|
|
2c546f8eae
|
Merge main into deploy
|
2026-01-19 16:03:29 -03:00 |
|
|
|
b09679a812
|
mailu-sync: bump job
|
2026-01-19 02:45:19 -03:00 |
|
|
|
89316a5901
|
vaultwarden: use mail hostname
|
2026-01-19 02:31:41 -03:00 |
|
|
|
35816115f8
|
vault: allow vaultwarden mailu secret
|
2026-01-19 02:23:16 -03:00 |
|
|
|
2802c1e8b6
|
vaultwarden: use mailu smtp creds
|
2026-01-19 02:17:16 -03:00 |
|
|
|
d943359606
|
mailu-sync: restart listener for update
|
2026-01-19 01:57:49 -03:00 |
|
|
|
21899b8a79
|
portal: tune vaultwarden backoff
|
2026-01-19 01:53:25 -03:00 |
|
|
|
bed3563ae6
|
mailu-sync: cap wait in listener
|
2026-01-19 01:53:13 -03:00 |
|
|
|
d5a19ca9c3
|
portal-e2e: add readiness checks
|
2026-01-19 01:40:42 -03:00 |
|
|
|
f4b08b93eb
|
mailu: add portal sender mailbox
|
2026-01-19 01:40:27 -03:00 |
|
|
|
aaf7e23603
|
portal: allow firefly sync jobs
|
2026-01-19 01:21:56 -03:00 |
|
|
|
67203d1147
|
nextcloud-mail-sync: pin to arm64 workers
|
2026-01-19 01:14:29 -03:00 |
|
|
|
6935de7a6c
|
portal: use mailu sender mailbox
|
2026-01-19 01:04:08 -03:00 |
|
|
|
fe9132e45e
|
portal: use mailu smtp secret
|
2026-01-19 00:56:07 -03:00 |
|
|
|
b6609a9706
|
glue: fix portal smtp host and mail sync export
|
2026-01-19 00:37:42 -03:00 |
|
|
|
73c829c81f
|
jenkins: restart to load new jobs
|
2026-01-18 21:26:05 -03:00 |
|
|
|
979470eeb8
|
ci: add glue tests and deploy gate
|
2026-01-18 21:23:11 -03:00 |
|
|
|
da200235bb
|
monitoring: fix glue dashboard queries
|
2026-01-18 12:26:04 -03:00 |
|
|
|
ae3b0afbff
|
nextcloud-mail-sync: harden auth, bump portal backend
|
2026-01-18 12:23:50 -03:00 |
|
|
|
0eb526c907
|
monitoring: label cronjob metrics and move grafana to arm64
|
2026-01-18 12:20:45 -03:00 |
|
|
|
c70054a30e
|
monitoring: add atlas testing dashboard folder
|
2026-01-18 12:07:45 -03:00 |
|
|
|
084242746e
|
monitoring: keep postmark exporter off titan-22
|
2026-01-18 11:52:36 -03:00 |
|
|
|
a5bec3e543
|
monitoring: avoid titan-22 for core pods
|
2026-01-18 11:43:28 -03:00 |
|
|
|
6e3faeb9fd
|
monitoring: restore grafana persistence
|
2026-01-18 11:37:01 -03:00 |
|
|
|
0b15007e2c
|
monitoring: disable grafana persistence to recover
|
2026-01-18 09:55:28 -03:00 |
|
|
|
435ed5d426
|
keycloak: bump jobs for postmark change
|
2026-01-18 09:27:18 -03:00 |
|
|
|
1fb3d179ef
|
monitoring: add testing dashboard and switch postmark apikey
|
2026-01-18 09:21:33 -03:00 |
|
|
|
d7812623cd
|
monitoring: add glue row and fix mail dns
|
2026-01-18 08:12:06 -03:00 |
|
|
|
4874ccda4d
|
vaultwarden: pin to arm64 workers
|
2026-01-18 03:09:40 -03:00 |
|
|
|
8b8d2c4aa8
|
vaultwarden: add retry safeguards and db tuning
|
2026-01-18 03:00:24 -03:00 |
|
|
|
343d41ecc7
|
monitoring: add glue dashboard and tag cronjobs
|
2026-01-18 02:50:07 -03:00 |
|
|
|
a6ac0c363e
|
nextcloud-mail-sync: harden keycloak fetch
|
2026-01-18 02:37:26 -03:00 |
|
|
|
0d27107411
|
mailu: backfill mailu_enabled for legacy users
|
2026-01-18 02:03:13 -03:00 |
|
|
|
c9cb088198
|
keycloak: rerun realm settings job
|
2026-01-18 01:58:17 -03:00 |
|
|
|
7cd2f3c587
|
vault: allow portal to read postmark relay
|
2026-01-18 01:17:52 -03:00 |
|
|
|
4c4c0867a7
|
bstein-dev-home: add smtp env for access requests
|
2026-01-18 01:14:15 -03:00 |
|
|
|
9c2cb1b037
|
mailu: preserve keycloak profile fields
|
2026-01-18 01:08:31 -03:00 |
|
|
|
418d201da0
|
mailu: gate sync to approved users
|
2026-01-18 00:47:38 -03:00 |
|
|
|
f753f114c7
|
bstein-dev-home: bump images to 0.1.1-102
|
2026-01-18 00:44:11 -03:00 |
|
|
|
74f089dc21
|
bstein-dev-home: bump images to 0.1.1-101
|
2026-01-18 00:33:09 -03:00 |
|
|
|
a9b94c87be
|
comms: route live host login to mas
|
2026-01-17 20:49:11 -03:00 |
|
|
|
792b7b1417
|
comms: rerun mas local users and secrets jobs
|
2026-01-17 20:30:13 -03:00 |
|
|
|
0ddbb5ec79
|
comms: restart mas after db ensure
|
2026-01-17 20:27:11 -03:00 |
|
|
|
e64ba4ca3c
|
comms: re-run mas db ensure
|
2026-01-17 20:23:32 -03:00 |
|
|
|
758610dff0
|
core: pin coredns to rpi workers
|
2026-01-17 20:15:51 -03:00 |
|
|
|
b576da53c2
|
comms: pin livekit token hostnames
|
2026-01-17 19:49:19 -03:00 |
|
|
|
f91459e55a
|
comms: restart livekit to reload vault keys
|
2026-01-17 19:32:04 -03:00 |
|
|
|
e729adc6ef
|
comms: drop livekit token host alias
|
2026-01-17 19:12:00 -03:00 |
|
|
|
96b93a1687
|
comms: use sh for Element host-config script
|
2026-01-17 18:38:36 -03:00 |
|
|
|
578ef5e830
|
comms: add Element host-config entrypoint script
|
2026-01-17 18:29:42 -03:00 |
|
|
|
ebb300b939
|
comms: mount host-specific Element config file
|
2026-01-17 18:22:36 -03:00 |
|
|
|
be10e01c2f
|
comms: serve host-specific Element config alias
|
2026-01-17 18:16:45 -03:00 |
|
|
|
5f1b61d25e
|
comms: pin guest rename job to rpi5 nodes
|
2026-01-17 18:04:53 -03:00 |
|
|
|
0e3c8ef952
|
comms: add harbor pull secret to vault serviceaccount
|
2026-01-17 17:57:57 -03:00 |
|
|
|
6997d5e202
|
comms: use guest-tools image for guest rename
|
2026-01-17 17:51:21 -03:00 |
|
|
|
f9830c6678
|
comms: prune stale guests after 14 days
|
2026-01-17 17:30:07 -03:00 |
|
|
|
1293ffe0a5
|
comms: pin mas/synapse host aliases for DNS
|
2026-01-17 17:21:46 -03:00 |
|
|
|
69d67b39a5
|
comms: make guest register server threaded
|
2026-01-17 16:59:57 -03:00 |
|
|
|
931e41a76f
|
comms: harden guest register provisioning
|
2026-01-17 16:51:40 -03:00 |
|
|
|
f15b80872e
|
comms: add default server name to element config
|
2026-01-17 16:31:53 -03:00 |
|
|
|
df3a56656d
|
core: route budget and money to traefik
|
2026-01-17 08:16:57 -03:00 |
|
|
|
309931f7a5
|
finance: run firefly entrypoint after vault env
|
2026-01-17 08:12:14 -03:00 |
|
|
|
6cf46cf789
|
core: point internal dns at traefik service
|
2026-01-17 08:05:33 -03:00 |
|
|
|
16b7fcd120
|
finance: let firefly init nginx config
|
2026-01-17 07:54:27 -03:00 |
|
|
|
8192dfeebe
|
platform: restore cert-manager and encrypt budget storage
|
2026-01-17 07:38:38 -03:00 |
|
|
|
71bab17665
|
comms: fix matrix login routing and prune guests
|
2026-01-17 07:32:57 -03:00 |
|
|
|
356dba3a33
|
core: add finance hosts to coredns
|
2026-01-17 06:56:45 -03:00 |
|
|
|
268a1d9449
|
sso: retry mas secret lookup
|
2026-01-17 03:29:36 -03:00 |
|
|
|
acfab6a150
|
sso: retry keycloak secret jobs
|
2026-01-17 03:24:30 -03:00 |
|
|
|
728f2cd2ee
|
vault: pin cronjobs to service IP
|
2026-01-17 03:17:36 -03:00 |
|
|
|
ef5ac62544
|
vault: make retry helper resilient
|
2026-01-17 03:09:33 -03:00 |
|
|
|
ee622cbb0b
|
finance: source firefly env in shell
|
2026-01-17 03:03:16 -03:00 |
|
|
|
a9c2d3c5e8
|
vault: retry vault cli operations
|
2026-01-17 03:00:25 -03:00 |
|
|
|
008130f8d0
|
finance: roll firefly after secrets
|
2026-01-17 02:59:38 -03:00 |
|
|
|
376eae3fa1
|
finance: migrate actual db before bootstrap
|
2026-01-17 02:55:20 -03:00 |
|
|
|
ba546bf63f
|
portal: retry vaultwarden cred sync
|
2026-01-17 02:54:38 -03:00 |
|
|
|
84fa9e7dbc
|
finance: prepare actual data dirs
|
2026-01-17 02:50:11 -03:00 |
|
|
|
9a3c3a3d3e
|
vault: retry status checks in config jobs
|
2026-01-17 02:49:25 -03:00 |
|
|
|
36d0df817a
|
finance: roll actual bootstrap
|
2026-01-17 02:46:16 -03:00 |
|
|
|
cee565892b
|
finance: harden actual openid bootstrap
|
2026-01-17 02:43:25 -03:00 |
|
|
|
b0ac30e719
|
comms: retry mas local users and rerun
|
2026-01-17 02:43:15 -03:00 |
|
|
|
343165b2fa
|
finance: drop dependency gating
|
2026-01-17 02:39:11 -03:00 |
|
|
|
3cf34b53e9
|
finance: bump actual server image
|
2026-01-17 02:36:08 -03:00 |
|
|
|
c5b8396bd8
|
comms: retry mas jobs and rerun
|
2026-01-17 02:34:36 -03:00 |
|
|
|
6028d82aa3
|
finance: expand actual openid env
|
2026-01-17 02:29:47 -03:00 |
|
|
|
1cc1b9bea5
|
comms: rerun mas-dependent jobs
|
2026-01-17 02:28:21 -03:00 |
|
|
|
3274b9257c
|
comms: restart mas after db sync
|
2026-01-17 02:24:50 -03:00 |
|
|
|
1a3d35094e
|
finance: switch vault seed to python
|
2026-01-17 02:22:59 -03:00 |
|
|
|
9047dfa3b5
|
finance: rerun secrets seed job
|
2026-01-17 02:17:29 -03:00 |
|
|
|
9dd2a72063
|
mailu: retry sync and rerun job
|
2026-01-17 02:16:13 -03:00 |
|
|
|
9eedcad520
|
finance: ensure vault init ordering
|
2026-01-17 02:10:28 -03:00 |
|
|
|
64d0a70191
|
finance: decouple from mailu readiness
|
2026-01-17 02:06:55 -03:00 |
|
|
|
cd60ebc982
|
mailu: bump sync job
|
2026-01-17 02:01:53 -03:00 |
|
|
|
928b2a8706
|
comms: bump mas admin secret job
|
2026-01-17 02:00:14 -03:00 |
|
|
|
7b009caf97
|
keycloak: bump portal admin secret job
|
2026-01-17 01:54:15 -03:00 |
|
|
|
86ea701ff0
|
jobs: bump names after affinity update
|
2026-01-17 01:52:16 -03:00 |
|
|
|
6ec0414fcd
|
jobs: prefer arm64 workers
|
2026-01-17 01:47:53 -03:00 |
|
|
|
33e35193fb
|
sso: harden keycloak jobs and rerun
|
2026-01-17 01:41:39 -03:00 |
|
|
|
1b4f46bb41
|
sso: rerun realm settings and vault oidc job
|
2026-01-17 01:36:48 -03:00 |
|
|
|
5eff31595e
|
maintenance: add k3s agent restart daemonset
|
2026-01-17 01:28:13 -03:00 |
|
|
|
622c7acaa4
|
jobs: rerun keycloak realm + mas db ensure
|
2026-01-17 01:11:45 -03:00 |
|
|
|
8f990031f1
|
finance: fix vault seed job
|
2026-01-17 01:07:46 -03:00 |
|
|
|
a9351bc737
|
jobs: drop apk installs and prefer arm64
|
2026-01-17 01:02:58 -03:00 |
|
|
|
f4c6827c8c
|
keycloak: bump realm settings job
|
2026-01-17 01:00:12 -03:00 |
|
|
|
62fa6ef371
|
finance: seed vault secrets
|
2026-01-17 00:54:49 -03:00 |
|
|
|
3e3061fe5b
|
finance: add actual budget and firefly
|
2026-01-16 23:52:56 -03:00 |
|
|
|
354a803ff4
|
core: fix coredns tag
|
2026-01-16 23:27:04 -03:00 |
|
|
|
368dd81c5e
|
core: use harbor coredns image
|
2026-01-16 23:25:28 -03:00 |
|
|
|
e1bd962956
|
core: manage coredns deployment
|
2026-01-16 23:16:04 -03:00 |
|
|
|
d9fabbf353
|
core: scale coredns replicas
|
2026-01-16 23:12:56 -03:00 |
|
|
|
55992ea48f
|
longhorn: make settings job idempotent
|
2026-01-16 20:15:33 -03:00 |
|
|
|
42e987f4ee
|
longhorn: apply settings via api job
|
2026-01-16 20:11:22 -03:00 |
|
|
|
71a1a55a01
|
longhorn: ensure settings via job
|
2026-01-16 20:05:36 -03:00 |
|
|
|
f8ffa830b7
|
longhorn: move images to infra project
|
2026-01-16 20:00:17 -03:00 |
|
|
|
8535d50faa
|
longhorn: force image pulls during migration
|
2026-01-16 18:26:29 -03:00 |
|
|
|
dc62b4998b
|
cert-manager: pin webhook and cainjector to rpi nodes
|
2026-01-16 18:17:40 -03:00 |
|
|
|
2f176d5a36
|
planka: allow project creation for all users
|
2026-01-16 17:58:20 -03:00 |
|
|
|
1fb7b27de4
|
keycloak: rerun realm and user overrides
|
2026-01-16 17:47:34 -03:00 |
|
|
|
b07f32e7c8
|
longhorn: pin vault sync to rpi workers
|
2026-01-16 17:45:29 -03:00 |
|
|
|
d9d31f7701
|
longhorn: allow kustomization to apply without waiting
|
2026-01-16 17:39:37 -03:00 |
|
|
|
1eb7d58259
|
keycloak: enforce bstein group membership
|
2026-01-16 17:36:07 -03:00 |
|
|
|
401df4d68c
|
longhorn: use harbor mirrors and vault pull secret
|
2026-01-16 17:31:29 -03:00 |
|
|
|
4406724da5
|
longhorn: add helm repo and adopt workflow
|
2026-01-16 16:25:40 -03:00 |
|
|
|
7c3006736c
|
traefik: add CRDs
|
2026-01-16 11:21:58 -03:00 |
|
|
|
9f3d2db63d
|
platform: add cert-manager and align postgres vault path
|
2026-01-16 11:14:48 -03:00 |
|
|
|
beb646f78f
|
jellyfin: move cache to emptyDir
|
2026-01-16 09:43:01 -03:00 |
|
|
|
4faa039a8e
|
maintenance: avoid blocking on k3s traefik cleanup
|
2026-01-16 09:38:14 -03:00 |
|
|
|
ef504eea80
|
maintenance: allow traefik cleanup watch
|
2026-01-16 09:33:11 -03:00 |
|
|
|
671d4d5dce
|
maintenance: cleanup k3s traefik and wger attrs
|
2026-01-16 09:27:22 -03:00 |
|
|
|
9474ab97f2
|
maintenance: disable k3s traefik; keycloak portal admin roles
|
2026-01-16 07:53:04 -03:00 |
|
|
|
cf5d7dfa00
|
jellyfin: set traefik tls annotations
|
2026-01-16 04:01:27 -03:00 |
|
|
|
5cd196e043
|
vault/keycloak: restore kv access and wger sync rbac
|
2026-01-16 03:46:07 -03:00 |
|
|
|
8ad9f0a664
|
vault: allow admin kv browse
|
2026-01-16 03:20:32 -03:00 |
|
|
|
f5231d282b
|
vault: allow UI mount listing for admins
|
2026-01-16 02:06:31 -03:00 |
|
|
|
bb1bf3c017
|
fix ingress tls routing
|
2026-01-16 01:40:50 -03:00 |
|
|
|
b1489a8dd9
|
fix logging pipeline secret and scheduling
|
2026-01-16 00:15:58 -03:00 |
|
|
|
5816d4f399
|
comms: fix mas vault file paths
|
2026-01-15 23:56:32 -03:00 |
|
|
|
d90950b82e
|
gitea: expose ssh via metallb shared IP
|
2026-01-15 16:39:04 -03:00 |
|
|
|
66e7e6acc5
|
core: add bstein.dev coredns overrides
|
2026-01-15 16:29:32 -03:00 |
|
|
|
7817248eb9
|
traefik: wire LB service to custom deployment
|
2026-01-15 11:26:46 -03:00 |
|
|
|
9993b501a6
|
logging: disable wait for data-prepper helmrelease
|
2026-01-15 04:47:07 -03:00 |
|
|
|
a2b2c7db9d
|
keycloak: align smtp probe user
|
2026-01-15 04:44:35 -03:00 |
|
|
|
8db4b4f0b5
|
keycloak: rerun execute-actions email e2e
|
2026-01-15 04:37:12 -03:00 |
|
|
|
70a52dec06
|
bstein-dev-home: rerun onboarding e2e job
|
2026-01-15 04:35:06 -03:00 |
|
|
|
c759fb1dbb
|
logging: fix data-prepper post-render patch
|
2026-01-15 04:27:25 -03:00 |
|
|
|
c0d0e64bc6
|
keycloak: rerun realm smtp config
|
2026-01-15 04:24:16 -03:00 |
|
|
|
5899c9acb3
|
vault: allow admin policy to update shared secrets
|
2026-01-15 04:17:14 -03:00 |
|
|
|
de6665c450
|
smtp: use mail.bstein.dev for app relays
|
2026-01-15 04:04:50 -03:00 |
|
|
|
e6210644c2
|
smtp: point services at mailu relay
|
2026-01-15 03:58:03 -03:00 |
|
|
|
c30f1fc587
|
vault: allow sso role to read portal admin secret
|
2026-01-15 03:46:58 -03:00 |
|
|
|
bf9a24681c
|
fix: bump keycloak and portal e2e job names
|
2026-01-15 03:44:27 -03:00 |
|
|
|
69cee91dda
|
vault: fix data-prepper pipeline and portal admin secret job
|
2026-01-15 03:42:57 -03:00 |
|
|
|
2ccc33b105
|
logging: patch data-prepper volume via json
|
2026-01-15 03:30:16 -03:00 |
|
|
|
760c9cbe6b
|
logging: drop namespace from data-prepper patch
|
2026-01-15 03:27:36 -03:00 |
|
|
|
76151a082c
|
logging: simplify data-prepper patch
|
2026-01-15 03:25:33 -03:00 |
|
|
|
c7fa52ab27
|
logging: use strategic patch for pipeline volume
|
2026-01-15 03:23:42 -03:00 |
|
|
|
88f862e18a
|
logging: switch data-prepper volume to configmap
|
2026-01-15 03:17:07 -03:00 |
|
|
|
4dba510d6f
|
logging: replace pipeline volume with configmap
|
2026-01-15 03:14:07 -03:00 |
|
|
|
9a9ecc4903
|
logging: patch data-prepper volume to configmap
|
2026-01-15 03:12:13 -03:00 |
|
|
|
a7998fc0bf
|
bstein-dev-home: restore image automation setters
|
2026-01-15 03:11:57 -03:00 |
|
|
|
72d49f88fe
|
nextcloud: fix cronjob shell flags
|
2026-01-15 03:08:01 -03:00 |
|
|
|
fb992f0cff
|
logging: move data-prepper pipeline to configmap
|
2026-01-15 02:59:21 -03:00 |
|
|
|
53da4c20ab
|
keycloak: stop writing oauth2-proxy secret
|
2026-01-15 02:37:04 -03:00 |
|
|
|
f9fa6dcbb4
|
crypto: drop wallet rpc bootstrap job
|
2026-01-15 02:31:31 -03:00 |
|
|
|
2ecd274f28
|
crypto: fix wallet rpc image
|
2026-01-15 02:26:54 -03:00 |
|
|
|
feb9d6997c
|
vault: prepopulate oidc job
|
2026-01-15 02:22:52 -03:00 |
|
|
|
9e6673d02e
|
vault: default oidc claims type
|
2026-01-15 02:20:53 -03:00 |
|
|
|
d69545cdb5
|
vault: harden oidc claims type
|
2026-01-15 02:18:50 -03:00 |
|
|
|
756a1af2e6
|
vault: allow oidc tuning
|
2026-01-15 02:16:55 -03:00 |
|
|
|
74a2b3e28d
|
vault: use static token reviewer
|
2026-01-15 02:14:08 -03:00 |
|
|
|
84ccf35c44
|
flux: auto-update portal images on feature branch
|
2026-01-15 02:12:52 -03:00 |
|
|
|
e885c7d6ce
|
vault: allow vault-admin token review
|
2026-01-15 02:09:34 -03:00 |
|
|
|
86c9951cc4
|
vault: add admin role for config jobs
|
2026-01-15 02:06:28 -03:00 |
|
|
|
85c3d9c2f7
|
vault: finalize sidecar migration
|
2026-01-15 01:52:24 -03:00 |
|
|
|
cd14e70d02
|
health: run wger sync with python3
|
2026-01-15 01:13:42 -03:00 |
|
|
|
f5a3894c2b
|
mailu: use vault sidecar env
|
2026-01-15 01:02:41 -03:00 |
|
|
|
511403c4a6
|
bstein-dev-home: bump portal images
|
2026-01-15 00:47:51 -03:00 |
|
|
|
8fed4a08c5
|
health: allow portal wger sync
|
2026-01-15 00:41:28 -03:00 |
|
|
|
7f96daa7b8
|
comms: move synapse secrets to vault
|
2026-01-15 00:35:41 -03:00 |
|
|
|
139ca78c3d
|
bstein-dev-home: bump portal images
|
2026-01-15 00:28:15 -03:00 |
|
|
|
836ce605b6
|
jellyfin: prefer gpu nodes by hostname
|
2026-01-14 23:56:02 -03:00 |
|
|
|
88be97d860
|
health: add nginx main config
|
2026-01-14 23:55:50 -03:00 |
|
|
|
35dcc5d66c
|
health: run nginx directly
|
2026-01-14 23:47:23 -03:00 |
|
|
|
c1b771298a
|
jellyfin: schedule on nvidia accelerators
|
2026-01-14 23:37:06 -03:00 |
|
|
|
e94ea272ce
|
health: fix nginx pid path
|
2026-01-14 23:35:07 -03:00 |
|
|
|
81e79fd19a
|
jellyfin: trim vault ldap template
|
2026-01-14 23:34:39 -03:00 |
|
|
|
3af97973e0
|
health: stabilize wger startup
|
2026-01-14 23:26:07 -03:00 |
|
|
|
0733127039
|
vault: sync oidc and wger env
|
2026-01-14 23:21:39 -03:00 |
|
|
|
82090c1953
|
vault: read oidc config from vault
|
2026-01-14 23:20:04 -03:00 |
|
|
|
6c8d3b24f2
|
jellyfin: read LDAP config from vault
|
2026-01-14 23:15:19 -03:00 |
|
|
|
d898c71c08
|
comms: mount synapse signing key
|
2026-01-14 22:59:11 -03:00 |
|
|
|
52cc04dee9
|
comms: mount vault signing key volume
|
2026-01-14 22:56:30 -03:00 |
|
|
|
98cdafb162
|
comms: keep redis env while injecting vault
|
2026-01-14 22:43:50 -03:00 |
|
|
|
0b21c8f40d
|
vault: fix hyphenated key templates
|
2026-01-14 22:37:18 -03:00 |
|
|
|
e8d004c1b9
|
comms: fix synapse vault patch
|
2026-01-14 22:34:02 -03:00 |
|
|
|
c38f77302f
|
vault: inject comms and grafana secrets
|
2026-01-14 22:29:27 -03:00 |
|
|
|
4bb6c7e212
|
health: fix wger env template newlines
|
2026-01-14 22:23:48 -03:00 |
|
|
|
e391a78f25
|
health: avoid surge rollout for wger
|
2026-01-14 22:16:36 -03:00 |
|
|
|
349a6cca3b
|
health: load wger secrets without shell expansion
|
2026-01-14 22:11:55 -03:00 |
|
|
|
71f533ca1f
|
harbor: fix vault env templates
|
2026-01-14 22:07:51 -03:00 |
|
|
|
9652d9d3cf
|
health: escape wger env vars and fix nginx temp paths
|
2026-01-14 22:03:40 -03:00 |
|
|
|
22e3004b0a
|
harbor: preserve required volume mounts
|
2026-01-14 21:29:40 -03:00 |
|
|
|
9743064ad3
|
vault: keep copy loop from clobbering args
|
2026-01-14 21:24:16 -03:00 |
|
|
|
8a750ac3ab
|
harbor: fix vault secretKey file path
|
2026-01-14 21:17:05 -03:00 |
|
|
|
eeeb69fb7a
|
harbor: mount vault entrypoint script
|
2026-01-14 21:02:50 -03:00 |
|
|
|
713fedfe73
|
harbor: move secrets to vault sidecars
|
2026-01-14 20:46:46 -03:00 |
|
|
|
c98d24e91e
|
jenkins: load vault env via env
|
2026-01-14 17:57:10 -03:00 |
|
|
|
4ff2f3e889
|
jenkins: escape vault env values
|
2026-01-14 17:53:09 -03:00 |
|
|
|
bb9a4e6d8b
|
longhorn: read oauth2-proxy secrets from vault
|
2026-01-14 17:48:12 -03:00 |
|
|
|
fb671865e5
|
vault: inject remaining services with wrappers
|
2026-01-14 17:29:09 -03:00 |
|
|
|
fb9578b624
|
vault: inject monitoring exporter and health jobs
|
2026-01-14 14:49:41 -03:00 |
|
|
|
4f1fb62ab3
|
vault: bump job names for injector
|
2026-01-14 14:33:57 -03:00 |
|
|
|
98d67293bc
|
vault: prepopulate injector for jobs
|
2026-01-14 14:29:29 -03:00 |
|
|
|
f6fc250fe1
|
comms: add vault-secrets emptyDir for mas
|
2026-01-14 14:24:55 -03:00 |
|
|
|
393916ded9
|
comms: shorten vault inject file names
|
2026-01-14 14:21:58 -03:00 |
|
|
|
e92cfa7dba
|
vault: move comms and mailu workloads to injector
|
2026-01-14 14:17:26 -03:00 |
|
|
|
d559aeb464
|
keycloak: schedule on arm64 workers
|
2026-01-14 13:49:37 -03:00 |
|
|
|
6ba509dbe1
|
gitea: tolerate oidc init failures
|
2026-01-14 13:46:34 -03:00 |
|
|
|
ab50780f49
|
gitea: trim vault secret newlines
|
2026-01-14 13:43:56 -03:00 |
|
|
|
9c16d0fbc0
|
keycloak: bump job names
|
2026-01-14 13:42:08 -03:00 |
|
|
|
89f4b0dbdf
|
vault: stabilize injector templates and add health apps
|
2026-01-14 13:40:29 -03:00 |
|
|
|
58c880d9ce
|
keycloak: switch jobs to vault injector
|
2026-01-14 13:20:57 -03:00 |
|
|
|
92fbde08eb
|
nextcloud: fix vault template keys
|
2026-01-14 13:00:21 -03:00 |
|
|
|
0aa16757e9
|
gitea: run vault init first
|
2026-01-14 12:44:49 -03:00 |
|
|
|
36fb225cbd
|
bstein-dev-home: bump onboarding job
|
2026-01-14 12:34:02 -03:00 |
|
|
|
16c62d5a4a
|
vault: move core apps to injector
|
2026-01-14 12:28:10 -03:00 |
|
|
|
1add32e683
|
infra: add vault injector
|
2026-01-14 11:46:13 -03:00 |
|
|
|
b1f9df4d83
|
vault: sync harbor pulls
|
2026-01-14 10:07:31 -03:00 |
|
|
|
b8e50bb0a6
|
monitoring: move grafana smtp to vault
|
2026-01-14 06:41:34 -03:00 |
|
|
|
37302664c2
|
vault: add remaining secret syncs
|
2026-01-14 06:16:42 -03:00 |
|
|
|
5683b3f941
|
jobs: bump names after vault tweaks
|
2026-01-14 05:47:21 -03:00 |
|
|
|
9ec08e1dc2
|
jobs: drop apk in kubectl image
|
2026-01-14 05:41:01 -03:00 |
|
|
|
6898641b0a
|
comms: restore livekit token env
|
2026-01-14 05:35:51 -03:00 |
|
|
|
35369d53d8
|
jobs: bump names for immutability
|
2026-01-14 05:32:07 -03:00 |
|
|
|
96a7c67674
|
mailu: bump sync job name
|
2026-01-14 05:11:27 -03:00 |
|
|
|
de3db3133b
|
vault(consumption): sync secrets via CSI
|
2026-01-14 05:07:23 -03:00 |
|
|
|
8d526e383f
|
vault: send oidc role payload as json
|
2026-01-14 03:45:03 -03:00 |
|
|
|
bb2a3ba904
|
fix(gitea): inline vault secrets
|
2026-01-14 03:11:53 -03:00 |
|
|
|
3384533acd
|
fix: resolve gitea mounts and bump portal job
|
2026-01-14 03:00:10 -03:00 |
|
|
|
4111fb079f
|
vault: write bound_claims as file
|
2026-01-14 02:56:29 -03:00 |
|
|
|
fd2ae6bdd5
|
vault: wire more services to CSI
|
2026-01-14 02:54:59 -03:00 |
|
|
|
8a358832f3
|
vault: fix oidc scopes parsing
|
2026-01-14 02:52:51 -03:00 |
|
|
|
c3541b72c3
|
vault: run oidc config with sh
|
2026-01-14 02:28:38 -03:00 |
|
|
|
55234f8536
|
vault: align oidc roles with keycloak
|
2026-01-14 02:24:32 -03:00 |
|
|
|
50aec198a4
|
fix: detect vault initialized state correctly
|
2026-01-14 01:42:28 -03:00 |
|
|
|
cb5796cb71
|
fix: make vault k8s auth script posix
|
2026-01-14 01:38:27 -03:00 |
|
|
|
5a9ceeab24
|
fix: run vault k8s auth config with sh
|
2026-01-14 01:35:06 -03:00 |
|
|
|
b82195f2d7
|
feat: start vault consumption for outline and planka
|
2026-01-14 01:30:41 -03:00 |
|
|
|
1d894ea80f
|
keycloak: fix harbor oidc job
|
2026-01-14 01:24:18 -03:00 |
|
|
|
537d304b36
|
keycloak: bump harbor oidc job
|
2026-01-14 01:22:30 -03:00 |
|
|
|
e776f004c9
|
keycloak: ensure harbor oidc scope
|
2026-01-14 01:21:08 -03:00 |
|
|
|
8fa38268d9
|
chore: refresh knowledge catalog headers
|
2026-01-14 01:08:05 -03:00 |
|
|
|
4a1c4766b8
|
feat: add harbor/vault oidc automation
|
2026-01-14 01:07:47 -03:00 |
|
|
|
bcc15c3e0a
|
monitoring: allow grafana upgrade remediation
|
2026-01-13 21:18:42 -03:00 |
|
|
|
0b5dcde3a3
|
monitoring: align victoria-metrics PVC size
|
2026-01-13 21:15:10 -03:00 |
|
|
|
46777f9ec9
|
comms: restart atlasbot after MAS fixes
|
2026-01-13 21:09:41 -03:00 |
|
|
|
98554e5fa4
|
comms: rerun mas local user seed
|
2026-01-13 21:06:45 -03:00 |
|
|
|
b97146f4d1
|
comms: disable synapse oidc with MAS
|
2026-01-13 21:04:29 -03:00 |
|
|
|
928b9379d8
|
comms: disable synapse password auth with MAS
|
2026-01-13 21:02:19 -03:00 |
|
|
|
b710f45e5c
|
comms: fix synapse runtime config injection
|
2026-01-13 20:59:35 -03:00 |
|
|
|
e6a3ae5f7b
|
comms: restore MAS and OIDC secrets in synapse
|
2026-01-13 20:55:36 -03:00 |
|
|
|
71fd00d845
|
comms: fix signing key job permissions
|
2026-01-13 20:49:11 -03:00 |
|
|
|
fa8ec588a8
|
comms: add debug logging for signing key job
|
2026-01-13 20:47:54 -03:00 |
|
|
|
47f0d1736e
|
comms: retry synapse signing key job
|
2026-01-13 20:45:14 -03:00 |
|
|
|
098a06e723
|
comms: seed synapse signing key for helm
|
2026-01-13 20:42:30 -03:00 |
|
|
|
bcef167b50
|
harbor: enable keycloak oidc settings
|
2026-01-13 20:42:26 -03:00 |
|
|
|
fbde129d4c
|
fix(bstein-dev-home): drop invalid image overrides
|
2026-01-13 20:27:50 -03:00 |
|
|
|
4332ded0c3
|
comms: drop legacy synapse configmaps
|
2026-01-13 20:07:51 -03:00 |
|
|
|
bbe5ded0a6
|
comms: bump ensure job names for new images
|
2026-01-13 20:03:11 -03:00 |
|
|
|
4602656578
|
vault: prep helm releases and image pins
|
2026-01-13 19:29:14 -03:00 |
|
|
|
8ee7d046d2
|
ops: prepare vault-consumption branch
|
2026-01-13 19:01:07 -03:00 |
|
