infra

jack/infra

Fork 0

Commit graph

Author	SHA1	Message	Date
jack	fc6b1c0cec	feat: Timeweb S3 offsite backup uploads Some checks failed CI/CD / syntax-check (push) Successful in 39s Details CI/CD / deploy (push) Has been cancelled Details - Add vault_s3_access_key / vault_s3_secret_key to Ansible Vault - Expose via s3_access_key / s3_secret_key in all/main.yml - Add s3_endpoint + s3_bucket to backup role defaults - Install awscli via apt in backup role tasks - Extend backup.sh.j2: upload *.gz to S3 after local backup, prune S3 objects older than backup_retention_days Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-22 03:58:58 +07:00
jack	6ebd237894	feat: major infrastructure improvements Some checks failed CI/CD / deploy (push) Has been cancelled Details CI/CD / syntax-check (push) Successful in 1m7s Details Reliability: - Add swap role (2GB, swappiness=10, idempotent via /etc/fstab) - Add mem_limit to plane-worker (512m) and plane-beat (256m) - Add health checks to all services (traefik, vaultwarden, forgejo, plane-*, syncthing, prometheus, grafana, loki) Code quality: - Remove Traefik Docker labels (file provider used, labels were dead code) - Add comment explaining file provider architecture Observability: - Add AlertManager with Telegram notifications - Add Prometheus alert rules: CPU, RAM, disk, swap, container health - Add Loki + Promtail for centralized log aggregation - Add Loki datasource to Grafana - Enable Traefik /ping endpoint for health checks Backups: - Add backup role: pg_dump for forgejo + plane DBs, tar for vaultwarden and forgejo data - 7-day retention, daily cron at 03:00 - Backup script at /usr/local/bin/backup-services Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-22 03:28:16 +07:00

Author

SHA1

Message

Date

jack

fc6b1c0cec

feat: Timeweb S3 offsite backup uploads

CI/CD / syntax-check (push) Successful in 39s

Details

CI/CD / deploy (push) Has been cancelled

Details

- Add vault_s3_access_key / vault_s3_secret_key to Ansible Vault
- Expose via s3_access_key / s3_secret_key in all/main.yml
- Add s3_endpoint + s3_bucket to backup role defaults
- Install awscli via apt in backup role tasks
- Extend backup.sh.j2: upload *.gz to S3 after local backup,
  prune S3 objects older than backup_retention_days

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-22 03:58:58 +07:00

jack

6ebd237894

feat: major infrastructure improvements

CI/CD / deploy (push) Has been cancelled

Details

CI/CD / syntax-check (push) Successful in 1m7s

Details

Reliability:
- Add swap role (2GB, swappiness=10, idempotent via /etc/fstab)
- Add mem_limit to plane-worker (512m) and plane-beat (256m)
- Add health checks to all services (traefik, vaultwarden, forgejo,
  plane-*, syncthing, prometheus, grafana, loki)

Code quality:
- Remove Traefik Docker labels (file provider used, labels were dead code)
- Add comment explaining file provider architecture

Observability:
- Add AlertManager with Telegram notifications
- Add Prometheus alert rules: CPU, RAM, disk, swap, container health
- Add Loki + Promtail for centralized log aggregation
- Add Loki datasource to Grafana
- Enable Traefik /ping endpoint for health checks

Backups:
- Add backup role: pg_dump for forgejo + plane DBs, tar for
  vaultwarden and forgejo data
- 7-day retention, daily cron at 03:00
- Backup script at /usr/local/bin/backup-services

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-22 03:28:16 +07:00

2 commits