eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
971 commits 79 branches 160 tags 8.6 MiB
Commit graph

6 commits

Author SHA1 Message Date
Erich Blume
b87f62e0f5 C1: nix-build homepage container for amd64 ringtail migration 
Replace Dockerfile (arm64-only, indri-built) with a nix derivation
adapted from nixpkgs pkgs/by-name/ho/homepage-dashboard. Built via the
nix-container-builder runner on ringtail, producing an amd64 image
suitable for k3s.

Includes the upstream Next.js file-system-cache patch to avoid
prerender cache write failures on a read-only nix store path
(nixpkgs issues #328621 and #458494).

Pinned to v1.11.0 (current production version).
 2026-05-10 20:32:38 -07:00
Erich Blume
e375859221 Upgrade Homepage container to v1.11.0
All checks were successful
Build Container / detect (push) Successful in 3s
Details
Build Container / build-dockerfile (homepage) (push) Successful in 5m47s
Details 
Minor release with new widgets (Tracearr, SparklyFitness), Seerr rename,
and dependency bumps. No breaking changes for our config.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-26 10:17:36 -07:00
Erich Blume
613f05dfde Add consistent OCI labels to all container Dockerfiles
All checks were successful
Build Container (Nix) / build (miniflux) (push) Successful in 2s
Details
Build Container (Nix) / build (navidrome) (push) Successful in 2s
Details
Build Container / build (devpi) (push) Successful in 41s
Details
Build Container (Nix) / build (nettest) (push) Successful in 15s
Details
Build Container / build (grafana-sidecar) (push) Successful in 1m27s
Details
Build Container / build (grafana) (push) Successful in 3m23s
Details
Build Container (Nix) / build (ntfy) (push) Successful in 3m19s
Details
Build Container (Nix) / build (prometheus) (push) Successful in 1s
Details
Build Container (Nix) / build (quartz) (push) Successful in 1s
Details
Build Container (Nix) / build (runner-job-image) (push) Successful in 1s
Details
Build Container (Nix) / build (teslamate) (push) Successful in 2s
Details
Build Container (Nix) / build (transmission) (push) Successful in 2s
Details
Build Container (Nix) / build (transmission-exporter) (push) Successful in 1s
Details
Build Container (Nix) / build (unpoller) (push) Successful in 1s
Details
Build Container / build (kiwix-serve) (push) Successful in 1m17s
Details
Build Container / build (kubectl) (push) Successful in 41s
Details
Build Container / build (homepage) (push) Successful in 8m21s
Details
Build Container / build (mealie) (push) Successful in 1m1s
Details
Build Container / build (loki) (push) Successful in 8m21s
Details
Build Container / build (miniflux) (push) Successful in 2m24s
Details
Build Container / build (nettest) (push) Successful in 14s
Details
Build Container / build (ntfy) (push) Successful in 8m33s
Details
Build Container / build (prometheus) (push) Successful in 37s
Details
Build Container / build (quartz) (push) Successful in 19s
Details
Build Container / build (navidrome) (push) Successful in 10m36s
Details
Build Container / build (runner-job-image) (push) Successful in 3m18s
Details
Build Container / build (transmission) (push) Successful in 20s
Details
Build Container / build (transmission-exporter) (push) Successful in 21s
Details
Build Container / build (unpoller) (push) Successful in 11s
Details
Build Container / build (teslamate) (push) Successful in 4m42s
Details 
Every container now carries title, description, version, source, and
vendor labels per the OCI image spec. Version is derived from the
existing CONTAINER_APP_VERSION ARG at build time.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 20:42:00 -07:00
Erich Blume
cd578144f7 Migrate upstream mirrors to mirrors/ Forgejo org (#265)
All checks were successful
Build Container (Nix) / detect (push) Successful in 2s
Details
Build Container (Nix) / build (homepage) (push) Successful in 3s
Details
Build Container (Nix) / build (navidrome) (push) Successful in 3s
Details
Build Container (Nix) / build (ntfy) (push) Successful in 8s
Details
Build Container / detect (push) Successful in 42s
Details
Build Container / build (navidrome) (push) Successful in 9m37s
Details
Build Container / build (homepage) (push) Successful in 9m56s
Details
Build Container / build (ntfy) (push) Successful in 2m35s
Details 
## Summary

- Created `mirrors` Forgejo organization for upstream mirror repos
- Transferred 22 mirror repos from `eblume/` to `mirrors/` (mirror sync config preserved)
- Deleted unused repos: hajimari, hister
- Updated all container build URLs (homepage, navidrome, ntfy Dockerfiles + nix)
- Updated documentation references (migrate-forgejo-from-brew, upstream-fork-strategy, fix-ntfy-nix-version)
- `dotfiles` intentionally kept under `eblume/` per user request
- `devpi` transferred to `mirrors/`

Repos remaining under `eblume/`: blumeops, cv, mcquack, dotfiles

## Cleanup TODO

- [ ] Delete temp Forgejo API token "claude-migration-temp" (Settings > Applications)

## Test Plan

- [x] Verified mirror config (mirror=true, original_url) survived transfer on test repo (tesla_auth)
- [x] All pre-commit hooks pass (including container-version-check, docs-check-links)
- [ ] Verify a mirror repo sync runs successfully after transfer (check mirrors/authentik or similar)
- [ ] Rebuild containers from branch to verify Dockerfile URLs resolve

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/265
 2026-02-24 20:43:14 -08:00
Erich Blume
0e2c10176d Harden zot registry, pt 1 (#231) 
## Summary
- Enable OIDC + API key authentication on zot with anonymous pull preserved
- Enforce tag immutability for version tags
- Adopt commit-SHA-based container image tagging

Details in the [[harden-zot-registry]] Mikado chain (`mise run docs-mikado harden-zot-registry`).

## Test plan
- [ ] Anonymous pull still works
- [ ] Unauthenticated push fails (401)
- [ ] CI container builds pass with new auth and tagging
- [ ] `mise run services-check` passes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/231
 2026-02-20 22:50:01 -08:00
Erich Blume
b876e39981 Replace Homepage Helm chart with kustomize manifests and custom Dockerfile (#221) 
## Summary
- Replace third-party Helm chart (jameswynn/homepage v2.1.0, pinned at app v1.2.0) with plain kustomize manifests and a custom Dockerfile building from forge mirror at v1.10.1
- Adds Dockerfile (`containers/homepage/`) with multi-stage build (node:22-slim builder, node:22-alpine runtime)
- Creates kustomize manifests: Deployment, Service, ConfigMap (6 config files), ServiceAccount, ClusterRole, ClusterRoleBinding
- Keeps existing ingress-tailscale.yaml and all 6 ExternalSecret resources unchanged
- Updates ArgoCD app definition from multi-source Helm to single directory source

## Prerequisite
- Homepage source mirrored at forge.ops.eblu.me/eblume/homepage.git 
- Container must be built and pushed before syncing: `mise run container-release homepage v1.10.1`

## Deployment and Testing
- [ ] Build and push container image: `mise run container-release homepage v1.10.1`
- [ ] Branch-test via ArgoCD: `argocd app set homepage --revision feature/homepage-kustomize && argocd app sync homepage`
- [ ] Verify dashboard loads at go.ops.eblu.me / go.tail8d86e.ts.net
- [ ] Verify k8s autodiscovery works (services appear on dashboard)
- [ ] Verify widgets load (weather, Forgejo, Jellyfin, etc.)
- [ ] After merge: `argocd app set homepage --revision main && argocd app sync homepage`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/221
 2026-02-19 18:29:19 -08:00