Andrew M. Stoltz
4319281bf8
Fix Anope: touch anope.db in init container to prevent backup crash
2026-03-10 01:28:12 -05:00
Andrew M. Stoltz
4921c2d9fd
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
Andrew M. Stoltz
7ed9a2e099
Add Traefik dashboard with basicAuth protection
2026-03-10 01:08:29 -05:00
Andrew M. Stoltz
a131839bdd
Update intranet: WiFi section with 1Password QR code references, remove plaintext passwords
2026-03-10 00:43:57 -05:00
Andrew M. Stoltz
9f935802d5
Fix TeamSpeak license base64 encoding (single char diff)
2026-03-10 00:34:41 -05:00
Andrew M. Stoltz
b084bfc2a1
Fix TeamSpeak license: use init container to copy into data volume (chown-safe)
2026-03-10 00:29:24 -05:00
Andrew M. Stoltz
76d194bafb
Add TeamSpeak 3 activation license and volume mount
2026-03-10 00:24:22 -05:00
Andrew Stoltz
39e1c69e28
Wire Guacamole fully to 1Password: remove guac-db-secret, all DB creds from guacamole-credentials
...
- MySQL StatefulSet, initdb Job, Guacamole web all reference guacamole-credentials
- DB-User, DB-Password, DB-Root-Password, DB-Name fields added to 1Password item
- Zero inline secrets remain in manifest
2026-03-09 21:14:26 -05:00
Andrew Stoltz
14519d47f5
Fix TeamSpeak secretKeyRef key: spaces to hyphens
2026-03-09 20:57:27 -05:00
Andrew Stoltz
2be7bf1279
Wire IRC, mail, teamspeak to 1Password secrets
...
- IRC: OnePasswordItem CRD, ConfigMap templates with inject-credentials initContainers
- Mail: OnePasswordItem CRD, inject-accounts initContainer builds postfix-accounts.cf
- TeamSpeak: OnePasswordItem CRD, TS3SERVER_SERVERADMIN_PASSWORD from secret
- Zero hardcoded passwords remain in these manifests
2026-03-09 20:55:45 -05:00
Andrew Stoltz
3199c509c0
Wire Zabbix/Matrix credentials to 1Password-synced secrets, add OnePasswordItem CRDs
...
- Zabbix: Remove hardcoded zabbix-db-secret and zabbix-admin-secret, reference
zabbix-credentials (1Password) for DB-User, DB-Password, and admin password
- Matrix: Remove hardcoded matrix-db-secret, reference matrix-credentials for
Postgres user/password. Convert ConfigMap homeserver.yaml to template with
__DB_PASSWORD__/__DB_USER__ placeholders, inject via busybox init container
- Guacamole: Add OnePasswordItem CRD for future use. MySQL DB creds remain in
guac-db-secret (1Password item lacks DB-specific fields — gap documented)
- All three services now include OnePasswordItem CRD manifests for ArgoCD mgmt
2026-03-09 18:28:38 -05:00
root
8f405d4df0
IRC: allow plaintext server links (Anope internal cluster)
2026-03-09 17:29:06 -05:00
root
d6c55573b8
IRC: fix UnrealIRCd data dir permissions for ircd user
2026-03-09 17:27:49 -05:00
root
cea19a7ffc
IRC: add system CA bundle, define Services Root opertype for Anope
2026-03-09 17:26:30 -05:00
root
7abf9b26d1
IRC: fix TLS key perms (644 for ircd user), add Anope readtimeout
2026-03-09 17:24:34 -05:00
root
a69c91a539
IRC: mixed-alphanum cloak keys, simplified Anope config with proper block syntax
2026-03-09 17:22:51 -05:00
root
07dccb7ecf
IRC: fix cloak keys (80+ chars required)
2026-03-09 17:20:47 -05:00
root
5eaffdb2ef
IRC: add cloak_sha256 module, fix Anope mount paths (/anope/conf + /anope/data)
2026-03-09 17:19:38 -05:00
root
f0198c2c65
IRC: TLS emptyDir+initContainer, Anope initContainer for permissions
2026-03-09 17:16:00 -05:00
root
388ec876da
IRC: fix config paths (/app/conf for UnrealIRCd, initcopy for Anope)
2026-03-09 17:11:56 -05:00
root
85138c45de
Synapse: fix log_config path to /config/log.config
2026-03-09 17:09:53 -05:00
root
b9421582f3
IRC: use djlegolas/unrealircd:6.1.9.1, fix mount paths
2026-03-09 17:08:50 -05:00
root
04f29a155d
Fix Synapse init container: run as root, fix /data ownership for uid 991
2026-03-09 17:06:01 -05:00
root
3c29b0abe5
Fix mail (accounts), matrix (homeserver.yaml), irc (proper image+config)
2026-03-09 17:02:59 -05:00
ef442e29eb
Add infrastructure manifests for 9 services
...
Zabbix, IRC, Mail, Guacamole, Matrix, TeamSpeak, Intranet, PKI Web, FC Landing.
All with cert-manager TLS, Traefik IngressRoutes, Longhorn PVCs.
2026-03-09 16:35:04 -05:00
