From e3451cd04dd340cb4dc6f46dde30b1c98f27f3b3 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Thu, 29 Jan 2026 15:40:22 -0800 Subject: [PATCH 1/4] Add Hajimari service dashboard at go.ops.eblu.me - Add Hajimari ArgoCD application and Helm values - Configure auto-discovery from k8s ingresses - Add custom apps for non-k8s services: Forge, Registry, Sifaka NAS - Add hajimari.io annotations to all ingresses with ops.eblu.me URLs - Add Caddy proxy entries for go.ops.eblu.me and nas.ops.eblu.me Co-Authored-By: Claude Opus 4.5 --- ansible/roles/caddy/defaults/main.yml | 6 +++ argocd/apps/hajimari.yaml | 32 +++++++++++ .../manifests/argocd/service-tailscale.yaml | 6 +++ argocd/manifests/devpi/ingress-tailscale.yaml | 6 +++ .../grafana-config/ingress-tailscale.yaml | 6 +++ .../manifests/hajimari/ingress-tailscale.yaml | 22 ++++++++ argocd/manifests/hajimari/values.yaml | 54 +++++++++++++++++++ .../manifests/immich/ingress-tailscale.yaml | 6 +++ argocd/manifests/kiwix/ingress-tailscale.yaml | 6 +++ argocd/manifests/loki/ingress-tailscale.yaml | 6 +++ .../manifests/miniflux/ingress-tailscale.yaml | 6 +++ .../prometheus/ingress-tailscale.yaml | 6 +++ .../teslamate/ingress-tailscale.yaml | 6 +++ .../manifests/torrent/ingress-tailscale.yaml | 6 +++ 14 files changed, 174 insertions(+) create mode 100644 argocd/apps/hajimari.yaml create mode 100644 argocd/manifests/hajimari/ingress-tailscale.yaml create mode 100644 argocd/manifests/hajimari/values.yaml diff --git a/ansible/roles/caddy/defaults/main.yml b/ansible/roles/caddy/defaults/main.yml index 105b139..34dc7fb 100644 --- a/ansible/roles/caddy/defaults/main.yml +++ b/ansible/roles/caddy/defaults/main.yml @@ -61,6 +61,12 @@ caddy_services: - name: immich host: "photos.{{ caddy_domain }}" backend: "https://photos.tail8d86e.ts.net" + - name: hajimari + host: "go.{{ caddy_domain }}" + backend: "https://go.tail8d86e.ts.net" + - name: sifaka + host: "nas.{{ caddy_domain }}" + backend: "http://sifaka:5000" # Layer 4 (TCP) services # Format: { port: external_port, backend: "host:port" } diff --git a/argocd/apps/hajimari.yaml b/argocd/apps/hajimari.yaml new file mode 100644 index 0000000..51f1ece --- /dev/null +++ b/argocd/apps/hajimari.yaml @@ -0,0 +1,32 @@ +# Hajimari - Service Dashboard / Start Page +# +# Chart mirrored from https://github.com/toboshii/hajimari to forge +# +# Auto-discovers k8s services via ingress annotations and displays +# custom apps for non-k8s services (Forge, Registry, NAS). +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: hajimari + namespace: argocd +spec: + project: default + sources: + # Helm chart from forge mirror (SSH via egress) + - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/hajimari.git + targetRevision: main + path: charts/hajimari + helm: + releaseName: hajimari + valueFiles: + - $values/argocd/manifests/hajimari/values.yaml + # Values from our git repo + - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git + targetRevision: main + ref: values + destination: + server: https://kubernetes.default.svc + namespace: hajimari + syncPolicy: + syncOptions: + - CreateNamespace=true diff --git a/argocd/manifests/argocd/service-tailscale.yaml b/argocd/manifests/argocd/service-tailscale.yaml index 2fc4ce0..f54c345 100644 --- a/argocd/manifests/argocd/service-tailscale.yaml +++ b/argocd/manifests/argocd/service-tailscale.yaml @@ -11,6 +11,12 @@ metadata: namespace: argocd annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://argocd.ops.eblu.me" + hajimari.io/icon: "simple-icons:argo" + hajimari.io/appName: "ArgoCD" + hajimari.io/group: "Infrastructure" + hajimari.io/info: "GitOps continuous delivery" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/devpi/ingress-tailscale.yaml b/argocd/manifests/devpi/ingress-tailscale.yaml index 8f37d17..808a34a 100644 --- a/argocd/manifests/devpi/ingress-tailscale.yaml +++ b/argocd/manifests/devpi/ingress-tailscale.yaml @@ -5,6 +5,12 @@ metadata: namespace: devpi annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://pypi.ops.eblu.me" + hajimari.io/icon: "simple-icons:pypi" + hajimari.io/appName: "PyPI" + hajimari.io/group: "Infrastructure" + hajimari.io/info: "Python package cache (devpi)" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/grafana-config/ingress-tailscale.yaml b/argocd/manifests/grafana-config/ingress-tailscale.yaml index b72f8b9..07eaf3d 100644 --- a/argocd/manifests/grafana-config/ingress-tailscale.yaml +++ b/argocd/manifests/grafana-config/ingress-tailscale.yaml @@ -9,6 +9,12 @@ metadata: namespace: monitoring annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://grafana.ops.eblu.me" + hajimari.io/icon: "simple-icons:grafana" + hajimari.io/appName: "Grafana" + hajimari.io/group: "Observability" + hajimari.io/info: "Dashboards & metrics visualization" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/hajimari/ingress-tailscale.yaml b/argocd/manifests/hajimari/ingress-tailscale.yaml new file mode 100644 index 0000000..2b33c6b --- /dev/null +++ b/argocd/manifests/hajimari/ingress-tailscale.yaml @@ -0,0 +1,22 @@ +# Tailscale Ingress for Hajimari +# Exposes Hajimari at https://go.tail8d86e.ts.net with Let's Encrypt TLS +# Caddy proxies go.ops.eblu.me -> this endpoint +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: hajimari-tailscale + namespace: hajimari + annotations: + tailscale.com/proxy-class: "default" + # Don't show Hajimari in its own dashboard + hajimari.io/enable: "false" +spec: + ingressClassName: tailscale + defaultBackend: + service: + name: hajimari + port: + number: 3000 + tls: + - hosts: + - go diff --git a/argocd/manifests/hajimari/values.yaml b/argocd/manifests/hajimari/values.yaml new file mode 100644 index 0000000..94140ec --- /dev/null +++ b/argocd/manifests/hajimari/values.yaml @@ -0,0 +1,54 @@ +# Hajimari values for blumeops +# Service dashboard at go.ops.eblu.me + +# Page settings +hajimari: + title: BlumeOps + name: Erich + defaultEnable: true + + # Discover ingresses from all namespaces + namespaceSelector: + any: true + + # Non-k8s services (hosted on indri or LAN) + customApps: + - group: Infrastructure + apps: + - name: Forgejo + url: https://forge.ops.eblu.me + icon: simple-icons:forgejo + info: Git forge & CI/CD + - name: Registry + url: https://registry.ops.eblu.me + icon: mdi:docker + info: Container registry (Zot) + - name: Sifaka NAS + url: https://nas.ops.eblu.me + icon: simple-icons:synology + info: Synology NAS dashboard + + # Useful external bookmarks + globalBookmarks: + - group: Docs + bookmarks: + - name: Tailscale Admin + url: https://login.tailscale.com/admin + - name: 1Password + url: https://my.1password.com + - name: Pulumi + url: https://app.pulumi.com/eblume/blumeops-tailnet + +# Service account for reading ingresses across namespaces +serviceAccount: + create: true + +# Ingress is handled separately via ingress-tailscale.yaml +ingress: + main: + enabled: false + +# No persistence needed - config is in values.yaml +persistence: + data: + enabled: false diff --git a/argocd/manifests/immich/ingress-tailscale.yaml b/argocd/manifests/immich/ingress-tailscale.yaml index 007fb6c..d17163e 100644 --- a/argocd/manifests/immich/ingress-tailscale.yaml +++ b/argocd/manifests/immich/ingress-tailscale.yaml @@ -8,6 +8,12 @@ metadata: namespace: immich annotations: tailscale.com/funnel: "false" + hajimari.io/enable: "true" + hajimari.io/url: "https://photos.ops.eblu.me" + hajimari.io/icon: "mdi:image-multiple" + hajimari.io/appName: "Immich" + hajimari.io/group: "Apps" + hajimari.io/info: "Photo management" spec: ingressClassName: tailscale rules: diff --git a/argocd/manifests/kiwix/ingress-tailscale.yaml b/argocd/manifests/kiwix/ingress-tailscale.yaml index 67d96be..d301c47 100644 --- a/argocd/manifests/kiwix/ingress-tailscale.yaml +++ b/argocd/manifests/kiwix/ingress-tailscale.yaml @@ -6,6 +6,12 @@ metadata: namespace: kiwix annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://kiwix.ops.eblu.me" + hajimari.io/icon: "mdi:wikipedia" + hajimari.io/appName: "Kiwix" + hajimari.io/group: "Apps" + hajimari.io/info: "Offline Wikipedia & ZIM archives" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/loki/ingress-tailscale.yaml b/argocd/manifests/loki/ingress-tailscale.yaml index bee0148..ee51dcc 100644 --- a/argocd/manifests/loki/ingress-tailscale.yaml +++ b/argocd/manifests/loki/ingress-tailscale.yaml @@ -7,6 +7,12 @@ metadata: namespace: monitoring annotations: tailscale.com/funnel: "false" + hajimari.io/enable: "true" + hajimari.io/url: "https://loki.ops.eblu.me" + hajimari.io/icon: "mdi:text-box-search" + hajimari.io/appName: "Loki" + hajimari.io/group: "Observability" + hajimari.io/info: "Log aggregation" spec: ingressClassName: tailscale rules: diff --git a/argocd/manifests/miniflux/ingress-tailscale.yaml b/argocd/manifests/miniflux/ingress-tailscale.yaml index 8884c61..e039366 100644 --- a/argocd/manifests/miniflux/ingress-tailscale.yaml +++ b/argocd/manifests/miniflux/ingress-tailscale.yaml @@ -5,6 +5,12 @@ metadata: namespace: miniflux annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://feed.ops.eblu.me" + hajimari.io/icon: "mdi:rss" + hajimari.io/appName: "Miniflux" + hajimari.io/group: "Apps" + hajimari.io/info: "RSS feed reader" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/prometheus/ingress-tailscale.yaml b/argocd/manifests/prometheus/ingress-tailscale.yaml index 1aeaa34..3f3dbeb 100644 --- a/argocd/manifests/prometheus/ingress-tailscale.yaml +++ b/argocd/manifests/prometheus/ingress-tailscale.yaml @@ -7,6 +7,12 @@ metadata: namespace: monitoring annotations: tailscale.com/funnel: "false" + hajimari.io/enable: "true" + hajimari.io/url: "https://prometheus.ops.eblu.me" + hajimari.io/icon: "simple-icons:prometheus" + hajimari.io/appName: "Prometheus" + hajimari.io/group: "Observability" + hajimari.io/info: "Metrics collection & storage" spec: ingressClassName: tailscale rules: diff --git a/argocd/manifests/teslamate/ingress-tailscale.yaml b/argocd/manifests/teslamate/ingress-tailscale.yaml index 5480ba7..8ccfcf1 100644 --- a/argocd/manifests/teslamate/ingress-tailscale.yaml +++ b/argocd/manifests/teslamate/ingress-tailscale.yaml @@ -5,6 +5,12 @@ metadata: namespace: teslamate annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://tesla.ops.eblu.me" + hajimari.io/icon: "simple-icons:tesla" + hajimari.io/appName: "TeslaMate" + hajimari.io/group: "Apps" + hajimari.io/info: "Tesla data logger" spec: ingressClassName: tailscale defaultBackend: diff --git a/argocd/manifests/torrent/ingress-tailscale.yaml b/argocd/manifests/torrent/ingress-tailscale.yaml index 87e0916..7b2225b 100644 --- a/argocd/manifests/torrent/ingress-tailscale.yaml +++ b/argocd/manifests/torrent/ingress-tailscale.yaml @@ -6,6 +6,12 @@ metadata: namespace: torrent annotations: tailscale.com/proxy-class: "default" + hajimari.io/enable: "true" + hajimari.io/url: "https://torrent.ops.eblu.me" + hajimari.io/icon: "mdi:download" + hajimari.io/appName: "Transmission" + hajimari.io/group: "Apps" + hajimari.io/info: "BitTorrent daemon" spec: ingressClassName: tailscale defaultBackend: -- 2.50.1 (Apple Git-155) From 4dfe664bb045be0f16a6201d8160f271c95cea98 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Thu, 29 Jan 2026 15:43:50 -0800 Subject: [PATCH 2/4] Use upstream Hajimari Helm repo instead of forge mirror The forge mirror was missing the bjw-s/common dependency chart. Using the upstream Helm repo at https://hajimari.io resolves this. Co-Authored-By: Claude Opus 4.5 --- argocd/apps/hajimari.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/argocd/apps/hajimari.yaml b/argocd/apps/hajimari.yaml index 51f1ece..5eda4d2 100644 --- a/argocd/apps/hajimari.yaml +++ b/argocd/apps/hajimari.yaml @@ -1,6 +1,6 @@ # Hajimari - Service Dashboard / Start Page # -# Chart mirrored from https://github.com/toboshii/hajimari to forge +# Using upstream Helm chart from https://hajimari.io # # Auto-discovers k8s services via ingress annotations and displays # custom apps for non-k8s services (Forge, Registry, NAS). @@ -12,10 +12,10 @@ metadata: spec: project: default sources: - # Helm chart from forge mirror (SSH via egress) - - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/hajimari.git - targetRevision: main - path: charts/hajimari + # Helm chart from upstream repo + - repoURL: https://hajimari.io + chart: hajimari + targetRevision: 2.0.2 helm: releaseName: hajimari valueFiles: -- 2.50.1 (Apple Git-155) From 116f949f86b33e1b90461f123384518bb2dd3fd2 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Thu, 29 Jan 2026 15:46:19 -0800 Subject: [PATCH 3/4] Enable Tailscale ingress via Helm values Move ingress config from separate file into Helm values.yaml. Co-Authored-By: Claude Opus 4.5 --- .../manifests/hajimari/ingress-tailscale.yaml | 22 ------------------- argocd/manifests/hajimari/values.yaml | 16 ++++++++++++-- 2 files changed, 14 insertions(+), 24 deletions(-) delete mode 100644 argocd/manifests/hajimari/ingress-tailscale.yaml diff --git a/argocd/manifests/hajimari/ingress-tailscale.yaml b/argocd/manifests/hajimari/ingress-tailscale.yaml deleted file mode 100644 index 2b33c6b..0000000 --- a/argocd/manifests/hajimari/ingress-tailscale.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Tailscale Ingress for Hajimari -# Exposes Hajimari at https://go.tail8d86e.ts.net with Let's Encrypt TLS -# Caddy proxies go.ops.eblu.me -> this endpoint -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: hajimari-tailscale - namespace: hajimari - annotations: - tailscale.com/proxy-class: "default" - # Don't show Hajimari in its own dashboard - hajimari.io/enable: "false" -spec: - ingressClassName: tailscale - defaultBackend: - service: - name: hajimari - port: - number: 3000 - tls: - - hosts: - - go diff --git a/argocd/manifests/hajimari/values.yaml b/argocd/manifests/hajimari/values.yaml index 94140ec..9457794 100644 --- a/argocd/manifests/hajimari/values.yaml +++ b/argocd/manifests/hajimari/values.yaml @@ -43,10 +43,22 @@ hajimari: serviceAccount: create: true -# Ingress is handled separately via ingress-tailscale.yaml +# Tailscale Ingress - exposes at go.tail8d86e.ts.net +# Caddy will proxy go.ops.eblu.me to this ingress: main: - enabled: false + enabled: true + className: tailscale + annotations: + hajimari.io/enable: "false" + hosts: + - host: go + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - go # No persistence needed - config is in values.yaml persistence: -- 2.50.1 (Apple Git-155) From c4dcd99a7d02eb667d2e7c934cfe7e64f67286d4 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Thu, 29 Jan 2026 15:47:28 -0800 Subject: [PATCH 4/4] Fix ingress class field name (ingressClassName not className) Co-Authored-By: Claude Opus 4.5 --- argocd/manifests/hajimari/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd/manifests/hajimari/values.yaml b/argocd/manifests/hajimari/values.yaml index 9457794..e8b12a2 100644 --- a/argocd/manifests/hajimari/values.yaml +++ b/argocd/manifests/hajimari/values.yaml @@ -48,7 +48,7 @@ serviceAccount: ingress: main: enabled: true - className: tailscale + ingressClassName: tailscale annotations: hajimari.io/enable: "false" hosts: -- 2.50.1 (Apple Git-155)