tripit: deploy stack + DB provisioning + ongoing mail-ingest [ci skip]
- stacks/tripit: namespace, ESO (vault-kv + vault-database), Deployment
(alembic init + app), Service, NFS document PVC, ingress (Authentik
forward-auth) + /api/calendar carve-out (auth=none, HMAC-token gated),
and 3 worker CronJobs. ingest-mail is live: real IMAP (me@, read-only
BODY.PEEK, recent-30) + local LLM (qwen3vl-4b on llama-swap), idempotent
(skips seen message_ids), owner me@viktorbarzin.me.
- stacks/dbaas: create CNPG role+db `tripit`.
- stacks/vault: pg-tripit static role (7d rotation) + allowed_roles entry.
Deployed at tripit.viktorbarzin.me. [ci skip]: stacks were applied
out-of-band via scripts/tg this session; a CI re-apply would also apply
unrelated pre-existing dbaas/vault drift (MySQL StatefulSet, vault OIDC).
Refs: code-bb9g, code-muqi
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
01351e4ce2