diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c2bed7c..fc7cc6a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -15,18 +15,18 @@ repos: - id: trailing-whitespace - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.92.1 + rev: v1.105.0 hooks: - id: terraform_fmt - repo: https://github.com/adrienverge/yamllint.git - rev: v1.35.1 + rev: v1.38.0 hooks: - id: yamllint args: [--format, parsable, --strict] - repo: https://github.com/shellcheck-py/shellcheck-py - rev: v0.10.0.1 + rev: v0.11.0.1 hooks: - id: shellcheck files: \.sh diff --git a/docker/forgejo-runner/docker-compose.yml b/docker/forgejo-runner/docker-compose.yml deleted file mode 100644 index 3cc2359..0000000 --- a/docker/forgejo-runner/docker-compose.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -x-runner-common: &runner-common - image: code.forgejo.org/forgejo/runner:12.7.3 - links: - - docker-in-docker - depends_on: - docker-in-docker: - condition: service_started - user: 1001:1001 - restart: unless-stopped - command: '/bin/sh -c "sleep 5; forgejo-runner daemon"' - environment: - DOCKER_HOST: tcp://docker-in-docker:2375 - -networks: - forgejo: - external: false - -services: - docker-in-docker: - image: docker:dind - container_name: 'docker_dind' - privileged: true - command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false'] - restart: 'unless-stopped' - - runner: - <<: *runner-common - container_name: 'runner' - volumes: - - ${FORGEJO_RUNNER_DATA:-/mnt/nas1/shared/forgejo-runner/data}:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - runner-2: - <<: *runner-common - container_name: 'runner2' - volumes: - - ${FORGEJO_RUNNER_DATA:-/mnt/nas1/shared/forgejo-runner/data2}:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro diff --git a/docker/ganymede/docker-compose.yml b/docker/ganymede/docker-compose.yml index dffcb71..ebc6836 100644 --- a/docker/ganymede/docker-compose.yml +++ b/docker/ganymede/docker-compose.yml @@ -2,7 +2,7 @@ services: ganymede: container_name: ganymede - image: ghcr.io/zibbp/ganymede:4.14.1 + image: ghcr.io/zibbp/ganymede:4.16.0 restart: unless-stopped environment: DEBUG: ${GANYMEDE_DEBUG:-false} diff --git a/docker/nextcloud/Dockerfile b/docker/nextcloud/Dockerfile deleted file mode 100644 index acfa490..0000000 --- a/docker/nextcloud/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -FROM nextcloud:32.0.3-apache - - -RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - ffmpeg \ - ghostscript \ - libmagickcore-7.q16-10-extra \ - procps \ - smbclient \ - supervisor \ - libreoffice \ - ; \ - rm -rf /var/lib/apt/lists/* - -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libbz2-dev \ - #libc-client-dev \ - libkrb5-dev \ - libsmbclient-dev \ - ; \ - \ - #docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \ - docker-php-ext-install \ - bz2 \ - # imap \ - ; \ - pecl install smbclient; \ - docker-php-ext-enable smbclient; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir -p \ - /var/log/supervisord \ - /var/run/supervisord \ -; - -COPY supervisord.conf / - -ENV NEXTCLOUD_UPDATE=1 - -CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml deleted file mode 100644 index 7599f20..0000000 --- a/docker/nextcloud/docker-compose.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -services: - imaginary: - image: nextcloud/aio-imaginary:latest - cap_add: - - SYS_NICE - volumes: - - type: tmpfs - target: /tmp:exec - environment: - - TZ=Europe/Madrid - restart: unless-stopped - networks: - - nextcloud - - nextcloud: - image: git.roboces.dev/catalin/fukuops:nextcloud-32.0.3 - volumes: - - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data - - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config - - /mnt/nas1/legacy-storage/cloud/cloud/custom_apps:/var/www/html/custom_apps - - /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps - - type: tmpfs - target: /tmp:exec - - supervisorlog:/var/log/supervisor:z - - supervisorpid:/var/run/supervisord/:z - environment: - PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M} - NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1} - restart: unless-stopped - ports: - - '8080:80' - networks: - - nextcloud - -networks: - nextcloud: {} -volumes: - supervisorlog: {} - supervisorpid: {} diff --git a/docker/nextcloud/supervisord.conf b/docker/nextcloud/supervisord.conf deleted file mode 100644 index 836a08a..0000000 --- a/docker/nextcloud/supervisord.conf +++ /dev/null @@ -1,22 +0,0 @@ -[supervisord] -nodaemon=true -logfile=/var/log/supervisord/supervisord.log -pidfile=/var/run/supervisord/supervisord.pid -childlogdir=/var/log/supervisord/ -logfile_maxbytes=50MB ; maximum size of logfile before rotation -logfile_backups=10 ; number of backed up logfiles -loglevel=error - -[program:apache2] -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -stderr_logfile=/dev/stderr -stderr_logfile_maxbytes=0 -command=apache2-foreground - -[program:cron] -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -stderr_logfile=/dev/stderr -stderr_logfile_maxbytes=0 -command=/cron.sh diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml index 9980275..14d962c 100644 --- a/docker/paperless/docker-compose.yml +++ b/docker/paperless/docker-compose.yml @@ -14,7 +14,7 @@ services: webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:2.20.13 + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15 restart: unless-stopped ports: - 8002:8000 diff --git a/docker/rustical/docker-compose.yml b/docker/rustical/docker-compose.yml index bdc0d01..b2dc9a8 100644 --- a/docker/rustical/docker-compose.yml +++ b/docker/rustical/docker-compose.yml @@ -1,7 +1,7 @@ --- services: rustical: - image: ghcr.io/lennart-k/rustical:0.12.10 + image: ghcr.io/lennart-k/rustical:0.12.12 restart: unless-stopped ports: - '4000:4000' diff --git a/docker/tailscale/docker-compose.yml b/docker/tailscale/docker-compose.yml index e139f18..aea1233 100644 --- a/docker/tailscale/docker-compose.yml +++ b/docker/tailscale/docker-compose.yml @@ -1,7 +1,7 @@ --- services: tailscale: - image: tailscale/tailscale:v1.94.2 + image: tailscale/tailscale:v1.96.5 hostname: tailscale environment: TS_AUTHKEY: ${TS_AUTHKEY} diff --git a/docker/vaultwarden/docker-compose.yml b/docker/vaultwarden/docker-compose.yml index 3970c77..bbc3594 100644 --- a/docker/vaultwarden/docker-compose.yml +++ b/docker/vaultwarden/docker-compose.yml @@ -1,7 +1,7 @@ --- services: vaultwarden: - image: vaultwarden/server:1.35.4-alpine + image: vaultwarden/server:1.36.0-alpine restart: unless-stopped environment: DATABASE_URL: ${DATABASE_URL} diff --git a/k8s/argo-apps/elastic.yaml b/k8s/argo-apps/elastic.yaml deleted file mode 100644 index b65a53b..0000000 --- a/k8s/argo-apps/elastic.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: elastic - namespace: argocd -spec: - destination: - name: '' - namespace: apps-fuku - server: https://kubernetes.default.svc - sources: - - chart: elasticsearch - repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 22.1.6 - helm: - valuesObject: - service: - type: LoadBalancer - master: - persistence: - enabled: true - storageClass: truenas-nfs-csi - accessModes: - - ReadWriteMany - size: 50Gi - ingress: - enabled: true - hostname: elastic.fuku - tls: true - selfSigned: true - ingressClassName: traefik - data: - persistence: - enabled: true - storageClass: truenas-nfs-csi - accessModes: - - ReadWriteMany - size: 50Gi - autoscaling: - enabled: true - maxReplicas: 3 - minReplicas: 1 - project: fuku - syncPolicy: - automated: {} diff --git a/k8s/argo-apps/forgejo.yaml b/k8s/argo-apps/forgejo.yaml index 1c55a69..70875d8 100644 --- a/k8s/argo-apps/forgejo.yaml +++ b/k8s/argo-apps/forgejo.yaml @@ -14,10 +14,10 @@ spec: sources: - chart: forgejo repoURL: code.forgejo.org/forgejo-helm - targetRevision: 16.2.1 + targetRevision: 17.0.1 helm: valuesObject: - replicaCount: 2 + replicaCount: 1 service: http: type: LoadBalancer @@ -49,15 +49,8 @@ spec: serviceMonitor: enabled: true config: - indexer: - ISSUE_INDEXER_CONN_STR: http://elastic-elasticsearch.apps-fuku.svc.cluster.local:9200 - ISSUE_INDEXER_ENABLED: true - ISSUE_INDEXER_TYPE: elasticsearch - REPO_INDEXER_ENABLED: false - REPO_INDEXER_TYPE: elasticsearch actions: - ENABLED: true - DEFAULT_ACTIONS_URL: https://github.com + ENABLED: false picture: DISABLE_GRAVATAR: false ENABLE_FEDERATED_AVATAR: true @@ -106,9 +99,6 @@ spec: enabled: false redis-cluster: enabled: false - - path: k8s/services/forgejo - repoURL: https://git.roboces.dev/catalin/fukuops.git - targetRevision: main project: roboces syncPolicy: automated: {} diff --git a/k8s/argo-apps/meili.yaml b/k8s/argo-apps/meili.yaml index 1f51360..9303052 100644 --- a/k8s/argo-apps/meili.yaml +++ b/k8s/argo-apps/meili.yaml @@ -18,13 +18,13 @@ spec: targetRevision: main - chart: meilisearch repoURL: https://meilisearch.github.io/meilisearch-kubernetes - targetRevision: 0.30.* + targetRevision: 0.32.* helm: valuesObject: environment: MEILI_ENV: production auth: - existingMasterKeySecret: meilisearch-master-key + existingMasterKeySecret: meili service: type: NodePort port: 7700 diff --git a/k8s/argo-apps/oxicloud.yaml b/k8s/argo-apps/oxicloud.yaml new file mode 100644 index 0000000..2e2ba46 --- /dev/null +++ b/k8s/argo-apps/oxicloud.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: oxicloud + namespace: argocd +spec: + destination: + name: '' + namespace: apps-roboces + server: https://kubernetes.default.svc + sources: + - path: k8s/charts/oxicloud + repoURL: https://git.roboces.dev/catalin/fukuops.git + targetRevision: main + helm: + valuesObject: + image: + repository: diocrafts/oxicloud + pullPolicy: Always + tag: "0.5.6" + persistence: + enabled: true + storageClass: "truenas-nfs-csi" + accessMode: ReadWriteMany + size: 50Gi + service: + type: LoadBalancer + config: + server: + port: 8086 + host: "0.0.0.0" + baseUrl: "https://cloud.roboces.dev" + features: + enableAuth: "true" + enableSharing: "true" + mimalloc: + purgeDelay: "0" + allowLargeOsPages: "0" + secrets: + existingSecret: oxicloud + wopi: + enabled: false + ingress: + className: "traefik" + hosts: + - host: cloud.roboces.dev + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + project: roboces + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index 7353296..505b9af 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 46.97.* + targetRevision: 46.142.* helm: valuesObject: renovate: diff --git a/k8s/argo-apps/vaultwarden-secrets-manager.yaml b/k8s/argo-apps/vault-sm.yaml similarity index 96% rename from k8s/argo-apps/vaultwarden-secrets-manager.yaml rename to k8s/argo-apps/vault-sm.yaml index 1f09c24..5b844ac 100644 --- a/k8s/argo-apps/vaultwarden-secrets-manager.yaml +++ b/k8s/argo-apps/vault-sm.yaml @@ -2,7 +2,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: vaultwarden-secrets-manager + name: vault-sm namespace: argocd spec: destination: @@ -12,7 +12,7 @@ spec: sources: - chart: vaultwarden-kubernetes-secrets repoURL: ghcr.io/antoniolago/charts - targetRevision: 1.3.0 + targetRevision: 1.4.01 helm: valuesObject: api: diff --git a/k8s/argo-apps/woodpecker.yaml b/k8s/argo-apps/woodpecker.yaml new file mode 100644 index 0000000..1068d21 --- /dev/null +++ b/k8s/argo-apps/woodpecker.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: woodpecker + namespace: argocd + annotations: + argocd.argoproj.io/sync-options: Force=true,Replace=true +spec: + destination: + name: '' + namespace: apps-roboces + server: https://kubernetes.default.svc + sources: + - chart: woodpecker + repoURL: ghcr.io/woodpecker-ci/helm + targetRevision: 3.5.1 + helm: + valuesObject: + agent: + persistence: + storageClass: truenas-nfs-csi + accessModes: + - ReadWriteMany + server: + env: + WOODPECKER_ADMIN: 'woodpecker,admin,catalin' + WOODPECKER_HOST: 'https://ci.roboces.dev' + WOODPECKER_FORGEJO: "true" + WOODPECKER_FORGEJO_URL: "https://git.roboces.dev" + WOODPECKER_FORGEJO_CLIENT: + valueFrom: + secretKeyRef: + name: woodpecker + key: WOODPECKER_FORGEJO_CLIENT + WOODPECKER_FORGEJO_SECRET: + valueFrom: + secretKeyRef: + name: woodpecker + key: WOODPECKER_FORGEJO_SECRET + persistentVolume: + storageClass: truenas-nfs-csi + accessModes: + - ReadWriteMany + service: + type: LoadBalancer + ingress: + enabled: true + ingressClassName: traefik + hosts: + - host: ci.roboces.dev + paths: + - path: / + tls: [] + project: roboces + syncPolicy: + automated: {} diff --git a/k8s/charts/miniflux/Chart.yaml b/k8s/charts/miniflux/Chart.yaml index af89594..385a887 100644 --- a/k8s/charts/miniflux/Chart.yaml +++ b/k8s/charts/miniflux/Chart.yaml @@ -3,4 +3,4 @@ name: miniflux description: A Helm chart for Miniflux RSS reader type: application version: 0.1.0 -appVersion: "2.2.17" +appVersion: "2.2.18" diff --git a/k8s/charts/oxicloud/.helmignore b/k8s/charts/oxicloud/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/k8s/charts/oxicloud/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/k8s/charts/oxicloud/Chart.yaml b/k8s/charts/oxicloud/Chart.yaml new file mode 100644 index 0000000..50069e2 --- /dev/null +++ b/k8s/charts/oxicloud/Chart.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v2 +name: oxicloud +description: | + Ultra-fast, secure & lightweight self-hosted cloud storage — your files, photos, calendars & contacts, all in one place. Built in Rust. +type: application +version: 0.1.0 +appVersion: "0.5.2" diff --git a/k8s/charts/oxicloud/templates/_helpers.tpl b/k8s/charts/oxicloud/templates/_helpers.tpl new file mode 100644 index 0000000..0e1d40b --- /dev/null +++ b/k8s/charts/oxicloud/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* Expand the name of the chart. */}} +{{- define "oxicloud.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* Create a default fully qualified app name. */}} +{{- define "oxicloud.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* Common labels */}} +{{- define "oxicloud.labels" -}} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{ include "oxicloud.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* Selector labels */}} +{{- define "oxicloud.selectorLabels" -}} +app.kubernetes.io/name: {{ include "oxicloud.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/k8s/charts/oxicloud/templates/configmap.yaml b/k8s/charts/oxicloud/templates/configmap.yaml new file mode 100644 index 0000000..edd8d27 --- /dev/null +++ b/k8s/charts/oxicloud/templates/configmap.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "oxicloud.fullname" . }}-config +data: + OXICLOUD_SERVER_PORT: {{ .Values.config.server.port | quote }} + OXICLOUD_SERVER_HOST: {{ .Values.config.server.host | quote }} + {{- if .Values.config.server.baseUrl }} + OXICLOUD_BASE_URL: {{ .Values.config.server.baseUrl | quote }} + {{- end }} + OXICLOUD_ENABLE_AUTH: {{ .Values.config.features.enableAuth | quote }} + OXICLOUD_ENABLE_FILE_SHARING: {{ .Values.config.features.enableSharing | quote }} + MIMALLOC_PURGE_DELAY: {{ .Values.config.mimalloc.purgeDelay | quote }} + MIMALLOC_ALLOW_LARGE_OS_PAGES: {{ .Values.config.mimalloc.allowLargeOsPages | quote }} + + {{- if .Values.wopi.enabled }} + OXICLOUD_WOPI_ENABLED: "true" + OXICLOUD_WOPI_DISCOVERY_URL: "{{ .Values.config.server.baseUrl }}/hosting/discovery" + {{- else }} + OXICLOUD_WOPI_ENABLED: "false" + {{- end }} diff --git a/k8s/charts/oxicloud/templates/ingress.yaml b/k8s/charts/oxicloud/templates/ingress.yaml new file mode 100644 index 0000000..ab3a14b --- /dev/null +++ b/k8s/charts/oxicloud/templates/ingress.yaml @@ -0,0 +1,64 @@ +--- +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "oxicloud.fullname" . }} + labels: + {{- include "oxicloud.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ (index .Values.ingress.hosts 0).host | quote }} + http: + paths: + {{- if .Values.wopi.enabled }} + # Route Collabora traffic to the WOPI pod + - path: /browser + pathType: Prefix + backend: + service: + name: {{ include "oxicloud.fullname" $ }}-wopi + port: + number: {{ .Values.wopi.collabora.service.port }} + - path: /hosting + pathType: Prefix + backend: + service: + name: {{ include "oxicloud.fullname" $ }}-wopi + port: + number: {{ .Values.wopi.collabora.service.port }} + - path: /cool + pathType: Prefix + backend: + service: + name: {{ include "oxicloud.fullname" $ }}-wopi + port: + number: {{ .Values.wopi.collabora.service.port }} + {{- end }} + + # Default Catch-All: Route everything else to OxiCloud + - path: / + pathType: Prefix + backend: + service: + name: {{ include "oxicloud.fullname" $ }} + port: + number: {{ $.Values.service.port }} +{{- end }} diff --git a/k8s/charts/oxicloud/templates/secret.yaml b/k8s/charts/oxicloud/templates/secret.yaml new file mode 100644 index 0000000..d5aac3c --- /dev/null +++ b/k8s/charts/oxicloud/templates/secret.yaml @@ -0,0 +1,19 @@ +--- +{{- if not .Values.secrets.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "oxicloud.fullname" . }}-secret + labels: + {{- include "oxicloud.labels" . | nindent 4 }} +type: Opaque +data: + {{- if .Values.secrets.jwtSecret }} + OXICLOUD_JWT_SECRET: {{ .Values.secrets.jwtSecret | b64enc | quote }} + {{- end }} + DB_PASSWORD: {{ .Values.database.password | b64enc | quote }} + {{- if .Values.wopi.enabled }} + WOPI_ADMIN_USERNAME: {{ .Values.wopi.collabora.admin.username | b64enc | quote }} + WOPI_ADMIN_PASSWORD: {{ .Values.wopi.collabora.admin.password | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/k8s/charts/oxicloud/templates/service.yaml b/k8s/charts/oxicloud/templates/service.yaml new file mode 100644 index 0000000..b0a4bc8 --- /dev/null +++ b/k8s/charts/oxicloud/templates/service.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "oxicloud.fullname" . }} + labels: + {{- include "oxicloud.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "oxicloud.selectorLabels" . | nindent 4 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "oxicloud.fullname" . }}-headless + labels: + {{- include "oxicloud.labels" . | nindent 4 }} +spec: + clusterIP: None + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "oxicloud.selectorLabels" . | nindent 4 }} diff --git a/k8s/charts/oxicloud/templates/statefulset.yaml b/k8s/charts/oxicloud/templates/statefulset.yaml new file mode 100644 index 0000000..2a6d68e --- /dev/null +++ b/k8s/charts/oxicloud/templates/statefulset.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "oxicloud.fullname" . }} + labels: + {{- include "oxicloud.labels" . | nindent 4 }} +spec: + serviceName: {{ include "oxicloud.fullname" . }}-headless + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "oxicloud.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "oxicloud.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: oxicloud + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8086 + protocol: TCP + envFrom: + - configMapRef: + name: {{ include "oxicloud.fullname" . }}-config + - secretRef: + name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }} + volumeMounts: + - name: storage-data + mountPath: /app/storage + {{- if not .Values.persistence.enabled }} + volumes: + - name: storage-data + emptyDir: {} + {{- end }} + + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: storage-data + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- end }} diff --git a/k8s/charts/oxicloud/templates/wopi-deployment.yaml b/k8s/charts/oxicloud/templates/wopi-deployment.yaml new file mode 100644 index 0000000..0cdc0d4 --- /dev/null +++ b/k8s/charts/oxicloud/templates/wopi-deployment.yaml @@ -0,0 +1,58 @@ +--- +{{- if .Values.wopi.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "oxicloud.fullname" . }}-wopi + labels: + {{- include "oxicloud.labels" . | nindent 4 }} + app.kubernetes.io/component: wopi +spec: + replicas: 1 + selector: + matchLabels: + {{- include "oxicloud.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: wopi + template: + metadata: + labels: + {{- include "oxicloud.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: wopi + spec: + containers: + - name: collabora + image: "{{ .Values.wopi.collabora.image.repository }}:{{ .Values.wopi.collabora.image.tag }}" + imagePullPolicy: {{ .Values.wopi.collabora.image.pullPolicy }} + # Required for Collabora to build chroot jails + securityContext: + capabilities: + add: + - MKNOD + ports: + - name: wopi + containerPort: 9980 + protocol: TCP + env: + - name: aliasgroup1 + value: "http://{{ .Values.wopi.collabora.domain }}" + - name: server_name + value: {{ .Values.wopi.collabora.domain | quote }} + - name: extra_params + value: {{ .Values.wopi.collabora.extraParams | quote }} + - name: username + valueFrom: + secretKeyRef: + name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }} + key: WOPI_ADMIN_USERNAME + - name: password + valueFrom: + secretKeyRef: + name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }} + key: WOPI_ADMIN_PASSWORD + readinessProbe: + httpGet: + path: /hosting/discovery + port: wopi + initialDelaySeconds: 10 + periodSeconds: 10 +{{- end }} diff --git a/k8s/charts/oxicloud/templates/wopi-service.yaml b/k8s/charts/oxicloud/templates/wopi-service.yaml new file mode 100644 index 0000000..6b27207 --- /dev/null +++ b/k8s/charts/oxicloud/templates/wopi-service.yaml @@ -0,0 +1,20 @@ +--- +{{- if .Values.wopi.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "oxicloud.fullname" . }}-wopi + labels: + {{- include "oxicloud.labels" . | nindent 4 }} + app.kubernetes.io/component: wopi +spec: + type: ClusterIP + ports: + - port: {{ .Values.wopi.collabora.service.port }} + targetPort: wopi + protocol: TCP + name: wopi + selector: + {{- include "oxicloud.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: wopi +{{- end }} diff --git a/k8s/charts/oxicloud/values.yaml b/k8s/charts/oxicloud/values.yaml new file mode 100644 index 0000000..3bbd384 --- /dev/null +++ b/k8s/charts/oxicloud/values.yaml @@ -0,0 +1,67 @@ +--- +replicaCount: 1 + +image: + repository: oxicloud + pullPolicy: IfNotPresent + tag: "latest" + +database: + host: "postgres.example.com" + port: 5432 + username: "postgres" + password: "change_me_in_production" + name: "oxicloud" + +config: + server: + port: 8086 + host: "0.0.0.0" + baseUrl: "https://cloud.example.com" + features: + enableAuth: "true" + enableSharing: "true" + mimalloc: + purgeDelay: "0" + allowLargeOsPages: "0" + +persistence: + enabled: true + storageClass: "" + accessMode: ReadWriteOnce + size: 50Gi + +wopi: + enabled: true + collabora: + url: "cloud.example.com" + image: + repository: collabora/code + tag: latest + pullPolicy: IfNotPresent + service: + port: 9980 + admin: + username: admin + password: "wopi_admin_password" + extraParams: "--o:ssl.enable=false --o:ssl.termination=false --o:net.frame_ancestors=http://* https://*" + +secrets: + existingSecret: "" + jwtSecret: "" + oidcClientSecret: "" + +service: + type: ClusterIP + port: 8086 + +ingress: + enabled: true + className: "traefik" + annotations: {} + hosts: + - host: cloud.example.com + paths: + - path: / + pathType: ImplementationSpecific + tls: [] diff --git a/k8s/services/argo/project-fuku.yaml b/k8s/services/argo/project-fuku.yaml index 6f03737..46076fd 100644 --- a/k8s/services/argo/project-fuku.yaml +++ b/k8s/services/argo/project-fuku.yaml @@ -25,7 +25,6 @@ spec: - https://charts.crystalnet.org - https://portainer.github.io/k8s/ - https://docs.renovatebot.com/helm-charts - - registry-1.docker.io/bitnamicharts - https://meilisearch.github.io/meilisearch-kubernetes - https://kubetail-org.github.io/helm-charts/ - https://groundhog2k.github.io/helm-charts/ @@ -34,3 +33,4 @@ spec: - https://helm.runix.net - https://rcourtman.github.io/Pulse - ghcr.io/antoniolago/charts + - https://helm.elastic.co diff --git a/k8s/services/argo/project-roboces.yaml b/k8s/services/argo/project-roboces.yaml index 9f05403..9b6f364 100644 --- a/k8s/services/argo/project-roboces.yaml +++ b/k8s/services/argo/project-roboces.yaml @@ -8,8 +8,11 @@ spec: destinations: - namespace: apps-roboces server: https://kubernetes.default.svc + - namespace: woodpecker + server: https://kubernetes.default.svc sourceRepos: - https://git.roboces.dev/catalin/fukuops.git - code.forgejo.org/forgejo-helm - https://git.roboces.dev/catalin/huesoporro.git - https://gitlab.com/api/v4/projects/64552889/packages/helm/release + - ghcr.io/woodpecker-ci/helm diff --git a/k8s/services/factorio/sealedsecrets.yaml b/k8s/services/factorio/sealedsecrets.yaml deleted file mode 100644 index 5b36966..0000000 --- a/k8s/services/factorio/sealedsecrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: - name: secrets-factorio - namespace: apps-fuku -spec: - encryptedData: - game_password: AgCmUZilQTlqof5so2DyvjbCh3J8OAkz4lSQv++z+9XUz4/+KjwgEjP5SI9nf2WVfIHt7WiJN8oaPlYnm2XIdbBUrvKlTEuMAy2XeI8DE2+wKHXdbmLg7t3oZR/8kw3py9W3o4dlXp5XY2G4S3cG8TX0fkN58ni61mYv+zSvc6stcT/iveJqO5E+hXPcDSexzxQ/8DybS4D5g8W3N2OMhRoU0wwhYfXAuxN90BzFKgD6X/9Xy1c7pPQQkEidpA6l1uP5qIG/vChmIpqsOmQWbibGQn53el5ulPvaybx1wRu33eJJcSPRS+XthZv9dtwduFlboMT6QPWcVL5gSQ0ceCBidQIHGLRLxcHYPZz83miCeVYFY1xFegrwPBsXYEdfar5mufxgSQGtSHGzwEV0Ry+tcmjz9JqWpQBQVg10Bs0GYwvy/XGHi1BLCouAXXL//eVbGp1s9cl4uyN9Ymzt5zNrf/SvUweFsaCYrC6xVFA2CCsLbsyu/YbmKkO+cd1IwAle4luGmJHnZgrXKMwQFYoMTGsgEGYt87Itz7eOSmHEm/ZJwZ3oL6n0LGgHpJu1gb4Op0ZA9p44DKeg2fy5Go9rWeMOP0RIw8/SApE6QmT0Bw8QccddnTHhwuCLet2PoiUodKhFffTfGN6PGPeIcyQJpiEDxUI7nquWSNGTcMJDsR3LbzU6A8MpDQrrg5Az6YzyZOo7NLEMbitKLrqt9lfH5g7g # yamllint disable rule:line-length - password: AgCTY4hn/wTGipH9oX7SgS44PE6wEe34AB2Pz9IeB5KcISZVGgWAUMtcffexV31jcNwz5TrztNam22Ys7qYbsZZVNOWm27/KZP3U04Jrq1cIPhY+xE1xF3vMqCd54r+kaeMO4hlDhBlE7Hs6BHdURTpPz8ocqihT2bft+Q8p2Myf3vPHXcDwoUyQj/AFYJdJJhyVfD5NDdacFhOmPTB/tUE4AW1Rz9oND6sy0x7NaP44vswVbhREpMA9wkltJRugRKUwXdfC6kOrfKa1R88aNOwkqc22F1U1PhcqUSAMYQxOA+zz3xMjrP8o70V1/FBKxnTBYVIpdHuwl2RpvC/TewJYVEu1xzp3texfgkTn6XXMp9InxfA6y1wpSVpMPYK5zPRCnmuyPTdSd+DrD6C6y2rstrHvvHxnLPtqo5REVjkfTGkEilmQ1+SllPMPk/6hKivahdmORixoI2MtOz4k4d+7rdPrrsRscMHAheyJTNdKC3wGoKFqbm+0zFV3GFaxM65K0USlYhPwyKG3FlHGj0t8HmXOr+M2cQKd4vqIrq8betRp08YPGMOT0Ea1KIvoP3z4yiJg2Z64d8d0Brof/h4fFd4kKgfMYm/CvkNh5zjFzEYi+K/6G/G99RBxwl7kK3eMB6CiuOnLITCw/Ok/LiRcdnIcAe7yobHG6FWHas4KPL5t4dPTxo12catoWtuJG7L20AIl3171+gO3jS0e4zAvZ+7S # yamllint disable rule:line-length - token: AgByS4w6xSn0/FzWkgNazh7hyZjKTTmg9WtQ3oyKQUVF6FYg+qvPYYLuNu7rTwQOa4LGw3Cvf/yYT0+WU93BjfNCSVMfes1lE2dQzukK4+zEeDhZ4MSpBOBgYYwHJkrFyHpvVSAQkaPi40T0M8iJmFv+Oq1s8zRWmx84LMllaJuRGH/t9jMfmR3rF6JBcSmEmkmB7N8cD+ytPPtZKXGJXaWE0qvuNKNveqirLRt7E+B7z7yvhroaEHahHEseOQnJ6dKY83KzH1riHBTUNOVcI62hSkiYEbbZXAzxznxMKDs04w/BpOksTeg3OWD/RzwuRdX5M2zb3wrrqbF9r9yoLUbWBMS2bdUbUyLiqvfzKUWKAd8eZsS4+P8N5fbPrLgXmB+xRz5xiCQ+r/ZL4Nj9pfuSZMDKytIglldB6BT5gtnodiaCgAPrtLz2OMtBvvojpWOaaBbYWxbrnMhCG2YYU7Kd4UFXEttL/MVs7YkZow12AIngKqzz7vXo3K2iwRYoi2CjOwv3NeXSWk9LdTrTxs00iO8RT55wbAcg9HiNkYZFtrI+6sygvnHhDmNhYG0z7yHCpx13KIjoFEtVEcx2F9bbMftxBmZoOFaGtBhFSgH323CLGoFecdhv41cH9F5HHzpc13Pc5dShm6ZPgWrWG88w0Q4WIT6hiXlriSnd9xw0At4kl7wRBqusZgwDVTBCFbtKS6Gg9msBZnZzADI/aeljY3QXGg2YT/2Ra2c3quY= # yamllint disable rule:line-length - template: # yamllint disable rule:line-length - metadata: - creationTimestamp: - name: secrets-factorio - namespace: apps-fuku - type: Opaque diff --git a/k8s/services/meili/sealedsecrets.yaml b/k8s/services/meili/sealedsecrets.yaml deleted file mode 100644 index 98dd5cb..0000000 --- a/k8s/services/meili/sealedsecrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# yamllint disable rule:line-length ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: meilisearch-master-key - namespace: apps-fuku -spec: - encryptedData: - MEILI_MASTER_KEY: AgBcQDv79lsUJF09YTd+zsuC9Ufhgs74mk5sxIrgaAQW/5yBupPgIsZw+g33qDqejuG+hfdhvkTOFHYetNuEDjnPWEpySjMLiB6N/HXMSuPimbOSjhHP3d7jgnWnIluUPs3RsvxDzaHCygVsS2a5ul7+qJGbiQTlmcV/rMVkqiw95mxwswkZhWi1Da1QYPgjRkazbCV0JAVhYYoo7VBnxceyGOS7Um5BsdyDMmXCn0qegU2FDlXTcBBur48hlyRqie/DxyZi3Yx/yiOnVH7g7H41H6hLJpKhQTMQbnohAqUC2UZZJlwrc8b/3kisFw/pxBP7S47hn9iseQcw18mXs6SzlXbhWm+CyNsKEvuXJAMVlaCrOCqs8Kf8ZlraCJYYq8mx+zoA7yAHnRdC4uByR5SGwnXJgq4WJD3wx90NuVbTcJfpQ+bNMPpRS8W+66S9j+rBVk6YcqCqL62JPSf0I9ZKCrNJrtbx5WyxbcVAgZdd2oxxXq6fG4I/wvqn/LN7nAqDwaCjU0395R+vM89o24h8pMTNOUhY1Dqxh0rKQOnTACc12kmhwQucdtjwkFzM7PJxW8d8GGdvgPoIxe27sguUMvn6IFo8h0JmGrbAyDEeR113s/gwQm9ozM9KJXXyImfiRJCcDSlny0rTNWZaGonXuSezFuhcSazepd0v85ofHgIflQQjMfLUNz1b9+ci4SbnpoJwzlrY2d6SyJSIA7Bz223j9UcRgDvRvIz3 - template: - metadata: - creationTimestamp: null - name: meilisearch-master-key - namespace: apps-fuku diff --git a/scripts/k3scale.sh b/scripts/k3scale.sh new file mode 100755 index 0000000..945990f --- /dev/null +++ b/scripts/k3scale.sh @@ -0,0 +1,162 @@ +#!/usr/bin/env bash + + +usage() { + cat <&2 + usage >&2 + exit 1 + ;; + *) + if [[ -z "$REPLICAS" ]]; then + REPLICAS="$1" + else + RESOURCES+=("$1") + fi + shift + ;; + esac +done + +if [[ -z "$REPLICAS" ]]; then + echo "Error: REPLICAS is required" >&2 + usage >&2 + exit 1 +fi + +if [[ "$ALL" == false && "$ALL_NAMESPACES" == false && ${#RESOURCES[@]} -eq 0 ]]; then + echo "Error: Must specify --all, --all-namespaces, or at least one RESOURCE" >&2 + usage >&2 + exit 1 +fi + +NAMESPACE_ARG=() +if [[ -n "$NAMESPACE" ]]; then + NAMESPACE_ARG=("-n" "$NAMESPACE") +fi + +DRY_RUN_ARG=() +if [[ "$DRY_RUN" == true ]]; then + DRY_RUN_ARG=("--dry-run=client") +fi + +KUBECTL_BASE=(kubectl) +if [[ -n "$KUBECTL_V" ]]; then + KUBECTL_BASE+=( "$KUBECTL_V" ) +fi +KUBECTL_BASE+=( "${NAMESPACE_ARG[@]}" ) +KUBECTL_BASE+=( "${DRY_RUN_ARG[@]}" ) + +scale_resource() { + local resource="$1" + local ns name + + if [[ "$resource" == */* ]]; then + ns="${resource%%/*}" + name="${resource#*/}" + else + ns="${NAMESPACE:-$(kubectl "${NAMESPACE_ARG[@]}" config view --minify --output jsonpath='{.contexts[0].context.namespace}' 2>/dev/null || echo "default")}" + name="$resource" + fi + + for kind in deployment statefulset; do + if "${KUBECTL_BASE[@]}" get "$kind" "$name" -n "$ns" &>/dev/null; then + echo "Scaling $kind/$ns/$name to $REPLICAS replicas${DRY_RUN:+ (dry-run)}" + "${KUBECTL_BASE[@]}" scale "$kind" "$name" -n "$ns" --replicas="$REPLICAS" + return 0 + fi + done + + echo "Error: Resource '$resource' not found as deployment or statefulset" >&2 + return 1 +} + +get_resources() { + local ns_flag=() + if [[ "$ALL_NAMESPACES" == true ]]; then + ns_flag=("--all-namespaces") + elif [[ -n "$NAMESPACE" ]]; then + ns_flag=("-n" "$NAMESPACE") + fi + + "${KUBECTL_BASE[@]}" get "${ns_flag[@]}" deployment,statefulset -o jsonpath='{range .items[*]}{.metadata.namespace}/{.kind}/{.metadata.name}{"\n"}{end}' 2>/dev/null | while IFS=/ read -r ns kind name; do + echo "$ns/$name" + done +} + +if [[ "$ALL" == true || "$ALL_NAMESPACES" == true ]]; then + while IFS= read -r resource; do + [[ -n "$resource" ]] && scale_resource "$resource" + done < <(get_resources) +else + for resource in "${RESOURCES[@]}"; do + scale_resource "$resource" + done +fi diff --git a/scripts/proxmox-power.sh b/scripts/proxmox-power.sh old mode 100644 new mode 100755 diff --git a/scripts/update-argo.sh b/scripts/update-argo.sh new file mode 100755 index 0000000..fbdd1da --- /dev/null +++ b/scripts/update-argo.sh @@ -0,0 +1,129 @@ +#!/usr/bin/env bash + +check_kubectl() { + if ! command -v kubectl &>/dev/null; then + echo "Error: kubectl is not installed or not in PATH" >&2 + exit 1 + fi + log_info "kubectl found at $(command -v kubectl)" +} + +VERBOSE=0 + +log_debug() { [[ $VERBOSE -ge 3 ]] && echo "[DEBUG] $*" || true; } +log_verbose() { [[ $VERBOSE -ge 2 ]] && echo "[VERBOSE] $*" || true; } +log_info() { [[ $VERBOSE -ge 1 ]] && echo "[INFO] $*" || true; } +log_error() { echo "[ERROR] $*" >&2; } + +usage() { + cat <&2 + usage >&2 + exit 1 + ;; + *) + TARGET_VERSION="$1" + shift + ;; + esac +done + +log_debug "Script started with target version: ${TARGET_VERSION:-auto}" + +check_kubectl + +log_info "Checking current kubectl context" +CURRENT_CONTEXT=$(kubectl config current-context 2>/dev/null) +log_verbose "Current context: $CURRENT_CONTEXT" + +log_info "Checking for ArgoCD installation" +if ! kubectl get ns argocd &>/dev/null; then + log_error "ArgoCD namespace not found. This script only upgrades existing installations." + exit 1 +fi +log_verbose "ArgoCD namespace found" + +log_info "Checking current ArgoCD version" +CURRENT_VERSION=$(kubectl get deployment argocd-server -n argocd -o jsonpath='{.spec.template.spec.containers[0].image}' 2>/dev/null) +if [[ -n "$CURRENT_VERSION" ]]; then + CURRENT_VERSION=$(echo "$CURRENT_VERSION" | sed 's/.*argocd:v\?//' | tr -d ' \n') + if [[ -n "$CURRENT_VERSION" ]]; then + CURRENT_VERSION="${CURRENT_VERSION#v}" + log_verbose "Current ArgoCD version: $CURRENT_VERSION" + else + log_error "Could not extract ArgoCD version from image: $CURRENT_VERSION" + exit 1 + fi +fi + +if [[ -z "$TARGET_VERSION" ]]; then + log_info "No target version specified, querying for latest version" + log_verbose "Fetching latest release from GitHub" + LATEST_VERSION=$(curl -s https://api.github.com/repos/argoproj/argo-cd/releases/latest | grep -oP '"tag_name":\s*"\K[^"]+' | sed 's/^v//') + if [[ -n "$LATEST_VERSION" ]]; then + log_verbose "Latest version available: $LATEST_VERSION" + TARGET_VERSION="$LATEST_VERSION" + else + echo "Error: Could not fetch latest version" >&2 + exit 1 + fi +fi + +log_info "Target version: $TARGET_VERSION" + +log_debug "Determining update path from $CURRENT_VERSION to $TARGET_VERSION" + +log_info "Applying ArgoCD manifests" +log_verbose "Downloading manifest from https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml" +curl -sLO "https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml" + +log_debug "Applying manifest with kubectl" +if [[ "$DRY_RUN" == true ]]; then + log_verbose "Dry-run mode: would apply manifest" + kubectl apply -n argocd -f install.yaml --dry-run=client +else + kubectl apply -n argocd -f install.yaml +fi + +log_verbose "Cleaning up downloaded manifest" +rm -f install.yaml + +log_info "Update to ArgoCD $TARGET_VERSION initiated" diff --git a/tofu/adguard/.terraform.lock.hcl b/tofu/adguard/.terraform.lock.hcl index 754c9d0..6361897 100644 --- a/tofu/adguard/.terraform.lock.hcl +++ b/tofu/adguard/.terraform.lock.hcl @@ -2,37 +2,35 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/gmichels/adguard" { - version = "1.6.2" - constraints = "1.6.2" + version = "1.7.0" + constraints = "1.7.0" hashes = [ - "h1:4rfmv0e8MoRPw+CTZBxTlPZbOSvPnIIt8kwVIIRIqbc=", - "h1:FUOYxkRfDHxiAlTKpvfZpNpRdCkq7Gs9JcZjLWo+guM=", - "h1:FewdC+pt/Z8XC1M5M49D74MYnMzVjwVoAcnonmbxhwA=", - "h1:RAXQ/T7oF42hDSuXH7hH85uj8QmHRS+ArP5pO4ILslc=", - "h1:a5SEI5KSX0cENGjd+IrxMj4l0Cr5GWvTP8Ng3cJaLTg=", - "h1:gNdYW6qM5jJTA2M9BHzVtuCTSmY2Fi/r08A/duZR8Yg=", - "h1:gnBusJUhlOSxn2JG5V0N3aHWAcTtMLcSjRSMKm8+6S4=", - "h1:hwB3SSfBITtOIggACNkdTnA8hG2AzYaFgG3WJny3290=", - "h1:iGjswHan6q6vYBTxR+WFBCUwCN7jmg7mAvFnv4P3/m8=", - "h1:mBxI5srrplxBHZLuXfEVZzwph3mCl9SQv0e9nR2GhQ4=", - "h1:o3CYF1B/kMBktAn1cWJuqW84VqZkM5K3A1BPw6v5fnA=", - "h1:sX4l50R6dzuHdQJFBfGDY6lZc4bCGKjxkKRtoKmx/1g=", - "h1:shVeqrDxxOvnsD//ryu7IoxwPsGb+6FeLmum3szd/mU=", - "h1:wY3pI9C3lEZ9nZRIqky5cqfwLm+u7Wi/9HBVCo4o9/M=", - "zh:0337224a2b6418ba38cedf7f2cef9b154f51db4791b03d6b5745cb26f60614d2", - "zh:09addda402962c46cd236ae1703ba9632f377897e8d321678cf0e4428a5071f7", - "zh:1f7b511933d6ca8fbdcd5bb50bba910e88b73fee57ae2922e01f18470350929e", - "zh:2bd2a45c4cddd19b2a55d6d658184df25f002e0b7a929da48b5086922ae846d6", - "zh:30ed44fd468132273029302fc16de4e76a1f10b816862e2e5dfca545e5b67f70", - "zh:3f73e37f6410509f7811db77b53f6e332c24344ad800a1d56bcf6af2a706d998", - "zh:5215dbeb6edbe0e7fae238580bb649745824d3744cc0d3b407244383ddeefd96", - "zh:543a6b4d814607884791306ae661a1d3475af90785712fb6c94e2b616f75afba", - "zh:8402d7a2d501ff0c9fe2216bf80f6bc133f0277cc3f184d3d37f4628b778f18b", - "zh:894ac1fce4fd92c66684d64d41356d5d02ebcf3a68e4ae1150314732f9ac384f", - "zh:ad547c8c8413de6886cf563129b117a0aab79b9841e7486e58a639c74eeacc12", - "zh:b9d69a6f99256cbd741ddc881f8665eec6e51ee1a4b99918ae8e9bdcf73cf31d", - "zh:d254d2dae145dbe5435be32b821198d9d5dca81fb67e06499eb8a8bd78a34ba5", - "zh:df327c22ba4437fa5e879ae70ce8330363a4e6f320711e7bd2ac249db3a3a551", + "h1:1vvJ6KcLUR8U2BHNtj7tMsgEsGXzTKMIFsHfcZYEVyc=", + "h1:5BDrsrU/Sdain/+KkhbNzxVL81rh69wG4iKOIBf9qys=", + "h1:70gWtux/jVZQgsDjr8+j0aRHKkGZqRWCmzoX9ddC7f4=", + "h1:Qdqipgukxph9vqXiEKVzFSgXfEmGiGw1JrrQvwJOtco=", + "h1:QveIrziFNxu+Go7pl7qjH5tqPOb8pgzfTdunVgsJ3vg=", + "h1:UrJdOlCLAWC7/I2Co02RtOKT3tSGb8TwOgJ7s0sOtCo=", + "h1:W6nZfQzWb3Ds1JRytBqzsZoNBa6x4OOe9J87f1nyCRA=", + "h1:c3RK8fSEr2yfPySC0WemOC/CR3608Ra4vFwGhvdrswg=", + "h1:jizPinVWDQUN6rKwiBgRm7PcgUJe4AWlCWghgH0v7xI=", + "h1:lb9gv3IiUZDA4P/kpuvOqZmidWMIbpG+sUecM1QclNo=", + "h1:sRIMccvZq71/CxTknprnRozCChEZSq4Nmt+M+DOjTq8=", + "h1:uOdtIfvNVEHheucpt51bSCYtX2W1LKELlOkBTbjBm6o=", + "h1:woGvhSgZDFj5+yH5uHonXSIn6AaeZekb3t9oXMZB/DQ=", + "zh:0b83aa1ade1a6f7c9b1af0488dad43bf00e733d1517463d4bee51c17612546da", + "zh:15d784c16545efaf6c368b642995bb0d0ef61b6961e67b072430d445ef6c02fc", + "zh:1c4da4d20c98795fee1ac0cd9ffd880a68f06992d6fe849342c4b19f79c8aff9", + "zh:41afcdcc5236fa40a0b7ec614cb830ef03d45f8f1b8988d24d80ec999ef34b9b", + "zh:4c8e832a5a842420b5163eb5eb2bd7d460ece524efc618bdba64e4f4a2d403b5", + "zh:58e19d2f9e4bd9f2a13b631c3213157ea80ef3aa7b3b8edcd8fb341f9c06c5e5", + "zh:7380ca4d053255f787ded10c26b19ebd23d3563ddbb36d0be66bb2cef293d27d", + "zh:7b21589bb31084bb68b2deb96bd4130b8b13c1c71614704d13d4cbdfc583f3c7", + "zh:82aee49172286676cdccbc97b809b84acf3edeb164ae77cafa837118ee3769a6", + "zh:95431a266520cce112474616c27c80f0017625ef7d80aaf69118360222d7974b", + "zh:a6dc4b60beafc471d049b856df4bf793838b1e8b2079efe4a12ebf6fbd482098", + "zh:d9c5c35be3ae54a52fb444b61e442445e74df6a4ab5bc4884b0f5d55eacc4ced", + "zh:f6bd2db5d9a178c9b5b020e505affc245a0ceaa8e662f37ad9743d65e1153322", "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", ] } diff --git a/tofu/adguard/main.tf b/tofu/adguard/main.tf index 894cfea..fe0c505 100644 --- a/tofu/adguard/main.tf +++ b/tofu/adguard/main.tf @@ -9,7 +9,7 @@ terraform { required_providers { adguard = { source = "gmichels/adguard" - version = "1.6.2" + version = "1.7.0" } } } diff --git a/tofu/authentik/.terraform.lock.hcl b/tofu/authentik/.terraform.lock.hcl index fe7616b..71b1759 100644 --- a/tofu/authentik/.terraform.lock.hcl +++ b/tofu/authentik/.terraform.lock.hcl @@ -2,36 +2,34 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2025.12.1" - constraints = "2025.12.1" + version = "2026.2.0" + constraints = "2026.2.0" hashes = [ - "h1:+R2MRgaXvmR1l+nYxYJqMSuvA4VBzfBoh2Er6TnDRPE=", - "h1:1y5I173i8qvxp8GQHBBI/bxkr6YOqY4IqOiJWIUSeeM=", - "h1:XHaltkhuTgyFCCZgpay2orOgc0TyZf0KqrFHNfUgY20=", - "h1:XvFByv5e6fKSlayYaXpFD/JbTYZN1ybujVJJjny1Q18=", - "h1:ZU9d05CLVYBbmdB0IGiG9MueY4/fVo4D6FeyQtbeujA=", - "h1:doHtDOiEIgIUWlUUc9jC7Uqdhj1hsy3etvdYmegcUZM=", - "h1:hUgMx2B40ByfaMA4Al0h7xotp/pZxJJxZZa/HJb6NDc=", - "h1:kG5J46qkCdUWJp/1p8CLifqc7Fy54IDZEjYhpmWcars=", - "h1:lNx+bJr11tPJxpkL5aTdOkGwB41O2Kv8fvKuiMl/LLs=", - "h1:mSOL+FqSLNkWeXopegyK/MoCkMD/VmW9V3PHLaIePjU=", - "h1:oCKzPBsyaD1ENda7qbREG3DYV3Opu09ub+msk3vRCkw=", - "h1:p9AGeRqK50wTHEIp7z7O4MUP83cs+lt7wPajZ9m9TB8=", - "h1:tBoVWDOhByI7cg9TYAAw6LDdMmWLpa2LYwJzzcukdiA=", - "h1:zHQHXKmlGNYBaWLJ9SuXsJ7dbpsvhDJl5pJi+PFU+2w=", - "zh:0e856d3b13614bc32346a236a8e84ba55ecd17238c2008d4b3e71aa8cb49f515", - "zh:2dcc44cd499c18ebbc4f763eff97a7b725763c8ac8fbb5d69c935413ccdc4962", - "zh:434100fc75ec7cd6b64cc9497e8273e79325fa8d285e9fd9d341c1a67421643b", - "zh:483484f66d2e8ce6fa4bfd91e824ceebf07d10acb5df5f366397c55227c4ae91", - "zh:596743a6f1c77a6f103b06ef8d932fe8f2376793b92478853dc84571d17c429f", - "zh:5ed2d5eb7db13229baaf042c725d5c64b58ffdcc641370175e0a88900af94bf1", - "zh:8aecd4cf782c82bee01098f72fe4ffff83707516007b32a01c7fcb19a9260338", - "zh:928c05ecac309287ff7d73ed6e478350fe3003557658ae5dc2be817a4268dba7", - "zh:9b9fd36dfb3e75da8b4478485272505ae9a3c67b10db173e1d2d76cfe2b637b8", - "zh:ab7cd8c61ab67a045854e32f0be1940a92746770dbf3c17bbe923e0259c4f897", - "zh:bb1360ec19a4fc1095d0ef1b7b6c5c3c1a91daac7cd1957d43a4cdbb7356a2e3", - "zh:d2186f4063aa1a547b52a53745d472e43f5343bc1674f2bbb91421c61b0fab50", - "zh:d74bbb67a77951b18ffd7b2863954e70ac03450ad2023cc305c66a5ff25d8d18", - "zh:f5970569ea0a479bbfbf2d452f5962e1c9bd472b82756db822d0e951363daa25", + "h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=", + "h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=", + "h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=", + "h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=", + "h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=", + "h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=", + "h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=", + "h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=", + "h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=", + "h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=", + "h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=", + "h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=", + "h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=", + "zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0", + "zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01", + "zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2", + "zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61", + "zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad", + "zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5", + "zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9", + "zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8", + "zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de", + "zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5", + "zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a", + "zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331", + "zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3", ] } diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index a941542..ba31337 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -8,7 +8,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.1" + version = "2026.2.0" } } } @@ -37,6 +37,11 @@ resource "authentik_group" "arrs" { is_superuser = false } +resource "authentik_group" "cloud" { + name = "cloud" + is_superuser = false +} + module "gitea" { source = "../modules/authentik-oidc" app_name = "Gitea" @@ -187,17 +192,6 @@ module "jellyfin" { app_access_group_id = authentik_group.arrs.id } -module "tandoor" { - source = "../modules/authentik-oidc" - app_name = "Tandoor" - app_slug = "tandoor" - app_access_group_id = "" - app_url = "https://recipes.roboces.dev" - redirect_uris = [{ matching_mode = "strict", url = "https://recipes.roboces.dev/accounts/oidc/authentik/login/callback/" }] - app_icon = "https://recipes.roboces.dev/static/assets/logo_color_192.c9b9177ff941.png" - client_id = var.tandoor_client_id - client_secret = var.tandoor_client_secret -} module "ganymede" { source = "../modules/authentik-oidc" @@ -221,18 +215,6 @@ module "jellyseerr" { app_access_group_id = authentik_group.arrs.id } -module "pulse" { - source = "../modules/authentik-oidc" - app_name = "Pulse" - app_slug = "pulse" - app_url = "https://pulse.fukurokuju.dev" - client_id = var.pulse_client_id - client_secret = var.pulse_client_secret - app_icon = "https://pulse.fukurokuju.dev/logo.svg" - redirect_uris = [{ matching_mode = "strict", url = "https://pulse.fukurokuju.dev/api/oidc/callback" }] - app_access_group_id = authentik_group.admins.id -} - module "cloud" { source = "../modules/authentik-oidc" app_name = "Cloud" @@ -244,5 +226,5 @@ module "cloud" { redirect_uris = [{ matching_mode = "strict", url = "https://cloud.roboces.dev/api/auth/oidc/callback" }] - app_access_group_id = "" + app_access_group_id = authentik_group.cloud.id } diff --git a/tofu/authentik/sample.env b/tofu/authentik/sample.env index 7230d1f..224c37a 100644 --- a/tofu/authentik/sample.env +++ b/tofu/authentik/sample.env @@ -8,15 +8,9 @@ TF_VAR_portainer_client_id= TF_VAR_portainer_client_secret= TF_VAR_paperless_client_id= TF_VAR_paperless_client_secret= -TF_VAR_sftpgo_client_id= -TF_VAR_sftpgo_client_secret= TF_VAR_rustical_client_id= TF_VAR_rustical_client_secret= -TF_VAR_tandoor_client_id= -TF_VAR_tandoor_client_secret= TF_VAR_ganymede_client_id= TF_VAR_ganymede_client_secret= -TF_VAR_pulse_client_id= -TF_VAR_pulse_client_secret= TF_VAR_oxicloud_client_id=aef61f77326b813cf8d8ba71d1ac994b5642685ca37e4710ab0079e91d87702d55fd9775d473b05aff45603bf08e78dba26850af3a815f3c3ac171d163368aa0 TF_VAR_oxicloud_client_secret=a4038df17c9fd06f86372aeaaae8f3fd1374d8978983af7b398d948ef15d1efe522a1faa2fc7652bc410c516d96cd2e4211dad4e05ba6297bdd8d9090460d5fc diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf index 920d995..028ae95 100644 --- a/tofu/authentik/vars.tf +++ b/tofu/authentik/vars.tf @@ -39,15 +39,6 @@ variable "paperless_client_secret" { type = string } -variable "sftpgo_client_id" { - description = "SFTPGo client ID" - type = string -} - -variable "sftpgo_client_secret" { - description = "SFTPGo client secret" - type = string -} variable "rustical_client_id" { description = "Rustical client ID" @@ -59,15 +50,6 @@ variable "rustical_client_secret" { type = string } -variable "tandoor_client_id" { - description = "Tandoor client ID" - type = string -} - -variable "tandoor_client_secret" { - description = "Tandoor client secret" - type = string -} variable "ganymede_client_id" { description = "Ganymede client ID" @@ -79,16 +61,6 @@ variable "ganymede_client_secret" { type = string } -variable "pulse_client_id" { - description = "Pulse client ID" - type = string -} - -variable "pulse_client_secret" { - description = "Pulse client secret" - type = string -} - variable "oxicloud_client_id" { description = "Oxicloud client ID" type = string diff --git a/tofu/modules/authentik-app/main.tf b/tofu/modules/authentik-app/main.tf index 1b65990..cb0f8fc 100644 --- a/tofu/modules/authentik-app/main.tf +++ b/tofu/modules/authentik-app/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.1" + version = "2026.2.0" } } } diff --git a/tofu/modules/authentik-ldap/.terraform.lock.hcl b/tofu/modules/authentik-ldap/.terraform.lock.hcl index fe7616b..71b1759 100644 --- a/tofu/modules/authentik-ldap/.terraform.lock.hcl +++ b/tofu/modules/authentik-ldap/.terraform.lock.hcl @@ -2,36 +2,34 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2025.12.1" - constraints = "2025.12.1" + version = "2026.2.0" + constraints = "2026.2.0" hashes = [ - "h1:+R2MRgaXvmR1l+nYxYJqMSuvA4VBzfBoh2Er6TnDRPE=", - "h1:1y5I173i8qvxp8GQHBBI/bxkr6YOqY4IqOiJWIUSeeM=", - "h1:XHaltkhuTgyFCCZgpay2orOgc0TyZf0KqrFHNfUgY20=", - "h1:XvFByv5e6fKSlayYaXpFD/JbTYZN1ybujVJJjny1Q18=", - "h1:ZU9d05CLVYBbmdB0IGiG9MueY4/fVo4D6FeyQtbeujA=", - "h1:doHtDOiEIgIUWlUUc9jC7Uqdhj1hsy3etvdYmegcUZM=", - "h1:hUgMx2B40ByfaMA4Al0h7xotp/pZxJJxZZa/HJb6NDc=", - "h1:kG5J46qkCdUWJp/1p8CLifqc7Fy54IDZEjYhpmWcars=", - "h1:lNx+bJr11tPJxpkL5aTdOkGwB41O2Kv8fvKuiMl/LLs=", - "h1:mSOL+FqSLNkWeXopegyK/MoCkMD/VmW9V3PHLaIePjU=", - "h1:oCKzPBsyaD1ENda7qbREG3DYV3Opu09ub+msk3vRCkw=", - "h1:p9AGeRqK50wTHEIp7z7O4MUP83cs+lt7wPajZ9m9TB8=", - "h1:tBoVWDOhByI7cg9TYAAw6LDdMmWLpa2LYwJzzcukdiA=", - "h1:zHQHXKmlGNYBaWLJ9SuXsJ7dbpsvhDJl5pJi+PFU+2w=", - "zh:0e856d3b13614bc32346a236a8e84ba55ecd17238c2008d4b3e71aa8cb49f515", - "zh:2dcc44cd499c18ebbc4f763eff97a7b725763c8ac8fbb5d69c935413ccdc4962", - "zh:434100fc75ec7cd6b64cc9497e8273e79325fa8d285e9fd9d341c1a67421643b", - "zh:483484f66d2e8ce6fa4bfd91e824ceebf07d10acb5df5f366397c55227c4ae91", - "zh:596743a6f1c77a6f103b06ef8d932fe8f2376793b92478853dc84571d17c429f", - "zh:5ed2d5eb7db13229baaf042c725d5c64b58ffdcc641370175e0a88900af94bf1", - "zh:8aecd4cf782c82bee01098f72fe4ffff83707516007b32a01c7fcb19a9260338", - "zh:928c05ecac309287ff7d73ed6e478350fe3003557658ae5dc2be817a4268dba7", - "zh:9b9fd36dfb3e75da8b4478485272505ae9a3c67b10db173e1d2d76cfe2b637b8", - "zh:ab7cd8c61ab67a045854e32f0be1940a92746770dbf3c17bbe923e0259c4f897", - "zh:bb1360ec19a4fc1095d0ef1b7b6c5c3c1a91daac7cd1957d43a4cdbb7356a2e3", - "zh:d2186f4063aa1a547b52a53745d472e43f5343bc1674f2bbb91421c61b0fab50", - "zh:d74bbb67a77951b18ffd7b2863954e70ac03450ad2023cc305c66a5ff25d8d18", - "zh:f5970569ea0a479bbfbf2d452f5962e1c9bd472b82756db822d0e951363daa25", + "h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=", + "h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=", + "h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=", + "h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=", + "h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=", + "h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=", + "h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=", + "h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=", + "h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=", + "h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=", + "h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=", + "h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=", + "h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=", + "zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0", + "zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01", + "zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2", + "zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61", + "zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad", + "zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5", + "zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9", + "zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8", + "zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de", + "zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5", + "zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a", + "zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331", + "zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3", ] } diff --git a/tofu/modules/authentik-ldap/main.tf b/tofu/modules/authentik-ldap/main.tf index b0fc742..76bf980 100644 --- a/tofu/modules/authentik-ldap/main.tf +++ b/tofu/modules/authentik-ldap/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.1" + version = "2026.2.0" } } } diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index aea24f7..6082b7f 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.1" + version = "2026.2.0" } } } diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index 86e4baa..cdb97c5 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.12.1" + version = "2026.2.0" } } }