2026-06-13: Oracle VPS migration started, OpenProject removed, Forgejo fixes noted
This commit is contained in:
parent
e6761897a8
commit
502a001525
2 changed files with 67 additions and 1 deletions
|
|
@ -439,3 +439,69 @@ Portal card update (3 files) also still pending until tunnel+OAuth done.
|
|||
|
||||
## Phase 2 Planned: Obsidian Mind Map → HTML Mind Map Sync
|
||||
User wants to create an Obsidian mind map of the KiteStacks homelab that syncs/exports to a live HTML mind map embedded in the homelab portal or a standalone page. To be built after full Obsidian+samurai setup is complete.
|
||||
|
||||
## 2026-06-13: OpenProject removed + Oracle VPS migration started
|
||||
|
||||
### OpenProject REMOVED permanently
|
||||
OpenProject requires Enterprise Edition license for SSO (confirmed last session).
|
||||
Removed from local stack (monk):
|
||||
- Docker volume `openproject_openproject_assets` deleted
|
||||
- `/home/kenpatmonk/kitestacks-live/docker/openproject/` directory removed (pgdata dir
|
||||
needed sudo — user ran manually; pgdata was owned by container UID mapped to `avahi`)
|
||||
- NOT deploying on Oracle VPS
|
||||
- tasks.kitestacks.com subdomain is now dead — update Cloudflare/portal accordingly
|
||||
TODO: remove `apps/openproject/` from kitestacks-homelab Forgejo repo once user can log in.
|
||||
|
||||
### Forgejo issues found + partially fixed (2026-06-13)
|
||||
Forgejo login page has two issues:
|
||||
1. URL banner: "configured to be served on http://5.78.233.28:3000/" — caused by kscloud1's
|
||||
Forgejo having wrong ROOT_URL. kscloud1 Forgejo has only 1 repo (separate DB from monk's
|
||||
13-repo instance). Cloudflare tunnel load-balances between monk and kscloud1 Forgejo.
|
||||
FIX PENDING: stop Forgejo on kscloud1 (or fix its ROOT_URL). Deferred — do during Oracle migration.
|
||||
2. SSO button says "Proceed with OpenID" instead of "Authentik".
|
||||
PARTIAL FIX: renamed login_source from `authentik` → `Authentik` via admin CLI:
|
||||
`docker exec -u git forgejo /app/gitea/gitea admin auth update-oauth --id 1 --name Authentik ...`
|
||||
Provider type remains `openidConnect` — button text may still say "OpenID" (depends on
|
||||
Forgejo 11 template behavior). User to verify after refresh. Full fix may require admin UI
|
||||
once user can log into Forgejo.
|
||||
Forgejo DB: 13 repos under `kenpat`, 1 user (kenpat, admin, active, no 2FA).
|
||||
Forgejo login: username `kenpat`, direct password login works on the same page.
|
||||
|
||||
### kitestacks-homelab repo: apps/forgejo/docker-compose.yml has wrong ROOT_URL
|
||||
`FORGEJO__server__ROOT_URL=http://192.168.1.205:3006` — old local IP, never updated.
|
||||
The LIVE local stack (`~/kitestacks-live/docker/forgejo/docker-compose.yml`) is correct
|
||||
(`https://gitforge.kitestacks.com/`). The repo copy needs updating.
|
||||
TODO: fix and commit once user can log in and clone the repo.
|
||||
|
||||
### Oracle VPS migration plan (kscloud1 → Oracle Cloud)
|
||||
Goal: replace Hetzner kscloud1 (5.78.233.28, $14.50/mo) with Oracle Cloud ARM VPS ($8.50/mo).
|
||||
Oracle instance: Ampere A1 Flex, 4 OCPU / 24 GB RAM, Chicago region (us-chicago-1).
|
||||
Status as of 2026-06-13: user is provisioning — hit "no capacity" in Chicago.
|
||||
Workarounds tried: capacity not available for 4 OCPU config. Options:
|
||||
- Try smaller shape (1 OCPU / 6 GB), resize after provisioning
|
||||
- Subscribe to another region (Frankfurt, Osaka, Toronto have better A1 availability)
|
||||
- Keep retrying (capacity opens randomly, early UTC morning tends to be better)
|
||||
|
||||
ARM64 compatibility analysis (all images verified):
|
||||
- ✅ All services ARM64-compatible EXCEPT OSticket
|
||||
- ❌ OSticket (`campbellsoftwaresolutions/osticket`) — x86 only
|
||||
FIX: enable QEMU binfmt emulation on Oracle ARM host, run with `--platform linux/amd64`
|
||||
Performance acceptable for a ticket system.
|
||||
- ⚠️ Shaarli — verify ARM64 at deploy time
|
||||
|
||||
Services to deploy on Oracle VPS (OpenProject EXCLUDED):
|
||||
authentik, bookstack, cloudflared, forgejo, grafana, homepage/portal,
|
||||
karakeep (+meilisearch +chrome), kavita, kite-ai (litellm+openwebui),
|
||||
linkding, osticket, portainer, prometheus+node-exporter, shaarli, uptime-kuma
|
||||
|
||||
Migration phases:
|
||||
1. Oracle VPS provisioning (in progress)
|
||||
2. Oracle initial setup: Ubuntu 22.04 ARM64, Docker, iptables flush (Oracle blocks by default),
|
||||
QEMU binfmt for OSticket x86 emulation
|
||||
3. Deploy full stack — fix Forgejo ROOT_URL correctly from day one
|
||||
4. Connect cloudflared on Oracle to KiteStacks tunnel (same TUNNEL_TOKEN)
|
||||
5. Verify all services, then remove kscloud1 from tunnel + cancel Hetzner
|
||||
NOTE: same active-active pattern as kscloud1 — shared Authentik Postgres+Redis over
|
||||
Tailscale, same TUNNEL_TOKEN, fresh DBs for stateful apps except identity (authentik/kavita).
|
||||
IMPORTANT Oracle gotcha: Ubuntu on Oracle has iptables rules that block all traffic at boot
|
||||
even after Security List rules are opened. Must flush iptables as part of initial setup.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue