Two-node primary/secondary architecture with per-service replication:
ZFS send/recv 15min for volumes, postgres streaming replication for
DBs, Redis Sentinel, Tailscale mesh. Phased plan from cobblestone
intake to eventual K3s/Nomad cluster at 3+ nodes. Service placement
table, failure-scenario RTO/RPO matrix, open decisions documented.
Operator works privately on Forgejo. Pushing to GitHub becomes a
manual per-repo opt-in, not an automatic mirror.
Today's action: deleted all 8 push-mirrors via Forgejo API (DELETE
204 each). GitHub copies that exist now are point-in-time snapshots
from before the policy change.
STATE.md updated to reflect:
- 'snapshot 2026-05-06 (stale)' replaces all 'mirror' status cells
- Header reframed: Forgejo is the only source of truth; GH not
auto-pushed to
- Added 8bit-icons to repo table (was migrated, not previously listed)
- Changelog entry for the policy change
Memory updated: feedback_my_git_is_forgejo.md now says 'do NOT
auto-enable push-mirror; wait for explicit instruction'.
STATE.md = source-of-truth for current state + pending decisions.
Append to changelog when state changes. Don't rewrite history.
COBBLESTONE-INTAKE.md = template the operator fills before agent A2
runs the cobblestone audit. Captures network/SSH/hardware/OS/docker
state + operator-driven migration decisions (LUKS, DE, userns-remap,
RC revive-or-retire, Headscale SPOF, cockpit).
