013571fe65
fix: update Open Web UI image tag to v0.9.1 in compose.yaml
2026-04-21 13:01:40 -04:00
cb7d743f47
feat: add Open Web UI service configuration with Traefik integration
2026-04-21 12:32:48 -04:00
37da1a3861
feat: add host-specific variables for ai-p410 and update configurations for heimdall, pve01, waldorf, and watchtower
2026-04-21 12:27:43 -04:00
b7d0e07ec3
refactor: remove gitvana_bun_host role and associated files
2026-04-21 12:26:58 -04:00
09c99318f8
fix: update .gitignore to include additional output directories and redact sensitive tokens in containers.yml
2026-04-21 12:24:33 -04:00
e61bf3d5c7
feat: add onboarding and setup for AI nodes with NVIDIA runtime configuration
2026-04-21 12:01:58 -04:00
689d5a3710
fix: disable privilege escalation in Ansible configuration
2026-04-21 11:51:52 -04:00
9a749a8c97
Update onboard-nodes.yml to target physical_servers and add ai-p410 to hosts.ini so onboarding limits no longer skip that host.
2026-04-21 11:45:46 -04:00
92c8125981
fix: update Gitea SSH configuration to use environment variables and set Plex image version
2026-04-20 20:20:26 -04:00
bc796cd125
feat: add Gitea service configuration with PostgreSQL database and Traefik integration
2026-04-20 19:56:09 -04:00
2d62d1a3f9
feat: add basic authentication middleware for analytics service in Traefik
2026-04-20 17:47:29 -04:00
48bfaa6cb9
Removed outdated mermaid.js network diagram
2026-04-20 17:30:30 -04:00
b3313654ab
feat: add goaccess and goaccess-cron services for Traefik access log analysis
2026-04-20 16:42:15 -04:00
Nathan Castaldi
ebc1ae7c8b
updated ersion tag
2026-04-20 11:42:45 -04:00
Nathan Castaldi
31e41934ee
updated version tag to 2.3.5.5327
2026-04-20 11:39:40 -04:00
52c60aecb4
fix: update downloads volume path for Pinchflat service
2026-04-20 10:02:32 -04:00
9f19363409
fix: add TEMP and TMPDIR environment variables for Pinchflat service. Force yt-dlp to use the container's internal /tmp instead of /config.
2026-04-20 09:52:43 -04:00
49d62fa772
fix: add PUID and PGID environment variables for Pinchflat service
2026-04-20 09:46:43 -04:00
785013b701
fix: uncomment ports configuration for Pinchflat service
2026-04-20 09:22:11 -04:00
5672e113b2
fix: update Pinchflat service image tag to latest
2026-04-20 09:19:56 -04:00
87477bda6c
fix: update image tag for Pinchflat service to v2026.03.17
2026-04-20 09:15:21 -04:00
0581a62199
fix: revert image tag for Pinchflat service to v2025.6.6
2026-04-20 09:12:50 -04:00
94922a677d
fix: correct image tag format for Pinchflat service
2026-04-20 09:11:15 -04:00
990add1ae8
feat: add Pinchflat service configuration with Traefik routing
2026-04-20 09:10:10 -04:00
9286cdb331
feat: add Gitvana deployment role with configuration and service management
2026-04-19 19:44:31 -04:00
129b7eee1b
Created Files
...
security-secrets-remediation.prompt.md - Phase 1 (CRITICAL)
Eliminates hardcoded secrets (Docker Registry, Komodo, Plex)
Creates .env templates and migration workflow
Priority: Immediate (This Week)
security-container-hardening.prompt.md - Phase 2 (HIGH)
Removes privileged containers
Converts root users to non-root (PUID/PGID)
Secures Docker socket access patterns
Priority: Short Term (This Month)
security-ansible-hardening.prompt.md - Phase 3 (MEDIUM)
Enables SSH host key checking
Implements restricted sudo rules
Deploys UFW firewalls and fail2ban
Priority: Medium Term (Next Month)
security-network-access.prompt.md - Phase 4 (MEDIUM)
Restricts port exposure (0.0.0.0 → 127.0.0.1)
Implements network segmentation
Adds authentication middleware
Priority: Ongoing (Next Quarter)
Each prompt follows your existing format with:
✅ Gated workflows with confirmation checkpoints
✅ Rollback procedures for safety
✅ Testing and validation steps
✅ Incremental deployment strategies
✅ Clear success criteria
2026-04-19 18:25:46 -04:00
417501dbd1
feat: install Frank v6 modular AI assistant system
...
- Add Frank v6 core personality and base commands
- Install 7 reasoning skills (CRAFT, CoT, ToT, RAG, Markdown, Mermaid, Advanced Reasoning)
- Install 5 specialties (DevOps, ITIL, Data Analysis, Prompt Engineering, SCCM)
- Update copilot-instructions.md with v6 integration guide
- Add comprehensive architecture documentation
- Migrate style.mermaid.instructions.md from instructions/ to skills/
- Remove deprecated .github/instructions/ files (migrated to skills/)
- Remove obsolete create-commit.msg.prompt.md
2026-04-19 17:31:14 -04:00
b24459ce93
feat: update Wizarr service configuration and fix volume path
2026-04-18 18:10:38 -04:00
85587d716b
feat: add Profilarr service configuration with Traefik routing and media volume mappings
2026-04-18 17:40:27 -04:00
9beaa5481a
feat: add Trailarr service configuration with Traefik routing and media volume mappings
2026-04-18 15:21:29 -04:00
475c18c99d
feat: update TimescaleDB volume path for Tracearr service
2026-04-18 15:01:57 -04:00
443427ba93
feat: update Tracearr service configuration to enable Traefik routing and remove port mapping
2026-04-18 14:58:55 -04:00
d0fea0cea6
feat: add Tracearr PostgreSQL 18 deployment configuration with TimescaleDB and Redis services
2026-04-18 14:37:36 -04:00
d2985e9c54
feat: add Firebase configuration for OpenApply SPA and validate required variables
2026-04-17 20:53:19 -04:00
0634d6884c
feat: update OpenApply configuration and deployment tasks for improved service management and environment setup
2026-04-17 20:38:16 -04:00
ac6e68e301
docs(ansible): add comprehensive documentation for openapply_app role
...
Complete role documentation suite per Ansible Galaxy and homelab standards:
- Add role README.md with variable tables, usage examples, and deployment notes
- Add meta/main.yml for Galaxy metadata and collection dependencies
- Add OPENAPPLY-VAULT-REFERENCE.md with vault setup and Proxmox token guide
- Add OPENAPPLY-IMPLEMENTATION-REPORT.md with architecture, validation, and handoff details
Context: Completes the OpenApply LXC deployment implementation from session plan.
This documentation enables users to configure vault secrets, understand role variables,
and execute the two-tier Proxmox provisioning workflow.
Ref: Session plan at /memories/session/plan.md (Phases 1-6 complete)
2026-04-17 19:29:13 -04:00
46d98af51d
feat: add OpenApply role with provisioning, configuration, and service management for Proxmox LXC
2026-04-17 19:19:11 -04:00
a7ac8004d4
fix: simplify Docker registry configuration by removing unnecessary authentication settings
2026-04-17 16:08:28 -04:00
1ef9726314
fix: decode htpasswd contents before writing to file in Docker registry configuration
2026-04-17 16:01:21 -04:00
56a5c5ae4c
fix: correct quoting in command for Docker registry configuration
2026-04-17 15:55:27 -04:00
1479eb8bcd
fix: refactor command syntax for Docker registry configuration
2026-04-17 15:53:32 -04:00
53e43508f3
fix: correct quoting in command for Docker registry configuration
2026-04-17 15:51:33 -04:00
7ecfda8fd7
fix: update Docker registry configuration to use correct htpasswd path and remove secrets
2026-04-17 15:48:56 -04:00
b291cee84c
fix: update Docker registry configuration to use external secrets for htpasswd
2026-04-17 15:39:36 -04:00
e0976f44e4
added 'container name' key
2026-04-17 15:33:37 -04:00
289c562904
fix: comment out unused auth volume in Docker registry configuration
2026-04-17 15:23:54 -04:00
426caf38e3
fix: restore REGISTRY_HTTP_SECRET in Docker registry configuration
2026-04-17 15:22:00 -04:00
11ee1e0804
Update Docker registry configuration to use environment variable for htpasswd contents
2026-04-17 15:20:34 -04:00
a952f68bdf
Add Docker registry service configuration with htpasswd authentication
2026-04-17 15:03:27 -04:00
4553936b53
test: verify passwordless push
2026-04-14 21:33:17 -04:00
