| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
Deploy goprecords-upload-client.sh from goprecords/scripts/ instead of the
inline-token template. Token is now stored in /etc/goprecords-upload.token
(mode 600) and the script reads it at runtime. Old goprecords-upload.sh
(token baked in, mode 500) is removed. daily.local entry updated to pass
GOPRECORDS_HOST=<host> as environment variable.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Add POSIX sh script template deployed to /usr/local/bin/goprecords-upload.sh,
invoked from /etc/daily.local. Rex task goprecords_upload installs curl, renders
per-host script from geheim secrets/etc/goprecords/<host>.token, and hooks
commons. Document token layout and kubectl key creation in README.
Made-with: Cursor
|
|
|
|
|
|
|
|
Include garage in f3s host list so DNS, TLS (acme), and httpd/relayd
templates generate config for the new hostname.
Made-with: Cursor
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019d6727-d603-72c5-97a0-c1e419211767
Co-authored-by: Amp <amp@ampcode.com>
|
|
Add a QEMU/KVM OpenBSD VM for native compilation of CGo packages
(e.g. dtail with DataDog/zstd). The VM is fully automated via expect
driving the serial console installer.
- packages/buildvm/: setup, provision, start, stop scripts and expect installer
- packages/scripts/pkg-dtail-openbsd.sh: multi-binary package with signify signing
- packages/Makefile: build VM management and dtail-openbsd target using git archive
- frontends/Rexfile: dtail_install task uses custom pkg repo, dtail task enabled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Packages are now signed via pkg_sign with the custom-pkg signify key
on the OpenBSD build host. The public key at /etc/signify/custom-pkg.pub
on each client allows pkg_add to verify without -D unsigned.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Replace manual binary copy in gogios_install with pkg install (FreeBSD)
and pkg_add (OpenBSD). Add pkgrepo_setup task that configures PKG_PATH
in root's .profile on OpenBSD frontends. The gogios task now calls
gogios_install automatically.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
Serve custom-built FreeBSD and OpenBSD packages via nginx in the k3s
cluster. Includes helm chart, ArgoCD app, test artifact build script,
and DNS entry via frontends Rexfile.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
|
|
|
|
|
|
|
|
This enables an overlay editor binding and installs the send-keys script on frontends.
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c15ba-eb08-73ed-9afe-c93659dc123c
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c1492-bec0-70f8-8d02-ef3596a7228b
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c1492-bec0-70f8-8d02-ef3596a7228b
Co-authored-by: Amp <amp@ampcode.com>
|
|
- Fixed Perl template syntax error in relayd.conf.tpl (lines 68-77) with improperly nested if/elsif blocks
- Added ipv4address subroutine to Rexfile to lookup IPv4 by hostname
- Updated relayd template to use ipv4address->($hostname) instead of undefined $vio0_ip variable
- Pass ipv4address to template engine in relayd task
Amp-Thread-ID: https://ampcode.com/threads/T-019c1441-7e3a-77cd-890f-cd31df998a31
Co-authored-by: Amp <amp@ampcode.com>
|
|
|
|
|
|
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c086d-c760-779d-b740-0f748094b62a
Co-authored-by: Amp <amp@ampcode.com>
|
|
Amp-Thread-ID: https://ampcode.com/threads/T-019c086d-c760-779d-b740-0f748094b62a
Co-authored-by: Amp <amp@ampcode.com>
|
|
|
|
- Add all 18 f3s hosts to @acme_hosts for certificate issuance
- Skip standby certificate variants for f3s hosts (not needed for k3s cluster)
- Add port 80 ACME challenge blocks to httpd for all f3s hosts
- Add port 8080 fallback page blocks to httpd for f3s hosts (when cluster is down)
- Update relayd.conf.tpl to skip standby keypairs for f3s hosts
- Update acme-client.conf.tpl to skip standby certificates for f3s hosts
Fixes missing certificates on flux.f3s.buetow.org, anki.f3s.buetow.org, and other f3s services
|
|
|
|
- Add solarcat DNS records, httpd server block, and ACME host
- Re-enable Prometheus and WG0 ping notifications in gogios
- Remove paul.cyou from DNS zones
- Cleanup duplicate definitions in Rexfile
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Add pf.conf template with WireGuard NAT rules for roaming clients (earth, pixel7pro)
- Add Rex task to deploy pf.conf to both OpenBSD frontends (blowfish, fishfinger)
- Document WireGuard roaming client implementation plan and limitations
- NAT rules enable roaming clients to route all traffic through VPN gateways
- Firewall rules allow incoming WireGuard connections on UDP port 56709
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
Adding DNS/frontend configuration for the new git server
|
|
|
|
Added blowfish.buetow.org and fishfinger.buetow.org to @acme_hosts array
to ensure proper routing through relayd to localhost instead of falling
through to f3s cluster backends.
Changes:
- Rexfile: Add blowfish.buetow.org and fishfinger.buetow.org to @acme_hosts
- httpd.conf.tpl: Skip current server hostname in @acme_hosts loop to avoid
duplicate server blocks (already handled by dedicated "Current server's FQDN" block)
- relayd.conf.tpl: Skip both server hostnames in TLS keypair loop since each
server only has its own certificate (not the other server's cert)
This ensures relayd routes these hostnames to localhost:8080 where httpd
serves content from /htdocs/buetow.org/self including index.txt health checks.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
|
|
|
|
Deploy ArgoCD v3.2.3 for GitOps continuous delivery in the k3s cluster.
Configuration:
- New cicd namespace for CI/CD tooling
- Non-HA single instance deployment (following cluster patterns)
- Traefik ingress at argocd.f3s.buetow.org
- Prometheus ServiceMonitor integration for metrics
- 10Gi persistent volume for repo-server cache
- Insecure mode with TLS termination at proxy
Components deployed:
- argocd-server (Web UI and API)
- argocd-repo-server (Repository management)
- argocd-application-controller (Application sync)
- argocd-redis (State cache)
- argocd-applicationset-controller (Multi-app management)
Also adds argocd.f3s.buetow.org to frontends Rexfile for relayd proxy
configuration.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|
|
|
|
|
|
|
|
|
|
