diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml index 4d1bf40..a8f073a 100644 --- a/.forgejo/workflows/ci.yaml +++ b/.forgejo/workflows/ci.yaml @@ -7,11 +7,11 @@ jobs: pre-commit: runs-on: ubuntu-22.04 steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - uses: https://code.forgejo.org/actions/setup-python@v6 + - uses: https://code.forgejo.org/actions/checkout@v5 + - uses: https://code.forgejo.org/actions/setup-python@v5 with: python-version: '3.10' - - uses: opentofu/setup-opentofu@v2 + - uses: opentofu/setup-opentofu@v1 with: tofu_version: 1.7.0 - uses: pre-commit/action@v3.0.1 @@ -19,7 +19,7 @@ jobs: k8s: runs-on: ubuntu-22.04 steps: - - uses: https://code.forgejo.org/actions/checkout@v6 + - uses: https://code.forgejo.org/actions/checkout@v5 - name: Set up Kubeconform uses: bmuschko/setup-kubeconform@v1 @@ -30,8 +30,8 @@ jobs: tflint: runs-on: ubuntu-22.04 steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - uses: terraform-linters/setup-tflint@v6 + - uses: https://code.forgejo.org/actions/checkout@v5 + - uses: terraform-linters/setup-tflint@v4 name: Setup TFLint with: tflint_version: v0.50.3 diff --git a/.forgejo/workflows/deploy-tofu.yaml b/.forgejo/workflows/deploy-tofu.yaml index 543f381..96b6c38 100644 --- a/.forgejo/workflows/deploy-tofu.yaml +++ b/.forgejo/workflows/deploy-tofu.yaml @@ -10,8 +10,8 @@ jobs: authentik: runs-on: ubuntu-22.04 steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - uses: opentofu/setup-opentofu@v2 + - uses: https://code.forgejo.org/actions/checkout@v5 + - uses: opentofu/setup-opentofu@v1 with: tofu_version: 1.8.1 - name: Deploy @@ -40,8 +40,8 @@ jobs: adguard: runs-on: ubuntu-22.04 steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - uses: opentofu/setup-opentofu@v2 + - uses: https://code.forgejo.org/actions/checkout@v5 + - uses: opentofu/setup-opentofu@v1 with: tofu_version: 1.7.0 - name: Deploy diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index fc7cc6a..c2bed7c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v6.0.0 + rev: v5.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -15,18 +15,18 @@ repos: - id: trailing-whitespace - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.105.0 + rev: v1.92.1 hooks: - id: terraform_fmt - repo: https://github.com/adrienverge/yamllint.git - rev: v1.38.0 + rev: v1.35.1 hooks: - id: yamllint args: [--format, parsable, --strict] - repo: https://github.com/shellcheck-py/shellcheck-py - rev: v0.11.0.1 + rev: v0.10.0.1 hooks: - id: shellcheck files: \.sh diff --git a/docker/dokuwiki/docker-compose.yml b/docker/dokuwiki/docker-compose.yml deleted file mode 100644 index e0b7419..0000000 --- a/docker/dokuwiki/docker-compose.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -services: - wiki: - image: dokuwiki/dokuwiki:2024-02-06b - restart: unless-stopped - ports: - - "44344:8080" - volumes: - - /mnt/nas1/shared/dokuwiki/dokuwiki:/storage - environment: - PHP_TIMEZONE: Europe/Madrid - PHP_MEMORYLIMIT: 512M - PHP_UPLOADLIMIT: 128M diff --git a/docker/forgejo-runner/docker-compose.yml b/docker/forgejo-runner/docker-compose.yml new file mode 100644 index 0000000..a885ae2 --- /dev/null +++ b/docker/forgejo-runner/docker-compose.yml @@ -0,0 +1,41 @@ +--- +x-runner-common: &runner-common + image: code.forgejo.org/forgejo/runner:11.1.2 + links: + - docker-in-docker + depends_on: + docker-in-docker: + condition: service_started + user: 1001:1001 + restart: unless-stopped + command: '/bin/sh -c "sleep 5; forgejo-runner daemon"' + environment: + DOCKER_HOST: tcp://docker-in-docker:2375 + +networks: + forgejo: + external: false + +services: + docker-in-docker: + image: docker:dind + container_name: 'docker_dind' + privileged: true + command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false'] + restart: 'unless-stopped' + + runner: + <<: *runner-common + container_name: 'runner' + volumes: + - ${FORGEJO_RUNNER_DATA:-/mnt/nas1/shared/forgejo-runner/data}:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + + runner-2: + <<: *runner-common + container_name: 'runner2' + volumes: + - ${FORGEJO_RUNNER_DATA:-/mnt/nas1/shared/forgejo-runner/data2}:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro diff --git a/docker/ganymede/docker-compose.yml b/docker/ganymede/docker-compose.yml deleted file mode 100644 index ebc6836..0000000 --- a/docker/ganymede/docker-compose.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -services: - ganymede: - container_name: ganymede - image: ghcr.io/zibbp/ganymede:4.16.0 - restart: unless-stopped - environment: - DEBUG: ${GANYMEDE_DEBUG:-false} - TZ: ${GANYMEDE_TZ:-Europe/Madrid} - VIDEOS_DIR: ${GANYMEDE_VIDEOS_DIR:-/data/videos} - TEMP_DIR: ${GANYMEDE_TEMP_DIR:-/data/temp} - LOGS_DIR: ${GANYMEDE_LOGS_DIR:-/data/logs} - CONFIG_DIR: ${GANYMEDE_CONFIG_DIR:-/data/config} - DB_HOST: ${GANYMEDE_DB_HOST:-192.168.1.3} - DB_PORT: ${GANYMEDE_DB_PORT:-5432} - DB_USER: ${GANYMEDE_DB_USER:-ganymede} - DB_PASS: ${GANYMEDE_DB_PASS} - DB_NAME: ${GANYMEDE_DB_NAME:-ganymede} - DB_SSL: ${GANYMEDE_DB_SSL:-disable} - TWITCH_CLIENT_ID: ${GANYMEDE_TWITCH_CLIENT_ID} - TWITCH_CLIENT_SECRET: ${GANYMEDE_TWITCH_CLIENT_SECRET} - MAX_CHAT_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS:-3} - MAX_CHAT_RENDER_EXECUTIONS: ${GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS:-2} - MAX_VIDEO_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS:-2} - MAX_VIDEO_CONVERT_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS:-3} - MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS:-2} - OAUTH_ENABLED: ${GANYMEDE_OAUTH_ENABLED:-true} - OAUTH_PROVIDER_URL: ${GANYMEDE_OAUTH_PROVIDER_URL:-https://auth.fukurokuju.dev/application/o/ganymede/} - OAUTH_CLIENT_ID: ${GANYMEDE_OAUTH_CLIENT_ID} - OAUTH_CLIENT_SECRET: ${GANYMEDE_OAUTH_CLIENT_SECRET} - OAUTH_REDIRECT_URL: ${GANYMEDE_OAUTH_REDIRECT_URL:-https://vods.roboces.dev/api/v1/auth/oauth/callback} - SHOW_SSO_LOGIN_BUTTON: ${GANYMEDE_SHOW_SSO_LOGIN_BUTTON:-true} - FORCE_SSO_AUTH: ${GANYMEDE_FORCE_SSO_AUTH:-true} - REQUIRE_LOGIN: ${GANYMEDE_REQUIRE_LOGIN:-true} - volumes: - - ${GANYMEDE_VIDEOS:-/mnt/vods/ganymede/videos}:/data/videos - - ${GANYMEDE_TEMP:-/mnt/vods/ganymede/temp}:/data/temp - - ${GANYMEDE_CACHE:-/mnt/vods/ganymede/cache}:/data/.cache - - ${GANYMEDE_LOGS:-/mnt/vods/ganymede/logs}:/data/logs - - ${GANYMEDE_CONFIG:-/mnt/vods/ganymede/config}:/data/config - ports: - - "4800:4000" - healthcheck: - test: curl --fail http://localhost:4000/health || exit 1 - interval: 60s - retries: 5 - start_period: 60s - timeout: 10s diff --git a/docker/ganymede/sample.env b/docker/ganymede/sample.env deleted file mode 100644 index 5b2205b..0000000 --- a/docker/ganymede/sample.env +++ /dev/null @@ -1,27 +0,0 @@ -GANYMEDE_DEBUG=false -GANYMEDE_TZ=Europe/Madrid -GANYMEDE_VIDEOS_DIR=/data/videos -GANYMEDE_TEMP_DIR=/data/temp -GANYMEDE_LOGS_DIR=/data/logs -GANYMEDE_CONFIG_DIR=/data/config -GANYMEDE_DB_HOST=192.168.1.3 -GANYMEDE_DB_PORT=5432 -GANYMEDE_DB_USER=ganymede -GANYMEDE_DB_PASS= -GANYMEDE_DB_NAME=ganymede -GANYMEDE_DB_SSL=disable -GANYMEDE_TWITCH_CLIENT_ID= -GANYMEDE_TWITCH_CLIENT_SECRET= -GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS=3 -GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS=2 -GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS=2 -GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS=3 -GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS=2 -GANYMEDE_OAUTH_ENABLED=true -GANYMEDE_OAUTH_PROVIDER_URL=https://auth.fukurokuju.dev/application/o/ganymede/ -GANYMEDE_OAUTH_CLIENT_ID= -GANYMEDE_OAUTH_CLIENT_SECRET= -GANYMEDE_OAUTH_REDIRECT_URL=https://vods.roboces.dev/api/v1/auth/oauth/callback -GANYMEDE_SHOW_SSO_LOGIN_BUTTON=true -GANYMEDE_FORCE_SSO_AUTH=false -GANYMEDE_REQUIRE_LOGIN=false diff --git a/docker/minecraft/docker-compose.yml b/docker/minecraft/docker-compose.yml new file mode 100644 index 0000000..57f670a --- /dev/null +++ b/docker/minecraft/docker-compose.yml @@ -0,0 +1,40 @@ +--- +services: + mc: + image: itzg/minecraft-server:java23-graalvm + tty: true + stdin_open: true + ports: + - "25565:25565" + environment: + EULA: "TRUE" + MEMORY: ${MEMORY:-"6G"} + TZ: "Europe/Madrid" + VERSION: 1.20.1 + ENABLE_ROLLING_LOGS: true + USE_AIKAR_FLAGS: true + MOTD: "Huesoperrers Minecraft Episodio 2: Ahora es personal" + ICON: /data/icon.png + MAX_PLAYERS: 10 + MAX_WORLD_SIZE: 10000 + SEED: huesoperrers2 + MODE: survival + ONLINE_MODE: false + ALLOW_FLIGHT: true + SERVER_NAME: Huesoperrers and co. + PLAYER_IDLE_TIMEOUT: 15 + STOP_SERVER_ANNOUNCE_DELAY: 30 + WHITELIST: ${WHITELIST} + OPS: ${OPS} + SYNCHRONIZE: true + MERGE: true + ENFORCE_WHITELIST: true + ENABLE_RCON: false + MAX_TICK_TIME: -1 + USER_API_PROVIDER: ${USER_API_PROVIDER:-playerdb} + DIFFICULTY: ${DIFFICULTY:-normal} + ENABLE_AUTOPAUSE: true + DEBUG_AUTOPAUSE: false + TYPE: FORGE + volumes: + - ${MC_DATA_DIR:-/mnt/zeruel/nas1/shared/mc2}:/data diff --git a/docker/netbird/docker-compose.yml b/docker/netbird/docker-compose.yml new file mode 100644 index 0000000..090cbe0 --- /dev/null +++ b/docker/netbird/docker-compose.yml @@ -0,0 +1,112 @@ +--- +services: + dashboard: + image: netbirdio/dashboard:v2.19.0 + restart: unless-stopped + ports: + - 8005:80 + environment: + NETBIRD_MGMT_API_ENDPOINT: ${NETBIRD_MGMT_API_ENDPOINT:-https://vpn.fukurokuju.dev} + NETBIRD_MGMT_GRPC_API_ENDPOINT: ${NETBIRD_MGMT_GRPC_API_ENDPOINT:-https://vpn.fukurokuju.dev} + AUTH_AUDIENCE: ${NETBIRD_AUTH_AUDIENCE:-64e44b85ebdec2a3cf87c0c9916e2dbb0570f6d87b03ca8d149c3551565c3057ce1e559d16b5399cb7df60646e4e2bc6515842a198efb09d1620ea9ac1d8ace2} # yamllint disable rule:line-length + AUTH_CLIENT_ID: ${NETBIRD_AUTH_CLIENT_ID:-64e44b85ebdec2a3cf87c0c9916e2dbb0570f6d87b03ca8d149c3551565c3057ce1e559d16b5399cb7df60646e4e2bc6515842a198efb09d1620ea9ac1d8ace2} # yamllint disable rule:line-length + AUTH_AUTHORITY: ${NETBIRD_AUTH_AUTHORITY:-https://auth.fukurokuju.dev/application/o/netbird/} + USE_AUTH0: false + AUTH_SUPPORTED_SCOPES: ${NETBIRD_AUTH_SUPPORTED_SCOPES:-api offline_access openid email profile} + AUTH_REDIRECT_URI: + AUTH_SILENT_REDIRECT_URI: + NETBIRD_TOKEN_SOURCE: accessToken + NGINX_SSL_PORT: 443 + logging: + driver: "json-file" + options: + max-size: "500m" + max-file: "2" + signal: + image: netbirdio/signal:0.59.2 + restart: unless-stopped + volumes: + - netbird-signal:/var/lib/netbird + ports: + - "10000:80" + logging: + driver: "json-file" + options: + max-size: "500m" + max-file: "2" + relay: + image: netbirdio/relay:0.59.2 + restart: unless-stopped + environment: + NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info} + NB_LISTEN_ADDRESS: ${NB_LISTEN_ADDRESS:-:33080} + NB_EXPOSED_ADDRESS: ${NB_EXPOSED_ADDRESS:-vpn.fukurokuju.dev:33080} + NB_AUTH_SECRET: ${NB_AUTH_SECRET} + ports: + - "33080:33080" + logging: + driver: "json-file" + options: + max-size: "500m" + max-file: "2" + management: + image: netbirdio/management:0.59.2 + restart: unless-stopped + depends_on: + - dashboard + volumes: + - ${NETBIRD_MANAGEMENT_VOLUME:-/mnt/nas1/shared/netbird/management}/data:/var/lib/netbird + - ${NETBIRD_MANAGEMENT_VOLUME:-/mnt/nas1/shared/netbird/management}/management.json:/etc/netbird/management.json:z + ports: + - "33073:443" + command: [ + "--port", "443", + "--log-file", "console", + "--log-level", "info", + "--disable-anonymous-metrics=false", + "--single-account-mode-domain=vpn.fukurokuju.dev", + "--dns-domain=netbird.fuku", + ] + logging: + driver: "json-file" + options: + max-size: "500m" + max-file: "2" + environment: + - NETBIRD_STORE_ENGINE_POSTGRES_DSN= + + coturn: + image: coturn/coturn:4.7 + restart: unless-stopped + domainname: vpn.fukurokuju.dev + volumes: + - ${NETBIRD_COTURN_VOLUME:-/mnt/nas1/shared/netbird/coturn}/turnserver.conf:/etc/turnserver.conf:ro + network_mode: host + command: + - -c /etc/turnserver.conf + logging: + driver: "json-file" + options: + max-size: "500m" + max-file: "2" + + peer-1: + image: netbirdio/netbird:0.59.0 + restart: unless-stopped + volumes: + - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird + environment: + NB_MANAGEMENT_URL: https://vpn.fukurokuju.dev:443 + NB_SETUP_KEY: ${NB_SETUP_KEY} + cap_add: + - NET_ADMIN + depends_on: + - management + - dashboard + - relay + - signal + - coturn + +volumes: + netbird-mgmt: + netbird-signal: diff --git a/docker/netbird/sample.env b/docker/netbird/sample.env new file mode 100644 index 0000000..6a76871 --- /dev/null +++ b/docker/netbird/sample.env @@ -0,0 +1,2 @@ +NB_AUTH_SECRET= +NB_SETUP_KEY= diff --git a/docker/nextcloud/Dockerfile b/docker/nextcloud/Dockerfile new file mode 100644 index 0000000..8d10898 --- /dev/null +++ b/docker/nextcloud/Dockerfile @@ -0,0 +1,62 @@ +FROM nextcloud:31.0.6-apache + +RUN set -ex; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ffmpeg \ + ghostscript \ + libmagickcore-6.q16-6-extra \ + procps \ + smbclient \ + supervisor \ + vim \ + clamav \ + sudo \ + ; \ + rm -rf /var/lib/apt/lists/* + +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libbz2-dev \ + libc-client-dev \ + libkrb5-dev \ + libsmbclient-dev \ + ; \ + \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ + docker-php-ext-install \ + bz2 \ + imap \ + ; \ + pecl install smbclient; \ + docker-php-ext-enable smbclient; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir -p \ + /var/log/supervisord \ + /var/run/supervisord \ +; + +COPY supervisord.conf / + +ENV NEXTCLOUD_UPDATE=1 + +CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml new file mode 100644 index 0000000..8d054b6 --- /dev/null +++ b/docker/nextcloud/docker-compose.yml @@ -0,0 +1,40 @@ +--- +services: + imaginary: + image: nextcloud/aio-imaginary:latest + cap_add: + - SYS_NICE + volumes: + - type: tmpfs + target: /tmp:exec + environment: + - TZ=Europe/Madrid + restart: unless-stopped + networks: + - nextcloud + + nextcloud: + image: git.roboces.dev/catalin/fukuops:nextcloud-31.0.6 + volumes: + - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data + - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config + - /mnt/nas1/legacy-storage/cloud/cloud/custom_apps:/var/www/html/custom_apps + - /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps + - type: tmpfs + target: /tmp:exec + - supervisorlog:/var/log/supervisor:z + - supervisorpid:/var/run/supervisord/:z + environment: + PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M} + NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1} + restart: unless-stopped + ports: + - '8080:80' + networks: + - nextcloud + +networks: + nextcloud: {} +volumes: + supervisorlog: {} + supervisorpid: {} diff --git a/docker/nextcloud/supervisord.conf b/docker/nextcloud/supervisord.conf new file mode 100644 index 0000000..836a08a --- /dev/null +++ b/docker/nextcloud/supervisord.conf @@ -0,0 +1,22 @@ +[supervisord] +nodaemon=true +logfile=/var/log/supervisord/supervisord.log +pidfile=/var/run/supervisord/supervisord.pid +childlogdir=/var/log/supervisord/ +logfile_maxbytes=50MB ; maximum size of logfile before rotation +logfile_backups=10 ; number of backed up logfiles +loglevel=error + +[program:apache2] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=apache2-foreground + +[program:cron] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=/cron.sh diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml index 14d962c..fec42d7 100644 --- a/docker/paperless/docker-compose.yml +++ b/docker/paperless/docker-compose.yml @@ -14,7 +14,7 @@ services: webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15 + image: ghcr.io/paperless-ngx/paperless-ngx:2.18.4 restart: unless-stopped ports: - 8002:8000 diff --git a/docker/rustical/docker-compose.yml b/docker/rustical/docker-compose.yml deleted file mode 100644 index b2dc9a8..0000000 --- a/docker/rustical/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -services: - rustical: - image: ghcr.io/lennart-k/rustical:0.12.12 - restart: unless-stopped - ports: - - '4000:4000' - volumes: - - "${RUSTICAL_DATA_VOLUME:-/mnt/nas1/shared/rustical/:/var/lib/rustical/}" - environment: - RUSTICAL_OIDC__NAME: ${RUSTICAL_OIDC_NAME:-Authentik} - RUSTICAL_OIDC__ISSUER: ${RUSTICAL_OIDC_ISSUER:-https://auth.fukurokuju.dev/application/o/rustical/} - RUSTICAL_OIDC__CLIENT_ID: ${RUSTICAL_OIDC_CLIENT_ID} - RUSTICAL_OIDC__CLIENT_SECRET: ${RUSTICAL_OIDC_CLIENT_SECRET} - RUSTICAL_OIDC__CLAIM_USERID: ${RUSTICAL_OIDC_CLAIM_USERID:-preferred_username} - RUSTICAL_OIDC__SCOPES: '["openid", "profile", "groups"]' - RUSTICAL_OIDC__ALLOW_SIGN_UP: "true" - RUSTICAL_FRONTEND__ALLOW_PASSWORD_LOGIN: ${RUSTICAL_FRONTED_ALLOW_PASSWORD_LOGIN:-false} diff --git a/docker/tailscale/docker-compose.yml b/docker/tailscale/docker-compose.yml deleted file mode 100644 index aea1233..0000000 --- a/docker/tailscale/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -services: - tailscale: - image: tailscale/tailscale:v1.96.5 - hostname: tailscale - environment: - TS_AUTHKEY: ${TS_AUTHKEY} - TS_HOSTNAME: ${TS_HOSTNAME:-docker-exit-node} - TS_EXTRA_ARGS: ${TS_EXTRA_ARGS:---advertise-exit-node} - TS_ROUTES: ${TS_ROUTES:-192.168.1.0/24} - TS_STATE_DIR: /var/lib/tailscale - volumes: - - ${TS_VOLUME:-/mnt/nas1/shared/tailscale}:/var/lib/tailscale - devices: - - /dev/net/tun:/dev/net/tun - cap_add: - - net_admin - restart: unless-stopped diff --git a/docker/tailscale/sample.env b/docker/tailscale/sample.env deleted file mode 100644 index 83646d5..0000000 --- a/docker/tailscale/sample.env +++ /dev/null @@ -1,5 +0,0 @@ -TS_AUTHKEY= -TS_HOSTNAME=docker-exit-node -TS_EXTRA_ARGS=--advertise-exit-node -TS_ROUTES=192.168.1.0/24 -TS_VOLUME=/mnt/nas1/shared/tailscale diff --git a/docker/vaultwarden/docker-compose.yml b/docker/vaultwarden/docker-compose.yml index bbc3594..4c2b3dc 100644 --- a/docker/vaultwarden/docker-compose.yml +++ b/docker/vaultwarden/docker-compose.yml @@ -1,7 +1,7 @@ --- services: vaultwarden: - image: vaultwarden/server:1.36.0-alpine + image: vaultwarden/server:1.34.3-alpine restart: unless-stopped environment: DATABASE_URL: ${DATABASE_URL} diff --git a/k8s/argo-apps/authentik.yaml b/k8s/argo-apps/authentik.yaml index 1c9e424..c88c03f 100644 --- a/k8s/argo-apps/authentik.yaml +++ b/k8s/argo-apps/authentik.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: authentik repoURL: https://charts.goauthentik.io/ - targetRevision: 2026.2.* + targetRevision: 2025.8.* helm: valuesObject: authentik: @@ -26,7 +26,7 @@ spec: timeout: 30 from: auth@fukurokuju.dev postgresql: - host: 192.168.1.3 + host: psql15-postgres.apps-fuku.svc.cluster.local port: 5432 name: auth user: file:///authentik-creds/pg_username diff --git a/k8s/argo-apps/dcsi.yaml b/k8s/argo-apps/dcsi.yaml index 9c9e48d..55c2edd 100644 --- a/k8s/argo-apps/dcsi.yaml +++ b/k8s/argo-apps/dcsi.yaml @@ -2,39 +2,29 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: democratic-csi - namespace: argocd + name: democratic-csi + namespace: argocd spec: - destination: - name: '' - namespace: democratic-csi - server: https://kubernetes.default.svc - sources: - - chart: democratic-csi - repoURL: https://democratic-csi.github.io/charts/ - targetRevision: 0.15.* - helm: - releaseName: zfs-nfs - valuesObject: - node: - driver: - image: - tag: next - controller: - driver: - image: - tag: next - csiDriver: - name: org.dcsi.nfs - driver: - image: - tag: next - existingConfigSecret: secrets-dcsi - config: - driver: freenas-api-nfs - - repoURL: https://git.roboces.dev/catalin/fukuops.git - path: k8s/services/dcsi - targetRevision: main - project: management - syncPolicy: - automated: {} + destination: + name: '' + namespace: democratic-csi + server: https://kubernetes.default.svc + sources: + - chart: democratic-csi + repoURL: https://democratic-csi.github.io/charts/ + targetRevision: 0.14.* + helm: + releaseName: zfs-nfs + valuesObject: + csiDriver: + name: org.dcsi.nfs + driver: + existingConfigSecret: secrets-dcsi + config: + driver: freenas-api-nfs + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/dcsi + targetRevision: main + project: management + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/elastic.yaml b/k8s/argo-apps/elastic.yaml new file mode 100644 index 0000000..b65a53b --- /dev/null +++ b/k8s/argo-apps/elastic.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: elastic + namespace: argocd +spec: + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + sources: + - chart: elasticsearch + repoURL: registry-1.docker.io/bitnamicharts + targetRevision: 22.1.6 + helm: + valuesObject: + service: + type: LoadBalancer + master: + persistence: + enabled: true + storageClass: truenas-nfs-csi + accessModes: + - ReadWriteMany + size: 50Gi + ingress: + enabled: true + hostname: elastic.fuku + tls: true + selfSigned: true + ingressClassName: traefik + data: + persistence: + enabled: true + storageClass: truenas-nfs-csi + accessModes: + - ReadWriteMany + size: 50Gi + autoscaling: + enabled: true + maxReplicas: 3 + minReplicas: 1 + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/factorio.yaml b/k8s/argo-apps/factorio.yaml new file mode 100644 index 0000000..cd2d97d --- /dev/null +++ b/k8s/argo-apps/factorio.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: factorio + namespace: argocd +spec: + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + sources: + - chart: factorio-server-charts + repoURL: https://sqljames.github.io/factorio-server-charts/ + targetRevision: 2.5.* + helm: + valuesObject: + rcon: + passwordSecret: secrets-factorio + nodeSelector: + kubernetes.io/hostname: agent1 + image: + tag: latest + factorioServer: + save_name: fukurokuju-space + admin_list: + - Phireh + account: + accountSecret: secrets-factorio + server_settings: + name: factorio-fukurokuju + visibility: + public: false + require_user_verification: false + persistence: + storageClassName: truenas-nfs-csi + serverPassword: + passwordSecret: secrets-factorio + + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/factorio + targetRevision: main + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/forgejo.yaml b/k8s/argo-apps/forgejo.yaml index 70875d8..adede13 100644 --- a/k8s/argo-apps/forgejo.yaml +++ b/k8s/argo-apps/forgejo.yaml @@ -14,10 +14,10 @@ spec: sources: - chart: forgejo repoURL: code.forgejo.org/forgejo-helm - targetRevision: 17.0.1 + targetRevision: 14.0.4 helm: valuesObject: - replicaCount: 1 + replicaCount: 2 service: http: type: LoadBalancer @@ -49,8 +49,15 @@ spec: serviceMonitor: enabled: true config: + indexer: + ISSUE_INDEXER_CONN_STR: http://elastic-elasticsearch.apps-fuku.svc.cluster.local:9200 + ISSUE_INDEXER_ENABLED: true + ISSUE_INDEXER_TYPE: elasticsearch + REPO_INDEXER_ENABLED: false + REPO_INDEXER_TYPE: elasticsearch actions: - ENABLED: false + ENABLED: true + DEFAULT_ACTIONS_URL: https://github.com picture: DISABLE_GRAVATAR: false ENABLE_FEDERATED_AVATAR: true @@ -99,6 +106,9 @@ spec: enabled: false redis-cluster: enabled: false + - path: k8s/services/forgejo + repoURL: https://git.roboces.dev/catalin/fukuops.git + targetRevision: main project: roboces syncPolicy: automated: {} diff --git a/k8s/argo-apps/huesporro.yaml b/k8s/argo-apps/huesporro.yaml index 93ac93f..0376ee9 100644 --- a/k8s/argo-apps/huesporro.yaml +++ b/k8s/argo-apps/huesporro.yaml @@ -12,7 +12,7 @@ spec: sources: - path: charts/huesoporro repoURL: https://git.roboces.dev/catalin/huesoporro.git - targetRevision: v0.3.7 + targetRevision: v0.3.6 helm: valuesObject: secret: diff --git a/k8s/argo-apps/kubetail.yaml b/k8s/argo-apps/kubetail.yaml new file mode 100644 index 0000000..e3d73cb --- /dev/null +++ b/k8s/argo-apps/kubetail.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kubetail + namespace: argocd +spec: + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + sources: + - chart: kubetail + repoURL: https://kubetail-org.github.io/helm-charts/ + targetRevision: 0.15.2 + helm: + valuesObject: + kubetail: + dashboard: + ingress: + enabled: true + className: traefik + tls: [] + rules: + - host: logs.fuku + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kubetail-dashboard + port: + number: 8080 + + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/kured.yaml b/k8s/argo-apps/kured.yaml index d15330a..c2c8d84 100644 --- a/k8s/argo-apps/kured.yaml +++ b/k8s/argo-apps/kured.yaml @@ -13,7 +13,7 @@ spec: source: chart: kured repoURL: https://kubereboot.github.io/charts - targetRevision: 5.11.* + targetRevision: 5.10.* helm: valuesObject: configuration.rebootDays: diff --git a/k8s/argo-apps/meili.yaml b/k8s/argo-apps/meili.yaml index 9303052..64b6f10 100644 --- a/k8s/argo-apps/meili.yaml +++ b/k8s/argo-apps/meili.yaml @@ -18,13 +18,13 @@ spec: targetRevision: main - chart: meilisearch repoURL: https://meilisearch.github.io/meilisearch-kubernetes - targetRevision: 0.32.* + targetRevision: 0.17.* helm: valuesObject: environment: MEILI_ENV: production auth: - existingMasterKeySecret: meili + existingMasterKeySecret: meilisearch-master-key service: type: NodePort port: 7700 diff --git a/k8s/argo-apps/miniflux.yaml b/k8s/argo-apps/miniflux.yaml index aaedef3..f274685 100644 --- a/k8s/argo-apps/miniflux.yaml +++ b/k8s/argo-apps/miniflux.yaml @@ -2,84 +2,18 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: miniflux - namespace: argocd + name: miniflux + namespace: argocd spec: - destination: - name: '' - namespace: apps-roboces - server: https://kubernetes.default.svc - sources: - - path: k8s/charts/miniflux - repoURL: https://git.roboces.dev/catalin/fukuops.git - targetRevision: main - helm: - valuesObject: - replicaCount: 3 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 10000 - runAsGroup: 10000 - capabilities: - drop: - - all - service: - type: LoadBalancer - ingress: - enabled: true - className: "traefik" - hosts: - - host: feeds.roboces.dev - paths: - - path: / - pathType: Prefix - resources: - requests: - cpu: 300m - memory: 300Mi - ephemeral-storage: 2Gi - limits: - cpu: 400m - memory: 500Mi - ephemeral-storage: 4Gi - livenessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 5 - timeoutSeconds: 15 - successThreshold: 1 - failureThreshold: 3 - periodSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 15 - timeoutSeconds: 2 - successThreshold: 1 - failureThreshold: 3 - periodSeconds: 10 - podDisruptionBudget: - enabled: true - maxUnavailable: 1 - env: - RUN_MIGRATIONS: "1" - CREATE_ADMIN: "1" - OAUTH2_PROVIDER: oidc - OAUTH2_REDIRECT_URL: https://feeds.roboces.dev/oauth2/oidc/callback - OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://auth.fukurokuju.dev/application/o/miniflux/ - OAUTH2_USER_CREATION: "1" - FETCH_YOUTUBE_WATCH_TIME: "1" - WORKER_POOL_SIZE: "1" - POLLING_FREQUENCY: "120" - BATCH_SIZE: "25" - METRICS_COLLECTOR: "1" - METRICS_ALLOWED_NETWORKS: 10.42.1.0/16 - secret: - existingSecretName: miniflux - project: roboces - syncPolicy: - automated: - prune: true - selfHeal: true + destination: + name: '' + namespace: apps-roboces + server: https://kubernetes.default.svc + source: + path: k8s/services/miniflux + repoURL: https://git.roboces.dev/catalin/fukuops.git + targetRevision: main + sources: [] + project: roboces + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/oxicloud.yaml b/k8s/argo-apps/oxicloud.yaml deleted file mode 100644 index 2e2ba46..0000000 --- a/k8s/argo-apps/oxicloud.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: oxicloud - namespace: argocd -spec: - destination: - name: '' - namespace: apps-roboces - server: https://kubernetes.default.svc - sources: - - path: k8s/charts/oxicloud - repoURL: https://git.roboces.dev/catalin/fukuops.git - targetRevision: main - helm: - valuesObject: - image: - repository: diocrafts/oxicloud - pullPolicy: Always - tag: "0.5.6" - persistence: - enabled: true - storageClass: "truenas-nfs-csi" - accessMode: ReadWriteMany - size: 50Gi - service: - type: LoadBalancer - config: - server: - port: 8086 - host: "0.0.0.0" - baseUrl: "https://cloud.roboces.dev" - features: - enableAuth: "true" - enableSharing: "true" - mimalloc: - purgeDelay: "0" - allowLargeOsPages: "0" - secrets: - existingSecret: oxicloud - wopi: - enabled: false - ingress: - className: "traefik" - hosts: - - host: cloud.roboces.dev - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - project: roboces - syncPolicy: - automated: {} diff --git a/k8s/argo-apps/portainer.yaml b/k8s/argo-apps/portainer.yaml index f461333..69ad625 100644 --- a/k8s/argo-apps/portainer.yaml +++ b/k8s/argo-apps/portainer.yaml @@ -15,7 +15,7 @@ spec: sources: - repoURL: https://portainer.github.io/k8s/ chart: portainer - targetRevision: 239.1.* + targetRevision: 2.33.* helm: valuesObject: service: diff --git a/k8s/argo-apps/psql.yaml b/k8s/argo-apps/psql.yaml new file mode 100644 index 0000000..96bf839 --- /dev/null +++ b/k8s/argo-apps/psql.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: psql15 + namespace: argocd +spec: + destination: + namespace: apps-fuku + server: 'https://kubernetes.default.svc' + sources: + - chart: postgres + targetRevision: 1.3.6 + repoURL: https://groundhog2k.github.io/helm-charts/ + helm: + valuesObject: + service: + type: LoadBalancer + storage: + accessModes: + - ReadWriteMany + className: truenas-nfs-csi + requestedSize: 150Gi + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/redis.yaml b/k8s/argo-apps/redis.yaml new file mode 100644 index 0000000..698214d --- /dev/null +++ b/k8s/argo-apps/redis.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: redis + namespace: argocd +spec: + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + sources: + - chart: redis + repoURL: registry-1.docker.io/cloudpirates + targetRevision: "0.9.*" + helm: + valuesObject: + auth: + existingSecret: secrets-redis + existingSecretPasswordKey: redis-password + persistence: + storageClass: truenas-nfs-csi + size: 10Gi + accessMode: ReadWriteMany + service: + type: LoadBalancer + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/redis + targetRevision: main + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index 505b9af..cee6aa1 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 46.142.* + targetRevision: 43.54.* helm: valuesObject: renovate: diff --git a/k8s/argo-apps/sealed-secrets.yaml b/k8s/argo-apps/sealed-secrets.yaml index c180041..d60c2ec 100644 --- a/k8s/argo-apps/sealed-secrets.yaml +++ b/k8s/argo-apps/sealed-secrets.yaml @@ -12,7 +12,7 @@ spec: source: chart: sealed-secrets repoURL: https://bitnami-labs.github.io/sealed-secrets - targetRevision: 2.18.* + targetRevision: 2.17.* helm: releaseName: sealed-secrets valuesObject: diff --git a/k8s/argo-apps/valheim.yaml b/k8s/argo-apps/valheim.yaml new file mode 100644 index 0000000..699f2f2 --- /dev/null +++ b/k8s/argo-apps/valheim.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: valheim + namespace: argocd +spec: + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + sources: + - path: k8s/charts/valheim-server + repoURL: https://git.roboces.dev/catalin/fukuops.git + targetRevision: main + helm: + valuesObject: + server: + name: "Huesoperrers Váljei" + public: 1 + timezone: Europe/Madrid + secret: + name: valheim-secrets + key: server-password + persistence: + saves: + accessMode: ReadWriteMany + server: + accessMode: ReadWriteMany + backups: + accessMode: ReadWriteMany + resources: + requests: + memory: 4Gi + cpu: 2000m + limits: + memory: 8Gi + cpu: 4000m + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/vault-sm.yaml b/k8s/argo-apps/vault-sm.yaml deleted file mode 100644 index 5b844ac..0000000 --- a/k8s/argo-apps/vault-sm.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vault-sm - namespace: argocd -spec: - destination: - name: '' - namespace: apps-fuku - server: https://kubernetes.default.svc - sources: - - chart: vaultwarden-kubernetes-secrets - repoURL: ghcr.io/antoniolago/charts - targetRevision: 1.4.01 - helm: - valuesObject: - api: - enabled: true - service: - type: LoadBalancer - persistence: - storageClass: truenas-nfs-csi - dashboard: - enabled: true - service: - type: LoadBalancer - ingress: - enabled: true - className: traefik - hosts: - - host: vault-secrets.fuku - paths: - - path: / - pathType: Prefix - backend: dashboard - port: 80 - - path: /api - pathType: Prefix - backend: api - port: 8080 - env: - config: - VAULTWARDEN__SERVERURL: "https://vault.roboces.dev" - secrets: - BW_CLIENTID: - secretName: "vaultwarden-kubernetes-secrets" - secretKey: "BW_CLIENTID" - BW_CLIENTSECRET: - secretName: "vaultwarden-kubernetes-secrets" - secretKey: "BW_CLIENTSECRET" - VAULTWARDEN__MASTERPASSWORD: - secretName: "vaultwarden-kubernetes-secrets" - secretKey: "VAULTWARDEN__MASTERPASSWORD" - - path: k8s/services/vaultwarden-kubernetes-secrets - repoURL: https://git.roboces.dev/catalin/fukuops.git - targetRevision: main - project: fuku - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/k8s/argo-apps/woodpecker.yaml b/k8s/argo-apps/woodpecker.yaml deleted file mode 100644 index 1068d21..0000000 --- a/k8s/argo-apps/woodpecker.yaml +++ /dev/null @@ -1,57 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: woodpecker - namespace: argocd - annotations: - argocd.argoproj.io/sync-options: Force=true,Replace=true -spec: - destination: - name: '' - namespace: apps-roboces - server: https://kubernetes.default.svc - sources: - - chart: woodpecker - repoURL: ghcr.io/woodpecker-ci/helm - targetRevision: 3.5.1 - helm: - valuesObject: - agent: - persistence: - storageClass: truenas-nfs-csi - accessModes: - - ReadWriteMany - server: - env: - WOODPECKER_ADMIN: 'woodpecker,admin,catalin' - WOODPECKER_HOST: 'https://ci.roboces.dev' - WOODPECKER_FORGEJO: "true" - WOODPECKER_FORGEJO_URL: "https://git.roboces.dev" - WOODPECKER_FORGEJO_CLIENT: - valueFrom: - secretKeyRef: - name: woodpecker - key: WOODPECKER_FORGEJO_CLIENT - WOODPECKER_FORGEJO_SECRET: - valueFrom: - secretKeyRef: - name: woodpecker - key: WOODPECKER_FORGEJO_SECRET - persistentVolume: - storageClass: truenas-nfs-csi - accessModes: - - ReadWriteMany - service: - type: LoadBalancer - ingress: - enabled: true - ingressClassName: traefik - hosts: - - host: ci.roboces.dev - paths: - - path: / - tls: [] - project: roboces - syncPolicy: - automated: {} diff --git a/k8s/charts/miniflux/Chart.yaml b/k8s/charts/miniflux/Chart.yaml deleted file mode 100644 index 385a887..0000000 --- a/k8s/charts/miniflux/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: miniflux -description: A Helm chart for Miniflux RSS reader -type: application -version: 0.1.0 -appVersion: "2.2.18" diff --git a/k8s/charts/miniflux/templates/_helpers.tpl b/k8s/charts/miniflux/templates/_helpers.tpl deleted file mode 100644 index 276f979..0000000 --- a/k8s/charts/miniflux/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "miniflux.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "miniflux.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "miniflux.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "miniflux.labels" -}} -helm.sh/chart: {{ include "miniflux.chart" . }} -{{ include "miniflux.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "miniflux.selectorLabels" -}} -app.kubernetes.io/name: {{ include "miniflux.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "miniflux.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "miniflux.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/k8s/charts/miniflux/templates/deployment.yaml b/k8s/charts/miniflux/templates/deployment.yaml deleted file mode 100644 index f7091f8..0000000 --- a/k8s/charts/miniflux/templates/deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "miniflux.fullname" . }} - labels: - {{- include "miniflux.labels" . | nindent 4 }} - annotations: - kube-score/ignore: pod-networkpolicy,deployment-has-host-podantiaffinity -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "miniflux.selectorLabels" . | nindent 6 }} - strategy: - rollingUpdate: - maxSurge: 50% - maxUnavailable: 50% - type: RollingUpdate - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "miniflux.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - secretRef: - name: {{ .Values.secret.existingSecretName | default (include "miniflux.fullname" .) }} - env: - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - restartPolicy: Always - automountServiceAccountToken: false diff --git a/k8s/charts/miniflux/templates/ingress.yaml b/k8s/charts/miniflux/templates/ingress.yaml deleted file mode 100644 index db3f090..0000000 --- a/k8s/charts/miniflux/templates/ingress.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "miniflux.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "miniflux.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if .pathType }} - pathType: {{ .pathType }} - {{- end }} - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- end }} - {{- end }} -{{- end }} diff --git a/k8s/charts/miniflux/templates/poddisruptionbudget.yaml b/k8s/charts/miniflux/templates/poddisruptionbudget.yaml deleted file mode 100644 index 59e31ee..0000000 --- a/k8s/charts/miniflux/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled -}} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "miniflux.fullname" . }} - labels: - {{- include "miniflux.labels" . | nindent 4 }} -spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - {{- include "miniflux.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/k8s/charts/miniflux/templates/secret.yaml b/k8s/charts/miniflux/templates/secret.yaml deleted file mode 100644 index 91c8d4f..0000000 --- a/k8s/charts/miniflux/templates/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.secret.enabled (not .Values.secret.existingSecretName) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "miniflux.fullname" . }} - labels: - {{- include "miniflux.labels" . | nindent 4 }} -type: Opaque -stringData: - {{- range $key, $value := .Values.secret.data }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} diff --git a/k8s/charts/miniflux/templates/service.yaml b/k8s/charts/miniflux/templates/service.yaml deleted file mode 100644 index c70a4ab..0000000 --- a/k8s/charts/miniflux/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "miniflux.fullname" . }} - labels: - {{- include "miniflux.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: http - selector: - {{- include "miniflux.selectorLabels" . | nindent 4 }} diff --git a/k8s/charts/miniflux/values.yaml b/k8s/charts/miniflux/values.yaml deleted file mode 100644 index 5b4b49f..0000000 --- a/k8s/charts/miniflux/values.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Configuration is managed in k8s/argo-apps/miniflux.yaml -replicaCount: 1 - -image: - repository: miniflux/miniflux - pullPolicy: Always - tag: "" - -imagePullSecrets: [] -podAnnotations: {} -podSecurityContext: {} -securityContext: {} - -service: - type: ClusterIP - port: 8888 - targetPort: 8080 - -ingress: - enabled: false - -resources: {} - -livenessProbe: {} -readinessProbe: {} - -autoscaling: - enabled: false - -nodeSelector: {} -tolerations: [] -affinity: {} - -podDisruptionBudget: - enabled: false - -env: {} - -secret: - enabled: false - existingSecretName: "" - data: {} diff --git a/k8s/charts/oxicloud/.helmignore b/k8s/charts/oxicloud/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/k8s/charts/oxicloud/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/k8s/charts/oxicloud/Chart.yaml b/k8s/charts/oxicloud/Chart.yaml deleted file mode 100644 index 50069e2..0000000 --- a/k8s/charts/oxicloud/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v2 -name: oxicloud -description: | - Ultra-fast, secure & lightweight self-hosted cloud storage — your files, photos, calendars & contacts, all in one place. Built in Rust. -type: application -version: 0.1.0 -appVersion: "0.5.2" diff --git a/k8s/charts/oxicloud/templates/_helpers.tpl b/k8s/charts/oxicloud/templates/_helpers.tpl deleted file mode 100644 index 0e1d40b..0000000 --- a/k8s/charts/oxicloud/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* Expand the name of the chart. */}} -{{- define "oxicloud.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* Create a default fully qualified app name. */}} -{{- define "oxicloud.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* Common labels */}} -{{- define "oxicloud.labels" -}} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{ include "oxicloud.selectorLabels" . }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* Selector labels */}} -{{- define "oxicloud.selectorLabels" -}} -app.kubernetes.io/name: {{ include "oxicloud.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/k8s/charts/oxicloud/templates/configmap.yaml b/k8s/charts/oxicloud/templates/configmap.yaml deleted file mode 100644 index edd8d27..0000000 --- a/k8s/charts/oxicloud/templates/configmap.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "oxicloud.fullname" . }}-config -data: - OXICLOUD_SERVER_PORT: {{ .Values.config.server.port | quote }} - OXICLOUD_SERVER_HOST: {{ .Values.config.server.host | quote }} - {{- if .Values.config.server.baseUrl }} - OXICLOUD_BASE_URL: {{ .Values.config.server.baseUrl | quote }} - {{- end }} - OXICLOUD_ENABLE_AUTH: {{ .Values.config.features.enableAuth | quote }} - OXICLOUD_ENABLE_FILE_SHARING: {{ .Values.config.features.enableSharing | quote }} - MIMALLOC_PURGE_DELAY: {{ .Values.config.mimalloc.purgeDelay | quote }} - MIMALLOC_ALLOW_LARGE_OS_PAGES: {{ .Values.config.mimalloc.allowLargeOsPages | quote }} - - {{- if .Values.wopi.enabled }} - OXICLOUD_WOPI_ENABLED: "true" - OXICLOUD_WOPI_DISCOVERY_URL: "{{ .Values.config.server.baseUrl }}/hosting/discovery" - {{- else }} - OXICLOUD_WOPI_ENABLED: "false" - {{- end }} diff --git a/k8s/charts/oxicloud/templates/ingress.yaml b/k8s/charts/oxicloud/templates/ingress.yaml deleted file mode 100644 index ab3a14b..0000000 --- a/k8s/charts/oxicloud/templates/ingress.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -{{- if .Values.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "oxicloud.fullname" . }} - labels: - {{- include "oxicloud.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - - host: {{ (index .Values.ingress.hosts 0).host | quote }} - http: - paths: - {{- if .Values.wopi.enabled }} - # Route Collabora traffic to the WOPI pod - - path: /browser - pathType: Prefix - backend: - service: - name: {{ include "oxicloud.fullname" $ }}-wopi - port: - number: {{ .Values.wopi.collabora.service.port }} - - path: /hosting - pathType: Prefix - backend: - service: - name: {{ include "oxicloud.fullname" $ }}-wopi - port: - number: {{ .Values.wopi.collabora.service.port }} - - path: /cool - pathType: Prefix - backend: - service: - name: {{ include "oxicloud.fullname" $ }}-wopi - port: - number: {{ .Values.wopi.collabora.service.port }} - {{- end }} - - # Default Catch-All: Route everything else to OxiCloud - - path: / - pathType: Prefix - backend: - service: - name: {{ include "oxicloud.fullname" $ }} - port: - number: {{ $.Values.service.port }} -{{- end }} diff --git a/k8s/charts/oxicloud/templates/secret.yaml b/k8s/charts/oxicloud/templates/secret.yaml deleted file mode 100644 index d5aac3c..0000000 --- a/k8s/charts/oxicloud/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -{{- if not .Values.secrets.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "oxicloud.fullname" . }}-secret - labels: - {{- include "oxicloud.labels" . | nindent 4 }} -type: Opaque -data: - {{- if .Values.secrets.jwtSecret }} - OXICLOUD_JWT_SECRET: {{ .Values.secrets.jwtSecret | b64enc | quote }} - {{- end }} - DB_PASSWORD: {{ .Values.database.password | b64enc | quote }} - {{- if .Values.wopi.enabled }} - WOPI_ADMIN_USERNAME: {{ .Values.wopi.collabora.admin.username | b64enc | quote }} - WOPI_ADMIN_PASSWORD: {{ .Values.wopi.collabora.admin.password | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/k8s/charts/oxicloud/templates/service.yaml b/k8s/charts/oxicloud/templates/service.yaml deleted file mode 100644 index b0a4bc8..0000000 --- a/k8s/charts/oxicloud/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "oxicloud.fullname" . }} - labels: - {{- include "oxicloud.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "oxicloud.selectorLabels" . | nindent 4 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "oxicloud.fullname" . }}-headless - labels: - {{- include "oxicloud.labels" . | nindent 4 }} -spec: - clusterIP: None - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "oxicloud.selectorLabels" . | nindent 4 }} diff --git a/k8s/charts/oxicloud/templates/statefulset.yaml b/k8s/charts/oxicloud/templates/statefulset.yaml deleted file mode 100644 index 2a6d68e..0000000 --- a/k8s/charts/oxicloud/templates/statefulset.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "oxicloud.fullname" . }} - labels: - {{- include "oxicloud.labels" . | nindent 4 }} -spec: - serviceName: {{ include "oxicloud.fullname" . }}-headless - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "oxicloud.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "oxicloud.selectorLabels" . | nindent 8 }} - spec: - containers: - - name: oxicloud - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 8086 - protocol: TCP - envFrom: - - configMapRef: - name: {{ include "oxicloud.fullname" . }}-config - - secretRef: - name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }} - volumeMounts: - - name: storage-data - mountPath: /app/storage - {{- if not .Values.persistence.enabled }} - volumes: - - name: storage-data - emptyDir: {} - {{- end }} - - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: storage-data - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - {{- if .Values.persistence.storageClass }} - storageClassName: {{ .Values.persistence.storageClass }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size }} - {{- end }} diff --git a/k8s/charts/oxicloud/templates/wopi-deployment.yaml b/k8s/charts/oxicloud/templates/wopi-deployment.yaml deleted file mode 100644 index 0cdc0d4..0000000 --- a/k8s/charts/oxicloud/templates/wopi-deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -{{- if .Values.wopi.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "oxicloud.fullname" . }}-wopi - labels: - {{- include "oxicloud.labels" . | nindent 4 }} - app.kubernetes.io/component: wopi -spec: - replicas: 1 - selector: - matchLabels: - {{- include "oxicloud.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: wopi - template: - metadata: - labels: - {{- include "oxicloud.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: wopi - spec: - containers: - - name: collabora - image: "{{ .Values.wopi.collabora.image.repository }}:{{ .Values.wopi.collabora.image.tag }}" - imagePullPolicy: {{ .Values.wopi.collabora.image.pullPolicy }} - # Required for Collabora to build chroot jails - securityContext: - capabilities: - add: - - MKNOD - ports: - - name: wopi - containerPort: 9980 - protocol: TCP - env: - - name: aliasgroup1 - value: "http://{{ .Values.wopi.collabora.domain }}" - - name: server_name - value: {{ .Values.wopi.collabora.domain | quote }} - - name: extra_params - value: {{ .Values.wopi.collabora.extraParams | quote }} - - name: username - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }} - key: WOPI_ADMIN_USERNAME - - name: password - valueFrom: - secretKeyRef: - name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }} - key: WOPI_ADMIN_PASSWORD - readinessProbe: - httpGet: - path: /hosting/discovery - port: wopi - initialDelaySeconds: 10 - periodSeconds: 10 -{{- end }} diff --git a/k8s/charts/oxicloud/templates/wopi-service.yaml b/k8s/charts/oxicloud/templates/wopi-service.yaml deleted file mode 100644 index 6b27207..0000000 --- a/k8s/charts/oxicloud/templates/wopi-service.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -{{- if .Values.wopi.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "oxicloud.fullname" . }}-wopi - labels: - {{- include "oxicloud.labels" . | nindent 4 }} - app.kubernetes.io/component: wopi -spec: - type: ClusterIP - ports: - - port: {{ .Values.wopi.collabora.service.port }} - targetPort: wopi - protocol: TCP - name: wopi - selector: - {{- include "oxicloud.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: wopi -{{- end }} diff --git a/k8s/charts/oxicloud/values.yaml b/k8s/charts/oxicloud/values.yaml deleted file mode 100644 index 3bbd384..0000000 --- a/k8s/charts/oxicloud/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -replicaCount: 1 - -image: - repository: oxicloud - pullPolicy: IfNotPresent - tag: "latest" - -database: - host: "postgres.example.com" - port: 5432 - username: "postgres" - password: "change_me_in_production" - name: "oxicloud" - -config: - server: - port: 8086 - host: "0.0.0.0" - baseUrl: "https://cloud.example.com" - features: - enableAuth: "true" - enableSharing: "true" - mimalloc: - purgeDelay: "0" - allowLargeOsPages: "0" - -persistence: - enabled: true - storageClass: "" - accessMode: ReadWriteOnce - size: 50Gi - -wopi: - enabled: true - collabora: - url: "cloud.example.com" - image: - repository: collabora/code - tag: latest - pullPolicy: IfNotPresent - service: - port: 9980 - admin: - username: admin - password: "wopi_admin_password" - extraParams: "--o:ssl.enable=false --o:ssl.termination=false --o:net.frame_ancestors=http://* https://*" - -secrets: - existingSecret: "" - jwtSecret: "" - oidcClientSecret: "" - -service: - type: ClusterIP - port: 8086 - -ingress: - enabled: true - className: "traefik" - annotations: {} - hosts: - - host: cloud.example.com - paths: - - path: / - pathType: ImplementationSpecific - tls: [] diff --git a/k8s/charts/valheim-server/values.yaml b/k8s/charts/valheim-server/values.yaml index 744d84c..bdc7966 100644 --- a/k8s/charts/valheim-server/values.yaml +++ b/k8s/charts/valheim-server/values.yaml @@ -3,7 +3,7 @@ image: # -- Docker repository to use repository: mbround18/valheim # -- Docker tag to use - use "latest" for most current version - tag: "3.6" + tag: "3.3" # -- Image pull policy pullPolicy: Always diff --git a/k8s/services/argo/project-fuku.yaml b/k8s/services/argo/project-fuku.yaml index 46076fd..e8941de 100644 --- a/k8s/services/argo/project-fuku.yaml +++ b/k8s/services/argo/project-fuku.yaml @@ -25,12 +25,8 @@ spec: - https://charts.crystalnet.org - https://portainer.github.io/k8s/ - https://docs.renovatebot.com/helm-charts + - registry-1.docker.io/bitnamicharts - https://meilisearch.github.io/meilisearch-kubernetes - https://kubetail-org.github.io/helm-charts/ - https://groundhog2k.github.io/helm-charts/ - registry-1.docker.io/cloudpirates - - https://vmware-tanzu.github.io/helm-charts/ - - https://helm.runix.net - - https://rcourtman.github.io/Pulse - - ghcr.io/antoniolago/charts - - https://helm.elastic.co diff --git a/k8s/services/argo/project-roboces.yaml b/k8s/services/argo/project-roboces.yaml index 9b6f364..9f05403 100644 --- a/k8s/services/argo/project-roboces.yaml +++ b/k8s/services/argo/project-roboces.yaml @@ -8,11 +8,8 @@ spec: destinations: - namespace: apps-roboces server: https://kubernetes.default.svc - - namespace: woodpecker - server: https://kubernetes.default.svc sourceRepos: - https://git.roboces.dev/catalin/fukuops.git - code.forgejo.org/forgejo-helm - https://git.roboces.dev/catalin/huesoporro.git - https://gitlab.com/api/v4/projects/64552889/packages/helm/release - - ghcr.io/woodpecker-ci/helm diff --git a/k8s/services/factorio/sealedsecrets.yaml b/k8s/services/factorio/sealedsecrets.yaml new file mode 100644 index 0000000..5b36966 --- /dev/null +++ b/k8s/services/factorio/sealedsecrets.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: + name: secrets-factorio + namespace: apps-fuku +spec: + encryptedData: + game_password: AgCmUZilQTlqof5so2DyvjbCh3J8OAkz4lSQv++z+9XUz4/+KjwgEjP5SI9nf2WVfIHt7WiJN8oaPlYnm2XIdbBUrvKlTEuMAy2XeI8DE2+wKHXdbmLg7t3oZR/8kw3py9W3o4dlXp5XY2G4S3cG8TX0fkN58ni61mYv+zSvc6stcT/iveJqO5E+hXPcDSexzxQ/8DybS4D5g8W3N2OMhRoU0wwhYfXAuxN90BzFKgD6X/9Xy1c7pPQQkEidpA6l1uP5qIG/vChmIpqsOmQWbibGQn53el5ulPvaybx1wRu33eJJcSPRS+XthZv9dtwduFlboMT6QPWcVL5gSQ0ceCBidQIHGLRLxcHYPZz83miCeVYFY1xFegrwPBsXYEdfar5mufxgSQGtSHGzwEV0Ry+tcmjz9JqWpQBQVg10Bs0GYwvy/XGHi1BLCouAXXL//eVbGp1s9cl4uyN9Ymzt5zNrf/SvUweFsaCYrC6xVFA2CCsLbsyu/YbmKkO+cd1IwAle4luGmJHnZgrXKMwQFYoMTGsgEGYt87Itz7eOSmHEm/ZJwZ3oL6n0LGgHpJu1gb4Op0ZA9p44DKeg2fy5Go9rWeMOP0RIw8/SApE6QmT0Bw8QccddnTHhwuCLet2PoiUodKhFffTfGN6PGPeIcyQJpiEDxUI7nquWSNGTcMJDsR3LbzU6A8MpDQrrg5Az6YzyZOo7NLEMbitKLrqt9lfH5g7g # yamllint disable rule:line-length + password: AgCTY4hn/wTGipH9oX7SgS44PE6wEe34AB2Pz9IeB5KcISZVGgWAUMtcffexV31jcNwz5TrztNam22Ys7qYbsZZVNOWm27/KZP3U04Jrq1cIPhY+xE1xF3vMqCd54r+kaeMO4hlDhBlE7Hs6BHdURTpPz8ocqihT2bft+Q8p2Myf3vPHXcDwoUyQj/AFYJdJJhyVfD5NDdacFhOmPTB/tUE4AW1Rz9oND6sy0x7NaP44vswVbhREpMA9wkltJRugRKUwXdfC6kOrfKa1R88aNOwkqc22F1U1PhcqUSAMYQxOA+zz3xMjrP8o70V1/FBKxnTBYVIpdHuwl2RpvC/TewJYVEu1xzp3texfgkTn6XXMp9InxfA6y1wpSVpMPYK5zPRCnmuyPTdSd+DrD6C6y2rstrHvvHxnLPtqo5REVjkfTGkEilmQ1+SllPMPk/6hKivahdmORixoI2MtOz4k4d+7rdPrrsRscMHAheyJTNdKC3wGoKFqbm+0zFV3GFaxM65K0USlYhPwyKG3FlHGj0t8HmXOr+M2cQKd4vqIrq8betRp08YPGMOT0Ea1KIvoP3z4yiJg2Z64d8d0Brof/h4fFd4kKgfMYm/CvkNh5zjFzEYi+K/6G/G99RBxwl7kK3eMB6CiuOnLITCw/Ok/LiRcdnIcAe7yobHG6FWHas4KPL5t4dPTxo12catoWtuJG7L20AIl3171+gO3jS0e4zAvZ+7S # yamllint disable rule:line-length + token: AgByS4w6xSn0/FzWkgNazh7hyZjKTTmg9WtQ3oyKQUVF6FYg+qvPYYLuNu7rTwQOa4LGw3Cvf/yYT0+WU93BjfNCSVMfes1lE2dQzukK4+zEeDhZ4MSpBOBgYYwHJkrFyHpvVSAQkaPi40T0M8iJmFv+Oq1s8zRWmx84LMllaJuRGH/t9jMfmR3rF6JBcSmEmkmB7N8cD+ytPPtZKXGJXaWE0qvuNKNveqirLRt7E+B7z7yvhroaEHahHEseOQnJ6dKY83KzH1riHBTUNOVcI62hSkiYEbbZXAzxznxMKDs04w/BpOksTeg3OWD/RzwuRdX5M2zb3wrrqbF9r9yoLUbWBMS2bdUbUyLiqvfzKUWKAd8eZsS4+P8N5fbPrLgXmB+xRz5xiCQ+r/ZL4Nj9pfuSZMDKytIglldB6BT5gtnodiaCgAPrtLz2OMtBvvojpWOaaBbYWxbrnMhCG2YYU7Kd4UFXEttL/MVs7YkZow12AIngKqzz7vXo3K2iwRYoi2CjOwv3NeXSWk9LdTrTxs00iO8RT55wbAcg9HiNkYZFtrI+6sygvnHhDmNhYG0z7yHCpx13KIjoFEtVEcx2F9bbMftxBmZoOFaGtBhFSgH323CLGoFecdhv41cH9F5HHzpc13Pc5dShm6ZPgWrWG88w0Q4WIT6hiXlriSnd9xw0At4kl7wRBqusZgwDVTBCFbtKS6Gg9msBZnZzADI/aeljY3QXGg2YT/2Ra2c3quY= # yamllint disable rule:line-length + template: # yamllint disable rule:line-length + metadata: + creationTimestamp: + name: secrets-factorio + namespace: apps-fuku + type: Opaque diff --git a/k8s/services/forgejo/sealedsecrets.yaml b/k8s/services/forgejo/sealedsecrets.yaml index 8a48da7..4281e2e 100644 --- a/k8s/services/forgejo/sealedsecrets.yaml +++ b/k8s/services/forgejo/sealedsecrets.yaml @@ -1,116 +1,18 @@ -# yamllint disable rule:line-length --- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: creationTimestamp: null - name: secrets-forgejo-signing - namespace: apps-roboces -spec: - encryptedData: - privateKey: AgB+r00bfAxkhQM2mxWpDRusubkWgkTH0/fWe/pPS0WOmo4iUVPPndSRmomo5g4cB7Oq8DasAV/oBEjmDquDCMPk8mXa+oikjx0ewvaaZ7651Vk1LVyqDik680QGUn2zwzOtVrWJa9tvXzfe+ciwj6tJhUmJaI0kgR/yFkqu4/JrmNXMnYtmT9ahMbjNJeOyKm5uyF4p4RxMxReycAnHw+FMe6Tdn3Zdl5/kHtfJHaEDDUVJHV2c9rZUbGmsJK3q2Fz3tkXyjawBL5tnh62G9o9Cet6flIZDabnWtTaqSDdpEMhFOc3uHTgTe3U2tyTHG671IGDTjRJDr4gBStbzHqGu5Tydaz+EMgDBtJkP0PLn6CWawrxzg2myJND/g6vmO7RQjT6TnEpFd4pHsUH57cx+xRxz7K0ioA7Ad/kFctluy41TNrDOa0j8eEMNELOVEv4tEsfjgHGSgdJIG9pjK8zRSIlvBPxF7vf/XcRoSKfba5xwaNVNfSBkhB0oQK8ExHAf16Yg6+anIvnmR1bugnbGOPMMvQRswdw3pC2c7OVscDl8MNHSr9/Z+1iVv3PkTSFsPv8JBvuXlqMWSe7tMZnunscZ35T8nyDdiKJhMOK30K3vrspWy8V1xvyovqkONLuz8wWmNziTjc1/Z3Y3EL23NPTry1+luGMF6++ocpZ8ROy+n5ijSkNOVBt/Wsc3du17zUuKhT+oTN2Sn0nJGNVXcvuVHshsg5CH04+rO6b4SjtA1BGGKTzOOuSrdlhat7M8fiEpJ2/s2s/azF362nVE2EFY0w8OojAbIBcEQkQZtH6ZJ1mLIgCt86pstTVen48PmrjAE002NegL1RUU5ls8nOizdSszs2iYz4cfWNmYAzqU8wjqiKV06Dpx+xCdZ3HnQFGalDxQmItFz8EKGtuNnaCsRbzKG1k+EVMRtctFNyCnbxajeBAvIE/W7MkgrfkraGU98EGDGqs9AP6tfMoVIoHy3+zcVlGa3KIReSEUQaQlvP1WSe0+G8PKyzR3S8teakyk3WR9Dt3B54E2kFEGy6BwnEsede9MQhOf80A1zezIcdVKBINm5uD4gM84kmHDv9fA5E8K5eWQLQEP+6F2G27XGDvUIJuPmf1dzelGXpwHZhqP/xVbP0qfNVqzhoArTTmnU9COB+qgjoxJtZy9kTT9eHKHbKzgdDtRRt0UFUz29MZQFEKmD2bra4Ouxy6g7TXGNjIKVW8ZG2Mn576yw87VMARQuwA1klybXzSxYOOT7ffk15KPdt8tqhdlTjOiM145e0BQUAIwkuziyp7PSPuvGasZUtz3Zo48lz5HgXeBIxBnSy0jVYNSeIjWBrPpAzHZdTN0IBAQqQ854bnV/7tA0w7L5ZMwStpbWki8iQpln3omsq0hEmMJv8W8W9GLx2qXplyOjWDKbuwTVKtw0EaH0eYZG7/iVxk/9hzxIkvA7Gpyptifef18iRUSE6JORFPRMOTHn5vLFrBNvzQ1fnXzVIA018ZbprV1sLrHfVDcy9n4J0xCYDnAX43GhX/ewu1C8a3l13bpPJAU0RP9UZNRTGtVV3KiEdvF4pMRuDFfXdSv+it/q22qgl8oGekqvm4HlGXXkncLJKlF/sSlj5jV - template: - metadata: - creationTimestamp: null - name: secrets-forgejo-signing - namespace: apps-roboces ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: secrets-forgejo-admin - namespace: apps-roboces -spec: - encryptedData: - email: AgCYRBSTXcL7g7PozKI/AjqWJfY0YsDtBBJrCp/iEBGBt5jestwDukWXvddRWc1b/Mme0s42/lqukqx43UDtPJ/obWh3icWnsXJaViH5+JRp81MjKjXMNSy9dnpDOKfdA/BGn6fuUo+U6xM6GfsNLT2LPVdq61i4Vfs4BDMuleQAdGc+p8nUJpmde0KiUwGiSKQOsUQHyiPM3xYcdDOXmBaPC3d6pN1YarXpuV9BCRhJeBez+/C1QbHlBOf5vr9Xno1CUGlc12zrT372mmhUP9UNKJWolY7ZwnwZiUktBkXFixZ3pYD2mdqlcj81BNXLP3OuWrAjQiRwMgjcI83jwvrlC7DJKSkk9OYSVfSvWoQOLCVwtxXDSWqPPl6l0mhv5ie+b/DM8kvrtr0kxj4ngrOtmpE/l7QuCh54wEdVLk+O1qlS5tgKFnBnZTdL+muGAJpC/dS3bVskumMC21ew+tRCCXQlaMywjl4fZea/yz8TuNZACY5guC+oK/iOqKD3eeHQxO2zNPI/xTjvgdMh98jd6OkREUNuaDkoqXfDt83XLHAZTrLzGqdvnfSYtpeyREga3wOh+JYAvYH180QAB8Pm52VWBvIYyQCCEprcXQQWwnnram1Wzvn5YlGdd3Ezt3z++4brtuICyYuWMF51LuKzVYrsde9tbe7rLp+gzZwy4P/rFV1G0KW87Axm/NnyedhU2NspTQv2T/w+WQFm9+LTbHBg - password: AgAmczO/BhnHqi1TO73JKF0J/e9Nvxm3F6nxvoMD+yq+qIaEqHlKVYT+uKirokj1PfGCX/Jgeoa+VKpsDY86JlK+PTIzvcM0/VQAh4ty9ER+CHNY+c8ZMXyrXkRCu8qjQfKVNJ0/eGSUj1bXsxOpQlFsIdk8FFgq9rOaL89hL388zLj7DC1KR6pI7+1ETtQqdadMTKEHshDKz58cQZHUU0+6GbVoXwd7OEDJ6BMEPUyZagX9dtKJXyxN69tAC60T9vCJyfLkMV8IS93PZGcwJ63yOELV+hIdNwRLOBODuQjWftbdPGzZygv4fr6g3QOhgNsRp78BXYR/Y2lEEn/e3yXrhQJJnv8gnczb79ymUdHLHFBdykrnEDqUaSWZay9kEfk9XGTwealCMlSkMAPw+0kLfU0jjlsrazycsxZlbOmSe3O8hRPxhTAMFGzHVkqXo5UVLw3CrU9w4enVPnKXZ9Z7B/61ObCbj6QdCh8CQem2FwRORs2SdQAOjKfFp4TXMkIPOXyAFusPsomFpkix8aRXD5QIi2Ex2GyHsh4BonIvTwGd1oVgkCgF9QpC2FyVIiy8pSVGX0r7Gx7YI0LYeL0nF6jT3HxP0HBeDpSZkCcGQn3kNPvtiYrVi39aaU8OTSzwghfYQclWKwbCSuEr33yFPcAfgPbWwFIN2M73zn2iGEmirqUwfH76UdbWU2+beXwDKeKXcY4HiUUHqsQjKA== - passwordMode: AgCWjs796wR9evramu2S8ALTqbyn6vfdLFqnNkNUJGx7Cxvx+vo2j7J4/g8iEtUXzqAGSw5JYH/ifOPLZz9pWZwTO9vFu2Rr91KpJA14Eo5GNj/KJO1NafVMxRXDpXd/gENPrwonbrCj+s1YxQGQeY2STqINcpuCT+/sH3SsEL6Dei3KW39ZfHw+UcY68Vv3hKejd1F3HDMOgqwA9TOj4cRCt5Eq1VmNjhE6dpFBNFU+cwNDpsYgCMw/Ir8VkSAJcpllSW+W7vTRS1BYGQEoKRTaRbQD/2mpTh2W2hCFmUrUHsed4I63V0lfa2OpQjSDbCfKAtEwvrOiFm16L4A2dxX9FRAVpIS3L5hXwZTNFui+4gD5JuatZPcZjqvHKvk6gvZdi0D2B1Cl9+kT7A6h+kEN7Ru5tMFIUOyPtrdqSKf1V78C0HlvhK8tt5NYjIiV1gRGRVzUwfep8zolPE4jPsTsf4Edahqkq9z3JLlZ7sHLOVfTkoop4DTHAzTS8a0FTHnVMn5QIGiec2t6gAW3gOvufqcRA6/M1ZcdusBrt1p6DsLFhHTOCehrgW0+o4GByj3IAdGl+suAtAZcedXkUulifEgtGNuXZwF4euLYlsGallwcUa+6xeKClchJO7CYYEKG317xSdGN+y+PRqPnB4YtbDjIqsbFInGDEPY5b7rRbMhE38zYxPUopgqbv9QfGefyCRj26B8Z2uQ6Kw== - username: AgBiBO7O5wif0N98fTSxk2rBkuyJSmDyWIlNmPntcdTs7/VVSkC8TwKmxLKlfJgANd1fZ0SeEQN+Z3U97YTVMm9h6XBfFeOe+UUJVF2Vt6+duIG1mBLNURuMkdXmc3A3pUYnDL5/mczFXn+XkEjAOSdILk3DpvVWymUbYTIB4qaJqzK9LKKnR/igK0Yb0kxXbzmffhs54hsgwuTlZRlkR7DtVCdOmVQVBjA4OEiBQFMjJrVz68OD/Cs5l3IB43D7zKwIZWAvL1ePoVNm88XhaTNgSYL+ccy8I4WJIz/3lVckv2Y7IQSeVoAH2nVKCQqEBjbjxr09RVBk2E8qWYTqTUVADIsbq/5XPROmjZ4H0R2H0zBbNcY5K0oV+tSZjRZOrVOPe6KHtHw2HT+uuAW+yvxGkhO30vXXt5CbmFKNLmlIG2NmTajYw118kcbJSs8f7Vgx+hZ4zTdqTN1Xg7gzGxvvgiuJ24dt0W77P1QJmcaJqYLqLXdlIYJuHxMReiGaxAIfqfnubvuYkP7pXVXazYMtsAFS1SllXR4bo8N6mpkxRq8puoL3iwDNlXo55gHX5QTNyN4KBPGWBnEKNOcS6cPKMYbdrosFpTHTKsU56b4bU2hYFEc4qjBhZC3CE/yry5CRzr3Tqt+e/9jHGSqkzfS0adD8CNI5L6Mow3S/ARfC3I9pH8bmj5LiPPhuCADzgr8136ZD - template: - metadata: - creationTimestamp: null - name: secrets-forgejo-admin - namespace: apps-roboces ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: secrets-forgejo-oidc - namespace: apps-roboces -spec: - encryptedData: - autoDiscoverUrl: AgADpojDS4NUWIsgD3HF4X11blVZWNtlrkWdbTP2yWLHXti4XV1nQUzSUMxaq0CYtjsWIHF1A+OmzPppwZhIAJrf3+ahaUqOX6UQ8eilOiEgylwzhg7a/AYIdiU1LBfKzB4Hjz2/8hOwmH7GT3TlsFSRy16j7cLSybAEkftWWawD30a8IEFiy+UJwWRswuIwqOK5EzdZu4XNEO1zzbaA1H69KNLFDH6JEMq/rXIuz1tbE9umLkg9tcgnEjqcQumx0u4ft0eLsoHV+s3/EjcGeJGDtvDF96DnTeaOYKDleZc06K8ZK3BrCka3u755lU+p4Qr1BR6XgntqpXE9bV+bwgPPJU6iNCgovaDky7SkxVnXNNcpR7Qwsw7q2w+Px+oDFdrkFcZaVz1VnJAiTksxiy4Yd1udiN1UqERNak9x9zX21sRYPQtUVjKMGhL29kZgEQbwkakioODuy+XxpbjdInc+lcbf8AsKzl/JP8g1NnoT+K43dlQ/XWoPnM5AP1rRVxehTqUQ7z4SAcErxBevUFFCWPsXU7PeS0shCIBmGh/9fbi83cHB0oF1uZGJ5lV2pMi/4zrVIay5su9BfXQrgjZABK3VVeSgljpeBqBxIsu1LfdE2jg2mGMA46t2rJFTNEDlkfhwz4sLgWIHUA6XN+xeibLAtL5ckroWlXdm1K4uOEru62VYyqI0+UtA/IlnjrpiYW8uJAbLlmsZmt4aC9nCUYOU4xXMlY4XoWKj3fGKu35+Fp8242ow0XJTjSEdIqUbUmoYPa/KNbnqkRcXE4cHucpbqs72wHOvNYk06g0gJw== - key: AgCXF1pFfI/IQ5roi4RnsMCRFaPysO6A8nj23tZd9qJJ3an0Bu6X3pSzXmlLdnIt93WoVA0Qw/zmH1/LZzrca4ScE+/csTNA74VdlND4b5zhb59fXp5XKNt4Rv6nu0rSzLfaYvA6ucZeAJb0RUPZB5i7h12KpjZAn1KmpQ0hhaZhT07JxC4e+QVsqkzA2WOyIwX6DRXItaSGEnv7D61Gt/MLHhL3a3MxNGtu1oElQKVMMBMseBnWYFN8LsdIpMx5ertkAGuHC525iLsEJ7cfnWAebHyB295lCkARPEEYeStoJm1t6+PvWKIoq2Jv9SW9JhTkYn9QomDAC07oJ5hS54DZIcdF1rFShhN79rfIPJRuqnehG6DVUlT9uODg2gKRUjaqP1LpiOZN+nze8JtsG/GH28Mg13GRgVkjWqtYYLvDf5iKwEszOBfxeClOeliDVhaoXFoOdkNk83KRQnI13CE5Kpdp88KKAaYxMoI5WHjrqkx8HWhTY/vG9w7lUYAD+CStn1V1h4DqwkE/e7kYyUMmevVOzuXIlRaOF8Ca2l6N3sTmNTYicRL8wNrPqQCSAfxzi9odMWZN1IKlz3AJ7CqKykNuOTEfy7QNIPEKpuTlYMID78k+JhKMYPXy9KmnPRcE6PADDir6zAbUzZVqSSAor4PGDnEiH+Cixk1nMuh4mPUyspOLAYXs/38TvdOjGsp5srtGiT9E2U0sTIVC40xzONkh9wxqo6tg1MTO+ncnf0ILlmT4GF3M - name: AgAhLbpXrfXbLlAWdt3M7YbILunCfpDaI6O2EnzLLCFdDlkXzxHvO64uxYF2P6TST3dfvJl7bAw179meUpy+bn8NRonveSz184Ny+nfy4/w1eZVxb4iVmQ0kZ8EJCBHzHAvyIRfRKUTbW7HqjuQnbN+nOhElb240utR8cNfdnvlASfI+fZbIsz1XPMlGyXTga+kmgIuYk9vTNdDJpjEB1Pzz4BLfApnNFJ78RO49GmS1IyBkL5vFrKOR51GPv1G7VzJApA636XWmykGfMmMPxHXCbHhquJh9ak9/052dQ3u+AMpLCxVjg6ehJi+5O1sA+8ZQpUeHJiggskIOP8AbOYckdcTw7bBSj/SwjX78eE1P5bhTVRbCCyC7RkpBCJnz1Pzqt+vn/M/Tc1hhI5mSLrmZN9l5Fe51bQulM5IMno7jKc5miGLu7C3SyeJM9xDB15JcExiVO9rvyW/Z/V2UcWlVOp7nGc3NPnP+p5ipxe7pPSwW6laSkzvpGAzTshBm7/k3usbEKrwhnmw2datQ9CbO9v6ZqCTLYc4epL7FmQEqc4XvltUqpG+h6tszJSa/bKSnpCFqesE9oxPpXfocaYU9cDcUHuj1QCnYQg61oDU6TL+BvIiqxIKacY0Z2jYQ1Q2VaC0LrH8IDB9JmoNyezGwqJYeY+BLXUcDJs5gMccgwtW93X4ozaRjv0bPrpCi25JfZAWTxIkNeWU= - provider: AgBOMb5L4Ya9Pe+sRN0fsGAFlejDQe4dvqZ4VfUGisN4RLsVmcpIXkNO3Nr2YeCOcvkGOnGDTJHh4mQICh8EXNOjF7yiKd9xG5qYAuPbmaw0mqKHM5YlIEGSWj40AEI3xXJPbhl1hNJPOwjAYbBUzGMi4MzlkBR6Hqk1IvPfTdhNLiCxX/Idv7slE4Kj+4sdNUa7PAUaPXpjlRYtn1exVxcY3E232ec3+EV3k7jJyJJWMG7LS5/NjB9g14lYLKbL8XU2ParD/1O0hXWPvhKGllW5gUXvg3LufKFCk+ALO9CCJ/8rlU4HmmD7U9r8UqfMO3krmXyayLzNHbxmWe8/GJs8re/fW482TCrQkTpPqgjlJtkRBOVmhei6m99x2EVWL4YLZN5mFQo9DZSwd8fCcPw57APGwODnTpK5OwZc+ddQDBFR39AaQWD7CFcnmQDpVZtDQWie3Dk8KiyTZeAPlxXGAcY4BY0eplcXlmOtSEeSiOOOKGG1Ey4qjZMDl87yZcYI0bwpylNWPCvjrpxnuEy+undulGyTJjeLJpEIqpdSmjk4Ope/bfUfqXl8VfEnmlJ5yMgRv0jI77t552iewhbW+CV7NhyOgEzFxaCt45SsFQn3b1qdM3Cy/sJVGkb4bo9K4i38UTvJ9IdJ9DIKM8vQSTCAdCW+YAU2JQsVZLVHuscoUP06Dr7dw0tWZTlja73Wkja2 - secret: AgCoDNye/WbGbO3KhmHh80qkET/RGTTBZxwp/7prKOmOsi2HLWaEcziWZmkSEtMh/dqZwp3E4j00fzFFhbpaX0vzyNgmCYhbBPesdOxoCW2a7C8QwQIFOWiQSxCwwt8Ll3bU9LH8hX7suPOnFnHsOzaTiRMoiRMsi3mXpHJV/2QqLxEVNaiJalxkUqT38sAH/or6OaGaMKibiFkaLh+b0XaBiRzV6t8wYPX7u5YbZczxhEcfV4uLxIzx6PynvF6TtjTHY+PQ3H/+lukakM70IApi++PMCEwf+TiTAI1R7ybmGtI0spzhgY5LgR7ebIUbhNwRxLkedKUOnTgGH0WAh4KVqeVY0qJh6kqNiUmaNuOwDNSkJZWdfvqMIaNTwPlPPZ8SjOheqYIJyHPD8FvFJb/FTzGeHquyfK40qLbqCAIlhDd6OBU5PoqPVMNSaOHs9KpVGDKEL0tT0wz1Bnb/xFrs6Gr5SIXu3m1fUb2O5I+Q3TJOjn1xEfhaFiN/0TsyaNjDKEVbit4BU7Fa8GTbGVKHTJ/h1aG/qsQTWJ13kkuBeQR2DOJWeTvIHSbPCl9Q6bWWw5vPWszA3d9Yjq+nCHQcpsvLrqtuZ1uCxdUl02x7Gv9IjdeZyJ3thvLwhQzQIbo4/wKRPpjdyhu9NJ0578sXZUJYX8W59TsAN38lFj8tUl0mx87TP0dH5eoB39Mu5ufpjIJE2LLl/c5y3aHOYtVQwXVqFmIT5he9yFylMsJD0UeQGedxWSHfap0e+F01u693eUcT3Rjse18eNQ05NqyPUEOqBUQrXClSjbiQVG0ZKeJ4fnY5CNYG0/ZH2jB8Z2yV/CpiJpWXmKINT6hj6zb9XwvM9uJOfkzXgQJK1n4EEg== - template: - metadata: - creationTimestamp: null - name: secrets-forgejo-oidc - namespace: apps-roboces ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: secrets-forgejo-email - namespace: apps-roboces -spec: - encryptedData: - mailer: AgAcnKAn8eDCkN7V6b0afbnoesqIVYnSwPpxIJNoyoTWHgku8SHN9gKdwfLMteNejfpngX3tJql4csMUxy/C9jGp7T8gGVIvkQzdaQgumUR/rRVc384mxEaLbKo3b0rj+tbXejIOPzj3SXTdo6D2L/IqvaEXEOiLODLeZVRcM1d9nXGtxABkaKmKnL0lcNlr7Mdny85EFAtTVyOT29rHEbOskHBcwSwdWnkyxPb2QewRwYqXVFAcjTxB5FltZAI0AodAP0wv0+F3UEiBU8311lXdeubusocH2QvlQ+4JBF6VL3BDP/5guUDlJTBPQ5XN2y4VfRZ9DcNUeCoTs46r69gn8UyUuDO6qxYa3qgsUfLqyvvT3BTFRuAyBF2pFA3zaBUOe12GvM08Hg3AuHXiP2KsewwWuSeTTJ0u+ApHAcRhpyFW5O0voTbqNqbvfnHvpbwrLa6FuChTcLlKpfM/TmQKnqx8JIkkHNYRqtnZtXwAtHsGjBGI2RV5bpgmmD9XhKoNAQfyOG1x1QqZeP6AZB8SJeCzXzqBT6qYWe1kNJR/vPEZ85ijnTgQRMDyhcMOkqc7wJGVhidQantWF3ZT+cQiKG+MZBGMxjoOlv9MCqnDyDjv7wYfZrxDmEB65+A76/4TJlhZ4s2JEHyHbWcbw72V9PfrTrrZdO/0SfDkSUPKni5YLgQ+jszMzxbrN8L7vKbYZU6QyXF5hk+9JeqPT36VcbzPGMcDCNieOKomq8iuK97iQ/n36feY009XSFUrHyrrSMvM59ZyQNNvKQk82MDFzlX2TS5uwOONrfh8XtW0bOr3AcGkCEtmh7JoxqhmeM6XFG9vI01T2SbY1C/bmrbe3NJXIWkJkMlymJU1ISHxXMYgpxOkboVDtlmAn/8i8RDIEBEOaEcj8oH8fN+n0coSIpiMxdRk4/xnHShsaAnYyasOACwuZJcvkCMCZmNm1Rxkf7F2 - template: - metadata: - creationTimestamp: null - name: secrets-forgejo-email - namespace: apps-roboces - type: Opaque ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: secrets-forgejo-lfs - namespace: apps-roboces -spec: - encryptedData: - server: AgCNvexAHYnuFh1c4eo8LaeLzY9ErfuwOyTosom6RiIcfYho8qyotmiCNAmMJ7IHY7zwe3U2ogyBDPJad0ibvWAezoio3vYS7zo6MhyPDzpgNqc46+DbEKBE74gs6ZYMQodxxC1FGKuVs1X7rAhdd73vZ+O7wMJrfgXft9MvJFAG/Vzx0o5fFu7blcjDuHJMuftm2jOB4Y+zxhnjvFqJaahrZEzSjMWQdBpNAWcb5NIupJDCYPvP0aXz1/SYiH34qSVh+GViXm4nrZ5JaHb3PjWV9lDKKmI+3eO5/k+3UuGc8bM0SqgOQMj3yzOW3hASLs9wniDRV+rX70c2AdWKdqwk+vqvkGZnQpobxSI7hNTNZ2iPj/MZTBC7rDpepBRjcEvTSUV4L5DbU/EZi8U8pg9IlAc34DB/5dewh743kq0WV0BmzBVlHntM/pArl3NRgCFrft+swrQB8+pCUic0Y0/ltEYylMuCnH6prjXcro2yHF1eORxM2j9C9gVMM6eoINBvvg+bbj29mKqFsDwpcbuRZckYOHOp/d85FdUeSmW8ddO4Zg8BnNuzDGISMPEqBpRZFZPEGVmSFTAFrlQr2QL6PopwOkcm7StGTyJoldH6XSeO5f54+m+8bD4MPV/JdfruowDavq48uSLtpGTwLkuj1VRkQRM7rEifVx+cOzwWLVYvmvOb0ZduCuO3E6yrrGX+waMIPIEu8FZHIYuoITGxbpdk/UC37amOkzn3H3eBEfd6pTZ73FEDpXtTCSee7wFKItV34s6VM/auY6Y= - template: - metadata: - creationTimestamp: null - name: secrets-forgejo-lfs - namespace: apps-roboces ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: secrets-forgejo-internal - namespace: apps-roboces -spec: - encryptedData: - oauth: AgB7QE54rWd0F20nDHQeVXW2Orzio3qqg9W7iFhKwjt7egILgoe3k4+WqTtFMoq9xPS/KYOW+b7mYsgjm1AnIGfq9iCqEimLaWYu9YZttiC9f+Nv5p2Hc8FmvcVhQhNqHXoFJjnIpWOXr5l7zaysn+FgVk97JhrcbYf113970McP0n3ORloqz5PmyNOwIu+//E2NDcqyGxbGmqB+wP/YvwPzPZQHqqQArn8CVGwlNI1P/NYXtBCc/xuJQyEdGTz/F3c0Pw4xSp+bwuummc8rMzwezxGKw1XAIqC8bFoXoThz5AWIOL3dXpEmkK+bOJioV1zHjeF3ZmeKmLC5p6YtBw04krR36jPBDmhNScHEaKtOQxUNQ9M7mtFXS+hqSguWbuEJKc9okF3SP++HTrwXlMt6epizpb3obTA3EsLHy6tM9YjshWOCA2Dwlye/jipQKXpXKJm+QR0mD+lHv1jKLYV8OH0qSbwTcOzC1D1Bp4VL0RcVXTWBqrgpxG2sftSIPhIwCzxoLWZkIxdOUsb/5HnecbJdwdBci7Uz5Ab6X/EFQICT8fKCrOqjtKfQE6Fr2/jIKdU6fHpkB7Gubu9S4RJb/wMBYrBkW0YHrlAOFMuv19vsO6fdexoLpynzTrsPX26DsDJsv5uRRXGLLKuNvDEabgkui+Q9cdyodjF/Cw+rt8rjMgP1D4pVPUqHCGkFtNNAB8iDrwqMbWXpqCJflrBldsH5g0fHKL2Rsx6jzhh5+iYHYiTH8wcifPXcCL1zGoDypY6uBWQedw== - security: AgB1qzl6d0oh3uB3mTCzZ3Iu+mdjyX/Bk1mhLRLOI+YPBH/Q5KZiHF99VBtCdLLebNIT3ZNoiNrWJ/rU3tB9INi2rXfUn1RhNMHB+ex/K/2yUbFNa/pV+7dN7ECjM2tp2rOolT9ifMrxYFT1nwYVDzNo/kixHBEdPxZA7w/KZn9mfoMfMWUB2VTjlrPQ7Xb7f8h7VR/a8avsMBYG5jAfcPiAk5kyJoZp/YNd3HSBPQoGCQSZujj0vr/hmLoBWCLQ51akSzGUo7vvR6D/Bu5oFOYjy6KguCiH4jGWGdxNtZYvrtj9+Fo4pnDWn+PGjJ7YrcGGswqU+9ivUfpQIIOIh1cmnOjCH1sptMS6PqvHW9jd/N6eMVbb9otl2kuiPLbkyMZs0lnfS0pP5w2szf/kEymr/x9CTTtA2Z8XSnVWjGGfjkbQE6vNcbTwBtaCeMsv+eq8WfTsGfFR1nt0atog6PbqOFt7/0b3icuXIx9DQm1VDGEi+N52mM/0UTU8Bm0c7st6BBUwvcSBNbMpMmVARXhXi7tX1TToc/5IU3LIcTqPKbeyZxBn+COYvlmv2ot8eqW5Ezbxt85m/jbSqo8vpNkPBrJ5oLf0+MMjotc6c7KBXcMo/d3BnqjHMjBUdnTRRZtmM8X8OqOHLnReQyt8+mrr7Qbqw0seEzKCT+HY7o89c6f1kKthQjlhGzeUh5rkwj8EL5RHQnuVO2aG0rv4ZrOvlG27ZGaR/IQgP4zcoPQ0H7jan+vXCqMyn8Zl3naGlT4Vkx8ne162iutAlT7KdHh/SenDyghe4CxNii24cBbc0bwc33EPvw5FMJ8NlMM/moc1bbQTg9RBogVdWa9uXpo35E5ZFYa3TvcBbyNyM+xsAYMgrEZUzzKDRbBIdRvQiL2w/Z5JHYFfc5DlqAztvRPCkezbD2FmxFadm7NFuXwcO+I1QKYHynQ+EHEJ1DXCUp+qMULNQZrE1lSbeVQ= - template: - metadata: - creationTimestamp: null - name: secrets-forgejo-internal - namespace: apps-roboces ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: name: gitea-ini-redis namespace: apps-roboces spec: encryptedData: - cache: AgBfhhRVgy0VonwvXF+qqhh1x9+Z1e0o/OJCI11srR6XLVCf+SIBejOSYyoYChS8HYgBdIuqKNS7Un5bdws5NF1HC0gbf8/XRCfivocceoXVta2MugJxz7Y0+9Ro3RH9uEKi6KVqAyHcev1oOW0eqmkNqHust06+VKa5Bw8F4NHa/3a1Rl9b9xaMwrJLxVMKZMyAIl2/WISUovKFPTjPU1HK9ftEaXwzj5HG/s2jm/MjrrvcoA5z1OGUm02xjqyooUNM6gsuNy8LTXDQybeav+PxlQztcOfNaqipTUkHLjmGWiste/Yl6ik05Dkh7BKmL2czY0KPhxtNGcUq4e2oE+b6DKGcJpbuSVxZLSqTKhg6Jing1GwNyembfRE3nwsvYgj9nzit1SZoQXWnIuBjxlfWGjGJeaj6PmcG1YK4wvwFFqBKIhUGH6fhWjxDl7y1FPsxxGvFg9Fnvcjex34K4J6UmnGO3G2Dts/V4pgJTGx5lp6wpvYVtr7U9ENRTym8GM5oVZ3DT0lONKcfZXRH4EDcMHKMfJ/nDnpQWJC+lihcTRVeSznxu8I073hk6MMAZ8Ho5/28rOCOdJc2HI807ipe39BzTn4U+ows34uFG55GgaTdfbbeFwLjrcVc9ht1WaApkdj8Bnt9inmFPsI14Zwb4Ap/gSSO+ztwhnwrA2rWD7fko53INLJLUb4/49H1xRpMeqEkjoUb76zpdnazuF0ksqs1zhPOUTpnQniduotkwZZrtdU2WPRxVzHXTaZD6/1oTrmFBoBOLnkBPz1CXY/rxMoxHrFoS3zdUtLYWXKqVZy5 - queue: AgC1CxaTdBFeP3M4x8TMJKK2QsWydXC/eAslML9T1yzl4ZStKioMh8QJKbhj6oY3KTLyqBHpLZSGFuhtX/y9Z4JvkFhihfsKtlYL8OrNvO3kxjzku5l3vR6tJ5vCQfIi27hUjVKHN4L/6DGsegbgBGIidCsN5kHRv4C5ToAw/EvxgbHIRILIo+KOBALT1kqKIF+Zdd4fQGbIExwclhFl5SgzumXPh+/j1NUZ1peYYFRnvr5G9aeKPpgJ2wK4eMPQ3ZyaAcRCtxdEhZUF1DF0ESBQ++Nr/gU4GMoron/wSr5cUFmNjSoUTJA3xJeEROyoSGaaH45mLDYH5QZdeA/av8e6vaiMIuWr/UgV7wONFKsJLf0q9Fcr726maJwGiMmIjeCwLq4k+ZI+N6S8/xNe2sTrRUmwjWtbL82ZmafvoUwv0lmxxXpmFqZmG/Zy/KCx9QSDaBJBCStoCgMZZ04HdnxnxFdFj2DMXyshVxH3wqEFAKY0oDfrnIBxzngOEXxu0APp7rlMvFq++HMJ7+JC+JBLG6zfNSfpQyuXEwfSkvowA1i9uhAQVb3D7nSS39xKF7oK8aYDVK4j9QL3w9qxOkYW7bHVd4zDgtiidKDAFWoloMnjPYQDwJojc/dc52+SxJGH8qpYJ8cn7BOy80cvmkwQ2ITGGPo9FXyvMttD0hUmFRouNb4t4PHdmKauuml6hcfF3dqLqrvBhJ0H7tKRJMCK+rHehIQt8VNPhp2JN7n5/KKt5vtMFDUDpc/BbHiDqg3qnICTMESzWZD752tOucW7TJAA89JU - session: AgA+o9DsObwNhAaDpkgh7ZJ9Vx+xzjex+JG2k4yfv1EbLFDpdrSnKOl5BzEZyvydxoWG7Jtlhf/QoWKPUMBMgoRS+cMAH4R3C1FHxFbiEzh/olQBH2DyGnK5d+hAy3RmTC+Kgwgh4sdePWJ3KxwbaAa18tsju9fThQOBD+TOw5khZi2YUehDiviqCV3VGH+caJgDxAmXtut1mHaFLB4QXLzX9vPoULGmxGMARiMSrEqMruTRff17dZ3s0VPeu/s/Lau5yP7oPeMjhNw8P9W8QP/KnW28y0QETtXZyvmNQGCwxyVp7sHfDgo1slxWsgjDpep/jXiyfVeV8KL2AWE2pekGD0CVaCWPOV/MOrU+pe8xBrEcaXQMpWLT5d4/Unu8TLZ7RdEdgrOI8bOVrl9TO51itw0V7EorfeaKxB6j/flRMd8vU0i29+/UOTbEeRtxuHoyH4zy+v7h49b5ODN88z7f6uEp7diuS3WEHs30EHYtXRSMA6V6+H1aaUMEM0lWG6CXtccgAToqlw3k/+Mod8kVagPNQnJ6YB7BFqu74nHo/3lGKHT6+jRfLWUhbJ5teG0pLTutNN0jIqEUY4NfeLVtKhab5Nkxr6UFSUltQwO/dwVD2mqC80yXjf1Bhq07YGIV/M5DYf7oV1+z6UWoQwALcjCdZNgPkbyGqznfGsBpafJwv3MCmZwt50r8FH4ksb8P8lo28Eqepcf+vVL6C+tJGwm3F0CbawhU9mTLb0ksiYXrY3VYmYzUZVWHsosWI05bhQgN2g+B4+ANYX0SXtEc0/YbD8HusQvnoXWbj3CkQd0= + cache: AgCtLnjUHND7zvKl9Km9HushVbGlom2vvgB3x5kJ2A3EaM3NMJVC4aHvHrPGPkKie0z0wH/GDdXKalxli5hwXJbolcKgS0KUQaMBOhzl8MGer5E/XrLVVi19dMc0rusdR60ZBuAC2eZ+gdyBkUJGPHMniCAGMxwbafZ1+Tvd9o2S3wi3f5M0Dsag97JCQX3pnxJH0PwBj7/Y2qfGJ4DCIrqlLj7yjcSDjskwls3ijSntKYR8FYv3ZrYvJ03QZrfK6jJ8VYd4WVCfR+tDscGhbwTpv3/3DChr8CQRew6Ln3lZjnFMAaz1OzSckzjDS41a7WcjwWtPE7t2Q6gaLEaxejCYOKhJlcX3dvtlz+C9QhSYddWbApvPthFYiww6n2rdKiuq2RHdB28C5oqohDybeZj3AhMh5WFu6QZHhvuDRh4Sri+2O+dNAW5lNRNaPS5J8wblybNFpPiMvXXuXSAsC1w2GYhK34YQry6oFNxy0cuW2olZ/NdlTqyJNVtkxQsnOhPSrQ5H/5FtdoA2zooXADbtrrEO75jNg9+EDYyBrvh+dVSD/ycl9BgowNJclsJAWIeWqd4K6wo12fEu3FMppXCX6sRl85F+gXSPxtclsDWtJHhWKBM8GKliD/attSFDto7qhYC65YGSltOG/BEKidZV927Um57cyUAJa/0EworSul43OMdQLBds7N1GA1xaC5pq4eGWXnrHSoO+3rCXXNdpm5WP5r3cJMDjcKWopPAHo3QyQHdZQzCQ51myeqklz5AtCFuzZSWiEeW4Rfx1J3sPujW7kb/QoGCyPtaNKQUh/wsFpAtNsrGKGn7bvNf6KCkueC8R1Rxf + queue: AgCFtlRgUXLKs0o5GlISZfUlcSv+SVa1FH9ualRe+I4sSZgC15szSIrMad2wWyMGkqpV8v6twnAypYvDDWT77o/jYOXDahU06Cdjd7D2IGXCjSE7+3WW/jMGw0aAZSTFmAKwQrTejgWuAGu1Fu21oX4b9sAoJGnRyW3rbi4KV6bc8LyKG7tplqD26VxzCYgUQhXF+AonyVODUqQAfESrQjQCCT9sSmTiM3cSmJGC92qoYlZx3bkr/2SqXoiBJjW0gf62mB/R46RdRDLmUcWnpkC/T1u5/MaVyAbpRUxuQ5WsJIeGFQy+2iHt2QFgejAiGY04Fo5dezm2wgKSATWbyV2WTQtFbrmfEN3hPs1ONJLLrrX5/N7v9CCs3/zK+zPjJTGVQcgtdPzZBKv6mQKtChEkRT7cqTjqjsAHU4+x8sH1HyiOyTtdEnR3zDYfexWVfPh3tDb7b0JEI6oYJUYDM2j/9jL/Guj3b9hi8SOx/Sjeq/5ehWobf5gblxZ3bSrVCHKyg/lACvy8OYOI+vfJ1QR6ivQod8/SyugewN6pVUu4Aa3EH155vqaEEAhwsQH6gpSe+rBctJC9IDR49cGmeUCZynmL6NniZvxOI7kYfs5gF7fy3dFd4zZ9vCNU/vcuWwQxhK8pWWxptZfbIp/lV6eGU++UfjUVoW54DXrlsctwEjU6DtwNLwt9rJAe8j5TnpOhV6Xp5JRej2Jt+RkvPpZLprAxSYVKqX+8OGL3NDiLhWhZ3REZHy6oI3A/8bUga2rzyd52cpueNROEKfsB0gd4mCEFbvtUMnILucdDacdY1CnBfFjg4COsrwjT + session: AgAJOyBwlfooebrIVH1TsPstRJul+omOOkMqZN5dKH7zV9Jh2W0zBWxH9XW5253fcdZVbhxcEzyL8/xG6zT/sGW//tLWtfgVBL5HL5W82Tzoqz8Jf49MZr0LOL3FPAPThacz+updnk92NY8nikWCW3p1WS+sS5Ozu6uRrVzLGllhV2zsnnhzPZ7ImR7mTN08bmjd4uitOZASeDaUxAQAxgGVRK8AwCN++sArzYV/5GZSBPNCz6SWRAcdDMkIuiI0AC0+ug5YAVNsp9aen+VhHOe0JHSJNGY48I6ZVJUv5Jz4RrzMyJrguX1hMjy1SJSIDD3R7fMJ3Z23xGjHe8kAXMRW+BjoWlGAKcqRYdGD9F1XTZe7p4tpp98bTR6mEyIwzvNiIIW6S0+G2y2doGVSPwAFuJClKlJ5dambZ8jGr8OYXZ00zYd974aOumvIdBvO3bcFkuDfcoXIDhM1BhE6zeand+UgArxP3NtbBCXOPbgnIOTTK/mCaPLSo+5WID2f+3dqLX5mJpxXSHpg7lFpe5OHzR4NFAL5BFlGFHRGgPoqed0d30FxwsqAXz41m4D8BVy/+Pqi2GViepgFNMLmZYWdEW06wbHFJqE2xe6TPk21EGfwQBkWQcQuJCdcgGPzYTiTt8v3MuB/F2UCfuAdbLpUvCzroY+suOZzRW3/h3IB+QfDv9u3owcLmdjzaBNF29hTllQqwBx2UauSgbuTVyXNtxcPI1B7TViK0FPrCArAP8TCUgNYiAYdJ1gQNgisO9dJ3qsJMAY+ilOvkgbU6YP0ASTFa1GNmwVa1A7FgDDnd7mgkfmmjh3G2HPK4EJ/F8KJHBwcqCU= template: metadata: + creationTimestamp: null name: gitea-ini-redis namespace: apps-roboces type: Opaque @@ -118,13 +20,15 @@ spec: apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: + creationTimestamp: null name: secrets-forgejo-db namespace: apps-roboces spec: encryptedData: - database: AgBouV3XhCd3Z66sDHDz0nbqbvAfip94yr9R90stLz2H/vJFGyx4xumE/9xe3b5GUd9aYQbTonhzHFl+zP3yoeTsGIGAbuvpeDimDKUIdnI6MJ2oGVHSn08QY/eu2vuj4nUODCeWPE7W5EFqxCxCq1YxZZpoBLzE3zBuIf8R48KAxs7aau8k4WPPSBxHgXuIeUWR/fNtQrA032f1wS5p6bae8403ro4aithq7J6DiOz69MXIQWwqufay+krsEEqIoE8CioQP993w+AUH1q2tk6O7WQLuzKt4T0mZm6F3cWyNbpCV9GT7q5LtejFn1NAwsmM4UG2toZfuWe9NgiSwyqNNUW7IjzfW/+CF3UfAtkgDfn7IAFu1Wg0yzufsnJuazFy2FiVDYNiHYS3Rq1iboKQl84svuq6oYdgvK6kf4IUfU2j02TgCyYc79/sLFqlbLOsZI07fAg/tDIzRkWQyG5P1HreIiDYZdgm50BgAzyEsvLjguKqPUl/c0LLwS6IxleN6RgcxfczCnaf3lezPXol37qCcyTqCqyiYlpI0i0Y45RTpLmTlyATVpzXCiir3IM0yEbK0ff2y2c7czTdoQSaIowAguUD3SamNY5y3530ZQDbZAXF0U4nDq7Pn59tfrlvvlsA8cSGjgyjwGJobGJUCsGWfOtKSbTNV0zd6EFHlqN5ilf15BSaWXU+6g/UbJKxjgk5aNpXH8LHuAQBVAxpRQR6CNlaz6kp87b5CEnLtPCE9nlQGYBXA9sqdvABGSTGdJzf5k57w7Q5LiTLwA6h8x8TCbkRgArl4r5RGEdtfBr3ZBCzKL+EHJGYGHas= + database: AgDMQcRYzEdrk2iqlZtTAlZY08z1Wex1plZHRli5WDAAN/IwvwZ31tQV3uw3tGbylycM4SkeH72AJ0hB3/4m8IPLfN1M6qESW+LPGu+5mv/11XIbhVzjBIoXyej9LohPVp5QzzyU4Og73tILR/i1Gbgh8VqRor2JUESNrdWvGv+hJ2SvJQdtNyMtzFW6NUW1ZPm/IxD45ldTS6Jj67XB3FGYPktL6rB9jn8Zm7OHEFFVL9hEXV+1UHdesWT5L4C8l/1FJPxLWhj+T4//EN3Aqn507w0QSkfvvZxnO0KZC1dznXwNMhVizN/p5x/Xe9UUsoVwoWFOCLqZfRIftKwprvCJbTVcrM5v8cWgXpuwUgE0YgYkKnZSZx0uXL3r/xDtugsQvSmrZH4yQ4cD3BGHVNIm7NLZQ41K4wBYz7m7apYd95PJSKswmyDArjmIzpe3F/mIj48OXp5GdhkuPqtLwh+Krcdx6+fwEq3uk1sB34hEmwajOVw/tqjcG+r0ChS+chJsxqf6bJWSEks8Rz+QG832vxeFCqdTaF1Ztq/DsW4fUbXeA5QujMPsddlQAaRfb8M4NF3Pc25DFG6PNVzN4HMJfb4k34ScOn43Ka4kl/rJ2m1FWXaz+JMUApqcT9/28w5sdUaKs4zO4B9uYXdvNE6cMWN1tS4Mzs/78PjtjUk/+I8/vgO221xxD6HQrEYG9afYQkYgScBINNduxWSC1+V0V1oWaePaelRxy+zw1QVhVZRaVwjcz1zT41BwmABLolAjQKLCJSJy5LLuAS9Hf6CNU2NA+7bkcH9FcGzDZAdvRBbLn/8DEnxwhY8P19A6DtDU3zk0FByR3mfXw918zdITRcqCfrI+OEx2S7fEcQ== template: metadata: + creationTimestamp: null name: secrets-forgejo-db namespace: apps-roboces type: Opaque diff --git a/k8s/services/meili/sealedsecrets.yaml b/k8s/services/meili/sealedsecrets.yaml new file mode 100644 index 0000000..98dd5cb --- /dev/null +++ b/k8s/services/meili/sealedsecrets.yaml @@ -0,0 +1,16 @@ +# yamllint disable rule:line-length +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: meilisearch-master-key + namespace: apps-fuku +spec: + encryptedData: + MEILI_MASTER_KEY: AgBcQDv79lsUJF09YTd+zsuC9Ufhgs74mk5sxIrgaAQW/5yBupPgIsZw+g33qDqejuG+hfdhvkTOFHYetNuEDjnPWEpySjMLiB6N/HXMSuPimbOSjhHP3d7jgnWnIluUPs3RsvxDzaHCygVsS2a5ul7+qJGbiQTlmcV/rMVkqiw95mxwswkZhWi1Da1QYPgjRkazbCV0JAVhYYoo7VBnxceyGOS7Um5BsdyDMmXCn0qegU2FDlXTcBBur48hlyRqie/DxyZi3Yx/yiOnVH7g7H41H6hLJpKhQTMQbnohAqUC2UZZJlwrc8b/3kisFw/pxBP7S47hn9iseQcw18mXs6SzlXbhWm+CyNsKEvuXJAMVlaCrOCqs8Kf8ZlraCJYYq8mx+zoA7yAHnRdC4uByR5SGwnXJgq4WJD3wx90NuVbTcJfpQ+bNMPpRS8W+66S9j+rBVk6YcqCqL62JPSf0I9ZKCrNJrtbx5WyxbcVAgZdd2oxxXq6fG4I/wvqn/LN7nAqDwaCjU0395R+vM89o24h8pMTNOUhY1Dqxh0rKQOnTACc12kmhwQucdtjwkFzM7PJxW8d8GGdvgPoIxe27sguUMvn6IFo8h0JmGrbAyDEeR113s/gwQm9ozM9KJXXyImfiRJCcDSlny0rTNWZaGonXuSezFuhcSazepd0v85ofHgIflQQjMfLUNz1b9+ci4SbnpoJwzlrY2d6SyJSIA7Bz223j9UcRgDvRvIz3 + template: + metadata: + creationTimestamp: null + name: meilisearch-master-key + namespace: apps-fuku diff --git a/k8s/services/miniflux/deployment.yaml b/k8s/services/miniflux/deployment.yaml new file mode 100644 index 0000000..f6be938 --- /dev/null +++ b/k8s/services/miniflux/deployment.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: miniflux-deployment + namespace: apps-roboces + labels: + app.kubernetes.io/name: miniflux + app.kubernetes.io/managed-by: argo + app.kubernetes.io/version: 2.2.13 + annotations: + kube-score/ignore: pod-networkpolicy,deployment-has-host-podantiaffinity +spec: + selector: + matchLabels: + app.kubernetes.io/name: miniflux + replicas: 3 + strategy: + rollingUpdate: + maxSurge: 50% + maxUnavailable: 50% + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: miniflux + app.kubernetes.io/version: 2.2.13 + spec: + containers: + - name: miniflux + image: miniflux/miniflux:2.2.13 + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 10000 + runAsGroup: 10000 + capabilities: + drop: + - all + resources: + requests: + cpu: 300m + memory: 300Mi + ephemeral-storage: 2Gi + limits: + cpu: 400m + memory: 500Mi + ephemeral-storage: 4Gi + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + periodSeconds: 10 + envFrom: + - secretRef: + name: miniflux + env: + - name: RUN_MIGRATIONS + value: '1' + - name: CREATE_ADMIN + value: '1' + - name: OAUTH2_PROVIDER + value: oidc + - name: OAUTH2_REDIRECT_URL + value: https://feeds.roboces.dev/oauth2/oidc/callback + - name: OAUTH2_OIDC_DISCOVERY_ENDPOINT + value: https://auth.fukurokuju.dev/application/o/miniflux/ + - name: OAUTH2_USER_CREATION + value: '1' + - name: FETCH_YOUTUBE_WATCH_TIME + value: '1' + - name: WORKER_POOL_SIZE + value: '1' + - name: POLLING_FREQUENCY + value: '120' + - name: BATCH_SIZE + value: '25' + - name: METRICS_COLLECTOR + value: '1' + - name: METRICS_ALLOWED_NETWORKS + value: 10.42.1.0/16 + restartPolicy: Always + automountServiceAccountToken: false diff --git a/k8s/services/miniflux/ingress.yaml b/k8s/services/miniflux/ingress.yaml new file mode 100644 index 0000000..c97c2d6 --- /dev/null +++ b/k8s/services/miniflux/ingress.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: miniflux + namespace: apps-roboces + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: traefik + rules: + - host: feeds.roboces.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: miniflux-service + port: + number: 8888 diff --git a/k8s/services/miniflux/poddisruptionbudget.yaml b/k8s/services/miniflux/poddisruptionbudget.yaml new file mode 100644 index 0000000..7724274 --- /dev/null +++ b/k8s/services/miniflux/poddisruptionbudget.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: miniflux-pdb + namespace: apps-roboces +spec: + selector: + matchLabels: + app.kubernetes.io/name: miniflux + maxUnavailable: 1 diff --git a/k8s/services/miniflux/sealedsecrets.yaml b/k8s/services/miniflux/sealedsecrets.yaml new file mode 100644 index 0000000..130b427 --- /dev/null +++ b/k8s/services/miniflux/sealedsecrets.yaml @@ -0,0 +1,20 @@ +# yamllint disable rule:line-length +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: miniflux + namespace: apps-roboces +spec: + encryptedData: + ADMIN_PASSWORD: AgAHylzGx3pyxBBLQapB3nmKVbbT7TJ2l2mpX/GOOQnSLySjBQF+ji1ZSjjgW9a/eq6OSfvqDB0pyFIWD51hC7gwXFSH07dwWgguI0yDATg7RgTagvvebi1GFrmkOPC++C/+QbVfxsj7S7SvhhHcjv1K3IQjiAlNof/pD7J9fe59H53fh62eegC55VMI++AXS1iEFxLMq7gQ9+pgapW5a4tR2WhdkGKdTaLCG5OKpzAzoodixyP/fYBDmd8OvpXnG9lv+0tohFlRrYD0Vgl/PR8yobPYoi0Oo5CqOK59zELOjsepZfziw9OB6NaOmxN6QWYAmFNXVBrWDfuvMCG4SHARbfaNhIX9VVvlr7XUi0ZIzGYyWVgI4ZcsvfQjB11RznZzSPyv5Sos4UR7UCL9aU+p/OnTcyGrbQ/JsX3ZjGaaJCtpScfD9xNzQVnnaAizVNt2sBIqNG1TOzd2rVZKkl5B2QsNZ4mpyFNAeqx3IlXK+y+m61Zzoa1V0kN507bmSVg0rAspw/045hf6GtpHNQtFn5BBnoI54qn5CrntkfQzM3YJp+OaEywg3ekktmhGfMZorJYtg77YaYFXKmvgkc08WtVFQFISXzGXcWUqxloE47DlQkgITgTEXnBryIrwS6mGOiuMVv12eEwYl1QTjAuqYYerZq2QAObbw8xCkGkfN/oksfrivsmE2KLCIrLr7HxisprBi9vLjEQ7mRDFXg== + ADMIN_USERNAME: AgBJw0U5eXLX6Tvgm2If6axOPgFxiV58OM+Xt3c4XwVwYDuvNJw+ccOcwy97d1oYgE9t6bmSLIPLDv2oUN+GOzQ/danayN4tC/778qeWBjKA/ffwX8hHSmDPLtU/nwhm4+lZj+doWrom6MrI0A4oNlqNtxulK0neN+PFDK9X0Hn7FkZtOMnKC42KW8H80oXLdPcRB8u3ZM5WgcXaRm/vPiCsTPAXHywNMcIWnsjH3SaX5Aoc0VjB82tfQ62M3hM9tngoOcrIuRlolLQVFmLD/4qNQYQOs7cXy9BWB2GcIyVPiS3WJ4L9UETDYqSeiZVbrFS/C6RVHIP6TTrS+0XhIX/8DuY8vV3qt5wN4iwC+nq8qvI7LpogDl1sGhjHJp9hAvGzYpYLAXTTxVTAh2rgqw6TAWpGABOzFghUwhN0/RRJdSqkxENO8p6LZOvDia5zTQARu1061kyy4+6ownTw8DvIcnEaSCqvmJZbsUHIG9UnQlrUUpSMEdsr4NDOrh2hroGTYtXsl/iQ1yFBqNbtSQqUTsca1Hiny9TQjGjwyluZ6StoighZH3jbelubv3yHghN6PgZaLt94hnDN78eBxhB9XQ03rcdbm8WTZIOQ8k3RGcVgY5oGBqTGOq2IFZm8zTO0Ze9+jnFhGM2zuFGK6rv8RHbXhAautoQxpd+jdeTEpGRTQgG/7ebEe7WFchlNcNoCsm0OCA== + DATABASE_URL: AgCc0sAAV+6T9PuImOkcKWBcyNUYsNXuoS2G2ex3AUAXdLmNXwo03vFDyvLRZNFskpF1M8hHEo1W3o9PKXyPb6Ba8RiWTicQOSgQlJhpG6c4iDvX9ZuIe62V8tQUBbpNkXDXCJ35mEmQgLWl5WccindGJI1eIEkVcAnpFwO7vPpGGNCYi7rIvu92961nssYcGKrZ5UNxvsYdsmG3mWdUNq00klqi39p9QQZOc+vslsZn8R3i+Qe2g4jzBpv2Rn7EAcZawLruo1lAl6UhTGAMWosm2t/Kmd5JX0+q3dsUQ3V6n1tC855UolztEt24Q5lfudkKqAK9RaKPsC7qnRC7LuYHv0WmP66uCcI1Uc72IIxrDTvGI5F63Psk4JJd0xgie9bMd2qFAtr0N9o4RNShUk3igghl1SexGmwvWxsCadegQOVv7/6Pm3SgH5K0UxNuBDa3MLwlLmshBtEQcMDBbboWS8AdRzI2I6hf3I5AiFRCz7Fux+VDEQVziCFGXjGAq5jADmqR4tkto1Lx5sYvI//NS5ZQzrwa5tOxlpb89WUs3IxN2b+m8Vc2GI6FPkoVjRUxYZuyUIPTJqCrVistyVSGu0281ojb9+r6fc7wPiHjZngZ6E3wL5xXQb+k0cpBX8bYPr3wPNY6/mx61kyDBXjZ8+CrdKw71nVHQSYDpv8vlFsVd1fOd40S8D9XkTP3P/5LQpdMQxAkCF/qLjeBhZX+jGwMEIdedxc8t09R+JLev4ehnjNoxFTFLlckvYrX6P5Lp6hXE5jCylahNr/K1rFmxqF7RrGOoF26GiuO + OAUTH2_CLIENT_ID: AgBuTfIdxdW96TnjQor2KtH5/wDJfvWXJ9wSln1wUW7fzBaZ2tLoPxvOUv8NyyFWPYC/J7AeShOwJHJIT4iCLqBPT7qY+MiM8xn4k2yz0mfNia0CUNrs+0eHfUrYdAjVJah+NAO2TvBhXSmGYQ3nNDU3TQOqXj3x+PWpc0w5ulz+4V62Oc/gO+KAcK2Pn2ISD7IzkVYW+H6allQXzG/b23SQVYB49g9bgWuJIzVRlIE+91uI+CyFQE03guS1Jpya8J04UkZI8ki8O7cz9N6ak6OG73toZUQpcP3d6bMIt/NRa/qTEOp1bLf6ZQ0e7+gVgI+73WUVg2NhkMraHzeMfHRa8bD2/BQ/bk45r0U0eyntXjYv9bkE7l954QPPVjJ59zlGzQfD0QMB3U8OiCdqUiyfyojulWNhwzuipwFX8HfLvSnkrIFNo/zeHJzUasha9UJY+NorzOnXvXWHN2aLN5Tr0Rh5Wk3//PzbYd9UlPSBDxLVw86Fg0SfHkhngMatSkfzLeYHwDSl8pSQI39uMJKVUOpflkeZVbWX8knjr4D+S16zhnqk6K37PDDV9hb6Sp7luAgFesBIn+gtwTpfwT0CDtotm6yNfHOnLvLOMlFn35N1ic5HghFW8h5mkJTgoAMkmU9Yehb9RjrEVAUbabR8RhchO9cqVyakAp9/4/Nb6pG09O2XIBMrKS5bdqEwuObM4ygFSz16ByzQ8dekGEQECej+o95bI1qNxO3Yaslh06Z2NKV1DUJ7 + OAUTH2_CLIENT_SECRET: AgCJgI3M7DDvNspsDLZ6CeXxYtPLs3WabskA5Tp9d4vNYUk5XvLbYUhzkxcdtWsG1dgazH+RrvgGgCZFVOw2cgb2EEkt+zxB10ihN7HwHtOGDMZDJFOLGso2VJvbKu4yntBTv/1w86gtz0n3CilhvAcEAD1UrmVrTwfJTF7DmCHVEEPCOLal/lF9rSMwFrhdLTUVp+eSEZ3kC+F8WQR69nk7JmWjEXeamJ+HzahLm2Bp2D9GtxaF37TjV0pXqgyybIpSfdabVGwcik3bT12lf+6gmEPDKvFoq2eUB7esIuSH+RCHy1M1Rk7EO81Ku3ELoSJPzd1JRuTn1jFY8DzOOQmUU6yFbZUdTWpECImnI+OwZYg82rPqG5Gy3xmKv+5h1SkejQwJ/olqG9M4BlG2DlTS2t9GAW7Z6Q7O4oglMpUmG3v8fZUblJT7HhyJv+K2FqZHuYjo64we+14qEnV0LvFdHhEoHrbKi7b7qwDYshHycZs+DcF9HiqkK1NMFjszY9W85uH1Trtx3yTEUC3t6yMacef1OTL8SMr7AQMlo4jo6QRzggGJw2EGIZqiAXAbpiiQyPfjoZ4A1jQlemwAd25SRfnGu7ZvGt/LOKZ/sBfMWhk3Eshw9ffvW2TQKA4oODb+6o6MiRVhL5UkqNxMLIt9IV7o7EnBsW7xQHgZUq9qq+Mqb2mvB2NVYC0skyQtHE7SU4nCOeSiIsmt4Y5jwjsGyHbAxJzp3H+cjcefZOf6Rb+iweNB5rtYBhQsTlPA6lZ9GPe04wRwMtyyv/sEh6LbDPvRyuIK5sLAApPZKBEmgqahri2/BNdARf54vHDkba3qlB2cgCxjJJdT1XuuPUn6+W7vE1gYrKP5TXBi/YZ2Qg== + template: + metadata: + creationTimestamp: null + name: miniflux + namespace: apps-roboces diff --git a/k8s/services/miniflux/service.yaml b/k8s/services/miniflux/service.yaml new file mode 100644 index 0000000..8e38cbc --- /dev/null +++ b/k8s/services/miniflux/service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: miniflux-service + namespace: apps-roboces + labels: + app.kubernetes.io/name: miniflux + app.kubernetes.io/managed-by: argo + app.kubernetes.io/version: 2.2.13 +spec: + selector: + app.kubernetes.io/name: miniflux + type: LoadBalancer + ports: + - name: miniflux-service + protocol: TCP + port: 8888 + targetPort: 8080 diff --git a/k8s/services/redis/sealedsecrets.yaml b/k8s/services/redis/sealedsecrets.yaml new file mode 100644 index 0000000..5514d72 --- /dev/null +++ b/k8s/services/redis/sealedsecrets.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: secrets-redis + namespace: apps-fuku +spec: + encryptedData: + redis-password: AgBqJ2pqIbdtOtbGnmalrdzSEZYBDhkyhZNv3fEsgLmvZ55ehXreELEZGKcOCqgVKCQZnfLTA7X4vyR6oZVhSdvcJeULmHrmO7ynItoyowvmY5njE7jTWTsSKypCXJXS0u81TD8+sF0DCRrALo4fzCfyxHWg2x7qyVOllOfhaWpggFsqqn7fMLUdhumnW2C5bEj2x/8PkW4aLI86osjKlwDiMXTE6nULQ4Fx76zzjuhCDLN0RGG4xTqVzDcbt+F7cpULyTJ9Kvq53UPMMaCq0huIkU/JYmAHMUcXF2Q1HUdh/K/R0KYqhlEN7t9JPJgsi7s7IKpp0EFRHOfvkZAm5bAqG34q0p/1Hce+0ifOZsQYp4nmj/1uEGshXhWETSI7mAw/sEdG+uJvLP6Sz7KkaLXhV8tGHfyXqwNyo+jV6JqIsynOY5UZc8zN170nQXwM5KzQyIsNz1yjDFGBIC4y/gjwaDXioaMGVg+PRxFEUAahssdPPZ8ug3M8EaqqgPlHTye+LwHDVDJZAWmnYJ6ajYWGqeCx7pKw2+vhr8V4ToSyG3hsPEbREwVSO50fKOL/MelRC24Rrzv8uthtHjHniLt1DJzPkXJUAnMaV4UsJ21Ge5PQo7Op0G/RNSnka2LAt3I6CVbUb0UoBhSNPmDVD5/0pn5oM/PSd0oqszUsFdxoIOpCIt3ReZUD6eHOlcuK8H65nwsb7Cbyde8a8GTD9q7SoDo2IQ== + template: + metadata: + creationTimestamp: null + name: secrets-redis + namespace: apps-fuku + type: Opaque diff --git a/k8s/services/valheim/sealedsecrets.yaml b/k8s/services/valheim/sealedsecrets.yaml new file mode 100644 index 0000000..ad59cb1 --- /dev/null +++ b/k8s/services/valheim/sealedsecrets.yaml @@ -0,0 +1,16 @@ +# yamllint disable rule:line-length +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: valheim-secrets + namespace: apps-fuku +spec: + encryptedData: + server-password: AgBsm7Qg9ej7FtFh5twb4ALyL0I/fzVukURvFg17aweeDX7bM/9p/Yq7S2XG8gbqOYbC1GxknGMHQUnTXqXC9YZ4tZVUAptTCrAsPZHhHiet8bM39KCo2tGa5mCyC7lcmxae26cHuKj8Df6iMQCHL9ZH58A2SU8OIaszkonjwvSnbk6u7/HLCE8UyqP1JjXBMd4wx4BFDrhbauZr10f51tI55ksY+x44QQNrz84QEXmQ/dgwdzGAWqcPQTf57BebSI+ZKtUIvrMpNtz1ioqGnH3vWlb7QnqyqcyAYri3W3j8DB03EpfI2QjYi5Rs1NaJoO8L5HFdHW5p+rmttuwRxiEUPmURftH25o6Mgv/EcWGsB1TpyyFXM8JNU01lWJ+Wty316YF1BV3zHqdQeKu82R/wSv+iVm1dYKTfSOLe3YJr+aFnhYX3hCpBup1cB2KeOe/X9wTo2ETdvKhcIJPz8x7TRcXaCerVmVBw6LagmmdtMsCL4AIXw2gdkBeGONQmOzR1hDyTBAmpTv59WYzAJcCPZRE6gGxCPqH32G36E7WGEI4UOsjvT3GkVDnYx4FUDppzSP0ebnHZOwwAPFtXojHUaHg7ZTjZiuXDQa9Hkqt4mIOKa0i1HI0MyPu8eZJjoRXNS4j1yLfDCP2eSuhGjtVNbbyQthaITolitZ0VeUU8St1iKB7rvAGHqhBoPSw9TOBVSsBcHgIAV64oRqto4kM8 + template: + metadata: + creationTimestamp: null + name: valheim-secrets + namespace: apps-fuku diff --git a/k8s/services/vaultwarden-kubernetes-secrets/sealedsecrets.yaml b/k8s/services/vaultwarden-kubernetes-secrets/sealedsecrets.yaml deleted file mode 100644 index a8f2585..0000000 --- a/k8s/services/vaultwarden-kubernetes-secrets/sealedsecrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# yamllint disable rule:line-length ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: vaultwarden-kubernetes-secrets - namespace: apps-fuku -spec: - encryptedData: - BW_CLIENTID: AgB6UpzjiBqifwHwm4YfevKVQLTt/2JxrTdJ0O29i416TrvPvYlrofG6ihWQDIr7zAROq5RE1YI1mFdczzcHTccMV+/rPPBTY04rdkoypc17/+P5eVLO03dcSldhbcgiMJQYgji+U59SFebPxxPI9gn6GmOss368Wqgdffu/d7V6RtvBNN+qgIu1FjS26FYxKRKi/mEjPmF6GCkkWRHkkpimdjKalVkuQXiu04cwDTSRYNmgePv5ihem/5tP7ZqgQCFpYafpia6CnQwhHNoPP4Dq+cV5VVPw7AfVdm28HgFLiZhiUWXoGiiFvTZcDwViG4T80gqxtfN/2ur94V7zc/PTGXSsVWBJYM93/jf3zcK7h5wag0nXeYm7nD+NT1JM/2NZguqLVl3iX4qE+f0C83dPTUrBv8+9H3aw0YLI/zgnT8Fdg6VAdbGrXMXrTEqm2IChRZ65/WIgwaRWIH+ETsWPFqUj3mH9Cx8NkNNSRfTqmZS28VEfcCzutSgTJ4zs2VwTYDBBD1QQSMrhUSLrCihWLK3ZTjVTEwAaoUObnaFrYpNBGVZQne9zzWO38/y4NQ2D1Q1YTx0cBP8qcKit9v1GFmOcNDsVG1WCFkZh0qz4j37SOBH0J00sG1lwGvkb05pOjcGVUexjzvHloUjSauFypW+2XQqnVshMbNgKgZYZmZmWbHf8nyq7+wssivbjB5qX5foiCN/Qp2WtIG92k08ZU1+hTq/w/GX8DI/UsbSLU7p/0vpAKMDBuw== - BW_CLIENTSECRET: AgBfsr/ECO+lxSojrp1Ailv7SOYMqtGzmQCmXI3g7+K0W+RT7dOHuZOk7VlvYG5l4qVjriXhMo1xGcGYf8WeAebx+OWTs9Y9sRQ7eGnQW/KD7ihV3vCy2+jEdWZas9wEN1coUUt7Lbg09jz+nrt8Di2xFigJWSjuWejyAwmnRC0O0gLSudidf2x1aTeclid1tFvubbKbYUrLbTCLPW1bDuDs8BseRX6sF8/CVR1ZKWbcADUYvP7Amygc4WMElRREMQJjKBiPYNA4OuepvpQDlNVz/wq499XJAnFMDP8BhKxYalwOqTYzWQT0DA4mwBokMnpRE0VJ3erAAKQwzDHqO8pFE5bqhgzjwTWryH0ZmRF96JVLxx5IMetb8jYEPAHA/ymz9GmSUyVDXDRoeyH2xM4vuD/6A2JXc6kgcpfRx+5UJUybajO7urvHBCS/5X5cEiEOyEtqPMqkRdv2LgN1wXMEU88eK2NqpVX7zhLIJgoMusdHtkDmSlS+pFIb3GwGQRmn5khj5xkyQKweMoPvC5Pq+T/F5/2NziJGRj56HYvaiOPfyfzetaw7Zh3I+umMfZ6mtKD7ntYB1EYaqIMhTlAQv8DxS98t19LOke3h5QKcX6SdKeAqAvlqxuYZ5rweNtZsDevtnaFdmDzbve6xbZrtNwAurpZMYC/7tetyH+jFHrcFjDCuMMLdD5t4d8NW50nks71Pofe6KO/8lkzNOjiQwBIUfG+8Y6bAmPiBBr0= - VAULTWARDEN__MASTERPASSWORD: AgBlRRDUcWw8Kq8IJ/dBk1RQwA6jg4VtpDTzU9eRtkdZfBoEI+KnQt2QHtGv7ZMmyCHztRAoJcEWyoN25RMdG4dQQN40IOPBiv7D8e036nQv7rQqZWE7mPPs9veskS+8sE+h3HFlwIEytn4721nHw4DNl2Uwbtgo1rTRRyJ3Px2UoCfnCU1xVtimWhj7uLjf2kPkSvWRUFZFfzSkuMWtiAPDxspk7q8CTktdiUHV6ZsuuIcZfJ1mHkuredVGYpOcrKLJcwGE7Auzn382lILNwkSuiZjt0T+O5A0c406SPVGU/ovofbRgdUQmmIbS+q6y17HMDkwLutdmIyJgqMEPJXR0KfebjzdtaNdSbmL68QsdECqCbQm6Az3uMEOJ8TVm9rH5yfZZoXLMVjzHgwtQbV9vBb0ubMUKdqJahD0zUQ/1FqDtYHt9OBv8bLh8SXiTKNxz2GByHjcGFUNZhZac1eTqmtYxxUhk4KNFsqx7FvJNUi0VTfINvHAd9Tjlrd0vQbST3VgdiIEHcuxW5HShdSnl8o5WXKmEtlecMqB3Y/C6IIPF+CZ6HoMgfE59G2dchnNccSwdZRa0n6OWt3BWJi7fuhrBXvTBpa5Zxrqh6o1VX3k5wXDgBRN7a8pZawhuCXbcBcrhcs+wDm7YlK3Gj3F01dIOGc7qMpdMWUHcUxCikC9Wlnp5b+OKB2huiHWr2p8v0IeOu8MfC65GEkx/dInxW1CkitHsGVA= - template: - metadata: - name: vaultwarden-kubernetes-secrets - namespace: apps-fuku - type: Opaque diff --git a/scripts/k3scale.sh b/scripts/k3scale.sh deleted file mode 100755 index 945990f..0000000 --- a/scripts/k3scale.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/bin/env bash - - -usage() { - cat <&2 - usage >&2 - exit 1 - ;; - *) - if [[ -z "$REPLICAS" ]]; then - REPLICAS="$1" - else - RESOURCES+=("$1") - fi - shift - ;; - esac -done - -if [[ -z "$REPLICAS" ]]; then - echo "Error: REPLICAS is required" >&2 - usage >&2 - exit 1 -fi - -if [[ "$ALL" == false && "$ALL_NAMESPACES" == false && ${#RESOURCES[@]} -eq 0 ]]; then - echo "Error: Must specify --all, --all-namespaces, or at least one RESOURCE" >&2 - usage >&2 - exit 1 -fi - -NAMESPACE_ARG=() -if [[ -n "$NAMESPACE" ]]; then - NAMESPACE_ARG=("-n" "$NAMESPACE") -fi - -DRY_RUN_ARG=() -if [[ "$DRY_RUN" == true ]]; then - DRY_RUN_ARG=("--dry-run=client") -fi - -KUBECTL_BASE=(kubectl) -if [[ -n "$KUBECTL_V" ]]; then - KUBECTL_BASE+=( "$KUBECTL_V" ) -fi -KUBECTL_BASE+=( "${NAMESPACE_ARG[@]}" ) -KUBECTL_BASE+=( "${DRY_RUN_ARG[@]}" ) - -scale_resource() { - local resource="$1" - local ns name - - if [[ "$resource" == */* ]]; then - ns="${resource%%/*}" - name="${resource#*/}" - else - ns="${NAMESPACE:-$(kubectl "${NAMESPACE_ARG[@]}" config view --minify --output jsonpath='{.contexts[0].context.namespace}' 2>/dev/null || echo "default")}" - name="$resource" - fi - - for kind in deployment statefulset; do - if "${KUBECTL_BASE[@]}" get "$kind" "$name" -n "$ns" &>/dev/null; then - echo "Scaling $kind/$ns/$name to $REPLICAS replicas${DRY_RUN:+ (dry-run)}" - "${KUBECTL_BASE[@]}" scale "$kind" "$name" -n "$ns" --replicas="$REPLICAS" - return 0 - fi - done - - echo "Error: Resource '$resource' not found as deployment or statefulset" >&2 - return 1 -} - -get_resources() { - local ns_flag=() - if [[ "$ALL_NAMESPACES" == true ]]; then - ns_flag=("--all-namespaces") - elif [[ -n "$NAMESPACE" ]]; then - ns_flag=("-n" "$NAMESPACE") - fi - - "${KUBECTL_BASE[@]}" get "${ns_flag[@]}" deployment,statefulset -o jsonpath='{range .items[*]}{.metadata.namespace}/{.kind}/{.metadata.name}{"\n"}{end}' 2>/dev/null | while IFS=/ read -r ns kind name; do - echo "$ns/$name" - done -} - -if [[ "$ALL" == true || "$ALL_NAMESPACES" == true ]]; then - while IFS= read -r resource; do - [[ -n "$resource" ]] && scale_resource "$resource" - done < <(get_resources) -else - for resource in "${RESOURCES[@]}"; do - scale_resource "$resource" - done -fi diff --git a/scripts/proxmox-power.sh b/scripts/proxmox-power.sh deleted file mode 100755 index 2db86ca..0000000 --- a/scripts/proxmox-power.sh +++ /dev/null @@ -1,313 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# Proxmox cluster power helper -# - Start or shutdown a set of QEMU VMs and/or LXC containers by ID, or all. -# - Auth via API token or username/password (env vars or secret-tool). -# -# Requirements: curl, jq; optional: secret-tool (GNOME keyring) -# -# Environment variables (examples): -# PVE_HOST=proxmox.example.com[:8006] -# PVE_TOKEN_ID="user@pam!automation" # when using API token -# PVE_TOKEN_SECRET="xxxxxxxx-xxxx-xxxx" # when using API token -# PVE_USER="user" # when using password login -# PVE_REALM="pam" # default pam -# PVE_PASSWORD="..." # or provided via keyring -# PVE_SCHEME="https" # default https -# PVE_VERIFY_SSL="true|false" # default true -# PVE_NODE_FILTER="" # optional: restrict to node name -# -# Examples: -# scripts/proxmox-power.sh --op shutdown --all -# scripts/proxmox-power.sh --op start --ids 100 101 --only-qemu -# PVE_TOKEN_ID=me@pam!ci PVE_TOKEN_SECRET=... scripts/proxmox-power.sh --op shutdown --all - -SCHEME=${PVE_SCHEME:-https} -HOST=${PVE_HOST:-} -VERIFY_SSL=${PVE_VERIFY_SSL:-true} -INSECURE_FLAG="" - -if [[ ${VERIFY_SSL} != "true" ]]; then - INSECURE_FLAG="-k" -fi - -usage() { - cat < [ ...]] [options] - -Options: - --host HOST Proxmox host (env PVE_HOST). Example: proxmox.example.com:8006 - --op OP Operation: start or shutdown - --all Apply to all VMs/containers in the cluster (honors filters) - --ids LIST Space-separated list of VMIDs to operate on - --only-qemu Only operate on QEMU VMs - --only-lxc Only operate on LXC containers - --include-stopped Include stopped guests when op=shutdown (no-op otherwise) - --force If shutdown times out, force stop - --timeout SEC Shutdown wait timeout (default 120) - --concurrency N Parallel operations (default 4) - --node NODE Restrict to a specific node name - --dry-run Show actions without executing - --insecure Do not verify SSL (same as PVE_VERIFY_SSL=false) - -h, --help Show this help - -Auth (choose one): - API Token: env PVE_TOKEN_ID and PVE_TOKEN_SECRET - Password: env PVE_USER, PVE_PASSWORD (or from keyring), optional PVE_REALM (default pam) - -Keyring: - If PVE_PASSWORD is empty and 'secret-tool' is available, the script tries: - secret-tool lookup service proxmox user "+$PVE_USER+" realm "+${PVE_REALM:-pam}+" - If PVE_TOKEN_SECRET is empty, it tries: - secret-tool lookup service proxmox token_id "+$PVE_TOKEN_ID+" -EOF -} - -require_cmd() { - command -v "$1" >/dev/null 2>&1 || { echo "Error: required command '$1' not found" >&2; exit 1; } -} - -get_keyring() { - local value="" - if command -v secret-tool >/dev/null 2>&1; then - value=$(secret-tool lookup "$@" || true) - fi - printf '%s' "$value" -} - -# Globals set by auth_init -AUTH_HEADER="" -COOKIE_HEADER="" -CSRF_HEADER="" - -auth_init() { - local base_url="$SCHEME://$HOST/api2/json" - - if [[ -n "${PVE_TOKEN_ID:-}" && -z "${PVE_TOKEN_SECRET:-}" ]]; then - PVE_TOKEN_SECRET=$(get_keyring service proxmox token_id "${PVE_TOKEN_ID}") || true - fi - - if [[ -n "${PVE_TOKEN_ID:-}" && -n "${PVE_TOKEN_SECRET:-}" ]]; then - AUTH_HEADER=("-H" "Authorization: PVEAPIToken=${PVE_TOKEN_ID}=${PVE_TOKEN_SECRET}") - return 0 - fi - - local user="${PVE_USER:-}" - local realm="${PVE_REALM:-pam}" - local password="${PVE_PASSWORD:-}" - - if [[ -z "$user" ]]; then - echo "Error: set PVE_TOKEN_ID/PVE_TOKEN_SECRET or PVE_USER[/PVE_PASSWORD]" >&2 - exit 2 - fi - - if [[ -z "$password" ]]; then - password=$(get_keyring service proxmox user "$user" realm "$realm") || true - fi - - if [[ -z "$password" ]]; then - echo "Error: password not provided and not found in keyring for user '$user' realm '$realm'" >&2 - exit 2 - fi - - # Login to get ticket and CSRF token - local resp - resp=$(curl -sS $INSECURE_FLAG -X POST \("${AUTH_HEADER[*]}"\) \ - -d "username=${user}@${realm}" \ - -d "password=${password}" \ - "$base_url/access/ticket") - - local ticket csrf - ticket=$(echo "$resp" | jq -r '.data.ticket // empty') - csrf=$(echo "$resp" | jq -r '.data.CSRFPreventionToken // empty') - if [[ -z "$ticket" || -z "$csrf" ]]; then - echo "Error: failed to obtain auth ticket (check credentials)" >&2 - echo "$resp" | jq -r '.' >&2 || true - exit 3 - fi - COOKIE_HEADER=("-H" "Cookie: PVEAuthCookie=${ticket}") - CSRF_HEADER=("-H" "CSRFPreventionToken: ${csrf}") -} - -api_get() { - local path="$1"; shift - local url="$SCHEME://$HOST/api2/json$path" - curl -sS $INSECURE_FLAG "${AUTH_HEADER[@]}" "${COOKIE_HEADER[@]}" -X GET "$url" "$@" -} - -api_post() { - local path="$1"; shift - local url="$SCHEME://$HOST/api2/json$path" - curl -sS $INSECURE_FLAG "${AUTH_HEADER[@]}" "${COOKIE_HEADER[@]}" "${CSRF_HEADER[@]}" -X POST "$url" "$@" -} - -# Parse CLI -OP="" -DO_ALL=false -IDS=() -ONLY_QEMU=false -ONLY_LXC=false -INCLUDE_STOPPED=false -FORCE=false -TIMEOUT=120 -CONCURRENCY=4 -NODE_FILTER="${PVE_NODE_FILTER:-}" -DRY_RUN=false - -while [[ $# -gt 0 ]]; do - case "$1" in - --op) OP="$2"; shift 2;; - --all) DO_ALL=true; shift;; - --ids) shift; while [[ $# -gt 0 && ! "$1" =~ ^-- ]]; do IDS+=("$1"); shift; done ;; - --only-qemu) ONLY_QEMU=true; shift;; - --only-lxc) ONLY_LXC=true; shift;; - --include-stopped) INCLUDE_STOPPED=true; shift;; - --force) FORCE=true; shift;; - --timeout) TIMEOUT="$2"; shift 2;; - --concurrency) CONCURRENCY="$2"; shift 2;; - --node) NODE_FILTER="$2"; shift 2;; - --host) HOST="$2"; shift 2;; - --dry-run) DRY_RUN=true; shift;; - --insecure) VERIFY_SSL=false; INSECURE_FLAG="-k"; shift;; - -h|--help) usage; exit 0;; - *) echo "Unknown argument: $1" >&2; usage; exit 2;; - esac -done - -require_cmd curl -require_cmd jq - -if [[ -z "$HOST" ]]; then - echo "Error: --host or PVE_HOST is required" >&2 - usage - exit 2 -fi - -case "$OP" in - start|shutdown) :;; - *) echo "Error: --op must be 'start' or 'shutdown'" >&2; usage; exit 2;; -esac - -if ! $DO_ALL && [[ ${#IDS[@]} -eq 0 ]]; then - echo "Error: specify --all or a list of --ids" >&2 - exit 2 -fi - -if $ONLY_QEMU && $ONLY_LXC; then - echo "Error: cannot use --only-qemu and --only-lxc together" >&2 - exit 2 -fi - -auth_init - -# Collect targets -resources=$(api_get "/cluster/resources?type=vm") - -filter_jq='[.data[] | {type, vmid: (.vmid|tostring), status, node}]' -items=$(echo "$resources" | jq "$filter_jq") - -if [[ -n "$NODE_FILTER" ]]; then - items=$(echo "$items" | jq --arg node "$NODE_FILTER" '[.[] | select(.node==$node)]') -fi - -if $ONLY_QEMU; then - items=$(echo "$items" | jq '[.[] | select(.type=="qemu")]') -elif $ONLY_LXC; then - items=$(echo "$items" | jq '[.[] | select(.type=="lxc")]') -fi - -select_ids=() -if $DO_ALL; then - mapfile -t select_ids < <(echo "$items" | jq -r '.[].vmid') -else - select_ids=("${IDS[@]}") -fi - -if [[ ${#select_ids[@]} -eq 0 ]]; then - echo "No matching guests found." >&2 - exit 0 -fi - -# Build an associative map of vmid -> node,type,status -declare -A VM_NODE VM_TYPE VM_STATUS -while IFS=$'\t' read -r vid node type status; do - VM_NODE[$vid]="$node" - VM_TYPE[$vid]="$type" - VM_STATUS[$vid]="$status" -done < <( - echo "$items" | jq -r '.[] | "\(.vmid)\t\(.node)\t\(.type)\t\(.status)"' -) - -work_list=() -for vid in "${select_ids[@]}"; do - if [[ -z "${VM_NODE[$vid]:-}" ]]; then - echo "Skip vmid=$vid (not found by filters)" >&2 - continue - fi - # Idempotence: skip if already desired state - st="${VM_STATUS[$vid]}" - case "$OP" in - start) - if [[ "$st" == "running" ]]; then - echo "Already running: $vid (${VM_TYPE[$vid]} on ${VM_NODE[$vid]})" - continue - fi - ;; - shutdown) - if [[ "$st" != "running" && $INCLUDE_STOPPED == false ]]; then - echo "Already stopped: $vid (${VM_TYPE[$vid]} on ${VM_NODE[$vid]})" - continue - fi - ;; - esac - work_list+=("$vid") -done - -if [[ ${#work_list[@]} -eq 0 ]]; then - echo "Nothing to do." - exit 0 -fi - -run_action() { - local vid="$1" - local node="${VM_NODE[$vid]}" - local type="${VM_TYPE[$vid]}" - local path_base="/nodes/${node}/${type}/${vid}/status" - - echo "[$OP] ${type}:${vid} on node ${node}" - if $DRY_RUN; then - return 0 - fi - - case "$OP" in - start) - api_post "${path_base}/start" >/dev/null - ;; - shutdown) - # Try graceful shutdown - api_post "${path_base}/shutdown" -d "timeout=${TIMEOUT}" >/dev/null || true - # Optionally force stop if still running after timeout - # We poll once after timeout window to check status - sleep 2 - local st_json - st_json=$(api_get "/nodes/${node}/${type}/${vid}/status/current") - local cur - cur=$(echo "$st_json" | jq -r '.data.status // .data.status.current // empty') - if [[ "$cur" == "running" && $FORCE == true ]]; then - echo "Forcing stop: ${type}:${vid}" - api_post "${path_base}/stop" >/dev/null || true - fi - ;; - esac -} - -# Parallelize with xargs -P -export -f run_action api_post api_get -export SCHEME HOST INSECURE_FLAG AUTH_HEADER COOKIE_HEADER CSRF_HEADER TIMEOUT FORCE DRY_RUN -declare -p VM_NODE VM_TYPE VM_STATUS >/dev/null 2>&1 || true - -printf '%s\n' "${work_list[@]}" | xargs -I{} -P "$CONCURRENCY" bash -c 'run_action "$@"' _ {} - -echo "Done: $OP ${#work_list[@]} item(s)." diff --git a/scripts/update-argo.sh b/scripts/update-argo.sh deleted file mode 100755 index fbdd1da..0000000 --- a/scripts/update-argo.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/bin/env bash - -check_kubectl() { - if ! command -v kubectl &>/dev/null; then - echo "Error: kubectl is not installed or not in PATH" >&2 - exit 1 - fi - log_info "kubectl found at $(command -v kubectl)" -} - -VERBOSE=0 - -log_debug() { [[ $VERBOSE -ge 3 ]] && echo "[DEBUG] $*" || true; } -log_verbose() { [[ $VERBOSE -ge 2 ]] && echo "[VERBOSE] $*" || true; } -log_info() { [[ $VERBOSE -ge 1 ]] && echo "[INFO] $*" || true; } -log_error() { echo "[ERROR] $*" >&2; } - -usage() { - cat <&2 - usage >&2 - exit 1 - ;; - *) - TARGET_VERSION="$1" - shift - ;; - esac -done - -log_debug "Script started with target version: ${TARGET_VERSION:-auto}" - -check_kubectl - -log_info "Checking current kubectl context" -CURRENT_CONTEXT=$(kubectl config current-context 2>/dev/null) -log_verbose "Current context: $CURRENT_CONTEXT" - -log_info "Checking for ArgoCD installation" -if ! kubectl get ns argocd &>/dev/null; then - log_error "ArgoCD namespace not found. This script only upgrades existing installations." - exit 1 -fi -log_verbose "ArgoCD namespace found" - -log_info "Checking current ArgoCD version" -CURRENT_VERSION=$(kubectl get deployment argocd-server -n argocd -o jsonpath='{.spec.template.spec.containers[0].image}' 2>/dev/null) -if [[ -n "$CURRENT_VERSION" ]]; then - CURRENT_VERSION=$(echo "$CURRENT_VERSION" | sed 's/.*argocd:v\?//' | tr -d ' \n') - if [[ -n "$CURRENT_VERSION" ]]; then - CURRENT_VERSION="${CURRENT_VERSION#v}" - log_verbose "Current ArgoCD version: $CURRENT_VERSION" - else - log_error "Could not extract ArgoCD version from image: $CURRENT_VERSION" - exit 1 - fi -fi - -if [[ -z "$TARGET_VERSION" ]]; then - log_info "No target version specified, querying for latest version" - log_verbose "Fetching latest release from GitHub" - LATEST_VERSION=$(curl -s https://api.github.com/repos/argoproj/argo-cd/releases/latest | grep -oP '"tag_name":\s*"\K[^"]+' | sed 's/^v//') - if [[ -n "$LATEST_VERSION" ]]; then - log_verbose "Latest version available: $LATEST_VERSION" - TARGET_VERSION="$LATEST_VERSION" - else - echo "Error: Could not fetch latest version" >&2 - exit 1 - fi -fi - -log_info "Target version: $TARGET_VERSION" - -log_debug "Determining update path from $CURRENT_VERSION to $TARGET_VERSION" - -log_info "Applying ArgoCD manifests" -log_verbose "Downloading manifest from https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml" -curl -sLO "https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml" - -log_debug "Applying manifest with kubectl" -if [[ "$DRY_RUN" == true ]]; then - log_verbose "Dry-run mode: would apply manifest" - kubectl apply -n argocd -f install.yaml --dry-run=client -else - kubectl apply -n argocd -f install.yaml -fi - -log_verbose "Cleaning up downloaded manifest" -rm -f install.yaml - -log_info "Update to ArgoCD $TARGET_VERSION initiated" diff --git a/tofu/adguard/.terraform.lock.hcl b/tofu/adguard/.terraform.lock.hcl index 6361897..754c9d0 100644 --- a/tofu/adguard/.terraform.lock.hcl +++ b/tofu/adguard/.terraform.lock.hcl @@ -2,35 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/gmichels/adguard" { - version = "1.7.0" - constraints = "1.7.0" + version = "1.6.2" + constraints = "1.6.2" hashes = [ - "h1:1vvJ6KcLUR8U2BHNtj7tMsgEsGXzTKMIFsHfcZYEVyc=", - "h1:5BDrsrU/Sdain/+KkhbNzxVL81rh69wG4iKOIBf9qys=", - "h1:70gWtux/jVZQgsDjr8+j0aRHKkGZqRWCmzoX9ddC7f4=", - "h1:Qdqipgukxph9vqXiEKVzFSgXfEmGiGw1JrrQvwJOtco=", - "h1:QveIrziFNxu+Go7pl7qjH5tqPOb8pgzfTdunVgsJ3vg=", - "h1:UrJdOlCLAWC7/I2Co02RtOKT3tSGb8TwOgJ7s0sOtCo=", - "h1:W6nZfQzWb3Ds1JRytBqzsZoNBa6x4OOe9J87f1nyCRA=", - "h1:c3RK8fSEr2yfPySC0WemOC/CR3608Ra4vFwGhvdrswg=", - "h1:jizPinVWDQUN6rKwiBgRm7PcgUJe4AWlCWghgH0v7xI=", - "h1:lb9gv3IiUZDA4P/kpuvOqZmidWMIbpG+sUecM1QclNo=", - "h1:sRIMccvZq71/CxTknprnRozCChEZSq4Nmt+M+DOjTq8=", - "h1:uOdtIfvNVEHheucpt51bSCYtX2W1LKELlOkBTbjBm6o=", - "h1:woGvhSgZDFj5+yH5uHonXSIn6AaeZekb3t9oXMZB/DQ=", - "zh:0b83aa1ade1a6f7c9b1af0488dad43bf00e733d1517463d4bee51c17612546da", - "zh:15d784c16545efaf6c368b642995bb0d0ef61b6961e67b072430d445ef6c02fc", - "zh:1c4da4d20c98795fee1ac0cd9ffd880a68f06992d6fe849342c4b19f79c8aff9", - "zh:41afcdcc5236fa40a0b7ec614cb830ef03d45f8f1b8988d24d80ec999ef34b9b", - "zh:4c8e832a5a842420b5163eb5eb2bd7d460ece524efc618bdba64e4f4a2d403b5", - "zh:58e19d2f9e4bd9f2a13b631c3213157ea80ef3aa7b3b8edcd8fb341f9c06c5e5", - "zh:7380ca4d053255f787ded10c26b19ebd23d3563ddbb36d0be66bb2cef293d27d", - "zh:7b21589bb31084bb68b2deb96bd4130b8b13c1c71614704d13d4cbdfc583f3c7", - "zh:82aee49172286676cdccbc97b809b84acf3edeb164ae77cafa837118ee3769a6", - "zh:95431a266520cce112474616c27c80f0017625ef7d80aaf69118360222d7974b", - "zh:a6dc4b60beafc471d049b856df4bf793838b1e8b2079efe4a12ebf6fbd482098", - "zh:d9c5c35be3ae54a52fb444b61e442445e74df6a4ab5bc4884b0f5d55eacc4ced", - "zh:f6bd2db5d9a178c9b5b020e505affc245a0ceaa8e662f37ad9743d65e1153322", + "h1:4rfmv0e8MoRPw+CTZBxTlPZbOSvPnIIt8kwVIIRIqbc=", + "h1:FUOYxkRfDHxiAlTKpvfZpNpRdCkq7Gs9JcZjLWo+guM=", + "h1:FewdC+pt/Z8XC1M5M49D74MYnMzVjwVoAcnonmbxhwA=", + "h1:RAXQ/T7oF42hDSuXH7hH85uj8QmHRS+ArP5pO4ILslc=", + "h1:a5SEI5KSX0cENGjd+IrxMj4l0Cr5GWvTP8Ng3cJaLTg=", + "h1:gNdYW6qM5jJTA2M9BHzVtuCTSmY2Fi/r08A/duZR8Yg=", + "h1:gnBusJUhlOSxn2JG5V0N3aHWAcTtMLcSjRSMKm8+6S4=", + "h1:hwB3SSfBITtOIggACNkdTnA8hG2AzYaFgG3WJny3290=", + "h1:iGjswHan6q6vYBTxR+WFBCUwCN7jmg7mAvFnv4P3/m8=", + "h1:mBxI5srrplxBHZLuXfEVZzwph3mCl9SQv0e9nR2GhQ4=", + "h1:o3CYF1B/kMBktAn1cWJuqW84VqZkM5K3A1BPw6v5fnA=", + "h1:sX4l50R6dzuHdQJFBfGDY6lZc4bCGKjxkKRtoKmx/1g=", + "h1:shVeqrDxxOvnsD//ryu7IoxwPsGb+6FeLmum3szd/mU=", + "h1:wY3pI9C3lEZ9nZRIqky5cqfwLm+u7Wi/9HBVCo4o9/M=", + "zh:0337224a2b6418ba38cedf7f2cef9b154f51db4791b03d6b5745cb26f60614d2", + "zh:09addda402962c46cd236ae1703ba9632f377897e8d321678cf0e4428a5071f7", + "zh:1f7b511933d6ca8fbdcd5bb50bba910e88b73fee57ae2922e01f18470350929e", + "zh:2bd2a45c4cddd19b2a55d6d658184df25f002e0b7a929da48b5086922ae846d6", + "zh:30ed44fd468132273029302fc16de4e76a1f10b816862e2e5dfca545e5b67f70", + "zh:3f73e37f6410509f7811db77b53f6e332c24344ad800a1d56bcf6af2a706d998", + "zh:5215dbeb6edbe0e7fae238580bb649745824d3744cc0d3b407244383ddeefd96", + "zh:543a6b4d814607884791306ae661a1d3475af90785712fb6c94e2b616f75afba", + "zh:8402d7a2d501ff0c9fe2216bf80f6bc133f0277cc3f184d3d37f4628b778f18b", + "zh:894ac1fce4fd92c66684d64d41356d5d02ebcf3a68e4ae1150314732f9ac384f", + "zh:ad547c8c8413de6886cf563129b117a0aab79b9841e7486e58a639c74eeacc12", + "zh:b9d69a6f99256cbd741ddc881f8665eec6e51ee1a4b99918ae8e9bdcf73cf31d", + "zh:d254d2dae145dbe5435be32b821198d9d5dca81fb67e06499eb8a8bd78a34ba5", + "zh:df327c22ba4437fa5e879ae70ce8330363a4e6f320711e7bd2ac249db3a3a551", "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", ] } diff --git a/tofu/adguard/main.tf b/tofu/adguard/main.tf index fe0c505..e419eee 100644 --- a/tofu/adguard/main.tf +++ b/tofu/adguard/main.tf @@ -9,7 +9,7 @@ terraform { required_providers { adguard = { source = "gmichels/adguard" - version = "1.7.0" + version = "1.6.2" } } } @@ -85,12 +85,8 @@ resource "adguard_rewrite" "master2" { answer = "192.168.1.32" } + resource "adguard_rewrite" "k3m3" { domain = "k3m3.fuku" answer = "192.168.1.43" } - -resource "adguard_rewrite" "pulse" { - answer = "pulse.fukurokuju.dev" - domain = "192.168.1.12" -} diff --git a/tofu/authentik/.terraform.lock.hcl b/tofu/authentik/.terraform.lock.hcl index 71b1759..797ae42 100644 --- a/tofu/authentik/.terraform.lock.hcl +++ b/tofu/authentik/.terraform.lock.hcl @@ -2,34 +2,36 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2026.2.0" - constraints = "2026.2.0" + version = "2025.6.0" + constraints = "2025.6.0" hashes = [ - "h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=", - "h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=", - "h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=", - "h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=", - "h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=", - "h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=", - "h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=", - "h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=", - "h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=", - "h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=", - "h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=", - "h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=", - "h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=", - "zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0", - "zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01", - "zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2", - "zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61", - "zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad", - "zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5", - "zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9", - "zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8", - "zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de", - "zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5", - "zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a", - "zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331", - "zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3", + "h1:+u1o/H+WAIO5nP+RlQE3ay/+dHCykVoHBq6crfTl4pM=", + "h1:10kMBf77ecT3Xpw+7SG8Arnx0yv+By9o0o0CfGGONn0=", + "h1:3oSIhXwf9EMZZH0TPvD5T2kY6yYfEPROyfQWPNA00xw=", + "h1:FElCnBGnJQ6QZDzetJHlv6epvfmUcj/hDmNSVhnU3pE=", + "h1:K1/iRTwYc9JQbzvnhZ9jB9IFcDPk2rk6PSOZ+Y5aIOQ=", + "h1:eQ6jCmR3rssG5gaKNsc37MXydWNHymVRqpYmrntn2t8=", + "h1:gQyxqd10hfhryLD7QIA03ACS7PQppph62qBXGmZSe+E=", + "h1:gSI5UtIVuBepC1lgci7lv/l4PjiOaRySx3aRYMg6+84=", + "h1:hvkwiVQRya1zE4aXKG29GlwHTNABw/j/ebJIR6EAI24=", + "h1:i/aQKCN/ypAdHr4IcKlEhjC1hp19zh5nlVwOxEfYZvg=", + "h1:jGcZg4z76eUtuZLu8Qd9Ti7/TKg9YuTbTSAaT0nCW5M=", + "h1:uwV8O+jKz1zuosrGh1Lht063OS1heW5Fq1zWTOtr5Yw=", + "h1:zMv5nyNyA+NgQplmrYhpeqOkoAGzzTJP4/W1oJzZtFM=", + "h1:ziINchbQjLKlYXh/0T922Y876F3wgZrvDQmIcaIezTs=", + "zh:091960d2aed06773aa81858ae20c7ffc9943111b3c61ee2341263c3872dd7b89", + "zh:122fac709223acf460912d71877db6ac638f501bac30b3f5516c283a4605d034", + "zh:1d3cddb5e6336c70f701533c83c64c38a9b964e94987ad803b96961bd23a685e", + "zh:3059dd2b2ccdc3287f5fe074d2e41c2960ceb27684d24bc2dd997ab479c796d1", + "zh:37ac615f9fa2a26babbc4d6bc4a5c0c0dee8b40f6ce0f01f1d1b689f5175d62c", + "zh:419c35484d5f4f0ae2d6fa2f99bb5618257cdf3f906fd9877cb4998164e89498", + "zh:5108859f0def7e936e4db8dcb112a2c6c99929c6802663c06ed28793a53b3d45", + "zh:536be1858e2a6bab6a9258c6f2c13e5fc0e5522ffccf2e21857dddde300519c0", + "zh:706947e25935250c1dad74c935c6b100d8b253dc93c5ceedf374031230fdd222", + "zh:801ab4c79ad7a416d64d1665b155d4943fe2311e2e989edb1c41d1e9d102e061", + "zh:88fc9c431e133b47e23c45aa716b9ba1b5e8e509bd220632408c21a400872d8f", + "zh:8996b3b78459f46cb426469aab147b5ce76f99672fa8170023346db3fde3dcb5", + "zh:aaf20636d4d3f166a89f7f05731a89ff85ea8367580f51ceb398d8849e532e52", + "zh:c1d176e6a0383ae9e76f410b072c950d4f5bca341a42c7147662be5c25bb34ac", ] } diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index ba31337..4d08bc3 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -8,7 +8,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2026.2.0" + version = "2025.6.0" } } } @@ -22,11 +22,6 @@ resource "authentik_group" "ci" { users = [data.authentik_user.catalin.id] } -resource "authentik_group" "vods" { - name = "vods" - users = [data.authentik_user.catalin.id] -} - resource "authentik_group" "admins" { name = "authentik Admins" is_superuser = true @@ -37,8 +32,13 @@ resource "authentik_group" "arrs" { is_superuser = false } -resource "authentik_group" "cloud" { - name = "cloud" +resource "authentik_group" "vpn" { + name = "vpn" + is_superuser = false +} + +resource "authentik_group" "ftp" { + name = "ftp" is_superuser = false } @@ -123,7 +123,7 @@ module "sonarr" { app_slug = "sonarr" app_access_group_id = authentik_group.arrs.id app_url = "https://sonarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:30113/" + internal_host = "http://192.168.1.3:38013/" internal_host_ssl_validation = false app_icon = "https://sonarr.tv/img/logo.png" } @@ -134,7 +134,7 @@ module "radarr" { app_slug = "radarr" app_access_group_id = authentik_group.arrs.id app_url = "https://radarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:30025/" + internal_host = "http://192.168.1.3:38012/" internal_host_ssl_validation = false app_icon = "https://radarr.video/img/background/logo.png" } @@ -145,7 +145,7 @@ module "lidarr" { app_slug = "lidarr" app_access_group_id = authentik_group.arrs.id app_url = "https://lidarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:30071/" + internal_host = "http://192.168.1.3:38010/" internal_host_ssl_validation = false app_icon = "https://lidarr.audio/img/background/logo.png" } @@ -166,65 +166,61 @@ module "prowlarr" { app_slug = "prowlarr" app_access_group_id = authentik_group.admins.id app_url = "https://prowlarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:30050" + internal_host = "http://192.168.1.3:38014" internal_host_ssl_validation = false } -module "rustical" { +module "sftpgo" { source = "../modules/authentik-oidc" - app_name = "rustical" - app_slug = "rustical" - app_url = "https://cal.roboces.dev" - client_id = var.rustical_client_id - client_secret = var.rustical_client_secret - redirect_uris = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }] - app_access_group_id = "" + app_name = "SFTPGo" + app_slug = "SFTPGo" + client_id = var.sftpgo_client_id + client_secret = var.sftpgo_client_secret + client_type = "confidential" + app_access_group_id = authentik_group.ftp.id + redirect_uris = [ + { + matching_mode = "regex", + url = "https://ftp.fukurokuju.dev/.*" + } + ] + extra_property_mappings = [ + + ] + app_icon = "https://ftp.fukurokuju.dev/static/img/logo.png" + access_token_validity = "days=10" + app_url = "https://ftp.fukurokuju.dev" + app_description = "SFTPGo" + sub_mode = "user_username" } -module "jellyfin" { - source = "../modules/authentik-ldap" - app_name = "Jellyfin" - app_slug = "jellyfin" - base_dn = "DC=ldap,DC=fukurokuju,DC=dev" - name = "jellyfin" - app_url = "https://jelly.roboces.dev" - app_icon = "https://jelly.roboces.dev/web/touchicon.f5bbb798cb2c65908633.png" - app_access_group_id = authentik_group.arrs.id -} - - -module "ganymede" { +module "netbird" { source = "../modules/authentik-oidc" - app_name = "Ganymede" - app_slug = "ganymede" - redirect_uris = [{ matching_mode = "strict", url = "https://vods.roboces.dev/api/v1/auth/oauth/callback" }] - client_id = var.ganymede_client_id - client_secret = var.ganymede_client_secret - app_url = "https://vods.roboces.dev" - app_icon = "https://vods.roboces.dev/favicon.ico" - app_access_group_id = authentik_group.vods.id -} + app_name = "netbird" + app_slug = "netbird" + client_id = var.netbird_client_id + client_secret = var.netbird_client_secret + client_type = "public" + app_access_group_id = authentik_group.vpn.id + redirect_uris = [ + { + matching_mode = "strict", + url = "https://vpn.fukurokuju.dev", + }, + { + matching_mode = "regex", + url = "https://vpn.fukurokuju.dev.*", + }, + { + matching_mode = "strict", + url = "http://localhost:53000" + }, -module "jellyseerr" { - source = "../modules/authentik-app" - app_name = "Solicitudes Jelly" - app_slug = "jellyseer" - app_url = "https://requests.roboces.dev" - app_icon = "https://requests.roboces.dev/os_icon.svg" - app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin" - app_access_group_id = authentik_group.arrs.id -} - -module "cloud" { - source = "../modules/authentik-oidc" - app_name = "Cloud" - app_slug = "cloud" - app_url = "https://cloud.roboces.dev" - client_id = var.oxicloud_client_id - client_secret = var.oxicloud_client_secret - app_icon = "https://cloud.roboces.dev/themes/opencloud/assets/favicon.svg" - redirect_uris = [{ - matching_mode = "strict", url = "https://cloud.roboces.dev/api/auth/oidc/callback" - }] - app_access_group_id = authentik_group.cloud.id + ] + sub_mode = "user_id" + extra_property_mappings = [ + "goauthentik.io/providers/oauth2/scope-authentik_api" + ] + app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" + access_token_validity = "days=10" } diff --git a/tofu/authentik/sample.env b/tofu/authentik/sample.env index 224c37a..52c3922 100644 --- a/tofu/authentik/sample.env +++ b/tofu/authentik/sample.env @@ -1,5 +1,7 @@ AUTHENTIK_URL=https://auth.fukurokuju.dev AUTHENTIK_TOKEN= +TF_VAR_firezone_client_id= +TF_VAR_firezone_client_secret= TF_VAR_gitea_client_id= TF_VAR_gitea_client_secret= TF_VAR_miniflux_client_id= @@ -8,9 +10,5 @@ TF_VAR_portainer_client_id= TF_VAR_portainer_client_secret= TF_VAR_paperless_client_id= TF_VAR_paperless_client_secret= -TF_VAR_rustical_client_id= -TF_VAR_rustical_client_secret= -TF_VAR_ganymede_client_id= -TF_VAR_ganymede_client_secret= -TF_VAR_oxicloud_client_id=aef61f77326b813cf8d8ba71d1ac994b5642685ca37e4710ab0079e91d87702d55fd9775d473b05aff45603bf08e78dba26850af3a815f3c3ac171d163368aa0 -TF_VAR_oxicloud_client_secret=a4038df17c9fd06f86372aeaaae8f3fd1374d8978983af7b398d948ef15d1efe522a1faa2fc7652bc410c516d96cd2e4211dad4e05ba6297bdd8d9090460d5fc +TF_VAR_netbird_client_id= +TF_VAR_netbird_client_secret= diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf index 028ae95..50cba45 100644 --- a/tofu/authentik/vars.tf +++ b/tofu/authentik/vars.tf @@ -39,34 +39,22 @@ variable "paperless_client_secret" { type = string } - -variable "rustical_client_id" { - description = "Rustical client ID" +variable "netbird_client_id" { + description = "Netbird client ID" type = string } -variable "rustical_client_secret" { - description = "Tandoor client secret" +variable "netbird_client_secret" { + description = "Netbird client secret" type = string } - -variable "ganymede_client_id" { - description = "Ganymede client ID" +variable "sftpgo_client_id" { + description = "SFTPGo client ID" type = string } -variable "ganymede_client_secret" { - description = "Ganymede client secret" - type = string -} - -variable "oxicloud_client_id" { - description = "Oxicloud client ID" - type = string -} - -variable "oxicloud_client_secret" { - description = "Oxicloud client secret" +variable "sftpgo_client_secret" { + description = "SFTPGo client secret" type = string } diff --git a/tofu/modules/authentik-app/main.tf b/tofu/modules/authentik-app/main.tf deleted file mode 100644 index cb0f8fc..0000000 --- a/tofu/modules/authentik-app/main.tf +++ /dev/null @@ -1,26 +0,0 @@ -terraform { - required_version = ">= 1.6" - required_providers { - authentik = { - source = "goauthentik/authentik" - version = "2026.2.0" - } - } -} - -resource "authentik_application" "app" { - name = var.app_name - slug = var.app_slug - open_in_new_tab = var.open_in_new_tab - meta_icon = var.app_icon - meta_description = var.app_description - meta_publisher = var.app_publisher - meta_launch_url = var.app_url -} - -resource "authentik_policy_binding" "app_access" { - target = authentik_application.app.uuid - group = var.app_access_group_id - order = 0 - count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists -} diff --git a/tofu/modules/authentik-app/vars.tf b/tofu/modules/authentik-app/vars.tf deleted file mode 100644 index 445710f..0000000 --- a/tofu/modules/authentik-app/vars.tf +++ /dev/null @@ -1,62 +0,0 @@ -variable "app_name" { - description = "App name" - type = string -} - -variable "app_slug" { - description = "App slug, a human-readable URL identifier, e.g.: Google -> google" - type = string -} - - -variable "client_type" { - type = string - default = "confidential" - - validation { - condition = contains(["confidential", "public"], var.client_type) - error_message = "client_type must be 'confidential' or 'public'" - } -} - -variable "app_access_group_id" { - description = "ID of a group which will have access to the app" - type = string -} - -variable "sub_mode" { - type = string - default = "user_username" - - validation { - condition = contains(["user_id", "user_username", "hashed_user_id"], var.sub_mode) - error_message = "sub_mode must be 'user_id', 'user_username' or 'hashed_user_id'" - } -} - - -variable "open_in_new_tab" { - type = bool - description = "Open apps in a new tab" - default = true -} - -variable "app_icon" { - type = string - default = "" -} - -variable "app_description" { - type = string - default = "" -} - -variable "app_publisher" { - type = string - default = "" -} - -variable "app_url" { - type = string - default = "" -} diff --git a/tofu/modules/authentik-ldap/.terraform.lock.hcl b/tofu/modules/authentik-ldap/.terraform.lock.hcl deleted file mode 100644 index 71b1759..0000000 --- a/tofu/modules/authentik-ldap/.terraform.lock.hcl +++ /dev/null @@ -1,35 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/goauthentik/authentik" { - version = "2026.2.0" - constraints = "2026.2.0" - hashes = [ - "h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=", - "h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=", - "h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=", - "h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=", - "h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=", - "h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=", - "h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=", - "h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=", - "h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=", - "h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=", - "h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=", - "h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=", - "h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=", - "zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0", - "zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01", - "zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2", - "zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61", - "zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad", - "zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5", - "zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9", - "zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8", - "zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de", - "zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5", - "zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a", - "zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331", - "zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3", - ] -} diff --git a/tofu/modules/authentik-ldap/main.tf b/tofu/modules/authentik-ldap/main.tf deleted file mode 100644 index 76bf980..0000000 --- a/tofu/modules/authentik-ldap/main.tf +++ /dev/null @@ -1,45 +0,0 @@ -terraform { - required_version = ">= 1.6" - required_providers { - authentik = { - source = "goauthentik/authentik" - version = "2026.2.0" - } - } -} - - -data "authentik_flow" "default-authentication-flow" { - slug = "default-authentication-flow" -} - -data "authentik_flow" "default-invalidation-flow" { - slug = "default-invalidation-flow" -} - - -resource "authentik_provider_ldap" "provider_ldap" { - base_dn = var.base_dn - bind_flow = data.authentik_flow.default-authentication-flow.id - name = var.name - unbind_flow = data.authentik_flow.default-invalidation-flow.id -} - - -resource "authentik_application" "app" { - name = var.app_name - slug = var.app_slug - protocol_provider = authentik_provider_ldap.provider_ldap.id - open_in_new_tab = var.open_in_new_tab - meta_icon = var.app_icon - meta_description = var.app_description - meta_publisher = var.app_publisher - meta_launch_url = var.app_url -} - -resource "authentik_policy_binding" "app_access" { - target = authentik_application.app.uuid - group = var.app_access_group_id - order = 0 - count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists -} diff --git a/tofu/modules/authentik-ldap/vars.tf b/tofu/modules/authentik-ldap/vars.tf deleted file mode 100644 index 3d44d35..0000000 --- a/tofu/modules/authentik-ldap/vars.tf +++ /dev/null @@ -1,52 +0,0 @@ -variable "app_name" { - description = "App name" - type = string -} - -variable "app_slug" { - description = "App slug, a human-readable URL identifier, e.g.: Google -> google" - type = string -} - - -variable "app_access_group_id" { - description = "ID of a group which will have access to the app" - type = string -} - - -variable "open_in_new_tab" { - type = bool - description = "Open apps in a new tab" - default = true -} - -variable "app_icon" { - type = string - default = "" -} - -variable "app_description" { - type = string - default = "" -} - -variable "app_publisher" { - type = string - default = "" -} -variable "app_url" { - type = string - default = "" -} - - -variable "base_dn" { - type = string - description = "Base DN" -} - -variable "name" { - type = string - description = "Name" -} diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index 6082b7f..51e6f14 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2026.2.0" + version = "2025.6.0" } } } diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index cdb97c5..772c272 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2026.2.0" + version = "2025.6.0" } } }