Updated: 2026-01-22 Cluster: cozystack (Finland/HEL1)
| Node | Role | Status | IP | Tailscale Hostname |
|---|---|---|---|---|
| cozy-ctrl-1 | Control Plane | ✅ Running | 77.42.88.245 | talos-16aa3 |
| cozy-ctrl-2 | Control Plane | ✅ Running | 77.42.79.46 | talos-909a8 |
| cozy-ctrl-3 | Control Plane | ✅ Running | 77.42.85.170 | talos-7003c |
| cozy-ax41 | Control + Worker | ✅ Running | 65.21.129.221 | cozy-ctrl-4 |
etcd: 4-node quorum healthy KubeSpan: Enabled (encrypted mesh) Services: Linstor, Network, Metrics all healthy
# Set these in your shell
export KUBECONFIG=~/code/cozy-stack/hetzner-cluster/kubeconfig
export TALOSCONFIG=~/code/cozy-stack/hetzner-cluster/talosconfigDashboard: https://dashboard.cozy.homi.zone (Keycloak OIDC) Keycloak: https://keycloak.cozy.homi.zone (admin console) Tailscale: https://cozy-dashboard-cozystack-dashboard-ingress.beagle-danio.ts.net
Keycloak Credentials:
- User: admin
- Password: IKijfV5UtevFEdp7
- 3-node control plane cluster deployed
- KubeSpan mesh networking enabled
- Tailscale integration configured
- Dashboard secured with Keycloak OIDC
- DNS configured (*.cozy.homi.zone)
- TLS certificates automated (Let's Encrypt)
- Fork created: 404prefrontalcortexnotfound/cozystack
- Local clone synced with fork
- Arr stack Helm chart created
- GitOps deployment plan created
- Future Terraform strategy documented
- Cluster access procedures documented
Issue: Docker push failed due to missing write:packages scope on GitHub token
Context: Modified Cozystack platform source to remove "Universal Login" feature. Changes compiled locally (cozystack-api binary exists), but cannot push custom image to GitHub Container Registry.
Resolution Path:
- Generate new GitHub token with
write:packagesscope - Authenticate Docker:
echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin - Build and push:
make imageor manualdocker build/push
Alternative: Skip platform modification, deploy Arr stack with standard Cozystack distribution.
Status: Chart created, awaiting push to fork
Next Steps (following GitOps plan):
- Commit and push arr-stack package
- Create tenant-media namespace
- Create shared media PVC (500GB)
- Register GitRepository + HelmRelease in cozy-public
- Deploy arr-stack to tenant-media namespace
- Configure DNS for sonarr/radarr/prowlarr.cozy.homi.zone
Files:
- Chart:
packages/apps/arr-stack/Chart.yaml - Values:
packages/apps/arr-stack/values.yaml - Plan:
gitops_plan.md
| File | Path |
|---|---|
| Kubeconfig | ~/code/cozy-stack/hetzner-cluster/kubeconfig |
| Talosconfig | ~/code/cozy-stack/hetzner-cluster/talosconfig |
| Node configs | ~/code/cozy-stack/hetzner-cluster/nodes/ |
| Arr stack chart | ~/code/cozy-stack/packages/apps/arr-stack/ |
| GitOps plan | ~/code/cozy-stack/gitops_plan.md |
| Terraform strategy | ~/code/cozy-stack/future_proofing.md |
# Check cluster health
kubectl get nodes
kubectl get helmrelease -A | grep -v True
# Check Cozystack services
kubectl get pods -n cozy-system
# View Keycloak admin password
kubectl get secret keycloak-credentials -n cozy-keycloak \
-o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d
# Check Tailscale ingresses
kubectl get ingress -A | grep tailscale-
Deploy Arr Stack (GitOps approach):
- Follow
gitops_plan.md - Commit arr-stack to fork
- Apply FluxCD manifests
- Verify deployment
- Follow
-
Skip Platform Patch (for now):
- Standard Cozystack works fine
- Custom dashboard modifications non-critical
- Revisit when needed
-
Future: Terraform Migration:
- Codify cluster configuration
- Enable reproducible deployments
- Follow
future_proofing.md
- Project docs:
~/code/cozy-stack/.planning/PROJECT.md - Cozystack docs: https://cozystack.io/docs/
- GitOps example: https://github.com/aenix-io/cozystack-gitops-example
- External apps guide: https://cozystack.io/docs/applications/external/