Vault-Secrets für Paperless (prod-alt) #287

New issue

Closed

opened 2026-05-14 22:33:45 +02:00 by admin-mrrm · 2 comments

admin-mrrm commented 2026-05-14 22:33:45 +02:00

Owner

Copy link

inventory/host_vars/prod-alt/vault.yml mit eigenen, nicht-dev-Werten:

• vault_paperless_secret_key (NEU generieren)
• vault_paperless_admin_password
• vault_paperless_dbpass
• vault_paperless_api_token (nach Bootstrap)

`inventory/host_vars/prod-alt/vault.yml` mit eigenen, nicht-dev-Werten: - vault_paperless_secret_key (NEU generieren) - vault_paperless_admin_password - vault_paperless_dbpass - vault_paperless_api_token (nach Bootstrap)

admin-mrrm added this to the Archiv — 5: Prod-Rollout milestone 2026-05-14 22:33:45 +02:00

admin-mrrm added the

size/s

area/infra

type/chore

app/archiv

labels 2026-05-14 22:33:45 +02:00

admin-mrrm commented 2026-05-16 21:20:52 +02:00

Author

Owner

Copy link

Vault + ENV-Template gemerged via server-stack PR#13 (f812346).

Erledigt

• templates/prod-alt.env.j2: Paperless-Block + MRRMLABAPP_PAPERLESS_TOKEN
• inventory/host_vars/prod-alt/vault.yml: 3 neue Keys (frisch generiert nach Diff-Leak-Incident, rotiert)
  • vault_paperless_secret_key, vault_paperless_admin_password, vault_paperless_dbpass
• Dry-run gegen prod-alt (ohne --diff) → ok=48, changed=7, failed=0

Noch offen — wird in #286 erledigt

vault_mrrmlabapp_paperless_token ist leer; Token wird nach Paperless-Bootstrap auf prod-alt generiert und nachgetragen.

Damit ist die Vault-Vorbereitung für prod-alt komplett. Nächster Schritt: #286 (Paperless-Stack auf prod-alt spiegeln) nach Beobachtungsphase dev-neu.

Vault + ENV-Template gemerged via server-stack PR#13 (`f812346`). ## Erledigt - `templates/prod-alt.env.j2`: Paperless-Block + `MRRMLABAPP_PAPERLESS_TOKEN` - `inventory/host_vars/prod-alt/vault.yml`: 3 neue Keys (frisch generiert nach Diff-Leak-Incident, rotiert) - `vault_paperless_secret_key`, `vault_paperless_admin_password`, `vault_paperless_dbpass` - Dry-run gegen prod-alt (ohne `--diff`) → `ok=48, changed=7, failed=0` ## Noch offen — wird in #286 erledigt `vault_mrrmlabapp_paperless_token` ist leer; Token wird nach Paperless-Bootstrap auf prod-alt generiert und nachgetragen. Damit ist die Vault-Vorbereitung für prod-alt komplett. Nächster Schritt: #286 (Paperless-Stack auf prod-alt spiegeln) nach Beobachtungsphase dev-neu.

admin-mrrm commented 2026-05-17 16:20:59 +02:00

Author

Owner

Copy link

Verifiziert am 2026-05-17: paperless.mrrm.de live (HTTP 200, TLS), 5 Container Up 17h healthy auf prod-alt; Vault-Secrets gesetzt, NAS-Backup-Hook (pre.d/10-paperless-export.sh) + paperless-export-Volume in nas_backup_dirs deployed.

Verifiziert am 2026-05-17: `paperless.mrrm.de` live (HTTP 200, TLS), 5 Container `Up 17h` healthy auf prod-alt; Vault-Secrets gesetzt, NAS-Backup-Hook (`pre.d/10-paperless-export.sh`) + `paperless-export`-Volume in `nas_backup_dirs` deployed.

admin-mrrm closed this issue 2026-05-17 16:20:59 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

chore/roadmap-rc32-done

feat/rc32-fdroid-nightly

feat/rc31-auto-index-on-mutation

feat/rc30-auto-index

chore/roadmap-rc28-done

feat/360-projects-source

chore/roadmap-rc27-done

feat/habits-ui

chore/roadmap-rc26-done

feat/planner-v1-depends-on

chore/roadmap-rc25-done

feat/calendar-settings-ui

chore/roadmap-rc24-done

feat/candidate-mark-done

chore/roadmap-rc23-done

fix/shared-schema-todo

chore/roadmap-rc22-done

chore/release-rc22

feat/todo-candidate-writer

chore/roadmap-rc21-done

chore/roadmap-rc21-json-fix

chore/release-v0.6.6-rc21

feat/day-planner-empty-state-ctas

chore/roadmap-rc17-rc18-done

chore/phase2-smoke-manual-trigger

chore/roadmap-rc19-done

fix/list-screens-scrollable

feat/dev-user-header-env-gate

wireup/ai-foundation-phase1

feat/443-search-ui

feat/442-background-indexer

feat/441-data-source-interface

feat/440-sqlite-vec

feat/439-embedding-service

feat/425-mlkit-image-preview-integration

archive/spike-77-ocr-mobile

fix/gitea-release-shell-scope

feat/396-version-sync

feat/376-e2e-drone-integration

feat/374-e2e-playwright-setup

feat/372-planner-v1

feat/370-calendar-read

feat/368-planner-v0

feat/366-habit-source

feat/178-mail-candidate-writer

feat/253-nli-template-ab

fix/348-settings-nav-hijack-v2

fix/347-web-side-drawer

fix/349-profile-menu-close

feat-297-sender-memory-ui

feat-296-web-classifier-sender-memory

feat/294-sender-label-memory

chore/268-analyze-script-dynamic-labels

fix/268-nli-threshold-025

fix/266-imap-getmessage-timeout

fix-imap-unhandled-error

fix-175-onnxruntime-anchor

fix-175-onnxruntime-mainapp

ci-release-gate-apk

ci-mobile-bundle-check

fix-175-native-startup

fix-175-stub-onnxruntime-web

fix-175-import-meta-hermes

feat-web-parcel-scan-toggle

feat-tracking-manual-sync

fix-track17-carrier-ids

feat-232-mail-scanner

feat-233-trackings-post

feat-aftership-provider

feat-195-loading-skeletons

feat-197-error-boundary

feat-194-toast-system

chore/add-claude-md

155-auth-callback-route

feat/fdroid-deploy

fix/mail-messages-pagination-types

feat/ocr-correction-review

fix/ocr-inference-oom

fix/ocr-oom-and-finetune-training

feat/ocr-easyocr-and-training-data

feat/ocr-image-rotate-preview

feat/mobile-image-picker-57

feat/ocr-parse-image-endpoint

feat/lists-notes-e2e

fix/web-show-auth-error-body

fix/deploy-envfile

fix/deploy-ssh-port

feat/drone-deploy

fix/drone-secret-names

fix/dockerfile-deploy-flag

feat/drone-ci

feat/apps-web

feat/shopping-list-crud

v0.6.7-rc33

v0.6.6-rc32

v0.6.6-rc31

v0.6.6-rc30

v0.6.6-rc29

v0.6.6-rc28

v0.6.6-rc27

v0.6.6-rc26

v0.6.6-rc25

v0.6.6-rc24

v0.6.6-rc23

v0.6.6-rc22

v0.6.6-rc21

v0.6.6-rc20

v0.6.6-rc19

debug-rpi5

v0.6.6-rc18

v0.6.6-rc17

v0.6.6-rc16

v0.6.6-rc15

v0.6.6-rc14

v0.6.6-rc13

v0.6.6-rc12

v0.6.6-rc11

v0.6.6-rc10

v0.6.6-rc9

v0.6.6-rc8

v0.6.6-rc7

v0.6.6-rc6

v0.6.6-rc5

v0.6.6-rc4

v0.6.6-rc3

v0.6.6-rc2

v0.6.6-rc1

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.6

v0.4.5

v1.0.515

v1.0.468

v1.0.449

v1.0.442

Labels

Clear labels   

app/archiv

Document & email archive (Paperless-ngx integration)

  

app/einkaufslisten

  

app/imap-client

  

app/wissensbasis

  

arch-answered

arch-question wurde vom Architekten beantwortet und vom PM in Produkt-Entscheidung übersetzt

  

arch-question

Anfrage an Software-Architekt — Tech-/Architektur-Entscheidung gebraucht (PM hat sie nicht selbst getroffen)

  

area/api

NestJS backend

  

area/auth

Keycloak / OIDC

  

area/infra

Monorepo / CI / tooling

  

area/mobile

Expo React Native app

  

area/shared

Shared packages

  

area/ui

Tamagui UI package

  

area/web

Vite web app

  

portfolio-status

Wöchentlicher CEO-Portfolio-Status

  

prio/high

High priority

  

prio/low

Low priority

  

prio/medium

Medium priority

  

roadmap/public

In der public Roadmap der App sichtbar (roadmap.json kuratiert)

  

size/l

2-3 days

  

size/m

About 1 day

  

size/s

Half a day

  

size/xl

More than 3 days — should be split

  

size/xs

Less than 1 hour

  

status/blocked

Waiting on something

  

status/needs-info

Open questions before work can continue

  

type/bug

Something is broken

  

type/chore

Infra / tooling / maintenance

  

type/docs

Documentation

  

type/feature

New user-facing functionality

  

type/idea

  

type/refactor

Code refactor without behavior change

No labels

app/archiv

app/einkaufslisten

app/imap-client

app/wissensbasis

arch-answered

arch-question

area/api

area/auth

area/infra

area/mobile

area/shared

area/ui

area/web

portfolio-status

prio/high

prio/low

prio/medium

roadmap/public

size/l

size/m

size/s

size/xl

size/xs

status/blocked

status/needs-info

type/bug

type/chore

type/docs

type/feature

type/idea

type/refactor

Milestone

Clear milestone

No items

No milestone

Archiv — 5: Prod-Rollout

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

admin-mrrm/mrrmlabapp#287

No description provided.