[User Story] Update create-storage-dirs.service for secrets directory #90
Description
Story Summary
As a platform engineer, I want to update create-storage-dirs.service to create the ghost-compose secrets directory on block storage, so that .env.secrets has a proper location with secure permissions.
✅ Acceptance Criteria
- Service creates
/var/mnt/storage/ghost-composedirectory - Directory has mode 0700 (owner-only access)
- Existing directories for MySQL, Ghost content, Caddy certs remain unchanged
- Service unit syntax valid
📝 Additional Context
- Design: This directory only holds
.env.secrets- the rest of compose config is in/etc/ghost-compose/ - The 0700 permission is more restrictive than other directories since it contains secrets
- The
.env.secretsfile itself should be 0600 (created manually)
📦 Definition of Ready
- Acceptance criteria defined
- No unresolved external dependencies
- Story is estimated
- Team has necessary skills and access
- Priority is clear
- Business value understood
✅ Definition of Done
- All acceptance criteria met
- Peer-reviewed
- Systemd unit syntax valid