viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks
History
Viktor Barzin f9376a36ff
Some checks failed
ci/woodpecker/push/default Pipeline failed
Details
ci/woodpecker/push/build-cli Pipeline was successful
Details
monitoring: wire rpi-sofia (Sofia Pi) into Prometheus/Loki/alerts 
The Sofia Raspberry Pi hung this morning (network wedged ~10:13, HA
sensors dead, and its local journal had been silent since Apr 27 — a
2017 SD card intermittently flipping the rootfs read-only). Nothing was
captured because logging lived only on the failing card. Ship telemetry
off-box so the next failure is diagnosable centrally:

- Prometheus scrape job `rpi-sofia` (rpi-sofia.viktorbarzin.lan:9100) —
  node_exporter + a vcgencmd textfile collector on the Pi exporting
  under-voltage/throttle/SoC-temp as rpi_* metrics.
- Alert group "RPi Sofia": node_exporter Down, rootfs ReadOnly (the
  exact SD-failure signature), Under-voltage since boot, High SoC temp.
- LAN-gated Loki write ingress (loki.viktorbarzin.lan) so the Pi's
  promtail can push its journal — Loki was ClusterIP-only.
- Grafana dashboard "RPi Sofia" (Hardware): status, undervoltage/
  throttle, temp, load, memory, disk, network.

The Pi separately got a systemd hardware watchdog (auto-reboot on a hard
hang; today it stayed down ~5h until a manual power-cycle).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 13:11:40 +00:00
..
_template ingress_factory: replace protected bool with auth enum + audit pass across 100 stacks 2026-05-10 18:53:49 +00:00
actualbudget infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
affine infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
authentik feat(authentik): adopt admin-services-restriction policy; admit kubernetes-* groups to k8s dashboard 2026-06-05 09:19:10 +00:00
beads-server keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
blog infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
broker-sync broker-sync: unsuspend broker-sync-imap (IE structurally skipped at code level now) 2026-05-27 17:57:26 +00:00
calico security(wave1): W1.6 expand observation from recruiter-responder pilot → tier 3+4 (82 namespaces) 2026-05-19 22:14:16 +00:00
changedetection infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
chrome-service chrome-service: switch to CDP + persistent profile + hourly snapshot pipeline 2026-06-05 09:19:10 +00:00
city-guesser infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
claude-agent-service claude-agent: grant shared pod executor powers (Forgejo PR, terragrunt apply, kubectl write, MCP) 2026-06-05 09:19:10 +00:00
claude-memory infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
cloudflared cloudflared: fix tunnel origin .200 -> Traefik svc DNS (full-site 502 outage) [ci skip] 2026-06-01 21:22:05 +00:00
cnpg cnpg: bump webhook-cert renewal threshold 7d -> 30d 2026-05-22 15:00:41 +00:00
coturn infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
crowdsec crowdsec: pin image to v1.7.8 + remove ENROLL_KEY, CAPI restored 2026-05-24 11:11:29 +00:00
cyberchef infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
dashy infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
dawarich infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
dbaas feat(nextcloud-todos): Phase 4 IaC — service stack, Vault role, DB bootstrap, OpenClaw plugin, monitoring 2026-06-05 09:19:10 +00:00
descheduler infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
diun infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
ebook2audiobook infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
ebooks keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
echo infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
excalidraw infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
external-secrets infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
f1-stream f1-stream: right-size memory 1Gi -> 256Mi (CDP-only, no bundled Chromium) 2026-06-05 12:57:22 +00:00
fire-planner fire-planner: reset bulk ingest toggle after successful run 2026-06-05 09:19:12 +00:00
forgejo infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
freedify infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
freshrss Woodpecker CI deploy [CI SKIP] 2026-06-05 09:19:11 +00:00
frigate infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
grampsweb infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
hackmd infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
headscale keel: enroll 15 critical-path namespaces for digest-only auto-update 2026-05-17 12:13:22 +00:00
health infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
hermes-agent hermes-agent: gate PVC on parked flag (clears PVCStuckPending) 2026-05-31 15:19:28 +00:00
homepage infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
immich immich: fix slow context search — prewarm clip_index + latency alert/healthcheck 2026-06-05 09:19:07 +00:00
infra infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
infra-maintenance [infra] Sweep dns_config ignore_changes across all pod-owning resources [ci skip] 2026-04-18 21:19:48 +00:00
insta2spotify keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
instagram-poster keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
isponsorblocktv Woodpecker CI deploy [CI SKIP] 2026-06-05 09:19:11 +00:00
job-hunter job-hunter: weekly above-target Slack alert CronJob 2026-06-02 20:49:42 +00:00
jsoncrack infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
k8s-dashboard feat(k8s-dashboard): auto-inject per-user SA token (no token-paste) 2026-06-05 09:19:10 +00:00
k8s-portal Bucket A retrigger + Bucket D enrollment (5 module-nested stacks) 2026-05-16 23:10:38 +00:00
k8s-version-upgrade k8s-version-upgrade: ignore IngressTTFBCritical in halt-on-alert check 2026-05-24 01:10:44 +00:00
keel keel: re-enable with policy=patch (semver-bounded) + fix CI deny-privileged 2026-05-26 19:06:51 +00:00
kms infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
kured kured: fix sentinel-gate OOM — 256Mi limit + self-restart leak guard 2026-05-31 14:49:04 +00:00
kyverno kyverno: strip orphaned keel.sh/match-tag fleet-wide (image-swap fix) 2026-06-01 19:50:41 +00:00
linkwarden infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
llama-cpp kms: revert files accidentally bundled into the docs commit 2026-06-01 10:36:49 +00:00
local-path keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
mailserver keel+anubis: extend sweep to non-V2 raw deployments; fix anubis replicas validation 2026-05-29 06:02:24 +00:00
matrix infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
meshcentral infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
metallb keel: enroll 11 more namespaces (operators + critical infra) 2026-05-17 20:59:14 +00:00
metrics-server keel: enroll 15 critical-path namespaces for digest-only auto-update 2026-05-17 12:13:22 +00:00
monitoring monitoring: wire rpi-sofia (Sofia Pi) into Prometheus/Loki/alerts 2026-06-05 13:11:40 +00:00
n8n infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
navidrome infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
netbox infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
networking-toolbox infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
nextcloud infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
nextcloud-todos nextcloud-todos: register only the Created webhook (drop Updated) 2026-06-05 09:19:11 +00:00
nfs-csi keel: enroll 11 more namespaces (operators + critical infra) 2026-05-17 20:59:14 +00:00
nodelocal-dns [dns] NodeLocal DNSCache — deploy DaemonSet to all nodes (WS C) 2026-04-19 15:46:41 +00:00
novelapp novelapp: bump Keel policy patch -> all (track any upstream version) 2026-06-05 09:19:11 +00:00
ntfy infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
nvidia keel: belt-and-suspenders opt-out for mysql/redis/nvidia-exporter 2026-05-26 21:53:10 +00:00
onlyoffice infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
openclaw openclaw: pin 2026.2.26, resilient startup, SHA-pinned plugin init (recover from agentRuntime + configSchema crashloop) 2026-06-05 09:19:11 +00:00
osm_routing infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
owntracks infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
paperless-mcp keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
paperless-ngx infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
payslip-ingest keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
phpipam keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
platform infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
plotting-book infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
poison-fountain infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
postiz postiz: adopt drifted resources into TF state; exclude stuck Helm release 2026-05-30 14:36:07 +00:00
priority-pass priority-pass: bump image_tag to 63e118c3 [ci skip] 2026-06-05 09:19:09 +00:00
privatebin infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
proxmox-csi cloud-init: hands-off k8s worker provisioning + 5 bug fixes 2026-05-26 11:52:00 +00:00
pvc-autoresizer [infra] Suppress Goldilocks vpa-update-mode label drift on all namespaces [ci skip] 2026-04-18 21:15:27 +00:00
rbac fix(rbac): tighten dashboard SA cluster-read to namespaces+nodes only 2026-06-05 09:19:11 +00:00
real-estate-crawler infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
recruiter-responder keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
redis redis: revert 3-node Sentinel HA to single standalone instance [ci skip] 2026-05-30 17:49:43 +00:00
reloader infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
resume infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
reverse-proxy keel: enroll 15 critical-path namespaces for digest-only auto-update 2026-05-17 12:13:22 +00:00
rybbit infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
sealed-secrets keel: enroll 11 more namespaces (operators + critical infra) 2026-05-17 20:59:14 +00:00
send infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
servarr mam-farming: migrate data volume proxmox-lvm → NFS 2026-06-05 09:19:09 +00:00
shadowsocks infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
speedtest infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
status-page status-page: disable pusher CronJob to stop sdc write storm 2026-05-26 21:40:14 +00:00
stirling-pdf infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
t3code t3code: ingress -> devvm dispatch+autopair (retire in-cluster nginx) 2026-06-02 19:24:30 +00:00
tandoor infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
technitium technitium: CoreDNS rewrite forgejo.viktorbarzin.me -> Traefik ClusterIP 2026-06-04 07:34:30 +00:00
terminal infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
tor-proxy infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
trading-bot infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
traefik traefik: bot-block-proxy buffer 256k + document the real HTTP/2 limit 2026-06-01 15:15:27 +00:00
travel_blog infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
tripit feat(tripit): encrypted personal-document vault PVC + DOCUMENT_ENCRYPTION_KEY 2026-06-05 09:19:12 +00:00
tuya-bridge infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
uptime-kuma feat(nextcloud-todos): Phase 4 IaC — service stack, Vault role, DB bootstrap, OpenClaw plugin, monitoring 2026-06-05 09:19:10 +00:00
url infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
vault vault: deny secret/data/vault for claude-agent terraform-state policy (executor elevation safety narrowing) 2026-06-05 09:19:10 +00:00
vaultwarden keel: sweep KEEL_LIFECYCLE_V1 + per-container KEEL_IGNORE_IMAGE across enrolled workloads 2026-05-28 23:09:30 +00:00
vpa keel: enroll 11 more namespaces (operators + critical infra) 2026-05-17 20:59:14 +00:00
wealthfolio wealthfolio-sync: podAffinity to co-locate with app pod (RWO multi-attach fix) 2026-06-05 09:19:10 +00:00
webhook_handler infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
whisper infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00
wireguard keel: enroll 15 critical-path namespaces for digest-only auto-update 2026-05-17 12:13:22 +00:00
woodpecker woodpecker: reload server on Vault PG password rotation [ci skip] 2026-06-05 09:19:12 +00:00
xray xray: drop dead vless ingress + pin Service target_port 2026-05-24 01:13:54 +00:00
ytdlp infra: untrack generated backend.tf (stale PG creds + .200 literal) [CI SKIP] 2026-06-03 10:52:46 +00:00