- Add migration 030 with sites table, RLS policy, and device site_id FK
- Add Site SQLAlchemy model with tenant isolation
- Add site_id nullable FK and relationship to Device model
- Add sites relationship to Tenant model
- Register Site in models __init__.py
- Add SiteCreate, SiteUpdate, SiteResponse, SiteListResponse schemas
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Swap 9 old screenshots for 8 new ones showing fleet dashboard, traffic,
firmware management, config templates, device detail, interface
utilization, device health, and traffic analytics. Update carousel
markup with Deep Space card styling.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace CSS variables, hardcoded colors, font families, syntax token
colors, and banner styling. Swap Google Fonts for self-hosted Manrope
and IBM Plex Mono woff2 files. Update theme-color meta tags and remove
testing-banner--light variant across all 19 HTML files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add device_id to the audit log API response and frontend type, then
use DeviceLink to make device hostnames navigable in AuditLogTable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
12 hours of mock device polling produced rich metrics data.
Dashboards show real bandwidth, device counts, and events.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
These are local-only planning docs, already in .gitignore.
Files were committed before the gitignore entry was added.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New SEO page targeting "open source mikrotik management" keyword.
Added to sitemap with 0.8 priority. Cross-linked from existing
centralized management page.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fourth blog post covering a NATS JetStream memory issue found
during 100-device simulation testing.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Without a byte limit, the stream grows unbounded within its 24h
max_age window. At 101 devices polling every 60s, it hits 128MB
in ~10 hours and OOMs the NATS container.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mock RouterOS server and screenshot automation live here
but should not be in the public repo.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace all screenshots with Deep Space dark theme captures.
New tenants: Lebowski Lanes, MXC Studios, Irken Empire.
Login screenshot now shows Secret Key fields.
Remove old Stranger's Ranch screenshot.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Third blog post covering current capabilities, limitations, and
design philosophy. Factual inventory of what works, what's rough,
and what's missing entirely.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add Kubernetes/Helm deployment section to DEPLOYMENT.md, telemetry
environment variables to CONFIGURATION.md, telemetry privacy details
to SECURITY.md, telemetry bullet to README quick start, and fix Go
version from 1.24 to 1.25 in docs/README.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Secret resource now named with -secrets suffix to match all template refs
- Add CREDENTIAL_ENCRYPTION_KEY to migration init container (VPN migration needs it)
- Fix postgres secretKeyRef to use -secrets suffix
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Local override values with pullPolicy: Never, dev environment,
disabled ingress/wireguard, and placeholder secrets. File is gitignored
since it contains dev credentials; exists only on local machines.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Post-install notes cover OpenBao initialization/unseal workflow,
ingress or port-forward access, admin credentials, and health check.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Routes /api, /docs, /metrics to API service and / to frontend,
with optional TLS and annotation support.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Privileged deployment with NET_ADMIN, sysctl ip_forward, tun device
mount, and UDP LoadBalancer service on port 51820.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Go poller with NET_ADMIN capability, configmap envFrom, and secret
refs for DATABASE_URL (poller_user), OPENBAO_TOKEN, and encryption key.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Simple nginx-based deployment serving the React SPA on port 80,
no runtime env or volumes required.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Includes two init containers (VPN route setup, Alembic migrations),
secret refs for JWT/encryption/OpenBao/SMTP, and PVC mounts for
git-store, firmware-cache, and wireguard config.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
File-backed storage, IPC_LOCK capability for mlock, startup/liveness/
readiness probes. Config mounted via subPath from ConfigMap.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Runs nats-server with --jetstream and monitoring on port 8222.
Headless service for StatefulSet DNS, ClusterIP service for app connections.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ephemeral cache with no PVC. Includes redis-cli ping probes for
liveness and readiness.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Includes ConfigMap for init.sql (TimescaleDB extension, app_user and
poller_user role creation), StatefulSet with liveness/readiness probes,
and headless Service for stable DNS.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three PVCs with configurable size and storageClass. Wireguard PVC is
conditional on wireguard.enabled.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Single Secret with all sensitive values (JWT, encryption keys, DB
passwords, SMTP credentials, poller DB URL). Single ConfigMap with
all non-sensitive config including URL helpers and optional value guards.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
