Added self-hosted password manager to The Falcon infrastructure:
**Vault Stack** (vault.pivoine.art):
- Vaultwarden (Bitwarden-compatible server)
- SQLite database for password storage
- WebSocket support for real-time sync
- TOTP and WebAuthn/U2F 2FA support
- Browser extensions and mobile apps compatible
**Configuration:**
- Domain: https://vault.pivoine.art
- Signups: Disabled (invite-only for security)
- Invitations: Enabled
- Password hints: Disabled (security best practice)
- First user becomes admin
**Backup Integration:**
- Added vaultwarden-backup plan to Restic
- Schedule: 8 AM daily (same as letsencrypt)
- Retention: 7 daily, 4 weekly, 12 monthly, 3 yearly
- Backup volume: vault_data mounted read-only
**Infrastructure Updates:**
- Created vault/compose.yaml following stack pattern
- Added VAULT_* environment variables to arty.yml
- Updated compose.yaml to include vault stack
- Added backup_vaultwarden_data volume to restic
- Updated restic/config.json with 12th backup plan
**Documentation:**
- Added Vault to CORE SYSTEMS in README
- Added to ship architecture diagram
- Documented in CLAUDE.md with configuration details
- Updated volume management sections
- Backup count increased from 11 to 12 plans
Critical data backed up with long retention (3 years yearly).
Compatible with official Bitwarden clients on all platforms.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updated documentation to reflect complete backup setup:
**CLAUDE.md Updates:**
- Added detailed repository configuration (hidrive-backup)
- Documented all 11 backup plans with schedules and retention
- Explained volume mounting strategy with prefixed names
- Added configuration management instructions
- Included maintenance schedule (weekly prune/check)
**README.md Updates:**
- Added "Backup Operations" section with CLI commands
- Documented automated backup schedule (2-8 AM daily)
- Added backup protocol to security section
- Updated mission status with backup system indicator
- Included next backup time and repository status
**compose.yaml Updates:**
- Restored backrest_config volume (needed for proper operation)
- Removed direct config.json mount (causes write conflicts)
- Config copied into volume after container start
All 11 backup plans now documented:
- postgres, redis, directus (uploads/bundle)
- awesome, gotify, scrapy, n8n
- filestash, linkwarden, letsencrypt
Retention policies range from 3-12 months with yearly backups
for critical data (postgres, directus, letsencrypt).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Prefixed all external volume references with 'backup_' to avoid
conflicts with volume definitions in other compose files (e.g.,
directus_uploads defined in both sexy and restic).
This allows Docker Compose's include pattern to work correctly
without volume name collisions.
