Build local containers for k8s services (#61)

## Summary
- Move devpi Dockerfile from argocd/manifests to containers/devpi/
- Add containers for: transmission, teslamate, miniflux, kiwix-serve, kubectl
- Update all k8s deployments to use local images (registry.ops.eblu.me/blumeops/*)
- All containers use v1.0.0 tag for initial release

## Containers Added
| Container | Source | Notes |
|-----------|--------|-------|
| devpi | python:3.12-slim | Existing, moved to containers/ |
| kubectl | alpine + download | For zim-watcher CronJob |
| miniflux | Go build from source | v2.2.16 |
| kiwix-serve | Download pre-built binary | v3.8.1 |
| transmission | alpine + apk install | Simpler than linuxserver image |
| teslamate | Elixir build from source | v2.2.0 |

## Deployment and Testing
- [ ] Build and tag devpi-v1.0.0
- [ ] Build and tag kubectl-v1.0.0
- [ ] Build and tag miniflux-v1.0.0
- [ ] Build and tag kiwix-serve-v1.0.0
- [ ] Build and tag transmission-v1.0.0
- [ ] Build and tag teslamate-v1.0.0
- [ ] Sync ArgoCD apps and verify services

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/61

argocd/manifests/devpi/Dockerfile

@@ -1,19 +0,0 @@
-FROM python:3.12-slim
-
-# Install devpi-server and devpi-web
-RUN pip install --no-cache-dir devpi-server devpi-web
-
-# Create non-root user
-RUN useradd -r -u 1000 devpi && mkdir -p /devpi && chown devpi:devpi /devpi
-
-# Add startup script
-COPY --chown=devpi:devpi start.sh /usr/local/bin/start.sh
-RUN chmod +x /usr/local/bin/start.sh
-
-USER devpi
-WORKDIR /devpi
-
-# Expose default port
-EXPOSE 3141
-
-ENTRYPOINT ["/usr/local/bin/start.sh"]

argocd/manifests/devpi/start.sh

@@ -1,31 +0,0 @@
-#!/bin/bash
-set -e
-
-SERVERDIR="${DEVPI_SERVERDIR:-/devpi}"
-HOST="${DEVPI_HOST:-0.0.0.0}"
-# Note: Can't use DEVPI_PORT - Kubernetes auto-sets it for service discovery
-PORT="${DEVPI_LISTEN_PORT:-3141}"
-OUTSIDE_URL="${DEVPI_OUTSIDE_URL:-}"
-
-# Check if devpi is initialized
-if [ ! -f "$SERVERDIR/.serverversion" ]; then
-    echo "Initializing devpi server..."
-
-    if [ -z "$DEVPI_ROOT_PASSWORD" ]; then
-        echo "ERROR: DEVPI_ROOT_PASSWORD environment variable must be set for initialization"
-        exit 1
-    fi
-
-    devpi-init --serverdir "$SERVERDIR" --root-passwd "$DEVPI_ROOT_PASSWORD"
-    echo "Devpi initialized successfully"
-fi
-
-# Build command
-CMD="devpi-server --serverdir $SERVERDIR --host $HOST --port $PORT"
-
-if [ -n "$OUTSIDE_URL" ]; then
-    CMD="$CMD --outside-url $OUTSIDE_URL"
-fi
-
-echo "Starting devpi-server..."
-exec $CMD

argocd/manifests/devpi/statefulset.yaml

@@ -18,8 +18,7 @@ spec:
         fsGroup: 1000
       containers:
         - name: devpi
-          # TODO: Tag builds with semantic versions (e.g., v1.0.0) for reproducibility
-          image: registry.ops.eblu.me/blumeops/devpi:latest
+          image: registry.ops.eblu.me/blumeops/devpi:v1.0.0
           env:
             - name: DEVPI_ROOT_PASSWORD
               valueFrom:

argocd/manifests/kiwix/cronjob-zim-watcher.yaml

@@ -14,7 +14,7 @@ spec:
           serviceAccountName: zim-watcher
           containers:
             - name: watcher
-              image: bitnami/kubectl:1.34.1
+              image: registry.ops.eblu.me/blumeops/kubectl:v1.0.0
               command: ["/bin/bash", "-c"]
               args:
                 - |

argocd/manifests/kiwix/deployment.yaml

@@ -20,9 +20,10 @@ spec:
       containers:
         # Main kiwix-serve container
         - name: kiwix-serve
-          image: ghcr.io/kiwix/kiwix-serve:3.8.1
-          command: ["/bin/sh", "-c"]
+          image: registry.ops.eblu.me/blumeops/kiwix-serve:v1.0.0
           args:
+            - "/bin/sh"
+            - "-c"
             - "kiwix-serve --port=80 /data/complete/*.zim"
           ports:
             - containerPort: 80
@@ -52,7 +53,7 @@ spec:
 
         # Sidecar: Syncs declarative ZIM torrents to transmission
         - name: torrent-sync
-          image: lscr.io/linuxserver/transmission:4.0.6  # Has transmission-remote CLI
+          image: registry.ops.eblu.me/blumeops/transmission:v1.0.1
           command: ["/bin/bash", "-c"]
           args:
             - |

argocd/manifests/miniflux/deployment.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: miniflux
-          image: ghcr.io/miniflux/miniflux:2.2.16
+          image: registry.ops.eblu.me/blumeops/miniflux:v1.0.0
           ports:
             - containerPort: 8080
           env:

argocd/manifests/teslamate/deployment.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: teslamate
-          image: teslamate/teslamate:2.2.0
+          image: registry.ops.eblu.me/blumeops/teslamate:v1.0.1
           ports:
             - containerPort: 4000
           env:

argocd/manifests/torrent/deployment.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: transmission
-          image: lscr.io/linuxserver/transmission:4.0.6
+          image: registry.ops.eblu.me/blumeops/transmission:v1.0.1
           env:
             - name: PUID
               value: "1000"