Commit graph

  • e5bb16e02a feat(tripit): activate TripIt-native session auth — signing key + Authentik web redirect (ADR-0028 #90) Viktor Barzin 2026-06-19 06:06:43 +00:00
  • 077ac97df5 k8s-version-upgrade: auto-restore apiserver OIDC after control-plane bumps Viktor Barzin 2026-06-19 06:04:30 +00:00
  • 48b63ffa6f homelab: add memory verb-group (v0.3.0) — direct claude-memory HTTP client Viktor Barzin 2026-06-19 05:56:25 +00:00
  • 3594485f77 homelab: v0.2.0 — docs + version for the k8s verb-group Viktor Barzin 2026-06-18 22:30:41 +00:00
  • 1f7438bb18 homelab: add k8s verb-group (v0.2) — the biggest remaining surface Viktor Barzin 2026-06-18 22:29:51 +00:00
  • 66caa0bf7f homelab: v0.1 docs, distribution wiring, and version Viktor Barzin 2026-06-18 19:25:51 +00:00
  • 087b415f73 homelab: add work verbs (start/land/clean) with a land verification gate Viktor Barzin 2026-06-18 19:24:08 +00:00
  • 36d562c15c homelab: add tf verbs + stack/git-crypt substrate Viktor Barzin 2026-06-18 19:16:33 +00:00
  • ed6f22fd53 homelab: scaffold unified CLI (registry, manifest, claim/release) in infra/cli Viktor Barzin 2026-06-18 19:12:57 +00:00
  • 70e217db24 k8s-version-upgrade: preflight skips kubeadm-plan gate when master already at target Viktor Barzin 2026-06-18 09:17:46 +00:00
  • 8787d361dc claude-memory: HA (replicas 2 + PDB) to stop recurring MCP disconnects Viktor Barzin 2026-06-18 09:13:36 +00:00
  • 48b7be3b14 feat(tripit): live lodging-price scrape — LODGING_PROVIDER=playwright Viktor Barzin 2026-06-18 06:53:19 +00:00
  • d709d338c6 service-catalog: add paperless-ai (RAG semantic search + auto-tagging) Viktor Barzin 2026-06-18 06:44:00 +00:00
  • 4977153dfb paperless-ai: make the PVC .env the single source of config truth Viktor Barzin 2026-06-18 06:41:29 +00:00
  • aeee0d02e2 paperless-ai: deploy clusterzx/paperless-ai for semantic doc search + AI tagging Viktor Barzin 2026-06-18 06:23:00 +00:00
  • 605cf99a1b portal-tts: docker.io/ prefix on edge-tts image (Kyverno trusted-registries) Viktor Barzin 2026-06-17 21:24:34 +00:00
  • ab55cb5dcd portal-stt: drop setup_tls_secret module (ClusterIP-only, no fullchain.pem) Viktor Barzin 2026-06-17 20:29:31 +00:00
  • e7b9a74756 portal-assistant: land voice stacks + switch TTS to edge-tts (intelligible Bulgarian) Viktor Barzin 2026-06-17 20:25:29 +00:00
  • dd2c53e979 portal-stt + portal-assistant: Speaches STT + voice gateway (applied+verified) wizard/portal-stt-gateway Viktor Barzin 2026-06-17 20:02:19 +00:00
  • 677a181d49 reverse-proxy: dedicated rate limit for ha-london; bump ha-sofia (cold-client 429s) Viktor Barzin 2026-06-17 19:53:47 +00:00
  • 9565ff1ce5 state(infra): update encrypted state Viktor Barzin 2026-06-17 19:50:30 +00:00
  • 6518e54154 create-template-vm: add k8s-upgrade pipeline SSH key to node cloud-init Viktor Barzin 2026-06-17 18:59:59 +00:00
  • fe9364b9c9 portal-tts: DRAFT stack — Piper TTS (CPU, always-on) for portal-assistant wizard/portal-tts Viktor Barzin 2026-06-17 18:59:42 +00:00
  • aac7121ccc t3-afk: scale to 0 — park the in-cluster T3 AFK executor (no current plans) Viktor Barzin 2026-06-17 18:55:35 +00:00
  • b931d9fb20 k8s-version-upgrade: make tigera-operator restore crash-safe (EXIT trap) Viktor Barzin 2026-06-17 18:25:54 +00:00
  • c04efa3d3a k8s-version-upgrade: move detection to nightly 23:00 UTC (overnight upgrades) Viktor Barzin 2026-06-17 18:16:32 +00:00
  • ed53b34bf4 k8s-version-upgrade: dynamic worker enumeration + IP-based SSH (auto-cover all/new nodes) Viktor Barzin 2026-06-17 16:56:02 +00:00
  • 0c5a9b5f44 k8s-version-upgrade: grant pods/log so preflight can verify the etcd snapshot Viktor Barzin 2026-06-17 13:52:52 +00:00
  • bfb86e653f k8s-version-upgrade: ignore CoreDNS preflight on kubeadm upgrade plan too Viktor Barzin 2026-06-17 13:49:06 +00:00
  • 037a609f27 k8s-version-upgrade: unblock 1.34.9 — skip kubeadm CoreDNS addon + busybox-date fix Viktor Barzin 2026-06-17 13:45:05 +00:00
  • 042d1ce1ac k8s-version-upgrade: CI-retrigger to apply D1 (missed by two-commit diff-base) Viktor Barzin 2026-06-17 13:28:58 +00:00
  • fb638cd8ec k8s-version-upgrade: scope chain-fail alert to terminal reasons + sync docs Viktor Barzin 2026-06-17 13:10:18 +00:00
  • dfa1a12a86 k8s-version-upgrade: retry failed phases + surface wedged chain (fix 5-day silent stall) Viktor Barzin 2026-06-17 13:07:36 +00:00
  • 7e7e41cbef fix(authentik): derive username from email in tripit-enrollment (user_write needs it) Viktor Barzin 2026-06-17 07:35:23 +00:00
  • e4512f3566 fix(authentik): deliver tripit email-verify stages via blueprint (provider token_expiry too old) Viktor Barzin 2026-06-17 07:30:05 +00:00
  • 89eb090be3 feat(authentik): tripit-enrollment + tripit-recovery flows (passwordless signup, ADR-0020) Viktor Barzin 2026-06-17 07:20:11 +00:00
  • 4bf3f504ea fix(authentik): SMTP host = mail.viktorbarzin.me (svc name fails wildcard-cert verify) Viktor Barzin 2026-06-17 07:13:53 +00:00
  • c3d0c121bb feat(authentik): wire SMTP (noreply@) for TripIt signup verification + recovery email (ADR-0020) Viktor Barzin 2026-06-17 07:04:52 +00:00
  • 8a2a3d9eca Merge remote-tracking branch 'origin/master' into wizard/reconcile-mirror Viktor Barzin 2026-06-16 22:32:43 +00:00
  • 63e714782c immich: remove one-shot anca-elements-import Job + its PVC Viktor Barzin 2026-06-16 22:11:27 +00:00
  • 88717c61fd immich-frame: whole library (last 2y), Ken Burns, weather, 30s interval Viktor Barzin 2026-06-16 21:07:39 +00:00
  • cffa32fae3 Merge remote-tracking branch 'forgejo/master' into wizard/tripit-ingest-model Viktor Barzin 2026-06-16 20:39:30 +00:00
  • 14476bfbd7 tripit: mail-ingest extracts with the qwen3-8b text model, not the vision model Viktor Barzin 2026-06-16 20:39:29 +00:00
  • 0a6ed4b2fe workstation: per-user playwright browser MCP for all users, reproducible from git Viktor Barzin 2026-06-16 20:33:47 +00:00
  • c6a5cbe227 feat(tripit): serve the SPA publicly, keep /api + /metrics forward-auth-gated (ADR-0020 landing) Viktor Barzin 2026-06-16 19:30:58 +00:00
  • eb47eb1d10 priority-pass: bump image_tag to 63e118c3 [ci skip] github-actions[bot] 2026-06-16 17:45:33 +00:00
  • d1f2e50736 priority-pass: bump image_tag to 4ce9e8e8 [ci skip] github-actions[bot] 2026-06-16 17:44:40 +00:00
  • 46b5f04f67 priority-pass: bump image_tag to 63e118c3 [ci skip] github-actions[bot] 2026-06-16 17:20:08 +00:00
  • 29ad200026 priority-pass: bump image_tag to 4ce9e8e8 [ci skip] github-actions[bot] 2026-06-16 17:19:55 +00:00
  • 044444d328 cluster-health: helm check #18 catches pending/failed releases (helm list -a) Viktor Barzin 2026-06-16 15:39:06 +00:00
  • e74f4208f5 t3-backup-state: retention 14 -> 6 (bound devvm root fs) Viktor Barzin 2026-06-16 14:26:03 +00:00
  • cdd9ecd199 t3: docs for the gated nightly tracker (runbook, post-mortem, service-catalog) Viktor Barzin 2026-06-16 11:33:49 +00:00
  • f4f7705127 monitoring: adopt orphaned alert-digest resources into TF state (unblocks apply) Viktor Barzin 2026-06-16 11:31:17 +00:00
  • 36521839fc t3: gated nightly tracker (replaces pinned enforcer) + drop timer Persistent Viktor Barzin 2026-06-16 10:08:12 +00:00
  • 994d305d04 t3: session-auth detection for the gated nightly tracker (dispatch fallback logging + Loki alerts) Viktor Barzin 2026-06-16 09:56:55 +00:00
  • e783cae2cb chrome-service + mam-farming: doc clarifications (+ re-trigger CI apply missed earlier) Viktor Barzin 2026-06-16 09:34:23 +00:00
  • b0e8e3599f nfs-mirror: exclude SQLite WAL/SHM sidecars + treat rsync exit 24 as success Viktor Barzin 2026-06-16 09:34:22 +00:00
  • 2479560fa2 mam-farming: make MAMFarmingStuck a grabber heartbeat, not a grab-count check Viktor Barzin 2026-06-16 08:18:33 +00:00
  • a0725ede57 chrome-service: stop ignoring container[0].image so TF re-asserts the pinned browser image Viktor Barzin 2026-06-16 08:18:32 +00:00
  • 1ba453c65d fan-control docs: sync runbook/env/service/design to the HA-actuator + anti-flap model Emil Barzin 2026-06-16 08:11:48 +00:00
  • 5bc3d27d1b Merge remote-tracking branch 'forgejo/master' into emo/fan-control-ha-actuator Emil Barzin 2026-06-16 08:08:27 +00:00
  • 2cfe338419 fan-control: hold last command through transient HA losses (stop fan flapping) Emil Barzin 2026-06-16 08:07:52 +00:00
  • 57d45d8d8f fix(authentik): pin Vault binding UUIDs as literals (provider has no authentik_application data source) Viktor Barzin 2026-06-15 22:01:29 +00:00
  • aa461b95bc feat(authentik): bind Vault OIDC app to Allow Login Users (close ADR-0020 OIDC gap) Viktor Barzin 2026-06-15 21:42:30 +00:00
  • cbca281aaa feat(authentik): TripIt external self-signup group + forward-auth fence (ADR-0020) Viktor Barzin 2026-06-15 21:34:37 +00:00
  • cf51cb45de docs(adr-0003): keep Forgejo canonical, complete the GitHub mirror (reject swap) Viktor Barzin 2026-06-15 21:32:28 +00:00
  • 5d3a166b94 t3-afk: fix agent Bash — stop mounting into ~/.claude Viktor Barzin 2026-06-15 20:49:34 +00:00
  • 34c30ac2bf t3-afk: auto-pair dispatcher sidecar — no manual pairing Viktor Barzin 2026-06-15 20:19:39 +00:00
  • 92c5b24975 docs: ghcr_pull_token is now a scoped read:packages PAT, not the admin alias Viktor Barzin 2026-06-15 20:19:17 +00:00
  • ef555c7e02 workstation: put ~/.local/bin on PATH so the launcher finds native claude Viktor Barzin 2026-06-15 17:20:03 +00:00
  • eecd78233b workstation: standardize on the native claude install (drop npm-global + npx) Viktor Barzin 2026-06-15 17:12:05 +00:00
  • 4a48f065e9 mcp: drop project-scoped paperless from .mcp.json (paperless is now wizard-only) Viktor Barzin 2026-06-15 17:03:37 +00:00
  • bb3f5f2329 workstation: stop the Claude Code onboarding wizard reappearing for terminal users Viktor Barzin 2026-06-15 14:37:59 +00:00
  • 82a0c5aedf t3-afk: fix crashloop — exclude from Keel at the deployment level Viktor Barzin 2026-06-15 10:32:38 +00:00
  • 214638216b fix(anisette): wait_for_rollout=false so a slow first start can't strand the deploy out of state Viktor Barzin 2026-06-14 20:56:12 +00:00
  • d8c60d7ab8 t3-afk: dedicated in-cluster T3 Code instance (AFK executor + cockpit) Viktor Barzin 2026-06-14 20:06:33 +00:00
  • bc7b28244f fix(anisette): raise memory limit to 512Mi — 128Mi OOMKilled at startup Viktor Barzin 2026-06-14 19:54:13 +00:00
  • 96addf65b4 fix(anisette): docker.io/ image prefix to pass Kyverno require-trusted-registries Viktor Barzin 2026-06-14 19:47:05 +00:00
  • 0bfa6f0774 feat(anisette): self-hosted Apple anisette server for SideStore (infra #40) Viktor Barzin 2026-06-14 19:28:25 +00:00
  • fe1f8d62e7 tripit: re-apply tripit stack to land CITY_IMAGE_PROVIDER=wikipedia Viktor Barzin 2026-06-14 17:44:10 +00:00
  • 2df6ebf305 health: fix middleware ref namespace prefix (restore site from 404) Viktor Barzin 2026-06-14 17:43:08 +00:00
  • 086ff85911 health: dedicated 100/1000 rate limit for the redesigned SPA Viktor Barzin 2026-06-14 13:01:14 +00:00
  • 6dc77f4612 uptime-kuma: add CONTEXT.md + ADR-0001 (intentionally lean; sizing/placement review) Viktor Barzin 2026-06-14 09:11:22 +00:00
  • 05bec26d09 health: internal test-access ingress + DEV_AUTH_EMAIL (ADR-0008) Viktor Barzin 2026-06-14 04:01:00 +00:00
  • e6699ed20b uptime-kuma: retry Kuma login in monitor-sync jobs (intermittent socket.io timeout) Viktor Barzin 2026-06-13 20:54:14 +00:00
  • a6381b8cf8 forgejo: custom 8Gi ResourceQuota (was pegged at the 4Gi tier cap) Viktor Barzin 2026-06-13 17:16:47 +00:00
  • 72982683bc docs(CLAUDE.md): k8s-portal now GHA->ghcr, not a Woodpecker build Viktor Barzin 2026-06-13 16:10:56 +00:00
  • 25a39fd54e k8s-portal: wire private-ghcr pull (allowlist + imagePullSecrets) Viktor Barzin 2026-06-13 15:38:42 +00:00
  • a7d33abec9 k8s-portal: commit package.json + lock (force; was gitignored) — unblocks GHA build Viktor Barzin 2026-06-13 15:29:27 +00:00
  • a9b08c03cf fix(k8s-portal): npm install (no committed lockfile) so GHA can build Viktor Barzin 2026-06-13 15:26:42 +00:00
  • bdfdf8db72 fix(ci): k8s-portal build context is stacks/k8s-portal/modules/k8s-portal/files (was stale platform/ path) Viktor Barzin 2026-06-13 15:23:46 +00:00
  • b906f61ac3 k8s-portal: build off-infra GHA -> ghcr + Keel; remove Woodpecker build (no-local-builds) Viktor Barzin 2026-06-13 15:21:35 +00:00
  • 9501da81a0 dbaas: document postgresql-backup startingDeadlineSeconds rationale Viktor Barzin 2026-06-13 14:22:24 +00:00
  • ba72621e52 forgejo: 6Gi exceeded namespace quota, set to 4Gi (quota ceiling) Viktor Barzin 2026-06-13 14:13:36 +00:00
  • ff3cc44a29 forgejo: raise memory limit from 3Gi to 6Gi (OOMKilled at 3Gi) Viktor Barzin 2026-06-13 14:02:55 +00:00
  • bda1bdcbf3 dbaas: widen backup CronJob startingDeadlineSeconds from 10s to 600s Viktor Barzin 2026-06-13 14:02:54 +00:00
  • 082bdfcc77 fan-control: thin actuator — HA computes the setpoint, host only applies it Emil Barzin 2026-06-13 12:59:57 +00:00
  • 3e82c64a76 docs: sync CI/CD docs to ADR-0002 final state (ghcr + Woodpecker deploy-only) [ci skip] Viktor Barzin 2026-06-13 12:55:49 +00:00
  • 6e4db0ddc6 openclaw + f1-stream: last forgejo image refs -> ghcr (ADR-0002 #32 prep) Viktor Barzin 2026-06-13 12:36:10 +00:00
  • 3c3e6bfc95 ci: retire in-cluster infra-ci build; breakglass becomes manual ghcr pull-and-save (ADR-0002 #30) Viktor Barzin 2026-06-13 10:07:58 +00:00