Commit graph

22 commits

Author SHA1 Message Date
bbdd562af3 bump 2026-06-04 21:59:15 -08:00
Philip Peterson
85b8479e44 fix secrets 2026-06-04 22:12:55 -07:00
772663f9e3 bump 2026-06-03 23:16:33 -08:00
be6fc41d2e bump 2026-06-03 23:11:36 -08:00
5fa3781b5c bump 2026-06-03 22:09:44 -08:00
3b5d31277a bump 2026-06-03 01:15:34 -08:00
56f9e4a744 Merge branch 'main' of github.com:philip-peterson/petersweb-infra 2026-06-01 02:29:12 -08:00
Philip Peterson
622a1c1555 remove trusted 2026-06-01 03:28:43 -07:00
985f33ab11 bump 2026-06-01 02:22:58 -08:00
3669b9389e Deploy riverside 2026-06-01 02:03:49 -08:00
f61913dc90 Bump riverside 2026-05-28 17:39:47 -08:00
Philip Peterson
0954d0e8d7 Bump image 2026-05-27 22:55:15 -07:00
c51352e6fe fix riverside DNS, VNC stale lock, and pids limit
- firewall.nix: allow DNS (UDP/TCP 53) from all podman bridge networks
  (10.89.0.0/16); NixOS only auto-adds a rule for podman0 but docker-compose
  arion stacks land on podman1/2/3 where container DNS was silently blocked
- vnc-desktop/start.sh: rm stale /tmp/.X1-lock on container start so
  container restarts don't leave Xvnc unable to bind display :1
- linux.nix: TasksMax=infinity on arion-vnc-desktop so the systemd cgroup
  doesn't cap KDE Plasma's thread count below the container pids limit
- arion-riverside/arion-compose.nix: add ADMIN_PASS env var required by
  the riverside entrypoint

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 19:36:36 -08:00
359292b497 fix nginx/arion/runner failures introduced by podman switch
- Break systemd ordering deadlock: nginx.after mkForce removes
  DNS-challenge ACME services (philippeterson, webdav) from nginx's
  After list, which was creating a cycle through nginx-config-reload
  back to HTTP-webroot ACME services that need nginx Before them.

- Fix arion services not finding podman socket: arion NixOS module
  sets backend=podman-socket but doesn't inject DOCKER_HOST; add
  explicit DOCKER_HOST=unix:///run/podman/podman.sock for all three
  arion projects.

- Fix gitea-runner startup race: add After/Wants on arion-forgejo so
  the runner doesn't try to register before Forgejo is up.

- Fix riverside image reference: pinned digest was stale after a
  re-push; switch to :latest.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 18:58:08 -08:00
96bed19729 fix 2026-05-25 14:43:03 -08:00
aa2fce1b7f fix riverside 2026-05-25 14:29:58 -08:00
14455adbf5 fix arion 2026-05-25 12:25:33 -08:00
5a17e00958 bump version of riverside 2026-05-25 12:10:14 -08:00
b583167dae bump version of riverside 2026-05-25 11:00:40 -08:00
e3bad28a0a fix 2026-05-14 14:30:35 -08:00
9b8b06a693 fix 2026-05-14 14:25:52 -08:00
93506862ec Move riverside to arion with postgres companion service
riverside needs a postgres sidecar which oci-containers can't express.
Also adds docker to arion PATH (fixes forgejo-arion) and creates
/var/riverside/{files,postgres} state directories.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 14:23:42 -08:00