Deploys kube-prometheus-stack via helm-controller: Prometheus, Grafana (internal-only), node-exporter, kube-state-metrics. Adds prometheus-pve-exporter for Proxmox (token in an out-of-band Secret), scrape configs for external hosts (.48/.70/.71/.49), community dashboards (Node Exporter Full, Proxmox via Prometheus) and a custom Hardware Temperatures dashboard. Grafana liveness made tolerant for slow first-boot migrations.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Traefik terminates TLS and forwards HTTP, so PASSBOLT_SSL_FORCE=false (in-container redirect caused an infinite loop); Service/Ingress on port 80; add HTTP->HTTPS redirect middleware at Traefik instead. Set PASSBOLT_GPG_SERVER_KEY_FINGERPRINT to the migrated server key (1471F6B1...) so the GPG login handshake completes.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Move ingress from headlamp.local (plain HTTP) to headlamp.roysland.net with a Let's Encrypt cert (cert-manager) and a Traefik HTTP->HTTPS redirect. Fixes the browser HTTPS-upgrade breaking the API calls against the self-signed Traefik default cert.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
