coilysiren/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
No description
488 commits 2 branches 0 tags 803 KiB
  • Shell 41%
  • Python 39.6%
  • HCL 10.4%
  • PowerShell 7.1%
  • Makefile 1.9%
Find a file
Exact
Kai Siren 8ea9a4f147
Some checks are pending
CI / lint (push) Waiting to run
Details
TruffleHog / Scan for secrets (push) Waiting to run
Details
feat: enable ntfy attachments with base-url sourced from SSM 
Attachments were dropped in #274 because attachment-cache-dir needs an
explicit base-url and that URL carries the opaque tailnet suffix. Store
the base-url in SSM (/coilysiren/ntfy/base-url, String) and pull it via
a new ntfy-base-url ExternalSecret, the same pattern as the ts-authkey.
ntfy gets NTFY_BASE_URL from that Secret plus the two attachment env
vars back. The opaque suffix stays out of the repo.

closes #276

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Audit-log: coily://1779455358/AGPE7TPW - coily git add deploy/ntfy.yml
Audit-log: coily://1779455361/AGPE7TQC - coily
Audit-log: coily://1779455371/AGPE7TRI - coily ops aws sts get-caller-identity
Audit-log: coily://1779455372/AGPE7TRL - coily ops aws ssm get-parameter
Audit-log: coily://1779455372/AGPE7TRM - coily git commit
Audit-log: coily://1779455373/AGPE7TRP - coily
Audit-log: coily://1779455384/AGPE7TSZ - coily git push
Audit-log: coily://1779455412/AGPE7TWK - coily git log
Audit-log: coily://1779455412/AGPE7TWK - coily git show HEAD
Audit-log: coily://1779455412/AGPE7TWK - coily git status
Audit-log: coily://1779455446/AGPE7T2O - coily git show 4dd385c
Audit-log: coily://1779455494/AGPE7UAH - coily ssh kai-server
Audit-log: coily://1779455495/AGPE7UAJ - coily ssh kai-server
Audit-log: coily://1779455503/AGPE7UBJ - coily ssh kai-server
Audit-log: coily://1779455505/AGPE7UBL - coily ssh kai-server
Audit-log: coily://1779455505/AGPE7UBS - coily ssh kai-server
Audit-log: coily://1779455506/AGPE7UBU - coily ssh kai-server
Audit-log: coily://1779455512/AGPE7UCP - coily
Audit-log: coily://1779455519/AGPE7UCJ - coily ssh kai-server
Audit-log: coily://1779455519/AGPE7UDK - coily ssh kai-server
Audit-log: coily://1779455542/AGPE7UGE - coily
Audit-log: coily://1779455563/AGPE7UIW - coily
Audit-log: coily://1779455618/AGPE7UPO - coily ops gh issue comment 274
Audit-log: coily://1779455620/AGPE7UPU - coily ops gh issue close 274
Audit-log: coily://1779455620/AGPE7UPU - coily ops gh issue comment 273
Audit-log: coily://1779456057/AGPE7WFB - coily ops aws ssm get-parameter
Audit-log: coily://1779456057/AGPE7WFB - coily git status
Audit-log: coily://1779456071/AGPE7WGY - coily ops aws ssm put-parameter
Audit-log: coily://1779456072/AGPE7WG3 - coily ops aws ssm get-parameter
Audit-log: coily://1779456141/AGPE7WPI - coily ops gh issue create
Audit-log: coily://1779456153/AGPE7WQY - coily git add deploy/ntfy.yml
2026-05-22 06:22:33 -07:00
.claude chore(lockdown): adopt agent-guard pre-tool-use delegate 2026-05-16 13:59:52 -07:00
.coily feat: add SigNoz private traces deploy 2026-05-22 04:42:22 -07:00
.githooks Add .gitattributes and post-merge hook to fix CRLF on Linux pulls 2026-04-14 00:41:22 -07:00
.github/workflows fix(caddy-shortcuts): send GraphQL commit as a full request body, closes #251 2026-05-22 02:19:43 -07:00
caddy caddy: regenerate tailnet shortcut snippets, refs #129 2026-05-22 09:20:46 +00:00
deploy feat: enable ntfy attachments with base-url sourced from SSM 2026-05-22 06:22:33 -07:00
docs feat: add per-machine Claude session watcher 2026-05-21 01:55:35 -07:00
hardware/kai-desktop-tower chore: replace tower GLB with cropped tower-only mesh 2026-05-20 22:46:09 -07:00
llama debuffs llama 2025-04-24 20:44:45 -07:00
scripts feat: add SigNoz private traces deploy 2026-05-22 04:42:22 -07:00
skills skills: adopt ops-investigation-k3s-pod-eviction and ops-investigation-k3s-upgrade-homelab 2026-05-11 10:56:20 -07:00
sudoers chore: route non-TTY systemctl callers through coily, delete kai-coilysiren-updates fragment, closes #186 2026-05-19 00:14:43 -07:00
systemd feat: daily GitHub to Forgejo mirror timer on kai-server 2026-05-22 03:35:23 -07:00
terraform feat: self-host ntfy push notification server on k3s 2026-05-22 05:40:23 -07:00
.gitattributes feat: add 3D photogrammetry model of kai-desktop-tower 2026-05-20 20:42:22 -07:00
.gitignore chore: track terraform lock file, gitignore .terraform/ 2026-05-20 11:39:11 -07:00
.pre-commit-config.yaml fix: dedup terraform runners and wire pylint into pre-commit 2026-05-21 03:30:39 -07:00
.pylintrc fix CI: disable too-many-nested-blocks globally 2026-05-03 12:29:37 -07:00
.python-version Migrate from requirements.txt to uv + pyproject.toml 2026-05-14 06:30:28 -07:00
AGENTS.md docs: adopt push-after-each-commit, drop confirm-before-push 2026-05-21 02:42:51 -07:00
CLAUDE.md Add CLAUDE.md with @AGENTS.md import 2026-04-23 19:35:51 -07:00
eco.md rename: update eco-spec-tracker references after repo rename to eco-jobs-tracker 2026-05-02 16:40:34 -07:00
Makefile feat: add SigNoz private traces deploy 2026-05-22 04:42:22 -07:00
pyproject.toml feat: add per-machine Claude session watcher 2026-05-21 01:55:35 -07:00
README.md rename: update cross-repo refs after coilyco-ai to agentic-os-kai 2026-05-15 02:30:10 -07:00
uv.lock feat: add per-machine Claude session watcher 2026-05-21 01:55:35 -07:00

README.md

infrastructure

Everything Kai needs to stand up and operate kai-server. Systemd units, shell scripts, k3s cluster manifests, and a small set of coily verbs for cluster-side bootstrap.

Layout

.
├── caddy/            # (legacy, pre-traefik caddy config)
├── deploy/           # cluster-wide manifests applied via coily verbs
│   ├── cert_manager.yml     # cert-manager ClusterIssuers (DNS-01 via Route 53)
│   ├── externalsecret.yml   # external-secrets sync rules
│   └── secretstore.yml      # SecretStore -> AWS SSM Parameter Store
├── docs/             # durable ops documentation
├── llama/            # llama-service k8s manifests
├── scripts/          # systemd unit ExecStart/ExecPre scripts + Python helpers for coily verbs
├── systemd/          # systemd unit files
├── Makefile          # entry points for coily verbs
└── eco.md            # Eco server configuration notes

Operating the cluster

Cluster-bootstrap verbs are declared in .coily/coily.yaml and driven by Makefile targets that call scripts/k8s.py / scripts/llama.py. Common verbs:

coily cert-manager                                                        # re-apply cert-manager + ClusterIssuers
coily aws-secrets aws_access_key_id=<ID> aws_secret_access_key=<SECRET>   # bootstrap external-secrets + aws-credentials
coily observability                                                       # install / upgrade VictoriaMetrics + Grafana
coily terraform-grafana action=plan                                       # plan / apply Grafana dashboards via terraform

K3s service ops and game-server systemd ops live in coily core. Restart k3s with coily ssh systemctl restart k3s.service; tail / restart game servers with coily gaming <eco|core-keeper|icarus|factorio> ....

See docs/ for:

  • architecture.md — top-down view of what runs on kai-server
  • certificates.md — DNS-01 via Route 53 cert flow (no more HTTP-01 / hairpin-NAT hacks)

Commands

Dev commands are declared in .coily/coily.yaml. Run them as coily exec <verb>.

See also

  • AGENTS.md - agent-facing operating rules.
  • docs/FEATURES.md - inventory of what ships today.
  • .coily/coily.yaml - allowlisted commands. Agents route through coily, not bare make / uv / python / npm / cargo / dotnet.

Cross-reference convention from coilysiren/agentic-os-kai#313.