viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1803 commits 2 branches 0 tags 2.3 GiB
Commit graph

1803 commits

This branch
This branch
All branches
Author SHA1 Message Date
Viktor Barzin
4741ac9688 state(isponsorblocktv): update encrypted state 2026-03-21 11:30:36 +00:00
Viktor Barzin
25c7c0f0ce state(iscsi-csi): update encrypted state 2026-03-21 11:30:32 +00:00
Viktor Barzin
4a863c6601 state(infra-maintenance): update encrypted state 2026-03-21 11:30:28 +00:00
Viktor Barzin
2b2bf08e67 state(immich): update encrypted state 2026-03-21 11:25:22 +00:00
Viktor Barzin
d37aedbc44 state(homepage): update encrypted state 2026-03-21 11:25:18 +00:00
Viktor Barzin
f5e6254085 state(health): update encrypted state 2026-03-21 11:25:06 +00:00
Viktor Barzin
5645b8026d state(headscale): update encrypted state 2026-03-21 11:24:59 +00:00
Viktor Barzin
e3cec012e5 state(hackmd): update encrypted state 2026-03-21 11:24:54 +00:00
Viktor Barzin
3990b204cf state(grampsweb): update encrypted state 2026-03-21 11:23:42 +00:00
Viktor Barzin
eb8c862b2b state(frigate): update encrypted state 2026-03-21 11:23:38 +00:00
Viktor Barzin
d5742dc49c state(freshrss): update encrypted state 2026-03-21 11:23:33 +00:00
Viktor Barzin
c432a18675 state(freedify): update encrypted state 2026-03-21 11:23:29 +00:00
Viktor Barzin
184ae484ae state(forgejo): update encrypted state 2026-03-21 11:23:25 +00:00
Viktor Barzin
8141c0f0e1 state(f1-stream): update encrypted state 2026-03-21 11:23:23 +00:00
Viktor Barzin
a1a71c5842 state(external-secrets): update encrypted state 2026-03-21 11:23:19 +00:00
Viktor Barzin
7905396145 state(excalidraw): update encrypted state 2026-03-21 11:23:13 +00:00
Viktor Barzin
35a06b3498 state(echo): update encrypted state 2026-03-21 11:23:10 +00:00
Viktor Barzin
14e3a8784a state(diun): update encrypted state 2026-03-21 11:23:07 +00:00
Viktor Barzin
8f1465392f state(dawarich): update encrypted state 2026-03-21 11:22:53 +00:00
Viktor Barzin
160d66eecb state(dashy): update encrypted state 2026-03-21 11:22:49 +00:00
Viktor Barzin
6615851c07 state(cyberchef): update encrypted state 2026-03-21 11:22:46 +00:00
Viktor Barzin
43505190a8 state(crowdsec): update encrypted state 2026-03-21 11:22:42 +00:00
Viktor Barzin
c13e9a75ca state(coturn): update encrypted state 2026-03-21 11:22:38 +00:00
Viktor Barzin
53e05e63b5 state(cnpg): update encrypted state 2026-03-21 11:22:33 +00:00
Viktor Barzin
a5136749b7 state(claude-memory): update encrypted state 2026-03-21 11:21:49 +00:00
Viktor Barzin
73ca114ffa state(city-guesser): update encrypted state 2026-03-21 11:20:36 +00:00
Viktor Barzin
b5fbd19088 state(changedetection): update encrypted state 2026-03-21 11:20:30 +00:00
Viktor Barzin
9b4bf85933 state(calibre): update encrypted state 2026-03-21 11:19:09 +00:00
Viktor Barzin
0888cb100a state(blog): update encrypted state 2026-03-21 11:19:04 +00:00
Viktor Barzin
8551e75305 state(authentik): update encrypted state 2026-03-21 11:18:56 +00:00
Viktor Barzin
92aba3a9f7 state(audiobookshelf): update encrypted state 2026-03-21 11:18:53 +00:00
Viktor Barzin
d4edd53367 state(affine): update encrypted state 2026-03-21 11:18:02 +00:00
Viktor Barzin
0d69403aaa state(actualbudget): update encrypted state 2026-03-21 11:16:01 +00:00
Viktor Barzin
21cfa8c072 bump memory limits for OOM-prone services 
FreshRSS: 64Mi → 256Mi (171 restarts, VPA upper ~204Mi)
Actual Budget HTTP API: 128Mi → 384Mi (17 restarts, VPA upper ~297Mi)
n8n: 768Mi → 1Gi (18 restarts, VPA upper ~765Mi)
Dawarich: 768Mi → 896Mi (2 restarts, VPA upper ~628Mi)
Traefik: 384Mi → 768Mi (2 restarts, VPA upper ~584Mi)
 2026-03-21 11:12:12 +00:00
Viktor Barzin
c848c9a39b state(dawarich): update encrypted state 2026-03-21 11:09:39 +00:00
Viktor Barzin
c28c2cf654 state(n8n): update encrypted state 2026-03-21 11:08:46 +00:00
Viktor Barzin
3029c708b8 state(actualbudget): update encrypted state 2026-03-21 11:06:32 +00:00
Viktor Barzin
fcd602a257 state(freshrss): update encrypted state 2026-03-21 11:06:24 +00:00
Viktor Barzin
b3c9c45a17 multi-user access: fix template memory default, add storage quota, add CONTRIBUTING.md [ci skip] 
- Template: bump default memory from 128Mi to 256Mi (matches deploy-app skill guidance)
- ResourceQuota: add requests.storage (20Gi) and persistentvolumeclaims (5) defaults
- CONTRIBUTING.md: agent-friendly contributor guide for namespace-owners
 2026-03-19 23:49:15 +00:00
Viktor Barzin
8dccf4f5ef state(openclaw): update encrypted state 2026-03-19 23:44:11 +00:00
Viktor Barzin
6b8ce04d44 fix(openclaw): change agent workspace from /workspace/infra to /workspace 
Keeps infra repo as a subdirectory, allows OpenClaw to write to /workspace directly.
 2026-03-19 23:32:28 +00:00
Viktor Barzin
fd207f4db5 state(openclaw): update encrypted state 2026-03-19 23:29:48 +00:00
Viktor Barzin
e823b795f7 fix(dbaas,vault): fix backup CronJob failures and mysql-operator memory 
- Add docker.io/library/ prefix to mysql and postgres backup images
  to satisfy Kyverno require-trusted-registries policy (both CronJobs
  were blocked for 46h, triggering MySQLBackupStale alert)
- Document mysql-operator chart ignoring resources values key — the
  LimitRange default (256Mi) was silently applied, putting the operator
  at 97% memory. Patched live to 512Mi via kubectl.
- Increase vault-raft-backup backoff_limit to 6 for transient failures
  (also fixed NFS export: vault-backup was a separate ZFS dataset not
  in the TrueNAS NFS share — destroyed dataset, created directory)
 2026-03-19 23:26:05 +00:00
Viktor Barzin
250a058627 feat(traefik): add custom error pages with tarampampam/error-pages 
Deploy error-pages service to show themed error pages instead of raw
Traefik 502/503/504 responses. Adds catch-all IngressRoute (priority 1)
for 404 on unknown hosts. Only 5xx intercepted to avoid breaking JSON APIs.
 2026-03-19 23:14:27 +00:00
Viktor Barzin
d95144bd05 fix(immich): bump postgres memory 512Mi → 1Gi for v2.6.1 geodata migration 
v2.6.1 bulk-inserts into geodata_places on first boot, OOM-killing
postgres at 512Mi. Raise to 1Gi to accommodate the migration.
 2026-03-19 22:50:36 +00:00
Viktor Barzin
89bb74c4ee state(immich): update encrypted state 2026-03-19 22:47:32 +00:00
Viktor Barzin
da630b8869 upgrade immich v2.5.6 → v2.6.1 2026-03-19 22:45:04 +00:00
Viktor Barzin
c7dc63f923 state(immich): update encrypted state 2026-03-19 20:39:18 +00:00
Viktor Barzin
af2222fce8 backup & DR: add alerting, fix rotation, secure MySQL password, add runbooks 
Phase 1: Add 12 PrometheusRules for backup health alerting
- PostgreSQL, MySQL, Vault, Vaultwarden, Redis staleness + never-succeeded alerts
- CSIDriverCrashLoop alert for nfs-csi/iscsi-csi namespaces
- Generic BackupCronJobFailed alert

Phase 2: Fix backup rotation
- etcd: timestamped snapshots instead of overwriting single file
- Redis: timestamped RDB files with 7-day retention purge
- PostgreSQL: retention increased from 7 to 14 days

Phase 3: Fix MySQL password exposure
- Move root password from command line arg to MYSQL_PWD env var via secretKeyRef

Phase 5: Add restore runbooks
- PostgreSQL, MySQL, Vault, etcd, Vaultwarden, full cluster rebuild
 2026-03-19 20:34:33 +00:00
Viktor Barzin
62d42657e6 state(redis): update encrypted state 2026-03-19 20:32:27 +00:00