viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/owntracks
History
Viktor Barzin 77d111f5fc owntracks: explicit auth = "none" — Phase 5 audit completion 
The Phase 4 audit pass missed this site because the previous agent scoped
out owntracks (it overrides the factory's middleware list via
extra_annotations to use its own basic-auth middleware). Adding the explicit
auth = "none" satisfies Phase 5's "every ingress has an explicit decision"
goal and makes the intent visible — mobile OwnTracks clients post location
data via HTTP basic-auth and can't follow Authentik forward-auth 302s.

Closes the loop on Phase 5: 122/122 active ingress_factory call sites now
carry an explicit auth = "..." decision (zero callers rely on the default).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-10 18:55:04 +00:00
..
.terraform.lock.hcl [owntracks] Fix Service port scheme (https→http), unbreak phone POSTs 2026-04-18 23:24:25 +00:00
backend.tf [infra] Migrate Terraform state from local SOPS to PostgreSQL backend 2026-04-16 19:33:12 +00:00
dawarich-hook.lua [owntracks] Strip face avatar from hook payload + drop orphan PVC 2026-04-19 12:05:18 +00:00
main.tf owntracks: explicit auth = "none" — Phase 5 audit completion 2026-05-10 18:55:04 +00:00
providers.tf [owntracks] Fix Service port scheme (https→http), unbreak phone POSTs 2026-04-18 23:24:25 +00:00
secrets [ci skip] Move Terraform modules into stack directories 2026-02-22 14:38:14 +00:00
terragrunt.hcl migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00