Erich Blume
735b643429
## Summary - Deploy miniflux in k8s via ArgoCD - Expose via Tailscale Ingress at feed.tail8d86e.ts.net - Retire brew PostgreSQL (no longer needed) - Rename k8s-pg to pg (canonical hostname) - Remove ansible miniflux and postgresql roles - Update borgmatic to backup pg.tail8d86e.ts.net - Update all zk documentation ## Deployment and Testing - [x] Miniflux pod running in k8s - [x] User login works at https://feed.tail8d86e.ts.net - [x] Feeds and entries visible - [x] brew miniflux and postgresql stopped - [x] Tailscale services migrated (feed, pg) - [x] zk documentation updated - [x] Run ansible to apply role removals - [ ] Verify borgmatic backup with new pg hostname 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/33
37 lines
901 B
YAML
37 lines
901 B
YAML
---
|
|
# Tailscale serve configuration for this host
|
|
# Each service maps a Tailscale service name to local endpoints
|
|
|
|
tailscale_serve_services:
|
|
# NOTE: svc:grafana, svc:pg, svc:feed removed - now hosted in k8s
|
|
|
|
- name: svc:forge
|
|
https:
|
|
port: 443
|
|
upstream: http://localhost:3001
|
|
tcp:
|
|
port: 22
|
|
upstream: tcp://localhost:2200
|
|
|
|
- name: svc:kiwix
|
|
https:
|
|
port: 443
|
|
upstream: http://localhost:5501
|
|
|
|
- name: svc:pypi
|
|
https:
|
|
port: 443
|
|
upstream: http://127.0.0.1:3141
|
|
|
|
- name: svc:registry
|
|
https:
|
|
port: 443
|
|
upstream: http://localhost:5050
|
|
|
|
# Kubernetes API server (TCP passthrough for mTLS)
|
|
# NOTE: Port is dynamic with podman driver - check with:
|
|
# ssh indri "kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'"
|
|
- name: svc:k8s
|
|
tcp:
|
|
port: 443
|
|
upstream: tcp://localhost:44491
|