| VENUSINF-1 |
venusinfra |
EPIC: ONEDB target flip — telemetry consolidation onto venus-pg (supersede whey-pg) |
backlog |
urgent |
nw-whey-cc |
2026-06-09 02:20 |
| VENUSINF-10 |
venusinfra |
└─ Cross-update ONEDB WIs (ONEDB-12 ingestion, ONEDB-10 pg-write flip) for new target host |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-9 |
venusinfra |
└─ Repoint venus-kpi-collect + whey/lezama remote writers to venus-pg |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-8 |
venusinfra |
└─ pg_hba + network: allow whey + lezama as remote writers to venus-pg |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-7 |
venusinfra |
└─ Provision postgres17 on venus (data dir, listen_addresses, telemetry db + telemetry_rw role) |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-6 |
venusinfra |
└─ Confirm + record: venus-pg is the consolidation target; supersede whey-pg in ONEDB-12/10 + one-db/DESIGN.md |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-4 |
venusinfra |
EPIC: venus hardening (public-IP attack surface) — GATES service exposure |
backlog |
high |
nw-whey-cc |
2026-06-09 02:20 |
| VENUSINF-21 |
venusinfra |
└─ Per-service bind/least-exposure audit (pg/hub/smtp listen only where needed) |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-20 |
venusinfra |
└─ ssh lockdown (key-only, no root login) + fail2ban |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-19 |
venusinfra |
└─ nftables/ufw default-deny + per-service allow rules |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-22 |
venusinfra |
└─ unattended-upgrades + basic intrusion/monitoring on venus |
backlog |
low |
— |
2026-06-09 02:21 |
| VENUSINF-2 |
venusinfra |
EPIC: llmmsg hub + runtime DB → venus |
backlog |
high |
nw-whey-cc |
2026-06-09 02:20 |
| VENUSINF-14 |
venusinfra |
└─ Point llmmsg-hub.pensanta.com (DNS) at venus public IP |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-13 |
venusinfra |
└─ Repoint whey + lezama MCP shim + bootstrap to venus hub endpoint |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-12 |
venusinfra |
└─ Migrate runtime DB v2.sqlite whey→venus (quiesce, copy, integrity-check) |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-11 |
venusinfra |
└─ Stand up llmmsg hub service on venus (v2-hub.mjs, port 9703, systemd) |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-15 |
venusinfra |
└─ Burn-in then decommission whey hub |
backlog |
low |
— |
2026-06-09 02:21 |
| VENUSINF-5 |
venusinfra |
EPIC: whey + lezama thin-client cutover |
backlog |
normal |
nw-whey-cc |
2026-06-09 02:20 |
| VENUSINF-26 |
venusinfra |
└─ Per-cutover rollback plan + burn-in verification gates |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-25 |
venusinfra |
└─ Define what stays local on whey vs moves to venus (role redefinition) |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-24 |
venusinfra |
└─ lezama → thin client via public venus (simplify the whey-VPN dependency) |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-23 |
venusinfra |
└─ whey → thin client (hub/pg/smtp point to venus) |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-3 |
venusinfra |
EPIC: Self-hosted SMTP on venus |
backlog |
normal |
nw-whey-cc |
2026-06-09 02:20 |
| VENUSINF-18 |
venusinfra |
└─ Repoint notify-elazar.sh to venus SMTP; verify delivery to Elazar inbox |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-17 |
venusinfra |
└─ PTR/reverse-DNS + SPF/DKIM/DMARC for deliverability |
backlog |
normal |
— |
2026-06-09 02:21 |
| VENUSINF-16 |
venusinfra |
└─ Install + configure MTA (postfix) on venus |
backlog |
normal |
— |
2026-06-09 02:21 |