up

Author: mitchross

.claude/settings.local.json

@@ -6,7 +6,10 @@
       "WebFetch(domain:*)",
       "WebFetch(domain:github.com)",
       "WebFetch(domain:posthog.com)",
-      "WebFetch(domain:raw.githubusercontent.com)"
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "WebFetch(domain:ghcr.io)",
+      "WebFetch(domain:api.github.com)",
+      "WebFetch(domain:hub.docker.com)"
     ],
     "deny": [
       "Bash(git reset --hard:*)",

my-apps/development/gitea/values.yaml

@@ -20,11 +20,14 @@ image:
 podSecurityContext:
   fsGroup: 1000
 
-# The init container runs chmod on /data/git/.ssh which requires root to fix
-# ownership on restored PVCs from backup. The rootless image still drops to
-# UID 1000 internally for the main gitea process.
+# The init container runs chmod on /data/git/.ssh. Restored PVCs from backup
+# may have root-owned files. DAC_OVERRIDE bypasses ownership checks for chmod.
 containerSecurityContext:
-  runAsUser: 0
+  capabilities:
+    add:
+      - CHOWN
+      - FOWNER
+      - DAC_OVERRIDE
 
 gitea:
   config:

my-apps/development/posthog/core/web.yaml

@@ -24,7 +24,7 @@ spec:
         feature.node.kubernetes.io/cpu-cpuid.AVX2: "true"
       containers:
       - name: web
-        image: posthog/posthog:35c95290a3e4da0dd38c7d4c756d4f9fc96f821c
+        image: posthog/posthog:0c1bf64077d318019343b6894674713115f5effa
         command:
         - /bin/sh
         - -c
@@ -106,7 +106,7 @@ spec:
             cpu: 1200m
             memory: 4Gi
           limits:
-            memory: 8Gi
+            memory: 12Gi
 ---
 apiVersion: v1
 kind: Service