- Add AI scrapers robots.txt update script with weekly cron job
- Add OIDC group claim and admin group configuration for Authelia
- Add UI settings (SHOW_USER_EMAIL: false)
- Increase memory limit to 512M
- Change default relay port from 587 to 2525 (Postmark)
- Add Docker provider environment variables for API version compatibility
- Configure for Postmark server token authentication
- Add vault vars include with traefik tag for CF_DNS_API_TOKEN availability
- Add Docker provider socket and API version to home compose
- Add Forgejo router to file provider as fallback (Docker provider broken due to API version mismatch)
- Fixes 404 errors on git.jfraeys.com when Docker provider fails
- Systemd service and timer for deployment orchestration
- Webhook listener for Git-triggered deployments
- Forgejo Actions workflow for CI/CD pipeline
- Deployment scripts with rollback capability
- Deploy token validation for security
- Add Redis cache support to Forgejo for improved performance
- Add AI scrapers blocking with update script and robots.txt
- Update Forgejo runner tasks with improved caching support
- Add OIDC authentication configuration tasks
- Add firewall role for UFW/iptables management
- Add fail2ban role for intrusion prevention with Docker-aware jails
- Add postfix role for mail relay capabilities
- Add backups role for automated infrastructure backups
- systemd timer for scheduled backups
- Backup scripts for Docker volumes and configurations
- Persist runner registration state by setting container working_dir to /data\n- Add post-register assertion that /opt/forgejo-runner/data/.runner exists
- Add infra_controller role to provision a dedicated user\n- Install register/deregister forced-command authorized_keys entries\n- Read SSH public keys from vault/env and restrict access by source IP
- Add app_ssh_access role to install forced-command keys for infra-register-stdin and infra-deregister\n- Ensure required infra-controller runtime directories exist on services host\n- Add helper script to generate/register both Actions SSH secrets and update vault public keys
