Added new paint service stack to the docker-compose infrastructure:
- **Paint stack** (paint.pivoine.art):
- miniPaint: Web-based image editor built from GitHub
- Multi-stage Docker build clones from https://github.com/viliusle/miniPaint
- Features: layers, filters, drawing tools, text, shapes support
- Client-side processing with no server uploads
- Stateless architecture (no backups needed)
Infrastructure updates:
- Created paint/compose.yaml with Traefik routing and SSL
- Created paint/Dockerfile with Node.js build stage and nginx serve
- Added PAINT environment variables to arty.yml
- Updated compose.yaml include list
- Updated CLAUDE.md documentation
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added VERT universal file format converter deployed at vert.pivoine.art:
**Vert stack** (vert.pivoine.art):
- vert: WebAssembly-based file converter
- Supports 250+ file formats (images, audio, documents, video)
- Client-side processing for privacy
- No file size limits
- No persistent data storage (stateless)
Infrastructure updates:
- Created vert/compose.yaml with Vert configuration
- Added VERT_* environment variables to arty.yml
- Updated compose.yaml to include vert stack
- Updated README.md and CLAUDE.md documentation
- No backup needed (stateless service)
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Joplin Server deployment at joplin.pivoine.art:
**Joplin stack** (joplin.pivoine.art):
- joplin: Note-taking server with multi-device sync
- PostgreSQL backend for data persistence
- End-to-end encryption support
- Compatible with official Joplin clients (desktop, mobile, CLI)
- Markdown-based notes with attachments
Infrastructure updates:
- Added joplin database to PostgreSQL init script
- Updated compose.yaml to include joplin stack
- Added JOPLIN_* environment variables to arty.yml
- Added joplin-backup plan to restic (13th backup plan)
- Updated restic/compose.yaml with joplin_data volume mount
- Updated README.md and CLAUDE.md documentation
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels. Daily backups scheduled for 2 AM with
7 daily, 4 weekly, 6 monthly, and 2 yearly retention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added self-hosted password manager to The Falcon infrastructure:
**Vault Stack** (vault.pivoine.art):
- Vaultwarden (Bitwarden-compatible server)
- SQLite database for password storage
- WebSocket support for real-time sync
- TOTP and WebAuthn/U2F 2FA support
- Browser extensions and mobile apps compatible
**Configuration:**
- Domain: https://vault.pivoine.art
- Signups: Disabled (invite-only for security)
- Invitations: Enabled
- Password hints: Disabled (security best practice)
- First user becomes admin
**Backup Integration:**
- Added vaultwarden-backup plan to Restic
- Schedule: 8 AM daily (same as letsencrypt)
- Retention: 7 daily, 4 weekly, 12 monthly, 3 yearly
- Backup volume: vault_data mounted read-only
**Infrastructure Updates:**
- Created vault/compose.yaml following stack pattern
- Added VAULT_* environment variables to arty.yml
- Updated compose.yaml to include vault stack
- Added backup_vaultwarden_data volume to restic
- Updated restic/config.json with 12th backup plan
**Documentation:**
- Added Vault to CORE SYSTEMS in README
- Added to ship architecture diagram
- Documented in CLAUDE.md with configuration details
- Updated volume management sections
- Backup count increased from 11 to 12 plans
Critical data backed up with long retention (3 years yearly).
Compatible with official Bitwarden clients on all platforms.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Sablier plugin and service for scale-to-zero capabilities:
**Traefik Plugin:**
- Added experimental.plugins.sablier configuration
- Plugin version: v1.10.1
- Module: github.com/acouvreur/sablier/plugins/traefik
**Sablier Service:**
- Created sablier/compose.yaml with Sablier server
- Uses Docker provider for container management
- Mounts Docker socket for container control
- Connected to falcon_network
**Configuration:**
- Added SABLIER_COMPOSE_PROJECT_NAME to arty.yml
- Added SABLIER_VERSION to arty.yml
- Included sablier stack in compose.yaml
**Usage:**
Services can now use Sablier middleware to automatically
scale to zero when idle and start on demand when accessed.
Example middleware configuration:
```yaml
http:
middlewares:
my-sablier:
plugin:
sablier:
sablierUrl: http://sablier_app:10000
names: service-name
sessionDuration: 1m
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added new Links stack to Falcon infrastructure:
**Links Stack (links.pivoine.art):**
- Linkwarden bookmark manager with PostgreSQL backend
- Meilisearch v1.12.8 for full-text search
- Browser extension support
- Screenshot and PDF archiving
- Collaborative bookmark sharing
**Infrastructure Updates:**
- Created links/compose.yaml with linkwarden and meilisearch services
- Added linkwarden database to PostgreSQL init script
- Added LINKS_* environment variables to arty.yml
- Updated compose.yaml to include links stack
- Cleaned up .env to contain only secrets
- Added all EMAIL_* variables to .env
**Documentation:**
- Updated CLAUDE.md with Links service details
- Updated README.md with Links in CORE SYSTEMS table
- Added linkwarden_data and meili_data volumes to docs
**Required Secrets (in .env):**
- LINKS_NEXTAUTH_SECRET: NextAuth.js session encryption
- LINKS_MEILI_MASTER_KEY: Meilisearch API authentication
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed default SCRAPY_AUTH_USERS value from arty.yml to ensure
credentials are only read from .env file (secrets).
This fixes login issues where the default placeholder value was
being used instead of actual credentials from .env.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Traefik Basic Auth middleware to secure Scrapyd web interface:
- Added basicauth middleware to scrapyd service labels
- Middleware chains auth with compression for HTTPS routes
- Added SCRAPY_AUTH_USERS environment variable to arty.yml
- Credentials stored in .env (htpasswd format with escaped $)
Access to scrapy.pivoine.art now requires username/password.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added three new service stacks to the docker-compose infrastructure:
- **Scrapy stack** (scrapy.pivoine.art):
- scrapyd: Web scraping daemon with web interface (port 6800)
- scrapy: Development container for spider commands
- scrapyrt: Real-time API for running spiders (port 9080)
- **n8n stack** (n8n.pivoine.art):
- Workflow automation platform with PostgreSQL backend
- 200+ integrations for automated tasks
- Runners enabled for task execution
- Webhook support for external triggers
- **Filestash stack** (stash.pivoine.art):
- Web-based file manager with multi-backend support
- Supports SFTP, S3, Dropbox, Google Drive, FTP, WebDAV
- In-browser file viewing and media playback
Infrastructure updates:
- Updated PostgreSQL init script to create n8n database
- Added environment variables to arty.yml for all three stacks
- Updated compose.yaml include list
- Updated CLAUDE.md and README.md documentation
- Normalized service names in existing stacks (gotify, proxy, umami, vpn)
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Created watch/compose.yaml with Watchtower service configuration
- Added Watchtower environment variables to arty.yml
- Enabled Watchtower monitoring for sexy_frontend container
- Configurable via environment variables (poll interval, cleanup, logging)
- Label-based updates: only containers with watchtower.enable=true
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove dependency on .env file for database credentials
- Use direct database user and database name in scripts
- Update sexy/db/import to use correct credentials (valknar/directus)
- Remove artifact download step from awsm/import (not needed)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Extended environment variable usage to export scripts and simplified
the env loading pattern across all scripts.
Changes:
- sexy/db/export: now uses $DB_USER and $SEXY_DB_NAME
- sexy/export/all: now uses $DB_USER and $SEXY_DB_NAME
- All scripts: changed from 'set -a && source .env && set +a' to
'export $(cat .env | xargs)' for cleaner, more concise syntax
This ensures consistent variable usage across all import/export scripts
and makes them work correctly in all environments.
Added 'set -a && source .env && set +a' at the beginning of import scripts
to load environment variables from .env file.
This ensures DB_USER and SEXY_DB_NAME are properly set before executing
docker commands, regardless of whether arty exports them or not.
- set -a: enables automatic export of variables
- source .env: loads variables from .env file
- set +a: disables automatic export
Changed from ${DB_USER}/${SEXY_DB_NAME} to $DB_USER/$SEXY_DB_NAME
for proper variable expansion in arty scripts.
Arty exports environment variables before executing scripts, so simple
$VAR syntax works correctly, while ${VAR} was being treated as literal
text in the shell context.
Changed from ${DB_USER} and ${SEXY_DB_NAME} variables to hardcoded
values 'valknar' and 'directus' for production VPS environment.
Arty environment variables are not exported to the shell where scripts
execute, so the variables were empty when docker exec commands ran.
Production VPS always uses:
- PostgreSQL container: core_postgres
- DB user: valknar
- Database name: directus
These values are stable for production and won't change.
Removed interactive confirmation prompt (read -p and if/else/fi) from
sexy/import/all script. The if/else control structure caused syntax errors
when executed via arty due to how arty appends "$@" to scripts.
The script now runs directly without confirmation. Users should be careful
when running this destructive operation as it will immediately:
1. Drop and recreate all database tables
2. Apply Directus schema snapshot
3. Restart the Directus API
Warning message is still displayed before execution.
Changed hardcoded database credentials to use environment variables:
- `-U sexy` → `-U ${DB_USER}`
- `-d sexy` → `-d ${SEXY_DB_NAME}`
Also added missing interactive confirmation prompt to sexy/import/all script.
This fixes the script error on VPS where:
- VPS uses: DB_USER=valknar, SEXY_DB_NAME=directus
- Local dev uses: DB_USER=sexy, SEXY_DB_NAME=sexy (or directus)
The scripts now work correctly in both environments by reading
the appropriate values from .env files via arty's environment system.
