eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Deploy Mealie recipe manager #299

Merged
eblume merged 7 commits from deploy-mealie into main 2026-03-16 21:59:11 -07:00
Conversation 0 Commits 7 Files changed 22 +19 -5
3 changed files with 19 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 7dce0abbb9 - Show all commits

Update docs: fix mealie storageClass, borgmatic SQLite backups, federated-login

Prev Next 
- mealie.md: fix storageClassName to standard, add auth/backup sections
- borgmatic.md: document k8s SQLite dump pattern and mealie entry
- federated-login.md: remove ArgoCD from future work (already done),
  add mealie to related links

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Erich Blume 2026-03-16 21:38:36 -07:00
commit 7dce0abbb9

3
docs/explanation/federated-login.md
View file

@ -76,11 +76,12 @@ Authentik enforces TOTP MFA on its default authentication flow (`not_configured_
## Future Work
- **Additional services:** ArgoCD, Miniflux, Immich
- **Additional services:** Miniflux, Immich
## Related
- [[authentik]] - OIDC identity provider reference
- [[grafana]] - First OIDC client
- [[mealie]] - Recipe manager (public PKCE client)
- [[security-model]] - Network security and access control
- [[deploy-authentik]] - Deployment how-to

8
docs/reference/services/borgmatic.md
View file

@ -1,6 +1,6 @@
---
title: Borgmatic
modified: 2026-02-10
modified: 2026-03-16
tags:
- service
- backup
@ -26,11 +26,15 @@ Daily backup system using Borg backup, running on indri.
- `/opt/homebrew/var/forgejo` - Git forge data
- `~/.config/borgmatic` - Borgmatic config
- `~/Documents` - Personal documents
- `~/.local/share/borgmatic/k8s-dumps/` - SQLite dumps from k8s pods
**Databases:**
**PostgreSQL databases:**
- `miniflux` on [[postgresql]]
- `teslamate` on [[postgresql]]
**K8s SQLite databases (pre-backup dump via kubectl exec):**
- [[mealie]] - Recipe manager (`/app/data/mealie.db`)
**Not backed up (by design):**
- ZIM archives (re-downloadable)
- Prometheus metrics (ephemeral)

13
docs/reference/services/mealie.md
View file

@ -32,12 +32,20 @@ Self-hosted recipe manager with a REST API. Part of the meal planning pipeline:
- API token auth for automation
- OIDC login via [[authentik]] (public client with PKCE)
## Authentication
OIDC via [[authentik]] using a public client with PKCE (no client secret needed). All Authentik users can log in; members of the `admins` group get Mealie admin privileges via `OIDC_ADMIN_GROUP`.
## Storage
- 2Gi PVC at `/app/data/` via `local-path` storageClassName
- SQLite database (sufficient for single-user, no network storage concerns on minikube)
- 2Gi PVC at `/app/data/` via `standard` storageClassName (minikube-hostpath)
- SQLite database (sufficient for single-user)
- Recipe images and assets stored alongside the database
## Backup
SQLite database backed up via [[borgmatic]]'s `before_backup` hook. Borgmatic runs `kubectl exec` to create a safe `.backup` copy (via Python's `sqlite3` module), then `kubectl cp` to the host. The dump lands in `~/.local/share/borgmatic/k8s-dumps/mealie.db` and is included in both local (sifaka) and offsite (BorgBase) backups.
## Networking
| Endpoint | Reachable from |
@ -48,5 +56,6 @@ Self-hosted recipe manager with a REST API. Part of the meal planning pipeline:
## Related
- [[authentik]] — OIDC identity provider
- [[ollama]] — LLM backend for meal timeline generation
- [[borgmatic]] — Data backup