catalin/fukuops
1
0
Fork 1
Code Issues Pull requests 2 Releases Packages 1 Activity

Compare commits

base: catalin:183dce1326ddd83c12101aba6a370c3266c3ce77
Branches Tags
catalin:main
catalin:renovate/renovate-46.x
catalin:renovate/plutonhq-pluton-0.x
catalin:feat/pluton-fixes
catalin:feat/pluton
catalin:feat/woodpecker-ci
catalin:feat/oxicloud-chart
catalin:feat/mc
catalin:feat/miniflux-helm
catalin:feat/tailscale
catalin:feat/ganymede
catalin:feat/tandoor
catalin:feat/valheim
..
compare: catalin:a108be22c05300faa636ec1325c17c59d6aff646
Branches Tags
catalin:renovate/renovate-46.x
catalin:renovate/plutonhq-pluton-0.x
catalin:feat/pluton-fixes
catalin:main
catalin:feat/pluton
catalin:feat/woodpecker-ci
catalin:feat/oxicloud-chart
catalin:feat/mc
catalin:feat/miniflux-helm
catalin:feat/tailscale
catalin:feat/ganymede
catalin:feat/tandoor
catalin:feat/valheim

No commits in common. "183dce1326ddd83c12101aba6a370c3266c3ce77" and "a108be22c05300faa636ec1325c17c59d6aff646" have entirely different histories.
183dce1326 ... a108be22c0

16 changed files with 76 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.forgejo/workflows/deploy-kaniko.yaml
View file

@ -13,12 +13,12 @@ jobs:
steps: steps:
- uses: https://code.forgejo.org/actions/checkout@v4 - uses: https://code.forgejo.org/actions/checkout@v4
- name: Kaniko build - name: Kaniko build
uses: aevea/action-kaniko@v0.14.0 uses: aevea/action-kaniko@v0.13.0
with: with:
image: catalin/fukuops image: catalin/fukuops
username: kaniko username: kaniko
password: ${{ secrets.REGISTRY_PASSWORD }} password: ${{ secrets.REGISTRY_PASSWORD }}
cache: true cache: true
registry: git.roboces.dev registry: git.roboces.dev
tag: nextcloud-30.0.2 tag: nextcloud-30.0.1
path: docker/nextcloud path: docker/nextcloud

8
docker/netbird/docker-compose.yml
View file

@ -23,7 +23,7 @@ services:
max-size: "500m" max-size: "500m"
max-file: "2" max-file: "2"
signal: signal:
image: netbirdio/signal:0.31.1 image: netbirdio/signal:0.31.0
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- netbird-signal:/var/lib/netbird - netbird-signal:/var/lib/netbird
@ -35,7 +35,7 @@ services:
max-size: "500m" max-size: "500m"
max-file: "2" max-file: "2"
relay: relay:
image: netbirdio/relay:0.31.1 image: netbirdio/relay:0.31.0
restart: unless-stopped restart: unless-stopped
environment: environment:
NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info} NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info}
@ -50,7 +50,7 @@ services:
max-size: "500m" max-size: "500m"
max-file: "2" max-file: "2"
management: management:
image: netbirdio/management:0.31.1 image: netbirdio/management:0.31.0
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- dashboard - dashboard
@ -91,7 +91,7 @@ services:
max-file: "2" max-file: "2"
peer-1: peer-1:
image: netbirdio/netbird:0.31.1 image: netbirdio/netbird:0.30.3
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird

2
docker/nextcloud/Dockerfile
View file

@ -1,4 +1,4 @@
FROM nextcloud:30.0.2-apache FROM nextcloud:30.0.1-apache
RUN set -ex; \ RUN set -ex; \
\ \

7
docker/nextcloud/docker-compose.yml
View file

@ -14,7 +14,7 @@ services:
- nextcloud - nextcloud
nextcloud: nextcloud:
image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.2 image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.1
volumes: volumes:
- /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data
- /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config
@ -22,8 +22,6 @@ services:
- /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps - /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps
- type: tmpfs - type: tmpfs
target: /tmp:exec target: /tmp:exec
- supervisorlog:/var/log/supervisor:z
- supervisorpid:/var/run/supervisord/:z
environment: environment:
PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M} PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M}
NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1} NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1}
@ -35,6 +33,3 @@ services:
networks: networks:
nextcloud: {} nextcloud: {}
volumes:
supervisorlog: {}
supervisorpid: {}

2
docker/paperless/docker-compose.yml
View file

@ -14,7 +14,7 @@ services:
webserver: webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:2.13.5 image: ghcr.io/paperless-ngx/paperless-ngx:2.13.4
restart: unless-stopped restart: unless-stopped
ports: ports:
- 8002:8000 - 8002:8000

2
docker/vaultwarden/docker-compose.yml
View file

@ -1,7 +1,7 @@
--- ---
services: services:
vaultwarden: vaultwarden:
image: vaultwarden/server:1.32.4-alpine image: vaultwarden/server:1.32.3-alpine
restart: unless-stopped restart: unless-stopped
environment: environment:
DATABASE_URL: ${DATABASE_URL} DATABASE_URL: ${DATABASE_URL}

2
k8s/argo-apps/elastic.yaml
View file

@ -12,7 +12,7 @@ spec:
sources: sources:
- chart: elasticsearch - chart: elasticsearch
repoURL: registry-1.docker.io/bitnamicharts repoURL: registry-1.docker.io/bitnamicharts
targetRevision: 21.3.24 targetRevision: 21.3.22
helm: helm:
valuesObject: valuesObject:
service: service:

2
k8s/argo-apps/factorio.yaml
View file

@ -12,7 +12,7 @@ spec:
sources: sources:
- chart: factorio-server-charts - chart: factorio-server-charts
repoURL: https://sqljames.github.io/factorio-server-charts/ repoURL: https://sqljames.github.io/factorio-server-charts/
targetRevision: 2.5.* targetRevision: 2.2.*
helm: helm:
valuesObject: valuesObject:
rcon: rcon:

2
k8s/argo-apps/forgejo.yaml
View file

@ -12,7 +12,7 @@ spec:
sources: sources:
- chart: forgejo - chart: forgejo
repoURL: code.forgejo.org/forgejo-helm repoURL: code.forgejo.org/forgejo-helm
targetRevision: 10.1.0 targetRevision: 10.0.1
helm: helm:
valuesObject: valuesObject:
replicaCount: 2 replicaCount: 2

2
k8s/argo-apps/renovate.yaml
View file

@ -13,7 +13,7 @@ spec:
sources: sources:
- chart: renovate - chart: renovate
repoURL: https://docs.renovatebot.com/helm-charts repoURL: https://docs.renovatebot.com/helm-charts
targetRevision: 39.10.* targetRevision: 38.142.*
helm: helm:
valuesObject: valuesObject:
renovate: renovate:

2
k8s/services/miniflux/deployment.yaml
View file

@ -28,7 +28,7 @@ spec:
spec: spec:
containers: containers:
- name: miniflux - name: miniflux
image: miniflux/miniflux:2.2.3 image: miniflux/miniflux:2.2.2
imagePullPolicy: Always imagePullPolicy: Always
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false

60
tofu/authentik/.terraform.lock.hcl generated
View file

@ -2,36 +2,36 @@
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.opentofu.org/goauthentik/authentik" { provider "registry.opentofu.org/goauthentik/authentik" {
version = "2024.10.1" version = "2024.10.0"
constraints = "2024.10.1" constraints = "2024.10.0"
hashes = [ hashes = [
"h1:/Eo+yQyGAKK67bkgt1plX5X41mkRKu5br66XYnL/UyQ=", "h1:77gvw55XkrmQhkU2oTQ0ZklyYiiASRBGeHwkNZSjoKA=",
"h1:1S06FnDvjDsdOm/2J/M95FypohflaT0a9OUOwl4S87o=", "h1:7bK5erXZurSqE0kB7hdPw84neEZVaWGHe29g6UxnSog=",
"h1:7c3PvOLtsB0F4KHdGT1bTq2mzeNjx4TaNlVKRX78vAc=", "h1:AOCizcvQhcy1PnnP8epdtnB4TJWUU0qfmQV3dEaexLA=",
"h1:8NUPNLWr9/klFJckfw6HkOMqsGhTTdePUmlBRLOIJjY=", "h1:APn0CY837SrNL6lwzWPcqYZw+HezxwG4tRwbBJsubNk=",
"h1:Ariy1e/DAbcoXS9Wud/Ad3rEC1cLqQ7HdcHBzfTRiSM=", "h1:FP2tuqZULFL1AVogOOR3C4EKLWeKox4g8lBKbjkQICY=",
"h1:Bc9zVu8DyzeveEqEaCitlsvzBEY6CU/F648PEjrFYuk=", "h1:JOpx6j4oo7vt49F1tB78zYs6DVXCFCt7/PW8FEiNVN4=",
"h1:D5mConUujTcrau12WRa+Qg1lvPJLzjc76ClIYevJtVw=", "h1:MPyY7zw4obErJfdAXONRQv1UpE2Sg0VghQY6QgzYNYg=",
"h1:FFYDaQDN8nbfsjwp8kw7YO6xsFCJlhtKSXx9gdLLbok=", "h1:OTiDtXbBX/1GeLwjKtjRdYGKE/dvXPAWHJ5c83IIzus=",
"h1:Qfd127te/m5E0LAJvJ9kGWKdCXQdFXlz3ve+nV3HsWM=", "h1:RIEaU9cIFpE/ldxiDQXrKcwAcCgalV5uhn13ZW0AYOM=",
"h1:RpNxc5WPT5H3WoKP8t7yKLO7MUAuHgfjm/rifaKpYM8=", "h1:RxOL3LqYRcR5K4/fyAgYoj6cdDC0iqmYtPVc+ry6TbU=",
"h1:XifS+/OiEMhGI7MQnQtF3ACScqWB/N2Sr/bIrvSKOag=", "h1:g6K0VqPAJJLNk/poUrcMLQqRsdp9FDnYFOmeu8ES+Ko=",
"h1:YMreOu0B0U2v8azRZ/iVJPhoDedlATNHCam1iztTUks=", "h1:j4xktfH9LCWf084FHi1WLW60g4JmCPu/hnEJ5vv3bwY=",
"h1:eIMjryDbwEUWlBOFPtGWPf9NdNVWeGLeniVzafoPXZU=", "h1:oY+BEgwN4F/iWZDWUCsxSUc1C/OrgOiGxLKr+Frmzrw=",
"h1:v6XQwr4PDKtgHtdgCq03iYme4VaJAG8kSH4aKJL0OSw=", "h1:tvdejhRCu6pz8i4+r6S6UzpdJvqCRjMgC9EnAYgQknE=",
"zh:149c76107f75ea5b530409d81cd3b63abc5478831c1f794df1fc12acd5f7ac78", "zh:0963745d1add67a8d1cf39d24eb57a92c9690b3a40dfa93e8c0a867ffedb0d30",
"zh:60bf7a62ec4bb742121f708b1e964b6bc816988e14c9e831723f0788a5c22471", "zh:3cd24784cd0095bf2e3220c4a88493fcbac6da0c7ed9b38d510d6dfb46516a9e",
"zh:625f1eecf87e1d741bc99b69aa0aac3c82a4040bb9e704e2c20b09e562517c20", "zh:485ca7c00ce91f0a7bd02d0c56fa42e5f578feed4a45ba230f1f29eabdde6817",
"zh:690f247fd428dd7659aad3189a86288c784fdedbeb8cd75295aa417338d126b2", "zh:4dc7a309e3d6d200eb9d8f2779581882dc33b02d1c7cdf05fd3b788dd20f6446",
"zh:6be8c0c70b18da79b5c7cb19ca445a1607404b7e1caff9bdb8e2330c22a591c6", "zh:6518e6dfef428272326f6e384113d1a3b12fad0ed74cf2b203348f83f917d726",
"zh:77bd031a28ec92a215cc5c12381791239ad43087c37f73ab1538f909e15ceae5", "zh:6ba235ad94663718fbc556efbd70f63c62a1c33d3b9f01203105c3a6d1c9b996",
"zh:78ffd4fe7b65220db2d33430240507395a71ef8e1dd1c22d82fd547855113df5", "zh:7655ecb8793f18ac07c6de153028acc9f991cb6239e6dc72a47dd18db0b44854",
"zh:7c0414978a45481bbeb8fc1aed1806409a2499967bd30edfcf9c34d1005d0faa", "zh:86c739997af49ff1a4ec3d792af362e4ed6b28b11606117ef70b2019420e9f15",
"zh:7df2c43de2555c11b761a938e2414f25165845d932ca95d562ccabfe3a78a209", "zh:94e8582824377f704458ed38b0116055fac0a31e2b4ae961d215c3dc1ac7420c",
"zh:819baedab497151fabcc9c887bcb07382a371708e3f9632ae1a58563ba79104f", "zh:989b69d8b004ebad6004c2d4d5345f056b1b23315b6017884f5fd859645c79e1",
"zh:891208df7e634c2de7cb164d1ed88d492e7852abd32293b727b5b82f32efd7e7", "zh:d8946c1c56864b78533c4e4f88d62765ba6ce75c196812e3224a61686914be29",
"zh:b6385a881b7098f6a6260f7b298eb26ef06eeed02a90ffdff9d2d7cf72fdaa27", "zh:de9b2bf9944e743e1d56763b257abbc9450d8752d94ff5e8520a44549594e815",
"zh:ce642bbd35babd93339a80549552823ec743397e456f18dbcffdf5af3fec612e", "zh:e109fddbe90f44ccd16593246fcf2be81ae7966bdeabb39ddd52e541f762af0a",
"zh:ffd96ddda256a49097b21e6e672ef63d532a960bbc5455958102900ce79a4a10", "zh:e91aba428fc341577e7d7b2ea1bbb01706ada575a98b51e10b9765275084b702",
] ]
} }

20
tofu/authentik/main.tf
View file

@ -8,7 +8,7 @@ terraform {
required_providers { required_providers {
authentik = { authentik = {
source = "goauthentik/authentik" source = "goauthentik/authentik"
version = "2024.10.1" version = "2024.10.0"
} }
} }
} }
@ -33,6 +33,21 @@ resource "authentik_group" "vpn" {
} }
module "firezone" {
source = "../modules/authentik-oidc"
app_name = "Firezone"
app_slug = "firezone"
client_id = var.firezone_client_id
client_secret = var.firezone_client_secret
app_access_group_id = authentik_group.admins.id
redirect_uris = ["https://fz.fukurokuju.dev/auth/oidc/authentik/callback/"]
app_icon = "https://www.firezone.dev/icon.svg"
app_description = "VPN"
app_publisher = "Firezone"
app_url = "https://fz.fukurokuju.dev"
sub_mode = "hashed_user_id"
}
module "gitea" { module "gitea" {
source = "../modules/authentik-oidc" source = "../modules/authentik-oidc"
app_name = "Gitea" app_name = "Gitea"
@ -144,6 +159,5 @@ module "netbird" {
extra_property_mappings = [ extra_property_mappings = [
"goauthentik.io/providers/oauth2/scope-authentik_api" "goauthentik.io/providers/oauth2/scope-authentik_api"
] ]
app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" app_icon = "https://vpn.fukurokuju.dev/apple-icon.png"
access_token_validity = "days=10"
} }

31
tofu/modules/authentik-oidc/main.tf
View file

@ -3,7 +3,7 @@ terraform {
required_providers { required_providers {
authentik = { authentik = {
source = "goauthentik/authentik" source = "goauthentik/authentik"
version = "2024.10.1" version = "2024.10.0"
} }
} }
} }
@ -26,25 +26,20 @@ data "authentik_property_mapping_provider_scope" "default-scopes" {
], var.extra_property_mappings) ], var.extra_property_mappings)
} }
data "authentik_flow" "default-provider-invalidation-flow" {
slug = "default-provider-invalidation-flow "
}
resource "authentik_provider_oauth2" "provider_oidc" { resource "authentik_provider_oauth2" "provider_oidc" {
name = var.app_name name = var.app_name
client_id = var.client_id client_id = var.client_id
client_secret = var.client_secret client_secret = var.client_secret
client_type = var.client_type client_type = var.client_type
authorization_flow = data.authentik_flow.default-authorization-flow.id authorization_flow = data.authentik_flow.default-authorization-flow.id
authentication_flow = data.authentik_flow.default-authentication-flow.id authentication_flow = data.authentik_flow.default-authentication-flow.id
redirect_uris = var.redirect_uris redirect_uris = var.redirect_uris
property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids
sub_mode = var.sub_mode sub_mode = var.sub_mode
signing_key = var.oidc_signing_key signing_key = var.oidc_signing_key
access_code_validity = var.access_code_validity access_code_validity = var.access_code_validity
access_token_validity = var.access_token_validity access_token_validity = var.access_token_validity
refresh_token_validity = var.refresh_token_validity
invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
} }

5
tofu/modules/authentik-oidc/vars.tf
View file

@ -90,11 +90,6 @@ variable "access_token_validity" {
default = "minutes=10" default = "minutes=10"
} }
variable "refresh_token_validity" {
type = string
default = "days=30"
}
variable "extra_property_mappings" { variable "extra_property_mappings" {
type = list(string) type = list(string)
default = [] default = []

6
tofu/modules/authentik-proxy/main.tf
View file

@ -3,7 +3,7 @@ terraform {
required_providers { required_providers {
authentik = { authentik = {
source = "goauthentik/authentik" source = "goauthentik/authentik"
version = "2024.10.1" version = "2024.10.0"
} }
} }
} }
@ -16,9 +16,6 @@ data "authentik_flow" "default-authentication-flow" {
slug = "default-authentication-flow" slug = "default-authentication-flow"
} }
data "authentik_flow" "default-provider-invalidation-flow" {
slug = "default-provider-invalidation-flow "
}
resource "authentik_provider_proxy" "provider_proxy" { resource "authentik_provider_proxy" "provider_proxy" {
authorization_flow = data.authentik_flow.default-authorization-flow.id authorization_flow = data.authentik_flow.default-authorization-flow.id
@ -27,7 +24,6 @@ resource "authentik_provider_proxy" "provider_proxy" {
internal_host = var.internal_host internal_host = var.internal_host
name = var.app_name name = var.app_name
internal_host_ssl_validation = var.internal_host_ssl_validation internal_host_ssl_validation = var.internal_host_ssl_validation
invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
} }