summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2026-01-15cleanupPaul Buetow
2026-01-15cleanupPaul Buetow
2026-01-15Merge branch 'master' of codeberg.org:snonux/confPaul Buetow
2026-01-15docs: add DEMO-SCRIPTS.md guidePaul Buetow
2026-01-15feat: add automated demo scripts for Argo RolloutsPaul Buetow
2026-01-15fix: scope ignoreDifferences to only tracing-demo-frontend RolloutPaul Buetow
2026-01-15feat: add ignoreDifferences for Argo Rollouts to prevent ArgoCD conflictsPaul Buetow
2026-01-15docs: update all ROLLOUT*.md files with 1-min 33% canary detailsPaul Buetow
2026-01-15docs: update README-ROLLOUTS.md and ARGO-ROLLOUTS-SUMMARY.md for 1-min 33% ↵Paul Buetow
canary
2026-01-15chore: auto-promote canary after 1 minutePaul Buetow
2026-01-15chore: switch from canary to blue-green strategy for clearer demoPaul Buetow
2026-01-15chore: reduce canary pause from 2m to 1mPaul Buetow
2026-01-15fix: Justfile syntax for Helm values flagPaul Buetow
2026-01-15feat: add Argo Rollouts controller and tracing-demo canary rollout demoPaul Buetow
2026-01-15Update monitoring and gogios configurationPaul Buetow
- Add node resources multi-select dashboard for Prometheus - Update gogios cron schedule and add HTML status file output - Update Prometheus scrape configs - Add gogios documentation Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-15Add IPv6 NAT and firewall rules to OpenBSD PF configurationPaul Buetow
Enable IPv6 support for WireGuard mesh network on OpenBSD gateways: - Added NAT66 rule using NPTv6 to translate ULA addresses to public IPv6 - Added IPv6 UDP pass rule for WireGuard port 56709 - Maintains existing IPv4 NAT and firewall rules This allows roaming clients to route IPv6 traffic through the VPN gateways and access IPv6 internet resources using the gateway's public IPv6 address. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-15Update monitoring and gogios configurationPaul Buetow
- Add node resources multi-select dashboard for Prometheus - Update gogios cron schedule and add HTML status file output - Update Prometheus scrape configs - Add gogios documentation Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-15Add IPv6 NAT and firewall rules to OpenBSD PF configurationPaul Buetow
Enable IPv6 support for WireGuard mesh network on OpenBSD gateways: - Added NAT66 rule using NPTv6 to translate ULA addresses to public IPv6 - Added IPv6 UDP pass rule for WireGuard port 56709 - Maintains existing IPv4 NAT and firewall rules This allows roaming clients to route IPv6 traffic through the VPN gateways and access IPv6 internet resources using the gateway's public IPv6 address. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-15Disable Prometheus scraping of radicale service - add ↵Paul Buetow
prometheus.io/scrape=false annotation and rename port to http
2026-01-15Disable Prometheus scraping of radicale service - add ↵Paul Buetow
prometheus.io/scrape=false annotation and rename port to http
2026-01-121 replicatPaul Buetow
2026-01-122 replicasPaul Buetow
2026-01-11Mark all WireGuard roaming client tasks as completePaul Buetow
2026-01-11Add WireGuard roaming client support and OpenBSD NAT configurationPaul Buetow
- Add pf.conf template with WireGuard NAT rules for roaming clients (earth, pixel7pro) - Add Rex task to deploy pf.conf to both OpenBSD frontends (blowfish, fishfinger) - Document WireGuard roaming client implementation plan and limitations - NAT rules enable roaming clients to route all traffic through VPN gateways - Firewall rules allow incoming WireGuard connections on UDP port 56709 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-11monitor all wg hostsPaul Buetow
2026-01-11feat(miniflux): add liveness and readiness probesPaul Buetow
2026-01-10Document self-hosted git-server requirement in ArgoCD READMEPaul Buetow
Add comprehensive documentation about the self-hosted git-server setup: - Explain that conf.git must be pushed to r0 before ArgoCD can use it - Provide gitsyncer and manual push examples - Document HTTP access method used by ArgoCD - Include verification commands - Emphasize that changes must be pushed to git-server (r0), not just external git hosts This ensures operators understand the critical step of syncing the conf repository to the self-hosted git-server. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-10add changePaul Buetow
2026-01-10Simplify git-server path from /repos/repos to /reposPaul Buetow
Changes: - Mount PVC with subPath: repos in deployment - Update cgit scan-path from /repos/repos to /repos - Update git-http-backend GIT_PROJECT_ROOT to /repos - Update all documentation to reflect simplified paths This eliminates the redundant /repos/repos duplication and simplifies all git URLs to ssh://git@r0:30022/repos/<repo>.git format. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-10Update git-server README to use explicit NodePort in gitsyncer configPaul Buetow
Replace git@git-server:/repos/repos with ssh://git@r0:30022/repos/repos in the documentation to match the actual configuration and make the NodePort usage explicit. SSH alias approach now documented as optional. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-10Merge remote-tracking branch 'r0/master'Paul Buetow
2026-01-10Add comprehensive README for git-server helm chartPaul Buetow
Includes: - Component overview (SSH, HTTP, cgit) - Access methods (SSH, HTTP, web UI) - Gitsyncer integration guide - ArgoCD integration - Security configuration - Troubleshooting guide - Maintenance procedures
2026-01-10Remove test filePaul Buetow
2026-01-10Test: gitsyncer SSH pushPaul Buetow
2026-01-10Add git.f3s.buetow.org to f3s hosts listPaul Buetow
Adding DNS/frontend configuration for the new git server
2026-01-10Add nginx timeouts for git-http-backend to fix large clone issuesPaul Buetow
ArgoCD was experiencing 'early EOF' errors during git fetch operations. Added fastcgi timeout settings to prevent connection closures: - fastcgi_read_timeout: 300s (5 minutes) - fastcgi_send_timeout: 300s (5 minutes) - fastcgi_buffering: off (stream responses immediately) This fixes: curl 18 transfer closed with outstanding read data remaining
2026-01-10Migrate all ArgoCD applications from SSH to HTTP git URLsPaul Buetow
Changes all application manifests to use HTTP git backend instead of SSH: - From: ssh://git@git-server.cicd.svc.cluster.local/repos/repos/conf.git - To: http://git-server.cicd.svc.cluster.local/conf.git Benefits: - No SSH agent or key management required - No issues with changing SSH host keys on pod restarts - Simpler ArgoCD configuration - HTTP git-http-backend now fully functional Updated applications: - monitoring: prometheus, grafana-ingress, pushgateway (3) - services: anki-sync-server, audiobookshelf, filebrowser, immich, keybr, kobo-sync-server, miniflux, opodsync, radicale, syncthing, tracing-demo, wallabag, webdav (13) - infra: registry (1) - test: example-apache-volume-claim (1) Total: 18 applications migrated to HTTP
2026-01-10Update git-server SSH host keys (current as of pod restart)Paul Buetow
Note: These keys change on pod restarts. HTTP git backend is now available and recommended for ArgoCD to avoid SSH key changes.
2026-01-10Set HOME=/tmp for cgit container to allow git config writesPaul Buetow
Non-root container cannot write to /.gitconfig, setting HOME=/tmp allows git to write config files
2026-01-10Add git safe.directory config for NFS repository ownershipPaul Buetow
Fixes 'dubious ownership' error when git-http-backend runs as UID 33 accessing repository owned by UID 1001:33
2026-01-10Fix: Install git-daemon instead of git for git-http-backendPaul Buetow
git-http-backend is in the git-daemon package in Alpine, not the base git package
2026-01-10Add initContainer to install git-http-backendPaul Buetow
- New initContainer installs git and copies git-http-backend to shared /tmp volume - Updated nginx config to use /tmp/git-http-backend - Removed apk add from cgit container (was failing due to non-root user)
2026-01-10Install git-daemon package for git-http-backend supportPaul Buetow
2026-01-10Enable HTTP git operations in repository configPaul Buetow
- Make /repos mount read-write on cgit container - Set http.receivepack=true and http.uploadpack=true in git config - Allows git clone/fetch/push via HTTP - Fixes 403 Forbidden error from git-http-backend
2026-01-10Fix nginx: copy fastcgi_params to /tmp and reference itPaul Buetow
- Copy /etc/nginx/fastcgi_params to /tmp/fastcgi_params - Update include path to /tmp/fastcgi_params - Fixes 'No such file or directory' error
2026-01-10Fix git-http-backend: insert location into existing server blockPaul Buetow
- Use sed to insert git-http-backend location into default.conf - Location must be inside server block, not separate file - Fixes nginx config syntax error
2026-01-10Fix: remove apk install, use git already in alpine-cgit imagePaul Buetow
2026-01-10Add git-http-backend for HTTP git operationsPaul Buetow
- Install git package in cgit container - Add nginx config for git-http-backend via fcgiwrap - Supports git clone/fetch/pull over HTTP at /conf.git/ path - cgit remains for web UI at /conf/ path - Eliminates need for SSH and SSH agent sidecar
2026-01-10Remove custom SSH agent sidecar - use ArgoCD native SSH supportPaul Buetow
- Removed SSH agent sidecar container - Removed custom SSH_AUTH_SOCK and SSH key volumes - ArgoCD will use native SSH support with: - Repository credential secret (git-server-repo-creds) - Known hosts ConfigMap (argocd-ssh-known-hosts-cm) - Much simpler and follows ArgoCD best practices
2026-01-10Add persistent ArgoCD configs for git-serverPaul Buetow
- git-server-repo-creds.yaml: Repository credential secret for SSH auth - git-server-known-hosts.yaml: SSH known_hosts for git-server - Ensures configs survive cluster restarts
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-21 15:00:44 +0000