Topics
Long-form deep-dives. The pages here explain something that touches several layers of the stack at once — they don't fit into apps, platform, foundation, or fabric alone.
| Page | What it covers |
|---|---|
| GitOps flow | How a Renovate PR becomes a running container, end-to-end. |
| Three-tier backups end-to-end | The path from "byte written to a PVC" through warm / hot / cold tiers, and what each costs to restore. |
| Disaster recovery drill | From "production is gone" back to a fully reconciled cluster — the documented procedure. |
| SOPS / age key rotation | Rotating the load-bearing age key without breaking Flux, including the two-recipient phase. |
| Renovate auto-merge policy | When dependency PRs auto-merge and when they wait for a human. |
| Real client IPs across the chain | PROXY-protocol-v2 wiring through netbird/SNAT and a multi-proxy chain, with Gitea as the example. |
| Hardware-backed SSH keys | Generate and use SSH keys whose private material never leaves a Nitrokey 3 or YubiKey 5. |
| Fedora LUKS2 + TPM2 + Secure Boot | Set up, manage, and recover full-disk encryption bound to TPM PCRs 7 and 14. |