Compare commits
No commits in common. "28a0d1a7606f6a5fcb6e65836b1a89c4d903e64c" and "383ddf173cc32677e25a5bb58e74d345cba58d07" have entirely different histories.
28a0d1a760
...
383ddf173c
18 changed files with 79 additions and 84 deletions
|
|
@ -13,12 +13,12 @@ jobs:
|
|||
steps:
|
||||
- uses: https://code.forgejo.org/actions/checkout@v4
|
||||
- name: Kaniko build
|
||||
uses: aevea/action-kaniko@v0.14.0
|
||||
uses: aevea/action-kaniko@v0.13.0
|
||||
with:
|
||||
image: catalin/fukuops
|
||||
username: kaniko
|
||||
password: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
cache: true
|
||||
registry: git.roboces.dev
|
||||
tag: nextcloud-30.0.2
|
||||
tag: nextcloud-30.0.1
|
||||
path: docker/nextcloud
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
x-runner-common: &runner-common
|
||||
image: code.forgejo.org/forgejo/runner:4.0.1
|
||||
image: code.forgejo.org/forgejo/runner:3.5.1
|
||||
links:
|
||||
- docker-in-docker
|
||||
depends_on:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
services:
|
||||
dashboard:
|
||||
image: netbirdio/dashboard:v2.7.0
|
||||
image: netbirdio/dashboard:v2.6.1
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 8005:80
|
||||
|
|
@ -23,7 +23,7 @@ services:
|
|||
max-size: "500m"
|
||||
max-file: "2"
|
||||
signal:
|
||||
image: netbirdio/signal:0.31.1
|
||||
image: netbirdio/signal:0.30.3
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- netbird-signal:/var/lib/netbird
|
||||
|
|
@ -35,7 +35,7 @@ services:
|
|||
max-size: "500m"
|
||||
max-file: "2"
|
||||
relay:
|
||||
image: netbirdio/relay:0.31.1
|
||||
image: netbirdio/relay:0.30.3
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info}
|
||||
|
|
@ -50,7 +50,7 @@ services:
|
|||
max-size: "500m"
|
||||
max-file: "2"
|
||||
management:
|
||||
image: netbirdio/management:0.31.1
|
||||
image: netbirdio/management:0.30.3
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- dashboard
|
||||
|
|
@ -91,7 +91,7 @@ services:
|
|||
max-file: "2"
|
||||
|
||||
peer-1:
|
||||
image: netbirdio/netbird:0.31.1
|
||||
image: netbirdio/netbird:0.30.3
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
FROM nextcloud:30.0.2-apache
|
||||
FROM nextcloud:30.0.1-apache
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ services:
|
|||
- nextcloud
|
||||
|
||||
nextcloud:
|
||||
image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.2
|
||||
image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.1
|
||||
volumes:
|
||||
- /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data
|
||||
- /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config
|
||||
|
|
@ -22,8 +22,6 @@ services:
|
|||
- /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps
|
||||
- type: tmpfs
|
||||
target: /tmp:exec
|
||||
- supervisorlog:/var/log/supervisor:z
|
||||
- supervisorpid:/var/run/supervisord/:z
|
||||
environment:
|
||||
PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M}
|
||||
NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1}
|
||||
|
|
@ -35,6 +33,3 @@ services:
|
|||
|
||||
networks:
|
||||
nextcloud: {}
|
||||
volumes:
|
||||
supervisorlog: {}
|
||||
supervisorpid: {}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ services:
|
|||
|
||||
webserver:
|
||||
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.13.5
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.13.0
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 8002:8000
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
services:
|
||||
vaultwarden:
|
||||
image: vaultwarden/server:1.32.5-alpine
|
||||
image: vaultwarden/server:1.32.3-alpine
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DATABASE_URL: ${DATABASE_URL}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ spec:
|
|||
sources:
|
||||
- chart: authentik
|
||||
repoURL: https://charts.goauthentik.io/
|
||||
targetRevision: 2024.10.*
|
||||
targetRevision: 2024.8.*
|
||||
helm:
|
||||
valuesObject:
|
||||
authentik:
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ spec:
|
|||
sources:
|
||||
- chart: elasticsearch
|
||||
repoURL: registry-1.docker.io/bitnamicharts
|
||||
targetRevision: 21.3.24
|
||||
targetRevision: 21.3.22
|
||||
helm:
|
||||
valuesObject:
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ spec:
|
|||
sources:
|
||||
- chart: factorio-server-charts
|
||||
repoURL: https://sqljames.github.io/factorio-server-charts/
|
||||
targetRevision: 2.5.*
|
||||
targetRevision: 2.0.*
|
||||
helm:
|
||||
valuesObject:
|
||||
rcon:
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ spec:
|
|||
sources:
|
||||
- chart: forgejo
|
||||
repoURL: code.forgejo.org/forgejo-helm
|
||||
targetRevision: 10.1.1
|
||||
targetRevision: 10.0.0
|
||||
helm:
|
||||
valuesObject:
|
||||
replicaCount: 2
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ spec:
|
|||
sources:
|
||||
- chart: renovate
|
||||
repoURL: https://docs.renovatebot.com/helm-charts
|
||||
targetRevision: 39.17.*
|
||||
targetRevision: 38.132.*
|
||||
helm:
|
||||
valuesObject:
|
||||
renovate:
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: miniflux
|
||||
image: miniflux/miniflux:2.2.3
|
||||
image: miniflux/miniflux:2.2.1
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
|
|
|||
60
tofu/authentik/.terraform.lock.hcl
generated
60
tofu/authentik/.terraform.lock.hcl
generated
|
|
@ -2,36 +2,36 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/goauthentik/authentik" {
|
||||
version = "2024.10.1"
|
||||
constraints = "2024.10.1"
|
||||
version = "2024.8.4"
|
||||
constraints = "2024.8.4"
|
||||
hashes = [
|
||||
"h1:/Eo+yQyGAKK67bkgt1plX5X41mkRKu5br66XYnL/UyQ=",
|
||||
"h1:1S06FnDvjDsdOm/2J/M95FypohflaT0a9OUOwl4S87o=",
|
||||
"h1:7c3PvOLtsB0F4KHdGT1bTq2mzeNjx4TaNlVKRX78vAc=",
|
||||
"h1:8NUPNLWr9/klFJckfw6HkOMqsGhTTdePUmlBRLOIJjY=",
|
||||
"h1:Ariy1e/DAbcoXS9Wud/Ad3rEC1cLqQ7HdcHBzfTRiSM=",
|
||||
"h1:Bc9zVu8DyzeveEqEaCitlsvzBEY6CU/F648PEjrFYuk=",
|
||||
"h1:D5mConUujTcrau12WRa+Qg1lvPJLzjc76ClIYevJtVw=",
|
||||
"h1:FFYDaQDN8nbfsjwp8kw7YO6xsFCJlhtKSXx9gdLLbok=",
|
||||
"h1:Qfd127te/m5E0LAJvJ9kGWKdCXQdFXlz3ve+nV3HsWM=",
|
||||
"h1:RpNxc5WPT5H3WoKP8t7yKLO7MUAuHgfjm/rifaKpYM8=",
|
||||
"h1:XifS+/OiEMhGI7MQnQtF3ACScqWB/N2Sr/bIrvSKOag=",
|
||||
"h1:YMreOu0B0U2v8azRZ/iVJPhoDedlATNHCam1iztTUks=",
|
||||
"h1:eIMjryDbwEUWlBOFPtGWPf9NdNVWeGLeniVzafoPXZU=",
|
||||
"h1:v6XQwr4PDKtgHtdgCq03iYme4VaJAG8kSH4aKJL0OSw=",
|
||||
"zh:149c76107f75ea5b530409d81cd3b63abc5478831c1f794df1fc12acd5f7ac78",
|
||||
"zh:60bf7a62ec4bb742121f708b1e964b6bc816988e14c9e831723f0788a5c22471",
|
||||
"zh:625f1eecf87e1d741bc99b69aa0aac3c82a4040bb9e704e2c20b09e562517c20",
|
||||
"zh:690f247fd428dd7659aad3189a86288c784fdedbeb8cd75295aa417338d126b2",
|
||||
"zh:6be8c0c70b18da79b5c7cb19ca445a1607404b7e1caff9bdb8e2330c22a591c6",
|
||||
"zh:77bd031a28ec92a215cc5c12381791239ad43087c37f73ab1538f909e15ceae5",
|
||||
"zh:78ffd4fe7b65220db2d33430240507395a71ef8e1dd1c22d82fd547855113df5",
|
||||
"zh:7c0414978a45481bbeb8fc1aed1806409a2499967bd30edfcf9c34d1005d0faa",
|
||||
"zh:7df2c43de2555c11b761a938e2414f25165845d932ca95d562ccabfe3a78a209",
|
||||
"zh:819baedab497151fabcc9c887bcb07382a371708e3f9632ae1a58563ba79104f",
|
||||
"zh:891208df7e634c2de7cb164d1ed88d492e7852abd32293b727b5b82f32efd7e7",
|
||||
"zh:b6385a881b7098f6a6260f7b298eb26ef06eeed02a90ffdff9d2d7cf72fdaa27",
|
||||
"zh:ce642bbd35babd93339a80549552823ec743397e456f18dbcffdf5af3fec612e",
|
||||
"zh:ffd96ddda256a49097b21e6e672ef63d532a960bbc5455958102900ce79a4a10",
|
||||
"h1:8Xv5wta3hIIkK42Io8K0SyPYoWOpaFpPY9QapGddpjI=",
|
||||
"h1:D7ubAOqNdetqacJgTRjLbbrcOxooXCO0Lyp62OvI8yo=",
|
||||
"h1:ESLExFZhUZ7waYS/R0bYT+QSIQMlGzu/38j0rS3Lp5c=",
|
||||
"h1:M/wlTfeq/7P2O+SCIMQZGNX79H8rKZC64SoB6BjqjOg=",
|
||||
"h1:Ov4eV/U1qYkr1nPLEZGH2W+ehL/VoS3PO6nRcgnZ18U=",
|
||||
"h1:QdMNGXTpTnw+dB2l1h3iCmz2kaxr/5yOqc02ixxsQWg=",
|
||||
"h1:SyTR+nvSWpqhwqyUHDGxrRnKp5KXQwJLUZgPxkHad4c=",
|
||||
"h1:U3sDctMTEHA2HFpzYhfFyDycKoB4Rk7n9RQZ1RdS+UU=",
|
||||
"h1:V949CiGQmZxaAbnJxPzom3ie//dTUuxO3B+tMq3CIB8=",
|
||||
"h1:VnjNTGyEtKuhE+nZupVIfXZ6XgqQRLF3vyu7WW8ynrM=",
|
||||
"h1:Wj3W1TDkn/FcDFQiT5g+GbOUSjUSmGdXfGrJNdWfen8=",
|
||||
"h1:bZS9RwjEc1FlLFMidiCzyUrFTC7VONufHBDgGjAtSWs=",
|
||||
"h1:deAiR6R2FBDLmBAFL0D/UG7Uu3MgiI5RL2Zen0PecAA=",
|
||||
"h1:fY36N5ASC+z8LqowzgasNz0xJSWbdjJGeHdPPf6yMlo=",
|
||||
"zh:13040879209e226ba73dd3492849301f5d6233098decf4789dde4e75a7db00a3",
|
||||
"zh:21e5b1403749e4577c85efe1e1ffbc7f70f910c9b025a66ee36d6d9e7a26834d",
|
||||
"zh:3290e95ff74aa269031df2d9604526c977826d76c4c1c03b61c61d4767775f44",
|
||||
"zh:5648de4e32e83f1162844dfae55c2c2ff23eb1b0ae0c6a251a38917d6c7407f0",
|
||||
"zh:5a12f804038d3d84819954fe7666b84aa24bc2284682e5732302c0811401faa3",
|
||||
"zh:6b61eaad598256beb677f170fcb63c2f56c8a9e2a8f6516c98802fab0009807d",
|
||||
"zh:8071892662952c013bdee898a4f5dc4116c18e7e2fbcb0fa96afdf56e78a582f",
|
||||
"zh:94aead29a3fb563c84eca7275a88f7b49e14f6bc7344cc06c766fdf638098d6d",
|
||||
"zh:96ad4fddd7c4ff84f6c18e7106a7565c545e545ac8b8419f2c76216760e1a35a",
|
||||
"zh:c5105037a5d9f0be8fd6a3ecbf08928e26acd3af587dbeb099a328c994cef6f6",
|
||||
"zh:c69b47759a0b831270ba074002078ebf375da712f8c306053b880946cb80ae14",
|
||||
"zh:cb76e7fcdffa73055670f2ecf88286353a3d70a9cc3528e77217ea00465a32c2",
|
||||
"zh:d95b39d122b61c833e234b3fdf423495685cb20456efd761fdcbafc3817248e1",
|
||||
"zh:fc1a55ce2f8f7872f6911afd68d5f76472ba247a2ad2d739010d15add2c7e268",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2024.10.1"
|
||||
version = "2024.8.4"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -33,6 +33,21 @@ resource "authentik_group" "vpn" {
|
|||
}
|
||||
|
||||
|
||||
module "firezone" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Firezone"
|
||||
app_slug = "firezone"
|
||||
client_id = var.firezone_client_id
|
||||
client_secret = var.firezone_client_secret
|
||||
app_access_group_id = authentik_group.admins.id
|
||||
redirect_uris = ["https://fz.fukurokuju.dev/auth/oidc/authentik/callback/"]
|
||||
app_icon = "https://www.firezone.dev/icon.svg"
|
||||
app_description = "VPN"
|
||||
app_publisher = "Firezone"
|
||||
app_url = "https://fz.fukurokuju.dev"
|
||||
sub_mode = "hashed_user_id"
|
||||
}
|
||||
|
||||
module "gitea" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Gitea"
|
||||
|
|
@ -144,6 +159,5 @@ module "netbird" {
|
|||
extra_property_mappings = [
|
||||
"goauthentik.io/providers/oauth2/scope-authentik_api"
|
||||
]
|
||||
app_icon = "https://vpn.fukurokuju.dev/apple-icon.png"
|
||||
access_token_validity = "days=10"
|
||||
app_icon = "https://vpn.fukurokuju.dev/apple-icon.png"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2024.10.1"
|
||||
version = "2024.8.4"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -26,25 +26,20 @@ data "authentik_property_mapping_provider_scope" "default-scopes" {
|
|||
], var.extra_property_mappings)
|
||||
}
|
||||
|
||||
data "authentik_flow" "default-provider-invalidation-flow" {
|
||||
slug = "default-provider-invalidation-flow "
|
||||
}
|
||||
|
||||
resource "authentik_provider_oauth2" "provider_oidc" {
|
||||
name = var.app_name
|
||||
client_id = var.client_id
|
||||
client_secret = var.client_secret
|
||||
client_type = var.client_type
|
||||
authorization_flow = data.authentik_flow.default-authorization-flow.id
|
||||
authentication_flow = data.authentik_flow.default-authentication-flow.id
|
||||
redirect_uris = var.redirect_uris
|
||||
property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids
|
||||
sub_mode = var.sub_mode
|
||||
signing_key = var.oidc_signing_key
|
||||
access_code_validity = var.access_code_validity
|
||||
access_token_validity = var.access_token_validity
|
||||
refresh_token_validity = var.refresh_token_validity
|
||||
invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
|
||||
name = var.app_name
|
||||
client_id = var.client_id
|
||||
client_secret = var.client_secret
|
||||
client_type = var.client_type
|
||||
authorization_flow = data.authentik_flow.default-authorization-flow.id
|
||||
authentication_flow = data.authentik_flow.default-authentication-flow.id
|
||||
redirect_uris = var.redirect_uris
|
||||
property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids
|
||||
sub_mode = var.sub_mode
|
||||
signing_key = var.oidc_signing_key
|
||||
access_code_validity = var.access_code_validity
|
||||
access_token_validity = var.access_token_validity
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -90,11 +90,6 @@ variable "access_token_validity" {
|
|||
default = "minutes=10"
|
||||
}
|
||||
|
||||
variable "refresh_token_validity" {
|
||||
type = string
|
||||
default = "days=30"
|
||||
}
|
||||
|
||||
variable "extra_property_mappings" {
|
||||
type = list(string)
|
||||
default = []
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2024.10.1"
|
||||
version = "2024.8.4"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -16,9 +16,6 @@ data "authentik_flow" "default-authentication-flow" {
|
|||
slug = "default-authentication-flow"
|
||||
}
|
||||
|
||||
data "authentik_flow" "default-provider-invalidation-flow" {
|
||||
slug = "default-provider-invalidation-flow "
|
||||
}
|
||||
|
||||
resource "authentik_provider_proxy" "provider_proxy" {
|
||||
authorization_flow = data.authentik_flow.default-authorization-flow.id
|
||||
|
|
@ -27,7 +24,6 @@ resource "authentik_provider_proxy" "provider_proxy" {
|
|||
internal_host = var.internal_host
|
||||
name = var.app_name
|
||||
internal_host_ssl_validation = var.internal_host_ssl_validation
|
||||
invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue