16 changed files with 27 additions and 48 deletions
--- a/.forgejo/workflows/deploy-kaniko.yaml
+++ b/.forgejo/workflows/deploy-kaniko.yaml
@ -1,24 +0,0 @@
---
-name: Kaniko deployments
-
-on:  # yamllint disable-line rule:truthy
-  push:
-    branches:
-      - 'main'
-      - 'ci/debug'
-
-jobs:
-  nextcloud:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - name: Kaniko build
-        uses: aevea/action-kaniko@v0.13.0
-        with:
-          image: catalin/fukuops
-          username: kaniko
-          password: ${{ secrets.REGISTRY_PASSWORD }}
-          cache: true
-          registry: git.roboces.dev
-          tag: nextcloud-30.0.1
-          path: docker/nextcloud
--- a/.forgejo/workflows/deploy-tofu.yaml
+++ b/.forgejo/workflows/deploy-tofu.yaml
@ -5,6 +5,7 @@ on:  # yamllint disable-line rule:truthy
  push:
    branches:
      - 'main'
+      - 'ci/debug'

 jobs:
  authentik:
@ -27,9 +28,7 @@ jobs:
          TF_VAR_portainer_client_id: ${{ secrets.TF_VAR_portainer_client_id }}
          TF_VAR_portainer_client_secret: ${{ secrets.TF_VAR_portainer_client_secret }}
          TF_VAR_paperless_client_id: ${{ secrets.TF_VAR_paperless_client_id }}
-          TF_VAR_paperless_client_secret: ${{ secrets.TF_VAR_paperless_secret }}
-          TF_VAR_netbird_client_id: ${{ secrets.TF_VAR_netbird_client_id }}
-          TF_VAR_netbird_client_secret: ${{ secrets.TF_VAR_netbird_client_secret }}
+          TF_VAR_paperless_client_secret: ${{ secrets.TF_VAR_paperless_client_secret }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        run: |
--- a/6
+++ b/6
@ -4,10 +4,16 @@ lint--pre-commit:
 lint--kubeconform:
 	kubeconform -strict -ignore-missing-schemas k8s/

+SHELl=/bin/bash
+lint--kubescore:
+	kube-score score $$(find k8s -type f -print -name "*.yaml")
+
 lint--tflint:
 	tflint --recursive

+
 lint:
 	make lint--pre-commit
 	make lint--kubeconform
+	make lint--kube
 	make lint--tflint
--- a/README.md
+++ b/README.md
@ -2,4 +2,3 @@

 [![Last build status](https://git.roboces.dev/catalin/fukuops/badges/workflows/ci.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions)
 [![Tofu deployments](https://git.roboces.dev/catalin/fukuops/badges/workflows/deploy-tofu.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions)
-[![Kaniko deployments](https://git.roboces.dev/catalin/fukuops/badges/workflows/deploy-kaniko.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions)
--- a/docker/forgejo-runner/docker-compose.yml
+++ b/docker/forgejo-runner/docker-compose.yml
@ -1,6 +1,6 @@
 ---
 x-runner-common: &runner-common
-  image: code.forgejo.org/forgejo/runner:4.0.0
+  image: code.forgejo.org/forgejo/runner:3.5.1
  links:
    - docker-in-docker
  depends_on:
--- a/docker/netbird/docker-compose.yml
+++ b/docker/netbird/docker-compose.yml
@ -1,7 +1,7 @@
 ---
 services:
  dashboard:
-    image: netbirdio/dashboard:v2.6.2
+    image: netbirdio/dashboard:latest
    restart: unless-stopped
    ports:
      - 8005:80
@ -23,7 +23,7 @@ services:
        max-size: "500m"
        max-file: "2"
  signal:
-    image: netbirdio/signal:0.30.3
+    image: netbirdio/signal:latest
    restart: unless-stopped
    volumes:
      - netbird-signal:/var/lib/netbird
@ -35,7 +35,7 @@ services:
        max-size: "500m"
        max-file: "2"
  relay:
-    image: netbirdio/relay:0.30.3
+    image: netbirdio/relay:latest
    restart: unless-stopped
    environment:
      NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info}
@ -50,7 +50,7 @@ services:
        max-size: "500m"
        max-file: "2"
  management:
-    image: netbirdio/management:0.30.3
+    image: netbirdio/management:latest
    restart: unless-stopped
    depends_on:
      - dashboard
@ -74,9 +74,8 @@ services:
        max-file: "2"
    environment:
      - NETBIRD_STORE_ENGINE_POSTGRES_DSN=
-
  coturn:
-    image: coturn/coturn:4.6
+    image: coturn/coturn:latest
    restart: unless-stopped
    domainname: vpn.fukurokuju.dev
    volumes:
@ -91,7 +90,7 @@ services:
        max-file: "2"

  peer-1:
-    image: netbirdio/netbird:0.30.3
+    image: netbirdio/netbird:0.29.4
    restart: unless-stopped
    volumes:
      - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird
--- a/docker/nextcloud/Dockerfile
+++ b/docker/nextcloud/Dockerfile
@ -1,4 +1,4 @@
-FROM nextcloud:30.0.1-apache
+FROM nextcloud:30.0.0-apache

 RUN set -ex; \
    \
--- a/docker/nextcloud/docker-compose.yml
+++ b/docker/nextcloud/docker-compose.yml
@ -14,7 +14,7 @@ services:
      - nextcloud

  nextcloud:
-    image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.1
+    image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.0
    volumes:
      - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data
      - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config
--- a/docker/paperless/docker-compose.yml
+++ b/docker/paperless/docker-compose.yml
@ -14,7 +14,7 @@ services:

  webserver:

-    image: ghcr.io/paperless-ngx/paperless-ngx:2.13.2
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.12.1
    restart: unless-stopped
    ports:
      - 8002:8000
--- a/docker/vaultwarden/docker-compose.yml
+++ b/docker/vaultwarden/docker-compose.yml
@ -1,7 +1,7 @@
 ---
 services:
  vaultwarden:
-    image: vaultwarden/server:1.32.3-alpine
+    image: vaultwarden/server:1.32.0-alpine
    restart: unless-stopped
    environment:
      DATABASE_URL: ${DATABASE_URL}
--- a/k8s/argo-apps/authentik.yaml
+++ b/k8s/argo-apps/authentik.yaml
@ -12,7 +12,7 @@ spec:
  sources:
    - chart: authentik
      repoURL: https://charts.goauthentik.io/
-      targetRevision: 2024.10.*
+      targetRevision: 2024.8.*
      helm:
        valuesObject:
          authentik:
--- a/k8s/argo-apps/elastic.yaml
+++ b/k8s/argo-apps/elastic.yaml
@ -12,7 +12,7 @@ spec:
  sources:
    - chart: elasticsearch
      repoURL: registry-1.docker.io/bitnamicharts
-      targetRevision: 21.3.22
+      targetRevision: 21.3.18
      helm:
        valuesObject:
          service:
--- a/k8s/argo-apps/factorio.yaml
+++ b/k8s/argo-apps/factorio.yaml
@ -12,7 +12,7 @@ spec:
    sources:
        - chart: factorio-server-charts
          repoURL: https://sqljames.github.io/factorio-server-charts/
-          targetRevision: 2.0.*
+          targetRevision: 1.2.*
          helm:
              valuesObject:
                  rcon:
@ -20,9 +20,9 @@ spec:
                  nodeSelector:
                      kubernetes.io/hostname: agent1
                  image:
-                      tag: latest
+                      tag: 1.1.101
                  factorioServer:
-                      save_name: fukurokuju-space
+                      save_name: fukurokuju
                  admin_list:
                      - Phireh
                  account:
--- a/k8s/argo-apps/forgejo.yaml
+++ b/k8s/argo-apps/forgejo.yaml
@ -12,7 +12,7 @@ spec:
  sources:
    - chart: forgejo
      repoURL: code.forgejo.org/forgejo-helm
-      targetRevision: 10.0.1
+      targetRevision: 8.2.3
      helm:
        valuesObject:
          replicaCount: 2
--- a/k8s/argo-apps/renovate.yaml
+++ b/k8s/argo-apps/renovate.yaml
@ -13,7 +13,7 @@ spec:
  sources:
    - chart: renovate
      repoURL: https://docs.renovatebot.com/helm-charts
-      targetRevision: 38.132.*
+      targetRevision: 38.95.*
      helm:
        valuesObject:
          renovate:
--- a/k8s/services/miniflux/deployment.yaml
+++ b/k8s/services/miniflux/deployment.yaml
@ -28,7 +28,7 @@ spec:
    spec:
      containers:
        - name: miniflux
-          image: miniflux/miniflux:2.2.1
+          image: miniflux/miniflux:2.2.0
          imagePullPolicy: Always
          securityContext:
            allowPrivilegeEscalation: false