From 36136746cb3e463a47878807c0354996d10224b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?c=C4=83t=C4=83lin?= <catalin@roboces.dev>
Date: Thu, 2 Apr 2026 00:51:42 +0200
Subject: [PATCH] feat: add oxicloud charts and argo app

---
 k8s/argo-apps/oxicloud.yaml |  8 +++-----
 tofu/authentik/main.tf      | 30 ++++++------------------------
 tofu/authentik/sample.env   |  6 ------
 tofu/authentik/vars.tf      | 28 ----------------------------
 4 files changed, 9 insertions(+), 63 deletions(-)

diff --git a/k8s/argo-apps/oxicloud.yaml b/k8s/argo-apps/oxicloud.yaml
index 54553c5..7f44ff5 100644
--- a/k8s/argo-apps/oxicloud.yaml
+++ b/k8s/argo-apps/oxicloud.yaml
@@ -10,17 +10,15 @@ spec:
     namespace: apps-roboces
     server: https://kubernetes.default.svc
   sources:
-    - path: charts/oxicloud
-      repoURL: https://git.roboces.dev/DioCrafts/OxiCloud.git
-      targetRevision: v0.5.3
+    - path: k8s/charts/oxicloud
+      repoURL: https://git.roboces.dev/catalin/fukuops.git
+      targetRevision: main
       helm:
         valuesObject:
           image:
             repository: git.roboces.dev/catalin/fukuops
             pullPolicy: Always
             tag: "oxicloud-0.5.3"
-          postgresql:
-            enabled: false
           persistence:
             enabled: true
             storageClass: "truenas-nfs-csi"
diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf
index a941542..2219ff9 100644
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@@ -37,6 +37,11 @@ resource "authentik_group" "arrs" {
   is_superuser = false
 }
 
+resource "authentik_group" "cloud" {
+  name         = "cloud"
+  is_superuser = false
+}
+
 module "gitea" {
   source              = "../modules/authentik-oidc"
   app_name            = "Gitea"
@@ -187,17 +192,6 @@ module "jellyfin" {
   app_access_group_id = authentik_group.arrs.id
 }
 
-module "tandoor" {
-  source              = "../modules/authentik-oidc"
-  app_name            = "Tandoor"
-  app_slug            = "tandoor"
-  app_access_group_id = ""
-  app_url             = "https://recipes.roboces.dev"
-  redirect_uris       = [{ matching_mode = "strict", url = "https://recipes.roboces.dev/accounts/oidc/authentik/login/callback/" }]
-  app_icon            = "https://recipes.roboces.dev/static/assets/logo_color_192.c9b9177ff941.png"
-  client_id           = var.tandoor_client_id
-  client_secret       = var.tandoor_client_secret
-}
 
 module "ganymede" {
   source              = "../modules/authentik-oidc"
@@ -221,18 +215,6 @@ module "jellyseerr" {
   app_access_group_id = authentik_group.arrs.id
 }
 
-module "pulse" {
-  source              = "../modules/authentik-oidc"
-  app_name            = "Pulse"
-  app_slug            = "pulse"
-  app_url             = "https://pulse.fukurokuju.dev"
-  client_id           = var.pulse_client_id
-  client_secret       = var.pulse_client_secret
-  app_icon            = "https://pulse.fukurokuju.dev/logo.svg"
-  redirect_uris       = [{ matching_mode = "strict", url = "https://pulse.fukurokuju.dev/api/oidc/callback" }]
-  app_access_group_id = authentik_group.admins.id
-}
-
 module "cloud" {
   source        = "../modules/authentik-oidc"
   app_name      = "Cloud"
@@ -244,5 +226,5 @@ module "cloud" {
   redirect_uris = [{
     matching_mode = "strict", url = "https://cloud.roboces.dev/api/auth/oidc/callback"
   }]
-  app_access_group_id = ""
+  app_access_group_id = authentik_group.cloud.id
 }
diff --git a/tofu/authentik/sample.env b/tofu/authentik/sample.env
index 7230d1f..224c37a 100644
--- a/tofu/authentik/sample.env
+++ b/tofu/authentik/sample.env
@@ -8,15 +8,9 @@ TF_VAR_portainer_client_id=
 TF_VAR_portainer_client_secret=
 TF_VAR_paperless_client_id=
 TF_VAR_paperless_client_secret=
-TF_VAR_sftpgo_client_id=
-TF_VAR_sftpgo_client_secret=
 TF_VAR_rustical_client_id=
 TF_VAR_rustical_client_secret=
-TF_VAR_tandoor_client_id=
-TF_VAR_tandoor_client_secret=
 TF_VAR_ganymede_client_id=
 TF_VAR_ganymede_client_secret=
-TF_VAR_pulse_client_id=
-TF_VAR_pulse_client_secret=
 TF_VAR_oxicloud_client_id=aef61f77326b813cf8d8ba71d1ac994b5642685ca37e4710ab0079e91d87702d55fd9775d473b05aff45603bf08e78dba26850af3a815f3c3ac171d163368aa0
 TF_VAR_oxicloud_client_secret=a4038df17c9fd06f86372aeaaae8f3fd1374d8978983af7b398d948ef15d1efe522a1faa2fc7652bc410c516d96cd2e4211dad4e05ba6297bdd8d9090460d5fc
diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf
index 920d995..028ae95 100644
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@@ -39,15 +39,6 @@ variable "paperless_client_secret" {
   type        = string
 }
 
-variable "sftpgo_client_id" {
-  description = "SFTPGo client ID"
-  type        = string
-}
-
-variable "sftpgo_client_secret" {
-  description = "SFTPGo client secret"
-  type        = string
-}
 
 variable "rustical_client_id" {
   description = "Rustical client ID"
@@ -59,15 +50,6 @@ variable "rustical_client_secret" {
   type        = string
 }
 
-variable "tandoor_client_id" {
-  description = "Tandoor client ID"
-  type        = string
-}
-
-variable "tandoor_client_secret" {
-  description = "Tandoor client secret"
-  type        = string
-}
 
 variable "ganymede_client_id" {
   description = "Ganymede client ID"
@@ -79,16 +61,6 @@ variable "ganymede_client_secret" {
   type        = string
 }
 
-variable "pulse_client_id" {
-  description = "Pulse client ID"
-  type        = string
-}
-
-variable "pulse_client_secret" {
-  description = "Pulse client secret"
-  type        = string
-}
-
 variable "oxicloud_client_id" {
   description = "Oxicloud client ID"
   type        = string