- Untrack .runner (contains registration token), act_runner binary, and nohup.out
- Add gitea-runner sensitive files to .gitignore
- Auto-register runner from env var if .runner is missing
- Switch deploy workflow git pull from HTTP to SSH
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add trailing slash to proxy_pass so nginx strips the subpath prefix
before forwarding requests to the upstream containers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mounting host docker binary failed due to glibc/musl incompatibility.
Instead, extend the act_runner image and install docker-cli and
docker-cli-compose via apk.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The act_runner container had the Docker socket but not the docker
binary, so deploy workflow steps using docker compose failed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The act_runner container lacks SSH, so pull via HTTP using the
Docker network hostname instead of the named SSH remote.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mount the deploy directory at the same absolute path in the runner
container so docker compose bind mounts resolve correctly on the host
Docker daemon. Add git safe.directory config to avoid ownership errors
when the runner (root) operates on host-owned files.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add uptime-kuma, searxng, and wallabag Docker services with Postgres integration for wallabag
- Add nginx reverse proxy location blocks for /uptime-kuma/, /searxng/, /wallabag/ in both prod and dev templates
- Update entrypoint.sh envsubst to include new HOST/PORT vars
- Add Vite dev proxy entries for all three services
- Update gitea-runner config: add self-hosted label and allow all volumes
- Add Gitea CI/CD workflow
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rename sharedLayout to sharedPageComponents to fix build errors in
Quartz emitters (contentPage, tagPage, folderPage, 404).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add custom quartz.layout.ts overriding the default layout to remove
Component.Graph(), the D3 force-directed graph known to crash browsers
on large note sets.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pass --directory /content so quartz build reads from the volume mount
instead of the default /quartz/content path.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces the custom Go/Vue notes system with Quartz v4, a polished
static site generator for Obsidian vaults. Mounts OBSIDIAN_DIR as the
Quartz content directory and serves it at /notes/ with hot-reload via
`npx quartz build --serve`.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Upload, list, and delete fallback music files from the admin page.
Backend handlers validate file type/size and prevent path traversal.
Nginx max body size increased to 50M to support large audio files.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add flex-wrap, stacked layouts on small screens, and mobile-friendly
a4page/skills-grid styles across all CV variants.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move site and social link groups into their own flex container
so justify-between spaces them apart without including the header.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents avatar and game images from stretching too wide when sidebars
expand to 95vw at the 1360px breakpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove fixed width/height attributes from album art image that set a minimum
intrinsic size, add fluid image styles, and improve mobile grid layout.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rework media query breakpoints and grid placement for better
tablet/mobile display. Add overflow-auto to Radio, Links, and
Listening components. Add Links header. Simplify Intro2 animation
initial positions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix auth bypass in UpdatePost/DeletePost (missing return after auth check)
- Remove Spotify access token from callback response
- Replace internal error messages with generic responses in all handlers
- Harden GraphQL: complexity limit, disable playground/introspection in prod
- Add security headers (X-Frame-Options, HSTS, etc.) to nginx
- Disable Hasura console/dev mode in production
- Add DOMPurify sanitization to Markdown component
- Fix cookie removal to use correct domain/path from auth config
- Fix nil dereference in rowing handler when Claude API errors
- Fix wildcard CORS on stamp endpoint
- Pin nginx and certbot Docker image versions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds Hasura v2.44.0 service connected to the existing Postgres database,
proxied through nginx at /hasura/ with WebSocket support for the console.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add Print button and fade transition between CV variants in CV.vue
- Fix bullet point styling with list-disc list-inside across all CV variants
- Minor content tweaks: reorder modules, fix date range, reformat text
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Split CV.vue into CVGeneral, CVBackend, CVFrontend, and CVHospitality variants.
Also adds halftone body class, reformats index.html, and minor style/layout fixes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Generate self-signed certs for local HTTPS, add port 443 and full SSL
server block to dev nginx config, add Spotify redirect URI env var,
improve Spotify token error handling, and fix Chat/Steam mobile sizing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add alt attributes, width/height for CLS, aria-labels, meta description,
preconnect hints, LCP fetchpriority, and sound/stamp cache headers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
