- Rename SOPS key alias from generic admin_key to steffen_key in
.sops.yaml and all docs (keys should identify the person, not a role)
- Add step 3.6 to first-install docs: create Forgejo admin account
via CLI (required since DISABLE_REGISTRATION is enabled)
- Fix cryodev-pi_key comment naming in .sops.yaml
- Add .gitignore for nix build result symlinks
- Fix all headscale CLI commands: --user now requires numeric ID,
not username (changed in newer headscale versions)
- Add 'headscale users list' step to docs where preauth keys are created
- Extract forgejo-runner config from forgejo.nix into forgejo-runner.nix
- Move forgejo-runner to stage 2 (requires running Forgejo for token)
- Remove all stage-2 secrets from sops.nix (each service file owns its secrets)
- Update first-install docs with corrected staged deployment flow
- Fixes deployment failure caused by runner crashing with placeholder token
- Add apps: create (scaffold host from template), deploy (multi-host
deployment with -n filter), install (NixOS installation from live ISO)
- Register all apps in flake.nix (create, deploy, install, rebuild)
- Add deploy.json config (cryodev-main, SSH port 2299)
- Fix generic-server template: was using Pi hardware/boot config,
now correct x86_64 with systemd-boot, UEFI, ROOT/BOOT/SWAP labels
- Fix template networking.nix: use HOSTNAME placeholder instead of
hardcoded cryodev-pi (both templates)
- Fix headplane upstream pnpm-deps hash mismatch via overlay
- Fix all docs: replace root@ with user@, --ssh-option with
NIX_SSHOPTS, add deploy app references, update first-install guide
to use create app and document service deactivation steps
- Add automatic SD image builds for Raspberry Pi via Forgejo Actions
- Enable binfmt emulation on cryodev-main for aarch64 cross-builds
- Add sd-image.nix module to cryodev-pi configuration
- Create comprehensive docs/ structure with installation guides
- Split installation docs into: first-install (server), reinstall, new-client (Pi)
- Add lib/utils.nix and apps/rebuild from synix
- Fix headplane module for new upstream API (tale/headplane)
- Fix various module issues (mailserver stateVersion, option conflicts)
- Add placeholder secrets.yaml files for both hosts
- Remove old INSTRUCTIONS.md (content moved to docs/)
