Erich Blume 4c5e7d763d Review deploy-jobsync doc: add missing env var, update tag example

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-13 15:45:07 -07:00

title

modified

last-reviewed

Deploy JobSync

JobSync is a self-hosted job application tracker (Next.js + Prisma/SQLite) running on ringtail's k3s cluster via ArgoCD.

Manifests

All in argocd/manifests/jobsync/:

File	Purpose
`deployment.yaml`	Single-replica deployment
`service.yaml`	ClusterIP on port 3000
`ingress-tailscale.yaml`	Tailscale Ingress (ProxyGroup)
`pvc.yaml`	5Gi local-path for `/data`
`external-secret.yaml`	`auth_secret` + `encryption_key` from 1Password
`kustomization.yaml`	Image tag override

Variable	Source	Purpose
`DATABASE_URL`	Hardcoded	`file:/data/dev.db`
`AUTH_SECRET`	ExternalSecret	NextAuth session signing
`ENCRYPTION_KEY`	ExternalSecret	AES-256-GCM for stored API keys
`NEXTAUTH_URL`	Hardcoded	`https://jobsync.ops.eblu.me`
`AUTH_TRUST_HOST`	Hardcoded	`true`
`NEXT_TELEMETRY_DISABLED`	Hardcoded	`1` (opt out of Next.js telemetry)
`TZ`	Hardcoded	`America/Los_Angeles`
`OLLAMA_BASE_URL`	Hardcoded	`http://ollama.ollama.svc.cluster.local:11434`
`RAPIDAPI_KEY`	ExternalSecret	JSearch job search API key

Build and push: mise run container-release jobsync <version>
Update newTag in kustomization.yaml to the full tag (e.g. v1.1.4-3a811fb-nix)
Sync: argocd app sync jobsync

See build-jobsync-container for nix build details.

1Password item: "JobSync" in blumeops vault, fields auth_secret, encryption_key, and rapidapi_key
Caddy route: jobsync.ops.eblu.me → https://jobsync.tail8d86e.ts.net (in ansible/roles/caddy/defaults/main.yml)
service-versions.yaml: Must have a jobsync entry or the pre-commit hook rejects container changes

JobSync has no metrics endpoint. Logs are collected by Alloy on ringtail and shipped to Loki. Query in Grafana:

{namespace="jobsync", app="jobsync"}

The app runs a scheduled job search daily at 4 AM. Search failures appear in logs during those executions.