From 7dce0abbb9253875f2363e8104e9a8516ba93695 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Mon, 16 Mar 2026 21:38:36 -0700 Subject: [PATCH] Update docs: fix mealie storageClass, borgmatic SQLite backups, federated-login - mealie.md: fix storageClassName to standard, add auth/backup sections - borgmatic.md: document k8s SQLite dump pattern and mealie entry - federated-login.md: remove ArgoCD from future work (already done), add mealie to related links Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/explanation/federated-login.md | 3 ++- docs/reference/services/borgmatic.md | 8 ++++++-- docs/reference/services/mealie.md | 13 +++++++++++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/docs/explanation/federated-login.md b/docs/explanation/federated-login.md index 8accad0..e576d9f 100644 --- a/docs/explanation/federated-login.md +++ b/docs/explanation/federated-login.md @@ -76,11 +76,12 @@ Authentik enforces TOTP MFA on its default authentication flow (`not_configured_ ## Future Work -- **Additional services:** ArgoCD, Miniflux, Immich +- **Additional services:** Miniflux, Immich ## Related - [[authentik]] - OIDC identity provider reference - [[grafana]] - First OIDC client +- [[mealie]] - Recipe manager (public PKCE client) - [[security-model]] - Network security and access control - [[deploy-authentik]] - Deployment how-to diff --git a/docs/reference/services/borgmatic.md b/docs/reference/services/borgmatic.md index 05c851e..1020327 100644 --- a/docs/reference/services/borgmatic.md +++ b/docs/reference/services/borgmatic.md @@ -1,6 +1,6 @@ --- title: Borgmatic -modified: 2026-02-10 +modified: 2026-03-16 tags: - service - backup @@ -26,11 +26,15 @@ Daily backup system using Borg backup, running on indri. - `/opt/homebrew/var/forgejo` - Git forge data - `~/.config/borgmatic` - Borgmatic config - `~/Documents` - Personal documents +- `~/.local/share/borgmatic/k8s-dumps/` - SQLite dumps from k8s pods -**Databases:** +**PostgreSQL databases:** - `miniflux` on [[postgresql]] - `teslamate` on [[postgresql]] +**K8s SQLite databases (pre-backup dump via kubectl exec):** +- [[mealie]] - Recipe manager (`/app/data/mealie.db`) + **Not backed up (by design):** - ZIM archives (re-downloadable) - Prometheus metrics (ephemeral) diff --git a/docs/reference/services/mealie.md b/docs/reference/services/mealie.md index b624bea..4081291 100644 --- a/docs/reference/services/mealie.md +++ b/docs/reference/services/mealie.md @@ -32,12 +32,20 @@ Self-hosted recipe manager with a REST API. Part of the meal planning pipeline: - API token auth for automation - OIDC login via [[authentik]] (public client with PKCE) +## Authentication + +OIDC via [[authentik]] using a public client with PKCE (no client secret needed). All Authentik users can log in; members of the `admins` group get Mealie admin privileges via `OIDC_ADMIN_GROUP`. + ## Storage -- 2Gi PVC at `/app/data/` via `local-path` storageClassName -- SQLite database (sufficient for single-user, no network storage concerns on minikube) +- 2Gi PVC at `/app/data/` via `standard` storageClassName (minikube-hostpath) +- SQLite database (sufficient for single-user) - Recipe images and assets stored alongside the database +## Backup + +SQLite database backed up via [[borgmatic]]'s `before_backup` hook. Borgmatic runs `kubectl exec` to create a safe `.backup` copy (via Python's `sqlite3` module), then `kubectl cp` to the host. The dump lands in `~/.local/share/borgmatic/k8s-dumps/mealie.db` and is included in both local (sifaka) and offsite (BorgBase) backups. + ## Networking | Endpoint | Reachable from | @@ -48,5 +56,6 @@ Self-hosted recipe manager with a REST API. Part of the meal planning pipeline: ## Related +- [[authentik]] — OIDC identity provider - [[ollama]] — LLM backend for meal timeline generation - [[borgmatic]] — Data backup