Sebastian Krüger
9b433e66ad
Added self-hosted password manager to The Falcon infrastructure: **Vault Stack** (vault.pivoine.art): - Vaultwarden (Bitwarden-compatible server) - SQLite database for password storage - WebSocket support for real-time sync - TOTP and WebAuthn/U2F 2FA support - Browser extensions and mobile apps compatible **Configuration:** - Domain: https://vault.pivoine.art - Signups: Disabled (invite-only for security) - Invitations: Enabled - Password hints: Disabled (security best practice) - First user becomes admin **Backup Integration:** - Added vaultwarden-backup plan to Restic - Schedule: 8 AM daily (same as letsencrypt) - Retention: 7 daily, 4 weekly, 12 monthly, 3 yearly - Backup volume: vault_data mounted read-only **Infrastructure Updates:** - Created vault/compose.yaml following stack pattern - Added VAULT_* environment variables to arty.yml - Updated compose.yaml to include vault stack - Added backup_vaultwarden_data volume to restic - Updated restic/config.json with 12th backup plan **Documentation:** - Added Vault to CORE SYSTEMS in README - Added to ship architecture diagram - Documented in CLAUDE.md with configuration details - Updated volume management sections - Backup count increased from 11 to 12 plans Critical data backed up with long retention (3 years yearly). Compatible with official Bitwarden clients on all platforms. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
___ ___ ___ ___ ___ ___
/\ \ /\ \ /\__\ /\ \ /\ \ /\__\
/::\ \ /::\ \ /:/ / /::\ \ /::\ \ /:| _|_
/::\:\__\ /::\:\__\ /:/__/ /:/\:\__\ /:/\:\__\ /::|/\__\
\/\::/ / \/\::/ / \:\ \ \:\ \/__/ \:\/:/ / \/|::/ /
/:/ / /:/ / \:\__\ \:\__\ \::/ / |:/ /
\/__/ \/__/ \/__/ \/__/ \/__/ \/__/
⚡ THE FALCON ⚡
Captain Valknar's Legendary Starship
🌌 SHIP'S LOG
STARDATE: 2025.10.26 LOCATION: Deep Space, Uncharted Territories STATUS: Captain currently engaged in... diplomatic relations with alien civilizations SYSTEMS: All green, automated deployment active
"The Falcon doesn't just traverse the stars — it commands them." — Captain Valknar, moments before jumping to hyperspace
🛸 VESSEL SPECIFICATIONS
The Falcon is a state-of-the-art containerized starship, powered by Docker's quantum drive engines and orchestrated through the legendary Arty navigation system.
🎯 CORE SYSTEMS
| System | Purpose | Access Point |
|---|---|---|
| SEXY | Advanced alien encounter database | sexy.pivoine.art |
| AWSM | Intergalactic discovery catalog | awesome.pivoine.art |
| TRACK | Mission analytics & telemetry | umami.pivoine.art |
| GOTIFY | Subspace communication relay | gotify.pivoine.art |
| SCRAPY | Web scraping reconnaissance cluster | scrapy.pivoine.art |
| N8N | Automated workflow command center | n8n.pivoine.art |
| STASH | Universal file management portal | stash.pivoine.art |
| LINKS | Interstellar bookmark archive | links.pivoine.art |
| VAULT | Encrypted password vault | vault.pivoine.art |
| RESTIC | Automated backup vault system | restic.pivoine.art |
| PROXY | Shield control dashboard | proxy.pivoine.art |
| VPN | Cloaking device network | vpn.pivoine.art |
⚙️ INFRASTRUCTURE
┌─────────────────────────────────────────────────┐
│ 🛡️ TRAEFIK SHIELD GENERATOR (Proxy) │
│ ├─ Auto-SSL via Let's Encrypt Reactor │
│ ├─ HTTP → HTTPS Phase Shifters │
│ ├─ Load Balancer Stabilizers │
│ ├─ Dashboard Command Center │
│ └─ Sablier Dynamic Scaling Plugin │
├─────────────────────────────────────────────────┤
│ 💾 POSTGRESQL 16 DATA CORE │
│ ├─ Directus Sector Database │
│ ├─ Umami Analytics Vault │
│ ├─ n8n Workflow Engine Database │
│ └─ Linkwarden Bookmark Archive │
├─────────────────────────────────────────────────┤
│ ⚡ REDIS CACHE HYPERDRIVE │
│ └─ Warp-speed data acceleration │
├─────────────────────────────────────────────────┤
│ 🔐 BACKREST BACKUP VAULT (Restic) │
│ ├─ Automated volume snapshots │
│ ├─ Incremental backup engine │
│ └─ HiDrive remote repository │
└─────────────────────────────────────────────────┘
🚀 LAUNCH SEQUENCE
Prerequisites
- Docker Engine v20+ installed
- Docker Compose v2.20+ installed
- Arty navigation system (
npm install -g artyorpnpm add -g arty) - Clearance level: Captain
🔧 Initialize Ship Systems
# Create the ship's neural network
arty net/create
# Launch all systems
arty up
# Monitor system status
arty ps
# Access ship's logs (real-time)
arty logs
📡 Individual System Control
# Power down specific systems
arty down
# Restart malfunctioning modules
arty restart
# Pull latest system updates from the mothership
arty pull
# Diagnostic report
arty config
💫 NAVIGATION COMMANDS
Database Operations (SEXY Mission)
# Create database backup before alien encounter
arty db/dump
# Restore database after timeline anomaly
arty db/import
# Export exotic alien artifacts (uploads)
arty uploads/export
# Import artifacts to new timeline
arty uploads/import
Deployment & Sync
# Synchronize .env to remote starbase
arty env/sync
Backup Operations (RESTIC System)
# Access backup web interface
# URL: https://restic.pivoine.art
# Username: valknar
# Password: Set on first access
# View backup status
docker logs restic_app | grep scheduled
# Manually trigger backup for a specific plan
docker exec restic_app /backrest backup --plan postgres-backup
# List all snapshots in repository
docker exec restic_app restic -r /repos snapshots
# Restore from backup (via web UI recommended)
# Navigate to restic.pivoine.art → Browse snapshots → Restore files
Automated Backup Schedule:
- Daily backups: 2 AM - 8 AM (staggered by service)
- Weekly maintenance: Sundays at 2 AM (prune) and 3 AM (check)
- All volumes backed up to:
/mnt/hidrive/users/valknar/Backup
🌠 SHIP ARCHITECTURE
THE FALCON (falcon_network)
│
├─ 🎯 CORE SERVICES
│ ├─ PostgreSQL 16 [Port 5432] → Data Vault
│ └─ Redis 7 [Internal] → Cache Drive
│
├─ 🛡️ SECURITY LAYER
│ ├─ Traefik [80/443] → Shield Generator
│ ├─ Traefik Dashboard [proxy.pivoine.art] → Control Center
│ └─ Sablier [Internal] → Scale-to-Zero Engine
│
├─ 🚀 APPLICATIONS
│ ├─ Directus API [sexy.pivoine.art/api]
│ ├─ SvelteKit Frontend [sexy.pivoine.art]
│ ├─ Awesome Catalog [awesome.pivoine.art]
│ ├─ Umami Analytics [umami.pivoine.art]
│ ├─ Gotify Messenger [gotify.pivoine.art]
│ ├─ Scrapyd Cluster [scrapy.pivoine.art]
│ ├─ n8n Workflows [n8n.pivoine.art]
│ ├─ Filestash Files [stash.pivoine.art]
│ ├─ Linkwarden Marks [links.pivoine.art]
│ ├─ Vaultwarden Vault [vault.pivoine.art]
│ ├─ Backrest Backups [restic.pivoine.art]
│ └─ WireGuard VPN [vpn.pivoine.art]
│
└─ 💾 STORAGE VOLUMES
├─ postgres_data → Critical mission data
├─ directus_uploads → Alien encounter evidence
├─ directus_bundle → Custom modules
├─ awesome_data → Discovery catalog
├─ scrapyd_data → Web scraping archives
├─ scrapy_code → Spider project code
├─ n8n_data → Workflow configurations
├─ filestash_data → File manager state
├─ linkwarden_data → Bookmark archives
├─ meili_data → Search index database
├─ vaultwarden_data → Encrypted password vault
├─ backrest_data → Backup system state
├─ backrest_config → Backup configurations
└─ letsencrypt_data → Shield certificates
🎨 TECHNOLOGY STACK
⚠️ PROTOCOLS & SECURITY
🔐 ENCRYPTION STANDARD
├─ All transmissions encrypted via HTTPS
├─ Let's Encrypt quantum certificates
├─ TLS 1.2+ with strong cipher suites only
├─ HSTS enabled (1-year, preload ready)
└─ SNI strict mode enforced
🛡️ SECURITY HEADERS
├─ X-Frame-Options: SAMEORIGIN
├─ X-XSS-Protection enabled
├─ Content-Type-Options: nosniff
├─ Referrer-Policy configured
└─ Permissions-Policy restrictions
🔒 ACCESS CONTROL
├─ Admin credentials in .env vault
├─ Database authentication: scram-sha-256
├─ HTTP Basic Auth on sensitive endpoints
├─ Rate limiting available (100 req/s)
└─ VPN cloaking device enabled
💾 BACKUP PROTOCOL
├─ Automated daily backups (2-8 AM)
├─ 11 backup plans covering all volumes
├─ Retention: 7 daily, 4 weekly, 3-12 monthly
├─ Encrypted restic repositories
├─ Weekly maintenance (prune & integrity check)
├─ Web UI for monitoring & restore
└─ HiDrive remote storage
📊 MISSION STATUS
╔════════════════════════════════════════╗
║ SHIP'S VITAL SIGNS ║
╠════════════════════════════════════════╣
║ ✅ Core Systems → OPERATIONAL ║
║ ✅ Shield Generator → ONLINE ║
║ ✅ Database Vault → SECURED ║
║ ✅ Cache Drive → OPTIMIZED ║
║ ✅ Backup System → AUTOMATED ║
║ 🌟 Captain Status → ON ADVENTURE ║
╚════════════════════════════════════════╝
Next Backup: Tomorrow 2:00 AM (postgres-backup)
Backup Target: /mnt/hidrive/users/valknar/Backup
Repository Status: Initialized & Ready
👽 CAPTAIN'S NOTES
Currently out exploring the cosmos and making friends with alien species. You know how it is — one minute you're charting a nebula, the next you're at an intergalactic party.
If systems malfunction, check the logs. If things are really bad, I left a backup captain AI (it's called documentation).
Stay shiny, crew. Valknar out.
📡 TRANSMISSION CHANNELS
- 🌐 Flagship: pivoine.art
- 📧 Subspace Mail: valknar@pivoine.art
- 🚀 Mission Control: sexy.pivoine.art
- 📊 Analytics Bay: umami.pivoine.art
╔═══════════════════════════════════════════════════════════╗
║ ║
║ "In space, no one can hear you `docker compose up`" ║
║ ║
║ — Captain Valknar, The Falcon ║
║ ║
╚═══════════════════════════════════════════════════════════╝
THE FALCON • Fastest ship in the Docker registry • EST. 2025