infra

History

Viktor Barzin 77143dfd6b state: per-stack Transit keys for namespace-owner access control - Each stack gets its own Vault Transit key (transit/keys/sops-state-<stack>) - state-sync passes per-stack Transit URI + age keys on encrypt - Vault policies scope namespace-owners to their stacks only: - sops-admin: wildcard access to all transit keys - sops-user-<name>: access only to owned stack keys - Anca (plotting-book) can only decrypt plotting-book state - Admin can decrypt everything (via admin Transit policy or age fallback) - External group sops-plotting-book maps Authentik group to Vault policy - Updated CLAUDE.md with state sync documentation		2026-03-17 23:08:18 +00:00
..
actualbudget	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
affine	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
audiobookshelf	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
authentik	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
blog	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
calibre	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
changedetection	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
city-guesser	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
claude-memory	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
cnpg	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
coturn	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
crowdsec	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
cyberchef	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
dashy	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
dawarich	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
descheduler	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
diun	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
ebook2audiobook	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
echo	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
excalidraw	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
external-secrets	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
f1-stream	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
forgejo	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
freedify	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
freshrss	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
frigate	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
grampsweb	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
hackmd	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
headscale	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
health	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
homepage	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
immich	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
infra	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
infra-maintenance	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
iscsi-csi	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
isponsorblocktv	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
jsoncrack	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
k8s-portal	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
kms	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
linkwarden	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
mailserver	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
matrix	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
meshcentral	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
metallb	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
metrics-server	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
n8n	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
navidrome	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
netbox	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
networking-toolbox	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
nextcloud	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
nfs-csi	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
novelapp	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
ntfy	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
nvidia	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
ollama	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
onlyoffice	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
openclaw	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
osm_routing	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
owntracks	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
paperless-ngx	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
platform	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
plotting-book	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
poison-fountain	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
privatebin	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
rbac	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
real-estate-crawler	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
redis	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
reloader	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
resume	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
rybbit	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
sealed-secrets	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
send	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
servarr	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
shadowsocks	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
speedtest	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
stirling-pdf	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
tandoor	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
terminal	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
tor-proxy	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
trading-bot	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
travel_blog	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
tuya-bridge	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
uptime-kuma	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
url	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
vault	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
vaultwarden	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
vpa	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
wealthfolio	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
webhook_handler	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
whisper	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
wireguard	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
woodpecker	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
xray	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00
ytdlp	state: per-stack Transit keys for namespace-owner access control	2026-03-17 23:08:18 +00:00