eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Deploy Mealie recipe manager #299

Merged
eblume merged 7 commits from deploy-mealie into main 2026-03-16 21:59:11 -07:00
Conversation 0 Commits 7 Files changed 22 +489 -3
eblume commented 2026-03-16 21:07:55 -07:00
Owner
Copy link

Summary

  • Deploy Mealie (self-hosted recipe manager) on minikube-indri via ArgoCD
  • Build container from source via forge mirror (mirrors/mealie) — multi-stage Dockerfile with Node.js frontend + Python/uv backend
  • Add Caddy proxy entry for meals.ops.eblu.me
  • Part of a larger meal planning pipeline: Mealie stores categorized recipes, a planner script selects balanced meals, and Ollama generates unified cooking timelines

Status

  • Mirror mealie repo on forge
  • Dockerfile (from-source build)
  • ArgoCD app + k8s manifests
  • Caddy proxy entry
  • Service docs, routing table, app registry
  • Local Dagger build test
  • Container build + push to registry
  • Update kustomization.yaml with real image tag
  • Deploy and verify
  • Provision Caddy

Test plan

  • Build container locally via dagger call build --src=. --container-name=mealie
  • Trigger CI build via mise run container-build-and-release mealie
  • Deploy from branch: argocd app set mealie --revision deploy-mealie && argocd app sync mealie
  • Verify Mealie UI at https://meals.ops.eblu.me
  • Verify API docs at https://meals.ops.eblu.me/docs
## Summary - Deploy Mealie (self-hosted recipe manager) on minikube-indri via ArgoCD - Build container from source via forge mirror (`mirrors/mealie`) — multi-stage Dockerfile with Node.js frontend + Python/uv backend - Add Caddy proxy entry for `meals.ops.eblu.me` - Part of a larger meal planning pipeline: Mealie stores categorized recipes, a planner script selects balanced meals, and Ollama generates unified cooking timelines ## Status - [x] Mirror mealie repo on forge - [x] Dockerfile (from-source build) - [x] ArgoCD app + k8s manifests - [x] Caddy proxy entry - [x] Service docs, routing table, app registry - [ ] Local Dagger build test - [ ] Container build + push to registry - [ ] Update kustomization.yaml with real image tag - [ ] Deploy and verify - [ ] Provision Caddy ## Test plan - Build container locally via `dagger call build --src=. --container-name=mealie` - Trigger CI build via `mise run container-build-and-release mealie` - Deploy from branch: `argocd app set mealie --revision deploy-mealie && argocd app sync mealie` - Verify Mealie UI at `https://meals.ops.eblu.me` - Verify API docs at `https://meals.ops.eblu.me/docs`
Deploy Mealie on minikube-indri for meal planning and prep automation.
Built from source via forge mirror (mirrors/mealie) with multi-stage
Dockerfile: Node.js frontend + Python/uv backend. Includes ArgoCD app,
k8s manifests, Caddy proxy entry, and service documentation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Configure Mealie as a public PKCE client in Authentik. Mealie's OIDC
flow runs client-side (Vue.js SPA) so it uses PKCE instead of a
client_secret. No 1Password secret or ExternalSecret needed.

- Add mealie.yaml blueprint to Authentik configmap (public client, admins group)
- Add OIDC env vars to Mealie deployment
- Update service docs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove admins-only policy binding from Mealie app. Any authenticated
Authentik user can log in (account auto-created). Mealie's
OIDC_ADMIN_GROUP=admins handles admin privilege mapping internally.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add before_backup hook to borgmatic: kubectl exec + python3 sqlite3
  .backup to safely dump the database, then kubectl cp to host
- Include k8s-dumps directory in borgmatic source_directories
- Generic pattern: borgmatic_k8s_sqlite_dumps list in defaults
- Fix PVC storageClassName: standard (not local-path) on minikube
- Set container image tag to v3.12.0-5c5fd18 from CI build

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- mealie.md: fix storageClassName to standard, add auth/backup sections
- borgmatic.md: document k8s SQLite dump pattern and mealie entry
- federated-login.md: remove ArgoCD from future work (already done),
  add mealie to related links

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mealie requires OIDC_CLIENT_SECRET even though its docs say "public
client with PKCE". The token exchange happens server-side in Mealie's
Python backend, so the secret never reaches the browser.

- Generate client secret, store in 1Password
- Add to Authentik external-secret and worker env
- Switch blueprint from public to confidential
- Add ExternalSecret for mealie namespace
- Update docs to reflect confidential client

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
eblume merged commit 11330ebea0 into main 2026-03-16 21:59:11 -07:00
eblume referenced this pull request from a commit 2026-03-16 21:59:13 -07:00
Deploy Mealie recipe manager (#299)
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
eblume/blumeops!299
No description provided.