add goprecords.f3s.buetow.org

3 files changed, 35 insertions, 26 deletions

diff --git a/frontends/Rexfile b/frontends/Rexfile
index 1cf1979..f44a33c 100644
--- a/frontends/Rexfile
+++ b/frontends/Rexfile
@@ -85,7 +85,7 @@ our $secrets = sub { read_file './secrets/' . shift };
 
 # k3s cluster running on FreeBSD in my LAN
 our @f3s_hosts =
-  qw/f3s.buetow.org pihole.f3s.buetow.org jellyfin.f3s.buetow.org navidrome.f3s.buetow.org git.f3s.buetow.org cgit.f3s.buetow.org immich.f3s.buetow.org argocd.f3s.buetow.org keybr.f3s.buetow.org anki.f3s.buetow.org bag.f3s.buetow.org flux.f3s.buetow.org audiobookshelf.f3s.buetow.org garage.f3s.buetow.org grafana.f3s.buetow.org radicale.f3s.buetow.org syncthing.f3s.buetow.org koreader.f3s.buetow.org filebrowser.f3s.buetow.org webdav.f3s.buetow.org pkgrepo.f3s.buetow.org ipv6test.f3s.buetow.org ipv4.ipv6test.f3s.buetow.org ipv6.ipv6test.f3s.buetow.org/;
+  qw/f3s.buetow.org pihole.f3s.buetow.org jellyfin.f3s.buetow.org navidrome.f3s.buetow.org git.f3s.buetow.org cgit.f3s.buetow.org immich.f3s.buetow.org argocd.f3s.buetow.org keybr.f3s.buetow.org anki.f3s.buetow.org bag.f3s.buetow.org flux.f3s.buetow.org audiobookshelf.f3s.buetow.org garage.f3s.buetow.org grafana.f3s.buetow.org radicale.f3s.buetow.org syncthing.f3s.buetow.org koreader.f3s.buetow.org filebrowser.f3s.buetow.org webdav.f3s.buetow.org pkgrepo.f3s.buetow.org goprecords.f3s.buetow.org ipv6test.f3s.buetow.org ipv4.ipv6test.f3s.buetow.org ipv6.ipv6test.f3s.buetow.org/;
 
 # optionally, only enable manually for temp time, as no password protection yet
 # push @f3s_hosts, 'registry.f3s.buetow.org';
@@ -155,9 +155,9 @@ task 'hosts_wg',
   sub {
     my @lines = split /\n/, read_file('./etc/hosts.wg.append');
     for my $line (@lines) {
-      next if $line =~ /^\s*#/;
-      next if $line =~ /^\s*$/;
-      append_if_no_such_line '/etc/hosts', $line;
+        next if $line =~ /^\s*#/;
+        next if $line =~ /^\s*$/;
+        append_if_no_such_line '/etc/hosts', $line;
     }
   };
 
@@ -485,16 +485,17 @@ task 'dtail_install',
     # Remove any previously manually deployed binaries not managed by pkg
     my $pkg_check = run 'pkg_info dtail 2>/dev/null';
     if ( $? != 0 ) {
-      for my $bin (qw(dserver dcat dgrep dmap dtail dtailhealth)) {
-        if ( is_file("/usr/local/bin/$bin") ) {
-          Rex::Logger::info("Removing manually installed $bin binary...");
-          run "rm -f /usr/local/bin/$bin";
+        for my $bin (qw(dserver dcat dgrep dmap dtail dtailhealth)) {
+            if ( is_file("/usr/local/bin/$bin") ) {
+                Rex::Logger::info("Removing manually installed $bin binary...");
+                run "rm -f /usr/local/bin/$bin";
+            }
         }
-      }
     }
 
     # Install or update from custom repo (packages signed with signify)
-    say run 'PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add -u dtail || PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add dtail';
+    say run
+'PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add -u dtail || PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add dtail';
   };
 
 # Set up the dserver service user, daily key cache cron, and start dserver.
@@ -515,6 +516,7 @@ task 'dtail',
   };
 
 desc 'Installing Gogios binary';
+
 # Configure the custom package repository on OpenBSD frontends.
 # Adds PKG_PATH to root's .profile so custom packages are available
 # alongside the official OpenBSD repo. Packages are signed with signify;
@@ -523,7 +525,7 @@ desc 'Setup custom package repo on OpenBSD frontends';
 task 'pkgrepo_setup',
   group => 'frontends',
   sub {
-    my $custom_repo = 'https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/';
+    my $custom_repo  = 'https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/';
     my $profile_line = "export PKG_PATH=\"${custom_repo}\"";
 
     append_if_no_such_line '/root/.profile', $profile_line;
@@ -538,21 +540,23 @@ task 'gogios_install',
     chomp $os;
 
     if ( $os eq 'OpenBSD' ) {
-      # Remove any previously manually deployed binary not managed by pkg
-      my $pkg_check = run 'pkg_info gogios 2>/dev/null';
-      if ( $? != 0 && is_file('/usr/local/bin/gogios') ) {
-        Rex::Logger::info('Removing manually installed gogios binary...');
-        run 'rm -f /usr/local/bin/gogios';
-      }
-
-      # Install or update from custom repo (packages signed with signify)
-      say run 'PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add -u gogios || PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add gogios';
+
+        # Remove any previously manually deployed binary not managed by pkg
+        my $pkg_check = run 'pkg_info gogios 2>/dev/null';
+        if ( $? != 0 && is_file('/usr/local/bin/gogios') ) {
+            Rex::Logger::info('Removing manually installed gogios binary...');
+            run 'rm -f /usr/local/bin/gogios';
+        }
+
+        # Install or update from custom repo (packages signed with signify)
+        say run
+'PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add -u gogios || PKG_PATH="https://pkgrepo.f3s.buetow.org/openbsd/7.8/packages/amd64/" pkg_add gogios';
     }
     elsif ( $os eq 'FreeBSD' ) {
-      say run 'pkg update -r custom && pkg install -y gogios';
+        say run 'pkg update -r custom && pkg install -y gogios';
     }
     else {
-      Rex::Logger::info("Unsupported OS: $os", 'error');
+        Rex::Logger::info( "Unsupported OS: $os", 'error' );
     }
 
     say run 'gogios -version';
diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl
index 29f5875..f850dd2 100644
--- a/frontends/etc/relayd.conf.tpl
+++ b/frontends/etc/relayd.conf.tpl
@@ -124,9 +124,11 @@ relay "https4" {
     session timeout 300
     # Primary: f3s cluster (with health checks) - Falls back to localhost when all hosts down
     forward to <f3s> port 80 check tcp
-    # Static landing page is routed through a local relay so it can fall back to localhost
-    forward to <f3s_static_proxy> port 18080 check tcp
     forward to <localhost> port 8080 check http "/" code 200
+    # Static landing page is routed through a local relay so it can fall back to localhost.
+    # Listed after localhost so it does NOT become a general fallback for k3s failures;
+    # only reached via explicit "match ... forward to <f3s_static_proxy>" rules.
+    forward to <f3s_static_proxy> port 18080 check tcp
     # Registry uses separate port and table
     forward to <f3s_registry> port 30001 check tcp
     # Jellyfin uses NodePorts (bypasses Traefik)
@@ -141,9 +143,11 @@ relay "https6" {
     session timeout 300
     # Primary: f3s cluster (with health checks) - Falls back to localhost when all hosts down
     forward to <f3s> port 80 check tcp
-    # Static landing page is routed through a local relay so it can fall back to localhost
-    forward to <f3s_static_proxy> port 18080 check tcp
     forward to <localhost> port 8080 check http "/" code 200
+    # Static landing page is routed through a local relay so it can fall back to localhost.
+    # Listed after localhost so it does NOT become a general fallback for k3s failures;
+    # only reached via explicit "match ... forward to <f3s_static_proxy>" rules.
+    forward to <f3s_static_proxy> port 18080 check tcp
     # Registry uses separate port and table
     forward to <f3s_registry> port 30001 check tcp
     # Jellyfin uses NodePorts (bypasses Traefik)
diff --git a/frontends/scripts/fooodds.txt b/frontends/scripts/fooodds.txt
index 0e08bdd..ce77b4d 100644
--- a/frontends/scripts/fooodds.txt
+++ b/frontends/scripts/fooodds.txt
@@ -185,6 +185,7 @@ robots.txt
 /sites
 .sql
 /ueditor
+/target.html
 /vendor
 @vite
 wordpress