1ff08971dd
feat: add HF_TOKEN environment variable to Open Web UI service
2026-04-21 13:14:53 -04:00
063642d953
Removes unused external network from configuration
...
Simplifies service setup by eliminating reference to an external network
that was not in active use. Reduces configuration complexity and potential
for misconfiguration.
2026-04-21 13:02:52 -04:00
013571fe65
fix: update Open Web UI image tag to v0.9.1 in compose.yaml
2026-04-21 13:01:40 -04:00
cb7d743f47
feat: add Open Web UI service configuration with Traefik integration
2026-04-21 12:32:48 -04:00
37da1a3861
feat: add host-specific variables for ai-p410 and update configurations for heimdall, pve01, waldorf, and watchtower
2026-04-21 12:27:43 -04:00
b7d0e07ec3
refactor: remove gitvana_bun_host role and associated files
2026-04-21 12:26:58 -04:00
09c99318f8
fix: update .gitignore to include additional output directories and redact sensitive tokens in containers.yml
2026-04-21 12:24:33 -04:00
e61bf3d5c7
feat: add onboarding and setup for AI nodes with NVIDIA runtime configuration
2026-04-21 12:01:58 -04:00
689d5a3710
fix: disable privilege escalation in Ansible configuration
2026-04-21 11:51:52 -04:00
9a749a8c97
Update onboard-nodes.yml to target physical_servers and add ai-p410 to hosts.ini so onboarding limits no longer skip that host.
2026-04-21 11:45:46 -04:00
92c8125981
fix: update Gitea SSH configuration to use environment variables and set Plex image version
2026-04-20 20:20:26 -04:00
bc796cd125
feat: add Gitea service configuration with PostgreSQL database and Traefik integration
2026-04-20 19:56:09 -04:00
2d62d1a3f9
feat: add basic authentication middleware for analytics service in Traefik
2026-04-20 17:47:29 -04:00
48bfaa6cb9
Removed outdated mermaid.js network diagram
2026-04-20 17:30:30 -04:00
b3313654ab
feat: add goaccess and goaccess-cron services for Traefik access log analysis
2026-04-20 16:42:15 -04:00
Nathan Castaldi
ebc1ae7c8b
updated ersion tag
2026-04-20 11:42:45 -04:00
Nathan Castaldi
31e41934ee
updated version tag to 2.3.5.5327
2026-04-20 11:39:40 -04:00
52c60aecb4
fix: update downloads volume path for Pinchflat service
2026-04-20 10:02:32 -04:00
9f19363409
fix: add TEMP and TMPDIR environment variables for Pinchflat service. Force yt-dlp to use the container's internal /tmp instead of /config.
2026-04-20 09:52:43 -04:00
49d62fa772
fix: add PUID and PGID environment variables for Pinchflat service
2026-04-20 09:46:43 -04:00
785013b701
fix: uncomment ports configuration for Pinchflat service
2026-04-20 09:22:11 -04:00
5672e113b2
fix: update Pinchflat service image tag to latest
2026-04-20 09:19:56 -04:00
87477bda6c
fix: update image tag for Pinchflat service to v2026.03.17
2026-04-20 09:15:21 -04:00
0581a62199
fix: revert image tag for Pinchflat service to v2025.6.6
2026-04-20 09:12:50 -04:00
94922a677d
fix: correct image tag format for Pinchflat service
2026-04-20 09:11:15 -04:00
990add1ae8
feat: add Pinchflat service configuration with Traefik routing
2026-04-20 09:10:10 -04:00
9286cdb331
feat: add Gitvana deployment role with configuration and service management
2026-04-19 19:44:31 -04:00
129b7eee1b
Created Files
...
security-secrets-remediation.prompt.md - Phase 1 (CRITICAL)
Eliminates hardcoded secrets (Docker Registry, Komodo, Plex)
Creates .env templates and migration workflow
Priority: Immediate (This Week)
security-container-hardening.prompt.md - Phase 2 (HIGH)
Removes privileged containers
Converts root users to non-root (PUID/PGID)
Secures Docker socket access patterns
Priority: Short Term (This Month)
security-ansible-hardening.prompt.md - Phase 3 (MEDIUM)
Enables SSH host key checking
Implements restricted sudo rules
Deploys UFW firewalls and fail2ban
Priority: Medium Term (Next Month)
security-network-access.prompt.md - Phase 4 (MEDIUM)
Restricts port exposure (0.0.0.0 → 127.0.0.1)
Implements network segmentation
Adds authentication middleware
Priority: Ongoing (Next Quarter)
Each prompt follows your existing format with:
✅ Gated workflows with confirmation checkpoints
✅ Rollback procedures for safety
✅ Testing and validation steps
✅ Incremental deployment strategies
✅ Clear success criteria
2026-04-19 18:25:46 -04:00
417501dbd1
feat: install Frank v6 modular AI assistant system
...
- Add Frank v6 core personality and base commands
- Install 7 reasoning skills (CRAFT, CoT, ToT, RAG, Markdown, Mermaid, Advanced Reasoning)
- Install 5 specialties (DevOps, ITIL, Data Analysis, Prompt Engineering, SCCM)
- Update copilot-instructions.md with v6 integration guide
- Add comprehensive architecture documentation
- Migrate style.mermaid.instructions.md from instructions/ to skills/
- Remove deprecated .github/instructions/ files (migrated to skills/)
- Remove obsolete create-commit.msg.prompt.md
2026-04-19 17:31:14 -04:00
b24459ce93
feat: update Wizarr service configuration and fix volume path
2026-04-18 18:10:38 -04:00
85587d716b
feat: add Profilarr service configuration with Traefik routing and media volume mappings
2026-04-18 17:40:27 -04:00
9beaa5481a
feat: add Trailarr service configuration with Traefik routing and media volume mappings
2026-04-18 15:21:29 -04:00
475c18c99d
feat: update TimescaleDB volume path for Tracearr service
2026-04-18 15:01:57 -04:00
443427ba93
feat: update Tracearr service configuration to enable Traefik routing and remove port mapping
2026-04-18 14:58:55 -04:00
d0fea0cea6
feat: add Tracearr PostgreSQL 18 deployment configuration with TimescaleDB and Redis services
2026-04-18 14:37:36 -04:00
d2985e9c54
feat: add Firebase configuration for OpenApply SPA and validate required variables
2026-04-17 20:53:19 -04:00
0634d6884c
feat: update OpenApply configuration and deployment tasks for improved service management and environment setup
2026-04-17 20:38:16 -04:00
ac6e68e301
docs(ansible): add comprehensive documentation for openapply_app role
...
Complete role documentation suite per Ansible Galaxy and homelab standards:
- Add role README.md with variable tables, usage examples, and deployment notes
- Add meta/main.yml for Galaxy metadata and collection dependencies
- Add OPENAPPLY-VAULT-REFERENCE.md with vault setup and Proxmox token guide
- Add OPENAPPLY-IMPLEMENTATION-REPORT.md with architecture, validation, and handoff details
Context: Completes the OpenApply LXC deployment implementation from session plan.
This documentation enables users to configure vault secrets, understand role variables,
and execute the two-tier Proxmox provisioning workflow.
Ref: Session plan at /memories/session/plan.md (Phases 1-6 complete)
2026-04-17 19:29:13 -04:00
46d98af51d
feat: add OpenApply role with provisioning, configuration, and service management for Proxmox LXC
2026-04-17 19:19:11 -04:00
a7ac8004d4
fix: simplify Docker registry configuration by removing unnecessary authentication settings
2026-04-17 16:08:28 -04:00
1ef9726314
fix: decode htpasswd contents before writing to file in Docker registry configuration
2026-04-17 16:01:21 -04:00
56a5c5ae4c
fix: correct quoting in command for Docker registry configuration
2026-04-17 15:55:27 -04:00
1479eb8bcd
fix: refactor command syntax for Docker registry configuration
2026-04-17 15:53:32 -04:00
53e43508f3
fix: correct quoting in command for Docker registry configuration
2026-04-17 15:51:33 -04:00
7ecfda8fd7
fix: update Docker registry configuration to use correct htpasswd path and remove secrets
2026-04-17 15:48:56 -04:00
b291cee84c
fix: update Docker registry configuration to use external secrets for htpasswd
2026-04-17 15:39:36 -04:00
e0976f44e4
added 'container name' key
2026-04-17 15:33:37 -04:00
289c562904
fix: comment out unused auth volume in Docker registry configuration
2026-04-17 15:23:54 -04:00
426caf38e3
fix: restore REGISTRY_HTTP_SECRET in Docker registry configuration
2026-04-17 15:22:00 -04:00
11ee1e0804
Update Docker registry configuration to use environment variable for htpasswd contents
2026-04-17 15:20:34 -04:00
