Merge pull request 'recovering_an_archlinux_qemu_vm_in_proxmox' (#15) from recovering_an_archlinux_qemu_vm_in_proxmox into master

Reviewed-on: #15

.gitea/workflows/build_push.yml

@@ -1,5 +1,8 @@
 name: Build and Push Image
-on: [ push ]
+on:
+    push:
+        branches:
+            - master
 
 jobs:
     build:
@@ -15,7 +18,7 @@ jobs:
             - name: Create Kubeconfig
               run: |
                   mkdir $HOME/.kube
-        echo "${{ secrets.KUBEC_CONFIG_BUILDX }}" > $HOME/.kube/config        
+                  echo "${{ secrets.KUBEC_CONFIG_BUILDX_NEW }}" > $HOME/.kube/config
 
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@v3
@@ -40,3 +43,19 @@ jobs:
                   platforms: linux/amd64,linux/arm64
                   tags: |
                       git.aridgwayweb.com/armistace/blog:latest
+
+            - name: Deploy
+              run: |
+                  echo "Installing Kubectl"
+                  apt-get update
+                  apt-get install -y apt-transport-https ca-certificates curl gnupg
+                  curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+                  chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+                  echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+                  chmod 644 /etc/apt/sources.list.d/kubernetes.list
+                  apt-get update
+                  apt-get install kubectl
+                  kubectl delete namespace blog
+                  kubectl create namespace blog
+                  kubectl create secret docker-registry regcred --docker-server=${{ vars.DOCKER_SERVER }} --docker-username=${{ vars.DOCKER_USERNAME }} --docker-password='${{ secrets.DOCKER_PASSWORD }}' --docker-email=${{ vars.DOCKER_EMAIL }} --namespace=blog
+                  kubectl apply -f kube/blog_pod.yaml && kubectl apply -f kube/blog_deployment.yaml && kubectl apply -f kube/blog_service.yaml

kube/blog_deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: blog-deployment
+  labels:
+    app: blog
+  namespace: blog
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: blog
+  template:
+    metadata:
+      labels:
+        app: blog
+    spec:
+      containers:
+      - name: blog
+        image: git.aridgwayweb.com/armistace/blog:latest
+        ports:
+        - containerPort: 8000
+      imagePullSecrets:
+        - name: regcred

kube/blog_pod.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+    name: blog
+    namespace: blog
+spec:
+    containers:
+        - name: blog
+          image: git.aridgwayweb.com/armistace/blog:latest
+          ports:
+              - containerPort: 8000
+    imagePullSecrets:
+        - name: regcred

kube/blog_service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: blog-service
+  namespace: blog
+spec:
+  type: NodePort
+  selector:
+    app: blog 
+  ports:
+    - port: 80
+      targetPort: 8000
+      nodePort: 30009

src/content/matrix_ai_integrations_with_baibot.md

@@ -0,0 +1,114 @@
+Title: Intergrating Ollama and Matrix with Baibot
+Date: 2025-06-25 20:00 
+Modified: 2025-06-30 08:00 
+Category: AI, Data, Matrix 
+Tags: ai, kubernetes, matrix 
+Slug: ollama-matrix-integration 
+Authors: Andrew Ridgway 
+Summary: Integrating a Local LLM to a personal matrix server all the fun AND data sovereignty
+
+### _Human Introduction_
+I've been experimenting with AI and integrations I'm particuarly excited by the idea of using LLM's to integrate between different systems (Stay tuned for a blog [MCP](https://modelcontextprotocol.io/introduction) at some point in the future!)
+
+Below I've thrown together some notes and had AI build a very quick how to on a cool little project that took next to no time to put together that I thought might be interesting for the group.. Enjoy!
+
+
+
+# Matrix AI Integrations with baibot: A Fun Journey into Home Automation and LLMs
+
+Alright, so I’ve been messing around with this cool project called **baibot**, which is a locally deployable bot for integrating Large Language Models (LLMs) into Matrix chatrooms. If you’re anything like me, you run your own Matrix server to keep things private and under control—whether it’s for family communication or interacting with the tech community. But one day, I thought, “Why not have my LLMs right where I’m already managing everything else?” Enter baibot.
+
+**Setting Up My Own Matrix Server with baibot**
+
+First off, I’ve got a home Matrix server running Element. Integrating baibot into this environment makes sense because it allows me to connect directly via the same platform. The key was getting the configuration right using examples from [baibot’s GitHub](https://github.com/etkecc/baibot/blob/main/docs/sample-provider-configs/ollama.yml). For instance, connecting to an Ollama gemma3 model with a specific prompt ensures it’s lighthearted yet responsive:
+
+```yaml
+base_url: http://<my_ollama_ip>:11434/v1
+text_generation:
+  model_id: gemma3:latest
+  prompt: 'You are a lighthearted bot...'
+temperature: 0.9
+max_response_tokens: 4096
+max_context_tokens: 128000
+```
+
+This gives me precise control over the bot’s behavior, ensuring each instance in Matrix rooms behaves exactly as intended.
+
+**Deploying to Kubernetes**
+
+To ensure reliability, I used Kubernetes. Here's a breakdown of the key files:
+
+*   **Deployment.yaml**: Manages pod replicas, security contexts, and volume mounts for persistence.
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: ridgway-bot
+  name: ridgway-bot
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    spec:
+      containers:
+      - image: ghcr.io/etkecc/baibot:v1.7.4
+        name: baibot
+        volumeMounts:
+        - name: ridgway-bot-cm
+          mountPath: /app/config.yml
+        - name: ridgway-bot-pv
+          mountPath: /data
+      volumes:
+      - name: ridgway-bot-cm
+        configMap:
+          name: ridgway-bot
+      - name: ridgway-bot-pv
+        persistentVolumeClaim:
+          claimName: ridgway-bot-storage
+```
+
+*   **Persistent Volume Claim (PVC)** ensures data storage for baibot.
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ridgway-bot-storage
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 500Mi
+```
+
+The deployment script handles namespace creation, config maps, PVCs, and waits for the pod to be ready before copying data.
+
+**Integrating with OpenWebUI for RAG**
+
+Another cool aspect is integrating baibot with **OpenWebUI**, which acts as an OpenAI-compatible API. This allows me to leverage models I’ve created in OpenWebUI that include knowledge bases (RAG). The config here uses OpenWebUI’s endpoints:
+
+```yaml
+base_url: 'https://<my-openwebui-endpoint>/api/'
+api_key: <my-openwebui-api-key>
+text_generation:
+  model_id: andrew-knowledge-base
+  prompt: 'Your name is Rodergast...'
+```
+
+This setup lets me access RAG capabilities directly within Matrix chats, all without writing a single line of code. It’s like having my very own AI research assistant right there in the chatroom.
+
+**Future Steps and Challenges**
+
+Now that baibot is up and running, I’m already thinking about expanding its use cases. The next step might be integrating it with **Home Assistant** for alarm notifications or other automation tasks. However, my current setup uses an older gaming PC, which struggles with computational demands. This could lead to a rearchitecting effort—perhaps moving to a dedicated server or optimizing the hardware.
+
+**Conclusion**
+
+Baibot has been a fantastic tool for experimenting with AI integrations in Matrix. By leveraging existing infrastructure and OpenWebUI’s capabilities, I’ve achieved full control over data privacy and customization. The next frontier is expanding these integrations into more practical applications like home automation. Stay tuned for updates!
+
+**Final Thoughts**
+
+It’s incredibly rewarding to see how open-source projects like baibot democratize AI access. Whether you’re a hobbyist or a pro, having tools that let you run LLMs locally without vendor lock-in is game-changing. If you’re interested in diving deeper, check out the [baibot GitHub](https://github.com/etkecc/baibot) and explore its documentation. Happy coding!

src/content/recovering_an_archlinux_qemu_vm_in_proxmox.md

@@ -0,0 +1,93 @@
+Title: Recovering Archlinux Qemu VM in Proxmox
+Date: 2025-07-01 20:00
+Modified: 2025-07-01 20:00
+Category: SysAdmin
+Tags: System Admin, Proxmox, Qemu, Arch, Kubernetes
+Slug: recovering-arch-vm-proxmox
+Authors: Andrew Ridgway
+Summary: An absolute nightmare of a day trying to recover my kube cluster from a silly update error
+
+### Human Edit
+This is probably the most amazing run of the blog creator, I've started using the new gemma3n and also upgrade the box ollama runs on so it can run slightly bigger models. Using phi4 and gemma:27b has produced some amazing results see below
+
+I *did* need to update some of the pacman stuff as it conflated to seperate issues so bear in mind I have made some little edits in that place but otherwise... this is straight from the mouth of the llm. Enjoy!
+
+# Recovering an Archlinux QEMU VM in Proxmox: A Day in Hell and Back Again
+
+Well that was a morning. Today I wanted to try and fix my Longhorn installation in Kube... (again 😥). It turns out, things didn't go as planned.
+
+## The Unexpected Downfall
+
+I went to perform my usual update and reboot... except today for whatever reason, the upgrade decided to fail to install the kernel and left me with an unbootable system.
+
+### Dropping into Grub Rescue
+
+At this point I dropped back down to grub rescue mode (which is always fun). Honestly? I hate that environment! And then it hit me: these systems are just QEMU disks, right? Surely I can mount them, chroot in, and fix the install.
+
+## The Quest for Recovery
+
+It took 2 hours of frantic Googling through Proxmox and Arch forums until I stumbled upon something... almost magical.
+
+### Mounting QEMU Disks Made Easy
+
+I found an amazing suite of tools to make mounting these qemu disks a breeze. Check out this [guide](https://www.howtogeek.com/devops/how-to-mount-a-qemu-virtual-disk-image/) for all the details on libguestfs-tools and guestmount.
+
+#### Mounting in Action
+
+```bash
+sudo apt install libguestfs-tools
+sudo guestmount --add /var/lib/pve/local-btrfs/images/100/vm-100-disk-0/disk.raw --mount /dev/sda3 /tmp/kube_disk/
+```
+
+### Enter Chroot Land
+
+Now that I've got my disk mounted, it's time to chroot in. But hold up! I need it as root this time.
+
+#### Setting Up Arch-Chroot
+
+```bash
+sudo apt install arch-installation-scripts
+arch-chroot /tmp/kube_disk/
+```
+
+### Pacman: The Hero We Deserve (But Need Permission)
+
+Oh boy, pacman threw 23 million permission errors my way. Last year they changed it to work rootless by default… but I found out you can turn off the `DefaultUser` flag in `/etc/pacman.conf`. Here's how:
+
+```bash
+# Disable DefaultUser temporarily for this session (or remove if permanent)
+pacman -Syu 
+```
+
+I did have a couple issues installing the kernel (which is what got borked in the update)
+```bash
+# Sometimes some files got written so use overwrite to get rid of them
+# be warned this *could* be destructive
+pacman -S linux --overwrite "*"
+```
+
+### Clean Up and Exit
+
+Once we're done, we need to exit the chroot. Remember that crucial step: umounting correctly.
+
+```bash
+exit
+sudo umount /tmp/kube_disk/
+```
+
+## The Reboot Saga (And How Not To Do It)
+
+Reboot was supposed to be a smooth sail… but I made one fatal mistake.
+
+### Corruption Nightmare
+
+I didn't unmount before starting the VM. This led me down an unfortunate path of corrupting my btrfs partition beyond recognition and having to rebuild not just my master node, but *entire* cluster! Backups saved the day... barely!
+
+#### Lessons Learned
+
+*   **Never** reboot without first properly umounting.
+*   Seriously need more backups for those images. 🚀
+
+## Conclusion: A Cluster-Fucked Day Turned Into a Learning Experience
+
+All in all it was chaos, but hey – learning happens at 2 AM after midnight reboots and frantic Googling. Hope this helps anyone else stuck with Proxmox woes! 🚀

src/content/the_failing_social_media_ban.md

@@ -0,0 +1,53 @@
+Title: The Failing Social Media Ban
+Date: 2025-06-19 20:00
+Modified: 2025-06-20 20:00
+Category: Politics
+Tags: politics, social meda, tech policy
+Slug: social-media-ban-fail
+Authors: Andrew Ridgway
+Summary: The Social Media ban is an abject failure of policy. Education and the use of the much better existing tools is the key
+
+## 🎯 The Goal: A Legal Framework to Protect Kids
+
+The Australian government’s or should I say Julie Inman's plan to ban social media for teens has sparked on going debate. While the intention is noble—protecting minors from online risks—it’s clear the technical and legal hurdles are massive. This government concept of relying on “facial aging” or “Proof of Age” APIs are prone to privacy violations and data breaches. Parents already have tools that let them make decisions about their children’s tech use without needing to hand over photos of their ID. The governments current approach is mired in bureaucracy and the tech world does not thrive in that environment. Instead of trying to outsource the problem to consultants, the government should **educate parents on the tools already available**.
+
+## 🧩 The Problem: Tech Giants Won’t Do It
+
+The government’s plan to enable Inman's vision is to use facial recognition or “age-based” filters. This was flawed from the start. These systems are expensive, unreliable, and not designed for the scale of a national rollout. Even if a company like Meta or Google could do it, they’d **never** do it for the same reason: **There is no money in the equation**. The only alternative is to outsource to consultants, but those consultants are not equipped to handle the complexity. The government’s plan is a joke, no one is going to build a system that’s 100% accurate, secure, and compliant with privacy laws and those that, maybe, could have no insentive to. No amount of chest thumping by The E-Safety Commissioner will change this fact and throwing frankly meaningless pieces of paper from our legislative assembly will do little more than make them laugh
+
+## 🛠️ The Tools Parents Already Have
+
+Parents ([Is it parents? is it in fact fiefdom creation on behalf of Julie Inman?](https://minister.infrastructure.gov.au/rowland/media-release/record-investment-improve-safety-australians-online)) must give up on the idea of the government fixing this. , parents should be using the **tools already in their homes**. These tools are **free, secure, and effective**. Some examples include (and I use in my own home):
+
+*   **Fritz Box Parental Controls** (https://en.fritz.com/service/knowledge-base/dok/FRITZ-Box-7530/8_Restricting-internet-use-with-the-FRITZ-Box-parental-controls/) - Allows blocking of websites and apps, setting time limits, and creating user profiles.
+*   **Microsoft Family Safety** (https://www.microsoft.com/en-au/microsoft-365/family-safety) - Provides screen time limits, content filters, and activity reporting.
+*   **Nintendo Parental Controls** (https://www.nintendo.com/au/apps/parental-controls/) - Allows managing game time, content restrictions, and communication settings on Nintendo devices.
+*   **Google Family Link** (https://families.google.com/familylink/) - Enables remote monitoring, app management, and location tracking for children's Android devices.
+*   **Apple Family Sharing** (https://support.apple.com/en-au/105121) - Allows sharing purchases, subscriptions, and location information with family members.
+
+These tools let parents **block apps, limit screen time, and monitor online activity** without needing to share sensitive data. They offer parents full control over what is available and are not dependant on some arbitrary list governed in legislation (which is in an of itself an indicator of how backwards this legislation is)
+
+## 📚 The Real Solution: Education, Not Tech
+
+The government’s plan is a **mistake**. Instead of trying to build a new system, parents should be **educating themselves on the tools already available**.
+
+### 🔄 Flexibility for Every Family
+
+*   **Approved apps**
+*   **Blacklisted content**
+*   **Screen time limits**
+*   **Privacy controls**
+
+These tools let parents **make decisions tailored to their children’s needs**. No one-size-fits-all approach. It gives parents autonomy over their online decision making whilst better respecting everyones privacy, including the childs. Already Julie is making calls to expand the list, this is unacceptable, it is no one but MY choice what is acceptable in my house and for my family. 
+
+## 🧩 Why the Government’s Plan Fails
+
+The government’s plan is a **disaster**. It’s not about fixing the problems of social media use in teens, it’s about giving the perception they are doing something about it using archaic methods and tools that don't go to the root cause. The tools parents already have are **better, cheaper, and more secure**. The only way to make this work is for the government to **stop trying to solve a social problem with tech** and **focus on the real solution: education and parental autonomy**. Stop Letting Julie create her cartel and create her own version of the Chinese firewall
+
+## 📝 Summary: The Right Tools, Not the Tech
+
+The government’s plan is a dead monkey. Instead of trying to build a system that’s 100% accurate and secure, parents should be using the **tools already in their homes**. These tools are **free, effective, and preserve privacy**. They let parents **make decisions about their children’s tech use on a true case by case basis** without needing to hand over sensitive data.
+
+## 🧩 Final Thoughts
+
+The Government's plan, at the behest of Julie Inman, is a **disaster**. It’s not about fixing the problem with social media, it’s about creating the perception they are solving a problem that is already solved. [The E-Safety Commissioner has made clear her plans are to take control out of our hands when it comes to what we can do online](https://www.esafety.gov.au/newsroom/media-releases/online-industry-asked-address-esafetys-concerns-draft-codes-0#:~:text=Online%20industry%20asked%20to%20address%20eSafety%27s%20concerns%20with%20draft%20codes,-Share&text=Australia%27s%20eSafety%20Commissioner%20has%20asked,safeguards%20for%20users%20in%20Australia.)  Parents should be using the **tools already in their homes**. The real solution is not to expect a government to fix this, but to **educate themselves on the tools that already exist**. Until we accept that this is our responsbility the problem will continue propogate because the only place it can be fixed is in the home and not my Julie Inam.

src/content/when_to_use_ai.md

@@ -0,0 +1,82 @@
+Title: When to use AI 
+Date: 2025-06-05 20:00 
+Modified: 2025-06-06 08:00 
+Category: AI, Data 
+Tags: ai, python 
+Slug: when-to-use-ai 
+Authors: Andrew Ridgway 
+Summary: Should we be using AI for ALL THE THINGS!?
+
+
+# Human Introduction
+Well.. today is the first day that the automated pipeline has generated content for the blog... still a bit of work to do including
+
+1. establishing a permanent vectordb solution (chromadb? pg_vector?)
+2. Notification to Matrix that something has happened
+3. Updating Trilium so that the note is marked as blog_written=true
+
+BUT it can take a note from trilium, generate drafts with mulitple agents, and then use RAG to have an editor go over those drafts.
+
+I'm particularly proud of the randomness I've applied to temperature, top_p and top_k for the different draft agents. This means that each pass is giving me quite different "creativity" (as much as that can be applied to an algorithm that is essentially munging letters together that have a high probability of being together) It has created some really interesting variation for the editor to work with and getting some really interesting results.
+
+Anyways, without further ado, I present to you the first, pipeline written, AI content for this blog
+
+---
+
+# When to Use AI: Navigating the Right Scenarios
+
+Okay, so I've been getting this question a lot lately: "When should we use AI?" or even more frustratingly, "Why can't AI do this?" It's like asking when to use a hammer versus a screwdriver. Sometimes AI is the perfect tool, other times it's better left in the toolbox. Let me break down some scenarios where AI shines and where it might not be the best bet.
+
+## The Spreadsheet Dilemma: Where AI Can help, and where it hurts
+
+**Scenario:** Mapping work types to categories in a spreadsheet with thousands of entries, like distinguishing between "Painting," "Repainting," "Deck Painting," or "Stucco Repainting."
+
+**Where AI Helps:**
+
+*   **Fuzzy Matching & Contextual Understanding:** AI excels at interpreting relationships between words (e.g., recognizing "Deck Painting" as a subset of "Painting"). However, traditional methods with regex or string manipulation fail here because they lack the nuanced judgment needed to handle ambiguity.
+
+**Where AI Struggles:** 
+
+*   **Precision Over Ambiguity:** Calculations requiring exact values (e.g., average durations) are better handled by deterministic algorithms rather than AI’s probabilistic approach.
+
+**Traditional Methods Are Easier for Deterministic Problems:**
+
+*   **Formula-Based Logic:** Building precise formulas for workload analysis relies on clear, unambiguous rules. AI can’t replace the need for human oversight in such cases.
+
+## When AI Shines: Contextual and Unstructured Tasks
+
+**Scenario:** Automating customer support with chatbots or analyzing social media sentiment.
+
+**Why AI Works Here:**
+
+*   **Natural Language Processing (NLP):** AI understands context, tone, and intent in unstructured data, making it ideal for tasks like chatbot responses or content analysis.
+*   **Pattern Recognition:** AI identifies trends or anomalies in large datasets that humans might miss, such as predictive maintenance in industrial settings.
+
+**Why Traditional Methods Don't:**
+
+* **There is no easily discernable pattern:** If the pattern doesn't exist in a deterministic sense there will be little someone can do without complex regex and 'whack a mole' style programming. 
+
+## Hybrid Approaches: The Future of Efficiency
+
+While traditional methods remain superior for precise calculations, AI can assist in setting up initial parameters or generating insights. For example:
+
+*   **AI Proposes Formulas:** An LLM suggests a workload calculation formula based on historical data.
+*   **Human Checks Validity:** A human ensures the formula’s accuracy before deployment.
+
+## Key Takeaways
+
+1.  **Use AI** for tasks involving:
+    *   Unstructured data (e.g., text, images).
+    *   Contextual understanding and interpretation.
+    *   Pattern recognition and trend analysis.
+2.  **Stick to Traditional Methods** for:
+    *   Precise calculations with deterministic logic.
+    *   Tasks requiring error-free accuracy (e.g., financial modeling).
+
+## Conclusion
+
+AI is a powerful tool but isn’t a one-size-fits-all solution. Match the right approach to the task at hand—whether it’s interpreting natural language or crunching numbers. The key is knowing when AI complements human expertise rather than replaces it.
+
+**Final Tip:** Always consider the trade-offs between precision and context. For tasks where nuance matters, AI is your ally; for rigid logic, trust traditional methods.
+
+🚀