Wire ringtail blumeops-pg into backups + Grafana (#364)

Prereq for the wave-1 decommission. The cutover moved paperless+teslamate (postgres) and mealie (SQLite) to ringtail, but borgmatic and the Grafana TeslaMate datasource still pointed at the minikube copies — the migrated live data was unbacked since cutover, and dropping the minikube DBs would break the TeslaMate dashboards. - Tailscale Service `blumeops-pg-ringtail` + Caddy L4 route `pg.ops.eblu.me:5434` - borgmatic: teslamate + paperless postgres → :5434; mealie SQLite → ssh:eblume@ringtail - Grafana TeslaMate datasource → pg.ops.eblu.me:5434 Deploy: sync databases-ringtail (tailscale svc) + grafana from branch; provision-indri --tags caddy,borgmatic; verify a backup run + dashboards. Unblocks the decommission PR. Reviewed-on: #364
2026-06-03 12:25:30 -07:00 · 2026-06-03 12:25:30 -07:00 · e0057b46e4
commit e0057b46e4
parent 92b54e7ba9
10 changed files with 56 additions and 9 deletions
--- a/argocd/manifests/databases-ringtail/kustomization.yaml
+++ b/argocd/manifests/databases-ringtail/kustomization.yaml
@ -9,6 +9,7 @@ resources:
  - service-immich-pg-tailscale.yaml
  # wave-1 indri-k8s decommission: blumeops-pg (paperless + teslamate)
  - blumeops-pg.yaml
+  - service-blumeops-pg-tailscale.yaml
  - external-secret-eblume.yaml
  - external-secret-borgmatic.yaml
  - external-secret-paperless.yaml
--- a/argocd/manifests/databases-ringtail/service-blumeops-pg-tailscale.yaml
+++ b/argocd/manifests/databases-ringtail/service-blumeops-pg-tailscale.yaml
@ -0,0 +1,24 @@
+# Tailscale LoadBalancer for the ringtail blumeops-pg cluster.
+# Canonical hostname: blumeops-pg-ringtail.tail8d86e.ts.net (distinct from
+# the minikube blumeops-pg, which still owns pg.tail8d86e.ts.net until the
+# wave-1 decommission). Borgmatic on indri and the Grafana TeslaMate
+# datasource reach it via the Caddy L4 route pg.ops.eblu.me:5434.
+apiVersion: v1
+kind: Service
+metadata:
+  name: blumeops-pg-tailscale
+  namespace: databases
+  annotations:
+    tailscale.com/hostname: "blumeops-pg-ringtail"
+    tailscale.com/proxy-class: "default"
+spec:
+  type: LoadBalancer
+  loadBalancerClass: tailscale
+  selector:
+    cnpg.io/cluster: blumeops-pg
+    role: primary
+  ports:
+    - name: postgresql
+      port: 5432
+      targetPort: 5432
+      protocol: TCP
--- a/argocd/manifests/grafana/datasources.yaml
+++ b/argocd/manifests/grafana/datasources.yaml
@ -63,5 +63,7 @@ datasources:
    password: $TESLAMATE_DB_PASSWORD
  type: postgres
  uid: TeslaMate
-  url: blumeops-pg-rw.databases.svc.cluster.local:5432
+  # teslamate DB migrated to ringtail blumeops-pg (wave-1); reached via the
+  # Caddy L4 route on indri (pg.ops.eblu.me:5434 -> blumeops-pg-ringtail).
+  url: pg.ops.eblu.me:5434
  user: teslamate
--- a/argocd/manifests/mealie-ringtail/kustomization.yaml
+++ b/argocd/manifests/mealie-ringtail/kustomization.yaml
@ -12,4 +12,4 @@ resources:

 images:
  - name: registry.ops.eblu.me/blumeops/mealie
-    newTag: v3.16.0-fcac8e5-nix
+    newTag: v3.16.0-22cfd86-nix