | ||
| decisions | ||
| hardware | ||
| reviews | ||
| runbooks | ||
| security | ||
| superpowers | ||
| testing | ||
| CAPABILITIES.md | ||
| FRICTION.md | ||
| README.md | ||
| TODO.md | ||
docs/
Project documentation.
decisions/— Architecture Decision Records (ADRs): the "why" behind the design. Numbered from 001; each records context, the decision, and what was ruled out.runbooks/— step-by-step operational procedures (add a host, add a role, rotate secrets).
For what is actually built vs only designed, see STATUS.md at the repo root —
the ADRs describe intent, not necessarily current reality.