Added self-hosted password manager to The Falcon infrastructure:
**Vault Stack** (vault.pivoine.art):
- Vaultwarden (Bitwarden-compatible server)
- SQLite database for password storage
- WebSocket support for real-time sync
- TOTP and WebAuthn/U2F 2FA support
- Browser extensions and mobile apps compatible
**Configuration:**
- Domain: https://vault.pivoine.art
- Signups: Disabled (invite-only for security)
- Invitations: Enabled
- Password hints: Disabled (security best practice)
- First user becomes admin
**Backup Integration:**
- Added vaultwarden-backup plan to Restic
- Schedule: 8 AM daily (same as letsencrypt)
- Retention: 7 daily, 4 weekly, 12 monthly, 3 yearly
- Backup volume: vault_data mounted read-only
**Infrastructure Updates:**
- Created vault/compose.yaml following stack pattern
- Added VAULT_* environment variables to arty.yml
- Updated compose.yaml to include vault stack
- Added backup_vaultwarden_data volume to restic
- Updated restic/config.json with 12th backup plan
**Documentation:**
- Added Vault to CORE SYSTEMS in README
- Added to ship architecture diagram
- Documented in CLAUDE.md with configuration details
- Updated volume management sections
- Backup count increased from 11 to 12 plans
Critical data backed up with long retention (3 years yearly).
Compatible with official Bitwarden clients on all platforms.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updated documentation to reflect complete backup setup:
**CLAUDE.md Updates:**
- Added detailed repository configuration (hidrive-backup)
- Documented all 11 backup plans with schedules and retention
- Explained volume mounting strategy with prefixed names
- Added configuration management instructions
- Included maintenance schedule (weekly prune/check)
**README.md Updates:**
- Added "Backup Operations" section with CLI commands
- Documented automated backup schedule (2-8 AM daily)
- Added backup protocol to security section
- Updated mission status with backup system indicator
- Included next backup time and repository status
**compose.yaml Updates:**
- Restored backrest_config volume (needed for proper operation)
- Removed direct config.json mount (causes write conflicts)
- Config copied into volume after container start
All 11 backup plans now documented:
- postgres, redis, directus (uploads/bundle)
- awesome, gotify, scrapy, n8n
- filestash, linkwarden, letsencrypt
Retention policies range from 3-12 months with yearly backups
for critical data (postgres, directus, letsencrypt).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed config version from 1 to 4 to match Backrest 1.10.1
requirements. Version 1 is too old and requires migration through
intermediate version 1.4.0.
Config now loads successfully with all 11 backup plans scheduled.
Prefixed all external volume references with 'backup_' to avoid
conflicts with volume definitions in other compose files (e.g.,
directus_uploads defined in both sexy and restic).
This allows Docker Compose's include pattern to work correctly
without volume name collisions.
Updated THE FALCON documentation to reflect new infrastructure additions:
- **Traefik Dashboard**: Added proxy.pivoine.art to CORE SYSTEMS table as "Shield control dashboard"
- **Sablier Plugin**: Documented v1.10.1 plugin for dynamic scaling/scale-to-zero capabilities
- **Infrastructure Diagram**:
- Added Dashboard Command Center to Traefik section
- Added Sablier Dynamic Scaling Plugin
- Updated SECURITY LAYER architecture with dashboard and Sablier entries
All systems operational and accessible via the Falcon network.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Sablier plugin and service for scale-to-zero capabilities:
**Traefik Plugin:**
- Added experimental.plugins.sablier configuration
- Plugin version: v1.10.1
- Module: github.com/acouvreur/sablier/plugins/traefik
**Sablier Service:**
- Created sablier/compose.yaml with Sablier server
- Uses Docker provider for container management
- Mounts Docker socket for container control
- Connected to falcon_network
**Configuration:**
- Added SABLIER_COMPOSE_PROJECT_NAME to arty.yml
- Added SABLIER_VERSION to arty.yml
- Included sablier stack in compose.yaml
**Usage:**
Services can now use Sablier middleware to automatically
scale to zero when idle and start on demand when accessed.
Example middleware configuration:
```yaml
http:
middlewares:
my-sablier:
plugin:
sablier:
sablierUrl: http://sablier_app:10000
names: service-name
sessionDuration: 1m
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added loadbalancer.server.port=8080 to dashboard configuration
since the Traefik API/dashboard runs on port 8080 internally.
Also added ping endpoint for healthchecks.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Updated dashboard configuration to match the working pattern
from other services (Links, Scrapy, etc):
**Changes:**
- Added HTTP to HTTPS redirect middleware
- Added separate web and web-secure routers
- Renamed middleware from dashboard-auth to just auth
- Added explicit docker.network label
- Now follows the exact same pattern as Links stack
**Label Structure:**
- web router: HTTP entrypoint with redirect middleware
- web-secure router: HTTPS with TLS cert resolver and auth
- Consistent naming: proxy-web, proxy-web-secure, proxy-auth
This ensures the dashboard works the same way as all
other services in the stack.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added new Links stack to Falcon infrastructure:
**Links Stack (links.pivoine.art):**
- Linkwarden bookmark manager with PostgreSQL backend
- Meilisearch v1.12.8 for full-text search
- Browser extension support
- Screenshot and PDF archiving
- Collaborative bookmark sharing
**Infrastructure Updates:**
- Created links/compose.yaml with linkwarden and meilisearch services
- Added linkwarden database to PostgreSQL init script
- Added LINKS_* environment variables to arty.yml
- Updated compose.yaml to include links stack
- Cleaned up .env to contain only secrets
- Added all EMAIL_* variables to .env
**Documentation:**
- Updated CLAUDE.md with Links service details
- Updated README.md with Links in CORE SYSTEMS table
- Added linkwarden_data and meili_data volumes to docs
**Required Secrets (in .env):**
- LINKS_NEXTAUTH_SECRET: NextAuth.js session encryption
- LINKS_MEILI_MASTER_KEY: Meilisearch API authentication
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed default SCRAPY_AUTH_USERS value from arty.yml to ensure
credentials are only read from .env file (secrets).
This fixes login issues where the default placeholder value was
being used instead of actual credentials from .env.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Traefik Basic Auth middleware to secure Scrapyd web interface:
- Added basicauth middleware to scrapyd service labels
- Middleware chains auth with compression for HTTPS routes
- Added SCRAPY_AUTH_USERS environment variable to arty.yml
- Credentials stored in .env (htpasswd format with escaped $)
Access to scrapy.pivoine.art now requires username/password.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Both scrapy and scrapyrt services now use the shared scrapy_code named
volume instead of bind mounts. Code directory will be added later.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added three new service stacks to the docker-compose infrastructure:
- **Scrapy stack** (scrapy.pivoine.art):
- scrapyd: Web scraping daemon with web interface (port 6800)
- scrapy: Development container for spider commands
- scrapyrt: Real-time API for running spiders (port 9080)
- **n8n stack** (n8n.pivoine.art):
- Workflow automation platform with PostgreSQL backend
- 200+ integrations for automated tasks
- Runners enabled for task execution
- Webhook support for external triggers
- **Filestash stack** (stash.pivoine.art):
- Web-based file manager with multi-backend support
- Supports SFTP, S3, Dropbox, Google Drive, FTP, WebDAV
- In-browser file viewing and media playback
Infrastructure updates:
- Updated PostgreSQL init script to create n8n database
- Added environment variables to arty.yml for all three stacks
- Updated compose.yaml include list
- Updated CLAUDE.md and README.md documentation
- Normalized service names in existing stacks (gotify, proxy, umami, vpn)
All services integrated with Traefik for SSL termination and include
Watchtower auto-update labels.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added watchtower.enable label to awesome_app container for automatic
Docker image updates when new versions are pushed to the registry.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Created watch/compose.yaml with Watchtower service configuration
- Added Watchtower environment variables to arty.yml
- Enabled Watchtower monitoring for sexy_frontend container
- Configurable via environment variables (poll interval, cleanup, logging)
- Label-based updates: only containers with watchtower.enable=true
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove dependency on .env file for database credentials
- Use direct database user and database name in scripts
- Update sexy/db/import to use correct credentials (valknar/directus)
- Remove artifact download step from awsm/import (not needed)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added video-to-model relationships in sexy_videos_directus_users junction table
- Updated sequence numbers for sexy_videos_directus_users and sexy_videos_models
- Fixed missing model associations for existing videos
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Extended environment variable usage to export scripts and simplified
the env loading pattern across all scripts.
Changes:
- sexy/db/export: now uses $DB_USER and $SEXY_DB_NAME
- sexy/export/all: now uses $DB_USER and $SEXY_DB_NAME
- All scripts: changed from 'set -a && source .env && set +a' to
'export $(cat .env | xargs)' for cleaner, more concise syntax
This ensures consistent variable usage across all import/export scripts
and makes them work correctly in all environments.
Added 'set -a && source .env && set +a' at the beginning of import scripts
to load environment variables from .env file.
This ensures DB_USER and SEXY_DB_NAME are properly set before executing
docker commands, regardless of whether arty exports them or not.
- set -a: enables automatic export of variables
- source .env: loads variables from .env file
- set +a: disables automatic export
Changed from ${DB_USER}/${SEXY_DB_NAME} to $DB_USER/$SEXY_DB_NAME
for proper variable expansion in arty scripts.
Arty exports environment variables before executing scripts, so simple
$VAR syntax works correctly, while ${VAR} was being treated as literal
text in the shell context.
Changed from ${DB_USER} and ${SEXY_DB_NAME} variables to hardcoded
values 'valknar' and 'directus' for production VPS environment.
Arty environment variables are not exported to the shell where scripts
execute, so the variables were empty when docker exec commands ran.
Production VPS always uses:
- PostgreSQL container: core_postgres
- DB user: valknar
- Database name: directus
These values are stable for production and won't change.
Removed interactive confirmation prompt (read -p and if/else/fi) from
sexy/import/all script. The if/else control structure caused syntax errors
when executed via arty due to how arty appends "$@" to scripts.
The script now runs directly without confirmation. Users should be careful
when running this destructive operation as it will immediately:
1. Drop and recreate all database tables
2. Apply Directus schema snapshot
3. Restart the Directus API
Warning message is still displayed before execution.
Changed hardcoded database credentials to use environment variables:
- `-U sexy` → `-U ${DB_USER}`
- `-d sexy` → `-d ${SEXY_DB_NAME}`
Also added missing interactive confirmation prompt to sexy/import/all script.
This fixes the script error on VPS where:
- VPS uses: DB_USER=valknar, SEXY_DB_NAME=directus
- Local dev uses: DB_USER=sexy, SEXY_DB_NAME=sexy (or directus)
The scripts now work correctly in both environments by reading
the appropriate values from .env files via arty's environment system.
Change duration column from integer to numeric(10,2) to support
decimal values in milliseconds. Fixes error when saving recordings
with fractional durations.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added missing sexy_recordings table which stores hardware device session recordings. This table is required for the /me dashboard page to load properly.
Table structure:
- id, title, description, slug (unique)
- duration (integer), events (JSONB), device_info (JSONB)
- tags (text array), linked_video (foreign key to sexy_videos)
- status (draft/published/archived), public flag
- user_created/updated, date_created/updated
- Indexes on user_created, status, slug, linked_video, tags (GIN)
This fixes the 5-minute timeout issue on /me page where the recordings endpoint was trying to access a non-existent table.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added sexy_model_photos and sexy_videos_models junction tables to support
many-to-many relationships between models/files and videos/models.
This resolves 500 errors on homepage and endpoints that were querying
these missing tables.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
