vault: session notes 2026-07-13

This commit is contained in:
Jared Swanson 2026-07-13 16:14:28 -04:00
parent c8488c5ce5
commit ae3903a252
2 changed files with 21 additions and 1 deletions

View File

@ -1709,3 +1709,13 @@ tags: [scope/global, type/log]
**Reason:** prompt_input_exit
**Vault notes touched:**
/home/jared/Documents/SecondBrain/apprise-api.md
## Session — 2026-07-13T20:14:28Z
**Project:** /home/jared/dev/cc-os
**Reason:** prompt_input_exit
**Vault notes touched:**
/home/jared/Documents/SecondBrain/reference/apprise-api-selfhosted-gotchas.md
/home/jared/Documents/SecondBrain/reference/apprise-api-selfhosted-gotchas.md
/home/jared/Documents/SecondBrain/reference/apprise-api-selfhosted-gotchas.md
/home/jared/Documents/SecondBrain/reference/apprise-api-selfhosted-gotchas.md

View File

@ -13,6 +13,16 @@ last_updated: 2026-07-13
Learned deploying `caronc/apprise` (apprise-api) via docker compose on ovh-vps (cc-os ADR-024, 2026-07-10).
## Image name
- The Docker Hub image is **`docker.io/caronc/apprise`** — `caronc/apprise-api` does **not** exist (404 on the Hub API), despite the project being named apprise-api on GitHub.
## Container-localhost delivery-test trap
- Inside the container, notification target URLs like `json://localhost:1` resolve to the **container's own** network namespace, not the host — stateless delivery to them always fails with HTTP 424 ("One or more notifications could not be sent").
- Integration tests against a throwaway container therefore need either an externally reachable target (opt-in via env var) or an error-round-trip assertion (expect the 424 to surface); config `add` calls are safe with unreachable URLs since they store without delivering.
- On Fedora with SELinux, `docker run` hits EACCES on this setup — use rootless **podman**.
## Config-dir ownership trap
- `docker exec apprise id` reports **root**, but the gunicorn workers actually run as **uid 1000** — the container chowns the mounted `/config` volume to `1000:1000` on first start.
@ -30,4 +40,4 @@ Learned deploying `caronc/apprise` (apprise-api) via docker compose on ovh-vps (
apprise-api has **no authentication** — don't expose it publicly bare. Pattern used: bind the container port to the tailscale IP + localhost only (`100.100.43.95:8901:8000`, `127.0.0.1:8901:8000`), so every tailnet machine can notify with no public exposure, no DNS, no reverse proxy. Server env (base URL + key) lives in `~/services/apprise/apprise.env` (600) on ovh-vps.
Related: [[vault-backlog-pilot-plan]] (ADR-024 context); Ruby client gem `apprise-client` at `~/dev/ruby-gems/apprise`.
Related: [[vault-backlog-pilot-plan]] (ADR-024 context); Ruby client gem `apprise-api` (module `Apprise`, ships `apprise-notify` CLI) at `~/dev/ruby-gems/apprise-api` — the earlier minimal `apprise-client` gem was retired and deleted 2026-07-13.