chore(deps): update helm release renovate to 45.69.*

docker/paperless/docker-compose.yml

@@ -14,7 +14,7 @@ services:
 
   webserver:
 
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.0
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.3
     restart: unless-stopped
     ports:
       - 8002:8000

k8s/argo-apps/dcsi.yaml

@@ -2,29 +2,39 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-    name: democratic-csi
+  name: democratic-csi
-    namespace: argocd
+  namespace: argocd
 spec:
-    destination:
+  destination:
-        name: ''
+    name: ''
-        namespace: democratic-csi
+    namespace: democratic-csi
-        server: https://kubernetes.default.svc
+    server: https://kubernetes.default.svc
-    sources:
+  sources:
-        - chart: democratic-csi
+    - chart: democratic-csi
-          repoURL: https://democratic-csi.github.io/charts/
+      repoURL: https://democratic-csi.github.io/charts/
-          targetRevision: 0.15.*
+      targetRevision: 0.15.*
-          helm:
+      helm:
-              releaseName: zfs-nfs
+        releaseName: zfs-nfs
-              valuesObject:
+        valuesObject:
-                  csiDriver:
+          node:
-                      name: org.dcsi.nfs
+            driver:
-                  driver:
+              image:
-                      existingConfigSecret: secrets-dcsi
+                tag: next
-                      config:
+          controller:
-                          driver: freenas-api-nfs
+            driver:
-        - repoURL: https://git.roboces.dev/catalin/fukuops.git
+              image:
-          path: k8s/services/dcsi
+                tag: next
-          targetRevision: main
+          csiDriver:
-    project: management
+            name: org.dcsi.nfs
-    syncPolicy:
+          driver:
-        automated: {}
+            image:
+              tag: next
+            existingConfigSecret: secrets-dcsi
+            config:
+              driver: freenas-api-nfs
+    - repoURL: https://git.roboces.dev/catalin/fukuops.git
+      path: k8s/services/dcsi
+      targetRevision: main
+  project: management
+  syncPolicy:
+    automated: {}

k8s/argo-apps/renovate.yaml

@@ -13,7 +13,7 @@ spec:
   sources:
     - chart: renovate
       repoURL: https://docs.renovatebot.com/helm-charts
-      targetRevision: 45.67.*
+      targetRevision: 45.69.*
       helm:
         valuesObject:
           renovate:

tofu/authentik/.terraform.lock.hcl

@@ -2,36 +2,23 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/goauthentik/authentik" {
-  version     = "2025.10.0"
+  version     = "2025.10.1"
-  constraints = "2025.10.0"
+  constraints = "2025.10.1"
   hashes = [
-    "h1:8nN6b5dEGbJJ5ajovedkO//QP4NrWU5GfrenIHAEyz0=",
+    "h1:X0bV1LqI7nu4np+xiGP8yLVfyl6rh/XNXz7QQ7Hsr6g=",
-    "h1:EZlTiEEZ0a6AvlLuTKAIyhBI4m4poYUX4QW0wyHfIaw=",
+    "zh:02ac2478c8901043a0455b8b6b8185e9814786bd802a9aa6d4126d4f56d4735d",
-    "h1:ElpISil/0po3r4pb9KK7/pBCSLxL18a6IDHDSMFdmS0=",
+    "zh:24d680732a9ea72a86c1e7bf4aa13ab9cc0c60ee4bd4cae8af43670eff88edd9",
-    "h1:F7+3L6JmVEG+PMizB9SuifxbznkZD3462LQpFMOW0M0=",
+    "zh:4f415f177671eeea2234eb835479bbb710e811e60864cec6a00ee0e03a412fa3",
-    "h1:L1sFZI0qKeBpUUCMgQkuRge196DsrHaTUJKJWKm0V2w=",
+    "zh:55498caa20504dd52a1870823e15dec6c78948eac2e6ec98e6ec122b5407630b",
-    "h1:OQgVyUOOLTGyosEpVHzE37h+91nHN5n9lKHt6nAOZyU=",
+    "zh:570f9ca7f909bda94b97feab7898ef392e01ae6178d8a9d36aac984d8a433ec1",
-    "h1:Ph1j1Flr4kXMZKCRlP4Hn0asAz1Yfpk+hf5t6aeF4mc=",
+    "zh:92ac78b97e2d5310ed82233980f941ebecf69ae1f9d03f3e719d8687aa6f4cc7",
-    "h1:RjitcUcx/3QKUgs74q3ypbf7KQpg8BoNELW6sE4ONqk=",
+    "zh:95f852a4e7d22daac86901ebc6b327d5987832b707ad3fd3aeff6c36dd088717",
-    "h1:Vw7hY7KdCtQ3hf00uCekrzdDgBJ2EnPXUAnj3ybLXPQ=",
+    "zh:98c8659f468a58a9d224b2fca9d5909d39bcabf9e2593e9b4a574dbffb6e2dca",
-    "h1:fDQcyzUJqHb4qXOyze/Te0Fd3dVMdBcLQ+e2xOtsqbM=",
+    "zh:a7d1428ec803ae794ebb05d772fa44020827a6b762a5b2da11869fc618ea59cd",
-    "h1:jKOzsHSorUnub0L+Lq+tPPhHmeKoaiPS8orF9zZf/i0=",
+    "zh:b1ef054b09fed4282c625a38a4aa6d1276c58e541f4cffcc716aa7d2b773f30a",
-    "h1:kXF4EEV9uzXzshloPfJQQzPbs0YVgjUu5aD+Fj040U0=",
+    "zh:b95e3edeb0da3ee0c0392afa18957cf7d41b2f71ed08a50f4bf38010aaf77d30",
-    "h1:pvMaS6PASVHMJxArSG1pAzS5Micb1fMcLz7MF7bO138=",
+    "zh:c3ce9f57889e6bb33f34ee4cc4463a77652b811351bbb25e6fc5ba9dc0c61e14",
-    "h1:s3wkHrHE8Q/Dj+PIkvuPviLTUcK6h7aoAArrBKNJ8PE=",
+    "zh:f6d2fe811ad5c242ced99a6b51b2d7f60f060d4bc6837fe1026c2abb7cb6f9a4",
-    "zh:0103a533f474db36223d8dbf2abc80f8d76a162b2e3042a2203f0d426f2c8e16",
+    "zh:f78b8e20e7d9f53e1622051c706369a7c6d0f1e37c16df67a214697cd5d0a4fb",
-    "zh:03302f83cd5784435ef22864a936b88293284bfdc091ff2fd0cc18a40e97bb55",
-    "zh:0730ca92f8bc778dba52425d05c5dceb9ae57660797f88132c06a0bf8a4f4f55",
-    "zh:63ace720564b3549d482f0bc68b1f4596a1682faeef5fe4d40163abccda90ceb",
-    "zh:8c4acdc358b1f5b1c13192af81bba552c6ad98debd341d836f4adf1fb85610a8",
-    "zh:8f101bae1ab303b5e1b91ceb62d11386091a24c2bbd99bca4662bc88f127a8c4",
-    "zh:a683c5338f16d20a1432fbc093c35db388ec7ef9f657d7478e3a04fc72722ad7",
-    "zh:a99fcbaf234cb161c8d7018f62946178810c7645436229d05913ff432094734d",
-    "zh:aa7fc7a3e05e96522507a86ec50b53473ff3e917f56fb2fc7418070fe29f1abc",
-    "zh:bc3b9f7cce5f5fd4116700411c5f3d14c48a9b56115268094882d949b811e53a",
-    "zh:cba03e3c31ee1e83fcc25511a34ca5f7132e0bbb41f3edc7c7dc113edd5938db",
-    "zh:d1f168e7a87a3f74d9932b88daa367242d1e9a2ed1b7b9eaf44fcfcfc190305f",
-    "zh:eb5af50c8e13980da4830c5f23fa7d911ae07740b37cf9d6c5895da95374e940",
-    "zh:f9db4dbb47b257123bb70b770714552d873f9c8e2e8017c1de227757c8dfb074",
   ]
 }

tofu/authentik/main.tf

@@ -8,7 +8,7 @@ terraform {
   required_providers {
     authentik = {
       source  = "goauthentik/authentik"
-      version = "2025.10.0"
+      version = "2025.10.1"
     }
   }
 }
@@ -240,12 +240,11 @@ module "rustical" {
   app_access_group_id = ""
 }
 
-module "mediamanager" {
+module "jellyfin" {
-  source              = "../modules/authentik-oidc"
+  source              = "../modules/authentik-ldap"
-  app_name            = "mediamanager"
+  app_name            = "Jellyfin"
-  app_slug            = "mediamanager"
+  app_slug            = "jellyfin"
-  client_id           = var.mediamanager_client_id
+  base_dn             = "DC=ldap,DC=fukurokuju,DC=dev"
-  client_secret       = var.mediamanager_client_secret
+  name                = "jellyfin"
-  redirect_uris       = [{ matching_mode = "strict", url = "https://mediamanager.roboces.dev/api/v1/auth/oauth/callback" }]
+  app_access_group_id = authentik_group.arrs.id
-  app_access_group_id = authentik_group.mediamanager.id
 }

tofu/authentik/sample.env

@@ -13,5 +13,3 @@ TF_VAR_sftpgo_client_secret=
 TF_VAR_netbird_client_id=
 TF_VAR_rustical_client_id=
 TF_VAR_rustical_client_secret=
-TF_VAR_mediamanager_client_id=
-TF_VAR_mediamanager_client_secret=

tofu/modules/authentik-ldap/.terraform.lock.hcl

@@ -0,0 +1,24 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/goauthentik/authentik" {
+  version     = "2025.10.1"
+  constraints = "2025.10.1"
+  hashes = [
+    "h1:X0bV1LqI7nu4np+xiGP8yLVfyl6rh/XNXz7QQ7Hsr6g=",
+    "zh:02ac2478c8901043a0455b8b6b8185e9814786bd802a9aa6d4126d4f56d4735d",
+    "zh:24d680732a9ea72a86c1e7bf4aa13ab9cc0c60ee4bd4cae8af43670eff88edd9",
+    "zh:4f415f177671eeea2234eb835479bbb710e811e60864cec6a00ee0e03a412fa3",
+    "zh:55498caa20504dd52a1870823e15dec6c78948eac2e6ec98e6ec122b5407630b",
+    "zh:570f9ca7f909bda94b97feab7898ef392e01ae6178d8a9d36aac984d8a433ec1",
+    "zh:92ac78b97e2d5310ed82233980f941ebecf69ae1f9d03f3e719d8687aa6f4cc7",
+    "zh:95f852a4e7d22daac86901ebc6b327d5987832b707ad3fd3aeff6c36dd088717",
+    "zh:98c8659f468a58a9d224b2fca9d5909d39bcabf9e2593e9b4a574dbffb6e2dca",
+    "zh:a7d1428ec803ae794ebb05d772fa44020827a6b762a5b2da11869fc618ea59cd",
+    "zh:b1ef054b09fed4282c625a38a4aa6d1276c58e541f4cffcc716aa7d2b773f30a",
+    "zh:b95e3edeb0da3ee0c0392afa18957cf7d41b2f71ed08a50f4bf38010aaf77d30",
+    "zh:c3ce9f57889e6bb33f34ee4cc4463a77652b811351bbb25e6fc5ba9dc0c61e14",
+    "zh:f6d2fe811ad5c242ced99a6b51b2d7f60f060d4bc6837fe1026c2abb7cb6f9a4",
+    "zh:f78b8e20e7d9f53e1622051c706369a7c6d0f1e37c16df67a214697cd5d0a4fb",
+  ]
+}

tofu/modules/authentik-ldap/main.tf

@@ -0,0 +1,45 @@
+terraform {
+  required_version = ">= 1.6"
+  required_providers {
+    authentik = {
+      source  = "goauthentik/authentik"
+      version = "2025.10.1"
+    }
+  }
+}
+
+
+data "authentik_flow" "default-authentication-flow" {
+  slug = "default-authentication-flow"
+}
+
+data "authentik_flow" "default-invalidation-flow" {
+  slug = "default-invalidation-flow"
+}
+
+
+resource "authentik_provider_ldap" "provider_ldap" {
+  base_dn     = var.base_dn
+  bind_flow   = data.authentik_flow.default-authentication-flow.id
+  name        = var.name
+  unbind_flow = data.authentik_flow.default-invalidation-flow.id
+}
+
+
+resource "authentik_application" "app" {
+  name              = var.app_name
+  slug              = var.app_slug
+  protocol_provider = authentik_provider_ldap.provider_ldap.id
+  open_in_new_tab   = var.open_in_new_tab
+  meta_icon         = var.app_icon
+  meta_description  = var.app_description
+  meta_publisher    = var.app_publisher
+  meta_launch_url   = var.app_url
+}
+
+resource "authentik_policy_binding" "app_access" {
+  target = authentik_application.app.uuid
+  group  = var.app_access_group_id
+  order  = 0
+  count  = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
+}

tofu/modules/authentik-ldap/vars.tf

@@ -0,0 +1,52 @@
+variable "app_name" {
+  description = "App name"
+  type        = string
+}
+
+variable "app_slug" {
+  description = "App slug, a human-readable URL identifier, e.g.: Google -> google"
+  type        = string
+}
+
+
+variable "app_access_group_id" {
+  description = "ID of a group which will have access to the app"
+  type        = string
+}
+
+
+variable "open_in_new_tab" {
+  type        = bool
+  description = "Open apps in a new tab"
+  default     = true
+}
+
+variable "app_icon" {
+  type    = string
+  default = ""
+}
+
+variable "app_description" {
+  type    = string
+  default = ""
+}
+
+variable "app_publisher" {
+  type    = string
+  default = ""
+}
+variable "app_url" {
+  type    = string
+  default = ""
+}
+
+
+variable "base_dn" {
+  type        = string
+  description = "Base DN"
+}
+
+variable "name" {
+  type        = string
+  description = "Name"
+}

tofu/modules/authentik-oidc/main.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     authentik = {
       source  = "goauthentik/authentik"
-      version = "2025.10.0"
+      version = "2025.10.1"
     }
   }
 }

tofu/modules/authentik-proxy/main.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     authentik = {
       source  = "goauthentik/authentik"
-      version = "2025.10.0"
+      version = "2025.10.1"
     }
   }
 }