viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2115 commits 2 branches 0 tags 2.3 GiB
Commit graph

2115 commits

This branch
This branch
All branches
Author SHA1 Message Date
Viktor Barzin
2445edea8f state(freedify): update encrypted state 2026-03-26 01:13:29 +02:00
Viktor Barzin
30d58bc4c8 state(freedify): update encrypted state 2026-03-26 01:11:16 +02:00
Viktor Barzin
9e99c14a77 state(freedify): update encrypted state 2026-03-26 00:36:47 +02:00
Viktor Barzin
9bc37bf257 state(freedify): update encrypted state 2026-03-26 00:15:49 +02:00
Viktor Barzin
c732e92613 state(reverse-proxy): update encrypted state 2026-03-26 00:07:46 +02:00
Viktor Barzin
074a2fceec state(reverse-proxy): update encrypted state 2026-03-26 00:07:41 +02:00
Viktor Barzin
50a3f81261 state(freedify): update encrypted state 2026-03-25 23:58:01 +02:00
Viktor Barzin
4e74f816bc cleanup: remove calibre and audiobookshelf stacks after ebooks migration [ci skip] 
Both services migrated to unified ebooks namespace. Remove:
- Old stack directories and Terraform state
- calibre references from monitoring namespace lists
- calibre/audiobookshelf from operational scripts
 2026-03-25 23:56:07 +02:00
Viktor Barzin
809e2a7624 state(audiobookshelf): update encrypted state 2026-03-25 23:54:55 +02:00
Viktor Barzin
60e83526ec state(calibre): update encrypted state 2026-03-25 23:54:38 +02:00
Viktor Barzin
3eb0418595 state(freedify): update encrypted state 2026-03-25 23:53:31 +02:00
Viktor Barzin
57d31de5a5 state(freedify): update encrypted state 2026-03-25 23:50:51 +02:00
Viktor Barzin
f49776aec9 state(freedify): update encrypted state 2026-03-25 23:41:15 +02:00
Viktor Barzin
95e49134ae cleanup: remove old audiobook-search, superseded by book-search 
- Delete servarr/audiobook-search TF module (moved to ebooks/book-search)
- Remove audiobook-search from cloudflare_proxied_names
- Remove commented-out module reference in servarr/main.tf
- Clean up "renamed from" comment in ebooks/main.tf
- K8s resources (deploy/svc/ingress) deleted from servarr namespace
- Cloudflare DNS record already absent
- Import book-search and insta2spotify DNS records into cloudflared state
 2026-03-25 23:16:01 +02:00
Viktor Barzin
97c789510e state(freedify): update encrypted state 2026-03-25 23:14:44 +02:00
Viktor Barzin
b731af1b91 state(platform): update encrypted state 2026-03-25 23:10:10 +02:00
Viktor Barzin
111201796b state(freedify): update encrypted state 2026-03-25 23:05:32 +02:00
Viktor Barzin
fe27709fd4 fix email monitor: use internal URL for Uptime Kuma push 
Pods can't reach uptime.viktorbarzin.me externally. Switch to
http://uptime-kuma.uptime-kuma.svc.cluster.local for the push endpoint.
 2026-03-25 22:59:26 +02:00
Viktor Barzin
a48149ff0d state(mailserver): update encrypted state 2026-03-25 22:58:35 +02:00
Viktor Barzin
b877ff18fc state(freedify): update encrypted state 2026-03-25 22:52:08 +02:00
Viktor Barzin
78dec8f0ad add e2e email roundtrip monitoring 
CronJob (every 30 min) sends test email via Mailgun API to
smoke-test@viktorbarzin.me, verifies IMAP delivery in spam@ catch-all,
deletes test email, pushes metrics to Pushgateway + Uptime Kuma.

Prometheus alerts: EmailRoundtripFailing, EmailRoundtripStale,
EmailRoundtripNeverRun. Uptime Kuma: SMTP/IMAP port checks + E2E push.
 2026-03-25 22:50:22 +02:00
Viktor Barzin
b9c2d7c1f6 state(freedify): update encrypted state 2026-03-25 22:24:39 +02:00
Viktor Barzin
49de96a0c1 state(mailserver): update encrypted state 2026-03-25 22:20:02 +02:00
Viktor Barzin
d1036de313 state(mailserver): update encrypted state 2026-03-25 22:16:06 +02:00
Viktor Barzin
a08b1e8384 state(freedify): update encrypted state 2026-03-25 22:15:24 +02:00
Viktor Barzin
f33940cbce state(mailserver): update encrypted state 2026-03-25 22:10:26 +02:00
Viktor Barzin
26ab7acbda state(mailserver): update encrypted state 2026-03-25 22:08:50 +02:00
Viktor Barzin
3adaf88f62 add MAM_ID env var to book-search deployment [ci skip] 2026-03-25 15:52:24 +02:00
Viktor Barzin
946ea9e1f3 fix ebooks stack: prefix PV names, add book-search DNS, add secrets symlink [ci skip] 2026-03-25 15:14:08 +02:00
Viktor Barzin
8be9e765dc state(platform): update encrypted state 2026-03-25 15:09:00 +02:00
Viktor Barzin
6e1d8c0c8b add ebooks stack: consolidate book services into single namespace [ci skip] 
- New ebooks namespace with CWA, Stacks, Audiobookshelf, book-search
- book-search (renamed from audiobook-search) with CWA ingest volume
- Comment out audiobook_search module from servarr
- All NFS volumes and secrets consolidated
 2026-03-25 15:04:27 +02:00
Viktor Barzin
14bbab3041 state(servarr): update encrypted state 2026-03-25 14:23:00 +02:00
Viktor Barzin
5d23e68f9d state(servarr): update encrypted state 2026-03-25 14:19:44 +02:00
Viktor Barzin
1ce8b3d899 remove setup_tls_secret from insta2spotify (Kyverno auto-syncs) 2026-03-25 13:44:34 +02:00
Viktor Barzin
fe109d9f96 add homepage auto-discovery documentation [ci skip] 2026-03-25 13:06:43 +02:00
Viktor Barzin
6dda15afa0 add insta2spotify stack: namespace, ESO, NFS, 2-container deploy, split ingress 
- Namespace insta2spotify (tier 4-aux)
- ExternalSecret from Vault secret/insta2spotify
- NFS volume at /mnt/main/insta2spotify for SQLite + Spotify cache
- Frontend (128Mi) + backend (512Mi req / 2Gi limit) in one pod
- Split ingress: protected (Authentik) for frontend, unprotected for /api/*
- DNS via Cloudflare (proxied)
 2026-03-25 13:03:35 +02:00
Viktor Barzin
009f4b3b89 change qBittorrent torrent port from 6881 to 50000 
Port 6881 is blacklisted by MAM and throttled by ISPs.
Also added pfSense NAT rule for 50000 TCP+UDP → 10.0.20.200.
 2026-03-25 12:29:00 +02:00
Viktor Barzin
8afa6c1e7f state(servarr): update encrypted state 2026-03-25 12:28:54 +02:00
Viktor Barzin
f49ab409ae state(servarr): update encrypted state 2026-03-25 12:26:18 +02:00
Viktor Barzin
f81b98f0db state(servarr): update encrypted state 2026-03-25 12:05:13 +02:00
Viktor Barzin
5b5a7d8cb4 add MAM email/password env vars to audiobook-search deployment 
Reads mam_email and mam_password from Vault secret/servarr via ESO.
 2026-03-25 12:03:12 +02:00
Viktor Barzin
e455bd06f4 state(monitoring): update encrypted state 2026-03-25 11:04:29 +02:00
Viktor Barzin
8c6f238697 add default Homepage annotations to ingress_factory for auto-discovery 
- ingress_factory now injects gethomepage.dev/* annotations on all ingresses
  (name, group, href, icon) with namespace-to-group mapping
- Stacks with explicit annotations override defaults via merge order
- New homepage_enabled var allows opt-out for internal-only ingresses
- Homepage search widget switched to in-page quicklaunch (Ctrl+K / tap)
- Added hideErrors and quicklaunch settings for clean service directory
- Result: 116/134 ingresses now discoverable (up from ~30)
 2026-03-25 11:00:38 +02:00
Viktor Barzin
d20c5e5535 add backup_output_bytes metric and cloudsync_transferred_bytes to backup dashboard 
- All 7 backup CronJobs now push backup_output_bytes (file size after backup)
- Cloud Sync monitor parses rclone transfer stats into cloudsync_transferred_bytes
- Grafana dashboard: new Output (MiB) table column, Output Size Trend panel,
  Write Throughput panel, Cloud Sync Transfer Volume bargauge
- All timeseries panels use points-only draw style (discrete backup snapshots)
- etcd backup restructured: init_container for etcdctl (distroless image),
  busybox sidecar for metrics push + purge, ClusterFirstWithHostNet DNS
- Fixed pre-existing curl missing in postgres:16.4-bullseye (immich, dbaas PG)
- Fixed grep -oP not available in alpine/busybox (cloud sync monitor)
 2026-03-25 10:44:53 +02:00
Viktor Barzin
f289f76882 state(infra-maintenance): update encrypted state 2026-03-25 03:02:12 +02:00
Viktor Barzin
d52a6e8a53 state(infra-maintenance): update encrypted state 2026-03-25 03:01:00 +02:00
Viktor Barzin
a5e03f6673 state(immich): update encrypted state 2026-03-25 02:58:25 +02:00
Viktor Barzin
2ea8ecb83e state(infra-maintenance): update encrypted state 2026-03-25 02:58:22 +02:00
Viktor Barzin
0ec8c081d1 state(redis): update encrypted state 2026-03-25 02:58:20 +02:00
Viktor Barzin
ecb31b9fdd state(vaultwarden): update encrypted state 2026-03-25 02:58:15 +02:00