d1516ddd66
forgejo: upgrade from LTS to stable (11.0.10 → 14.0.2)
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 23:03:51 +01:00
e9629c18b6
nrec-nixos01: mount Cinder volume for Forgejo packages
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 21:11:37 +01:00
07e86acbaa
docs: add plan for bare metal actions runner on nix-cache02
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 01:01:14 +01:00
117e54a849
actions-runner: add Forgejo runner to nix-cache02 with Vault token
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 00:41:24 +01:00
ff5f166855
actions-runner: trust podman interfaces in firewall
...
Allow containers to reach the runner's cache service by trusting
podman network interfaces. Uses "podman+" wildcard to match any
podman-prefixed interface regardless of name.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 00:05:27 +01:00
456a0703a9
actions-runner: use custom golang runner image
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 21:29:30 +01:00
ad408c2981
actions-runner: add golang runner image
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 21:02:13 +01:00
cb7a25fef5
actions-runner: use custom nix runner image
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 20:30:37 +01:00
5a4ce55d1c
mcp: migrate labmcp and homelab-deploy URLs to code.t-juice.club
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 19:50:36 +01:00
e81ebb0e75
flake: migrate homelab-deploy input to code.t-juice.club
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 19:40:55 +01:00
01b53e323b
flake: migrate nixos-exporter input to code.t-juice.club
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 19:34:31 +01:00
2d73627a2a
flake: migrate alerttonotify input to code.t-juice.club
...
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 19:25:07 +01:00
d2373b5e37
actions-runner: fix cache dir for DynamicUser
...
Move cache directory under the managed state directory since the
service runs with DynamicUser and cannot create /var/cache paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 23:27:00 +01:00
c090ec9282
Merge pull request 'nrec-actions-runner' ( #47 ) from nrec-actions-runner into master
...
Reviewed-on: #47
2026-03-08 22:22:49 +00:00
8c909837ab
workflows: remove flake-check and flake-update
...
Removing to rewrite with improvements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 23:21:03 +01:00
93aa91f307
nrec-nixos02: add Forgejo Actions runner with Podman
...
Adds a container-based Forgejo Actions runner on nrec-nixos02
connecting to code.t-juice.club, using Podman for sandboxed
job execution with nix, node-bookworm, and alpine labels.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 23:17:27 +01:00
00f46af628
nrec-nixos01: use code.t-juice.club for Forgejo
...
Run nix flake check / flake-check (push) Has been cancelled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 18:50:54 +01:00
97ad5f6a35
Merge pull request 'nrec-nixos02: add Pocket ID with Caddy reverse proxy' ( #46 ) from nrec-pocket-id into master
...
Run nix flake check / flake-check (push) Has been cancelled
Reviewed-on: #46
2026-03-08 17:13:15 +00:00
a27e2ec213
nrec-nixos02: add Pocket ID with Caddy reverse proxy
...
Run nix flake check / flake-check (push) Has been cancelled
Run nix flake check / flake-check (pull_request) Has been cancelled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 18:11:49 +01:00
01906e81f9
nrec-nixos01: use lfs.enable instead of raw setting
...
Run nix flake check / flake-check (push) Failing after 10m28s
The NixOS module's lfs.enable option properly handles LFS JWT secret
generation via forgejo-secrets.service, fixing the permission denied
error on app.ini.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 15:15:35 +01:00
09ec4f9e8c
nrec-nixos01: enable Git LFS and hide explore page
...
Run nix flake check / flake-check (push) Has been cancelled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 15:12:26 +01:00
fc53681b2a
Merge pull request 'nrec-nixos01: add Forgejo with Caddy reverse proxy' ( #45 ) from nrec-forgejo into master
...
Run nix flake check / flake-check (push) Failing after 4m25s
Reviewed-on: #45
2026-03-08 13:50:47 +00:00
cfc0c6f6cb
nrec-nixos01: add Forgejo with Caddy reverse proxy
...
Run nix flake check / flake-check (push) Failing after 5m6s
Run nix flake check / flake-check (pull_request) Failing after 4m31s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 14:49:48 +01:00
822380695e
nrec-nixos01: import qemu-guest profile for virtio modules
...
Run nix flake check / flake-check (push) Failing after 6m6s
The initrd was missing virtio drivers, preventing the root
filesystem from being detected during boot.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 14:31:09 +01:00
0941bd52f5
nrec-nixos01: fix root filesystem device to use label
...
Run nix flake check / flake-check (push) Failing after 4m22s
The OpenStack image labels the root partition "nixos", so use
/dev/disk/by-label/nixos instead of /dev/vda1.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 14:22:24 +01:00
9ebdd94773
Merge pull request 'nrec-nixos01' ( #44 ) from nrec-nixos01 into master
...
Run nix flake check / flake-check (push) Has been cancelled
Reviewed-on: #44
2026-03-08 13:12:24 +00:00
adc267bd95
nrec-nixos01: add host configuration with Caddy web server
...
Run nix flake check / flake-check (push) Failing after 9m20s
Run nix flake check / flake-check (pull_request) Failing after 3m58s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 14:10:05 +01:00
7ffe2d71d6
openstack-template: add minimal NixOS image for OpenStack
...
Adds a new host configuration for building qcow2 images targeting
OpenStack (NREC). Uses a nixos user with SSH key and sudo instead
of root login, firewall enabled, and no internal services.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-08 13:56:55 +01:00
dd9ba42eb5
devshell: add openstack cli client
Run nix flake check / flake-check (push) Failing after 4m16s
2026-03-08 13:31:54 +01:00
3ee0433a6f
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/fabb8c9deee281e50b1065002c9828f2cf7b2239?narHash=sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr%2B5U%3D' (2026-03-04)
→ 'github:nixos/nixpkgs/71caefce12ba78d84fe618cf61644dce01cf3a96?narHash=sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw%3D' (2026-03-06)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/80bdc1e5ce51f56b19791b52b2901187931f5353?narHash=sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN%2BUHzW1jc%3D' (2026-03-04)
→ 'github:nixos/nixpkgs/aca4d95fce4914b3892661bcb80b8087293536c6?narHash=sha256-E1bxHxNKfDoQUuvriG71%2Bf%2Bs/NT0qWkImXsYZNFFfCs%3D' (2026-03-06)
2026-03-08 00:02:42 +00:00
73d804105b
pn01, pn02: enable memtest86 and update stability docs
...
Run nix flake check / flake-check (push) Failing after 6m15s
Periodic flake update / flake-update (push) Successful in 2m50s
Enable memtest86 in systemd-boot menu on both PN51 units to allow
extended memory testing. Update stability document with March crash
data from pstore/Loki — crashes now traced to sched_ext scheduler
kernel oops, suggesting possible memory corruption.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-07 23:02:28 +01:00
d2a4e4a0a1
grafana: add storage query performance panels to apiary dashboard
...
Run nix flake check / flake-check (push) Failing after 3m23s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-07 22:47:30 +01:00
28eba49d68
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/8c809a146a140c5c8806f13399592dbcb1bb5dc4?narHash=sha256-WGV2hy%2BVIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg%3D' (2026-03-03)
→ 'github:nixos/nixpkgs/80bdc1e5ce51f56b19791b52b2901187931f5353?narHash=sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN%2BUHzW1jc%3D' (2026-03-04)
2026-03-06 00:07:07 +00:00
4bf726a674
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/c581273b8d5bdf1c6ce7e0a54da9841e6a763913?narHash=sha256-ywy9troNEfpgh0Ee%2BzaV1UTgU8kYBVKtvPSxh6clYGU%3D' (2026-03-02)
→ 'github:nixos/nixpkgs/fabb8c9deee281e50b1065002c9828f2cf7b2239?narHash=sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr%2B5U%3D' (2026-03-04)
2026-03-05 00:07:31 +00:00
774fd92524
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/1267bb4920d0fc06ea916734c11b0bf004bbe17e?narHash=sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo%3D' (2026-02-25)
→ 'github:nixos/nixpkgs/c581273b8d5bdf1c6ce7e0a54da9841e6a763913?narHash=sha256-ywy9troNEfpgh0Ee%2BzaV1UTgU8kYBVKtvPSxh6clYGU%3D' (2026-03-02)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/cf59864ef8aa2e178cccedbe2c178185b0365705?narHash=sha256-izhTDFKsg6KeVBxJS9EblGeQ8y%2BO8eCa6RcW874vxEc%3D' (2026-03-02)
→ 'github:nixos/nixpkgs/8c809a146a140c5c8806f13399592dbcb1bb5dc4?narHash=sha256-WGV2hy%2BVIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg%3D' (2026-03-03)
2026-03-04 00:06:56 +00:00
55da459108
docs: add plan for local NTP with chrony
...
Run nix flake check / flake-check (push) Failing after 9m52s
Periodic flake update / flake-update (push) Successful in 5m19s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-03 19:33:28 +01:00
813c5c0f29
monitoring: separate node-exporter-only external targets
...
Run nix flake check / flake-check (push) Failing after 3m7s
Add nodeExporterOnly list to external-targets.nix for hosts that
have node-exporter but not systemd-exporter (e.g. pve1). This
prevents a down target in the systemd-exporter scrape job.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-03 19:17:39 +01:00
013ab8f621
monitoring: add pve1 node-exporter scrape target
...
Run nix flake check / flake-check (push) Failing after 4m6s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-03 19:10:54 +01:00
f75b773485
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D' (2026-02-27)
→ 'github:nixos/nixpkgs/cf59864ef8aa2e178cccedbe2c178185b0365705?narHash=sha256-izhTDFKsg6KeVBxJS9EblGeQ8y%2BO8eCa6RcW874vxEc%3D' (2026-03-02)
2026-03-03 00:07:07 +00:00
58c3844950
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993?narHash=sha256-0MAd%2B0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU%3D' (2026-02-23)
→ 'github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D' (2026-02-27)
2026-03-01 00:01:26 +00:00
80e5fa08fa
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/e764fc9a405871f1f6ca3d1394fb422e0a0c3951?narHash=sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk%3D' (2026-02-24)
→ 'github:nixos/nixpkgs/1267bb4920d0fc06ea916734c11b0bf004bbe17e?narHash=sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo%3D' (2026-02-25)
2026-02-28 00:07:22 +00:00
cf55d07ce5
docs: update pn51 stability with third freeze and conclusion
...
Run nix flake check / flake-check (push) Failing after 4m1s
Periodic flake update / flake-update (push) Successful in 5m37s
pn02 crashed again after ~2d21h uptime despite all mitigations
(amdgpu blacklist, max_cstate=1, NMI watchdog, rasdaemon).
NMI watchdog didn't fire and rasdaemon recorded nothing,
confirming hard lockup below NMI level. Unit is unreliable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-27 18:25:52 +01:00
4941e38dac
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/afbbf774e2087c3d734266c22f96fca2e78d3620?narHash=sha256-nhZJPnBavtu40/L2aqpljrfUNb2rxmWTmSjK2c9UKds%3D' (2026-02-21)
→ 'github:nixos/nixpkgs/e764fc9a405871f1f6ca3d1394fb422e0a0c3951?narHash=sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk%3D' (2026-02-24)
• Updated input 'nixpkgs-unstable':
'github:nixos/nixpkgs/0182a361324364ae3f436a63005877674cf45efb?narHash=sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ%3D' (2026-02-17)
→ 'github:nixos/nixpkgs/2fc6539b481e1d2569f25f8799236694180c0993?narHash=sha256-0MAd%2B0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU%3D' (2026-02-23)
2026-02-25 00:07:00 +00:00
03ffcc1ad0
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/c217913993d6c6f6805c3b1a3bda5e639adfde6d?narHash=sha256-D1PA3xQv/s4W3lnR9yJFSld8UOLr0a/cBWMQMXS%2B1Qg%3D' (2026-02-20)
→ 'github:nixos/nixpkgs/afbbf774e2087c3d734266c22f96fca2e78d3620?narHash=sha256-nhZJPnBavtu40/L2aqpljrfUNb2rxmWTmSjK2c9UKds%3D' (2026-02-21)
2026-02-24 00:01:35 +00:00
5e92eb3220
docs: add plan for NixOS OpenStack image
...
Run nix flake check / flake-check (push) Failing after 8m1s
Periodic flake update / flake-update (push) Successful in 2m23s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-24 00:42:19 +01:00
2321e191a2
flake.lock: Update
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:nixos/nixpkgs/6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47?narHash=sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU%3D' (2026-02-18)
→ 'github:nixos/nixpkgs/c217913993d6c6f6805c3b1a3bda5e639adfde6d?narHash=sha256-D1PA3xQv/s4W3lnR9yJFSld8UOLr0a/cBWMQMXS%2B1Qg%3D' (2026-02-20)
2026-02-23 00:01:30 +00:00
136116ab33
pn02: limit CPU to C1 power state for stability
...
Run nix flake check / flake-check (push) Failing after 6m36s
Periodic flake update / flake-update (push) Successful in 2m18s
Known PN51 platform issue with deep C-states causing freezes.
Limit to C1 to prevent deeper sleep states.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-22 18:58:41 +01:00
c8cadd09c5
pn51: document diagnostic config (rasdaemon, NMI watchdog, panic)
...
Run nix flake check / flake-check (push) Failing after 4m3s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-22 18:52:34 +01:00
72acaa872b
pn02: add panic on lockup, NMI watchdog, and rasdaemon
...
Run nix flake check / flake-check (push) Has been cancelled
Enable kernel panic on soft/hard lockups with auto-reboot after
10s, and rasdaemon for hardware error logging. Should give us
diagnostic data on the next freeze.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-22 18:48:21 +01:00
a7c1ce932d
pn51: add remaining debug steps and auto-recovery fallback
...
Run nix flake check / flake-check (push) Failing after 5m4s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-22 18:38:17 +01:00
