docs: publish 2026-04-27

2026-04-27 02:22:31 -04:00
commit 73c1dde7e5
8 changed files with 366 additions and 0 deletions
--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@@ -0,0 +1,23 @@
+# Security
+
+## Threat model
+
+One-person homelab on a residential connection.
+
+## Update 
+
+- Edge components: patched promptly when CVEs land.
+- Hypervisor and backup server: quarterly review, with security patches applied when needed.
+- Application LXCs: rolling updates on a regular schedule. certain ones take precent
+- Container images: re-pulled on the same rolling schedule.
+
+## Backups
+
+Hypervisor-level backups go to a dedicated backup server. Conservative retentions and backups are verified periofically.The rebuild order is documented. 
+
+## Limitations
+
+This is a learning environment.
+
+- No High Availability - One hypervisor, one firewall
+- One-person ops