Initialize ops repository
This commit is contained in:
vaultsovereign
34
README.md
Normal file
34
README.md
Normal file
@@ -0,0 +1,34 @@
|
||||
# ops
|
||||
|
||||
Single source of operational truth: everything here must be understandable, rebuildable, and revocable.
|
||||
|
||||
## Non-negotiables
|
||||
|
||||
- **Authority boundary:** critical actions originate from `op-core-vm`.
|
||||
- **No plaintext secrets in Git:** `vault/` contains encrypted artifacts only; `20-identity/keys/public/` is public keys only.
|
||||
- **Naming is reality:** everything is named `<role>-<scope>-<id>`.
|
||||
- **Nuke test:** if losing it causes panic, reduce scope or remove it.
|
||||
|
||||
## Read first
|
||||
|
||||
- `00-doctrine/operator-charter.md`
|
||||
- `00-doctrine/personal-operating-doctrine.md`
|
||||
|
||||
## Layout
|
||||
|
||||
- `00-doctrine/` – the law (stable, rarely changed)
|
||||
- `10-inventory/` – what exists (hosts, networks, services)
|
||||
- `20-identity/` – roles, policies, leases, public keys
|
||||
- `30-infra/` – infrastructure as code + config management
|
||||
- `40-apps/` – application-specific ops (deploy, config, lifecycle)
|
||||
- `50-runbooks/` – executable procedures (panic day, provision, incident, decom)
|
||||
- `60-backups/` – backup manifests + restore proofs
|
||||
- `70-audits/` – checklists + reports
|
||||
- `80-automation/` – scripts and containers that make the above repeatable
|
||||
- `90-scratch/` – disposable working area (not source of truth)
|
||||
- `vault/` – encrypted-only artifacts (safe to leak without keys)
|
||||
|
||||
## What does not belong here
|
||||
|
||||
Meaning-bearing material (books, media, personal archives) stays in cold storage, not `ops/`.
|
||||
|
||||
Reference in New Issue
Block a user