From 40353041e478e8ca0b997f58c8a85971203a0ef3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 10 Nov 2024 02:17:09 +0000 Subject: [PATCH 01/13] chore(deps): update helm release factorio-server-charts to 2.5.* --- k8s/argo-apps/factorio.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argo-apps/factorio.yaml b/k8s/argo-apps/factorio.yaml index cd69c5f..cd2d97d 100644 --- a/k8s/argo-apps/factorio.yaml +++ b/k8s/argo-apps/factorio.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: factorio-server-charts repoURL: https://sqljames.github.io/factorio-server-charts/ - targetRevision: 2.2.* + targetRevision: 2.5.* helm: valuesObject: rcon: From 6e6542cc9bab23482ff489ae9538794ee6c04a0e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 10 Nov 2024 02:15:25 +0000 Subject: [PATCH 02/13] chore(deps): update registry-1.docker.io/bitnamicharts/elasticsearch docker tag to v21.3.23 --- k8s/argo-apps/elastic.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argo-apps/elastic.yaml b/k8s/argo-apps/elastic.yaml index 6eb6dcb..d8f39d6 100644 --- a/k8s/argo-apps/elastic.yaml +++ b/k8s/argo-apps/elastic.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: elasticsearch repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 21.3.22 + targetRevision: 21.3.23 helm: valuesObject: service: From 55865cb4069e141e08ced9a06bad051bec098961 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Mon, 11 Nov 2024 00:59:48 +0100 Subject: [PATCH 03/13] chore: update vaultwarden to v1.32.4 --- docker/vaultwarden/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/vaultwarden/docker-compose.yml b/docker/vaultwarden/docker-compose.yml index 4d5e7e7..ca332bd 100644 --- a/docker/vaultwarden/docker-compose.yml +++ b/docker/vaultwarden/docker-compose.yml @@ -1,7 +1,7 @@ --- services: vaultwarden: - image: vaultwarden/server:1.32.3-alpine + image: vaultwarden/server:1.32.4-alpine restart: unless-stopped environment: DATABASE_URL: ${DATABASE_URL} From 73b05c330a4f599f14f37e0f81d773d8bd6c1ba2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 11 Nov 2024 01:32:57 +0000 Subject: [PATCH 04/13] chore(deps): update code.forgejo.org/forgejo-helm/forgejo docker tag to v10.1.0 --- k8s/argo-apps/forgejo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argo-apps/forgejo.yaml b/k8s/argo-apps/forgejo.yaml index 9565b31..6179c7c 100644 --- a/k8s/argo-apps/forgejo.yaml +++ b/k8s/argo-apps/forgejo.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: forgejo repoURL: code.forgejo.org/forgejo-helm - targetRevision: 10.0.2 + targetRevision: 10.1.0 helm: valuesObject: replicaCount: 2 From 53fc602e136b5f4b0cd443c1597e94e521bca7c8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 11 Nov 2024 01:31:46 +0000 Subject: [PATCH 05/13] chore(deps): update ghcr.io/paperless-ngx/paperless-ngx docker tag to v2.13.5 --- docker/paperless/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml index b3eb597..3b08f63 100644 --- a/docker/paperless/docker-compose.yml +++ b/docker/paperless/docker-compose.yml @@ -14,7 +14,7 @@ services: webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:2.13.4 + image: ghcr.io/paperless-ngx/paperless-ngx:2.13.5 restart: unless-stopped ports: - 8002:8000 From 2deb70474e0cb124fa687f51aa99b7b2bf2788e4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 11 Nov 2024 01:32:25 +0000 Subject: [PATCH 06/13] chore(deps): update miniflux/miniflux docker tag to v2.2.3 --- k8s/services/miniflux/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/services/miniflux/deployment.yaml b/k8s/services/miniflux/deployment.yaml index c2e8186..31752ee 100644 --- a/k8s/services/miniflux/deployment.yaml +++ b/k8s/services/miniflux/deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: miniflux - image: miniflux/miniflux:2.2.2 + image: miniflux/miniflux:2.2.3 imagePullPolicy: Always securityContext: allowPrivilegeEscalation: false From 63dcbff693a61c7b2ac62e17e99812a96ad4ee82 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 11 Nov 2024 01:33:11 +0000 Subject: [PATCH 07/13] chore(deps): update helm release renovate to 39.9.* --- k8s/argo-apps/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index 5aa26eb..f7c3c76 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 39.8.* + targetRevision: 39.9.* helm: valuesObject: renovate: From 2f5561f4cb4e3611c91544fc8662fa5609148141 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Mon, 11 Nov 2024 09:56:04 +0100 Subject: [PATCH 08/13] feat: update nextcloud to v30.0.2 --- .forgejo/workflows/deploy-kaniko.yaml | 2 +- docker/nextcloud/docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/deploy-kaniko.yaml b/.forgejo/workflows/deploy-kaniko.yaml index 8bbf265..55bb901 100644 --- a/.forgejo/workflows/deploy-kaniko.yaml +++ b/.forgejo/workflows/deploy-kaniko.yaml @@ -20,5 +20,5 @@ jobs: password: ${{ secrets.REGISTRY_PASSWORD }} cache: true registry: git.roboces.dev - tag: nextcloud-30.0.1 + tag: nextcloud-30.0.2 path: docker/nextcloud diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml index b85a715..f7eb4ab 100644 --- a/docker/nextcloud/docker-compose.yml +++ b/docker/nextcloud/docker-compose.yml @@ -14,7 +14,7 @@ services: - nextcloud nextcloud: - image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.1 + image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.2 volumes: - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config From a635c718cd744d01d211b77cb9e5aea47472416e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Mon, 11 Nov 2024 11:03:47 +0100 Subject: [PATCH 09/13] feat: add supervisor volumes to nextcloud --- docker/nextcloud/docker-compose.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml index f7eb4ab..c8cdfc0 100644 --- a/docker/nextcloud/docker-compose.yml +++ b/docker/nextcloud/docker-compose.yml @@ -22,6 +22,8 @@ services: - /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps - type: tmpfs target: /tmp:exec + - supervisorlog:/var/log/supervisor:z + - supervisorpid:/var/run/supervisord/:z environment: PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M} NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1} @@ -33,3 +35,6 @@ services: networks: nextcloud: {} +volumes: + supervisorlog: {} + supervisorpid: {} From 343b1d27af59f06e84f5886c4da8bd44b4031f2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Mon, 11 Nov 2024 16:37:40 +0100 Subject: [PATCH 10/13] chore: update netbird to v1.31.1 --- docker/netbird/docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/netbird/docker-compose.yml b/docker/netbird/docker-compose.yml index 65f9a64..32b75c6 100644 --- a/docker/netbird/docker-compose.yml +++ b/docker/netbird/docker-compose.yml @@ -23,7 +23,7 @@ services: max-size: "500m" max-file: "2" signal: - image: netbirdio/signal:0.31.0 + image: netbirdio/signal:0.31.1 restart: unless-stopped volumes: - netbird-signal:/var/lib/netbird @@ -35,7 +35,7 @@ services: max-size: "500m" max-file: "2" relay: - image: netbirdio/relay:0.31.0 + image: netbirdio/relay:0.31.1 restart: unless-stopped environment: NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info} @@ -50,7 +50,7 @@ services: max-size: "500m" max-file: "2" management: - image: netbirdio/management:0.31.0 + image: netbirdio/management:0.31.1 restart: unless-stopped depends_on: - dashboard @@ -91,7 +91,7 @@ services: max-file: "2" peer-1: - image: netbirdio/netbird:0.30.3 + image: netbirdio/netbird:0.31.1 restart: unless-stopped volumes: - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird From 1d4288caf5a257b3e0908f41208e38b77a3d575f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Mon, 11 Nov 2024 16:46:56 +0100 Subject: [PATCH 11/13] feat: add `invalidation_flow` to the tofu authentik providers --- tofu/authentik/main.tf | 18 ++--------------- tofu/modules/authentik-oidc/main.tf | 29 ++++++++++++++++------------ tofu/modules/authentik-oidc/vars.tf | 5 +++++ tofu/modules/authentik-proxy/main.tf | 4 ++++ 4 files changed, 28 insertions(+), 28 deletions(-) diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index 246f494..358a36f 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -33,21 +33,6 @@ resource "authentik_group" "vpn" { } -module "firezone" { - source = "../modules/authentik-oidc" - app_name = "Firezone" - app_slug = "firezone" - client_id = var.firezone_client_id - client_secret = var.firezone_client_secret - app_access_group_id = authentik_group.admins.id - redirect_uris = ["https://fz.fukurokuju.dev/auth/oidc/authentik/callback/"] - app_icon = "https://www.firezone.dev/icon.svg" - app_description = "VPN" - app_publisher = "Firezone" - app_url = "https://fz.fukurokuju.dev" - sub_mode = "hashed_user_id" -} - module "gitea" { source = "../modules/authentik-oidc" app_name = "Gitea" @@ -159,5 +144,6 @@ module "netbird" { extra_property_mappings = [ "goauthentik.io/providers/oauth2/scope-authentik_api" ] - app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" + app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" + access_token_validity = "days=10" } diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index 8fa7348..1560dcc 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -26,20 +26,25 @@ data "authentik_property_mapping_provider_scope" "default-scopes" { ], var.extra_property_mappings) } +data "authentik_flow" "default-provider-invalidation-flow" { + slug = "default-provider-invalidation-flow " +} resource "authentik_provider_oauth2" "provider_oidc" { - name = var.app_name - client_id = var.client_id - client_secret = var.client_secret - client_type = var.client_type - authorization_flow = data.authentik_flow.default-authorization-flow.id - authentication_flow = data.authentik_flow.default-authentication-flow.id - redirect_uris = var.redirect_uris - property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids - sub_mode = var.sub_mode - signing_key = var.oidc_signing_key - access_code_validity = var.access_code_validity - access_token_validity = var.access_token_validity + name = var.app_name + client_id = var.client_id + client_secret = var.client_secret + client_type = var.client_type + authorization_flow = data.authentik_flow.default-authorization-flow.id + authentication_flow = data.authentik_flow.default-authentication-flow.id + redirect_uris = var.redirect_uris + property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids + sub_mode = var.sub_mode + signing_key = var.oidc_signing_key + access_code_validity = var.access_code_validity + access_token_validity = var.access_token_validity + refresh_token_validity = var.refresh_token_validity + invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id } diff --git a/tofu/modules/authentik-oidc/vars.tf b/tofu/modules/authentik-oidc/vars.tf index 56796af..ee9583e 100644 --- a/tofu/modules/authentik-oidc/vars.tf +++ b/tofu/modules/authentik-oidc/vars.tf @@ -90,6 +90,11 @@ variable "access_token_validity" { default = "minutes=10" } +variable "refresh_token_validity" { + type = string + default = "days=30" +} + variable "extra_property_mappings" { type = list(string) default = [] diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index 6e3951c..8583eda 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -16,6 +16,9 @@ data "authentik_flow" "default-authentication-flow" { slug = "default-authentication-flow" } +data "authentik_flow" "default-provider-invalidation-flow" { + slug = "default-provider-invalidation-flow " +} resource "authentik_provider_proxy" "provider_proxy" { authorization_flow = data.authentik_flow.default-authorization-flow.id @@ -24,6 +27,7 @@ resource "authentik_provider_proxy" "provider_proxy" { internal_host = var.internal_host name = var.app_name internal_host_ssl_validation = var.internal_host_ssl_validation + invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id } From 6672a721d1d5a8065585316e5966279ba26be2ab Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 12 Nov 2024 01:32:58 +0000 Subject: [PATCH 12/13] chore(deps): update helm release renovate to 39.10.* --- k8s/argo-apps/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index f7c3c76..841ef4f 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 39.9.* + targetRevision: 39.10.* helm: valuesObject: renovate: From 1baf92ddaf14ad10f1b2ad695541bf6d03319108 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 13 Nov 2024 01:26:37 +0000 Subject: [PATCH 13/13] chore(deps): update registry-1.docker.io/bitnamicharts/elasticsearch docker tag to v21.3.24 --- k8s/argo-apps/elastic.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s/argo-apps/elastic.yaml b/k8s/argo-apps/elastic.yaml index d8f39d6..c69baf0 100644 --- a/k8s/argo-apps/elastic.yaml +++ b/k8s/argo-apps/elastic.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: elasticsearch repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 21.3.23 + targetRevision: 21.3.24 helm: valuesObject: service: