From d479bc314053433e1a3013a449ee7f6898916d9f Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sat, 7 Mar 2026 20:28:51 -0800 Subject: [PATCH] =?UTF-8?q?C2(jobsync):=20plan=20=E2=80=94=20Mikado=20card?= =?UTF-8?q?s=20for=20JobSync=20deployment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cards: - deploy-jobsync (goal): Deploy JobSync to ringtail k3s via ArgoCD - build-jobsync-container: Nix container build (buildLayeredImage) - mirror-jobsync: Mirror upstream to forge - integrate-jobsync-ollama: Wire up existing Ollama for AI features Co-Authored-By: Claude Opus 4.6 --- docs/how-to/how-to.md | 7 +++ .../how-to/jobsync/build-jobsync-container.md | 41 ++++++++++++++++ docs/how-to/jobsync/deploy-jobsync.md | 49 +++++++++++++++++++ .../jobsync/integrate-jobsync-ollama.md | 45 +++++++++++++++++ docs/how-to/jobsync/mirror-jobsync.md | 27 ++++++++++ 5 files changed, 169 insertions(+) create mode 100644 docs/how-to/jobsync/build-jobsync-container.md create mode 100644 docs/how-to/jobsync/deploy-jobsync.md create mode 100644 docs/how-to/jobsync/integrate-jobsync-ollama.md create mode 100644 docs/how-to/jobsync/mirror-jobsync.md diff --git a/docs/how-to/how-to.md b/docs/how-to/how-to.md index a9e096a..5f1bd4f 100644 --- a/docs/how-to/how-to.md +++ b/docs/how-to/how-to.md @@ -88,6 +88,13 @@ tags: - [[upgrade-dagger]] +## JobSync + +- [[deploy-jobsync]] +- [[build-jobsync-container]] +- [[mirror-jobsync]] +- [[integrate-jobsync-ollama]] + ## Forgejo Runner - [[upgrade-k8s-runner]] diff --git a/docs/how-to/jobsync/build-jobsync-container.md b/docs/how-to/jobsync/build-jobsync-container.md new file mode 100644 index 0000000..0e5ba77 --- /dev/null +++ b/docs/how-to/jobsync/build-jobsync-container.md @@ -0,0 +1,41 @@ +--- +title: Build JobSync Container +modified: 2026-03-07 +status: active +requires: + - mirror-jobsync +tags: + - how-to + - jobsync +--- + +# Build JobSync Container + +Build a nix container image for JobSync using `dockerTools.buildLayeredImage`, following the ntfy pattern. + +## Context + +JobSync is a Next.js standalone app with Prisma (SQLite). The nix build needs to: + +1. Fetch source from `forge.ops.eblu.me/mirrors/jobsync` (v1.1.4) +2. `buildNpmPackage` — install deps, run `prisma generate`, run `next build` +3. Package the standalone output with `nodejs` runtime into a layered image +4. Include an entrypoint that runs `prisma migrate deploy` before `node server.js` + +## Key Details + +- **Runtime dependency:** `nodejs_20` must be in the image (unlike Go apps that compile to static binaries) +- **Prisma native engine:** `prisma generate` produces a platform-specific query engine binary; the nix build targets `linux-x86_64` for ringtail +- **`npmDepsHash`:** Will need to be computed on first build (set to empty, let it fail, grab the hash) +- **Standalone output:** Next.js `output: "standalone"` produces a self-contained `server.js` with minimal `node_modules` + +## Files + +- `containers/jobsync/default.nix` — nix derivation +- `containers/jobsync/entrypoint.sh` — startup script (migrations + server) + +## Related + +- [[mirror-jobsync]] +- [[deploy-jobsync]] +- [[build-container-image]] diff --git a/docs/how-to/jobsync/deploy-jobsync.md b/docs/how-to/jobsync/deploy-jobsync.md new file mode 100644 index 0000000..b5bc39c --- /dev/null +++ b/docs/how-to/jobsync/deploy-jobsync.md @@ -0,0 +1,49 @@ +--- +title: Deploy JobSync +modified: 2026-03-07 +status: active +branch: mikado/jobsync +requires: + - build-jobsync-container + - integrate-jobsync-ollama +tags: + - how-to + - jobsync +--- + +# Deploy JobSync + +Deploy [JobSync](https://github.com/Gsync/jobsync) — a self-hosted job application tracker — to ringtail's k3s cluster via ArgoCD. + +## Context + +JobSync is a Next.js app with SQLite storage that provides job application tracking, resume management, and AI-powered resume review/job matching. It runs as a single container with persistent storage at `/data` (SQLite DB + uploaded files). + +## What This Card Covers + +With the container built and Ollama integration configured, this card wires up the deployment: + +- ArgoCD Application targeting `ringtail.tail8d86e.ts.net:6443` +- k8s manifests: Deployment, Service, Tailscale Ingress, PVC, ExternalSecret +- PVC using k3s local-path for `/data` (SQLite + resume uploads) +- ExternalSecret for `ENCRYPTION_KEY` and `AUTH_SECRET` from 1Password +- Caddy route: `jobsync.ops.eblu.me` → Tailscale ingress +- Service documentation + +## Environment Variables + +| Variable | Source | Purpose | +|----------|--------|---------| +| `DATABASE_URL` | Hardcoded | `file:/data/dev.db` | +| `AUTH_SECRET` | ExternalSecret | NextAuth session signing | +| `ENCRYPTION_KEY` | ExternalSecret | AES-256-GCM for stored API keys | +| `NEXTAUTH_URL` | Hardcoded | `https://jobsync.ops.eblu.me` | +| `AUTH_TRUST_HOST` | Hardcoded | `true` | +| `TZ` | Hardcoded | `America/Los_Angeles` | +| `OLLAMA_BASE_URL` | Hardcoded | `http://ollama.ollama.svc.cluster.local:11434` | + +## Related + +- [[build-jobsync-container]] +- [[integrate-jobsync-ollama]] +- [[deploy-k8s-service]] diff --git a/docs/how-to/jobsync/integrate-jobsync-ollama.md b/docs/how-to/jobsync/integrate-jobsync-ollama.md new file mode 100644 index 0000000..880c160 --- /dev/null +++ b/docs/how-to/jobsync/integrate-jobsync-ollama.md @@ -0,0 +1,45 @@ +--- +title: Integrate JobSync with Ollama +modified: 2026-03-07 +status: active +tags: + - how-to + - jobsync +--- + +# Integrate JobSync with Ollama + +Configure JobSync to use the existing Ollama deployment on ringtail for AI features (resume review, job matching). + +## Context + +Ollama already runs on ringtail's k3s cluster at `ollama.ollama.svc.cluster.local:11434` with several models available (qwen2.5:14b, deepseek-r1:14b, phi4:14b, gemma3:12b, qwen3.5:9b). + +JobSync supports Ollama natively via `OLLAMA_BASE_URL`. Since both services run on the same k3s cluster, this is a cluster-internal connection with no auth required. + +## Configuration + +Set in the JobSync deployment manifest: + +```yaml +env: + - name: OLLAMA_BASE_URL + value: "http://ollama.ollama.svc.cluster.local:11434" +``` + +## Verification + +After deployment: + +1. Open JobSync settings +2. Select Ollama as the AI provider +3. Verify model list populates from the Ollama instance +4. Test resume review with one of the available models + +## Model Recommendations + +For resume review and job matching, `qwen2.5:14b` or `gemma3:12b` are good choices — capable enough for structured text analysis without being overly slow on the RTX 4080. + +## Related + +- [[deploy-jobsync]] diff --git a/docs/how-to/jobsync/mirror-jobsync.md b/docs/how-to/jobsync/mirror-jobsync.md new file mode 100644 index 0000000..494f344 --- /dev/null +++ b/docs/how-to/jobsync/mirror-jobsync.md @@ -0,0 +1,27 @@ +--- +title: Mirror JobSync +modified: 2026-03-07 +status: active +tags: + - how-to + - jobsync +--- + +# Mirror JobSync + +Mirror the upstream [JobSync](https://github.com/Gsync/jobsync) repository to `forge.ops.eblu.me/mirrors/jobsync` for supply chain control. + +## Context + +JobSync is not in nixpkgs. Building a nix container requires fetching source from a controlled mirror on forge, following the same pattern as [[mirror-authentik-build-deps]] and the ntfy mirror. + +## Steps + +1. Create the mirror: `mise run mirror-create jobsync https://github.com/Gsync/jobsync.git` +2. Verify the mirror syncs: check `forge.ops.eblu.me/mirrors/jobsync` +3. Note the tag for v1.1.4 (current upstream release) + +## Related + +- [[build-jobsync-container]] +- [[manage-forgejo-mirrors]]