| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Both apps were causing high CPU pressure on r0 after a cold-start (Trivy
respawning vulnerability scans, multiple replicas competing for image
pulls). Disabled by renaming the ArgoCD Application manifests to
.disabled so 'kubectl apply -f argocd-apps/' no longer picks them up,
and the Applications themselves were deleted from the cluster (with
prune=true the helm-managed resources were removed).
Amp-Thread-ID: https://ampcode.com/threads/T-019e2be9-50a8-7089-b628-b6d844602c13
Co-authored-by: Amp <amp@ampcode.com>
|
|
Adds a beets-based CronJob that runs every night on r1 (where the
Navidrome music PVC lives), fetching external cover.jpg into each album
folder and embedding art into audio files. Idempotent on re-runs:
- import.incremental skips already-known album folders
- fetchart skips albums that already have cover art
- embedart with ifempty:no + compare_threshold:50 only fills missing
embeds and refuses risky overwrites
Navidrome picks new art up via its existing 1h scan; no Navidrome change
required. Reuses navidrome-music-pvc directly (RWO is fine because both
pods pin to r1 via nodeSelector). State (library.db, logs) lives on a
small local-path PVC, regenerable by deleting the PVC.
Files: f3s/beets-art/helm-chart/{Chart.yaml,README.md,templates/*.yaml}
f3s/beets-art/Justfile (status, logs, run-now, suspend, resume, shell)
f3s/argocd-apps/services/beets-art.yaml
Amp-Thread-ID: https://ampcode.com/threads/T-019e223a-d137-705e-879b-84130c0e78ea
Co-authored-by: Amp <amp@ampcode.com>
|
|
|
|
Introduce Docker build/push workflow, Helm manifests, and ArgoCD application wiring for goprecords so the cluster can deploy the new daemon API service from the private registry.
Made-with: Cursor
|
|
Add dnsmasq.d wildcard for *.f3s.lan.buetow.org → 192.168.1.138 and
example compose for Pis; refresh README (DNS on pi2/pi3, etc-dnsmasq.d).
Align dormant ArgoCD Helm customDnsEntries with the same wildcard.
Made-with: Cursor
|
|
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019d6da8-3a08-7079-bb2a-eb072c0bf17f
Co-authored-by: Amp <amp@ampcode.com>
|
|
remove duplicate controllers.server
Amp-Thread-ID: https://ampcode.com/threads/T-019d6154-8fdf-74fe-b865-f796d8a4214a
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019d6154-8fdf-74fe-b865-f796d8a4214a
Co-authored-by: Amp <amp@ampcode.com>
|
|
threads, increase worker timeout
Amp-Thread-ID: https://ampcode.com/threads/T-019d6154-8fdf-74fe-b865-f796d8a4214a
Co-authored-by: Amp <amp@ampcode.com>
|
|
apply
|
|
resources
|
|
|
|
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019d47a3-2deb-75c3-8a75-b0f39006a35d
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019d47a3-2deb-75c3-8a75-b0f39006a35d
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019d47a3-2deb-75c3-8a75-b0f39006a35d
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019d47a3-2deb-75c3-8a75-b0f39006a35d
Co-authored-by: Amp <amp@ampcode.com>
|
|
retries, apt lock waits, and model verification
|
|
|
|
Updated immich-server and immich-machine-learning images to v2.5.5.
This release includes major features:
- Free Up Space functionality
- Non-destructive photo editing
- Database backup and restore via web
- Upload improvements and visual refresh
- Progressive JPEGs support
- Additional fine-grained API key permissions
Release notes: https://github.com/immich-app/immich/releases/tag/v2.5.5
|
|
- Created custom ingress-lan.yaml for immich.f3s.lan.buetow.org with TLS
- Removed unsupported 'lan' ingress config from ArgoCD app values
- The Immich Helm chart doesn't support multiple named ingresses,
so we create the LAN ingress as a custom resource instead
This aligns immich with other services that have both regular and
LAN ingress endpoints.
|
|
Add *.f3s.lan.buetow.org ingress resources for all services to enable
LAN access with TLS termination. This allows direct access from the
192.168.1.0/24 network through the FreeBSD CARP/relayd setup.
Services updated:
- argocd: argocd.f3s.lan.buetow.org
- cgit: cgit.f3s.lan.buetow.org
- grafana: grafana.f3s.lan.buetow.org
- anki-sync-server: anki.f3s.lan.buetow.org
- apache: f3s.lan.buetow.org, www.f3s.lan.buetow.org, standby.f3s.lan.buetow.org
- audiobookshelf: audiobookshelf.f3s.lan.buetow.org
- filebrowser: filebrowser.f3s.lan.buetow.org
- immich: immich.f3s.lan.buetow.org
- ipv6test: ipv6test.f3s.lan.buetow.org (+ ipv4/ipv6 subdomains)
- keybr: keybr.f3s.lan.buetow.org
- koreader-sync-server: koreader.f3s.lan.buetow.org
- miniflux: flux.f3s.lan.buetow.org
- opodsync: gpodder.f3s.lan.buetow.org
- radicale: radicale.f3s.lan.buetow.org
- syncthing: syncthing.f3s.lan.buetow.org
- tracing-demo: tracing-demo.f3s.lan.buetow.org
- wallabag: bag.f3s.lan.buetow.org
- webdav: webdav.f3s.lan.buetow.org
All LAN ingresses use:
- TLS with f3s-lan-tls certificate (cert-manager)
- Traefik entrypoints: web,websecure
- Same backend services as external ingresses
Also fixed koreader-sync-server ingress to use modern annotations.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
|
Configure Pi-hole DNS service to bind to 192.168.1.120 for LAN access.
This allows clients on the 192.168.1.0/24 network to use Pi-hole as
their DNS server without needing to be on the Wireguard mesh.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
|
The pihole helm chart uses 'admin.existingSecret' not 'adminPasswordSecret'.
This ensures the deployment uses the pihole-admin-password secret instead
of creating a default 'pihole-password' secret with 'admin' password.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
|
Pi-hole's web interface returns 403 Forbidden when accessed via the
root path. Add a Traefik middleware that redirects requests to the
root URL to /admin/ path where the web interface is accessible.
Also add the pihole ArgoCD application manifest.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
|
Co-authored-by: Cursor <cursoragent@cursor.com>
|
|
Adds Navidrome music streaming server with:
- Helm chart with deployment, service, ingress, and persistent volumes
- Two PVs: data (10Gi) and music library (200Gi)
- ArgoCD application for automated deployment
- Ingress at navidrome.f3s.buetow.org
- Justfile for operational commands
|
|
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c1492-bec0-70f8-8d02-ef3596a7228b
Co-authored-by: Amp <amp@ampcode.com>
|
|
This reverts commit 6fd8d4e3d3f7abf54a9ae433f0c47ce18a84a3c1.
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c10cd-6a62-75c9-a556-f2ed9611f278
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c10b2-ea57-752e-818e-33a56d69d9fa
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c1088-dc3e-701a-b064-5e50cf52b32a
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c1088-dc3e-701a-b064-5e50cf52b32a
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c1088-dc3e-701a-b064-5e50cf52b32a
Co-authored-by: Amp <amp@ampcode.com>
|
|
- Add Helm chart source to deploy immich-app/immich chart
- Include yoga-videos PVC volume mount in server config
- Persist configuration across redeployments
- Keep custom resources deployment for PVs and PostgreSQL
Amp-Thread-ID: https://ampcode.com/threads/T-019c1088-dc3e-701a-b064-5e50cf52b32a
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c086d-c760-779d-b740-0f748094b62a
Co-authored-by: Amp <amp@ampcode.com>
|
|
|
|
|
|
|
|
|
|
Changes all application manifests to use HTTP git backend instead of SSH:
- From: ssh://git@git-server.cicd.svc.cluster.local/repos/repos/conf.git
- To: http://git-server.cicd.svc.cluster.local/conf.git
Benefits:
- No SSH agent or key management required
- No issues with changing SSH host keys on pod restarts
- Simpler ArgoCD configuration
- HTTP git-http-backend now fully functional
Updated applications:
- monitoring: prometheus, grafana-ingress, pushgateway (3)
- services: anki-sync-server, audiobookshelf, filebrowser, immich, keybr,
kobo-sync-server, miniflux, opodsync, radicale, syncthing, tracing-demo,
wallabag, webdav (13)
- infra: registry (1)
- test: example-apache-volume-claim (1)
Total: 18 applications migrated to HTTP
|
|
Updated 17 application manifests to use internal git-server:
- Monitoring: grafana-ingress, prometheus, pushgateway
- Services: anki-sync-server, audiobookshelf, filebrowser, immich, keybr,
kobo-sync-server, miniflux, opodsync, radicale, syncthing,
tracing-demo, wallabag, webdav
- Infra: registry
All applications now fetch from:
ssh://git@git-server.cicd.svc.cluster.local/repos/repos/conf.git
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
- Create subdirectories: monitoring/, services/, infra/, test/
- Move 6 monitoring apps to monitoring/
- Move 13 service apps to services/
- Move 1 infra app to infra/
- Move 1 test app to test/
- Add README.md documenting the structure and usage
This organization:
- Makes it easier to understand which apps belong to which namespace
- Allows applying apps by namespace: kubectl apply -f argocd-apps/monitoring/
- Supports namespace-scoped app-of-apps patterns
- Provides better clarity when browsing the repository
All 21 applications remain functional and validated with kubectl --dry-run.
|
