eblume/blumeops
1
1
Fork 0
Code Issues Pull requests 1 Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to/jobsync/deploy-jobsync.md
Erich Blume 60507ee719 C2(jobsync): plan — update cards with learnings from first attempt 
build-jobsync-container: document prisma devDep pruning pitfall,
nix entrypoint path issue, and verification step.

deploy-jobsync: document service-versions.yaml requirement,
image tag format, and 1Password item already created.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 22:00:03 -08:00

2.2 KiB
Raw Blame History

title modified status branch requires tags
Deploy JobSync 2026-03-07 active mikado/jobsync
build-jobsync-container
integrate-jobsync-ollama
how-to
jobsync

Deploy JobSync

Deploy JobSync — a self-hosted job application tracker — to ringtail's k3s cluster via ArgoCD.

Context

JobSync is a Next.js app with SQLite storage that provides job application tracking, resume management, and AI-powered resume review/job matching. It runs as a single container with persistent storage at /data (SQLite DB + uploaded files).

What This Card Covers

With the container built and Ollama integration configured, this card wires up the deployment:

  • ArgoCD Application targeting ringtail.tail8d86e.ts.net:6443
  • k8s manifests: Deployment, Service, Tailscale Ingress, PVC, ExternalSecret
  • PVC using k3s local-path for /data (SQLite + resume uploads)
  • ExternalSecret for ENCRYPTION_KEY and AUTH_SECRET from 1Password
  • Caddy route: jobsync.ops.eblu.me → Tailscale ingress
  • Service documentation

Environment Variables

Variable Source Purpose
DATABASE_URL Hardcoded file:/data/dev.db
AUTH_SECRET ExternalSecret NextAuth session signing
ENCRYPTION_KEY ExternalSecret AES-256-GCM for stored API keys
NEXTAUTH_URL Hardcoded https://jobsync.ops.eblu.me
AUTH_TRUST_HOST Hardcoded true
TZ Hardcoded America/Los_Angeles
OLLAMA_BASE_URL Hardcoded http://ollama.ollama.svc.cluster.local:11434

Deployment Notes (learned from first attempt)

  • service-versions.yaml: Add a jobsync entry before committing container changes — the container-version-check pre-commit hook rejects commits touching containers/<name>/ without a matching entry.
  • Image tag format: container-build-and-release produces tags like v1.1.4-<sha>-nix, not bare v1.1.4. Set newTag in kustomization.yaml to the full tag from mise run container-list.
  • 1Password item: "JobSync" in blumeops vault, with auth_secret and encryption_key fields (already created).

Related