infra

viktor/infra

Fork 0

Commit graph

Author	SHA1	Message	Date
Viktor Barzin	0d3ef78f3a	Add terminal stack - reverse proxy to ttyd behind authentik Exposes ttyd at 10.0.10.10:7681 via terminal.viktorbarzin.me with Cloudflare DNS and Authentik forward-auth protection.	2026-03-10 23:46:01 +00:00
Viktor Barzin	15f7114c4e	[ci skip] k8s portal: fix setup script + add onboarding hub (5 new pages) Bug fixes: - CA cert now populated in ConfigMap (was empty → TLS failures) - Remove useless heredoc quote escaping in setup script - Fix homepage: VPN callout, correct verification command (get namespaces) - Fix false-positive sensitive=true on ingress_path, tls_secret_name, truenas_host, ollama_host, client_certificate_secret_name New pages (direct Svelte, no mdsvex dependency): - /onboarding: step-by-step guide (VPN, kubectl, git, first PR) - /architecture: cluster topology, storage, networking, tiers - /services: catalog of 70+ services with URLs - /contributing: PR workflow, what you can/can't change, NEVER list - /troubleshooting: common issues and fixes Navigation bar added to layout. All pages use consistent docs styling. Requires Docker image rebuild: cd stacks/platform/modules/k8s-portal/files && docker build -t viktorbarzin/k8s-portal:latest . && docker push	2026-03-07 15:06:26 +00:00
Viktor Barzin	22267fe386	[ci skip] phase 2: split terraform.tfvars into config.tfvars + secrets.sops.json config.tfvars (29 vars, plaintext): hostnames, IPs, DNS records, IDs secrets.sops.json (140 vars, SOPS-encrypted): passwords, tokens, keys, maps Both files coexist with terraform.tfvars — no functional change yet. Complex types preserved: maps (mailserver_accounts, k8s_users, homepage_credentials), lists (xray_reality_clients), heredocs as \n-escaped JSON strings (SSH keys, WireGuard conf, headscale config).	2026-03-07 14:04:40 +00:00

Author

SHA1

Message

Date

Viktor Barzin

0d3ef78f3a

Add terminal stack - reverse proxy to ttyd behind authentik

Exposes ttyd at 10.0.10.10:7681 via terminal.viktorbarzin.me with
Cloudflare DNS and Authentik forward-auth protection.

2026-03-10 23:46:01 +00:00

Viktor Barzin

15f7114c4e

[ci skip] k8s portal: fix setup script + add onboarding hub (5 new pages)

Bug fixes:
- CA cert now populated in ConfigMap (was empty → TLS failures)
- Remove useless heredoc quote escaping in setup script
- Fix homepage: VPN callout, correct verification command (get namespaces)
- Fix false-positive sensitive=true on ingress_path, tls_secret_name,
  truenas_host, ollama_host, client_certificate_secret_name

New pages (direct Svelte, no mdsvex dependency):
- /onboarding: step-by-step guide (VPN, kubectl, git, first PR)
- /architecture: cluster topology, storage, networking, tiers
- /services: catalog of 70+ services with URLs
- /contributing: PR workflow, what you can/can't change, NEVER list
- /troubleshooting: common issues and fixes

Navigation bar added to layout. All pages use consistent docs styling.

Requires Docker image rebuild: cd stacks/platform/modules/k8s-portal/files
&& docker build -t viktorbarzin/k8s-portal:latest . && docker push

2026-03-07 15:06:26 +00:00

Viktor Barzin

22267fe386

[ci skip] phase 2: split terraform.tfvars into config.tfvars + secrets.sops.json

config.tfvars (29 vars, plaintext): hostnames, IPs, DNS records, IDs
secrets.sops.json (140 vars, SOPS-encrypted): passwords, tokens, keys, maps

Both files coexist with terraform.tfvars — no functional change yet.
Complex types preserved: maps (mailserver_accounts, k8s_users, homepage_credentials),
lists (xray_reality_clients), heredocs as \n-escaped JSON strings (SSH keys,
WireGuard conf, headscale config).

2026-03-07 14:04:40 +00:00

3 commits