WireGuard for private service access (kobodl behind VPN).
kobodl downloads and de-DRMs Kobo store purchases.
calibre-web serves the library at books.monotrope.au.
sync.sh script handles ongoing download + import workflow.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add Hermes (Nous Research LLM agent) with Telegram gateway,
Ansible provisioning, and Makefile targets
- Self-host JetBrains Mono and Spectral fonts (remove Google Fonts)
- Add "An Experiment in Self-Hosting" blog post
- Update CLAUDE.md with high-level server overview
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Pin Miniflux to 2.2.19, Gitea to 1.25 (from :latest)
- Add security headers (X-Content-Type-Options, X-Frame-Options,
Referrer-Policy, Permissions-Policy) to all Caddy sites
- Add Docker JSON log rotation (10m x 3 files) to all containers
- Add SHA256 checksum verification for GoatCounter binary download
- Install and configure unattended-upgrades for security patches
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Docker Compose stack (Gitea + Postgres) on port 3000, SSH on 2222,
reverse-proxied via Caddy at git.monotrope.au.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add self-hosted GoatCounter via systemd binary service (stats.monotrope.au)
- Add Miniflux RSS reader via Docker Compose (reader.monotrope.au)
- Extend Ansible playbook with goatcounter and miniflux tags; all provisioning is idempotent
- Add Caddy reverse proxy blocks for both new services
- Inject GoatCounter script in baseof.html (production builds only)
- Add goatcounter and miniflux Makefile targets
- Rewrite CLAUDE.md to reflect actual project state
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
