- cilium (crds have to go first in bootstrap)
- prometheus
- coredns
- kubelet-csr-approver
- spegel
- cert-manager (nginx must wait)
- external-dns
- cloudflared
- nginx-internal
- nginx-external
- snapshot-controller
- volsync
- reloader
- descheduler
- node-feature-discovery
- k8tz
- openebs
- grafana
- rook-ceph + rook-ceph-cluster
- loki
- external-secrets
- postgres
- postgres-ui
- keycloak
- gatus
[ ] Nix build machines (distributed)! [ ] how to keep ssh agent alive?! [ ] longer timeouts for screen lock [ ] decky-loader plugins [ ] window management in hyprland [ ] full hyprland config [ ] integrate nvd [ ] fix auto-zellij [ ] guarantee spicetify works [ ] YubiKey login/lock [ ] doom as application [ ] merge changes into canivete [ ] create open PRs on jovian, nixpkgs, home-manager, steam-rom-manager, nostatoo, etc. [ ] VNC [ ] VPN [ ] separate nostatoo install from final executable [ ] allow package installation after initial game launch in steam [ ] DECIDE nostatoo vs steam-rom-manager for manual programs [ ] steam controller VDF configuration [ ] Steam Deck memory card! [ ] Steam Deck dock memory! [ ] Steam Deck remote play games on desktop (how to work with autosleep/wake?) [ ] mobile-nixos on S21 FE [ ] asahi-nixos on one of the old Macs [ ] make a nix store binary bucket on backblazes [ ] add images for manual programs [ ] fix monitor resolution on axolotl [ ] allow ME to rebuild without sudo
[ ] Why doesn't cilium agent run on axolotl? [ ] persistence [ ] annotations [ ] resources [ ] securityContext [ ] separate default.yaml and kubernetes.yaml SOPS (track static vs dynamic) [ ] bootstrap images on k3s agents for traefik and forgejo [ ] VLANs [ ] instructions for setting up new nodes [ ] Create a repair command for nix after macOS update per this working solution [ ] rke2 [ ] network bonding [ ] Pushover/notification system [ ] add tristanschrader.com redirect and email obfuscation deactivation to opentofu [ ] add keycloak client creation to opentofu [ ] add firefly multi-user configuration to terraform [ ] remove extra fields from external-secrets [ ] fix rook-ceph OSDs to be correctly distributed [ ] fix bluetooth delay for Between Micro and Steam Deck + axolotl (https://nixos.wiki/wiki/Bluetooth)
[ ] Why does nix.mkIf create infinite recursion? [ ] Why does moduleWithSystem lib.mkIf create infinite recursion? [ ] Why does mkDomainOption give "deprecationMessage missing"
Apply these annotations to services that need the oauth2-proxy
annotations."nginx.ingress.kubernetes.io/auth-url" = "https://oauth2-proxy.${domain}/oauth2/auth?allowed_groups=/family";
annotations."nginx.ingress.kubernetes.io/auth-signin" = "https://oauth2-proxy.${domain}/oauth2/start?rd=$scheme://$host$request_uri";