Implement Phase 1: core framework, operational tooling, and runbook
Core packages: crypto (Argon2id/AES-256-GCM), config (TOML/viper), db (SQLite/migrations), barrier (encrypted storage), seal (state machine with rate-limited unseal), auth (MCIAS integration with token cache), policy (priority-based ACL engine), engine (interface + registry). Server: HTTPS with TLS 1.2+, REST API, auth/admin middleware, htmx web UI (init, unseal, login, dashboard pages). CLI: cobra/viper subcommands (server, init, status, snapshot) with env var override support (METACRYPT_ prefix). Operational tooling: Dockerfile (multi-stage, non-root), docker-compose, hardened systemd units (service + daily backup timer), install script, backup script with retention pruning, production config examples. Runbook covering installation, configuration, daily operations, backup/restore, monitoring, troubleshooting, and security procedures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
22
deploy/examples/metacrypt-docker.toml
Normal file
22
deploy/examples/metacrypt-docker.toml
Normal file
@@ -0,0 +1,22 @@
|
||||
# Metacrypt configuration for Docker deployment.
|
||||
# Place this file at /data/metacrypt.toml inside the container volume.
|
||||
|
||||
[server]
|
||||
listen_addr = ":8443"
|
||||
tls_cert = "/data/certs/server.crt"
|
||||
tls_key = "/data/certs/server.key"
|
||||
|
||||
[database]
|
||||
path = "/data/metacrypt.db"
|
||||
|
||||
[mcias]
|
||||
server_url = "https://mcias.metacircular.net:8443"
|
||||
# ca_cert = "/data/certs/mcias-ca.crt"
|
||||
|
||||
[seal]
|
||||
# argon2_time = 3
|
||||
# argon2_memory = 131072
|
||||
# argon2_threads = 4
|
||||
|
||||
[log]
|
||||
level = "info"
|
||||
Reference in New Issue
Block a user