Deleted unused `.github` workflows and configurations, including obsolete CI/CD pipelines and PR templates, which were no longer executed after the migration to Gitea. Migrated the `PR Guard` workflow for hardcoded version checks to `.gitea/workflows/pr-guard.yaml`. Verified functional workflows in Gitea (e.g., Docker publish). Documented changes and rationale in session logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Updated `MASTER_ROADMAP_2026_Q1.md` and session logs to reflect completion of the Ping Service tracer bullet. Verified the end-to-end stack, including frontend, backend, and Gateway integration. Fixed query parameter mismatch in `PingApiKoinClient.syncPings()` (`lastSyncTimestamp` → `since`) for proper Delta-Sync functionality. Marked related roadmap tasks as completed.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Updated `MASTER_ROADMAP_2026_Q1.md` to reflect completed Redis-to-Valkey migration and Keycloak production configuration. Adjusted property paths in `base-application.yaml` and session logs with corrected environment variable names. Verified end-to-end Docker stability and roadmap alignment.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Gateway CircuitBreaker tasks as completed and verified in archived roadmaps and session logs. Confirmed fixes for `ClassNotFoundException` via Spring Cloud 2025.0.1 and proper configuration of Resilience4j with fallback and metrics integration.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Completed OIDC Authorization Code Flow with PKCE (S256) for JS and JVM platforms.
- Added `launchOidcFlow`, `consumePendingOidcCallback`, and `getOidcRedirectUri` with platform-specific implementations.
- Integrated SHA-256 and Base64URL helpers for PKCE.
- Updated `LoginViewModel` with OIDC logic (key handling, token exchange, state validation).
- Enhanced `LoginScreen` with an OIDC login button and loading spinner.
- Verified implementation with system hardening roadmap tasks.
Includes browser redirects for JS, localhost HTTP callback for JVM, and built-in Keycloak URL construction.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Zipkin integration tasks as completed and verified in archived roadmaps. Documented fixes for gateway propagation type (`w3c` → `b3`) and Zipkin endpoint configuration. Removed redundant dependencies in `build.gradle.kts` and updated related session logs.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Marked Micrometer 1.16.1 upgrade task as completed in archived roadmaps and session logs. Verified compatibility for Java 25 and updated notes to reflect no changes required in `libs.versions.toml`.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Documented the completed Keycloak hardening steps, including PKCE S256 support, CORS security improvements, strengthened password policy, and logout redirect URI configurations. Verified and updated the `meldestelle-realm.json` and roadmap to reflect these changes.
Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
Added progress updates for completed roadmap tasks, including dependency management (Spring Cloud, SQLDelight, core-utils refactoring, Redis-to-Valkey migration). Added verification notes with dates, ensuring alignment with current implementation status and next steps.
Added detailed hardware specifications for the Minisforum MS-R1 (Zora) and a complete tech stack overview for the Meldestelle project. Included session logs summarizing research findings, AI relevance, and next steps for self-hosted AI model configurations. Consolidated related reference materials for streamlined documentation.
Added a session log confirming the resolution of pipeline issues in iteration v6, including successful sequential builds and the use of direct `config.json` for Docker credentials. Detailed the root causes (registry proxy timeouts and RAM-OOM) and the implemented fixes, ensuring stability and reliable internal registry access.
Added a session log detailing the resolution of RAM-OOM issues and daemon interaction complexities by writing credentials directly to `config.json` and limiting jobs to sequential execution. Updated `.gitea/workflows/docker-publish.yaml` to reflect the simplified and rootless BuildKit configuration for internal HTTP registry access.
Added a session log detailing the resolution of HTTPS to HTTP conflicts during internal registry access by configuring the Docker Daemon with `insecure-registries` in `daemon.json` and restarting the service. Updated `.gitea/workflows/docker-publish.yaml` to reflect the new approach, ensuring reliable internal pushes bypassing Pangolin without timeouts.
Added a session log detailing the replacement of `iptables` DNAT with a rootless `buildkitd` mirror for internal Gitea registry access, eliminating the need for sudo, additional packages, or kernel-level configurations. Updated `.gitea/workflows/docker-publish.yaml` to reflect the new, purely configurational solution.
Added a detailed session log explaining the replacement of `socat` with `iptables` DNAT for internal Gitea registry access in the pipeline. Updated `.gitea/workflows/docker-publish.yaml` to reflect the new approach, eliminating the need for additional packages on minimal runners.
Added a detailed session log explaining the root cause and resolution for pipeline failures due to "connection refused" on Port 443. Updated `.gitea/workflows/docker-publish.yaml` to configure BuildKit for HTTP and introduced a `socat` TCP proxy for internal registry access.
Added a detailed session log documenting the root cause and resolution of 502 errors during Docker image pushes. Updated `.gitea/workflows/docker-publish.yaml` to bypass Pangolin for internal registry access and disable attestation manifests to prevent additional token requests.
Translated all remaining English architectural documents into German, including ADRs, guides, release notes, and reference materials. Standardized formatting across translated files, updated section headings, and localized inline comments within code examples for consistency.
Revised and translated the guide for enabling Gitea Actions cache to streamline CI/CD workflows. Added localized examples, clarified tool and action caching configurations, and linked relevant resources for improved usability. Removed redundant sections and updated structure for better readability.
Revised multiple documents to align with the migration from Incus to Proxmox VE 8.4.10. Updated hypervisor, IP ranges, subnet details, and NAT configurations across all relevant files. Marked Incus sections as historical for clarity. Added AI-Stack setup guide for Proxmox LXC.
Streamlined Keycloak configurations with defaults for development and production in `.env`. Added health checks and improved environment variable documentation with comments to differentiate local and server deployments. Ensured compatibility with pre-built registry images.
Added a Prometheus scrape job for Keycloak metrics. Updated Alertmanager to use Mailpit for local testing. Completed documentation consolidation and marked cleanup-related tasks as done in the master roadmap.
Introduced a detailed guide on configuring automated backups for the Zora server, covering scheduling, manual execution, and restoration processes. Added `backup.sh` script to streamline database and configuration backups with retention and rotation.
Introduced a comprehensive guide on setting up Git-based deployment for the "Zora" server, including environment setup, repository initialization, and deployment workflow. Added `deploy.sh` script to streamline updates and restarts.
Moved outdated files to the `_archive` folder and reorganized infrastructure-related documentation into the `07_Infrastructure` directory. Improved clarity and ensured logical grouping of files.
Archived `Roadmap_2026_Q1.md` and replaced it with `MASTER_ROADMAP_2026_Q1.md` and `MASTER_ROADMAP.md`. Consolidated roadmap structure ensuring clearer organization and updated references for improved accessibility.
Updated `README.md` with new links for the Zora system architecture and master roadmap. Renamed and moved Proxmox release document under the infrastructure references. Added a `.keep` file to ensure directory structure persistence.
Introduced `Zora_System_Architektur.md` outlining the ARM64-based system design for "Zora." Covers Gitea setup, CI/CD workflows, deployment methods, service configurations, and developer guidelines.
Introduced `Pangolin-vs-Cloudflare-Tunnel.md` to compare features between Pangolin and Cloudflare Tunnel. Included step-by-step deployment instructions for Hetzner VPS and MS-R1, highlighting privacy, performance, and configuration benefits.
Aligned environment variable naming across backend and infrastructure files for improved consistency (e.g., `SPRING_CLOUD_CONSUL` and `SPRING_SECURITY_OAUTH2_RESOURCESERVER`). Introduced `PING_SERVICE_URL` to support dynamic Ping-Service routing. Updated Docker Compose health checks, profiles, and memory settings for scalability and stability.
Switched container images in `dc-infra.yaml` to a custom Docker registry for better control and consistency across deployments. Added Keycloak with enhanced configurations and updated several container restart policies, memory allocations, and healthcheck settings for improved performance and compatibility.
Introduced `Konfig-Matrix_Dev-ProZora.md` to document key configuration variables for development and production (Zora) environments, including database settings, secrets, and environment-specific usage details.
Added two new documents, `Zora_Infrastructure&Deployment_02-2026.md` and `Temp.md`, detailing the strategic roadmap for Zora's infrastructure setup and deployment phases, alongside a "Hello-World" test project guide to validate CI/CD pipelines and ARM64 compatibility.
Added `USV-technische-Daten.md` to document the specifications of the Eaton 3S 850 DIN UPS, including technical details, features, and supported configurations. Included an accompanying image `Eaton-3S-DIN-850-VA.png`.
Added a detailed guide on enabling caching for Gitea Actions to accelerate CI/CD workflows in `docs/01_Architecture/Gitea/Enable_Gitea_Actions_Cache_to_Accelerate_CI_CD.md`. Updated `.gitignore` to exclude the `/_backup/` directory.
- Updated `MASTER_ROADMAP_2026_Q1.md` to reflect delivery of Minisforum MS-R1 hardware and progress on infrastructure setup.
- Added detailed documentation for Minisforum MS-R1, including specifications, host OS setup guide, and service configuration guide.
- Logged DevOps setup session and curator's session with focus on hardware integration, SSH hardening, and networking adjustments (Macvlan workaround).
- Included user manual for Minisforum MS-R1 and related assets (e.g., images).
Documented Heimnetzwerk architecture in `Heim-Netzwerk-Plan_02-2026.md`, including VLAN definitions, hardware setup, and connection details with a visual graph layout.
- Adjusted infrastructure roadmap to use VM instead of nested LXC for Docker hosting, enhancing isolation and compatibility.
- Clarified multi-architecture CI/CD setup with native ARM64 builds and QEMU-based x86_64 builds.
- Updated documentation to include backup and offline-first strategies.
- Archived outdated session logs and reports for better file organization.
Added a detailed session log covering infrastructure setup for the Home-Server (Minisforum MS-R1) and reporting requirements. Updated `MASTER_ROADMAP_2026_Q1.md` with next steps, including PDF generation architecture evaluation and ARM64 hardware setup details.
Updated Dockerfile to streamline the hybrid build process and optimize artifact integration. Modified Caddyfile for better routing logic, enhanced security headers, Prometheus metrics, and improved API proxy handling. Adjusted `dc-gui.yaml` for container stability and simplified runtime configuration for `apiBaseUrl`. Expanded documentation with troubleshooting and session logs.
Replaced multi-stage Docker builds with a hybrid approach that pre-builds frontend artifacts locally and copies them into the container. Removed Kotlin Multiplatform configurations from the root project to resolve NodeJsRootPlugin conflicts. Adjusted `.dockerignore` to allow pre-built artifacts and increased Gradle/Kotlin daemon memory for faster builds. Updated Caddyfile for runtime stability and added documentation for new build processes.
Explicitly added JS target with browser and Node.js configurations at the root level to ensure the NodeJsRootPlugin is loaded. Resolved the "IsolatedKotlinClasspathClassCastException" error in subprojects. Updated Yarn lock to reflect new dependencies.
- Updated Gradle version in `.env`, Dockerfiles, and wrapper to 9.3.1.
- Replaced alias-based application of `kotlinMultiplatform` plugin with direct `id` usage in subprojects to resolve "Plugin loaded multiple times" error.
- Applied centralized plugin management and Gradle daemon optimizations to improve Docker build stability and address KMP classloading issues.
