nathan/homelab
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Releases Wiki Activity
108 Commits 2 Branches 0 Tags
Commit Graph

108 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nathan Castaldi
ebc1ae7c8b updated ersion tag 2026-04-20 11:42:45 -04:00
Nathan Castaldi
31e41934ee updated version tag to 2.3.5.5327 2026-04-20 11:39:40 -04:00
nathan
52c60aecb4 fix: update downloads volume path for Pinchflat service 2026-04-20 10:02:32 -04:00
nathan
9f19363409 fix: add TEMP and TMPDIR environment variables for Pinchflat service. Force yt-dlp to use the container's internal /tmp instead of /config. 2026-04-20 09:52:43 -04:00
nathan
49d62fa772 fix: add PUID and PGID environment variables for Pinchflat service 2026-04-20 09:46:43 -04:00
nathan
785013b701 fix: uncomment ports configuration for Pinchflat service 2026-04-20 09:22:11 -04:00
nathan
5672e113b2 fix: update Pinchflat service image tag to latest 2026-04-20 09:19:56 -04:00
nathan
87477bda6c fix: update image tag for Pinchflat service to v2026.03.17 2026-04-20 09:15:21 -04:00
nathan
0581a62199 fix: revert image tag for Pinchflat service to v2025.6.6 2026-04-20 09:12:50 -04:00
nathan
94922a677d fix: correct image tag format for Pinchflat service 2026-04-20 09:11:15 -04:00
nathan
990add1ae8 feat: add Pinchflat service configuration with Traefik routing 2026-04-20 09:10:10 -04:00
nathan
9286cdb331 feat: add Gitvana deployment role with configuration and service management 2026-04-19 19:44:31 -04:00
nathan
129b7eee1b Created Files 
security-secrets-remediation.prompt.md - Phase 1 (CRITICAL)

Eliminates hardcoded secrets (Docker Registry, Komodo, Plex)
Creates .env templates and migration workflow
Priority: Immediate (This Week)
security-container-hardening.prompt.md - Phase 2 (HIGH)

Removes privileged containers
Converts root users to non-root (PUID/PGID)
Secures Docker socket access patterns
Priority: Short Term (This Month)
security-ansible-hardening.prompt.md - Phase 3 (MEDIUM)

Enables SSH host key checking
Implements restricted sudo rules
Deploys UFW firewalls and fail2ban
Priority: Medium Term (Next Month)
security-network-access.prompt.md - Phase 4 (MEDIUM)

Restricts port exposure (0.0.0.0 → 127.0.0.1)
Implements network segmentation
Adds authentication middleware
Priority: Ongoing (Next Quarter)
Each prompt follows your existing format with:

 Gated workflows with confirmation checkpoints
 Rollback procedures for safety
 Testing and validation steps
 Incremental deployment strategies
 Clear success criteria
 2026-04-19 18:25:46 -04:00
nathan
417501dbd1 feat: install Frank v6 modular AI assistant system 
- Add Frank v6 core personality and base commands
- Install 7 reasoning skills (CRAFT, CoT, ToT, RAG, Markdown, Mermaid, Advanced Reasoning)
- Install 5 specialties (DevOps, ITIL, Data Analysis, Prompt Engineering, SCCM)
- Update copilot-instructions.md with v6 integration guide
- Add comprehensive architecture documentation
- Migrate style.mermaid.instructions.md from instructions/ to skills/
- Remove deprecated .github/instructions/ files (migrated to skills/)
- Remove obsolete create-commit.msg.prompt.md
 2026-04-19 17:31:14 -04:00
Nathan
b24459ce93 feat: update Wizarr service configuration and fix volume path 2026-04-18 18:10:38 -04:00
Nathan
85587d716b feat: add Profilarr service configuration with Traefik routing and media volume mappings 2026-04-18 17:40:27 -04:00
Nathan
9beaa5481a feat: add Trailarr service configuration with Traefik routing and media volume mappings 2026-04-18 15:21:29 -04:00
Nathan
475c18c99d feat: update TimescaleDB volume path for Tracearr service 2026-04-18 15:01:57 -04:00
Nathan
443427ba93 feat: update Tracearr service configuration to enable Traefik routing and remove port mapping 2026-04-18 14:58:55 -04:00
Nathan
d0fea0cea6 feat: add Tracearr PostgreSQL 18 deployment configuration with TimescaleDB and Redis services 2026-04-18 14:37:36 -04:00
Nathan
d2985e9c54 feat: add Firebase configuration for OpenApply SPA and validate required variables 2026-04-17 20:53:19 -04:00
Nathan
0634d6884c feat: update OpenApply configuration and deployment tasks for improved service management and environment setup 2026-04-17 20:38:16 -04:00
Nathan
ac6e68e301 docs(ansible): add comprehensive documentation for openapply_app role 
Complete role documentation suite per Ansible Galaxy and homelab standards:
- Add role README.md with variable tables, usage examples, and deployment notes
- Add meta/main.yml for Galaxy metadata and collection dependencies
- Add OPENAPPLY-VAULT-REFERENCE.md with vault setup and Proxmox token guide
- Add OPENAPPLY-IMPLEMENTATION-REPORT.md with architecture, validation, and handoff details

Context: Completes the OpenApply LXC deployment implementation from session plan.
This documentation enables users to configure vault secrets, understand role variables,
and execute the two-tier Proxmox provisioning workflow.

Ref: Session plan at /memories/session/plan.md (Phases 1-6 complete)
 2026-04-17 19:29:13 -04:00
Nathan
46d98af51d feat: add OpenApply role with provisioning, configuration, and service management for Proxmox LXC 2026-04-17 19:19:11 -04:00
Nathan
a7ac8004d4 fix: simplify Docker registry configuration by removing unnecessary authentication settings 2026-04-17 16:08:28 -04:00
Nathan
1ef9726314 fix: decode htpasswd contents before writing to file in Docker registry configuration 2026-04-17 16:01:21 -04:00
Nathan
56a5c5ae4c fix: correct quoting in command for Docker registry configuration 2026-04-17 15:55:27 -04:00
Nathan
1479eb8bcd fix: refactor command syntax for Docker registry configuration 2026-04-17 15:53:32 -04:00
Nathan
53e43508f3 fix: correct quoting in command for Docker registry configuration 2026-04-17 15:51:33 -04:00
Nathan
7ecfda8fd7 fix: update Docker registry configuration to use correct htpasswd path and remove secrets 2026-04-17 15:48:56 -04:00
Nathan
b291cee84c fix: update Docker registry configuration to use external secrets for htpasswd 2026-04-17 15:39:36 -04:00
Nathan
e0976f44e4 added 'container name' key 2026-04-17 15:33:37 -04:00
Nathan
289c562904 fix: comment out unused auth volume in Docker registry configuration 2026-04-17 15:23:54 -04:00
Nathan
426caf38e3 fix: restore REGISTRY_HTTP_SECRET in Docker registry configuration 2026-04-17 15:22:00 -04:00
Nathan
11ee1e0804 Update Docker registry configuration to use environment variable for htpasswd contents 2026-04-17 15:20:34 -04:00
Nathan
a952f68bdf Add Docker registry service configuration with htpasswd authentication 2026-04-17 15:03:27 -04:00
Nathan
4553936b53 test: verify passwordless push 2026-04-14 21:33:17 -04:00
Nathan
0ed4e7198d Add Ansible apt maintenance role rollout plan 2026-04-14 21:25:00 -04:00
Nathan
e9eaa32765 Triggering webhook 2026-04-14 21:12:13 -04:00
Nathan
202ca9ebea Triggering webhook 2026-04-14 21:11:35 -04:00
Nathan
0018930255 Triggering webhook 2026-04-14 21:06:48 -04:00
Nathan
94d6dcc966 Triggering webhook 2026-04-14 21:04:40 -04:00
Nathan
740f3633c2 Triggering webhook 2026-04-14 21:03:39 -04:00
Nathan
8e51337dea Triggering webhook 2026-04-14 21:02:02 -04:00
Nathan
0e93ee0531 test: trigger qbittorrent webhook 2026-04-14 20:57:59 -04:00
Nathan
783680c5fe fix(heimdall): update service images for prowlarr, qbittorrent, radarr, sabnzbd, sonarr, tautulli, and wizarr to latest versions 2026-04-14 20:48:37 -04:00
Nathan
26836f8c5a fix(heimdall): update volume paths and remove unused ports for multiple services 2026-04-14 20:32:21 -04:00
Nathan
1ecaf89e60 fix(overseerr): correct image tag format for Seerr service 2026-04-14 20:21:39 -04:00
Nathan
8734b7061d fix(overseerr): update Seerr image version to 3.1.1 for stability 2026-04-14 20:19:08 -04:00
Nathan
a7d2d1f74d draft versions of arr components 2026-04-14 20:15:06 -04:00