amr/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41 Commits 1 Branch 0 Tags
43741f17e4f3fc2993f0c0a1425044caf9cd7052
Commit Graph

31 Commits

Author SHA1 Message Date
Hermes
43741f17e4 fix: add ob-shell and org-confirm-babel-evaluate to tangle-deploy block in infrastructure.org 
The tangle-deploy.sh is tangled FROM infrastructure.org, but the org
block was missing (require 'ob-shell) and org-confirm-babel-evaluate nil.
This caused the CrowdSec noweb block (sh src) to evaluate as nil,
making crowdsecLapiKey = nil in dynamic.yaml and blocking ALL traffic
through the CrowdSec bouncer with 403.

Fix the org block so the system is self-consistent: tangle always
produces a correct tangle-deploy.sh that can load ob-shell and
evaluate noweb blocks without confirmation prompts.
 2026-06-06 18:17:29 +00:00
Hermes
642679f442 feat: add Traefik file-provider routes for bazarr, tdarr, stash, unpackerr 2026-06-06 17:45:24 +00:00
Hermes
971b2e7789 docs: document webhook ALLOWED_HOST_LIST env var in Gitea section 2026-06-06 17:17:01 +00:00
Hermes
5d4b6bcd70 fix: add GITEA__webhook__ALLOWED_HOST_LIST=private for auto-deploy 2026-06-06 17:15:41 +00:00
Hermes
ab16b2a86e Revert "test: verify deploy webhook" 
This reverts commit 2b85c7bfc9.
 2026-06-06 17:15:41 +00:00
Hermes
2b85c7bfc9 test: verify deploy webhook 2026-06-06 17:11:52 +00:00
Hermes
92efd13929 docs: add qBittorrent documented section, merge Authentik fixes 2026-06-06 17:04:28 +00:00
root
9b916235bb fix: use :results output for noweb, printf for no newline, sync tangle-deploy from HEAD 2026-06-06 12:54:58 -04:00
root
13a583a081 fix: use printf instead of echo to avoid trailing newline in noweb output 2026-06-06 12:51:46 -04:00
root
c12910d0f1 infrastructure: move .env + CrowdSec key into org with noweb references 2026-06-06 12:49:32 -04:00
root
54827a4256 infrastructure: use __CROWDSEC_LAPI_KEY__ placeholder in dynamic.yaml tangle block 2026-06-06 12:27:21 -04:00
Hermes
6ecfa3e0e9 brain.gharbeia.net: add Traefik router + update gharbeia-site to external LXC nginx 
- Add brain router with Authentik forward-auth pointing to LXC nginx on 8082
- Update gharbeia-site-internal from production-1 Docker nginx to LXC nginx on 8083
- Add brain-internal service (10.10.10.29:8082)
 2026-05-23 23:30:11 +00:00
Hermes
385ba90348 audiomuse: fix .org source — entrypoints, no bouncer, port=8000, bridge network 2026-05-17 22:11:13 +00:00
Hermes
49f966770f Fix TA compose block: network_mode with gluetun, correct volumes and env 2026-05-17 21:31:17 +00:00
Hermes
2a95009adc audiomuse: bridge network (not gluetun), fix port conflict with TA 2026-05-17 21:11:59 +00:00
Hermes
7a56bca08b Add audiomuse service include to compose 2026-05-17 20:59:41 +00:00
Hermes
0495cb6ea3 docs: document FOLDER_FOR_MEDIA and FOLDER_FOR_MORE env vars 2026-05-16 23:17:38 +00:00
Hermes
5239ffae5e fix: gluetun service URLs in traefik config (route via gluetun:port) 2026-05-16 23:09:45 +00:00
Hermes
c838670a65 fix: use path.repo (dot) so TA can find it as env var 2026-05-16 23:02:32 +00:00
Hermes
208e9ae474 feat: add Tube Archivist (clean install) 2026-05-16 22:57:00 +00:00
Hermes
37f891c923 revert: restore infrastructure.org to before Tube Archivist changes 2026-05-16 22:55:13 +00:00
Hermes
90806408b3 fix: restore single compose, fix TA env vars + ES 8.17 + path_repo 2026-05-16 22:36:21 +00:00
Hermes
a5c34664a5 refactor: split media stack into /docker/compose/mediastack/ 2026-05-16 22:18:54 +00:00
Hermes
f0fd4c5c2c fix: use path_repo (underscore) for ES env var 2026-05-16 22:16:26 +00:00
Hermes
848e8b7f4c fix: TA env vars - ELASTIC_PASSWORD, TA_HOST, REDIS_CON, path.repo, ES 8.17 2026-05-16 22:10:37 +00:00
Hermes
2f7a8f89c3 feat: add Tube Archivist service 
- 3-container stack: tubearchivist (Django web UI), ES 7.17, Redis
- Traefik secureweb router + service in traefik-internal.yaml
- Tunnel router via Docker labels for Cloudflare/authentik access
- Master compose include (service #44)
- No VPN routing (reaches YouTube directly)
- Env vars required: TA_USERNAME, TA_PASSWORD

NOTE: traefik-internal-noauth.yaml needs manual update on production-1
 2026-05-16 21:40:11 +00:00
Hermes
6ed9046c2c chore: switch to SSH git auth for tangle-deploy 2026-05-15 09:57:50 -04:00
Hermes
5f128963d3 docs: Jellyfin SSO, auth architecture, fix tree rendering 2026-05-15 09:52:38 -04:00
root
66422a9283 Add Docker service sections, master compose, document modular architecture 2026-05-15 06:55:39 -04:00
Hermes
2a01bed005 feat: literate IaC with tangle-deploy pipeline
Some checks failed
Tangle and Deploy / tangle (push) Failing after 12s
Details 
- Converted Traefik section to tangle blocks with absolute paths
- Created .gitea/workflows/tangle.yaml Gitea Action
- tangle-deploy.sh: tangles org → writes files → restarts services
 2026-05-15 07:12:24 +00:00
Hermes
26e95185e3 chore: initial infrastructure docs scaffold 2026-05-15 07:07:19 +00:00