Erich Blume
cb4f4085c2
Three follow-ups on the shower deployment branch:
1. containers/shower/default.nix now uses buildPythonPackage to install
the adelaide-baby-shower-app wheel + its deps at nix build time. The
wheel comes from the forge PyPI index with a pinned SRI hash. The
entrypoint no longer does pip-at-boot — it just runs migrations,
collectstatic, and execs gunicorn.
2. ansible/roles/borgmatic/defaults/main.yml:
- Adds shower to borgmatic_k8s_sqlite_dumps (context k3s-ringtail)
so /app/data/db.sqlite3 is dumped via kubectl exec on every run.
- Adds /Volumes/shower (sifaka SMB mount on indri) to
borgmatic_source_directories so prize-photo media gets archived.
3. NFS share docs corrected to match the real on-sifaka pattern:
exports allowlist 192.168.1.0/24 + 100.64.0.0/10 with all_squash to
admin (matching frigate/paperless/etc.), not "Squash=No mapping".
The pod's runAsUser doesn't need to match an on-disk uid because
all_squash rewrites every write to admin:users.
Also adds a missing service-versions entry for the tailscale container
introduced in PR #347 — pre-existing gap surfaced by the
container-version-check hook on this commit.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| 1password-connect | ||
| alloy-k8s | ||
| alloy-ringtail | ||
| alloy-tracing-ringtail | ||
| argocd | ||
| authentik | ||
| cloudnative-pg | ||
| databases | ||
| external-secrets | ||
| forgejo-runner | ||
| frigate | ||
| grafana | ||
| grafana-config | ||
| homepage | ||
| immich | ||
| kingfisher | ||
| kiwix | ||
| kube-state-metrics | ||
| kube-state-metrics-ringtail | ||
| loki | ||
| mealie | ||
| miniflux | ||
| navidrome | ||
| ntfy | ||
| nvidia-device-plugin | ||
| ollama | ||
| paperless | ||
| prometheus | ||
| prowler | ||
| shower | ||
| tailscale-operator | ||
| tailscale-operator-base | ||
| tailscale-operator-ringtail | ||
| tempo | ||
| teslamate | ||
| torrent | ||
| unpoller | ||