feat: dynamic stats via DynNum component + kv-push.sh

Replace hardcoded infrastructure numbers across 12 pages (EN+FR) with
live data from Cloudflare KV, pushed every 5min by kv-push.sh on CT 192.

- New DynNum.astro component: inline <span data-stat="..."> with fallback
- Base.astro hydration script: single fetch('/api/stats') per page
- StatsBar extended with optional stat/suffix props
- kv-push.sh: 3 new metrics (lxc_count, https_services, ansible_playbooks)
  from Proxmox API and Semaphore API
- Fix stale values: 12→13 playbooks, 21→33 monitored services,
  35+→30+ in meta descriptions

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ferr079

src/components/DynNum.astro

@@ -0,0 +1,21 @@
+---
+/**
+ * DynNum — inline dynamic number from /api/stats
+ *
+ * Renders fallback in static HTML (SSG/SEO).
+ * Client-side script in Base.astro fetches /api/stats once
+ * and updates all [data-stat] elements.
+ *
+ * Usage:
+ *   <DynNum stat="lxc_count" fallback="30+" suffix="+" />
+ *   → static: "30+", dynamic: "35+"
+ */
+interface Props {
+  stat: string;
+  fallback: string;
+  suffix?: string;
+}
+
+const { stat, fallback, suffix = '' } = Astro.props;
+---
+<span data-stat={stat} data-stat-suffix={suffix}>{fallback}</span>

src/components/StatsBar.astro

@@ -1,6 +1,6 @@
 ---
 interface Props {
-  stats: Array<{ number: string; label: string }>;
+  stats: Array<{ number: string; label: string; stat?: string; suffix?: string }>;
 }
 
 const { stats } = Astro.props;
@@ -9,12 +9,14 @@ const { stats } = Astro.props;
 <section class="stats">
   <div class="stats-container">
     <div class="stats-grid">
-      {stats.map((stat, i) => (
+      {stats.map((s, i) => (
         <>
           {i > 0 && <div class="stat-sep"></div>}
           <div class="stat reveal">
-            <span class="stat-number" data-target={stat.number}>{stat.number}</span>
-            <span class="stat-label">{stat.label}</span>
+            <span class="stat-number" data-target={s.number}
+              {...(s.stat ? { 'data-stat': s.stat, 'data-stat-suffix': s.suffix || '' } : {})}
+            >{s.number}</span>
+            <span class="stat-label">{s.label}</span>
           </div>
         </>
       ))}

src/layouts/Base.astro

@@ -87,6 +87,27 @@ const siteUrl = 'https://pixelium.win';
   </body>
 </html>
 
+<!-- Dynamic stats hydration — updates all [data-stat] elements from /api/stats -->
+<script>
+  (async function hydrateStats() {
+    const els = document.querySelectorAll('[data-stat]');
+    if (!els.length) return;
+    try {
+      const res = await fetch('/api/stats');
+      if (!res.ok) return;
+      const data = await res.json();
+      if (!data.stats) return;
+      els.forEach(el => {
+        const key = (el as HTMLElement).dataset.stat!;
+        const val = data.stats[key];
+        if (val == null) return;
+        const suffix = (el as HTMLElement).dataset.statSuffix || '';
+        (el as HTMLElement).textContent = val + suffix;
+      });
+    } catch (_) { /* graceful — keep fallbacks */ }
+  })();
+</script>
+
 <!-- Scroll reveal - global -->
 <script>
   const observer = new IntersectionObserver(

src/pages/about.astro

@@ -1,5 +1,6 @@
 ---
 import Base from '../layouts/Base.astro';
+import DynNum from '../components/DynNum.astro';
 
 // Forgejo — fetch commit counts at build time
 const forgejoRepos = ['homelab-infra', 'homelab-configs', 'ansible-homelab', 'pixelium-site'];
@@ -50,7 +51,7 @@ const skills = [
 ];
 ---
 
-<Base title="Stéphane Ferreira — pixelium.win" description="Stéphane Ferreira — DevSecOps engineer, self-hosted infrastructure specialist, pentester (HTB Hacker rank). 35+ services, Proxmox, Ansible, AI agents. Presented by Claude.">
+<Base title="Stéphane Ferreira — pixelium.win" description="Stéphane Ferreira — DevSecOps engineer, self-hosted infrastructure specialist, pentester (HTB Hacker rank). 30+ services, Proxmox, Ansible, AI agents. Presented by Claude.">
   <main>
     <section class="hero-mini">
       <div class="container">
@@ -96,19 +97,19 @@ const skills = [
               <span class="track-label">ops journal entries</span>
             </div>
             <div class="track-stat">
-              <span class="track-number">30+</span>
+              <span class="track-number"><DynNum stat="lxc_count" fallback="30+" suffix="+" /></span>
               <span class="track-label">LXC containers in production</span>
             </div>
             <div class="track-stat">
-              <span class="track-number">25+</span>
+              <span class="track-number"><DynNum stat="https_services" fallback="25+" suffix="+" /></span>
               <span class="track-label">services behind HTTPS</span>
             </div>
             <div class="track-stat">
               <span class="track-number">35</span>
               <span class="track-label">hosts managed by Ansible</span>
             </div>
             <div class="track-stat">
-              <span class="track-number">12</span>
+              <span class="track-number"><DynNum stat="ansible_playbooks" fallback="14" /></span>
               <span class="track-label">Ansible playbooks</span>
             </div>
             <div class="track-stat">
@@ -201,7 +202,7 @@ const skills = [
             </div>
             <div class="detail">
               <h4>AI agents in production</h4>
-              <p>OpenFang monitors 21 services autonomously, wakes servers remotely (WOL), and alerts via Telegram — for ~$1.50/month. PentAGI runs autonomous pentests powered by local LLM inference — its first scan found a real misconfiguration. These are real agents in production, not demos.</p>
+              <p>OpenFang monitors <DynNum stat="services_total" fallback="33" /> services autonomously, wakes servers remotely (WOL), and alerts via Telegram — for ~$1.50/month. PentAGI runs autonomous pentests powered by local LLM inference — its first scan found a real misconfiguration. These are real agents in production, not demos.</p>
             </div>
             <div class="detail">
               <h4>Sovereign local inference</h4>

src/pages/fr/about.astro

@@ -1,5 +1,6 @@
 ---
 import Base from '../../layouts/Base.astro';
+import DynNum from '../../components/DynNum.astro';
 
 // Forgejo — fetch commit counts at build time
 const forgejoRepos = ['homelab-infra', 'homelab-configs', 'ansible-homelab', 'pixelium-site'];
@@ -48,7 +49,7 @@ const skills = [
 ];
 ---
 
-<Base title="Stéphane Ferreira — pixelium.win" description="Stéphane Ferreira — ingénieur DevSecOps, spécialiste infrastructure self-hosted, pentester (HTB Hacker rank). 35+ services, Proxmox, Ansible, agents IA. Présenté par Claude.">
+<Base title="Stéphane Ferreira — pixelium.win" description="Stéphane Ferreira — ingénieur DevSecOps, spécialiste infrastructure self-hosted, pentester (HTB Hacker rank). 30+ services, Proxmox, Ansible, agents IA. Présenté par Claude.">
   <main>
     <section class="hero-mini">
       <div class="container">
@@ -94,19 +95,19 @@ const skills = [
               <span class="track-label">entrées journal ops</span>
             </div>
             <div class="track-stat">
-              <span class="track-number">30+</span>
+              <span class="track-number"><DynNum stat="lxc_count" fallback="30+" suffix="+" /></span>
               <span class="track-label">conteneurs LXC en production</span>
             </div>
             <div class="track-stat">
-              <span class="track-number">25+</span>
+              <span class="track-number"><DynNum stat="https_services" fallback="25+" suffix="+" /></span>
               <span class="track-label">services derrière HTTPS</span>
             </div>
             <div class="track-stat">
               <span class="track-number">35</span>
               <span class="track-label">hôtes gérés par Ansible</span>
             </div>
             <div class="track-stat">
-              <span class="track-number">12</span>
+              <span class="track-number"><DynNum stat="ansible_playbooks" fallback="14" /></span>
               <span class="track-label">playbooks Ansible</span>
             </div>
             <div class="track-stat">
@@ -199,7 +200,7 @@ const skills = [
             </div>
             <div class="detail">
               <h4>Agents IA en production</h4>
-              <p>OpenFang surveille 21 services en autonomie, réveille des serveurs à distance (WOL), alerte via Telegram — pour ~$1.50/mois. PentAGI exécute des pentests autonomes propulsés par l'inférence LLM locale — son premier scan a trouvé une vraie faille de config. Ce sont de vrais agents en production, pas des démos.</p>
+              <p>OpenFang surveille <DynNum stat="services_total" fallback="33" /> services en autonomie, réveille des serveurs à distance (WOL), alerte via Telegram — pour ~$1.50/mois. PentAGI exécute des pentests autonomes propulsés par l'inférence LLM locale — son premier scan a trouvé une vraie faille de config. Ce sont de vrais agents en production, pas des démos.</p>
             </div>
             <div class="detail">
               <h4>Inférence locale souveraine</h4>

src/pages/fr/ia.astro

@@ -1,6 +1,7 @@
 ---
 import Base from '../../layouts/Base.astro';
 import StatsBar from '../../components/StatsBar.astro';
+import DynNum from '../../components/DynNum.astro';
 ---
 
 <Base title="IA — pixelium.win" description="L'écosystème IA de Stéphane — Ollama local (RTX 3090), MiniMax en production, open source surveillé, vision fine-tuning. Présenté par Claude.">
@@ -109,7 +110,7 @@ import StatsBar from '../../components/StatsBar.astro';
                 <span class="api-name">MiniMax M2.7</span>
                 <span class="api-role">Agents AIOps</span>
               </div>
-              <p class="api-desc">Modèle principal d'OpenFang (Guardian AIOps) et fallback disponible pour PentAGI. Excellent ratio perf/coût pour des agents qui tournent en continu. ~$1.50/mois pour la surveillance de 30+ services.</p>
+              <p class="api-desc">Modèle principal d'OpenFang (Guardian AIOps) et fallback disponible pour PentAGI. Excellent ratio perf/coût pour des agents qui tournent en continu. ~$1.50/mois pour la surveillance de <DynNum stat="services_total" fallback="33" /> services.</p>
               <div class="api-tags">
                 <span>OpenFang</span>
                 <span>PentAGI fallback</span>

src/pages/fr/index.astro

@@ -43,7 +43,7 @@ const cards = [
   {
     icon: '⚙',
     title: 'IaC, CI/CD & Automatisation',
-    description: 'Ansible via Semaphore pour le déploiement — 12 playbooks couvrent du hardening SSH au déploiement d\'agents. CI/CD sur Forgejo Runner (Podman). Configs versionnées. Unattended upgrades partout.',
+    description: 'Ansible via Semaphore pour le déploiement — 14 playbooks couvrent du hardening SSH au déploiement d\'agents. CI/CD sur Forgejo Runner (Podman). Configs versionnées. Unattended upgrades partout.',
     tags: ['Ansible', 'Semaphore', 'Forgejo Runner', 'CI/CD'],
   },
   {
@@ -73,7 +73,7 @@ const cards = [
 ];
 ---
 
-<Base title="pixelium.win — Portfolio DevSecOps Homelab" description="Infrastructure de production self-hosted : 35+ services sur Proxmox, automatisation Ansible, agents IA, sécurité en profondeur. Conçu par Stéphane Ferreira, raconté par Claude.">
+<Base title="pixelium.win — Portfolio DevSecOps Homelab" description="Infrastructure de production self-hosted : 30+ services sur Proxmox, automatisation Ansible, agents IA, sécurité en profondeur. Conçu par Stéphane Ferreira, raconté par Claude.">
   <main>
     <!-- Hero -->
     <section class="hero">
@@ -97,8 +97,8 @@ const cards = [
     <!-- Stats -->
     <StatsBar stats={[
       { number: '3', label: 'nœuds Proxmox' },
-      { number: '30+', label: 'conteneurs LXC' },
-      { number: '20+', label: 'services HTTPS' },
+      { number: '30+', label: 'conteneurs LXC', stat: 'lxc_count', suffix: '+' },
+      { number: '20+', label: 'services HTTPS', stat: 'https_services', suffix: '+' },
       { number: '0€', label: 'cloud externe' },
     ]} />
 

src/pages/fr/infrastructure.astro

@@ -4,12 +4,13 @@ import Screenshot from '../../components/Screenshot.astro';
 import Carousel from '../../components/Carousel.astro';
 import StatsBar from '../../components/StatsBar.astro';
 import SectionHeading from '../../components/SectionHeading.astro';
+import DynNum from '../../components/DynNum.astro';
 
 const serviceSlides = [
   { src: '/images/services/traefik.webp', alt: 'Dashboard Traefik — routers, services, middlewares', title: 'Traefik — Reverse Proxy' },
   { src: '/images/services/authentik.webp', alt: 'Admin Authentik — dashboard SSO avec stats connexion', title: 'Authentik — SSO / IdP' },
   { src: '/images/services/technitium.webp', alt: 'TechnitiumDNS — stats requêtes et top clients', title: 'TechnitiumDNS — Serveur DNS' },
-  { src: '/images/services/semaphore.webp', alt: 'Semaphore — 12 templates de tâches Ansible', title: 'Semaphore — UI Ansible' },
+  { src: '/images/services/semaphore.webp', alt: 'Semaphore — 14 templates de tâches Ansible', title: 'Semaphore — UI Ansible' },
   { src: '/images/services/netbox.webp', alt: 'NetBox — inventaire IPAM et changelog', title: 'NetBox — IPAM / DCIM' },
   { src: '/images/services/immich.webp', alt: 'Immich — galerie photo avec classification IA', title: 'Immich — Photothèque' },
   { src: '/images/services/bytestash.webp', alt: 'ByteStash — gestionnaire de snippets', title: 'ByteStash — Snippets' },
@@ -34,13 +35,13 @@ const monitoringSlides = [
       <div class="container">
         <p class="terminal-prompt">$ cat infrastructure.md</p>
         <h1>Infrastructure<span class="dot">.</span></h1>
-        <p class="subtitle">3 noeuds Proxmox, 30+ conteneurs LXC, tout self-hosted. Pas un seul service cloud payant.</p>
+        <p class="subtitle">3 noeuds Proxmox, <DynNum stat="lxc_count" fallback="30+" suffix="+" /> conteneurs LXC, tout self-hosted. Pas un seul service cloud payant.</p>
       </div>
     </section>
 
     <StatsBar stats={[
       { number: "3", label: "noeuds Proxmox" },
-      { number: "30+", label: "conteneurs LXC" },
+      { number: "30+", label: "conteneurs LXC", stat: "lxc_count", suffix: "+" },
       { number: "13", label: "widgets Homepage" },
       { number: "0", label: "euro cloud externe" },
     ]} />
@@ -160,7 +161,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Pourquoi :</strong> Hyperviseur libre avec LXC natif — les conteneurs demarrent en 2 secondes et consomment 50 Mo de RAM. PBS integre pour les backups. API complete.</p>
                 <p class="tech-alt"><span class="alt-label">Ecartes :</span> ESXi (payant depuis 2024), Hyper-V (Windows only), XCP-ng (moins de communaute)</p>
-                <p class="tech-result"><span class="result-label">Resultat :</span> 3 noeuds heterogenes, 30+ CTs, backups incrementaux via PBS</p>
+                <p class="tech-result"><span class="result-label">Resultat :</span> 3 noeuds heterogenes, <DynNum stat="lxc_count" fallback="30+" suffix="+" /> CTs, backups incrementaux via PBS</p>
               </div>
             </div>
 
@@ -172,7 +173,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Pourquoi :</strong> Config dynamique en YAML rechargee a chaud — j'ajoute un service HTTPS en deposant un fichier dans <code>conf.d/</code>, sans restart. ACME natif avec step-ca.</p>
                 <p class="tech-alt"><span class="alt-label">Ecartes :</span> Nginx Proxy Manager (UI-only, pas IaC), Caddy (moins d'integrations reverse proxy)</p>
-                <p class="tech-result"><span class="result-label">Resultat :</span> 25+ services HTTPS, certificats auto-renouveles, zero intervention manuelle</p>
+                <p class="tech-result"><span class="result-label">Resultat :</span> <DynNum stat="https_services" fallback="25+" suffix="+" /> services HTTPS, certificats auto-renouveles, zero intervention manuelle</p>
               </div>
             </div>
 
@@ -220,7 +221,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Pourquoi :</strong> Agentless — SSH suffit, pas de daemon a installer sur 30+ CTs. Idempotent — je relance un playbook sans risque. Semaphore ajoute une UI web pour les lancements en 1 clic.</p>
                 <p class="tech-alt"><span class="alt-label">Ecartes :</span> Puppet/Chef (agents sur chaque hote), Terraform (provisioning, pas config management)</p>
-                <p class="tech-result"><span class="result-label">Resultat :</span> 12 playbooks operationnels, deploiement d'agent Wazuh/Beszel en 1 commande</p>
+                <p class="tech-result"><span class="result-label">Resultat :</span> <DynNum stat="ansible_playbooks" fallback="14" /> playbooks operationnels, deploiement d'agent Wazuh/Beszel en 1 commande</p>
               </div>
             </div>
 

src/pages/fr/projets.astro

@@ -1,5 +1,6 @@
 ---
 import Base from '../../layouts/Base.astro';
+import DynNum from '../../components/DynNum.astro';
 ---
 
 <Base title="Projets — pixelium.win" description="12 projets en production : SSO Authentik, monitoring IA (OpenFang), pentest autonome (PentAGI), veille RSS, observabilité, sécurité en profondeur, CI/CD. Vrais ops, vrai debugging.">
@@ -69,7 +70,7 @@ import Base from '../../layouts/Base.astro';
             </div>
             <div class="detail-block">
               <h4>Le contournement shell_exec</h4>
-              <p>Le sanitizer d'OpenFang bloque les accolades <code>{}</code>, les pipes et les semicolons dans les commandes shell. Impossible d'exécuter du LogQL ou du PromQL directement. Solution : 3 wrappers CLI dédiés — <code>http-check</code> (21 services), <code>vm-query</code> (VictoriaMetrics), <code>pve-status</code> (Proxmox) — qui encapsulent la complexité et exposent une interface propre.</p>
+              <p>Le sanitizer d'OpenFang bloque les accolades <code>{}</code>, les pipes et les semicolons dans les commandes shell. Impossible d'exécuter du LogQL ou du PromQL directement. Solution : 3 wrappers CLI dédiés — <code>http-check</code> (<DynNum stat="services_total" fallback="33" /> services), <code>vm-query</code> (VictoriaMetrics), <code>pve-status</code> (Proxmox) — qui encapsulent la complexité et exposent une interface propre.</p>
             </div>
             <div class="detail-block">
               <h4>WOL pve3 — l'agent qui allume les machines</h4>
@@ -85,7 +86,7 @@ import Base from '../../layouts/Base.astro';
               <li>VictoriaMetrics</li>
               <li>Loki</li>
             </ul>
-            <span class="project-services">~0,05€/jour — 4 cron jobs, 2 agents, 21 services monitorés, alertes Telegram</span>
+            <span class="project-services">~0,05€/jour — 4 cron jobs, 2 agents, <DynNum stat="services_total" fallback="33" /> services monitorés, alertes Telegram</span>
           </div>
         </div>
       </div>

src/pages/fr/securite.astro

@@ -1,6 +1,7 @@
 ---
 import Base from '../../layouts/Base.astro';
 import StatsBar from '../../components/StatsBar.astro';
+import DynNum from '../../components/DynNum.astro';
 ---
 
 <Base title="Sécurité — pixelium.win" description="Defense-in-depth sur 30+ services self-hosted : PKI interne, SSO, IPS, SIEM, VPN mesh, YubiKey FIDO2 — par Claude, l'IA qui a déployé chaque couche.">
@@ -91,7 +92,7 @@ import StatsBar from '../../components/StatsBar.astro';
             </div>
             <div class="spec">
               <span class="spec-label">Résultat</span>
-              <span class="spec-value">25+ services en HTTPS valide, cadenas vert, zéro avertissement navigateur</span>
+              <span class="spec-value"><DynNum stat="https_services" fallback="25+" suffix="+" /> services en HTTPS valide, cadenas vert, zéro avertissement navigateur</span>
             </div>
           </div>
         </div>