viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

stem95su: scheduled Drive->site sync CronJob (every 10m)

Browse source 
CronJob stem95su-gdrive-sync (*/10) mounts the content PVC RW and
rclone-syncs the read-only Drive folder "claude" (stem claude/files) onto
it (rclone/rclone:1.74.3, scope=drive.readonly, empty-source guard +
--max-delete 25). ESO ExternalSecret stem95su-rclone <- Vault
secret/stem95su. Requires the GCP OAuth app published to Production or the
refresh token expires ~weekly.

Lands the gdrive-sync stack on master (it had landed on a feature branch
by accident on the shared devvm checkout).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-09 08:42:26 +00:00
parent 05b50d2b96
commit 6d224861c4
1168 changed files with 120 additions and 358547 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.github/ISSUE_TEMPLATE/config.yml vendored
View file

@ -1,5 +0,0 @@
blank_issues_enabled: true
contact_links:
- name: Service Status
url: https://status.viktorbarzin.me
about: Check current service status and active incidents

12
.github/ISSUE_TEMPLATE/feature-request.yml vendored
View file

@ -1,12 +0,0 @@
name: Feature Request
description: Request a new service, configuration change, or improvement
labels: ["feature-request"]
body:
- type: textarea
id: description
attributes:
label: What do you need?
description: Describe what you'd like. Be as specific as possible.
placeholder: "e.g., Deploy Obsidian for note-taking, or add a new Uptime Kuma monitor for service X"
validations:
required: true

94
.github/ISSUE_TEMPLATE/outage-report.yml vendored
View file

@ -1,94 +0,0 @@
name: Report an Outage
description: Report a service that appears to be down or degraded
labels: ["user-report"]
body:
- type: dropdown
id: service
attributes:
label: Affected Service
description: Which service is affected?
options:
- Actual Budget
- Audiobookshelf (audiobooks)
- DNS
- Excalidraw (whiteboard)
- FreshRSS (news)
- Frigate (cameras)
- Grafana (dashboards)
- HackMD (notes)
- Headscale / VPN
- Home Assistant
- Immich (photos)
- Linkwarden (bookmarks)
- Mail (email, roundcube)
- Matrix (chat)
- Navidrome (music)
- Nextcloud (files, calendar, contacts)
- Paperless-ngx (documents)
- Plex / Jellyfin
- Send (file sharing)
- Stirling PDF
- Tandoor (recipes)
- Vaultwarden (passwords)
- Wealthfolio / Finance
- Website / Blog
- Other
validations:
required: true
- type: textarea
id: description
attributes:
label: What's happening?
description: Describe what you're seeing. Include error messages, when it started, etc.
placeholder: "e.g., Getting 502 errors when trying to access Nextcloud since about 3pm"
validations:
required: true
- type: dropdown
id: error_type
attributes:
label: What kind of error?
description: This helps us narrow down the issue faster.
options:
- Page won't load (timeout / connection refused)
- 502 Bad Gateway
- 503 Service Unavailable
- Login / authentication not working
- Slow / degraded performance
- Specific feature broken (app loads but something inside doesn't work)
- Data missing or incorrect
- Other / not sure
validations:
required: true
- type: dropdown
id: scope
attributes:
label: Is it just you or others too?
description: Helps us tell apart service outages from account/device issues.
options:
- Just me (others seem fine)
- Multiple people affected
- Not sure
validations:
required: false
- type: input
id: when
attributes:
label: When did it start?
description: Approximate time helps us correlate with logs and deployments.
placeholder: "e.g., about 3pm today, or since yesterday morning"
validations:
required: false
- type: input
id: url
attributes:
label: URL you were accessing (optional)
description: The exact URL helps us check the right endpoint.
placeholder: "e.g., https://nextcloud.viktorbarzin.me/apps/files"
validations:
required: false
- type: input
id: contact
attributes:
label: Contact (optional)
description: How can we reach you with updates?
placeholder: Email, Telegram handle, etc.

28
.github/workflows/build-diun.yml vendored
View file

@ -1,28 +0,0 @@
name: Build Custom DIUN Image
on:
push:
branches: [master]
paths:
- 'stacks/diun/Dockerfile'
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: docker/build-push-action@v6
with:
context: stacks/diun
platforms: linux/amd64
push: true
tags: viktorbarzin/diun:latest

32
.github/workflows/deploy-postmortems.yml vendored
View file

@ -1,32 +0,0 @@
name: Deploy Post-Mortems to GitHub Pages
on:
push:
branches: [master]
paths:
- 'post-mortems/**'
workflow_dispatch:
permissions:
contents: read
pages: write
id-token: write
concurrency:
group: pages
cancel-in-progress: false
jobs:
deploy:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/configure-pages@v5
- uses: actions/upload-pages-artifact@v3
with:
path: post-mortems
- id: deployment
uses: actions/deploy-pages@v4

56
.github/workflows/issue-automation.yml vendored
View file

@ -1,56 +0,0 @@
name: Issue Automation
on:
issues:
types: [opened, labeled]
jobs:
process-issue:
if: |
contains(github.event.issue.labels.*.name, 'user-report') ||
contains(github.event.issue.labels.*.name, 'feature-request')
runs-on: ubuntu-latest
steps:
- name: Check if author is collaborator
id: check-collab
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: token $GH_TOKEN" \
"https://api.github.com/repos/${{ github.repository }}/collaborators/${{ github.event.issue.user.login }}")
echo "is_collab=$([[ $RESPONSE == '204' ]] && echo 'true' || echo 'false')" >> $GITHUB_OUTPUT
echo "Author: ${{ github.event.issue.user.login }}, Collaborator: $RESPONSE"
- name: Queue for review (non-collaborator)
if: steps.check-collab.outputs.is_collab == 'false'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl -s -X POST \
-H "Authorization: token $GH_TOKEN" \
"https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/comments" \
-d '{"body": "Thanks for reporting! This has been queued for review by the infra team."}'
curl -s -X POST \
-H "Authorization: token $GH_TOKEN" \
"https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels" \
-d '{"labels": ["needs-human"]}'
- name: Trigger Woodpecker pipeline (collaborator)
if: steps.check-collab.outputs.is_collab == 'true'
run: |
# Extract labels as comma-separated string
LABELS=$(echo '${{ toJSON(github.event.issue.labels.*.name) }}' | python3 -c "import sys,json; print(','.join(json.load(sys.stdin)))" 2>/dev/null || echo "unknown")
curl -sf -X POST \
-H "Authorization: Bearer ${{ secrets.WOODPECKER_TOKEN }}" \
"https://ci.viktorbarzin.me/api/repos/1/pipelines" \
-d "{
\"branch\": \"master\",
\"variables\": {
\"ISSUE_NUMBER\": \"${{ github.event.issue.number }}\",
\"ISSUE_TITLE\": $(echo '${{ github.event.issue.title }}' | python3 -c 'import sys,json; print(json.dumps(sys.stdin.read().strip()))'),
\"ISSUE_AUTHOR\": \"${{ github.event.issue.user.login }}\",
\"ISSUE_LABELS\": \"$LABELS\",
\"ISSUE_URL\": \"${{ github.event.issue.html_url }}\"
}
}"