admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
870 Commits 31 Branches 0 Tags
e822b769829f809c2d1bda8a36eb7486ebd31fd4
Commit Graph

6 Commits

Author SHA1 Message Date
Renovate Bot 03b8af9b78 Update busybox Docker tag to v1.38
renovate/stability-days Updates have met minimum release age requirement
Details
2026-06-06 00:04:43 +00:00
admin de593cfcc3 removed wger 2026-05-30 09:17:58 +02:00
admin 6d21576e00 workout-system: SparkyFitness OIDC-only auth (email login+signup off, OIDC signup on) 
Admin bootstrapped via Authentik OIDC. Finalize the intended auth posture:
- Remove SPARKY_FITNESS_FORCE_EMAIL_LOGIN fail-safe (OIDC confirmed working).
- Add SPARKY_FITNESS_DISABLE_EMAIL_LOGIN=true -> email/password login + registration off.
- Keep SPARKY_FITNESS_DISABLE_SIGNUP=false so OIDC auto-register keeps working
  (the global signup gate would otherwise block OIDC self-registration too).
Net: Authentik OIDC is the only login + signup path; emergency recovery documented
inline (set FORCE_EMAIL_LOGIN=true to re-enable email login).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 16:00:27 +02:00
admin a1e73466a6 workout-system: temporarily enable signup to bootstrap SparkyFitness admin 
DISABLE_SIGNUP=true blocks OIDC auto-register too (callback returns 'Signups are
currently disabled by the administrator'), so the first admin account can't be
created. Set DISABLE_SIGNUP=false just long enough for the admin to log in via
Authentik once (auto-registers + admin via SPARKY_FITNESS_ADMIN_EMAIL); will be
reverted to true right after.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 15:51:15 +02:00
admin f09e76a4b3 workout-system: fix SparkyFitness OIDC issuer slug (sparkyfitness -> sparky-fitness) 
The Authentik application was created with slug 'sparky-fitness' (hyphen), so the
OIDC discovery document lives at /application/o/sparky-fitness/.well-known/...
The previous value (no hyphen) 404'd. Align the issuer URL with the actual slug.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 15:37:05 +02:00
admin 7f3c06f16c workout-system: deploy SparkyFitness v0.16.6.3, park wger, take over workout.dooplex.hu 
SparkyFitness (https://github.com/CodeWithCJ/SparkyFitness) replaces wger on
workout.dooplex.hu / workout.home with native Authentik OIDC.

Components (sparkyfitness.yaml): dedicated postgres:15-alpine, server (3010,
/api/health), frontend nginx (root image, listens :80). PVCs sparkyfitness-postgres
+ sparkyfitness-uploads (Longhorn, backup labels). In-app OIDC, no forward-auth.

Deviations from the deploy spec, following upstream ground truth:
- In-container mount path for uploads is /app/SparkyFitnessServer/uploads (per the
  upstream Helm chart values.yaml), not /app/uploads.
- Frontend root image (codewithcj/sparkyfitness) has 'listen 80;' hardcoded ->
  NGINX_LISTEN_PORT=80, containerPort/Service 80.
- Image names use the docker-compose variants (codewithcj/sparkyfitness_server,
  codewithcj/sparkyfitness); the upstream Helm chart uses -server/-frontend.
- All wger Deployments scaled to 0 (incl. celery worker/beat), not just
  wger + wger-redis, so celery doesn't crashloop against the downed redis.

Secrets (outside git): sparky-oauth (client-id/client-secret, pre-existing) +
sparky-app (db + app-db creds, api-encryption-key, better-auth-secret).

wger is parked, not deleted: Deployments at 0, both Ingresses removed (ArgoCD
prune frees the hostnames); Services/ConfigMap/PVCs/CNPG DB kept for rollback.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 15:21:21 +02:00