From 01ebff3596f29c788481638b9f0f87d4297abbc0 Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Mon, 5 Jan 2026 10:49:38 +0000
Subject: [PATCH] Migrate to alo organization
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Update all registry paths from ppetru/* to alo/* and workflow
references from ppetru/alo-cluster to alo/alo-cluster.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .gitea/workflows/deploy-nomad.yaml |  6 +++---
 docs/CICD_SETUP.md                 | 12 ++++++------
 docs/TODO                          |  2 +-
 nix-runner/README.md               |  6 +++---
 nix-runner/flake.nix               |  2 +-
 services/act-runner.hcl            |  2 +-
 services/animaltrack.hcl           |  2 +-
 services/beancount.hcl             |  2 +-
 services/farmos.hcl                |  2 +-
 services/igsync.hcl                |  2 +-
 services/weewx.hcl                 |  4 ++--
 services/wordpress.hcl             |  2 +-
 12 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.gitea/workflows/deploy-nomad.yaml b/.gitea/workflows/deploy-nomad.yaml
index f50199c..7a1af3e 100644
--- a/.gitea/workflows/deploy-nomad.yaml
+++ b/.gitea/workflows/deploy-nomad.yaml
@@ -1,5 +1,5 @@
 # ABOUTME: Reusable workflow for building Nix Docker images and deploying to Nomad.
-# ABOUTME: Called by service repos with: uses: ppetru/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
+# ABOUTME: Called by service repos with: uses: alo/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
 
 name: Deploy to Nomad
 
@@ -41,12 +41,12 @@ jobs:
 
       - name: Push to registry
         run: |
-          echo "Pushing to ${{ inputs.registry }}/ppetru/${{ inputs.service_name }}:latest..."
+          echo "Pushing to ${{ inputs.registry }}/alo/${{ inputs.service_name }}:latest..."
           skopeo copy \
             --dest-creds "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" \
             --insecure-policy \
             docker-archive:result \
-            "docker://${{ inputs.registry }}/ppetru/${{ inputs.service_name }}:latest"
+            "docker://${{ inputs.registry }}/alo/${{ inputs.service_name }}:latest"
 
       - name: Deploy to Nomad
         env:
diff --git a/docs/CICD_SETUP.md b/docs/CICD_SETUP.md
index 076f2e3..d03af4b 100644
--- a/docs/CICD_SETUP.md
+++ b/docs/CICD_SETUP.md
@@ -13,7 +13,7 @@ Your service needs a `flake.nix` that exports a Docker image:
   outputs = { self, nixpkgs, ... }: {
     # The workflow looks for this output by default
     dockerImage = pkgs.dockerTools.buildImage {
-      name = "gitea.v.paler.net/ppetru/<service>";
+      name = "gitea.v.paler.net/alo/<service>";
       tag = "latest";
       # ... image config
     };
@@ -78,7 +78,7 @@ on:
 
 jobs:
   deploy:
-    uses: ppetru/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
+    uses: alo/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
     with:
       service_name: <your-service>  # Must match Nomad job ID
     secrets: inherit
@@ -90,7 +90,7 @@ In Gitea → Your Repo → Settings → Actions → Secrets, add:
 
 | Secret | Value |
 |--------|-------|
-| `REGISTRY_USERNAME` | `ppetru` |
+| `REGISTRY_USERNAME` | Your Gitea username |
 | `REGISTRY_PASSWORD` | Gitea access token with `packages:write` |
 | `NOMAD_ADDR` | `http://nomad.service.consul:4646` |
 
@@ -117,7 +117,7 @@ Example with custom flake output:
 ```yaml
 jobs:
   deploy:
-    uses: ppetru/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
+    uses: alo/alo-cluster/.gitea/workflows/deploy-nomad.yaml@master
     with:
       service_name: myservice
       flake_output: packages.x86_64-linux.docker
@@ -131,7 +131,7 @@ Push to master
      ↓
 Build: nix build .#dockerImage
      ↓
-Push: skopeo → gitea.v.paler.net/ppetru/<service>:latest
+Push: skopeo → gitea.v.paler.net/alo/<service>:latest
      ↓
 Deploy: Update job meta.uuid → Nomad creates deployment
      ↓
@@ -192,7 +192,7 @@ cd <service-repo>
 nix build .#dockerImage
 skopeo copy --dest-authfile ~/.docker/config.json \
   docker-archive:result \
-  docker://gitea.v.paler.net/ppetru/<service>:latest
+  docker://gitea.v.paler.net/alo/<service>:latest
 nomad run /path/to/alo-cluster/services/<service>.hcl
 ```
 
diff --git a/docs/TODO b/docs/TODO
index 02c74ca..dcf2a75 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -4,4 +4,4 @@
 * renovate system of some kind
 * vector (or other log ingestion) everywhere, consider moving it off docker if possible
 * monitor backup-persist success/fail
-
+* gitea organization is public -> at least from the internal network, anyone can pull images and probably also clone repos. there should be absolutely zero secrets in the repos (and the ones that are now should be changed before stored somewhere else) and the nomad workers should authenticate to pull images
diff --git a/nix-runner/README.md b/nix-runner/README.md
index d029aec..9710c0e 100644
--- a/nix-runner/README.md
+++ b/nix-runner/README.md
@@ -29,7 +29,7 @@ The `nix` label is configured in `services/act-runner.hcl`.
 ## Current Version
 
 **Tag**: `v4`
-**Image**: `gitea.v.paler.net/ppetru/nix-runner:v4`
+**Image**: `gitea.v.paler.net/alo/nix-runner:v4`
 
 ## Updating the Runner
 
@@ -53,7 +53,7 @@ nix build
 ```bash
 skopeo copy --dest-authfile ~/.docker/config.json \
   docker-archive:result \
-  docker://gitea.v.paler.net/ppetru/nix-runner:v5
+  docker://gitea.v.paler.net/alo/nix-runner:v5
 ```
 
 ### 4. Update act-runner
@@ -61,7 +61,7 @@ skopeo copy --dest-authfile ~/.docker/config.json \
 Edit `services/act-runner.hcl`:
 
 ```hcl
-GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/ppetru/nix-runner:v5"
+GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/alo/nix-runner:v5"
 ```
 
 ### 5. Re-register Runner
diff --git a/nix-runner/flake.nix b/nix-runner/flake.nix
index 3e48255..e671a4b 100644
--- a/nix-runner/flake.nix
+++ b/nix-runner/flake.nix
@@ -14,7 +14,7 @@
         pkgs = import nixpkgs { inherit system; };
       in {
         packages.default = pkgs.dockerTools.buildImage {
-          name = "gitea.v.paler.net/ppetru/nix-runner";
+          name = "gitea.v.paler.net/alo/nix-runner";
           tag = "v4";
 
           copyToRoot = pkgs.buildEnv {
diff --git a/services/act-runner.hcl b/services/act-runner.hcl
index 00a5276..2a2ae6c 100644
--- a/services/act-runner.hcl
+++ b/services/act-runner.hcl
@@ -53,7 +53,7 @@ EOH
 
       env {
         GITEA_INSTANCE_URL = "https://gitea.v.paler.net"
-        GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/ppetru/nix-runner:v4"
+        GITEA_RUNNER_LABELS = "ubuntu-latest:docker://node:20-bookworm,nix:docker://gitea.v.paler.net/alo/nix-runner:v4"
       }
 
       # Template needed for nomadVar interpolation (secrets) and Nomad runtime vars
diff --git a/services/animaltrack.hcl b/services/animaltrack.hcl
index f303c10..df3e9b4 100644
--- a/services/animaltrack.hcl
+++ b/services/animaltrack.hcl
@@ -34,7 +34,7 @@ job "animaltrack" {
       user   = "1000"
 
       config {
-        image      = "gitea.v.paler.net/ppetru/animaltrack:latest"
+        image      = "gitea.v.paler.net/alo/animaltrack:latest"
         ports      = ["http"]
         force_pull = true
         volumes    = ["/data/services/animaltrack:/var/lib/animaltrack"]
diff --git a/services/beancount.hcl b/services/beancount.hcl
index 3015e81..471684c 100644
--- a/services/beancount.hcl
+++ b/services/beancount.hcl
@@ -19,7 +19,7 @@ job "beancount" {
       user = "1000"
 
       config {
-        image = "gitea.v.paler.net/ppetru/fava:latest"
+        image = "gitea.v.paler.net/alo/fava:latest"
         ports = ["http"]
         volumes = [
           "/data/services/beancount:/beancount",
diff --git a/services/farmos.hcl b/services/farmos.hcl
index daebc1a..bf8e8b4 100644
--- a/services/farmos.hcl
+++ b/services/farmos.hcl
@@ -16,7 +16,7 @@ job "farmos" {
       driver = "docker"
 
       config {
-        image = "gitea.v.paler.net/ppetru/farmos:latest"
+        image = "gitea.v.paler.net/alo/farmos:latest"
         ports = ["http"]
         volumes = [
           "/data/services/farmos/sites:/opt/drupal/web/sites",
diff --git a/services/igsync.hcl b/services/igsync.hcl
index d471cbf..4ac9c3e 100644
--- a/services/igsync.hcl
+++ b/services/igsync.hcl
@@ -13,7 +13,7 @@ job "igsync" {
       driver = "docker"
 
       config {
-        image = "gitea.v.paler.net/ppetru/igsync:latest"
+        image = "gitea.v.paler.net/alo/igsync:latest"
 
         # Mount the data directory for .env, database, and media files
         volumes = [
diff --git a/services/weewx.hcl b/services/weewx.hcl
index 79a90e1..2c95169 100644
--- a/services/weewx.hcl
+++ b/services/weewx.hcl
@@ -19,7 +19,7 @@ job "weewx" {
       driver = "docker"
 
       config {
-        image = "gitea.v.paler.net/ppetru/weewx:latest"
+        image = "gitea.v.paler.net/alo/weewx:latest"
         # to be able to receive UDP broadcast packets from the weatherlink
         network_mode = "host"
         volumes = [
@@ -54,7 +54,7 @@ job "weewx" {
       driver = "docker"
 
       config {
-        image = "gitea.v.paler.net/ppetru/opensprinkler-weather:latest"
+        image = "gitea.v.paler.net/alo/opensprinkler-weather:latest"
 
         ports = [ "osweather" ]
       }
diff --git a/services/wordpress.hcl b/services/wordpress.hcl
index 80fbd18..b8f6d7e 100644
--- a/services/wordpress.hcl
+++ b/services/wordpress.hcl
@@ -17,7 +17,7 @@ job "wordpress" {
       user = "237"
 
       config {
-        image = "gitea.v.paler.net/ppetru/wordpress"
+        image = "gitea.v.paler.net/alo/wordpress"
         ports = ["http"]
         volumes = [
           "/data/services/wordpress:/var/www/html",