From 0da6a0833b3c5747191832489f3a31eab6baf32d Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 8 Feb 2026 22:04:30 -0800 Subject: [PATCH 1/2] Fix Immich Ingress host matching, add missing service checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove explicit host: field from Immich Ingress — same ProxyGroup FQDN mismatch as Prometheus and Loki. Add Immich and Navidrome to services-check HTTP endpoints. Co-Authored-By: Claude Opus 4.6 --- argocd/manifests/immich/ingress-tailscale.yaml | 3 +-- mise-tasks/services-check | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/argocd/manifests/immich/ingress-tailscale.yaml b/argocd/manifests/immich/ingress-tailscale.yaml index 2a9e86d..673b510 100644 --- a/argocd/manifests/immich/ingress-tailscale.yaml +++ b/argocd/manifests/immich/ingress-tailscale.yaml @@ -25,8 +25,7 @@ metadata: spec: ingressClassName: tailscale rules: - - host: photos - http: + - http: paths: - path: / pathType: Prefix diff --git a/mise-tasks/services-check b/mise-tasks/services-check index 67f2c65..ef2b57b 100755 --- a/mise-tasks/services-check +++ b/mise-tasks/services-check @@ -77,6 +77,8 @@ check_http "Miniflux" "https://feed.ops.eblu.me/healthcheck" check_http "TeslaMate" "https://tesla.ops.eblu.me/" check_http "Devpi" "https://pypi.ops.eblu.me/+api" check_http "Transmission" "https://torrent.ops.eblu.me/" +check_http "Immich" "https://photos.ops.eblu.me/" +check_http "Navidrome" "https://dj.ops.eblu.me/" echo "" echo "Public services (via Fly.io):" -- 2.50.1 (Apple Git-155) From eb3957fed663d1ab316296c3feecee5b1e6f2808 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 8 Feb 2026 22:06:53 -0800 Subject: [PATCH 2/2] Migrate Homepage Ingress to shared ProxyGroup Disable Helm-managed Ingress (chart doesn't support tailscale.com/* annotations) and create a separate ingress-tailscale.yaml with proxy-group annotation, matching the pattern used by all other services. Co-Authored-By: Claude Opus 4.6 --- .../manifests/homepage/ingress-tailscale.yaml | 27 +++++++++++++++++++ argocd/manifests/homepage/values.yaml | 17 +++--------- 2 files changed, 30 insertions(+), 14 deletions(-) create mode 100644 argocd/manifests/homepage/ingress-tailscale.yaml diff --git a/argocd/manifests/homepage/ingress-tailscale.yaml b/argocd/manifests/homepage/ingress-tailscale.yaml new file mode 100644 index 0000000..ccc9f7e --- /dev/null +++ b/argocd/manifests/homepage/ingress-tailscale.yaml @@ -0,0 +1,27 @@ +# Tailscale Ingress for Homepage +# Exposes at go.tail8d86e.ts.net +# Caddy proxies go.ops.eblu.me to this +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: homepage-tailscale + namespace: homepage + annotations: + tailscale.com/funnel: "false" + tailscale.com/proxy-group: "ingress" + gethomepage.dev/enabled: "false" +spec: + ingressClassName: tailscale + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: homepage + port: + number: 3000 + tls: + - hosts: + - go diff --git a/argocd/manifests/homepage/values.yaml b/argocd/manifests/homepage/values.yaml index fd08839..15b7e57 100644 --- a/argocd/manifests/homepage/values.yaml +++ b/argocd/manifests/homepage/values.yaml @@ -7,22 +7,11 @@ enableRbac: true serviceAccount: create: true -# Tailscale Ingress - exposes at go.tail8d86e.ts.net -# Caddy proxies go.ops.eblu.me to this +# Tailscale Ingress is managed separately in ingress-tailscale.yaml +# (Helm chart template doesn't support tailscale.com/* annotations) ingress: main: - enabled: true - ingressClassName: tailscale - annotations: - gethomepage.dev/enabled: "false" - hosts: - - host: go - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - go + enabled: false env: - name: HOMEPAGE_ALLOWED_HOSTS -- 2.50.1 (Apple Git-155)