Commit graph

  • c830f9f462 Merge pull request 'workstation: wire-memory-hooks as root (fix non-admin wiring)' (#14) from wizard/mem-fix into master viktor 2026-06-21 17:45:39 +00:00
  • 9aa2438e75 workstation: run wire-memory-hooks as root, not runuser (fix non-admin wiring) wizard/mem-fix Viktor Barzin 2026-06-21 17:45:36 +00:00
  • f318773cb0 Merge pull request 'workstation: homelab-memory for all users (retire claude-memory MCP)' (#13) from wizard/memory-allusers into master viktor 2026-06-21 17:42:51 +00:00
  • 44562535a2 workstation: provision homelab-memory hooks for all users (retire claude-memory MCP) wizard/memory-allusers Viktor Barzin 2026-06-21 17:42:42 +00:00
  • 79749d7324 Merge remote-tracking branch 'origin/master' Viktor Barzin 2026-06-21 17:27:42 +00:00
  • 5e3fe2e8e2 docs(plans): ESO 0.12->2.6 (v1beta1->v1) migration design — the last k8s-1.35 blocker Viktor Barzin 2026-06-21 17:27:37 +00:00
  • 3f81b20fa6 Merge pull request 'docs: memory via homelab CLI (retire memory-tool/MCP refs)' (#12) from wizard/memory-cli-docs into master viktor 2026-06-21 17:24:10 +00:00
  • e2018f9b6c docs: memory via homelab CLI, not the retired memory-tool/MCP wizard/memory-cli-docs Viktor Barzin 2026-06-21 17:24:00 +00:00
  • 51838a4ec7 kyverno: 3.6.1 -> 3.8.1 (app 1.16 -> 1.18.1) — clears the k8s-1.35 compat-gate block Viktor Barzin 2026-06-21 17:21:38 +00:00
  • ead876ec65 k8s-upgrade: nightly Slack report monitor + scope chain-failed alert to phases Viktor Barzin 2026-06-21 16:57:44 +00:00
  • 7270e2be3b monitoring: K8sUpgradeChainJobFailed must not double-fire on a compat-gate block Viktor Barzin 2026-06-21 16:35:35 +00:00
  • b0ccaf1c65 state(vault): update encrypted state Viktor Barzin 2026-06-21 11:34:40 +00:00
  • f84e6818b2 state(vault): update encrypted state Viktor Barzin 2026-06-21 11:34:31 +00:00
  • cc4bb8ffe8 wealth dashboard: show price freshness for all 3 holdings, not just worst Viktor Barzin 2026-06-21 14:49:33 +00:00
  • 6c2c56ab3b Merge pull request 'docs: CrowdSec enforcement = firewall-bouncer + CF WAF (plugin removed)' (#11) from wizard/crowdsec-docs into master viktor 2026-06-21 13:40:41 +00:00
  • ceae4d5f06 docs: rewrite CrowdSec enforcement architecture (firewall-bouncer + CF WAF; Yaegi plugin removed) wizard/crowdsec-docs Viktor Barzin 2026-06-21 13:39:26 +00:00
  • 4df741f6de Merge pull request 'traefik/crowdsec: delete dead Yaegi plugin + middleware CRD + captcha (PR2/2)' (#10) from wizard/cs-deplugin-crd into master viktor 2026-06-21 13:36:03 +00:00
  • c23b03864e traefik/crowdsec: delete dead Yaegi plugin + middleware CRD + captcha (PR2/2) wizard/cs-deplugin-crd Viktor Barzin 2026-06-21 13:35:13 +00:00
  • df86075c3d Merge pull request 'cleanup: fully remove orphaned council-complaints app' (#9) from wizard/council-cleanup into master viktor 2026-06-21 13:33:23 +00:00
  • 68d9058f85 cleanup: fully remove orphaned council-complaints app wizard/council-cleanup Viktor Barzin 2026-06-21 13:32:10 +00:00
  • 6dc3ce139f wealth dashboard: expand all rows by default + inline the freshness stat Viktor Barzin 2026-06-21 13:29:25 +00:00
  • 92ff0b92f1 Merge remote-tracking branch 'forgejo/master' into wizard/t3-idle-migrate Viktor Barzin 2026-06-21 12:41:33 +00:00
  • 5a136c7d53 docs: t3-migrate-idle runbook section + service-catalog + design status Viktor Barzin 2026-06-21 12:40:46 +00:00
  • 334d8fee5d setup-devvm: install + enable t3-migrate-idle (lib, script, units, timer) Viktor Barzin 2026-06-21 12:36:13 +00:00
  • 3cf09a0fe3 t3-migrate-idle: systemd oneshot + overnight timer (01:00-05:40, /20) Viktor Barzin 2026-06-21 12:35:19 +00:00
  • af9f7be297 t3-migrate-idle: drain deferral markers when safe Viktor Barzin 2026-06-21 12:34:44 +00:00
  • 06e400522f t3-migrate-idle: idle gate (no in-flight turn + quiet buffer), TDD Viktor Barzin 2026-06-21 12:34:11 +00:00
  • de97696ff0 t3-autoupdate: source the shared safe-restart lib + record deferrals Viktor Barzin 2026-06-21 12:32:57 +00:00
  • 2ab5b94748 t3-safe-restart: extract shared safe-restart library from t3-autoupdate Viktor Barzin 2026-06-21 12:27:37 +00:00
  • 0cebeeb0ee t3-idle-migrate: implementation plan Viktor Barzin 2026-06-21 12:26:05 +00:00
  • ddbdbca7e9 wealth dashboard: add "Price freshness" stat for stalest held quote Viktor Barzin 2026-06-21 12:23:45 +00:00
  • 9503bed589 t3-idle-migrate: design for graceful overnight restart of deferred t3-serve instances Viktor Barzin 2026-06-21 12:04:22 +00:00
  • b1bbe42821 homelab ha token: dedicated openclaw/ha-tokens secret + least-priv RBAC for emo Viktor Barzin 2026-06-21 10:45:32 +00:00
  • a091689603 Merge pull request 'traefik/crowdsec: remove dead plugin middleware reference (PR1/2)' (#8) from wizard/cs-deplugin-refs into master viktor 2026-06-21 00:17:51 +00:00
  • 71d0af084e traefik/crowdsec: remove 6 hard-coded middleware refs the variable sweep missed (PR1/2) wizard/cs-deplugin-refs Viktor Barzin 2026-06-21 00:17:40 +00:00
  • 7bd4612edf ci: scripts/tg waits out a contended state lock (-lock-timeout) Viktor Barzin 2026-06-21 00:15:39 +00:00
  • 84a18a5529 traefik/crowdsec: remove dead Yaegi-plugin middleware reference (PR1/2) Viktor Barzin 2026-06-21 00:15:12 +00:00
  • 9774ae3d19 Merge pull request 'crowdsec: firewall-bouncer cluster-wide (remove node2 pin)' (#7) from wizard/cs-fw-allnodes into master viktor 2026-06-21 00:08:15 +00:00
  • c92590ae85 crowdsec: roll firewall-bouncer cluster-wide (remove node2 validation pin) wizard/cs-fw-allnodes Viktor Barzin 2026-06-21 00:07:45 +00:00
  • 4f1c998468 Merge pull request 'rybbit sync: exclude CAPI + per_page=500 fix' (#6) from wizard/crowdsec-syncfix into master viktor 2026-06-21 00:05:50 +00:00
  • f55bb6c422 rybbit: sync excludes CAPI blocklist + fix CF items per_page (500) wizard/crowdsec-syncfix Viktor Barzin 2026-06-21 00:05:05 +00:00
  • 6d5d3726d6 Merge remote-tracking branch 'origin/master' into wizard/ha-cli-verbs Viktor Barzin 2026-06-20 23:46:29 +00:00
  • 48225f2dea homelab CLI v0.7: add ha token + ha ssh for Home Assistant Viktor Barzin 2026-06-20 23:46:09 +00:00
  • 46166c63b2 fix(authentik): long-lived social-login sessions + shield auth from CrowdSec lockout Viktor Barzin 2026-06-20 23:40:22 +00:00
  • 600f1f933c Create Claude auth state directories Viktor Barzin 2026-06-20 20:25:55 +00:00
  • 7f1788a106 Merge remote-tracking branch 'origin/master' into wizard/claude-auth-renew Viktor Barzin 2026-06-20 20:22:20 +00:00
  • ff67e9d422 Fix workstation package manifest parsing Viktor Barzin 2026-06-20 20:22:05 +00:00
  • 524b874036 state(vault): update encrypted state Viktor Barzin 2026-06-20 20:14:53 +00:00
  • 7050b0441e Merge remote-tracking branch 'origin/master' into wizard/claude-auth-renew Viktor Barzin 2026-06-20 20:11:09 +00:00
  • bc2fbc712c Merge remote-tracking branch 'origin/master' into wizard/claude-auth-renew Viktor Barzin 2026-06-20 20:10:48 +00:00
  • 02d14796cc feat(mailserver): add trips@ send-as alias for TripIt native auth email (ADR-0028) Viktor Barzin 2026-06-20 20:10:47 +00:00
  • 5549fc3672 Add per-user Claude auth renewal Viktor Barzin 2026-06-20 20:10:40 +00:00
  • 3278588325 chore(authentik): tear down obsolete tripit-enrollment (ADR-0020 superseded by ADR-0028) Viktor Barzin 2026-06-20 20:04:24 +00:00
  • 834c5e6a2a Merge pull request 'CrowdSec proxied: single CF list (block-only) + firewall-bouncer re-apply' (#5) from wizard/crowdsec-1list into master viktor 2026-06-20 19:31:01 +00:00
  • 7cf93a0587 crowdsec+rybbit: proxied edge to single CF list (block-only) + retrigger firewall-bouncer apply wizard/crowdsec-1list Viktor Barzin 2026-06-20 19:29:43 +00:00
  • 1406d8a391 Merge pull request 'Fix CF ruleset import id + depends_on' (#4) from wizard/crowdsec-fix2 into master viktor 2026-06-20 19:13:03 +00:00
  • f2b089e267 rybbit: fix cloudflare_ruleset import id (zone/ 3-part form) + depends_on lists wizard/crowdsec-fix2 Viktor Barzin 2026-06-20 19:12:29 +00:00
  • 58fc6d5061 Merge pull request 'Fix CrowdSec firewall-bouncer tar + CF WAF ruleset import' (#3) from wizard/crowdsec-fixes into master viktor 2026-06-20 19:06:15 +00:00
  • a351a66843 crowdsec+rybbit: fix firewall-bouncer tar extraction (busybox) + import existing CF WAF ruleset wizard/crowdsec-fixes Viktor Barzin 2026-06-20 19:04:30 +00:00
  • 70e8ce1021 Merge pull request 'CrowdSec real enforcement: edge WAF (proxied) + firewall-bouncer (direct)' (#2) from wizard/crowdsec-enforcement into master viktor 2026-06-20 09:42:41 +00:00
  • ca8d617e72 rybbit: use 'Account Rule Lists' permission group for the CF sync token (v4) wizard/crowdsec-enforcement Viktor Barzin 2026-06-20 09:41:41 +00:00
  • 0c56290af0 chore(forgejo): re-trigger apply of git.timeout/gc.auto (changed-stack skip) Viktor Barzin 2026-06-20 09:19:53 +00:00
  • cc4bfb593b rybbit: proxied CrowdSec enforcement via Cloudflare IP Lists + WAF rule Viktor Barzin 2026-06-20 09:18:33 +00:00
  • 7e646e1c7c crowdsec: add cs-firewall-bouncer DaemonSet (direct-host nftables enforcement) Viktor Barzin 2026-06-20 09:11:08 +00:00
  • 53117b193a portal-realtime: deploy the v2 full-duplex voice agent (Pipecat) Viktor Barzin 2026-06-20 08:21:43 +00:00
  • 44cac6f4e2 gitignore: ignore Python test artifacts (__pycache__, *.pyc, .pytest_cache) Viktor Barzin 2026-06-20 08:17:03 +00:00
  • b58fe8cb1a docs(k8s-upgrade): record detector Packages-probe -L fix + compat-gate patch scope Viktor Barzin 2026-06-20 08:16:20 +00:00
  • e5250f417e k8s-version-upgrade: compat gate must not false-block patch upgrades Viktor Barzin 2026-06-20 08:14:50 +00:00
  • 38675b7922 crowdsec: register kvsync + firewall bouncer keys in LAPI Viktor Barzin 2026-06-20 08:12:38 +00:00
  • a9384a4067 Merge remote-tracking branch 'origin/master' Viktor Barzin 2026-06-20 08:09:16 +00:00
  • 44a98d408e k8s-version-upgrade: detector next-minor probe must follow 302 (curl -sfL) Viktor Barzin 2026-06-20 08:09:08 +00:00
  • 910d589205 fix(forgejo): raise git-op timeouts + lower gc.auto to stop push-mirror timeouts Viktor Barzin 2026-06-20 08:08:50 +00:00
  • 45bed1c133 Merge remote-tracking branch 'origin/master' Viktor Barzin 2026-06-20 08:07:23 +00:00
  • e1736d2e5c calico: hop 3.28.5->3.30.7 (operator v1.38.13) — restores a SUPPORTED Calico/k8s-1.34 pairing. Disabled new-in-3.30 Goldmane/Whisker (their CRs render before crds/ install on helm upgrade; we use Prometheus/Loki). calico-node 7/7 on quay/v3.30.7, tigerastatus green. Applied manually + verified overnight. Viktor Barzin 2026-06-20 08:07:08 +00:00
  • 4d9fdbc7f7 rybbit: add CrowdSec LAPI -> Cloudflare KV sync script (proxied edge control plane) Viktor Barzin 2026-06-20 08:05:11 +00:00
  • 0ac176da01 crowdsec: whitelist internal/LAN/tailnet CIDRs at the decision layer Viktor Barzin 2026-06-20 08:03:46 +00:00
  • 3e3fdb34f0 homelab: v0.6.0 — usage telemetry (usage top), evidence-driven verb prioritization Viktor Barzin 2026-06-19 22:29:01 +00:00
  • 666fefd22b calico: hop 3.26->3.28.5 (operator v1.34.13); calico-node 7/7 healthy, tigerastatus green, kube-controller-manager restarted (3.28 UID change). Applied manually + verified. Viktor Barzin 2026-06-19 22:09:23 +00:00
  • 8ed5368be9 calico: bring tigera-operator under Terraform via Helm (adopt at 3.26.1) Viktor Barzin 2026-06-19 21:50:34 +00:00
  • dd029ca7fb traefik/crowdsec: switch bouncer to live mode (stream cache doesn't enforce under Yaegi) Viktor Barzin 2026-06-19 17:43:30 +00:00
  • 0cc48d83ac traefik/crowdsec: disable bouncer redis cache (broken under Yaegi → in-memory) Viktor Barzin 2026-06-19 17:34:38 +00:00
  • 531efb218d traefik: bump crowdsec-bouncer plugin v1.4.2 -> v1.6.0 (fix stream not pulling) Viktor Barzin 2026-06-19 17:25:51 +00:00
  • 78095aa273 docs(forgejo): runbook reflects Authentik disabled + zero-click GitHub viktor 2026-06-19 17:37:46 +00:00
  • 7d99203fc6 forgejo: re-enable ENABLE_AUTO_REGISTRATION for zero-click GitHub sign-up viktor 2026-06-19 17:34:17 +00:00
  • ef530b7d38 forgejo: drop ENABLE_AUTO_REGISTRATION — it broke Authentik sign-in viktor 2026-06-19 17:24:29 +00:00
  • a5bb4db9c5 crowdsec: register the Traefik bouncer with LAPI (fix fail-open) Viktor Barzin 2026-06-19 17:08:28 +00:00
  • 56dadda453 traefik: pin helm chart to 40.2.0 (deployed version) Viktor Barzin 2026-06-19 16:58:33 +00:00
  • 4a66377425 forgejo: add "Sign in with GitHub" (OAuth2 source + auto-registration) Viktor Barzin 2026-06-19 16:41:49 +00:00
  • fd0c7493c3 traefik/crowdsec: serve Cloudflare Turnstile for captcha remediation Viktor Barzin 2026-06-19 16:38:38 +00:00
  • 963e4fcdde forgejo: open native self-signups, gated by Turnstile + email confirmation Viktor Barzin 2026-06-19 16:05:07 +00:00
  • 21dbd79ae4 Merge remote-tracking branch 'origin/master' into wizard/homelab-obs Viktor Barzin 2026-06-19 11:27:44 +00:00
  • e91e1612dd homelab: v0.5.0 — net/dns/metrics/logs probes (endpoint resolution) Viktor Barzin 2026-06-19 11:27:31 +00:00
  • 6cb823e431 k8s-version-upgrade: complete autonomy P0 — blocked alert + deeper postflight + runbook Viktor Barzin 2026-06-19 11:27:17 +00:00
  • cecd9fe247 k8s-version-upgrade: compat gate — auto-upgrade when safe, halt + alert when not Viktor Barzin 2026-06-19 11:23:30 +00:00
  • 9189560ac3 homelab: v0.4.0 — ci/deploy verbs (watch what you trigger) Viktor Barzin 2026-06-19 10:59:14 +00:00
  • 787ce4edfa homelab: v0.3.1 — fix k8s db PG target (resolve CNPG primary pod, not the Service) Viktor Barzin 2026-06-19 09:09:34 +00:00
  • 90c944a265 woodpecker: disable partial clone (partial: false) — fix intermittent git exit-128 Viktor Barzin 2026-06-19 09:06:44 +00:00
  • fd77c0dc4f monitoring: RpiSofiaUndervoltage alerts on new brown-out, not until reboot Viktor Barzin 2026-06-19 08:45:39 +00:00
  • fbf6f11038 feat(tripit): #96 cutover — /api self-authenticates (remove forward-auth, add strip-auth-headers) Viktor Barzin 2026-06-19 08:27:39 +00:00
  • 8559c4574a fix(tripit): pin Authentik invalidation_flow literal (data source flakes null in CI under provider skew) Viktor Barzin 2026-06-19 08:10:25 +00:00