Merge forgejo/master — reconcile 18-day divergence with origin
Origin and forgejo had drifted since 2026-05-05 (merge baseb45c45e4). Each remote was receiving Viktor's commits independently — origin since 2026-05-23 and forgejo from 2026-05-06 to 2026-05-22 14:15. Both had ~30 substantive commits. This merge brings forgejo's work into the local branch. 13 conflict files resolved as follows (all favoured HEAD = origin/local, which is newer in every case): - secrets/{fullchain,privkey}.pem — kept HEAD (renewed 2026-05-24, vs forgejo's 2026-05-17 renewal) - stacks/blog/main.tf — kept HEAD (ingress-www intentionally removed today after DNS+monitor cleanup; forgejo had the old block) - stacks/xray/modules/xray/main.tf — kept HEAD (vless dropped today as dead ingress; forgejo had the old 3-port service) - stacks/k8s-version-upgrade/scripts/upgrade-step.sh — kept HEAD (allowlist refactor, master-phase idempotency skip, tigera-operator quiesce/restore, IngressTTFBCritical ignore — all newer than forgejo) - stacks/k8s-version-upgrade/main.tf — kept HEAD (deployments/scale RBAC, oldest-kubelet detection — both added 2026-05-23) - scripts/update_k8s.sh — kept HEAD (--etcd-upgrade=false fallback) - stacks/llama-cpp/main.tf — kept HEAD (KEEL_LIFECYCLE_V1 ignore_changes block added today, commit0b1282a1) - stacks/openclaw/main.tf — kept HEAD (nim/meta/llama-3.1-70b primary) - stacks/trading-bot/main.tf — kept HEAD (claude-haiku-4-5 pin + kevin-signal-bridge container) - stacks/postiz/modules/postiz/main.tf — kept HEAD (memory 2Gi/3Gi bump, despite postiz being destroyed today — kept TF intent) - stacks/nvidia/modules/nvidia/values.yaml — kept HEAD (mem 822Mi) - stacks/monitoring/modules/monitoring/prometheus_chart_values.tpl — kept HEAD (richer alert list + raised StatefulSet `for: 3m`) - stacks/kyverno/modules/kyverno/security-policies.tf — kept HEAD (expanded registry allowlist + comments) - docs/architecture/security.md — kept HEAD (detailed W1.7 analysis) - docs/plans/2026-05-21-ha-control-plane-design.md — kept HEAD (178-line superset incl. 2026-05-23 deferral rationale) Auto-merged (no conflict): broker-sync, claude-agent-service, cloudflared, mailserver, n8n, technitium, traefik, url, proxmox-csi, xray (deployment portion). Brings in forgejo-only substantive commits: fire-planner, openclaw v3 flow + recruiter-responder wiring, several k8s-version-upgrade hardening passes (kill-switch, RecentNodeReboot ignore, pipefail fixes), HA control plane design, security wave 1 expansion to tier 3+4, alloy file-tail switch, prometheus scrape 2m, authentik replica cut, forgejo archive disable. Meta: forgejo and origin drift is a coordination bug. Going forward we need to either (a) have one CI mirror to the other, or (b) standardize on one remote. Filed mentally; not addressed in this commit. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
commit
1f6facc8e4