From e3451cd04dd340cb4dc6f46dde30b1c98f27f3b3 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Thu, 29 Jan 2026 15:40:22 -0800 Subject: [PATCH] Add Hajimari service dashboard at go.ops.eblu.me - Add Hajimari ArgoCD application and Helm values - Configure auto-discovery from k8s ingresses - Add custom apps for non-k8s services: Forge, Registry, Sifaka NAS - Add hajimari.io annotations to all ingresses with ops.eblu.me URLs - Add Caddy proxy entries for go.ops.eblu.me and nas.ops.eblu.me Co-Authored-By: Claude Opus 4.5 --- ansible/roles/caddy/defaults/main.yml | 6 +++ argocd/apps/hajimari.yaml | 32 +++++++++++ .../manifests/argocd/service-tailscale.yaml | 6 +++ argocd/manifests/devpi/ingress-tailscale.yaml | 6 +++ .../grafana-config/ingress-tailscale.yaml | 6 +++ .../manifests/hajimari/ingress-tailscale.yaml | 22 ++++++++ argocd/manifests/hajimari/values.yaml | 54 +++++++++++++++++++ .../manifests/immich/ingress-tailscale.yaml | 6 +++ argocd/manifests/kiwix/ingress-tailscale.yaml | 6 +++ argocd/manifests/loki/ingress-tailscale.yaml | 6 +++ .../manifests/miniflux/ingress-tailscale.yaml | 6 +++ .../prometheus/ingress-tailscale.yaml | 6 +++ .../teslamate/ingress-tailscale.yaml | 6 +++ .../manifests/torrent/ingress-tailscale.yaml | 6 +++ 14 files changed, 174 insertions(+) create mode 100644 argocd/apps/hajimari.yaml create mode 100644 argocd/manifests/hajimari/ingress-tailscale.yaml create mode 100644 argocd/manifests/hajimari/values.yaml diff --git a/ansible/roles/caddy/defaults/main.yml b/ansible/roles/caddy/defaults/main.yml index 105b139..34dc7fb 100644 --- a/ansible/roles/caddy/defaults/main.yml +++ b/ansible/roles/caddy/defaults/main.yml @@ -61,6 +61,12 @@ caddy_services: - name: immich host: "photos.{{ caddy_domain }}" backend: "https://photos.tail8d86e.ts.net" + - name: hajimari + host: "go.{{ caddy_domain }}" + backend: "https://go.tail8d86e.ts.net" + - name: sifaka + host: "nas.{{ caddy_domain }}" + backend: "http://sifaka:5000" # Layer 4 (TCP) services # Format: { port: external_port, backend: "host:port" } diff --git a/argocd/apps/hajimari.yaml b/argocd/apps/hajimari.yaml new file mode 100644 index 0000000..51f1ece --- /dev/null +++ b/argocd/apps/hajimari.yaml @@ -0,0 +1,32 @@ +# Hajimari - Service Dashboard / Start Page +# +# Chart mirrored from https://github.com/toboshii/hajimari to forge +# +# Auto-discovers k8s services via ingress annotations and displays +# custom apps for non-k8s services (Forge, Registry, NAS). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: hajimari + namespace: argocd +spec: + project: default + sources: + # Helm chart from forge mirror (SSH via egress) + - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/hajimari.git + targetRevision: main + path: charts/hajimari + helm: + releaseName: hajimari + valueFiles: + - $values/argocd/manifests/hajimari/values.yaml + # Values from our git repo + - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git + targetRevision: main + ref: values + destination: + server: https://kubernetes.default.svc + namespace: hajimari + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/argocd/manifests/argocd/service-tailscale.yaml b/argocd/manifests/argocd/service-tailscale.yaml index 2fc4ce0..f54c345 100644 --- a/argocd/manifests/argocd/service-tailscale.yaml +++ b/argocd/manifests/argocd/service-tailscale.yaml @@ -11,6 +11,12 @@ metadata: namespace: argocd annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://argocd.ops.eblu.me" + hajimari.io/icon: "simple-icons:argo" + hajimari.io/appName: "ArgoCD" + hajimari.io/group: "Infrastructure" + hajimari.io/info: "GitOps continuous delivery" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/devpi/ingress-tailscale.yaml b/argocd/manifests/devpi/ingress-tailscale.yaml index 8f37d17..808a34a 100644 --- a/argocd/manifests/devpi/ingress-tailscale.yaml +++ b/argocd/manifests/devpi/ingress-tailscale.yaml @@ -5,6 +5,12 @@ metadata: namespace: devpi annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://pypi.ops.eblu.me" + hajimari.io/icon: "simple-icons:pypi" + hajimari.io/appName: "PyPI" + hajimari.io/group: "Infrastructure" + hajimari.io/info: "Python package cache (devpi)" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/grafana-config/ingress-tailscale.yaml b/argocd/manifests/grafana-config/ingress-tailscale.yaml index b72f8b9..07eaf3d 100644 --- a/argocd/manifests/grafana-config/ingress-tailscale.yaml +++ b/argocd/manifests/grafana-config/ingress-tailscale.yaml @@ -9,6 +9,12 @@ metadata: namespace: monitoring annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://grafana.ops.eblu.me" + hajimari.io/icon: "simple-icons:grafana" + hajimari.io/appName: "Grafana" + hajimari.io/group: "Observability" + hajimari.io/info: "Dashboards & metrics visualization" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/hajimari/ingress-tailscale.yaml b/argocd/manifests/hajimari/ingress-tailscale.yaml new file mode 100644 index 0000000..2b33c6b --- /dev/null +++ b/argocd/manifests/hajimari/ingress-tailscale.yaml @@ -0,0 +1,22 @@ +# Tailscale Ingress for Hajimari +# Exposes Hajimari at https://go.tail8d86e.ts.net with Let's Encrypt TLS +# Caddy proxies go.ops.eblu.me -> this endpoint +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: hajimari-tailscale + namespace: hajimari + annotations: + tailscale.com/proxy-class: "default" + # Don't show Hajimari in its own dashboard + hajimari.io/enable: "false" +spec: + ingressClassName: tailscale + defaultBackend: + service: + name: hajimari + port: + number: 3000 + tls: + - hosts: + - go diff --git a/argocd/manifests/hajimari/values.yaml b/argocd/manifests/hajimari/values.yaml new file mode 100644 index 0000000..94140ec --- /dev/null +++ b/argocd/manifests/hajimari/values.yaml @@ -0,0 +1,54 @@ +# Hajimari values for blumeops +# Service dashboard at go.ops.eblu.me + +# Page settings +hajimari: + title: BlumeOps + name: Erich + defaultEnable: true + + # Discover ingresses from all namespaces + namespaceSelector: + any: true + + # Non-k8s services (hosted on indri or LAN) + customApps: + - group: Infrastructure + apps: + - name: Forgejo + url: https://forge.ops.eblu.me + icon: simple-icons:forgejo + info: Git forge & CI/CD + - name: Registry + url: https://registry.ops.eblu.me + icon: mdi:docker + info: Container registry (Zot) + - name: Sifaka NAS + url: https://nas.ops.eblu.me + icon: simple-icons:synology + info: Synology NAS dashboard + + # Useful external bookmarks + globalBookmarks: + - group: Docs + bookmarks: + - name: Tailscale Admin + url: https://login.tailscale.com/admin + - name: 1Password + url: https://my.1password.com + - name: Pulumi + url: https://app.pulumi.com/eblume/blumeops-tailnet + +# Service account for reading ingresses across namespaces +serviceAccount: + create: true + +# Ingress is handled separately via ingress-tailscale.yaml +ingress: + main: + enabled: false + +# No persistence needed - config is in values.yaml +persistence: + data: + enabled: false diff --git a/argocd/manifests/immich/ingress-tailscale.yaml b/argocd/manifests/immich/ingress-tailscale.yaml index 007fb6c..d17163e 100644 --- a/argocd/manifests/immich/ingress-tailscale.yaml +++ b/argocd/manifests/immich/ingress-tailscale.yaml @@ -8,6 +8,12 @@ metadata: namespace: immich annotations: tailscale.com/funnel: "false" + hajimari.io/enable: "true" + hajimari.io/url: "https://photos.ops.eblu.me" + hajimari.io/icon: "mdi:image-multiple" + hajimari.io/appName: "Immich" + hajimari.io/group: "Apps" + hajimari.io/info: "Photo management" spec: ingressClassName: tailscale rules: diff --git a/argocd/manifests/kiwix/ingress-tailscale.yaml b/argocd/manifests/kiwix/ingress-tailscale.yaml index 67d96be..d301c47 100644 --- a/argocd/manifests/kiwix/ingress-tailscale.yaml +++ b/argocd/manifests/kiwix/ingress-tailscale.yaml @@ -6,6 +6,12 @@ metadata: namespace: kiwix annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://kiwix.ops.eblu.me" + hajimari.io/icon: "mdi:wikipedia" + hajimari.io/appName: "Kiwix" + hajimari.io/group: "Apps" + hajimari.io/info: "Offline Wikipedia & ZIM archives" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/loki/ingress-tailscale.yaml b/argocd/manifests/loki/ingress-tailscale.yaml index bee0148..ee51dcc 100644 --- a/argocd/manifests/loki/ingress-tailscale.yaml +++ b/argocd/manifests/loki/ingress-tailscale.yaml @@ -7,6 +7,12 @@ metadata: namespace: monitoring annotations: tailscale.com/funnel: "false" + hajimari.io/enable: "true" + hajimari.io/url: "https://loki.ops.eblu.me" + hajimari.io/icon: "mdi:text-box-search" + hajimari.io/appName: "Loki" + hajimari.io/group: "Observability" + hajimari.io/info: "Log aggregation" spec: ingressClassName: tailscale rules: diff --git a/argocd/manifests/miniflux/ingress-tailscale.yaml b/argocd/manifests/miniflux/ingress-tailscale.yaml index 8884c61..e039366 100644 --- a/argocd/manifests/miniflux/ingress-tailscale.yaml +++ b/argocd/manifests/miniflux/ingress-tailscale.yaml @@ -5,6 +5,12 @@ metadata: namespace: miniflux annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://feed.ops.eblu.me" + hajimari.io/icon: "mdi:rss" + hajimari.io/appName: "Miniflux" + hajimari.io/group: "Apps" + hajimari.io/info: "RSS feed reader" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/prometheus/ingress-tailscale.yaml b/argocd/manifests/prometheus/ingress-tailscale.yaml index 1aeaa34..3f3dbeb 100644 --- a/argocd/manifests/prometheus/ingress-tailscale.yaml +++ b/argocd/manifests/prometheus/ingress-tailscale.yaml @@ -7,6 +7,12 @@ metadata: namespace: monitoring annotations: tailscale.com/funnel: "false" + hajimari.io/enable: "true" + hajimari.io/url: "https://prometheus.ops.eblu.me" + hajimari.io/icon: "simple-icons:prometheus" + hajimari.io/appName: "Prometheus" + hajimari.io/group: "Observability" + hajimari.io/info: "Metrics collection & storage" spec: ingressClassName: tailscale rules: diff --git a/argocd/manifests/teslamate/ingress-tailscale.yaml b/argocd/manifests/teslamate/ingress-tailscale.yaml index 5480ba7..8ccfcf1 100644 --- a/argocd/manifests/teslamate/ingress-tailscale.yaml +++ b/argocd/manifests/teslamate/ingress-tailscale.yaml @@ -5,6 +5,12 @@ metadata: namespace: teslamate annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://tesla.ops.eblu.me" + hajimari.io/icon: "simple-icons:tesla" + hajimari.io/appName: "TeslaMate" + hajimari.io/group: "Apps" + hajimari.io/info: "Tesla data logger" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/torrent/ingress-tailscale.yaml b/argocd/manifests/torrent/ingress-tailscale.yaml index 87e0916..7b2225b 100644 --- a/argocd/manifests/torrent/ingress-tailscale.yaml +++ b/argocd/manifests/torrent/ingress-tailscale.yaml @@ -6,6 +6,12 @@ metadata: namespace: torrent annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://torrent.ops.eblu.me" + hajimari.io/icon: "mdi:download" + hajimari.io/appName: "Transmission" + hajimari.io/group: "Apps" + hajimari.io/info: "BitTorrent daemon" spec: ingressClassName: tailscale defaultBackend: