Migrate to alo organization

Update all registry paths from ppetru/* to alo/* and workflow
references from ppetru/alo-cluster to alo/alo-cluster.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.gitea/workflows/deploy-nomad.yaml

@@ -1,5 +1,5 @@
 # ABOUTME: Reusable workflow for building Nix Docker images and deploying to Nomad.
-# ABOUTME: Called by service repos with: uses: ppetru/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
+# ABOUTME: Called by service repos with: uses: alo/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
 
 name: Deploy to Nomad
 
@@ -41,12 +41,12 @@ jobs:
 
       - name: Push to registry
         run: |
-          echo "Pushing to ${{ inputs.registry }}/ppetru/${{ inputs.service_name }}:latest..."
+          echo "Pushing to ${{ inputs.registry }}/alo/${{ inputs.service_name }}:latest..."
           skopeo copy \
             --dest-creds "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" \
             --insecure-policy \
             docker-archive:result \
-            "docker://${{ inputs.registry }}/ppetru/${{ inputs.service_name }}:latest"
+            "docker://${{ inputs.registry }}/alo/${{ inputs.service_name }}:latest"
 
       - name: Deploy to Nomad
         env:

docs/CICD_SETUP.md

@@ -13,7 +13,7 @@ Your service needs a `flake.nix` that exports a Docker image:
   outputs = { self, nixpkgs, ... }: {
     # The workflow looks for this output by default
     dockerImage = pkgs.dockerTools.buildImage {
-      name = "gitea.v.paler.net/ppetru/<service>";
+      name = "gitea.v.paler.net/alo/<service>";
       tag = "latest";
       # ... image config
     };
@@ -78,7 +78,7 @@ on:
 
 jobs:
   deploy:
-    uses: ppetru/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
+    uses: alo/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
     with:
       service_name: <your-service>  # Must match Nomad job ID
     secrets: inherit
@@ -90,7 +90,7 @@ In Gitea → Your Repo → Settings → Actions → Secrets, add:
 
 | Secret | Value |
 |--------|-------|
-| `REGISTRY_USERNAME` | `ppetru` |
+| `REGISTRY_USERNAME` | Your Gitea username |
 | `REGISTRY_PASSWORD` | Gitea access token with `packages:write` |
 | `NOMAD_ADDR` | `http://nomad.service.consul:4646` |
 
@@ -117,7 +117,7 @@ Example with custom flake output:
 ```yaml
 jobs:
   deploy:
-    uses: ppetru/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
+    uses: alo/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
     with:
       service_name: myservice
       flake_output: packages.x86_64-linux.docker
@@ -131,7 +131,7 @@ Push to master
      ↓
 Build: nix build .#dockerImage
      ↓
-Push: skopeo → gitea.v.paler.net/ppetru/<service>:latest
+Push: skopeo → gitea.v.paler.net/alo/<service>:latest
      ↓
 Deploy: Update job meta.uuid → Nomad creates deployment
      ↓
@@ -192,7 +192,7 @@ cd <service-repo>
 nix build .#dockerImage
 skopeo copy --dest-authfile ~/.docker/config.json \
   docker-archive:result \
-  docker://gitea.v.paler.net/ppetru/<service>:latest
+  docker://gitea.v.paler.net/alo/<service>:latest
 nomad run /path/to/alo-cluster/services/<service>.hcl
 ```
 

docs/TODO

@@ -4,4 +4,4 @@
 * renovate system of some kind
 * vector (or other log ingestion) everywhere, consider moving it off docker if possible
 * monitor backup-persist success/fail
-
+* gitea organization is public -> at least from the internal network, anyone can pull images and probably also clone repos. there should be absolutely zero secrets in the repos (and the ones that are now should be changed before stored somewhere else) and the nomad workers should authenticate to pull images

nix-runner/README.md

@@ -29,7 +29,7 @@ The `nix` label is configured in `services/act-runner.hcl`.
 ## Current Version
 
 **Tag**: `v4`
-**Image**: `gitea.v.paler.net/ppetru/nix-runner:v4`
+**Image**: `gitea.v.paler.net/alo/nix-runner:v4`
 
 ## Updating the Runner
 
@@ -53,7 +53,7 @@ nix build
 ```bash
 skopeo copy --dest-authfile ~/.docker/config.json \
   docker-archive:result \
-  docker://gitea.v.paler.net/ppetru/nix-runner:v5
+  docker://gitea.v.paler.net/alo/nix-runner:v5
 ```
 
 ### 4. Update act-runner
@@ -61,7 +61,7 @@ skopeo copy --dest-authfile ~/.docker/config.json \
 Edit `services/act-runner.hcl`:
 
 ```hcl
-GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/ppetru/nix-runner:v5"
+GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/alo/nix-runner:v5"
 ```
 
 ### 5. Re-register Runner

nix-runner/flake.nix

@@ -14,7 +14,7 @@
         pkgs = import nixpkgs { inherit system; };
       in {
         packages.default = pkgs.dockerTools.buildImage {
-          name = "gitea.v.paler.net/ppetru/nix-runner";
+          name = "gitea.v.paler.net/alo/nix-runner";
           tag = "v4";
 
           copyToRoot = pkgs.buildEnv {

services/act-runner.hcl

@@ -53,7 +53,7 @@ EOH
 
       env {
         GITEA_INSTANCE_URL = "https://gitea.v.paler.net"
-        GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/ppetru/nix-runner:v4"
+        GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/alo/nix-runner:v4"
       }
 
       # Template needed for nomadVar interpolation (secrets) and Nomad runtime vars

services/animaltrack.hcl

@@ -34,7 +34,7 @@ job "animaltrack" {
       user   = "1000"
 
       config {
-        image      = "gitea.v.paler.net/ppetru/animaltrack:latest"
+        image      = "gitea.v.paler.net/alo/animaltrack:latest"
         ports      = ["http"]
         force_pull = true
         volumes    = ["/data/services/animaltrack:/var/lib/animaltrack"]

services/beancount.hcl

@@ -19,7 +19,7 @@ job "beancount" {
       user = "1000"
 
       config {
-        image = "gitea.v.paler.net/ppetru/fava:latest"
+        image = "gitea.v.paler.net/alo/fava:latest"
         ports = ["http"]
         volumes = [
           "/data/services/beancount:/beancount",

services/farmos.hcl

@@ -16,7 +16,7 @@ job "farmos" {
       driver = "docker"
 
       config {
-        image = "gitea.v.paler.net/ppetru/farmos:latest"
+        image = "gitea.v.paler.net/alo/farmos:latest"
         ports = ["http"]
         volumes = [
           "/data/services/farmos/sites:/opt/drupal/web/sites",

services/igsync.hcl

@@ -13,7 +13,7 @@ job "igsync" {
       driver = "docker"
 
       config {
-        image = "gitea.v.paler.net/ppetru/igsync:latest"
+        image = "gitea.v.paler.net/alo/igsync:latest"
 
         # Mount the data directory for .env, database, and media files
         volumes = [

services/weewx.hcl

@@ -19,7 +19,7 @@ job "weewx" {
       driver = "docker"
 
       config {
-        image = "gitea.v.paler.net/ppetru/weewx:latest"
+        image = "gitea.v.paler.net/alo/weewx:latest"
         # to be able to receive UDP broadcast packets from the weatherlink
         network_mode = "host"
         volumes = [
@@ -54,7 +54,7 @@ job "weewx" {
       driver = "docker"
 
       config {
-        image = "gitea.v.paler.net/ppetru/opensprinkler-weather:latest"
+        image = "gitea.v.paler.net/alo/opensprinkler-weather:latest"
 
         ports = [ "osweather" ]
       }

services/wordpress.hcl

@@ -17,7 +17,7 @@ job "wordpress" {
       user = "237"
 
       config {
-        image = "gitea.v.paler.net/ppetru/wordpress"
+        image = "gitea.v.paler.net/alo/wordpress"
         ports = ["http"]
         volumes = [
           "/data/services/wordpress:/var/www/html",