952e75fc9f
Merge main into deploy
2026-01-19 16:03:29 -03:00
7d0155ee62
mailu-sync: bump job
2026-01-19 02:45:19 -03:00
69230e3899
vaultwarden: use mail hostname
2026-01-19 02:31:41 -03:00
47fdd97120
vault: allow vaultwarden mailu secret
2026-01-19 02:23:16 -03:00
30a3782570
vaultwarden: use mailu smtp creds
2026-01-19 02:17:16 -03:00
63c051bd87
mailu-sync: restart listener for update
2026-01-19 01:57:49 -03:00
d88cfb6f61
portal: tune vaultwarden backoff
2026-01-19 01:53:25 -03:00
6a5b30d283
mailu-sync: cap wait in listener
2026-01-19 01:53:13 -03:00
71e6c0b6ff
portal-e2e: add readiness checks
2026-01-19 01:40:42 -03:00
a07a1f82a9
mailu: add portal sender mailbox
2026-01-19 01:40:27 -03:00
61e9fdeca3
portal: allow firefly sync jobs
2026-01-19 01:21:56 -03:00
02aef112a1
nextcloud-mail-sync: pin to arm64 workers
2026-01-19 01:14:29 -03:00
981f7387fa
portal: use mailu sender mailbox
2026-01-19 01:04:08 -03:00
e4a06c4ffb
portal: use mailu smtp secret
2026-01-19 00:56:07 -03:00
02b060b5ec
glue: fix portal smtp host and mail sync export
2026-01-19 00:37:42 -03:00
267579aab2
jenkins: restart to load new jobs
2026-01-18 21:26:05 -03:00
c7fd51ae93
ci: add glue tests and deploy gate
2026-01-18 21:23:11 -03:00
847c98a7db
monitoring: fix glue dashboard queries
2026-01-18 12:26:04 -03:00
e31bab043f
nextcloud-mail-sync: harden auth, bump portal backend
2026-01-18 12:23:50 -03:00
14d75ccf7a
monitoring: label cronjob metrics and move grafana to arm64
2026-01-18 12:20:45 -03:00
60dee25f08
monitoring: add atlas testing dashboard folder
2026-01-18 12:07:45 -03:00
fbf4fe8c4f
monitoring: keep postmark exporter off titan-22
2026-01-18 11:52:36 -03:00
8b86c5dd67
monitoring: avoid titan-22 for core pods
2026-01-18 11:43:28 -03:00
4bc57cf445
monitoring: restore grafana persistence
2026-01-18 11:37:01 -03:00
8fb73e023c
monitoring: disable grafana persistence to recover
2026-01-18 09:55:28 -03:00
7c041d4ce5
keycloak: bump jobs for postmark change
2026-01-18 09:27:18 -03:00
b0698887a4
monitoring: add testing dashboard and switch postmark apikey
2026-01-18 09:21:33 -03:00
2b9a8eb8eb
monitoring: add glue row and fix mail dns
2026-01-18 08:12:06 -03:00
0bf960ea7d
vaultwarden: pin to arm64 workers
2026-01-18 03:09:40 -03:00
71f9a3212c
vaultwarden: add retry safeguards and db tuning
2026-01-18 03:00:24 -03:00
84710b99e8
monitoring: add glue dashboard and tag cronjobs
2026-01-18 02:50:07 -03:00
0f735f475e
nextcloud-mail-sync: harden keycloak fetch
2026-01-18 02:37:26 -03:00
4aae99356f
mailu: backfill mailu_enabled for legacy users
2026-01-18 02:03:13 -03:00
fc7967cfae
keycloak: rerun realm settings job
2026-01-18 01:58:17 -03:00
cb5d38e979
vault: allow portal to read postmark relay
2026-01-18 01:17:52 -03:00
9bc63eaf38
bstein-dev-home: add smtp env for access requests
2026-01-18 01:14:15 -03:00
2302cfb607
mailu: preserve keycloak profile fields
2026-01-18 01:08:31 -03:00
df1ec16429
mailu: gate sync to approved users
2026-01-18 00:47:38 -03:00
37b4c7cc87
bstein-dev-home: bump images to 0.1.1-102
2026-01-18 00:44:11 -03:00
aad0b7960b
bstein-dev-home: bump images to 0.1.1-101
2026-01-18 00:33:09 -03:00
e1f38272eb
comms: route live host login to mas
2026-01-17 20:49:11 -03:00
68976089bc
comms: rerun mas local users and secrets jobs
2026-01-17 20:30:13 -03:00
c7e4bc6f7e
comms: restart mas after db ensure
2026-01-17 20:27:11 -03:00
e75fb91321
comms: re-run mas db ensure
2026-01-17 20:23:32 -03:00
b95cde3650
core: pin coredns to rpi workers
2026-01-17 20:15:51 -03:00
a8dafc238d
comms: pin livekit token hostnames
2026-01-17 19:49:19 -03:00
b59546ad1e
comms: restart livekit to reload vault keys
2026-01-17 19:32:04 -03:00
cf78d9e517
comms: drop livekit token host alias
2026-01-17 19:12:00 -03:00
772e73ad9c
comms: use sh for Element host-config script
2026-01-17 18:38:36 -03:00
7b5483f54b
comms: add Element host-config entrypoint script
2026-01-17 18:29:42 -03:00
8e143abe61
comms: mount host-specific Element config file
2026-01-17 18:22:36 -03:00
a8a8adb6b6
comms: serve host-specific Element config alias
2026-01-17 18:16:45 -03:00
527836a561
comms: pin guest rename job to rpi5 nodes
2026-01-17 18:04:53 -03:00
f6982fe6a2
comms: add harbor pull secret to vault serviceaccount
2026-01-17 17:57:57 -03:00
4be2cd1b85
comms: use guest-tools image for guest rename
2026-01-17 17:51:21 -03:00
3e74d05cb4
comms: prune stale guests after 14 days
2026-01-17 17:30:07 -03:00
96d40e7977
comms: pin mas/synapse host aliases for DNS
2026-01-17 17:21:46 -03:00
b03787395b
comms: make guest register server threaded
2026-01-17 16:59:57 -03:00
3e03ac9e16
comms: harden guest register provisioning
2026-01-17 16:51:40 -03:00
98c7a4db85
comms: add default server name to element config
2026-01-17 16:31:53 -03:00
7e06457add
core: route budget and money to traefik
2026-01-17 08:16:57 -03:00
abafb4e088
finance: run firefly entrypoint after vault env
2026-01-17 08:12:14 -03:00
31f9f1a42d
core: point internal dns at traefik service
2026-01-17 08:05:33 -03:00
bcd5e44219
finance: let firefly init nginx config
2026-01-17 07:54:27 -03:00
8d6d97e244
platform: restore cert-manager and encrypt budget storage
2026-01-17 07:38:38 -03:00
3c4d9f560a
comms: fix matrix login routing and prune guests
2026-01-17 07:32:57 -03:00
46459d562b
core: add finance hosts to coredns
2026-01-17 06:56:45 -03:00
7f3109e4e0
sso: retry mas secret lookup
2026-01-17 03:29:36 -03:00
382557253a
sso: retry keycloak secret jobs
2026-01-17 03:24:30 -03:00
288f58e48c
vault: pin cronjobs to service IP
2026-01-17 03:17:36 -03:00
e0cc02d480
vault: make retry helper resilient
2026-01-17 03:09:33 -03:00
9256080681
finance: source firefly env in shell
2026-01-17 03:03:16 -03:00
dfcf9bcc58
vault: retry vault cli operations
2026-01-17 03:00:25 -03:00
c2d205bc70
finance: roll firefly after secrets
2026-01-17 02:59:38 -03:00
d131e4cdcc
finance: migrate actual db before bootstrap
2026-01-17 02:55:20 -03:00
5d481928bf
portal: retry vaultwarden cred sync
2026-01-17 02:54:38 -03:00
bd990208d6
finance: prepare actual data dirs
2026-01-17 02:50:11 -03:00
8f5efd3df9
vault: retry status checks in config jobs
2026-01-17 02:49:25 -03:00
228d7c9b66
finance: roll actual bootstrap
2026-01-17 02:46:16 -03:00
9e489eaf05
finance: harden actual openid bootstrap
2026-01-17 02:43:25 -03:00
8e9ba564d5
comms: retry mas local users and rerun
2026-01-17 02:43:15 -03:00
aa4370b1ae
finance: drop dependency gating
2026-01-17 02:39:11 -03:00
e745ea115e
finance: bump actual server image
2026-01-17 02:36:08 -03:00
117282f044
comms: retry mas jobs and rerun
2026-01-17 02:34:36 -03:00
1ad15c5b1e
finance: expand actual openid env
2026-01-17 02:29:47 -03:00
3f98f4a897
comms: rerun mas-dependent jobs
2026-01-17 02:28:21 -03:00
1414564c4e
comms: restart mas after db sync
2026-01-17 02:24:50 -03:00
ee55fd5a2b
finance: switch vault seed to python
2026-01-17 02:22:59 -03:00
b7ff01f58f
finance: rerun secrets seed job
2026-01-17 02:17:29 -03:00
08695fe0a5
mailu: retry sync and rerun job
2026-01-17 02:16:13 -03:00
76f13e6664
finance: ensure vault init ordering
2026-01-17 02:10:28 -03:00
4c6a7e8e1f
finance: decouple from mailu readiness
2026-01-17 02:06:55 -03:00
e5c26c971f
mailu: bump sync job
2026-01-17 02:01:53 -03:00
47cb30aa76
comms: bump mas admin secret job
2026-01-17 02:00:14 -03:00
a8cb4d8804
keycloak: bump portal admin secret job
2026-01-17 01:54:15 -03:00
66679c428f
jobs: bump names after affinity update
2026-01-17 01:52:16 -03:00
7cf0344d59
jobs: prefer arm64 workers
2026-01-17 01:47:53 -03:00
9493ede273
sso: harden keycloak jobs and rerun
2026-01-17 01:41:39 -03:00
8263eb577d
sso: rerun realm settings and vault oidc job
2026-01-17 01:36:48 -03:00
806330a890
maintenance: add k3s agent restart daemonset
2026-01-17 01:28:13 -03:00
9e08bc358d
jobs: rerun keycloak realm + mas db ensure
2026-01-17 01:11:45 -03:00
b6f57d7dcf
finance: fix vault seed job
2026-01-17 01:07:46 -03:00
e8ccfa6207
jobs: drop apk installs and prefer arm64
2026-01-17 01:02:58 -03:00
43b552a720
keycloak: bump realm settings job
2026-01-17 01:00:12 -03:00
15021dd2dc
finance: seed vault secrets
2026-01-17 00:54:49 -03:00
05cdf75dc6
finance: add actual budget and firefly
2026-01-16 23:52:56 -03:00
a098ca454f
core: fix coredns tag
2026-01-16 23:27:04 -03:00
c40c1b221b
core: use harbor coredns image
2026-01-16 23:25:28 -03:00
bd6643512f
core: manage coredns deployment
2026-01-16 23:16:04 -03:00
4107a37fe0
core: scale coredns replicas
2026-01-16 23:12:56 -03:00
31952ca53c
longhorn: make settings job idempotent
2026-01-16 20:15:33 -03:00
8f302a7cf6
longhorn: apply settings via api job
2026-01-16 20:11:22 -03:00
3e150e3d2d
longhorn: ensure settings via job
2026-01-16 20:05:36 -03:00
2a47baca3d
longhorn: move images to infra project
2026-01-16 20:00:17 -03:00
5406f432dd
longhorn: force image pulls during migration
2026-01-16 18:26:29 -03:00
eb4aa701d6
cert-manager: pin webhook and cainjector to rpi nodes
2026-01-16 18:17:40 -03:00
dc9b6e1213
planka: allow project creation for all users
2026-01-16 17:58:20 -03:00
fd88e8e04f
keycloak: rerun realm and user overrides
2026-01-16 17:47:34 -03:00
dcfd357658
longhorn: pin vault sync to rpi workers
2026-01-16 17:45:29 -03:00
d54ee91f5a
longhorn: allow kustomization to apply without waiting
2026-01-16 17:39:37 -03:00
574353d884
keycloak: enforce bstein group membership
2026-01-16 17:36:07 -03:00
5ba9501db9
longhorn: use harbor mirrors and vault pull secret
2026-01-16 17:31:29 -03:00
c2bfdb57d3
longhorn: add helm repo and adopt workflow
2026-01-16 16:25:40 -03:00
6477997bd5
traefik: add CRDs
2026-01-16 11:21:58 -03:00
90a25ac73e
platform: add cert-manager and align postgres vault path
2026-01-16 11:14:48 -03:00
f552119323
jellyfin: move cache to emptyDir
2026-01-16 09:43:01 -03:00
85e5584b20
maintenance: avoid blocking on k3s traefik cleanup
2026-01-16 09:38:14 -03:00
fe7bfd590d
maintenance: allow traefik cleanup watch
2026-01-16 09:33:11 -03:00
37571ef738
maintenance: cleanup k3s traefik and wger attrs
2026-01-16 09:27:22 -03:00
b72561e5ec
maintenance: disable k3s traefik; keycloak portal admin roles
2026-01-16 07:53:04 -03:00
913dd7208a
jellyfin: set traefik tls annotations
2026-01-16 04:01:27 -03:00
a603b88eea
vault/keycloak: restore kv access and wger sync rbac
2026-01-16 03:46:07 -03:00
b308ee8d55
vault: allow admin kv browse
2026-01-16 03:20:32 -03:00
05b0242e26
vault: allow UI mount listing for admins
2026-01-16 02:06:31 -03:00
af86a610d9
fix ingress tls routing
2026-01-16 01:40:50 -03:00
109bd3026f
fix logging pipeline secret and scheduling
2026-01-16 00:15:58 -03:00
621550cba1
comms: fix mas vault file paths
2026-01-15 23:56:32 -03:00
4de2e96f4d
gitea: expose ssh via metallb shared IP
2026-01-15 16:39:04 -03:00
04a58b43d6
core: add bstein.dev coredns overrides
2026-01-15 16:29:32 -03:00
ab4f0d4fe2
traefik: wire LB service to custom deployment
2026-01-15 11:26:46 -03:00
ae688d0db6
logging: disable wait for data-prepper helmrelease
2026-01-15 04:47:07 -03:00
6d249466ee
keycloak: align smtp probe user
2026-01-15 04:44:35 -03:00
9bddcd1e76
keycloak: rerun execute-actions email e2e
2026-01-15 04:37:12 -03:00
78a547d6b8
bstein-dev-home: rerun onboarding e2e job
2026-01-15 04:35:06 -03:00
b1ddb110cc
logging: fix data-prepper post-render patch
2026-01-15 04:27:25 -03:00
397eefdaf6
keycloak: rerun realm smtp config
2026-01-15 04:24:16 -03:00
d4f110534f
vault: allow admin policy to update shared secrets
2026-01-15 04:17:14 -03:00
98ca8f6b1a
smtp: use mail.bstein.dev for app relays
2026-01-15 04:04:50 -03:00
e6ce9b0d88
smtp: point services at mailu relay
2026-01-15 03:58:03 -03:00
ebca451243
vault: allow sso role to read portal admin secret
2026-01-15 03:46:58 -03:00
ad0b6d597d
fix: bump keycloak and portal e2e job names
2026-01-15 03:44:27 -03:00
30588fd739
vault: fix data-prepper pipeline and portal admin secret job
2026-01-15 03:42:57 -03:00
5e4cc4a416
logging: patch data-prepper volume via json
2026-01-15 03:30:16 -03:00
54bc294d34
logging: drop namespace from data-prepper patch
2026-01-15 03:27:36 -03:00
b63660c4c5
logging: simplify data-prepper patch
2026-01-15 03:25:33 -03:00
2127a0098c
logging: use strategic patch for pipeline volume
2026-01-15 03:23:42 -03:00
6ebeee384c
logging: switch data-prepper volume to configmap
2026-01-15 03:17:07 -03:00
8e5190a20f
logging: replace pipeline volume with configmap
2026-01-15 03:14:07 -03:00
e9318db2fc
logging: patch data-prepper volume to configmap
2026-01-15 03:12:13 -03:00
05a88bae9e
bstein-dev-home: restore image automation setters
2026-01-15 03:11:57 -03:00
55383a654e
nextcloud: fix cronjob shell flags
2026-01-15 03:08:01 -03:00
11dbb10b50
logging: move data-prepper pipeline to configmap
2026-01-15 02:59:21 -03:00
5b8dd6f322
keycloak: stop writing oauth2-proxy secret
2026-01-15 02:37:04 -03:00
5ac24c85b0
crypto: drop wallet rpc bootstrap job
2026-01-15 02:31:31 -03:00
0f80e905ec
crypto: fix wallet rpc image
2026-01-15 02:26:54 -03:00
f35f0e27b5
vault: prepopulate oidc job
2026-01-15 02:22:52 -03:00
ee1fd7f458
vault: default oidc claims type
2026-01-15 02:20:53 -03:00
d82146cfd6
vault: harden oidc claims type
2026-01-15 02:18:50 -03:00
a4d20efe7d
vault: allow oidc tuning
2026-01-15 02:16:55 -03:00
2b934d4263
vault: use static token reviewer
2026-01-15 02:14:08 -03:00
604bf77bc9
flux: auto-update portal images on feature branch
2026-01-15 02:12:52 -03:00
52239dd17e
vault: allow vault-admin token review
2026-01-15 02:09:34 -03:00
53c4faf2f7
vault: add admin role for config jobs
2026-01-15 02:06:28 -03:00
1eab80648d
vault: finalize sidecar migration
2026-01-15 01:52:24 -03:00
853417194c
health: run wger sync with python3
2026-01-15 01:13:42 -03:00
2e70843db6
mailu: use vault sidecar env
2026-01-15 01:02:41 -03:00
d9ba9cb51c
bstein-dev-home: bump portal images
2026-01-15 00:47:51 -03:00
f44eef36c2
health: allow portal wger sync
2026-01-15 00:41:28 -03:00
ec7e0ef6e1
comms: move synapse secrets to vault
2026-01-15 00:35:41 -03:00
fedeb3bab7
bstein-dev-home: bump portal images
2026-01-15 00:28:15 -03:00
6183b1f57a
jellyfin: prefer gpu nodes by hostname
2026-01-14 23:56:02 -03:00
d60ae9d02d
health: add nginx main config
2026-01-14 23:55:50 -03:00
1ca3ee018f
health: run nginx directly
2026-01-14 23:47:23 -03:00
64b9351b1b
jellyfin: schedule on nvidia accelerators
2026-01-14 23:37:06 -03:00
ee455ec4f0
health: fix nginx pid path
2026-01-14 23:35:07 -03:00
8e1f03f99d
jellyfin: trim vault ldap template
2026-01-14 23:34:39 -03:00
b5eb29af2f
health: stabilize wger startup
2026-01-14 23:26:07 -03:00
662e724c95
vault: sync oidc and wger env
2026-01-14 23:21:39 -03:00
d957e7e7f7
vault: read oidc config from vault
2026-01-14 23:20:04 -03:00
cb15d9cf66
jellyfin: read LDAP config from vault
2026-01-14 23:15:19 -03:00
b23377119e
comms: mount synapse signing key
2026-01-14 22:59:11 -03:00
355088058e
comms: mount vault signing key volume
2026-01-14 22:56:30 -03:00
3b6f9ad650
comms: keep redis env while injecting vault
2026-01-14 22:43:50 -03:00
5fc530b6de
vault: fix hyphenated key templates
2026-01-14 22:37:18 -03:00
c26b8bb44a
comms: fix synapse vault patch
2026-01-14 22:34:02 -03:00
dd0b4e28e7
vault: inject comms and grafana secrets
2026-01-14 22:29:27 -03:00
49d4d13a64
health: fix wger env template newlines
2026-01-14 22:23:48 -03:00
790e41300f
health: avoid surge rollout for wger
2026-01-14 22:16:36 -03:00
a99f680711
health: load wger secrets without shell expansion
2026-01-14 22:11:55 -03:00
bc3bfb9348
harbor: fix vault env templates
2026-01-14 22:07:51 -03:00
79d4cac000
health: escape wger env vars and fix nginx temp paths
2026-01-14 22:03:40 -03:00
efbfca1677
harbor: preserve required volume mounts
2026-01-14 21:29:40 -03:00
665612b781
vault: keep copy loop from clobbering args
2026-01-14 21:24:16 -03:00
f484083653
harbor: fix vault secretKey file path
2026-01-14 21:17:05 -03:00
6c91e0313f
harbor: mount vault entrypoint script
2026-01-14 21:02:50 -03:00
a2646d92f0
harbor: move secrets to vault sidecars
2026-01-14 20:46:46 -03:00
d716edb6ef
jenkins: load vault env via env
2026-01-14 17:57:10 -03:00
dbfc541ccb
jenkins: escape vault env values
2026-01-14 17:53:09 -03:00
fb05c442f5
longhorn: read oauth2-proxy secrets from vault
2026-01-14 17:48:12 -03:00
4f99000aab
vault: inject remaining services with wrappers
2026-01-14 17:29:09 -03:00
df7369f8d3
vault: inject monitoring exporter and health jobs
2026-01-14 14:49:41 -03:00
fa389be9b8
vault: bump job names for injector
2026-01-14 14:33:57 -03:00
223ff4936f
vault: prepopulate injector for jobs
2026-01-14 14:29:29 -03:00
c6914b4488
comms: add vault-secrets emptyDir for mas
2026-01-14 14:24:55 -03:00
be9d4bf32e
comms: shorten vault inject file names
2026-01-14 14:21:58 -03:00
f11fb2e2e1
vault: move comms and mailu workloads to injector
2026-01-14 14:17:26 -03:00
f126dc5412
keycloak: schedule on arm64 workers
2026-01-14 13:49:37 -03:00
558c1a0b32
gitea: tolerate oidc init failures
2026-01-14 13:46:34 -03:00
6d46ca1e3b
gitea: trim vault secret newlines
2026-01-14 13:43:56 -03:00
65d87f0b2e
keycloak: bump job names
2026-01-14 13:42:08 -03:00
4279db1619
vault: stabilize injector templates and add health apps
2026-01-14 13:40:29 -03:00
1c3cb83b0a
keycloak: switch jobs to vault injector
2026-01-14 13:20:57 -03:00
50b446aec3
nextcloud: fix vault template keys
2026-01-14 13:00:21 -03:00
3c5032f12f
gitea: run vault init first
2026-01-14 12:44:49 -03:00
0928c62d91
bstein-dev-home: bump onboarding job
2026-01-14 12:34:02 -03:00
9c99e68ad8
vault: move core apps to injector
2026-01-14 12:28:10 -03:00
ac0d7a40ab
infra: add vault injector
2026-01-14 11:46:13 -03:00
c9483b2d80
vault: sync harbor pulls
2026-01-14 10:07:31 -03:00
e897858d97
monitoring: move grafana smtp to vault
2026-01-14 06:41:34 -03:00
c24c7284e5
vault: add remaining secret syncs
2026-01-14 06:16:42 -03:00
c0bab2d528
jobs: bump names after vault tweaks
2026-01-14 05:47:21 -03:00
ab51d54101
jobs: drop apk in kubectl image
2026-01-14 05:41:01 -03:00
8b01bed322
comms: restore livekit token env
2026-01-14 05:35:51 -03:00
a4ecb0f2aa
jobs: bump names for immutability
2026-01-14 05:32:07 -03:00
48b81d0b22
mailu: bump sync job name
2026-01-14 05:11:27 -03:00
bdc32b7a36
vault(consumption): sync secrets via CSI
2026-01-14 05:07:23 -03:00
58a9eb8a35
vault: send oidc role payload as json
2026-01-14 03:45:03 -03:00
13583a9a87
fix(gitea): inline vault secrets
2026-01-14 03:11:53 -03:00
306ed18c80
fix: resolve gitea mounts and bump portal job
2026-01-14 03:00:10 -03:00
3bcf04f754
vault: write bound_claims as file
2026-01-14 02:56:29 -03:00
3c65695dfc
vault: wire more services to CSI
2026-01-14 02:54:59 -03:00
7d884b2bc8
vault: fix oidc scopes parsing
2026-01-14 02:52:51 -03:00
ca0c618f82
vault: run oidc config with sh
2026-01-14 02:28:38 -03:00
0d9291da7e
vault: align oidc roles with keycloak
2026-01-14 02:24:32 -03:00
8567cfbee2
fix: detect vault initialized state correctly
2026-01-14 01:42:28 -03:00
ed7ff3b810
fix: make vault k8s auth script posix
2026-01-14 01:38:27 -03:00
c096b35078
fix: run vault k8s auth config with sh
2026-01-14 01:35:06 -03:00
5d53d900aa
feat: start vault consumption for outline and planka
2026-01-14 01:30:41 -03:00
023032fd76
keycloak: fix harbor oidc job
2026-01-14 01:24:18 -03:00
f343f58ced
keycloak: bump harbor oidc job
2026-01-14 01:22:30 -03:00
6779e99617
keycloak: ensure harbor oidc scope
2026-01-14 01:21:08 -03:00
ff29339a19
chore: refresh knowledge catalog headers
2026-01-14 01:08:05 -03:00
ac1389b75b
feat: add harbor/vault oidc automation
2026-01-14 01:07:47 -03:00
c2aef63e95
monitoring: allow grafana upgrade remediation
2026-01-13 21:18:42 -03:00
4daa5f0e50
monitoring: align victoria-metrics PVC size
2026-01-13 21:15:10 -03:00
b70d9a6328
comms: restart atlasbot after MAS fixes
2026-01-13 21:09:41 -03:00
49c4cdb10c
comms: rerun mas local user seed
2026-01-13 21:06:45 -03:00
08a6b7e118
comms: disable synapse oidc with MAS
2026-01-13 21:04:29 -03:00
1bbafbac7c
comms: disable synapse password auth with MAS
2026-01-13 21:02:19 -03:00
20f99580ca
comms: fix synapse runtime config injection
2026-01-13 20:59:35 -03:00
45f3315f10
comms: restore MAS and OIDC secrets in synapse
2026-01-13 20:55:36 -03:00
e154f47620
comms: fix signing key job permissions
2026-01-13 20:49:11 -03:00
f5f4649614
comms: add debug logging for signing key job
2026-01-13 20:47:54 -03:00
3554c01c1c
comms: retry synapse signing key job
2026-01-13 20:45:14 -03:00
27b606d857
comms: seed synapse signing key for helm
2026-01-13 20:42:30 -03:00
9d0ce33e5c
harbor: enable keycloak oidc settings
2026-01-13 20:42:26 -03:00
55fa7fc3a7
fix(bstein-dev-home): drop invalid image overrides
2026-01-13 20:27:50 -03:00
7171c1f845
comms: drop legacy synapse configmaps
2026-01-13 20:07:51 -03:00
3e19adad7c
comms: bump ensure job names for new images
2026-01-13 20:03:11 -03:00
6f4cc58941
vault: prep helm releases and image pins
2026-01-13 19:29:14 -03:00
0d81dcd7fd
ops: prepare vault-consumption branch
2026-01-13 19:01:07 -03:00
a5bf5895ee
flux: track main
2026-01-13 17:57:10 -03:00
af6899b9be
Merge branch 'feature/postgres-migration'
2026-01-13 17:53:25 -03:00
3c3a573e3d
platform: move postgres to infrastructure
2026-01-13 17:53:04 -03:00
8e1b3f7e20
Merge pull request 'feature/sso-hardening' ( #9 ) from feature/sso-hardening into main
...
Reviewed-on: #9
2026-01-13 20:23:24 +00:00
flux-bot
9029d60ef3
chore(bstein-dev-home): automated image update
2026-01-13 15:57:24 +00:00
3defd5bee1
merge main into sso-hardening
2026-01-13 12:56:21 -03:00
1430f34851
gitea: auto-link oidc accounts
2026-01-13 12:47:41 -03:00
20f8d4980c
postgres: add flux + vault csi
2026-01-13 12:35:59 -03:00
e576daf98b
iac: localize configmap scripts
2026-01-13 12:07:03 -03:00
6fa2203561
iac: externalize ConfigMap scripts
2026-01-13 10:00:19 -03:00
flux-bot
37c0dd809e
chore(bstein-dev-home): automated image update
2026-01-13 12:48:56 +00:00
flux-bot
e4edebe22d
chore(bstein-dev-home): automated image update
2026-01-13 12:47:56 +00:00
flux-bot
dadabdd213
chore(bstein-dev-home): automated image update
2026-01-13 12:00:52 +00:00
flux-bot
2b7ceb101a
chore(bstein-dev-home): automated image update
2026-01-13 11:59:53 +00:00
flux-bot
6cf2ffb712
chore(bstein-dev-home): automated image update
2026-01-13 02:38:08 +00:00
flux-bot
5e8cdb40e6
chore(bstein-dev-home): automated image update
2026-01-13 02:37:08 +00:00
8a22eb1d1c
planka: default users to project owners
2026-01-12 23:24:09 -03:00
4826cb24c6
outline: move to local storage
2026-01-12 23:14:17 -03:00
46d15d6216
planka: enable project owners via oidc
2026-01-12 23:14:17 -03:00
flux-bot
9d41ab6dd6
chore(bstein-dev-home): automated image update
2026-01-13 01:58:04 +00:00
flux-bot
407ea84e72
chore(bstein-dev-home): automated image update
2026-01-13 01:57:04 +00:00
aac9e20f9b
planka: avoid mounting over assets
2026-01-12 22:47:23 -03:00
f8a95d0e8a
planka: fix init permissions
2026-01-12 22:02:07 -03:00
0ceda5c754
services: fix outline pg ssl and planka init
2026-01-12 21:45:00 -03:00
54a71f69ad
minio: rerun bucket bootstrap job
2026-01-12 21:40:43 -03:00
flux-bot
0a1ef4dd8e
chore(bstein-dev-home): automated image update
2026-01-13 00:30:57 +00:00
flux-bot
fdceb011b8
chore(bstein-dev-home): automated image update
2026-01-13 00:29:57 +00:00
0c6f02a0fb
services: add minio, outline, planka
2026-01-12 21:22:54 -03:00
598f98e27f
chore: remove ci-demo workload
2026-01-12 00:46:16 -03:00
fddf58346d
monitoring: treat cert-manager as infrastructure
2026-01-12 00:26:46 -03:00
98d405bc42
monitoring: regenerate dashboards with expanded infra namespaces
2026-01-11 23:55:43 -03:00
4c07bd7553
monitoring: classify logging/postgres/maintenance as infra
2026-01-11 23:52:40 -03:00
879ff7c16b
monitoring: fix infra scopes and add jetson metrics
2026-01-11 23:46:24 -03:00
84cc7de437
mailu: use postmark token for relay auth
2026-01-11 19:01:31 -03:00
a87a5279c2
knowledge: record k3s versions across node classes
2026-01-11 10:15:55 -03:00
3d1aa29e3d
knowledge: add control-plane storage details
2026-01-11 10:06:35 -03:00
bf2067426e
knowledge: add titan-db and titan-jh details
2026-01-11 09:54:11 -03:00
b60896c183
knowledge: add jetson (titan-20/21) details
2026-01-11 09:44:40 -03:00
0e36e8ce12
knowledge: relocate metis doc; monitoring: add cpu high alert
2026-01-11 08:59:51 -03:00
fee09bc9d8
knowledge: add metis recovery notes
2026-01-11 02:32:20 -03:00
f500e81606
monitoring: maintenance panels, extra alerts, update overview
2026-01-11 02:28:39 -03:00
25907da229
monitoring: remove titan-16 and add titan-20/21 to worker dashboards
2026-01-11 02:20:47 -03:00
4a01632f6b
monitoring: add alert rules and include titan-20/21 in dashboards
2026-01-11 02:02:47 -03:00
987dd126fa
Fix Jetson device plugin args
2026-01-11 01:57:20 -03:00
ea7f1bfb5a
monitoring: fix grafana alerting root policy
2026-01-11 01:40:07 -03:00
b89aa57a13
monitoring: allow smtp sync to get target secret
2026-01-11 00:32:41 -03:00
8f03fbcd5c
monitoring: fix smtp sync image reference
2026-01-11 00:30:45 -03:00
6ac61e7b44
monitoring: wire grafana smtp sync and alerting provisioning
2026-01-11 00:29:20 -03:00
dc80d09018
maintenance: run image sweeper on all nodes
2026-01-10 23:57:26 -03:00
6d16d20240
maintenance: fix image sweeper script indentation
2026-01-10 20:26:46 -03:00
1e7c5567ad
maintenance: sweep unused images on arm workers
2026-01-10 20:20:54 -03:00
d7c4bf19ff
logging: tune rpi4 image gc and rpi5 prune
2026-01-10 06:57:07 -03:00
40ebe52ced
logging: tune kubelet image GC on rpi5
2026-01-10 06:22:56 -03:00
f75e91dbf4
logging: extend fluent-bit helm timeout
2026-01-10 05:55:45 -03:00
cdcb6f5604
logging: add data-prepper pull secret
2026-01-10 05:52:16 -03:00
6f436022ca
logging: force data-prepper repo override
2026-01-10 05:42:39 -03:00
a7ce64adba
logging: use streaming repo for data-prepper
2026-01-10 05:28:03 -03:00
ed32416975
logging: use kaniko debug image
2026-01-10 05:22:27 -03:00
198fc0bb20
logging: drop timestamps option from data-prepper job
2026-01-10 05:15:19 -03:00
7a00f813f7
logging: add rpi5 log retention tuning
2026-01-10 05:06:34 -03:00
e25c8e3701
logging: add Jenkins build for data-prepper
2026-01-10 05:01:17 -03:00
17ab7762f1
logging: pin otel collector image
2026-01-10 00:16:41 -03:00
c887aaeecf
logging: add trace analytics ingestion
2026-01-10 00:13:59 -03:00
flux-bot
76cc512859
chore(bstein-dev-home): automated image update
2026-01-10 03:05:43 +00:00
flux-bot
a4815195e8
chore(bstein-dev-home): automated image update
2026-01-10 03:03:44 +00:00
9c2f2631ce
logging: seed OpenSearch observability
2026-01-09 23:58:12 -03:00
flux-bot
887dada6b6
chore(bstein-dev-home): automated image update
2026-01-10 02:05:39 +00:00
flux-bot
8de57506e8
chore(bstein-dev-home): automated image update
2026-01-10 02:04:39 +00:00
ea6d1e0baa
logging: expand OpenSearch dashboards
2026-01-09 22:55:39 -03:00
cd1c5232cc
logging: add OpenSearch dashboards generator
2026-01-09 22:20:36 -03:00
ec4e491fa5
logging: force dark theme in dashboards
2026-01-09 21:17:08 -03:00
1bfc48fce1
logging: throttle fluent-bit backfill
2026-01-09 18:18:58 -03:00
e37c1e6a41
logging: force opensearch replicas to 0
2026-01-09 18:17:02 -03:00
66d8b98b50
logging: manage opensearch pvc size
2026-01-09 18:11:32 -03:00
a8da8731d0
logging: remove loki and backfill to opensearch
2026-01-09 18:08:39 -03:00
dc9d396b37
logging: extend dashboards helm timeout
2026-01-09 09:07:40 -03:00
f404f22be9
logging: fix opensearch ism job yaml
2026-01-09 09:01:15 -03:00
5653e1fb0e
logging: pin opensearch to rpi5
2026-01-09 09:00:25 -03:00
a581029a58
logging: pin opensearch ISM job to rpi
2026-01-09 08:58:48 -03:00
9242efd8c6
keycloak: fix logs oauth2 cookie secret
2026-01-09 08:57:13 -03:00
3dcf40449b
logging: fix dashboards cpu limits
2026-01-09 08:55:39 -03:00
abc6e45d17
logging: add opensearch dashboards ui
2026-01-09 08:54:07 -03:00
a9410b0c20
logging: route oauth2-proxy via loki gateway
2026-01-09 08:07:46 -03:00
1e9e6c7f0b
logging: keep loki canary on rpi5 workers
2026-01-09 07:26:12 -03:00
91e3b4e96b
logging: pin loki canary to rpi5 nodes
2026-01-09 07:19:59 -03:00
86e3682781
logging: shrink loki caches for rpi nodes
2026-01-09 07:16:10 -03:00
f335a8fa68
logging: fix oauth2 scope and pin loki to rpi
2026-01-09 07:12:40 -03:00
1b8eba8aaf
logging: point systemd input at /var/log/journal
2026-01-08 23:58:42 -03:00
d55b3058d3
logging: set systemd journal path
2026-01-08 23:54:04 -03:00
d8e0852789
logging: fix fluent-bit loki labels
2026-01-08 23:47:52 -03:00
5617cb46e3
logging: disable fluent-bit inotify watcher
2026-01-08 23:44:48 -03:00
b3eff4376e
logging: add loki delete_request_store
2026-01-08 23:22:24 -03:00
3e125924b1
logging: trim loki compactor config
2026-01-08 23:11:00 -03:00
2edf9a48e8
logging: keep loki defaults for canary and gateway
2026-01-08 23:02:34 -03:00
5dc4177948
logging: drop fluent-bit label_keys
2026-01-08 22:41:07 -03:00
6a4d996267
logging: fix loki config and fluent-bit output
2026-01-08 22:40:02 -03:00
2a2e74900b
logging: fix loki single-binary mode
2026-01-08 22:33:27 -03:00
b33be4a7c2
logging: add loki and fluent-bit
2026-01-08 22:31:45 -03:00
91521dac75
comms: kick numeric members from Othrys
2026-01-08 12:44:00 -03:00
d1ebcec739
comms: serialize guest renamer inserts
2026-01-08 12:15:59 -03:00
fa59560f2a
comms: update numeric guest rename logic
2026-01-08 12:12:08 -03:00
70a2e0b972
comms: include full_user_id when renaming
2026-01-08 12:07:46 -03:00
9b35509962
comms: fix guest renamer db sql quoting
2026-01-08 12:03:53 -03:00
741fcd4057
comms: rename numeric guests via db
2026-01-08 11:59:51 -03:00
3d34b42e36
comms: mint guest tokens via MAS login
2026-01-08 11:56:35 -03:00
786089dda1
comms: skip synapse admin list on 403
2026-01-08 06:14:32 -03:00
3b7b6bf6b5
comms: rerun MAS local user ensure (v5)
2026-01-08 06:11:47 -03:00
18311d90f1
comms: make room reset a suspended cronjob
2026-01-08 06:09:34 -03:00
f3436c2671
comms: use full user IDs for MAS logins
2026-01-08 06:05:20 -03:00
228f3312b0
comms: set MAS user passwords via set-password
2026-01-08 06:01:45 -03:00
2fcb833176
comms: rerun MAS local user ensure
2026-01-08 05:51:43 -03:00
3c8ddd6753
comms: make guest renamer MAS-only
2026-01-08 05:47:21 -03:00
2141e1dfa0
keycloak: re-run mas secrets ensure
2026-01-08 05:43:33 -03:00
0a1cab87c3
comms: re-run signing key and synapse oidc
2026-01-08 05:40:28 -03:00
4a7acc8203
comms: tidy stack and guest naming
2026-01-08 05:34:03 -03:00
238a67c8ce
comms: verify mas bot logins
2026-01-08 05:21:30 -03:00
cd0775a64f
comms: rerun othrys room reset
2026-01-08 05:18:20 -03:00
90ae5d675d
comms: add mas bot users and revert synapse auth
2026-01-08 05:12:14 -03:00
742e0259b2
comms: bind synapse to ipv4
2026-01-08 05:03:43 -03:00
4b5812e327
comms: fix synapse seed booleans
2026-01-08 05:00:58 -03:00
7dcd83ce09
comms: seed synapse bot users
2026-01-08 04:55:52 -03:00
2a70b26a4b
comms: route othrys reset via mas
2026-01-08 04:51:13 -03:00
54ec739c3d
comms: retry othrys reset login
2026-01-08 04:45:01 -03:00
c0201b4dde
comms: accept missing rooms in cleanup
2026-01-08 04:42:19 -03:00
2488d7f56c
comms: use mas proxy for leave job
2026-01-08 04:37:33 -03:00
e1f2e033be
comms: retry room leave actions
2026-01-08 04:32:05 -03:00
7b636289ba
comms: retry mas token for room cleanup
2026-01-08 04:29:29 -03:00
f5713ff94b
comms: rerun bstein room cleanup
2026-01-08 04:26:48 -03:00
ec83162f88
comms: retry atlasbot login
2026-01-08 04:22:21 -03:00
9deb6be14e
comms: switch bot auth back to synapse
2026-01-08 04:19:20 -03:00
349e6d0153
comms: enable synapse password login
2026-01-08 04:16:40 -03:00
ced1b4a0c5
comms: revert bot auth to mas
2026-01-08 04:11:20 -03:00
5992ea1d60
comms: bump othrys reset job
2026-01-08 04:07:57 -03:00
29732369c0
comms: fix auth env indentation
2026-01-08 04:05:03 -03:00
54140f6036
comms: use synapse auth for bot jobs
2026-01-08 04:00:27 -03:00
a84b51d640
sso: install kubectl in synapse oidc job
2026-01-08 03:57:35 -03:00
b9e16fc155
sso: run synapse oidc job with kubectl
2026-01-08 03:56:18 -03:00
4ffa39c5a4
comms: ensure core secrets and synapse oidc
2026-01-08 03:53:49 -03:00
96210ca61d
comms: restart mas after secret cleanup
2026-01-08 03:46:02 -03:00
93f36f8faf
sso: recheck mas encryption bytes
2026-01-08 03:44:54 -03:00
2d36ed954f
sso: validate mas encryption length
2026-01-08 03:43:06 -03:00
fe8ebbf729
comms: restart mas after secret regen
2026-01-08 03:39:46 -03:00
72b815b050
sso: strip mas secret newlines
2026-01-08 03:38:51 -03:00
0b799a2aa5
comms: restart mas after encryption fix
2026-01-08 03:36:33 -03:00
03ca26dc57
sso: fix mas encryption secret
2026-01-08 03:35:40 -03:00
af0b98a12b
comms: restart mas after secret fix
2026-01-08 03:33:14 -03:00
e7d6d57808
comms: let mas db secret be job-owned
2026-01-08 03:31:19 -03:00
0c45978127
comms: restart mas after db sync
2026-01-08 03:28:22 -03:00
1ef21ea78f
comms: verify mas db login
2026-01-08 03:26:14 -03:00
b8dae62b1b
comms: ensure mas password is url-safe
2026-01-08 03:23:09 -03:00
a6d6344d86
comms: avoid psql vars for mas
2026-01-08 03:20:28 -03:00
0a6c34631a
comms: simplify mas db creation
2026-01-08 03:18:03 -03:00
938501afdc
comms: fix mas db psql exec
2026-01-08 03:15:25 -03:00
31d226b3af
comms: add mas db secret stub
2026-01-08 03:12:16 -03:00
875450229f
comms: keep mas db job logs on failure
2026-01-08 03:09:27 -03:00
0877ec84e1
comms: allow postgres exec for mas db
2026-01-08 03:06:34 -03:00
15a55c7d55
comms: ensure mas db via postgres exec
2026-01-08 03:04:33 -03:00
a4aabeab57
comms: stabilize mas db job
2026-01-08 03:00:19 -03:00
4579b0fb01
comms: bootstrap mas db secret
2026-01-08 02:53:53 -03:00
2a983ebdf5
comms: fix mas db ensure rbac
2026-01-08 02:47:47 -03:00
c8d2925eb0
comms: ensure mas db secret
2026-01-08 02:45:00 -03:00
d2a99f5657
comms: restart MAS after secret bootstrap
2026-01-08 02:35:09 -03:00
b0040a85cf
keycloak: rerun MAS secrets bootstrap
2026-01-08 02:32:31 -03:00
eac06955e5
comms: grant MAS secret bootstrap cluster role
2026-01-08 02:31:54 -03:00
6678fbce0b
keycloak: rerun MAS secrets bootstrap
2026-01-08 02:25:55 -03:00
a7a9454e69
comms: allow MAS secrets create
2026-01-08 02:25:19 -03:00
864bf866c2
keycloak: use create for MAS secrets
2026-01-08 02:23:40 -03:00
bf34e42bbe
keycloak: make MAS secret job idempotent
2026-01-08 02:21:37 -03:00
2f9a2c2796
keycloak: allow MAS secret apply read access
2026-01-08 02:19:21 -03:00
f1faa303ce
keycloak: rerun MAS secrets bootstrap
2026-01-08 02:17:04 -03:00
22f63a06fa
keycloak: retry MAS secret bootstrap
2026-01-08 02:12:40 -03:00
4f2eb38514
comms: ensure MAS secrets via keycloak admin job
2026-01-08 02:09:23 -03:00
fb390c0187
comms: retry guest rename when MAS restarts
2026-01-08 02:00:52 -03:00
ebf3eaa224
comms: track local knowledge markdown
2026-01-08 01:58:17 -03:00
fc5d0aa682
comms: consolidate stack manifests
2026-01-08 01:55:58 -03:00
54b4fdc626
comms: rename guests via MAS admin sessions
2026-01-08 00:26:20 -03:00
a1dd28448d
comms: rerun synapse admin seeder job
2026-01-08 00:20:55 -03:00
556d6577a3
comms: fix guest randomizer syntax
2026-01-08 00:15:41 -03:00
2f6c12e810
comms: fix guest rename job with MAS admin sessions
2026-01-08 00:13:40 -03:00
2eb19bff66
comms: fix guest registration via MAS admin API
2026-01-07 20:02:03 -03:00
6f30eb0e27
comms: issue guest tokens via MAS
2026-01-07 19:51:33 -03:00
774cb07202
comms: serve register flows for guest UI
2026-01-07 19:09:13 -03:00
b3cc56d6c5
comms: set guest displayname at registration
2026-01-07 11:23:53 -03:00
fc08389b2a
comms: re-enable guest name randomizer
2026-01-07 11:17:33 -03:00
77fc319950
comms: return 405 for GET /register
2026-01-07 11:14:28 -03:00
827a7a2230
comms: restart synapse + guest proxy
2026-01-07 10:46:33 -03:00
ec26c94acc
comms: move guest register module endpoint
2026-01-07 10:42:11 -03:00
d9898bb64b
comms: restore Element guest registration
2026-01-07 10:34:52 -03:00
1ef4429cc8
comms: add guest register module scaffolding
2026-01-07 10:25:10 -03:00
fd93be3bcd
nextcloud: reset storage claims
2026-01-07 10:13:09 -03:00
70f6cfbe94
comms: mint guest sessions via MAS
2026-01-07 10:12:37 -03:00
cda1bfc3a2
comms: restore Synapse guest join
2026-01-07 09:54:41 -03:00
0fc1fffd84
comms: add Synapse guest appservice secret job
2026-01-07 09:49:08 -03:00
f441872f4e
nextcloud: persist web root in pvc
2026-01-07 09:40:25 -03:00
07ccfc338c
comms: implement MAS-backed guest register
2026-01-07 09:36:45 -03:00
97d56cb288
comms: ensure seeder is Synapse admin
2026-01-07 09:31:46 -03:00
de5c830fc6
nextcloud: preserve config merge and stop db reset
2026-01-07 09:20:22 -03:00
1e6647a406
comms: restore Matrix guest join
2026-01-07 09:17:45 -03:00
9cf4bd0167
nextcloud: avoid forcing installed flag
2026-01-07 09:14:20 -03:00
e836bbf220
nextcloud: install oidc app from release tarball
2026-01-07 09:02:22 -03:00
35ee0b32b4
nextcloud: reset external app config and force reinstall
2026-01-07 08:58:50 -03:00
c89dd581b0
nextcloud: install oidc login via app store
2026-01-07 08:51:07 -03:00
0f915c59e6
nextcloud: fix db reset command
2026-01-07 08:46:57 -03:00
ae1e3ad7a7
nextcloud: reset storage mounts and restore office
2026-01-07 08:43:45 -03:00
8d807bf851
nextcloud: stabilize install guardrails
2026-01-07 04:49:55 -03:00
a4fdd9600d
nextcloud-mail-sync: align data mount
2026-01-07 04:43:13 -03:00
1658ac4909
nextcloud: align app/data mounts
2026-01-07 04:41:00 -03:00
c8c7d96a95
nextcloud: restore single data volume mount
2026-01-07 03:52:14 -03:00
17c306be70
nextcloud: rebind user data pvc to restore data
2026-01-07 03:43:57 -03:00
b95c5f26b5
nextcloud: restore app and user-data volumes
2026-01-07 03:39:59 -03:00
a50b557702
mailu: harden postfix relay restrictions
2026-01-07 02:47:12 -03:00
44e7462384
nextcloud: rebind data pvc to prior volume
2026-01-07 01:10:24 -03:00
67b343e010
nextcloud: allow OIDC auto user creation
2026-01-07 00:12:21 -03:00
2f22959769
nextcloud: enforce OIDC-only config
2026-01-07 00:03:57 -03:00
f1ab3def06
nextcloud: force OIDC login
2026-01-06 23:54:33 -03:00
5b9d70bbb6
nextcloud: restore mimetype defaults for external app
2026-01-06 22:16:51 -03:00
ea1604f906
nextcloud: reinstall custom apps with compatible mail
2026-01-06 22:09:16 -03:00
119be31969
nextcloud: pin mail/external app versions for 29
2026-01-06 22:03:01 -03:00
4bc2046a26
nextcloud: register custom apps path
2026-01-06 21:51:19 -03:00
1e03e69220
nextcloud: pin app download URLs
2026-01-06 21:43:36 -03:00
584e8d2d84
nextcloud: install oidc/mail/external apps from releases
2026-01-06 21:39:55 -03:00
5383db0da3
nextcloud: ensure oidc/mail/external apps installed
2026-01-06 21:35:31 -03:00
fcea3e3a22
nextcloud: remove db reset job
2026-01-06 21:27:06 -03:00
acfd6f6fdd
nextcloud: fix su command quoting
2026-01-06 21:24:36 -03:00
6b5c6ab88f
nextcloud: fix install command quoting
2026-01-06 21:22:12 -03:00
2d4de352ba
nextcloud: reinstall when config not installed
2026-01-06 21:18:16 -03:00
16265dd1f3
nextcloud: add one-time db reset job
2026-01-06 21:15:52 -03:00
c44a10402b
nextcloud: run install occ as www-data
2026-01-06 21:07:33 -03:00
4dfffb8081
atlasbot: add PromQL + cluster snapshot
2026-01-06 14:58:29 -03:00
4a445c31a8
atlasbot: fix kb loader import
2026-01-06 14:55:19 -03:00
10f84e11b9
nextcloud: install without runuser
2026-01-06 14:53:58 -03:00
469491b47b
knowledge: add runbooks skeleton
2026-01-06 14:53:19 -03:00
24fea9aa63
nextcloud: run install init as root
2026-01-06 14:52:25 -03:00
4daff40692
atlasbot: add KB + read-only tools
2026-01-06 14:46:36 -03:00
395a1fcd7e
nextcloud: install when config missing
2026-01-06 14:46:16 -03:00
92691c415e
nextcloud: ensure data dir and perms
2026-01-06 14:43:18 -03:00
9d972acce8
nextcloud: reset empty config on boot
2026-01-06 14:40:29 -03:00
7d2d6ad6e4
nextcloud/monitoring: fix perms and mail panels
2026-01-06 14:38:10 -03:00
a285f78626
nextcloud: restore app files for maintenance job
2026-01-06 14:22:26 -03:00
1e0e425839
nextcloud: call occ via absolute path
2026-01-06 14:16:47 -03:00
365179890a
flux: track nextcloud app
2026-01-06 14:14:38 -03:00
11750f56d8
nextcloud: set theming via app config
2026-01-06 14:11:24 -03:00
d6ae7e0c28
mailu: enable smtpd sasl auth
2026-01-06 14:06:55 -03:00
7225e28712
mailu: harden relay + fix postmark exporter
2026-01-06 14:00:14 -03:00
02a273bfe3
titan-jh: enable node exporter
2026-01-06 12:47:34 -03:00
a9e4ade0d6
nextcloud: default mail html
2026-01-06 10:02:50 -03:00
29e8cb5857
monitoring: add titan-jh control plane node
2026-01-06 09:50:40 -03:00
cf94d3a487
mailu: harden relay restrictions
2026-01-06 09:03:28 -03:00
c58583fd74
monitoring: refine mail overview panels
2026-01-06 02:34:52 -03:00
aa58115318
monitoring: refine mail stats and add send-limit usage
2026-01-06 02:06:20 -03:00
1b92af3d3e
monitoring: restart postmark exporter
2026-01-05 22:07:52 -03:00
9f5f2063ad
monitoring: add Postmark today window
2026-01-05 22:06:24 -03:00
7e4b0e1eb0
monitoring: add Postmark mail dashboard
2026-01-05 21:55:59 -03:00
39c62489c3
monitoring: add Postmark bounce exporter
2026-01-05 21:44:29 -03:00
51bff6de73
mailu: remove pod network relay
2026-01-05 21:27:19 -03:00
ad3ca60612
mailu: disable unauthenticated pod relay
2026-01-05 21:21:47 -03:00
4e2991b8af
scripts: add vaultwarden test cleanup
2026-01-05 13:51:25 -03:00
05a888aeb6
monitoring(dashboards): tune namespace share metrics
2026-01-05 13:30:51 -03:00
8099616bfd
scripts: harden atlas cleanup script
2026-01-05 13:30:51 -03:00
flux-bot
3b5b66f7e4
chore(bstein-dev-home): automated image update
2026-01-05 06:20:19 +00:00
flux-bot
bbbdb14fe7
chore(bstein-dev-home): automated image update
2026-01-05 06:19:15 +00:00
flux-bot
11f2c42aed
chore(bstein-dev-home): automated image update
2026-01-05 06:00:18 +00:00
flux-bot
c1b9c83571
chore(bstein-dev-home): automated image update
2026-01-05 05:59:13 +00:00
flux-bot
0925e8391a
chore(bstein-dev-home): automated image update
2026-01-05 05:48:17 +00:00
flux-bot
d3ab1bee94
chore(bstein-dev-home): automated image update
2026-01-05 05:47:12 +00:00
flux-bot
c9b8eb5aab
chore(bstein-dev-home): automated image update
2026-01-05 05:34:16 +00:00
flux-bot
88902423df
chore(bstein-dev-home): automated image update
2026-01-05 05:32:52 +00:00
c3f4f3cc84
scripts: add atlas test cleanup
2026-01-05 00:25:39 -03:00
flux-bot
f102520dcc
chore(bstein-dev-home): automated image update
2026-01-05 03:11:58 +00:00
flux-bot
27da4ac232
chore(bstein-dev-home): automated image update
2026-01-05 03:10:47 +00:00
flux-bot
e9c96e8daa
chore(bstein-dev-home): automated image update
2026-01-05 02:39:56 +00:00
flux-bot
43a66fc52a
chore(bstein-dev-home): automated image update
2026-01-05 02:38:45 +00:00
6cab022e9d
test(portal): tolerate slow approval endpoint
2026-01-04 23:04:50 -03:00
81e4983e3b
test(portal): align onboarding E2E with vaultwarden-first flow
2026-01-04 23:01:01 -03:00
flux-bot
da9820f332
chore(bstein-dev-home): automated image update
2026-01-05 01:55:52 +00:00
flux-bot
3e7a8c0def
chore(bstein-dev-home): automated image update
2026-01-05 01:54:42 +00:00
flux-bot
5700b810bc
chore(bstein-dev-home): automated image update
2026-01-05 01:04:49 +00:00
flux-bot
3736e9e70f
chore(bstein-dev-home): automated image update
2026-01-05 01:03:38 +00:00
flux-bot
dae8c0cb99
chore(bstein-dev-home): automated image update
2026-01-04 16:16:11 +00:00
flux-bot
1e891e2268
chore(bstein-dev-home): automated image update
2026-01-04 16:15:00 +00:00
flux-bot
c41f9306ed
chore(bstein-dev-home): automated image update
2026-01-04 16:06:10 +00:00
flux-bot
c4829f9f02
chore(bstein-dev-home): automated image update
2026-01-04 16:04:59 +00:00
flux-bot
b1027acb1e
chore(bstein-dev-home): automated image update
2026-01-04 15:36:08 +00:00
flux-bot
853ad94fb2
chore(bstein-dev-home): automated image update
2026-01-04 15:34:57 +00:00
1df1c7612b
portal: add test user cleanup tool
2026-01-04 09:39:26 -03:00
flux-bot
a3429e0fd4
chore(bstein-dev-home): automated image update
2026-01-04 12:22:54 +00:00
flux-bot
5594648b0a
chore(bstein-dev-home): automated image update
2026-01-04 12:21:44 +00:00
flux-bot
95a8dc3bbf
chore(bstein-dev-home): automated image update
2026-01-04 11:50:52 +00:00
flux-bot
81b9948744
chore(bstein-dev-home): automated image update
2026-01-04 11:49:41 +00:00
ca772cf25d
test(portal): stop requiring totp
2026-01-04 08:35:49 -03:00
flux-bot
f7a34792fe
chore(bstein-dev-home): automated image update
2026-01-04 11:28:50 +00:00
flux-bot
f7d3f24bcd
chore(bstein-dev-home): automated image update
2026-01-04 11:27:40 +00:00
flux-bot
d76b8204bf
chore(bstein-dev-home): automated image update
2026-01-04 10:36:47 +00:00
flux-bot
9ab0200aaa
chore(bstein-dev-home): automated image update
2026-01-04 10:35:36 +00:00
18cf731b12
fix(portal): pin kubectl image digest
2026-01-04 03:40:13 -03:00
1e2564ba7f
test(portal): sync e2e client secret
2026-01-04 03:35:26 -03:00
75d2d9923b
test(portal): use external Keycloak URL
2026-01-04 03:27:32 -03:00
81f97b8995
test(portal): improve e2e auth errors
2026-01-04 03:01:56 -03:00
5772f0faff
test(portal): approve requests via admin API
2026-01-04 02:58:44 -03:00
d4e3154923
tests(portal): rerun onboarding e2e job (8)
2026-01-04 02:26:42 -03:00
77a6226bc8
fix(bstein-dev-home): harden backend gunicorn
2026-01-04 02:25:40 -03:00
30a56a6369
tests(portal): rerun onboarding e2e job (7)
2026-01-04 02:09:59 -03:00
8d441c366e
tests(portal): refresh keycloak token during e2e
2026-01-04 02:09:36 -03:00
82b24a17be
tests(portal): rerun onboarding e2e job
2026-01-04 01:57:53 -03:00
flux-bot
4075c23da2
chore(bstein-dev-home): automated image update
2026-01-04 04:55:22 +00:00
flux-bot
d088c4ecf6
chore(bstein-dev-home): automated image update
2026-01-04 04:53:11 +00:00
84e82b75dc
tests(portal): verify access requests via email
2026-01-04 01:48:46 -03:00
6fa8dce0e3
test: ensure smtp probe user has email
2026-01-04 01:08:17 -03:00
f1d0304b73
test: send execute-actions-email to existing mailbox
2026-01-04 01:06:05 -03:00
3f15d1c05a
test: fix keycloak execute-actions-email probe
2026-01-04 00:59:24 -03:00
3f541fc249
keycloak: allow e2e client execute-actions-email
2026-01-04 00:58:02 -03:00
6ec27c75b0
tests: add Keycloak email probe
2026-01-04 00:53:13 -03:00
flux-bot
f3100c7326
chore(bstein-dev-home): automated image update
2026-01-04 03:46:18 +00:00
flux-bot
93a478e1eb
chore(bstein-dev-home): automated image update
2026-01-04 03:45:07 +00:00
89f57f6655
bstein-dev-home: relax health probe timeouts
2026-01-03 22:34:39 -03:00
2419a62b32
test: stabilize portal onboarding e2e
2026-01-03 22:27:33 -03:00
6c87ec4697
bstein-dev-home: fix onboarding e2e job url
2026-01-03 22:11:57 -03:00
517127742b
bstein-dev-home: add onboarding e2e job
2026-01-03 21:53:45 -03:00
flux-bot
fa5adb8e7b
chore(bstein-dev-home): automated image update
2026-01-04 00:53:05 +00:00
flux-bot
f5fed8710e
chore(bstein-dev-home): automated image update
2026-01-04 00:51:54 +00:00
flux-bot
756c441c21
chore(bstein-dev-home): automated image update
2026-01-03 23:42:00 +00:00
flux-bot
ab073c9cbe
chore(bstein-dev-home): automated image update
2026-01-03 23:40:49 +00:00
5e64b1f1d8
bstein-dev-home: reduce lab status probe timeout
2026-01-03 20:02:53 -03:00
flux-bot
c8827039a7
chore(bstein-dev-home): automated image update
2026-01-03 22:56:57 +00:00
flux-bot
e626eb1405
chore(bstein-dev-home): automated image update
2026-01-03 22:55:46 +00:00
ac5a5e34e9
vaultwarden: backfill synced_at
2026-01-03 18:43:25 -03:00
d646e9206c
keycloak: rerun realm settings job
2026-01-03 18:27:29 -03:00
2750e3ffb5
keycloak: allow vaultwarden user attributes
2026-01-03 18:25:48 -03:00
39765cd6ba
vaultwarden: skip reinvite when status set
2026-01-03 18:21:04 -03:00
900e2f8f6c
vaultwarden: make cred sync idempotent
2026-01-03 18:18:31 -03:00
2d4510b876
vaultwarden: allow internal SMTP TLS
2026-01-03 17:54:27 -03:00
5490a1d44a
vaultwarden: enable SMTP via Mailu
2026-01-03 17:44:24 -03:00
flux-bot
aabaeab7bf
chore(bstein-dev-home): automated image update
2026-01-03 20:29:46 +00:00
flux-bot
324e1b6097
chore(bstein-dev-home): automated image update
2026-01-03 20:28:35 +00:00
f2a9ba8449
vaultwarden: avoid RWO multi-attach rollout
2026-01-03 17:12:46 -03:00
5f16313f85
vaultwarden: use Recreate strategy
2026-01-03 17:07:48 -03:00
e38807ebdd
flux: resume vaultwarden
2026-01-03 17:00:19 -03:00
flux-bot
75466af0dd
chore(bstein-dev-home): automated image update
2026-01-03 19:59:44 +00:00
flux-bot
c768125011
chore(bstein-dev-home): automated image update
2026-01-03 19:58:33 +00:00
05745f7dcd
vaultwarden: disable signups and sync invites
2026-01-03 16:55:02 -03:00
2e8035975e
keycloak: add token exchange E2E smoke test
2026-01-03 15:58:44 -03:00
cdc0778afd
keycloak: robust policy lookup for token exchange job
2026-01-03 15:50:43 -03:00
835e5e2688
keycloak: make token exchange permissions job idempotent
2026-01-03 15:48:40 -03:00
6ce7829c54
keycloak: fix token exchange permission patching
2026-01-03 15:46:26 -03:00
621b766b32
keycloak: retry token exchange permissions job
2026-01-03 15:45:04 -03:00
3d37050968
keycloak: enable fine-grained token exchange authz
2026-01-03 15:43:07 -03:00
0265770d98
keycloak: allow token exchange to portal
2026-01-03 14:48:28 -03:00
4e65b90e7f
keycloak: add portal e2e client
2026-01-03 14:35:23 -03:00
145e0b7057
keycloak: enable token exchange
2026-01-03 14:29:28 -03:00
58c44ae1ab
keycloak: allow nextcloud mail profile attrs
2026-01-03 12:36:23 -03:00
flux-bot
1e0ebd440c
chore(bstein-dev-home): automated image update
2026-01-03 15:23:24 +00:00
flux-bot
cc3d43c4f1
chore(bstein-dev-home): automated image update
2026-01-03 15:23:13 +00:00
a112fb3aaa
nextcloud-mail-sync: portal RBAC
2026-01-03 12:22:41 -03:00
e878beba2d
nextcloud: per-user mail sync + portal RBAC
2026-01-03 12:18:29 -03:00
598fa79a9f
nextcloud: delegate mail sync to separate kustomization
2026-01-03 07:44:24 -03:00
b9332cc967
fix(nextcloud-mail-sync): fix bash syntax
2026-01-03 07:39:45 -03:00
854ceae5ab
fix(nextcloud-mail-sync): mawk-compatible email regex
2026-01-03 07:18:50 -03:00
e0c5f0345e
fix(nextcloud-mail-sync): capture occ export output reliably
2026-01-03 07:13:58 -03:00
6dd66ad0cc
fix(nextcloud-mail-sync): portable email parsing
2026-01-03 07:06:30 -03:00
6f86e8aab0
nextcloud-mail-sync: manage CronJob via Flux
2026-01-03 07:03:43 -03:00
flux-bot
d8ffca16bb
chore(bstein-dev-home): automated image update
2026-01-03 09:54:01 +00:00
173e067e41
fix(nextcloud): dedupe + update mail accounts
2026-01-03 06:53:23 -03:00
flux-bot
3a0085b85b
chore(bstein-dev-home): automated image update
2026-01-03 09:52:50 +00:00
flux-bot
375dea6cf2
chore(bstein-dev-home): automated image update
2026-01-03 09:29:59 +00:00
flux-bot
eafa80373c
chore(bstein-dev-home): automated image update
2026-01-03 09:28:48 +00:00
8ff1f6ba3f
keycloak: set bstein mailu_email
2026-01-03 06:15:16 -03:00
flux-bot
a6a9b8dabc
chore(bstein-dev-home): automated image update
2026-01-03 08:16:54 +00:00
flux-bot
fcc3904e23
chore(bstein-dev-home): automated image update
2026-01-03 08:15:43 +00:00
flux-bot
c5016a53bc
chore(bstein-dev-home): automated image update
2026-01-03 08:01:52 +00:00
flux-bot
ae3b9a81a4
chore(bstein-dev-home): automated image update
2026-01-03 08:00:42 +00:00
flux-bot
34ee039d8d
chore(bstein-dev-home): automated image update
2026-01-03 07:33:50 +00:00
flux-bot
6993bed790
chore(bstein-dev-home): automated image update
2026-01-03 07:32:40 +00:00
flux-bot
5e0cde6c6e
chore(bstein-dev-home): automated image update
2026-01-03 07:14:49 +00:00
flux-bot
e8cabf4dcc
chore(bstein-dev-home): automated image update
2026-01-03 07:13:39 +00:00
6fa75a2009
keycloak: allow mailu_email + groups
2026-01-03 03:32:38 -03:00
flux-bot
059255a4ea
chore(bstein-dev-home): automated image update
2026-01-03 06:17:45 +00:00
flux-bot
60ec6b292b
chore(bstein-dev-home): automated image update
2026-01-03 06:16:34 +00:00
flux-bot
055732a395
chore(bstein-dev-home): automated image update
2026-01-03 05:41:43 +00:00
flux-bot
e237138185
chore(bstein-dev-home): automated image update
2026-01-03 05:40:32 +00:00
0438263b0d
mailu: sync via mailu_email attribute
2026-01-03 02:35:47 -03:00
5a9cf4de83
keycloak(atlas): default TOTP required action
2026-01-03 01:09:14 -03:00
flux-bot
ef1da38e19
chore(bstein-dev-home): automated image update
2026-01-03 04:04:36 +00:00
flux-bot
b7d1fee79e
chore(bstein-dev-home): automated image update
2026-01-03 04:03:25 +00:00
flux-bot
189b8c89cc
chore(bstein-dev-home): automated image update
2026-01-03 03:47:34 +00:00
flux-bot
2f3b75711a
chore(bstein-dev-home): automated image update
2026-01-03 03:46:24 +00:00
5558991c0b
portal: fix vaultwarden sync job env
2026-01-02 21:11:44 -03:00
flux-bot
11d7e400c2
chore(bstein-dev-home): automated image update
2026-01-03 00:09:19 +00:00
flux-bot
e228a75e2f
chore(bstein-dev-home): automated image update
2026-01-03 00:09:08 +00:00
flux-bot
46b4399eb7
chore(bstein-dev-home): automated image update
2026-01-03 00:05:12 +00:00
06add72919
sso: provision vaultwarden users
2026-01-02 21:04:12 -03:00
flux-bot
5c8564acd5
chore(bstein-dev-home): automated image update
2026-01-02 23:27:16 +00:00
flux-bot
3da8e44967
chore(bstein-dev-home): automated image update
2026-01-02 23:27:05 +00:00
6e6f8f6658
keycloak(atlas): disable browser IdP redirector
2026-01-02 20:09:05 -03:00
4252c5545e
keycloak(atlas): retry realm settings job
2026-01-02 20:04:47 -03:00
9ebdd93186
keycloak(atlas): harden realm settings job
2026-01-02 20:02:11 -03:00
flux-bot
3ea058085f
chore(bstein-dev-home): automated image update
2026-01-02 22:24:11 +00:00
flux-bot
a68b6240aa
chore(bstein-dev-home): automated image update
2026-01-02 22:23:00 +00:00
eaf248477f
keycloak: cleanup LDAP federation
2026-01-02 18:45:45 -03:00
94497e07b2
bstein-dev-home: allow vaultwarden admin secret read
2026-01-02 18:05:17 -03:00
5c10752ba6
bstein-dev-home: read vaultwarden admin token
2026-01-02 18:03:06 -03:00
flux-bot
4b23a3bf2c
chore(bstein-dev-home): automated image update
2026-01-02 20:48:04 +00:00
flux-bot
325bda698c
chore(bstein-dev-home): automated image update
2026-01-02 20:46:53 +00:00
7b903837e3
keycloak: roll update with no surge
2026-01-02 17:15:37 -03:00
61d85126ab
keycloak: clear rollingUpdate for recreate
2026-01-02 17:09:24 -03:00
f8ae031d75
keycloak: use recreate strategy with pvc
2026-01-02 17:02:59 -03:00
38c2bc2c11
keycloak: enable debug logging
2026-01-02 16:57:42 -03:00
97277d6e29
vaultwarden: suspend flux kustomization
2026-01-02 16:26:48 -03:00
6d8d6b7892
vaultwarden: add flux kustomization
2026-01-02 16:17:53 -03:00
ed091f45f9
keycloak: repair ldap federation parentId
2026-01-02 14:12:20 -03:00
5481d6f8b9
sso: fix keycloak ldap provider parentId
2026-01-02 14:02:05 -03:00
c28832415d
sso: remove openldap bootstrap job
2026-01-02 13:50:02 -03:00
15adf11a15
sso: bump openldap bootstrap job
2026-01-02 13:40:11 -03:00
29d343cec6
sso: make openldap bootstrap POSIX sh
2026-01-02 13:34:16 -03:00
badc5ccb63
sso: fix openldap bootstrap job
2026-01-02 13:25:30 -03:00
6589f8f8e8
sso: codify openldap bootstrap and keycloak federation
2026-01-02 13:18:32 -03:00
flux-bot
0ae2b4d8e5
chore(bstein-dev-home): automated image update
2026-01-02 16:13:45 +00:00
flux-bot
68e38afbb3
chore(bstein-dev-home): automated image update
2026-01-02 16:12:33 +00:00
flux-bot
4f146bbe46
chore(bstein-dev-home): automated image update
2026-01-02 15:18:41 +00:00
flux-bot
5259f2433d
chore(bstein-dev-home): automated image update
2026-01-02 15:17:30 +00:00
flux-bot
0fc008fa49
chore(bstein-dev-home): automated image update
2026-01-02 14:19:37 +00:00
flux-bot
85fb3ee2b8
chore(bstein-dev-home): automated image update
2026-01-02 14:18:25 +00:00
flux-bot
d3da71a14a
chore(bstein-dev-home): automated image update
2026-01-02 13:34:33 +00:00
flux-bot
3dd4cd4798
chore(bstein-dev-home): automated image update
2026-01-02 13:33:22 +00:00
flux-bot
780522384e
chore(bstein-dev-home): automated image update
2026-01-02 12:47:30 +00:00
flux-bot
e30ed9d868
chore(bstein-dev-home): automated image update
2026-01-02 12:46:18 +00:00
flux-bot
897ca7105b
chore(bstein-dev-home): automated image update
2026-01-02 07:35:08 +00:00
flux-bot
54e562c799
chore(bstein-dev-home): automated image update
2026-01-02 07:33:56 +00:00
07f2c8adc6
keycloak: apply realm smtp via api
2026-01-02 04:03:27 -03:00
c16635fe8c
keycloak: set realm smtp server
2026-01-02 03:58:37 -03:00
a1b3a9cd42
keycloak: switch realm job to kcadm
2026-01-02 03:55:28 -03:00
flux-bot
f9c0f70dd3
chore(bstein-dev-home): automated image update
2026-01-02 06:55:05 +00:00
flux-bot
8ed2f633fa
chore(bstein-dev-home): automated image update
2026-01-02 06:53:54 +00:00
5b1e5a51e2
keycloak: fix realm job service URL
2026-01-02 03:49:19 -03:00
4853957809
keycloak: pin realm job to rpi nodes
2026-01-02 03:45:44 -03:00
3228bd292d
keycloak: enable reset password
2026-01-02 03:39:08 -03:00
flux-bot
6ee4ef737a
chore(bstein-dev-home): automated image update
2026-01-02 06:17:02 +00:00
flux-bot
857dd48cd9
chore(bstein-dev-home): automated image update
2026-01-02 06:15:51 +00:00
e2a42b247c
mailu: store app password as list
2026-01-02 03:09:46 -03:00
flux-bot
188915de71
chore(bstein-dev-home): automated image update
2026-01-02 06:00:01 +00:00
flux-bot
9a386adecc
chore(bstein-dev-home): automated image update
2026-01-02 05:58:49 +00:00
5450df3101
mailu: roll listener on script changes
...
Generate mailu-sync-listener ConfigMap from scripts/ and enable name-suffix hashing to trigger Deployment rollout.
2026-01-02 02:57:18 -03:00
5d941a7d76
mailu: add wait-mode sync endpoint
...
Also bump portal timeouts and relax access request rate limits.
2026-01-02 02:54:20 -03:00
flux-bot
d37410d0f4
chore(bstein-dev-home): automated image update
2026-01-02 04:52:56 +00:00
flux-bot
91c6df3da2
chore(bstein-dev-home): automated image update
2026-01-02 04:51:45 +00:00
flux-bot
ec34743e18
chore(bstein-dev-home): automated image update
2026-01-02 04:39:56 +00:00
flux-bot
bf90af5a97
chore(bstein-dev-home): automated image update
2026-01-02 04:38:44 +00:00
5ef5dc306e
services: scaffold postgres and vaultwarden manifests
2026-01-02 01:13:25 -03:00
flux-bot
a060baa300
chore(bstein-dev-home): automated image update
2026-01-02 03:59:52 +00:00
flux-bot
071fccfd56
chore(bstein-dev-home): automated image update
2026-01-02 03:58:41 +00:00
flux-bot
8dda417ce2
chore(bstein-dev-home): automated image update
2026-01-02 03:48:52 +00:00
flux-bot
0f78e68bb1
chore(bstein-dev-home): automated image update
2026-01-02 03:47:40 +00:00
5744d65f73
bstein-dev-home: add portal db + relax account gating
2026-01-02 00:42:25 -03:00
flux-bot
1829939afb
chore(bstein-dev-home): automated image update
2026-01-02 02:46:47 +00:00
flux-bot
dd20c3c09e
chore(bstein-dev-home): automated image update
2026-01-02 02:45:36 +00:00
a7b53b8cbb
nextcloud: make mail sync idempotent
2026-01-01 23:24:34 -03:00
flux-bot
7c2ab53b4c
chore(bstein-dev-home): automated image update
2026-01-02 02:23:46 +00:00
flux-bot
fe63fc315c
chore(bstein-dev-home): automated image update
2026-01-02 02:22:34 +00:00
flux-bot
30af748362
chore(bstein-dev-home): automated image update
2026-01-02 01:20:41 +00:00
flux-bot
c024a55383
chore(bstein-dev-home): automated image update
2026-01-02 01:19:29 +00:00
flux-bot
8f458de13f
chore(bstein-dev-home): automated image update
2026-01-02 00:58:40 +00:00
flux-bot
4c381b3766
chore(bstein-dev-home): automated image update
2026-01-02 00:57:28 +00:00
baf37d21c8
bstein-dev-home: enable Keycloak portal
2026-01-01 21:45:53 -03:00
flux-bot
8ebc2ea3fd
chore(bstein-dev-home): automated image update
2026-01-02 00:44:39 +00:00
flux-bot
ab0c129eb3
chore(bstein-dev-home): automated image update
2026-01-02 00:43:28 +00:00
ca09508228
comms(synapse): enable MSC4108 QR login
2026-01-01 18:44:47 -03:00
8975d2039e
comms: leave stuck rooms via MAS admin
2026-01-01 18:26:50 -03:00
7770386f9c
comms(mas): enable internal admin API
2026-01-01 18:22:32 -03:00
44d5263d83
monitoring: dual-provision overview orgs
2026-01-01 18:20:40 -03:00
2eafdfa6ee
comms(mas): drop flux-managed admin client secret
2026-01-01 18:20:03 -03:00
fe53479a52
comms(mas): create admin client runtime secret
2026-01-01 18:19:56 -03:00
793d51740f
comms(mas): stop managing admin client secret data
2026-01-01 18:15:16 -03:00
080afdc6b8
comms(mas): fix admin secret job permissions
2026-01-01 18:12:21 -03:00
a4780845ae
comms(mas): debug admin secret ensure job
2026-01-01 18:09:08 -03:00
4f95a1fabc
comms(mas): make secret ensure job portable
2026-01-01 18:02:31 -03:00
3eabdef431
monitoring: recreate grafana rollouts
2026-01-01 18:00:07 -03:00
21ecc4d035
comms(mas): patch admin secret via stringData
2026-01-01 17:56:39 -03:00
ee7489ae4f
monitoring: split overview org
2026-01-01 17:54:01 -03:00
af44657001
comms(mas): fix admin client secret job
2026-01-01 17:52:18 -03:00
ac1ba5c692
comms(mas): bootstrap admin client secret
2026-01-01 17:48:39 -03:00
b381554cb8
nextcloud: flux-manage mail sync
2026-01-01 17:47:07 -03:00
ca6f48433a
nextcloud: fix mail sync idempotency
2026-01-01 17:36:23 -03:00
66d18407b3
comms: rerun bstein room cleanup after synapse restart
2026-01-01 17:27:24 -03:00
85fffbced3
comms: restart synapse to refresh admin cache
2026-01-01 17:25:09 -03:00
8198aa655a
comms: debug bstein room cleanup
2026-01-01 17:22:55 -03:00
3d4f8ff5f8
comms: delete old test rooms for bstein
2026-01-01 17:20:28 -03:00
66f8f469e0
comms: force leave old rooms (v3)
2026-01-01 17:16:57 -03:00
3de5ec8c08
comms: force leave old rooms (v2)
2026-01-01 17:14:27 -03:00
42598d6700
comms: force leave old rooms
2026-01-01 17:01:55 -03:00
b222b83cb9
monitoring: drop anonymous folder role
2026-01-01 16:53:53 -03:00
ba0cc26cb8
comms: reset othrys without synapse admin
2026-01-01 16:36:55 -03:00
e45e80658b
comms: reset othrys room
2026-01-01 16:29:11 -03:00
d07cb3df44
comms: fix atlas mention detection
2026-01-01 15:32:30 -03:00
9eac335d53
ai-llm: serialize rollout for RWO pvc
2026-01-01 14:48:54 -03:00
ceea2539bc
monitoring: per-panel namespace share filters
2026-01-01 14:44:33 -03:00
e7e5265eb8
comms(atlasbot): rollout on config changes
2026-01-01 14:30:49 -03:00
992f7abba9
comms(atlasbot): respond to @atlas mentions and keep context
2026-01-01 14:28:11 -03:00
bcc1ceef6d
monitoring: ensure gpu idle share renders
2026-01-01 14:21:43 -03:00
91de1c1d8d
gpu: enable time-slicing and refresh dashboards
2026-01-01 14:16:08 -03:00
8577a728e6
communication: drop old namespace manifest
2026-01-01 13:53:35 -03:00
56a8bf0bda
comms(synapse): fix signing key RBAC + rerun job
2026-01-01 13:47:33 -03:00
c87d4f1b96
comms(synapse): fix signingkey secret patch job
2026-01-01 13:37:21 -03:00
d1f3bf8023
comms(synapse): fix signingkey job image
2026-01-01 13:31:37 -03:00
31761fa56f
comms(synapse): ensure signing key secret populated
2026-01-01 13:25:59 -03:00
8449f3efee
communication: deploy into comms namespace
2026-01-01 13:12:45 -03:00
flux-bot
2121f4335b
chore(bstein-dev-home): automated image update
2026-01-01 16:10:02 +00:00
flux-bot
0c5ac6bbbe
chore(bstein-dev-home): automated image update
2026-01-01 16:08:50 +00:00
f8dca8faa2
communication: prune stack for comms cutover
2026-01-01 13:07:11 -03:00
607ecd8da1
comms: create namespace via Flux
2026-01-01 13:03:43 -03:00
d735df9488
communication: stop staging comms namespace (kustomize conflict)
2026-01-01 13:00:56 -03:00
d7e41e6844
communication: create comms namespace
2026-01-01 12:58:55 -03:00
dda8ab3e62
communication: use MAS for internal password logins
2026-01-01 12:57:00 -03:00
5718604bcd
communication(atlasbot): reduce spam and use atlasbot user
2026-01-01 12:50:26 -03:00
94128516a8
keycloak: read POSTGRES_* db secret keys
2026-01-01 12:32:57 -03:00
468aff6d33
jellyfin: fix LDAP auth provider id
2026-01-01 12:22:43 -03:00
flux-bot
5c1ff36d66
chore(bstein-dev-home): automated image update
2026-01-01 15:10:58 +00:00
flux-bot
45eec7f68b
chore(bstein-dev-home): automated image update
2026-01-01 15:09:46 +00:00
3118ada72f
sso(openldap): remove bootstrap ldif
2026-01-01 12:02:21 -03:00
e371d3eb26
sso(openldap): fix bootstrap ldif mount
2026-01-01 11:48:37 -03:00
flux-bot
0f33eb00f9
chore(bstein-dev-home): automated image update
2026-01-01 14:39:55 +00:00
flux-bot
53b30bfc37
chore(bstein-dev-home): automated image update
2026-01-01 14:38:43 +00:00
84e6010204
sso(openldap): restore in-cluster LDAP
2026-01-01 11:37:52 -03:00
b0a2b9c4ee
communication: render LiveKit TURN creds
2026-01-01 11:31:39 -03:00
fe1cb973f5
communication: set LB externalTrafficPolicy Local
2026-01-01 04:19:12 -03:00
20cab080d1
communication: advertise TURN over tcp
2026-01-01 03:54:19 -03:00
0d8febe8f8
metallb: restore speaker log level info
2025-12-31 22:35:16 -03:00
8f5c0c087c
metallb: set speaker lb-class
2025-12-31 22:15:08 -03:00
5df2279688
metallb: enable speaker debug logs
2025-12-31 22:00:09 -03:00
075549ddf7
metallb: run speaker on all nodes
2025-12-31 21:45:12 -03:00
df72873ca7
metallb: schedule speaker on rpi4+rpi5
2025-12-31 21:00:18 -03:00
0de15bad3f
communication: use Cluster LB traffic policy
2025-12-31 20:55:46 -03:00
469763afec
communication: set LB traffic policy local
2025-12-31 19:59:26 -03:00
363a010cd2
communication: serve matrix well-known on matrix.live
2025-12-31 19:19:44 -03:00
abb386421b
communication: fix well-known trailing slash and reload config
2025-12-31 19:17:31 -03:00
cdbdcb9d7a
communication: fix well-known nginx regex escaping
2025-12-31 19:15:01 -03:00
6f0469b93c
communication: serve matrix well-known with trailing slash
2025-12-31 19:13:08 -03:00
653aa1b512
communication: fix LiveKit udp_port range and expose 7883
2025-12-31 18:48:18 -03:00
d4178f0d1f
communication: fix LiveKit udp_port mux syntax
2025-12-31 18:44:54 -03:00
1867d817fe
communication: remove one-shot syn2mas jobs
2025-12-31 18:32:26 -03:00
f20ff13dbe
communication: scale MAS/Synapse back up
2025-12-31 18:29:25 -03:00
5f9e6a968a
communication: prep syn2mas migrate (bcrypt, disable guests)
2025-12-31 18:27:04 -03:00
01db1496f6
communication: rerun syn2mas migrate job
2025-12-31 18:22:22 -03:00
099f40389c
communication: syn2mas migrate mount MAS secrets
2025-12-31 18:16:53 -03:00
6826b09d8b
communication: add MAS syn2mas migrate job
2025-12-31 18:14:44 -03:00
48a9ccae8c
communication: scale down MAS and Synapse for syn2mas
2025-12-31 18:12:45 -03:00
269d0781cd
communication: syn2mas check include synapse secret
2025-12-31 18:08:30 -03:00
235b81497e
communication: fix syn2mas check db URI arg
2025-12-31 18:06:32 -03:00
dda5c749ad
communication: add MAS syn2mas check job
2025-12-31 18:00:57 -03:00
1ab582ac8e
communication: make suspended cronjobs fail-fast
2025-12-31 17:33:20 -03:00
17912d5166
communication: suspend flaky bootstrap cronjobs
2025-12-31 17:28:44 -03:00
d086ef90e7
communication: switch atlasbot to MAS login
2025-12-31 17:26:37 -03:00
6bcb625273
communication: route Matrix SSO redirects to MAS
2025-12-31 17:21:40 -03:00
bec0257b9c
communication: fix MAS image tag
2025-12-31 17:10:45 -03:00
1b39ac6433
communication: bump MAS to v1.8.0
2025-12-31 17:04:11 -03:00
119830e44f
communication: drop msc3861 config for MAS
2025-12-31 16:54:58 -03:00
8323813f56
communication: configure Synapse msc3861 client creds
2025-12-31 16:44:44 -03:00
2aec74ae79
communication: add Synapse msc3861 admin token
2025-12-31 16:38:09 -03:00
f0500fef45
communication: move LiveKit media to 7882/7881
2025-12-31 16:27:09 -03:00
fd148f7fad
communication: fix Matrix well-known auth JSON
2025-12-31 16:18:24 -03:00
19c8ed8db5
communication: disable Synapse OIDC under MAS
2025-12-31 16:11:33 -03:00
6571902ac6
communication: fix Synapse delegated auth
2025-12-31 16:05:32 -03:00
84ca5d9275
communication: restart MAS on config change
2025-12-31 15:59:46 -03:00
b219e89f72
communication: make MAS listen on IPv4
2025-12-31 15:57:33 -03:00
f72bb1b7ad
communication: enable MAS delegated auth
2025-12-31 15:53:35 -03:00
5b09584750
communication: wire MAS secrets via init render
2025-12-31 15:49:21 -03:00
38a2d14ffa
communication: fix MAS config permissions
2025-12-31 15:44:17 -03:00
e6e7f2f87d
communication: fix MAS container entrypoint
2025-12-31 15:41:15 -03:00
5b4078c775
communication: add matrix-authentication-service
2025-12-31 15:37:54 -03:00
480ca49e89
communication: make pin job mutable
2025-12-31 15:23:17 -03:00
f480b17d44
communication: remove plaintext secrets
2025-12-31 15:15:54 -03:00
ef67977a5f
comms: avoid Synapse PVC rollout deadlock
2025-12-31 13:49:49 -03:00
787eced189
chat.ai: gate root with API key
2025-12-31 13:43:24 -03:00
cca5c093ea
comms: move LiveKit media to UDP 443
2025-12-31 13:25:45 -03:00
1f3918dafe
communication: prune guest-helper and synapse-federation
2025-12-31 12:16:59 -03:00
0f41408841
communication: stage guest-helper for prune
2025-12-31 12:15:18 -03:00
2e042dc0a6
communication: disable livekit room auto-create
2025-12-31 12:11:54 -03:00
ca3a5dec6a
communication: add Othrys stack via Flux
2025-12-31 12:00:12 -03:00
30ae48111c
jitsi-launcher: add oauth2-proxy error middleware for redirects
2025-12-25 16:57:40 -03:00
3b2aba2bff
jitsi-launcher: allow any authenticated user (no group gate)
2025-12-25 16:54:33 -03:00
31752314ca
jitsi-launcher: add health endpoint and readiness
2025-12-25 16:40:37 -03:00
3f1dc83b70
jitsi-launcher: pull image from docker hub
2025-12-25 16:35:44 -03:00
81f040fef2
jitsi: add vault-backed jwt launcher
2025-12-25 16:33:56 -03:00
5bc84c9b3e
vault: use dedicated service account for k8s auth
2025-12-25 03:43:17 -03:00
ecac747489
jitsi: fix secrets-store csi driver name
2025-12-25 03:36:55 -03:00
b41eac80b9
vault-csi: deploy vault provider daemonset
2025-12-25 03:20:13 -03:00
d67bff3413
jitsi: use vault jwt via csi
2025-12-25 03:15:06 -03:00
78099cd6b9
platform: add vault csi driver
2025-12-25 03:14:50 -03:00
55462116dc
ci-demo: fix image tag value
2025-12-24 21:49:59 -03:00
9d0ff422b5
jitsi: enforce auth flags on web/jicofo/jvb
2025-12-24 21:27:57 -03:00
1ca0201ec1
vault: revert ui default auth block (not supported)
2025-12-24 20:16:33 -03:00
a09044f528
jitsi: fix prosody auth init shell
2025-12-24 20:12:48 -03:00
2c6d2a9ebd
jitsi: require auth to start rooms; vault ui default oidc
2025-12-24 20:11:29 -03:00
0813003c7b
crypto: handle nested p2pool archive layout
2025-12-24 19:16:47 -03:00
1992a197a1
crypto: fetch p2pool from github with debug
2025-12-24 19:14:44 -03:00
5f28764074
crypto: download p2pool v4.9 arm64 at runtime
2025-12-24 19:09:40 -03:00
cde8f0b8ab
crypto: fetch p2pool binary at runtime
2025-12-24 19:06:40 -03:00
f4434c860e
grafana,jitsi: enable pkce and tcp fallback
2025-12-24 18:15:25 -03:00
0c9ebe4666
jitsi: keep tcp config on pvc only
2025-12-24 17:53:59 -03:00
0dffad8009
jitsi: include sip communicator tcp props
2025-12-24 17:49:47 -03:00
b2904dba30
grafana: allow public overview via oidc
2025-12-24 17:43:07 -03:00
0af536ad57
jellyfin: enforce ldap auth provider on start
2025-12-24 17:25:07 -03:00
a7702eb41f
jellyfin: drop OIDC plugin and strip injected script
2025-12-24 15:28:47 -03:00
5881017882
jitsi: add tcp harvester config for 4443
2025-12-24 15:28:47 -03:00
flux-bot
797bfe2eb5
chore(bstein-dev-home): automated image update
2025-12-22 19:58:37 +00:00
flux-bot
e732bcc03b
chore(bstein-dev-home): automated image update
2025-12-22 19:57:34 +00:00
d594cf2130
jitsi: add sip-communicator tcp harvester props
2025-12-22 13:51:05 -03:00
50050d5d38
jitsi: force tcp harvester via system props
2025-12-22 13:49:28 -03:00
a934b6b7f6
jitsi: fix init container placement
2025-12-22 13:47:18 -03:00
5c4187e612
jitsi: copy tcp custom config via init
2025-12-22 13:45:50 -03:00
55b0e5ab70
jitsi: add tcp harvester config for 4443 (configmap)
2025-12-22 13:44:07 -03:00
4c4928e8f1
jitsi: add tcp harvester config for 4443
2025-12-22 13:43:55 -03:00
5190975300
jitsi: advertise lan and public ips
2025-12-22 12:27:26 -03:00
f72a76f00f
jitsi: use recreate for hostPort rollout
2025-12-22 11:49:31 -03:00
7f15900013
jitsi: advertise wss colibri
2025-12-22 11:37:49 -03:00
bbd86e86ba
jitsi: enable pods and fix colibri ws
2025-12-22 11:24:44 -03:00
flux-bot
dfda3c45cd
chore(bstein-dev-home): automated image update
2025-12-21 04:40:52 +00:00
flux-bot
73951cd628
chore(bstein-dev-home): automated image update
2025-12-21 04:39:48 +00:00
flux-bot
abfc7e9bc2
chore(bstein-dev-home): automated image update
2025-12-21 04:32:51 +00:00
flux-bot
58403f4b54
chore(bstein-dev-home): automated image update
2025-12-21 04:31:48 +00:00
89b70dbe21
fix(ai): increase chat timeout to 60s
2025-12-21 01:31:20 -03:00
flux-bot
5a0fac6cce
chore(bstein-dev-home): automated image update
2025-12-21 04:22:50 +00:00
flux-bot
9fb481c49a
chore(bstein-dev-home): automated image update
2025-12-21 04:21:47 +00:00
c5faba3c66
fix(ai): ensure backend token mount and annotate ollama pods
2025-12-21 01:14:15 -03:00
flux-bot
c71c5319f2
chore(bstein-dev-home): automated image update
2025-12-21 03:50:48 +00:00
flux-bot
4a42034900
chore(bstein-dev-home): automated image update
2025-12-21 03:49:45 +00:00
6ac5a0ac46
chore(ai-llm): annotate pod with model and gpu
2025-12-21 00:47:57 -03:00
9a56228f2f
feat(bstein-dev-home): add SA/RBAC for ai pod discovery
2025-12-21 00:46:25 -03:00
flux-bot
58887723d7
chore(bstein-dev-home): automated image update
2025-12-21 03:36:47 +00:00
flux-bot
fa3a98f42c
chore(bstein-dev-home): automated image update
2025-12-21 03:35:44 +00:00
flux-bot
3e01eeb4ad
chore(bstein-dev-home): automated image update
2025-12-21 03:25:46 +00:00
flux-bot
1e29b69662
chore(bstein-dev-home): automated image update
2025-12-21 03:24:43 +00:00
flux-bot
48b2d39512
chore(bstein-dev-home): automated image update
2025-12-21 03:20:46 +00:00
flux-bot
eba832173a
chore(bstein-dev-home): automated image update
2025-12-21 03:19:43 +00:00
4359d8e43f
chore(bstein-dev-home): scale to 1 replica and pass ai meta env
2025-12-21 00:17:08 -03:00
flux-bot
f9c46158c3
chore(bstein-dev-home): automated image update
2025-12-21 03:05:57 +00:00
d123770f60
fix(bstein-dev-home): patch images via policies directly
2025-12-21 00:05:39 -03:00
flux-bot
fbef0bf676
chore(bstein-dev-home): automated image update
2025-12-21 03:03:45 +00:00
flux-bot
eface2bb21
chore(bstein-dev-home): automated image update
2025-12-21 03:02:41 +00:00
flux-bot
e8b021366c
chore(bstein-dev-home): automated image update
2025-12-21 02:59:51 +00:00
57a0b458e9
bstein-dev-home: re-enable image automation
2025-12-20 23:59:31 -03:00
f6b0324e2f
bstein-dev-home: pin images and stop automation churn
2025-12-20 23:32:17 -03:00
flux-bot
c4336da218
chore(bstein-dev-home): automated image update
2025-12-21 02:29:58 +00:00
ba3d6b24f1
bstein-dev-home: fix image tags, pause automation
2025-12-20 23:29:40 -03:00
flux-bot
f1c4694032
chore(bstein-dev-home): automated image update
2025-12-21 02:27:44 +00:00
440f82cfd3
flux: simplify bstein-dev-home image update message
2025-12-20 23:27:24 -03:00
adc1f29f4a
flux: fix bstein-dev-home automation template
2025-12-20 23:26:42 -03:00
6c31040ace
flux: place bstein-dev-home image automation in app namespace
2025-12-20 23:25:56 -03:00
ca7db04948
flux: let bstein-dev-home automation read policies in app ns
2025-12-20 23:24:29 -03:00
c0b7499238
flux: run bstein-dev-home image automation on sso-hardening
2025-12-20 23:22:08 -03:00
cea143b0c5
jenkins: use main service for tunnel
2025-12-20 18:42:16 -03:00
c7ab046b19
jenkins: add RBAC serviceaccount and use for agents
2025-12-20 18:08:30 -03:00
807374d9d6
bstein-dev-home: default chat model to qwen2.5-coder
2025-12-20 15:22:05 -03:00
a5ce1d3c2f
bstein-dev-home: fix ingress indent for chat.ai host
2025-12-20 15:20:31 -03:00
fb6e71a62a
ai-llm: GPU qwen2.5-coder on titan-24; add chat.ai host
2025-12-20 15:19:03 -03:00
497ac90858
ai-llm: use phi3 mini model
2025-12-20 14:24:52 -03:00
b50977c5a0
ai: allow ollama to share titan-24 gpu
2025-12-20 14:16:22 -03:00
95ebdce813
ai: add ollama service and wire chat backend
2025-12-20 14:10:34 -03:00
0b8480efc0
jellyfin: fix oidc redirect to api/oidc/callback
2025-12-20 13:51:46 -03:00
8a25318cb0
jellyfin: pull oidc plugin from streaming harbor and fix oidc redirect
2025-12-20 13:32:36 -03:00
3b7c7da9df
vault: probes use http VAULT_ADDR for http listener
2025-12-20 00:09:44 -03:00
b0b8f5c093
vault: keep probes HTTPS, drop ingress backend tweaks
2025-12-20 00:03:11 -03:00
acbdc76a31
vault: run http inside cluster (tls terminated at ingress)
2025-12-19 23:54:28 -03:00
6d8c47183f
vault: backend over https with serversTransport
2025-12-19 23:52:19 -03:00
c04c72023f
vault: remove serversTransport, speak http to service
2025-12-19 23:51:32 -03:00
2b827de291
vault: drop unused redirect middleware
2025-12-19 23:50:44 -03:00
c393d8775d
vault: add traefik redirect middleware
2025-12-19 23:49:34 -03:00
e7fdc23164
vault: let traefik speak http to service
2025-12-19 23:48:40 -03:00
c39d9000e4
vault: correct serversTransport reference
2025-12-19 23:16:20 -03:00
1ea6c6d0cb
jellyfin: clean old ldap plugin before oidc init
2025-12-19 21:32:40 -03:00
9ebf49f30e
jellyfin: upgrade to 10.11 and seed oidc plugin
2025-12-19 21:30:04 -03:00
b466f3477e
jellyfin: fix oidc installer script
2025-12-19 21:19:21 -03:00
0cf0a9a252
jellyfin: bootstrap oidc plugin
2025-12-19 21:13:31 -03:00
f79ccf54db
vault: traefik serversTransport must include namespace
2025-12-19 21:08:10 -03:00
ada2fadafa
vault: pin to worker arm64 nodes
2025-12-19 21:02:49 -03:00
89bd03679c
vault: fix traefik serversTransport name
2025-12-19 20:58:29 -03:00
5da0e57aa2
vault: fix manifest and disable mlock
2025-12-19 20:32:10 -03:00
77d0ab6ed4
mailu: switch relay to postmark
2025-12-19 19:58:06 -03:00
f6b5edd590
vault: drop helm, add raw statefulset
2025-12-19 19:30:09 -03:00
dac1b88d1c
Point bstein-dev-home to latest tags
2025-12-19 19:04:23 -03:00
970275a172
Point bstein-dev-home to latest images (0.1.1-0)
2025-12-19 19:03:28 -03:00
d757b152f5
Point bstein-dev-home to 0.1.1-0 images
2025-12-19 18:42:52 -03:00
4c91081a5d
jenkins: switch healthcheck to deployment/service
2025-12-19 18:39:32 -03:00
4ae45bd907
jenkins: bind pvc to retained volume
2025-12-19 18:37:23 -03:00
92a4ca2f83
Flux image automation: track main branch for bstein-dev-home
2025-12-19 18:32:14 -03:00
b24537e2fa
jenkins: drop helm, run via raw manifests
2025-12-19 18:31:48 -03:00
f21df378e9
Flux image automation: track main branch for bstein-dev-home
2025-12-19 18:31:19 -03:00
c9b1c51173
jenkins: fix oidc indent and harbor creds
2025-12-19 18:03:52 -03:00
54f107630c
jenkins: restore harbor robot creds
2025-12-19 17:59:55 -03:00
d957553ee0
jenkins: fix oidc with wellknown config
2025-12-19 17:36:56 -03:00
b2c181247a
jenkins: fix oidc jcasc schema
2025-12-19 16:44:24 -03:00
2bb293bbe4
flux: track feature/sso-hardening
2025-12-19 16:34:29 -03:00
b19191e58c
jenkins: pin oidc via jcasc
2025-12-19 16:24:13 -03:00
2d842d206d
Flux: track main branch
2025-12-19 15:48:23 -03:00
d85407782e
Merge branch 'feature/bstein-dev-home'
2025-12-19 15:44:41 -03:00
1b57ea7adb
Increase Atlas availability stat to 4 decimals
2025-12-19 15:18:14 -03:00
2ab38d6205
Reduce Atlas availability query density
2025-12-19 14:56:29 -03:00
2f6988189b
Expand Atlas availability window to 1y
2025-12-19 13:46:34 -03:00
403a652e2b
Work around occasional OIDC DNS failures with hostAlias
2025-12-18 12:14:07 -03:00
926eb272dc
Pin dev-home deploys to current semver tag
2025-12-18 12:03:01 -03:00
7eb1839b10
Let ImagePolicies rely on semver parsing without regex filters
2025-12-18 11:59:29 -03:00
bb27caa376
Loosen image tag regex for dev-home policies
2025-12-18 11:56:02 -03:00
83c782796c
Allow prerelease semver tags for dev-home images
2025-12-18 11:53:46 -03:00
09f4494c82
Align bstein-dev-home image automation with current branch
2025-12-18 11:47:40 -03:00
79a5d1f23e
Add pipeline utility steps plugin
2025-12-18 11:01:08 -03:00
e8c6d3635d
jenkins: prefer rpi5 and bump controller resources
2025-12-18 10:58:30 -03:00
aae4c66af1
jenkins: prefer rpi5 and bump controller resources
2025-12-18 10:56:43 -03:00
9320e776f0
Apply Jenkins theme via init script
2025-12-18 10:41:37 -03:00
14c1535ad1
Jenkins: add startupProbe delay to avoid premature restarts
2025-12-18 03:12:22 -03:00
9ed31c3927
Jenkins theme: merge into base config to avoid JCasC conflict
2025-12-18 03:01:58 -03:00
d7b77d82e9
Fix Jenkins JCasC theme/job blocks
2025-12-18 02:55:25 -03:00
c26c23c1d5
Jenkins: add dark theme via simple-theme-plugin
2025-12-18 02:50:31 -03:00
21d77d000d
point flux to feature/bstein-dev-home branch
2025-12-18 02:19:59 -03:00
ca91d561b0
flux: lower controller log verbosity
2025-12-18 02:15:32 -03:00
9856a6cf26
flux: reset image automation log level
2025-12-18 02:15:32 -03:00
flux-bot
4af7c35e52
chore(ci-demo): apply image updates
2025-12-18 02:15:32 -03:00
9435b9f65e
chore: simplify image automation commit messages
2025-12-18 02:15:32 -03:00
c397a6cf8e
chore: update image automation templates
2025-12-18 02:15:32 -03:00
00f7304a43
ci-demo: move image policy to flux-system
2025-12-18 02:15:32 -03:00
f3bed1938b
monero ingress + move pegasus to arm64
2025-12-18 02:02:21 -03:00
42a9954db4
Merge pull request 'feature/bstein-dev-home' ( #7 ) from feature/bstein-dev-home into main
...
Reviewed-on: #7
2025-12-18 04:23:01 +00:00
aede36dd55
Add bstein-dev-home deployment and Jenkins job
2025-12-18 01:14:09 -03:00
ff5dfe2377
Merge remote-tracking branch 'origin/feature/ci-gitops' into feature/bstein-dev-home
2025-12-18 01:07:01 -03:00
3ede9d5b77
flux: bump image automation api to v1
2025-12-18 00:46:25 -03:00
960a5c7ab6
flux: enable debug logging for controllers
2025-12-18 00:44:11 -03:00
6c617fb12e
flux: enable debug logging for image automation
2025-12-18 00:40:55 -03:00
f83f8f68a3
flux: update pegasus image automation api
2025-12-18 00:39:39 -03:00
f9f2480cd3
flux: upgrade controllers to v2.7.5
2025-12-18 00:38:32 -03:00
63023fff2e
ci-demo: bump to v0.0.0-2
2025-12-17 23:12:03 -03:00
3530b15d61
ci-demo: set tag v0.0.0-1
2025-12-17 19:49:53 -03:00
2e76bdeada
ci-demo: fix imagepolicy tag regex
2025-12-17 19:45:15 -03:00
4a0ed1910c
jenkins: add ci-demo job
2025-12-17 19:27:23 -03:00
aeafde4ad5
ci-demo: add flux image automation
2025-12-17 19:18:29 -03:00
4785c247f0
harbor: pin components to v2.14.1-arm64
2025-12-17 17:54:50 -03:00
5c71498537
harbor: suspend automation, pin redis
2025-12-17 17:29:03 -03:00
flux-bot
a9d735d4c5
chore(harbor): update images to registry.bstein.dev/infra/harbor-redis:v2.14.1-arm64.14registry.bstein.dev/infra/harbor-core:v2.14.1-arm64.14registry.bstein.dev/infra/harbor-jobservice:v2.14.1-arm64.14registry.bstein.dev/infra/harbor-portal:v2.14.1-arm64.14registry.bstein.dev/infra/harbor-registry:v2.14.1-arm64.14registry.bstein.dev/infra/harbor-registryctl:v2.14.1-arm64.14registry.bstein.dev/infra/harbor-nginx:v2.14.1-arm64.14registry.bstein.dev/infra/harbor-prepare:v2.14.1-arm64.14
2025-12-17 19:38:57 +00:00
7c7bfa5d73
harbor: run image automation in harbor ns
2025-12-17 16:38:37 -03:00
07bc589c9b
harbor: fix imagepolicy tag setters
2025-12-17 16:32:42 -03:00
e63671870b
harbor: fix image automation push schema
2025-12-17 16:25:16 -03:00
608cf7720a
harbor: enable image automation push
2025-12-17 16:17:07 -03:00
c02e6f66db
harbor: fix image policy tag regex
2025-12-17 13:16:57 -03:00
77c7906e10
harbor: automate nginx and prepare
2025-12-17 13:14:31 -03:00
38d9d4f253
flux(atlas): use scoped health checks
2025-12-17 04:47:12 -03:00
cf4a1a311e
flux(atlas): limit kustomization health checks
2025-12-17 04:11:26 -03:00
e997d237dd
harbor: re-pin workloads to titan-05
2025-12-17 03:30:31 -03:00
39f35e15de
harbor: add image automation
2025-12-17 03:21:35 -03:00
673ca4c4bb
jenkins: pin controller to rpi4
2025-12-17 02:53:23 -03:00
8699e12e85
jenkins: disable chart local auth realm
2025-12-17 02:30:41 -03:00
cae923ca67
jenkins: stop JCasC resetting OIDC
2025-12-17 02:23:54 -03:00
b70de660a2
jenkins: poll harbor-arm-build scm
2025-12-17 01:58:10 -03:00
4fd541407e
jenkins: source pipeline creds from secrets
2025-12-17 01:47:33 -03:00
79c18bd1ce
harbor: add helm remediation and timeouts
2025-12-17 01:39:49 -03:00
93d8de338c
chore: stop tracking NOTES.md
2025-12-17 01:29:48 -03:00
59c7d97d7a
jenkins: harden oidc and timeouts
2025-12-17 01:11:07 -03:00
6a79e815ee
jenkins: run jcasc cleanup initcontainer as jenkins user
2025-12-17 00:43:55 -03:00
6eaa655d69
jenkins: clean stale JCasC files on startup
2025-12-17 00:37:37 -03:00
189df99622
jenkins: drop invalid JCasC OIDC realm (use init script)
2025-12-17 00:28:52 -03:00
e261dd8d4d
jenkins: enforce OIDC via JCasC (no node move)
2025-12-17 00:23:15 -03:00
c7829a1743
jenkins: enforce OIDC via JCasC and pin to arm64
2025-12-16 23:38:08 -03:00
8f88dc3471
jenkins: disable scm trigger for harbor arm build
2025-12-16 23:12:27 -03:00
0f52c8b952
fix: use FullControlOnceLoggedIn auth strategy
2025-12-16 20:33:03 -03:00
b52cd0148e
fix: add casc support plugin
2025-12-16 20:27:41 -03:00
7af3a152d8
fix: add job-dsl plugin for JCasC jobs
2025-12-16 20:21:33 -03:00
c9d78972ee
fix: enforce Jenkins OIDC via init groovy only
2025-12-16 20:16:18 -03:00
b8cb91d39a
fix: jenkins casc OIDC using explicit endpoints
2025-12-16 20:13:52 -03:00
94144591b2
fix: pin Jenkins OIDC realm via JCasC
2025-12-16 20:04:21 -03:00
8edf83711c
ci: seed harbor-arm-build pipeline in Jenkins
2025-12-16 19:26:46 -03:00
3870a8259d
chore: remove zot stack
2025-12-16 14:10:04 -03:00
41a39b20e6
harbor: bootstrap arm64 images on titan-05
2025-12-16 11:16:34 -03:00
f8b13bec7a
harbor: run arm64 images on rpi workers
2025-12-16 03:22:01 -03:00
6b1e145689
Add AC Infinity ingestion plan
2025-12-16 01:45:04 -03:00
5652fb4ccd
harbor: use project paths for crypto/pegasus images
2025-12-16 00:15:22 -03:00
a32ed7a2a6
registry: point workloads to harbor
2025-12-16 00:08:11 -03:00
a2bdbfdde2
harbor: set redis affinity to amd64 titan-22 first
2025-12-15 23:14:26 -03:00
c130822f71
harbor: pin to amd64, prefer titan-22
2025-12-15 23:02:58 -03:00
a164ee906e
harbor: prefer rpi nodes
2025-12-15 23:00:11 -03:00
be5da057be
harbor: increase helm timeout
2025-12-15 22:32:29 -03:00
0a96aaed11
harbor: use astreae storageclass for pvc
2025-12-15 22:22:48 -03:00
c85961e1fe
Regenerate dashboards after availability thresholds tweak
2025-12-15 22:14:26 -03:00
43305aa1c4
harbor: use existing secrets and correct admin key
2025-12-15 22:08:52 -03:00
669a7cc69a
harbor: deploy chart via flux
2025-12-15 22:05:40 -03:00
be0c321648
harbor: add helm repo and deploy via helmrelease
2025-12-15 22:05:32 -03:00
d8f4eaac46
zot: allow upstream basic auth from oauth2-proxy
2025-12-15 14:22:48 -03:00
38a1f38074
zot: forward authorization header to ui
2025-12-15 14:14:49 -03:00
6ed036511c
zot ui: send basic creds from oauth2-proxy, remove traefik header
2025-12-15 14:08:18 -03:00
cbbd95cc54
zot: restore UI basic header middleware
2025-12-15 14:01:18 -03:00
f6650c2c21
zot: move basic auth to oauth2-proxy upstream
2025-12-15 13:53:53 -03:00
c261aba74b
zot: fix htpasswd volume to avoid type conflict
2025-12-15 13:00:51 -03:00
bc0c85a9ca
zot: add oauth proxy and user sync scripts
2025-12-15 12:57:02 -03:00
43f5b4ae08
gitea: enable OIDC auto-registration
2025-12-14 23:08:38 -03:00
d76d04dbc1
gitea: add proxy/session headers for OIDC
2025-12-14 22:25:46 -03:00
6656f01d8f
gitea: reference secret via env; remove secret file
2025-12-14 22:16:49 -03:00
b9a20eac55
gitea: remove committed secret and env refs
2025-12-14 22:10:13 -03:00
0db9ad6f41
gitea: pin secret/internal token and include secret manifest
2025-12-14 22:06:25 -03:00
555878cf06
gitea: drop required claim constraint on keycloak auth
2025-12-14 21:58:36 -03:00
d44d9d2307
gitea: enforce keycloak auth source via init container
2025-12-14 21:54:18 -03:00
ba7fe0603d
gitea: remove bootstrap job (immutable error)
2025-12-14 21:49:07 -03:00
52c273efd6
gitea: fix bootstrap job immutability
2025-12-14 21:47:50 -03:00
d86ba7b412
gitea: set trace logging for oidc
2025-12-14 21:44:43 -03:00
d5b08479e7
gitea: relax required signin, set admin group+skip 2fa
2025-12-14 21:42:08 -03:00
ae3d9b2bf9
gitea: enable debug logging for oauth
2025-12-14 21:38:32 -03:00
5268fd1800
jenkins: fix OIDC retriever null
2025-12-14 21:23:15 -03:00
dcd38a1eff
ci: enable oidc for jenkins/gitops/gitea
2025-12-14 20:58:57 -03:00
d4ebadbb2e
jenkins: auto-configure OIDC via init script
2025-12-14 19:22:47 -03:00
dec257938b
jenkins: drop JCasC OIDC script to unblock startup
2025-12-14 18:10:49 -03:00
d88da7e18c
jenkins: restore plugin list without pinned versions
2025-12-14 17:59:48 -03:00
af645fb89d
jenkins: start without plugin installs to unblock bootstrap
2025-12-14 16:02:05 -03:00
b983d20d74
jenkins: use latest plugin versions to avoid 404
2025-12-14 16:00:45 -03:00
02956b18c9
jenkins: add helm release with ingress + astreae storage
2025-12-14 15:57:42 -03:00
7b0990e69a
cleanup: stop tracking extra md files; switch gitops cert to letsencrypt
2025-12-14 15:52:12 -03:00
11d72ce92a
chore: drop stray NOTES.md
2025-12-14 15:43:06 -03:00
0917613489
git: ignore fixed
2025-12-14 15:39:27 -03:00
614b2d7058
gitops-ui: open ingress for acme solver
2025-12-14 15:14:11 -03:00
cdd7510290
gitops-ui: allow acme solver from kube-system traefik
2025-12-14 15:12:38 -03:00
ef8e63c971
gitops-ui: allow acme solver ingress from traefik
2025-12-14 15:08:44 -03:00
66cfd2924f
gitops-ui: cert + switch flux to feature/ci-gitops
2025-12-14 15:04:13 -03:00
a7b9f5fca9
Merge pull request 'feature/mailu' ( #5 ) from feature/mailu into main
...
Reviewed-on: #5
2025-12-14 17:48:02 +00:00
573cde6cad
monitoring: longer data history
2025-12-14 14:47:20 -03:00
ee2f83ffc9
flux: bump gitops-ui kustomization
2025-12-14 14:41:52 -03:00
97b14715c3
flux: add weave gitops ui
2025-12-14 14:38:08 -03:00
8d6650129e
nextcloud: integration with mailu & gitops-ui: initial install
2025-12-14 14:21:40 -03:00
1a76744985
Add tests and dedupe nextcloud mail sync
2025-12-14 14:15:19 -03:00
29436d04cc
Keep nextcloud scripts single-sourced under scripts/
2025-12-14 14:05:01 -03:00
1ec3896638
Extract nextcloud scripts to files
2025-12-14 13:59:16 -03:00
de8d4d9331
Normalize doc layout and README guidance
2025-12-14 13:47:59 -03:00
917178a392
Group namespace plurality rows to one per namespace
2025-12-13 22:17:47 -03:00
88ec7d5690
Fix namespace plurality mask and bump v26
2025-12-13 20:53:11 -03:00
81105b0b7e
Use OR-joined node ranks for plurality tie-break
2025-12-13 19:04:22 -03:00
28b1056324
Deduplicate namespace plurality rows with ranked tie-break
2025-12-13 18:39:31 -03:00
9b45775575
Restore namespace plurality panel data
2025-12-13 18:25:03 -03:00
2baa537ec7
Use table format for namespace plurality panel
2025-12-13 18:23:19 -03:00
8af4a689eb
Simplify namespace plurality table rendering
2025-12-13 18:07:56 -03:00
1adefc41e5
Hide table footer on namespace plurality table
2025-12-13 18:03:51 -03:00
d4c7455804
Make namespace plurality table non-filterable
2025-12-13 17:55:52 -03:00
c03999ad35
Remove filter bar from namespace plurality table
2025-12-13 17:38:57 -03:00
ac4d9d5e35
Disable column filters on namespace plurality table
2025-12-13 17:35:52 -03:00
9daa9404da
Hide filters on namespace plurality table
2025-12-13 17:32:19 -03:00
22cd934b15
Fix namespace plurality table query
2025-12-13 17:29:55 -03:00
f2ca30dcb1
atlas pods: plurality table v11 (deterministic top node)
2025-12-13 17:19:03 -03:00
c289924cb2
atlas pods: plurality table v10
2025-12-13 16:36:25 -03:00
e95cdd6b27
atlas pods: per-namespace top node via topk
2025-12-13 15:51:45 -03:00
b0389b219b
atlas pods: simplify plurality table (no filter)
2025-12-13 15:29:08 -03:00
4929a776cf
monitoring: drop README per convention
2025-12-13 15:25:21 -03:00
8299684264
monitoring: restore README
2025-12-13 15:11:50 -03:00
d367d0164f
atlas pods: stabilize plurality query to avoid 422
2025-12-13 15:11:21 -03:00
4f08872205
atlas pods: show per-namespace top node without vars
2025-12-13 15:02:52 -03:00
e64beee718
atlas pods: drop non-leading nodes in plurality table
2025-12-13 13:39:06 -03:00
c76bef69f2
atlas pods: simplify plurality table query
2025-12-13 12:06:18 -03:00
ca42b32b9e
atlas pods: fix plurality table query
2025-12-13 12:00:31 -03:00
789ace779f
atlas pods: use prom share() for plurality table
2025-12-13 11:53:27 -03:00
c82bbf32f6
atlas pods: fix plurality query with bool max match
2025-12-13 11:51:18 -03:00
f19539eb25
atlas pods: robust per-namespace top-node share
2025-12-13 11:48:44 -03:00
996f008593
atlas pods: select per-namespace top node via max match
2025-12-13 04:15:03 -03:00
b049997959
atlas pods: sort plurality table by node then share
2025-12-13 04:10:10 -03:00
f9ccd292d6
atlas pods: simplify namespace plurality query
2025-12-13 04:06:46 -03:00
0d938ad758
atlas pods: fix namespace plurality query
2025-12-13 04:00:57 -03:00
1acc865db4
restore readmes removed in last commit
2025-12-13 03:57:44 -03:00
e06a6826b7
atlas pods: add namespace plurality by node table
2025-12-13 03:57:20 -03:00
294cf324de
mailu: forcing version 1.4 clamav over 1.2
2025-12-13 00:11:40 -03:00
47730f6260
forcing 12-r3 over 12-r6 for redis
2025-12-12 22:09:04 -03:00
c9c13372a8
atlas overview: include titan-db in control plane panels
2025-12-12 21:55:53 -03:00
5905c0f243
monitoring: drop duplicate titan-db scrape job
2025-12-12 21:48:03 -03:00
df9c0c1ae0
monitoring: scrape titan-db node_exporter
2025-12-12 21:38:10 -03:00
f884ce8146
atlas dashboards: align percent thresholds and disk bars
2025-12-12 21:13:31 -03:00
755a6926ab
atlas overview: refine alert thresholds and availability colors
2025-12-12 20:50:41 -03:00
73deee09af
atlas dashboards: use threshold colors for stats
2025-12-12 20:44:20 -03:00
2e18a4e1c5
atlas dashboards: fix pod share display and zero/red stat thresholds
2025-12-12 20:40:32 -03:00
da8ed7a3b0
atlas dashboards: show pod counts (not %) and make zero-friendly stats
2025-12-12 20:30:00 -03:00
ca1b2351c0
atlas dashboards: show pod counts with top12 bars
2025-12-12 20:20:13 -03:00
0a520e1d4b
atlas dashboards: drop empty nodes and enforce top12 pod bars
2025-12-12 19:09:51 -03:00
1fefca3b3e
atlas dashboards: cap pod count bars at top12
2025-12-12 18:56:13 -03:00
8ed23c673c
atlas dashboards: sort pod counts and add pod row to overview
2025-12-12 18:51:43 -03:00
66f537185d
atlas pods: add pod count bar and tidy pie
2025-12-12 18:45:29 -03:00
c093f98522
atlas dashboards: fix overview links and add pods-by-node pie
2025-12-12 18:32:45 -03:00
4a7822d6f0
atlas internal dashboards: add SLO/burn and api health panels
2025-12-12 18:00:43 -03:00
1a38bffdf3
atlas overview: fix availability scaling
2025-12-12 16:36:47 -03:00
92a7688a2f
atlas overview: show availability percent with 3 decimals
2025-12-12 16:15:37 -03:00
72d4fd60d2
atlas overview: show availability percent and keep uptime centered
2025-12-12 16:11:28 -03:00
9320d809f4
atlas overview: center uptime and reorder top row
2025-12-12 15:56:33 -03:00
27f4e60f30
atlas overview: add uptime and crashloop panels
2025-12-12 15:23:51 -03:00
78a542b81a
standardize cert issuers to letsencrypt
2025-12-12 15:18:40 -03:00
3fbcc435f0
mailu: fix unbound sidecar mounts
2025-12-12 01:19:27 -03:00
cf06e4b92a
mailu: use mvance unbound sidecar and current redis image
2025-12-12 01:12:48 -03:00
842b1c2fb4
mailu: remove force upgrade to avoid pvc replace
2025-12-12 01:09:25 -03:00
a8c7525fc2
mailu: add validating dns sidecar and disable vip hostports
2025-12-12 01:06:38 -03:00
a7704beda6
restore docs after gitignore change
2025-12-12 00:50:02 -03:00
27deb933bc
mailu: fix admin dns and tame vip
2025-12-12 00:49:45 -03:00
0771bc954d
mailu: capture helm release and cert
2025-12-11 23:54:43 -03:00
4fcdc8819a
Merge pull request 'feature/sso' ( #4 ) from feature/sso into main
...
Reviewed-on: #4
2025-12-11 20:43:34 +00:00
55fa2cbce4
zot: restore main branch config
2025-12-11 17:26:15 -03:00
d5a526c5fa
zot: revert to unauthenticated registry
2025-12-11 17:22:16 -03:00
efd258fc71
vault: drop traefik basicauth
2025-12-11 17:09:05 -03:00
3852ebc0f1
zot,vault: remove oauth2-proxy sso
2025-12-11 17:04:19 -03:00
88db462f8f
longhorn/vault: gate via oauth2-proxy
2025-12-07 19:44:02 -03:00
e44def25f8
auth: remove error middleware to allow redirect
2025-12-07 13:19:45 -03:00
7ae8bf9705
oauth2-proxy: drop groups scope to avoid invalid_scope
2025-12-07 13:09:29 -03:00
088fed6720
auth: forward-auth via external auth host (svc traffic flaky)
2025-12-07 13:03:29 -03:00
84e4dc0616
oauth2-proxy: schedule on worker rpis
2025-12-07 12:49:38 -03:00
96a8d271a9
oauth2-proxy: ensure error middleware on auth ingress
2025-12-07 12:03:14 -03:00
84aa870cda
auth: use internal oauth2-proxy svc for forward-auth
2025-12-07 11:25:29 -03:00
876ec19543
auth: add 401 redirect middleware to oauth2-proxy
2025-12-07 11:14:25 -03:00
ec1d33f1ca
auth: point forward-auth to external auth host
2025-12-07 11:09:09 -03:00
1de9d94138
oauth2-proxy: temporarily drop group restriction
2025-12-07 10:42:13 -03:00
571bf759a2
auth: add namespace-local forward-auth middlewares
2025-12-07 10:25:44 -03:00
7525289a0c
auth: wire oauth2-proxy and enable grafana oidc
2025-12-07 02:01:21 -03:00
c7b73555c4
add oauth2-proxy for SSO forward-auth
2025-12-06 14:42:24 -03:00
de727eee07
keycloak: restrict to worker rpis with titan-24 fallback
2025-12-06 01:44:23 -03:00
2122ce3e31
keycloak: require rpi nodes with titan-24 fallback
2025-12-06 01:40:24 -03:00
f2d496c6c0
keycloak: prefer rpi nodes, avoid titan-24
2025-12-06 01:36:33 -03:00
127d09755e
keycloak: honor xforwarded headers and hostname url
2025-12-06 01:23:07 -03:00
9f5e61ebed
keycloak: enable health/metrics management port
2025-12-06 00:51:47 -03:00
b1b39c4dcd
keycloak: set fsGroup for data volume
2025-12-06 00:49:17 -03:00
65d8986279
keycloak: remove optimized flag for first start
2025-12-06 00:43:24 -03:00
b9202b6829
chore: drop AGENTS.md from repo
2025-12-06 00:43:17 -03:00
1e8de60198
notes: capture GPU share change and flux branch
2025-12-03 12:28:45 -03:00
2906e3e5d9
monitoring: show GPU share over dashboard range
2025-12-02 20:28:35 -03:00
7210c0784d
flux: add keycloak kustomization
2025-12-02 18:10:20 -03:00
46b6d471eb
flux: track feature/sso
2025-12-02 18:00:49 -03:00
7e46ffc075
keycloak: add raw manifests backed by shared postgres
2025-12-02 17:58:19 -03:00
d8f466e53e
Merge pull request 'feature/atlas-monitoring' ( #3 ) from feature/atlas-monitoring into main
...
Reviewed-on: #3
2025-12-02 20:52:35 +00:00
ffdb4ed010
notes: add postgres centralization guidance
2025-12-02 17:36:37 -03:00
5af23034de
notes: add sso plan sketch
2025-12-02 17:14:45 -03:00
72a83a1af9
notes: update monitoring and next steps
2025-12-02 17:01:32 -03:00
42b3ac0139
monitoring: show top12 root disks
2025-12-02 15:21:02 -03:00
e53ca4dd91
monitoring: expand worker/control/root rows
2025-12-02 15:15:21 -03:00
134e39d9a4
monitoring: shrink hottest node row height
2025-12-02 15:12:16 -03:00
12fd5229dc
monitoring: fix gpu share query and root bar labels
2025-12-02 14:56:36 -03:00
1963fadec1
monitoring: polish dashboards and folders
2025-12-02 14:41:39 -03:00
d23e2fe78c
monitoring: regen dashboards with gpu details
2025-12-02 13:16:00 -03:00
e7d521f203
monitoring: mirror dcgm-exporter as multi-arch
2025-12-02 12:36:24 -03:00
54e4a1ed93
monitoring: run dcgm-exporter with nvidia runtime
2025-12-02 12:25:30 -03:00
9895695b36
monitoring: always pull dcgm-exporter tag
2025-12-02 12:19:16 -03:00
2fc73097ba
monitoring: add registry pull secret for dcgm-exporter
2025-12-02 12:07:11 -03:00
7b1cc7061a
monitoring: allow dcgm rollout with unavailable node
2025-12-02 11:59:55 -03:00
f44370c41f
monitoring: use mirrored dcgm-exporter tag
2025-12-02 11:54:53 -03:00
3fbaa54f4f
monitoring: reenable dcgm exporter
2025-11-20 13:11:13 -03:00
ea60425d42
traefik: use responding timeouts only
2025-11-18 20:01:16 -03:00
a8cb8c0287
traefik: extend upload timeouts
2025-11-18 19:43:19 -03:00
f7f124ad71
monitoring: control-plane stat and namespace share tweaks
2025-11-18 17:09:13 -03:00
d062c10675
monitoring: refine network metrics and control-plane allowance
2025-11-18 16:18:52 -03:00
97b7b479bc
monitoring: adjust overview spacing and net panels
2025-11-18 15:55:24 -03:00
0b44f2d1d4
monitoring: disable dcgm exporter
2025-11-18 15:10:58 -03:00
bcda1b396d
flux: disable wait for monitoring
2025-11-18 15:04:18 -03:00
a15ee26ae2
flux: scope monitoring health checks
2025-11-18 14:33:24 -03:00
1970b820e7
monitoring: fix dcgm image
2025-11-18 14:19:23 -03:00
e4f0eeca99
monitoring: refresh overview dashboards
2025-11-18 14:08:33 -03:00
00e9c90746
monitoring: rework gpu share + gauges
2025-11-18 12:11:47 -03:00
b1d84d646a
monitoring: clean namespace gpu share and layout
2025-11-18 11:42:24 -03:00
7e4b2f8ba2
monitoring: resolve pie errors and network data
2025-11-18 11:30:33 -03:00
a028fde4f7
monitoring: fix namespace gpu share and network stats
2025-11-18 11:12:03 -03:00
703e1d4e3c
monitoring: add gpu node fallback
2025-11-18 10:47:24 -03:00
16f8b5f30b
monitoring: source gpu pie from limits and node nets
2025-11-18 01:01:10 -03:00
ebfeb78e87
monitoring: fix gpu pie data and network panels
2025-11-18 00:31:51 -03:00
d5e1003de8
monitoring: stabilize namespace pies and labels
2025-11-18 00:19:45 -03:00
a411694bda
monitoring: add gpu pie and tidy net panels
2025-11-18 00:11:39 -03:00
1df06f18f6
Revert GPU pie chart additions
2025-11-17 23:42:55 -03:00
9bd7effdee
monitoring: fix hottest stats and gpu share
2025-11-17 23:40:22 -03:00
991d6defc4
monitoring: reorder namespace pies and add gpu data
2025-11-17 23:18:53 -03:00
43b9265cdf
monitoring: add namespace gpu share
2025-11-17 23:12:16 -03:00
9233ba60fc
monitoring: express namespace share as cluster percent
2025-11-17 22:58:57 -03:00
ccca363fb4
monitoring: fix pie colors & thresholds
2025-11-17 22:39:50 -03:00
f22c19bc5d
monitoring: color namespace pies
2025-11-17 22:36:50 -03:00
0e9b293e95
monitoring: fix namespace share percentages
2025-11-17 22:19:01 -03:00
5a2cafb5db
monitoring: normalize namespace share
2025-11-17 22:06:06 -03:00
5ce1493b3b
monitoring: unify namespace share panels
2025-11-17 21:57:40 -03:00
c85c6b1bc3
monitoring: worker/control-plane splits
2025-11-17 21:48:12 -03:00
64059a08f5
monitoring: restore top1 hottest stats
2025-11-17 21:20:19 -03:00
2073ffe944
monitoring: fix net/io legend labels
2025-11-17 20:19:20 -03:00
a99e1ba227
monitoring: attach nodes to net/io stats
2025-11-17 20:14:11 -03:00
8d42f501e5
monitoring: tidy hottest node labels
2025-11-17 20:04:50 -03:00
7358f9e618
monitoring: show hottest node labels
2025-11-17 20:00:40 -03:00
831d1fe707
monitoring: fix hottest node labels
2025-11-17 19:56:57 -03:00
8c263b36b9
monitoring: show hottest node names
2025-11-17 19:53:39 -03:00
bf31272339
monitoring: reorder overview stats
2025-11-17 19:49:50 -03:00
a34e58d319
monitoring: fix hottest stats and titan-db scrape
2025-11-17 19:38:40 -03:00
6a60e4284a
monitoring: tighten overview stats
2025-11-17 19:24:03 -03:00
0f7d0b7bac
monitoring: polish dashboards
2025-11-17 18:55:11 -03:00
665dfa2e52
monitoring: rebuild atlas dashboards
2025-11-17 16:27:38 -03:00
5858a80c72
monitoring: restructure grafana dashboards
2025-11-17 14:22:46 -03:00
d844e068ec
monitoring: enrich dashboards
2025-11-16 12:58:08 -03:00
77c3e260a3
monitoring: refresh grafana dashboards
2025-11-15 21:03:11 -03:00
2e6b9a47c8
dashboards: improve public view and fix color
2025-11-15 11:59:48 -03:00
48f9c6d715
grafana: set datasource uid
2025-11-15 11:35:27 -03:00
da82ebd469
grafana: use atlas metrics hostname
2025-11-15 11:18:40 -03:00
37b93de3e7
victoria-metrics: revert storageclass change
2025-11-15 11:16:37 -03:00
89c0fbfd44
monitoring: fix domain
2025-11-14 19:13:40 -03:00
cb402d0bb9
monitoring: fix ingress and env formats
2025-11-14 08:51:09 -03:00
597556d1c0
grafana: use string host format
2025-11-14 08:37:46 -03:00
f886e2b873
grafana: fix dashboard provider list
2025-11-14 08:33:53 -03:00
94f0cd939d
monitoring: fix grafana values
2025-11-14 08:29:59 -03:00
bc757265cf
monitoring: add grafana and alertmanager
2025-11-14 00:02:59 -03:00
4d3a4cd2b4
flux-system: track main branch
2025-11-12 01:06:26 -03:00
ac7863802a
monitoring: disable wait on node-exporter
2025-11-09 14:03:14 -03:00
afb926439f
core: disable wait to unblock reconciliation
2025-11-09 13:46:56 -03:00
ebf5a8aef9
core: remove gpu health gate
2025-11-09 13:37:59 -03:00
dca749cc04
gpu: drop runtimeClass from minipc plugin
2025-11-09 13:28:40 -03:00
65b3e3fbb8
monitoring: disable kube-state annotations
2025-11-09 13:20:50 -03:00
45ad2a2b06
monitoring: clean helm values
2025-11-09 13:16:21 -03:00
396acb818a
monitoring: disable chart prometheusScrape
2025-11-09 13:11:40 -03:00
aae55a14f8
monitoring: annotate kube-state svc manually
2025-11-09 13:07:39 -03:00
8ac040a7d8
monitoring: drop duplicate annotations
2025-11-09 13:03:40 -03:00
79a17412af
monitoring: reference prometheus repo
2025-11-09 12:59:03 -03:00
1bdc0efdac
core: point flux to infrastructure path
2025-11-09 12:49:54 -03:00
8b6ddcd44d
platform: fix relative paths
2025-11-09 12:39:32 -03:00
ffbfee1ebd
platform: include cert-manager clusterissuer
2025-11-09 12:38:20 -03:00
85aa07c0cc
chore: fix vmagent relabel indentation
2025-11-09 12:33:11 -03:00
e2e2916139
fix: flux automation and monitoring config
2025-11-09 12:31:38 -03:00
077654fa2d
refactor: restructure atlas flux layout
2025-11-09 11:48:45 -03:00
3c229baece
pegasus on
2025-10-09 23:26:20 -05:00
48995cc6ed
Merge pull request 'minor tweaks' ( #2 ) from fea/titan24-gpu into main
...
Reviewed-on: #2
2025-10-10 02:23:01 +00:00
c94959a687
minor tweaks
2025-10-09 21:21:54 -05:00
d992be1061
Merge pull request 'gpu(titan-24): add RuntimeClass + NVIDIA device-plugin DS; enable containerd nvidia runtime' ( #1 ) from fea/titan24-gpu into main
...
Reviewed-on: #1
2025-10-09 23:29:26 +00:00
79d71f471f
gpu(titan-24): add RuntimeClass + NVIDIA device-plugin DS; enable containerd nvidia runtime
2025-10-09 18:28:20 -05:00
8f724e02be
pegasus chill
2025-10-08 04:26:26 -05:00
d2ffd738ef
storageclass update
2025-10-08 03:13:12 -05:00
16b2c15eda
asteria corrections
2025-10-08 00:50:42 -05:00
761fdd29b2
jellyfin restart
2025-10-07 23:28:40 -05:00
4567b1685c
monitoring add, jellyfin/pegasus update, and traefik tweaks
2025-10-07 23:26:27 -05:00
2182e98c05
jellyfin pvc size increase
2025-10-04 09:00:41 -05:00
503a95a8e8
fixed jellyfin pv issue
2025-10-04 08:50:56 -05:00
9dfe6bb700
jellyfin and pegasus in same group
2025-09-18 10:12:08 -05:00
358da0ea00
jellyfin and pegasus in same group
2025-09-18 09:55:00 -05:00
3b50199e1d
jellyfin and pegasus in same group
2025-09-18 09:38:46 -05:00
5b97966395
jellyfin and pegasus in same group
2025-09-18 08:52:58 -05:00
9a34ee3d2e
pegasus 1.2.32
2025-09-18 02:33:37 -05:00
53d3079bce
gavilon to gavilan
2025-09-17 19:12:03 -05:00
259451e273
added gavilon to account for pegasus
2025-09-17 18:29:33 -05:00
518d7bb160
pegasus 1.2.31
2025-09-17 18:08:49 -05:00
632949c29c
pegasus 1.2.31
2025-09-17 09:38:49 -05:00
6a77f7749f
pegasus 1.2.30
2025-09-17 09:09:24 -05:00
16997fba10
pegasus 1.2.29
2025-09-17 09:00:52 -05:00
3637a99bfb
pegasus 1.2.28
2025-09-17 08:52:11 -05:00
7e2baa343c
pegasus 1.2.27
2025-09-17 08:21:51 -05:00
02bde10852
pegasus 1.2.26
2025-09-17 07:57:36 -05:00
e224215406
pegasus 1.2.25
2025-09-17 07:46:48 -05:00
03d43d097b
pegasus 1.2.24
2025-09-17 07:24:10 -05:00
ca62df5508
pegasus 1.2.22
2025-09-17 01:33:11 -05:00
2f68bc664a
pegasus 1.2.22
2025-09-17 01:02:33 -05:00
3878d39579
pegasus 1.2.21
2025-09-17 00:08:18 -05:00
19ae80e5e0
pegasus 1.2.20
2025-09-16 23:10:58 -05:00
46f02ee826
pegasus 1.2.17
2025-09-16 22:45:15 -05:00
e34744d144
pegasus 1.2.17
2025-09-16 20:08:50 -05:00
fdbd8ef048
pegasus 1.2.17
2025-09-16 18:02:55 -05:00
535c3de0bf
pegasus 1.2.16
2025-09-16 17:18:42 -05:00
2be629a998
pegasus 1.2.15
2025-09-16 16:56:49 -05:00
0b5aed217d
pegasus 1.2.14
2025-09-16 09:53:26 -05:00
eb6aeae2d2
pegasus 1.2.13
2025-09-16 09:12:41 -05:00
3276e4f196
pegasus 1.2.12
2025-09-16 08:54:32 -05:00
e31bf05cc1
pegasus 1.2.11
2025-09-16 08:29:47 -05:00
e0169b5bba
pegasus 1.2.10
2025-09-16 07:19:54 -05:00
ba140fb638
pegasus 1.2.9
2025-09-16 05:33:36 -05:00
10b34c353b
pegasus 1.2.8
2025-09-16 04:09:10 -05:00
26e15f7651
pegasus 1.2.7 - json fix
2025-09-16 03:35:12 -05:00
22683b0dc4
pegasus 1.2.6 - json fix
2025-09-16 03:05:50 -05:00
7468e62023
mapping to list
2025-09-16 02:36:43 -05:00
0d492eb622
pegasus updates 1.2.5
2025-09-16 01:55:36 -05:00
c8a91ebe4f
pegasus updates 1.2.4
2025-09-16 01:01:23 -05:00
ee3b0f3f25
pegasus updates
2025-09-16 00:06:26 -05:00
ab02f4537e
pegasus updates
2025-09-15 22:52:58 -05:00
f51c06efac
pegasus updates
2025-09-15 22:40:00 -05:00
773637273d
pegasus updates
2025-09-15 19:55:20 -05:00
8b1c083fe0
pegasus: pin image digest + command + probes + tls
2025-09-15 13:00:39 -05:00
128fad192c
pegasus flux'd
2025-09-15 12:32:52 -05:00
eac7aaa91b
pegasus flux'd
2025-09-15 12:28:56 -05:00
28903add8f
pegasus fix
2025-09-15 12:09:24 -05:00
eea64c7eb1
pegasus on
2025-09-15 02:45:22 -05:00
c7a184eace
zot fix
2025-09-15 02:15:27 -05:00
ba233fd909
zot fix
2025-09-15 01:03:32 -05:00
04cd5b0c62
zot middleware add
2025-09-09 11:27:42 -05:00
ec744e45bf
zot middleware add
2025-09-09 01:43:13 -05:00
b16eda5894
zot simplification
2025-09-09 01:16:33 -05:00
1ba463001a
zot simplification
2025-09-09 00:22:24 -05:00
2304c41ba8
zot configmap update
2025-09-08 23:08:32 -05:00
7ca10afce7
zot version pin
2025-09-08 22:52:41 -05:00
ead0c486a5
zot troubleshooting
2025-09-08 22:25:41 -05:00
1de7fcc287
zot middleware fix
2025-09-08 21:58:50 -05:00
7efc4a4dfb
jitsi corrections
2025-09-07 14:31:53 -05:00
19bfa0878c
pegasus corrections
2025-09-07 13:34:06 -05:00
fab2d944ff
jitsi setup
2025-09-07 13:20:49 -05:00
