Set up Tailwind CSS v4 with full design token system from Stitch project
(obsidian surfaces, neon cyan/magenta/lime palette, Space Grotesk + Inter
typography, 0px border-radius). Landing page includes hero section, side
nav, module cards, system status panels, terminal log, and CRT overlay.
pnpm in workspace mode can't generate per-app lockfiles, and without a
lockfile the install is unreliable in CI. npm works fine for these
standalone app builds since they have no workspace dependencies.
Apps build in isolation from the monorepo, so the root pnpm-lock.yaml
doesn't match the app-level package.json. Use plain pnpm install
since each app's package.json is the source of truth.
- Migrate all ingress hostnames from *.homelab.local to *.coreworlds.io
- Remove broken Traefik certresolver config (cert-manager handles TLS)
- Add internal-only IP allowlist middleware for platform services
- Add IngressRoutes for ArgoCD, Grafana, Longhorn (LAN-only via middleware)
- Seal and add Cloudflare API token for cert-manager DNS-01 challenges
- Update cert-manager ClusterIssuers with real email
- Update k3s TLS SAN to k3s.coreworlds.io
- Rewrite Ubiquiti docs for single-node topology and split-horizon DNS
- Fix seal-secret.sh controller name to match Helm release
- Add UCG DNS setup script using API key auth
cert-manager and CloudNativePG operator installs must complete before
their custom resources (ClusterIssuer, CNPG Cluster) can be applied.
Split into separate kustomize dirs so the ApplicationSet creates
independent ArgoCD apps that can sync in order:
- platform-cert-manager → installs operator
- platform-cert-manager-config → creates ClusterIssuers (after CRDs exist)
- platform-cloudnativepg → installs operator
- platform-cloudnativepg-cluster → creates PG cluster (after CRDs exist)
- Remove vault.yaml and kubeconfig from tracking
- Add vault files and kubeconfig to .gitignore everywhere
- Clean up stray infra/ansible/infra/ directory
- Update repo URLs from HTTPS placeholder to git@github.com:lazorgurl/homelab.git
- Update container image refs from OWNER to lazorgurl
- Set KUBECONFIG env in Taskfile
- Fix kubeconfig-fetch.sh to auto-detect server IP from inventory
- Fix Ansible: callback plugin, br_netfilter ordering, ssh service name
