feat: remove argo workflows

k8s/argo-apps/argo-workflows.yaml

@@ -1,49 +0,0 @@
----
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: argo-workflows
-  namespace: argocd
-spec:
-  destination:
-    name: ''
-    namespace: argo-workflows
-    server: https://kubernetes.default.svc
-  project: management
-  syncPolicy:
-    automated: {}
-  sources:
-    - chart: argo-workflows
-      repoURL: https://argoproj.github.io/argo-helm
-      targetRevision: 0.40.*
-      helm:
-        valuesObject:
-          controller:
-            singleNamespace: true
-            workflowNamespaces:
-              - argo-workflows
-          server:
-            authMode: sso
-            sso:
-              enabled: true
-              issuer: https://auth.fukurokuju.dev/application/o/argo-workflows/
-              clientId:
-                name: secrets-argo-server-sso
-                key: client-id
-              clientSecret:
-                name: secrets-argo-server-sso
-                key: client-secret
-              redirectUrl: https://ci.fuku/oauth2/callback
-              scopes:
-                - openid
-                - profile
-                - email
-                - offline_access
-              rbac:
-                enabled: true
-            ingress:
-              enabled: true
-              ingressClassName: traefik
-              hosts:
-                - ci.fuku
-              tls: []

k8s/services/argo-workflows/admin-service-account.yaml

@@ -1,31 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-    name: admin-user
-    namespace: argo-workflows
-    annotations:
-        workflows.argoproj.io/rbac-rule: 'true'
-        workflows.argoproj.io/rbac-rule-precedence: '1'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-    name: admin-user
-subjects:
-    - kind: ServiceAccount
-      name: admin-user
-      namespace: argo-workflows
-roleRef:
-    name: argo-workflows-admin
-    kind: ClusterRole
-    apiGroup: rbac.authorization.k8s.io
----
-apiVersion: v1
-kind: Secret
-metadata:
-    name: admin-user.service-account-token
-    namespace: argo-workflows
-    annotations:
-        kubernetes.io/service-account.name: admin-user
-type: kubernetes.io/service-account-token

k8s/services/argo-workflows/sealedsecrets.yaml

@@ -1,16 +0,0 @@
----
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-    creationTimestamp:
-    name: secrets-argo-server-sso
-    namespace: argo-workflows
-spec:
-    encryptedData:
-        client-id: AgBLae+Tym75VhhsY4IK4VXlFKaP9ono6wF71N70X6krXVkURqBg3ncm9HvV6iO8ouPB3LWTRmQsNf0W2MbFD+wMPKGQcuUg3gSFOheDXF5rlUn5VuChDgBcbzemBHArlddVOsTFmuqUixhcMKbXenUHjNqW88N8j0GCxajnTpyPsW4nRHdBLzhqmliJWJCAbhtzGXV+0DM3UbW329ktYoDVFMMwM2RMZS39Uk65zoOqLsWR1eU9vI7PNrQpbcK1GJ3ZyqWfwcD5g6Az+/TiOx2PVkUtfeCqry1KNHCzANytpApcOTYUngg0XBW4vi/Gu84aNpAPXP3SBWOSah+4REgOBl/DlojUTIMIz/UJCvZViWbK6szg9+/RJtW2WKZQ2Pob3rfAtuZ0JKOrjG9koklthLWzjthzZVXk7JBy79GU84Gj7cQv52WwHbMPvIaPrzl5wJlMUZLnCQ8jSNvXpAmQdBf4wres6KMUlPGPw1aF75LNvlrju66dv1f7lRC6Uao7L39jvCXx95dznI2fcybZyE/W+aVznnpUNk/dfHKc4IB12g5DCtq8AfiTlZD72Fq+eMOn3xSlJ+pB6FQXRFLrdnc8f25pw7pqbf3zi/p+ylVdpMiLLTaL0M06RJbTVk5BT28HjGVMslBaR+4pJKLFNL2XwRW1VHteAhPtrvfe/zw5/pXSmK78pZ4UqsW9bb7+dUlQ/OSASwe3xZrs0ogB7yidvUjtQlpS/Ocumcq1mm5X/gRvShz1yqcvaDZ01/sR8ZXQtOAAJEvMLLDS2rugzYFp  # yamllint disable rule:line-length
-        client-secret: AgA8/QhgkPt3QRwa5zDQhlyhnYJurwGd/Uigo5WNIyUAh1vqqfmGlRAyJ9YQRJKPaJmTTU1nsaulOtS8Lafe4pAhXTsGaGsP7r+pntRii1KV79avl6e94zrH8LdhkrWxzaKLh6sW7Lj+Q3Cxj/Anh5jRSyIKGB0lpbR2RDE9XuBGx6r+jKS+8WXCn3Bxh2/ZEOBttAIWT59KxdwhZLeh/N5P809V1h8O7pxBdvvuyvK/nkBxJPWzO85zZnAiszLwraoOoiMZbfo4Z+Uzxf1dlGUxj2ZEoq3gWN9cuWRNoLxMJ1sq26zez99fyPbDD19+y0k6o+dNSQRLfFkhbgLgqCDUvWs3QzoV52oBe3zJ/of37hD03bLl1CUuJQcO8a8hoOsBqe7as+tmJTefKx67jjoUbtGPwoNYwakU2gH74rAlQE7NN/d1LuzjZSnivv27X2pTD169Ts4q/CjBUVVbSrLn/o5icEXu+d1SSFNhiFXI7/lcM/vi7CBVKuxmIsiJ0ka+mpnF6FTgsbcRvNKkFz0qZPGpx0Q7eg7tvvW7wh8aBk8k3Rh+Xp9ZXKGwRUlpBfDCVf2LB0tN5N2ieHgcy41Hxy+v7Ce5+qjTel/NkA2y67M7B5X/ji6+N+1a9wwKwTdQOze60Q/EfK8MPF8X3lpfarGhieWbGQAnHmQW0tVWBIjAnOSYbgrfoeyg2XPYg1vW7YetTfPGdF7QDhmnAEmPeBYbubMDwmXpofrpM1vz87degAL9L6kqyWF+XQph/pVAU5c1cHD30t383j0HTK5uG/dwHbWzt9k9hyz94Un0mXRohz/zAT2NIv1dwM9yv9VC3v89mkcapjlUlxBApPYcow6WWOvvcadyTrEXlVjskQ==  # yamllint disable rule:line-length
-    template:
-        metadata:
-            creationTimestamp:
-            name: secrets-argo-server-sso
-            namespace: argo-workflows

tofu/authentik/main.tf

@@ -27,19 +27,6 @@ resource "authentik_group" "admins" {
   is_superuser = true
 }
 
-module "argo-workflows" {
-  source              = "../modules/authentik-oidc"
-  app_name            = "Argo Workflows"
-  app_slug            = "argo-workflows"
-  client_id           = var.argo_workflows_client_id
-  client_secret       = var.argo_workflows_client_secret
-  app_access_group_id = authentik_group.ci.id
-  redirect_uris       = ["https://ci.fuku/oauth2/callback"]
-  app_icon            = "https://argoproj.github.io/icons/icon-512x512.png"
-  app_description     = "Kubernetes-native workflow engine supporting DAG and step-based workflows"
-  app_publisher       = "Argo Project"
-  app_url             = "https://ci.fuku"
-}
 
 module "firezone" {
   source              = "../modules/authentik-oidc"

tofu/authentik/sample.env

@@ -1,7 +1,5 @@
 AUTHENTIK_URL=https://auth.fukurokuju.dev
 AUTHENTIK_TOKEN=
-TF_VAR_argo_workflows_client_id=
-TF_VAR_argo_workflows_client_secret=
 TF_VAR_firezone_client_id=
 TF_VAR_firezone_client_secret=
 TF_VAR_gitea_client_id=
@@ -10,3 +8,5 @@ TF_VAR_miniflux_client_id=
 TF_VAR_miniflux_client_secret=
 TF_VAR_portainer_client_id=
 TF_VAR_portainer_client_secret=
+TF_VAR_paperless_client_id=
+TF_VAR_paperless_client_secret=