diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml deleted file mode 100644 index 4d1bf40..0000000 --- a/.forgejo/workflows/ci.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -name: checks -on: # yamllint disable-line rule:truthy - - 'push' - -jobs: - pre-commit: - runs-on: ubuntu-22.04 - steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - uses: https://code.forgejo.org/actions/setup-python@v6 - with: - python-version: '3.10' - - uses: opentofu/setup-opentofu@v2 - with: - tofu_version: 1.7.0 - - uses: pre-commit/action@v3.0.1 - - k8s: - runs-on: ubuntu-22.04 - steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - name: Set up Kubeconform - uses: bmuschko/setup-kubeconform@v1 - - - name: Validate manifests - run: make lint--kubeconform - - - tflint: - runs-on: ubuntu-22.04 - steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - uses: terraform-linters/setup-tflint@v6 - name: Setup TFLint - with: - tflint_version: v0.50.3 - - - name: Run TFLint - run: make lint--tflint diff --git a/.forgejo/workflows/deploy-tofu.yaml b/.forgejo/workflows/deploy-tofu.yaml deleted file mode 100644 index 543f381..0000000 --- a/.forgejo/workflows/deploy-tofu.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -name: OpenTofu deployments - -on: # yamllint disable-line rule:truthy - push: - branches: - - 'main' - -jobs: - authentik: - runs-on: ubuntu-22.04 - steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - uses: opentofu/setup-opentofu@v2 - with: - tofu_version: 1.8.1 - - name: Deploy - env: - AUTHENTIK_URL: ${{ secrets.AUTHENTIK_URL }} - AUTHENTIK_TOKEN: ${{ secrets.AUTHENTIK_TOKEN }} - TF_VAR_firezone_client_id: ${{ secrets.TF_VAR_firezone_client_id }} - TF_VAR_firezone_client_secret: ${{ secrets.TF_VAR_firezone_client_secret }} - TF_VAR_gitea_client_id: ${{ secrets.TF_VAR_gitea_client_id }} - TF_VAR_gitea_client_secret: ${{ secrets.TF_VAR_gitea_client_secret }} - TF_VAR_miniflux_client_id: ${{ secrets.TF_VAR_miniflux_client_id }} - TF_VAR_miniflux_client_secret: ${{ secrets.TF_VAR_miniflux_client_secret }} - TF_VAR_portainer_client_id: ${{ secrets.TF_VAR_portainer_client_id }} - TF_VAR_portainer_client_secret: ${{ secrets.TF_VAR_portainer_client_secret }} - TF_VAR_paperless_client_id: ${{ secrets.TF_VAR_paperless_client_id }} - TF_VAR_paperless_client_secret: ${{ secrets.TF_VAR_paperless_secret }} - TF_VAR_netbird_client_id: ${{ secrets.TF_VAR_netbird_client_id }} - TF_VAR_netbird_client_secret: ${{ secrets.TF_VAR_netbird_client_secret }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - run: | - cd tofu/authentik - tofu init - tofu apply -auto-approve - - adguard: - runs-on: ubuntu-22.04 - steps: - - uses: https://code.forgejo.org/actions/checkout@v6 - - uses: opentofu/setup-opentofu@v2 - with: - tofu_version: 1.7.0 - - name: Deploy - env: - ADGUARD_PASSWORD: ${{ secrets.ADGUARD_PASSWORD }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - run: | - cd tofu/adguard - tofu init - tofu apply -auto-approve diff --git a/.woodpecker/fmt.yaml b/.woodpecker/fmt.yaml new file mode 100644 index 0000000..deb978c --- /dev/null +++ b/.woodpecker/fmt.yaml @@ -0,0 +1,36 @@ +--- +when: + - event: push + branch: feat/woodpecker-ci + +steps: + - name: build-image + image: woodpeckerci/plugin-kaniko + settings: + registry: git.roboces.dev + repo: catalin/fukuops + tags: ci-fmt + target: fmt + username: + from_secret: FORGEJO_REGISTRY_USERNAME + password: + from_secret: FORGEJO_REGISTRY_PASSWORD + + - name: pre-commit + image: git.roboces.dev/catalin/fukuops:ci-fmt + depends_on: [build-image] + commands: + - echo $PATH + - make fmt--pre-commit + + - name: kubeconform + image: git.roboces.dev/catalin/fukuops:ci-fmt + depends_on: [build-image] + commands: + - make fmt--kubeconform + + - name: tflint + image: git.roboces.dev/catalin/fukuops:ci-fmt + depends_on: [build-image] + commands: + - make fmt--tflint diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..87cdcd4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,16 @@ +FROM alpine:3.21 AS tofu + +RUN apk add --no-cache opentofu + +CMD ["/bin/sh"] + +FROM tofu AS fmt + +RUN apk add --no-cache \ + pre-commit \ + make \ + kubeconform --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ + +COPY --from=ghcr.io/terraform-linters/tflint:v0.61.0 /usr/local/bin/tflint /usr/bin/tflint + +CMD ["/bin/sh"] diff --git a/Makefile b/Makefile index 737fe9b..9770437 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,15 @@ -lint--pre-commit: +fmt--pre-commit: pre-commit run --all-files --color always -lint--kubeconform: - kubeconform -strict -ignore-missing-schemas k8s/ +fmt--kubeconform: + kubeconform -strict -ignore-missing-schemas k8s/argo-apps + kubeconform -strict -ignore-missing-schemas k8s/services -lint--tflint: + +fmt--tflint: tflint --recursive -lint: - make lint--pre-commit - make lint--kubeconform - make lint--tflint +fmt: + make fmt--pre-commit + make fmt--kubeconform + make fmt--tflint diff --git a/README.md b/README.md index 4706caa..0009dfe 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ # fukuops -[![Last build status](https://git.roboces.dev/catalin/fukuops/badges/workflows/ci.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions) -[![Tofu deployments](https://git.roboces.dev/catalin/fukuops/badges/workflows/deploy-tofu.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions) +[![status-badge](https://ci.roboces.dev/api/badges/1/status.svg)](https://ci.roboces.dev/repos/1) diff --git a/docker/ganymede/docker-compose.yml b/docker/ganymede/docker-compose.yml index ebc6836..dffcb71 100644 --- a/docker/ganymede/docker-compose.yml +++ b/docker/ganymede/docker-compose.yml @@ -2,7 +2,7 @@ services: ganymede: container_name: ganymede - image: ghcr.io/zibbp/ganymede:4.16.0 + image: ghcr.io/zibbp/ganymede:4.14.1 restart: unless-stopped environment: DEBUG: ${GANYMEDE_DEBUG:-false} diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml index 14d962c..9980275 100644 --- a/docker/paperless/docker-compose.yml +++ b/docker/paperless/docker-compose.yml @@ -14,7 +14,7 @@ services: webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15 + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.13 restart: unless-stopped ports: - 8002:8000 diff --git a/docker/rustical/docker-compose.yml b/docker/rustical/docker-compose.yml index b2dc9a8..bdc0d01 100644 --- a/docker/rustical/docker-compose.yml +++ b/docker/rustical/docker-compose.yml @@ -1,7 +1,7 @@ --- services: rustical: - image: ghcr.io/lennart-k/rustical:0.12.12 + image: ghcr.io/lennart-k/rustical:0.12.10 restart: unless-stopped ports: - '4000:4000' diff --git a/docker/tailscale/docker-compose.yml b/docker/tailscale/docker-compose.yml index aea1233..e139f18 100644 --- a/docker/tailscale/docker-compose.yml +++ b/docker/tailscale/docker-compose.yml @@ -1,7 +1,7 @@ --- services: tailscale: - image: tailscale/tailscale:v1.96.5 + image: tailscale/tailscale:v1.94.2 hostname: tailscale environment: TS_AUTHKEY: ${TS_AUTHKEY} diff --git a/docker/vaultwarden/docker-compose.yml b/docker/vaultwarden/docker-compose.yml index bbc3594..3970c77 100644 --- a/docker/vaultwarden/docker-compose.yml +++ b/docker/vaultwarden/docker-compose.yml @@ -1,7 +1,7 @@ --- services: vaultwarden: - image: vaultwarden/server:1.36.0-alpine + image: vaultwarden/server:1.35.4-alpine restart: unless-stopped environment: DATABASE_URL: ${DATABASE_URL} diff --git a/k8s/argo-apps/elastic.yaml b/k8s/argo-apps/elastic.yaml new file mode 100644 index 0000000..b65a53b --- /dev/null +++ b/k8s/argo-apps/elastic.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: elastic + namespace: argocd +spec: + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + sources: + - chart: elasticsearch + repoURL: registry-1.docker.io/bitnamicharts + targetRevision: 22.1.6 + helm: + valuesObject: + service: + type: LoadBalancer + master: + persistence: + enabled: true + storageClass: truenas-nfs-csi + accessModes: + - ReadWriteMany + size: 50Gi + ingress: + enabled: true + hostname: elastic.fuku + tls: true + selfSigned: true + ingressClassName: traefik + data: + persistence: + enabled: true + storageClass: truenas-nfs-csi + accessModes: + - ReadWriteMany + size: 50Gi + autoscaling: + enabled: true + maxReplicas: 3 + minReplicas: 1 + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/forgejo.yaml b/k8s/argo-apps/forgejo.yaml index 70875d8..1c55a69 100644 --- a/k8s/argo-apps/forgejo.yaml +++ b/k8s/argo-apps/forgejo.yaml @@ -14,10 +14,10 @@ spec: sources: - chart: forgejo repoURL: code.forgejo.org/forgejo-helm - targetRevision: 17.0.1 + targetRevision: 16.2.1 helm: valuesObject: - replicaCount: 1 + replicaCount: 2 service: http: type: LoadBalancer @@ -49,8 +49,15 @@ spec: serviceMonitor: enabled: true config: + indexer: + ISSUE_INDEXER_CONN_STR: http://elastic-elasticsearch.apps-fuku.svc.cluster.local:9200 + ISSUE_INDEXER_ENABLED: true + ISSUE_INDEXER_TYPE: elasticsearch + REPO_INDEXER_ENABLED: false + REPO_INDEXER_TYPE: elasticsearch actions: - ENABLED: false + ENABLED: true + DEFAULT_ACTIONS_URL: https://github.com picture: DISABLE_GRAVATAR: false ENABLE_FEDERATED_AVATAR: true @@ -99,6 +106,9 @@ spec: enabled: false redis-cluster: enabled: false + - path: k8s/services/forgejo + repoURL: https://git.roboces.dev/catalin/fukuops.git + targetRevision: main project: roboces syncPolicy: automated: {} diff --git a/k8s/argo-apps/meili.yaml b/k8s/argo-apps/meili.yaml index 9303052..1f51360 100644 --- a/k8s/argo-apps/meili.yaml +++ b/k8s/argo-apps/meili.yaml @@ -18,13 +18,13 @@ spec: targetRevision: main - chart: meilisearch repoURL: https://meilisearch.github.io/meilisearch-kubernetes - targetRevision: 0.32.* + targetRevision: 0.30.* helm: valuesObject: environment: MEILI_ENV: production auth: - existingMasterKeySecret: meili + existingMasterKeySecret: meilisearch-master-key service: type: NodePort port: 7700 diff --git a/k8s/argo-apps/oxicloud.yaml b/k8s/argo-apps/oxicloud.yaml index 2e2ba46..7f44ff5 100644 --- a/k8s/argo-apps/oxicloud.yaml +++ b/k8s/argo-apps/oxicloud.yaml @@ -16,9 +16,9 @@ spec: helm: valuesObject: image: - repository: diocrafts/oxicloud + repository: git.roboces.dev/catalin/fukuops pullPolicy: Always - tag: "0.5.6" + tag: "oxicloud-0.5.3" persistence: enabled: true storageClass: "truenas-nfs-csi" diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index 505b9af..17c6a27 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 46.142.* + targetRevision: 46.98.* helm: valuesObject: renovate: diff --git a/k8s/argo-apps/vault-sm.yaml b/k8s/argo-apps/vault-sm.yaml index 5b844ac..0f4d677 100644 --- a/k8s/argo-apps/vault-sm.yaml +++ b/k8s/argo-apps/vault-sm.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: vaultwarden-kubernetes-secrets repoURL: ghcr.io/antoniolago/charts - targetRevision: 1.4.01 + targetRevision: 1.3.0 helm: valuesObject: api: diff --git a/k8s/argo-apps/woodpecker.yaml b/k8s/argo-apps/woodpecker.yaml index 1068d21..04e2c45 100644 --- a/k8s/argo-apps/woodpecker.yaml +++ b/k8s/argo-apps/woodpecker.yaml @@ -22,6 +22,9 @@ spec: storageClass: truenas-nfs-csi accessModes: - ReadWriteMany + env: + WOODPECKER_MAX_WORKFLOWS: '4' + server: env: WOODPECKER_ADMIN: 'woodpecker,admin,catalin' @@ -38,6 +41,13 @@ spec: secretKeyRef: name: woodpecker key: WOODPECKER_FORGEJO_SECRET + WOODPECKER_DATABASE_DRIVER: postgres + WOODPECKER_PLUGINS_PRIVILEGED: woodpeckerci/plugin-docker-buildx + WOODPECKER_DATABASE_DATASOURCE: + valueFrom: + secretKeyRef: + name: woodpecker + key: WOODPECKER_DATABASE_DATASOURCE persistentVolume: storageClass: truenas-nfs-csi accessModes: diff --git a/k8s/playground/nfstest/pod.yaml b/k8s/playground/nfstest/pod.yaml deleted file mode 100644 index 6cb0319..0000000 --- a/k8s/playground/nfstest/pod.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -kind: Pod -apiVersion: v1 -metadata: - name: pod-using-nfs - namespace: apps-fuku -spec: - containers: - - name: app - image: alpine - volumeMounts: - - name: data - mountPath: /var/nfs - command: ["/bin/sh"] - args: ["-c", "sleep 500000"] - volumes: - - name: data - persistentVolumeClaim: - claimName: myapp-nfs diff --git a/k8s/playground/nfstest/pvc.yaml b/k8s/playground/nfstest/pvc.yaml deleted file mode 100644 index 723a948..0000000 --- a/k8s/playground/nfstest/pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: myapp-nfs - namespace: apps-fuku -spec: - accessModes: - - ReadWriteMany - storageClassName: "" - volumeName: nas1 - resources: - requests: - storage: 5Gi diff --git a/k8s/playground/nfstest/pvwithnfs.yaml b/k8s/playground/nfstest/pvwithnfs.yaml deleted file mode 100644 index 994fd5c..0000000 --- a/k8s/playground/nfstest/pvwithnfs.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nas1 - namespace: apps-fuku -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - nfs: - server: zeruel.fuku - path: /mnt/pool1/nas1 diff --git a/k8s/services/argo/project-fuku.yaml b/k8s/services/argo/project-fuku.yaml index 46076fd..6f03737 100644 --- a/k8s/services/argo/project-fuku.yaml +++ b/k8s/services/argo/project-fuku.yaml @@ -25,6 +25,7 @@ spec: - https://charts.crystalnet.org - https://portainer.github.io/k8s/ - https://docs.renovatebot.com/helm-charts + - registry-1.docker.io/bitnamicharts - https://meilisearch.github.io/meilisearch-kubernetes - https://kubetail-org.github.io/helm-charts/ - https://groundhog2k.github.io/helm-charts/ @@ -33,4 +34,3 @@ spec: - https://helm.runix.net - https://rcourtman.github.io/Pulse - ghcr.io/antoniolago/charts - - https://helm.elastic.co diff --git a/k8s/services/meili/sealedsecrets.yaml b/k8s/services/meili/sealedsecrets.yaml new file mode 100644 index 0000000..98dd5cb --- /dev/null +++ b/k8s/services/meili/sealedsecrets.yaml @@ -0,0 +1,16 @@ +# yamllint disable rule:line-length +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: meilisearch-master-key + namespace: apps-fuku +spec: + encryptedData: + MEILI_MASTER_KEY: AgBcQDv79lsUJF09YTd+zsuC9Ufhgs74mk5sxIrgaAQW/5yBupPgIsZw+g33qDqejuG+hfdhvkTOFHYetNuEDjnPWEpySjMLiB6N/HXMSuPimbOSjhHP3d7jgnWnIluUPs3RsvxDzaHCygVsS2a5ul7+qJGbiQTlmcV/rMVkqiw95mxwswkZhWi1Da1QYPgjRkazbCV0JAVhYYoo7VBnxceyGOS7Um5BsdyDMmXCn0qegU2FDlXTcBBur48hlyRqie/DxyZi3Yx/yiOnVH7g7H41H6hLJpKhQTMQbnohAqUC2UZZJlwrc8b/3kisFw/pxBP7S47hn9iseQcw18mXs6SzlXbhWm+CyNsKEvuXJAMVlaCrOCqs8Kf8ZlraCJYYq8mx+zoA7yAHnRdC4uByR5SGwnXJgq4WJD3wx90NuVbTcJfpQ+bNMPpRS8W+66S9j+rBVk6YcqCqL62JPSf0I9ZKCrNJrtbx5WyxbcVAgZdd2oxxXq6fG4I/wvqn/LN7nAqDwaCjU0395R+vM89o24h8pMTNOUhY1Dqxh0rKQOnTACc12kmhwQucdtjwkFzM7PJxW8d8GGdvgPoIxe27sguUMvn6IFo8h0JmGrbAyDEeR113s/gwQm9ozM9KJXXyImfiRJCcDSlny0rTNWZaGonXuSezFuhcSazepd0v85ofHgIflQQjMfLUNz1b9+ci4SbnpoJwzlrY2d6SyJSIA7Bz223j9UcRgDvRvIz3 + template: + metadata: + creationTimestamp: null + name: meilisearch-master-key + namespace: apps-fuku diff --git a/scripts/create-nginx-certs.sh b/scripts/create-nginx-certs.sh new file mode 100755 index 0000000..4fb1aed --- /dev/null +++ b/scripts/create-nginx-certs.sh @@ -0,0 +1,103 @@ +#!/usr/bin/env bash + +set -euo pipefail + +usage() { + cat <<'EOF' +Usage: + create-nginx-certs.sh --domain [--output ] + +Options: + -d, --domain Domain name to use for the certificate Common Name and SAN + -o, --output Output file base name (defaults to the domain name) + -h, --help Show this help message + +Examples: + ./create-nginx-certs.sh --domain mydomain.local + ./create-nginx-certs.sh --domain mydomain.local --output foo +EOF +} + +DOMAIN="" +OUTPUT_BASE="" + +while [[ $# -gt 0 ]]; do + case "$1" in + -d|--domain) + if [[ $# -lt 2 ]]; then + echo "Error: --domain requires a value" >&2 + usage >&2 + exit 1 + fi + DOMAIN="$2" + shift 2 + ;; + -o|--output) + if [[ $# -lt 2 ]]; then + echo "Error: --output requires a value" >&2 + usage >&2 + exit 1 + fi + OUTPUT_BASE="$2" + shift 2 + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "Error: unknown argument: $1" >&2 + usage >&2 + exit 1 + ;; + esac +done + +if [[ -z "$DOMAIN" ]]; then + echo "Error: --domain is required" >&2 + usage >&2 + exit 1 +fi + +if [[ -z "$OUTPUT_BASE" ]]; then + OUTPUT_BASE="$DOMAIN" +fi + +CERT_FILE="${OUTPUT_BASE}.pem" +KEY_FILE="${OUTPUT_BASE}.key.pem" +TMP_CONFIG="$(mktemp)" + +cleanup() { + rm -f "$TMP_CONFIG" +} +trap cleanup EXIT + +cat > "$TMP_CONFIG" <&2 - usage >&2 - exit 1 - ;; - *) - if [[ -z "$REPLICAS" ]]; then - REPLICAS="$1" - else - RESOURCES+=("$1") - fi - shift - ;; - esac -done - -if [[ -z "$REPLICAS" ]]; then - echo "Error: REPLICAS is required" >&2 - usage >&2 - exit 1 -fi - -if [[ "$ALL" == false && "$ALL_NAMESPACES" == false && ${#RESOURCES[@]} -eq 0 ]]; then - echo "Error: Must specify --all, --all-namespaces, or at least one RESOURCE" >&2 - usage >&2 - exit 1 -fi - -NAMESPACE_ARG=() -if [[ -n "$NAMESPACE" ]]; then - NAMESPACE_ARG=("-n" "$NAMESPACE") -fi - -DRY_RUN_ARG=() -if [[ "$DRY_RUN" == true ]]; then - DRY_RUN_ARG=("--dry-run=client") -fi - -KUBECTL_BASE=(kubectl) -if [[ -n "$KUBECTL_V" ]]; then - KUBECTL_BASE+=( "$KUBECTL_V" ) -fi -KUBECTL_BASE+=( "${NAMESPACE_ARG[@]}" ) -KUBECTL_BASE+=( "${DRY_RUN_ARG[@]}" ) - -scale_resource() { - local resource="$1" - local ns name - - if [[ "$resource" == */* ]]; then - ns="${resource%%/*}" - name="${resource#*/}" - else - ns="${NAMESPACE:-$(kubectl "${NAMESPACE_ARG[@]}" config view --minify --output jsonpath='{.contexts[0].context.namespace}' 2>/dev/null || echo "default")}" - name="$resource" - fi - - for kind in deployment statefulset; do - if "${KUBECTL_BASE[@]}" get "$kind" "$name" -n "$ns" &>/dev/null; then - echo "Scaling $kind/$ns/$name to $REPLICAS replicas${DRY_RUN:+ (dry-run)}" - "${KUBECTL_BASE[@]}" scale "$kind" "$name" -n "$ns" --replicas="$REPLICAS" - return 0 - fi - done - - echo "Error: Resource '$resource' not found as deployment or statefulset" >&2 - return 1 -} - -get_resources() { - local ns_flag=() - if [[ "$ALL_NAMESPACES" == true ]]; then - ns_flag=("--all-namespaces") - elif [[ -n "$NAMESPACE" ]]; then - ns_flag=("-n" "$NAMESPACE") - fi - - "${KUBECTL_BASE[@]}" get "${ns_flag[@]}" deployment,statefulset -o jsonpath='{range .items[*]}{.metadata.namespace}/{.kind}/{.metadata.name}{"\n"}{end}' 2>/dev/null | while IFS=/ read -r ns kind name; do - echo "$ns/$name" - done -} - -if [[ "$ALL" == true || "$ALL_NAMESPACES" == true ]]; then - while IFS= read -r resource; do - [[ -n "$resource" ]] && scale_resource "$resource" - done < <(get_resources) -else - for resource in "${RESOURCES[@]}"; do - scale_resource "$resource" - done -fi diff --git a/scripts/proxmox-power.sh b/scripts/proxmox-power.sh old mode 100755 new mode 100644 diff --git a/scripts/update-argo.sh b/scripts/update-argo.sh deleted file mode 100755 index fbdd1da..0000000 --- a/scripts/update-argo.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/bin/env bash - -check_kubectl() { - if ! command -v kubectl &>/dev/null; then - echo "Error: kubectl is not installed or not in PATH" >&2 - exit 1 - fi - log_info "kubectl found at $(command -v kubectl)" -} - -VERBOSE=0 - -log_debug() { [[ $VERBOSE -ge 3 ]] && echo "[DEBUG] $*" || true; } -log_verbose() { [[ $VERBOSE -ge 2 ]] && echo "[VERBOSE] $*" || true; } -log_info() { [[ $VERBOSE -ge 1 ]] && echo "[INFO] $*" || true; } -log_error() { echo "[ERROR] $*" >&2; } - -usage() { - cat <&2 - usage >&2 - exit 1 - ;; - *) - TARGET_VERSION="$1" - shift - ;; - esac -done - -log_debug "Script started with target version: ${TARGET_VERSION:-auto}" - -check_kubectl - -log_info "Checking current kubectl context" -CURRENT_CONTEXT=$(kubectl config current-context 2>/dev/null) -log_verbose "Current context: $CURRENT_CONTEXT" - -log_info "Checking for ArgoCD installation" -if ! kubectl get ns argocd &>/dev/null; then - log_error "ArgoCD namespace not found. This script only upgrades existing installations." - exit 1 -fi -log_verbose "ArgoCD namespace found" - -log_info "Checking current ArgoCD version" -CURRENT_VERSION=$(kubectl get deployment argocd-server -n argocd -o jsonpath='{.spec.template.spec.containers[0].image}' 2>/dev/null) -if [[ -n "$CURRENT_VERSION" ]]; then - CURRENT_VERSION=$(echo "$CURRENT_VERSION" | sed 's/.*argocd:v\?//' | tr -d ' \n') - if [[ -n "$CURRENT_VERSION" ]]; then - CURRENT_VERSION="${CURRENT_VERSION#v}" - log_verbose "Current ArgoCD version: $CURRENT_VERSION" - else - log_error "Could not extract ArgoCD version from image: $CURRENT_VERSION" - exit 1 - fi -fi - -if [[ -z "$TARGET_VERSION" ]]; then - log_info "No target version specified, querying for latest version" - log_verbose "Fetching latest release from GitHub" - LATEST_VERSION=$(curl -s https://api.github.com/repos/argoproj/argo-cd/releases/latest | grep -oP '"tag_name":\s*"\K[^"]+' | sed 's/^v//') - if [[ -n "$LATEST_VERSION" ]]; then - log_verbose "Latest version available: $LATEST_VERSION" - TARGET_VERSION="$LATEST_VERSION" - else - echo "Error: Could not fetch latest version" >&2 - exit 1 - fi -fi - -log_info "Target version: $TARGET_VERSION" - -log_debug "Determining update path from $CURRENT_VERSION to $TARGET_VERSION" - -log_info "Applying ArgoCD manifests" -log_verbose "Downloading manifest from https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml" -curl -sLO "https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml" - -log_debug "Applying manifest with kubectl" -if [[ "$DRY_RUN" == true ]]; then - log_verbose "Dry-run mode: would apply manifest" - kubectl apply -n argocd -f install.yaml --dry-run=client -else - kubectl apply -n argocd -f install.yaml -fi - -log_verbose "Cleaning up downloaded manifest" -rm -f install.yaml - -log_info "Update to ArgoCD $TARGET_VERSION initiated" diff --git a/tofu/adguard/.terraform.lock.hcl b/tofu/adguard/.terraform.lock.hcl index 6361897..754c9d0 100644 --- a/tofu/adguard/.terraform.lock.hcl +++ b/tofu/adguard/.terraform.lock.hcl @@ -2,35 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/gmichels/adguard" { - version = "1.7.0" - constraints = "1.7.0" + version = "1.6.2" + constraints = "1.6.2" hashes = [ - "h1:1vvJ6KcLUR8U2BHNtj7tMsgEsGXzTKMIFsHfcZYEVyc=", - "h1:5BDrsrU/Sdain/+KkhbNzxVL81rh69wG4iKOIBf9qys=", - "h1:70gWtux/jVZQgsDjr8+j0aRHKkGZqRWCmzoX9ddC7f4=", - "h1:Qdqipgukxph9vqXiEKVzFSgXfEmGiGw1JrrQvwJOtco=", - "h1:QveIrziFNxu+Go7pl7qjH5tqPOb8pgzfTdunVgsJ3vg=", - "h1:UrJdOlCLAWC7/I2Co02RtOKT3tSGb8TwOgJ7s0sOtCo=", - "h1:W6nZfQzWb3Ds1JRytBqzsZoNBa6x4OOe9J87f1nyCRA=", - "h1:c3RK8fSEr2yfPySC0WemOC/CR3608Ra4vFwGhvdrswg=", - "h1:jizPinVWDQUN6rKwiBgRm7PcgUJe4AWlCWghgH0v7xI=", - "h1:lb9gv3IiUZDA4P/kpuvOqZmidWMIbpG+sUecM1QclNo=", - "h1:sRIMccvZq71/CxTknprnRozCChEZSq4Nmt+M+DOjTq8=", - "h1:uOdtIfvNVEHheucpt51bSCYtX2W1LKELlOkBTbjBm6o=", - "h1:woGvhSgZDFj5+yH5uHonXSIn6AaeZekb3t9oXMZB/DQ=", - "zh:0b83aa1ade1a6f7c9b1af0488dad43bf00e733d1517463d4bee51c17612546da", - "zh:15d784c16545efaf6c368b642995bb0d0ef61b6961e67b072430d445ef6c02fc", - "zh:1c4da4d20c98795fee1ac0cd9ffd880a68f06992d6fe849342c4b19f79c8aff9", - "zh:41afcdcc5236fa40a0b7ec614cb830ef03d45f8f1b8988d24d80ec999ef34b9b", - "zh:4c8e832a5a842420b5163eb5eb2bd7d460ece524efc618bdba64e4f4a2d403b5", - "zh:58e19d2f9e4bd9f2a13b631c3213157ea80ef3aa7b3b8edcd8fb341f9c06c5e5", - "zh:7380ca4d053255f787ded10c26b19ebd23d3563ddbb36d0be66bb2cef293d27d", - "zh:7b21589bb31084bb68b2deb96bd4130b8b13c1c71614704d13d4cbdfc583f3c7", - "zh:82aee49172286676cdccbc97b809b84acf3edeb164ae77cafa837118ee3769a6", - "zh:95431a266520cce112474616c27c80f0017625ef7d80aaf69118360222d7974b", - "zh:a6dc4b60beafc471d049b856df4bf793838b1e8b2079efe4a12ebf6fbd482098", - "zh:d9c5c35be3ae54a52fb444b61e442445e74df6a4ab5bc4884b0f5d55eacc4ced", - "zh:f6bd2db5d9a178c9b5b020e505affc245a0ceaa8e662f37ad9743d65e1153322", + "h1:4rfmv0e8MoRPw+CTZBxTlPZbOSvPnIIt8kwVIIRIqbc=", + "h1:FUOYxkRfDHxiAlTKpvfZpNpRdCkq7Gs9JcZjLWo+guM=", + "h1:FewdC+pt/Z8XC1M5M49D74MYnMzVjwVoAcnonmbxhwA=", + "h1:RAXQ/T7oF42hDSuXH7hH85uj8QmHRS+ArP5pO4ILslc=", + "h1:a5SEI5KSX0cENGjd+IrxMj4l0Cr5GWvTP8Ng3cJaLTg=", + "h1:gNdYW6qM5jJTA2M9BHzVtuCTSmY2Fi/r08A/duZR8Yg=", + "h1:gnBusJUhlOSxn2JG5V0N3aHWAcTtMLcSjRSMKm8+6S4=", + "h1:hwB3SSfBITtOIggACNkdTnA8hG2AzYaFgG3WJny3290=", + "h1:iGjswHan6q6vYBTxR+WFBCUwCN7jmg7mAvFnv4P3/m8=", + "h1:mBxI5srrplxBHZLuXfEVZzwph3mCl9SQv0e9nR2GhQ4=", + "h1:o3CYF1B/kMBktAn1cWJuqW84VqZkM5K3A1BPw6v5fnA=", + "h1:sX4l50R6dzuHdQJFBfGDY6lZc4bCGKjxkKRtoKmx/1g=", + "h1:shVeqrDxxOvnsD//ryu7IoxwPsGb+6FeLmum3szd/mU=", + "h1:wY3pI9C3lEZ9nZRIqky5cqfwLm+u7Wi/9HBVCo4o9/M=", + "zh:0337224a2b6418ba38cedf7f2cef9b154f51db4791b03d6b5745cb26f60614d2", + "zh:09addda402962c46cd236ae1703ba9632f377897e8d321678cf0e4428a5071f7", + "zh:1f7b511933d6ca8fbdcd5bb50bba910e88b73fee57ae2922e01f18470350929e", + "zh:2bd2a45c4cddd19b2a55d6d658184df25f002e0b7a929da48b5086922ae846d6", + "zh:30ed44fd468132273029302fc16de4e76a1f10b816862e2e5dfca545e5b67f70", + "zh:3f73e37f6410509f7811db77b53f6e332c24344ad800a1d56bcf6af2a706d998", + "zh:5215dbeb6edbe0e7fae238580bb649745824d3744cc0d3b407244383ddeefd96", + "zh:543a6b4d814607884791306ae661a1d3475af90785712fb6c94e2b616f75afba", + "zh:8402d7a2d501ff0c9fe2216bf80f6bc133f0277cc3f184d3d37f4628b778f18b", + "zh:894ac1fce4fd92c66684d64d41356d5d02ebcf3a68e4ae1150314732f9ac384f", + "zh:ad547c8c8413de6886cf563129b117a0aab79b9841e7486e58a639c74eeacc12", + "zh:b9d69a6f99256cbd741ddc881f8665eec6e51ee1a4b99918ae8e9bdcf73cf31d", + "zh:d254d2dae145dbe5435be32b821198d9d5dca81fb67e06499eb8a8bd78a34ba5", + "zh:df327c22ba4437fa5e879ae70ce8330363a4e6f320711e7bd2ac249db3a3a551", "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", ] } diff --git a/tofu/adguard/main.tf b/tofu/adguard/main.tf index fe0c505..69b83d6 100644 --- a/tofu/adguard/main.tf +++ b/tofu/adguard/main.tf @@ -9,7 +9,7 @@ terraform { required_providers { adguard = { source = "gmichels/adguard" - version = "1.7.0" + version = "1.6.2" } } } @@ -23,18 +23,9 @@ provider "adguard" { resource "adguard_rewrite" "argo_1" { domain = "argo.fuku" - answer = "192.168.1.31" + answer = "192.168.1.12" } -resource "adguard_rewrite" "argo_2" { - domain = "argo.fuku" - answer = "192.168.1.32" -} - -resource "adguard_rewrite" "argo_3" { - domain = "argo.fuku" - answer = "192.168.1.33" -} resource "adguard_rewrite" "feeds" { domain = "feeds.roboces.dev" answer = "192.168.1.12" diff --git a/tofu/authentik/.terraform.lock.hcl b/tofu/authentik/.terraform.lock.hcl index 71b1759..fe7616b 100644 --- a/tofu/authentik/.terraform.lock.hcl +++ b/tofu/authentik/.terraform.lock.hcl @@ -2,34 +2,36 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2026.2.0" - constraints = "2026.2.0" + version = "2025.12.1" + constraints = "2025.12.1" hashes = [ - "h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=", - "h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=", - "h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=", - "h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=", - "h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=", - "h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=", - "h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=", - "h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=", - "h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=", - "h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=", - "h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=", - "h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=", - "h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=", - "zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0", - "zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01", - "zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2", - "zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61", - "zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad", - "zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5", - "zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9", - "zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8", - "zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de", - "zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5", - "zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a", - "zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331", - "zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3", + "h1:+R2MRgaXvmR1l+nYxYJqMSuvA4VBzfBoh2Er6TnDRPE=", + "h1:1y5I173i8qvxp8GQHBBI/bxkr6YOqY4IqOiJWIUSeeM=", + "h1:XHaltkhuTgyFCCZgpay2orOgc0TyZf0KqrFHNfUgY20=", + "h1:XvFByv5e6fKSlayYaXpFD/JbTYZN1ybujVJJjny1Q18=", + "h1:ZU9d05CLVYBbmdB0IGiG9MueY4/fVo4D6FeyQtbeujA=", + "h1:doHtDOiEIgIUWlUUc9jC7Uqdhj1hsy3etvdYmegcUZM=", + "h1:hUgMx2B40ByfaMA4Al0h7xotp/pZxJJxZZa/HJb6NDc=", + "h1:kG5J46qkCdUWJp/1p8CLifqc7Fy54IDZEjYhpmWcars=", + "h1:lNx+bJr11tPJxpkL5aTdOkGwB41O2Kv8fvKuiMl/LLs=", + "h1:mSOL+FqSLNkWeXopegyK/MoCkMD/VmW9V3PHLaIePjU=", + "h1:oCKzPBsyaD1ENda7qbREG3DYV3Opu09ub+msk3vRCkw=", + "h1:p9AGeRqK50wTHEIp7z7O4MUP83cs+lt7wPajZ9m9TB8=", + "h1:tBoVWDOhByI7cg9TYAAw6LDdMmWLpa2LYwJzzcukdiA=", + "h1:zHQHXKmlGNYBaWLJ9SuXsJ7dbpsvhDJl5pJi+PFU+2w=", + "zh:0e856d3b13614bc32346a236a8e84ba55ecd17238c2008d4b3e71aa8cb49f515", + "zh:2dcc44cd499c18ebbc4f763eff97a7b725763c8ac8fbb5d69c935413ccdc4962", + "zh:434100fc75ec7cd6b64cc9497e8273e79325fa8d285e9fd9d341c1a67421643b", + "zh:483484f66d2e8ce6fa4bfd91e824ceebf07d10acb5df5f366397c55227c4ae91", + "zh:596743a6f1c77a6f103b06ef8d932fe8f2376793b92478853dc84571d17c429f", + "zh:5ed2d5eb7db13229baaf042c725d5c64b58ffdcc641370175e0a88900af94bf1", + "zh:8aecd4cf782c82bee01098f72fe4ffff83707516007b32a01c7fcb19a9260338", + "zh:928c05ecac309287ff7d73ed6e478350fe3003557658ae5dc2be817a4268dba7", + "zh:9b9fd36dfb3e75da8b4478485272505ae9a3c67b10db173e1d2d76cfe2b637b8", + "zh:ab7cd8c61ab67a045854e32f0be1940a92746770dbf3c17bbe923e0259c4f897", + "zh:bb1360ec19a4fc1095d0ef1b7b6c5c3c1a91daac7cd1957d43a4cdbb7356a2e3", + "zh:d2186f4063aa1a547b52a53745d472e43f5343bc1674f2bbb91421c61b0fab50", + "zh:d74bbb67a77951b18ffd7b2863954e70ac03450ad2023cc305c66a5ff25d8d18", + "zh:f5970569ea0a479bbfbf2d452f5962e1c9bd472b82756db822d0e951363daa25", ] } diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index ba31337..2219ff9 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -8,7 +8,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2026.2.0" + version = "2025.12.1" } } } diff --git a/tofu/modules/authentik-app/main.tf b/tofu/modules/authentik-app/main.tf index cb0f8fc..1b65990 100644 --- a/tofu/modules/authentik-app/main.tf +++ b/tofu/modules/authentik-app/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2026.2.0" + version = "2025.12.1" } } } diff --git a/tofu/modules/authentik-app/vars.tf b/tofu/modules/authentik-app/vars.tf index 445710f..099440b 100644 --- a/tofu/modules/authentik-app/vars.tf +++ b/tofu/modules/authentik-app/vars.tf @@ -8,33 +8,11 @@ variable "app_slug" { type = string } - -variable "client_type" { - type = string - default = "confidential" - - validation { - condition = contains(["confidential", "public"], var.client_type) - error_message = "client_type must be 'confidential' or 'public'" - } -} - variable "app_access_group_id" { description = "ID of a group which will have access to the app" type = string } -variable "sub_mode" { - type = string - default = "user_username" - - validation { - condition = contains(["user_id", "user_username", "hashed_user_id"], var.sub_mode) - error_message = "sub_mode must be 'user_id', 'user_username' or 'hashed_user_id'" - } -} - - variable "open_in_new_tab" { type = bool description = "Open apps in a new tab" diff --git a/tofu/modules/authentik-ldap/.terraform.lock.hcl b/tofu/modules/authentik-ldap/.terraform.lock.hcl index 71b1759..fe7616b 100644 --- a/tofu/modules/authentik-ldap/.terraform.lock.hcl +++ b/tofu/modules/authentik-ldap/.terraform.lock.hcl @@ -2,34 +2,36 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2026.2.0" - constraints = "2026.2.0" + version = "2025.12.1" + constraints = "2025.12.1" hashes = [ - "h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=", - "h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=", - "h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=", - "h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=", - "h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=", - "h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=", - "h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=", - "h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=", - "h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=", - "h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=", - "h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=", - "h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=", - "h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=", - "zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0", - "zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01", - "zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2", - "zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61", - "zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad", - "zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5", - "zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9", - "zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8", - "zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de", - "zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5", - "zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a", - "zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331", - "zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3", + "h1:+R2MRgaXvmR1l+nYxYJqMSuvA4VBzfBoh2Er6TnDRPE=", + "h1:1y5I173i8qvxp8GQHBBI/bxkr6YOqY4IqOiJWIUSeeM=", + "h1:XHaltkhuTgyFCCZgpay2orOgc0TyZf0KqrFHNfUgY20=", + "h1:XvFByv5e6fKSlayYaXpFD/JbTYZN1ybujVJJjny1Q18=", + "h1:ZU9d05CLVYBbmdB0IGiG9MueY4/fVo4D6FeyQtbeujA=", + "h1:doHtDOiEIgIUWlUUc9jC7Uqdhj1hsy3etvdYmegcUZM=", + "h1:hUgMx2B40ByfaMA4Al0h7xotp/pZxJJxZZa/HJb6NDc=", + "h1:kG5J46qkCdUWJp/1p8CLifqc7Fy54IDZEjYhpmWcars=", + "h1:lNx+bJr11tPJxpkL5aTdOkGwB41O2Kv8fvKuiMl/LLs=", + "h1:mSOL+FqSLNkWeXopegyK/MoCkMD/VmW9V3PHLaIePjU=", + "h1:oCKzPBsyaD1ENda7qbREG3DYV3Opu09ub+msk3vRCkw=", + "h1:p9AGeRqK50wTHEIp7z7O4MUP83cs+lt7wPajZ9m9TB8=", + "h1:tBoVWDOhByI7cg9TYAAw6LDdMmWLpa2LYwJzzcukdiA=", + "h1:zHQHXKmlGNYBaWLJ9SuXsJ7dbpsvhDJl5pJi+PFU+2w=", + "zh:0e856d3b13614bc32346a236a8e84ba55ecd17238c2008d4b3e71aa8cb49f515", + "zh:2dcc44cd499c18ebbc4f763eff97a7b725763c8ac8fbb5d69c935413ccdc4962", + "zh:434100fc75ec7cd6b64cc9497e8273e79325fa8d285e9fd9d341c1a67421643b", + "zh:483484f66d2e8ce6fa4bfd91e824ceebf07d10acb5df5f366397c55227c4ae91", + "zh:596743a6f1c77a6f103b06ef8d932fe8f2376793b92478853dc84571d17c429f", + "zh:5ed2d5eb7db13229baaf042c725d5c64b58ffdcc641370175e0a88900af94bf1", + "zh:8aecd4cf782c82bee01098f72fe4ffff83707516007b32a01c7fcb19a9260338", + "zh:928c05ecac309287ff7d73ed6e478350fe3003557658ae5dc2be817a4268dba7", + "zh:9b9fd36dfb3e75da8b4478485272505ae9a3c67b10db173e1d2d76cfe2b637b8", + "zh:ab7cd8c61ab67a045854e32f0be1940a92746770dbf3c17bbe923e0259c4f897", + "zh:bb1360ec19a4fc1095d0ef1b7b6c5c3c1a91daac7cd1957d43a4cdbb7356a2e3", + "zh:d2186f4063aa1a547b52a53745d472e43f5343bc1674f2bbb91421c61b0fab50", + "zh:d74bbb67a77951b18ffd7b2863954e70ac03450ad2023cc305c66a5ff25d8d18", + "zh:f5970569ea0a479bbfbf2d452f5962e1c9bd472b82756db822d0e951363daa25", ] } diff --git a/tofu/modules/authentik-ldap/main.tf b/tofu/modules/authentik-ldap/main.tf index 76bf980..b0fc742 100644 --- a/tofu/modules/authentik-ldap/main.tf +++ b/tofu/modules/authentik-ldap/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2026.2.0" + version = "2025.12.1" } } } diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index 6082b7f..aea24f7 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2026.2.0" + version = "2025.12.1" } } } diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index cdb97c5..86e4baa 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2026.2.0" + version = "2025.12.1" } } }