stem95su: scheduled Drive->site sync CronJob (every 10m)

CronJob stem95su-gdrive-sync (*/10) mounts the content PVC RW and rclone-syncs the read-only Drive folder "claude" (stem claude/files) onto it (rclone/rclone:1.74.3, scope=drive.readonly, empty-source guard + --max-delete 25). ESO ExternalSecret stem95su-rclone <- Vault secret/stem95su. Requires the GCP OAuth app published to Production or the refresh token expires ~weekly. Lands the gdrive-sync stack on master (it had landed on a feature branch by accident on the shared devvm checkout). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-09 08:42:26 +00:00 · 2026-06-09 08:42:26 +00:00 · 6d224861c4
commit 6d224861c4
parent 05b50d2b96
1168 changed files with 120 additions and 358547 deletions
--- a/modules/docker-registry/config.yaml
+++ b/modules/docker-registry/config.yaml
@ -1,41 +0,0 @@
-version: 0.1
-log:
-  fields:
-    service: registry
-storage:
-  cache:
-    blobdescriptor: inmemory
-  filesystem:
-    rootdirectory: /var/lib/registry
-  delete:
-    enabled: true
-  maintenance:
-    uploadpurging:
-      enabled: true
-      age: 24h
-      interval: 4h
-      dryrun: false
-    readonly:
-      enabled: false
-http:
-  addr: :5000
-  draintimeout: 60s
-  headers:
-    X-Content-Type-Options: [nosniff]
-  debug:
-    addr: ":5001"
-    # Enable proxy on nodes - https://github.com/containerd/containerd/blob/main/docs/cri/registry.md
-    # https://ops.tips/gists/retrieving-docker-registry-metrics-using-prometheus/
-    prometheus:
-      enabled: true
-      path: "/metrics"
-health:
-  storagedriver:
-    enabled: true
-    interval: 10s
-    threshold: 3
-proxy:
-  remoteurl: https://registry-1.docker.io
-  username: vbarzin@gmail.com
-  password: ${password}
-  ttl: 0