Commit graph

242 commits

Author SHA1 Message Date
Philip Peterson
b443162f0c encrypt 2026-06-08 04:49:55 -07:00
d383b9abc3 bump 2026-06-06 00:51:58 -08:00
Philip Peterson
f0209fbdc8 Add WebSocket proxy headers to paperless nginx vhost
Paperless-ngx uses WebSockets to push task completion status to the
browser. Without Upgrade/Connection headers the UI hangs indefinitely
after upload while waiting for the done notification.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-05 23:26:15 -07:00
Philip Peterson
047c4b2207 Fix paperless nginx: remove duplicate proxy_set_header directives
recommendedProxySettings already injects Host, X-Real-IP, X-Forwarded-*
via an include in the location block. Our explicit extraConfig set them
again, causing Django to receive 'host,host' and reject with DisallowedHost.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-05 23:20:27 -07:00
Philip Peterson
3fea6dddd7 Merge branch 'main' of github.com:philip-peterson/petersweb-infra 2026-06-05 22:58:26 -07:00
Philip Peterson
dd4a80e034 Install paperless 2026-06-05 22:58:17 -07:00
5a14d56cd2 add secret 2026-06-05 21:58:03 -08:00
07573489df bump 2026-06-04 23:13:29 -08:00
0776104f40 bump 2026-06-04 22:42:07 -08:00
f59200a349 bump 2026-06-04 22:10:40 -08:00
bbdd562af3 bump 2026-06-04 21:59:15 -08:00
Philip Peterson
85b8479e44 fix secrets 2026-06-04 22:12:55 -07:00
Philip Peterson
f5c350dbf8 Fix 2026-06-04 20:39:29 -07:00
Philip Peterson
4b88ae2a68 use nginx 2026-06-04 19:37:11 -07:00
Philip Peterson
e3f91306f7 add arion 2026-06-04 19:20:57 -07:00
772663f9e3 bump 2026-06-03 23:16:33 -08:00
be6fc41d2e bump 2026-06-03 23:11:36 -08:00
5fa3781b5c bump 2026-06-03 22:09:44 -08:00
3b5d31277a bump 2026-06-03 01:15:34 -08:00
56f9e4a744 Merge branch 'main' of github.com:philip-peterson/petersweb-infra 2026-06-01 02:29:12 -08:00
Philip Peterson
622a1c1555 remove trusted 2026-06-01 03:28:43 -07:00
985f33ab11 bump 2026-06-01 02:22:58 -08:00
4db0ab5337 Merge branch 'main' of github.com:philip-peterson/petersweb-infra 2026-06-01 02:14:45 -08:00
Philip Peterson
097e3a312f Move KDE desktop to host; container becomes noVNC proxy only
The vnc-desktop container no longer runs a desktop environment. KDE Plasma
and Xvnc now run directly on the host via a vnc-kde systemd service, with
port 5901 firewalled to the podman bridge subnet only. The container is
reduced to a websockify bridge forwarding the noVNC web UI to hetzner-host:5901.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-01 03:13:20 -07:00
3669b9389e Deploy riverside 2026-06-01 02:03:49 -08:00
bc38566d5c vnc tweaks 2026-05-30 03:05:36 -08:00
33d2ae427a restart podman when refresh 2026-05-30 02:51:31 -08:00
1334de7ff6 Add Discover logging patch and Firefox to vnc-desktop image
Adds a discover-logging/ build step that fetches the plasma-discover
source, instruments PKTransaction.cpp with qWarning calls at key points
(trigger, statusChanged, progressChanged, cleanup, errorFound,
installFile) to diagnose hanging .deb installs, then rebuilds and
reinstalls the patched packagekit-backend.so.

Also installs Firefox via the Mozilla apt repo (Ubuntu 24.04 ships
Firefox as a snap which doesn't work in the container).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-30 02:48:46 -08:00
5e9822ccc4 try fix vnc password 2026-05-30 02:13:40 -08:00
f3592d4dcf updates 2026-05-29 22:20:38 -08:00
da436cd3df handle a/b from github 2026-05-29 21:32:42 -08:00
de07e62e8e Bump hyper 2026-05-29 02:21:47 -08:00
b33f401593 Bump 2026-05-28 22:58:50 -08:00
745d33661d Tweak common 2026-05-28 22:20:25 -08:00
5c0cd31481 Use common 2026-05-28 22:17:24 -08:00
d329b6dc19 Bump hyper 2026-05-28 22:13:15 -08:00
f61913dc90 Bump riverside 2026-05-28 17:39:47 -08:00
4c10105cbb Bump hyper 2026-05-28 16:04:38 -08:00
6e15ad142d extend withWww to philippeterson.com and coldairnetworks.com; drop fbksdigital
- philippeterson.com and coldairnetworks.com now use withWww, fixing the same
  www.* cert-mismatch problem that affected pdxdestiny.com
- fbksdigital.com vhost removed (disabled for now)
- ACME cyclic dependency list updated accordingly

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 15:47:02 -08:00
2624efbde8 add withWww helper and fix www.pdxdestiny.com cert mismatch
www.pdxdestiny.com had no vhost so nginx fell back to the coldairnetworks.com
cert. Added a withWww helper that generates apex + www redirect pair, and
wired up pdxdestiny.com as the first user.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 15:44:30 -08:00
81a97f086e bump hyper 2026-05-27 21:55:51 -08:00
Philip Peterson
0954d0e8d7 Bump image 2026-05-27 22:55:15 -07:00
e0849cdb62 bump 2026-05-26 00:00:59 -08:00
0f6cc351d3 bump 2026-05-25 23:31:49 -08:00
0d678388e5 wip 2026-05-25 23:23:11 -08:00
005b8e62e5 wip 2026-05-25 23:19:34 -08:00
31bb508d8f wip 2026-05-25 23:13:54 -08:00
6881cd74e1 vnc: increase desktop resolution to 1920x1080
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 21:04:59 -08:00
6b7cc9f88b wip 2026-05-25 19:55:28 -08:00
855f5dbded fix VNC pid exhaustion: remove bluez loop, raise machine.slice limit
kded5 was activating org.bluez.obex in a tight loop (no BT hardware in
container), spawning thousands of obexd threads until the libpod scope hit
its TasksMax=9286 systemd default — causing fork failures and a 502.

- vnc-desktop/Dockerfile: purge bluez/bluez-obexd and delete D-Bus service
  activation files so kded5 can't trigger the loop
- linux.nix: machine.slice TasksMax=infinity so the libpod scope ceiling
  can't be hit by legitimate KDE thread counts
- linux.nix: containers.conf pids_limit=0 (unlimited) to let podman pass
  TasksMax=infinity to new container scopes

pids.current went from 9286 (exhausted) to 159 after the fix.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 19:53:28 -08:00