Security audit — remove public domains from internal Railway services

## Context Temporal UI in otf-postiz was publicly accessible with no authentication. Backend databases, caches, admin tools, and worker services should never have public Railway domains. ## Audit Checklist For every Railway project, check each service: - [ ] **Databases** (PostgreSQL, MySQL) — no public domain, internal only - [ ] **Redis/Valkey** — no public domain, internal only - [ ] **Elasticsearch** — no public domain, internal only - [ ] **Temporal (UI, Admin Tools, Auto Setup)** — no public domain - [ ] **Worker/cron services** — no public domain - [ ] **MinIO/object storage** — no public domain unless required ## Projects to audit - otf-postiz (7 services — already fixed Temporal UI) - otf-listmonk - otf-chatwoot - otf-penpot (6 services) - otf-n8n - otf-mattermost - otf-vaultwarden - otf-twenty-crm - otf-umami - railway-fad ## Steps 1. For each project, list all services and their domains via Railway CLI or dashboard 2. Remove public domains from any service that doesn't serve end-user traffic 3. Verify internal services are still reachable via `*.railway.internal` 4. Document which services should have public domains in each tech asset file