p24-infra — Improvement Specs
Specifications and implementation plans for 15 infrastructure improvements identified in the May 2026 tooling audit.
Read first: rulebook.md — operating rules for designing, building, and shipping these improvements.
Priority tiers
| Tier | Meaning | Target window |
|---|---|---|
| P1 | Material risk reduction (data loss, debug blindness, secret sprawl). Do next. | Within 4 weeks |
| P2 | Quality-of-life + drift prevention. Do this quarter. | Within 12 weeks |
| P3 | Polish + visibility. As bandwidth allows. | Opportunistic |
Index
| # | Spec | Tier | Est. effort | Depends on |
|---|---|---|---|---|
| 01 | Backups for stateful services | P1 | 1.5 d | — |
| 02 | Centralized logs (Loki + Promtail) | P1 | 1 d | — |
| 03 | Secrets management (sops + OIDC) | P1 | 2 d | — |
| 04 | IaC for VPS state (Ansible) | P2 | 3 d | 03 |
| 05 | Synthetic monitoring (Blackbox exporter) | P2 | 0.5 d | — |
| 06 | Consolidate health-check workflows | P2 | 0.25 d | — |
| 07 | Internal status page (Uptime Kuma) | P2 | 0.5 d | 05 |
| 08 | Image CVE scanning + dependency PRs | P2 | 1 d | — |
| 09 | SSH hardening (fail2ban, no root pw, CF Access) | P2 | 1 d | 04 |
| 10 | ”What’s deployed where” dashboard | P3 | 0.5 d | — |
| 11 | Cost tracking dashboard | P3 | 1 d | — |
| 12 | Cert expiry alerts | P3 | 0.25 d | 05 |
| 13 | Hostinger runbook | P3 | 0.25 d | — |
| 14 | n8n workflow versioning to git | P3 | 0.5 d | 03 |
| 15 | Tests for infra-code (dns-manager, queue-exporter) | P3 | 0.5 d | — |
Total: ~14 days of focused work.
Suggested execution order
Week 1 → 01 (backups) + 06 (cleanup health-checks) + 13 (runbook)
Week 2 → 03 (secrets) — unlocks 04, 14
Week 3 → 02 (logs) + 05 (synthetic) + 12 (certs)
Week 4 → 07 (status page) + 08 (CVE scanning)
Quarter → 04 (IaC), 09 (SSH), 10–11, 14–15
Creating issues from these specs
A helper script generates one GitHub issue per spec, with the spec markdown as the issue body:
.\scripts\create-improvement-issues.ps1 # dry-run (default)
.\scripts\create-improvement-issues.ps1 -Apply # actually create
.\scripts\create-improvement-issues.ps1 -Apply -Only 1,3 # subsetEach issue is created with milestone Triage, label enhancement, and a link back to the spec file on main.