viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks
History
Viktor Barzin cba79cde35 fix(meshcentral): disable certUrl when using TLSOffload 
MeshCentral was failing to start with "Zipencryptionmodule failed" error
because the service tried to fetch TLS certificates from an HTTPS endpoint
during bootstrap. When using TLSOffload (reverse proxy terminating TLS),
MeshCentral should not attempt to load certificates.

Root cause: The existing config.json had "certUrl" set to HTTPS, causing
MeshCentral to try fetching the certificate during startup. Since the pod
was bootstrapping, this failed and cascaded into the Zipencryptionmodule
failure.

Fix: Add init container that runs before the main container to disable
the certUrl by prefixing it with underscore (MeshCentral's convention for
disabled settings). The sed command ensures the fix applies to both new
and existing config.json files.

This ensures MeshCentral behaves correctly with TLSOffload enabled:
- Runs in plain HTTP mode on port 443
- Traefik/Ingress handles HTTPS termination
- No certificate bootstrap failures
2026-04-06 13:22:59 +03:00
..
_template multi-user access: fix template memory default, add storage quota, add CONTRIBUTING.md [ci skip] 2026-03-19 23:49:15 +00:00
actualbudget actualbudget: use internal ClusterIP for http-api server URL 2026-04-06 12:22:57 +03:00
affine feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
authentik misc: actualbudget, authentik, headscale, rybbit, terminal, dbaas updates 2026-04-06 11:58:00 +03:00
blog sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
changedetection feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
city-guesser sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
claude-memory remove claude-memory PDB (blocks drains with single replica) 2026-04-06 00:47:40 +03:00
cloudflared consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
cnpg extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
coturn consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
crowdsec fix CrowdSec collection names and increase Helm timeout 2026-03-23 03:41:13 +02:00
cyberchef sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
dashy sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
dawarich bump memory limits for OOM-prone services 2026-03-21 11:12:12 +00:00
dbaas cluster health fixes: NFS CSI, Immich ML, dbaas, Redis, DNS, trading-bot removal 2026-04-06 11:54:45 +03:00
descheduler resilience improvements: MySQL anti-affinity comment, descheduler 5min, prometheus termination 60s 2026-04-06 00:25:49 +03:00
diun feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
ebook2audiobook sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
ebooks feat(storage): migrate 12 SQLite NFS PVCs to proxmox-lvm (Wave 1) 2026-04-04 16:26:59 +03:00
echo state(dbaas): update encrypted state 2026-03-19 20:23:59 +00:00
excalidraw feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
external-secrets regenerate providers.tf: remove vault_root_token variable [ci skip] 2026-03-15 21:21:01 +00:00
f1-stream feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
forgejo feat(storage): migrate 12 SQLite NFS PVCs to proxmox-lvm (Wave 1) 2026-04-04 16:26:59 +03:00
freedify freedify: increase memory limits and add new features 2026-04-06 11:57:47 +03:00
freshrss feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
frigate feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
grampsweb feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
hackmd feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
headscale misc: actualbudget, authentik, headscale, rybbit, terminal, dbaas updates 2026-04-06 11:58:00 +03:00
health feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
homepage add default Homepage annotations to ingress_factory for auto-discovery 2026-03-25 11:00:38 +02:00
immich cluster health fixes: NFS CSI, Immich ML, dbaas, Redis, DNS, trading-bot removal 2026-04-06 11:54:45 +03:00
infra misc: actualbudget, authentik, headscale, rybbit, terminal, dbaas updates 2026-04-06 11:58:00 +03:00
infra-maintenance add backup_output_bytes metric and cloudsync_transferred_bytes to backup dashboard 2026-03-25 10:44:53 +02:00
insta2spotify feat(storage): migrate 12 SQLite NFS PVCs to proxmox-lvm (Wave 1) 2026-04-04 16:26:59 +03:00
iscsi-csi extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
isponsorblocktv feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
jsoncrack sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
k8s-dashboard fix nextcloud db-username + k8s-dashboard chart repo 2026-03-22 02:50:48 +02:00
k8s-portal feat(k8s-portal): update onboarding + architecture with SOPS state docs 2026-03-17 23:17:47 +00:00
kms consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
kyverno fix: bump tier-1-cluster LimitRange max to 8Gi for MySQL 6Gi limit 2026-04-05 23:31:23 +03:00
linkwarden fix alerts and reduce Prometheus disk write rate 2026-03-28 15:42:14 +02:00
mailserver fix: right-size service memory after PVE RAM upgrade (142→272GB) 2026-04-05 23:02:50 +03:00
matrix fix: add Vault-managed DB credentials for Matrix Synapse 2026-04-05 23:18:16 +03:00
meshcentral fix(meshcentral): disable certUrl when using TLSOffload 2026-04-06 13:22:59 +03:00
metallb upgrade MetalLB v0.10.2 → v0.15.3 and update annotations 2026-03-24 17:24:05 +02:00
metrics-server extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
monitoring monitoring + proxmox-csi: LVM snapshot RBAC, pushgateway NodePort, backup dashboard 2026-04-06 11:57:41 +03:00
n8n feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
navidrome fix: right-size service memory after PVE RAM upgrade (142→272GB) 2026-04-05 23:02:50 +03:00
netbox regenerate providers.tf: remove vault_root_token variable [ci skip] 2026-03-15 21:21:01 +00:00
networking-toolbox sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
nextcloud nextcloud: refactor chart values and main.tf configuration 2026-04-06 11:57:44 +03:00
nfs-csi cluster health fixes: NFS CSI, Immich ML, dbaas, Redis, DNS, trading-bot removal 2026-04-06 11:54:45 +03:00
novelapp add pvc-autoresizer for automatic PVC expansion before volumes fill up [ci skip] 2026-04-03 23:30:00 +03:00
ntfy feat(storage): migrate 12 SQLite NFS PVCs to proxmox-lvm (Wave 1) 2026-04-04 16:26:59 +03:00
nvidia right-size memory requests to unblock GPU workloads and fix dbaas quota [ci skip] 2026-03-17 22:35:54 +00:00
ollama feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
onlyoffice feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
openclaw feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
osm_routing sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
owntracks feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
paperless-ngx feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
platform Woodpecker CI deploy commit [CI SKIP] 2026-04-06 09:28:10 +00:00
plotting-book fix: right-size service memory after PVE RAM upgrade (142→272GB) 2026-04-05 23:02:50 +03:00
poison-fountain sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
priority-pass priority-pass: update backend to v8 (expanded QR container margins) 2026-04-06 13:22:27 +03:00
privatebin feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
proxmox-csi monitoring + proxmox-csi: LVM snapshot RBAC, pushgateway NodePort, backup dashboard 2026-04-06 11:57:41 +03:00
pvc-autoresizer fix: disable cert-manager webhook for pvc-autoresizer, use self-signed cert [ci skip] 2026-04-03 23:44:49 +03:00
rbac extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
real-estate-crawler scale down non-critical services to free cluster memory 2026-03-22 03:10:12 +02:00
redis cluster health fixes: NFS CSI, Immich ML, dbaas, Redis, DNS, trading-bot removal 2026-04-06 11:54:45 +03:00
reloader sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
resume feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
reverse-proxy fix: add retry middleware and per-service rate limit for ha-sofia 2026-04-05 20:47:58 +03:00
rybbit misc: actualbudget, authentik, headscale, rybbit, terminal, dbaas updates 2026-04-06 11:58:00 +03:00
sealed-secrets extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
send feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
servarr feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
shadowsocks consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
speedtest feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
stirling-pdf feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
tandoor fix: resolve tandoor, matrix, navidrome crash loops 2026-04-05 23:12:49 +03:00
technitium fix: restore technitium MySQL query logging with Vault auto-rotation [ci skip] 2026-04-06 13:00:49 +03:00
terminal misc: actualbudget, authentik, headscale, rybbit, terminal, dbaas updates 2026-04-06 11:58:00 +03:00
tor-proxy feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
trading-bot cluster health fixes: NFS CSI, Immich ML, dbaas, Redis, DNS, trading-bot removal 2026-04-06 11:54:45 +03:00
traefik traefik: add middleware and platform traefik config updates 2026-04-06 11:57:52 +03:00
travel_blog sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
tuya-bridge scale down non-critical services to free cluster memory 2026-03-22 03:10:12 +02:00
uptime-kuma feat(storage): migrate 12 SQLite NFS PVCs to proxmox-lvm (Wave 1) 2026-04-04 16:26:59 +03:00
url state(dbaas): update encrypted state 2026-03-19 20:23:59 +00:00
vault fix: restore technitium MySQL query logging with Vault auto-rotation [ci skip] 2026-04-06 13:00:49 +03:00
vaultwarden add pvc-autoresizer for automatic PVC expansion before volumes fill up [ci skip] 2026-04-03 23:30:00 +03:00
vpa extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
wealthfolio feat(storage): migrate 12 SQLite NFS PVCs to proxmox-lvm (Wave 1) 2026-04-04 16:26:59 +03:00
webhook_handler fix(provision): security hardening from code review 2026-03-18 21:25:03 +00:00
whisper feat(storage): migrate 38 NFS PVCs to proxmox-lvm (Wave 2) 2026-04-04 19:25:12 +03:00
wireguard consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
woodpecker fix DB password rotation desync in 5 stacks 2026-03-17 07:39:29 +00:00
xray consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
ytdlp state(dbaas): update encrypted state 2026-03-19 20:23:59 +00:00