diff --git a/.forgejo/workflows/deploy-kaniko.yaml b/.forgejo/workflows/deploy-kaniko.yaml index 55bb901..8bbf265 100644 --- a/.forgejo/workflows/deploy-kaniko.yaml +++ b/.forgejo/workflows/deploy-kaniko.yaml @@ -20,5 +20,5 @@ jobs: password: ${{ secrets.REGISTRY_PASSWORD }} cache: true registry: git.roboces.dev - tag: nextcloud-30.0.2 + tag: nextcloud-30.0.1 path: docker/nextcloud diff --git a/docker/netbird/docker-compose.yml b/docker/netbird/docker-compose.yml index 32b75c6..65f9a64 100644 --- a/docker/netbird/docker-compose.yml +++ b/docker/netbird/docker-compose.yml @@ -23,7 +23,7 @@ services: max-size: "500m" max-file: "2" signal: - image: netbirdio/signal:0.31.1 + image: netbirdio/signal:0.31.0 restart: unless-stopped volumes: - netbird-signal:/var/lib/netbird @@ -35,7 +35,7 @@ services: max-size: "500m" max-file: "2" relay: - image: netbirdio/relay:0.31.1 + image: netbirdio/relay:0.31.0 restart: unless-stopped environment: NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info} @@ -50,7 +50,7 @@ services: max-size: "500m" max-file: "2" management: - image: netbirdio/management:0.31.1 + image: netbirdio/management:0.31.0 restart: unless-stopped depends_on: - dashboard @@ -91,7 +91,7 @@ services: max-file: "2" peer-1: - image: netbirdio/netbird:0.31.1 + image: netbirdio/netbird:0.30.3 restart: unless-stopped volumes: - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml index c8cdfc0..b85a715 100644 --- a/docker/nextcloud/docker-compose.yml +++ b/docker/nextcloud/docker-compose.yml @@ -14,7 +14,7 @@ services: - nextcloud nextcloud: - image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.2 + image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.1 volumes: - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config @@ -22,8 +22,6 @@ services: - /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps - type: tmpfs target: /tmp:exec - - supervisorlog:/var/log/supervisor:z - - supervisorpid:/var/run/supervisord/:z environment: PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M} NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1} @@ -35,6 +33,3 @@ services: networks: nextcloud: {} -volumes: - supervisorlog: {} - supervisorpid: {} diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml index 3b08f63..b3eb597 100644 --- a/docker/paperless/docker-compose.yml +++ b/docker/paperless/docker-compose.yml @@ -14,7 +14,7 @@ services: webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:2.13.5 + image: ghcr.io/paperless-ngx/paperless-ngx:2.13.4 restart: unless-stopped ports: - 8002:8000 diff --git a/k8s/argo-apps/forgejo.yaml b/k8s/argo-apps/forgejo.yaml index 6179c7c..9565b31 100644 --- a/k8s/argo-apps/forgejo.yaml +++ b/k8s/argo-apps/forgejo.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: forgejo repoURL: code.forgejo.org/forgejo-helm - targetRevision: 10.1.0 + targetRevision: 10.0.2 helm: valuesObject: replicaCount: 2 diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index 841ef4f..f7c3c76 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 39.10.* + targetRevision: 39.9.* helm: valuesObject: renovate: diff --git a/k8s/services/miniflux/deployment.yaml b/k8s/services/miniflux/deployment.yaml index 31752ee..c2e8186 100644 --- a/k8s/services/miniflux/deployment.yaml +++ b/k8s/services/miniflux/deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: miniflux - image: miniflux/miniflux:2.2.3 + image: miniflux/miniflux:2.2.2 imagePullPolicy: Always securityContext: allowPrivilegeEscalation: false diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index 358a36f..246f494 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -33,6 +33,21 @@ resource "authentik_group" "vpn" { } +module "firezone" { + source = "../modules/authentik-oidc" + app_name = "Firezone" + app_slug = "firezone" + client_id = var.firezone_client_id + client_secret = var.firezone_client_secret + app_access_group_id = authentik_group.admins.id + redirect_uris = ["https://fz.fukurokuju.dev/auth/oidc/authentik/callback/"] + app_icon = "https://www.firezone.dev/icon.svg" + app_description = "VPN" + app_publisher = "Firezone" + app_url = "https://fz.fukurokuju.dev" + sub_mode = "hashed_user_id" +} + module "gitea" { source = "../modules/authentik-oidc" app_name = "Gitea" @@ -144,6 +159,5 @@ module "netbird" { extra_property_mappings = [ "goauthentik.io/providers/oauth2/scope-authentik_api" ] - app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" - access_token_validity = "days=10" + app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" } diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index 1560dcc..8fa7348 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -26,25 +26,20 @@ data "authentik_property_mapping_provider_scope" "default-scopes" { ], var.extra_property_mappings) } -data "authentik_flow" "default-provider-invalidation-flow" { - slug = "default-provider-invalidation-flow " -} resource "authentik_provider_oauth2" "provider_oidc" { - name = var.app_name - client_id = var.client_id - client_secret = var.client_secret - client_type = var.client_type - authorization_flow = data.authentik_flow.default-authorization-flow.id - authentication_flow = data.authentik_flow.default-authentication-flow.id - redirect_uris = var.redirect_uris - property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids - sub_mode = var.sub_mode - signing_key = var.oidc_signing_key - access_code_validity = var.access_code_validity - access_token_validity = var.access_token_validity - refresh_token_validity = var.refresh_token_validity - invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id + name = var.app_name + client_id = var.client_id + client_secret = var.client_secret + client_type = var.client_type + authorization_flow = data.authentik_flow.default-authorization-flow.id + authentication_flow = data.authentik_flow.default-authentication-flow.id + redirect_uris = var.redirect_uris + property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids + sub_mode = var.sub_mode + signing_key = var.oidc_signing_key + access_code_validity = var.access_code_validity + access_token_validity = var.access_token_validity } diff --git a/tofu/modules/authentik-oidc/vars.tf b/tofu/modules/authentik-oidc/vars.tf index ee9583e..56796af 100644 --- a/tofu/modules/authentik-oidc/vars.tf +++ b/tofu/modules/authentik-oidc/vars.tf @@ -90,11 +90,6 @@ variable "access_token_validity" { default = "minutes=10" } -variable "refresh_token_validity" { - type = string - default = "days=30" -} - variable "extra_property_mappings" { type = list(string) default = [] diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index 8583eda..6e3951c 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -16,9 +16,6 @@ data "authentik_flow" "default-authentication-flow" { slug = "default-authentication-flow" } -data "authentik_flow" "default-provider-invalidation-flow" { - slug = "default-provider-invalidation-flow " -} resource "authentik_provider_proxy" "provider_proxy" { authorization_flow = data.authentik_flow.default-authorization-flow.id @@ -27,7 +24,6 @@ resource "authentik_provider_proxy" "provider_proxy" { internal_host = var.internal_host name = var.app_name internal_host_ssl_validation = var.internal_host_ssl_validation - invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id }