backup-mx design: credentials to Vaultwarden, not Vault KV
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Viktor asked for the Rollernet account credentials to live in Vaultwarden (the personal password manager) rather than HashiCorp Vault. Item 'Rollernet (backup MX)' created; doc updated to match. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
c311a6a3c9
commit
c1ffed17a9
1 changed files with 5 additions and 3 deletions
|
|
@ -76,11 +76,13 @@ sender MTA ──► MX lookup ┤
|
|||
- Account email: **`rollernet@viktorbarzin.me`** (Viktor, 2026-07-04; resolves
|
||||
via catch-all → `spam@`). Known circularity: during an outage their
|
||||
notifications to this address are themselves queued (at their side) until
|
||||
recovery. Accepted — credentials and config live in Vault and the runbook
|
||||
recovery. Accepted — credentials live in Vaultwarden and the runbook
|
||||
documents ACC access; nothing operational depends on receiving their mail
|
||||
mid-outage.
|
||||
- Credentials → Vault `secret/viktor` (`rollernet_password`, plus API key if
|
||||
minted).
|
||||
- Credentials → **Vaultwarden** item `Rollernet (backup MX)` (Viktor,
|
||||
2026-07-04 — personal web login, so the password manager, not Vault KV;
|
||||
retrieve via `homelab vault get "Rollernet (backup MX)"`). Any API key
|
||||
minted later joins the same item as a custom field.
|
||||
- Domain `viktorbarzin.me` in **Secondary MX** mode; valid-user table default
|
||||
action = **allow any** (catch-all).
|
||||
- `abuse@` / `postmaster@` must be deliverable (their RFC requirement) — the
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue