Erich Blume a2f1e06224 Add hephaestus sync hub to indri (launchagent, PWA, device-code OIDC) (#369) ... Makes indri the canonical **heph** hub for the hub-and-spoke task/context system, deployed as a self-updating LaunchAgent managed by Ansible. Other devices (gilbert) attach as offline-capable spokes. ## What's here - **`ansible/roles/heph`** (tag `heph`) — bootstrap `cargo install hephd` (only if absent; `--self-update` keeps it current after), version-pinned `heph-pwa` checkout served via `--web-root`, launchagent `mcquack.eblume.heph`: ``` hephd --mode server --http-addr 0.0.0.0:8787 --db … --web-root … --oidc-issuer …/o/heph/ --oidc-audience heph --self-update --self-update-interval-secs 600 ``` `~/.cargo/bin` is on the agent `PATH` so self-update's `cargo install` works. - **Caddy** — `heph.ops.eblu.me → localhost:8787` (TLS for the PWA secure context). - **Authentik** — new `heph` **public device-code** OIDC app + `default-device-code-flow` bound to the default brand's `flow_device_code` (verified live: brand `authentik-default`, field currently unset → additive). - **Docs** — `services/hephaestus.md` (Path-A seeding runbook + spoke caveat), `indri.md`, changelog fragment. ## Three features requested - **Autoupdate** — 10-min interval (`--self-update-interval-secs 600`). - **PWA** — `--web-root` (confirmed shipped in v1.2.0). - **Spoke** — gilbert reconfig documented (post-merge step). ## Deploy plan (not done yet — awaiting review) 1. Seed from gilbert (Path A): `heph daemon stop` → copy `heph.db` → `DELETE FROM meta WHERE key='origin'`. 2. Sync Authentik `apps`/blueprint; verify blueprint status via API (not just logs). 3. `provision-indri --tags heph,caddy` from this branch. 4. Point gilbert at the hub + `heph auth login`. ## Known follow-ups (heph-side, tracked in the Hephaestus project) - `heph daemon` can't bake hub/spoke config or pass `--self-update-interval-secs` → worked around by the ansible plist. - Path-A seeding lacks a clean `hephd --owner-id`/seed command → manual `meta.origin` reset for now. - Self-update moves hephd ahead of the ansible-pinned PWA shell over time (drift; tolerated by the SW cache, revisit on next release). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #369		2026-06-05 06:46:58 -07:00
..
alloy	Add Forgejo metrics + upstream latency histogram to Fly proxy dashboard	2026-04-17 15:05:59 -07:00
borgmatic	Wire ringtail blumeops-pg into backups + Grafana (#364)	2026-06-03 12:25:30 -07:00
borgmatic_metrics	Add offsite backup for immich photo library to BorgBase (#315)	2026-03-27 19:43:05 -07:00
caddy	Add hephaestus sync hub to indri (launchagent, PWA, device-code OIDC) (#369)	2026-06-05 06:46:58 -07:00
cv	C1: deploy adelaide-baby-shower-app to ringtail k3s (#349)	2026-05-11 13:47:18 -07:00
devpi	Migrate devpi from minikube to indri (launchd) (#341)	2026-04-29 13:38:36 -07:00
docs	Update docs release to v1.17.0	2026-06-03 21:52:22 -07:00
forgejo	Add Forgejo metrics + upstream latency histogram to Fly proxy dashboard	2026-04-17 15:05:59 -07:00
forgejo_actions_secrets	Expose Forgejo publicly at forge.eblu.me (#278)	2026-03-03 08:40:41 -08:00
forgejo_metrics	Add Forgejo repository health metrics and Grafana dashboard (#245)	2026-02-22 11:16:03 -08:00
heph	Add hephaestus sync hub to indri (launchagent, PWA, device-code OIDC) (#369)	2026-06-05 06:46:58 -07:00
jellyfin	Add SSO login button to Jellyfin login page	2026-02-21 20:08:57 -08:00
jellyfin_metrics	Migrate Ansible op calls to op read URI syntax (#125)	2026-02-08 10:52:43 -08:00
minikube	Add storage-provisioner health check to minikube Ansible role	2026-04-04 12:04:25 -07:00
minikube_metrics	Move metrics scripts from ~/bin to ~/.local/bin (#70)	2026-01-29 09:59:38 -08:00
sifaka_exporters	Operations and observability for sifaka NAS (#135)	2026-02-09 17:44:05 -08:00
zot	Bump zot registry to v2.1.15 (#293)	2026-03-14 10:00:40 -07:00
zot_metrics	Move metrics scripts from ~/bin to ~/.local/bin (#70)	2026-01-29 09:59:38 -08:00