17 Commits

Author SHA1 Message Date
benvin b278be072d Merge pull request 'add encapi and terraform-provider-encapi repos' (#22) from benvin/add-encapi-repos into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #22
2026-07-04 23:39:49 +10:00
unkinben 96f2fc0302 add encapi and terraform-provider-encapi repos
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
Create the two Gitea repos backing the new Puppet ENC that replaces Cobbler:
- encapi: Go API + encapi-cli, Postgres-backed
- terraform-provider-encapi: Terraform provider for ENC roles/statuses/nodes

Both use main as default branch with squash-merge, delete-branch-after-merge,
and branch protection gated on the PR pipelines (pre-commit, test, build).
2026-07-04 23:21:27 +10:00
benvin c2a84ecd83 Merge pull request 'Enable delete-branch-after-merge on all repos' (#21) from benvin/delete-branch-after-merge-all into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #21
2026-07-04 23:14:28 +10:00
benvin 6b26a75149 Merge branch 'main' into benvin/delete-branch-after-merge-all
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
2026-07-04 23:12:34 +10:00
benvin da36708a15 Merge pull request 'Switch node-lookup repo to a main default branch' (#20) from benvin/node-lookup-main-branch into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #20
2026-07-04 23:07:27 +10:00
unkinben bbfe0edf2f Enable delete-branch-after-merge on all repos
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
Merged PR branches should be cleaned up automatically everywhere, for a
consistent workflow across the estate.

- Flip default_delete_branch_after_merge from false to true on the 10 repos
  that had it disabled.
- Add default_delete_branch_after_merge: true to the 3 repos that were missing
  the field (terraform-git, terraform-provider-litellmvaultsecret,
  vault-plugin-secrets-litellm).
2026-07-04 22:52:02 +10:00
unkinben 844fff8db6 Switch node-lookup repo to a main default branch
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
node-lookup is being set up with build/test/pre-commit CI and a main-based
workflow, so its Gitea repo config needs to match.

- Change default_branch from master to main.
- Rename the branch protection rule to main and update the required status
  checks to the new pipeline names (build, test, pre-commit) instead of the
  old lint/unit-tests contexts.
2026-07-04 22:50:52 +10:00
benvin 7bf810210f Merge pull request 'Add bind-operator repository' (#19) from benvin/add-bind-operator-repo into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #19
2026-07-03 15:24:22 +10:00
unkinben a4967d0bbf Add bind-operator repository
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
Declares the bind-operator repo so Gitea provisions it for the new
Kubernetes operator that manages BIND9 DNS clusters.

- add config/git.unkin.net/unkin/repository/bind-operator.yaml with
  main as default branch, squash merge, delete-branch-after-merge, and
  branch protection requiring the pre-commit/test/build CI checks
2026-07-03 15:22:58 +10:00
benvin 773f734d8e Merge pull request 'Add vault-plugin-secrets-litellm and terraform-provider-litellm repos' (#18) from benvin/add-litellm-repos into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #18
2026-07-02 23:17:05 +10:00
unkinben 4495339979 Rename provider repo to terraform-provider-litellmvaultsecret
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
Use a more specific name that reflects this is the Terraform provider for the
LiteLLM Vault/OpenBao secrets engine, not for LiteLLM itself.
2026-07-02 23:05:19 +10:00
benvin d59d1244f3 Merge pull request 'Add tomswall repository' (#17) from benvin/add-tomswall-repo into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #17
2026-07-02 23:02:06 +10:00
unkinben 043e73424c Add vault-plugin-secrets-litellm and terraform-provider-litellm repos
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
Provision two new Gitea repos for the LiteLLM dynamic secrets work: the
Vault/OpenBao secrets-engine plugin and its companion Terraform provider.

- Add config/.../repository/vault-plugin-secrets-litellm.yaml
- Add config/.../repository/terraform-provider-litellm.yaml
- Default branch main, squash-only merging (allow_* flags, since the
  go-gitea/gitea provider has no default_merge_style), and branch protection
  on main requiring pre-commit/build/test checks with Owners approval
2026-07-02 22:57:34 +10:00
unkinben 5cfbf60f65 Add branch protection for tomswall main branch
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
2026-06-29 23:23:45 +10:00
unkinben dfbb90a7dc Add tomswall repository definition
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
New Go project for an nftables firewall manager — spiritual successor
to shorewall using google/nftables for direct kernel interaction.
2026-06-28 23:42:34 +10:00
benvin d1d00e5c47 Merge pull request 'feat: add terraform-sonarr, terraform-radarr, terraform-prowlarr repos' (#16) from feat/add-media-terraform-repos into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #16
2026-06-28 22:00:53 +10:00
unkinben 93175707eb feat: add terraform-sonarr, terraform-radarr, terraform-prowlarr repos
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
2026-06-28 21:58:59 +10:00
21 changed files with 157 additions and 14 deletions
@@ -1,4 +1,4 @@
description: "Sudaporn's Research Data visualisation, normalised " description: "Sudaporn's Research Data visualisation, normalised "
private: false private: false
default_branch: "master" default_branch: "master"
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
@@ -1,4 +1,4 @@
description: "Sudaporn's Research Data visualisation, normalised" description: "Sudaporn's Research Data visualisation, normalised"
private: false private: false
default_branch: "master" default_branch: "master"
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
@@ -0,0 +1,14 @@
description: "Kubernetes operator for managing BIND9 DNS clusters, zones, views, and TSIG keys"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/test"
- "ci/woodpecker/pr/build"
approval_whitelist_teams:
- "Owners"
@@ -1,7 +1,7 @@
description: "Vault PKI certificate issuance and SSH host key signing tool for Puppet-managed infrastructure" description: "Vault PKI certificate issuance and SSH host key signing tool for Puppet-managed infrastructure"
private: false private: false
default_branch: "master" default_branch: "master"
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
branch_protection: branch_protection:
- rule_name: "master" - rule_name: "master"
enable_push: false enable_push: false
@@ -1,3 +1,3 @@
description: "Docker image to be used in Kubernetes as a developers container" description: "Docker image to be used in Kubernetes as a developers container"
private: false private: false
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
@@ -0,0 +1,14 @@
description: "Postgres-backed External Node Classifier (ENC) for Puppet, replacing Cobbler. Go API + encapi-cli."
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/test"
- "ci/woodpecker/pr/build"
approval_whitelist_users:
- "unkinben"
@@ -1,3 +1,3 @@
description: "A repository for building initrd.img in docker " description: "A repository for building initrd.img in docker "
private: false private: false
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
@@ -1,14 +1,14 @@
description: "A CLI tool written in Go that queries the PuppetDB API to look up and filter node facts." description: "A CLI tool written in Go that queries the PuppetDB API to look up and filter node facts."
private: false private: false
default_branch: "master" default_branch: "main"
default_delete_branch_after_merge: true default_delete_branch_after_merge: true
default_merge_style: "squash" default_merge_style: "squash"
branch_protection: branch_protection:
- rule_name: "master" - rule_name: "main"
enable_push: false enable_push: false
status_check_contexts: status_check_contexts:
- "ci/woodpecker/pr/lint" - "ci/woodpecker/pr/build"
- "ci/woodpecker/pr/test"
- "ci/woodpecker/pr/pre-commit" - "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/unit-tests"
approval_whitelist_users: approval_whitelist_users:
- "unkinben" - "unkinben"
@@ -1,4 +1,4 @@
description: "Package the internal ca-certificates" description: "Package the internal ca-certificates"
private: false private: false
default_branch: "master" default_branch: "master"
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
@@ -1,5 +1,5 @@
description: "Build rpms for jellyfin-web" description: "Build rpms for jellyfin-web"
private: false private: false
default_branch: "master" default_branch: "master"
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
archived: true archived: true
@@ -1,3 +1,3 @@
description: "A stack of microservices that aim to offer a distributed streaming service." description: "A stack of microservices that aim to offer a distributed streaming service."
private: false private: false
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
@@ -1,6 +1,7 @@
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform" description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
private: false private: false
default_branch: "main" default_branch: "main"
default_delete_branch_after_merge: true
branch_protection: branch_protection:
- rule_name: "main" - rule_name: "main"
enable_push: false enable_push: false
@@ -1,7 +1,7 @@
description: "Manage nomad with Terraform" description: "Manage nomad with Terraform"
private: false private: false
default_branch: "master" default_branch: "master"
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
branch_protection: branch_protection:
- rule_name: "master" - rule_name: "master"
enable_push: false enable_push: false
@@ -1,6 +1,6 @@
description: "Terraform provider for managing ArtifactAPI" description: "Terraform provider for managing ArtifactAPI"
private: false private: false
default_delete_branch_after_merge: false default_delete_branch_after_merge: true
branch_protection: branch_protection:
- rule_name: "main" - rule_name: "main"
enable_push: false enable_push: false
@@ -0,0 +1,14 @@
description: "Terraform provider for encapi: manage Puppet ENC roles, statuses, and node assignments."
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/build"
- "ci/woodpecker/pr/test"
approval_whitelist_users:
- "unkinben"
@@ -0,0 +1,19 @@
description: "Terraform provider for the Vault/OpenBao LiteLLM dynamic secrets engine (litellmvaultsecret)"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
# Squash-only: the gitea provider has no "default merge style", so we restrict
# the allowed styles to squash to force it.
allow_merge_commits: false
allow_rebase: false
allow_rebase_explicit: false
allow_squash_merge: true
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/build"
- "ci/woodpecker/pr/test"
approval_whitelist_teams:
- "Owners"
@@ -0,0 +1,18 @@
description: "Terraform configuration for managing Prowlarr indexer automation"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
merge_whitelist_users:
- "benvin"
- "unkinben"
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/plan"
approval_whitelist_users:
- "unkinben"
approval_whitelist_teams:
- "Owners"
@@ -0,0 +1,18 @@
description: "Terraform configuration for managing Radarr movie automation"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
merge_whitelist_users:
- "benvin"
- "unkinben"
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/plan"
approval_whitelist_users:
- "unkinben"
approval_whitelist_teams:
- "Owners"
@@ -0,0 +1,18 @@
description: "Terraform configuration for managing Sonarr TV automation"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
merge_whitelist_users:
- "benvin"
- "unkinben"
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/plan"
approval_whitelist_users:
- "unkinben"
approval_whitelist_teams:
- "Owners"
@@ -0,0 +1,8 @@
description: "Spiritual successor to shorewall — nftables firewall manager using google/nftables"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
default_merge_style: "squash"
branch_protection:
- rule_name: "main"
enable_push: false
@@ -0,0 +1,19 @@
description: "HashiCorp Vault / OpenBao dynamic secrets engine for LiteLLM virtual keys"
private: false
default_branch: "main"
default_delete_branch_after_merge: true
# Squash-only: the gitea provider has no "default merge style", so we restrict
# the allowed styles to squash to force it.
allow_merge_commits: false
allow_rebase: false
allow_rebase_explicit: false
allow_squash_merge: true
branch_protection:
- rule_name: "main"
enable_push: false
status_check_contexts:
- "ci/woodpecker/pr/pre-commit"
- "ci/woodpecker/pr/build"
- "ci/woodpecker/pr/test"
approval_whitelist_teams:
- "Owners"