chore(deps): update netbirdio/signal docker tag to v0.33.0

2024-11-24 01:58:57 +00:00
12 changed files with 72 additions and 75 deletions
--- a/docker/forgejo-runner/docker-compose.yml
+++ b/docker/forgejo-runner/docker-compose.yml
@ -1,6 +1,6 @@
 ---
 x-runner-common: &runner-common
-  image: code.forgejo.org/forgejo/runner:5.0.3
+  image: code.forgejo.org/forgejo/runner:4.0.1
  links:
    - docker-in-docker
  depends_on:
--- a/docker/netbird/docker-compose.yml
+++ b/docker/netbird/docker-compose.yml
@ -1,7 +1,7 @@
 ---
 services:
  dashboard:
-    image: netbirdio/dashboard:v2.7.1
+    image: netbirdio/dashboard:v2.7.0
    restart: unless-stopped
    ports:
      - 8005:80
@ -23,7 +23,7 @@ services:
        max-size: "500m"
        max-file: "2"
  signal:
-    image: netbirdio/signal:0.34.1
+    image: netbirdio/signal:0.33.0
    restart: unless-stopped
    volumes:
      - netbird-signal:/var/lib/netbird
@ -35,7 +35,7 @@ services:
        max-size: "500m"
        max-file: "2"
  relay:
-    image: netbirdio/relay:0.33.0
+    image: netbirdio/relay:0.31.1
    restart: unless-stopped
    environment:
      NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info}
@ -50,7 +50,7 @@ services:
        max-size: "500m"
        max-file: "2"
  management:
-    image: netbirdio/management:0.33.0
+    image: netbirdio/management:0.31.1
    restart: unless-stopped
    depends_on:
      - dashboard
@ -91,7 +91,7 @@ services:
        max-file: "2"

  peer-1:
-    image: netbirdio/netbird:0.33.0
+    image: netbirdio/netbird:0.31.1
    restart: unless-stopped
    volumes:
      - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird
--- a/docker/nextcloud/Dockerfile
+++ b/docker/nextcloud/Dockerfile
@ -1,4 +1,4 @@
-FROM nextcloud:30.0.3-apache
+FROM nextcloud:30.0.2-apache

 RUN set -ex; \
    \
--- a/docker/nextcloud/docker-compose.yml
+++ b/docker/nextcloud/docker-compose.yml
@ -14,7 +14,7 @@ services:
      - nextcloud

  nextcloud:
-    image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.3
+    image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.2
    volumes:
      - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data
      - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config
--- a/k8s/argo-apps/renovate.yaml
+++ b/k8s/argo-apps/renovate.yaml
@ -13,7 +13,7 @@ spec:
  sources:
    - chart: renovate
      repoURL: https://docs.renovatebot.com/helm-charts
-      targetRevision: 39.49.*
+      targetRevision: 39.25.*
      helm:
        valuesObject:
          renovate:
--- a/k8s/argo-apps/valkey.yaml
+++ b/k8s/argo-apps/valkey.yaml
@ -15,7 +15,7 @@ spec:
  sources:
    - chart: valkey-cluster
      repoURL: registry-1.docker.io/bitnamicharts
-      targetRevision: 2.0.*
+      targetRevision: 1.0.*
      helm:
        valuesObject:
          existingSecret: secrets-valkey
--- a/tofu/authentik/.terraform.lock.hcl
+++ b/tofu/authentik/.terraform.lock.hcl
@ -2,23 +2,36 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/goauthentik/authentik" {
-  version     = "2024.10.2"
-  constraints = "2024.10.2"
+  version     = "2024.10.1"
+  constraints = "2024.10.1"
  hashes = [
-    "h1:qjDOLb8+12kZHSM3VsItQCsZYJhDMD4bNKSZi15HQ28=",
-    "zh:06c6c9bb2716052fefc1013ed1a77a12159d5625fe43857700c282e80e2fbba1",
-    "zh:121e45b3d3675df24e2c1bb107e2ed15fc9f1ec8b602b9bdaebec71481addf0c",
-    "zh:2aec74c8df3e3eb56fb09edcb1c7f43c91f932b2ef2327aa855ba0819f11169e",
-    "zh:4f2bf009f43293a24cc8941d4bbab340a53f569a9331aa615a7934f500a64290",
-    "zh:64b150655b47c60e6ae72a2ee754f5019b2baabd4dc292a6b2b960b3a206e218",
-    "zh:78bf3fd7cbac489d23a620743e5af5b85b31fc548433cf86f0861878b68f2666",
-    "zh:7ce7a02671056d476d17652d780ee2bd309ce34eb77746719b7b277ca66b7c58",
-    "zh:84fdb911186918cbba86c1390ce18a4423f0d748216f2d9c8421801b34b41f16",
-    "zh:95db38fb110302707cd70471f5cb2bf361ed6d5987f7b6fe5f3c5855f9dc9b64",
-    "zh:9c24dbf6512637bb1d4201a901dddef0210b440ad8b02717ca1167b75afa6882",
-    "zh:a83bc8bfe87e44c788c3c974e764c7bfb1c5fb982f427a5b928c50e55b48dea6",
-    "zh:b5a4d5d1f2f0e8d65ad29a23bfd72d0d4e3e06e9bacea9463a10e67137833409",
-    "zh:d1e08a662ab7c80373bc13446c9b316a671fcddec6aeffef7ab3649d1bbfb76b",
-    "zh:e1c50a791f2d53f7b464ab122f92062547d5a4ad71297f5e7f0375453cd2034f",
+    "h1:/Eo+yQyGAKK67bkgt1plX5X41mkRKu5br66XYnL/UyQ=",
+    "h1:1S06FnDvjDsdOm/2J/M95FypohflaT0a9OUOwl4S87o=",
+    "h1:7c3PvOLtsB0F4KHdGT1bTq2mzeNjx4TaNlVKRX78vAc=",
+    "h1:8NUPNLWr9/klFJckfw6HkOMqsGhTTdePUmlBRLOIJjY=",
+    "h1:Ariy1e/DAbcoXS9Wud/Ad3rEC1cLqQ7HdcHBzfTRiSM=",
+    "h1:Bc9zVu8DyzeveEqEaCitlsvzBEY6CU/F648PEjrFYuk=",
+    "h1:D5mConUujTcrau12WRa+Qg1lvPJLzjc76ClIYevJtVw=",
+    "h1:FFYDaQDN8nbfsjwp8kw7YO6xsFCJlhtKSXx9gdLLbok=",
+    "h1:Qfd127te/m5E0LAJvJ9kGWKdCXQdFXlz3ve+nV3HsWM=",
+    "h1:RpNxc5WPT5H3WoKP8t7yKLO7MUAuHgfjm/rifaKpYM8=",
+    "h1:XifS+/OiEMhGI7MQnQtF3ACScqWB/N2Sr/bIrvSKOag=",
+    "h1:YMreOu0B0U2v8azRZ/iVJPhoDedlATNHCam1iztTUks=",
+    "h1:eIMjryDbwEUWlBOFPtGWPf9NdNVWeGLeniVzafoPXZU=",
+    "h1:v6XQwr4PDKtgHtdgCq03iYme4VaJAG8kSH4aKJL0OSw=",
+    "zh:149c76107f75ea5b530409d81cd3b63abc5478831c1f794df1fc12acd5f7ac78",
+    "zh:60bf7a62ec4bb742121f708b1e964b6bc816988e14c9e831723f0788a5c22471",
+    "zh:625f1eecf87e1d741bc99b69aa0aac3c82a4040bb9e704e2c20b09e562517c20",
+    "zh:690f247fd428dd7659aad3189a86288c784fdedbeb8cd75295aa417338d126b2",
+    "zh:6be8c0c70b18da79b5c7cb19ca445a1607404b7e1caff9bdb8e2330c22a591c6",
+    "zh:77bd031a28ec92a215cc5c12381791239ad43087c37f73ab1538f909e15ceae5",
+    "zh:78ffd4fe7b65220db2d33430240507395a71ef8e1dd1c22d82fd547855113df5",
+    "zh:7c0414978a45481bbeb8fc1aed1806409a2499967bd30edfcf9c34d1005d0faa",
+    "zh:7df2c43de2555c11b761a938e2414f25165845d932ca95d562ccabfe3a78a209",
+    "zh:819baedab497151fabcc9c887bcb07382a371708e3f9632ae1a58563ba79104f",
+    "zh:891208df7e634c2de7cb164d1ed88d492e7852abd32293b727b5b82f32efd7e7",
+    "zh:b6385a881b7098f6a6260f7b298eb26ef06eeed02a90ffdff9d2d7cf72fdaa27",
+    "zh:ce642bbd35babd93339a80549552823ec743397e456f18dbcffdf5af3fec612e",
+    "zh:ffd96ddda256a49097b21e6e672ef63d532a960bbc5455958102900ce79a4a10",
  ]
 }
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@ -8,7 +8,7 @@ terraform {
  required_providers {
    authentik = {
      source  = "goauthentik/authentik"
-      version = "2024.10.2"
+      version = "2024.10.1"
    }
  }
 }
@ -40,7 +40,7 @@ module "gitea" {
  client_id           = var.gitea_client_id
  client_secret       = var.gitea_client_secret
  app_access_group_id = ""
-  redirect_uris       = [{ matching_mode = "strict", url = "https://git.roboces.dev/user/oauth2/authentik/callback" }]
+  redirect_uris       = ["https://git.roboces.dev/user/oauth2/authentik/callback"]
  app_icon            = "https://git.roboces.dev/assets/img/logo.svg"
  app_description     = "Beyond coding. We forge."
  app_publisher       = "Forgejo"
@ -55,21 +55,12 @@ module "miniflux" {
  client_id           = var.miniflux_client_id
  client_secret       = var.miniflux_client_secret
  app_access_group_id = ""
-  redirect_uris = [
-    {
-      matching_mode = "strict",
-      url           = "https://feeds.roboces.dev/oauth2/oidc/callback"
-    },
-    {
-      matching_mode = "strict",
-      url           = "https://feeds.fuku/oauth2/oidc/callback"
-    }
-  ]
-  app_icon        = "https://miniflux.app/favicon.ico"
-  app_description = "RSS aggregator"
-  app_publisher   = "Miniflux"
-  app_url         = "https://feeds.roboces.dev"
-  sub_mode        = "hashed_user_id"
+  redirect_uris       = ["https://feeds.roboces.dev/oauth2/oidc/callback", "https://feeds.fuku/oauth2/oidc/callback"]
+  app_icon            = "https://miniflux.app/favicon.ico"
+  app_description     = "RSS aggregator"
+  app_publisher       = "Miniflux"
+  app_url             = "https://feeds.roboces.dev"
+  sub_mode            = "hashed_user_id"
 }

 module "portainer" {
@ -80,10 +71,7 @@ module "portainer" {
  client_secret       = var.portainer_client_secret
  app_access_group_id = authentik_group.admins.id
  redirect_uris = [
-    {
-      matching_mode = "strict",
-      url           = "https://containers.fukurokuju.dev/"
-    }
+    "https://containers.fukurokuju.dev/"
  ]
  app_icon        = "https://www.portainer.io/hubfs/crane-icon.svg"
  app_description = "Kubernetes and Docker container Management Software"
@ -99,13 +87,11 @@ module "paperless" {
  client_id           = var.paperless_client_id
  client_secret       = var.paperless_client_secret
  app_access_group_id = ""
-  redirect_uris = [
-    { matching_mode = "strict", url = "https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/" }
-  ]
-  app_icon        = "https://paperless.roboces.dev/favicon.ico"
-  app_description = "Document manager"
-  app_publisher   = "Paperless"
-  app_url         = "https://paperless.roboces.dev"
+  redirect_uris       = ["https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/"]
+  app_icon            = "https://paperless.roboces.dev/favicon.ico"
+  app_description     = "Document manager"
+  app_publisher       = "Paperless"
+  app_url             = "https://paperless.roboces.dev"
 }

 module "sonarr" {
@ -150,19 +136,9 @@ module "netbird" {
  client_type         = "public"
  app_access_group_id = authentik_group.vpn.id
  redirect_uris = [
-    {
-      matching_mode = "strict",
-      url           = "https://vpn.fukurokuju.dev",
-    },
-    {
-      matching_mode = "regex",
-      url           = "https://vpn.fukurokuju.dev.*",
-    },
-    {
-      matching_mode = "strict",
-      url           = "http://localhost:53000"
-    },
-
+    "https://vpn.fukurokuju.dev",
+    "https://vpn.fukurokuju.dev.*",
+    "http://localhost:53000"
  ]
  sub_mode = "user_id"
  extra_property_mappings = [
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@ -1,3 +1,12 @@
+variable "firezone_client_id" {
+  description = "Client ID"
+  type        = string
+}
+
+variable "firezone_client_secret" {
+  description = "Client secret"
+  type        = string
+}

 variable "gitea_client_id" {
  description = "Client ID"
@ -43,7 +52,6 @@ variable "netbird_client_id" {
  description = "Netbird client ID"
  type        = string
 }
-
 variable "netbird_client_secret" {
  description = "Netbird client secret"
  type        = string
--- a/tofu/modules/authentik-oidc/main.tf
+++ b/tofu/modules/authentik-oidc/main.tf
@ -3,12 +3,12 @@ terraform {
  required_providers {
    authentik = {
      source  = "goauthentik/authentik"
-      version = "2024.10.2"
+      version = "2024.10.1"
    }
  }
 }

-data "authentik_flow" "default-authorization-implicit-flow" {
+data "authentik_flow" "default-authorization-flow" {
  slug = "default-provider-authorization-implicit-consent"
 }

@ -35,9 +35,9 @@ resource "authentik_provider_oauth2" "provider_oidc" {
  client_id              = var.client_id
  client_secret          = var.client_secret
  client_type            = var.client_type
-  authorization_flow     = data.authentik_flow.default-authorization-implicit-flow.id
+  authorization_flow     = data.authentik_flow.default-authorization-flow.id
  authentication_flow    = data.authentik_flow.default-authentication-flow.id
-  allowed_redirect_uris  = var.redirect_uris
+  redirect_uris          = var.redirect_uris
  property_mappings      = data.authentik_property_mapping_provider_scope.default-scopes.ids
  sub_mode               = var.sub_mode
  signing_key            = var.oidc_signing_key
--- a/tofu/modules/authentik-oidc/vars.tf
+++ b/tofu/modules/authentik-oidc/vars.tf
@ -35,7 +35,7 @@ variable "app_access_group_id" {

 variable "redirect_uris" {
  description = "List of URIs allowed to redirect to"
-  type        = list(map(string))
+  type        = list(string)
 }

 variable "sub_mode" {
--- a/tofu/modules/authentik-proxy/main.tf
+++ b/tofu/modules/authentik-proxy/main.tf
@ -3,7 +3,7 @@ terraform {
  required_providers {
    authentik = {
      source  = "goauthentik/authentik"
-      version = "2024.10.2"
+      version = "2024.10.1"
    }
  }
 }