Hane/fukuops
1
0
Fork 0
forked from catalin/fukuops
Code Pull requests Packages 1 Activity

Compare commits

base: Hane:main
Branches Tags
Hane:main
catalin:renovate/renovate-46.x
catalin:renovate/portainer-239.x
catalin:main
catalin:feat/woodpecker-ci
catalin:feat/oxicloud-chart
catalin:feat/mc
catalin:feat/miniflux-helm
catalin:feat/tailscale
catalin:feat/ganymede
catalin:feat/tandoor
catalin:feat/valheim
..
compare: catalin:main
Branches Tags
catalin:renovate/renovate-46.x
catalin:renovate/portainer-239.x
catalin:main
catalin:feat/woodpecker-ci
catalin:feat/oxicloud-chart
catalin:feat/mc
catalin:feat/miniflux-helm
catalin:feat/tailscale
catalin:feat/ganymede
catalin:feat/tandoor
catalin:feat/valheim
Hane:main

180 commits
main ... main

Author SHA1 Message Date
Renovate Bot
4525ba5078 chore(deps): update helm release renovate to 46.142.* 2026-05-06 14:49:27 +00:00
Renovate Bot
9dd539c49c chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.16.0 2026-05-06 13:06:37 +00:00
Renovate Bot
7f8bd9c31d chore(deps): update vaultwarden/server docker tag to v1.36.0 2026-05-04 02:20:17 +00:00
Renovate Bot
81fd00b32d chore(deps): update helm release renovate to 46.138.* 2026-04-30 09:34:29 +00:00
Renovate Bot
dc44158b7d chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v17.0.1 2026-04-30 02:41:05 +00:00
Renovate Bot
c1555ba9a3 chore(deps): update helm release renovate to 46.130.* 2026-04-27 09:52:12 +00:00
Renovate Bot
926f40daaf chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.12.12 2026-04-27 09:50:10 +00:00
Renovate Bot
8c773bac1f chore(deps): update vaultwarden/server docker tag to v1.35.8 2026-04-27 09:11:45 +00:00
Renovate Bot
dcdee1b9c4 chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.15 2026-04-27 02:55:16 +00:00
Renovate Bot
7263ecc20a chore(deps): update helm release renovate to 46.128.* 2026-04-23 08:55:53 +00:00
Renovate Bot
85d1589f3e chore(deps): update terraform authentik to v2026 2026-04-23 08:44:04 +00:00
cătălin
5a26981965
 		feat: remove elastic 2026-04-23 09:18:37 +02:00
cătălin
375113b7c8
 		feat: update oxicloud to 0.5.6 2026-04-22 13:28:10 +02:00
cătălin
c8cc8e3f20
 		feat: add scripts/update-argo.sh 2026-04-22 13:27:44 +02:00
cătălin
542dae2045
 		feat: add scripts/k3scale.sh 2026-04-22 13:27:44 +02:00
Renovate Bot
7e6430640c chore(deps): update helm release renovate to 46.118.* 2026-04-20 18:58:19 +00:00
Renovate Bot
9aba22b0b1 chore(deps): update helm release meilisearch to 0.32.* 2026-04-20 12:26:32 +00:00
Renovate Bot
4a61991f4b chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v17 2026-04-18 04:45:52 +00:00
cătălin
ebfdfcc6da
 		feat: remove useless file 2026-04-16 20:19:48 +02:00
Renovate Bot
98c3bbee28 chore(deps): update helm release meilisearch to 0.31.* 2026-04-16 11:43:32 +00:00
Renovate Bot
6e25032468 chore(deps): update helm release renovate to 46.112.* 2026-04-16 11:33:04 +00:00
Renovate Bot
8375b972c9 chore(deps): update terraform adguard to v1.7.0 2026-04-16 11:04:56 +00:00
Renovate Bot
8b7746bb1e chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.14 2026-04-15 04:10:17 +00:00
Renovate Bot
87d94bcc70 chore(deps): update helm release renovate to 46.109.* 2026-04-14 18:31:25 +00:00
Renovate Bot
e4b19d9e99 chore(deps): update vaultwarden/server docker tag to v1.35.7 2026-04-14 08:33:11 +00:00
Renovate Bot
833e856903 chore(deps): update helm release renovate to 46.107.* 2026-04-13 13:50:16 +00:00
Renovate Bot
b5a1d35a70 chore(deps): update ghcr.io/antoniolago/charts/vaultwarden-kubernetes-secrets docker tag to v1.4.01 2026-04-13 04:12:54 +00:00
cătălin
b3ede23984
 		feat: update oxicloud to 0.5.5 2026-04-13 02:23:52 +02:00
Renovate Bot
49a0d53122 chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.15.1 2026-04-13 00:11:34 +00:00
Renovate Bot
3c9110c459 chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.12.11 2026-04-13 00:03:48 +00:00
Renovate Bot
4d7494ec7b chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v16.2.2 2026-04-11 04:23:28 +00:00
Renovate Bot
e74eadbbcc chore(deps): update helm release renovate to 46.106.* 2026-04-09 04:27:17 +00:00
Renovate Bot
961c9db8a3 chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.15.0 2026-04-08 07:24:35 +00:00
cătălin
75e2172e9d
 		feat: use the official diocrafts/oxicloud image 2026-04-08 09:23:20 +02:00
Renovate Bot
1984c78dcd chore(deps): update tailscale/tailscale docker tag to v1.96.5 2026-04-08 07:21:41 +00:00
Renovate Bot
e0eddb137a chore(deps): update helm release renovate to 46.105.* 2026-04-08 05:08:18 +00:00
Renovate Bot
b31a170b16 chore(deps): update ghcr.io/antoniolago/charts/vaultwarden-kubernetes-secrets docker tag to v1.3.01 2026-04-07 03:56:43 +00:00
Renovate Bot
62ed1889c7 chore(deps): update helm release renovate to 46.100.* 2026-04-03 04:19:38 +00:00
cătălin
0d8127037d
 		feat: rename vaultwarden-secrets-manager to vault-sm 2026-04-02 17:50:03 +02:00
Renovate Bot
9fa9866ce2 chore(deps): update helm release renovate to 46.98.* 2026-04-02 10:19:10 +00:00
cătălin
af25a4e809
 		feat: add k8s/woodpecker 2026-04-02 12:16:42 +02:00
cătălin
1fa6ee3028
 		feat: remove forgejo-runner 2026-04-02 01:09:47 +02:00
cătălin
6f9f930e04
 		feat: remove nextcloud 2026-04-02 01:07:20 +02:00
cătălin
f8a965756c
 		feat: update miniflux chart's appVersion to 2.2.18 2026-04-02 00:58:55 +02:00
cătălin
e7eee7c894
 		feat: add oxicloud charts and argo app 2026-04-02 00:56:40 +02:00
cătălin
90f78305c5
 		feat: remove oxicloud 2026-03-31 11:53:44 +02:00
Renovate Bot
16fddc240f chore(deps): update helm release renovate to 46.97.* 2026-03-31 09:51:19 +00:00
Renovate Bot
68cf9339e1 chore(deps): update helm release meilisearch to 0.30.* 2026-03-31 04:28:26 +00:00
Renovate Bot
838dde47e6 chore(deps): update helm release meilisearch to 0.29.* 2026-03-27 12:12:27 +00:00
Renovate Bot
0fe44b4b3a chore(deps): update helm release renovate to 46.86.* 2026-03-27 12:11:49 +00:00
Renovate Bot
55b116672a chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.14.1 2026-03-26 04:30:26 +00:00
Renovate Bot
5d430206dd chore(deps): update code.forgejo.org/forgejo/runner docker tag to v12.7.3 2026-03-25 07:50:44 +00:00
Renovate Bot
7cb0c2b6b6 chore(deps): update helm release renovate to 46.84.* 2026-03-25 03:44:53 +00:00
Renovate Bot
610f8af7cc chore(deps): update code.forgejo.org/forgejo/runner docker tag to v12.7.2 2026-03-24 11:29:39 +00:00
Renovate Bot
028576be92 chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.13 2026-03-24 11:03:15 +00:00
Renovate Bot
b1940a2581 chore(deps): update helm release renovate to 46.82.* 2026-03-24 10:39:00 +00:00
Renovate Bot
79f307f0b6 chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v16.2.1 2026-03-24 10:15:37 +00:00
Renovate Bot
25464f94d7 chore(deps): update helm release portainer to 239.1.* 2026-03-20 05:20:27 +00:00
Renovate Bot
5387e46cb2 chore(deps): update helm release renovate to 46.72.* 2026-03-18 17:20:10 +00:00
Renovate Bot
4807e3b6db chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.11 2026-03-18 17:12:19 +00:00
cătălin
0b05fdcf73
 		feat: remove tandoor 2026-03-18 17:16:33 +01:00
cătălin
9de29c25eb
 		feat: remove minecraft 2026-03-18 17:16:22 +01:00
Renovate Bot
b305270466 chore(deps): update opentofu/setup-opentofu action to v2 2026-03-18 11:01:29 +00:00
Renovate Bot
021170111d chore(deps): update helm release meilisearch to 0.28.* 2026-03-18 10:14:56 +00:00
Renovate Bot
b1635c088c chore(deps): update ghcr.io/antoniolago/charts/vaultwarden-kubernetes-secrets docker tag to v1.3.0 2026-03-16 06:43:38 +00:00
Renovate Bot
fa452a9940 chore(deps): update vabene1111/recipes docker tag to v2.5.3 2026-03-12 09:00:03 +00:00
Renovate Bot
3b16ee38a3 chore(deps): update helm release meilisearch to 0.27.* 2026-03-12 08:07:28 +00:00
Renovate Bot
fedc5e6969 chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.14.0 2026-03-12 04:41:45 +00:00
cătălin
6b934e23dc
 		feat: remove backrest 2026-03-11 11:20:31 +01:00
Renovate Bot
3c676e9151 chore(deps): update mbround18/valheim docker tag to v3.6 2026-03-11 09:26:51 +00:00
cătălin
63e5a99360
 		feat: migrate miniflux to helm 2026-03-11 10:25:50 +01:00
cătălin
3f598b02f1
 		feat: remove oxicloud git submodule 2026-03-11 10:15:11 +01:00
Renovate Bot
4d0d2532fe chore(deps): update helm release renovate to 46.58.* 2026-03-11 08:34:36 +00:00
Renovate Bot
cf0e490096 chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.10 2026-03-11 08:33:07 +00:00
Renovate Bot
de2acfc690 chore(deps): update helm release portainer to v239 2026-03-11 08:24:44 +00:00
Renovate Bot
ba2b412931 chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.12.10 2026-03-11 03:24:24 +00:00
cătălin
ba3e9c69a0
 		feat: remove k8s/pulse 2026-03-10 18:16:35 +01:00
cătălin
1fe44ddc30
 		feat: remove k8s/kubetail 2026-03-10 18:15:48 +01:00
cătălin
8f2669ab77
 		feat: delete k8s/redis 2026-03-10 18:14:33 +01:00
cătălin
9d01bc5177
 		feat: add k8s/vaultwarden-secrets-manager 2026-03-10 18:14:16 +01:00
cătălin
9627c49ad8
 		feat: remove k8s/psql 2026-03-10 17:00:30 +01:00
cătălin
708173d84e
 		feat: add docker/oxicloud 2026-03-10 11:20:46 +01:00
cătălin
b20e4f0ef4
 		feat: add docker/minecraft 2026-03-04 10:31:34 +01:00
Renovate Bot
351119601f chore(deps): update tailscale/tailscale docker tag to v1.94.2 2026-02-28 10:29:21 +00:00
Renovate Bot
b2ef06fdb8 chore(deps): update helm release portainer to 2.39.* 2026-02-28 09:50:22 +00:00
Renovate Bot
c5f8fef0f4 chore(deps): update helm release authentik to v2026 2026-02-28 03:23:17 +00:00
Renovate Bot
7bce1b85a9 chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.13.0 2026-02-25 17:51:05 +00:00
Renovate Bot
79722144fa chore(deps): update vaultwarden/server docker tag to v1.35.4 2026-02-24 04:47:02 +00:00
Renovate Bot
fd5188f5c8 chore(deps): update helm release meilisearch to 0.25.* 2026-02-23 17:44:16 +00:00
Renovate Bot
49fa998a47 chore(deps): update helm release kured to 5.11.* 2026-02-23 17:43:56 +00:00
Renovate Bot
83307d3a86 chore(deps): update https://code.forgejo.org/actions/checkout action to v6 2026-02-23 17:43:20 +00:00
Renovate Bot
41b277b915 chore(deps): update helm release kubetail to v0.18.0 2026-02-23 16:17:27 +00:00
Renovate Bot
5c282202c1 chore(deps): update helm release renovate to 46.31.* 2026-02-23 16:16:41 +00:00
Renovate Bot
6d85d8f90d chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.12.9 2026-02-23 16:13:03 +00:00
Renovate Bot
1e4fb83472 chore(deps): update rcourtman/pulse docker tag to v5.1.13 2026-02-23 16:00:59 +00:00
Renovate Bot
c991fd57ba chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.8 2026-02-22 03:30:29 +00:00
Renovate Bot
26b2654443 chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v16.2.0 2026-02-16 23:51:34 +00:00
Renovate Bot
2b71507c5e chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.12.0 2026-02-15 23:49:51 +00:00
Renovate Bot
c76d3db733 chore(deps): update vaultwarden/server docker tag to v1.35.3 2026-02-12 03:06:50 +00:00
Renovate Bot
6ff4153f7d chore(deps): update code.forgejo.org/forgejo/runner docker tag to v12.6.4 2026-02-11 14:39:21 +00:00
Renovate Bot
cb69598081 chore(deps): update rcourtman/pulse docker tag to v5.1.8 2026-02-11 03:03:46 +00:00
Renovate Bot
28c8df1967 chore(deps): update terraform authentik to v2025.12.1 2026-02-11 01:05:13 +00:00
Renovate Bot
ab6338496d chore(deps): update helm release renovate to 46.6.* 2026-02-10 15:37:17 +00:00
Renovate Bot
6a56ed25a4 chore(deps): update rcourtman/pulse docker tag to v5.1.6 2026-02-10 03:21:37 +00:00
Renovate Bot
e6fa586fbe chore(deps): update helm release pulse to 5.1.* 2026-02-06 16:36:26 +00:00
Renovate Bot
b144f9a03a chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.11.5 2026-02-04 00:28:26 +00:00
Renovate Bot
c07ddb4c86 chore(deps): update helm release renovate to v46 2026-02-03 10:04:46 +00:00
Renovate Bot
c5a6d64a8b chore(deps): update vabene1111/recipes docker tag to v2.4.2 2026-02-02 21:27:30 +00:00
Renovate Bot
9f00f56733 chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.6 2026-02-02 20:34:34 +00:00
Renovate Bot
00d8d0adec chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.12.4 2026-02-02 16:03:07 +00:00
Renovate Bot
2713604383 chore(deps): update code.forgejo.org/forgejo/runner docker tag to v12 2026-02-01 03:20:32 +00:00
Renovate Bot
a390412f56 chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v16.0.2 2026-01-30 03:31:39 +00:00
Renovate Bot
f41e6349ef chore(deps): update ghcr.io/zibbp/ganymede docker tag to v4.11.4 2026-01-29 20:29:27 +00:00
Renovate Bot
970bc7e125 chore(deps): update tailscale/tailscale docker tag to v1.92.5 2026-01-29 03:22:25 +00:00
cătălin
a0ff217915
 		feat: add tailscale exit node 2026-01-28 19:23:35 +01:00
Renovate Bot
4b095e9fd3 chore(deps): update helm release renovate to 45.86.* 2026-01-28 15:20:49 +00:00
cătălin
aa05c20e2d
 		feat: add pulse 2026-01-28 12:37:28 +01:00
cătălin
7a4f608d2e
 		feat: add jellyseerr 2026-01-28 11:07:42 +01:00
cătălin
1ce70d911f
 		feat: add ganymede 2026-01-28 10:17:18 +01:00
Renovate Bot
b61b882081 chore(deps): update terraform authentik to v2025.12.0 2026-01-28 09:16:07 +00:00
Renovate Bot
79c399ad0c chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.12.3 2026-01-28 09:15:40 +00:00
Renovate Bot
1b1dc44b5b chore(deps): update vaultwarden/server docker tag to v1.35.2 2026-01-28 09:15:17 +00:00
Renovate Bot
0706f4e637 chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v16 2026-01-28 03:33:44 +00:00
cătălin
d0b57297ea
 		feat: add tandoor 2026-01-26 19:37:42 +01:00
cătălin
0764181b90
 		feat: remove netbird 2026-01-26 17:38:03 +01:00
cătălin
6356c49548
 		chore(deps): update authentik to 2025.12 2026-01-26 10:13:27 +01:00
Renovate Bot
7f92604fb0 chore(deps): update helm release kubetail to v0.17.0 2026-01-22 13:29:29 +00:00
Renovate Bot
63db0bc4c3 chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.12.1 2026-01-21 03:22:01 +00:00
Renovate Bot
fd28705137 chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.5 2026-01-20 11:21:04 +00:00
Renovate Bot
8341c04580 chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v15.1.0 2026-01-20 11:20:00 +00:00
Renovate Bot
8281d9a050 chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.12.0 2026-01-20 03:28:17 +00:00
Renovate Bot
2c176d7700 chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.4 2026-01-17 11:42:25 +00:00
Renovate Bot
806dc64134 chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.11.17 2026-01-17 03:00:29 +00:00
Renovate Bot
b99cb2c040 chore(deps): update helm release renovate to 45.74.* 2026-01-14 03:22:02 +00:00
Renovate Bot
951fc71b18 chore(deps): update helm release sealed-secrets to 2.18.* 2026-01-12 02:08:49 +00:00
Renovate Bot
b0daf0c1be chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v15.0.4 2026-01-11 10:37:57 +00:00
Renovate Bot
b0a23c7c05 chore(deps): update ghcr.io/lennart-k/rustical docker tag to v0.11.11 2026-01-11 05:54:36 +00:00
cătălin
a856c4b230
 		feat: add authentik-ldap module 2026-01-09 12:50:53 +01:00
Renovate Bot
2354f5971b chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.3 2026-01-09 10:26:05 +00:00
cătălin
c3560f7a6f
 		chore(deps): update dcsi's images to v1.9.5 2026-01-09 11:24:37 +01:00
Renovate Bot
d3ccbdde5a chore(deps): update helm release democratic-csi to 0.15.* 2026-01-05 20:27:11 +00:00
cătălin
758b40563c
 		chore: update forgejo and miniflux secrets 2026-01-05 20:48:30 +01:00
cătălin
ccbf516213
 		feat: update nextcloud compose to v32.0.3 2026-01-05 01:42:20 +01:00
cătălin
b5db854806
 		feat: update huesoporro to v0.3.7 2025-12-10 08:57:52 +01:00
Renovate Bot
e4dbf4efaf chore(deps): update helm release renovate to 45.21.* 2025-11-28 01:10:02 +00:00
Renovate Bot
6386316395 chore(deps): update helm release kubetail to v0.16.3 2025-11-27 18:23:05 +00:00
Renovate Bot
0a27275688 chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v15.0.3 2025-11-27 02:11:51 +00:00
Renovate Bot
fcb7a80d0a chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.20.0 2025-11-23 02:32:34 +00:00
cătălin
83d2ed9141
 		feat: add rustical 2025-11-17 21:53:46 +01:00
Renovate Bot
a33615f7b7 chore(deps): update helm release kubetail to v0.16.1 2025-11-10 15:16:12 +00:00
Renovate Bot
4a7ea8f4d6 chore(deps): update helm release renovate to v45 2025-11-10 15:09:02 +00:00
Renovate Bot
46d4414044 chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.19.5 2025-11-10 15:07:51 +00:00
Renovate Bot
f76ed737a0 chore(deps): update code.forgejo.org/forgejo/runner docker tag to v11.3.1 2025-11-08 02:40:25 +00:00
Renovate Bot
8becd750da chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.19.4 2025-11-06 10:03:48 +00:00
Renovate Bot
dd41bd3af2 chore(deps): update code.forgejo.org/forgejo/runner docker tag to v11.3.0 2025-11-05 01:52:26 +00:00
Renovate Bot
f46f166033 chore(deps): update netbirdio/netbird docker tag to v0.59.11 2025-11-03 11:56:21 +00:00
Renovate Bot
c54552f496 chore(deps): update netbirdio/relay docker tag to v0.59.11 2025-11-03 11:55:06 +00:00
Renovate Bot
c851e6b098 chore(deps): update netbirdio/signal docker tag to v0.59.11 2025-11-03 11:54:32 +00:00
Renovate Bot
77ebc7b5af chore(deps): update netbirdio/dashboard docker tag to v2.20.2 2025-11-03 11:47:35 +00:00
Renovate Bot
152666647e chore(deps): update mbround18/valheim docker tag to v3.4 2025-11-03 11:35:10 +00:00
Renovate Bot
d732728dea chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.19.3 2025-11-02 12:45:47 +00:00
cătălin
24d65c75d9
 		feat: update nextcloud compose to v32.0.1 2025-11-02 13:02:28 +01:00
Renovate Bot
f1504a9db1 chore(deps): update netbirdio/management docker tag to v0.59.10 2025-10-29 12:05:41 +00:00
Renovate Bot
7825d88fad chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v15.0.2 2025-10-29 11:35:19 +00:00
Renovate Bot
2213945f56 chore(deps): update terraform-linters/setup-tflint action to v6 2025-10-28 08:42:20 +00:00
Renovate Bot
222c4ad0b4 chore(deps): update terraform authentik to v2025.10.0 2025-10-28 02:49:20 +00:00
cătălin
d12c5a7d3d feat: remove valheim (#514) 2025-10-27 23:15:50 +00:00
Renovate Bot
dd6e297f70 chore(deps): update terraform authentik to v2025.8.1 2025-10-26 18:01:22 +00:00
Renovate Bot
3610526a18 chore(deps): update helm release kubetail to v0.15.4 2025-10-26 18:00:40 +00:00
Renovate Bot
5f6de8a1a3 chore(deps): update nextcloud docker tag to v32 2025-10-26 17:23:30 +00:00
Renovate Bot
502be00fb6 chore(deps): update https://code.forgejo.org/actions/setup-python action to v6 2025-10-26 16:51:36 +00:00
Renovate Bot
b677311121 chore(deps): update code.forgejo.org/forgejo/runner docker tag to v11.2.0 2025-10-26 16:48:13 +00:00
Renovate Bot
5fb949c9d5 chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v15 2025-10-25 02:25:09 +00:00
Hane
4a41859942 fix: changed 'dokuwiki' volume declaration 2025-10-25 01:15:41 +02:00
Hane
8b341ede57 feat: add dokuwiki (#504) 
Co-authored-by: Hane <inupwd@gmail.com>
Co-committed-by: Hane <inupwd@gmail.com>
 2025-10-23 21:15:21 +00:00
Renovate Bot
b938cffd45 chore(deps): update netbirdio/netbird docker tag to v0.59.8 2025-10-23 18:53:52 +00:00
Renovate Bot
a81ebfe573 chore(deps): update netbirdio/relay docker tag to v0.59.8 2025-10-23 16:37:39 +00:00
Renovate Bot
1837c1ca14 chore(deps): update netbirdio/management docker tag to v0.59.8 2025-10-23 16:21:26 +00:00
Renovate Bot
5fbf0a09a2 chore(deps): update netbirdio/signal docker tag to v0.59.8 2025-10-23 16:16:57 +00:00
Renovate Bot
dddd1b40ec chore(deps): update helm release renovate to v44 2025-10-23 16:13:23 +00:00
86 changed files with 2226 additions and 1002 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.forgejo/workflows/ci.yaml
View file

@ -7,11 +7,11 @@ jobs:
pre-commit: pre-commit:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- uses: https://code.forgejo.org/actions/checkout@v5 - uses: https://code.forgejo.org/actions/checkout@v6
- uses: https://code.forgejo.org/actions/setup-python@v5 - uses: https://code.forgejo.org/actions/setup-python@v6
with: with:
python-version: '3.10' python-version: '3.10'
- uses: opentofu/setup-opentofu@v1 - uses: opentofu/setup-opentofu@v2
with: with:
tofu_version: 1.7.0 tofu_version: 1.7.0
- uses: pre-commit/action@v3.0.1 - uses: pre-commit/action@v3.0.1
@ -19,7 +19,7 @@ jobs:
k8s: k8s:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- uses: https://code.forgejo.org/actions/checkout@v5 - uses: https://code.forgejo.org/actions/checkout@v6
- name: Set up Kubeconform - name: Set up Kubeconform
uses: bmuschko/setup-kubeconform@v1 uses: bmuschko/setup-kubeconform@v1
@ -30,8 +30,8 @@ jobs:
tflint: tflint:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- uses: https://code.forgejo.org/actions/checkout@v5 - uses: https://code.forgejo.org/actions/checkout@v6
- uses: terraform-linters/setup-tflint@v4 - uses: terraform-linters/setup-tflint@v6
name: Setup TFLint name: Setup TFLint
with: with:
tflint_version: v0.50.3 tflint_version: v0.50.3

8
.forgejo/workflows/deploy-tofu.yaml
View file

@ -10,8 +10,8 @@ jobs:
authentik: authentik:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- uses: https://code.forgejo.org/actions/checkout@v5 - uses: https://code.forgejo.org/actions/checkout@v6
- uses: opentofu/setup-opentofu@v1 - uses: opentofu/setup-opentofu@v2
with: with:
tofu_version: 1.8.1 tofu_version: 1.8.1
- name: Deploy - name: Deploy
@ -40,8 +40,8 @@ jobs:
adguard: adguard:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- uses: https://code.forgejo.org/actions/checkout@v5 - uses: https://code.forgejo.org/actions/checkout@v6
- uses: opentofu/setup-opentofu@v1 - uses: opentofu/setup-opentofu@v2
with: with:
tofu_version: 1.7.0 tofu_version: 1.7.0
- name: Deploy - name: Deploy

8
.pre-commit-config.yaml
View file

@ -1,7 +1,7 @@
--- ---
repos: repos:
- repo: https://github.com/pre-commit/pre-commit-hooks - repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0 rev: v6.0.0
hooks: hooks:
- id: trailing-whitespace - id: trailing-whitespace
- id: end-of-file-fixer - id: end-of-file-fixer
@ -15,18 +15,18 @@ repos:
- id: trailing-whitespace - id: trailing-whitespace
- repo: https://github.com/antonbabenko/pre-commit-terraform - repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.92.1 rev: v1.105.0
hooks: hooks:
- id: terraform_fmt - id: terraform_fmt
- repo: https://github.com/adrienverge/yamllint.git - repo: https://github.com/adrienverge/yamllint.git
rev: v1.35.1 rev: v1.38.0
hooks: hooks:
- id: yamllint - id: yamllint
args: [--format, parsable, --strict] args: [--format, parsable, --strict]
- repo: https://github.com/shellcheck-py/shellcheck-py - repo: https://github.com/shellcheck-py/shellcheck-py
rev: v0.10.0.1 rev: v0.11.0.1
hooks: hooks:
- id: shellcheck - id: shellcheck
files: \.sh files: \.sh

13
docker/dokuwiki/docker-compose.yml Normal file
View file

@ -0,0 +1,13 @@
---
services:
wiki:
image: dokuwiki/dokuwiki:2024-02-06b
restart: unless-stopped
ports:
- "44344:8080"
volumes:
- /mnt/nas1/shared/dokuwiki/dokuwiki:/storage
environment:
PHP_TIMEZONE: Europe/Madrid
PHP_MEMORYLIMIT: 512M
PHP_UPLOADLIMIT: 128M

41
docker/forgejo-runner/docker-compose.yml
View file

@ -1,41 +0,0 @@
---
x-runner-common: &runner-common
image: code.forgejo.org/forgejo/runner:11.1.2
links:
- docker-in-docker
depends_on:
docker-in-docker:
condition: service_started
user: 1001:1001
restart: unless-stopped
command: '/bin/sh -c "sleep 5; forgejo-runner daemon"'
environment:
DOCKER_HOST: tcp://docker-in-docker:2375
networks:
forgejo:
external: false
services:
docker-in-docker:
image: docker:dind
container_name: 'docker_dind'
privileged: true
command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false']
restart: 'unless-stopped'
runner:
<<: *runner-common
container_name: 'runner'
volumes:
- ${FORGEJO_RUNNER_DATA:-/mnt/nas1/shared/forgejo-runner/data}:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
runner-2:
<<: *runner-common
container_name: 'runner2'
volumes:
- ${FORGEJO_RUNNER_DATA:-/mnt/nas1/shared/forgejo-runner/data2}:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro

48
docker/ganymede/docker-compose.yml Normal file
View file

@ -0,0 +1,48 @@
---
services:
ganymede:
container_name: ganymede
image: ghcr.io/zibbp/ganymede:4.16.0
restart: unless-stopped
environment:
DEBUG: ${GANYMEDE_DEBUG:-false}
TZ: ${GANYMEDE_TZ:-Europe/Madrid}
VIDEOS_DIR: ${GANYMEDE_VIDEOS_DIR:-/data/videos}
TEMP_DIR: ${GANYMEDE_TEMP_DIR:-/data/temp}
LOGS_DIR: ${GANYMEDE_LOGS_DIR:-/data/logs}
CONFIG_DIR: ${GANYMEDE_CONFIG_DIR:-/data/config}
DB_HOST: ${GANYMEDE_DB_HOST:-192.168.1.3}
DB_PORT: ${GANYMEDE_DB_PORT:-5432}
DB_USER: ${GANYMEDE_DB_USER:-ganymede}
DB_PASS: ${GANYMEDE_DB_PASS}
DB_NAME: ${GANYMEDE_DB_NAME:-ganymede}
DB_SSL: ${GANYMEDE_DB_SSL:-disable}
TWITCH_CLIENT_ID: ${GANYMEDE_TWITCH_CLIENT_ID}
TWITCH_CLIENT_SECRET: ${GANYMEDE_TWITCH_CLIENT_SECRET}
MAX_CHAT_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS:-3}
MAX_CHAT_RENDER_EXECUTIONS: ${GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS:-2}
MAX_VIDEO_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS:-2}
MAX_VIDEO_CONVERT_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS:-3}
MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS:-2}
OAUTH_ENABLED: ${GANYMEDE_OAUTH_ENABLED:-true}
OAUTH_PROVIDER_URL: ${GANYMEDE_OAUTH_PROVIDER_URL:-https://auth.fukurokuju.dev/application/o/ganymede/}
OAUTH_CLIENT_ID: ${GANYMEDE_OAUTH_CLIENT_ID}
OAUTH_CLIENT_SECRET: ${GANYMEDE_OAUTH_CLIENT_SECRET}
OAUTH_REDIRECT_URL: ${GANYMEDE_OAUTH_REDIRECT_URL:-https://vods.roboces.dev/api/v1/auth/oauth/callback}
SHOW_SSO_LOGIN_BUTTON: ${GANYMEDE_SHOW_SSO_LOGIN_BUTTON:-true}
FORCE_SSO_AUTH: ${GANYMEDE_FORCE_SSO_AUTH:-true}
REQUIRE_LOGIN: ${GANYMEDE_REQUIRE_LOGIN:-true}
volumes:
- ${GANYMEDE_VIDEOS:-/mnt/vods/ganymede/videos}:/data/videos
- ${GANYMEDE_TEMP:-/mnt/vods/ganymede/temp}:/data/temp
- ${GANYMEDE_CACHE:-/mnt/vods/ganymede/cache}:/data/.cache
- ${GANYMEDE_LOGS:-/mnt/vods/ganymede/logs}:/data/logs
- ${GANYMEDE_CONFIG:-/mnt/vods/ganymede/config}:/data/config
ports:
- "4800:4000"
healthcheck:
test: curl --fail http://localhost:4000/health || exit 1
interval: 60s
retries: 5
start_period: 60s
timeout: 10s

27
docker/ganymede/sample.env Normal file
View file

@ -0,0 +1,27 @@
GANYMEDE_DEBUG=false
GANYMEDE_TZ=Europe/Madrid
GANYMEDE_VIDEOS_DIR=/data/videos
GANYMEDE_TEMP_DIR=/data/temp
GANYMEDE_LOGS_DIR=/data/logs
GANYMEDE_CONFIG_DIR=/data/config
GANYMEDE_DB_HOST=192.168.1.3
GANYMEDE_DB_PORT=5432
GANYMEDE_DB_USER=ganymede
GANYMEDE_DB_PASS=
GANYMEDE_DB_NAME=ganymede
GANYMEDE_DB_SSL=disable
GANYMEDE_TWITCH_CLIENT_ID=
GANYMEDE_TWITCH_CLIENT_SECRET=
GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS=3
GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS=2
GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS=2
GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS=3
GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS=2
GANYMEDE_OAUTH_ENABLED=true
GANYMEDE_OAUTH_PROVIDER_URL=https://auth.fukurokuju.dev/application/o/ganymede/
GANYMEDE_OAUTH_CLIENT_ID=
GANYMEDE_OAUTH_CLIENT_SECRET=
GANYMEDE_OAUTH_REDIRECT_URL=https://vods.roboces.dev/api/v1/auth/oauth/callback
GANYMEDE_SHOW_SSO_LOGIN_BUTTON=true
GANYMEDE_FORCE_SSO_AUTH=false
GANYMEDE_REQUIRE_LOGIN=false

40
docker/minecraft/docker-compose.yml
View file

@ -1,40 +0,0 @@
---
services:
mc:
image: itzg/minecraft-server:java23-graalvm
tty: true
stdin_open: true
ports:
- "25565:25565"
environment:
EULA: "TRUE"
MEMORY: ${MEMORY:-"6G"}
TZ: "Europe/Madrid"
VERSION: 1.20.1
ENABLE_ROLLING_LOGS: true
USE_AIKAR_FLAGS: true
MOTD: "Huesoperrers Minecraft Episodio 2: Ahora es personal"
ICON: /data/icon.png
MAX_PLAYERS: 10
MAX_WORLD_SIZE: 10000
SEED: huesoperrers2
MODE: survival
ONLINE_MODE: false
ALLOW_FLIGHT: true
SERVER_NAME: Huesoperrers and co.
PLAYER_IDLE_TIMEOUT: 15
STOP_SERVER_ANNOUNCE_DELAY: 30
WHITELIST: ${WHITELIST}
OPS: ${OPS}
SYNCHRONIZE: true
MERGE: true
ENFORCE_WHITELIST: true
ENABLE_RCON: false
MAX_TICK_TIME: -1
USER_API_PROVIDER: ${USER_API_PROVIDER:-playerdb}
DIFFICULTY: ${DIFFICULTY:-normal}
ENABLE_AUTOPAUSE: true
DEBUG_AUTOPAUSE: false
TYPE: FORGE
volumes:
- ${MC_DATA_DIR:-/mnt/zeruel/nas1/shared/mc2}:/data

112
docker/netbird/docker-compose.yml
View file

@ -1,112 +0,0 @@
---
services:
dashboard:
image: netbirdio/dashboard:v2.19.0
restart: unless-stopped
ports:
- 8005:80
environment:
NETBIRD_MGMT_API_ENDPOINT: ${NETBIRD_MGMT_API_ENDPOINT:-https://vpn.fukurokuju.dev}
NETBIRD_MGMT_GRPC_API_ENDPOINT: ${NETBIRD_MGMT_GRPC_API_ENDPOINT:-https://vpn.fukurokuju.dev}
AUTH_AUDIENCE: ${NETBIRD_AUTH_AUDIENCE:-64e44b85ebdec2a3cf87c0c9916e2dbb0570f6d87b03ca8d149c3551565c3057ce1e559d16b5399cb7df60646e4e2bc6515842a198efb09d1620ea9ac1d8ace2} # yamllint disable rule:line-length
AUTH_CLIENT_ID: ${NETBIRD_AUTH_CLIENT_ID:-64e44b85ebdec2a3cf87c0c9916e2dbb0570f6d87b03ca8d149c3551565c3057ce1e559d16b5399cb7df60646e4e2bc6515842a198efb09d1620ea9ac1d8ace2} # yamllint disable rule:line-length
AUTH_AUTHORITY: ${NETBIRD_AUTH_AUTHORITY:-https://auth.fukurokuju.dev/application/o/netbird/}
USE_AUTH0: false
AUTH_SUPPORTED_SCOPES: ${NETBIRD_AUTH_SUPPORTED_SCOPES:-api offline_access openid email profile}
AUTH_REDIRECT_URI:
AUTH_SILENT_REDIRECT_URI:
NETBIRD_TOKEN_SOURCE: accessToken
NGINX_SSL_PORT: 443
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
signal:
image: netbirdio/signal:0.59.2
restart: unless-stopped
volumes:
- netbird-signal:/var/lib/netbird
ports:
- "10000:80"
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
relay:
image: netbirdio/relay:0.59.2
restart: unless-stopped
environment:
NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info}
NB_LISTEN_ADDRESS: ${NB_LISTEN_ADDRESS:-:33080}
NB_EXPOSED_ADDRESS: ${NB_EXPOSED_ADDRESS:-vpn.fukurokuju.dev:33080}
NB_AUTH_SECRET: ${NB_AUTH_SECRET}
ports:
- "33080:33080"
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
management:
image: netbirdio/management:0.59.2
restart: unless-stopped
depends_on:
- dashboard
volumes:
- ${NETBIRD_MANAGEMENT_VOLUME:-/mnt/nas1/shared/netbird/management}/data:/var/lib/netbird
- ${NETBIRD_MANAGEMENT_VOLUME:-/mnt/nas1/shared/netbird/management}/management.json:/etc/netbird/management.json:z
ports:
- "33073:443"
command: [
"--port", "443",
"--log-file", "console",
"--log-level", "info",
"--disable-anonymous-metrics=false",
"--single-account-mode-domain=vpn.fukurokuju.dev",
"--dns-domain=netbird.fuku",
]
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
environment:
- NETBIRD_STORE_ENGINE_POSTGRES_DSN=
coturn:
image: coturn/coturn:4.7
restart: unless-stopped
domainname: vpn.fukurokuju.dev
volumes:
- ${NETBIRD_COTURN_VOLUME:-/mnt/nas1/shared/netbird/coturn}/turnserver.conf:/etc/turnserver.conf:ro
network_mode: host
command:
- -c /etc/turnserver.conf
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
peer-1:
image: netbirdio/netbird:0.59.0
restart: unless-stopped
volumes:
- ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird
environment:
NB_MANAGEMENT_URL: https://vpn.fukurokuju.dev:443
NB_SETUP_KEY: ${NB_SETUP_KEY}
cap_add:
- NET_ADMIN
depends_on:
- management
- dashboard
- relay
- signal
- coturn
volumes:
netbird-mgmt:
netbird-signal:

2
docker/netbird/sample.env
View file

@ -1,2 +0,0 @@
NB_AUTH_SECRET=
NB_SETUP_KEY=

62
docker/nextcloud/Dockerfile
View file

@ -1,62 +0,0 @@
FROM nextcloud:31.0.6-apache
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
ffmpeg \
ghostscript \
libmagickcore-6.q16-6-extra \
procps \
smbclient \
supervisor \
vim \
clamav \
sudo \
; \
rm -rf /var/lib/apt/lists/*
RUN set -ex; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libbz2-dev \
libc-client-dev \
libkrb5-dev \
libsmbclient-dev \
; \
\
docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
docker-php-ext-install \
bz2 \
imap \
; \
pecl install smbclient; \
docker-php-ext-enable smbclient; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
RUN mkdir -p \
/var/log/supervisord \
/var/run/supervisord \
;
COPY supervisord.conf /
ENV NEXTCLOUD_UPDATE=1
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

40
docker/nextcloud/docker-compose.yml
View file

@ -1,40 +0,0 @@
---
services:
imaginary:
image: nextcloud/aio-imaginary:latest
cap_add:
- SYS_NICE
volumes:
- type: tmpfs
target: /tmp:exec
environment:
- TZ=Europe/Madrid
restart: unless-stopped
networks:
- nextcloud
nextcloud:
image: git.roboces.dev/catalin/fukuops:nextcloud-31.0.6
volumes:
- /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data
- /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config
- /mnt/nas1/legacy-storage/cloud/cloud/custom_apps:/var/www/html/custom_apps
- /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps
- type: tmpfs
target: /tmp:exec
- supervisorlog:/var/log/supervisor:z
- supervisorpid:/var/run/supervisord/:z
environment:
PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M}
NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1}
restart: unless-stopped
ports:
- '8080:80'
networks:
- nextcloud
networks:
nextcloud: {}
volumes:
supervisorlog: {}
supervisorpid: {}

22
docker/nextcloud/supervisord.conf
View file

@ -1,22 +0,0 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error
[program:apache2]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=apache2-foreground
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/cron.sh

2
docker/paperless/docker-compose.yml
View file

@ -14,7 +14,7 @@ services:
webserver: webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:2.18.4 image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15
restart: unless-stopped restart: unless-stopped
ports: ports:
- 8002:8000 - 8002:8000

18
docker/rustical/docker-compose.yml Normal file
View file

@ -0,0 +1,18 @@
---
services:
rustical:
image: ghcr.io/lennart-k/rustical:0.12.12
restart: unless-stopped
ports:
- '4000:4000'
volumes:
- "${RUSTICAL_DATA_VOLUME:-/mnt/nas1/shared/rustical/:/var/lib/rustical/}"
environment:
RUSTICAL_OIDC__NAME: ${RUSTICAL_OIDC_NAME:-Authentik}
RUSTICAL_OIDC__ISSUER: ${RUSTICAL_OIDC_ISSUER:-https://auth.fukurokuju.dev/application/o/rustical/}
RUSTICAL_OIDC__CLIENT_ID: ${RUSTICAL_OIDC_CLIENT_ID}
RUSTICAL_OIDC__CLIENT_SECRET: ${RUSTICAL_OIDC_CLIENT_SECRET}
RUSTICAL_OIDC__CLAIM_USERID: ${RUSTICAL_OIDC_CLAIM_USERID:-preferred_username}
RUSTICAL_OIDC__SCOPES: '["openid", "profile", "groups"]'
RUSTICAL_OIDC__ALLOW_SIGN_UP: "true"
RUSTICAL_FRONTEND__ALLOW_PASSWORD_LOGIN: ${RUSTICAL_FRONTED_ALLOW_PASSWORD_LOGIN:-false}

18
docker/tailscale/docker-compose.yml Normal file
View file

@ -0,0 +1,18 @@
---
services:
tailscale:
image: tailscale/tailscale:v1.96.5
hostname: tailscale
environment:
TS_AUTHKEY: ${TS_AUTHKEY}
TS_HOSTNAME: ${TS_HOSTNAME:-docker-exit-node}
TS_EXTRA_ARGS: ${TS_EXTRA_ARGS:---advertise-exit-node}
TS_ROUTES: ${TS_ROUTES:-192.168.1.0/24}
TS_STATE_DIR: /var/lib/tailscale
volumes:
- ${TS_VOLUME:-/mnt/nas1/shared/tailscale}:/var/lib/tailscale
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- net_admin
restart: unless-stopped

5
docker/tailscale/sample.env Normal file
View file

@ -0,0 +1,5 @@
TS_AUTHKEY=
TS_HOSTNAME=docker-exit-node
TS_EXTRA_ARGS=--advertise-exit-node
TS_ROUTES=192.168.1.0/24
TS_VOLUME=/mnt/nas1/shared/tailscale

2
docker/vaultwarden/docker-compose.yml
View file

@ -1,7 +1,7 @@
--- ---
services: services:
vaultwarden: vaultwarden:
image: vaultwarden/server:1.34.3-alpine image: vaultwarden/server:1.36.0-alpine
restart: unless-stopped restart: unless-stopped
environment: environment:
DATABASE_URL: ${DATABASE_URL} DATABASE_URL: ${DATABASE_URL}

4
k8s/argo-apps/authentik.yaml
View file

@ -12,7 +12,7 @@ spec:
sources: sources:
- chart: authentik - chart: authentik
repoURL: https://charts.goauthentik.io/ repoURL: https://charts.goauthentik.io/
targetRevision: 2025.8.* targetRevision: 2026.2.*
helm: helm:
valuesObject: valuesObject:
authentik: authentik:
@ -26,7 +26,7 @@ spec:
timeout: 30 timeout: 30
from: auth@fukurokuju.dev from: auth@fukurokuju.dev
postgresql: postgresql:
host: psql15-postgres.apps-fuku.svc.cluster.local host: 192.168.1.3
port: 5432 port: 5432
name: auth name: auth
user: file:///authentik-creds/pg_username user: file:///authentik-creds/pg_username

12
k8s/argo-apps/dcsi.yaml
View file

@ -12,13 +12,23 @@ spec:
sources: sources:
- chart: democratic-csi - chart: democratic-csi
repoURL: https://democratic-csi.github.io/charts/ repoURL: https://democratic-csi.github.io/charts/
targetRevision: 0.14.* targetRevision: 0.15.*
helm: helm:
releaseName: zfs-nfs releaseName: zfs-nfs
valuesObject: valuesObject:
node:
driver:
image:
tag: next
controller:
driver:
image:
tag: next
csiDriver: csiDriver:
name: org.dcsi.nfs name: org.dcsi.nfs
driver: driver:
image:
tag: next
existingConfigSecret: secrets-dcsi existingConfigSecret: secrets-dcsi
config: config:
driver: freenas-api-nfs driver: freenas-api-nfs

46
k8s/argo-apps/elastic.yaml
View file

@ -1,46 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: elastic
namespace: argocd
spec:
destination:
name: ''
namespace: apps-fuku
server: https://kubernetes.default.svc
sources:
- chart: elasticsearch
repoURL: registry-1.docker.io/bitnamicharts
targetRevision: 22.1.6
helm:
valuesObject:
service:
type: LoadBalancer
master:
persistence:
enabled: true
storageClass: truenas-nfs-csi
accessModes:
- ReadWriteMany
size: 50Gi
ingress:
enabled: true
hostname: elastic.fuku
tls: true
selfSigned: true
ingressClassName: traefik
data:
persistence:
enabled: true
storageClass: truenas-nfs-csi
accessModes:
- ReadWriteMany
size: 50Gi
autoscaling:
enabled: true
maxReplicas: 3
minReplicas: 1
project: fuku
syncPolicy:
automated: {}

45
k8s/argo-apps/factorio.yaml
View file

@ -1,45 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: factorio
namespace: argocd
spec:
destination:
name: ''
namespace: apps-fuku
server: https://kubernetes.default.svc
sources:
- chart: factorio-server-charts
repoURL: https://sqljames.github.io/factorio-server-charts/
targetRevision: 2.5.*
helm:
valuesObject:
rcon:
passwordSecret: secrets-factorio
nodeSelector:
kubernetes.io/hostname: agent1
image:
tag: latest
factorioServer:
save_name: fukurokuju-space
admin_list:
- Phireh
account:
accountSecret: secrets-factorio
server_settings:
name: factorio-fukurokuju
visibility:
public: false
require_user_verification: false
persistence:
storageClassName: truenas-nfs-csi
serverPassword:
passwordSecret: secrets-factorio
- repoURL: https://git.roboces.dev/catalin/fukuops.git
path: k8s/services/factorio
targetRevision: main
project: fuku
syncPolicy:
automated: {}

16
k8s/argo-apps/forgejo.yaml
View file

@ -14,10 +14,10 @@ spec:
sources: sources:
- chart: forgejo - chart: forgejo
repoURL: code.forgejo.org/forgejo-helm repoURL: code.forgejo.org/forgejo-helm
targetRevision: 14.0.4 targetRevision: 17.0.1
helm: helm:
valuesObject: valuesObject:
replicaCount: 2 replicaCount: 1
service: service:
http: http:
type: LoadBalancer type: LoadBalancer
@ -49,15 +49,8 @@ spec:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
config: config:
indexer:
ISSUE_INDEXER_CONN_STR: http://elastic-elasticsearch.apps-fuku.svc.cluster.local:9200
ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: elasticsearch
REPO_INDEXER_ENABLED: false
REPO_INDEXER_TYPE: elasticsearch
actions: actions:
ENABLED: true ENABLED: false
DEFAULT_ACTIONS_URL: https://github.com
picture: picture:
DISABLE_GRAVATAR: false DISABLE_GRAVATAR: false
ENABLE_FEDERATED_AVATAR: true ENABLE_FEDERATED_AVATAR: true
@ -106,9 +99,6 @@ spec:
enabled: false enabled: false
redis-cluster: redis-cluster:
enabled: false enabled: false
- path: k8s/services/forgejo
repoURL: https://git.roboces.dev/catalin/fukuops.git
targetRevision: main
project: roboces project: roboces
syncPolicy: syncPolicy:
automated: {} automated: {}

2
k8s/argo-apps/huesporro.yaml
View file

@ -12,7 +12,7 @@ spec:
sources: sources:
- path: charts/huesoporro - path: charts/huesoporro
repoURL: https://git.roboces.dev/catalin/huesoporro.git repoURL: https://git.roboces.dev/catalin/huesoporro.git
targetRevision: v0.3.6 targetRevision: v0.3.7
helm: helm:
valuesObject: valuesObject:
secret: secret:

38
k8s/argo-apps/kubetail.yaml
View file

@ -1,38 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubetail
namespace: argocd
spec:
destination:
name: ''
namespace: apps-fuku
server: https://kubernetes.default.svc
sources:
- chart: kubetail
repoURL: https://kubetail-org.github.io/helm-charts/
targetRevision: 0.15.2
helm:
valuesObject:
kubetail:
dashboard:
ingress:
enabled: true
className: traefik
tls: []
rules:
- host: logs.fuku
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubetail-dashboard
port:
number: 8080
project: fuku
syncPolicy:
automated: {}

2
k8s/argo-apps/kured.yaml
View file

@ -13,7 +13,7 @@ spec:
source: source:
chart: kured chart: kured
repoURL: https://kubereboot.github.io/charts repoURL: https://kubereboot.github.io/charts
targetRevision: 5.10.* targetRevision: 5.11.*
helm: helm:
valuesObject: valuesObject:
configuration.rebootDays: configuration.rebootDays:

4
k8s/argo-apps/meili.yaml
View file

@ -18,13 +18,13 @@ spec:
targetRevision: main targetRevision: main
- chart: meilisearch - chart: meilisearch
repoURL: https://meilisearch.github.io/meilisearch-kubernetes repoURL: https://meilisearch.github.io/meilisearch-kubernetes
targetRevision: 0.17.* targetRevision: 0.32.*
helm: helm:
valuesObject: valuesObject:
environment: environment:
MEILI_ENV: production MEILI_ENV: production
auth: auth:
existingMasterKeySecret: meilisearch-master-key existingMasterKeySecret: meili
service: service:
type: NodePort type: NodePort
port: 7700 port: 7700

74
k8s/argo-apps/miniflux.yaml
View file

@ -9,11 +9,77 @@ spec:
name: '' name: ''
namespace: apps-roboces namespace: apps-roboces
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
source: sources:
path: k8s/services/miniflux - path: k8s/charts/miniflux
repoURL: https://git.roboces.dev/catalin/fukuops.git repoURL: https://git.roboces.dev/catalin/fukuops.git
targetRevision: main targetRevision: main
sources: [] helm:
valuesObject:
replicaCount: 3
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 10000
runAsGroup: 10000
capabilities:
drop:
- all
service:
type: LoadBalancer
ingress:
enabled: true
className: "traefik"
hosts:
- host: feeds.roboces.dev
paths:
- path: /
pathType: Prefix
resources:
requests:
cpu: 300m
memory: 300Mi
ephemeral-storage: 2Gi
limits:
cpu: 400m
memory: 500Mi
ephemeral-storage: 4Gi
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 15
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 15
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
podDisruptionBudget:
enabled: true
maxUnavailable: 1
env:
RUN_MIGRATIONS: "1"
CREATE_ADMIN: "1"
OAUTH2_PROVIDER: oidc
OAUTH2_REDIRECT_URL: https://feeds.roboces.dev/oauth2/oidc/callback
OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://auth.fukurokuju.dev/application/o/miniflux/
OAUTH2_USER_CREATION: "1"
FETCH_YOUTUBE_WATCH_TIME: "1"
WORKER_POOL_SIZE: "1"
POLLING_FREQUENCY: "120"
BATCH_SIZE: "25"
METRICS_COLLECTOR: "1"
METRICS_ALLOWED_NETWORKS: 10.42.1.0/16
secret:
existingSecretName: miniflux
project: roboces project: roboces
syncPolicy: syncPolicy:
automated: {} automated:
prune: true
selfHeal: true

54
k8s/argo-apps/oxicloud.yaml Normal file
View file

@ -0,0 +1,54 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: oxicloud
namespace: argocd
spec:
destination:
name: ''
namespace: apps-roboces
server: https://kubernetes.default.svc
sources:
- path: k8s/charts/oxicloud
repoURL: https://git.roboces.dev/catalin/fukuops.git
targetRevision: main
helm:
valuesObject:
image:
repository: diocrafts/oxicloud
pullPolicy: Always
tag: "0.5.6"
persistence:
enabled: true
storageClass: "truenas-nfs-csi"
accessMode: ReadWriteMany
size: 50Gi
service:
type: LoadBalancer
config:
server:
port: 8086
host: "0.0.0.0"
baseUrl: "https://cloud.roboces.dev"
features:
enableAuth: "true"
enableSharing: "true"
mimalloc:
purgeDelay: "0"
allowLargeOsPages: "0"
secrets:
existingSecret: oxicloud
wopi:
enabled: false
ingress:
className: "traefik"
hosts:
- host: cloud.roboces.dev
paths:
- path: /
pathType: ImplementationSpecific
tls: []
project: roboces
syncPolicy:
automated: {}

2
k8s/argo-apps/portainer.yaml
View file

@ -15,7 +15,7 @@ spec:
sources: sources:
- repoURL: https://portainer.github.io/k8s/ - repoURL: https://portainer.github.io/k8s/
chart: portainer chart: portainer
targetRevision: 2.33.* targetRevision: 239.1.*
helm: helm:
valuesObject: valuesObject:
service: service:

26
k8s/argo-apps/psql.yaml
View file

@ -1,26 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: psql15
namespace: argocd
spec:
destination:
namespace: apps-fuku
server: 'https://kubernetes.default.svc'
sources:
- chart: postgres
targetRevision: 1.3.6
repoURL: https://groundhog2k.github.io/helm-charts/
helm:
valuesObject:
service:
type: LoadBalancer
storage:
accessModes:
- ReadWriteMany
className: truenas-nfs-csi
requestedSize: 150Gi
project: fuku
syncPolicy:
automated: {}

32
k8s/argo-apps/redis.yaml
View file

@ -1,32 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: redis
namespace: argocd
spec:
destination:
name: ''
namespace: apps-fuku
server: https://kubernetes.default.svc
sources:
- chart: redis
repoURL: registry-1.docker.io/cloudpirates
targetRevision: "0.9.*"
helm:
valuesObject:
auth:
existingSecret: secrets-redis
existingSecretPasswordKey: redis-password
persistence:
storageClass: truenas-nfs-csi
size: 10Gi
accessMode: ReadWriteMany
service:
type: LoadBalancer
- repoURL: https://git.roboces.dev/catalin/fukuops.git
path: k8s/services/redis
targetRevision: main
project: fuku
syncPolicy:
automated: {}

2
k8s/argo-apps/renovate.yaml
View file

@ -13,7 +13,7 @@ spec:
sources: sources:
- chart: renovate - chart: renovate
repoURL: https://docs.renovatebot.com/helm-charts repoURL: https://docs.renovatebot.com/helm-charts
targetRevision: 43.54.* targetRevision: 46.142.*
helm: helm:
valuesObject: valuesObject:
renovate: renovate:

2
k8s/argo-apps/sealed-secrets.yaml
View file

@ -12,7 +12,7 @@ spec:
source: source:
chart: sealed-secrets chart: sealed-secrets
repoURL: https://bitnami-labs.github.io/sealed-secrets repoURL: https://bitnami-labs.github.io/sealed-secrets
targetRevision: 2.17.* targetRevision: 2.18.*
helm: helm:
releaseName: sealed-secrets releaseName: sealed-secrets
valuesObject: valuesObject:

41
k8s/argo-apps/valheim.yaml
View file

@ -1,41 +0,0 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: valheim
namespace: argocd
spec:
destination:
name: ''
namespace: apps-fuku
server: https://kubernetes.default.svc
sources:
- path: k8s/charts/valheim-server
repoURL: https://git.roboces.dev/catalin/fukuops.git
targetRevision: main
helm:
valuesObject:
server:
name: "Huesoperrers Váljei"
public: 1
timezone: Europe/Madrid
secret:
name: valheim-secrets
key: server-password
persistence:
saves:
accessMode: ReadWriteMany
server:
accessMode: ReadWriteMany
backups:
accessMode: ReadWriteMany
resources:
requests:
memory: 4Gi
cpu: 2000m
limits:
memory: 8Gi
cpu: 4000m
project: fuku
syncPolicy:
automated: {}

64
k8s/argo-apps/vault-sm.yaml Normal file
View file

@ -0,0 +1,64 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vault-sm
namespace: argocd
spec:
destination:
name: ''
namespace: apps-fuku
server: https://kubernetes.default.svc
sources:
- chart: vaultwarden-kubernetes-secrets
repoURL: ghcr.io/antoniolago/charts
targetRevision: 1.4.01
helm:
valuesObject:
api:
enabled: true
service:
type: LoadBalancer
persistence:
storageClass: truenas-nfs-csi
dashboard:
enabled: true
service:
type: LoadBalancer
ingress:
enabled: true
className: traefik
hosts:
- host: vault-secrets.fuku
paths:
- path: /
pathType: Prefix
backend: dashboard
port: 80
- path: /api
pathType: Prefix
backend: api
port: 8080
env:
config:
VAULTWARDEN__SERVERURL: "https://vault.roboces.dev"
secrets:
BW_CLIENTID:
secretName: "vaultwarden-kubernetes-secrets"
secretKey: "BW_CLIENTID"
BW_CLIENTSECRET:
secretName: "vaultwarden-kubernetes-secrets"
secretKey: "BW_CLIENTSECRET"
VAULTWARDEN__MASTERPASSWORD:
secretName: "vaultwarden-kubernetes-secrets"
secretKey: "VAULTWARDEN__MASTERPASSWORD"
- path: k8s/services/vaultwarden-kubernetes-secrets
repoURL: https://git.roboces.dev/catalin/fukuops.git
targetRevision: main
project: fuku
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

57
k8s/argo-apps/woodpecker.yaml Normal file
View file

@ -0,0 +1,57 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: woodpecker
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: Force=true,Replace=true
spec:
destination:
name: ''
namespace: apps-roboces
server: https://kubernetes.default.svc
sources:
- chart: woodpecker
repoURL: ghcr.io/woodpecker-ci/helm
targetRevision: 3.5.1
helm:
valuesObject:
agent:
persistence:
storageClass: truenas-nfs-csi
accessModes:
- ReadWriteMany
server:
env:
WOODPECKER_ADMIN: 'woodpecker,admin,catalin'
WOODPECKER_HOST: 'https://ci.roboces.dev'
WOODPECKER_FORGEJO: "true"
WOODPECKER_FORGEJO_URL: "https://git.roboces.dev"
WOODPECKER_FORGEJO_CLIENT:
valueFrom:
secretKeyRef:
name: woodpecker
key: WOODPECKER_FORGEJO_CLIENT
WOODPECKER_FORGEJO_SECRET:
valueFrom:
secretKeyRef:
name: woodpecker
key: WOODPECKER_FORGEJO_SECRET
persistentVolume:
storageClass: truenas-nfs-csi
accessModes:
- ReadWriteMany
service:
type: LoadBalancer
ingress:
enabled: true
ingressClassName: traefik
hosts:
- host: ci.roboces.dev
paths:
- path: /
tls: []
project: roboces
syncPolicy:
automated: {}

6
k8s/charts/miniflux/Chart.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v2
name: miniflux
description: A Helm chart for Miniflux RSS reader
type: application
version: 0.1.0
appVersion: "2.2.18"

62
k8s/charts/miniflux/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "miniflux.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "miniflux.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "miniflux.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "miniflux.labels" -}}
helm.sh/chart: {{ include "miniflux.chart" . }}
{{ include "miniflux.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "miniflux.selectorLabels" -}}
app.kubernetes.io/name: {{ include "miniflux.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "miniflux.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "miniflux.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

73
k8s/charts/miniflux/templates/deployment.yaml Normal file
View file

@ -0,0 +1,73 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "miniflux.fullname" . }}
labels:
{{- include "miniflux.labels" . | nindent 4 }}
annotations:
kube-score/ignore: pod-networkpolicy,deployment-has-host-podantiaffinity
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "miniflux.selectorLabels" . | nindent 6 }}
strategy:
rollingUpdate:
maxSurge: 50%
maxUnavailable: 50%
type: RollingUpdate
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "miniflux.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
envFrom:
- secretRef:
name: {{ .Values.secret.existingSecretName | default (include "miniflux.fullname" .) }}
env:
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
restartPolicy: Always
automountServiceAccountToken: false

45
k8s/charts/miniflux/templates/ingress.yaml Normal file
View file

@ -0,0 +1,45 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "miniflux.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "miniflux.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if .pathType }}
pathType: {{ .pathType }}
{{- end }}
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

18
k8s/charts/miniflux/templates/poddisruptionbudget.yaml Normal file
View file

@ -0,0 +1,18 @@
{{- if .Values.podDisruptionBudget.enabled -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "miniflux.fullname" . }}
labels:
{{- include "miniflux.labels" . | nindent 4 }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "miniflux.selectorLabels" . | nindent 6 }}
{{- end }}

13
k8s/charts/miniflux/templates/secret.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if and .Values.secret.enabled (not .Values.secret.existingSecretName) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "miniflux.fullname" . }}
labels:
{{- include "miniflux.labels" . | nindent 4 }}
type: Opaque
stringData:
{{- range $key, $value := .Values.secret.data }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

15
k8s/charts/miniflux/templates/service.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "miniflux.fullname" . }}
labels:
{{- include "miniflux.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
protocol: TCP
name: http
selector:
{{- include "miniflux.selectorLabels" . | nindent 4 }}

42
k8s/charts/miniflux/values.yaml Normal file
View file

@ -0,0 +1,42 @@
# Configuration is managed in k8s/argo-apps/miniflux.yaml
replicaCount: 1
image:
repository: miniflux/miniflux
pullPolicy: Always
tag: ""
imagePullSecrets: []
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
service:
type: ClusterIP
port: 8888
targetPort: 8080
ingress:
enabled: false
resources: {}
livenessProbe: {}
readinessProbe: {}
autoscaling:
enabled: false
nodeSelector: {}
tolerations: []
affinity: {}
podDisruptionBudget:
enabled: false
env: {}
secret:
enabled: false
existingSecretName: ""
data: {}

23
k8s/charts/oxicloud/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

8
k8s/charts/oxicloud/Chart.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: v2
name: oxicloud
description: |
Ultra-fast, secure & lightweight self-hosted cloud storage — your files, photos, calendars & contacts, all in one place. Built in Rust.
type: application
version: 0.1.0
appVersion: "0.5.2"

32
k8s/charts/oxicloud/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,32 @@
{{/* Expand the name of the chart. */}}
{{- define "oxicloud.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/* Create a default fully qualified app name. */}}
{{- define "oxicloud.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/* Common labels */}}
{{- define "oxicloud.labels" -}}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{ include "oxicloud.selectorLabels" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/* Selector labels */}}
{{- define "oxicloud.selectorLabels" -}}
app.kubernetes.io/name: {{ include "oxicloud.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

22
k8s/charts/oxicloud/templates/configmap.yaml Normal file
View file

@ -0,0 +1,22 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "oxicloud.fullname" . }}-config
data:
OXICLOUD_SERVER_PORT: {{ .Values.config.server.port | quote }}
OXICLOUD_SERVER_HOST: {{ .Values.config.server.host | quote }}
{{- if .Values.config.server.baseUrl }}
OXICLOUD_BASE_URL: {{ .Values.config.server.baseUrl | quote }}
{{- end }}
OXICLOUD_ENABLE_AUTH: {{ .Values.config.features.enableAuth | quote }}
OXICLOUD_ENABLE_FILE_SHARING: {{ .Values.config.features.enableSharing | quote }}
MIMALLOC_PURGE_DELAY: {{ .Values.config.mimalloc.purgeDelay | quote }}
MIMALLOC_ALLOW_LARGE_OS_PAGES: {{ .Values.config.mimalloc.allowLargeOsPages | quote }}
{{- if .Values.wopi.enabled }}
OXICLOUD_WOPI_ENABLED: "true"
OXICLOUD_WOPI_DISCOVERY_URL: "{{ .Values.config.server.baseUrl }}/hosting/discovery"
{{- else }}
OXICLOUD_WOPI_ENABLED: "false"
{{- end }}

64
k8s/charts/oxicloud/templates/ingress.yaml Normal file
View file

@ -0,0 +1,64 @@
---
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "oxicloud.fullname" . }}
labels:
{{- include "oxicloud.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
- host: {{ (index .Values.ingress.hosts 0).host | quote }}
http:
paths:
{{- if .Values.wopi.enabled }}
# Route Collabora traffic to the WOPI pod
- path: /browser
pathType: Prefix
backend:
service:
name: {{ include "oxicloud.fullname" $ }}-wopi
port:
number: {{ .Values.wopi.collabora.service.port }}
- path: /hosting
pathType: Prefix
backend:
service:
name: {{ include "oxicloud.fullname" $ }}-wopi
port:
number: {{ .Values.wopi.collabora.service.port }}
- path: /cool
pathType: Prefix
backend:
service:
name: {{ include "oxicloud.fullname" $ }}-wopi
port:
number: {{ .Values.wopi.collabora.service.port }}
{{- end }}
# Default Catch-All: Route everything else to OxiCloud
- path: /
pathType: Prefix
backend:
service:
name: {{ include "oxicloud.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}

19
k8s/charts/oxicloud/templates/secret.yaml Normal file
View file

@ -0,0 +1,19 @@
---
{{- if not .Values.secrets.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "oxicloud.fullname" . }}-secret
labels:
{{- include "oxicloud.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.secrets.jwtSecret }}
OXICLOUD_JWT_SECRET: {{ .Values.secrets.jwtSecret | b64enc | quote }}
{{- end }}
DB_PASSWORD: {{ .Values.database.password | b64enc | quote }}
{{- if .Values.wopi.enabled }}
WOPI_ADMIN_USERNAME: {{ .Values.wopi.collabora.admin.username | b64enc | quote }}
WOPI_ADMIN_PASSWORD: {{ .Values.wopi.collabora.admin.password | b64enc | quote }}
{{- end }}
{{- end }}

32
k8s/charts/oxicloud/templates/service.yaml Normal file
View file

@ -0,0 +1,32 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "oxicloud.fullname" . }}
labels:
{{- include "oxicloud.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "oxicloud.selectorLabels" . | nindent 4 }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "oxicloud.fullname" . }}-headless
labels:
{{- include "oxicloud.labels" . | nindent 4 }}
spec:
clusterIP: None
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "oxicloud.selectorLabels" . | nindent 4 }}

53
k8s/charts/oxicloud/templates/statefulset.yaml Normal file
View file

@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "oxicloud.fullname" . }}
labels:
{{- include "oxicloud.labels" . | nindent 4 }}
spec:
serviceName: {{ include "oxicloud.fullname" . }}-headless
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "oxicloud.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "oxicloud.selectorLabels" . | nindent 8 }}
spec:
containers:
- name: oxicloud
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8086
protocol: TCP
envFrom:
- configMapRef:
name: {{ include "oxicloud.fullname" . }}-config
- secretRef:
name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }}
volumeMounts:
- name: storage-data
mountPath: /app/storage
{{- if not .Values.persistence.enabled }}
volumes:
- name: storage-data
emptyDir: {}
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: storage-data
spec:
accessModes:
- {{ .Values.persistence.accessMode }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- end }}

58
k8s/charts/oxicloud/templates/wopi-deployment.yaml Normal file
View file

@ -0,0 +1,58 @@
---
{{- if .Values.wopi.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "oxicloud.fullname" . }}-wopi
labels:
{{- include "oxicloud.labels" . | nindent 4 }}
app.kubernetes.io/component: wopi
spec:
replicas: 1
selector:
matchLabels:
{{- include "oxicloud.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: wopi
template:
metadata:
labels:
{{- include "oxicloud.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: wopi
spec:
containers:
- name: collabora
image: "{{ .Values.wopi.collabora.image.repository }}:{{ .Values.wopi.collabora.image.tag }}"
imagePullPolicy: {{ .Values.wopi.collabora.image.pullPolicy }}
# Required for Collabora to build chroot jails
securityContext:
capabilities:
add:
- MKNOD
ports:
- name: wopi
containerPort: 9980
protocol: TCP
env:
- name: aliasgroup1
value: "http://{{ .Values.wopi.collabora.domain }}"
- name: server_name
value: {{ .Values.wopi.collabora.domain | quote }}
- name: extra_params
value: {{ .Values.wopi.collabora.extraParams | quote }}
- name: username
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }}
key: WOPI_ADMIN_USERNAME
- name: password
valueFrom:
secretKeyRef:
name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }}
key: WOPI_ADMIN_PASSWORD
readinessProbe:
httpGet:
path: /hosting/discovery
port: wopi
initialDelaySeconds: 10
periodSeconds: 10
{{- end }}

20
k8s/charts/oxicloud/templates/wopi-service.yaml Normal file
View file

@ -0,0 +1,20 @@
---
{{- if .Values.wopi.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "oxicloud.fullname" . }}-wopi
labels:
{{- include "oxicloud.labels" . | nindent 4 }}
app.kubernetes.io/component: wopi
spec:
type: ClusterIP
ports:
- port: {{ .Values.wopi.collabora.service.port }}
targetPort: wopi
protocol: TCP
name: wopi
selector:
{{- include "oxicloud.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: wopi
{{- end }}

67
k8s/charts/oxicloud/values.yaml Normal file
View file

@ -0,0 +1,67 @@
---
replicaCount: 1
image:
repository: oxicloud
pullPolicy: IfNotPresent
tag: "latest"
database:
host: "postgres.example.com"
port: 5432
username: "postgres"
password: "change_me_in_production"
name: "oxicloud"
config:
server:
port: 8086
host: "0.0.0.0"
baseUrl: "https://cloud.example.com"
features:
enableAuth: "true"
enableSharing: "true"
mimalloc:
purgeDelay: "0"
allowLargeOsPages: "0"
persistence:
enabled: true
storageClass: ""
accessMode: ReadWriteOnce
size: 50Gi
wopi:
enabled: true
collabora:
url: "cloud.example.com"
image:
repository: collabora/code
tag: latest
pullPolicy: IfNotPresent
service:
port: 9980
admin:
username: admin
password: "wopi_admin_password"
extraParams: "--o:ssl.enable=false --o:ssl.termination=false --o:net.frame_ancestors=http://* https://*"
secrets:
existingSecret: ""
jwtSecret: ""
oidcClientSecret: ""
service:
type: ClusterIP
port: 8086
ingress:
enabled: true
className: "traefik"
annotations: {}
hosts:
- host: cloud.example.com
paths:
- path: /
pathType: ImplementationSpecific
tls: []

2
k8s/charts/valheim-server/values.yaml
View file

@ -3,7 +3,7 @@ image:
# -- Docker repository to use # -- Docker repository to use
repository: mbround18/valheim repository: mbround18/valheim
# -- Docker tag to use - use "latest" for most current version # -- Docker tag to use - use "latest" for most current version
tag: "3.3" tag: "3.6"
# -- Image pull policy # -- Image pull policy
pullPolicy: Always pullPolicy: Always

6
k8s/services/argo/project-fuku.yaml
View file

@ -25,8 +25,12 @@ spec:
- https://charts.crystalnet.org - https://charts.crystalnet.org
- https://portainer.github.io/k8s/ - https://portainer.github.io/k8s/
- https://docs.renovatebot.com/helm-charts - https://docs.renovatebot.com/helm-charts
- registry-1.docker.io/bitnamicharts
- https://meilisearch.github.io/meilisearch-kubernetes - https://meilisearch.github.io/meilisearch-kubernetes
- https://kubetail-org.github.io/helm-charts/ - https://kubetail-org.github.io/helm-charts/
- https://groundhog2k.github.io/helm-charts/ - https://groundhog2k.github.io/helm-charts/
- registry-1.docker.io/cloudpirates - registry-1.docker.io/cloudpirates
- https://vmware-tanzu.github.io/helm-charts/
- https://helm.runix.net
- https://rcourtman.github.io/Pulse
- ghcr.io/antoniolago/charts
- https://helm.elastic.co

3
k8s/services/argo/project-roboces.yaml
View file

@ -8,8 +8,11 @@ spec:
destinations: destinations:
- namespace: apps-roboces - namespace: apps-roboces
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
- namespace: woodpecker
server: https://kubernetes.default.svc
sourceRepos: sourceRepos:
- https://git.roboces.dev/catalin/fukuops.git - https://git.roboces.dev/catalin/fukuops.git
- code.forgejo.org/forgejo-helm - code.forgejo.org/forgejo-helm
- https://git.roboces.dev/catalin/huesoporro.git - https://git.roboces.dev/catalin/huesoporro.git
- https://gitlab.com/api/v4/projects/64552889/packages/helm/release - https://gitlab.com/api/v4/projects/64552889/packages/helm/release
- ghcr.io/woodpecker-ci/helm

18
k8s/services/factorio/sealedsecrets.yaml
View file

@ -1,18 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp:
name: secrets-factorio
namespace: apps-fuku
spec:
encryptedData:
game_password: AgCmUZilQTlqof5so2DyvjbCh3J8OAkz4lSQv++z+9XUz4/+KjwgEjP5SI9nf2WVfIHt7WiJN8oaPlYnm2XIdbBUrvKlTEuMAy2XeI8DE2+wKHXdbmLg7t3oZR/8kw3py9W3o4dlXp5XY2G4S3cG8TX0fkN58ni61mYv+zSvc6stcT/iveJqO5E+hXPcDSexzxQ/8DybS4D5g8W3N2OMhRoU0wwhYfXAuxN90BzFKgD6X/9Xy1c7pPQQkEidpA6l1uP5qIG/vChmIpqsOmQWbibGQn53el5ulPvaybx1wRu33eJJcSPRS+XthZv9dtwduFlboMT6QPWcVL5gSQ0ceCBidQIHGLRLxcHYPZz83miCeVYFY1xFegrwPBsXYEdfar5mufxgSQGtSHGzwEV0Ry+tcmjz9JqWpQBQVg10Bs0GYwvy/XGHi1BLCouAXXL//eVbGp1s9cl4uyN9Ymzt5zNrf/SvUweFsaCYrC6xVFA2CCsLbsyu/YbmKkO+cd1IwAle4luGmJHnZgrXKMwQFYoMTGsgEGYt87Itz7eOSmHEm/ZJwZ3oL6n0LGgHpJu1gb4Op0ZA9p44DKeg2fy5Go9rWeMOP0RIw8/SApE6QmT0Bw8QccddnTHhwuCLet2PoiUodKhFffTfGN6PGPeIcyQJpiEDxUI7nquWSNGTcMJDsR3LbzU6A8MpDQrrg5Az6YzyZOo7NLEMbitKLrqt9lfH5g7g # yamllint disable rule:line-length
password: AgCTY4hn/wTGipH9oX7SgS44PE6wEe34AB2Pz9IeB5KcISZVGgWAUMtcffexV31jcNwz5TrztNam22Ys7qYbsZZVNOWm27/KZP3U04Jrq1cIPhY+xE1xF3vMqCd54r+kaeMO4hlDhBlE7Hs6BHdURTpPz8ocqihT2bft+Q8p2Myf3vPHXcDwoUyQj/AFYJdJJhyVfD5NDdacFhOmPTB/tUE4AW1Rz9oND6sy0x7NaP44vswVbhREpMA9wkltJRugRKUwXdfC6kOrfKa1R88aNOwkqc22F1U1PhcqUSAMYQxOA+zz3xMjrP8o70V1/FBKxnTBYVIpdHuwl2RpvC/TewJYVEu1xzp3texfgkTn6XXMp9InxfA6y1wpSVpMPYK5zPRCnmuyPTdSd+DrD6C6y2rstrHvvHxnLPtqo5REVjkfTGkEilmQ1+SllPMPk/6hKivahdmORixoI2MtOz4k4d+7rdPrrsRscMHAheyJTNdKC3wGoKFqbm+0zFV3GFaxM65K0USlYhPwyKG3FlHGj0t8HmXOr+M2cQKd4vqIrq8betRp08YPGMOT0Ea1KIvoP3z4yiJg2Z64d8d0Brof/h4fFd4kKgfMYm/CvkNh5zjFzEYi+K/6G/G99RBxwl7kK3eMB6CiuOnLITCw/Ok/LiRcdnIcAe7yobHG6FWHas4KPL5t4dPTxo12catoWtuJG7L20AIl3171+gO3jS0e4zAvZ+7S # yamllint disable rule:line-length
token: AgByS4w6xSn0/FzWkgNazh7hyZjKTTmg9WtQ3oyKQUVF6FYg+qvPYYLuNu7rTwQOa4LGw3Cvf/yYT0+WU93BjfNCSVMfes1lE2dQzukK4+zEeDhZ4MSpBOBgYYwHJkrFyHpvVSAQkaPi40T0M8iJmFv+Oq1s8zRWmx84LMllaJuRGH/t9jMfmR3rF6JBcSmEmkmB7N8cD+ytPPtZKXGJXaWE0qvuNKNveqirLRt7E+B7z7yvhroaEHahHEseOQnJ6dKY83KzH1riHBTUNOVcI62hSkiYEbbZXAzxznxMKDs04w/BpOksTeg3OWD/RzwuRdX5M2zb3wrrqbF9r9yoLUbWBMS2bdUbUyLiqvfzKUWKAd8eZsS4+P8N5fbPrLgXmB+xRz5xiCQ+r/ZL4Nj9pfuSZMDKytIglldB6BT5gtnodiaCgAPrtLz2OMtBvvojpWOaaBbYWxbrnMhCG2YYU7Kd4UFXEttL/MVs7YkZow12AIngKqzz7vXo3K2iwRYoi2CjOwv3NeXSWk9LdTrTxs00iO8RT55wbAcg9HiNkYZFtrI+6sygvnHhDmNhYG0z7yHCpx13KIjoFEtVEcx2F9bbMftxBmZoOFaGtBhFSgH323CLGoFecdhv41cH9F5HHzpc13Pc5dShm6ZPgWrWG88w0Q4WIT6hiXlriSnd9xw0At4kl7wRBqusZgwDVTBCFbtKS6Gg9msBZnZzADI/aeljY3QXGg2YT/2Ra2c3quY= # yamllint disable rule:line-length
template: # yamllint disable rule:line-length
metadata:
creationTimestamp:
name: secrets-factorio
namespace: apps-fuku
type: Opaque

110
k8s/services/forgejo/sealedsecrets.yaml
View file

@ -1,19 +1,70 @@
# yamllint disable rule:line-length
--- ---
apiVersion: bitnami.com/v1alpha1 apiVersion: bitnami.com/v1alpha1
kind: SealedSecret kind: SealedSecret
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: gitea-ini-redis name: secrets-forgejo-signing
namespace: apps-roboces namespace: apps-roboces
spec: spec:
encryptedData: encryptedData:
cache: AgCtLnjUHND7zvKl9Km9HushVbGlom2vvgB3x5kJ2A3EaM3NMJVC4aHvHrPGPkKie0z0wH/GDdXKalxli5hwXJbolcKgS0KUQaMBOhzl8MGer5E/XrLVVi19dMc0rusdR60ZBuAC2eZ+gdyBkUJGPHMniCAGMxwbafZ1+Tvd9o2S3wi3f5M0Dsag97JCQX3pnxJH0PwBj7/Y2qfGJ4DCIrqlLj7yjcSDjskwls3ijSntKYR8FYv3ZrYvJ03QZrfK6jJ8VYd4WVCfR+tDscGhbwTpv3/3DChr8CQRew6Ln3lZjnFMAaz1OzSckzjDS41a7WcjwWtPE7t2Q6gaLEaxejCYOKhJlcX3dvtlz+C9QhSYddWbApvPthFYiww6n2rdKiuq2RHdB28C5oqohDybeZj3AhMh5WFu6QZHhvuDRh4Sri+2O+dNAW5lNRNaPS5J8wblybNFpPiMvXXuXSAsC1w2GYhK34YQry6oFNxy0cuW2olZ/NdlTqyJNVtkxQsnOhPSrQ5H/5FtdoA2zooXADbtrrEO75jNg9+EDYyBrvh+dVSD/ycl9BgowNJclsJAWIeWqd4K6wo12fEu3FMppXCX6sRl85F+gXSPxtclsDWtJHhWKBM8GKliD/attSFDto7qhYC65YGSltOG/BEKidZV927Um57cyUAJa/0EworSul43OMdQLBds7N1GA1xaC5pq4eGWXnrHSoO+3rCXXNdpm5WP5r3cJMDjcKWopPAHo3QyQHdZQzCQ51myeqklz5AtCFuzZSWiEeW4Rfx1J3sPujW7kb/QoGCyPtaNKQUh/wsFpAtNsrGKGn7bvNf6KCkueC8R1Rxf privateKey: AgB+r00bfAxkhQM2mxWpDRusubkWgkTH0/fWe/pPS0WOmo4iUVPPndSRmomo5g4cB7Oq8DasAV/oBEjmDquDCMPk8mXa+oikjx0ewvaaZ7651Vk1LVyqDik680QGUn2zwzOtVrWJa9tvXzfe+ciwj6tJhUmJaI0kgR/yFkqu4/JrmNXMnYtmT9ahMbjNJeOyKm5uyF4p4RxMxReycAnHw+FMe6Tdn3Zdl5/kHtfJHaEDDUVJHV2c9rZUbGmsJK3q2Fz3tkXyjawBL5tnh62G9o9Cet6flIZDabnWtTaqSDdpEMhFOc3uHTgTe3U2tyTHG671IGDTjRJDr4gBStbzHqGu5Tydaz+EMgDBtJkP0PLn6CWawrxzg2myJND/g6vmO7RQjT6TnEpFd4pHsUH57cx+xRxz7K0ioA7Ad/kFctluy41TNrDOa0j8eEMNELOVEv4tEsfjgHGSgdJIG9pjK8zRSIlvBPxF7vf/XcRoSKfba5xwaNVNfSBkhB0oQK8ExHAf16Yg6+anIvnmR1bugnbGOPMMvQRswdw3pC2c7OVscDl8MNHSr9/Z+1iVv3PkTSFsPv8JBvuXlqMWSe7tMZnunscZ35T8nyDdiKJhMOK30K3vrspWy8V1xvyovqkONLuz8wWmNziTjc1/Z3Y3EL23NPTry1+luGMF6++ocpZ8ROy+n5ijSkNOVBt/Wsc3du17zUuKhT+oTN2Sn0nJGNVXcvuVHshsg5CH04+rO6b4SjtA1BGGKTzOOuSrdlhat7M8fiEpJ2/s2s/azF362nVE2EFY0w8OojAbIBcEQkQZtH6ZJ1mLIgCt86pstTVen48PmrjAE002NegL1RUU5ls8nOizdSszs2iYz4cfWNmYAzqU8wjqiKV06Dpx+xCdZ3HnQFGalDxQmItFz8EKGtuNnaCsRbzKG1k+EVMRtctFNyCnbxajeBAvIE/W7MkgrfkraGU98EGDGqs9AP6tfMoVIoHy3+zcVlGa3KIReSEUQaQlvP1WSe0+G8PKyzR3S8teakyk3WR9Dt3B54E2kFEGy6BwnEsede9MQhOf80A1zezIcdVKBINm5uD4gM84kmHDv9fA5E8K5eWQLQEP+6F2G27XGDvUIJuPmf1dzelGXpwHZhqP/xVbP0qfNVqzhoArTTmnU9COB+qgjoxJtZy9kTT9eHKHbKzgdDtRRt0UFUz29MZQFEKmD2bra4Ouxy6g7TXGNjIKVW8ZG2Mn576yw87VMARQuwA1klybXzSxYOOT7ffk15KPdt8tqhdlTjOiM145e0BQUAIwkuziyp7PSPuvGasZUtz3Zo48lz5HgXeBIxBnSy0jVYNSeIjWBrPpAzHZdTN0IBAQqQ854bnV/7tA0w7L5ZMwStpbWki8iQpln3omsq0hEmMJv8W8W9GLx2qXplyOjWDKbuwTVKtw0EaH0eYZG7/iVxk/9hzxIkvA7Gpyptifef18iRUSE6JORFPRMOTHn5vLFrBNvzQ1fnXzVIA018ZbprV1sLrHfVDcy9n4J0xCYDnAX43GhX/ewu1C8a3l13bpPJAU0RP9UZNRTGtVV3KiEdvF4pMRuDFfXdSv+it/q22qgl8oGekqvm4HlGXXkncLJKlF/sSlj5jV
queue: AgCFtlRgUXLKs0o5GlISZfUlcSv+SVa1FH9ualRe+I4sSZgC15szSIrMad2wWyMGkqpV8v6twnAypYvDDWT77o/jYOXDahU06Cdjd7D2IGXCjSE7+3WW/jMGw0aAZSTFmAKwQrTejgWuAGu1Fu21oX4b9sAoJGnRyW3rbi4KV6bc8LyKG7tplqD26VxzCYgUQhXF+AonyVODUqQAfESrQjQCCT9sSmTiM3cSmJGC92qoYlZx3bkr/2SqXoiBJjW0gf62mB/R46RdRDLmUcWnpkC/T1u5/MaVyAbpRUxuQ5WsJIeGFQy+2iHt2QFgejAiGY04Fo5dezm2wgKSATWbyV2WTQtFbrmfEN3hPs1ONJLLrrX5/N7v9CCs3/zK+zPjJTGVQcgtdPzZBKv6mQKtChEkRT7cqTjqjsAHU4+x8sH1HyiOyTtdEnR3zDYfexWVfPh3tDb7b0JEI6oYJUYDM2j/9jL/Guj3b9hi8SOx/Sjeq/5ehWobf5gblxZ3bSrVCHKyg/lACvy8OYOI+vfJ1QR6ivQod8/SyugewN6pVUu4Aa3EH155vqaEEAhwsQH6gpSe+rBctJC9IDR49cGmeUCZynmL6NniZvxOI7kYfs5gF7fy3dFd4zZ9vCNU/vcuWwQxhK8pWWxptZfbIp/lV6eGU++UfjUVoW54DXrlsctwEjU6DtwNLwt9rJAe8j5TnpOhV6Xp5JRej2Jt+RkvPpZLprAxSYVKqX+8OGL3NDiLhWhZ3REZHy6oI3A/8bUga2rzyd52cpueNROEKfsB0gd4mCEFbvtUMnILucdDacdY1CnBfFjg4COsrwjT
session: AgAJOyBwlfooebrIVH1TsPstRJul+omOOkMqZN5dKH7zV9Jh2W0zBWxH9XW5253fcdZVbhxcEzyL8/xG6zT/sGW//tLWtfgVBL5HL5W82Tzoqz8Jf49MZr0LOL3FPAPThacz+updnk92NY8nikWCW3p1WS+sS5Ozu6uRrVzLGllhV2zsnnhzPZ7ImR7mTN08bmjd4uitOZASeDaUxAQAxgGVRK8AwCN++sArzYV/5GZSBPNCz6SWRAcdDMkIuiI0AC0+ug5YAVNsp9aen+VhHOe0JHSJNGY48I6ZVJUv5Jz4RrzMyJrguX1hMjy1SJSIDD3R7fMJ3Z23xGjHe8kAXMRW+BjoWlGAKcqRYdGD9F1XTZe7p4tpp98bTR6mEyIwzvNiIIW6S0+G2y2doGVSPwAFuJClKlJ5dambZ8jGr8OYXZ00zYd974aOumvIdBvO3bcFkuDfcoXIDhM1BhE6zeand+UgArxP3NtbBCXOPbgnIOTTK/mCaPLSo+5WID2f+3dqLX5mJpxXSHpg7lFpe5OHzR4NFAL5BFlGFHRGgPoqed0d30FxwsqAXz41m4D8BVy/+Pqi2GViepgFNMLmZYWdEW06wbHFJqE2xe6TPk21EGfwQBkWQcQuJCdcgGPzYTiTt8v3MuB/F2UCfuAdbLpUvCzroY+suOZzRW3/h3IB+QfDv9u3owcLmdjzaBNF29hTllQqwBx2UauSgbuTVyXNtxcPI1B7TViK0FPrCArAP8TCUgNYiAYdJ1gQNgisO9dJ3qsJMAY+ilOvkgbU6YP0ASTFa1GNmwVa1A7FgDDnd7mgkfmmjh3G2HPK4EJ/F8KJHBwcqCU=
template: template:
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: gitea-ini-redis name: secrets-forgejo-signing
namespace: apps-roboces
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: secrets-forgejo-admin
namespace: apps-roboces
spec:
encryptedData:
email: AgCYRBSTXcL7g7PozKI/AjqWJfY0YsDtBBJrCp/iEBGBt5jestwDukWXvddRWc1b/Mme0s42/lqukqx43UDtPJ/obWh3icWnsXJaViH5+JRp81MjKjXMNSy9dnpDOKfdA/BGn6fuUo+U6xM6GfsNLT2LPVdq61i4Vfs4BDMuleQAdGc+p8nUJpmde0KiUwGiSKQOsUQHyiPM3xYcdDOXmBaPC3d6pN1YarXpuV9BCRhJeBez+/C1QbHlBOf5vr9Xno1CUGlc12zrT372mmhUP9UNKJWolY7ZwnwZiUktBkXFixZ3pYD2mdqlcj81BNXLP3OuWrAjQiRwMgjcI83jwvrlC7DJKSkk9OYSVfSvWoQOLCVwtxXDSWqPPl6l0mhv5ie+b/DM8kvrtr0kxj4ngrOtmpE/l7QuCh54wEdVLk+O1qlS5tgKFnBnZTdL+muGAJpC/dS3bVskumMC21ew+tRCCXQlaMywjl4fZea/yz8TuNZACY5guC+oK/iOqKD3eeHQxO2zNPI/xTjvgdMh98jd6OkREUNuaDkoqXfDt83XLHAZTrLzGqdvnfSYtpeyREga3wOh+JYAvYH180QAB8Pm52VWBvIYyQCCEprcXQQWwnnram1Wzvn5YlGdd3Ezt3z++4brtuICyYuWMF51LuKzVYrsde9tbe7rLp+gzZwy4P/rFV1G0KW87Axm/NnyedhU2NspTQv2T/w+WQFm9+LTbHBg
password: AgAmczO/BhnHqi1TO73JKF0J/e9Nvxm3F6nxvoMD+yq+qIaEqHlKVYT+uKirokj1PfGCX/Jgeoa+VKpsDY86JlK+PTIzvcM0/VQAh4ty9ER+CHNY+c8ZMXyrXkRCu8qjQfKVNJ0/eGSUj1bXsxOpQlFsIdk8FFgq9rOaL89hL388zLj7DC1KR6pI7+1ETtQqdadMTKEHshDKz58cQZHUU0+6GbVoXwd7OEDJ6BMEPUyZagX9dtKJXyxN69tAC60T9vCJyfLkMV8IS93PZGcwJ63yOELV+hIdNwRLOBODuQjWftbdPGzZygv4fr6g3QOhgNsRp78BXYR/Y2lEEn/e3yXrhQJJnv8gnczb79ymUdHLHFBdykrnEDqUaSWZay9kEfk9XGTwealCMlSkMAPw+0kLfU0jjlsrazycsxZlbOmSe3O8hRPxhTAMFGzHVkqXo5UVLw3CrU9w4enVPnKXZ9Z7B/61ObCbj6QdCh8CQem2FwRORs2SdQAOjKfFp4TXMkIPOXyAFusPsomFpkix8aRXD5QIi2Ex2GyHsh4BonIvTwGd1oVgkCgF9QpC2FyVIiy8pSVGX0r7Gx7YI0LYeL0nF6jT3HxP0HBeDpSZkCcGQn3kNPvtiYrVi39aaU8OTSzwghfYQclWKwbCSuEr33yFPcAfgPbWwFIN2M73zn2iGEmirqUwfH76UdbWU2+beXwDKeKXcY4HiUUHqsQjKA==
passwordMode: AgCWjs796wR9evramu2S8ALTqbyn6vfdLFqnNkNUJGx7Cxvx+vo2j7J4/g8iEtUXzqAGSw5JYH/ifOPLZz9pWZwTO9vFu2Rr91KpJA14Eo5GNj/KJO1NafVMxRXDpXd/gENPrwonbrCj+s1YxQGQeY2STqINcpuCT+/sH3SsEL6Dei3KW39ZfHw+UcY68Vv3hKejd1F3HDMOgqwA9TOj4cRCt5Eq1VmNjhE6dpFBNFU+cwNDpsYgCMw/Ir8VkSAJcpllSW+W7vTRS1BYGQEoKRTaRbQD/2mpTh2W2hCFmUrUHsed4I63V0lfa2OpQjSDbCfKAtEwvrOiFm16L4A2dxX9FRAVpIS3L5hXwZTNFui+4gD5JuatZPcZjqvHKvk6gvZdi0D2B1Cl9+kT7A6h+kEN7Ru5tMFIUOyPtrdqSKf1V78C0HlvhK8tt5NYjIiV1gRGRVzUwfep8zolPE4jPsTsf4Edahqkq9z3JLlZ7sHLOVfTkoop4DTHAzTS8a0FTHnVMn5QIGiec2t6gAW3gOvufqcRA6/M1ZcdusBrt1p6DsLFhHTOCehrgW0+o4GByj3IAdGl+suAtAZcedXkUulifEgtGNuXZwF4euLYlsGallwcUa+6xeKClchJO7CYYEKG317xSdGN+y+PRqPnB4YtbDjIqsbFInGDEPY5b7rRbMhE38zYxPUopgqbv9QfGefyCRj26B8Z2uQ6Kw==
username: AgBiBO7O5wif0N98fTSxk2rBkuyJSmDyWIlNmPntcdTs7/VVSkC8TwKmxLKlfJgANd1fZ0SeEQN+Z3U97YTVMm9h6XBfFeOe+UUJVF2Vt6+duIG1mBLNURuMkdXmc3A3pUYnDL5/mczFXn+XkEjAOSdILk3DpvVWymUbYTIB4qaJqzK9LKKnR/igK0Yb0kxXbzmffhs54hsgwuTlZRlkR7DtVCdOmVQVBjA4OEiBQFMjJrVz68OD/Cs5l3IB43D7zKwIZWAvL1ePoVNm88XhaTNgSYL+ccy8I4WJIz/3lVckv2Y7IQSeVoAH2nVKCQqEBjbjxr09RVBk2E8qWYTqTUVADIsbq/5XPROmjZ4H0R2H0zBbNcY5K0oV+tSZjRZOrVOPe6KHtHw2HT+uuAW+yvxGkhO30vXXt5CbmFKNLmlIG2NmTajYw118kcbJSs8f7Vgx+hZ4zTdqTN1Xg7gzGxvvgiuJ24dt0W77P1QJmcaJqYLqLXdlIYJuHxMReiGaxAIfqfnubvuYkP7pXVXazYMtsAFS1SllXR4bo8N6mpkxRq8puoL3iwDNlXo55gHX5QTNyN4KBPGWBnEKNOcS6cPKMYbdrosFpTHTKsU56b4bU2hYFEc4qjBhZC3CE/yry5CRzr3Tqt+e/9jHGSqkzfS0adD8CNI5L6Mow3S/ARfC3I9pH8bmj5LiPPhuCADzgr8136ZD
template:
metadata:
creationTimestamp: null
name: secrets-forgejo-admin
namespace: apps-roboces
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: secrets-forgejo-oidc
namespace: apps-roboces
spec:
encryptedData:
autoDiscoverUrl: AgADpojDS4NUWIsgD3HF4X11blVZWNtlrkWdbTP2yWLHXti4XV1nQUzSUMxaq0CYtjsWIHF1A+OmzPppwZhIAJrf3+ahaUqOX6UQ8eilOiEgylwzhg7a/AYIdiU1LBfKzB4Hjz2/8hOwmH7GT3TlsFSRy16j7cLSybAEkftWWawD30a8IEFiy+UJwWRswuIwqOK5EzdZu4XNEO1zzbaA1H69KNLFDH6JEMq/rXIuz1tbE9umLkg9tcgnEjqcQumx0u4ft0eLsoHV+s3/EjcGeJGDtvDF96DnTeaOYKDleZc06K8ZK3BrCka3u755lU+p4Qr1BR6XgntqpXE9bV+bwgPPJU6iNCgovaDky7SkxVnXNNcpR7Qwsw7q2w+Px+oDFdrkFcZaVz1VnJAiTksxiy4Yd1udiN1UqERNak9x9zX21sRYPQtUVjKMGhL29kZgEQbwkakioODuy+XxpbjdInc+lcbf8AsKzl/JP8g1NnoT+K43dlQ/XWoPnM5AP1rRVxehTqUQ7z4SAcErxBevUFFCWPsXU7PeS0shCIBmGh/9fbi83cHB0oF1uZGJ5lV2pMi/4zrVIay5su9BfXQrgjZABK3VVeSgljpeBqBxIsu1LfdE2jg2mGMA46t2rJFTNEDlkfhwz4sLgWIHUA6XN+xeibLAtL5ckroWlXdm1K4uOEru62VYyqI0+UtA/IlnjrpiYW8uJAbLlmsZmt4aC9nCUYOU4xXMlY4XoWKj3fGKu35+Fp8242ow0XJTjSEdIqUbUmoYPa/KNbnqkRcXE4cHucpbqs72wHOvNYk06g0gJw==
key: AgCXF1pFfI/IQ5roi4RnsMCRFaPysO6A8nj23tZd9qJJ3an0Bu6X3pSzXmlLdnIt93WoVA0Qw/zmH1/LZzrca4ScE+/csTNA74VdlND4b5zhb59fXp5XKNt4Rv6nu0rSzLfaYvA6ucZeAJb0RUPZB5i7h12KpjZAn1KmpQ0hhaZhT07JxC4e+QVsqkzA2WOyIwX6DRXItaSGEnv7D61Gt/MLHhL3a3MxNGtu1oElQKVMMBMseBnWYFN8LsdIpMx5ertkAGuHC525iLsEJ7cfnWAebHyB295lCkARPEEYeStoJm1t6+PvWKIoq2Jv9SW9JhTkYn9QomDAC07oJ5hS54DZIcdF1rFShhN79rfIPJRuqnehG6DVUlT9uODg2gKRUjaqP1LpiOZN+nze8JtsG/GH28Mg13GRgVkjWqtYYLvDf5iKwEszOBfxeClOeliDVhaoXFoOdkNk83KRQnI13CE5Kpdp88KKAaYxMoI5WHjrqkx8HWhTY/vG9w7lUYAD+CStn1V1h4DqwkE/e7kYyUMmevVOzuXIlRaOF8Ca2l6N3sTmNTYicRL8wNrPqQCSAfxzi9odMWZN1IKlz3AJ7CqKykNuOTEfy7QNIPEKpuTlYMID78k+JhKMYPXy9KmnPRcE6PADDir6zAbUzZVqSSAor4PGDnEiH+Cixk1nMuh4mPUyspOLAYXs/38TvdOjGsp5srtGiT9E2U0sTIVC40xzONkh9wxqo6tg1MTO+ncnf0ILlmT4GF3M
name: AgAhLbpXrfXbLlAWdt3M7YbILunCfpDaI6O2EnzLLCFdDlkXzxHvO64uxYF2P6TST3dfvJl7bAw179meUpy+bn8NRonveSz184Ny+nfy4/w1eZVxb4iVmQ0kZ8EJCBHzHAvyIRfRKUTbW7HqjuQnbN+nOhElb240utR8cNfdnvlASfI+fZbIsz1XPMlGyXTga+kmgIuYk9vTNdDJpjEB1Pzz4BLfApnNFJ78RO49GmS1IyBkL5vFrKOR51GPv1G7VzJApA636XWmykGfMmMPxHXCbHhquJh9ak9/052dQ3u+AMpLCxVjg6ehJi+5O1sA+8ZQpUeHJiggskIOP8AbOYckdcTw7bBSj/SwjX78eE1P5bhTVRbCCyC7RkpBCJnz1Pzqt+vn/M/Tc1hhI5mSLrmZN9l5Fe51bQulM5IMno7jKc5miGLu7C3SyeJM9xDB15JcExiVO9rvyW/Z/V2UcWlVOp7nGc3NPnP+p5ipxe7pPSwW6laSkzvpGAzTshBm7/k3usbEKrwhnmw2datQ9CbO9v6ZqCTLYc4epL7FmQEqc4XvltUqpG+h6tszJSa/bKSnpCFqesE9oxPpXfocaYU9cDcUHuj1QCnYQg61oDU6TL+BvIiqxIKacY0Z2jYQ1Q2VaC0LrH8IDB9JmoNyezGwqJYeY+BLXUcDJs5gMccgwtW93X4ozaRjv0bPrpCi25JfZAWTxIkNeWU=
provider: AgBOMb5L4Ya9Pe+sRN0fsGAFlejDQe4dvqZ4VfUGisN4RLsVmcpIXkNO3Nr2YeCOcvkGOnGDTJHh4mQICh8EXNOjF7yiKd9xG5qYAuPbmaw0mqKHM5YlIEGSWj40AEI3xXJPbhl1hNJPOwjAYbBUzGMi4MzlkBR6Hqk1IvPfTdhNLiCxX/Idv7slE4Kj+4sdNUa7PAUaPXpjlRYtn1exVxcY3E232ec3+EV3k7jJyJJWMG7LS5/NjB9g14lYLKbL8XU2ParD/1O0hXWPvhKGllW5gUXvg3LufKFCk+ALO9CCJ/8rlU4HmmD7U9r8UqfMO3krmXyayLzNHbxmWe8/GJs8re/fW482TCrQkTpPqgjlJtkRBOVmhei6m99x2EVWL4YLZN5mFQo9DZSwd8fCcPw57APGwODnTpK5OwZc+ddQDBFR39AaQWD7CFcnmQDpVZtDQWie3Dk8KiyTZeAPlxXGAcY4BY0eplcXlmOtSEeSiOOOKGG1Ey4qjZMDl87yZcYI0bwpylNWPCvjrpxnuEy+undulGyTJjeLJpEIqpdSmjk4Ope/bfUfqXl8VfEnmlJ5yMgRv0jI77t552iewhbW+CV7NhyOgEzFxaCt45SsFQn3b1qdM3Cy/sJVGkb4bo9K4i38UTvJ9IdJ9DIKM8vQSTCAdCW+YAU2JQsVZLVHuscoUP06Dr7dw0tWZTlja73Wkja2
secret: AgCoDNye/WbGbO3KhmHh80qkET/RGTTBZxwp/7prKOmOsi2HLWaEcziWZmkSEtMh/dqZwp3E4j00fzFFhbpaX0vzyNgmCYhbBPesdOxoCW2a7C8QwQIFOWiQSxCwwt8Ll3bU9LH8hX7suPOnFnHsOzaTiRMoiRMsi3mXpHJV/2QqLxEVNaiJalxkUqT38sAH/or6OaGaMKibiFkaLh+b0XaBiRzV6t8wYPX7u5YbZczxhEcfV4uLxIzx6PynvF6TtjTHY+PQ3H/+lukakM70IApi++PMCEwf+TiTAI1R7ybmGtI0spzhgY5LgR7ebIUbhNwRxLkedKUOnTgGH0WAh4KVqeVY0qJh6kqNiUmaNuOwDNSkJZWdfvqMIaNTwPlPPZ8SjOheqYIJyHPD8FvFJb/FTzGeHquyfK40qLbqCAIlhDd6OBU5PoqPVMNSaOHs9KpVGDKEL0tT0wz1Bnb/xFrs6Gr5SIXu3m1fUb2O5I+Q3TJOjn1xEfhaFiN/0TsyaNjDKEVbit4BU7Fa8GTbGVKHTJ/h1aG/qsQTWJ13kkuBeQR2DOJWeTvIHSbPCl9Q6bWWw5vPWszA3d9Yjq+nCHQcpsvLrqtuZ1uCxdUl02x7Gv9IjdeZyJ3thvLwhQzQIbo4/wKRPpjdyhu9NJ0578sXZUJYX8W59TsAN38lFj8tUl0mx87TP0dH5eoB39Mu5ufpjIJE2LLl/c5y3aHOYtVQwXVqFmIT5he9yFylMsJD0UeQGedxWSHfap0e+F01u693eUcT3Rjse18eNQ05NqyPUEOqBUQrXClSjbiQVG0ZKeJ4fnY5CNYG0/ZH2jB8Z2yV/CpiJpWXmKINT6hj6zb9XwvM9uJOfkzXgQJK1n4EEg==
template:
metadata:
creationTimestamp: null
name: secrets-forgejo-oidc
namespace: apps-roboces
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: secrets-forgejo-email
namespace: apps-roboces
spec:
encryptedData:
mailer: AgAcnKAn8eDCkN7V6b0afbnoesqIVYnSwPpxIJNoyoTWHgku8SHN9gKdwfLMteNejfpngX3tJql4csMUxy/C9jGp7T8gGVIvkQzdaQgumUR/rRVc384mxEaLbKo3b0rj+tbXejIOPzj3SXTdo6D2L/IqvaEXEOiLODLeZVRcM1d9nXGtxABkaKmKnL0lcNlr7Mdny85EFAtTVyOT29rHEbOskHBcwSwdWnkyxPb2QewRwYqXVFAcjTxB5FltZAI0AodAP0wv0+F3UEiBU8311lXdeubusocH2QvlQ+4JBF6VL3BDP/5guUDlJTBPQ5XN2y4VfRZ9DcNUeCoTs46r69gn8UyUuDO6qxYa3qgsUfLqyvvT3BTFRuAyBF2pFA3zaBUOe12GvM08Hg3AuHXiP2KsewwWuSeTTJ0u+ApHAcRhpyFW5O0voTbqNqbvfnHvpbwrLa6FuChTcLlKpfM/TmQKnqx8JIkkHNYRqtnZtXwAtHsGjBGI2RV5bpgmmD9XhKoNAQfyOG1x1QqZeP6AZB8SJeCzXzqBT6qYWe1kNJR/vPEZ85ijnTgQRMDyhcMOkqc7wJGVhidQantWF3ZT+cQiKG+MZBGMxjoOlv9MCqnDyDjv7wYfZrxDmEB65+A76/4TJlhZ4s2JEHyHbWcbw72V9PfrTrrZdO/0SfDkSUPKni5YLgQ+jszMzxbrN8L7vKbYZU6QyXF5hk+9JeqPT36VcbzPGMcDCNieOKomq8iuK97iQ/n36feY009XSFUrHyrrSMvM59ZyQNNvKQk82MDFzlX2TS5uwOONrfh8XtW0bOr3AcGkCEtmh7JoxqhmeM6XFG9vI01T2SbY1C/bmrbe3NJXIWkJkMlymJU1ISHxXMYgpxOkboVDtlmAn/8i8RDIEBEOaEcj8oH8fN+n0coSIpiMxdRk4/xnHShsaAnYyasOACwuZJcvkCMCZmNm1Rxkf7F2
template:
metadata:
creationTimestamp: null
name: secrets-forgejo-email
namespace: apps-roboces namespace: apps-roboces
type: Opaque type: Opaque
--- ---
@ -21,14 +72,59 @@ apiVersion: bitnami.com/v1alpha1
kind: SealedSecret kind: SealedSecret
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: secrets-forgejo-lfs
namespace: apps-roboces
spec:
encryptedData:
server: AgCNvexAHYnuFh1c4eo8LaeLzY9ErfuwOyTosom6RiIcfYho8qyotmiCNAmMJ7IHY7zwe3U2ogyBDPJad0ibvWAezoio3vYS7zo6MhyPDzpgNqc46+DbEKBE74gs6ZYMQodxxC1FGKuVs1X7rAhdd73vZ+O7wMJrfgXft9MvJFAG/Vzx0o5fFu7blcjDuHJMuftm2jOB4Y+zxhnjvFqJaahrZEzSjMWQdBpNAWcb5NIupJDCYPvP0aXz1/SYiH34qSVh+GViXm4nrZ5JaHb3PjWV9lDKKmI+3eO5/k+3UuGc8bM0SqgOQMj3yzOW3hASLs9wniDRV+rX70c2AdWKdqwk+vqvkGZnQpobxSI7hNTNZ2iPj/MZTBC7rDpepBRjcEvTSUV4L5DbU/EZi8U8pg9IlAc34DB/5dewh743kq0WV0BmzBVlHntM/pArl3NRgCFrft+swrQB8+pCUic0Y0/ltEYylMuCnH6prjXcro2yHF1eORxM2j9C9gVMM6eoINBvvg+bbj29mKqFsDwpcbuRZckYOHOp/d85FdUeSmW8ddO4Zg8BnNuzDGISMPEqBpRZFZPEGVmSFTAFrlQr2QL6PopwOkcm7StGTyJoldH6XSeO5f54+m+8bD4MPV/JdfruowDavq48uSLtpGTwLkuj1VRkQRM7rEifVx+cOzwWLVYvmvOb0ZduCuO3E6yrrGX+waMIPIEu8FZHIYuoITGxbpdk/UC37amOkzn3H3eBEfd6pTZ73FEDpXtTCSee7wFKItV34s6VM/auY6Y=
template:
metadata:
creationTimestamp: null
name: secrets-forgejo-lfs
namespace: apps-roboces
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: secrets-forgejo-internal
namespace: apps-roboces
spec:
encryptedData:
oauth: AgB7QE54rWd0F20nDHQeVXW2Orzio3qqg9W7iFhKwjt7egILgoe3k4+WqTtFMoq9xPS/KYOW+b7mYsgjm1AnIGfq9iCqEimLaWYu9YZttiC9f+Nv5p2Hc8FmvcVhQhNqHXoFJjnIpWOXr5l7zaysn+FgVk97JhrcbYf113970McP0n3ORloqz5PmyNOwIu+//E2NDcqyGxbGmqB+wP/YvwPzPZQHqqQArn8CVGwlNI1P/NYXtBCc/xuJQyEdGTz/F3c0Pw4xSp+bwuummc8rMzwezxGKw1XAIqC8bFoXoThz5AWIOL3dXpEmkK+bOJioV1zHjeF3ZmeKmLC5p6YtBw04krR36jPBDmhNScHEaKtOQxUNQ9M7mtFXS+hqSguWbuEJKc9okF3SP++HTrwXlMt6epizpb3obTA3EsLHy6tM9YjshWOCA2Dwlye/jipQKXpXKJm+QR0mD+lHv1jKLYV8OH0qSbwTcOzC1D1Bp4VL0RcVXTWBqrgpxG2sftSIPhIwCzxoLWZkIxdOUsb/5HnecbJdwdBci7Uz5Ab6X/EFQICT8fKCrOqjtKfQE6Fr2/jIKdU6fHpkB7Gubu9S4RJb/wMBYrBkW0YHrlAOFMuv19vsO6fdexoLpynzTrsPX26DsDJsv5uRRXGLLKuNvDEabgkui+Q9cdyodjF/Cw+rt8rjMgP1D4pVPUqHCGkFtNNAB8iDrwqMbWXpqCJflrBldsH5g0fHKL2Rsx6jzhh5+iYHYiTH8wcifPXcCL1zGoDypY6uBWQedw==
security: AgB1qzl6d0oh3uB3mTCzZ3Iu+mdjyX/Bk1mhLRLOI+YPBH/Q5KZiHF99VBtCdLLebNIT3ZNoiNrWJ/rU3tB9INi2rXfUn1RhNMHB+ex/K/2yUbFNa/pV+7dN7ECjM2tp2rOolT9ifMrxYFT1nwYVDzNo/kixHBEdPxZA7w/KZn9mfoMfMWUB2VTjlrPQ7Xb7f8h7VR/a8avsMBYG5jAfcPiAk5kyJoZp/YNd3HSBPQoGCQSZujj0vr/hmLoBWCLQ51akSzGUo7vvR6D/Bu5oFOYjy6KguCiH4jGWGdxNtZYvrtj9+Fo4pnDWn+PGjJ7YrcGGswqU+9ivUfpQIIOIh1cmnOjCH1sptMS6PqvHW9jd/N6eMVbb9otl2kuiPLbkyMZs0lnfS0pP5w2szf/kEymr/x9CTTtA2Z8XSnVWjGGfjkbQE6vNcbTwBtaCeMsv+eq8WfTsGfFR1nt0atog6PbqOFt7/0b3icuXIx9DQm1VDGEi+N52mM/0UTU8Bm0c7st6BBUwvcSBNbMpMmVARXhXi7tX1TToc/5IU3LIcTqPKbeyZxBn+COYvlmv2ot8eqW5Ezbxt85m/jbSqo8vpNkPBrJ5oLf0+MMjotc6c7KBXcMo/d3BnqjHMjBUdnTRRZtmM8X8OqOHLnReQyt8+mrr7Qbqw0seEzKCT+HY7o89c6f1kKthQjlhGzeUh5rkwj8EL5RHQnuVO2aG0rv4ZrOvlG27ZGaR/IQgP4zcoPQ0H7jan+vXCqMyn8Zl3naGlT4Vkx8ne162iutAlT7KdHh/SenDyghe4CxNii24cBbc0bwc33EPvw5FMJ8NlMM/moc1bbQTg9RBogVdWa9uXpo35E5ZFYa3TvcBbyNyM+xsAYMgrEZUzzKDRbBIdRvQiL2w/Z5JHYFfc5DlqAztvRPCkezbD2FmxFadm7NFuXwcO+I1QKYHynQ+EHEJ1DXCUp+qMULNQZrE1lSbeVQ=
template:
metadata:
creationTimestamp: null
name: secrets-forgejo-internal
namespace: apps-roboces
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: gitea-ini-redis
namespace: apps-roboces
spec:
encryptedData:
cache: AgBfhhRVgy0VonwvXF+qqhh1x9+Z1e0o/OJCI11srR6XLVCf+SIBejOSYyoYChS8HYgBdIuqKNS7Un5bdws5NF1HC0gbf8/XRCfivocceoXVta2MugJxz7Y0+9Ro3RH9uEKi6KVqAyHcev1oOW0eqmkNqHust06+VKa5Bw8F4NHa/3a1Rl9b9xaMwrJLxVMKZMyAIl2/WISUovKFPTjPU1HK9ftEaXwzj5HG/s2jm/MjrrvcoA5z1OGUm02xjqyooUNM6gsuNy8LTXDQybeav+PxlQztcOfNaqipTUkHLjmGWiste/Yl6ik05Dkh7BKmL2czY0KPhxtNGcUq4e2oE+b6DKGcJpbuSVxZLSqTKhg6Jing1GwNyembfRE3nwsvYgj9nzit1SZoQXWnIuBjxlfWGjGJeaj6PmcG1YK4wvwFFqBKIhUGH6fhWjxDl7y1FPsxxGvFg9Fnvcjex34K4J6UmnGO3G2Dts/V4pgJTGx5lp6wpvYVtr7U9ENRTym8GM5oVZ3DT0lONKcfZXRH4EDcMHKMfJ/nDnpQWJC+lihcTRVeSznxu8I073hk6MMAZ8Ho5/28rOCOdJc2HI807ipe39BzTn4U+ows34uFG55GgaTdfbbeFwLjrcVc9ht1WaApkdj8Bnt9inmFPsI14Zwb4Ap/gSSO+ztwhnwrA2rWD7fko53INLJLUb4/49H1xRpMeqEkjoUb76zpdnazuF0ksqs1zhPOUTpnQniduotkwZZrtdU2WPRxVzHXTaZD6/1oTrmFBoBOLnkBPz1CXY/rxMoxHrFoS3zdUtLYWXKqVZy5
queue: AgC1CxaTdBFeP3M4x8TMJKK2QsWydXC/eAslML9T1yzl4ZStKioMh8QJKbhj6oY3KTLyqBHpLZSGFuhtX/y9Z4JvkFhihfsKtlYL8OrNvO3kxjzku5l3vR6tJ5vCQfIi27hUjVKHN4L/6DGsegbgBGIidCsN5kHRv4C5ToAw/EvxgbHIRILIo+KOBALT1kqKIF+Zdd4fQGbIExwclhFl5SgzumXPh+/j1NUZ1peYYFRnvr5G9aeKPpgJ2wK4eMPQ3ZyaAcRCtxdEhZUF1DF0ESBQ++Nr/gU4GMoron/wSr5cUFmNjSoUTJA3xJeEROyoSGaaH45mLDYH5QZdeA/av8e6vaiMIuWr/UgV7wONFKsJLf0q9Fcr726maJwGiMmIjeCwLq4k+ZI+N6S8/xNe2sTrRUmwjWtbL82ZmafvoUwv0lmxxXpmFqZmG/Zy/KCx9QSDaBJBCStoCgMZZ04HdnxnxFdFj2DMXyshVxH3wqEFAKY0oDfrnIBxzngOEXxu0APp7rlMvFq++HMJ7+JC+JBLG6zfNSfpQyuXEwfSkvowA1i9uhAQVb3D7nSS39xKF7oK8aYDVK4j9QL3w9qxOkYW7bHVd4zDgtiidKDAFWoloMnjPYQDwJojc/dc52+SxJGH8qpYJ8cn7BOy80cvmkwQ2ITGGPo9FXyvMttD0hUmFRouNb4t4PHdmKauuml6hcfF3dqLqrvBhJ0H7tKRJMCK+rHehIQt8VNPhp2JN7n5/KKt5vtMFDUDpc/BbHiDqg3qnICTMESzWZD752tOucW7TJAA89JU
session: AgA+o9DsObwNhAaDpkgh7ZJ9Vx+xzjex+JG2k4yfv1EbLFDpdrSnKOl5BzEZyvydxoWG7Jtlhf/QoWKPUMBMgoRS+cMAH4R3C1FHxFbiEzh/olQBH2DyGnK5d+hAy3RmTC+Kgwgh4sdePWJ3KxwbaAa18tsju9fThQOBD+TOw5khZi2YUehDiviqCV3VGH+caJgDxAmXtut1mHaFLB4QXLzX9vPoULGmxGMARiMSrEqMruTRff17dZ3s0VPeu/s/Lau5yP7oPeMjhNw8P9W8QP/KnW28y0QETtXZyvmNQGCwxyVp7sHfDgo1slxWsgjDpep/jXiyfVeV8KL2AWE2pekGD0CVaCWPOV/MOrU+pe8xBrEcaXQMpWLT5d4/Unu8TLZ7RdEdgrOI8bOVrl9TO51itw0V7EorfeaKxB6j/flRMd8vU0i29+/UOTbEeRtxuHoyH4zy+v7h49b5ODN88z7f6uEp7diuS3WEHs30EHYtXRSMA6V6+H1aaUMEM0lWG6CXtccgAToqlw3k/+Mod8kVagPNQnJ6YB7BFqu74nHo/3lGKHT6+jRfLWUhbJ5teG0pLTutNN0jIqEUY4NfeLVtKhab5Nkxr6UFSUltQwO/dwVD2mqC80yXjf1Bhq07YGIV/M5DYf7oV1+z6UWoQwALcjCdZNgPkbyGqznfGsBpafJwv3MCmZwt50r8FH4ksb8P8lo28Eqepcf+vVL6C+tJGwm3F0CbawhU9mTLb0ksiYXrY3VYmYzUZVWHsosWI05bhQgN2g+B4+ANYX0SXtEc0/YbD8HusQvnoXWbj3CkQd0=
template:
metadata:
name: gitea-ini-redis
namespace: apps-roboces
type: Opaque
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: secrets-forgejo-db name: secrets-forgejo-db
namespace: apps-roboces namespace: apps-roboces
spec: spec:
encryptedData: encryptedData:
database: AgDMQcRYzEdrk2iqlZtTAlZY08z1Wex1plZHRli5WDAAN/IwvwZ31tQV3uw3tGbylycM4SkeH72AJ0hB3/4m8IPLfN1M6qESW+LPGu+5mv/11XIbhVzjBIoXyej9LohPVp5QzzyU4Og73tILR/i1Gbgh8VqRor2JUESNrdWvGv+hJ2SvJQdtNyMtzFW6NUW1ZPm/IxD45ldTS6Jj67XB3FGYPktL6rB9jn8Zm7OHEFFVL9hEXV+1UHdesWT5L4C8l/1FJPxLWhj+T4//EN3Aqn507w0QSkfvvZxnO0KZC1dznXwNMhVizN/p5x/Xe9UUsoVwoWFOCLqZfRIftKwprvCJbTVcrM5v8cWgXpuwUgE0YgYkKnZSZx0uXL3r/xDtugsQvSmrZH4yQ4cD3BGHVNIm7NLZQ41K4wBYz7m7apYd95PJSKswmyDArjmIzpe3F/mIj48OXp5GdhkuPqtLwh+Krcdx6+fwEq3uk1sB34hEmwajOVw/tqjcG+r0ChS+chJsxqf6bJWSEks8Rz+QG832vxeFCqdTaF1Ztq/DsW4fUbXeA5QujMPsddlQAaRfb8M4NF3Pc25DFG6PNVzN4HMJfb4k34ScOn43Ka4kl/rJ2m1FWXaz+JMUApqcT9/28w5sdUaKs4zO4B9uYXdvNE6cMWN1tS4Mzs/78PjtjUk/+I8/vgO221xxD6HQrEYG9afYQkYgScBINNduxWSC1+V0V1oWaePaelRxy+zw1QVhVZRaVwjcz1zT41BwmABLolAjQKLCJSJy5LLuAS9Hf6CNU2NA+7bkcH9FcGzDZAdvRBbLn/8DEnxwhY8P19A6DtDU3zk0FByR3mfXw918zdITRcqCfrI+OEx2S7fEcQ== database: AgBouV3XhCd3Z66sDHDz0nbqbvAfip94yr9R90stLz2H/vJFGyx4xumE/9xe3b5GUd9aYQbTonhzHFl+zP3yoeTsGIGAbuvpeDimDKUIdnI6MJ2oGVHSn08QY/eu2vuj4nUODCeWPE7W5EFqxCxCq1YxZZpoBLzE3zBuIf8R48KAxs7aau8k4WPPSBxHgXuIeUWR/fNtQrA032f1wS5p6bae8403ro4aithq7J6DiOz69MXIQWwqufay+krsEEqIoE8CioQP993w+AUH1q2tk6O7WQLuzKt4T0mZm6F3cWyNbpCV9GT7q5LtejFn1NAwsmM4UG2toZfuWe9NgiSwyqNNUW7IjzfW/+CF3UfAtkgDfn7IAFu1Wg0yzufsnJuazFy2FiVDYNiHYS3Rq1iboKQl84svuq6oYdgvK6kf4IUfU2j02TgCyYc79/sLFqlbLOsZI07fAg/tDIzRkWQyG5P1HreIiDYZdgm50BgAzyEsvLjguKqPUl/c0LLwS6IxleN6RgcxfczCnaf3lezPXol37qCcyTqCqyiYlpI0i0Y45RTpLmTlyATVpzXCiir3IM0yEbK0ff2y2c7czTdoQSaIowAguUD3SamNY5y3530ZQDbZAXF0U4nDq7Pn59tfrlvvlsA8cSGjgyjwGJobGJUCsGWfOtKSbTNV0zd6EFHlqN5ilf15BSaWXU+6g/UbJKxjgk5aNpXH8LHuAQBVAxpRQR6CNlaz6kp87b5CEnLtPCE9nlQGYBXA9sqdvABGSTGdJzf5k57w7Q5LiTLwA6h8x8TCbkRgArl4r5RGEdtfBr3ZBCzKL+EHJGYGHas=
template: template:
metadata: metadata:
creationTimestamp: null
name: secrets-forgejo-db name: secrets-forgejo-db
namespace: apps-roboces namespace: apps-roboces
type: Opaque type: Opaque

16
k8s/services/meili/sealedsecrets.yaml
View file

@ -1,16 +0,0 @@
# yamllint disable rule:line-length
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: meilisearch-master-key
namespace: apps-fuku
spec:
encryptedData:
MEILI_MASTER_KEY: AgBcQDv79lsUJF09YTd+zsuC9Ufhgs74mk5sxIrgaAQW/5yBupPgIsZw+g33qDqejuG+hfdhvkTOFHYetNuEDjnPWEpySjMLiB6N/HXMSuPimbOSjhHP3d7jgnWnIluUPs3RsvxDzaHCygVsS2a5ul7+qJGbiQTlmcV/rMVkqiw95mxwswkZhWi1Da1QYPgjRkazbCV0JAVhYYoo7VBnxceyGOS7Um5BsdyDMmXCn0qegU2FDlXTcBBur48hlyRqie/DxyZi3Yx/yiOnVH7g7H41H6hLJpKhQTMQbnohAqUC2UZZJlwrc8b/3kisFw/pxBP7S47hn9iseQcw18mXs6SzlXbhWm+CyNsKEvuXJAMVlaCrOCqs8Kf8ZlraCJYYq8mx+zoA7yAHnRdC4uByR5SGwnXJgq4WJD3wx90NuVbTcJfpQ+bNMPpRS8W+66S9j+rBVk6YcqCqL62JPSf0I9ZKCrNJrtbx5WyxbcVAgZdd2oxxXq6fG4I/wvqn/LN7nAqDwaCjU0395R+vM89o24h8pMTNOUhY1Dqxh0rKQOnTACc12kmhwQucdtjwkFzM7PJxW8d8GGdvgPoIxe27sguUMvn6IFo8h0JmGrbAyDEeR113s/gwQm9ozM9KJXXyImfiRJCcDSlny0rTNWZaGonXuSezFuhcSazepd0v85ofHgIflQQjMfLUNz1b9+ci4SbnpoJwzlrY2d6SyJSIA7Bz223j9UcRgDvRvIz3
template:
metadata:
creationTimestamp: null
name: meilisearch-master-key
namespace: apps-fuku

96
k8s/services/miniflux/deployment.yaml
View file

@ -1,96 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: miniflux-deployment
namespace: apps-roboces
labels:
app.kubernetes.io/name: miniflux
app.kubernetes.io/managed-by: argo
app.kubernetes.io/version: 2.2.13
annotations:
kube-score/ignore: pod-networkpolicy,deployment-has-host-podantiaffinity
spec:
selector:
matchLabels:
app.kubernetes.io/name: miniflux
replicas: 3
strategy:
rollingUpdate:
maxSurge: 50%
maxUnavailable: 50%
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: miniflux
app.kubernetes.io/version: 2.2.13
spec:
containers:
- name: miniflux
image: miniflux/miniflux:2.2.13
imagePullPolicy: Always
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 10000
runAsGroup: 10000
capabilities:
drop:
- all
resources:
requests:
cpu: 300m
memory: 300Mi
ephemeral-storage: 2Gi
limits:
cpu: 400m
memory: 500Mi
ephemeral-storage: 4Gi
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 15
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 15
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
periodSeconds: 10
envFrom:
- secretRef:
name: miniflux
env:
- name: RUN_MIGRATIONS
value: '1'
- name: CREATE_ADMIN
value: '1'
- name: OAUTH2_PROVIDER
value: oidc
- name: OAUTH2_REDIRECT_URL
value: https://feeds.roboces.dev/oauth2/oidc/callback
- name: OAUTH2_OIDC_DISCOVERY_ENDPOINT
value: https://auth.fukurokuju.dev/application/o/miniflux/
- name: OAUTH2_USER_CREATION
value: '1'
- name: FETCH_YOUTUBE_WATCH_TIME
value: '1'
- name: WORKER_POOL_SIZE
value: '1'
- name: POLLING_FREQUENCY
value: '120'
- name: BATCH_SIZE
value: '25'
- name: METRICS_COLLECTOR
value: '1'
- name: METRICS_ALLOWED_NETWORKS
value: 10.42.1.0/16
restartPolicy: Always
automountServiceAccountToken: false

21
k8s/services/miniflux/ingress.yaml
View file

@ -1,21 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: miniflux
namespace: apps-roboces
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: traefik
rules:
- host: feeds.roboces.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: miniflux-service
port:
number: 8888

11
k8s/services/miniflux/poddisruptionbudget.yaml
View file

@ -1,11 +0,0 @@
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: miniflux-pdb
namespace: apps-roboces
spec:
selector:
matchLabels:
app.kubernetes.io/name: miniflux
maxUnavailable: 1

20
k8s/services/miniflux/sealedsecrets.yaml
View file

@ -1,20 +0,0 @@
# yamllint disable rule:line-length
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: miniflux
namespace: apps-roboces
spec:
encryptedData:
ADMIN_PASSWORD: AgAHylzGx3pyxBBLQapB3nmKVbbT7TJ2l2mpX/GOOQnSLySjBQF+ji1ZSjjgW9a/eq6OSfvqDB0pyFIWD51hC7gwXFSH07dwWgguI0yDATg7RgTagvvebi1GFrmkOPC++C/+QbVfxsj7S7SvhhHcjv1K3IQjiAlNof/pD7J9fe59H53fh62eegC55VMI++AXS1iEFxLMq7gQ9+pgapW5a4tR2WhdkGKdTaLCG5OKpzAzoodixyP/fYBDmd8OvpXnG9lv+0tohFlRrYD0Vgl/PR8yobPYoi0Oo5CqOK59zELOjsepZfziw9OB6NaOmxN6QWYAmFNXVBrWDfuvMCG4SHARbfaNhIX9VVvlr7XUi0ZIzGYyWVgI4ZcsvfQjB11RznZzSPyv5Sos4UR7UCL9aU+p/OnTcyGrbQ/JsX3ZjGaaJCtpScfD9xNzQVnnaAizVNt2sBIqNG1TOzd2rVZKkl5B2QsNZ4mpyFNAeqx3IlXK+y+m61Zzoa1V0kN507bmSVg0rAspw/045hf6GtpHNQtFn5BBnoI54qn5CrntkfQzM3YJp+OaEywg3ekktmhGfMZorJYtg77YaYFXKmvgkc08WtVFQFISXzGXcWUqxloE47DlQkgITgTEXnBryIrwS6mGOiuMVv12eEwYl1QTjAuqYYerZq2QAObbw8xCkGkfN/oksfrivsmE2KLCIrLr7HxisprBi9vLjEQ7mRDFXg==
ADMIN_USERNAME: AgBJw0U5eXLX6Tvgm2If6axOPgFxiV58OM+Xt3c4XwVwYDuvNJw+ccOcwy97d1oYgE9t6bmSLIPLDv2oUN+GOzQ/danayN4tC/778qeWBjKA/ffwX8hHSmDPLtU/nwhm4+lZj+doWrom6MrI0A4oNlqNtxulK0neN+PFDK9X0Hn7FkZtOMnKC42KW8H80oXLdPcRB8u3ZM5WgcXaRm/vPiCsTPAXHywNMcIWnsjH3SaX5Aoc0VjB82tfQ62M3hM9tngoOcrIuRlolLQVFmLD/4qNQYQOs7cXy9BWB2GcIyVPiS3WJ4L9UETDYqSeiZVbrFS/C6RVHIP6TTrS+0XhIX/8DuY8vV3qt5wN4iwC+nq8qvI7LpogDl1sGhjHJp9hAvGzYpYLAXTTxVTAh2rgqw6TAWpGABOzFghUwhN0/RRJdSqkxENO8p6LZOvDia5zTQARu1061kyy4+6ownTw8DvIcnEaSCqvmJZbsUHIG9UnQlrUUpSMEdsr4NDOrh2hroGTYtXsl/iQ1yFBqNbtSQqUTsca1Hiny9TQjGjwyluZ6StoighZH3jbelubv3yHghN6PgZaLt94hnDN78eBxhB9XQ03rcdbm8WTZIOQ8k3RGcVgY5oGBqTGOq2IFZm8zTO0Ze9+jnFhGM2zuFGK6rv8RHbXhAautoQxpd+jdeTEpGRTQgG/7ebEe7WFchlNcNoCsm0OCA==
DATABASE_URL: AgCc0sAAV+6T9PuImOkcKWBcyNUYsNXuoS2G2ex3AUAXdLmNXwo03vFDyvLRZNFskpF1M8hHEo1W3o9PKXyPb6Ba8RiWTicQOSgQlJhpG6c4iDvX9ZuIe62V8tQUBbpNkXDXCJ35mEmQgLWl5WccindGJI1eIEkVcAnpFwO7vPpGGNCYi7rIvu92961nssYcGKrZ5UNxvsYdsmG3mWdUNq00klqi39p9QQZOc+vslsZn8R3i+Qe2g4jzBpv2Rn7EAcZawLruo1lAl6UhTGAMWosm2t/Kmd5JX0+q3dsUQ3V6n1tC855UolztEt24Q5lfudkKqAK9RaKPsC7qnRC7LuYHv0WmP66uCcI1Uc72IIxrDTvGI5F63Psk4JJd0xgie9bMd2qFAtr0N9o4RNShUk3igghl1SexGmwvWxsCadegQOVv7/6Pm3SgH5K0UxNuBDa3MLwlLmshBtEQcMDBbboWS8AdRzI2I6hf3I5AiFRCz7Fux+VDEQVziCFGXjGAq5jADmqR4tkto1Lx5sYvI//NS5ZQzrwa5tOxlpb89WUs3IxN2b+m8Vc2GI6FPkoVjRUxYZuyUIPTJqCrVistyVSGu0281ojb9+r6fc7wPiHjZngZ6E3wL5xXQb+k0cpBX8bYPr3wPNY6/mx61kyDBXjZ8+CrdKw71nVHQSYDpv8vlFsVd1fOd40S8D9XkTP3P/5LQpdMQxAkCF/qLjeBhZX+jGwMEIdedxc8t09R+JLev4ehnjNoxFTFLlckvYrX6P5Lp6hXE5jCylahNr/K1rFmxqF7RrGOoF26GiuO
OAUTH2_CLIENT_ID: AgBuTfIdxdW96TnjQor2KtH5/wDJfvWXJ9wSln1wUW7fzBaZ2tLoPxvOUv8NyyFWPYC/J7AeShOwJHJIT4iCLqBPT7qY+MiM8xn4k2yz0mfNia0CUNrs+0eHfUrYdAjVJah+NAO2TvBhXSmGYQ3nNDU3TQOqXj3x+PWpc0w5ulz+4V62Oc/gO+KAcK2Pn2ISD7IzkVYW+H6allQXzG/b23SQVYB49g9bgWuJIzVRlIE+91uI+CyFQE03guS1Jpya8J04UkZI8ki8O7cz9N6ak6OG73toZUQpcP3d6bMIt/NRa/qTEOp1bLf6ZQ0e7+gVgI+73WUVg2NhkMraHzeMfHRa8bD2/BQ/bk45r0U0eyntXjYv9bkE7l954QPPVjJ59zlGzQfD0QMB3U8OiCdqUiyfyojulWNhwzuipwFX8HfLvSnkrIFNo/zeHJzUasha9UJY+NorzOnXvXWHN2aLN5Tr0Rh5Wk3//PzbYd9UlPSBDxLVw86Fg0SfHkhngMatSkfzLeYHwDSl8pSQI39uMJKVUOpflkeZVbWX8knjr4D+S16zhnqk6K37PDDV9hb6Sp7luAgFesBIn+gtwTpfwT0CDtotm6yNfHOnLvLOMlFn35N1ic5HghFW8h5mkJTgoAMkmU9Yehb9RjrEVAUbabR8RhchO9cqVyakAp9/4/Nb6pG09O2XIBMrKS5bdqEwuObM4ygFSz16ByzQ8dekGEQECej+o95bI1qNxO3Yaslh06Z2NKV1DUJ7
OAUTH2_CLIENT_SECRET: AgCJgI3M7DDvNspsDLZ6CeXxYtPLs3WabskA5Tp9d4vNYUk5XvLbYUhzkxcdtWsG1dgazH+RrvgGgCZFVOw2cgb2EEkt+zxB10ihN7HwHtOGDMZDJFOLGso2VJvbKu4yntBTv/1w86gtz0n3CilhvAcEAD1UrmVrTwfJTF7DmCHVEEPCOLal/lF9rSMwFrhdLTUVp+eSEZ3kC+F8WQR69nk7JmWjEXeamJ+HzahLm2Bp2D9GtxaF37TjV0pXqgyybIpSfdabVGwcik3bT12lf+6gmEPDKvFoq2eUB7esIuSH+RCHy1M1Rk7EO81Ku3ELoSJPzd1JRuTn1jFY8DzOOQmUU6yFbZUdTWpECImnI+OwZYg82rPqG5Gy3xmKv+5h1SkejQwJ/olqG9M4BlG2DlTS2t9GAW7Z6Q7O4oglMpUmG3v8fZUblJT7HhyJv+K2FqZHuYjo64we+14qEnV0LvFdHhEoHrbKi7b7qwDYshHycZs+DcF9HiqkK1NMFjszY9W85uH1Trtx3yTEUC3t6yMacef1OTL8SMr7AQMlo4jo6QRzggGJw2EGIZqiAXAbpiiQyPfjoZ4A1jQlemwAd25SRfnGu7ZvGt/LOKZ/sBfMWhk3Eshw9ffvW2TQKA4oODb+6o6MiRVhL5UkqNxMLIt9IV7o7EnBsW7xQHgZUq9qq+Mqb2mvB2NVYC0skyQtHE7SU4nCOeSiIsmt4Y5jwjsGyHbAxJzp3H+cjcefZOf6Rb+iweNB5rtYBhQsTlPA6lZ9GPe04wRwMtyyv/sEh6LbDPvRyuIK5sLAApPZKBEmgqahri2/BNdARf54vHDkba3qlB2cgCxjJJdT1XuuPUn6+W7vE1gYrKP5TXBi/YZ2Qg==
template:
metadata:
creationTimestamp: null
name: miniflux
namespace: apps-roboces

19
k8s/services/miniflux/service.yaml
View file

@ -1,19 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: miniflux-service
namespace: apps-roboces
labels:
app.kubernetes.io/name: miniflux
app.kubernetes.io/managed-by: argo
app.kubernetes.io/version: 2.2.13
spec:
selector:
app.kubernetes.io/name: miniflux
type: LoadBalancer
ports:
- name: miniflux-service
protocol: TCP
port: 8888
targetPort: 8080

16
k8s/services/redis/sealedsecrets.yaml
View file

@ -1,16 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: secrets-redis
namespace: apps-fuku
spec:
encryptedData:
redis-password: AgBqJ2pqIbdtOtbGnmalrdzSEZYBDhkyhZNv3fEsgLmvZ55ehXreELEZGKcOCqgVKCQZnfLTA7X4vyR6oZVhSdvcJeULmHrmO7ynItoyowvmY5njE7jTWTsSKypCXJXS0u81TD8+sF0DCRrALo4fzCfyxHWg2x7qyVOllOfhaWpggFsqqn7fMLUdhumnW2C5bEj2x/8PkW4aLI86osjKlwDiMXTE6nULQ4Fx76zzjuhCDLN0RGG4xTqVzDcbt+F7cpULyTJ9Kvq53UPMMaCq0huIkU/JYmAHMUcXF2Q1HUdh/K/R0KYqhlEN7t9JPJgsi7s7IKpp0EFRHOfvkZAm5bAqG34q0p/1Hce+0ifOZsQYp4nmj/1uEGshXhWETSI7mAw/sEdG+uJvLP6Sz7KkaLXhV8tGHfyXqwNyo+jV6JqIsynOY5UZc8zN170nQXwM5KzQyIsNz1yjDFGBIC4y/gjwaDXioaMGVg+PRxFEUAahssdPPZ8ug3M8EaqqgPlHTye+LwHDVDJZAWmnYJ6ajYWGqeCx7pKw2+vhr8V4ToSyG3hsPEbREwVSO50fKOL/MelRC24Rrzv8uthtHjHniLt1DJzPkXJUAnMaV4UsJ21Ge5PQo7Op0G/RNSnka2LAt3I6CVbUb0UoBhSNPmDVD5/0pn5oM/PSd0oqszUsFdxoIOpCIt3ReZUD6eHOlcuK8H65nwsb7Cbyde8a8GTD9q7SoDo2IQ==
template:
metadata:
creationTimestamp: null
name: secrets-redis
namespace: apps-fuku
type: Opaque

16
k8s/services/valheim/sealedsecrets.yaml
View file

@ -1,16 +0,0 @@
# yamllint disable rule:line-length
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: valheim-secrets
namespace: apps-fuku
spec:
encryptedData:
server-password: AgBsm7Qg9ej7FtFh5twb4ALyL0I/fzVukURvFg17aweeDX7bM/9p/Yq7S2XG8gbqOYbC1GxknGMHQUnTXqXC9YZ4tZVUAptTCrAsPZHhHiet8bM39KCo2tGa5mCyC7lcmxae26cHuKj8Df6iMQCHL9ZH58A2SU8OIaszkonjwvSnbk6u7/HLCE8UyqP1JjXBMd4wx4BFDrhbauZr10f51tI55ksY+x44QQNrz84QEXmQ/dgwdzGAWqcPQTf57BebSI+ZKtUIvrMpNtz1ioqGnH3vWlb7QnqyqcyAYri3W3j8DB03EpfI2QjYi5Rs1NaJoO8L5HFdHW5p+rmttuwRxiEUPmURftH25o6Mgv/EcWGsB1TpyyFXM8JNU01lWJ+Wty316YF1BV3zHqdQeKu82R/wSv+iVm1dYKTfSOLe3YJr+aFnhYX3hCpBup1cB2KeOe/X9wTo2ETdvKhcIJPz8x7TRcXaCerVmVBw6LagmmdtMsCL4AIXw2gdkBeGONQmOzR1hDyTBAmpTv59WYzAJcCPZRE6gGxCPqH32G36E7WGEI4UOsjvT3GkVDnYx4FUDppzSP0ebnHZOwwAPFtXojHUaHg7ZTjZiuXDQa9Hkqt4mIOKa0i1HI0MyPu8eZJjoRXNS4j1yLfDCP2eSuhGjtVNbbyQthaITolitZ0VeUU8St1iKB7rvAGHqhBoPSw9TOBVSsBcHgIAV64oRqto4kM8
template:
metadata:
creationTimestamp: null
name: valheim-secrets
namespace: apps-fuku

17
k8s/services/vaultwarden-kubernetes-secrets/sealedsecrets.yaml Normal file
View file

@ -0,0 +1,17 @@
# yamllint disable rule:line-length
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: vaultwarden-kubernetes-secrets
namespace: apps-fuku
spec:
encryptedData:
BW_CLIENTID: AgB6UpzjiBqifwHwm4YfevKVQLTt/2JxrTdJ0O29i416TrvPvYlrofG6ihWQDIr7zAROq5RE1YI1mFdczzcHTccMV+/rPPBTY04rdkoypc17/+P5eVLO03dcSldhbcgiMJQYgji+U59SFebPxxPI9gn6GmOss368Wqgdffu/d7V6RtvBNN+qgIu1FjS26FYxKRKi/mEjPmF6GCkkWRHkkpimdjKalVkuQXiu04cwDTSRYNmgePv5ihem/5tP7ZqgQCFpYafpia6CnQwhHNoPP4Dq+cV5VVPw7AfVdm28HgFLiZhiUWXoGiiFvTZcDwViG4T80gqxtfN/2ur94V7zc/PTGXSsVWBJYM93/jf3zcK7h5wag0nXeYm7nD+NT1JM/2NZguqLVl3iX4qE+f0C83dPTUrBv8+9H3aw0YLI/zgnT8Fdg6VAdbGrXMXrTEqm2IChRZ65/WIgwaRWIH+ETsWPFqUj3mH9Cx8NkNNSRfTqmZS28VEfcCzutSgTJ4zs2VwTYDBBD1QQSMrhUSLrCihWLK3ZTjVTEwAaoUObnaFrYpNBGVZQne9zzWO38/y4NQ2D1Q1YTx0cBP8qcKit9v1GFmOcNDsVG1WCFkZh0qz4j37SOBH0J00sG1lwGvkb05pOjcGVUexjzvHloUjSauFypW+2XQqnVshMbNgKgZYZmZmWbHf8nyq7+wssivbjB5qX5foiCN/Qp2WtIG92k08ZU1+hTq/w/GX8DI/UsbSLU7p/0vpAKMDBuw==
BW_CLIENTSECRET: AgBfsr/ECO+lxSojrp1Ailv7SOYMqtGzmQCmXI3g7+K0W+RT7dOHuZOk7VlvYG5l4qVjriXhMo1xGcGYf8WeAebx+OWTs9Y9sRQ7eGnQW/KD7ihV3vCy2+jEdWZas9wEN1coUUt7Lbg09jz+nrt8Di2xFigJWSjuWejyAwmnRC0O0gLSudidf2x1aTeclid1tFvubbKbYUrLbTCLPW1bDuDs8BseRX6sF8/CVR1ZKWbcADUYvP7Amygc4WMElRREMQJjKBiPYNA4OuepvpQDlNVz/wq499XJAnFMDP8BhKxYalwOqTYzWQT0DA4mwBokMnpRE0VJ3erAAKQwzDHqO8pFE5bqhgzjwTWryH0ZmRF96JVLxx5IMetb8jYEPAHA/ymz9GmSUyVDXDRoeyH2xM4vuD/6A2JXc6kgcpfRx+5UJUybajO7urvHBCS/5X5cEiEOyEtqPMqkRdv2LgN1wXMEU88eK2NqpVX7zhLIJgoMusdHtkDmSlS+pFIb3GwGQRmn5khj5xkyQKweMoPvC5Pq+T/F5/2NziJGRj56HYvaiOPfyfzetaw7Zh3I+umMfZ6mtKD7ntYB1EYaqIMhTlAQv8DxS98t19LOke3h5QKcX6SdKeAqAvlqxuYZ5rweNtZsDevtnaFdmDzbve6xbZrtNwAurpZMYC/7tetyH+jFHrcFjDCuMMLdD5t4d8NW50nks71Pofe6KO/8lkzNOjiQwBIUfG+8Y6bAmPiBBr0=
VAULTWARDEN__MASTERPASSWORD: AgBlRRDUcWw8Kq8IJ/dBk1RQwA6jg4VtpDTzU9eRtkdZfBoEI+KnQt2QHtGv7ZMmyCHztRAoJcEWyoN25RMdG4dQQN40IOPBiv7D8e036nQv7rQqZWE7mPPs9veskS+8sE+h3HFlwIEytn4721nHw4DNl2Uwbtgo1rTRRyJ3Px2UoCfnCU1xVtimWhj7uLjf2kPkSvWRUFZFfzSkuMWtiAPDxspk7q8CTktdiUHV6ZsuuIcZfJ1mHkuredVGYpOcrKLJcwGE7Auzn382lILNwkSuiZjt0T+O5A0c406SPVGU/ovofbRgdUQmmIbS+q6y17HMDkwLutdmIyJgqMEPJXR0KfebjzdtaNdSbmL68QsdECqCbQm6Az3uMEOJ8TVm9rH5yfZZoXLMVjzHgwtQbV9vBb0ubMUKdqJahD0zUQ/1FqDtYHt9OBv8bLh8SXiTKNxz2GByHjcGFUNZhZac1eTqmtYxxUhk4KNFsqx7FvJNUi0VTfINvHAd9Tjlrd0vQbST3VgdiIEHcuxW5HShdSnl8o5WXKmEtlecMqB3Y/C6IIPF+CZ6HoMgfE59G2dchnNccSwdZRa0n6OWt3BWJi7fuhrBXvTBpa5Zxrqh6o1VX3k5wXDgBRN7a8pZawhuCXbcBcrhcs+wDm7YlK3Gj3F01dIOGc7qMpdMWUHcUxCikC9Wlnp5b+OKB2huiHWr2p8v0IeOu8MfC65GEkx/dInxW1CkitHsGVA=
template:
metadata:
name: vaultwarden-kubernetes-secrets
namespace: apps-fuku
type: Opaque

162
scripts/k3scale.sh Executable file
View file

@ -0,0 +1,162 @@
#!/usr/bin/env bash
usage() {
cat <<EOF
Usage: $(basename "$0") REPLICAS [RESOURCE...] [OPTIONS]
Scale up or down one or several deployments/statefulsets.
Arguments:
REPLICAS Number of replicas to scale to
RESOURCE Resource to scale in "namespace/name" format, or just "name"
(uses current context namespace). Can be specified multiple times.
Commands:
--all Scale all deployments and statefulsets in the namespace
--all-namespaces
Scale all deployments and statefulsets across all namespaces
Options:
-h, --help Show this help message
-n, --namespace NAMESPACE
Namespace to use (default: current context namespace)
--dry-run Print what would be scaled without making changes
-v Pass -v to kubectl (minimal output)
-vv Pass -vv to kubectl (more output)
-vvv Pass -vvv to kubectl (debug output)
Examples:
$(basename "$0") 1 mynamespace/mydeployment
$(basename "$0") 1 mynamespace/mydeployment mydeployment2
$(basename "$0") 1 --all
$(basename "$0") 1 --all --namespace mynamespace
$(basename "$0") 0 --all-namespaces --dry-run
EOF
}
KUBECTL_V=""
NAMESPACE=""
DRY_RUN=false
REPLICAS=""
RESOURCES=()
ALL=false
ALL_NAMESPACES=false
while [[ $# -gt 0 ]]; do
case "$1" in
-h|--help)
usage
exit 0
;;
-n|--namespace)
NAMESPACE="$2"
shift 2
;;
--dry-run)
DRY_RUN=true
shift
;;
-v|-vv|-vvv)
KUBECTL_V="$1"
shift
;;
--all)
ALL=true
shift
;;
--all-namespaces)
ALL_NAMESPACES=true
shift
;;
-*)
echo "Error: Unknown option: $1" >&2
usage >&2
exit 1
;;
*)
if [[ -z "$REPLICAS" ]]; then
REPLICAS="$1"
else
RESOURCES+=("$1")
fi
shift
;;
esac
done
if [[ -z "$REPLICAS" ]]; then
echo "Error: REPLICAS is required" >&2
usage >&2
exit 1
fi
if [[ "$ALL" == false && "$ALL_NAMESPACES" == false && ${#RESOURCES[@]} -eq 0 ]]; then
echo "Error: Must specify --all, --all-namespaces, or at least one RESOURCE" >&2
usage >&2
exit 1
fi
NAMESPACE_ARG=()
if [[ -n "$NAMESPACE" ]]; then
NAMESPACE_ARG=("-n" "$NAMESPACE")
fi
DRY_RUN_ARG=()
if [[ "$DRY_RUN" == true ]]; then
DRY_RUN_ARG=("--dry-run=client")
fi
KUBECTL_BASE=(kubectl)
if [[ -n "$KUBECTL_V" ]]; then
KUBECTL_BASE+=( "$KUBECTL_V" )
fi
KUBECTL_BASE+=( "${NAMESPACE_ARG[@]}" )
KUBECTL_BASE+=( "${DRY_RUN_ARG[@]}" )
scale_resource() {
local resource="$1"
local ns name
if [[ "$resource" == */* ]]; then
ns="${resource%%/*}"
name="${resource#*/}"
else
ns="${NAMESPACE:-$(kubectl "${NAMESPACE_ARG[@]}" config view --minify --output jsonpath='{.contexts[0].context.namespace}' 2>/dev/null || echo "default")}"
name="$resource"
fi
for kind in deployment statefulset; do
if "${KUBECTL_BASE[@]}" get "$kind" "$name" -n "$ns" &>/dev/null; then
echo "Scaling $kind/$ns/$name to $REPLICAS replicas${DRY_RUN:+ (dry-run)}"
"${KUBECTL_BASE[@]}" scale "$kind" "$name" -n "$ns" --replicas="$REPLICAS"
return 0
fi
done
echo "Error: Resource '$resource' not found as deployment or statefulset" >&2
return 1
}
get_resources() {
local ns_flag=()
if [[ "$ALL_NAMESPACES" == true ]]; then
ns_flag=("--all-namespaces")
elif [[ -n "$NAMESPACE" ]]; then
ns_flag=("-n" "$NAMESPACE")
fi
"${KUBECTL_BASE[@]}" get "${ns_flag[@]}" deployment,statefulset -o jsonpath='{range .items[*]}{.metadata.namespace}/{.kind}/{.metadata.name}{"\n"}{end}' 2>/dev/null | while IFS=/ read -r ns kind name; do
echo "$ns/$name"
done
}
if [[ "$ALL" == true || "$ALL_NAMESPACES" == true ]]; then
while IFS= read -r resource; do
[[ -n "$resource" ]] && scale_resource "$resource"
done < <(get_resources)
else
for resource in "${RESOURCES[@]}"; do
scale_resource "$resource"
done
fi

313
scripts/proxmox-power.sh Executable file
View file

@ -0,0 +1,313 @@
#!/usr/bin/env bash
set -euo pipefail
# Proxmox cluster power helper
# - Start or shutdown a set of QEMU VMs and/or LXC containers by ID, or all.
# - Auth via API token or username/password (env vars or secret-tool).
#
# Requirements: curl, jq; optional: secret-tool (GNOME keyring)
#
# Environment variables (examples):
# PVE_HOST=proxmox.example.com[:8006]
# PVE_TOKEN_ID="user@pam!automation" # when using API token
# PVE_TOKEN_SECRET="xxxxxxxx-xxxx-xxxx" # when using API token
# PVE_USER="user" # when using password login
# PVE_REALM="pam" # default pam
# PVE_PASSWORD="..." # or provided via keyring
# PVE_SCHEME="https" # default https
# PVE_VERIFY_SSL="true|false" # default true
# PVE_NODE_FILTER="" # optional: restrict to node name
#
# Examples:
# scripts/proxmox-power.sh --op shutdown --all
# scripts/proxmox-power.sh --op start --ids 100 101 --only-qemu
# PVE_TOKEN_ID=me@pam!ci PVE_TOKEN_SECRET=... scripts/proxmox-power.sh --op shutdown --all
SCHEME=${PVE_SCHEME:-https}
HOST=${PVE_HOST:-}
VERIFY_SSL=${PVE_VERIFY_SSL:-true}
INSECURE_FLAG=""
if [[ ${VERIFY_SSL} != "true" ]]; then
INSECURE_FLAG="-k"
fi
usage() {
cat <<EOF
Usage: $0 --op start|shutdown [--all | --ids <vmid> [<vmid> ...]] [options]
Options:
--host HOST Proxmox host (env PVE_HOST). Example: proxmox.example.com:8006
--op OP Operation: start or shutdown
--all Apply to all VMs/containers in the cluster (honors filters)
--ids LIST Space-separated list of VMIDs to operate on
--only-qemu Only operate on QEMU VMs
--only-lxc Only operate on LXC containers
--include-stopped Include stopped guests when op=shutdown (no-op otherwise)
--force If shutdown times out, force stop
--timeout SEC Shutdown wait timeout (default 120)
--concurrency N Parallel operations (default 4)
--node NODE Restrict to a specific node name
--dry-run Show actions without executing
--insecure Do not verify SSL (same as PVE_VERIFY_SSL=false)
-h, --help Show this help
Auth (choose one):
API Token: env PVE_TOKEN_ID and PVE_TOKEN_SECRET
Password: env PVE_USER, PVE_PASSWORD (or from keyring), optional PVE_REALM (default pam)
Keyring:
If PVE_PASSWORD is empty and 'secret-tool' is available, the script tries:
secret-tool lookup service proxmox user "+$PVE_USER+" realm "+${PVE_REALM:-pam}+"
If PVE_TOKEN_SECRET is empty, it tries:
secret-tool lookup service proxmox token_id "+$PVE_TOKEN_ID+"
EOF
}
require_cmd() {
command -v "$1" >/dev/null 2>&1 || { echo "Error: required command '$1' not found" >&2; exit 1; }
}
get_keyring() {
local value=""
if command -v secret-tool >/dev/null 2>&1; then
value=$(secret-tool lookup "$@" || true)
fi
printf '%s' "$value"
}
# Globals set by auth_init
AUTH_HEADER=""
COOKIE_HEADER=""
CSRF_HEADER=""
auth_init() {
local base_url="$SCHEME://$HOST/api2/json"
if [[ -n "${PVE_TOKEN_ID:-}" && -z "${PVE_TOKEN_SECRET:-}" ]]; then
PVE_TOKEN_SECRET=$(get_keyring service proxmox token_id "${PVE_TOKEN_ID}") || true
fi
if [[ -n "${PVE_TOKEN_ID:-}" && -n "${PVE_TOKEN_SECRET:-}" ]]; then
AUTH_HEADER=("-H" "Authorization: PVEAPIToken=${PVE_TOKEN_ID}=${PVE_TOKEN_SECRET}")
return 0
fi
local user="${PVE_USER:-}"
local realm="${PVE_REALM:-pam}"
local password="${PVE_PASSWORD:-}"
if [[ -z "$user" ]]; then
echo "Error: set PVE_TOKEN_ID/PVE_TOKEN_SECRET or PVE_USER[/PVE_PASSWORD]" >&2
exit 2
fi
if [[ -z "$password" ]]; then
password=$(get_keyring service proxmox user "$user" realm "$realm") || true
fi
if [[ -z "$password" ]]; then
echo "Error: password not provided and not found in keyring for user '$user' realm '$realm'" >&2
exit 2
fi
# Login to get ticket and CSRF token
local resp
resp=$(curl -sS $INSECURE_FLAG -X POST \("${AUTH_HEADER[*]}"\) \
-d "username=${user}@${realm}" \
-d "password=${password}" \
"$base_url/access/ticket")
local ticket csrf
ticket=$(echo "$resp" | jq -r '.data.ticket // empty')
csrf=$(echo "$resp" | jq -r '.data.CSRFPreventionToken // empty')
if [[ -z "$ticket" || -z "$csrf" ]]; then
echo "Error: failed to obtain auth ticket (check credentials)" >&2
echo "$resp" | jq -r '.' >&2 || true
exit 3
fi
COOKIE_HEADER=("-H" "Cookie: PVEAuthCookie=${ticket}")
CSRF_HEADER=("-H" "CSRFPreventionToken: ${csrf}")
}
api_get() {
local path="$1"; shift
local url="$SCHEME://$HOST/api2/json$path"
curl -sS $INSECURE_FLAG "${AUTH_HEADER[@]}" "${COOKIE_HEADER[@]}" -X GET "$url" "$@"
}
api_post() {
local path="$1"; shift
local url="$SCHEME://$HOST/api2/json$path"
curl -sS $INSECURE_FLAG "${AUTH_HEADER[@]}" "${COOKIE_HEADER[@]}" "${CSRF_HEADER[@]}" -X POST "$url" "$@"
}
# Parse CLI
OP=""
DO_ALL=false
IDS=()
ONLY_QEMU=false
ONLY_LXC=false
INCLUDE_STOPPED=false
FORCE=false
TIMEOUT=120
CONCURRENCY=4
NODE_FILTER="${PVE_NODE_FILTER:-}"
DRY_RUN=false
while [[ $# -gt 0 ]]; do
case "$1" in
--op) OP="$2"; shift 2;;
--all) DO_ALL=true; shift;;
--ids) shift; while [[ $# -gt 0 && ! "$1" =~ ^-- ]]; do IDS+=("$1"); shift; done ;;
--only-qemu) ONLY_QEMU=true; shift;;
--only-lxc) ONLY_LXC=true; shift;;
--include-stopped) INCLUDE_STOPPED=true; shift;;
--force) FORCE=true; shift;;
--timeout) TIMEOUT="$2"; shift 2;;
--concurrency) CONCURRENCY="$2"; shift 2;;
--node) NODE_FILTER="$2"; shift 2;;
--host) HOST="$2"; shift 2;;
--dry-run) DRY_RUN=true; shift;;
--insecure) VERIFY_SSL=false; INSECURE_FLAG="-k"; shift;;
-h|--help) usage; exit 0;;
*) echo "Unknown argument: $1" >&2; usage; exit 2;;
esac
done
require_cmd curl
require_cmd jq
if [[ -z "$HOST" ]]; then
echo "Error: --host or PVE_HOST is required" >&2
usage
exit 2
fi
case "$OP" in
start|shutdown) :;;
*) echo "Error: --op must be 'start' or 'shutdown'" >&2; usage; exit 2;;
esac
if ! $DO_ALL && [[ ${#IDS[@]} -eq 0 ]]; then
echo "Error: specify --all or a list of --ids" >&2
exit 2
fi
if $ONLY_QEMU && $ONLY_LXC; then
echo "Error: cannot use --only-qemu and --only-lxc together" >&2
exit 2
fi
auth_init
# Collect targets
resources=$(api_get "/cluster/resources?type=vm")
filter_jq='[.data[] | {type, vmid: (.vmid|tostring), status, node}]'
items=$(echo "$resources" | jq "$filter_jq")
if [[ -n "$NODE_FILTER" ]]; then
items=$(echo "$items" | jq --arg node "$NODE_FILTER" '[.[] | select(.node==$node)]')
fi
if $ONLY_QEMU; then
items=$(echo "$items" | jq '[.[] | select(.type=="qemu")]')
elif $ONLY_LXC; then
items=$(echo "$items" | jq '[.[] | select(.type=="lxc")]')
fi
select_ids=()
if $DO_ALL; then
mapfile -t select_ids < <(echo "$items" | jq -r '.[].vmid')
else
select_ids=("${IDS[@]}")
fi
if [[ ${#select_ids[@]} -eq 0 ]]; then
echo "No matching guests found." >&2
exit 0
fi
# Build an associative map of vmid -> node,type,status
declare -A VM_NODE VM_TYPE VM_STATUS
while IFS=$'\t' read -r vid node type status; do
VM_NODE[$vid]="$node"
VM_TYPE[$vid]="$type"
VM_STATUS[$vid]="$status"
done < <(
echo "$items" | jq -r '.[] | "\(.vmid)\t\(.node)\t\(.type)\t\(.status)"'
)
work_list=()
for vid in "${select_ids[@]}"; do
if [[ -z "${VM_NODE[$vid]:-}" ]]; then
echo "Skip vmid=$vid (not found by filters)" >&2
continue
fi
# Idempotence: skip if already desired state
st="${VM_STATUS[$vid]}"
case "$OP" in
start)
if [[ "$st" == "running" ]]; then
echo "Already running: $vid (${VM_TYPE[$vid]} on ${VM_NODE[$vid]})"
continue
fi
;;
shutdown)
if [[ "$st" != "running" && $INCLUDE_STOPPED == false ]]; then
echo "Already stopped: $vid (${VM_TYPE[$vid]} on ${VM_NODE[$vid]})"
continue
fi
;;
esac
work_list+=("$vid")
done
if [[ ${#work_list[@]} -eq 0 ]]; then
echo "Nothing to do."
exit 0
fi
run_action() {
local vid="$1"
local node="${VM_NODE[$vid]}"
local type="${VM_TYPE[$vid]}"
local path_base="/nodes/${node}/${type}/${vid}/status"
echo "[$OP] ${type}:${vid} on node ${node}"
if $DRY_RUN; then
return 0
fi
case "$OP" in
start)
api_post "${path_base}/start" >/dev/null
;;
shutdown)
# Try graceful shutdown
api_post "${path_base}/shutdown" -d "timeout=${TIMEOUT}" >/dev/null || true
# Optionally force stop if still running after timeout
# We poll once after timeout window to check status
sleep 2
local st_json
st_json=$(api_get "/nodes/${node}/${type}/${vid}/status/current")
local cur
cur=$(echo "$st_json" | jq -r '.data.status // .data.status.current // empty')
if [[ "$cur" == "running" && $FORCE == true ]]; then
echo "Forcing stop: ${type}:${vid}"
api_post "${path_base}/stop" >/dev/null || true
fi
;;
esac
}
# Parallelize with xargs -P
export -f run_action api_post api_get
export SCHEME HOST INSECURE_FLAG AUTH_HEADER COOKIE_HEADER CSRF_HEADER TIMEOUT FORCE DRY_RUN
declare -p VM_NODE VM_TYPE VM_STATUS >/dev/null 2>&1 || true
printf '%s\n' "${work_list[@]}" | xargs -I{} -P "$CONCURRENCY" bash -c 'run_action "$@"' _ {}
echo "Done: $OP ${#work_list[@]} item(s)."

129
scripts/update-argo.sh Executable file
View file

@ -0,0 +1,129 @@
#!/usr/bin/env bash
check_kubectl() {
if ! command -v kubectl &>/dev/null; then
echo "Error: kubectl is not installed or not in PATH" >&2
exit 1
fi
log_info "kubectl found at $(command -v kubectl)"
}
VERBOSE=0
log_debug() { [[ $VERBOSE -ge 3 ]] && echo "[DEBUG] $*" || true; }
log_verbose() { [[ $VERBOSE -ge 2 ]] && echo "[VERBOSE] $*" || true; }
log_info() { [[ $VERBOSE -ge 1 ]] && echo "[INFO] $*" || true; }
log_error() { echo "[ERROR] $*" >&2; }
usage() {
cat <<EOF
Usage: $(basename "$0") [OPTIONS] [VERSION]
Upgrade ArgoCD to a new version. Requires an existing ArgoCD installation.
Examples:
$(basename "$0") # queries the current argo version and tries to update to the immediate newest version
$(basename "$0") v4.3.0 # incrementally update to target version
Options:
-h, --help Show this help message
--dry-run Show what would be done without making changes
-v Verbose output (info level)
-vv More verbose output (info + verbose level)
-vvv Debug output (all log levels)
EOF
}
DRY_RUN=false
while [[ $# -gt 0 ]]; do
case "$1" in
-h|--help)
usage
exit 0
;;
--dry-run)
DRY_RUN=true
shift
;;
-v|-vv|-vvv)
case "$1" in
-v) VERBOSE=1 ;;
-vv) VERBOSE=2 ;;
-vvv) VERBOSE=3 ;;
esac
shift
;;
-*)
echo "Error: Unknown option: $1" >&2
usage >&2
exit 1
;;
*)
TARGET_VERSION="$1"
shift
;;
esac
done
log_debug "Script started with target version: ${TARGET_VERSION:-auto}"
check_kubectl
log_info "Checking current kubectl context"
CURRENT_CONTEXT=$(kubectl config current-context 2>/dev/null)
log_verbose "Current context: $CURRENT_CONTEXT"
log_info "Checking for ArgoCD installation"
if ! kubectl get ns argocd &>/dev/null; then
log_error "ArgoCD namespace not found. This script only upgrades existing installations."
exit 1
fi
log_verbose "ArgoCD namespace found"
log_info "Checking current ArgoCD version"
CURRENT_VERSION=$(kubectl get deployment argocd-server -n argocd -o jsonpath='{.spec.template.spec.containers[0].image}' 2>/dev/null)
if [[ -n "$CURRENT_VERSION" ]]; then
CURRENT_VERSION=$(echo "$CURRENT_VERSION" | sed 's/.*argocd:v\?//' | tr -d ' \n')
if [[ -n "$CURRENT_VERSION" ]]; then
CURRENT_VERSION="${CURRENT_VERSION#v}"
log_verbose "Current ArgoCD version: $CURRENT_VERSION"
else
log_error "Could not extract ArgoCD version from image: $CURRENT_VERSION"
exit 1
fi
fi
if [[ -z "$TARGET_VERSION" ]]; then
log_info "No target version specified, querying for latest version"
log_verbose "Fetching latest release from GitHub"
LATEST_VERSION=$(curl -s https://api.github.com/repos/argoproj/argo-cd/releases/latest | grep -oP '"tag_name":\s*"\K[^"]+' | sed 's/^v//')
if [[ -n "$LATEST_VERSION" ]]; then
log_verbose "Latest version available: $LATEST_VERSION"
TARGET_VERSION="$LATEST_VERSION"
else
echo "Error: Could not fetch latest version" >&2
exit 1
fi
fi
log_info "Target version: $TARGET_VERSION"
log_debug "Determining update path from $CURRENT_VERSION to $TARGET_VERSION"
log_info "Applying ArgoCD manifests"
log_verbose "Downloading manifest from https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml"
curl -sLO "https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml"
log_debug "Applying manifest with kubectl"
if [[ "$DRY_RUN" == true ]]; then
log_verbose "Dry-run mode: would apply manifest"
kubectl apply -n argocd -f install.yaml --dry-run=client
else
kubectl apply -n argocd -f install.yaml
fi
log_verbose "Cleaning up downloaded manifest"
rm -f install.yaml
log_info "Update to ArgoCD $TARGET_VERSION initiated"

58
tofu/adguard/.terraform.lock.hcl generated
View file

@ -2,37 +2,35 @@
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.opentofu.org/gmichels/adguard" { provider "registry.opentofu.org/gmichels/adguard" {
version = "1.6.2" version = "1.7.0"
constraints = "1.6.2" constraints = "1.7.0"
hashes = [ hashes = [
"h1:4rfmv0e8MoRPw+CTZBxTlPZbOSvPnIIt8kwVIIRIqbc=", "h1:1vvJ6KcLUR8U2BHNtj7tMsgEsGXzTKMIFsHfcZYEVyc=",
"h1:FUOYxkRfDHxiAlTKpvfZpNpRdCkq7Gs9JcZjLWo+guM=", "h1:5BDrsrU/Sdain/+KkhbNzxVL81rh69wG4iKOIBf9qys=",
"h1:FewdC+pt/Z8XC1M5M49D74MYnMzVjwVoAcnonmbxhwA=", "h1:70gWtux/jVZQgsDjr8+j0aRHKkGZqRWCmzoX9ddC7f4=",
"h1:RAXQ/T7oF42hDSuXH7hH85uj8QmHRS+ArP5pO4ILslc=", "h1:Qdqipgukxph9vqXiEKVzFSgXfEmGiGw1JrrQvwJOtco=",
"h1:a5SEI5KSX0cENGjd+IrxMj4l0Cr5GWvTP8Ng3cJaLTg=", "h1:QveIrziFNxu+Go7pl7qjH5tqPOb8pgzfTdunVgsJ3vg=",
"h1:gNdYW6qM5jJTA2M9BHzVtuCTSmY2Fi/r08A/duZR8Yg=", "h1:UrJdOlCLAWC7/I2Co02RtOKT3tSGb8TwOgJ7s0sOtCo=",
"h1:gnBusJUhlOSxn2JG5V0N3aHWAcTtMLcSjRSMKm8+6S4=", "h1:W6nZfQzWb3Ds1JRytBqzsZoNBa6x4OOe9J87f1nyCRA=",
"h1:hwB3SSfBITtOIggACNkdTnA8hG2AzYaFgG3WJny3290=", "h1:c3RK8fSEr2yfPySC0WemOC/CR3608Ra4vFwGhvdrswg=",
"h1:iGjswHan6q6vYBTxR+WFBCUwCN7jmg7mAvFnv4P3/m8=", "h1:jizPinVWDQUN6rKwiBgRm7PcgUJe4AWlCWghgH0v7xI=",
"h1:mBxI5srrplxBHZLuXfEVZzwph3mCl9SQv0e9nR2GhQ4=", "h1:lb9gv3IiUZDA4P/kpuvOqZmidWMIbpG+sUecM1QclNo=",
"h1:o3CYF1B/kMBktAn1cWJuqW84VqZkM5K3A1BPw6v5fnA=", "h1:sRIMccvZq71/CxTknprnRozCChEZSq4Nmt+M+DOjTq8=",
"h1:sX4l50R6dzuHdQJFBfGDY6lZc4bCGKjxkKRtoKmx/1g=", "h1:uOdtIfvNVEHheucpt51bSCYtX2W1LKELlOkBTbjBm6o=",
"h1:shVeqrDxxOvnsD//ryu7IoxwPsGb+6FeLmum3szd/mU=", "h1:woGvhSgZDFj5+yH5uHonXSIn6AaeZekb3t9oXMZB/DQ=",
"h1:wY3pI9C3lEZ9nZRIqky5cqfwLm+u7Wi/9HBVCo4o9/M=", "zh:0b83aa1ade1a6f7c9b1af0488dad43bf00e733d1517463d4bee51c17612546da",
"zh:0337224a2b6418ba38cedf7f2cef9b154f51db4791b03d6b5745cb26f60614d2", "zh:15d784c16545efaf6c368b642995bb0d0ef61b6961e67b072430d445ef6c02fc",
"zh:09addda402962c46cd236ae1703ba9632f377897e8d321678cf0e4428a5071f7", "zh:1c4da4d20c98795fee1ac0cd9ffd880a68f06992d6fe849342c4b19f79c8aff9",
"zh:1f7b511933d6ca8fbdcd5bb50bba910e88b73fee57ae2922e01f18470350929e", "zh:41afcdcc5236fa40a0b7ec614cb830ef03d45f8f1b8988d24d80ec999ef34b9b",
"zh:2bd2a45c4cddd19b2a55d6d658184df25f002e0b7a929da48b5086922ae846d6", "zh:4c8e832a5a842420b5163eb5eb2bd7d460ece524efc618bdba64e4f4a2d403b5",
"zh:30ed44fd468132273029302fc16de4e76a1f10b816862e2e5dfca545e5b67f70", "zh:58e19d2f9e4bd9f2a13b631c3213157ea80ef3aa7b3b8edcd8fb341f9c06c5e5",
"zh:3f73e37f6410509f7811db77b53f6e332c24344ad800a1d56bcf6af2a706d998", "zh:7380ca4d053255f787ded10c26b19ebd23d3563ddbb36d0be66bb2cef293d27d",
"zh:5215dbeb6edbe0e7fae238580bb649745824d3744cc0d3b407244383ddeefd96", "zh:7b21589bb31084bb68b2deb96bd4130b8b13c1c71614704d13d4cbdfc583f3c7",
"zh:543a6b4d814607884791306ae661a1d3475af90785712fb6c94e2b616f75afba", "zh:82aee49172286676cdccbc97b809b84acf3edeb164ae77cafa837118ee3769a6",
"zh:8402d7a2d501ff0c9fe2216bf80f6bc133f0277cc3f184d3d37f4628b778f18b", "zh:95431a266520cce112474616c27c80f0017625ef7d80aaf69118360222d7974b",
"zh:894ac1fce4fd92c66684d64d41356d5d02ebcf3a68e4ae1150314732f9ac384f", "zh:a6dc4b60beafc471d049b856df4bf793838b1e8b2079efe4a12ebf6fbd482098",
"zh:ad547c8c8413de6886cf563129b117a0aab79b9841e7486e58a639c74eeacc12", "zh:d9c5c35be3ae54a52fb444b61e442445e74df6a4ab5bc4884b0f5d55eacc4ced",
"zh:b9d69a6f99256cbd741ddc881f8665eec6e51ee1a4b99918ae8e9bdcf73cf31d", "zh:f6bd2db5d9a178c9b5b020e505affc245a0ceaa8e662f37ad9743d65e1153322",
"zh:d254d2dae145dbe5435be32b821198d9d5dca81fb67e06499eb8a8bd78a34ba5",
"zh:df327c22ba4437fa5e879ae70ce8330363a4e6f320711e7bd2ac249db3a3a551",
"zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
] ]
} }

8
tofu/adguard/main.tf
View file

@ -9,7 +9,7 @@ terraform {
required_providers { required_providers {
adguard = { adguard = {
source = "gmichels/adguard" source = "gmichels/adguard"
version = "1.6.2" version = "1.7.0"
} }
} }
} }
@ -85,8 +85,12 @@ resource "adguard_rewrite" "master2" {
answer = "192.168.1.32" answer = "192.168.1.32"
} }
resource "adguard_rewrite" "k3m3" { resource "adguard_rewrite" "k3m3" {
domain = "k3m3.fuku" domain = "k3m3.fuku"
answer = "192.168.1.43" answer = "192.168.1.43"
} }
resource "adguard_rewrite" "pulse" {
answer = "pulse.fukurokuju.dev"
domain = "192.168.1.12"
}

58
tofu/authentik/.terraform.lock.hcl generated
View file

@ -2,36 +2,34 @@
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.opentofu.org/goauthentik/authentik" { provider "registry.opentofu.org/goauthentik/authentik" {
version = "2025.6.0" version = "2026.2.0"
constraints = "2025.6.0" constraints = "2026.2.0"
hashes = [ hashes = [
"h1:+u1o/H+WAIO5nP+RlQE3ay/+dHCykVoHBq6crfTl4pM=", "h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=",
"h1:10kMBf77ecT3Xpw+7SG8Arnx0yv+By9o0o0CfGGONn0=", "h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=",
"h1:3oSIhXwf9EMZZH0TPvD5T2kY6yYfEPROyfQWPNA00xw=", "h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=",
"h1:FElCnBGnJQ6QZDzetJHlv6epvfmUcj/hDmNSVhnU3pE=", "h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=",
"h1:K1/iRTwYc9JQbzvnhZ9jB9IFcDPk2rk6PSOZ+Y5aIOQ=", "h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=",
"h1:eQ6jCmR3rssG5gaKNsc37MXydWNHymVRqpYmrntn2t8=", "h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=",
"h1:gQyxqd10hfhryLD7QIA03ACS7PQppph62qBXGmZSe+E=", "h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=",
"h1:gSI5UtIVuBepC1lgci7lv/l4PjiOaRySx3aRYMg6+84=", "h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=",
"h1:hvkwiVQRya1zE4aXKG29GlwHTNABw/j/ebJIR6EAI24=", "h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=",
"h1:i/aQKCN/ypAdHr4IcKlEhjC1hp19zh5nlVwOxEfYZvg=", "h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=",
"h1:jGcZg4z76eUtuZLu8Qd9Ti7/TKg9YuTbTSAaT0nCW5M=", "h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=",
"h1:uwV8O+jKz1zuosrGh1Lht063OS1heW5Fq1zWTOtr5Yw=", "h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=",
"h1:zMv5nyNyA+NgQplmrYhpeqOkoAGzzTJP4/W1oJzZtFM=", "h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=",
"h1:ziINchbQjLKlYXh/0T922Y876F3wgZrvDQmIcaIezTs=", "zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0",
"zh:091960d2aed06773aa81858ae20c7ffc9943111b3c61ee2341263c3872dd7b89", "zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01",
"zh:122fac709223acf460912d71877db6ac638f501bac30b3f5516c283a4605d034", "zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2",
"zh:1d3cddb5e6336c70f701533c83c64c38a9b964e94987ad803b96961bd23a685e", "zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61",
"zh:3059dd2b2ccdc3287f5fe074d2e41c2960ceb27684d24bc2dd997ab479c796d1", "zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad",
"zh:37ac615f9fa2a26babbc4d6bc4a5c0c0dee8b40f6ce0f01f1d1b689f5175d62c", "zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5",
"zh:419c35484d5f4f0ae2d6fa2f99bb5618257cdf3f906fd9877cb4998164e89498", "zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9",
"zh:5108859f0def7e936e4db8dcb112a2c6c99929c6802663c06ed28793a53b3d45", "zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8",
"zh:536be1858e2a6bab6a9258c6f2c13e5fc0e5522ffccf2e21857dddde300519c0", "zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de",
"zh:706947e25935250c1dad74c935c6b100d8b253dc93c5ceedf374031230fdd222", "zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5",
"zh:801ab4c79ad7a416d64d1665b155d4943fe2311e2e989edb1c41d1e9d102e061", "zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a",
"zh:88fc9c431e133b47e23c45aa716b9ba1b5e8e509bd220632408c21a400872d8f", "zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331",
"zh:8996b3b78459f46cb426469aab147b5ce76f99672fa8170023346db3fde3dcb5", "zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3",
"zh:aaf20636d4d3f166a89f7f05731a89ff85ea8367580f51ceb398d8849e532e52",
"zh:c1d176e6a0383ae9e76f410b072c950d4f5bca341a42c7147662be5c25bb34ac",
] ]
} }

126
tofu/authentik/main.tf
View file

@ -8,7 +8,7 @@ terraform {
required_providers { required_providers {
authentik = { authentik = {
source = "goauthentik/authentik" source = "goauthentik/authentik"
version = "2025.6.0" version = "2026.2.0"
} }
} }
} }
@ -22,6 +22,11 @@ resource "authentik_group" "ci" {
users = [data.authentik_user.catalin.id] users = [data.authentik_user.catalin.id]
} }
resource "authentik_group" "vods" {
name = "vods"
users = [data.authentik_user.catalin.id]
}
resource "authentik_group" "admins" { resource "authentik_group" "admins" {
name = "authentik Admins" name = "authentik Admins"
is_superuser = true is_superuser = true
@ -32,13 +37,8 @@ resource "authentik_group" "arrs" {
is_superuser = false is_superuser = false
} }
resource "authentik_group" "vpn" { resource "authentik_group" "cloud" {
name = "vpn" name = "cloud"
is_superuser = false
}
resource "authentik_group" "ftp" {
name = "ftp"
is_superuser = false is_superuser = false
} }
@ -123,7 +123,7 @@ module "sonarr" {
app_slug = "sonarr" app_slug = "sonarr"
app_access_group_id = authentik_group.arrs.id app_access_group_id = authentik_group.arrs.id
app_url = "https://sonarr.fukurokuju.dev" app_url = "https://sonarr.fukurokuju.dev"
internal_host = "http://192.168.1.3:38013/" internal_host = "http://192.168.1.3:30113/"
internal_host_ssl_validation = false internal_host_ssl_validation = false
app_icon = "https://sonarr.tv/img/logo.png" app_icon = "https://sonarr.tv/img/logo.png"
} }
@ -134,7 +134,7 @@ module "radarr" {
app_slug = "radarr" app_slug = "radarr"
app_access_group_id = authentik_group.arrs.id app_access_group_id = authentik_group.arrs.id
app_url = "https://radarr.fukurokuju.dev" app_url = "https://radarr.fukurokuju.dev"
internal_host = "http://192.168.1.3:38012/" internal_host = "http://192.168.1.3:30025/"
internal_host_ssl_validation = false internal_host_ssl_validation = false
app_icon = "https://radarr.video/img/background/logo.png" app_icon = "https://radarr.video/img/background/logo.png"
} }
@ -145,7 +145,7 @@ module "lidarr" {
app_slug = "lidarr" app_slug = "lidarr"
app_access_group_id = authentik_group.arrs.id app_access_group_id = authentik_group.arrs.id
app_url = "https://lidarr.fukurokuju.dev" app_url = "https://lidarr.fukurokuju.dev"
internal_host = "http://192.168.1.3:38010/" internal_host = "http://192.168.1.3:30071/"
internal_host_ssl_validation = false internal_host_ssl_validation = false
app_icon = "https://lidarr.audio/img/background/logo.png" app_icon = "https://lidarr.audio/img/background/logo.png"
} }
@ -166,61 +166,65 @@ module "prowlarr" {
app_slug = "prowlarr" app_slug = "prowlarr"
app_access_group_id = authentik_group.admins.id app_access_group_id = authentik_group.admins.id
app_url = "https://prowlarr.fukurokuju.dev" app_url = "https://prowlarr.fukurokuju.dev"
internal_host = "http://192.168.1.3:38014" internal_host = "http://192.168.1.3:30050"
internal_host_ssl_validation = false internal_host_ssl_validation = false
} }
module "sftpgo" { module "rustical" {
source = "../modules/authentik-oidc" source = "../modules/authentik-oidc"
app_name = "SFTPGo" app_name = "rustical"
app_slug = "SFTPGo" app_slug = "rustical"
client_id = var.sftpgo_client_id app_url = "https://cal.roboces.dev"
client_secret = var.sftpgo_client_secret client_id = var.rustical_client_id
client_type = "confidential" client_secret = var.rustical_client_secret
app_access_group_id = authentik_group.ftp.id redirect_uris = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }]
redirect_uris = [ app_access_group_id = ""
{
matching_mode = "regex",
url = "https://ftp.fukurokuju.dev/.*"
}
]
extra_property_mappings = [
]
app_icon = "https://ftp.fukurokuju.dev/static/img/logo.png"
access_token_validity = "days=10"
app_url = "https://ftp.fukurokuju.dev"
app_description = "SFTPGo"
sub_mode = "user_username"
} }
module "netbird" { module "jellyfin" {
source = "../modules/authentik-ldap"
app_name = "Jellyfin"
app_slug = "jellyfin"
base_dn = "DC=ldap,DC=fukurokuju,DC=dev"
name = "jellyfin"
app_url = "https://jelly.roboces.dev"
app_icon = "https://jelly.roboces.dev/web/touchicon.f5bbb798cb2c65908633.png"
app_access_group_id = authentik_group.arrs.id
}
module "ganymede" {
source = "../modules/authentik-oidc" source = "../modules/authentik-oidc"
app_name = "netbird" app_name = "Ganymede"
app_slug = "netbird" app_slug = "ganymede"
client_id = var.netbird_client_id redirect_uris = [{ matching_mode = "strict", url = "https://vods.roboces.dev/api/v1/auth/oauth/callback" }]
client_secret = var.netbird_client_secret client_id = var.ganymede_client_id
client_type = "public" client_secret = var.ganymede_client_secret
app_access_group_id = authentik_group.vpn.id app_url = "https://vods.roboces.dev"
redirect_uris = [ app_icon = "https://vods.roboces.dev/favicon.ico"
{ app_access_group_id = authentik_group.vods.id
matching_mode = "strict", }
url = "https://vpn.fukurokuju.dev",
}, module "jellyseerr" {
{ source = "../modules/authentik-app"
matching_mode = "regex", app_name = "Solicitudes Jelly"
url = "https://vpn.fukurokuju.dev.*", app_slug = "jellyseer"
}, app_url = "https://requests.roboces.dev"
{ app_icon = "https://requests.roboces.dev/os_icon.svg"
matching_mode = "strict", app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin"
url = "http://localhost:53000" app_access_group_id = authentik_group.arrs.id
}, }
] module "cloud" {
sub_mode = "user_id" source = "../modules/authentik-oidc"
extra_property_mappings = [ app_name = "Cloud"
"goauthentik.io/providers/oauth2/scope-authentik_api" app_slug = "cloud"
] app_url = "https://cloud.roboces.dev"
app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" client_id = var.oxicloud_client_id
access_token_validity = "days=10" client_secret = var.oxicloud_client_secret
app_icon = "https://cloud.roboces.dev/themes/opencloud/assets/favicon.svg"
redirect_uris = [{
matching_mode = "strict", url = "https://cloud.roboces.dev/api/auth/oidc/callback"
}]
app_access_group_id = authentik_group.cloud.id
} }

10
tofu/authentik/sample.env
View file

@ -1,7 +1,5 @@
AUTHENTIK_URL=https://auth.fukurokuju.dev AUTHENTIK_URL=https://auth.fukurokuju.dev
AUTHENTIK_TOKEN= AUTHENTIK_TOKEN=
TF_VAR_firezone_client_id=
TF_VAR_firezone_client_secret=
TF_VAR_gitea_client_id= TF_VAR_gitea_client_id=
TF_VAR_gitea_client_secret= TF_VAR_gitea_client_secret=
TF_VAR_miniflux_client_id= TF_VAR_miniflux_client_id=
@ -10,5 +8,9 @@ TF_VAR_portainer_client_id=
TF_VAR_portainer_client_secret= TF_VAR_portainer_client_secret=
TF_VAR_paperless_client_id= TF_VAR_paperless_client_id=
TF_VAR_paperless_client_secret= TF_VAR_paperless_client_secret=
TF_VAR_netbird_client_id= TF_VAR_rustical_client_id=
TF_VAR_netbird_client_secret= TF_VAR_rustical_client_secret=
TF_VAR_ganymede_client_id=
TF_VAR_ganymede_client_secret=
TF_VAR_oxicloud_client_id=aef61f77326b813cf8d8ba71d1ac994b5642685ca37e4710ab0079e91d87702d55fd9775d473b05aff45603bf08e78dba26850af3a815f3c3ac171d163368aa0
TF_VAR_oxicloud_client_secret=a4038df17c9fd06f86372aeaaae8f3fd1374d8978983af7b398d948ef15d1efe522a1faa2fc7652bc410c516d96cd2e4211dad4e05ba6297bdd8d9090460d5fc

28
tofu/authentik/vars.tf
View file

@ -39,22 +39,34 @@ variable "paperless_client_secret" {
type = string type = string
} }
variable "netbird_client_id" {
description = "Netbird client ID" variable "rustical_client_id" {
description = "Rustical client ID"
type = string type = string
} }
variable "netbird_client_secret" { variable "rustical_client_secret" {
description = "Netbird client secret" description = "Tandoor client secret"
type = string type = string
} }
variable "sftpgo_client_id" {
description = "SFTPGo client ID" variable "ganymede_client_id" {
description = "Ganymede client ID"
type = string type = string
} }
variable "sftpgo_client_secret" { variable "ganymede_client_secret" {
description = "SFTPGo client secret" description = "Ganymede client secret"
type = string
}
variable "oxicloud_client_id" {
description = "Oxicloud client ID"
type = string
}
variable "oxicloud_client_secret" {
description = "Oxicloud client secret"
type = string type = string
} }

26
tofu/modules/authentik-app/main.tf Normal file
View file

@ -0,0 +1,26 @@
terraform {
required_version = ">= 1.6"
required_providers {
authentik = {
source = "goauthentik/authentik"
version = "2026.2.0"
}
}
}
resource "authentik_application" "app" {
name = var.app_name
slug = var.app_slug
open_in_new_tab = var.open_in_new_tab
meta_icon = var.app_icon
meta_description = var.app_description
meta_publisher = var.app_publisher
meta_launch_url = var.app_url
}
resource "authentik_policy_binding" "app_access" {
target = authentik_application.app.uuid
group = var.app_access_group_id
order = 0
count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
}

62
tofu/modules/authentik-app/vars.tf Normal file
View file

@ -0,0 +1,62 @@
variable "app_name" {
description = "App name"
type = string
}
variable "app_slug" {
description = "App slug, a human-readable URL identifier, e.g.: Google -> google"
type = string
}
variable "client_type" {
type = string
default = "confidential"
validation {
condition = contains(["confidential", "public"], var.client_type)
error_message = "client_type must be 'confidential' or 'public'"
}
}
variable "app_access_group_id" {
description = "ID of a group which will have access to the app"
type = string
}
variable "sub_mode" {
type = string
default = "user_username"
validation {
condition = contains(["user_id", "user_username", "hashed_user_id"], var.sub_mode)
error_message = "sub_mode must be 'user_id', 'user_username' or 'hashed_user_id'"
}
}
variable "open_in_new_tab" {
type = bool
description = "Open apps in a new tab"
default = true
}
variable "app_icon" {
type = string
default = ""
}
variable "app_description" {
type = string
default = ""
}
variable "app_publisher" {
type = string
default = ""
}
variable "app_url" {
type = string
default = ""
}

35
tofu/modules/authentik-ldap/.terraform.lock.hcl generated Normal file
View file

@ -0,0 +1,35 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/goauthentik/authentik" {
version = "2026.2.0"
constraints = "2026.2.0"
hashes = [
"h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=",
"h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=",
"h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=",
"h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=",
"h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=",
"h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=",
"h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=",
"h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=",
"h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=",
"h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=",
"h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=",
"h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=",
"h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=",
"zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0",
"zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01",
"zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2",
"zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61",
"zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad",
"zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5",
"zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9",
"zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8",
"zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de",
"zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5",
"zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a",
"zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331",
"zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3",
]
}

45
tofu/modules/authentik-ldap/main.tf Normal file
View file

@ -0,0 +1,45 @@
terraform {
required_version = ">= 1.6"
required_providers {
authentik = {
source = "goauthentik/authentik"
version = "2026.2.0"
}
}
}
data "authentik_flow" "default-authentication-flow" {
slug = "default-authentication-flow"
}
data "authentik_flow" "default-invalidation-flow" {
slug = "default-invalidation-flow"
}
resource "authentik_provider_ldap" "provider_ldap" {
base_dn = var.base_dn
bind_flow = data.authentik_flow.default-authentication-flow.id
name = var.name
unbind_flow = data.authentik_flow.default-invalidation-flow.id
}
resource "authentik_application" "app" {
name = var.app_name
slug = var.app_slug
protocol_provider = authentik_provider_ldap.provider_ldap.id
open_in_new_tab = var.open_in_new_tab
meta_icon = var.app_icon
meta_description = var.app_description
meta_publisher = var.app_publisher
meta_launch_url = var.app_url
}
resource "authentik_policy_binding" "app_access" {
target = authentik_application.app.uuid
group = var.app_access_group_id
order = 0
count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
}

52
tofu/modules/authentik-ldap/vars.tf Normal file
View file

@ -0,0 +1,52 @@
variable "app_name" {
description = "App name"
type = string
}
variable "app_slug" {
description = "App slug, a human-readable URL identifier, e.g.: Google -> google"
type = string
}
variable "app_access_group_id" {
description = "ID of a group which will have access to the app"
type = string
}
variable "open_in_new_tab" {
type = bool
description = "Open apps in a new tab"
default = true
}
variable "app_icon" {
type = string
default = ""
}
variable "app_description" {
type = string
default = ""
}
variable "app_publisher" {
type = string
default = ""
}
variable "app_url" {
type = string
default = ""
}
variable "base_dn" {
type = string
description = "Base DN"
}
variable "name" {
type = string
description = "Name"
}

2
tofu/modules/authentik-oidc/main.tf
View file

@ -3,7 +3,7 @@ terraform {
required_providers { required_providers {
authentik = { authentik = {
source = "goauthentik/authentik" source = "goauthentik/authentik"
version = "2025.6.0" version = "2026.2.0"
} }
} }
} }

2
tofu/modules/authentik-proxy/main.tf
View file

@ -3,7 +3,7 @@ terraform {
required_providers { required_providers {
authentik = { authentik = {
source = "goauthentik/authentik" source = "goauthentik/authentik"
version = "2025.6.0" version = "2026.2.0"
} }
} }
} }