Commit graph

  • c948dc0dbe backup pipeline: flock manifest + cap + drop LAN -z Viktor Barzin 2026-05-24 16:27:42 +00:00
  • 4798583db7 backup pipeline: S1 fixes from 2026-05-24 audit Viktor Barzin 2026-05-24 16:18:44 +00:00
  • 9277d71d81 nfs-mirror: append transferred files to offsite-sync manifest Viktor Barzin 2026-05-24 15:32:22 +00:00
  • 15745eab2f backup: retire anca-elements-mirror + anca-elements-sync.sh Viktor Barzin 2026-05-24 14:58:30 +00:00
  • 9e2163040b Woodpecker CI deploy [CI SKIP] root 2026-05-24 14:23:44 +00:00
  • d6590612b2 immich: bulk-import Anca's Elements photo archive into her account Viktor Barzin 2026-05-24 14:12:30 +00:00
  • 4d756be4f5 backup: consolidate to one local-mirror script + invert offsite filter Viktor Barzin 2026-05-24 12:49:20 +00:00
  • 416c2a0468 monitoring: add AncaElementsMirror{Stale,Failing} alerts Viktor Barzin 2026-05-24 11:55:19 +00:00
  • 6db64fe060 anca-elements: weekly local mirror sdc → sda (replaces Synology as 2nd copy) Viktor Barzin 2026-05-24 11:51:52 +00:00
  • 34f8c0f537 docs+scripts: lock in nextcloud-as-PVE-NFS-browser surface Viktor Barzin 2026-05-24 11:45:01 +00:00
  • c624caf65a nextcloud(external_storage): add per-mount enableSharing option Viktor Barzin 2026-05-24 11:38:42 +00:00
  • 37e563d5a9 Woodpecker CI deploy [CI SKIP] root 2026-05-24 11:31:53 +00:00
  • cb1a34fd00 nextcloud: expose PVE NFS roots + /anca-elements via Files External Viktor Barzin 2026-05-24 11:27:26 +00:00
  • 7a649ce7eb crowdsec: pin image to v1.7.8 + remove ENROLL_KEY, CAPI restored Viktor Barzin 2026-05-24 11:11:29 +00:00
  • f55eaae682 docs/backup-dr: document /srv/nfs/anca-elements offsite-sync exclusion Viktor Barzin 2026-05-24 11:03:50 +00:00
  • 05f047f290 offsite-sync-backup + nfs-change-tracker: exclude /srv/nfs/anca-elements Viktor Barzin 2026-05-24 11:03:09 +00:00
  • 41786b0fca crowdsec: DISABLE_ONLINE_API=true — break the recurring 403 crashloop Viktor Barzin 2026-05-24 10:31:03 +00:00
  • 1f6facc8e4 Merge forgejo/master — reconcile 18-day divergence with origin Viktor Barzin 2026-05-24 09:41:36 +00:00
  • 0b1282a13c llama-cpp: ignore_changes for keel/k8s-managed annotations Viktor Barzin 2026-05-24 09:01:17 +00:00
  • 67f8be4598 trading-bot: add kevin_signal_bridge container (kill-switch OFF for Phase 1) Viktor Barzin 2026-05-24 01:22:53 +00:00
  • 6218868ea5 xray: drop dead vless ingress + pin Service target_port Viktor Barzin 2026-05-24 01:13:54 +00:00
  • ae874e028d postiz: bump memory request 512Mi → 2Gi, limit 4Gi → 3Gi (right-size for next deploy) Viktor Barzin 2026-05-24 01:11:25 +00:00
  • b59acbc1db crowdsec/agent: bump memory request 64Mi → 128Mi Viktor Barzin 2026-05-24 01:11:16 +00:00
  • 7108843b38 nvidia/driver-daemonset: bump memory request 256Mi → 822Mi Viktor Barzin 2026-05-24 01:11:06 +00:00
  • 2711d4af05 monitoring/loki: bump memory request 2Gi → 3Gi (close gap to 4Gi limit) Viktor Barzin 2026-05-24 01:10:55 +00:00
  • c77984a713 proxmox-csi/node: bump memory request 64Mi → 1Gi (LUKS unlock reservation) Viktor Barzin 2026-05-24 01:09:52 +00:00
  • 467460cccd k8s-version-upgrade: ignore IngressTTFBCritical in halt-on-alert check Viktor Barzin 2026-05-23 20:17:31 +00:00
  • 447bfef507 blog: remove www.viktorbarzin.me ingress Viktor Barzin 2026-05-23 20:15:32 +00:00
  • 10ac174627 Woodpecker CI Update TLS Certificates Commit root 2026-05-24 00:03:48 +00:00
  • b4aa8eaf58 technitium: cut memory — primary 2Gi → 1Gi, secondary+tertiary 2Gi → 512Mi Viktor Barzin 2026-05-23 10:03:51 +00:00
  • 931d7b6c9d claude-agent-service: cut memory request 2Gi → 1Gi (limit 4Gi → 2Gi) Viktor Barzin 2026-05-23 10:03:42 +00:00
  • d76f4c4827 n8n: cut memory request 1Gi → 512Mi (+ image bump 1.80.0 → 1.80.5) Viktor Barzin 2026-05-23 10:03:28 +00:00
  • 17c1ef73be url/shlink: cut memory request 960Mi → 512Mi Viktor Barzin 2026-05-23 10:02:45 +00:00
  • 02ea5da8dc k8s-version-upgrade: skip phase_master/phase_worker if node already on target Viktor Barzin 2026-05-23 09:53:57 +00:00
  • a0f3e15562 k8s-version-upgrade: version-check uses oldest kubelet, not master Viktor Barzin 2026-05-23 09:48:50 +00:00
  • 68f8514e61 monitoring: MetalLBSpeakerDown for: 2m → 10m (was upgrade-chain regression) Viktor Barzin 2026-05-23 09:32:41 +00:00
  • 503ac4c192 monitoring: tune 4 alerts for transient drain/upgrade blips Viktor Barzin 2026-05-23 09:28:53 +00:00
  • ad9f6c8f41 k8s-version-upgrade: halt_on_alert allowlist (severity=critical only) Viktor Barzin 2026-05-23 09:14:39 +00:00
  • 0025511b6a docs: Technitium DNS IP — 10.0.20.101 → 10.0.20.201 Viktor Barzin 2026-05-23 08:53:52 +00:00
  • 68a503e29f kyverno: allowlist woodpeckerci/* for CI step pods Viktor Barzin 2026-05-23 08:52:48 +00:00
  • 000d306542 technitium: add viktorbarzin.me apex DNS drift probe + alerts Viktor Barzin 2026-05-23 08:41:14 +00:00
  • 4713c3a6d9 k8s-version-upgrade: tigera quiesce + etcd-skip retry + IO-wait alert ignore Viktor Barzin 2026-05-23 08:40:11 +00:00
  • 6f4a569d1c traefik: bump auth-proxy nginx header buffers to handle Authentik cookie pile Viktor Barzin 2026-05-23 08:34:33 +00:00
  • 7f63d35d0a docs/plans: HA control plane — design + plan + deferral Viktor Barzin 2026-05-23 08:32:15 +00:00
  • 70a334e431 trading-bot: pin Meet Kevin LLM model to claude-haiku-4-5 Viktor Barzin 2026-05-22 20:43:05 +00:00
  • 5258f09230 mailserver: decommission SendGrid Viktor Barzin 2026-05-22 20:08:38 +00:00
  • b233aba710 openclaw: switch primary to nim/meta/llama-3.1-70b-instruct Viktor Barzin 2026-05-22 15:23:17 +00:00
  • 3962513036 security(wave1): W1.7 analysis snapshot — observation data → allowlist plan Viktor Barzin 2026-05-22 15:22:25 +00:00
  • 2d35d72a53 kyverno(wave1): add 7 missing registries to trusted-registries allowlist Viktor Barzin 2026-05-22 15:17:16 +00:00
  • c11ac7d486 cnpg: bump webhook-cert renewal threshold 7d -> 30d Viktor Barzin 2026-05-22 15:00:41 +00:00
  • 96f9db0b13 state(cnpg): update encrypted state Viktor Barzin 2026-05-22 15:00:04 +00:00
  • 6367b783c7 broker-sync(imap): fix command name + add fsGroup for sync.db writes Viktor Barzin 2026-05-22 14:41:29 +00:00
  • fa536cc08b ci: retry after Keel rollout cascade settled Viktor Barzin 2026-05-16 13:36:43 +00:00
  • a3bcb5e12f fire-planner: COL refresh CronJob + Grafana Cost-of-Living dashboard Viktor Barzin 2026-05-22 14:15:38 +00:00
  • d4c76a07a2 openclaw: revert model swap + document codex re-auth path Viktor Barzin 2026-05-22 14:12:30 +00:00
  • 6457aa6d8f cluster-health skill: document tightened #43 thermal threshold (65 C) Viktor Barzin 2026-05-22 14:09:12 +00:00
  • 6950b8f197 cluster-health #43: tighten PVE thermal threshold to 65 C Viktor Barzin 2026-05-22 14:09:08 +00:00
  • dbb3dc04d3 openclaw: engrain the learning loop at the identity level Viktor Barzin 2026-05-22 13:18:52 +00:00
  • 854817e2e3 trading-bot: revive K8s stack + add meet-kevin-watcher Viktor Barzin 2026-05-22 11:23:30 +00:00
  • d0a4876825 openclaw: v3 flow — know → ask devvm → (rarely) try yourself Viktor Barzin 2026-05-22 11:20:54 +00:00
  • ef67a53676 openclaw: explicit "use devvm + learn" default behaviour Viktor Barzin 2026-05-22 11:12:33 +00:00
  • 43802d2452 openclaw: also write devvm section to /workspace/TOOLS.md Viktor Barzin 2026-05-22 10:50:42 +00:00
  • 7e558de8f0 openclaw: SSH + tmux task fallback to devvm Viktor Barzin 2026-05-22 10:20:00 +00:00
  • d9ad973621 state(vault): update encrypted state Viktor Barzin 2026-05-22 10:04:55 +00:00
  • 1979c2b213 cluster-health: add checks 43 + 44 (PVE host thermals + load) Viktor Barzin 2026-05-22 09:55:11 +00:00
  • 61f7539de2 postiz: disable unused providers + pin temporal vs Keel force-policy Viktor Barzin 2026-05-21 10:04:22 +00:00
  • 052404301b docs: HA control plane design (3 masters) Viktor Barzin 2026-05-21 09:41:20 +00:00
  • eca1cc7e2e k8s-version-upgrade: retry kubeadm apply on static-pod-hash timeout Viktor Barzin 2026-05-21 09:32:29 +00:00
  • 6dd1f15881 k8s-version-upgrade: kill-switch + ignore RecentNodeReboot + shorter quiet window Viktor Barzin 2026-05-21 09:23:41 +00:00
  • 899c7adaa0 authentik: worker replicas 3 -> 2 Viktor Barzin 2026-05-21 09:14:35 +00:00
  • 701b73bf53 forgejo: disable source archive ZIP/TAR downloads Viktor Barzin 2026-05-21 09:12:20 +00:00
  • b92e1166a8 monitoring: prometheus global scrape 1m -> 2m + UPS pinned 30s Viktor Barzin 2026-05-21 08:32:57 +00:00
  • 5bc98851b9 alloy: switch pod log shipping from apiserver to file-tail Viktor Barzin 2026-05-21 08:27:34 +00:00
  • 48e7c309fc vault: add pg-matrix + pg-technitium static roles to allowed_roles Viktor Barzin 2026-05-21 08:11:11 +00:00
  • 00736a9f85 state(vault): update encrypted state Viktor Barzin 2026-05-21 08:09:11 +00:00
  • 94ca849379 k8s-version-upgrade: grant get/list on apps resources for drain Viktor Barzin 2026-05-21 08:07:29 +00:00
  • a90ce27923 infra: add kubectl + authentik providers across 6 stacks Viktor Barzin 2026-05-21 08:07:22 +00:00
  • fa2b57f177 openclaw: enable recruiter-api plugin (allowlist + manifest contracts) Viktor Barzin 2026-05-20 21:56:11 +00:00
  • 4bc0c5f27e recruiter-responder: deploy d7892396 — OpenClaw-driven flow Viktor Barzin 2026-05-20 21:14:11 +00:00
  • 6417c770c1 recruiter-responder + openclaw: wire gpt-mini secret keys + VIKTOR_CHAT_ID Viktor Barzin 2026-05-20 21:10:56 +00:00
  • 8aff0ba1a2 k8s-version-upgrade: fix two more grep-pipefail bugs Viktor Barzin 2026-05-20 20:59:10 +00:00
  • 83fc15c22b k8s-version-upgrade: fix pipefail abort when no alerts are firing Viktor Barzin 2026-05-19 22:19:06 +00:00
  • 612a83f8ce security(wave1): W1.6 expand observation from recruiter-responder pilot → tier 3+4 (82 namespaces) Viktor Barzin 2026-05-19 22:14:16 +00:00
  • 2f9ac0110a security(wave1): W1.6 observe phase LIVE — Calico GNP action:Log pilot on recruiter-responder Viktor Barzin 2026-05-19 22:10:42 +00:00
  • aa05942fa5 upgrade-state: filter transient registry digest-check errors Viktor Barzin 2026-05-19 22:06:21 +00:00
  • a5772060f8 dbaas: opt MySQL out of Keel + add do-not-bump warning Viktor Barzin 2026-05-19 13:21:03 +00:00
  • 866cf8331c state(dbaas): update encrypted state Viktor Barzin 2026-05-19 13:20:39 +00:00
  • e4b9e97ac9 docs: design + plan for MySQL 8.4.8 → 8.4.9 upgrade Viktor Barzin 2026-05-19 13:10:00 +00:00
  • a048b37f60 security(wave1): W1.1 audit-log shipping LIVE + W1.5 trusted-registries Enforce LIVE Viktor Barzin 2026-05-19 06:37:54 +00:00
  • 51365937b1 recruiter-responder: bump image to 444fa58c (header CRLF fix) Viktor Barzin 2026-05-18 22:55:09 +00:00
  • fd1490ae15 docs: update MySQL restore runbook + CLAUDE.md after 8.4.9 recovery Viktor Barzin 2026-05-18 22:51:52 +00:00
  • efe8c9625b dbaas: pin MySQL to 8.4.8, recover from broken 8.4.9 DD upgrade Viktor Barzin 2026-05-18 22:46:54 +00:00
  • 8ee0ea55cf state(dbaas): update encrypted state Viktor Barzin 2026-05-18 22:31:52 +00:00
  • 1082cba0fb kyverno(wave1): swap kubernetes_manifest → kubectl_manifest + flip 3 security policies to Enforce Viktor Barzin 2026-05-18 20:10:27 +00:00
  • 83079758bb monitoring(wave1): re-enable Loki+Alloy, deploy wave1 alert rules, add #security Slack lane Viktor Barzin 2026-05-18 19:51:57 +00:00
  • 1cdccc1ad6 upgrade-state: suppress known-benign Keel slack-bot-not-configured noise Viktor Barzin 2026-05-18 19:45:40 +00:00
  • c9289192c7 security(wave1): Vault audit-tail sidecar (live) + doc reality-check Viktor Barzin 2026-05-18 19:37:36 +00:00
  • 0a26364e4f state(vault): update encrypted state Viktor Barzin 2026-05-18 19:33:17 +00:00
  • ae0c1701ec security(wave1): W1.2 Vault XFF (applied) + W1.4/W1.5 Kyverno code prep (apply blocked on provider crash) Viktor Barzin 2026-05-18 19:26:39 +00:00
  • 87961e9ef8 monitoring(wealth): drop 6y timeFrom override on META vest cadence Viktor Barzin 2026-05-18 19:25:29 +00:00