Commit graph

  • d9717a53bf vault-token-renew runbook: document the self-heal behavior master Viktor Barzin 2026-07-03 20:20:44 +00:00
  • 4a7b6db806 vault-token-renew: self-heal the periodic token on admin-capable clobber Viktor Barzin 2026-07-03 20:20:00 +00:00
  • 8631709ca2 vault-token-renew: pure helpers for the self-heal revoke filter Viktor Barzin 2026-07-03 20:19:09 +00:00
  • a07a603b80 docs/plans: vault-token self-heal implementation plan Viktor Barzin 2026-07-03 20:09:36 +00:00
  • e2bfb20c84 docs/plans: vault-token self-heal design (devvm renewer) Viktor Barzin 2026-07-03 20:02:53 +00:00
  • 6698018ab6 service-catalog: add tasks row + tasks to the proxied-domains list Viktor Barzin 2026-07-03 19:53:42 +00:00
  • 02640df620 stacks/tasks: new stack for the tasks PWA (Authentik-gated, CNPG-backed) Viktor Barzin 2026-07-03 19:53:27 +00:00
  • e0db1054e7 dbaas+vault: provision tasks CNPG database, role and rotating password Viktor Barzin 2026-07-03 19:53:13 +00:00
  • 9dcd3b0d5d Merge remote-tracking branch 'forgejo/master' into wizard/stem95su-cutover Viktor Barzin 2026-07-03 15:27:04 +00:00
  • 5367d4a055 paperless-mail-ingest: rules process inline attachments (Apple Mail lesson) Viktor Barzin 2026-07-03 15:25:29 +00:00
  • 21c6e7112e stem95su: retire the in-cluster serving stack — now a Valia site on Pages Viktor Barzin 2026-07-03 15:22:32 +00:00
  • 974c9976e3 valia-sites: take over stem95su DNS (manage_dns=true) — cutover half 2 Viktor Barzin 2026-07-03 13:12:30 +00:00
  • 5c8e9daabd stem95su: release the public CNAME (dns_type=none) for the Pages cutover Viktor Barzin 2026-07-03 13:12:29 +00:00
  • c1ee6863b3 mailserver docs: troubleshooting entry for the postsrsd 100%-CPU spin Viktor Barzin 2026-07-03 14:39:13 +00:00
  • 4ee4d1927d mailserver: guard alias filter against short lines with a lazy ternary Viktor Barzin 2026-07-03 14:38:30 +00:00
  • 68b9858eff paperless-mail-ingest runbook: manual mail_fetcher must drop to the paperless user Viktor Barzin 2026-07-03 14:26:12 +00:00
  • 77fcb08e8e mailserver: add docs@ paperless ingest mailbox (sieve sender allowlist) Viktor Barzin 2026-07-03 14:06:19 +00:00
  • f5187806f9 ADR-0017: replace ASCII trunk diagram with excalidraw VLAN-tagging diagram Viktor Barzin 2026-07-03 13:21:59 +00:00
  • 316cdb7441 docs: valia-sites runbook + dns.md CM mechanism + service-catalog entries Viktor Barzin 2026-07-03 12:46:24 +00:00
  • 4a3c8287c3 Merge remote-tracking branch 'forgejo/master' into wizard/valia-sites Viktor Barzin 2026-07-03 12:43:28 +00:00
  • e0991853e4 valia-sites: 25MB Pages-limit guard; cloudflared: drop removed{} (CI TF <1.7) Viktor Barzin 2026-07-03 12:43:13 +00:00
  • 348f64d34d ADR-0017: add physical-cabling diagram (wires only) Viktor Barzin 2026-07-03 12:40:29 +00:00
  • 126cf4c88e Merge origin/master into wizard/cctv-adr-trunk Viktor Barzin 2026-07-03 12:32:00 +00:00
  • 695e020111 cloudflared: move bridge removed{} to stack root — removed blocks are root-module-only Viktor Barzin 2026-07-03 12:31:53 +00:00
  • 5d16a18cf4 ADR-0017: document trunk traffic semantics + ASCII topology Viktor Barzin 2026-07-03 12:31:48 +00:00
  • 8b80b4cc41 valia-sites: registry stack for Valia's Pages sites + declarative internal DNS (ADR-0018) Viktor Barzin 2026-07-03 12:28:06 +00:00
  • 5c42155b81 docs: Valia-sites domain language + ADR-0018 (off-infra Pages, in-cluster sync) Viktor Barzin 2026-07-03 12:17:45 +00:00
  • e1bd111562 rename CF Pages site most.viktorbarzin.me -> bridge.viktorbarzin.me Viktor Barzin 2026-07-03 10:52:30 +00:00
  • 7dd80b6c7c technitium: mirror most.viktorbarzin.me into the internal zone (CF Pages site) Viktor Barzin 2026-07-03 10:10:46 +00:00
  • 217a54be9d cloudflared: add most.viktorbarzin.me CNAME for Cloudflare Pages site Viktor Barzin 2026-07-03 10:05:54 +00:00
  • be80ef23bb ADR-0017 rev 3: single switch — PE replaces the SG105E, CCTV rides a VLAN-30 trunk on the LAN1 cable Viktor Barzin 2026-07-03 09:15:52 +00:00
  • 4082934bc1 Merge origin/master into wizard/cctv-two-switch Viktor Barzin 2026-07-03 08:37:34 +00:00
  • e11bd6e893 ADR-0017 rev 2: two switches — the PE is a dedicated CCTV island, no VLAN table anywhere Viktor Barzin 2026-07-03 08:37:15 +00:00
  • 08fb65827c tripit: set PLACE_PHOTO_PROVIDER=wikipedia — real place preview photos Viktor Barzin 2026-07-02 21:57:21 +00:00
  • b761701994 ADR-0017: add network topology diagram (SVG) next to the decision Viktor Barzin 2026-07-02 20:25:28 +00:00
  • 248e186dce CCTV segment (dCCTV 10.0.30.0/24) on a dedicated pfSense leg for the garage camera Viktor Barzin 2026-07-02 20:01:45 +00:00
  • 3a5194c9d4 Merge pull request 'immich(frame-emo): show photos from the last 365 days (was 730)' (#18) from emo/frame-emo-1year into master viktor 2026-07-02 19:05:31 +00:00
  • 9e253d409a immich(frame-emo): show photos from the last 365 days (was 730) ebarzin 2026-07-02 07:49:12 +00:00
  • 4c532dbf97 devvm containment: drop the MemoryHigh throttle band, straight to MemoryMax OOM Viktor Barzin 2026-07-02 16:59:38 +00:00
  • 684ca4527c docs(CLAUDE.md): T4 now has a VRAM budget + watchdog (ADR-0016, dry-run); note llama-swap budget miscalibration Viktor Barzin 2026-07-02 15:20:06 +00:00
  • 21afae85c9 dawarich: dedicated 100/1000 Traefik rate limit (default 10/50 429'd page loads) Viktor Barzin 2026-07-02 15:03:08 +00:00
  • 91d0213d1a Merge remote-tracking branch 'forgejo/master' into wizard/excalidraw-export-rename Viktor Barzin 2026-07-02 14:29:34 +00:00
  • 8fc657f431 excalidraw: migrate image build to GHA -> private ghcr (ADR-0002) Viktor Barzin 2026-07-02 14:29:23 +00:00
  • 1cbc1e962b excalidraw: native export menu + drawing rename Viktor Barzin 2026-07-02 14:29:10 +00:00
  • d94f267c93 immich: upgrade v2.7.5 → v3.0.0 (postgres → vectorchord 0.4.3, frames → immich_v3 tag) Viktor Barzin 2026-07-02 14:18:22 +00:00
  • 6f03ccd1aa excalidraw: grant emo-browser SA port-forward for drawing uploads Viktor Barzin 2026-07-02 11:08:28 +00:00
  • 43a5d2cc27 immich(frame-emo): show photos from the last 365 days (was 730) emo/frame-emo-1year ebarzin 2026-07-02 07:49:12 +00:00
  • 88c86e2109 ci: Slack-notify failed pipeline runs only Viktor Barzin 2026-07-02 07:27:43 +00:00
  • a64d2ba2b9 upgrades: fix hourly gotenberg error + cap update notifications at weekly Viktor Barzin 2026-07-02 07:16:50 +00:00
  • 5d5d9752cb guard: ignore + git-crypt kubeconfig files so they can't leak to the public mirror Viktor Barzin 2026-07-02 07:14:58 +00:00
  • dab307f9f8 Merge remote-tracking branch 'origin/master' Viktor Barzin 2026-07-02 05:39:15 +00:00
  • f1e81772d5 broker-sync: repoint image to ghcr (was frozen on pre-migration DockerHub) Viktor Barzin 2026-07-02 05:31:00 +00:00
  • ac41e7c017 nvidia: run advertise-gpumem provisioner under bash (dash rejects pipefail) Viktor Barzin 2026-07-02 05:21:47 +00:00
  • 968b2b9c64 Merge remote-tracking branch 'origin/master' into wizard/gpu-vram-budget Viktor Barzin 2026-07-02 05:18:34 +00:00
  • a12b09af04 broker-sync: pin data-mounting CronJobs to k8s-node4 (stop nightly RWO wedge) Viktor Barzin 2026-07-02 05:16:38 +00:00
  • 3c85af2dc2 fire-countdown dashboard: SQL guards + tax regime + honesty fixes Viktor Barzin 2026-07-01 22:44:17 +00:00
  • 339f5d89b9 onlyoffice: decommission (stack destroyed, dir removed) Viktor Barzin 2026-07-01 22:35:22 +00:00
  • 3c476dab32 postiz+portal: remove broken alert sources (stale backup CronJob, bogus scrape annotations) Viktor Barzin 2026-07-01 22:35:21 +00:00
  • 5a312563c6 monitoring/wealth: dash the in-progress year on the hourly-rate panel Viktor Barzin 2026-06-30 12:45:51 +00:00
  • 28984dda9a monitoring/wealth: add per-year effective hourly-rate panel (gross vs net) Viktor Barzin 2026-06-30 12:28:46 +00:00
  • 82371d1ef8 dbaas/mysql: innodb_doublewrite=DETECT_ONLY to halve page-flush writes Viktor Barzin 2026-06-30 08:47:09 +00:00
  • fbae573664 state(dbaas): update encrypted state Viktor Barzin 2026-06-30 08:46:45 +00:00
  • 71501be408 nodes: journald -> volatile (RAM) to cut sdc write-IOPS Viktor Barzin 2026-06-30 08:15:38 +00:00
  • 74819d4061 feat(nvidia): GPU VRAM budget + watchdog to stop T4 overallocation Viktor Barzin 2026-06-30 07:57:40 +00:00
  • 1afe41880e docs: MySQL buffer-pool/limit + nextcloud webcal throttle; VCT drift fixed Viktor Barzin 2026-06-30 07:56:04 +00:00
  • 82c9e69b77 dbaas/mysql: 2Gi InnoDB buffer pool + 6Gi limit + ignore VCT drift Viktor Barzin 2026-06-30 07:55:18 +00:00
  • 29bf275cef state(dbaas): update encrypted state Viktor Barzin 2026-06-30 07:53:48 +00:00
  • 308a174ad6 docs(networking): record MetalLB .204 (frigate-rtsp go2rtc) allocation Viktor Barzin 2026-06-30 07:42:27 +00:00
  • 469cdd7507 frigate: expose go2rtc on a dedicated MetalLB LB IP (RTSP 8554 + WebRTC 8555) emo/frigate-go2rtc-expose ebarzin 2026-06-30 07:15:22 +00:00
  • 9ea9cae073 rightsize: reconcile batch-2/3 stacks blocked by killed #427 (job-hunter, wealthfolio, f1-stream) Viktor Barzin 2026-06-29 15:59:41 +00:00
  • 7cc9cde5b1 external-secrets: enable ESO Vault token cache to cut sdc write churn Viktor Barzin 2026-06-29 15:32:22 +00:00
  • 5e384ed762 state(external-secrets): update encrypted state Viktor Barzin 2026-06-29 15:31:06 +00:00
  • bc626a2d89 rightsize: raise OOM-tight memory limits (batch 3/N — spike protection) Viktor Barzin 2026-06-29 15:28:11 +00:00
  • 418d1efb4b rightsize: trim over-provisioned memory (batch 2/N) Viktor Barzin 2026-06-29 15:27:17 +00:00
  • a3f2c2947a docs: refresh CNPG tuning note (archive_timeout=0, commit_delay, zstd) + apply gotcha Viktor Barzin 2026-06-29 15:17:38 +00:00
  • ec04963bfe state(dbaas): update encrypted state Viktor Barzin 2026-06-29 15:16:50 +00:00
  • c3553731c7 dbaas: CNPG write-reduction — archive_timeout=0, commit_delay, wal_compression=zstd Viktor Barzin 2026-06-29 15:16:38 +00:00
  • 5d059786a1 rightsize: trim over-provisioned memory limits+requests (batch 1/N) Viktor Barzin 2026-06-29 14:46:58 +00:00
  • 4473b469e3 lvm-pvc-snapshot: cut retention 7->3 days (reduce sdc thin-pool CoW IOPS + free ~1TB) Viktor Barzin 2026-06-29 12:59:03 +00:00
  • 256122ff5b monitoring: make ClusterCannotTolerateNonGpuNodeLoss topology-agnostic Viktor Barzin 2026-06-29 12:34:01 +00:00
  • 6c3619c9c6 state(dbaas): update encrypted state Viktor Barzin 2026-06-29 12:26:21 +00:00
  • 682b982c78 state(dbaas): update encrypted state Viktor Barzin 2026-06-29 12:25:53 +00:00
  • c0e0911afa dbaas: bump pg_cluster trigger so the checkpoint/WAL params actually apply Viktor Barzin 2026-06-29 12:25:37 +00:00
  • bebe8fbd74 workflows: add read-only memory-overcommit + node-removal capacity analysis Viktor Barzin 2026-06-29 12:06:17 +00:00
  • a2c8f906ec dbaas: stretch CNPG checkpoint timer 5->15min + raise WAL size (cut sdc write IOPS) Viktor Barzin 2026-06-29 11:41:09 +00:00
  • 3398873a16 k8s-upgrade: move version-check cadence from daily to weekly (Sun check, Mon report) Viktor Barzin 2026-06-29 06:22:20 +00:00
  • e43e64c666 kyverno: disable reports-controller to stop etcd ephemeralreport load Viktor Barzin 2026-06-29 05:35:36 +00:00
  • cf42042cba monitoring: re-trigger apply to persist state after CI cancel-race Viktor Barzin 2026-06-28 16:58:49 +00:00
  • f92075b7c5 fire-planner: solve FIRE targets to age 100 (horizon 60→72) Viktor Barzin 2026-06-28 16:49:20 +00:00
  • 7fe2d9780e monitoring: add pfSense WAN/egress alerting + probes Viktor Barzin 2026-06-28 16:46:30 +00:00
  • 279b88d2bc docs: add MetalLB L2Status-immutable PG-VIP-flap post-mortem (code-aoxk) Viktor Barzin 2026-06-28 16:25:10 +00:00
  • 6f042ee239 fix(fire-planner): grafana fire-planner-pg datasource survives pw rotation Viktor Barzin 2026-06-28 16:14:42 +00:00
  • 35c0057d83 chrome-service: raise noVNC sidecar memory limit 96Mi->256Mi (fix OOMKill) Viktor Barzin 2026-06-28 15:39:17 +00:00
  • 2e50c1235c chrome-service: grant emo shared browser access (noVNC + homelab browser CLI) Viktor Barzin 2026-06-28 15:20:07 +00:00
  • 50077b43d4 paperless-ngx: drop TASK_WORKERS 6->4 (6 OOMKilled the pod mid-import) Viktor Barzin 2026-06-28 15:06:46 +00:00
  • 8236ae309d postiz: reconcile HCL to live (adopt unmerged stack config), keep parked Viktor Barzin 2026-06-28 12:54:59 +00:00
  • 250d0fc334 docs(authentik): document SFE forced-WebAuthn escape hatches (TOTP + social) Viktor Barzin 2026-06-28 12:24:40 +00:00
  • e518ada3d4 authentik: repoint to overlay patch3 (all-iOS SFE + SFE social links) + docs Viktor Barzin 2026-06-28 11:53:26 +00:00
  • 4fc09b7a61 Merge remote-tracking branch 'origin/master' into wizard/authentik-sfe-social Viktor Barzin 2026-06-28 11:53:04 +00:00
  • 916516eeab authentik overlay patch3: SFE for ALL old iOS browsers + social-login links Viktor Barzin 2026-06-28 11:53:03 +00:00