ai-workspace-infra/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
474 Commits 14 Branches 1 Tag 1.5 MiB
main
Commit Graph

384 Commits

Author SHA1 Message Date
Haitao Pan
126a19e282 feat(security): add SSH hardening, fail2ban tasks, connection check helper, and doc 2026-06-15 17:50:00 +08:00
Haitao Pan
c627f016bf fix: move ACP service checks to final validation phase 2026-06-15 16:59:03 +08:00
Haitao Pan
5f00409550 fix: correct npm global bin path for acp_server_codex 2026-06-15 16:36:12 +08:00
Haitao Pan
40ed86a070 feat: deliver versioned AI Workspace Runtime (role split, run-mode matrix, bridge domain) 2026-06-15 16:12:37 +08:00
Haitao Pan
178664f262 feat: allow a portable LiteLLM Python runtime 2026-06-15 15:44:52 +08:00
Haitao Pan
2243b5d0c8 fix: support LiteLLM on Debian 11 2026-06-15 15:36:20 +08:00
Haitao Pan
65aef78937 fix: trust NodeSource armored signing key 2026-06-15 15:16:06 +08:00
Haitao Pan
2f4d3ad930 fix: make offline runtime reprovisioning stable 2026-06-15 15:12:56 +08:00
Haitao Pan
4228c1a6df fix: correct docker repository task yaml 2026-06-14 14:19:42 +08:00
Haitao Pan
cfe89432a1 fix: allow pinned nodejs runtime downgrades 2026-06-14 13:50:05 +08:00
Haitao Pan
645ac9bd17 fix: support Debian runtime deployment paths 2026-06-14 13:47:26 +08:00
Haitao Pan
3084ab7940 feat: deliver versioned AI Workspace Runtime 2026-06-14 13:19:44 +08:00
Haitao Pan
f15c384a34 fix: provision local litellm db and qmd fallback 2026-06-14 11:25:28 +08:00
Haitao Pan
6346684af5 fix: support standalone postgres and dynamic litellm path 2026-06-14 11:09:52 +08:00
Haitao Pan
bfb6b17e29 fix: run standalone vault without inventory group 2026-06-14 10:54:22 +08:00
Haitao Pan
2319c592fb feat: support standalone vault deployment 2026-06-14 10:42:41 +08:00
Haitao Pan
41853eedd9 fix: allow bridge validation url override 2026-06-14 10:30:06 +08:00
Haitao Pan
5e359cc5d8 fix: resolve openclaw user uid dynamically 2026-06-14 10:16:27 +08:00
Haitao Pan
4b6b1de8a7 fix: reload openclaw user systemd bus 2026-06-14 10:08:22 +08:00
Haitao Pan
ae78231fac fix: bootstrap hermes acp shim 2026-06-14 09:54:43 +08:00
Haitao Pan
7f6854e9de fix: sync agent skills over local connection 2026-06-14 09:33:58 +08:00
Haitao Pan
a15016ef1f feat: install agent cli toolchain 2026-06-14 09:25:30 +08:00
Haitao Pan
e2ae564745 feat: unify ai workspace deployment auth 2026-06-14 09:09:40 +08:00
Haitao Pan
944d59f911 feat: standardise public_access controls across roles and introduce global security_level 2026-06-12 14:31:25 +08:00
Haitao Pan
b8d4df9230 docs: rename var to litellm_api_caddy_strict_whitelist and update documentation 2026-06-12 09:44:24 +08:00
Haitao Pan
1574287a4d feat: add litellm_api_caddy_public_access variable to control Caddy proxy behavior 2026-06-12 09:39:45 +08:00
Haitao Pan
e9dec70225 docs: relax Caddy routing to allow LiteLLM UI backend API calls 2026-06-12 09:36:03 +08:00
Haitao Pan
e3952916af docs: reformat litellm deployment guide to complement readme 2026-06-12 09:21:37 +08:00
Haitao Pan
47d4931ff7 docs: update litellm README to Minimal AI API Gateway spec and clean up config 2026-06-12 09:11:12 +08:00
Haitao Pan
7ef5005ae1 refactor(litellm): remove hardcoded provider API keys from defaults and env templates 2026-06-12 09:08:33 +08:00
Haitao Pan
9196625bd0 feat(litellm): enable STORE_MODEL_IN_DB to allow UI model management 2026-06-11 22:46:22 +08:00
Haitao Pan
a076370b68 security(litellm): move plain text master key to vault encrypted host_vars 2026-06-11 22:45:18 +08:00
Haitao Pan
21cbbca9be fix(litellm): use UI_USERNAME and UI_PASSWORD env vars instead of LITELLM_ prefixed 2026-06-11 22:33:35 +08:00
Haitao Pan
c22a8c8266 feat(litellm): serve UI on api domain and clear default model lists 2026-06-11 21:45:10 +08:00
Haitao Pan
96ad38ff14 fix(litellm): disable Caddy basic auth and remove manual schema application to avoid migration conflicts 2026-06-11 18:28:18 +08:00
Haitao Pan
c1cb19b59b fix(litellm): add PATH to systemd unit to expose prisma-client-py 2026-06-11 17:29:07 +08:00
Haitao Pan
1d8516d160 fix(litellm): add PYTHONPATH to systemd unit, grant all table/sequence permissions to litellm DB user 2026-06-11 17:21:19 +08:00
Haitao Pan
9cde355688 fix(litellm): sslmode=disable for localhost Docker PG, remove environment_variables override from config.yaml 2026-06-11 17:09:49 +08:00
Haitao Pan
e6a3d95578 fix(litellm): install prisma client and generate prisma bindings correctly during deployment 2026-06-11 16:45:22 +08:00
Haitao Pan
814a81f088 feat(litellm): support dynamic master key via extra vars and generate caddy bcrypt hash on the fly 2026-06-11 16:33:17 +08:00
Haitao Pan
d5a17a8301 fix(litellm): allow access to root path on ui domain instead of returning 404 2026-06-11 16:15:06 +08:00
Haitao Pan
01af16cd54 fix(litellm): use docker exec for pg provisioning 2026-06-11 16:14:03 +08:00
Haitao Pan
a68cf68d14 feat(litellm): restore secure automated DB provisioning using raw sudo psql 2026-06-11 16:09:12 +08:00
Haitao Pan
d57ef6458d chore(litellm): skip automated db provisioning due to missing superuser password 2026-06-11 15:57:25 +08:00
Haitao Pan
4a14572b5b fix(litellm): revert become_user to local TCP password auth 2026-06-11 15:56:43 +08:00
Haitao Pan
fc7a23617c fix(litellm): use become_user postgres for db provisioning 2026-06-11 15:50:51 +08:00
Haitao Pan
fc1bff0061 fix(litellm): bypass stunnel and use port 5432 for local DB provisioning 2026-06-11 15:47:09 +08:00
Haitao Pan
db9d564ef3 fix(litellm): install psycopg2 before provisioning db 2026-06-11 15:35:11 +08:00
Haitao Pan
d573a4651b fix(litellm): remove delegate_to 127.0.0.1 in provision-database 2026-06-11 15:33:51 +08:00
Haitao Pan
ce6d970bda feat(litellm): separate api/ui caddy fragments, add models, secure db with sslmode 2026-06-11 15:29:31 +08:00
Haitao Pan
a817a0e732 fix(litellm): install litellm[proxy] to get all deps incl websockets 2026-06-11 11:42:16 +08:00
Haitao Pan
e56cb63032 fix(litellm): add PYTHONPATH env and fix websockets dep for litellm service 2026-06-11 11:41:29 +08:00
Haitao Pan
e5efac92e4 feat: add litellm gateway deployment playbook and role 2026-06-11 10:05:42 +08:00
Haitao Pan
42b8443f91 Allow common HTTP and HTTPS ports 2026-06-08 17:43:53 +08:00
Haitao Pan
7e0dc61924 fix: preserve xworkmate bridge review token in ingress 2026-06-07 23:01:47 +08:00
Haitao Pan
f451b5cd20 fix(playbook): move openclaw session contract checks out of deploy validation 
The OpenClaw session contract smoke and SSE long-task stream checks lived in
roles/vhosts/xworkmate_bridge/tasks/validate.yml and ran during the Deploy
stage. They depend on the public OpenClaw gateway producing a 'pong' reply,
which the deployed bridge cannot guarantee end-to-end. When the gateway
returns an empty completion envelope, the entire Deploy job fails after the
bridge binary has already been installed and is healthy.

Move these checks to the GitHub Actions validate stage in xworkmate-bridge
where they belong. The bridge's own deploy validation now only asserts the
bridge's own state (Caddy config, systemd unit, ports, /api/ping, /acp/rpc
capabilities, routing.resolve).
 2026-06-05 19:28:38 +08:00
Haitao Pan
6c234f9544 fix(playbook): update openclaw smoke tests to poll for async task completion 2026-06-04 14:48:31 +08:00
Haitao Pan
6d3418284a fix(playbook): adjust system-level xworkmate-bridge.service to run as ubuntu user and ensure the user exists 2026-06-04 14:36:24 +08:00
Haitao Pan
d7199c511b fix(playbook): stop, disable, and clean up obsolete user-level xworkmate-serve service to prevent port 8787 conflicts 2026-06-04 14:30:13 +08:00
Haitao Pan
61eb40624d fix(xworkmate_bridge): resolve config.yaml PermissionError during deployment caused by immutable flag 2026-06-04 11:48:09 +08:00
Haitao Pan
dcdc9bea7b feat: Remote Desktop Ansible Deployment for xworkmate-bridge 2026-06-03 10:49:49 +08:00
Haitao Pan
2f2e9d8f9b fix: pin OpenClaw Codex plugin 2026-06-01 14:53:18 +08:00
Haitao Pan
ba4daa3597 fix: align bridge OpenClaw protocol 4 deployment 2026-06-01 13:48:52 +08:00
Haitao Pan
402faa02e1 fix: validate bridge token consistency 2026-06-01 10:02:13 +08:00
Haitao Pan
ce0dd3cee1 Wire review bridge token deployment 2026-05-30 10:34:51 +08:00
Haitao Pan
003d48e748 Merge branch 'codex/acp-connection-closed-cleanup' 2026-05-26 13:56:22 +08:00
Haitao Pan
69e7691287 chore: align AI agent runtime playbooks 2026-05-26 12:58:56 +08:00
Haitao Pan
71e3449622 Use SSE curl for OpenClaw validation 2026-05-26 11:29:25 +08:00
Haitao Pan
805a3fbda9 Focus bridge validation on OpenClaw RPC 2026-05-26 11:26:21 +08:00
Haitao Pan
22662cc538 Validate OpenClaw through bridge RPC 2026-05-26 11:06:22 +08:00
Haitao Pan
7fbba293a0 Fix Hermes deploy validation status check 2026-05-23 16:04:50 +08:00
Haitao Pan
f51958a4a2 chore: set xworkmate bridge openclaw active budget to five 2026-05-22 19:13:26 +08:00
Haitao Pan
aa674a7dac fix: serialize xworkmate bridge openclaw tasks 2026-05-22 19:10:31 +08:00
Haitao Pan
9765158371 fix: validate ebook over public HTTPS 2026-05-20 16:35:46 +08:00
Haitao Pan
5ff5e2f1eb fix: validate ebook vhost over local TLS 2026-05-20 16:35:03 +08:00
Haitao Pan
dfad2a0a5c fix: use Caddy conf.d for ebook vhost 2026-05-20 16:34:30 +08:00
Haitao Pan
29dd6a38b7 feat: deploy modern IT history ebook 2026-05-20 16:27:54 +08:00
Haitao Pan
ae1e5813a9 fix: allow OpenClaw bridge validation to finish 2026-05-18 17:53:55 +08:00
Haitao Pan
4b2ab8401b Align XFCE XRDP browser setup with Chrome deb 2026-05-18 05:42:17 +08:00
Haitao Pan
72bee745b3 tune openclaw default thinking for gateway tasks 2026-05-15 12:29:01 +08:00
Haitao Pan
0c3e673e78 fix openclaw gateway default model deploy config 2026-05-15 12:10:31 +08:00
Haitao Pan
07f72e2c46 Relax bridge SSE keepalive validation 2026-05-11 14:45:27 +08:00
Haitao Pan
ad49ba1b22 Configure OpenClaw admission through bridge config 2026-05-11 13:21:41 +08:00
Haitao Pan
b6b0e3ddad Use OpenClaw default agent model 2026-05-11 12:53:39 +08:00
Haitao Pan
3ae95ea54d Enable production OpenClaw artifact plugin 2026-05-11 12:35:09 +08:00
Haitao Pan
6c1ad92ff4 Handle live OpenClaw gateway runtime path 2026-05-11 12:14:31 +08:00
Haitao Pan
f023bd3961 Configure stable OpenClaw concurrency 2026-05-11 11:47:09 +08:00
Haitao Pan
95efae0060 Configure stable OpenClaw concurrency 2026-05-11 11:45:32 +08:00
Haitao Pan
1fa9ca2457 fix: validate OpenClaw SSE ingress 2026-05-08 18:58:51 +08:00
Haitao Pan
9f3449b635 fix: proxy xworkmate artifact downloads 2026-05-06 10:05:09 +08:00
Haitao Pan
289468e188 fix: remove legacy acp-server ingress contract 2026-05-03 12:31:07 +08:00
Haitao Pan
a50dc24619 fix: align xworkmate bridge ingress contract 2026-05-03 12:14:27 +08:00
Haitao Pan
dd0201e483 fix: expose bridge gateway ingress 2026-05-03 11:22:09 +08:00
Haitao Pan
d3efb08e8d chore: submit remaining playbooks changes 2026-05-02 19:41:38 +08:00
Haitao Pan
54b234b2bc fix: reload bridge unit before service start 2026-05-02 19:17:34 +08:00
Haitao Pan
a250cf70e5 fix: remove root openclaw dependency from bridge unit 2026-05-02 19:06:58 +08:00
Haitao Pan
f6167c1e89 fix: run openclaw gateway as user service 2026-05-02 18:51:46 +08:00
Haitao Pan
14c77e6e5e fix: propagate bridge image ref into systemd 2026-05-02 18:20:30 +08:00
Haitao Pan
3d091118c2 fix: retry bridge hermes diagnostic validation 2026-05-02 18:11:17 +08:00
Haitao Pan
9ba79fb05a fix: recover openclaw ollama secret from host env 2026-05-02 17:57:43 +08:00
Haitao Pan
fd9d42b9a5 fix: validate systemd native xworkmate bridge stack 2026-05-02 12:10:08 +08:00
Haitao Pan
d08987120a fix: reload OpenClaw systemd unit before validation 2026-04-30 12:43:53 +08:00
Haitao Pan
176aaf8fcf fix: preserve existing OpenClaw secrets 2026-04-30 12:31:58 +08:00
Haitao Pan
1af963699a fix: avoid external collection for skills sync 2026-04-30 12:05:41 +08:00
Haitao Pan
59a7e6be4d fix: wait for bridge dependency services 2026-04-30 12:02:54 +08:00
Haitao Pan
184a200c40 refactor: improve auth token handling and dynamic configurations 
- Dynamically resolve Chromium executable path in ai_agent_runtime.
- Read existing auth tokens from systemd for hermes and xworkmate_bridge.
- Fix yarn gpg key extension in nodejs role.
- Support force install flag in agent_skills.
- Remove openclaw gateway from xworkmate_bridge role.
- Add .playwright-mcp/ to .gitignore.
 2026-04-30 11:55:34 +08:00
Haitao Pan
fa98d41b64 feat: add standalone OpenClaw gateway deploy 2026-04-29 19:35:24 +08:00
Haitao Pan
5f1f765660 test: validate hermes empty response contract 2026-04-29 19:27:42 +08:00
Haitao Pan
db60aa1ddf Add scenario skill bootstrap to agent skills role 2026-04-29 11:25:37 +08:00
Haitao Pan
aa2b2e0f2d Update xfce xrdp session docs and template 2026-04-28 18:49:19 +08:00
Haitao Pan
3bf305e793 Add AI agent runtime and shared skills roles 2026-04-28 18:46:01 +08:00
Haitao Pan
966cc16b7f Stabilize XWorkmate ACP service units 2026-04-27 12:31:42 +08:00
Haitao Pan
ce56e0374b Align bridge Caddy validation with preserved paths 2026-04-26 10:51:47 +08:00
Haitao Pan
5318fc28bd Manage OpenClaw gateway as foreground service 2026-04-26 10:49:44 +08:00
Haitao Pan
5e6477e64c Keep bridge validation in bridge role 2026-04-26 10:41:58 +08:00
Haitao Pan
e0769d32bc Preserve bridge RPC paths in Caddy 2026-04-26 10:39:35 +08:00
Haitao Pan
7422c9d41f Run OpenCode through ACP adapter 2026-04-26 10:26:15 +08:00
Haitao Pan
bd3624b77b Deploy xworkmate bridge via systemd 2026-04-26 10:17:38 +08:00
Haitao Pan
92322833d2 Stop standalone bridge before compose deploy 2026-04-24 15:39:29 +08:00
Haitao Pan
ef2f77837f Preserve immutable bridge Caddy fragment 2026-04-24 15:29:45 +08:00
Haitao Pan
4dde19987a Avoid provider execution in bridge route validation 2026-04-24 15:20:12 +08:00
Haitao Pan
f480dc633b Fix xworkmate adapter deployment commands 2026-04-24 15:10:33 +08:00
Haitao Pan
515ba95c75 feat(gpu_inference): add comprehensive GPU inference infrastructure with Sealos, Ray, and vLLM 2026-04-23 19:17:23 +08:00
Haitao Pan
413d46995b Align xworkmate bridge validation with ACP ingress 2026-04-22 00:04:54 +08:00
Haitao Pan
c478863b74 fix(xworkmate_bridge): fix container reachability and auth token mismatch 2026-04-21 18:02:30 +08:00
Haitao Pan
827d78543a fix(deploy): replace fragile curl ping validation with native uri module 2026-04-21 16:34:05 +08:00
Haitao Pan
747426eb25 Harden xworkmate bridge ping validation 2026-04-21 15:23:49 +08:00
Haitao Pan
73bb2822fd chore(deploy): reduce ping validation retries to 3 2026-04-21 14:25:55 +08:00
Haitao Pan
cb4a4bc023 fix(deploy): improve bridge validation robustness and align gateway paths 2026-04-21 14:18:57 +08:00
Haitao Pan
99ca8b4ee8 fix(deploy): clean up gemini environment and force remove bridge container on deploy 2026-04-21 13:49:36 +08:00
Haitao Pan
b1276eee71 Consolidate bridge deploy to docker role only 2026-04-21 11:00:05 +08:00
Haitao Pan
d375eab837 Fix OpenCode ACP validation marker default 2026-04-21 10:03:40 +08:00
Haitao Pan
746b9407ff Handle immutable ACP service unit uploads 2026-04-20 18:55:07 +08:00
Haitao Pan
3f0e21d237 Handle immutable bridge binary uploads 2026-04-20 18:19:07 +08:00
Haitao Pan
ae5f7c5b4e Align xworkmate bridge playbooks with live services 2026-04-20 17:20:03 +08:00
Haitao Pan
acfe7f564d feat(xfce): refactor XFCE role into install and config tasks, and fix session setup 
- Split XFCE minimal role into install.yml and config.yml for better modularity.
- Restore .xsession setup with NO_BROWSER=true and exec startxfce4.
- Add support for managing user groups and shell.
- Ensure XRDP services are active and enabled on jp-xhttp-contabo.svc.plus.
 2026-04-20 10:53:35 +08:00
Haitao Pan
f20980bdc0 fix(bridge): allow public access to /api/ping and update ACP validation URLs 
- Exempt `/` and `/api/ping` from Bearer token authentication in xworkmate-bridge Caddyfile to fix health check failures (401 Unauthorized).
- Update validation tasks to use `https://{{ xworkmate_bridge_domain }}` instead of `http://127.0.0.1`.
- Correct the upstream ACP paths in validation logic (e.g. `/acp-server/codex`).
- Remove redundant Host headers from validation requests.
 2026-04-18 17:01:12 +08:00
Haitao Pan
5fa35235e1 refactor(acp): reorganize ACP roles and unify ingress under xworkmate-bridge 
- Rename acp_codex, acp_gemini, acp_opencode roles to acp_server_*
- Consolidate ACP deployment logic into xworkmate_bridge role
- Introduce gateway_openclaw role for ingress management
- Update playbooks to use the refactored xworkmate_bridge role
- Unify domain and upstream configuration under xworkmate-bridge.svc.plus
 2026-04-18 14:30:39 +08:00
Haitao Pan
ae1d318332 feat(bridge): templatize runtime configuration and add deployment tasks for xworkmate_bridge role 2026-04-18 12:17:32 +08:00
Haitao Pan
cd92dbc20d chore(domain): complete migration from acp-server.svc.plus to unified xworkmate-bridge.svc.plus 2026-04-18 11:42:57 +08:00
Haitao Pan
1cbe937178 refactor(summary): update deployment summary URLs to match unified bridge paths 2026-04-18 11:37:44 +08:00
Haitao Pan
c82c93d9ff fix(validate): update Caddy fragment path and remove stale file checks 2026-04-18 11:16:53 +08:00
Haitao Pan
74384140e2 refactor(validate): use global xworkmate_bridge_auth_token variable for authentication headers 2026-04-18 10:33:08 +08:00
Haitao Pan
e1a29dc4a0 fix(validate): add Authorization header to bridge and acp ingress checks 2026-04-18 10:31:52 +08:00
Haitao Pan
26499f5602 Add docs.svc.plus deployment playbook 2026-04-14 18:21:01 +08:00
Haitao Pan
c0f1a1c2ee Deploy billing-service from build artifact 2026-04-12 19:05:17 +08:00
Haitao Pan
97d49eaf39 deploy: pass bridge upstream token into runtime 2026-04-12 18:52:53 +08:00
Haitao Pan
27e19c4457 deploy: validate bridge ping over public https 2026-04-12 18:47:33 +08:00
Haitao Pan
9cc0e6bfb8 deploy: allow minimal caddy base config 2026-04-12 18:23:01 +08:00
Haitao Pan
220203b133 deploy: align console ingress and dns contract 2026-04-12 18:14:28 +08:00
Haitao Pan
04fb63881c fix accounts service ghcr login 2026-04-12 17:57:40 +08:00
Haitao Pan
427eed969e deploy: run xworkmate bridge from compose image 2026-04-12 14:23:23 +08:00
Haitao Pan
4c62883bfc fix: inject image ref into accounts deploy 2026-04-12 14:23:10 +08:00
Haitao Pan
335ee6ef81 feat: wire multi-node billing deployment config 2026-04-12 13:14:41 +08:00
Haitao Pan
d2531f6a22 Make TLS cert name configurable 2026-04-11 12:55:31 +08:00
Haitao Pan
c90bdd9093 Disallow bridge deploy fallback build 2026-04-10 18:04:56 +08:00
Haitao Pan
68d4554be7 Prefer downloaded bridge artifact during deploy 2026-04-10 18:00:50 +08:00
Haitao Pan
e7d9140b86 feat(playbooks): add cloud desktop bootstrap flow 2026-04-10 17:09:59 +08:00
Haitao Pan
19e1f4ef1d Add readonly SSH audit user role and playbooks 2026-04-10 11:08:47 +08:00
Haitao Pan
b8d93ec31c Inject ACP provider auth environment 2026-04-09 19:21:12 +08:00
Haitao Pan
3ce18ef133 chore: simplify xfce xrdp minimal role 2026-04-09 18:59:16 +08:00
Haitao Pan
396a1fad71 chore: harden vhost and xfce xrdp playbooks 2026-04-09 17:45:11 +08:00
Haitao Pan
a209041839 Expose xworkmate bridge public root 2026-04-09 15:26:30 +08:00
Haitao Pan
9ad2740997 Commit remaining local changes 2026-04-09 15:24:38 +08:00
Haitao Pan
c7ffff2825 Fix DNS host expansion and bridge service ownership 2026-04-09 15:00:29 +08:00
Haitao Pan
7b4e119030 Fix ACP deprecated fragment assertion message 2026-04-09 14:55:12 +08:00
Haitao Pan
117b912529 Handle immutable Caddyfile and Linux Gemini path 2026-04-09 14:51:41 +08:00
Haitao Pan
ac83d810c6 Make ACP dry-run loop labels check-safe 2026-04-09 14:46:01 +08:00
Haitao Pan
e774f5746b Fix ACP dry-run fragment validation 2026-04-09 14:44:05 +08:00
Haitao Pan
32d928a5da Accept authorized ACP endpoints in health checks 2026-04-09 14:38:38 +08:00
Haitao Pan
210e32b6db Skip ACP fragment assertions during dry runs 2026-04-09 14:36:32 +08:00
Haitao Pan
fb0a9dae5e Skip Gemini handler during dry runs 2026-04-09 14:34:30 +08:00
Haitao Pan
8f3f4a07dc Skip ACP runtime checks during dry runs 2026-04-09 14:32:52 +08:00
Haitao Pan
93e25c07f2 Stabilize ACP bridge handlers and task order 2026-04-09 14:31:59 +08:00
Haitao Pan
6d1f582ea1 Point ACP bridges to xworkmate-bridge source 2026-04-09 14:17:54 +08:00
Haitao Pan
08330218a6 Allow ACP local builds during check mode 2026-04-09 14:17:09 +08:00
Haitao Pan
672ea8ba32 Refactor ACP vhosts deployment layout 2026-04-09 14:16:05 +08:00
Haitao Pan
9d6e59e802 feat: add acp bridge server deploy role 2026-04-09 06:20:07 +08:00
Haitao Pan
557272bf88 Make postgresql_service check-mode friendly 2026-04-05 19:15:50 +08:00
Haitao Pan
36813d4bde Add managed postgresql.svc.plus deployment 2026-04-05 19:09:25 +08:00
Haitao Pan
e9ea0b1d3b Add managed accounts.svc.plus deployment 2026-04-05 18:58:09 +08:00
Haitao Pan
47504726a3 Migrate XRDP and Cloudflare playbooks 2026-04-05 16:54:48 +08:00
Haitao Pan
0d5371e98b Consolidate ACP vhosts and add Cloudflare DNS playbook 2026-04-04 18:33:54 +08:00
Haitao Pan
b03c1b5797 Deploy ACP bridge for OpenCode 2026-04-04 17:30:33 +08:00
Haitao Pan
e8515003f3 fix(k3s): purge stuck external-dns release state 2026-04-04 17:09:37 +08:00
Haitao Pan
78bc356655 fix(k3s): create cloudflare token secret for external-dns 2026-04-04 16:54:50 +08:00
Haitao Pan
2061a3cd4f fix(k3s): recover external-dns helm lock 2026-04-04 16:47:43 +08:00
Haitao Pan
4ae3955d62 fix(k3s): remove external-dns retry loop 2026-04-04 16:33:07 +08:00
Haitao Pan
4a6978c3b5 fix(k3s): harden external-dns addon install 2026-04-04 15:45:52 +08:00
Haitao Pan
82eadec0c0 fix(k3s): check addon deployments by actual chart names 2026-04-04 15:03:38 +08:00
Haitao Pan
16abf5a58e fix(k3s): check reloader deployment by chart fullname 2026-04-04 14:58:57 +08:00
Haitao Pan
cd3e9a1afe fix(k3s): replace helm waits with short health checks 2026-04-04 14:46:56 +08:00
Haitao Pan
b9f800eedc fix(k3s): use short rollout check for external-dns 2026-04-04 14:46:27 +08:00
Haitao Pan
4f6b7069c0 fix(k3s): avoid waiting on ingress controller load balancers 2026-04-04 14:10:59 +08:00
Haitao Pan
0f0b7cfd04 feat(playbooks): add codex and opencode acp roles 2026-04-04 13:44:16 +08:00
Haitao Pan
f7a627673a feat(playbooks): rename root authorized key bootstrap playbook 2026-04-04 13:16:07 +08:00
Haitao Pan
3f21540ec6 fix(k3s): avoid jinja values attr collisions 2026-04-04 12:59:02 +08:00
Haitao Pan
16b5c90ee4 fix(k3s): access caddy values with bracket syntax 2026-04-04 12:57:58 +08:00
Haitao Pan
a8a1abf817 feat(playbooks): add minimal xfce xrdp desktop role 2026-04-04 12:51:16 +08:00
Haitao Pan
bbcbe61abc fix(k3s): use apache apisix helm repo 2026-04-04 12:50:39 +08:00