|
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Rollernet's free tier failed the validation gates before any DNS change (200 msgs / 10 MB per rolling week, then 48h of SMTP 5xx bounces — worse than no backup MX; free accounts being discontinued). Viktor chose to stay free, so the backup MX becomes a Postfix store-and-forward relay on an Oracle Always-Free VM (mx2.viktorbarzin.me, MX pref 20), draining via port 2526 through the existing pfSense HAProxy frontend since Oracle blocks egress 25. Two independent adversarial reviews then fixed the design: primary-side drain enablement moved to the layers that actually reject (unknown- client-hostname, spoof protection, anvil limits, rspamd reject tier -> external_relay + action cap, never backscatter), monitoring moved off the nonexistent cluster->tailnet path to allowlisted public-IP scrapes, bounce lifetime cut to 1d (the VM can never deliver DSNs), OCI OS-level iptables + reserved-IP + mandatory PAYG requirements added, and 4xx-only postscreen hygiene replaces the blanket no-filtering stance. ADR-0019 and the design doc renamed accordingly (rollernet -> oracle). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| 0001-android-emulator-in-cluster.md | ||
| 0002-all-image-builds-off-infra-gha-ghcr.md | ||
| 0003-keep-forgejo-canonical-complete-mirror.md | ||
| 0004-homelab-unified-cli.md | ||
| 0005-homelab-v01-scope.md | ||
| 0006-homelab-work-and-tf.md | ||
| 0007-homelab-k8s-verbs.md | ||
| 0008-homelab-memory-verbs.md | ||
| 0009-homelab-ci-deploy-verbs.md | ||
| 0010-homelab-net-obs-verbs.md | ||
| 0011-homelab-usage-telemetry.md | ||
| 0012-homelab-ha-verbs.md | ||
| 0013-homelab-browser-verbs.md | ||
| 0014-service-identity-and-east-west-observability.md | ||
| 0015-os-is-the-authorization-boundary.md | ||
| 0016-gpu-vram-extended-resource-budget.md | ||
| 0017-cctv-physical-cabling.svg | ||
| 0017-cctv-segment-dedicated-pfsense-leg.md | ||
| 0017-cctv-segment-topology.svg | ||
| 0017-cctv-vlan-tagging.excalidraw | ||
| 0017-cctv-vlan-tagging.svg | ||
| 0018-valia-sites-off-infra-pages-in-cluster-sync.md | ||
| 0019-backup-mx-self-hosted-oracle-relay.md | ||