diff --git a/docker/forgejo-runner/docker-compose.yml b/docker/forgejo-runner/docker-compose.yml index c839404..e98dc66 100644 --- a/docker/forgejo-runner/docker-compose.yml +++ b/docker/forgejo-runner/docker-compose.yml @@ -1,6 +1,6 @@ --- x-runner-common: &runner-common - image: code.forgejo.org/forgejo/runner:12.6.3 + image: code.forgejo.org/forgejo/runner:11.3.1 links: - docker-in-docker depends_on: diff --git a/docker/ganymede/docker-compose.yml b/docker/ganymede/docker-compose.yml deleted file mode 100644 index 1f24da0..0000000 --- a/docker/ganymede/docker-compose.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -services: - ganymede: - container_name: ganymede - image: ghcr.io/zibbp/ganymede:4.11.5 - restart: unless-stopped - environment: - DEBUG: ${GANYMEDE_DEBUG:-false} - TZ: ${GANYMEDE_TZ:-Europe/Madrid} - VIDEOS_DIR: ${GANYMEDE_VIDEOS_DIR:-/data/videos} - TEMP_DIR: ${GANYMEDE_TEMP_DIR:-/data/temp} - LOGS_DIR: ${GANYMEDE_LOGS_DIR:-/data/logs} - CONFIG_DIR: ${GANYMEDE_CONFIG_DIR:-/data/config} - DB_HOST: ${GANYMEDE_DB_HOST:-192.168.1.3} - DB_PORT: ${GANYMEDE_DB_PORT:-5432} - DB_USER: ${GANYMEDE_DB_USER:-ganymede} - DB_PASS: ${GANYMEDE_DB_PASS} - DB_NAME: ${GANYMEDE_DB_NAME:-ganymede} - DB_SSL: ${GANYMEDE_DB_SSL:-disable} - TWITCH_CLIENT_ID: ${GANYMEDE_TWITCH_CLIENT_ID} - TWITCH_CLIENT_SECRET: ${GANYMEDE_TWITCH_CLIENT_SECRET} - MAX_CHAT_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS:-3} - MAX_CHAT_RENDER_EXECUTIONS: ${GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS:-2} - MAX_VIDEO_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS:-2} - MAX_VIDEO_CONVERT_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS:-3} - MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS:-2} - OAUTH_ENABLED: ${GANYMEDE_OAUTH_ENABLED:-true} - OAUTH_PROVIDER_URL: ${GANYMEDE_OAUTH_PROVIDER_URL:-https://auth.fukurokuju.dev/application/o/ganymede/} - OAUTH_CLIENT_ID: ${GANYMEDE_OAUTH_CLIENT_ID} - OAUTH_CLIENT_SECRET: ${GANYMEDE_OAUTH_CLIENT_SECRET} - OAUTH_REDIRECT_URL: ${GANYMEDE_OAUTH_REDIRECT_URL:-https://vods.roboces.dev/api/v1/auth/oauth/callback} - SHOW_SSO_LOGIN_BUTTON: ${GANYMEDE_SHOW_SSO_LOGIN_BUTTON:-true} - FORCE_SSO_AUTH: ${GANYMEDE_FORCE_SSO_AUTH:-true} - REQUIRE_LOGIN: ${GANYMEDE_REQUIRE_LOGIN:-true} - volumes: - - ${GANYMEDE_VIDEOS:-/mnt/vods/ganymede/videos}:/data/videos - - ${GANYMEDE_TEMP:-/mnt/vods/ganymede/temp}:/data/temp - - ${GANYMEDE_CACHE:-/mnt/vods/ganymede/cache}:/data/.cache - - ${GANYMEDE_LOGS:-/mnt/vods/ganymede/logs}:/data/logs - - ${GANYMEDE_CONFIG:-/mnt/vods/ganymede/config}:/data/config - ports: - - "4800:4000" - healthcheck: - test: curl --fail http://localhost:4000/health || exit 1 - interval: 60s - retries: 5 - start_period: 60s - timeout: 10s diff --git a/docker/ganymede/sample.env b/docker/ganymede/sample.env deleted file mode 100644 index 5b2205b..0000000 --- a/docker/ganymede/sample.env +++ /dev/null @@ -1,27 +0,0 @@ -GANYMEDE_DEBUG=false -GANYMEDE_TZ=Europe/Madrid -GANYMEDE_VIDEOS_DIR=/data/videos -GANYMEDE_TEMP_DIR=/data/temp -GANYMEDE_LOGS_DIR=/data/logs -GANYMEDE_CONFIG_DIR=/data/config -GANYMEDE_DB_HOST=192.168.1.3 -GANYMEDE_DB_PORT=5432 -GANYMEDE_DB_USER=ganymede -GANYMEDE_DB_PASS= -GANYMEDE_DB_NAME=ganymede -GANYMEDE_DB_SSL=disable -GANYMEDE_TWITCH_CLIENT_ID= -GANYMEDE_TWITCH_CLIENT_SECRET= -GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS=3 -GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS=2 -GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS=2 -GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS=3 -GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS=2 -GANYMEDE_OAUTH_ENABLED=true -GANYMEDE_OAUTH_PROVIDER_URL=https://auth.fukurokuju.dev/application/o/ganymede/ -GANYMEDE_OAUTH_CLIENT_ID= -GANYMEDE_OAUTH_CLIENT_SECRET= -GANYMEDE_OAUTH_REDIRECT_URL=https://vods.roboces.dev/api/v1/auth/oauth/callback -GANYMEDE_SHOW_SSO_LOGIN_BUTTON=true -GANYMEDE_FORCE_SSO_AUTH=false -GANYMEDE_REQUIRE_LOGIN=false diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml index 99209c6..7e14770 100644 --- a/docker/paperless/docker-compose.yml +++ b/docker/paperless/docker-compose.yml @@ -14,7 +14,7 @@ services: webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:2.20.6 + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.5 restart: unless-stopped ports: - 8002:8000 diff --git a/docker/rustical/docker-compose.yml b/docker/rustical/docker-compose.yml index 2bca4ee..1b2688e 100644 --- a/docker/rustical/docker-compose.yml +++ b/docker/rustical/docker-compose.yml @@ -1,7 +1,7 @@ --- services: rustical: - image: ghcr.io/lennart-k/rustical:0.12.4 + image: ghcr.io/lennart-k/rustical:0.12.1 ports: - '4000:4000' volumes: diff --git a/docker/tailscale/docker-compose.yml b/docker/tailscale/docker-compose.yml deleted file mode 100644 index f0d25e1..0000000 --- a/docker/tailscale/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -services: - tailscale: - image: tailscale/tailscale:v1.92.5 - hostname: tailscale - environment: - TS_AUTHKEY: ${TS_AUTHKEY} - TS_HOSTNAME: ${TS_HOSTNAME:-docker-exit-node} - TS_EXTRA_ARGS: ${TS_EXTRA_ARGS:---advertise-exit-node} - TS_ROUTES: ${TS_ROUTES:-192.168.1.0/24} - TS_STATE_DIR: /var/lib/tailscale - volumes: - - ${TS_VOLUME:-/mnt/nas1/shared/tailscale}:/var/lib/tailscale - devices: - - /dev/net/tun:/dev/net/tun - cap_add: - - net_admin - restart: unless-stopped diff --git a/docker/tailscale/sample.env b/docker/tailscale/sample.env deleted file mode 100644 index 83646d5..0000000 --- a/docker/tailscale/sample.env +++ /dev/null @@ -1,5 +0,0 @@ -TS_AUTHKEY= -TS_HOSTNAME=docker-exit-node -TS_EXTRA_ARGS=--advertise-exit-node -TS_ROUTES=192.168.1.0/24 -TS_VOLUME=/mnt/nas1/shared/tailscale diff --git a/docker/tandoor/docker-compose.yml b/docker/tandoor/docker-compose.yml index 5bf5d88..8133b76 100644 --- a/docker/tandoor/docker-compose.yml +++ b/docker/tandoor/docker-compose.yml @@ -2,7 +2,7 @@ services: web_recipes: restart: always - image: vabene1111/recipes:2.4.2 + image: vabene1111/recipes:2.3.6 volumes: - ${TANDOOR_STATICFILES:-/mnt/nas1/shared/tandoor/staticfiles}:/opt/recipes/staticfiles - ${TANDOOR_MEDIAFILES:-/mnt/nas1/shared/tandoor/mediafiles}:/opt/recipes/mediafiles diff --git a/docker/vaultwarden/docker-compose.yml b/docker/vaultwarden/docker-compose.yml index bef3334..4c2b3dc 100644 --- a/docker/vaultwarden/docker-compose.yml +++ b/docker/vaultwarden/docker-compose.yml @@ -1,7 +1,7 @@ --- services: vaultwarden: - image: vaultwarden/server:1.35.2-alpine + image: vaultwarden/server:1.34.3-alpine restart: unless-stopped environment: DATABASE_URL: ${DATABASE_URL} diff --git a/k8s/argo-apps/factorio.yaml b/k8s/argo-apps/factorio.yaml new file mode 100644 index 0000000..cd2d97d --- /dev/null +++ b/k8s/argo-apps/factorio.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: factorio + namespace: argocd +spec: + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + sources: + - chart: factorio-server-charts + repoURL: https://sqljames.github.io/factorio-server-charts/ + targetRevision: 2.5.* + helm: + valuesObject: + rcon: + passwordSecret: secrets-factorio + nodeSelector: + kubernetes.io/hostname: agent1 + image: + tag: latest + factorioServer: + save_name: fukurokuju-space + admin_list: + - Phireh + account: + accountSecret: secrets-factorio + server_settings: + name: factorio-fukurokuju + visibility: + public: false + require_user_verification: false + persistence: + storageClassName: truenas-nfs-csi + serverPassword: + passwordSecret: secrets-factorio + + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/factorio + targetRevision: main + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/forgejo.yaml b/k8s/argo-apps/forgejo.yaml index 1106bc3..1f49a0c 100644 --- a/k8s/argo-apps/forgejo.yaml +++ b/k8s/argo-apps/forgejo.yaml @@ -14,7 +14,7 @@ spec: sources: - chart: forgejo repoURL: code.forgejo.org/forgejo-helm - targetRevision: 16.0.2 + targetRevision: 15.1.0 helm: valuesObject: replicaCount: 2 diff --git a/k8s/argo-apps/meili.yaml b/k8s/argo-apps/meili.yaml index 8d256c6..530dbd8 100644 --- a/k8s/argo-apps/meili.yaml +++ b/k8s/argo-apps/meili.yaml @@ -18,7 +18,7 @@ spec: targetRevision: main - chart: meilisearch repoURL: https://meilisearch.github.io/meilisearch-kubernetes - targetRevision: 0.25.* + targetRevision: 0.24.* helm: valuesObject: environment: diff --git a/k8s/argo-apps/pulse.yaml b/k8s/argo-apps/pulse.yaml deleted file mode 100644 index 7873917..0000000 --- a/k8s/argo-apps/pulse.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: pulse - namespace: argocd -spec: - destination: - name: '' - namespace: apps-fuku - server: https://kubernetes.default.svc - project: fuku - syncPolicy: - automated: {} - sources: - - repoURL: https://rcourtman.github.io/Pulse - chart: pulse - targetRevision: v5.0.* - helm: - valuesObject: - persistence: - enabled: true - size: 10Gi - storageClass: truenas-nfs-csi - accessModes: - - ReadWriteMany - service: - type: LoadBalancer - ingress: - enabled: true - hosts: - - host: pulse.fukurokuju.dev - paths: - - path: / - pathType: Prefix - tls: [] - monitoring: - serviceMonitor: - enabled: true - - - path: k8s/services/pulse - repoURL: https://git.roboces.dev/catalin/fukuops.git - targetRevision: main diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index 70b68ef..73787dd 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 46.2.* + targetRevision: 45.74.* helm: valuesObject: renovate: diff --git a/k8s/services/argo/project-fuku.yaml b/k8s/services/argo/project-fuku.yaml index ead0d89..43e602a 100644 --- a/k8s/services/argo/project-fuku.yaml +++ b/k8s/services/argo/project-fuku.yaml @@ -32,4 +32,3 @@ spec: - registry-1.docker.io/cloudpirates - https://vmware-tanzu.github.io/helm-charts/ - https://helm.runix.net - - https://rcourtman.github.io/Pulse diff --git a/k8s/services/pulse/ds.yaml b/k8s/services/pulse/ds.yaml deleted file mode 100644 index 26516fa..0000000 --- a/k8s/services/pulse/ds.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pulse-agent - namespace: apps-fuku ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: pulse-agent-read -rules: - - apiGroups: [""] - resources: ["nodes", "pods"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: pulse-agent-read -subjects: - - kind: ServiceAccount - name: pulse-agent - namespace: apps-fuku -roleRef: - kind: ClusterRole - name: pulse-agent-read - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: pulse-agent - namespace: apps-fuku -spec: - selector: - matchLabels: - app: pulse-agent - template: - metadata: - labels: - app: pulse-agent - spec: - serviceAccountName: pulse-agent - containers: - - name: pulse-agent - image: rcourtman/pulse:v5.0.17 - command: ["/opt/pulse/bin/pulse-agent-linux-amd64"] - args: - - --enable-kubernetes - env: - - name: PULSE_URL - value: "https://pulse.fukurokuju.dev" - - name: PULSE_TOKEN - valueFrom: - secretKeyRef: - name: pulse-agent-secrets - key: PULSE_TOKEN - - name: PULSE_AGENT_ID - value: "k8s-cluster" - - name: PULSE_ENABLE_HOST - value: "true" - - name: HOST_PROC - value: "/host/proc" - - name: HOST_SYS - value: "/host/sys" - - name: HOST_ETC - value: "/host/etc" - - name: PULSE_KUBE_INCLUDE_ALL_PODS - value: "true" - - name: PULSE_KUBE_INCLUDE_ALL_DEPLOYMENTS - value: "true" - securityContext: - privileged: true - resources: - requests: - cpu: 50m - memory: 128Mi - limits: - memory: 512Mi - volumeMounts: - - name: host-proc - mountPath: /host/proc - readOnly: true - - name: host-sys - mountPath: /host/sys - readOnly: true - - name: host-root - mountPath: /host/root - readOnly: true - volumes: - - name: host-proc - hostPath: - path: /proc - - name: host-sys - hostPath: - path: /sys - - name: host-root - hostPath: - path: / - tolerations: - - operator: Exists diff --git a/k8s/services/pulse/sealedsecrets.yaml b/k8s/services/pulse/sealedsecrets.yaml deleted file mode 100644 index 0cade5d..0000000 --- a/k8s/services/pulse/sealedsecrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# yamllint disable rule:line-length ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: pulse-agent-secrets - namespace: apps-fuku -spec: - encryptedData: - PULSE_TOKEN: AgBBxrJ80IpJ0RvYKQuN6p3G8vIdSL9nESO9OTAR0NiMjSGZNbNEELKE/a1f2ixQUSsNc/k31c+7GlAi+8PmNC4c7rmRJTe+z3uO/BNNLYeTi7DsEk9/oJZTWn7iOcLogiZJQKxbGozCp/S8zrWisH67N2ZHmzz5UEJAzq57+fBEyAk22/WR0QMfW3oOYHGZFNR5AdAxrdfyRwTvSEOz4R2YlrQKRtOFVIPG/aEaAn42AGYfrq2cLVEiCygjE+8nZQ62TMmQqMiwiCjk5do9uRhhiRimuD78FrNnFU5dSwe/11ji5sSrEPjszPB8O0TBbsCssxfz48cKRm/6IdI9B5pKHYob68Ed8u5UgpRU/ZhUWJLyXuZF/Tgw+WcIsVkQXb3eqQTARBeZueugnA23lnzxh5gjR17wjPw7ePYaLiUWTYikOK5HvgpJyiuB0ev2cjGSqYeeAAn5ewCGM/NODXUAlFdC+N9S7ft1+chJrHoaXgHy8J9LWm/maKW99+yT08a68RvGGoZtFPZNlFjzurNF6EY9SLUFf0RLzShkyq6uuOzLm8gENyDIQ+Ru7wWEwyEcUz4ceAR5I78k0gCIDR1o4Ti22asdbRjMptZdOTbep+PWmu2K1oUvxXtXwgKkn8pvTkJpcdejqehnYPWfRAI3Guxi7LQDf++yShKS1NdXMdjhtFoNLa03xHM/G94sF3/mnJwivNhur1V7iC1yCY5NlruPr4KCd5AgOnKqoreRRvRbCVlFO1mtP6XV4sjqEIhmZyXWFJ76bwAC+hxSlFzL - template: - metadata: - creationTimestamp: null - name: pulse-agent-secrets - namespace: apps-fuku - type: Opaque diff --git a/tofu/adguard/main.tf b/tofu/adguard/main.tf index 894cfea..e419eee 100644 --- a/tofu/adguard/main.tf +++ b/tofu/adguard/main.tf @@ -85,12 +85,8 @@ resource "adguard_rewrite" "master2" { answer = "192.168.1.32" } + resource "adguard_rewrite" "k3m3" { domain = "k3m3.fuku" answer = "192.168.1.43" } - -resource "adguard_rewrite" "pulse" { - answer = "pulse.fukurokuju.dev" - domain = "192.168.1.12" -} diff --git a/tofu/authentik/.terraform.lock.hcl b/tofu/authentik/.terraform.lock.hcl index 61e958d..de2d5a9 100644 --- a/tofu/authentik/.terraform.lock.hcl +++ b/tofu/authentik/.terraform.lock.hcl @@ -2,36 +2,23 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2025.12.0" - constraints = "2025.12.0" + version = "2025.10.1" + constraints = "2025.10.1" hashes = [ - "h1:1WOionGZogRGfcwgsBshgGDDMFWqioq62s/FmpTonI8=", - "h1:7EkbL1fO5vkX5IvlGhKIjWcEPIc7U3zS/x0+rMC+NKE=", - "h1:N65bk3gPCHEJE8c68LCjQ2NMwDKDJlt0+ofnmeNM4FI=", - "h1:S2NDeRAxbfKPGvBqM7WES5znedi0V2AWc5wxkczYDd8=", - "h1:ZmqC2orWU2UItPZJZfsSnBBX7Ds0OEk8EarBtWjuFsc=", - "h1:aofPDDDWm9c87uip8IwKlhGDePNNr6Sy0Q+m9NgOols=", - "h1:f3+jlDlxpgKdCbcB7ac4lVn5pdSMM1e2Qh0AB0RDNsA=", - "h1:jt+Gtla0Z7zN4gCltMg//aDfCoSIdCyFF4ept4Qwc6E=", - "h1:msEjekUeIUKY6lipADjuQpaU1HPrp0MU19R9LpZv5UM=", - "h1:t61WX+9iOOCLlZ8tt/vZP7X8M/Q7F5k6QUyduYtpVf8=", - "h1:tI7fyxvSatX28mp0woFsBbhrnzgeZTZAaitzKThlyAo=", - "h1:wzjwM6RA9Jth4iCN5J9dzxnfjO56ZFl1T5rAQhuU1og=", - "h1:xZZSwrSXnUCPmP9U3EY9fKPmBru58wZozovF2+i//oY=", - "h1:z/+UpU0PH5hae3WEqJO7Lreo0wYO77UuJrimJyV3Mcg=", - "zh:0ce23bd10c1782a3ae9321a572093df2c283df9003fc1cf33f6e63df18a81b7a", - "zh:0de1db5b3363603e6bd25c9c420e24e872bcfe8d43a7015b710a0292ffa7a649", - "zh:1d719e62eb5195a6461cdf2e175960093cdb77b190a7b15eb3fd0e1fc38409e1", - "zh:3adba178a720c90f296183479872a82719f5497b24e90224c044bcc9e29092b7", - "zh:54e5895e61a39b955be26977c273d9581beccf0e22ec58932708472cab40b03b", - "zh:59b8df5b3be8bf9e8a8dcc7b5edf96b0ca505f93fc0db022cc33513172dbc2c8", - "zh:6d86630e353b874ad43d09e3d3541ba4f824c578122a21c7895a452a0534ca05", - "zh:b6c7466446ce685971dee0c7b2dcb16917e3d23805a51d7a2091e475908c8d87", - "zh:ca306de78ea0f99f698548d51b094501e8299340ccc9c6549d1b62fc1fe29456", - "zh:cc6bd38417c0a6c0d7a1c8533007c113155d82d085ea705d955dadf62b2f9f66", - "zh:da657c9db5647620fca377fdc934db6a0f6d05d4cc0dd91a47404850805fd6da", - "zh:dc0b1effedb7a35d1756be915ff8b48d0f422b7a9da75e7f14a2d3efa2d4806f", - "zh:eef8d1715e9cfcb6cbe05dc071390ee91276d12f6fd870bac116af47518f6176", - "zh:f4c0cd2168f59d4fbf4b1fada95a9c973224bbf81975e948f741ad18ef665690", + "h1:X0bV1LqI7nu4np+xiGP8yLVfyl6rh/XNXz7QQ7Hsr6g=", + "zh:02ac2478c8901043a0455b8b6b8185e9814786bd802a9aa6d4126d4f56d4735d", + "zh:24d680732a9ea72a86c1e7bf4aa13ab9cc0c60ee4bd4cae8af43670eff88edd9", + "zh:4f415f177671eeea2234eb835479bbb710e811e60864cec6a00ee0e03a412fa3", + "zh:55498caa20504dd52a1870823e15dec6c78948eac2e6ec98e6ec122b5407630b", + "zh:570f9ca7f909bda94b97feab7898ef392e01ae6178d8a9d36aac984d8a433ec1", + "zh:92ac78b97e2d5310ed82233980f941ebecf69ae1f9d03f3e719d8687aa6f4cc7", + "zh:95f852a4e7d22daac86901ebc6b327d5987832b707ad3fd3aeff6c36dd088717", + "zh:98c8659f468a58a9d224b2fca9d5909d39bcabf9e2593e9b4a574dbffb6e2dca", + "zh:a7d1428ec803ae794ebb05d772fa44020827a6b762a5b2da11869fc618ea59cd", + "zh:b1ef054b09fed4282c625a38a4aa6d1276c58e541f4cffcc716aa7d2b773f30a", + "zh:b95e3edeb0da3ee0c0392afa18957cf7d41b2f71ed08a50f4bf38010aaf77d30", + "zh:c3ce9f57889e6bb33f34ee4cc4463a77652b811351bbb25e6fc5ba9dc0c61e14", + "zh:f6d2fe811ad5c242ced99a6b51b2d7f60f060d4bc6837fe1026c2abb7cb6f9a4", + "zh:f78b8e20e7d9f53e1622051c706369a7c6d0f1e37c16df67a214697cd5d0a4fb", ] } diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index 6151382..87ebc58 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -8,7 +8,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.0" + version = "2025.10.1" } } } @@ -22,11 +22,6 @@ resource "authentik_group" "ci" { users = [data.authentik_user.catalin.id] } -resource "authentik_group" "vods" { - name = "vods" - users = [data.authentik_user.catalin.id] -} - resource "authentik_group" "admins" { name = "authentik Admins" is_superuser = true @@ -52,7 +47,6 @@ resource "authentik_group" "mediamanager" { is_superuser = false } - module "gitea" { source = "../modules/authentik-oidc" app_name = "Gitea" @@ -134,7 +128,7 @@ module "sonarr" { app_slug = "sonarr" app_access_group_id = authentik_group.arrs.id app_url = "https://sonarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:30113/" + internal_host = "http://192.168.1.3:38013/" internal_host_ssl_validation = false app_icon = "https://sonarr.tv/img/logo.png" } @@ -145,7 +139,7 @@ module "radarr" { app_slug = "radarr" app_access_group_id = authentik_group.arrs.id app_url = "https://radarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:30025/" + internal_host = "http://192.168.1.3:38012/" internal_host_ssl_validation = false app_icon = "https://radarr.video/img/background/logo.png" } @@ -156,7 +150,7 @@ module "lidarr" { app_slug = "lidarr" app_access_group_id = authentik_group.arrs.id app_url = "https://lidarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:30071/" + internal_host = "http://192.168.1.3:38010/" internal_host_ssl_validation = false app_icon = "https://lidarr.audio/img/background/logo.png" } @@ -177,7 +171,7 @@ module "prowlarr" { app_slug = "prowlarr" app_access_group_id = authentik_group.admins.id app_url = "https://prowlarr.fukurokuju.dev" - internal_host = "http://192.168.1.3:30050" + internal_host = "http://192.168.1.3:38014" internal_host_ssl_validation = false } @@ -205,11 +199,11 @@ module "sftpgo" { sub_mode = "user_username" } + module "rustical" { source = "../modules/authentik-oidc" app_name = "rustical" app_slug = "rustical" - app_url = "https://cal.roboces.dev" client_id = var.rustical_client_id client_secret = var.rustical_client_secret redirect_uris = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }] @@ -222,8 +216,6 @@ module "jellyfin" { app_slug = "jellyfin" base_dn = "DC=ldap,DC=fukurokuju,DC=dev" name = "jellyfin" - app_url = "https://jelly.roboces.dev" - app_icon = "https://jelly.roboces.dev/web/touchicon.f5bbb798cb2c65908633.png" app_access_group_id = authentik_group.arrs.id } @@ -232,43 +224,7 @@ module "tandoor" { app_name = "Tandoor" app_slug = "tandoor" app_access_group_id = "" - app_url = "https://recipes.roboces.dev" redirect_uris = [{ matching_mode = "strict", url = "https://recipes.roboces.dev/accounts/oidc/authentik/login/callback/" }] - app_icon = "https://recipes.roboces.dev/static/assets/logo_color_192.c9b9177ff941.png" client_id = var.tandoor_client_id client_secret = var.tandoor_client_secret } - -module "ganymede" { - source = "../modules/authentik-oidc" - app_name = "Ganymede" - app_slug = "ganymede" - redirect_uris = [{ matching_mode = "strict", url = "https://vods.roboces.dev/api/v1/auth/oauth/callback" }] - client_id = var.ganymede_client_id - client_secret = var.ganymede_client_secret - app_url = "https://vods.roboces.dev" - app_icon = "https://vods.roboces.dev/favicon.ico" - app_access_group_id = authentik_group.vods.id -} - -module "jellyseerr" { - source = "../modules/authentik-app" - app_name = "Solicitudes Jelly" - app_slug = "jellyseer" - app_url = "https://requests.roboces.dev" - app_icon = "https://requests.roboces.dev/os_icon.svg" - app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin" - app_access_group_id = authentik_group.arrs.id -} - -module "pulse" { - source = "../modules/authentik-oidc" - app_name = "Pulse" - app_slug = "pulse" - app_url = "https://pulse.fukurokuju.dev" - client_id = var.pulse_client_id - client_secret = var.pulse_client_secret - app_icon = "https://pulse.fukurokuju.dev/logo.svg" - redirect_uris = [{ matching_mode = "strict", url = "https://pulse.fukurokuju.dev/api/oidc/callback" }] - app_access_group_id = authentik_group.admins.id -} diff --git a/tofu/authentik/sample.env b/tofu/authentik/sample.env index 31a7461..3887146 100644 --- a/tofu/authentik/sample.env +++ b/tofu/authentik/sample.env @@ -14,7 +14,3 @@ TF_VAR_rustical_client_id= TF_VAR_rustical_client_secret= TF_VAR_tandoor_client_id= TF_VAR_tandoor_client_secret= -TF_VAR_ganymede_client_id= -TF_VAR_ganymede_client_secret= -TF_VAR_pulse_client_id= -TF_VAR_pulse_client_secret= diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf index f0e5dc2..30ec835 100644 --- a/tofu/authentik/vars.tf +++ b/tofu/authentik/vars.tf @@ -68,23 +68,3 @@ variable "tandoor_client_secret" { description = "Tandoor client secret" type = string } - -variable "ganymede_client_id" { - description = "Ganymede client ID" - type = string -} - -variable "ganymede_client_secret" { - description = "Ganymede client secret" - type = string -} - -variable "pulse_client_id" { - description = "Pulse client ID" - type = string -} - -variable "pulse_client_secret" { - description = "Pulse client secret" - type = string -} diff --git a/tofu/modules/authentik-app/main.tf b/tofu/modules/authentik-app/main.tf deleted file mode 100644 index 778e119..0000000 --- a/tofu/modules/authentik-app/main.tf +++ /dev/null @@ -1,26 +0,0 @@ -terraform { - required_version = ">= 1.6" - required_providers { - authentik = { - source = "goauthentik/authentik" - version = "2025.12.0" - } - } -} - -resource "authentik_application" "app" { - name = var.app_name - slug = var.app_slug - open_in_new_tab = var.open_in_new_tab - meta_icon = var.app_icon - meta_description = var.app_description - meta_publisher = var.app_publisher - meta_launch_url = var.app_url -} - -resource "authentik_policy_binding" "app_access" { - target = authentik_application.app.uuid - group = var.app_access_group_id - order = 0 - count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists -} diff --git a/tofu/modules/authentik-app/vars.tf b/tofu/modules/authentik-app/vars.tf deleted file mode 100644 index 445710f..0000000 --- a/tofu/modules/authentik-app/vars.tf +++ /dev/null @@ -1,62 +0,0 @@ -variable "app_name" { - description = "App name" - type = string -} - -variable "app_slug" { - description = "App slug, a human-readable URL identifier, e.g.: Google -> google" - type = string -} - - -variable "client_type" { - type = string - default = "confidential" - - validation { - condition = contains(["confidential", "public"], var.client_type) - error_message = "client_type must be 'confidential' or 'public'" - } -} - -variable "app_access_group_id" { - description = "ID of a group which will have access to the app" - type = string -} - -variable "sub_mode" { - type = string - default = "user_username" - - validation { - condition = contains(["user_id", "user_username", "hashed_user_id"], var.sub_mode) - error_message = "sub_mode must be 'user_id', 'user_username' or 'hashed_user_id'" - } -} - - -variable "open_in_new_tab" { - type = bool - description = "Open apps in a new tab" - default = true -} - -variable "app_icon" { - type = string - default = "" -} - -variable "app_description" { - type = string - default = "" -} - -variable "app_publisher" { - type = string - default = "" -} - -variable "app_url" { - type = string - default = "" -} diff --git a/tofu/modules/authentik-ldap/.terraform.lock.hcl b/tofu/modules/authentik-ldap/.terraform.lock.hcl index 61e958d..de2d5a9 100644 --- a/tofu/modules/authentik-ldap/.terraform.lock.hcl +++ b/tofu/modules/authentik-ldap/.terraform.lock.hcl @@ -2,36 +2,23 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2025.12.0" - constraints = "2025.12.0" + version = "2025.10.1" + constraints = "2025.10.1" hashes = [ - "h1:1WOionGZogRGfcwgsBshgGDDMFWqioq62s/FmpTonI8=", - "h1:7EkbL1fO5vkX5IvlGhKIjWcEPIc7U3zS/x0+rMC+NKE=", - "h1:N65bk3gPCHEJE8c68LCjQ2NMwDKDJlt0+ofnmeNM4FI=", - "h1:S2NDeRAxbfKPGvBqM7WES5znedi0V2AWc5wxkczYDd8=", - "h1:ZmqC2orWU2UItPZJZfsSnBBX7Ds0OEk8EarBtWjuFsc=", - "h1:aofPDDDWm9c87uip8IwKlhGDePNNr6Sy0Q+m9NgOols=", - "h1:f3+jlDlxpgKdCbcB7ac4lVn5pdSMM1e2Qh0AB0RDNsA=", - "h1:jt+Gtla0Z7zN4gCltMg//aDfCoSIdCyFF4ept4Qwc6E=", - "h1:msEjekUeIUKY6lipADjuQpaU1HPrp0MU19R9LpZv5UM=", - "h1:t61WX+9iOOCLlZ8tt/vZP7X8M/Q7F5k6QUyduYtpVf8=", - "h1:tI7fyxvSatX28mp0woFsBbhrnzgeZTZAaitzKThlyAo=", - "h1:wzjwM6RA9Jth4iCN5J9dzxnfjO56ZFl1T5rAQhuU1og=", - "h1:xZZSwrSXnUCPmP9U3EY9fKPmBru58wZozovF2+i//oY=", - "h1:z/+UpU0PH5hae3WEqJO7Lreo0wYO77UuJrimJyV3Mcg=", - "zh:0ce23bd10c1782a3ae9321a572093df2c283df9003fc1cf33f6e63df18a81b7a", - "zh:0de1db5b3363603e6bd25c9c420e24e872bcfe8d43a7015b710a0292ffa7a649", - "zh:1d719e62eb5195a6461cdf2e175960093cdb77b190a7b15eb3fd0e1fc38409e1", - "zh:3adba178a720c90f296183479872a82719f5497b24e90224c044bcc9e29092b7", - "zh:54e5895e61a39b955be26977c273d9581beccf0e22ec58932708472cab40b03b", - "zh:59b8df5b3be8bf9e8a8dcc7b5edf96b0ca505f93fc0db022cc33513172dbc2c8", - "zh:6d86630e353b874ad43d09e3d3541ba4f824c578122a21c7895a452a0534ca05", - "zh:b6c7466446ce685971dee0c7b2dcb16917e3d23805a51d7a2091e475908c8d87", - "zh:ca306de78ea0f99f698548d51b094501e8299340ccc9c6549d1b62fc1fe29456", - "zh:cc6bd38417c0a6c0d7a1c8533007c113155d82d085ea705d955dadf62b2f9f66", - "zh:da657c9db5647620fca377fdc934db6a0f6d05d4cc0dd91a47404850805fd6da", - "zh:dc0b1effedb7a35d1756be915ff8b48d0f422b7a9da75e7f14a2d3efa2d4806f", - "zh:eef8d1715e9cfcb6cbe05dc071390ee91276d12f6fd870bac116af47518f6176", - "zh:f4c0cd2168f59d4fbf4b1fada95a9c973224bbf81975e948f741ad18ef665690", + "h1:X0bV1LqI7nu4np+xiGP8yLVfyl6rh/XNXz7QQ7Hsr6g=", + "zh:02ac2478c8901043a0455b8b6b8185e9814786bd802a9aa6d4126d4f56d4735d", + "zh:24d680732a9ea72a86c1e7bf4aa13ab9cc0c60ee4bd4cae8af43670eff88edd9", + "zh:4f415f177671eeea2234eb835479bbb710e811e60864cec6a00ee0e03a412fa3", + "zh:55498caa20504dd52a1870823e15dec6c78948eac2e6ec98e6ec122b5407630b", + "zh:570f9ca7f909bda94b97feab7898ef392e01ae6178d8a9d36aac984d8a433ec1", + "zh:92ac78b97e2d5310ed82233980f941ebecf69ae1f9d03f3e719d8687aa6f4cc7", + "zh:95f852a4e7d22daac86901ebc6b327d5987832b707ad3fd3aeff6c36dd088717", + "zh:98c8659f468a58a9d224b2fca9d5909d39bcabf9e2593e9b4a574dbffb6e2dca", + "zh:a7d1428ec803ae794ebb05d772fa44020827a6b762a5b2da11869fc618ea59cd", + "zh:b1ef054b09fed4282c625a38a4aa6d1276c58e541f4cffcc716aa7d2b773f30a", + "zh:b95e3edeb0da3ee0c0392afa18957cf7d41b2f71ed08a50f4bf38010aaf77d30", + "zh:c3ce9f57889e6bb33f34ee4cc4463a77652b811351bbb25e6fc5ba9dc0c61e14", + "zh:f6d2fe811ad5c242ced99a6b51b2d7f60f060d4bc6837fe1026c2abb7cb6f9a4", + "zh:f78b8e20e7d9f53e1622051c706369a7c6d0f1e37c16df67a214697cd5d0a4fb", ] } diff --git a/tofu/modules/authentik-ldap/main.tf b/tofu/modules/authentik-ldap/main.tf index 86d1806..19cf5a6 100644 --- a/tofu/modules/authentik-ldap/main.tf +++ b/tofu/modules/authentik-ldap/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.0" + version = "2025.10.1" } } } diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index 3ca69a3..d78086a 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.0" + version = "2025.10.1" } } } diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index 288bd61..49179aa 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.0" + version = "2025.10.1" } } }