Commit graph

289 commits

Author SHA1 Message Date
Philip Peterson
3ace2e661b add wordpress 2026-06-25 21:43:10 -07:00
Philip Peterson
03a4a1a7ef tweak SAN 2026-06-25 03:26:19 -07:00
Philip Peterson
12b57f221e Merge branch 'main' of https://forge.quinefoundation.com/Cold-Air-Networks/petersweb-infra 2026-06-25 01:47:08 -07:00
Philip Peterson
f10ebc4e77 Chmod 2026-06-25 01:46:57 -07:00
cf24c6c044 Merge branch 'main' of https://forge.quinefoundation.com/Cold-Air-Networks/petersweb-infra 2026-06-25 00:37:44 -08:00
Philip Peterson
06afcbb818 Remove askpass 2026-06-25 01:37:26 -07:00
Philip Peterson
2c250a3437 Merge branch 'main' of github.com:philip-peterson/petersweb-infra 2026-06-25 01:36:20 -07:00
e75e3a7c6a Merge branch 'main' of https://forge.quinefoundation.com/Cold-Air-Networks/petersweb-infra 2026-06-25 00:33:37 -08:00
Philip Peterson
fe92602302 wip 2026-06-25 01:33:30 -07:00
1989e54626 Merge branch 'main' of https://forge.quinefoundation.com/Cold-Air-Networks/petersweb-infra 2026-06-25 00:29:34 -08:00
Philip Peterson
a033dc46fe postgres: enable SSL with self-signed cert
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-25 01:28:53 -07:00
07dfc819a9 Merge branch 'main' of https://forge.quinefoundation.com/Cold-Air-Networks/petersweb-infra 2026-06-23 01:41:00 -08:00
Philip Peterson
034e422797 Use postgres hosted 2026-06-23 02:40:51 -07:00
eecfe98102 add secrets 2026-06-23 01:34:58 -08:00
Philip Peterson
51042197ba Add openai creds 2026-06-20 09:39:19 -07:00
Philip Peterson
a8cca03c0e openclaw: switch to built-in Workbench, drop control-center container
The openclaw package bundles a Control UI (Workbench) served directly
at the gateway port. Drop the separate openclaw-control-center app
container and point nginx at port 18789 instead of 4310. Added
X-Forwarded-Proto/For headers so the gateway can see the real client
address through nginx.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 04:13:27 -07:00
Philip Peterson
67bf9d18bc docs: add OpenClaw section to CLAUDE.md
Documents the two-container setup, volume/auth gotchas, nginx SSL
configuration, control center startup sequence, and usage connector
source status.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 04:09:46 -07:00
Philip Peterson
671ff1d774 openclaw: fix app container mount so CLI probes can connect to gateway
Remove :ro from the .openclaw volume so the CLI can write state files
on startup (it was crashing immediately with EROFS). Add
OPENCLAW_GATEWAY_TOKEN so the CLI bypasses the device identity
handshake when auth=none, allowing the gateway reachability probe to
succeed before the device is auto-approved.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 04:00:03 -07:00
Philip Peterson
aee8dbda75 openclaw: mount gateway node_modules into control center for CLI access
Control center runs 'openclaw status --json' as a subprocess to probe
the gateway. Mount the gateway install volume and set OPENCLAW_BIN_PATH
so the control center can find the binary.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 03:45:28 -07:00
Philip Peterson
2971282c45 openclaw: use --dev --auth none for gateway startup
Newer openclaw (2026.6.6) requires more config than our minimal json.
--dev creates a working config if missing, --auth none skips token
auth since the gateway is loopback-only.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 03:36:21 -07:00
Philip Peterson
64672a1cde openclaw: add gateway as separate host-network container
Gateway runs in its own node:22-alpine container with host networking,
installs openclaw@latest on first boot (persisted to /var/openclaw/gateway).
Control center also switches to host networking so ws://127.0.0.1:18789
reaches the gateway's loopback. UI_BIND_ADDRESS locked to 127.0.0.1.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 03:30:13 -07:00
Philip Peterson
45d673c292 openclaw: default to English and add basic auth
- Patch app source at startup to change default language from zh to en
- Add basicAuth (ironmagma) to nginx vhost for claw.quineglobal.com

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 03:13:31 -07:00
Philip Peterson
2a2c524d16 fix claw.quineglobal.com redirect loop: forceSSL -> addSSL
Cloudflare is in Flexible SSL mode so it hits our origin over HTTP.
forceSSL was causing an infinite HTTP->HTTPS redirect loop. Switch to
addSSL so HTTPS still works for direct connections while HTTP serves
normally through Cloudflare.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 03:00:09 -07:00
Philip Peterson
1f9b202109 fix openclaw binding to 0.0.0.0 so port forwarding works in container
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 02:45:16 -07:00
Philip Peterson
88acec9159 Merge branch 'main' of https://forge.quinefoundation.com/Cold-Air-Networks/petersweb-infra 2026-06-14 02:33:44 -07:00
Philip Peterson
56bb66c0b7 update 2026-06-14 02:33:18 -07:00
Philip Peterson
b4d9f3d619 fix digests 2026-06-14 02:21:20 -07:00
21d098d4be bump riverside to 1b6a710 (#2)
Automated bump from Cold-Air-Networks/customer-riverside@1b6a71060a

Co-authored-by: CI <ci@quinefoundation.com>
Reviewed-on: #2
2026-06-14 01:07:59 -08:00
c568943ff5 Merge pull request 'bump riverside to 0d3b502' (#1) from bump-riverside-0d3b502 into main
Reviewed-on: #1
2026-06-12 01:42:50 -08:00
CI
942081dda3 bump riverside to 0d3b502 2026-06-12 01:42:36 -08:00
Philip Peterson
323d65e2a3 enable claw 2026-06-11 23:23:10 -07:00
Philip Peterson
183e1875e1 prune 2026-06-11 23:22:42 -07:00
Philip Peterson
75006dab18 wrapper access 2026-06-11 22:37:48 -07:00
Philip Peterson
7f519f804b disable claw 2026-06-10 14:25:43 -07:00
Philip Peterson
19b9844881 Replace vnc-desktop container with native novnc service, add claw.quineglobal.com
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-10 13:58:17 -07:00
Philip Peterson
26d4bcc857 Add openclaw control center as arion service
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-10 13:25:30 -07:00
671f7b5117 Wip 2026-06-08 04:05:28 -08:00
0a820b8e66 better auth 2026-06-08 04:00:29 -08:00
772c6c59a8 bump 2026-06-08 03:57:45 -08:00
Philip Peterson
b443162f0c encrypt 2026-06-08 04:49:55 -07:00
Philip Peterson
42a8b4a1cc Merge branch 'main' of github.com:philip-peterson/petersweb-infra 2026-06-08 04:42:33 -07:00
Philip Peterson
3687011061 Bump coldair 2026-06-08 04:42:27 -07:00
d383b9abc3 bump 2026-06-06 00:51:58 -08:00
Philip Peterson
f0209fbdc8 Add WebSocket proxy headers to paperless nginx vhost
Paperless-ngx uses WebSockets to push task completion status to the
browser. Without Upgrade/Connection headers the UI hangs indefinitely
after upload while waiting for the done notification.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-05 23:26:15 -07:00
Philip Peterson
047c4b2207 Fix paperless nginx: remove duplicate proxy_set_header directives
recommendedProxySettings already injects Host, X-Real-IP, X-Forwarded-*
via an include in the location block. Our explicit extraConfig set them
again, causing Django to receive 'host,host' and reject with DisallowedHost.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-05 23:20:27 -07:00
Philip Peterson
3fea6dddd7 Merge branch 'main' of github.com:philip-peterson/petersweb-infra 2026-06-05 22:58:26 -07:00
Philip Peterson
dd4a80e034 Install paperless 2026-06-05 22:58:17 -07:00
5a14d56cd2 add secret 2026-06-05 21:58:03 -08:00
07573489df bump 2026-06-04 23:13:29 -08:00
0776104f40 bump 2026-06-04 22:42:07 -08:00