Router is now fully defined in proxy/dynamic/vert-sablier.yaml.
Docker labels now only define:
- Service (loadbalancer port)
- Middlewares (auth, compress)
- Sablier labels (enable, group)
This prevents conflicts between Docker label routers and dynamic file routers.
Moved Sablier middleware from Docker labels to Traefik dynamic configuration
to fix "unknown plugin type: sablier" error. Traefik plugins can only be
used in dynamic file configuration, not in Docker labels.
Changes:
- Removed sablier-vert@file reference from Docker label middleware chain
- Added complete router definition to proxy/dynamic/vert-sablier.yaml
- Router includes full middleware chain: sablier-vert → vert-auth → compress
- Kept sablier.enable and sablier.group labels for Sablier service discovery
This allows Sablier to properly scale the container to zero while maintaining
the middleware chain order through file-based configuration.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added VERT universal file format converter deployed at vert.pivoine.art:
**Vert stack** (vert.pivoine.art):
- vert: WebAssembly-based file converter
- Supports 250+ file formats (images, audio, documents, video)
- Client-side processing for privacy
- No file size limits
- No persistent data storage (stateless)
Infrastructure updates:
- Created vert/compose.yaml with Vert configuration
- Added VERT_* environment variables to arty.yml
- Updated compose.yaml to include vert stack
- Updated README.md and CLAUDE.md documentation
- No backup needed (stateless service)
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added email configuration to Joplin Server using existing SMTP settings from .env:
- MAILER_ENABLED: 1
- MAILER_HOST, MAILER_PORT from EMAIL_SMTP_* variables
- MAILER_AUTH_USER and MAILER_AUTH_PASSWORD from .env
- MAILER_NOREPLY_EMAIL using EMAIL_FROM
This enables password reset emails and user notifications.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Joplin Server deployment at joplin.pivoine.art:
**Joplin stack** (joplin.pivoine.art):
- joplin: Note-taking server with multi-device sync
- PostgreSQL backend for data persistence
- End-to-end encryption support
- Compatible with official Joplin clients (desktop, mobile, CLI)
- Markdown-based notes with attachments
Infrastructure updates:
- Added joplin database to PostgreSQL init script
- Updated compose.yaml to include joplin stack
- Added JOPLIN_* environment variables to arty.yml
- Added joplin-backup plan to restic (13th backup plan)
- Updated restic/compose.yaml with joplin_data volume mount
- Updated README.md and CLAUDE.md documentation
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels. Daily backups scheduled for 2 AM with
7 daily, 4 weekly, 6 monthly, and 2 yearly retention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added self-hosted password manager to The Falcon infrastructure:
**Vault Stack** (vault.pivoine.art):
- Vaultwarden (Bitwarden-compatible server)
- SQLite database for password storage
- WebSocket support for real-time sync
- TOTP and WebAuthn/U2F 2FA support
- Browser extensions and mobile apps compatible
**Configuration:**
- Domain: https://vault.pivoine.art
- Signups: Disabled (invite-only for security)
- Invitations: Enabled
- Password hints: Disabled (security best practice)
- First user becomes admin
**Backup Integration:**
- Added vaultwarden-backup plan to Restic
- Schedule: 8 AM daily (same as letsencrypt)
- Retention: 7 daily, 4 weekly, 12 monthly, 3 yearly
- Backup volume: vault_data mounted read-only
**Infrastructure Updates:**
- Created vault/compose.yaml following stack pattern
- Added VAULT_* environment variables to arty.yml
- Updated compose.yaml to include vault stack
- Added backup_vaultwarden_data volume to restic
- Updated restic/config.json with 12th backup plan
**Documentation:**
- Added Vault to CORE SYSTEMS in README
- Added to ship architecture diagram
- Documented in CLAUDE.md with configuration details
- Updated volume management sections
- Backup count increased from 11 to 12 plans
Critical data backed up with long retention (3 years yearly).
Compatible with official Bitwarden clients on all platforms.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updated documentation to reflect complete backup setup:
**CLAUDE.md Updates:**
- Added detailed repository configuration (hidrive-backup)
- Documented all 11 backup plans with schedules and retention
- Explained volume mounting strategy with prefixed names
- Added configuration management instructions
- Included maintenance schedule (weekly prune/check)
**README.md Updates:**
- Added "Backup Operations" section with CLI commands
- Documented automated backup schedule (2-8 AM daily)
- Added backup protocol to security section
- Updated mission status with backup system indicator
- Included next backup time and repository status
**compose.yaml Updates:**
- Restored backrest_config volume (needed for proper operation)
- Removed direct config.json mount (causes write conflicts)
- Config copied into volume after container start
All 11 backup plans now documented:
- postgres, redis, directus (uploads/bundle)
- awesome, gotify, scrapy, n8n
- filestash, linkwarden, letsencrypt
Retention policies range from 3-12 months with yearly backups
for critical data (postgres, directus, letsencrypt).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed config version from 1 to 4 to match Backrest 1.10.1
requirements. Version 1 is too old and requires migration through
intermediate version 1.4.0.
Config now loads successfully with all 11 backup plans scheduled.
Prefixed all external volume references with 'backup_' to avoid
conflicts with volume definitions in other compose files (e.g.,
directus_uploads defined in both sexy and restic).
This allows Docker Compose's include pattern to work correctly
without volume name collisions.
Updated THE FALCON documentation to reflect new infrastructure additions:
- **Traefik Dashboard**: Added proxy.pivoine.art to CORE SYSTEMS table as "Shield control dashboard"
- **Sablier Plugin**: Documented v1.10.1 plugin for dynamic scaling/scale-to-zero capabilities
- **Infrastructure Diagram**:
- Added Dashboard Command Center to Traefik section
- Added Sablier Dynamic Scaling Plugin
- Updated SECURITY LAYER architecture with dashboard and Sablier entries
All systems operational and accessible via the Falcon network.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Sablier plugin and service for scale-to-zero capabilities:
**Traefik Plugin:**
- Added experimental.plugins.sablier configuration
- Plugin version: v1.10.1
- Module: github.com/acouvreur/sablier/plugins/traefik
**Sablier Service:**
- Created sablier/compose.yaml with Sablier server
- Uses Docker provider for container management
- Mounts Docker socket for container control
- Connected to falcon_network
**Configuration:**
- Added SABLIER_COMPOSE_PROJECT_NAME to arty.yml
- Added SABLIER_VERSION to arty.yml
- Included sablier stack in compose.yaml
**Usage:**
Services can now use Sablier middleware to automatically
scale to zero when idle and start on demand when accessed.
Example middleware configuration:
```yaml
http:
middlewares:
my-sablier:
plugin:
sablier:
sablierUrl: http://sablier_app:10000
names: service-name
sessionDuration: 1m
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added loadbalancer.server.port=8080 to dashboard configuration
since the Traefik API/dashboard runs on port 8080 internally.
Also added ping endpoint for healthchecks.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updated dashboard configuration to match the working pattern
from other services (Links, Scrapy, etc):
**Changes:**
- Added HTTP to HTTPS redirect middleware
- Added separate web and web-secure routers
- Renamed middleware from dashboard-auth to just auth
- Added explicit docker.network label
- Now follows the exact same pattern as Links stack
**Label Structure:**
- web router: HTTP entrypoint with redirect middleware
- web-secure router: HTTPS with TLS cert resolver and auth
- Consistent naming: proxy-web, proxy-web-secure, proxy-auth
This ensures the dashboard works the same way as all
other services in the stack.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added new Links stack to Falcon infrastructure:
**Links Stack (links.pivoine.art):**
- Linkwarden bookmark manager with PostgreSQL backend
- Meilisearch v1.12.8 for full-text search
- Browser extension support
- Screenshot and PDF archiving
- Collaborative bookmark sharing
**Infrastructure Updates:**
- Created links/compose.yaml with linkwarden and meilisearch services
- Added linkwarden database to PostgreSQL init script
- Added LINKS_* environment variables to arty.yml
- Updated compose.yaml to include links stack
- Cleaned up .env to contain only secrets
- Added all EMAIL_* variables to .env
**Documentation:**
- Updated CLAUDE.md with Links service details
- Updated README.md with Links in CORE SYSTEMS table
- Added linkwarden_data and meili_data volumes to docs
**Required Secrets (in .env):**
- LINKS_NEXTAUTH_SECRET: NextAuth.js session encryption
- LINKS_MEILI_MASTER_KEY: Meilisearch API authentication
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed default SCRAPY_AUTH_USERS value from arty.yml to ensure
credentials are only read from .env file (secrets).
This fixes login issues where the default placeholder value was
being used instead of actual credentials from .env.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Traefik Basic Auth middleware to secure Scrapyd web interface:
- Added basicauth middleware to scrapyd service labels
- Middleware chains auth with compression for HTTPS routes
- Added SCRAPY_AUTH_USERS environment variable to arty.yml
- Credentials stored in .env (htpasswd format with escaped $)
Access to scrapy.pivoine.art now requires username/password.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Both scrapy and scrapyrt services now use the shared scrapy_code named
volume instead of bind mounts. Code directory will be added later.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added three new service stacks to the docker-compose infrastructure:
- **Scrapy stack** (scrapy.pivoine.art):
- scrapyd: Web scraping daemon with web interface (port 6800)
- scrapy: Development container for spider commands
- scrapyrt: Real-time API for running spiders (port 9080)
- **n8n stack** (n8n.pivoine.art):
- Workflow automation platform with PostgreSQL backend
- 200+ integrations for automated tasks
- Runners enabled for task execution
- Webhook support for external triggers
- **Filestash stack** (stash.pivoine.art):
- Web-based file manager with multi-backend support
- Supports SFTP, S3, Dropbox, Google Drive, FTP, WebDAV
- In-browser file viewing and media playback
Infrastructure updates:
- Updated PostgreSQL init script to create n8n database
- Added environment variables to arty.yml for all three stacks
- Updated compose.yaml include list
- Updated CLAUDE.md and README.md documentation
- Normalized service names in existing stacks (gotify, proxy, umami, vpn)
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added watchtower.enable label to awesome_app container for automatic
Docker image updates when new versions are pushed to the registry.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Created watch/compose.yaml with Watchtower service configuration
- Added Watchtower environment variables to arty.yml
- Enabled Watchtower monitoring for sexy_frontend container
- Configurable via environment variables (poll interval, cleanup, logging)
- Label-based updates: only containers with watchtower.enable=true
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove dependency on .env file for database credentials
- Use direct database user and database name in scripts
- Update sexy/db/import to use correct credentials (valknar/directus)
- Remove artifact download step from awsm/import (not needed)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added video-to-model relationships in sexy_videos_directus_users junction table
- Updated sequence numbers for sexy_videos_directus_users and sexy_videos_models
- Fixed missing model associations for existing videos
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Extended environment variable usage to export scripts and simplified
the env loading pattern across all scripts.
Changes:
- sexy/db/export: now uses $DB_USER and $SEXY_DB_NAME
- sexy/export/all: now uses $DB_USER and $SEXY_DB_NAME
- All scripts: changed from 'set -a && source .env && set +a' to
'export $(cat .env | xargs)' for cleaner, more concise syntax
This ensures consistent variable usage across all import/export scripts
and makes them work correctly in all environments.
Added 'set -a && source .env && set +a' at the beginning of import scripts
to load environment variables from .env file.
This ensures DB_USER and SEXY_DB_NAME are properly set before executing
docker commands, regardless of whether arty exports them or not.
- set -a: enables automatic export of variables
- source .env: loads variables from .env file
- set +a: disables automatic export
Changed from ${DB_USER}/${SEXY_DB_NAME} to $DB_USER/$SEXY_DB_NAME
for proper variable expansion in arty scripts.
Arty exports environment variables before executing scripts, so simple
$VAR syntax works correctly, while ${VAR} was being treated as literal
text in the shell context.
Changed from ${DB_USER} and ${SEXY_DB_NAME} variables to hardcoded
values 'valknar' and 'directus' for production VPS environment.
Arty environment variables are not exported to the shell where scripts
execute, so the variables were empty when docker exec commands ran.
Production VPS always uses:
- PostgreSQL container: core_postgres
- DB user: valknar
- Database name: directus
These values are stable for production and won't change.
