diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0f141c8..e0ca14b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v4.6.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer diff --git a/docker/forgejo-runner/docker-compose.yml b/docker/forgejo-runner/docker-compose.yml index b4a042d..5d61fb4 100644 --- a/docker/forgejo-runner/docker-compose.yml +++ b/docker/forgejo-runner/docker-compose.yml @@ -1,6 +1,6 @@ --- x-runner-common: &runner-common - image: code.forgejo.org/forgejo/runner:5.0.3 + image: code.forgejo.org/forgejo/runner:4.0.1 links: - docker-in-docker depends_on: diff --git a/docker/netbird/docker-compose.yml b/docker/netbird/docker-compose.yml index 978662c..32b75c6 100644 --- a/docker/netbird/docker-compose.yml +++ b/docker/netbird/docker-compose.yml @@ -1,7 +1,7 @@ --- services: dashboard: - image: netbirdio/dashboard:v2.7.1 + image: netbirdio/dashboard:v2.7.0 restart: unless-stopped ports: - 8005:80 @@ -23,7 +23,7 @@ services: max-size: "500m" max-file: "2" signal: - image: netbirdio/signal:0.34.1 + image: netbirdio/signal:0.31.1 restart: unless-stopped volumes: - netbird-signal:/var/lib/netbird @@ -35,7 +35,7 @@ services: max-size: "500m" max-file: "2" relay: - image: netbirdio/relay:0.34.1 + image: netbirdio/relay:0.31.1 restart: unless-stopped environment: NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info} @@ -50,7 +50,7 @@ services: max-size: "500m" max-file: "2" management: - image: netbirdio/management:0.34.1 + image: netbirdio/management:0.31.1 restart: unless-stopped depends_on: - dashboard @@ -91,7 +91,7 @@ services: max-file: "2" peer-1: - image: netbirdio/netbird:0.33.0 + image: netbirdio/netbird:0.31.1 restart: unless-stopped volumes: - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird diff --git a/docker/nextcloud/Dockerfile b/docker/nextcloud/Dockerfile index f6040db..07aac47 100644 --- a/docker/nextcloud/Dockerfile +++ b/docker/nextcloud/Dockerfile @@ -1,4 +1,4 @@ -FROM nextcloud:30.0.3-apache +FROM nextcloud:30.0.2-apache RUN set -ex; \ \ diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml index fe7332e..c8cdfc0 100644 --- a/docker/nextcloud/docker-compose.yml +++ b/docker/nextcloud/docker-compose.yml @@ -14,7 +14,7 @@ services: - nextcloud nextcloud: - image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.3 + image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.2 volumes: - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config diff --git a/k8s/argo-apps/elastic.yaml b/k8s/argo-apps/elastic.yaml index da7b6ae..35fa444 100644 --- a/k8s/argo-apps/elastic.yaml +++ b/k8s/argo-apps/elastic.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: elasticsearch repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 21.4.0 + targetRevision: 21.3.26 helm: valuesObject: service: diff --git a/k8s/argo-apps/loki.yaml b/k8s/argo-apps/loki.yaml index 80bb43f..0b6ee3f 100644 --- a/k8s/argo-apps/loki.yaml +++ b/k8s/argo-apps/loki.yaml @@ -25,7 +25,7 @@ spec: persistence: type: pvc enabled: true - size: 50Gi + size: 10Gi accessModes: - ReadWriteMany ingress: @@ -109,7 +109,7 @@ spec: persistence: enabled: true storageClass: default - size: 50Gi + size: 25Gi accessModes: - ReadWriteMany - repoURL: https://git.roboces.dev/catalin/fukuops.git diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index b9a5ea0..0da71ee 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 39.60.* + targetRevision: 39.25.* helm: valuesObject: renovate: @@ -21,7 +21,6 @@ spec: cache: enabled: true storageClass: truenas-nfs-csi - storageSize: 100Gi config: | { "platform": "gitea", diff --git a/k8s/argo-apps/sealed-secrets.yaml b/k8s/argo-apps/sealed-secrets.yaml index d60c2ec..7352d5b 100644 --- a/k8s/argo-apps/sealed-secrets.yaml +++ b/k8s/argo-apps/sealed-secrets.yaml @@ -12,7 +12,7 @@ spec: source: chart: sealed-secrets repoURL: https://bitnami-labs.github.io/sealed-secrets - targetRevision: 2.17.* + targetRevision: 2.16.* helm: releaseName: sealed-secrets valuesObject: diff --git a/k8s/argo-apps/valkey.yaml b/k8s/argo-apps/valkey.yaml index 0f0d389..aee06de 100644 --- a/k8s/argo-apps/valkey.yaml +++ b/k8s/argo-apps/valkey.yaml @@ -15,7 +15,7 @@ spec: sources: - chart: valkey-cluster repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 2.0.* + targetRevision: 1.0.* helm: valuesObject: existingSecret: secrets-valkey diff --git a/tofu/adguard/.terraform.lock.hcl b/tofu/adguard/.terraform.lock.hcl index d94ca9d..017db15 100644 --- a/tofu/adguard/.terraform.lock.hcl +++ b/tofu/adguard/.terraform.lock.hcl @@ -2,37 +2,22 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/gmichels/adguard" { - version = "1.4.0" - constraints = "1.4.0" + version = "1.3.0" + constraints = "1.3.0" hashes = [ - "h1:/NpX9VX/L4xPE5qx/de9r38xvrcFJxB48XIVfRiq0yg=", - "h1:1/LC6CIN9PHj9gTTvqjRPvIFGlbDbCvXRMhWF6kfvgU=", - "h1:4Yv6QI3orVI7fU4iZKzqmFtyYN/DN0j5NTJsS7/K4r0=", - "h1:5EBWBER5TRFj5Vb5y8OkDE+hSJ1iuZ1lceo+OAnZKuQ=", - "h1:DLsv6YqzCIlcMA+YhIo5Gxfo5o7QDWFn9NB+sKlorVg=", - "h1:HIbqz848ofdi04Dlz1k/CRaBWaqmF1dsaXdNjCyphXA=", - "h1:a2r7wc/oGql7+2quCbWqoBx57PZKtSGNPKkpl0+JWr0=", - "h1:cf5lU4YXkmpySSGglX/CHDhnR02wcTgGJb2c+WeN4nY=", - "h1:e81XUcdFOCQKbYbc2y+l39wwUfA42BYGKHUw9/d7NDY=", - "h1:oZYgq+xjda87taDKv4XagO1hn7R+P7TH6ZntPSZj5mE=", - "h1:pypMW60X3dpQdUMfae+KXcYCN5Vie9k/G4uyN6uOdmg=", - "h1:twF2ZS5jY8SjcOtscBRCNTJkQKRlApwf+zW6iuolK7E=", - "h1:uok3K7NT+u+dFI3SmWrE4mkp3bJQMOrgrPi9pEh6aGc=", - "h1:v6z/PpjIlYpmfPP2cyvmGkUBT45tvmcvn4t7FmQTaGw=", - "zh:09ff041cc89c5c9b0d7e5c1cb207ffae2722b56acce8c8a6b4af710a8cbe25f1", - "zh:0a80d6c1416161c3dfb47ed0339502f74257ff79b4da7a1b7975698c1647ae2e", - "zh:17d8b9e3f454bd8e60a78203e1ae73e0008392e62a7a236e6479901437ae2a59", - "zh:53d7a01cd32f10f8509cf9b94b12b50e996f9b97a16d88c041a49dd1fa2db413", - "zh:55e2381e81795e7d1c9008f41d74a36ff8f2d85ed24f4867be1e3c8c81e38b40", - "zh:5af316c6cfccda7a704d8a20c66844d959c67eb21a966aa37c2fd1afda2dcae8", - "zh:5dac8d83ff4c8d68f143c352ff08fbf7565e99c76c33fd52da5ec2ffded581fa", - "zh:5effc9e9790ab096ea98fb81305312b808e860bb8c5436e21b8c3d77c679c854", - "zh:656c928eca94b1f18757e29f8979abf2d82a72b98b1859730ac0f1a2770edb6d", - "zh:696c12188f57799f496209e4f111254f7ab7ad98a125da2ede3bd6ea91946276", - "zh:c05ff47fd63990c4214267366ebbe51b9d7ce3a6e3bc2048aa52c813ed223b45", - "zh:ceb2b239fd57fe3b26bad9d62a245f39886b0ce6b2c3e245bdae84ea81ecc89b", - "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", - "zh:fa44ebb16cdd72ffa0c360a1df6312f57eeae1cd1c5a09fe73c017fa31ae3b48", - "zh:fa9b822858c851b1ca769e2053228f442e699498e9af274c8546424da4b79717", + "h1:+kitlELoKeLVC9t6mLquBJf0iVjDtNPEZ9E6D9ByCbg=", + "h1:2J/Vvy1uHwaVfw0APj29Rct6atlhuHP4xHP6Rxcg2qk=", + "h1:53NXRzyBRKMBHJ1Jpwq9Z60chU4WF7AQC0JDKaySmh4=", + "h1:AqXkQD59ZBVeMoXIBtupdQQFRi3qNT5xsxGyzpZqB/c=", + "h1:D7ND3404y/Sp1qYh54napcpc540e6cZJp+uPyipiy9k=", + "h1:I/hVvoQ6a1Vra0ZZVoBBTuw/rxVW90bWZ3NzkoAqlXI=", + "h1:KrIbkttxLCXwJxq30Sjli4e3vKikDm3vRDDoWAr5J18=", + "h1:PFyxS0FrIJx/k4Cn7KM2aURGw8X86vl8iIwckrIghS8=", + "h1:PbakbdrEybp0gIAQhOZz4usql6qI0Im4AeofqNUrdrw=", + "h1:SIJNG/l86XOcu8HCrhoIUJYOPDVQl8NqikxgKPWu2aE=", + "h1:Vm9hJwPA9QxCwtB4jO7qCNVCj9d2RxIfoLf2GwU5CQw=", + "h1:oQb14Gnxd7ZI14HPuznFHfoF1ifi8JQ31AiRC7lADoo=", + "h1:vZvG2CrexiAksLReglbQDlI2lBe3w3G+AGYkQYP6cXw=", + "h1:zmOKKRKiB7x58zE2Lc08X918w4SMwIbg30JwcZYOD9s=", ] } diff --git a/tofu/adguard/main.tf b/tofu/adguard/main.tf index a659cf3..d8f8f22 100644 --- a/tofu/adguard/main.tf +++ b/tofu/adguard/main.tf @@ -9,7 +9,7 @@ terraform { required_providers { adguard = { source = "gmichels/adguard" - version = "1.4.0" + version = "1.3.0" } } } diff --git a/tofu/authentik/.terraform.lock.hcl b/tofu/authentik/.terraform.lock.hcl index fc45e2c..cb46ce0 100644 --- a/tofu/authentik/.terraform.lock.hcl +++ b/tofu/authentik/.terraform.lock.hcl @@ -2,23 +2,36 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2024.10.2" - constraints = "2024.10.2" + version = "2024.10.1" + constraints = "2024.10.1" hashes = [ - "h1:qjDOLb8+12kZHSM3VsItQCsZYJhDMD4bNKSZi15HQ28=", - "zh:06c6c9bb2716052fefc1013ed1a77a12159d5625fe43857700c282e80e2fbba1", - "zh:121e45b3d3675df24e2c1bb107e2ed15fc9f1ec8b602b9bdaebec71481addf0c", - "zh:2aec74c8df3e3eb56fb09edcb1c7f43c91f932b2ef2327aa855ba0819f11169e", - "zh:4f2bf009f43293a24cc8941d4bbab340a53f569a9331aa615a7934f500a64290", - "zh:64b150655b47c60e6ae72a2ee754f5019b2baabd4dc292a6b2b960b3a206e218", - "zh:78bf3fd7cbac489d23a620743e5af5b85b31fc548433cf86f0861878b68f2666", - "zh:7ce7a02671056d476d17652d780ee2bd309ce34eb77746719b7b277ca66b7c58", - "zh:84fdb911186918cbba86c1390ce18a4423f0d748216f2d9c8421801b34b41f16", - "zh:95db38fb110302707cd70471f5cb2bf361ed6d5987f7b6fe5f3c5855f9dc9b64", - "zh:9c24dbf6512637bb1d4201a901dddef0210b440ad8b02717ca1167b75afa6882", - "zh:a83bc8bfe87e44c788c3c974e764c7bfb1c5fb982f427a5b928c50e55b48dea6", - "zh:b5a4d5d1f2f0e8d65ad29a23bfd72d0d4e3e06e9bacea9463a10e67137833409", - "zh:d1e08a662ab7c80373bc13446c9b316a671fcddec6aeffef7ab3649d1bbfb76b", - "zh:e1c50a791f2d53f7b464ab122f92062547d5a4ad71297f5e7f0375453cd2034f", + "h1:/Eo+yQyGAKK67bkgt1plX5X41mkRKu5br66XYnL/UyQ=", + "h1:1S06FnDvjDsdOm/2J/M95FypohflaT0a9OUOwl4S87o=", + "h1:7c3PvOLtsB0F4KHdGT1bTq2mzeNjx4TaNlVKRX78vAc=", + "h1:8NUPNLWr9/klFJckfw6HkOMqsGhTTdePUmlBRLOIJjY=", + "h1:Ariy1e/DAbcoXS9Wud/Ad3rEC1cLqQ7HdcHBzfTRiSM=", + "h1:Bc9zVu8DyzeveEqEaCitlsvzBEY6CU/F648PEjrFYuk=", + "h1:D5mConUujTcrau12WRa+Qg1lvPJLzjc76ClIYevJtVw=", + "h1:FFYDaQDN8nbfsjwp8kw7YO6xsFCJlhtKSXx9gdLLbok=", + "h1:Qfd127te/m5E0LAJvJ9kGWKdCXQdFXlz3ve+nV3HsWM=", + "h1:RpNxc5WPT5H3WoKP8t7yKLO7MUAuHgfjm/rifaKpYM8=", + "h1:XifS+/OiEMhGI7MQnQtF3ACScqWB/N2Sr/bIrvSKOag=", + "h1:YMreOu0B0U2v8azRZ/iVJPhoDedlATNHCam1iztTUks=", + "h1:eIMjryDbwEUWlBOFPtGWPf9NdNVWeGLeniVzafoPXZU=", + "h1:v6XQwr4PDKtgHtdgCq03iYme4VaJAG8kSH4aKJL0OSw=", + "zh:149c76107f75ea5b530409d81cd3b63abc5478831c1f794df1fc12acd5f7ac78", + "zh:60bf7a62ec4bb742121f708b1e964b6bc816988e14c9e831723f0788a5c22471", + "zh:625f1eecf87e1d741bc99b69aa0aac3c82a4040bb9e704e2c20b09e562517c20", + "zh:690f247fd428dd7659aad3189a86288c784fdedbeb8cd75295aa417338d126b2", + "zh:6be8c0c70b18da79b5c7cb19ca445a1607404b7e1caff9bdb8e2330c22a591c6", + "zh:77bd031a28ec92a215cc5c12381791239ad43087c37f73ab1538f909e15ceae5", + "zh:78ffd4fe7b65220db2d33430240507395a71ef8e1dd1c22d82fd547855113df5", + "zh:7c0414978a45481bbeb8fc1aed1806409a2499967bd30edfcf9c34d1005d0faa", + "zh:7df2c43de2555c11b761a938e2414f25165845d932ca95d562ccabfe3a78a209", + "zh:819baedab497151fabcc9c887bcb07382a371708e3f9632ae1a58563ba79104f", + "zh:891208df7e634c2de7cb164d1ed88d492e7852abd32293b727b5b82f32efd7e7", + "zh:b6385a881b7098f6a6260f7b298eb26ef06eeed02a90ffdff9d2d7cf72fdaa27", + "zh:ce642bbd35babd93339a80549552823ec743397e456f18dbcffdf5af3fec612e", + "zh:ffd96ddda256a49097b21e6e672ef63d532a960bbc5455958102900ce79a4a10", ] } diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index 3d8f724..d7bb06f 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -8,7 +8,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2024.10.2" + version = "2024.10.1" } } } @@ -40,7 +40,7 @@ module "gitea" { client_id = var.gitea_client_id client_secret = var.gitea_client_secret app_access_group_id = "" - redirect_uris = [{ matching_mode = "strict", url = "https://git.roboces.dev/user/oauth2/authentik/callback" }] + redirect_uris = ["https://git.roboces.dev/user/oauth2/authentik/callback"] app_icon = "https://git.roboces.dev/assets/img/logo.svg" app_description = "Beyond coding. We forge." app_publisher = "Forgejo" @@ -55,21 +55,12 @@ module "miniflux" { client_id = var.miniflux_client_id client_secret = var.miniflux_client_secret app_access_group_id = "" - redirect_uris = [ - { - matching_mode = "strict", - url = "https://feeds.roboces.dev/oauth2/oidc/callback" - }, - { - matching_mode = "strict", - url = "https://feeds.fuku/oauth2/oidc/callback" - } - ] - app_icon = "https://miniflux.app/favicon.ico" - app_description = "RSS aggregator" - app_publisher = "Miniflux" - app_url = "https://feeds.roboces.dev" - sub_mode = "hashed_user_id" + redirect_uris = ["https://feeds.roboces.dev/oauth2/oidc/callback", "https://feeds.fuku/oauth2/oidc/callback"] + app_icon = "https://miniflux.app/favicon.ico" + app_description = "RSS aggregator" + app_publisher = "Miniflux" + app_url = "https://feeds.roboces.dev" + sub_mode = "hashed_user_id" } module "portainer" { @@ -80,10 +71,7 @@ module "portainer" { client_secret = var.portainer_client_secret app_access_group_id = authentik_group.admins.id redirect_uris = [ - { - matching_mode = "strict", - url = "https://containers.fukurokuju.dev/" - } + "https://containers.fukurokuju.dev/" ] app_icon = "https://www.portainer.io/hubfs/crane-icon.svg" app_description = "Kubernetes and Docker container Management Software" @@ -99,13 +87,11 @@ module "paperless" { client_id = var.paperless_client_id client_secret = var.paperless_client_secret app_access_group_id = "" - redirect_uris = [ - { matching_mode = "strict", url = "https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/" } - ] - app_icon = "https://paperless.roboces.dev/favicon.ico" - app_description = "Document manager" - app_publisher = "Paperless" - app_url = "https://paperless.roboces.dev" + redirect_uris = ["https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/"] + app_icon = "https://paperless.roboces.dev/favicon.ico" + app_description = "Document manager" + app_publisher = "Paperless" + app_url = "https://paperless.roboces.dev" } module "sonarr" { @@ -150,19 +136,9 @@ module "netbird" { client_type = "public" app_access_group_id = authentik_group.vpn.id redirect_uris = [ - { - matching_mode = "strict", - url = "https://vpn.fukurokuju.dev", - }, - { - matching_mode = "regex", - url = "https://vpn.fukurokuju.dev.*", - }, - { - matching_mode = "strict", - url = "http://localhost:53000" - }, - + "https://vpn.fukurokuju.dev", + "https://vpn.fukurokuju.dev.*", + "http://localhost:53000" ] sub_mode = "user_id" extra_property_mappings = [ diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf index 1b5020c..c0f227e 100644 --- a/tofu/authentik/vars.tf +++ b/tofu/authentik/vars.tf @@ -1,3 +1,12 @@ +variable "firezone_client_id" { + description = "Client ID" + type = string +} + +variable "firezone_client_secret" { + description = "Client secret" + type = string +} variable "gitea_client_id" { description = "Client ID" @@ -43,7 +52,6 @@ variable "netbird_client_id" { description = "Netbird client ID" type = string } - variable "netbird_client_secret" { description = "Netbird client secret" type = string diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index 7ba7af3..ba8396e 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -3,12 +3,12 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2024.10.2" + version = "2024.10.1" } } } -data "authentik_flow" "default-authorization-implicit-flow" { +data "authentik_flow" "default-authorization-flow" { slug = "default-provider-authorization-implicit-consent" } @@ -35,9 +35,9 @@ resource "authentik_provider_oauth2" "provider_oidc" { client_id = var.client_id client_secret = var.client_secret client_type = var.client_type - authorization_flow = data.authentik_flow.default-authorization-implicit-flow.id + authorization_flow = data.authentik_flow.default-authorization-flow.id authentication_flow = data.authentik_flow.default-authentication-flow.id - allowed_redirect_uris = var.redirect_uris + redirect_uris = var.redirect_uris property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids sub_mode = var.sub_mode signing_key = var.oidc_signing_key diff --git a/tofu/modules/authentik-oidc/vars.tf b/tofu/modules/authentik-oidc/vars.tf index 3430106..ee9583e 100644 --- a/tofu/modules/authentik-oidc/vars.tf +++ b/tofu/modules/authentik-oidc/vars.tf @@ -35,7 +35,7 @@ variable "app_access_group_id" { variable "redirect_uris" { description = "List of URIs allowed to redirect to" - type = list(map(string)) + type = list(string) } variable "sub_mode" { diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index 3f8b728..62ed0e3 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2024.10.2" + version = "2024.10.1" } } }