bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 14 Actions Packages Projects Releases Wiki Activity
Files
8a960ffc73cf9edbfe78adaacbb38666822b3c80
bluejay-infra/apps
History
Andrew Stoltz 8a960ffc73 feat(fc-distribution): K8s manifest for Phase 1 edition publisher 
Adds apps/fc-distribution/{fc-distribution.yaml,kustomization.yaml,README.md}.
Ships the FlowerCore.Distribution service (Blazor + REST + MCP) backed by
Synology NFS for SQLite catalog + content-addressed blob root.

Contents:
- Namespace fc-distribution
- 3x OnePasswordItem (FlowerCore Code Signing CA informational + per-edition
  signing keys for kiosk-standard and aistation-field)
- Deployment: localhost/fc-distribution:v202604232000 (already imported to
  rke2-server via ctr), pinned to rke2-server nodeSelector because Synology
  NFS ACL restricts writes to that node, emptyDir for /tmp + /app/logs,
  inline NFS for /data (subPath distribution/data) and /blobs (subPath
  distribution/blobs), Secret volume mounts for /signing/<edition>.
  readOnlyRootFilesystem + runAsUser 1654 + drop ALL capabilities.
  Probes: startup + readiness on /healthz, liveness on tcpSocket (defense
  against future auth middleware accidentally gating /healthz).
- Service (ClusterIP :80 -> container :8080)
- Certificate (cert-manager ClusterIssuer step-ca-acme, dist.iamworkin.lan,
  90d / 30d renew). pfSense Unbound override dist.iamworkin.lan ->
  10.0.56.200 already in place (req'd for HTTP-01).
- IngressRoute (Traefik websecure, Host rule on dist.iamworkin.lan)

Env var keys align with the scaffold:
  FlowerCore__Database__ConnectionStrings__Sqlite
  FlowerCore__Distribution__Blobs__Root
  FlowerCore__Distribution__Signing__EditionCerts__<slug>__{CertPath,KeyPath}

Consumer: ProvisioningAgent (USB-side, Phase 2) — see
FlowerCore.Notes/docs/infrastructure/usb-provisioning-architecture.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 15:59:50 -05:00
..
agent-zero
fix(agent-zero): use streamable http for chat mcp
2026-04-23 13:54:06 -05:00
andrew
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
asterisk
asterisk: add *832 test-entry dialplan for VDAY workflow AATs
2026-04-17 15:51:49 -05:00
dustin
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
erik
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
fc-chat
apps: fc-chat refactor + fc-menuboard app split
2026-04-16 19:25:25 -05:00
fc-desktop
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-distribution
feat(fc-distribution): K8s manifest for Phase 1 edition publisher
2026-04-23 15:59:50 -05:00
fc-dms
Add signage service ingress manifests
2026-04-09 15:09:08 -05:00
fc-landing
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-llm-bridge
chore(fc-llm-bridge): bump image to v202604231520
2026-04-23 09:51:57 -05:00
fc-menuboard
apps: fc-chat refactor + fc-menuboard app split
2026-04-16 19:25:25 -05:00
fc-messageboard
fc-messageboard: deploy latest web image via gitops
2026-04-22 15:48:05 -05:00
fc-mysql
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-php
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-presentations
Add signage service ingress manifests
2026-04-09 15:09:08 -05:00
fc-scoreboard
Add signage service ingress manifests
2026-04-09 15:09:08 -05:00
fc-segmentdisplay
fc-segmentdisplay: add TLS ingress gitops stub
2026-04-22 15:55:54 -05:00
fc-signage
Add step-ca TLS certs for mysql, php, desktop, signage, fc-landing
2026-04-08 18:20:23 -05:00
fc-signalcontrol
fc-signalcontrol: align live port and selectors
2026-04-22 23:22:14 -05:00
fc-ttsreader
Bump TTS Reader image for render follow-along
2026-04-23 15:54:07 -05:00
fit
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
flowercore
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
gitea-public
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
guacamole
guacamole: enable json auth for remotedesktop sso
2026-04-23 11:27:30 -05:00
intranet
Add cert-manager Certificate for intranet ACME TLS auto-renewal
2026-04-05 08:47:42 -05:00
irc
fix(irc): use short name for unrealircd in anope + thelounge configs
2026-04-22 21:23:38 -05:00
mail
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
matrix
statefulsets: align guacamole and matrix drift defaults
2026-04-22 23:11:47 -05:00
monitoring
fix(monitoring): use bluejay_v2 auth for snmp-nas (not public_v2)
2026-04-22 21:32:14 -05:00
noc-services
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
pki-web
Add infrastructure manifests for 9 services
2026-03-09 16:35:04 -05:00
teamspeak
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
telephony
telephony: bump web image to v202604170153
2026-04-16 20:56:30 -05:00
traefik-dashboard
Fix Traefik dashboard cert issuer: step-ca-acme
2026-03-10 01:12:08 -05:00
voice
Update telephony-web image to v20260324d, resolve merge conflicts
2026-03-24 15:55:52 -05:00
zabbix
zabbix: align postgres tracking label
2026-04-22 22:50:24 -05:00