aws-security-cluster

Security platform automation for Good Manners Hosting. The active deployment is a single Hetzner VPS (keeper.goodmanners.services) running Docker Compose: Traefik ingress, Authentik (GitHub SSO), OpenBao (AWS KMS auto-unseal), and Doco-CD GitOps.

Hostname	Service
`auth.goodmanners.services`	Authentik
`keeper.goodmanners.services`	OpenBao
`traefik.goodmanners.services`	Traefik dashboard
`doco-cd.goodmanners.services`	Doco-CD (Authentik forward auth on UI only)

Start here: stacks/README.md

GitOps: .doco-cd.yml defines deploy order. Stack secrets live in git as stacks/*/secrets.enc.env (SOPS + age). stacks/doco-cd/install-prod.sh bootstraps the VPS; day-two ops in stacks/ops/.

OpenBao: policies, roles, and OIDC in bao/. File audit is declarative in stacks/openbao/config/openbao.hcl.example; apply with bao/enable-audit.sh.

Name		Name	Last commit message	Last commit date
Latest commit History 73 Commits
.github/workflows		.github/workflows
authentik/blueprints		authentik/blueprints
bao		bao
stacks		stacks
.doco-cd.yml		.doco-cd.yml
.gitignore		.gitignore
.sops.yaml		.sops.yaml
.sops.yaml.example		.sops.yaml.example
README.md		README.md
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

aws-security-cluster

About

Uh oh!

Releases

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

aws-security-cluster

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Contributors

Uh oh!

Languages