viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks
History
Viktor Barzin 1613003d00 upgrade: vaultwarden 1.35.4 -> 1.35.7 
Security fixes (1.35.5): 3 CVEs — org vault purge by unconfirmed owner
(GHSA-937x-3j8m-7w7p), cross-org group binding unauthorized access
(GHSA-569v-845w-g82p), refresh tokens not invalidated on stamp rotation
(GHSA-6j4w-g4jh-xjfx). 2FA remember tokens now max 30 days.
1.35.6: Fix 2FA remember tokens broken in 1.35.5.
1.35.7: Fix 2FA for Android.

Risk: SAFE (patch bump, no breaking changes)
DB backup: yes (job: pre-upgrade-vaultwarden-1776280439, SQLite, 7 MiB)
Config changes applied: none
Flagged for manual review: none

Co-Authored-By: Service Upgrade Agent <noreply@viktorbarzin.me>
2026-04-15 19:14:21 +00:00
..
_template multi-user access: fix template memory default, add storage quota, add CONTRIBUTING.md [ci skip] 2026-03-19 23:49:15 +00:00
actualbudget chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
affine truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
authentik fix: cluster healthcheck fixes + Authentik upgrade to 2026.2.2 2026-04-15 06:41:56 +00:00
beads-server chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
blog sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
changedetection truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
city-guesser sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
claude-memory remove claude-memory PDB (blocks drains with single replica) 2026-04-06 00:47:40 +03:00
cloudflared mailserver: overhaul inbound delivery, monitoring, CrowdSec, and migrate to Brevo relay 2026-04-12 22:24:38 +01:00
cnpg extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
coturn feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
crowdsec truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
cyberchef feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
dashy sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
dawarich feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
dbaas feat: add per-database backups for PostgreSQL and MySQL 2026-04-14 22:39:33 +00:00
descheduler resilience improvements: MySQL anti-affinity comment, descheduler 5min, prometheus termination 60s 2026-04-06 00:25:49 +03:00
diun fix: cluster healthcheck fixes + Authentik upgrade to 2026.2.2 2026-04-15 06:41:56 +00:00
ebook2audiobook chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
ebooks truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
echo feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
excalidraw truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
external-secrets regenerate providers.tf: remove vault_root_token variable [ci skip] 2026-03-15 21:21:01 +00:00
f1-stream truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
foolery add foolery stack: agent orchestration UI on devvm [ci skip] 2026-04-10 00:21:59 +01:00
forgejo truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
freedify deprecate TrueNAS: migrate Immich NFS to Proxmox, remove all 10.0.10.15 references [ci skip] 2026-04-13 14:42:07 +00:00
freshrss truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
frigate chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
grampsweb truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
hackmd truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
headscale truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
health truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
hermes-agent chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
homepage add default Homepage annotations to ingress_factory for auto-discovery 2026-03-25 11:00:38 +02:00
immich chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
infra chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
infra-maintenance truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
insta2spotify truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
iscsi-csi extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
isponsorblocktv truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
jsoncrack sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
k8s-dashboard fix nextcloud db-username + k8s-dashboard chart repo 2026-03-22 02:50:48 +02:00
k8s-portal feat(k8s-portal): update onboarding + architecture with SOPS state docs 2026-03-17 23:17:47 +00:00
kms consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
kyverno feat: auto-cleanup failed/evicted pods via Kyverno ClusterCleanupPolicy 2026-04-15 17:37:49 +00:00
linkwarden feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
mailserver fix: cluster healthcheck fixes + Authentik upgrade to 2026.2.2 2026-04-15 06:41:56 +00:00
matrix truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
meshcentral fix: cluster healthcheck fixes + Authentik upgrade to 2026.2.2 2026-04-15 06:41:56 +00:00
metallb upgrade MetalLB v0.10.2 → v0.15.3 and update annotations 2026-03-24 17:24:05 +02:00
metrics-server extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
monitoring fix: cluster healthcheck fixes + Authentik upgrade to 2026.2.2 2026-04-15 06:41:56 +00:00
n8n chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
navidrome chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
netbox regenerate providers.tf: remove vault_root_token variable [ci skip] 2026-03-15 21:21:01 +00:00
networking-toolbox feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
nextcloud fix: cluster healthcheck fixes + Authentik upgrade to 2026.2.2 2026-04-15 06:41:56 +00:00
nfs-csi fix: NFS outage recovery — migrate to NFSv4, add alerting 2026-04-14 10:28:27 +00:00
novelapp add pvc-autoresizer for automatic PVC expansion before volumes fill up [ci skip] 2026-04-03 23:30:00 +03:00
ntfy truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
nvidia right-size memory requests to unblock GPU workloads and fix dbaas quota [ci skip] 2026-03-17 22:35:54 +00:00
ollama chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
onlyoffice truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
openclaw chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
osm_routing chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
owntracks truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
paperless-ngx truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
phpipam chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
platform chore: add pre-commit size guard and harden .gitignore 2026-04-15 14:13:18 +00:00
plotting-book chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
poison-fountain chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
priority-pass priority-pass: update backend to v8 (expanded QR container margins) 2026-04-06 13:22:27 +03:00
privatebin truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
proxmox-csi monitoring + proxmox-csi: LVM snapshot RBAC, pushgateway NodePort, backup dashboard 2026-04-06 11:57:41 +03:00
pvc-autoresizer fix: disable cert-manager webhook for pvc-autoresizer, use self-signed cert [ci skip] 2026-04-03 23:44:49 +03:00
rbac Reduce disk write amplification across cluster (~200-350 GB/day savings) [ci skip] 2026-04-09 19:01:21 +00:00
real-estate-crawler chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
redis fix: cluster healthcheck fixes + Authentik upgrade to 2026.2.2 2026-04-15 06:41:56 +00:00
reloader sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
resume truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
reverse-proxy fix: add retry middleware and per-service rate limit for ha-sofia 2026-04-05 20:47:58 +03:00
rybbit truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
sealed-secrets extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
send truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
servarr chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
shadowsocks feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
speedtest fix: technitium CronJob scheduling, LUKS backup support, speedtest scrape 2026-04-15 15:12:32 +00:00
status-page chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
stirling-pdf truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
tandoor truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
technitium fix: technitium CronJob scheduling, LUKS backup support, speedtest scrape 2026-04-15 15:12:32 +00:00
terminal feat(terminal): add image upload button for iOS paste support 2026-04-08 08:11:18 +01:00
tor-proxy truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
trading-bot cluster health fixes: NFS CSI, Immich ML, dbaas, Redis, DNS, trading-bot removal 2026-04-06 11:54:45 +03:00
traefik upgrade immich to v2.7.4 and increase rate limit burst 2026-04-11 10:15:42 +01:00
travel_blog sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
tuya-bridge scale down non-critical services to free cluster memory 2026-03-22 03:10:12 +02:00
uptime-kuma fix: increase Uptime Kuma API timeout and fix status code format 2026-04-14 19:28:18 +00:00
url feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
vault chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
vaultwarden upgrade: vaultwarden 1.35.4 -> 1.35.7 2026-04-15 19:14:21 +00:00
vpa extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
wealthfolio truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
webhook_handler fix(provision): security hardening from code review 2026-03-18 21:25:03 +00:00
whisper truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
wireguard consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
woodpecker fix: CI pipeline image pull auth + shallow clone resilience [ci skip] 2026-04-15 14:41:08 +00:00
xray consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
ytdlp chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00