feat: The Other Dude v9.0.1 — full-featured email system

ci: add GitHub Pages deployment workflow for docs site Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 17:46:37 -05:00
commit b840047e19
511 changed files with 106948 additions and 0 deletions
--- a/infrastructure/openbao/init.sh
+++ b/infrastructure/openbao/init.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+# OpenBao Transit initialization script
+# Runs after OpenBao starts in dev mode
+
+set -e
+
+export BAO_ADDR="http://127.0.0.1:8200"
+export BAO_TOKEN="${BAO_DEV_ROOT_TOKEN_ID:-dev-openbao-token}"
+
+# Wait for OpenBao to be ready
+echo "Waiting for OpenBao to start..."
+until bao status >/dev/null 2>&1; do
+    sleep 0.5
+done
+echo "OpenBao is ready"
+
+# Enable Transit secrets engine (idempotent - ignores "already enabled" errors)
+bao secrets enable transit 2>/dev/null || true
+echo "Transit engine enabled"
+
+# Create policy for the API backend (full Transit access)
+bao policy write api-policy - <<'POLICY'
+path "transit/*" {
+  capabilities = ["create", "read", "update", "delete", "list"]
+}
+POLICY
+
+# Create policy for the Go poller (encrypt + decrypt only)
+bao policy write poller-policy - <<'POLICY'
+path "transit/decrypt/tenant_*" {
+  capabilities = ["update"]
+}
+path "transit/encrypt/tenant_*" {
+  capabilities = ["update"]
+}
+POLICY
+
+echo "OpenBao Transit initialization complete"