flux-bot
|
b09100e787
|
chore(bstein-dev-home): automated image update
|
2026-01-13 15:57:24 +00:00 |
|
|
|
eefaf7df2e
|
merge main into sso-hardening
|
2026-01-13 12:56:21 -03:00 |
|
|
|
073b44e0c3
|
gitea: auto-link oidc accounts
|
2026-01-13 12:47:41 -03:00 |
|
|
|
5aeec67bfb
|
postgres: add flux + vault csi
|
2026-01-13 12:35:59 -03:00 |
|
|
|
3fc9f7bbdb
|
iac: localize configmap scripts
|
2026-01-13 12:07:03 -03:00 |
|
|
|
6da576a707
|
iac: externalize ConfigMap scripts
|
2026-01-13 10:00:19 -03:00 |
|
flux-bot
|
17b733c65e
|
chore(bstein-dev-home): automated image update
|
2026-01-13 12:48:56 +00:00 |
|
flux-bot
|
6d213e5b25
|
chore(bstein-dev-home): automated image update
|
2026-01-13 12:47:56 +00:00 |
|
flux-bot
|
b01ac8da25
|
chore(bstein-dev-home): automated image update
|
2026-01-13 12:00:52 +00:00 |
|
flux-bot
|
27460f8dc3
|
chore(bstein-dev-home): automated image update
|
2026-01-13 11:59:53 +00:00 |
|
flux-bot
|
4d884bfcb1
|
chore(bstein-dev-home): automated image update
|
2026-01-13 02:38:08 +00:00 |
|
flux-bot
|
606718459e
|
chore(bstein-dev-home): automated image update
|
2026-01-13 02:37:08 +00:00 |
|
|
|
4d6d0b89b2
|
planka: default users to project owners
|
2026-01-12 23:24:09 -03:00 |
|
|
|
35a19a2f7b
|
outline: move to local storage
|
2026-01-12 23:14:17 -03:00 |
|
|
|
1a50f51115
|
planka: enable project owners via oidc
|
2026-01-12 23:14:17 -03:00 |
|
flux-bot
|
ed9a41bd70
|
chore(bstein-dev-home): automated image update
|
2026-01-13 01:58:04 +00:00 |
|
flux-bot
|
e12d020c51
|
chore(bstein-dev-home): automated image update
|
2026-01-13 01:57:04 +00:00 |
|
|
|
5a5766c9b5
|
planka: avoid mounting over assets
|
2026-01-12 22:47:23 -03:00 |
|
|
|
7a49e99e62
|
planka: fix init permissions
|
2026-01-12 22:02:07 -03:00 |
|
|
|
6376beebb1
|
services: fix outline pg ssl and planka init
|
2026-01-12 21:45:00 -03:00 |
|
|
|
d673493f89
|
minio: rerun bucket bootstrap job
|
2026-01-12 21:40:43 -03:00 |
|
flux-bot
|
d87d584992
|
chore(bstein-dev-home): automated image update
|
2026-01-13 00:30:57 +00:00 |
|
flux-bot
|
9df1eb85c3
|
chore(bstein-dev-home): automated image update
|
2026-01-13 00:29:57 +00:00 |
|
|
|
29192b9e7f
|
services: add minio, outline, planka
|
2026-01-12 21:22:54 -03:00 |
|
|
|
5f4d9b498e
|
chore: remove ci-demo workload
|
2026-01-12 00:46:16 -03:00 |
|
|
|
13df82e07a
|
monitoring: treat cert-manager as infrastructure
|
2026-01-12 00:26:46 -03:00 |
|
|
|
fb2c7b22d5
|
monitoring: regenerate dashboards with expanded infra namespaces
|
2026-01-11 23:55:43 -03:00 |
|
|
|
21b9129abf
|
monitoring: classify logging/postgres/maintenance as infra
|
2026-01-11 23:52:40 -03:00 |
|
|
|
fcc0a49369
|
monitoring: fix infra scopes and add jetson metrics
|
2026-01-11 23:46:24 -03:00 |
|
|
|
3a798ae3b1
|
mailu: use postmark token for relay auth
|
2026-01-11 19:01:31 -03:00 |
|
|
|
a8e6b575af
|
knowledge: record k3s versions across node classes
|
2026-01-11 10:15:55 -03:00 |
|
|
|
35dca13026
|
knowledge: add control-plane storage details
|
2026-01-11 10:06:35 -03:00 |
|
|
|
0c0b328a1a
|
knowledge: add titan-db and titan-jh details
|
2026-01-11 09:54:11 -03:00 |
|
|
|
c8a2e8caf4
|
knowledge: add jetson (titan-20/21) details
|
2026-01-11 09:44:40 -03:00 |
|
|
|
c13b161171
|
knowledge: relocate metis doc; monitoring: add cpu high alert
|
2026-01-11 08:59:51 -03:00 |
|
|
|
cac8506929
|
knowledge: add metis recovery notes
|
2026-01-11 02:32:20 -03:00 |
|
|
|
54358df569
|
monitoring: maintenance panels, extra alerts, update overview
|
2026-01-11 02:28:39 -03:00 |
|
|
|
33b89c7dc2
|
monitoring: remove titan-16 and add titan-20/21 to worker dashboards
|
2026-01-11 02:20:47 -03:00 |
|
|
|
734a537a28
|
monitoring: add alert rules and include titan-20/21 in dashboards
|
2026-01-11 02:02:47 -03:00 |
|
|
|
f533443c42
|
Fix Jetson device plugin args
|
2026-01-11 01:57:20 -03:00 |
|
|
|
1ffcb28be5
|
monitoring: fix grafana alerting root policy
|
2026-01-11 01:40:07 -03:00 |
|
|
|
95c3e2de37
|
monitoring: allow smtp sync to get target secret
|
2026-01-11 00:32:41 -03:00 |
|
|
|
abb15ddbb4
|
monitoring: fix smtp sync image reference
|
2026-01-11 00:30:45 -03:00 |
|
|
|
b53c7d4a1c
|
monitoring: wire grafana smtp sync and alerting provisioning
|
2026-01-11 00:29:20 -03:00 |
|
|
|
1517dec30b
|
maintenance: run image sweeper on all nodes
|
2026-01-10 23:57:26 -03:00 |
|
|
|
b7e5a04265
|
maintenance: fix image sweeper script indentation
|
2026-01-10 20:26:46 -03:00 |
|
|
|
99a6b4c054
|
maintenance: sweep unused images on arm workers
|
2026-01-10 20:20:54 -03:00 |
|
|
|
e2efeeacba
|
logging: tune rpi4 image gc and rpi5 prune
|
2026-01-10 06:57:07 -03:00 |
|
|
|
6f8696eb0d
|
logging: tune kubelet image GC on rpi5
|
2026-01-10 06:22:56 -03:00 |
|
|
|
753cc5900a
|
logging: extend fluent-bit helm timeout
|
2026-01-10 05:55:45 -03:00 |
|
|
|
63f1d902b6
|
logging: add data-prepper pull secret
|
2026-01-10 05:52:16 -03:00 |
|
|
|
76f3b3f4ea
|
logging: force data-prepper repo override
|
2026-01-10 05:42:39 -03:00 |
|
|
|
5e245caf45
|
logging: use streaming repo for data-prepper
|
2026-01-10 05:28:03 -03:00 |
|
|
|
de8709bc2e
|
logging: use kaniko debug image
|
2026-01-10 05:22:27 -03:00 |
|
|
|
1595898947
|
logging: drop timestamps option from data-prepper job
|
2026-01-10 05:15:19 -03:00 |
|
|
|
f4b1519527
|
logging: add rpi5 log retention tuning
|
2026-01-10 05:06:34 -03:00 |
|
|
|
c6c7259a71
|
logging: add Jenkins build for data-prepper
|
2026-01-10 05:01:17 -03:00 |
|
|
|
a870aa6916
|
logging: pin otel collector image
|
2026-01-10 00:16:41 -03:00 |
|
|
|
af9ab30849
|
logging: add trace analytics ingestion
|
2026-01-10 00:13:59 -03:00 |
|
flux-bot
|
67415e665c
|
chore(bstein-dev-home): automated image update
|
2026-01-10 03:05:43 +00:00 |
|
flux-bot
|
c60f405846
|
chore(bstein-dev-home): automated image update
|
2026-01-10 03:03:44 +00:00 |
|
|
|
b3e03623bd
|
logging: seed OpenSearch observability
|
2026-01-09 23:58:12 -03:00 |
|
flux-bot
|
c531c206c5
|
chore(bstein-dev-home): automated image update
|
2026-01-10 02:05:39 +00:00 |
|
flux-bot
|
5072cd0b5a
|
chore(bstein-dev-home): automated image update
|
2026-01-10 02:04:39 +00:00 |
|
|
|
dd705aeb4a
|
logging: expand OpenSearch dashboards
|
2026-01-09 22:55:39 -03:00 |
|
|
|
a25ddd8082
|
logging: add OpenSearch dashboards generator
|
2026-01-09 22:20:36 -03:00 |
|
|
|
64ddd73b50
|
logging: force dark theme in dashboards
|
2026-01-09 21:17:08 -03:00 |
|
|
|
087026bd23
|
logging: throttle fluent-bit backfill
|
2026-01-09 18:18:58 -03:00 |
|
|
|
b40a995225
|
logging: force opensearch replicas to 0
|
2026-01-09 18:17:02 -03:00 |
|
|
|
ecf28580b9
|
logging: manage opensearch pvc size
|
2026-01-09 18:11:32 -03:00 |
|
|
|
0b78ec663d
|
logging: remove loki and backfill to opensearch
|
2026-01-09 18:08:39 -03:00 |
|
|
|
456677cfbb
|
logging: extend dashboards helm timeout
|
2026-01-09 09:07:40 -03:00 |
|
|
|
0239f57a84
|
logging: fix opensearch ism job yaml
|
2026-01-09 09:01:15 -03:00 |
|
|
|
8e94038858
|
logging: pin opensearch to rpi5
|
2026-01-09 09:00:25 -03:00 |
|
|
|
b668e2d29e
|
logging: pin opensearch ISM job to rpi
|
2026-01-09 08:58:48 -03:00 |
|
|
|
7a9cf1df98
|
keycloak: fix logs oauth2 cookie secret
|
2026-01-09 08:57:13 -03:00 |
|
|
|
b9383c9709
|
logging: fix dashboards cpu limits
|
2026-01-09 08:55:39 -03:00 |
|
|
|
cac71e4a41
|
logging: add opensearch dashboards ui
|
2026-01-09 08:54:07 -03:00 |
|
|
|
719f16c4e3
|
logging: route oauth2-proxy via loki gateway
|
2026-01-09 08:07:46 -03:00 |
|
|
|
afb7eb80f2
|
logging: keep loki canary on rpi5 workers
|
2026-01-09 07:26:12 -03:00 |
|
|
|
5004bbd8ec
|
logging: pin loki canary to rpi5 nodes
|
2026-01-09 07:19:59 -03:00 |
|
|
|
0b8caa4c7c
|
logging: shrink loki caches for rpi nodes
|
2026-01-09 07:16:10 -03:00 |
|
|
|
9e496cb8d6
|
logging: fix oauth2 scope and pin loki to rpi
|
2026-01-09 07:12:40 -03:00 |
|
|
|
3694b8f76e
|
logging: point systemd input at /var/log/journal
|
2026-01-08 23:58:42 -03:00 |
|
|
|
c4980b975c
|
logging: set systemd journal path
|
2026-01-08 23:54:04 -03:00 |
|
|
|
f8fad8d599
|
logging: fix fluent-bit loki labels
|
2026-01-08 23:47:52 -03:00 |
|
|
|
19f1060b87
|
logging: disable fluent-bit inotify watcher
|
2026-01-08 23:44:48 -03:00 |
|
|
|
e305d312b1
|
logging: add loki delete_request_store
|
2026-01-08 23:22:24 -03:00 |
|
|
|
c87a34a0f9
|
logging: trim loki compactor config
|
2026-01-08 23:11:00 -03:00 |
|
|
|
19d236ab43
|
logging: keep loki defaults for canary and gateway
|
2026-01-08 23:02:34 -03:00 |
|
|
|
0463c2bf60
|
logging: drop fluent-bit label_keys
|
2026-01-08 22:41:07 -03:00 |
|
|
|
e5d04f2bcf
|
logging: fix loki config and fluent-bit output
|
2026-01-08 22:40:02 -03:00 |
|
|
|
1fd4a426b4
|
logging: fix loki single-binary mode
|
2026-01-08 22:33:27 -03:00 |
|
|
|
1027fe5ce5
|
logging: add loki and fluent-bit
|
2026-01-08 22:31:45 -03:00 |
|
|
|
a57448f074
|
comms: kick numeric members from Othrys
|
2026-01-08 12:44:00 -03:00 |
|
|
|
a272a219a4
|
comms: serialize guest renamer inserts
|
2026-01-08 12:15:59 -03:00 |
|
|
|
41a762d6a6
|
comms: update numeric guest rename logic
|
2026-01-08 12:12:08 -03:00 |
|
|
|
1cce304872
|
comms: include full_user_id when renaming
|
2026-01-08 12:07:46 -03:00 |
|
|
|
d8c3bb2f1b
|
comms: fix guest renamer db sql quoting
|
2026-01-08 12:03:53 -03:00 |
|
|
|
831f368493
|
comms: rename numeric guests via db
|
2026-01-08 11:59:51 -03:00 |
|
|
|
59305ca27c
|
comms: mint guest tokens via MAS login
|
2026-01-08 11:56:35 -03:00 |
|
|
|
b86800cd6d
|
comms: skip synapse admin list on 403
|
2026-01-08 06:14:32 -03:00 |
|
|
|
70a707872e
|
comms: rerun MAS local user ensure (v5)
|
2026-01-08 06:11:47 -03:00 |
|
|
|
ffddd71116
|
comms: make room reset a suspended cronjob
|
2026-01-08 06:09:34 -03:00 |
|
|
|
d870e97b38
|
comms: use full user IDs for MAS logins
|
2026-01-08 06:05:20 -03:00 |
|
|
|
4eb82811b5
|
comms: set MAS user passwords via set-password
|
2026-01-08 06:01:45 -03:00 |
|
|
|
835146bd5b
|
comms: rerun MAS local user ensure
|
2026-01-08 05:51:43 -03:00 |
|
|
|
c909d45fda
|
comms: make guest renamer MAS-only
|
2026-01-08 05:47:21 -03:00 |
|
|
|
0fc4b299da
|
keycloak: re-run mas secrets ensure
|
2026-01-08 05:43:33 -03:00 |
|
|
|
d3c6ddeead
|
comms: re-run signing key and synapse oidc
|
2026-01-08 05:40:28 -03:00 |
|
|
|
2a6f0a8db3
|
comms: tidy stack and guest naming
|
2026-01-08 05:34:03 -03:00 |
|
|
|
94c1395c8c
|
comms: verify mas bot logins
|
2026-01-08 05:21:30 -03:00 |
|
|
|
fa6566ffc8
|
comms: rerun othrys room reset
|
2026-01-08 05:18:20 -03:00 |
|
|
|
7bea022311
|
comms: add mas bot users and revert synapse auth
|
2026-01-08 05:12:14 -03:00 |
|
|
|
acedad02c0
|
comms: bind synapse to ipv4
|
2026-01-08 05:03:43 -03:00 |
|
|
|
c05cb414aa
|
comms: fix synapse seed booleans
|
2026-01-08 05:00:58 -03:00 |
|
|
|
28bcf716d0
|
comms: seed synapse bot users
|
2026-01-08 04:55:52 -03:00 |
|
|
|
fce33f02ff
|
comms: route othrys reset via mas
|
2026-01-08 04:51:13 -03:00 |
|
|
|
a1f1c9ada0
|
comms: retry othrys reset login
|
2026-01-08 04:45:01 -03:00 |
|
|
|
0b09f46bb1
|
comms: accept missing rooms in cleanup
|
2026-01-08 04:42:19 -03:00 |
|
|
|
6b5deb886f
|
comms: use mas proxy for leave job
|
2026-01-08 04:37:33 -03:00 |
|
|
|
7860003f15
|
comms: retry room leave actions
|
2026-01-08 04:32:05 -03:00 |
|
|
|
31ca499c04
|
comms: retry mas token for room cleanup
|
2026-01-08 04:29:29 -03:00 |
|
|
|
52df8094f5
|
comms: rerun bstein room cleanup
|
2026-01-08 04:26:48 -03:00 |
|
|
|
97e7c69244
|
comms: retry atlasbot login
|
2026-01-08 04:22:21 -03:00 |
|
|
|
ac7217a32c
|
comms: switch bot auth back to synapse
|
2026-01-08 04:19:20 -03:00 |
|
|
|
9172f1e140
|
comms: enable synapse password login
|
2026-01-08 04:16:40 -03:00 |
|
|
|
12ab281528
|
comms: revert bot auth to mas
|
2026-01-08 04:11:20 -03:00 |
|
|
|
bfe623892a
|
comms: bump othrys reset job
|
2026-01-08 04:07:57 -03:00 |
|
|
|
99ed78ea7f
|
comms: fix auth env indentation
|
2026-01-08 04:05:03 -03:00 |
|
|
|
85dce4f975
|
comms: use synapse auth for bot jobs
|
2026-01-08 04:00:27 -03:00 |
|
|
|
5a23514a30
|
sso: install kubectl in synapse oidc job
|
2026-01-08 03:57:35 -03:00 |
|
|
|
220cc1f31a
|
sso: run synapse oidc job with kubectl
|
2026-01-08 03:56:18 -03:00 |
|
|
|
76deb9a160
|
comms: ensure core secrets and synapse oidc
|
2026-01-08 03:53:49 -03:00 |
|
|
|
aa30a34828
|
comms: restart mas after secret cleanup
|
2026-01-08 03:46:02 -03:00 |
|
|
|
d3c3db612d
|
sso: recheck mas encryption bytes
|
2026-01-08 03:44:54 -03:00 |
|
|
|
8d1284412f
|
sso: validate mas encryption length
|
2026-01-08 03:43:06 -03:00 |
|
|
|
f8d172c5a2
|
comms: restart mas after secret regen
|
2026-01-08 03:39:46 -03:00 |
|
|
|
04817691c6
|
sso: strip mas secret newlines
|
2026-01-08 03:38:51 -03:00 |
|
|
|
c1e74c1001
|
comms: restart mas after encryption fix
|
2026-01-08 03:36:33 -03:00 |
|
|
|
072af083bc
|
sso: fix mas encryption secret
|
2026-01-08 03:35:40 -03:00 |
|
|
|
39d8c9e687
|
comms: restart mas after secret fix
|
2026-01-08 03:33:14 -03:00 |
|
|
|
4db5ff68eb
|
comms: let mas db secret be job-owned
|
2026-01-08 03:31:19 -03:00 |
|
|
|
bebb87fcf8
|
comms: restart mas after db sync
|
2026-01-08 03:28:22 -03:00 |
|
|
|
4f462b8fa7
|
comms: verify mas db login
|
2026-01-08 03:26:14 -03:00 |
|
|
|
05c2d245b9
|
comms: ensure mas password is url-safe
|
2026-01-08 03:23:09 -03:00 |
|
|
|
e384a9e417
|
comms: avoid psql vars for mas
|
2026-01-08 03:20:28 -03:00 |
|
|
|
898a33d8ee
|
comms: simplify mas db creation
|
2026-01-08 03:18:03 -03:00 |
|
|
|
3d2f04d672
|
comms: fix mas db psql exec
|
2026-01-08 03:15:25 -03:00 |
|
|
|
df5a5127f1
|
comms: add mas db secret stub
|
2026-01-08 03:12:16 -03:00 |
|
|
|
8950306c53
|
comms: keep mas db job logs on failure
|
2026-01-08 03:09:27 -03:00 |
|
|
|
e18accc099
|
comms: allow postgres exec for mas db
|
2026-01-08 03:06:34 -03:00 |
|
|
|
0250de8636
|
comms: ensure mas db via postgres exec
|
2026-01-08 03:04:33 -03:00 |
|
|
|
72d4766d68
|
comms: stabilize mas db job
|
2026-01-08 03:00:19 -03:00 |
|
|
|
ef064ed2bb
|
comms: bootstrap mas db secret
|
2026-01-08 02:53:53 -03:00 |
|
|
|
c8fc1dd10a
|
comms: fix mas db ensure rbac
|
2026-01-08 02:47:47 -03:00 |
|
|
|
0e55dbeaa9
|
comms: ensure mas db secret
|
2026-01-08 02:45:00 -03:00 |
|
|
|
b95683da2a
|
comms: restart MAS after secret bootstrap
|
2026-01-08 02:35:09 -03:00 |
|
|
|
6e0b3c43bd
|
keycloak: rerun MAS secrets bootstrap
|
2026-01-08 02:32:31 -03:00 |
|
|
|
9a544010fb
|
comms: grant MAS secret bootstrap cluster role
|
2026-01-08 02:31:54 -03:00 |
|
|
|
9d3b27e567
|
keycloak: rerun MAS secrets bootstrap
|
2026-01-08 02:25:55 -03:00 |
|
|
|
1c9efd6808
|
comms: allow MAS secrets create
|
2026-01-08 02:25:19 -03:00 |
|
|
|
6e7118c14d
|
keycloak: use create for MAS secrets
|
2026-01-08 02:23:40 -03:00 |
|
|
|
6c99eb452e
|
keycloak: make MAS secret job idempotent
|
2026-01-08 02:21:37 -03:00 |
|
|
|
e9fb11af40
|
keycloak: allow MAS secret apply read access
|
2026-01-08 02:19:21 -03:00 |
|
|
|
afce04b9b2
|
keycloak: rerun MAS secrets bootstrap
|
2026-01-08 02:17:04 -03:00 |
|
|
|
2aea7e3601
|
keycloak: retry MAS secret bootstrap
|
2026-01-08 02:12:40 -03:00 |
|
|
|
05848223eb
|
comms: ensure MAS secrets via keycloak admin job
|
2026-01-08 02:09:23 -03:00 |
|
|
|
3aa36e87b8
|
comms: retry guest rename when MAS restarts
|
2026-01-08 02:00:52 -03:00 |
|
|
|
9a76680cc4
|
comms: track local knowledge markdown
|
2026-01-08 01:58:17 -03:00 |
|
|
|
660b49bc5d
|
comms: consolidate stack manifests
|
2026-01-08 01:55:58 -03:00 |
|
|
|
d3ac4726e2
|
comms: rename guests via MAS admin sessions
|
2026-01-08 00:26:20 -03:00 |
|
|
|
57e414adc6
|
comms: rerun synapse admin seeder job
|
2026-01-08 00:20:55 -03:00 |
|
|
|
ca49c84086
|
comms: fix guest randomizer syntax
|
2026-01-08 00:15:41 -03:00 |
|
|
|
47f0ff7c01
|
comms: fix guest rename job with MAS admin sessions
|
2026-01-08 00:13:40 -03:00 |
|
|
|
e44ee3ab2d
|
comms: fix guest registration via MAS admin API
|
2026-01-07 20:02:03 -03:00 |
|
|
|
70e40b281f
|
comms: issue guest tokens via MAS
|
2026-01-07 19:51:33 -03:00 |
|
|
|
cd4b963db4
|
comms: serve register flows for guest UI
|
2026-01-07 19:09:13 -03:00 |
|
|
|
695e1ec322
|
comms: set guest displayname at registration
|
2026-01-07 11:23:53 -03:00 |
|
|
|
c950c32e93
|
comms: re-enable guest name randomizer
|
2026-01-07 11:17:33 -03:00 |
|
|
|
658e434e65
|
comms: return 405 for GET /register
|
2026-01-07 11:14:28 -03:00 |
|
|
|
49ec3d1be8
|
comms: restart synapse + guest proxy
|
2026-01-07 10:46:33 -03:00 |
|
|
|
eb1cb8cb00
|
comms: move guest register module endpoint
|
2026-01-07 10:42:11 -03:00 |
|
|
|
44404aa2f2
|
comms: restore Element guest registration
|
2026-01-07 10:34:52 -03:00 |
|
|
|
949995a8a0
|
comms: add guest register module scaffolding
|
2026-01-07 10:25:10 -03:00 |
|
|
|
c111f773b7
|
nextcloud: reset storage claims
|
2026-01-07 10:13:09 -03:00 |
|
|
|
376cbf6d70
|
comms: mint guest sessions via MAS
|
2026-01-07 10:12:37 -03:00 |
|
|
|
7ba578ed21
|
comms: restore Synapse guest join
|
2026-01-07 09:54:41 -03:00 |
|
|
|
4a55b39b0d
|
comms: add Synapse guest appservice secret job
|
2026-01-07 09:49:08 -03:00 |
|
|
|
9bb90053a1
|
nextcloud: persist web root in pvc
|
2026-01-07 09:40:25 -03:00 |
|
|
|
a711c450d3
|
comms: implement MAS-backed guest register
|
2026-01-07 09:36:45 -03:00 |
|
|
|
1bcb9baba2
|
comms: ensure seeder is Synapse admin
|
2026-01-07 09:31:46 -03:00 |
|
|
|
9d5ba6adfe
|
nextcloud: preserve config merge and stop db reset
|
2026-01-07 09:20:22 -03:00 |
|
|
|
ff395f7cf2
|
comms: restore Matrix guest join
|
2026-01-07 09:17:45 -03:00 |
|
|
|
6850f7b2fc
|
nextcloud: avoid forcing installed flag
|
2026-01-07 09:14:20 -03:00 |
|
|
|
c928b7805c
|
nextcloud: install oidc app from release tarball
|
2026-01-07 09:02:22 -03:00 |
|
|
|
77ce04c562
|
nextcloud: reset external app config and force reinstall
|
2026-01-07 08:58:50 -03:00 |
|
|
|
59b719da54
|
nextcloud: install oidc login via app store
|
2026-01-07 08:51:07 -03:00 |
|
|
|
52295538a0
|
nextcloud: fix db reset command
|
2026-01-07 08:46:57 -03:00 |
|
|
|
3db0661a48
|
nextcloud: reset storage mounts and restore office
|
2026-01-07 08:43:45 -03:00 |
|
|
|
cb7429a6a1
|
nextcloud: stabilize install guardrails
|
2026-01-07 04:49:55 -03:00 |
|
|
|
5a92e99c8d
|
nextcloud-mail-sync: align data mount
|
2026-01-07 04:43:13 -03:00 |
|
|
|
7506919394
|
nextcloud: align app/data mounts
|
2026-01-07 04:41:00 -03:00 |
|
|
|
46c0a4e290
|
nextcloud: restore single data volume mount
|
2026-01-07 03:52:14 -03:00 |
|
|
|
da81946771
|
nextcloud: rebind user data pvc to restore data
|
2026-01-07 03:43:57 -03:00 |
|
|
|
428c2b5435
|
nextcloud: restore app and user-data volumes
|
2026-01-07 03:39:59 -03:00 |
|
|
|
ef0dfab20c
|
mailu: harden postfix relay restrictions
|
2026-01-07 02:47:12 -03:00 |
|
|
|
8749d8a884
|
nextcloud: rebind data pvc to prior volume
|
2026-01-07 01:10:24 -03:00 |
|
|
|
58bc646621
|
nextcloud: allow OIDC auto user creation
|
2026-01-07 00:12:21 -03:00 |
|
|
|
16dc0e16f1
|
nextcloud: enforce OIDC-only config
|
2026-01-07 00:03:57 -03:00 |
|
|
|
9d9aa5b64b
|
nextcloud: force OIDC login
|
2026-01-06 23:54:33 -03:00 |
|
|
|
2d6883eb67
|
nextcloud: restore mimetype defaults for external app
|
2026-01-06 22:16:51 -03:00 |
|
|
|
a15a2ce923
|
nextcloud: reinstall custom apps with compatible mail
|
2026-01-06 22:09:16 -03:00 |
|
|
|
f1e94717ed
|
nextcloud: pin mail/external app versions for 29
|
2026-01-06 22:03:01 -03:00 |
|
|
|
99e56fe1b4
|
nextcloud: register custom apps path
|
2026-01-06 21:51:19 -03:00 |
|
|
|
93b219e571
|
nextcloud: pin app download URLs
|
2026-01-06 21:43:36 -03:00 |
|
|
|
7a7433f824
|
nextcloud: install oidc/mail/external apps from releases
|
2026-01-06 21:39:55 -03:00 |
|
|
|
5fe584cc5f
|
nextcloud: ensure oidc/mail/external apps installed
|
2026-01-06 21:35:31 -03:00 |
|
|
|
39d57613db
|
nextcloud: remove db reset job
|
2026-01-06 21:27:06 -03:00 |
|
|
|
36552e425f
|
nextcloud: fix su command quoting
|
2026-01-06 21:24:36 -03:00 |
|
|
|
e5cb4571d8
|
nextcloud: fix install command quoting
|
2026-01-06 21:22:12 -03:00 |
|
|
|
b9d75d279c
|
nextcloud: reinstall when config not installed
|
2026-01-06 21:18:16 -03:00 |
|
|
|
c954fb7546
|
nextcloud: add one-time db reset job
|
2026-01-06 21:15:52 -03:00 |
|
|
|
45563f74b3
|
nextcloud: run install occ as www-data
|
2026-01-06 21:07:33 -03:00 |
|
|
|
221fda50a6
|
atlasbot: add PromQL + cluster snapshot
|
2026-01-06 14:58:29 -03:00 |
|
|
|
b313569e2f
|
atlasbot: fix kb loader import
|
2026-01-06 14:55:19 -03:00 |
|
|
|
4a5f3d4c92
|
nextcloud: install without runuser
|
2026-01-06 14:53:58 -03:00 |
|
|
|
0a8e8e27da
|
knowledge: add runbooks skeleton
|
2026-01-06 14:53:19 -03:00 |
|
|
|
91d4ecf451
|
nextcloud: run install init as root
|
2026-01-06 14:52:25 -03:00 |
|
|
|
6728b4f4ae
|
atlasbot: add KB + read-only tools
|
2026-01-06 14:46:36 -03:00 |
|
|
|
7283a740e6
|
nextcloud: install when config missing
|
2026-01-06 14:46:16 -03:00 |
|
|
|
46884bdd0c
|
nextcloud: ensure data dir and perms
|
2026-01-06 14:43:18 -03:00 |
|
|
|
d4f1d01b9c
|
nextcloud: reset empty config on boot
|
2026-01-06 14:40:29 -03:00 |
|
|
|
556b714e50
|
nextcloud/monitoring: fix perms and mail panels
|
2026-01-06 14:38:10 -03:00 |
|
|
|
37e8e691e2
|
nextcloud: restore app files for maintenance job
|
2026-01-06 14:22:26 -03:00 |
|
|
|
8a12c8cdbd
|
nextcloud: call occ via absolute path
|
2026-01-06 14:16:47 -03:00 |
|
|
|
bf358bcdfd
|
flux: track nextcloud app
|
2026-01-06 14:14:38 -03:00 |
|
|
|
e8cf4070b5
|
nextcloud: set theming via app config
|
2026-01-06 14:11:24 -03:00 |
|
|
|
4d92263871
|
mailu: enable smtpd sasl auth
|
2026-01-06 14:06:55 -03:00 |
|
|
|
c693e695b4
|
mailu: harden relay + fix postmark exporter
|
2026-01-06 14:00:14 -03:00 |
|
|
|
6a4b7f4431
|
titan-jh: enable node exporter
|
2026-01-06 12:47:34 -03:00 |
|
|
|
109c17dd95
|
nextcloud: default mail html
|
2026-01-06 10:02:50 -03:00 |
|
|
|
a14726350c
|
monitoring: add titan-jh control plane node
|
2026-01-06 09:50:40 -03:00 |
|
|
|
7d64f0d1d9
|
mailu: harden relay restrictions
|
2026-01-06 09:03:28 -03:00 |
|
|
|
5fcff4fc8a
|
monitoring: refine mail overview panels
|
2026-01-06 02:34:52 -03:00 |
|
|
|
d5d2fc66b9
|
monitoring: refine mail stats and add send-limit usage
|
2026-01-06 02:06:20 -03:00 |
|
|
|
1fb56bae70
|
monitoring: restart postmark exporter
|
2026-01-05 22:07:52 -03:00 |
|
|
|
12b579d951
|
monitoring: add Postmark today window
|
2026-01-05 22:06:24 -03:00 |
|
|
|
9be25e16fe
|
monitoring: add Postmark mail dashboard
|
2026-01-05 21:55:59 -03:00 |
|
|
|
d132917d9e
|
monitoring: add Postmark bounce exporter
|
2026-01-05 21:44:29 -03:00 |
|
|
|
ec208fe0f6
|
mailu: remove pod network relay
|
2026-01-05 21:27:19 -03:00 |
|
|
|
6195005206
|
mailu: disable unauthenticated pod relay
|
2026-01-05 21:21:47 -03:00 |
|
|
|
a4105c68db
|
scripts: add vaultwarden test cleanup
|
2026-01-05 13:51:25 -03:00 |
|
|
|
28a5d53c98
|
monitoring(dashboards): tune namespace share metrics
|
2026-01-05 13:30:51 -03:00 |
|
|
|
89d47cba79
|
scripts: harden atlas cleanup script
|
2026-01-05 13:30:51 -03:00 |
|
flux-bot
|
55b25fbfd6
|
chore(bstein-dev-home): automated image update
|
2026-01-05 06:20:19 +00:00 |
|
flux-bot
|
5877611b4f
|
chore(bstein-dev-home): automated image update
|
2026-01-05 06:19:15 +00:00 |
|
flux-bot
|
ad7ac5b38d
|
chore(bstein-dev-home): automated image update
|
2026-01-05 06:00:18 +00:00 |
|
flux-bot
|
3e2a90e377
|
chore(bstein-dev-home): automated image update
|
2026-01-05 05:59:13 +00:00 |
|
flux-bot
|
9d9c2830f7
|
chore(bstein-dev-home): automated image update
|
2026-01-05 05:48:17 +00:00 |
|
flux-bot
|
5358559787
|
chore(bstein-dev-home): automated image update
|
2026-01-05 05:47:12 +00:00 |
|
flux-bot
|
86c6c5a0f8
|
chore(bstein-dev-home): automated image update
|
2026-01-05 05:34:16 +00:00 |
|
flux-bot
|
089e8155ae
|
chore(bstein-dev-home): automated image update
|
2026-01-05 05:32:52 +00:00 |
|
|
|
08c54d3d01
|
scripts: add atlas test cleanup
|
2026-01-05 00:25:39 -03:00 |
|
flux-bot
|
38eceaadfa
|
chore(bstein-dev-home): automated image update
|
2026-01-05 03:11:58 +00:00 |
|
flux-bot
|
3ede688676
|
chore(bstein-dev-home): automated image update
|
2026-01-05 03:10:47 +00:00 |
|
flux-bot
|
5470002e3e
|
chore(bstein-dev-home): automated image update
|
2026-01-05 02:39:56 +00:00 |
|
flux-bot
|
010a0b5e22
|
chore(bstein-dev-home): automated image update
|
2026-01-05 02:38:45 +00:00 |
|
|
|
0805dbc5e9
|
test(portal): tolerate slow approval endpoint
|
2026-01-04 23:04:50 -03:00 |
|
|
|
2e52956155
|
test(portal): align onboarding E2E with vaultwarden-first flow
|
2026-01-04 23:01:01 -03:00 |
|
flux-bot
|
eff9bfb761
|
chore(bstein-dev-home): automated image update
|
2026-01-05 01:55:52 +00:00 |
|
flux-bot
|
4c59fccedf
|
chore(bstein-dev-home): automated image update
|
2026-01-05 01:54:42 +00:00 |
|
flux-bot
|
70ed083d96
|
chore(bstein-dev-home): automated image update
|
2026-01-05 01:04:49 +00:00 |
|
flux-bot
|
cf0e5bfc89
|
chore(bstein-dev-home): automated image update
|
2026-01-05 01:03:38 +00:00 |
|
flux-bot
|
211504d47a
|
chore(bstein-dev-home): automated image update
|
2026-01-04 16:16:11 +00:00 |
|
flux-bot
|
f735dba10d
|
chore(bstein-dev-home): automated image update
|
2026-01-04 16:15:00 +00:00 |
|
flux-bot
|
513dce99b6
|
chore(bstein-dev-home): automated image update
|
2026-01-04 16:06:10 +00:00 |
|
flux-bot
|
64cdcec364
|
chore(bstein-dev-home): automated image update
|
2026-01-04 16:04:59 +00:00 |
|
flux-bot
|
291073884a
|
chore(bstein-dev-home): automated image update
|
2026-01-04 15:36:08 +00:00 |
|
flux-bot
|
58f36edf92
|
chore(bstein-dev-home): automated image update
|
2026-01-04 15:34:57 +00:00 |
|
|
|
e66e782e4a
|
portal: add test user cleanup tool
|
2026-01-04 09:39:26 -03:00 |
|
flux-bot
|
9ff8fc9e72
|
chore(bstein-dev-home): automated image update
|
2026-01-04 12:22:54 +00:00 |
|
flux-bot
|
31994f9243
|
chore(bstein-dev-home): automated image update
|
2026-01-04 12:21:44 +00:00 |
|
flux-bot
|
b28fdece0a
|
chore(bstein-dev-home): automated image update
|
2026-01-04 11:50:52 +00:00 |
|
flux-bot
|
b82e2b99db
|
chore(bstein-dev-home): automated image update
|
2026-01-04 11:49:41 +00:00 |
|
|
|
6eeff1271c
|
test(portal): stop requiring totp
|
2026-01-04 08:35:49 -03:00 |
|
flux-bot
|
20332f7029
|
chore(bstein-dev-home): automated image update
|
2026-01-04 11:28:50 +00:00 |
|
flux-bot
|
1a8b3ce304
|
chore(bstein-dev-home): automated image update
|
2026-01-04 11:27:40 +00:00 |
|
flux-bot
|
333481bd67
|
chore(bstein-dev-home): automated image update
|
2026-01-04 10:36:47 +00:00 |
|
flux-bot
|
6f784c94a4
|
chore(bstein-dev-home): automated image update
|
2026-01-04 10:35:36 +00:00 |
|
|
|
55606e5b70
|
fix(portal): pin kubectl image digest
|
2026-01-04 03:40:13 -03:00 |
|
|
|
17a9a7e245
|
test(portal): sync e2e client secret
|
2026-01-04 03:35:26 -03:00 |
|
|
|
c53d310c59
|
test(portal): use external Keycloak URL
|
2026-01-04 03:27:32 -03:00 |
|
|
|
b9d2fa8277
|
test(portal): improve e2e auth errors
|
2026-01-04 03:01:56 -03:00 |
|
|
|
c298946ce0
|
test(portal): approve requests via admin API
|
2026-01-04 02:58:44 -03:00 |
|
|
|
0b96894e7a
|
tests(portal): rerun onboarding e2e job (8)
|
2026-01-04 02:26:42 -03:00 |
|
|
|
4a841a1660
|
fix(bstein-dev-home): harden backend gunicorn
|
2026-01-04 02:25:40 -03:00 |
|
|
|
bbb15a6532
|
tests(portal): rerun onboarding e2e job (7)
|
2026-01-04 02:09:59 -03:00 |
|
|
|
4b77f909af
|
tests(portal): refresh keycloak token during e2e
|
2026-01-04 02:09:36 -03:00 |
|
|
|
d0e088e50a
|
tests(portal): rerun onboarding e2e job
|
2026-01-04 01:57:53 -03:00 |
|
flux-bot
|
d2fa996b8a
|
chore(bstein-dev-home): automated image update
|
2026-01-04 04:55:22 +00:00 |
|
flux-bot
|
d7c44e65a6
|
chore(bstein-dev-home): automated image update
|
2026-01-04 04:53:11 +00:00 |
|
|
|
04b730dbab
|
tests(portal): verify access requests via email
|
2026-01-04 01:48:46 -03:00 |
|
|
|
a7f68ddddb
|
test: ensure smtp probe user has email
|
2026-01-04 01:08:17 -03:00 |
|
|
|
38b4935e1d
|
test: send execute-actions-email to existing mailbox
|
2026-01-04 01:06:05 -03:00 |
|
|
|
7cbbb7e193
|
test: fix keycloak execute-actions-email probe
|
2026-01-04 00:59:24 -03:00 |
|
|
|
eb11eaff4e
|
keycloak: allow e2e client execute-actions-email
|
2026-01-04 00:58:02 -03:00 |
|
|
|
cadb0daba0
|
tests: add Keycloak email probe
|
2026-01-04 00:53:13 -03:00 |
|
flux-bot
|
d21f18d920
|
chore(bstein-dev-home): automated image update
|
2026-01-04 03:46:18 +00:00 |
|
flux-bot
|
7407d42f98
|
chore(bstein-dev-home): automated image update
|
2026-01-04 03:45:07 +00:00 |
|
|
|
300873f743
|
bstein-dev-home: relax health probe timeouts
|
2026-01-03 22:34:39 -03:00 |
|
|
|
6bda606760
|
test: stabilize portal onboarding e2e
|
2026-01-03 22:27:33 -03:00 |
|
|
|
8cdd5fa1ba
|
bstein-dev-home: fix onboarding e2e job url
|
2026-01-03 22:11:57 -03:00 |
|
|
|
f628d2768b
|
bstein-dev-home: add onboarding e2e job
|
2026-01-03 21:53:45 -03:00 |
|
flux-bot
|
4b52203532
|
chore(bstein-dev-home): automated image update
|
2026-01-04 00:53:05 +00:00 |
|
flux-bot
|
d2d4b601f3
|
chore(bstein-dev-home): automated image update
|
2026-01-04 00:51:54 +00:00 |
|
flux-bot
|
eb560a38fa
|
chore(bstein-dev-home): automated image update
|
2026-01-03 23:42:00 +00:00 |
|
flux-bot
|
aad5a29986
|
chore(bstein-dev-home): automated image update
|
2026-01-03 23:40:49 +00:00 |
|
|
|
762164aed4
|
bstein-dev-home: reduce lab status probe timeout
|
2026-01-03 20:02:53 -03:00 |
|
flux-bot
|
dd473b8a8c
|
chore(bstein-dev-home): automated image update
|
2026-01-03 22:56:57 +00:00 |
|
flux-bot
|
558cab9a0b
|
chore(bstein-dev-home): automated image update
|
2026-01-03 22:55:46 +00:00 |
|
|
|
c5fa1b5a38
|
vaultwarden: backfill synced_at
|
2026-01-03 18:43:25 -03:00 |
|
|
|
b63b724b52
|
keycloak: rerun realm settings job
|
2026-01-03 18:27:29 -03:00 |
|
|
|
ab658fa064
|
keycloak: allow vaultwarden user attributes
|
2026-01-03 18:25:48 -03:00 |
|
|
|
e8fab60d89
|
vaultwarden: skip reinvite when status set
|
2026-01-03 18:21:04 -03:00 |
|
|
|
51a733096f
|
vaultwarden: make cred sync idempotent
|
2026-01-03 18:18:31 -03:00 |
|
|
|
12348258fa
|
vaultwarden: allow internal SMTP TLS
|
2026-01-03 17:54:27 -03:00 |
|
|
|
b7c8b4693d
|
vaultwarden: enable SMTP via Mailu
|
2026-01-03 17:44:24 -03:00 |
|
flux-bot
|
148bba0fd6
|
chore(bstein-dev-home): automated image update
|
2026-01-03 20:29:46 +00:00 |
|
flux-bot
|
dbd14fac8b
|
chore(bstein-dev-home): automated image update
|
2026-01-03 20:28:35 +00:00 |
|
|
|
e1deeb1853
|
vaultwarden: avoid RWO multi-attach rollout
|
2026-01-03 17:12:46 -03:00 |
|
|
|
c11a663d05
|
vaultwarden: use Recreate strategy
|
2026-01-03 17:07:48 -03:00 |
|
|
|
2ee8f7da88
|
flux: resume vaultwarden
|
2026-01-03 17:00:19 -03:00 |
|
flux-bot
|
6be16eed1d
|
chore(bstein-dev-home): automated image update
|
2026-01-03 19:59:44 +00:00 |
|
flux-bot
|
db27242ce1
|
chore(bstein-dev-home): automated image update
|
2026-01-03 19:58:33 +00:00 |
|
|
|
c386ff7c7a
|
vaultwarden: disable signups and sync invites
|
2026-01-03 16:55:02 -03:00 |
|
|
|
70980a2ca9
|
keycloak: add token exchange E2E smoke test
|
2026-01-03 15:58:44 -03:00 |
|
|
|
e73baa6ecd
|
keycloak: robust policy lookup for token exchange job
|
2026-01-03 15:50:43 -03:00 |
|
|
|
3f19d01d00
|
keycloak: make token exchange permissions job idempotent
|
2026-01-03 15:48:40 -03:00 |
|
|
|
cb37756f5f
|
keycloak: fix token exchange permission patching
|
2026-01-03 15:46:26 -03:00 |
|
|
|
1f2bddc7fe
|
keycloak: retry token exchange permissions job
|
2026-01-03 15:45:04 -03:00 |
|
|
|
df959ee17d
|
keycloak: enable fine-grained token exchange authz
|
2026-01-03 15:43:07 -03:00 |
|
|
|
b21a79dad7
|
keycloak: allow token exchange to portal
|
2026-01-03 14:48:28 -03:00 |
|
|
|
e09589ec35
|
keycloak: add portal e2e client
|
2026-01-03 14:35:23 -03:00 |
|
|
|
f1d1e1bd7d
|
keycloak: enable token exchange
|
2026-01-03 14:29:28 -03:00 |
|
|
|
c8f9b59e4a
|
keycloak: allow nextcloud mail profile attrs
|
2026-01-03 12:36:23 -03:00 |
|
flux-bot
|
73728bcc09
|
chore(bstein-dev-home): automated image update
|
2026-01-03 15:23:24 +00:00 |
|
flux-bot
|
db17c95ee0
|
chore(bstein-dev-home): automated image update
|
2026-01-03 15:23:13 +00:00 |
|
|
|
565fad4522
|
nextcloud-mail-sync: portal RBAC
|
2026-01-03 12:22:41 -03:00 |
|
|
|
91106ee298
|
nextcloud: per-user mail sync + portal RBAC
|
2026-01-03 12:18:29 -03:00 |
|
|
|
51b0a88a62
|
nextcloud: delegate mail sync to separate kustomization
|
2026-01-03 07:44:24 -03:00 |
|
|
|
caa23e6f1c
|
fix(nextcloud-mail-sync): fix bash syntax
|
2026-01-03 07:39:45 -03:00 |
|
|
|
c7c2e03ea2
|
fix(nextcloud-mail-sync): mawk-compatible email regex
|
2026-01-03 07:18:50 -03:00 |
|
|
|
6cd63b067d
|
fix(nextcloud-mail-sync): capture occ export output reliably
|
2026-01-03 07:13:58 -03:00 |
|
|
|
c165087eda
|
fix(nextcloud-mail-sync): portable email parsing
|
2026-01-03 07:06:30 -03:00 |
|
|
|
a76d944433
|
nextcloud-mail-sync: manage CronJob via Flux
|
2026-01-03 07:03:43 -03:00 |
|
flux-bot
|
b06dcb2263
|
chore(bstein-dev-home): automated image update
|
2026-01-03 09:54:01 +00:00 |
|
|
|
51f94194be
|
fix(nextcloud): dedupe + update mail accounts
|
2026-01-03 06:53:23 -03:00 |
|
flux-bot
|
9d8c113850
|
chore(bstein-dev-home): automated image update
|
2026-01-03 09:52:50 +00:00 |
|
flux-bot
|
e82be4955b
|
chore(bstein-dev-home): automated image update
|
2026-01-03 09:29:59 +00:00 |
|
flux-bot
|
2d17d03b3d
|
chore(bstein-dev-home): automated image update
|
2026-01-03 09:28:48 +00:00 |
|
|
|
747b6aacb6
|
keycloak: set bstein mailu_email
|
2026-01-03 06:15:16 -03:00 |
|
flux-bot
|
034acdaaf2
|
chore(bstein-dev-home): automated image update
|
2026-01-03 08:16:54 +00:00 |
|
flux-bot
|
25ce112c82
|
chore(bstein-dev-home): automated image update
|
2026-01-03 08:15:43 +00:00 |
|
flux-bot
|
a7222878c3
|
chore(bstein-dev-home): automated image update
|
2026-01-03 08:01:52 +00:00 |
|
flux-bot
|
dd3b940ee7
|
chore(bstein-dev-home): automated image update
|
2026-01-03 08:00:42 +00:00 |
|
flux-bot
|
6360012155
|
chore(bstein-dev-home): automated image update
|
2026-01-03 07:33:50 +00:00 |
|
flux-bot
|
fff9ffbba7
|
chore(bstein-dev-home): automated image update
|
2026-01-03 07:32:40 +00:00 |
|
flux-bot
|
cc677eb7f3
|
chore(bstein-dev-home): automated image update
|
2026-01-03 07:14:49 +00:00 |
|
flux-bot
|
335906aafc
|
chore(bstein-dev-home): automated image update
|
2026-01-03 07:13:39 +00:00 |
|
|
|
0b211520cb
|
keycloak: allow mailu_email + groups
|
2026-01-03 03:32:38 -03:00 |
|
flux-bot
|
5c618c6560
|
chore(bstein-dev-home): automated image update
|
2026-01-03 06:17:45 +00:00 |
|
flux-bot
|
b1706397b6
|
chore(bstein-dev-home): automated image update
|
2026-01-03 06:16:34 +00:00 |
|
flux-bot
|
23ebcbaf92
|
chore(bstein-dev-home): automated image update
|
2026-01-03 05:41:43 +00:00 |
|
flux-bot
|
76bb48eac1
|
chore(bstein-dev-home): automated image update
|
2026-01-03 05:40:32 +00:00 |
|
|
|
e6eff8165a
|
mailu: sync via mailu_email attribute
|
2026-01-03 02:35:47 -03:00 |
|
|
|
10e322e853
|
keycloak(atlas): default TOTP required action
|
2026-01-03 01:09:14 -03:00 |
|
flux-bot
|
c080d39375
|
chore(bstein-dev-home): automated image update
|
2026-01-03 04:04:36 +00:00 |
|
flux-bot
|
64138ea045
|
chore(bstein-dev-home): automated image update
|
2026-01-03 04:03:25 +00:00 |
|
flux-bot
|
14a9a8403a
|
chore(bstein-dev-home): automated image update
|
2026-01-03 03:47:34 +00:00 |
|
flux-bot
|
c62e142a87
|
chore(bstein-dev-home): automated image update
|
2026-01-03 03:46:24 +00:00 |
|
|
|
c9d9a28c03
|
portal: fix vaultwarden sync job env
|
2026-01-02 21:11:44 -03:00 |
|
flux-bot
|
479cb81b3e
|
chore(bstein-dev-home): automated image update
|
2026-01-03 00:09:19 +00:00 |
|
flux-bot
|
bb49d584f5
|
chore(bstein-dev-home): automated image update
|
2026-01-03 00:09:08 +00:00 |
|
flux-bot
|
efb226fe07
|
chore(bstein-dev-home): automated image update
|
2026-01-03 00:05:12 +00:00 |
|
|
|
5437cebb9e
|
sso: provision vaultwarden users
|
2026-01-02 21:04:12 -03:00 |
|
flux-bot
|
727d8cfd48
|
chore(bstein-dev-home): automated image update
|
2026-01-02 23:27:16 +00:00 |
|
flux-bot
|
4e1ec914f6
|
chore(bstein-dev-home): automated image update
|
2026-01-02 23:27:05 +00:00 |
|
|
|
0f26bd508e
|
keycloak(atlas): disable browser IdP redirector
|
2026-01-02 20:09:05 -03:00 |
|
|
|
21d8fc3788
|
keycloak(atlas): retry realm settings job
|
2026-01-02 20:04:47 -03:00 |
|
|
|
54d324f555
|
keycloak(atlas): harden realm settings job
|
2026-01-02 20:02:11 -03:00 |
|
flux-bot
|
3f1780daed
|
chore(bstein-dev-home): automated image update
|
2026-01-02 22:24:11 +00:00 |
|
flux-bot
|
82b2c95bf0
|
chore(bstein-dev-home): automated image update
|
2026-01-02 22:23:00 +00:00 |
|
|
|
503a9264c5
|
keycloak: cleanup LDAP federation
|
2026-01-02 18:45:45 -03:00 |
|
|
|
b509234aee
|
bstein-dev-home: allow vaultwarden admin secret read
|
2026-01-02 18:05:17 -03:00 |
|
|
|
5e3cfee3d5
|
bstein-dev-home: read vaultwarden admin token
|
2026-01-02 18:03:06 -03:00 |
|
flux-bot
|
ee0aee71f8
|
chore(bstein-dev-home): automated image update
|
2026-01-02 20:48:04 +00:00 |
|
flux-bot
|
a92a51c6c5
|
chore(bstein-dev-home): automated image update
|
2026-01-02 20:46:53 +00:00 |
|
|
|
2254532642
|
keycloak: roll update with no surge
|
2026-01-02 17:15:37 -03:00 |
|
|
|
22b7e7aa66
|
keycloak: clear rollingUpdate for recreate
|
2026-01-02 17:09:24 -03:00 |
|
|
|
23a9e1ec30
|
keycloak: use recreate strategy with pvc
|
2026-01-02 17:02:59 -03:00 |
|
|
|
e2e76592a0
|
keycloak: enable debug logging
|
2026-01-02 16:57:42 -03:00 |
|
|
|
e5f41cfa2b
|
vaultwarden: suspend flux kustomization
|
2026-01-02 16:26:48 -03:00 |
|
|
|
c36d318d81
|
vaultwarden: add flux kustomization
|
2026-01-02 16:17:53 -03:00 |
|
|
|
1346ccd31b
|
keycloak: repair ldap federation parentId
|
2026-01-02 14:12:20 -03:00 |
|
|
|
8a2f3c733e
|
sso: fix keycloak ldap provider parentId
|
2026-01-02 14:02:05 -03:00 |
|
|
|
d70b685f27
|
sso: remove openldap bootstrap job
|
2026-01-02 13:50:02 -03:00 |
|
|
|
2c86a6d95f
|
sso: bump openldap bootstrap job
|
2026-01-02 13:40:11 -03:00 |
|
|
|
5ae9bf578e
|
sso: make openldap bootstrap POSIX sh
|
2026-01-02 13:34:16 -03:00 |
|
|
|
8651ada4d9
|
sso: fix openldap bootstrap job
|
2026-01-02 13:25:30 -03:00 |
|
|
|
de14d68fc9
|
sso: codify openldap bootstrap and keycloak federation
|
2026-01-02 13:18:32 -03:00 |
|
flux-bot
|
ee90817040
|
chore(bstein-dev-home): automated image update
|
2026-01-02 16:13:45 +00:00 |
|
flux-bot
|
750f1a2cbf
|
chore(bstein-dev-home): automated image update
|
2026-01-02 16:12:33 +00:00 |
|
flux-bot
|
a9b7f86046
|
chore(bstein-dev-home): automated image update
|
2026-01-02 15:18:41 +00:00 |
|
flux-bot
|
f9462aae10
|
chore(bstein-dev-home): automated image update
|
2026-01-02 15:17:30 +00:00 |
|
flux-bot
|
78afccc53a
|
chore(bstein-dev-home): automated image update
|
2026-01-02 14:19:37 +00:00 |
|
flux-bot
|
9c627087eb
|
chore(bstein-dev-home): automated image update
|
2026-01-02 14:18:25 +00:00 |
|
flux-bot
|
f05a8a2200
|
chore(bstein-dev-home): automated image update
|
2026-01-02 13:34:33 +00:00 |
|
flux-bot
|
b06ae2c89d
|
chore(bstein-dev-home): automated image update
|
2026-01-02 13:33:22 +00:00 |
|
flux-bot
|
30373c19e7
|
chore(bstein-dev-home): automated image update
|
2026-01-02 12:47:30 +00:00 |
|
flux-bot
|
d1294a0dc9
|
chore(bstein-dev-home): automated image update
|
2026-01-02 12:46:18 +00:00 |
|
flux-bot
|
d44b759f0b
|
chore(bstein-dev-home): automated image update
|
2026-01-02 07:35:08 +00:00 |
|
flux-bot
|
1ff8c8cdec
|
chore(bstein-dev-home): automated image update
|
2026-01-02 07:33:56 +00:00 |
|
|
|
46d4ab6dc8
|
keycloak: apply realm smtp via api
|
2026-01-02 04:03:27 -03:00 |
|
|
|
9fa081ca36
|
keycloak: set realm smtp server
|
2026-01-02 03:58:37 -03:00 |
|
|
|
77beacec53
|
keycloak: switch realm job to kcadm
|
2026-01-02 03:55:28 -03:00 |
|
flux-bot
|
6a155a7a7a
|
chore(bstein-dev-home): automated image update
|
2026-01-02 06:55:05 +00:00 |
|
flux-bot
|
0736c4255e
|
chore(bstein-dev-home): automated image update
|
2026-01-02 06:53:54 +00:00 |
|
|
|
816abca2df
|
keycloak: fix realm job service URL
|
2026-01-02 03:49:19 -03:00 |
|
|
|
2ef3b7d45c
|
keycloak: pin realm job to rpi nodes
|
2026-01-02 03:45:44 -03:00 |
|
|
|
7e464d3ec8
|
keycloak: enable reset password
|
2026-01-02 03:39:08 -03:00 |
|
flux-bot
|
89228d2d5e
|
chore(bstein-dev-home): automated image update
|
2026-01-02 06:17:02 +00:00 |
|
flux-bot
|
d46d411154
|
chore(bstein-dev-home): automated image update
|
2026-01-02 06:15:51 +00:00 |
|
|
|
5f7ea4544d
|
mailu: store app password as list
|
2026-01-02 03:09:46 -03:00 |
|
flux-bot
|
26f11db285
|
chore(bstein-dev-home): automated image update
|
2026-01-02 06:00:01 +00:00 |
|
flux-bot
|
05216a972f
|
chore(bstein-dev-home): automated image update
|
2026-01-02 05:58:49 +00:00 |
|
|
|
b7e34865fe
|
mailu: roll listener on script changes
Generate mailu-sync-listener ConfigMap from scripts/ and enable name-suffix hashing to trigger Deployment rollout.
|
2026-01-02 02:57:18 -03:00 |
|
|
|
b95eab5876
|
mailu: add wait-mode sync endpoint
Also bump portal timeouts and relax access request rate limits.
|
2026-01-02 02:54:20 -03:00 |
|
flux-bot
|
9daf8b345a
|
chore(bstein-dev-home): automated image update
|
2026-01-02 04:52:56 +00:00 |
|
flux-bot
|
20ad6a76ca
|
chore(bstein-dev-home): automated image update
|
2026-01-02 04:51:45 +00:00 |
|
flux-bot
|
0d79c4bcdc
|
chore(bstein-dev-home): automated image update
|
2026-01-02 04:39:56 +00:00 |
|
flux-bot
|
616c82807e
|
chore(bstein-dev-home): automated image update
|
2026-01-02 04:38:44 +00:00 |
|
|
|
7a97aa257b
|
services: scaffold postgres and vaultwarden manifests
|
2026-01-02 01:13:25 -03:00 |
|
flux-bot
|
6eb3ca1fce
|
chore(bstein-dev-home): automated image update
|
2026-01-02 03:59:52 +00:00 |
|
flux-bot
|
3ab4c866ea
|
chore(bstein-dev-home): automated image update
|
2026-01-02 03:58:41 +00:00 |
|
flux-bot
|
ee9fa7fd36
|
chore(bstein-dev-home): automated image update
|
2026-01-02 03:48:52 +00:00 |
|
flux-bot
|
04c5ee91a0
|
chore(bstein-dev-home): automated image update
|
2026-01-02 03:47:40 +00:00 |
|
|
|
1995ba7ec9
|
bstein-dev-home: add portal db + relax account gating
|
2026-01-02 00:42:25 -03:00 |
|
flux-bot
|
a30df479aa
|
chore(bstein-dev-home): automated image update
|
2026-01-02 02:46:47 +00:00 |
|
flux-bot
|
de8721cbaa
|
chore(bstein-dev-home): automated image update
|
2026-01-02 02:45:36 +00:00 |
|
|
|
edd2189f3c
|
nextcloud: make mail sync idempotent
|
2026-01-01 23:24:34 -03:00 |
|
flux-bot
|
90b071566a
|
chore(bstein-dev-home): automated image update
|
2026-01-02 02:23:46 +00:00 |
|
flux-bot
|
a56235f391
|
chore(bstein-dev-home): automated image update
|
2026-01-02 02:22:34 +00:00 |
|
flux-bot
|
58d14f1cb6
|
chore(bstein-dev-home): automated image update
|
2026-01-02 01:20:41 +00:00 |
|
flux-bot
|
d431b04114
|
chore(bstein-dev-home): automated image update
|
2026-01-02 01:19:29 +00:00 |
|
flux-bot
|
157c036371
|
chore(bstein-dev-home): automated image update
|
2026-01-02 00:58:40 +00:00 |
|
flux-bot
|
77761c1e42
|
chore(bstein-dev-home): automated image update
|
2026-01-02 00:57:28 +00:00 |
|
|
|
592539e2d3
|
bstein-dev-home: enable Keycloak portal
|
2026-01-01 21:45:53 -03:00 |
|
flux-bot
|
335ead9df5
|
chore(bstein-dev-home): automated image update
|
2026-01-02 00:44:39 +00:00 |
|
flux-bot
|
41d81ee41a
|
chore(bstein-dev-home): automated image update
|
2026-01-02 00:43:28 +00:00 |
|
|
|
ce6537a155
|
comms(synapse): enable MSC4108 QR login
|
2026-01-01 18:44:47 -03:00 |
|
|
|
d43e40d515
|
comms: leave stuck rooms via MAS admin
|
2026-01-01 18:26:50 -03:00 |
|
|
|
144467dfe2
|
comms(mas): enable internal admin API
|
2026-01-01 18:22:32 -03:00 |
|
|
|
32f1532508
|
monitoring: dual-provision overview orgs
|
2026-01-01 18:20:40 -03:00 |
|
|
|
b9dbeb98b0
|
comms(mas): drop flux-managed admin client secret
|
2026-01-01 18:20:03 -03:00 |
|
|
|
e1f163253b
|
comms(mas): create admin client runtime secret
|
2026-01-01 18:19:56 -03:00 |
|
|
|
324ee34648
|
comms(mas): stop managing admin client secret data
|
2026-01-01 18:15:16 -03:00 |
|
|
|
0a7410302d
|
comms(mas): fix admin secret job permissions
|
2026-01-01 18:12:21 -03:00 |
|
|
|
ae335fcff2
|
comms(mas): debug admin secret ensure job
|
2026-01-01 18:09:08 -03:00 |
|
|
|
9d979a69fe
|
comms(mas): make secret ensure job portable
|
2026-01-01 18:02:31 -03:00 |
|
|
|
353f2e9210
|
monitoring: recreate grafana rollouts
|
2026-01-01 18:00:07 -03:00 |
|
|
|
0f36576bac
|
comms(mas): patch admin secret via stringData
|
2026-01-01 17:56:39 -03:00 |
|
|
|
100a11e0de
|
monitoring: split overview org
|
2026-01-01 17:54:01 -03:00 |
|
|
|
c72e1e1f9b
|
comms(mas): fix admin client secret job
|
2026-01-01 17:52:18 -03:00 |
|
|
|
ed23d831b9
|
comms(mas): bootstrap admin client secret
|
2026-01-01 17:48:39 -03:00 |
|
|
|
eb3a6824e6
|
nextcloud: flux-manage mail sync
|
2026-01-01 17:47:07 -03:00 |
|
|
|
32f78c4f82
|
nextcloud: fix mail sync idempotency
|
2026-01-01 17:36:23 -03:00 |
|
|
|
70059dda33
|
comms: rerun bstein room cleanup after synapse restart
|
2026-01-01 17:27:24 -03:00 |
|
|
|
a8149bd993
|
comms: restart synapse to refresh admin cache
|
2026-01-01 17:25:09 -03:00 |
|
|
|
4e701c6340
|
comms: debug bstein room cleanup
|
2026-01-01 17:22:55 -03:00 |
|
|
|
b6c955e7da
|
comms: delete old test rooms for bstein
|
2026-01-01 17:20:28 -03:00 |
|
|
|
4a584f538d
|
comms: force leave old rooms (v3)
|
2026-01-01 17:16:57 -03:00 |
|
|
|
da972215d3
|
comms: force leave old rooms (v2)
|
2026-01-01 17:14:27 -03:00 |
|
|
|
8aecb88af3
|
comms: force leave old rooms
|
2026-01-01 17:01:55 -03:00 |
|
|
|
e1e95f9bef
|
monitoring: drop anonymous folder role
|
2026-01-01 16:53:53 -03:00 |
|
|
|
f6dba2b8c1
|
comms: reset othrys without synapse admin
|
2026-01-01 16:36:55 -03:00 |
|
|
|
dca01199ce
|
comms: reset othrys room
|
2026-01-01 16:29:11 -03:00 |
|
|
|
5da36a38c3
|
comms: fix atlas mention detection
|
2026-01-01 15:32:30 -03:00 |
|
|
|
0c1989c678
|
ai-llm: serialize rollout for RWO pvc
|
2026-01-01 14:48:54 -03:00 |
|
|
|
5093f77c0a
|
monitoring: per-panel namespace share filters
|
2026-01-01 14:44:33 -03:00 |
|
|
|
7c31d25c24
|
comms(atlasbot): rollout on config changes
|
2026-01-01 14:30:49 -03:00 |
|
|
|
2d8540907a
|
comms(atlasbot): respond to @atlas mentions and keep context
|
2026-01-01 14:28:11 -03:00 |
|
|
|
f18f1df1ce
|
monitoring: ensure gpu idle share renders
|
2026-01-01 14:21:43 -03:00 |
|
|
|
6a76fc0fa3
|
gpu: enable time-slicing and refresh dashboards
|
2026-01-01 14:16:08 -03:00 |
|
|
|
7020d53fd8
|
communication: drop old namespace manifest
|
2026-01-01 13:53:35 -03:00 |
|
|
|
dcc5714a8b
|
comms(synapse): fix signing key RBAC + rerun job
|
2026-01-01 13:47:33 -03:00 |
|
|
|
baed4737d9
|
comms(synapse): fix signingkey secret patch job
|
2026-01-01 13:37:21 -03:00 |
|
|
|
e82e66091c
|
comms(synapse): fix signingkey job image
|
2026-01-01 13:31:37 -03:00 |
|
|
|
e47e6d6e45
|
comms(synapse): ensure signing key secret populated
|
2026-01-01 13:25:59 -03:00 |
|
|
|
6ddfd394cb
|
communication: deploy into comms namespace
|
2026-01-01 13:12:45 -03:00 |
|
flux-bot
|
c6089fbf85
|
chore(bstein-dev-home): automated image update
|
2026-01-01 16:10:02 +00:00 |
|
flux-bot
|
d4a830da88
|
chore(bstein-dev-home): automated image update
|
2026-01-01 16:08:50 +00:00 |
|
|
|
79f99899ee
|
communication: prune stack for comms cutover
|
2026-01-01 13:07:11 -03:00 |
|
|
|
a48486912b
|
comms: create namespace via Flux
|
2026-01-01 13:03:43 -03:00 |
|
|
|
e503c40417
|
communication: stop staging comms namespace (kustomize conflict)
|
2026-01-01 13:00:56 -03:00 |
|
|
|
32e98a7836
|
communication: create comms namespace
|
2026-01-01 12:58:55 -03:00 |
|
|
|
554061711c
|
communication: use MAS for internal password logins
|
2026-01-01 12:57:00 -03:00 |
|
|
|
0f1f34c52a
|
communication(atlasbot): reduce spam and use atlasbot user
|
2026-01-01 12:50:26 -03:00 |
|
|
|
1f554e583a
|
keycloak: read POSTGRES_* db secret keys
|
2026-01-01 12:32:57 -03:00 |
|
|
|
7955d9133c
|
jellyfin: fix LDAP auth provider id
|
2026-01-01 12:22:43 -03:00 |
|
flux-bot
|
48d4e9c363
|
chore(bstein-dev-home): automated image update
|
2026-01-01 15:10:58 +00:00 |
|
flux-bot
|
47ac4a8580
|
chore(bstein-dev-home): automated image update
|
2026-01-01 15:09:46 +00:00 |
|
|
|
671b28b8f4
|
sso(openldap): remove bootstrap ldif
|
2026-01-01 12:02:21 -03:00 |
|
|
|
a4bcaf8912
|
sso(openldap): fix bootstrap ldif mount
|
2026-01-01 11:48:37 -03:00 |
|
flux-bot
|
9c6889440c
|
chore(bstein-dev-home): automated image update
|
2026-01-01 14:39:55 +00:00 |
|
flux-bot
|
8c799faa61
|
chore(bstein-dev-home): automated image update
|
2026-01-01 14:38:43 +00:00 |
|
|
|
1e64075478
|
sso(openldap): restore in-cluster LDAP
|
2026-01-01 11:37:52 -03:00 |
|
|
|
beb975182a
|
communication: render LiveKit TURN creds
|
2026-01-01 11:31:39 -03:00 |
|
|
|
5c59640bf5
|
communication: set LB externalTrafficPolicy Local
|
2026-01-01 04:19:12 -03:00 |
|
|
|
10f7f3a8c6
|
communication: advertise TURN over tcp
|
2026-01-01 03:54:19 -03:00 |
|
|
|
3948602c57
|
metallb: restore speaker log level info
|
2025-12-31 22:35:16 -03:00 |
|
|
|
b0bd7c97a5
|
metallb: set speaker lb-class
|
2025-12-31 22:15:08 -03:00 |
|
|
|
3a473ff482
|
metallb: enable speaker debug logs
|
2025-12-31 22:00:09 -03:00 |
|
|
|
8e702f14db
|
metallb: run speaker on all nodes
|
2025-12-31 21:45:12 -03:00 |
|
|
|
b4ac308af8
|
metallb: schedule speaker on rpi4+rpi5
|
2025-12-31 21:00:18 -03:00 |
|
|
|
04f46ed491
|
communication: use Cluster LB traffic policy
|
2025-12-31 20:55:46 -03:00 |
|
|
|
c32d734a69
|
communication: set LB traffic policy local
|
2025-12-31 19:59:26 -03:00 |
|
|
|
50c23b592a
|
communication: serve matrix well-known on matrix.live
|
2025-12-31 19:19:44 -03:00 |
|
|
|
af05370ad7
|
communication: fix well-known trailing slash and reload config
|
2025-12-31 19:17:31 -03:00 |
|
|
|
f1ca9d919d
|
communication: fix well-known nginx regex escaping
|
2025-12-31 19:15:01 -03:00 |
|
|
|
9c60011261
|
communication: serve matrix well-known with trailing slash
|
2025-12-31 19:13:08 -03:00 |
|
|
|
db01ab02ef
|
communication: fix LiveKit udp_port range and expose 7883
|
2025-12-31 18:48:18 -03:00 |
|
|
|
b7b1ffde6c
|
communication: fix LiveKit udp_port mux syntax
|
2025-12-31 18:44:54 -03:00 |
|
|
|
a260d55826
|
communication: remove one-shot syn2mas jobs
|
2025-12-31 18:32:26 -03:00 |
|
|
|
6c1ff72af6
|
communication: scale MAS/Synapse back up
|
2025-12-31 18:29:25 -03:00 |
|
|
|
c4931c381c
|
communication: prep syn2mas migrate (bcrypt, disable guests)
|
2025-12-31 18:27:04 -03:00 |
|
|
|
bbd3815f25
|
communication: rerun syn2mas migrate job
|
2025-12-31 18:22:22 -03:00 |
|
|
|
101fcc18a3
|
communication: syn2mas migrate mount MAS secrets
|
2025-12-31 18:16:53 -03:00 |
|
|
|
af03ac6dbc
|
communication: add MAS syn2mas migrate job
|
2025-12-31 18:14:44 -03:00 |
|
|
|
06a1cde738
|
communication: scale down MAS and Synapse for syn2mas
|
2025-12-31 18:12:45 -03:00 |
|
|
|
35770a8b90
|
communication: syn2mas check include synapse secret
|
2025-12-31 18:08:30 -03:00 |
|
|
|
805a7215bc
|
communication: fix syn2mas check db URI arg
|
2025-12-31 18:06:32 -03:00 |
|
|
|
9658e48a2d
|
communication: add MAS syn2mas check job
|
2025-12-31 18:00:57 -03:00 |
|
|
|
73f577a49a
|
communication: make suspended cronjobs fail-fast
|
2025-12-31 17:33:20 -03:00 |
|
|
|
26d82b3f85
|
communication: suspend flaky bootstrap cronjobs
|
2025-12-31 17:28:44 -03:00 |
|
|
|
bfd1c5dd49
|
communication: switch atlasbot to MAS login
|
2025-12-31 17:26:37 -03:00 |
|
|
|
be2c2ba33e
|
communication: route Matrix SSO redirects to MAS
|
2025-12-31 17:21:40 -03:00 |
|
|
|
a5112d5f88
|
communication: fix MAS image tag
|
2025-12-31 17:10:45 -03:00 |
|
|
|
8b37ba3213
|
communication: bump MAS to v1.8.0
|
2025-12-31 17:04:11 -03:00 |
|
|
|
214a228bf5
|
communication: drop msc3861 config for MAS
|
2025-12-31 16:54:58 -03:00 |
|
|
|
f869d0ffb9
|
communication: configure Synapse msc3861 client creds
|
2025-12-31 16:44:44 -03:00 |
|
|
|
2fdcfbfbaf
|
communication: add Synapse msc3861 admin token
|
2025-12-31 16:38:09 -03:00 |
|
|
|
650d210876
|
communication: move LiveKit media to 7882/7881
|
2025-12-31 16:27:09 -03:00 |
|
|
|
01dcb76966
|
communication: fix Matrix well-known auth JSON
|
2025-12-31 16:18:24 -03:00 |
|
|
|
385df610be
|
communication: disable Synapse OIDC under MAS
|
2025-12-31 16:11:33 -03:00 |
|
|
|
07ae28e1b1
|
communication: fix Synapse delegated auth
|
2025-12-31 16:05:32 -03:00 |
|
|
|
20df5cfb6e
|
communication: restart MAS on config change
|
2025-12-31 15:59:46 -03:00 |
|
|
|
683f495bd8
|
communication: make MAS listen on IPv4
|
2025-12-31 15:57:33 -03:00 |
|
|
|
cb82a44e2e
|
communication: enable MAS delegated auth
|
2025-12-31 15:53:35 -03:00 |
|
|
|
940e0cc613
|
communication: wire MAS secrets via init render
|
2025-12-31 15:49:21 -03:00 |
|
|
|
45f62bc331
|
communication: fix MAS config permissions
|
2025-12-31 15:44:17 -03:00 |
|
|
|
d9c003ce5a
|
communication: fix MAS container entrypoint
|
2025-12-31 15:41:15 -03:00 |
|
|
|
716059d9ac
|
communication: add matrix-authentication-service
|
2025-12-31 15:37:54 -03:00 |
|
|
|
6203faae3f
|
communication: make pin job mutable
|
2025-12-31 15:23:17 -03:00 |
|
|
|
d8d741bbd9
|
communication: remove plaintext secrets
|
2025-12-31 15:15:54 -03:00 |
|
|
|
aca05266fc
|
comms: avoid Synapse PVC rollout deadlock
|
2025-12-31 13:49:49 -03:00 |
|
|
|
ee6bcec3c5
|
chat.ai: gate root with API key
|
2025-12-31 13:43:24 -03:00 |
|
|
|
a815322f6e
|
comms: move LiveKit media to UDP 443
|
2025-12-31 13:25:45 -03:00 |
|
|
|
5ed650d19c
|
communication: prune guest-helper and synapse-federation
|
2025-12-31 12:16:59 -03:00 |
|
|
|
6759817518
|
communication: stage guest-helper for prune
|
2025-12-31 12:15:18 -03:00 |
|
|
|
71c58ee081
|
communication: disable livekit room auto-create
|
2025-12-31 12:11:54 -03:00 |
|
|
|
a6bd6b8cc8
|
communication: add Othrys stack via Flux
|
2025-12-31 12:00:12 -03:00 |
|
|
|
c0a53e59b5
|
jitsi-launcher: add oauth2-proxy error middleware for redirects
|
2025-12-25 16:57:40 -03:00 |
|
|
|
c9ebcfc869
|
jitsi-launcher: allow any authenticated user (no group gate)
|
2025-12-25 16:54:33 -03:00 |
|
|
|
0e3d36a5ae
|
jitsi-launcher: add health endpoint and readiness
|
2025-12-25 16:40:37 -03:00 |
|
|
|
a8fdcc5931
|
jitsi-launcher: pull image from docker hub
|
2025-12-25 16:35:44 -03:00 |
|
|
|
a55203a909
|
jitsi: add vault-backed jwt launcher
|
2025-12-25 16:33:56 -03:00 |
|
|
|
77ecf3229e
|
vault: use dedicated service account for k8s auth
|
2025-12-25 03:43:17 -03:00 |
|
|
|
bb93f730d5
|
jitsi: fix secrets-store csi driver name
|
2025-12-25 03:36:55 -03:00 |
|
|
|
2acc7a06b2
|
vault-csi: deploy vault provider daemonset
|
2025-12-25 03:20:13 -03:00 |
|
|
|
5666eceec7
|
jitsi: use vault jwt via csi
|
2025-12-25 03:15:06 -03:00 |
|
|
|
fbe2490ef7
|
platform: add vault csi driver
|
2025-12-25 03:14:50 -03:00 |
|
|
|
9bbdbb5fab
|
ci-demo: fix image tag value
|
2025-12-24 21:49:59 -03:00 |
|
|
|
25758b1cd9
|
jitsi: enforce auth flags on web/jicofo/jvb
|
2025-12-24 21:27:57 -03:00 |
|
|
|
4d47e2c693
|
vault: revert ui default auth block (not supported)
|
2025-12-24 20:16:33 -03:00 |
|
|
|
bd21e775ab
|
jitsi: fix prosody auth init shell
|
2025-12-24 20:12:48 -03:00 |
|
|
|
cf2e4c8bb2
|
jitsi: require auth to start rooms; vault ui default oidc
|
2025-12-24 20:11:29 -03:00 |
|
|
|
bbe4fb2cff
|
crypto: handle nested p2pool archive layout
|
2025-12-24 19:16:47 -03:00 |
|
|
|
1bbb88d9a3
|
crypto: fetch p2pool from github with debug
|
2025-12-24 19:14:44 -03:00 |
|
|
|
b71c145e6e
|
crypto: download p2pool v4.9 arm64 at runtime
|
2025-12-24 19:09:40 -03:00 |
|
|
|
7876e4389c
|
crypto: fetch p2pool binary at runtime
|
2025-12-24 19:06:40 -03:00 |
|
|
|
0db786c343
|
grafana,jitsi: enable pkce and tcp fallback
|
2025-12-24 18:15:25 -03:00 |
|
|
|
23f5f03047
|
jitsi: keep tcp config on pvc only
|
2025-12-24 17:53:59 -03:00 |
|
|
|
ad79ad0a3c
|
jitsi: include sip communicator tcp props
|
2025-12-24 17:49:47 -03:00 |
|
|
|
39a8e551eb
|
grafana: allow public overview via oidc
|
2025-12-24 17:43:07 -03:00 |
|
|
|
cd7ba1e8a8
|
jellyfin: enforce ldap auth provider on start
|
2025-12-24 17:25:07 -03:00 |
|
|
|
cecde3e197
|
jellyfin: drop OIDC plugin and strip injected script
|
2025-12-24 15:28:47 -03:00 |
|
|
|
e9308b6bd1
|
jitsi: add tcp harvester config for 4443
|
2025-12-24 15:28:47 -03:00 |
|
flux-bot
|
ebebd19a13
|
chore(bstein-dev-home): automated image update
|
2025-12-22 19:58:37 +00:00 |
|
flux-bot
|
0cd6d47940
|
chore(bstein-dev-home): automated image update
|
2025-12-22 19:57:34 +00:00 |
|
|
|
25c32da81e
|
jitsi: add sip-communicator tcp harvester props
|
2025-12-22 13:51:05 -03:00 |
|
|
|
bde4002362
|
jitsi: force tcp harvester via system props
|
2025-12-22 13:49:28 -03:00 |
|
|
|
453776967a
|
jitsi: fix init container placement
|
2025-12-22 13:47:18 -03:00 |
|
|
|
5baf62c915
|
jitsi: copy tcp custom config via init
|
2025-12-22 13:45:50 -03:00 |
|
|
|
638b37cb37
|
jitsi: add tcp harvester config for 4443 (configmap)
|
2025-12-22 13:44:07 -03:00 |
|
|
|
3330eb75c7
|
jitsi: add tcp harvester config for 4443
|
2025-12-22 13:43:55 -03:00 |
|
|
|
356f0de253
|
jitsi: advertise lan and public ips
|
2025-12-22 12:27:26 -03:00 |
|
|
|
752e75dca4
|
jitsi: use recreate for hostPort rollout
|
2025-12-22 11:49:31 -03:00 |
|
|
|
d436ed73bc
|
jitsi: advertise wss colibri
|
2025-12-22 11:37:49 -03:00 |
|
|
|
1526906d7e
|
jitsi: enable pods and fix colibri ws
|
2025-12-22 11:24:44 -03:00 |
|
flux-bot
|
8d6d2fc8fc
|
chore(bstein-dev-home): automated image update
|
2025-12-21 04:40:52 +00:00 |
|
flux-bot
|
b05df744f2
|
chore(bstein-dev-home): automated image update
|
2025-12-21 04:39:48 +00:00 |
|
flux-bot
|
11463f63d1
|
chore(bstein-dev-home): automated image update
|
2025-12-21 04:32:51 +00:00 |
|
flux-bot
|
5a06496fbe
|
chore(bstein-dev-home): automated image update
|
2025-12-21 04:31:48 +00:00 |
|
|
|
e7abd30b1d
|
fix(ai): increase chat timeout to 60s
|
2025-12-21 01:31:20 -03:00 |
|
flux-bot
|
5f64778eeb
|
chore(bstein-dev-home): automated image update
|
2025-12-21 04:22:50 +00:00 |
|
flux-bot
|
a9bf9178e6
|
chore(bstein-dev-home): automated image update
|
2025-12-21 04:21:47 +00:00 |
|
|
|
f37ce6fb85
|
fix(ai): ensure backend token mount and annotate ollama pods
|
2025-12-21 01:14:15 -03:00 |
|
flux-bot
|
85580ea128
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:50:48 +00:00 |
|
flux-bot
|
b597613dc3
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:49:45 +00:00 |
|
|
|
c6bae35bc6
|
chore(ai-llm): annotate pod with model and gpu
|
2025-12-21 00:47:57 -03:00 |
|
|
|
de693bafbe
|
feat(bstein-dev-home): add SA/RBAC for ai pod discovery
|
2025-12-21 00:46:25 -03:00 |
|
flux-bot
|
24532fbdd5
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:36:47 +00:00 |
|
flux-bot
|
60f2c65ad3
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:35:44 +00:00 |
|
flux-bot
|
d6f44330c9
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:25:46 +00:00 |
|
flux-bot
|
4cf12144e9
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:24:43 +00:00 |
|
flux-bot
|
05c84daf2a
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:20:46 +00:00 |
|
flux-bot
|
b519ef08bc
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:19:43 +00:00 |
|
|
|
ef372bf8f2
|
chore(bstein-dev-home): scale to 1 replica and pass ai meta env
|
2025-12-21 00:17:08 -03:00 |
|
flux-bot
|
8a4e1993ec
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:05:57 +00:00 |
|
|
|
0d1e3e8666
|
fix(bstein-dev-home): patch images via policies directly
|
2025-12-21 00:05:39 -03:00 |
|
flux-bot
|
9c90cfcc9c
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:03:45 +00:00 |
|
flux-bot
|
9043d735f1
|
chore(bstein-dev-home): automated image update
|
2025-12-21 03:02:41 +00:00 |
|
flux-bot
|
204e92c1e8
|
chore(bstein-dev-home): automated image update
|
2025-12-21 02:59:51 +00:00 |
|
|
|
b6acab8ee6
|
bstein-dev-home: re-enable image automation
|
2025-12-20 23:59:31 -03:00 |
|
|
|
a4a5904201
|
bstein-dev-home: pin images and stop automation churn
|
2025-12-20 23:32:17 -03:00 |
|
flux-bot
|
b1ac53e1a1
|
chore(bstein-dev-home): automated image update
|
2025-12-21 02:29:58 +00:00 |
|
|
|
ba7563b0e5
|
bstein-dev-home: fix image tags, pause automation
|
2025-12-20 23:29:40 -03:00 |
|
flux-bot
|
05fa473582
|
chore(bstein-dev-home): automated image update
|
2025-12-21 02:27:44 +00:00 |
|
|
|
ba3b3a3d9f
|
flux: simplify bstein-dev-home image update message
|
2025-12-20 23:27:24 -03:00 |
|
|
|
de317a3396
|
flux: fix bstein-dev-home automation template
|
2025-12-20 23:26:42 -03:00 |
|
|
|
3d19b54b12
|
flux: place bstein-dev-home image automation in app namespace
|
2025-12-20 23:25:56 -03:00 |
|
|
|
f23641be50
|
flux: let bstein-dev-home automation read policies in app ns
|
2025-12-20 23:24:29 -03:00 |
|
|
|
eaab2b7988
|
flux: run bstein-dev-home image automation on sso-hardening
|
2025-12-20 23:22:08 -03:00 |
|
|
|
4491a3681a
|
jenkins: use main service for tunnel
|
2025-12-20 18:42:16 -03:00 |
|
|
|
1e72f2e371
|
jenkins: add RBAC serviceaccount and use for agents
|
2025-12-20 18:08:30 -03:00 |
|
|
|
a99293944a
|
bstein-dev-home: default chat model to qwen2.5-coder
|
2025-12-20 15:22:05 -03:00 |
|
|
|
610ef7a552
|
bstein-dev-home: fix ingress indent for chat.ai host
|
2025-12-20 15:20:31 -03:00 |
|
|
|
9162f5789f
|
ai-llm: GPU qwen2.5-coder on titan-24; add chat.ai host
|
2025-12-20 15:19:03 -03:00 |
|
|
|
39a914effd
|
ai-llm: use phi3 mini model
|
2025-12-20 14:24:52 -03:00 |
|
|
|
16ab7a963d
|
ai: allow ollama to share titan-24 gpu
|
2025-12-20 14:16:22 -03:00 |
|
|
|
c8adca5a5b
|
ai: add ollama service and wire chat backend
|
2025-12-20 14:10:34 -03:00 |
|
|
|
f68668f987
|
jellyfin: fix oidc redirect to api/oidc/callback
|
2025-12-20 13:51:46 -03:00 |
|
|
|
5b0fbd344b
|
jellyfin: pull oidc plugin from streaming harbor and fix oidc redirect
|
2025-12-20 13:32:36 -03:00 |
|
|
|
dba8364c74
|
vault: probes use http VAULT_ADDR for http listener
|
2025-12-20 00:09:44 -03:00 |
|
|
|
e354f8bc3f
|
vault: keep probes HTTPS, drop ingress backend tweaks
|
2025-12-20 00:03:11 -03:00 |
|
|
|
fa977a69f4
|
vault: run http inside cluster (tls terminated at ingress)
|
2025-12-19 23:54:28 -03:00 |
|
|
|
d3ca57eabf
|
vault: backend over https with serversTransport
|
2025-12-19 23:52:19 -03:00 |
|
|
|
c2dfba67c2
|
vault: remove serversTransport, speak http to service
|
2025-12-19 23:51:32 -03:00 |
|
|
|
f243be21e6
|
vault: drop unused redirect middleware
|
2025-12-19 23:50:44 -03:00 |
|
|
|
75b62e5ae2
|
vault: add traefik redirect middleware
|
2025-12-19 23:49:34 -03:00 |
|
|
|
af3d453e86
|
vault: let traefik speak http to service
|
2025-12-19 23:48:40 -03:00 |
|
|
|
65f8b7c893
|
vault: correct serversTransport reference
|
2025-12-19 23:16:20 -03:00 |
|
|
|
eb0db2ce81
|
jellyfin: clean old ldap plugin before oidc init
|
2025-12-19 21:32:40 -03:00 |
|
|
|
1b65987dfe
|
jellyfin: upgrade to 10.11 and seed oidc plugin
|
2025-12-19 21:30:04 -03:00 |
|
|
|
ed868a5faa
|
jellyfin: fix oidc installer script
|
2025-12-19 21:19:21 -03:00 |
|
|
|
b9144ebb5e
|
jellyfin: bootstrap oidc plugin
|
2025-12-19 21:13:31 -03:00 |
|
|
|
303e7e770f
|
vault: traefik serversTransport must include namespace
|
2025-12-19 21:08:10 -03:00 |
|
|
|
0071f13063
|
vault: pin to worker arm64 nodes
|
2025-12-19 21:02:49 -03:00 |
|
|
|
3db523335d
|
vault: fix traefik serversTransport name
|
2025-12-19 20:58:29 -03:00 |
|
|
|
524868b05d
|
vault: fix manifest and disable mlock
|
2025-12-19 20:32:10 -03:00 |
|
|
|
fad7204dfb
|
mailu: switch relay to postmark
|
2025-12-19 19:58:06 -03:00 |
|
|
|
7533cec0ee
|
vault: drop helm, add raw statefulset
|
2025-12-19 19:30:09 -03:00 |
|
|
|
6405cd823d
|
Point bstein-dev-home to latest tags
|
2025-12-19 19:04:23 -03:00 |
|
|
|
ba47e00c88
|
Point bstein-dev-home to latest images (0.1.1-0)
|
2025-12-19 19:03:28 -03:00 |
|
|
|
f9c4967eed
|
jenkins: switch healthcheck to deployment/service
|
2025-12-19 18:39:32 -03:00 |
|
|
|
f092f00bff
|
jenkins: bind pvc to retained volume
|
2025-12-19 18:37:23 -03:00 |
|
|
|
b97b22fc01
|
jenkins: drop helm, run via raw manifests
|
2025-12-19 18:31:48 -03:00 |
|
|
|
fa44a00d0b
|
Flux image automation: track main branch for bstein-dev-home
|
2025-12-19 18:31:19 -03:00 |
|
|
|
0c5bce93ca
|
jenkins: fix oidc indent and harbor creds
|
2025-12-19 18:03:52 -03:00 |
|
|
|
c3ffde1b1f
|
jenkins: restore harbor robot creds
|
2025-12-19 17:59:55 -03:00 |
|
|
|
1357d783de
|
jenkins: fix oidc with wellknown config
|
2025-12-19 17:36:56 -03:00 |
|
|
|
f4fa44c842
|
jenkins: fix oidc jcasc schema
|
2025-12-19 16:44:24 -03:00 |
|
|
|
af411e795c
|
flux: track feature/sso-hardening
|
2025-12-19 16:34:29 -03:00 |
|
|
|
70e1205f5f
|
jenkins: pin oidc via jcasc
|
2025-12-19 16:24:13 -03:00 |
|
