richardnixon.dev

History

Richard Nixon 456e3e5614 Some checks failed trivy / config-scan (push) Failing after 22s Details trivy / image-scan (push) Failing after 21s Details ci: add Renovate (autodiscover) and Trivy CVE scan workflows - renovate.json: gitea platform, weekly schedule on Monday, pins ranges, manages docker-compose images + dockerfile + github-actions. Critical-infra packages get extra labels for review. - .forgejo/workflows/renovate.yml: runs Mondays 04:00 UTC, autodiscover Richard/* so the same workflow covers both this repo and the Hugo companion. Requires RENOVATE_TOKEN secret (instructions in README). - .forgejo/workflows/trivy.yml: daily 05:00 UTC + on-push. Scans both IaC configs in infrastructure/ and every image referenced in docker-compose.yml for HIGH/CRITICAL CVEs (fixable only). - Pin Traefik (3.6.7) and traefik-crowdsec-bouncer (0.5.0) so Renovate has a baseline to bump.		2026-05-27 17:57:36 +02:00
..
blog-static	infra: cutover to Hugo blog + Forgejo Actions runner	2026-05-27 17:25:02 +02:00
crowdsec	feat: add CrowdSec security/IPS with Traefik bouncer	2026-01-25 20:08:11 +01:00
forgejo-runner	infra: cutover to Hugo blog + Forgejo Actions runner	2026-05-27 17:25:02 +02:00
grafana/provisioning	feat: add Valheim metrics exporter and fix HTTPS routing	2026-01-25 22:34:06 +01:00
loki	feat: add infrastructure configuration	2026-01-25 18:58:00 +01:00
prometheus	Add Forgejo git forge at git.richardnixon.dev	2026-05-18 10:13:30 +02:00
promtail	feat: add infrastructure configuration	2026-01-25 18:58:00 +01:00
traefik	chore: remove legacy Django app and runtime	2026-05-27 17:41:28 +02:00
valheim-status	feat: add WordPress security hardening and Umami analytics	2026-01-26 00:01:51 +01:00
wp-plugins/custom-security	refactor: move wp-content to absolute path and add Umami config	2026-01-26 00:07:58 +01:00
.env.example	Add Forgejo git forge at git.richardnixon.dev	2026-05-18 10:13:30 +02:00
docker-compose.yml	ci: add Renovate (autodiscover) and Trivy CVE scan workflows	2026-05-27 17:57:36 +02:00