chore: rebrand Subfeed -> Siftlode

Rename all user-facing references (UI wordmark Sift+lode, titles, app name,
legal pages, onboarding wizard, emails, README/docs) and infra paths
(/srv/subfeed -> /srv/siftlode, image tag, deploy script, backup filenames).

Internal identifiers kept on purpose: Postgres user/db "subfeed", logger
namespace, localStorage keys, and the subfeed_pgdata volume (renaming would
orphan the migrated production data).
This commit is contained in:
npeter83 2026-06-14 04:40:22 +02:00
parent cbd0234a8d
commit 898a6ae338
25 changed files with 90 additions and 90 deletions

View file

@ -1,6 +1,6 @@
# Subfeed — Public Deployment Plan (v1)
# Siftlode — Public Deployment Plan (v1)
Status: **approved (planning)** — 2026-06-13. Goal: share the current Subfeed
Status: **approved (planning)** — 2026-06-13. Goal: share the current Siftlode
build with one trusted tester (both users in Hungary), on safe public
infrastructure, with a clean and trustworthy Google sign-in experience.
@ -54,7 +54,7 @@ Therefore:
"unverified app" screen and how to proceed (Advanced → Continue). Button →
incremental consent. Skippable.
- **Step — write access (`youtube`)**: optional; needed to unsubscribe from
within Subfeed; same pre-warning. Button → incremental consent. Skippable.
within Siftlode; same pre-warning. Button → incremental consent. Skippable.
3. App **degrades gracefully**: no read scope → no feed (UI explains why); no
write scope → no unsubscribe button.
@ -78,32 +78,32 @@ future verification submission cleaner.
## 3. Infrastructure — all on asgard
```
User browser ──HTTPS──> Caddy (asgard :443, subfeed.b1fr0st.eu)
User browser ──HTTPS──> Caddy (asgard :443, siftlode.b1fr0st.eu)
│ reverse_proxy 127.0.0.1:8080
subfeed-api (FastAPI + built SPA, Docker)
siftlode-api (FastAPI + built SPA, Docker)
│ internal docker network only
subfeed-db (Postgres 16 — never published)
siftlode-db (Postgres 16 — never published)
```
- **DNS**: `porkbun add b1fr0st.eu A subfeed 88.218.78.254` (+ AAAA). Agent-owned
- **DNS**: `porkbun add b1fr0st.eu A siftlode 88.218.78.254` (+ AAAA). Agent-owned
via `/usr/local/bin/porkbun` on the PVE host.
- **TLS**: Caddy DNS-01 (porkbun plugin), same as forge/pages — auto cert for
`subfeed.b1fr0st.eu`.
- **Caddy**: new vhost block `subfeed.b1fr0st.eu { reverse_proxy 127.0.0.1:8080 }`
`siftlode.b1fr0st.eu`.
- **Caddy**: new vhost block `siftlode.b1fr0st.eu { reverse_proxy 127.0.0.1:8080 }`
inheriting the existing security-header set (HSTS, X-Frame-Options, etc.).
- **OAuth redirect URI**: `https://subfeed.b1fr0st.eu/auth/callback` →
- **OAuth redirect URI**: `https://siftlode.b1fr0st.eu/auth/callback` →
`OAUTH_REDIRECT_URL`. Registered in the Google OAuth client.
- **Stack**: dedicated prod compose at `/srv/subfeed/`; app bound to
- **Stack**: dedicated prod compose at `/srv/siftlode/`; app bound to
**127.0.0.1:8080 only** (behind Caddy, never a public port); Postgres on the
internal docker network only (no host port).
### Resource limits (critical on the 3.3 GB box)
- `subfeed-api`: `mem_limit: 768m`, `cpus: 1.0`, `pids_limit: 256`,
- `siftlode-api`: `mem_limit: 768m`, `cpus: 1.0`, `pids_limit: 256`,
`no-new-privileges`, `cap_drop: ALL`, read-only rootfs + tmpfs `/tmp`,
non-root user.
- `subfeed-db`: `mem_limit: 512m`, `cpus: 0.75`, tuned
- `siftlode-db`: `mem_limit: 512m`, `cpus: 0.75`, tuned
`shared_buffers`/`work_mem`.
---
@ -124,9 +124,9 @@ off, icc off, log caps), auditd, key-only SSH, swap.
| **AI-written code flaws** | Dedicated security review of the codebase (§5). |
- **Backups**: extend the existing `asgard-snapshot` timer with a `pg_dump` of
the subfeed DB (rides the nightly tar.zst; pulled to the home array by
the siftlode DB (rides the nightly tar.zst; pulled to the home array by
`pull-asgard-backups`).
- **Monitoring**: Prometheus blackbox probe for `subfeed.b1fr0st.eu` +
- **Monitoring**: Prometheus blackbox probe for `siftlode.b1fr0st.eu` +
container-up alert, mirroring the Forgejo probes.
---
@ -148,11 +148,11 @@ off, icc off, log caps), auditd, key-only SSH, swap.
The runner already runs **on the same asgard host** as the app:
1. Push to a **private Forgejo repo** at `forge.b1fr0st.eu` (Subfeed is
1. Push to a **private Forgejo repo** at `forge.b1fr0st.eu` (Siftlode is
currently local-git only).
2. **Actions workflow** on tag push: multi-stage Docker build → push to the
built-in registry (`forge.b1fr0st.eu/peter/subfeed:<tag>`).
3. **Deploy step** in the same workflow: `cd /srv/subfeed && docker compose pull
built-in registry (`forge.b1fr0st.eu/peter/siftlode:<tag>`).
3. **Deploy step** in the same workflow: `cd /srv/siftlode && docker compose pull
&& docker compose up -d` (local, since the runner is on asgard); migrations
run via the entrypoint's `alembic upgrade head`.
@ -181,7 +181,7 @@ Result: `git tag vX && git push --tags` → live in minutes.
authorized domain `b1fr0st.eu`, privacy/ToS/homepage links), declare scopes,
**Publish app → Production**, verify domain in Search Console (TXT added via
the porkbun CLI by the agent).
5. Infra: DNS record, Caddy vhost, `/srv/subfeed/` compose stack with limits,
5. Infra: DNS record, Caddy vhost, `/srv/siftlode/` compose stack with limits,
backup hook, monitoring probe. Forgejo repo + Actions pipeline.
**Phase B — focused security review before publish**