claude-timemachine
49d1cb3280
CI / test (3.10) (push) Successful in 8s
CI / test (3.11) (push) Successful in 8s
CI / test (3.12) (push) Successful in 7s
CI / build-pyz (push) Successful in 4s
CI / release (push) Has been skipped
drop restic repo encryption; rely on TLS + append-only + LUKS
User credentials now serve HTTP basic auth only. Repos init with
--insecure-no-password. Removes:
- RESTIC_PASSWORD env in client subprocess
- Per-repo password coordination story
- Multi-key restic setup (user key + operator-master key)
- Two-password recovery edge cases
Operator-side prune now runs over the filesystem path (-r /srv/.../<user>/)
which bypasses rest-server's HTTP-layer append-only enforcement. No
password needed at all.
Protection model stays:
- TLS in transit (reverse proxy)
- HTTP basic per-user (htpasswd) for read/write authorization
- --private-repos for per-user URL isolation
- --append-only for client-side delete protection
- LUKS / disk-level for at-rest encryption (operator's responsibility)
Verified end-to-end on john: pull → push → restore round-trip works,
DELETE on bogus snapshot still returns 403 (append-only intact),
operator can read repo via filesystem path (prune-mode access works).
33 pytest still green.
2026-06-04 22:23:40 +02:00
..
2026-06-03 01:11:47 +02:00
2026-06-03 01:11:47 +02:00
2026-06-03 01:11:47 +02:00
2026-06-03 01:11:47 +02:00
2026-06-03 01:11:47 +02:00
2026-06-03 01:11:47 +02:00
2026-06-04 22:23:40 +02:00