990add1ae8
feat: add Pinchflat service configuration with Traefik routing
2026-04-20 09:10:10 -04:00
9286cdb331
feat: add Gitvana deployment role with configuration and service management
2026-04-19 19:44:31 -04:00
129b7eee1b
Created Files
...
security-secrets-remediation.prompt.md - Phase 1 (CRITICAL)
Eliminates hardcoded secrets (Docker Registry, Komodo, Plex)
Creates .env templates and migration workflow
Priority: Immediate (This Week)
security-container-hardening.prompt.md - Phase 2 (HIGH)
Removes privileged containers
Converts root users to non-root (PUID/PGID)
Secures Docker socket access patterns
Priority: Short Term (This Month)
security-ansible-hardening.prompt.md - Phase 3 (MEDIUM)
Enables SSH host key checking
Implements restricted sudo rules
Deploys UFW firewalls and fail2ban
Priority: Medium Term (Next Month)
security-network-access.prompt.md - Phase 4 (MEDIUM)
Restricts port exposure (0.0.0.0 → 127.0.0.1)
Implements network segmentation
Adds authentication middleware
Priority: Ongoing (Next Quarter)
Each prompt follows your existing format with:
✅ Gated workflows with confirmation checkpoints
✅ Rollback procedures for safety
✅ Testing and validation steps
✅ Incremental deployment strategies
✅ Clear success criteria
2026-04-19 18:25:46 -04:00
417501dbd1
feat: install Frank v6 modular AI assistant system
...
- Add Frank v6 core personality and base commands
- Install 7 reasoning skills (CRAFT, CoT, ToT, RAG, Markdown, Mermaid, Advanced Reasoning)
- Install 5 specialties (DevOps, ITIL, Data Analysis, Prompt Engineering, SCCM)
- Update copilot-instructions.md with v6 integration guide
- Add comprehensive architecture documentation
- Migrate style.mermaid.instructions.md from instructions/ to skills/
- Remove deprecated .github/instructions/ files (migrated to skills/)
- Remove obsolete create-commit.msg.prompt.md
2026-04-19 17:31:14 -04:00
b24459ce93
feat: update Wizarr service configuration and fix volume path
2026-04-18 18:10:38 -04:00
85587d716b
feat: add Profilarr service configuration with Traefik routing and media volume mappings
2026-04-18 17:40:27 -04:00
9beaa5481a
feat: add Trailarr service configuration with Traefik routing and media volume mappings
2026-04-18 15:21:29 -04:00
475c18c99d
feat: update TimescaleDB volume path for Tracearr service
2026-04-18 15:01:57 -04:00
443427ba93
feat: update Tracearr service configuration to enable Traefik routing and remove port mapping
2026-04-18 14:58:55 -04:00
d0fea0cea6
feat: add Tracearr PostgreSQL 18 deployment configuration with TimescaleDB and Redis services
2026-04-18 14:37:36 -04:00
d2985e9c54
feat: add Firebase configuration for OpenApply SPA and validate required variables
2026-04-17 20:53:19 -04:00
0634d6884c
feat: update OpenApply configuration and deployment tasks for improved service management and environment setup
2026-04-17 20:38:16 -04:00
ac6e68e301
docs(ansible): add comprehensive documentation for openapply_app role
...
Complete role documentation suite per Ansible Galaxy and homelab standards:
- Add role README.md with variable tables, usage examples, and deployment notes
- Add meta/main.yml for Galaxy metadata and collection dependencies
- Add OPENAPPLY-VAULT-REFERENCE.md with vault setup and Proxmox token guide
- Add OPENAPPLY-IMPLEMENTATION-REPORT.md with architecture, validation, and handoff details
Context: Completes the OpenApply LXC deployment implementation from session plan.
This documentation enables users to configure vault secrets, understand role variables,
and execute the two-tier Proxmox provisioning workflow.
Ref: Session plan at /memories/session/plan.md (Phases 1-6 complete)
2026-04-17 19:29:13 -04:00
46d98af51d
feat: add OpenApply role with provisioning, configuration, and service management for Proxmox LXC
2026-04-17 19:19:11 -04:00
a7ac8004d4
fix: simplify Docker registry configuration by removing unnecessary authentication settings
2026-04-17 16:08:28 -04:00
1ef9726314
fix: decode htpasswd contents before writing to file in Docker registry configuration
2026-04-17 16:01:21 -04:00
56a5c5ae4c
fix: correct quoting in command for Docker registry configuration
2026-04-17 15:55:27 -04:00
1479eb8bcd
fix: refactor command syntax for Docker registry configuration
2026-04-17 15:53:32 -04:00
53e43508f3
fix: correct quoting in command for Docker registry configuration
2026-04-17 15:51:33 -04:00
7ecfda8fd7
fix: update Docker registry configuration to use correct htpasswd path and remove secrets
2026-04-17 15:48:56 -04:00
b291cee84c
fix: update Docker registry configuration to use external secrets for htpasswd
2026-04-17 15:39:36 -04:00
e0976f44e4
added 'container name' key
2026-04-17 15:33:37 -04:00
289c562904
fix: comment out unused auth volume in Docker registry configuration
2026-04-17 15:23:54 -04:00
426caf38e3
fix: restore REGISTRY_HTTP_SECRET in Docker registry configuration
2026-04-17 15:22:00 -04:00
11ee1e0804
Update Docker registry configuration to use environment variable for htpasswd contents
2026-04-17 15:20:34 -04:00
a952f68bdf
Add Docker registry service configuration with htpasswd authentication
2026-04-17 15:03:27 -04:00
4553936b53
test: verify passwordless push
2026-04-14 21:33:17 -04:00
0ed4e7198d
Add Ansible apt maintenance role rollout plan
2026-04-14 21:25:00 -04:00
e9eaa32765
Triggering webhook
2026-04-14 21:12:13 -04:00
202ca9ebea
Triggering webhook
2026-04-14 21:11:35 -04:00
0018930255
Triggering webhook
2026-04-14 21:06:48 -04:00
94d6dcc966
Triggering webhook
2026-04-14 21:04:40 -04:00
740f3633c2
Triggering webhook
2026-04-14 21:03:39 -04:00
8e51337dea
Triggering webhook
2026-04-14 21:02:02 -04:00
0e93ee0531
test: trigger qbittorrent webhook
2026-04-14 20:57:59 -04:00
783680c5fe
fix(heimdall): update service images for prowlarr, qbittorrent, radarr, sabnzbd, sonarr, tautulli, and wizarr to latest versions
2026-04-14 20:48:37 -04:00
26836f8c5a
fix(heimdall): update volume paths and remove unused ports for multiple services
2026-04-14 20:32:21 -04:00
1ecaf89e60
fix(overseerr): correct image tag format for Seerr service
2026-04-14 20:21:39 -04:00
8734b7061d
fix(overseerr): update Seerr image version to 3.1.1 for stability
2026-04-14 20:19:08 -04:00
a7d2d1f74d
draft versions of arr components
2026-04-14 20:15:06 -04:00
8b4275907e
Adjusting service name to troubleshoot komodo
2026-04-14 20:10:48 -04:00
135e9e531f
feat(overseerr): add Docker Compose configuration for Seerr service
2026-04-14 20:07:45 -04:00
2a4d346e78
Delete obsolete prompts for markdown to HTML conversion, performance tuning, portfolio audit, Proxmox tutoring, and various other workflows. Introduce new prompts for Ansible architecture and tutoring, along with Docker Swarm tutoring, enhancing guidance for users in these areas. Update existing prompts to refine instructions and improve clarity for users seeking best practices in infrastructure management and automation.
2026-04-14 19:49:55 -04:00
28f46aa0e2
feat(authentik): add Docker Compose configuration for Authentik services
2026-04-14 19:17:18 -04:00
88d67ecf4f
docs(ansible): complete Phase 5 - comprehensive validation and vault setup
...
Added production-grade validation tooling and documentation:
- ADDED: validate-connectivity.yml playbook with comprehensive checks
* Ping test, sudo verification, Docker status
* NFS mount validation, disk usage warnings
* Proxmox-specific checks (version, cluster status)
* System uptime reporting
* Passes ansible-lint production profile
- ADDED: validate-environment.sh health check script
* 10-point diagnostic validation
* Color-coded status output
* Reports all 4 nodes operational
- ADDED: QUICK-REFERENCE.md comprehensive command guide
* Ad-hoc commands, playbook operations
* Vault management, linting workflows
* Inventory targeting examples
* Integration guides (VSCode, Git)
- ADDED: Ansible Vault secrets template (encrypted)
* group_vars/all/vault.yml with placeholder secrets
* AES256 encrypted with vault password
* Template for sudo, Proxmox, Gitea, NFS credentials
- UPDATED: plan-ansibleSetup.md progress report
* Phase completion status (Phases 1-4 complete)
* Deviations documented (hosts.ini format, PVE01 added)
* Next steps and recommendations
- UPDATED: README.md Ansible section
* Production-ready status badge
* Quick validation command
* Links to new documentation
Environment Status: 🟢 PRODUCTION READY
All 4 nodes responding, linting passed, documentation complete
2026-04-13 21:33:34 -04:00
ebaac8aa50
docs(architecture): correct infrastructure topology - all nodes are physical servers
...
- Updated mermaid diagram to show Heimdall as standalone physical server (10.0.0.151)
- Removed nested VM structure incorrectly showing Heimdall inside PVE01 hypervisor
- Corrected infrastructure inventory table: Heimdall listed as "Physical Server" with Intel N100
- Updated Watchtower label from "Raspberry Pi 5" to "Physical Server" for consistency
- Clarified PVE01 role as hypervisor platform with no VMs currently deployed
- Updated repository structure comment: heimdall/ marked as "Physical" not "VM on PVE01"
- Adjusted stats section: "Proxmox VE 9.1.7 available (no VMs currently deployed)"
- Added qualifier to backup strategy: Proxmox VM snapshots only apply when VMs exist
Context: User clarified that all infrastructure nodes (heimdall, waldorf, watchtower,
pve01) are physical servers. Previous documentation incorrectly represented Heimdall
as a VM hosted on the PVE01 hypervisor, when it is actually a standalone physical
server running Ubuntu 24.04.
2026-04-13 21:12:36 -04:00
e087670ca5
feat(readme): update infrastructure description and enhance automation details
2026-04-13 21:01:57 -04:00
481d206749
feat(ansible): update host variables for pve01 with detailed hardware and OS information
2026-04-13 20:21:57 -04:00
49b3f3a652
feat(proxmox): add onboarding playbooks and host variables for Proxmox VE management
2026-04-13 20:16:57 -04:00
ef875a78cc
feat(ansible): enhance inventory management and onboarding playbooks with detailed host variables and system facts collection
2026-04-13 20:01:48 -04:00
