- Remove envsubst complexity for password hashes
- Keep users_database.yml only on server (not in git)
- Add users_database.yml to .gitignore
- Update users_database.template.yml with multi-user examples
- Configure Authelia to watch users_database.yml for changes
- Users can now be added/removed by editing the file on server
- Supports unlimited users without code changes
- Rename users_database.yml to users_database.template.yml
- Use envsubst to substitute AUTHELIA_USER_PASSWORD_HASH from .env
- Update configuration.yml to use /config/users_database.yml
- Add AUTHELIA_USER_PASSWORD_HASH environment variable to compose
- Password hash now stored securely in .env instead of git
- Add Mailpit service to NET stack with web UI at mailpit.pivoine.art
- Configure Mailpit to relay all emails through IONOS SMTP
- Migrate all 11+ services to use Mailpit instead of direct IONOS SMTP:
* SEXY: Directus API
* UTIL: Joplin, Mattermost, Vaultwarden, Tandoor, Linkwarden
* DEV: Gitea, n8n, Asciinema
* AI: Open WebUI
* NET: Netdata (via msmtp)
- Centralize SMTP credentials in mailpit-relay.yaml
- Simplify service configs (no auth/TLS for internal SMTP)
- Enable email monitoring via Mailpit web UI with Basic Auth
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed duplicate STASH_* and JELLY_* variables that have been replaced by MEDIA_* variables after consolidation into the media stack.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add backrest service to core/compose.yaml with CORE_RESTIC_ prefix
- Update arty.yml with CORE_RESTIC_* environment variables
- Remove restic from compose.yaml includes
- Backrest now part of core infrastructure stack
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create net/compose.yaml with 4 services (traefik, netdata, watchtower, umami)
- Update arty.yml with NET_* environment variables
- Update compose.yaml to include net instead of individual stacks
- Update restic volume references to net_letsencrypt_data and net_netdata_config
- Copy configuration files to net/ directory (Dockerfile, dynamic/, go.d/, etc.)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Consolidates 6 utility services into a single util stack:
- drop (PairDrop) - P2P file sharing
- joplin (Joplin Server) - Note-taking and sync
- links (Linkwarden) - Bookmark manager with Meilisearch
- mattermost (Mattermost) - Team collaboration
- vault (Vaultwarden) - Password manager
- tandoor (Tandoor) - Recipe manager
Changes:
- Created util/compose.yaml with all 6 services
- Moved rtc_config.json to util directory
- Updated environment variables to use UTIL_ prefix
- Updated restic volume references to util_* names
- Container names changed from {service}_app to util_{service}
- Volume names changed from {service}_* to util_{service}_*
- Removed individual stack directories (drop, joplin, links, mattermost, vault, tandoor)
- Updated compose.yaml to include util/compose.yaml instead of individual stacks
All services maintain their original hostnames and functionality.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Moved asciinema service from standalone stack to dev/compose.yaml
- Updated hostname from asciinema.pivoine.art to asciinema.dev.pivoine.art
- Updated environment variables to use DEV_ASCIINEMA_ prefix
- Updated restic backup volume reference (asciinema_data -> dev_asciinema_data)
- Moved custom.exs to dev/asciinema-custom.exs
- Removed standalone asciinema/compose.yaml directory
- Container name changes from asciinema_app to dev_asciinema
- Volume name changes from asciinema_data to dev_asciinema_data
- Preserved admin interface at admin.asciinema.dev.pivoine.art with Basic Auth
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Moved n8n service from standalone stack to dev/compose.yaml
- Updated hostname from n8n.pivoine.art to n8n.dev.pivoine.art
- Updated environment variables to use DEV_N8N_ prefix
- Updated restic backup volume reference (n8n_n8n_data -> dev_n8n_data)
- Removed standalone n8n/compose.yaml
- Container name changes from n8n_app to dev_n8n
- Volume name changes from n8n_n8n_data to dev_n8n_data
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Remove three unused stacks and related configuration:
- Removed sablier, scrapy, vpn from compose includes
- Deleted sablier/compose.yaml, scrapy/compose.yaml, vpn/compose.yaml
- Removed scrapy-backup from restic config
- Removed scrapy volume mounts from restic compose
- Removed SABLIER, SCRAPY, VPN env vars from arty.yml
- Cleaned up sexy/uploads directory
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Remove kit service and related configuration:
- Removed kit from compose includes
- Deleted kit/compose.yaml (landing, vert, pastel, stirling, units, draw, figlet)
- Removed KIT env vars from arty.yml
Kit services were stateless and don't require data migration.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Remove awsm service and related configuration:
- Removed awsm from compose includes
- Deleted awsm/compose.yaml
- Removed awesome-backup from restic config
- Removed awsm volume mount from restic
- Removed AWSM env vars from arty.yml
- Removed awsm/import script
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add Coolify self-hosted deployment platform with:
- Coolify main service at coolify.dev.pivoine.art
- Dedicated PostgreSQL database (uses shared core instance)
- Soketi WebSocket server for real-time features
- Traefik routing with HTTPS and compression
- Environment variables in arty.yml (secrets in .env)
- Database creation in PostgreSQL init script
Coolify enables deploying applications from Git repositories,
including the pivoine.art Jekyll site from Gitea.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove Navidrome service from media stack
- Remove Navidrome configuration from arty.yml
- Remove media/scan command (Navidrome-specific)
- Jellyfin now handles all media: images, videos, and music
- Add /mnt/hidrive/users/valknar/Music mount to Jellyfin
- Remove standalone nginx music_files service
- Jellyfin now serves images, videos, and music
- Supports transcoding, download tracking, and direct URLs via API
- Add nginx service to serve music files at music.media.pivoine.art
- Enables direct MP3 file URLs for website embedding
- Serves files from /mnt/hidrive/users/valknar/Music read-only
- Remove Koel and koel_init services from media stack
- Remove Ampache service from media stack
- Add Navidrome service at navidrome.media.pivoine.art
- Remove koel and ampache databases from postgres init script
- Update arty.yml with Navidrome configuration
- Navidrome uses SQLite (no PostgreSQL required)
- Supports public sharing and Subsonic API compatibility
- Add ampache service to media/compose.yaml with PostgreSQL backend
- Create ampache database in postgres init script
- Configure Ampache environment variables in arty.yml
- Mount Music directory read-only
- Expose at ampache.media.pivoine.art via Traefik
Remove 'M' suffix from MEDIA_KOEL_MEMORY_LIMIT as Koel appends it automatically, causing "512MM" error.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Combine Jellyfin, Filestash, and Koel into single media/ compose stack
- Remove standalone jelly/ and stash/ compose files
- Add Koel music streaming with PostgreSQL backend
- Update core PostgreSQL init script to create koel database
- Add media stack to root compose.yaml include
- Configure media services with subdomain routing (jellyfin.media, filestash.media, koel.media)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added arty script to update Directus extension bundle from the latest
sexy_frontend image. This ensures the API container always has the
latest extensions when the frontend image is rebuilt.
Usage: arty sexy/bundle/update
Also streamlined sexy/uploads/export to match code style.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Facefusion face swapping service to the AI stack:
**Configuration:**
- URL: https://facefusion.ai.pivoine.art
- Image: facefusion/facefusion:3.5.0-cpu
- Port: 7865
- Container: ai_facefusion
- Volume: ai_facefusion_data
- HTTP Basic Auth protection
- CPU execution mode (GPU when available)
**Changes:**
- Added facefusion service to ai/compose.yaml
- Added AI_FACEFUSION_* env vars to arty.yml
- Created ai_facefusion_data volume
- Removed old standalone facefusion stack
- Removed ai/README-export.md and ai/webui-export.py
Facefusion will run on CPU until GPU server is available.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Traefik configuration to make LiteLLM accessible at llm.ai.pivoine.art
for use with @openai/codex CLI tool.
Changes:
- Added AI_LITELLM_TRAEFIK_HOST to arty.yml (llm.ai.pivoine.art)
- Updated ai/compose.yaml litellm service with full Traefik labels
- HTTP to HTTPS redirect
- SSL termination via Let's Encrypt
- Compression and security headers
This allows external tools like Codex to use Claude models via
OpenAI-compatible API endpoint.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed miniPaint image editor service from the kit stack:
- Deleted paint service definition from kit/compose.yaml
- Removed Dockerfile for paint build
- Removed KIT_PAINT_TRAEFIK_HOST from arty.yml
- Stopped and removed kit_paint container
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Watchtower was failing with "Unknown notification type 'mattermost'" because
'mattermost' is not a valid WATCHTOWER_NOTIFICATIONS value. When using
Shoutrrr URLs (WATCHTOWER_NOTIFICATION_URL), the notification type should
be set to 'shoutrrr' or left empty, as the service type is inferred from
the URL format (mattermost://...).
Changed WATCHTOWER_NOTIFICATIONS from 'mattermost' to 'shoutrrr' to fix
the fatal error that was occurring every minute.
The mattermost:// Shoutrrr URL in WATCHTOWER_NOTIFICATION_URL is correct
and will work once the notification type is fixed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add EMAIL_FROM to arty.yml environment defaults
- Configure asciinema to use EMAIL_FROM for MAIL_FROM_ADDRESS
- Set SMTP_SSL to true for IONOS SMTP on port 465
- Set SIGN_UP_DISABLED default to false (will enable after admin creation)
- Follow netdata compose.yaml pattern for Traefik labels
- Add proper HTTP to HTTPS redirect middlewares
- Configure compression and security headers
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Created complete AI infrastructure stack at ai.pivoine.art:
**New Services:**
- **Open WebUI** (ai.pivoine.art)
- ChatGPT-like interface for AI models
- Multi-user chat with authentication
- RAG (Retrieval-Augmented Generation) support
- Document upload and processing
- Claude API integration via Anthropic
- **PostgreSQL with pgvector** (dedicated AI database)
- Vector similarity search for RAG
- Separate from production databases
- Stores embeddings and documents
- **Crawl4AI** (internal API service)
- Web scraping optimized for LLMs
- Converts websites to clean Markdown
- Called by n8n workflows
- No public exposure (internal only)
**Configuration:**
- Added 18 AI environment variables to arty.yml
- Configured email notifications via IONOS SMTP
- OpenAI API compatibility for Claude integration
- Traefik SSL termination and compression
**Backup:**
- Added 3 AI volumes to Restic backup
- Daily backup at 3 AM
- Retention: 7 daily, 4 weekly, 6 monthly, 2 yearly
**Integration:**
- Shares falcon_network with existing services
- Ready for n8n workflow automation
- Mattermost notifications support
- Watchtower auto-updates enabled
Ready for Phase 2: GPU server integration with Ollama, Whisper, and
Stable Diffusion when IONOS A10 server is provisioned.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed PostgreSQL image from postgres:16-alpine to
pgvector/pgvector:pg16-alpine to enable vector similarity search
capabilities for AI/RAG applications.
This is required for Open WebUI's RAG functionality to store and
query document embeddings.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Tandoor Recipes as a comprehensive recipe management solution:
**Tandoor Stack** (tandoor.pivoine.art):
- Modern recipe manager with smart scaling and collaboration
- PostgreSQL backend for recipe persistence
- Email notifications via IONOS SMTP
- Static and media file storage in dedicated volumes
- User signups disabled (admin-only access)
**Features:**
- Smart recipe scaling (auto-adjust ingredients for servings)
- Spaces for collaboration (family/roommate recipe sharing)
- Meal planning and shopping lists
- Recipe import from URLs
- Mobile app support (Kitshn app)
- Nutritional information and pricing
**Infrastructure updates:**
- Added tandoor database to PostgreSQL init script
- Added environment variables to arty.yml
- Updated compose.yaml include list
- Added Tandoor volumes (staticfiles, mediafiles) to Restic backup
- Configured email notifications for invitations and notifications
**Tech stack:**
- Django/Python backend
- Vue.js frontend
- PostgreSQL database (shared core instance)
- Gunicorn WSGI server
Tandoor provides superior UX compared to Mealie with better recipe
scaling, collaboration features, and mobile app experience.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed Gotify completely from infrastructure, replaced by Mattermost:
- Removed gotify/compose.yaml stack
- Removed Gotify environment variables from arty.yml
- Removed Gotify from compose.yaml include list
- Removed Gotify volume backup from Restic configuration
Gotify has been fully replaced by Mattermost for:
- Infrastructure notifications (Netdata, Watchtower, Restic)
- n8n workflow notifications
- Team collaboration and chat
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Mattermost webhook notifications for infrastructure services:
- **Netdata**: Health monitoring alerts sent to Mattermost
- Configured via MATTERMOST_WEBHOOK_URL environment variable
- All alert roles route to Mattermost notifications channel
- **Restic/Backrest**: Backup status notifications
- Webhook URL passed as environment variable
- Backrest web UI can be configured to use the webhook
- **Watchtower**: Container update notifications
- Uses Shoutrrr mattermost:// URL format
- Sends notifications when containers are updated
Configuration:
- Webhook URL stored securely in .env file
- All services reference ${MATTERMOST_WEBHOOK_URL} variable
- Watchtower uses specialized Shoutrrr format URL
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Mattermost stack to the docker-compose infrastructure:
- **Mattermost stack** (mattermost.pivoine.art):
- Team collaboration and chat platform
- PostgreSQL backend for message persistence
- Email notifications via IONOS SMTP
- Support for channels, direct messages, and integrations
- Mobile and desktop app support
- Full Traefik integration with SSL termination
Infrastructure updates:
- Updated PostgreSQL init script to create mattermost database
- Added environment variables to arty.yml for Mattermost configuration
- Updated compose.yaml include list
- Configured email settings for notifications and invitations
This will replace Gotify as the primary notification and messaging platform.
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Netdata real-time monitoring system at netdata.pivoine.art:
- Real-time infrastructure and container monitoring
- Auto-discovers all Docker containers
- Tracks CPU, memory, disk, network usage per service
- Low overhead monitoring (~1-3% CPU)
- Self-hosted with web dashboard on port 19999
Configuration:
- Created netdata/compose.yaml with full Traefik integration
- Added to main compose.yaml include list
- Added environment variables to arty.yml
- Mounted Docker socket for container metrics
- Mounted system directories for host metrics (/proc, /sys, /var/log)
- Three persistent volumes: config, lib, cache
- Required capabilities: SYS_PTRACE, SYS_ADMIN for system monitoring
- Watchtower enabled for automatic updates
Benefits for infrastructure:
- Monitor 20+ running services in real-time
- Track PostgreSQL, Redis, Traefik performance
- Watch backup processes (Backrest/Restic)
- Monitor Jellyfin transcoding load
- Alert on resource issues before they become critical
- Historical data for capacity planning
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Excalidraw collaborative drawing tool to the Kit toolkit at draw.kit.pivoine.art:
- Virtual whiteboard for sketching hand-drawn diagrams
- Infinite canvas with collaborative features
- Image: excalidraw/excalidraw:latest
- Exposed on port 80 via Traefik with SSL
Configuration:
- Added draw service to kit/compose.yaml
- Added KIT_DRAW_IMAGE and KIT_DRAW_TRAEFIK_HOST to arty.yml
- Health check disabled to prevent false negatives
- Follows same pattern as other Kit tools
- Watchtower enabled for automatic updates
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Units converter to the Kit toolkit at units.kit.pivoine.art:
- Unit conversion tool for length, weight, temperature, etc.
- Image: ghcr.io/valknarness/units-ui:latest
- Exposed on port 3000 via Traefik with SSL
Configuration:
- Added units service to kit/compose.yaml
- Added KIT_UNITS_IMAGE and KIT_UNITS_TRAEFIK_HOST to arty.yml
- Follows same pattern as other Kit tools (Vert, Paint, Pastel, Stirling)
- Watchtower enabled for automatic updates
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed typo in Stirling PDF service naming:
- Renamed service from sterling to stirling
- Updated all variable names: KIT_STERLING_* to KIT_STIRLING_*
- Updated domain: sterling.kit.pivoine.art to stirling.kit.pivoine.art
- Updated container name: kit_sterling to kit_stirling
This matches the correct spelling of Stirling-PDF.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Stirling PDF (S-PDF) to the Kit toolkit at sterling.kit.pivoine.art:
- PDF manipulation tool with 100+ features
- Merge, split, convert, OCR, compress PDFs
- Privacy-focused: local processing, no data collection
- Image: frooodle/s-pdf:latest
- Exposed on port 8080 via Traefik with SSL
Configuration:
- Added sterling service to kit/compose.yaml
- Added KIT_STERLING_IMAGE and KIT_STERLING_TRAEFIK_HOST to arty.yml
- Follows same pattern as other Kit tools (Vert, Paint, Pastel)
- Watchtower enabled for automatic updates
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added kit-ui landing page as the main entry point for the toolkit:
- Image: ghcr.io/valknarness/kit-ui:latest
- URL: https://kit.pivoine.art
- Provides links to Vert (file converter) and Paint (image editor)
Changes:
- Added landing service to kit/compose.yaml
- Updated arty.yml with KIT_TRAEFIK_HOST and KIT_LANDING_IMAGE
- Updated CLAUDE.md with landing page documentation
- Updated README.md with landing page reference
Toolkit structure:
- Landing: kit.pivoine.art (main hub)
- Vert: vert.kit.pivoine.art (file converter)
- Paint: paint.kit.pivoine.art (image editor)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Created new kit.pivoine.art stack with path-based routing:
- /vert: VERT file format converter (250+ formats)
- /paint: miniPaint image editor
Changes:
- Created kit/compose.yaml with both services
- Removed Sablier scale-to-zero from Vert (no longer needed)
- Deleted old vert/ and paint/ stack directories
- Updated compose.yaml includes (removed vert, paint; added kit)
- Updated arty.yml with KIT_* environment variables
- Updated CLAUDE.md documentation with new Kit section
- Updated README.md with consolidated toolkit entry
Benefits:
- Single domain for related utilities
- Simplified service management
- Maintained HTTP Basic Auth protection
- No Sablier dependency for Vert
Access:
- File converter: https://kit.pivoine.art/vert
- Image editor: https://kit.pivoine.art/paint🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
