nathan/homelab
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Releases Wiki Activity
103 Commits 2 Branches 0 Tags
Commit Graph

103 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
nathan
785013b701 fix: uncomment ports configuration for Pinchflat service 2026-04-20 09:22:11 -04:00
nathan
5672e113b2 fix: update Pinchflat service image tag to latest 2026-04-20 09:19:56 -04:00
nathan
87477bda6c fix: update image tag for Pinchflat service to v2026.03.17 2026-04-20 09:15:21 -04:00
nathan
0581a62199 fix: revert image tag for Pinchflat service to v2025.6.6 2026-04-20 09:12:50 -04:00
nathan
94922a677d fix: correct image tag format for Pinchflat service 2026-04-20 09:11:15 -04:00
nathan
990add1ae8 feat: add Pinchflat service configuration with Traefik routing 2026-04-20 09:10:10 -04:00
nathan
9286cdb331 feat: add Gitvana deployment role with configuration and service management 2026-04-19 19:44:31 -04:00
nathan
129b7eee1b Created Files 
security-secrets-remediation.prompt.md - Phase 1 (CRITICAL)

Eliminates hardcoded secrets (Docker Registry, Komodo, Plex)
Creates .env templates and migration workflow
Priority: Immediate (This Week)
security-container-hardening.prompt.md - Phase 2 (HIGH)

Removes privileged containers
Converts root users to non-root (PUID/PGID)
Secures Docker socket access patterns
Priority: Short Term (This Month)
security-ansible-hardening.prompt.md - Phase 3 (MEDIUM)

Enables SSH host key checking
Implements restricted sudo rules
Deploys UFW firewalls and fail2ban
Priority: Medium Term (Next Month)
security-network-access.prompt.md - Phase 4 (MEDIUM)

Restricts port exposure (0.0.0.0 → 127.0.0.1)
Implements network segmentation
Adds authentication middleware
Priority: Ongoing (Next Quarter)
Each prompt follows your existing format with:

 Gated workflows with confirmation checkpoints
 Rollback procedures for safety
 Testing and validation steps
 Incremental deployment strategies
 Clear success criteria
 2026-04-19 18:25:46 -04:00
nathan
417501dbd1 feat: install Frank v6 modular AI assistant system 
- Add Frank v6 core personality and base commands
- Install 7 reasoning skills (CRAFT, CoT, ToT, RAG, Markdown, Mermaid, Advanced Reasoning)
- Install 5 specialties (DevOps, ITIL, Data Analysis, Prompt Engineering, SCCM)
- Update copilot-instructions.md with v6 integration guide
- Add comprehensive architecture documentation
- Migrate style.mermaid.instructions.md from instructions/ to skills/
- Remove deprecated .github/instructions/ files (migrated to skills/)
- Remove obsolete create-commit.msg.prompt.md
 2026-04-19 17:31:14 -04:00
Nathan
b24459ce93 feat: update Wizarr service configuration and fix volume path 2026-04-18 18:10:38 -04:00
Nathan
85587d716b feat: add Profilarr service configuration with Traefik routing and media volume mappings 2026-04-18 17:40:27 -04:00
Nathan
9beaa5481a feat: add Trailarr service configuration with Traefik routing and media volume mappings 2026-04-18 15:21:29 -04:00
Nathan
475c18c99d feat: update TimescaleDB volume path for Tracearr service 2026-04-18 15:01:57 -04:00
Nathan
443427ba93 feat: update Tracearr service configuration to enable Traefik routing and remove port mapping 2026-04-18 14:58:55 -04:00
Nathan
d0fea0cea6 feat: add Tracearr PostgreSQL 18 deployment configuration with TimescaleDB and Redis services 2026-04-18 14:37:36 -04:00
Nathan
d2985e9c54 feat: add Firebase configuration for OpenApply SPA and validate required variables 2026-04-17 20:53:19 -04:00
Nathan
0634d6884c feat: update OpenApply configuration and deployment tasks for improved service management and environment setup 2026-04-17 20:38:16 -04:00
Nathan
ac6e68e301 docs(ansible): add comprehensive documentation for openapply_app role 
Complete role documentation suite per Ansible Galaxy and homelab standards:
- Add role README.md with variable tables, usage examples, and deployment notes
- Add meta/main.yml for Galaxy metadata and collection dependencies
- Add OPENAPPLY-VAULT-REFERENCE.md with vault setup and Proxmox token guide
- Add OPENAPPLY-IMPLEMENTATION-REPORT.md with architecture, validation, and handoff details

Context: Completes the OpenApply LXC deployment implementation from session plan.
This documentation enables users to configure vault secrets, understand role variables,
and execute the two-tier Proxmox provisioning workflow.

Ref: Session plan at /memories/session/plan.md (Phases 1-6 complete)
 2026-04-17 19:29:13 -04:00
Nathan
46d98af51d feat: add OpenApply role with provisioning, configuration, and service management for Proxmox LXC 2026-04-17 19:19:11 -04:00
Nathan
a7ac8004d4 fix: simplify Docker registry configuration by removing unnecessary authentication settings 2026-04-17 16:08:28 -04:00
Nathan
1ef9726314 fix: decode htpasswd contents before writing to file in Docker registry configuration 2026-04-17 16:01:21 -04:00
Nathan
56a5c5ae4c fix: correct quoting in command for Docker registry configuration 2026-04-17 15:55:27 -04:00
Nathan
1479eb8bcd fix: refactor command syntax for Docker registry configuration 2026-04-17 15:53:32 -04:00
Nathan
53e43508f3 fix: correct quoting in command for Docker registry configuration 2026-04-17 15:51:33 -04:00
Nathan
7ecfda8fd7 fix: update Docker registry configuration to use correct htpasswd path and remove secrets 2026-04-17 15:48:56 -04:00
Nathan
b291cee84c fix: update Docker registry configuration to use external secrets for htpasswd 2026-04-17 15:39:36 -04:00
Nathan
e0976f44e4 added 'container name' key 2026-04-17 15:33:37 -04:00
Nathan
289c562904 fix: comment out unused auth volume in Docker registry configuration 2026-04-17 15:23:54 -04:00
Nathan
426caf38e3 fix: restore REGISTRY_HTTP_SECRET in Docker registry configuration 2026-04-17 15:22:00 -04:00
Nathan
11ee1e0804 Update Docker registry configuration to use environment variable for htpasswd contents 2026-04-17 15:20:34 -04:00
Nathan
a952f68bdf Add Docker registry service configuration with htpasswd authentication 2026-04-17 15:03:27 -04:00
Nathan
4553936b53 test: verify passwordless push 2026-04-14 21:33:17 -04:00
Nathan
0ed4e7198d Add Ansible apt maintenance role rollout plan 2026-04-14 21:25:00 -04:00
Nathan
e9eaa32765 Triggering webhook 2026-04-14 21:12:13 -04:00
Nathan
202ca9ebea Triggering webhook 2026-04-14 21:11:35 -04:00
Nathan
0018930255 Triggering webhook 2026-04-14 21:06:48 -04:00
Nathan
94d6dcc966 Triggering webhook 2026-04-14 21:04:40 -04:00
Nathan
740f3633c2 Triggering webhook 2026-04-14 21:03:39 -04:00
Nathan
8e51337dea Triggering webhook 2026-04-14 21:02:02 -04:00
Nathan
0e93ee0531 test: trigger qbittorrent webhook 2026-04-14 20:57:59 -04:00
Nathan
783680c5fe fix(heimdall): update service images for prowlarr, qbittorrent, radarr, sabnzbd, sonarr, tautulli, and wizarr to latest versions 2026-04-14 20:48:37 -04:00
Nathan
26836f8c5a fix(heimdall): update volume paths and remove unused ports for multiple services 2026-04-14 20:32:21 -04:00
Nathan
1ecaf89e60 fix(overseerr): correct image tag format for Seerr service 2026-04-14 20:21:39 -04:00
Nathan
8734b7061d fix(overseerr): update Seerr image version to 3.1.1 for stability 2026-04-14 20:19:08 -04:00
Nathan
a7d2d1f74d draft versions of arr components 2026-04-14 20:15:06 -04:00
Nathan
8b4275907e Adjusting service name to troubleshoot komodo 2026-04-14 20:10:48 -04:00
Nathan
135e9e531f feat(overseerr): add Docker Compose configuration for Seerr service 2026-04-14 20:07:45 -04:00
Nathan
2a4d346e78 Delete obsolete prompts for markdown to HTML conversion, performance tuning, portfolio audit, Proxmox tutoring, and various other workflows. Introduce new prompts for Ansible architecture and tutoring, along with Docker Swarm tutoring, enhancing guidance for users in these areas. Update existing prompts to refine instructions and improve clarity for users seeking best practices in infrastructure management and automation. 2026-04-14 19:49:55 -04:00
Nathan
28f46aa0e2 feat(authentik): add Docker Compose configuration for Authentik services 2026-04-14 19:17:18 -04:00
Nathan
88d67ecf4f docs(ansible): complete Phase 5 - comprehensive validation and vault setup 
Added production-grade validation tooling and documentation:

- ADDED: validate-connectivity.yml playbook with comprehensive checks
  * Ping test, sudo verification, Docker status
  * NFS mount validation, disk usage warnings
  * Proxmox-specific checks (version, cluster status)
  * System uptime reporting
  * Passes ansible-lint production profile

- ADDED: validate-environment.sh health check script
  * 10-point diagnostic validation
  * Color-coded status output
  * Reports all 4 nodes operational

- ADDED: QUICK-REFERENCE.md comprehensive command guide
  * Ad-hoc commands, playbook operations
  * Vault management, linting workflows
  * Inventory targeting examples
  * Integration guides (VSCode, Git)

- ADDED: Ansible Vault secrets template (encrypted)
  * group_vars/all/vault.yml with placeholder secrets
  * AES256 encrypted with vault password
  * Template for sudo, Proxmox, Gitea, NFS credentials

- UPDATED: plan-ansibleSetup.md progress report
  * Phase completion status (Phases 1-4 complete)
  * Deviations documented (hosts.ini format, PVE01 added)
  * Next steps and recommendations

- UPDATED: README.md Ansible section
  * Production-ready status badge
  * Quick validation command
  * Links to new documentation

Environment Status: 🟢 PRODUCTION READY
All 4 nodes responding, linting passed, documentation complete
 2026-04-13 21:33:34 -04:00