From ba254f5854659f205baa4edcfba063f69cf0c1d8 Mon Sep 17 00:00:00 2001
From: Till JS <tills95@gmail.com>
Date: Fri, 8 May 2026 20:03:52 +0200
Subject: [PATCH] infra: commit git.mana.how cloudflared route + ignore
 secrets/.bak
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two long-uncommitted Mac Mini drifts cleaned up:

1. cloudflared-config.yml — git.mana.how → :3030 (Forgejo). The
   route has been live for weeks (HTTP 200), just never committed.
2. .gitignore — exclude secrets/ (private keys: mana-ai mission-grant
   RSA keypair lives there; must NEVER be committed) and *.bak-*
   files (operator backup workflow on the Mac Mini).

services/mana-auth/drizzle/ on the Mac Mini was Mac-Mini-side
generated state for the (now deleted) mana-monorepo mana-auth
service; cleanup fell out with the Phase 7 deletion.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitignore             | 8 ++++++++
 cloudflared-config.yml | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/.gitignore b/.gitignore
index 79b429d4a..934c2005b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,14 @@ ios/
 docs/*_CREDENTIALS.md
 docs/CREDENTIALS_*.md
 
+# Service secrets (private keys, never commit)
+secrets/
+
+# Local backup files (Mac Mini operator workflow)
+*.bak-*
+.env.macmini.bak-*
+cloudflared-config.yml.bak-*
+
 # Environment files
 .env
 .env.local
diff --git a/cloudflared-config.yml b/cloudflared-config.yml
index fb4f3c23c..9ca0e001c 100644
--- a/cloudflared-config.yml
+++ b/cloudflared-config.yml
@@ -130,6 +130,8 @@ ingress:
   # ============================================
   # Forgejo (Git + CI/CD)
   # ============================================
+  - hostname: git.mana.how
+    service: http://localhost:3030
 
   # ============================================
   # Standalone microservices