Erich Blume
1184b4de1d
## Summary - Add layer4 TCP proxy configuration to Caddyfile template for SSH services - Configure Forgejo SSH on port 2222 → localhost:2200 - Switch HTTPS from port 8443 (testing) to 443 (production) - Requires Caddy rebuilt with `github.com/mholt/caddy-l4` plugin ## What This Enables Git+SSH access via `forge.ops.eblu.me:2222` is now accessible from: - Tailnet clients (gilbert) - Docker containers on indri - Kubernetes pods in minikube This solves the DNS resolution issues where containers couldn't reach Tailscale MagicDNS names. ## Testing Done - [x] Caddy rebuilt with layer4 plugin - [x] Validated Caddyfile syntax - [x] Cleared `svc:forge` from tailscale serve - [x] Verified HTTPS works: `curl https://forge.ops.eblu.me` - [x] Verified SSH works: `ssh -p 2222 forgejo@forge.ops.eblu.me` - [x] Verified git clone works via new endpoint - [x] Verified minikube pods can reach both HTTPS and SSH endpoints ## Deployment Caddy is already running with the new config on indri. This PR captures the ansible changes. ## Next Steps - Update zk docs with new git remote format - Migrate registry and other services to Caddy - Retire tailscale_services ansible role 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/56
38 lines
1.3 KiB
Bash
Executable file
38 lines
1.3 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
#MISE description="Get logs for a workflow run from indri (local runner only)"
|
|
|
|
set -euo pipefail
|
|
|
|
RUN_ID="${1:-}"
|
|
|
|
if [[ -z "$RUN_ID" ]]; then
|
|
echo "Usage: mise run indri-runner-logs <run_id>"
|
|
echo ""
|
|
echo "Fetches logs for a Forgejo Actions run from indri's local storage."
|
|
echo "Only works for runs executed by the indri-host-runner."
|
|
echo ""
|
|
echo "Recent runs:"
|
|
curl -sf "https://forge.ops.eblu.me/api/v1/repos/eblume/blumeops/actions/tasks" | \
|
|
jq -r '.workflow_runs[:10] | .[] | " \(.id)\t\(.status)\t\(.workflow_id)\t\(.display_title | .[0:50])"'
|
|
exit 1
|
|
fi
|
|
|
|
# Logs are stored as: actions_log/<owner>/<repo>/<hex_subdir>/<run_id>.log.zst
|
|
# The hex subdir is the last 2 hex chars of the run_id
|
|
ACTIONS_LOG_DIR="/opt/homebrew/var/forgejo/data/actions_log/eblume/blumeops"
|
|
|
|
# Find the log file - hex subdir is computed from run_id
|
|
HEX_SUBDIR=$(printf '%02x' "$RUN_ID")
|
|
LOG_FILE="${ACTIONS_LOG_DIR}/${HEX_SUBDIR}/${RUN_ID}.log.zst"
|
|
|
|
# Check if log exists and decompress
|
|
if ssh indri "test -f '$LOG_FILE'"; then
|
|
ssh indri "zstd -d -c '$LOG_FILE'"
|
|
else
|
|
echo "Error: Log file not found for run $RUN_ID"
|
|
echo "Expected path: $LOG_FILE"
|
|
echo ""
|
|
echo "Available logs:"
|
|
ssh indri "find '$ACTIONS_LOG_DIR' -name '*.log.zst' -exec basename {} .log.zst \; | sort -n | tail -10"
|
|
exit 1
|
|
fi
|