diff --git a/.forgejo/workflows/deploy-kaniko.yaml b/.forgejo/workflows/deploy-kaniko.yaml index 1c7b1e6..55bb901 100644 --- a/.forgejo/workflows/deploy-kaniko.yaml +++ b/.forgejo/workflows/deploy-kaniko.yaml @@ -13,12 +13,12 @@ jobs: steps: - uses: https://code.forgejo.org/actions/checkout@v4 - name: Kaniko build - uses: aevea/action-kaniko@v0.13.0 + uses: aevea/action-kaniko@v0.14.0 with: image: catalin/fukuops username: kaniko password: ${{ secrets.REGISTRY_PASSWORD }} cache: true registry: git.roboces.dev - tag: nextcloud-30.0.1 + tag: nextcloud-30.0.2 path: docker/nextcloud diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e0ca14b..0f141c8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer diff --git a/docker/forgejo-runner/docker-compose.yml b/docker/forgejo-runner/docker-compose.yml index 5d61fb4..b4a042d 100644 --- a/docker/forgejo-runner/docker-compose.yml +++ b/docker/forgejo-runner/docker-compose.yml @@ -1,6 +1,6 @@ --- x-runner-common: &runner-common - image: code.forgejo.org/forgejo/runner:4.0.1 + image: code.forgejo.org/forgejo/runner:5.0.3 links: - docker-in-docker depends_on: diff --git a/docker/netbird/docker-compose.yml b/docker/netbird/docker-compose.yml index 65f9a64..978662c 100644 --- a/docker/netbird/docker-compose.yml +++ b/docker/netbird/docker-compose.yml @@ -1,7 +1,7 @@ --- services: dashboard: - image: netbirdio/dashboard:v2.7.0 + image: netbirdio/dashboard:v2.7.1 restart: unless-stopped ports: - 8005:80 @@ -23,7 +23,7 @@ services: max-size: "500m" max-file: "2" signal: - image: netbirdio/signal:0.31.0 + image: netbirdio/signal:0.34.1 restart: unless-stopped volumes: - netbird-signal:/var/lib/netbird @@ -35,7 +35,7 @@ services: max-size: "500m" max-file: "2" relay: - image: netbirdio/relay:0.31.0 + image: netbirdio/relay:0.34.1 restart: unless-stopped environment: NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info} @@ -50,7 +50,7 @@ services: max-size: "500m" max-file: "2" management: - image: netbirdio/management:0.31.0 + image: netbirdio/management:0.34.1 restart: unless-stopped depends_on: - dashboard @@ -91,7 +91,7 @@ services: max-file: "2" peer-1: - image: netbirdio/netbird:0.30.3 + image: netbirdio/netbird:0.33.0 restart: unless-stopped volumes: - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird diff --git a/docker/nextcloud/Dockerfile b/docker/nextcloud/Dockerfile index 07aac47..0f52661 100644 --- a/docker/nextcloud/Dockerfile +++ b/docker/nextcloud/Dockerfile @@ -1,4 +1,4 @@ -FROM nextcloud:30.0.2-apache +FROM nextcloud:30.0.4-apache RUN set -ex; \ \ diff --git a/docker/nextcloud/docker-compose.yml b/docker/nextcloud/docker-compose.yml index b85a715..fe7332e 100644 --- a/docker/nextcloud/docker-compose.yml +++ b/docker/nextcloud/docker-compose.yml @@ -14,7 +14,7 @@ services: - nextcloud nextcloud: - image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.1 + image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.3 volumes: - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config @@ -22,6 +22,8 @@ services: - /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps - type: tmpfs target: /tmp:exec + - supervisorlog:/var/log/supervisor:z + - supervisorpid:/var/run/supervisord/:z environment: PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M} NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1} @@ -33,3 +35,6 @@ services: networks: nextcloud: {} +volumes: + supervisorlog: {} + supervisorpid: {} diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml index b3eb597..3b08f63 100644 --- a/docker/paperless/docker-compose.yml +++ b/docker/paperless/docker-compose.yml @@ -14,7 +14,7 @@ services: webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:2.13.4 + image: ghcr.io/paperless-ngx/paperless-ngx:2.13.5 restart: unless-stopped ports: - 8002:8000 diff --git a/docker/vaultwarden/docker-compose.yml b/docker/vaultwarden/docker-compose.yml index 4d5e7e7..c8dadc4 100644 --- a/docker/vaultwarden/docker-compose.yml +++ b/docker/vaultwarden/docker-compose.yml @@ -1,7 +1,7 @@ --- services: vaultwarden: - image: vaultwarden/server:1.32.3-alpine + image: vaultwarden/server:1.32.6-alpine restart: unless-stopped environment: DATABASE_URL: ${DATABASE_URL} diff --git a/k8s/argo-apps/elastic.yaml b/k8s/argo-apps/elastic.yaml index 6eb6dcb..da7b6ae 100644 --- a/k8s/argo-apps/elastic.yaml +++ b/k8s/argo-apps/elastic.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: elasticsearch repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 21.3.22 + targetRevision: 21.4.0 helm: valuesObject: service: diff --git a/k8s/argo-apps/factorio.yaml b/k8s/argo-apps/factorio.yaml index cd69c5f..cd2d97d 100644 --- a/k8s/argo-apps/factorio.yaml +++ b/k8s/argo-apps/factorio.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: factorio-server-charts repoURL: https://sqljames.github.io/factorio-server-charts/ - targetRevision: 2.2.* + targetRevision: 2.5.* helm: valuesObject: rcon: diff --git a/k8s/argo-apps/forgejo.yaml b/k8s/argo-apps/forgejo.yaml index 9565b31..4775e01 100644 --- a/k8s/argo-apps/forgejo.yaml +++ b/k8s/argo-apps/forgejo.yaml @@ -12,7 +12,7 @@ spec: sources: - chart: forgejo repoURL: code.forgejo.org/forgejo-helm - targetRevision: 10.0.2 + targetRevision: 10.1.1 helm: valuesObject: replicaCount: 2 diff --git a/k8s/argo-apps/huesporro.yaml b/k8s/argo-apps/huesporro.yaml new file mode 100644 index 0000000..2a309bc --- /dev/null +++ b/k8s/argo-apps/huesporro.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: huesoporro + namespace: argocd +spec: + destination: + name: '' + namespace: apps-roboces + server: https://kubernetes.default.svc + sources: + - path: charts/huesoporro + repoURL: https://git.roboces.dev/catalin/huesoporro.git + targetRevision: + helm: + valuesObject: + secret: + existingSecretName: huesoporro-secrets + ingress: + enabled: true + hosts: + - host: huesoporro.roboces.dev + paths: + - path: / + pathType: Prefix + tls: [] + persistence: + enabled: true + storageClassName: truenas-nfs-csi + size: 2Gi + accessModes: + - ReadWriteMany + + project: roboces + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/loki.yaml b/k8s/argo-apps/loki.yaml index 0b6ee3f..80bb43f 100644 --- a/k8s/argo-apps/loki.yaml +++ b/k8s/argo-apps/loki.yaml @@ -25,7 +25,7 @@ spec: persistence: type: pvc enabled: true - size: 10Gi + size: 50Gi accessModes: - ReadWriteMany ingress: @@ -109,7 +109,7 @@ spec: persistence: enabled: true storageClass: default - size: 25Gi + size: 50Gi accessModes: - ReadWriteMany - repoURL: https://git.roboces.dev/catalin/fukuops.git diff --git a/k8s/argo-apps/renovate.yaml b/k8s/argo-apps/renovate.yaml index e4ac986..799b01e 100644 --- a/k8s/argo-apps/renovate.yaml +++ b/k8s/argo-apps/renovate.yaml @@ -13,7 +13,7 @@ spec: sources: - chart: renovate repoURL: https://docs.renovatebot.com/helm-charts - targetRevision: 39.2.* + targetRevision: 39.62.* helm: valuesObject: renovate: @@ -21,6 +21,7 @@ spec: cache: enabled: true storageClass: truenas-nfs-csi + storageSize: 100Gi config: | { "platform": "gitea", diff --git a/k8s/argo-apps/sealed-secrets.yaml b/k8s/argo-apps/sealed-secrets.yaml index 7352d5b..d60c2ec 100644 --- a/k8s/argo-apps/sealed-secrets.yaml +++ b/k8s/argo-apps/sealed-secrets.yaml @@ -12,7 +12,7 @@ spec: source: chart: sealed-secrets repoURL: https://bitnami-labs.github.io/sealed-secrets - targetRevision: 2.16.* + targetRevision: 2.17.* helm: releaseName: sealed-secrets valuesObject: diff --git a/k8s/argo-apps/valkey.yaml b/k8s/argo-apps/valkey.yaml index aee06de..0f0d389 100644 --- a/k8s/argo-apps/valkey.yaml +++ b/k8s/argo-apps/valkey.yaml @@ -15,7 +15,7 @@ spec: sources: - chart: valkey-cluster repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 1.0.* + targetRevision: 2.0.* helm: valuesObject: existingSecret: secrets-valkey diff --git a/k8s/services/argo/project-roboces.yaml b/k8s/services/argo/project-roboces.yaml index d71ab0b..6d207ae 100644 --- a/k8s/services/argo/project-roboces.yaml +++ b/k8s/services/argo/project-roboces.yaml @@ -11,3 +11,4 @@ spec: sourceRepos: - https://git.roboces.dev/catalin/fukuops.git - code.forgejo.org/forgejo-helm + - https://git.roboces.dev/catalin/huesoporro.git diff --git a/k8s/services/authentik/sealedsecrets.yaml b/k8s/services/authentik/sealedsecrets.yaml index 0c43932..9aad6a1 100644 --- a/k8s/services/authentik/sealedsecrets.yaml +++ b/k8s/services/authentik/sealedsecrets.yaml @@ -1,20 +1,21 @@ +# yamllint disable rule:line-length --- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: - name: secrets-authentik - namespace: apps-fuku + creationTimestamp: + name: secrets-authentik + namespace: apps-fuku spec: - encryptedData: - email_password: AgCzRWtmiBIj6ZD1muwvJROasd+8ls98/5CWdUcQLN18vgW//QNGJUn2kMweQ/p93NpmCay4mvfvCjZrQeB/9gw2VcrXxLoDO6X3AExtFQUw0zr6nqCfKeYKkhu7OqZJZIsu5pBTYxf1zcRFI/Fp7v/dNLUkNFhaOU33zck3dBbHaxWylnyaTdpGC8NQdN/yGRXc+PXi9GLI+XhhMQzTw443B62eSisTc0MA0vMeqHc/whapwjyQtVKOmA/U2IWrtIrze+xn5Wyfzi6w/XLQt67Kcq4m885jf4su5ymXIPswVEp5I1Aq0WK5hoYhQ+S1ipY31cng3Vsg6TOwizw1BDt7uY1DmshVIm0wk/7g8AVlDyr1aNvnWw+flqR68SLR7xSHv2UxAat1bgs3iUmaKHkWnhK5vuoj0hd+iKmeRGCV1v1DRaRKhOGrCbmSACXm01Iq/yNhBtxiFaz4QqnFpt5MmMQrtRYz18Y44LfOMX0jjJT3+RGH+L9f71V3fTK2uBkuWvF/ExzKJUoJ2XKpnR8xLuqCyBYmt1nPLue+/8lT6JRzWWbyT69PpYvvJ2tU21TQVROs1e+OiYrhEvvIkTx1tgomLInJRn3EZ2U0ycfqWRO49kycPhLKojJ2mL8Uu0K1Q6cxcViK3tv7CAidJ+FqcwfMPR0ivc0obu1u1m8QvPgMXayG2tQs6cEDEQtTu0ugKIpcUftuhNStDWFWi7xYnwvTvfN55l7jf9O4 # yamllint disable rule:line-length - pg_password: AgAr5ZLncvqsmJY518N4lcLWWSOJt4AIlkPlR0B4tFCZvPL8OPET1mulJD7QWAudr6m0XsX/8DO/UM4bpiWZCU+2oizBJf/4Vj5zFzuaZLLcCzZtHxXLugPkyBqTh1NmKDnM0H/vqS3migkPCVKxMVr1PnLLyRJ2fa2v/6R/dXnpl5I5beGnxRIXS0vcBWf4WvbH/iXfNv91cVJBausN8kyKqNWmeBDL4Px3NwB4/wpxRMeW/IYB3kC5DHYNMs7zeJGiJpAwYAiK/Cmuz0MUAR/Zq+UWf6A+QYgLcKrNQ1jUiSTp9vqOpTpvZv+2aaNV3pcZBTM+UagDZFvHQRWUi5QpNMwZ0RC6KQoRK9ccn4gvR0Cvd7/osQAXLFJuC7P90xg9vPRpXL63PDoifBsNZjzsWiw+8YFLgHfks7riN89KfzzVwB6ygtlz7zipR24BM9W8x82sF8Ho4Ig0wrKCjd7oZYBrEtzOe9kpRgdQSq7fLP3xv7Wb29yi5MiEQ3sSYvDZr33X8u+ZQ3+EAsd4iwasntwRDoDo0E2Fn6V9TPYKdOnDzBsMzTNlPEMMldjW7IB6edTutQi0rCKOOq9/uQMz4uFz7pW5Y79ohF+WyA25Cbxbg93Dja/qd/CMn9UJ2XH4cLYoiBvfxG87lUV85dR7qymBbPrZZjnPhhhINEixxRq/uau5b7ceWp7Cy+Wg/rhvQzvaAI+YtHpYqQu0gjib1dkqqhrz+ptpW4q4hbLI/ek= # yamllint disable rule:line-length - pg_username: AgB6a2UHhGQCYyYBgOWoZGWKCqaGMoOO8KGPRkB2LQeHFi9rok2EfaxGm5kfPuf9ItRaAYhyVqo1EV/5foUH2rSwUZpLkC+FiU1U7dNr4rLW4pMmqGJsJxx/JbclrEPP2gYlL2EI1Pq6nksPfxkxTd9wO2qaQAmurnvnsPV5VcBHvbI+6WNJNiK2hsJtuSd1kbA/r2jjeR0eo6PUBm17bgk2/lync4PqwWSjolwoYhZ3cpBFzxJ0sx8cH5DWMZSV8kefexfqmIf/t82gU2g3BQ96FRfZY9QWmB0WFUI+M4i1UcLq0uIPFz+wFeg+eTUdalqh57LA/mtZ8elMAHnjfpLIJm0PCLySl2i+f4QbWwDfvrpXa8bLOcaCFUXqp2xKtJvu/1amzJF9EmEYDcw2NhO484xHlZua18hSyxnTGjUapo5Z3EfKX01CU1JAxNtXKEflkN5OlUPs4ucAAdRVwsa+4Uh6Tp/bBPzr6mUEOkiZWO4V7lolQQzwO+wL+dx6Tl7K5nU8RjzAOvfLimHI1ZTJiurwTUC5LkgKt0mskWOKAEeXon+wKECkhJHO56YXwolFEyxNMuvSxR4+eosqAhx6u8Pr+vTZfnjbSx+80Fw1JBdljCh0F54RrNSSSkJSPeXmPS3Hge7yEbfDsQvbgcCGJRdP7U3OEDvOowFDJdIgs9iBEsrPjaVziYRgp+bllldUZn+w # yamllint disable rule:line-length - redis_password: AgBAr7eZ59BPbu1lNhp63q5MdyyRb+XYkdelg2yoHjHxCJHwK+2H5/C2MCA1JMOp2QHD6Cg0vgdNMPkFktlpFRZCayZGURKVg00ZLW86qeFHamJNUfej7AvBO9mbGuI1x16Rtavt9OhD9pguQr47IIiWyitIVuFwqgKEsPwlqzl4DA2c/VpKi/SI5bJPi60LL2x3GcNLhxeQrbjd7gKgwiMSEQI1SvoQ1oFSpNktlAtXtd8Kd98CGMRYBxqzIfFxZa7ZE1a2dlwD8hB8G7g7slsO42V2TQu4HzCot0jbfaW84lM5pg+DVMNMDv4kumdGYMZpWngGGJM68YwMOT/+TW/gx3Prt4S76RqQNaVMzhQ0+ZRTy2q96esvyLttg916IUfxVfmXNNWK02hUlzJai7QWAfu/oJRN9irTpG+s/c4WmENNgS8rS901bfEqFFi3gIly/KhFzqRL5/upj7vsdcqiutk9B75LFtkh4yAdGUcBMwIgfV71fxrgFBy6tneU4iZPPi72bKyzx1Cf/tsrcTSnpKiQlK+mpuYixjn0f5UrXPYnziZJCvdHd2SpNWjAWh7jPUR+6wdWxxYZ2oQ1JlPKwgWY6s1rIwxzn/XFb49D9SDTNqwUXpy85g4ENPptAy2jiu0kVaTqe474TjAOW2iyOqkM7lNu+94zJ9fCfWTIdupD/BkWEaiZEy0HaaBCLhL11sBBOpsZztQ1685H7KxXXPAMfQ== # yamllint disable rule:line-length - secret_key: AgB1Z4HtyF3JSFHYS1sT0rixvwQQYebZwMWwxYr8Dk0P6rkk9i+2mgVCJ4Rf+eT3o6mPkKGiPlrVsXyPJFHt0/RUblsuH2IelOBZa6SSA7+OpdWBIhP4nmv1ZdyEFQT7Iw5NcjOAlU7Ig+0tHyt+qcBfnOAKH6xjbZIYQeQkkp3T7JC3I4zyidtIzxRx1VGftnYruMI42vrpCBKcSydlcwImdxvlSgdMKI7VE2dgLC6t4dYOVX4R4A8fPO49acq0lx/DqehQrZrW/EaxBK0RnTRcM5S9PFMQUR19Y8swAtJ+Aa0x6Ot6+R6MAQrzCWBhY0NHKPlEDHNBLQ01MOBaKzXiMIjLODjZ5VZOMPl2WfhrCx+MF9GN/zz2WjlutZ7cJpKMVsH+ZjVfeDceNTJ37hpC9CJJ6AstYdYtyOle35Uk1e9V+bw1iwjFHXUv6srDgbqt1tF1cWZQ8+qj4enZjSKojCP3fjcNXwLeQBoGlZU3XHwq+VjZVS1zmcQNQ7f0HWmX59yOicJTXHuJ6PxMpjsvt/0P6X4gXcXwx3GdEJS7GjjmLdt+bdn2yDxVYtt2i5ebdypVR4T++P/gdU/n+MOOzF+RkuRL60snhoh6b+phflZXpdARMVSwZJDrFnxRPih9sj3MoRvPV5eFmuflc2tMIneJqUKSN2xkpSccSTMjJMMrYif7u5k5oaxP3ouL8ZTUnatHUH8BEBnxtXUW4DEz0z9jYLq1QROf0OikoHMff8sId3SqgEbNvYv0BGG6ER05Ig== # yamllint disable rule:line-length - template: - metadata: - creationTimestamp: - name: secrets-authentik - namespace: apps-fuku - type: Opaque + encryptedData: + email_password: AgCzRWtmiBIj6ZD1muwvJROasd+8ls98/5CWdUcQLN18vgW//QNGJUn2kMweQ/p93NpmCay4mvfvCjZrQeB/9gw2VcrXxLoDO6X3AExtFQUw0zr6nqCfKeYKkhu7OqZJZIsu5pBTYxf1zcRFI/Fp7v/dNLUkNFhaOU33zck3dBbHaxWylnyaTdpGC8NQdN/yGRXc+PXi9GLI+XhhMQzTw443B62eSisTc0MA0vMeqHc/whapwjyQtVKOmA/U2IWrtIrze+xn5Wyfzi6w/XLQt67Kcq4m885jf4su5ymXIPswVEp5I1Aq0WK5hoYhQ+S1ipY31cng3Vsg6TOwizw1BDt7uY1DmshVIm0wk/7g8AVlDyr1aNvnWw+flqR68SLR7xSHv2UxAat1bgs3iUmaKHkWnhK5vuoj0hd+iKmeRGCV1v1DRaRKhOGrCbmSACXm01Iq/yNhBtxiFaz4QqnFpt5MmMQrtRYz18Y44LfOMX0jjJT3+RGH+L9f71V3fTK2uBkuWvF/ExzKJUoJ2XKpnR8xLuqCyBYmt1nPLue+/8lT6JRzWWbyT69PpYvvJ2tU21TQVROs1e+OiYrhEvvIkTx1tgomLInJRn3EZ2U0ycfqWRO49kycPhLKojJ2mL8Uu0K1Q6cxcViK3tv7CAidJ+FqcwfMPR0ivc0obu1u1m8QvPgMXayG2tQs6cEDEQtTu0ugKIpcUftuhNStDWFWi7xYnwvTvfN55l7jf9O4 # yamllint disable rule:line-length + pg_password: AgAr5ZLncvqsmJY518N4lcLWWSOJt4AIlkPlR0B4tFCZvPL8OPET1mulJD7QWAudr6m0XsX/8DO/UM4bpiWZCU+2oizBJf/4Vj5zFzuaZLLcCzZtHxXLugPkyBqTh1NmKDnM0H/vqS3migkPCVKxMVr1PnLLyRJ2fa2v/6R/dXnpl5I5beGnxRIXS0vcBWf4WvbH/iXfNv91cVJBausN8kyKqNWmeBDL4Px3NwB4/wpxRMeW/IYB3kC5DHYNMs7zeJGiJpAwYAiK/Cmuz0MUAR/Zq+UWf6A+QYgLcKrNQ1jUiSTp9vqOpTpvZv+2aaNV3pcZBTM+UagDZFvHQRWUi5QpNMwZ0RC6KQoRK9ccn4gvR0Cvd7/osQAXLFJuC7P90xg9vPRpXL63PDoifBsNZjzsWiw+8YFLgHfks7riN89KfzzVwB6ygtlz7zipR24BM9W8x82sF8Ho4Ig0wrKCjd7oZYBrEtzOe9kpRgdQSq7fLP3xv7Wb29yi5MiEQ3sSYvDZr33X8u+ZQ3+EAsd4iwasntwRDoDo0E2Fn6V9TPYKdOnDzBsMzTNlPEMMldjW7IB6edTutQi0rCKOOq9/uQMz4uFz7pW5Y79ohF+WyA25Cbxbg93Dja/qd/CMn9UJ2XH4cLYoiBvfxG87lUV85dR7qymBbPrZZjnPhhhINEixxRq/uau5b7ceWp7Cy+Wg/rhvQzvaAI+YtHpYqQu0gjib1dkqqhrz+ptpW4q4hbLI/ek= # yamllint disable rule:line-length + pg_username: AgB6a2UHhGQCYyYBgOWoZGWKCqaGMoOO8KGPRkB2LQeHFi9rok2EfaxGm5kfPuf9ItRaAYhyVqo1EV/5foUH2rSwUZpLkC+FiU1U7dNr4rLW4pMmqGJsJxx/JbclrEPP2gYlL2EI1Pq6nksPfxkxTd9wO2qaQAmurnvnsPV5VcBHvbI+6WNJNiK2hsJtuSd1kbA/r2jjeR0eo6PUBm17bgk2/lync4PqwWSjolwoYhZ3cpBFzxJ0sx8cH5DWMZSV8kefexfqmIf/t82gU2g3BQ96FRfZY9QWmB0WFUI+M4i1UcLq0uIPFz+wFeg+eTUdalqh57LA/mtZ8elMAHnjfpLIJm0PCLySl2i+f4QbWwDfvrpXa8bLOcaCFUXqp2xKtJvu/1amzJF9EmEYDcw2NhO484xHlZua18hSyxnTGjUapo5Z3EfKX01CU1JAxNtXKEflkN5OlUPs4ucAAdRVwsa+4Uh6Tp/bBPzr6mUEOkiZWO4V7lolQQzwO+wL+dx6Tl7K5nU8RjzAOvfLimHI1ZTJiurwTUC5LkgKt0mskWOKAEeXon+wKECkhJHO56YXwolFEyxNMuvSxR4+eosqAhx6u8Pr+vTZfnjbSx+80Fw1JBdljCh0F54RrNSSSkJSPeXmPS3Hge7yEbfDsQvbgcCGJRdP7U3OEDvOowFDJdIgs9iBEsrPjaVziYRgp+bllldUZn+w # yamllint disable rule:line-length + redis_password: AgBAr7eZ59BPbu1lNhp63q5MdyyRb+XYkdelg2yoHjHxCJHwK+2H5/C2MCA1JMOp2QHD6Cg0vgdNMPkFktlpFRZCayZGURKVg00ZLW86qeFHamJNUfej7AvBO9mbGuI1x16Rtavt9OhD9pguQr47IIiWyitIVuFwqgKEsPwlqzl4DA2c/VpKi/SI5bJPi60LL2x3GcNLhxeQrbjd7gKgwiMSEQI1SvoQ1oFSpNktlAtXtd8Kd98CGMRYBxqzIfFxZa7ZE1a2dlwD8hB8G7g7slsO42V2TQu4HzCot0jbfaW84lM5pg+DVMNMDv4kumdGYMZpWngGGJM68YwMOT/+TW/gx3Prt4S76RqQNaVMzhQ0+ZRTy2q96esvyLttg916IUfxVfmXNNWK02hUlzJai7QWAfu/oJRN9irTpG+s/c4WmENNgS8rS901bfEqFFi3gIly/KhFzqRL5/upj7vsdcqiutk9B75LFtkh4yAdGUcBMwIgfV71fxrgFBy6tneU4iZPPi72bKyzx1Cf/tsrcTSnpKiQlK+mpuYixjn0f5UrXPYnziZJCvdHd2SpNWjAWh7jPUR+6wdWxxYZ2oQ1JlPKwgWY6s1rIwxzn/XFb49D9SDTNqwUXpy85g4ENPptAy2jiu0kVaTqe474TjAOW2iyOqkM7lNu+94zJ9fCfWTIdupD/BkWEaiZEy0HaaBCLhL11sBBOpsZztQ1685H7KxXXPAMfQ== # yamllint disable rule:line-length + secret_key: AgB1Z4HtyF3JSFHYS1sT0rixvwQQYebZwMWwxYr8Dk0P6rkk9i+2mgVCJ4Rf+eT3o6mPkKGiPlrVsXyPJFHt0/RUblsuH2IelOBZa6SSA7+OpdWBIhP4nmv1ZdyEFQT7Iw5NcjOAlU7Ig+0tHyt+qcBfnOAKH6xjbZIYQeQkkp3T7JC3I4zyidtIzxRx1VGftnYruMI42vrpCBKcSydlcwImdxvlSgdMKI7VE2dgLC6t4dYOVX4R4A8fPO49acq0lx/DqehQrZrW/EaxBK0RnTRcM5S9PFMQUR19Y8swAtJ+Aa0x6Ot6+R6MAQrzCWBhY0NHKPlEDHNBLQ01MOBaKzXiMIjLODjZ5VZOMPl2WfhrCx+MF9GN/zz2WjlutZ7cJpKMVsH+ZjVfeDceNTJ37hpC9CJJ6AstYdYtyOle35Uk1e9V+bw1iwjFHXUv6srDgbqt1tF1cWZQ8+qj4enZjSKojCP3fjcNXwLeQBoGlZU3XHwq+VjZVS1zmcQNQ7f0HWmX59yOicJTXHuJ6PxMpjsvt/0P6X4gXcXwx3GdEJS7GjjmLdt+bdn2yDxVYtt2i5ebdypVR4T++P/gdU/n+MOOzF+RkuRL60snhoh6b+phflZXpdARMVSwZJDrFnxRPih9sj3MoRvPV5eFmuflc2tMIneJqUKSN2xkpSccSTMjJMMrYif7u5k5oaxP3ouL8ZTUnatHUH8BEBnxtXUW4DEz0z9jYLq1QROf0OikoHMff8sId3SqgEbNvYv0BGG6ER05Ig== # yamllint disable rule:line-length + template: + metadata: + creationTimestamp: + name: secrets-authentik + namespace: apps-fuku + type: Opaque diff --git a/k8s/services/huesporro/sealedsecrets.yaml b/k8s/services/huesporro/sealedsecrets.yaml new file mode 100644 index 0000000..d2cc76b --- /dev/null +++ b/k8s/services/huesporro/sealedsecrets.yaml @@ -0,0 +1,18 @@ +# yamllint disable rule:line-length +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: huesoporro-secrets + namespace: apps-roboces +spec: + encryptedData: + ALLOWED_USERS: AgCThb+vfIlX3Oz8NIkZHL7xap+1jSXYnLb98ML1Eujdu1d/3vT+fySF8kVqaSgERkTQEkA/MArAZyNdTotzMXUfPc7SQECjF3bwFVIC6rc0pzXex+tH7TPh8E28YTVEU+PLWVuHMv+wcgIVZRbLivLWKOVjgF7wNzpof9nHSVaRPyUbhXxWxAOsLYzuDtSl9qNaxwOXW/JUSRW9+E8Y1a9EncOURymXlQET2MXxSTqGGFs11C43hcLz3O3XzWQjTtaetB2/Yz4twAf1xMsUni38FwFIoKH1EdvBEZ6crsf1jHWkCcdg4MdaR4hqb04MPdUXRlwnkabAZawfQFHADnBPBtGsJIIBhX480uIe9NJXHWucbUE5LiAUWe8jFk7qkw0LP1zalrQFfXlmm/CHDRmxR6HNP0Btj6YIRbfOPbyH68sb0l6K/ZTopE6p+vPod3ufLeSPRlEWjycKJKDCwW0ePJX5wM4KfvTJkh2w8ABfYpCGit3r+2LwNC5NXdUxdupWMy2HghKUXi0bE0c4PsHrJA0AMI3ZsffUmrVOoKc7Ra7PE+toThZuAESNXMaZVBNGX5qxTiEDsI4eW5TCW0g64Y5PNhibhh+x/vMST8hUV7pQpxBxJztOPO6CR//TDyrE6RZRbAXYbDGr9j/TfVHHw5GN0aFe+4PgnO00i9x2xgSZ+MSX3h1BaJN1/PdEwbPtpztwm+Uxo8deKsg6Nhn51JrlYhPGTRQ= + SERVER_HOSTNAME: AgBPtW6Ha47fdOo1NQdObb/c54tknT09eH/IeQ1GAjlq48/QR/tr379hyPU6FAbg/4y/wCVx5meAf5ledouolmr2ysMBDI8UsMn0TVL/bKuJbV/DsL1gqXne+wpCS0YUKAc3UQFbXDYW3Re2/Kvl9KiFEo4k/YaJP0wcsNzoP2yt7idniI0VHo9pUxu47Q/OHnWJ3D253zlvvJeXbfd2evn+6O1biCGYEY2igbctRZbOqC2BHTkLTjk3NzUoXvqajGVh3OXhVVCv9HmHXs4jLN+YYfYpJJ2ivenUUmKvKwHGFfNut+ujQUBYoXL9y0YE5Dif1gIp1FK3cjWYM9YnKqeAH3YOZqbNkwhqPXSv9A39/s6i3AC9w0zHl6p249YF16OJ1GoB+jZQEXNwam9f3PynNww7B9HU+2cSguoWw3Ml52l3Sd11qNh/7tizULVh9kNBAnntk37Xrw8pndsQjkG0M4t1fjmRbt/SRPJ1ySP9wl8we7o5xDV8xxdz7XyY/AAHbXHZUjzVxSvcZD9ZbTiQ4TVeThuHiUasF7oX4HLmice3fUtj1psTN3/pAoBStr9C4Z1zT7CbP24l1NTfPsAGR5mtqH7kQ+a1cQotGuzwAHGcr0rvTMqkSyFLSE7rcg20inR6uPy+ov9M9uDpUIKz8x1gQiTd+gfKimy4zMuivGeI6Z7Pif7+tf8dw09468pnukbsuumRGiTEECitxCeqkMwI2xmOQJOLWZtWgns= + TWITCH_CLIENT_ID: AgA82LJp3RATRd9yplQ0vwLWkjFy5K/SKTeIsyudl5K/HLvN+D8W+qxOXLf4oX1BC982uufEGWEQS7E+/PsTnPHYufnWFoY3Z/BDxPMN+AyAn7opTi0ZCKpncJeg0QJ0eMU4zmjgcUvjwBdKYOMSDNZ4KgnTeEdahokKYz/EzCJnaUf9zx+PYf01u5AMEPJEnVzexH84exbnIaZupKZWsM8Wku8/N4zH1H/m0Ij09G0hvlAmCTYQpGqYuga2tJ9XuMhpTQpTjhWEtdsl7l+FtoSn3cMUl6PXnHTXb9XqjFgMxcP7zS9usBs0XM4QEXphxWKD2EcGcjKFKAwLzRRfIVECdKo7EBBA0mFhiLXdLXKB9qU+8d12WKoit7rmmHYpatFJKF/PPptiynkRo9IuS1OkWiAh6EC0ptioLq2qvDFlHYhncQemyEtO70ZNkn7oZ5QpuLY87Zl/MiIgcwaCOE+x940SysfY4Hq8U2fuBtXa0u9v1o8Jf9Lh3dcXgjy/YvdK1bqqD+wRAMHvHsz2oIGgb55HUZ7XhSzKd4dhlQ3HTWDq4hygRYs1RNhKDX+RVsCipd5RstHLRv+UXQJEtajmxiGZQ90mBcQP5e0AJmAmCqi7xQWioEx+7hEj9AbEJUkdGRckWJkdNoeT02BmKq/+uz/GrWfTCbq0VBaLCiCzRUJXWPm3TfqztigxDQbjS9x9HoCbqsJJKL8a5ubM3odrUhonTKuwkKBFPriReM0= + template: + metadata: + creationTimestamp: null + name: huesoporro-secrets + namespace: apps-roboces diff --git a/k8s/services/miniflux/deployment.yaml b/k8s/services/miniflux/deployment.yaml index c2e8186..31752ee 100644 --- a/k8s/services/miniflux/deployment.yaml +++ b/k8s/services/miniflux/deployment.yaml @@ -28,7 +28,7 @@ spec: spec: containers: - name: miniflux - image: miniflux/miniflux:2.2.2 + image: miniflux/miniflux:2.2.3 imagePullPolicy: Always securityContext: allowPrivilegeEscalation: false diff --git a/k8s/services/miniflux/sealedsecrets.yaml b/k8s/services/miniflux/sealedsecrets.yaml index 98eb419..130b427 100644 --- a/k8s/services/miniflux/sealedsecrets.yaml +++ b/k8s/services/miniflux/sealedsecrets.yaml @@ -1,19 +1,20 @@ +# yamllint disable rule:line-length --- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: - name: miniflux - namespace: apps-roboces + creationTimestamp: null + name: miniflux + namespace: apps-roboces spec: - encryptedData: - ADMIN_PASSWORD: AgAEV8w3iDaOhxZJWo1XmUab9No/T5g6ci92Py75+4ijVfgRCTpHsXT7pRBGWrHzfprfvMKUCNn3rxJ7PbUZBRevLtSFXHXP35s1f2uNk++a3M0bddzeNM3a8Co92hAUczO7tSoe2eJXNZUMDedc20sKmjZnELUfitzaV0YVhWnyCBM68d4pLtBbrJud2SMAW1zQGaAenoM/OdNo4jswObLnqp13rF3JLy2HXJ/vFJ/t7z46re3Y8BY0cs1Ct/l+zCvv27lrylRvLeRyI+3XM5Vs7tOQPLchwP5nJZEMN9EBwZ6KuY1IntBsKSvS+RHdDuuZgx4L6Dv0d17MgkDw/dF1vkgpULQZDxWdj6VaS0paS9pFPTzfyuO4ifp6A0Y81NpbqP5X9II8jLnUk6bdha39VMbRy4nuI7kmMFWIXaFggkTC+UiMS3V1GOhefx8BEUwjDdiXaVGPxsjeMse91AfunJEWo/6HsvrgS5pZ8xO02hb8745UyLCJa3OMSAUBrfKYG7yhJ6OuDVKhw7q7TpavLXMkPdLsWgso3reEtkG5wc4LRKtfVwA32UjJadhv1D96q4bGZ+T8xfnmuECJiCINrlsS6bd79D9fyhhzAf/usuEl7f4B8q1hVxQRw5E/WvxSMXl31A2ugggwenkS6MKv5ZkQHC2VzfPdtIcAfabsDdthCbwlHPBMmU7coQ00TBDW90LL8eKpkiWp9YlQ1w== # yamllint disable rule:line-length - ADMIN_USERNAME: AgCh0p8Mff/oP++z2Y0cCe7yKeL9+vyklylTLyRKxjluCAcpuIyzqwpCdmWmN1LvCd8hn68UbeKXRSGt8WC0W/AzQ2PzPNpQ0kQCUhFB4N2Mv/UOxT7meXSO+byYYyCR5AyJ3xL5DqVrHXlzbugxkNLcROI5YUwSnKgX4vWrBO4Emklp7YVYDIut3spueE9HiZ8aN/5iV+Cxsw4b3D229rHWqi8NWzWie7xeAU/IScm8B/tbyLYC/EstRKhcThMDiyd8pm5jM/5ubJgAm1P5n0Q1XGYrAtiOnRTDqzGGPGJ7skMDGlYii0z0U3Nb1US7/4Sen0uHXyHIgn8JptQTxAqACE8eFMw0A9Nm+8Ms1ZsxmhnCMQx3bljk0hB9IXBrTQ5rO35+fRVahsTS3aIW1WK1b+2EbHEk5djWheWEml8X6pC41dNH887dc0xB/1pRNlw5mD9z/SRjQRB+rAYPrCzW/GDI43xnGxrgWN6bEiPH+CorqVj8ahIRUffDcI7ZCve6EuXcyeTMGeo5rTg9s7my2KWQCzoXUAJFaNBTbzxhXtr3Rx+l1YtR4zRXcPJQxReu1hMcPhJhJY2rP3M8nUgUZoJY1SbK9tRNWJqurcV4nhyd/w5t67cv+M1uxOTtllsJv5Wg4OMiZAZrKzAgtxJIrM2G/lXTatk02YmFiAYbCEsm/r0IQ8pov4hsJI5ebZyoCWOOgA== # yamllint disable rule:line-length - DATABASE_URL: AgCbCyCwXzkW/6gd4XWo+/xyentimc1ERwBXyutbdwW6zT5Z9HqljwGC9u2I3wScAmE1X9IiBvQU2n6+ESqAHtlXpnIJBWEs9muppSR3BhIEhaLtfHCpX7DqxWYPKg0gdWtKK7wbizjRWffHmg1cO/xavjefseAMpvgWS6zaQu5GTXPC0jXgSpiD7kNrge5Fk5wHcJqilj8oTKgHqbAZfhkTMDzqhbxJ49VsI+ItfdGG/dPRXuDvJ9YAeD1/2vHjUBSffcSdAFf/Zgn/XI/YLOyw/zVrPRtm3Plyti0/9yPvHbh9K30uvAlf2H4+mwZkpiDKxrId1/VU1suHu3N7pB8CrmlgXsowJr95juzoF8lTvGSrg7kE4mQaIhE3hAQ5B3OiWnoaN9uHa0Htb4GhjTrsdWVwMxHfsRFVdSwWtITzm3miMuWbQfQ1SGZEI3TU0lexc8UYzbQBHCY5GgU92GTmEQAl84jLMeo+wyVYBIDdTL0sHmFZfv/omiW0lzScZChaKEkJGxRBsju3XG5f7MqLrohWg5uBm+riApEu46a4DGZUV3nNJZPdwnZbProvPTjb0VvAz7jfAFiznxVouS2+CKEH7/FMxkBKDnwagxfd7KAr0gE/RxmuFSq+G9nNoaBTWoEc2V3ViNUCrSlRW8yf19Ow0vP+MfHLWkZ09QjDRLKdxBZpOrda/mxrxFSeqYmK+XA6/uZAigdX3O0Rr8RHYNPLjDCfce37gquD04269Fk2goLS4xEzhiODpADMWFRxPFzw5KDLICXZL3BTEiHNhdYiEOEm53uz7aIG # yamllint disable rule:line-length - OAUTH2_CLIENT_ID: AgDOU++RfwYBBQ5zgbO0jbw3TkAzpUGRQmnk4f4pvqdgK+uiHOrjAEmgFUU4PRQ8Q/A0lZcYMP1XY0VRNGnIuqUqLv+xDBQY8+hwRD6lPI/eyw3mLSbWVzHyDm7szv4C1kxmls2hK4Y+T8sIjmquiekDgt9tGVeOO+jo6uVyU8TE80zKoxSUrk++WrviMVXkErtb7VVzJpRDVgU0xns0Ou/xg2t9P5BqzsrubvIrfVhDA7enNSXhsn6ZtjsNweZePGI9CXwTDNlMgqXi67H1Mrz6MwoMXXSRZSv8oRXDn/w8dD7D3DpJ/ZpUQN9WJBShTsqqIk2p8HJJvYUunbPyVaHZ6yCsUI/Lt8Y3kbfJPMjqjIRX9xMu28DstEUqvcCKxdBDghosVyf1v216VO+LMWiwuvF/n6UcCk9arTtejoxdkPz9txyS1Yyv7rqYd6wNEkXgBKmcqflQUQbblglfFgSJc//tQQ7+24LK86RsnO/aElsWu7hOi6TosZao+i3kJ18MYYd+jewJ31gTtlQs4jp3CIgFi1N7RVrp8zOerfe4GO8PdMWJ+CERyyfFtAAD5TSmY0n7F+663RP+GXacHTbhDv7QCqX9LGltq4Z1IcMXbSwqRiW+C1ShQkaaNnWarZQuNmFuihgUE0vCYIm8WiEIJe320X7sdUlQtQ6d/vFFSupgcZqwJLqb5xOagHNRlYcDEg2A9y2TnAIgFzSg4+6UdgMzYxrTgUnuUOz6eLJdbxRuQRsbS3a8 # yamllint disable rule:line-length - OAUTH2_CLIENT_SECRET: AgDJ8ClfSTL0vIoD19KLN7sJsslEnZivGvnzNo2fuTmKGYz1Z5e0YZfLwK40reJM+d9ECCrzCeGqQQe/0mxzmzdaciH6p0bLd0/7pLLfnuvy/ObGCrPtIXRojKPu0aGGvJwMs2f5wm24qE5jW2IT08vnNF25NFSYyDxUcefg3zpsfu/Ff3MZtjn9oaDsCxPLTfzGz3NXbHIqVi1b3Er5B/wFLqib28AIwoXwTHepdmJ0+8YcbP1GKuwADNdHre1LDgEMFcgF0AuhlMUEVEKJtrKczdF59HOg2lwPQaHcZEVy1F1hgqBCbQSkI4pVfZ99pmpHRnn9PytNd+3tktdpu9So3TlR+GM8BON/2utlYdDagPBlctdJ+7mwG+PsptG/RSWw6cUqHvTIJp7wcMWT/vqyPsHeXoZy4x9TpLad6EQQHU969+fZN/Sz6d/vpjaqbbkqLACJ/e1PVBHBot/D3y/sCDovebSnJ8+SMsvhrc1kjOZhs5oFcipHxwObSyyJ8sah+Rbz+MgbWNBZ6uuPPEay5T/V12lrT4WfGoMnc1fWe9WDSMXt/GiFCvFhHBJfhcVjaKQ4OZT+TSo4E+guU7B1YvbY6+A7zwke2bdBoSluV10DTo87pp2tCY+x4AKsP1WVIubXa/ck91WsDM44WPYsaZ/F+FkD8P/gFk3eJmGQQx5qOmgzSNldwWtuj74H3TprXId+J22a/La4Qrz0JE/S6Arkfh88UiMCmF0ATb2zwuEYam4FKyKa3iiNMvo/WzEZwIlsCSE3tB2KvnC4Gf6rYO2Ef72fu7jNov8w1Ctu4rgcAk3IrUw3awoT7V3KANOnPMUu+Xp+tVNIXxJv1aAvY+HgR8XQ/h0uFMi556kkgQ== # yamllint disable rule:line-length - template: - metadata: - creationTimestamp: - name: miniflux - namespace: apps-roboces + encryptedData: + ADMIN_PASSWORD: AgAHylzGx3pyxBBLQapB3nmKVbbT7TJ2l2mpX/GOOQnSLySjBQF+ji1ZSjjgW9a/eq6OSfvqDB0pyFIWD51hC7gwXFSH07dwWgguI0yDATg7RgTagvvebi1GFrmkOPC++C/+QbVfxsj7S7SvhhHcjv1K3IQjiAlNof/pD7J9fe59H53fh62eegC55VMI++AXS1iEFxLMq7gQ9+pgapW5a4tR2WhdkGKdTaLCG5OKpzAzoodixyP/fYBDmd8OvpXnG9lv+0tohFlRrYD0Vgl/PR8yobPYoi0Oo5CqOK59zELOjsepZfziw9OB6NaOmxN6QWYAmFNXVBrWDfuvMCG4SHARbfaNhIX9VVvlr7XUi0ZIzGYyWVgI4ZcsvfQjB11RznZzSPyv5Sos4UR7UCL9aU+p/OnTcyGrbQ/JsX3ZjGaaJCtpScfD9xNzQVnnaAizVNt2sBIqNG1TOzd2rVZKkl5B2QsNZ4mpyFNAeqx3IlXK+y+m61Zzoa1V0kN507bmSVg0rAspw/045hf6GtpHNQtFn5BBnoI54qn5CrntkfQzM3YJp+OaEywg3ekktmhGfMZorJYtg77YaYFXKmvgkc08WtVFQFISXzGXcWUqxloE47DlQkgITgTEXnBryIrwS6mGOiuMVv12eEwYl1QTjAuqYYerZq2QAObbw8xCkGkfN/oksfrivsmE2KLCIrLr7HxisprBi9vLjEQ7mRDFXg== + ADMIN_USERNAME: AgBJw0U5eXLX6Tvgm2If6axOPgFxiV58OM+Xt3c4XwVwYDuvNJw+ccOcwy97d1oYgE9t6bmSLIPLDv2oUN+GOzQ/danayN4tC/778qeWBjKA/ffwX8hHSmDPLtU/nwhm4+lZj+doWrom6MrI0A4oNlqNtxulK0neN+PFDK9X0Hn7FkZtOMnKC42KW8H80oXLdPcRB8u3ZM5WgcXaRm/vPiCsTPAXHywNMcIWnsjH3SaX5Aoc0VjB82tfQ62M3hM9tngoOcrIuRlolLQVFmLD/4qNQYQOs7cXy9BWB2GcIyVPiS3WJ4L9UETDYqSeiZVbrFS/C6RVHIP6TTrS+0XhIX/8DuY8vV3qt5wN4iwC+nq8qvI7LpogDl1sGhjHJp9hAvGzYpYLAXTTxVTAh2rgqw6TAWpGABOzFghUwhN0/RRJdSqkxENO8p6LZOvDia5zTQARu1061kyy4+6ownTw8DvIcnEaSCqvmJZbsUHIG9UnQlrUUpSMEdsr4NDOrh2hroGTYtXsl/iQ1yFBqNbtSQqUTsca1Hiny9TQjGjwyluZ6StoighZH3jbelubv3yHghN6PgZaLt94hnDN78eBxhB9XQ03rcdbm8WTZIOQ8k3RGcVgY5oGBqTGOq2IFZm8zTO0Ze9+jnFhGM2zuFGK6rv8RHbXhAautoQxpd+jdeTEpGRTQgG/7ebEe7WFchlNcNoCsm0OCA== + DATABASE_URL: AgCc0sAAV+6T9PuImOkcKWBcyNUYsNXuoS2G2ex3AUAXdLmNXwo03vFDyvLRZNFskpF1M8hHEo1W3o9PKXyPb6Ba8RiWTicQOSgQlJhpG6c4iDvX9ZuIe62V8tQUBbpNkXDXCJ35mEmQgLWl5WccindGJI1eIEkVcAnpFwO7vPpGGNCYi7rIvu92961nssYcGKrZ5UNxvsYdsmG3mWdUNq00klqi39p9QQZOc+vslsZn8R3i+Qe2g4jzBpv2Rn7EAcZawLruo1lAl6UhTGAMWosm2t/Kmd5JX0+q3dsUQ3V6n1tC855UolztEt24Q5lfudkKqAK9RaKPsC7qnRC7LuYHv0WmP66uCcI1Uc72IIxrDTvGI5F63Psk4JJd0xgie9bMd2qFAtr0N9o4RNShUk3igghl1SexGmwvWxsCadegQOVv7/6Pm3SgH5K0UxNuBDa3MLwlLmshBtEQcMDBbboWS8AdRzI2I6hf3I5AiFRCz7Fux+VDEQVziCFGXjGAq5jADmqR4tkto1Lx5sYvI//NS5ZQzrwa5tOxlpb89WUs3IxN2b+m8Vc2GI6FPkoVjRUxYZuyUIPTJqCrVistyVSGu0281ojb9+r6fc7wPiHjZngZ6E3wL5xXQb+k0cpBX8bYPr3wPNY6/mx61kyDBXjZ8+CrdKw71nVHQSYDpv8vlFsVd1fOd40S8D9XkTP3P/5LQpdMQxAkCF/qLjeBhZX+jGwMEIdedxc8t09R+JLev4ehnjNoxFTFLlckvYrX6P5Lp6hXE5jCylahNr/K1rFmxqF7RrGOoF26GiuO + OAUTH2_CLIENT_ID: AgBuTfIdxdW96TnjQor2KtH5/wDJfvWXJ9wSln1wUW7fzBaZ2tLoPxvOUv8NyyFWPYC/J7AeShOwJHJIT4iCLqBPT7qY+MiM8xn4k2yz0mfNia0CUNrs+0eHfUrYdAjVJah+NAO2TvBhXSmGYQ3nNDU3TQOqXj3x+PWpc0w5ulz+4V62Oc/gO+KAcK2Pn2ISD7IzkVYW+H6allQXzG/b23SQVYB49g9bgWuJIzVRlIE+91uI+CyFQE03guS1Jpya8J04UkZI8ki8O7cz9N6ak6OG73toZUQpcP3d6bMIt/NRa/qTEOp1bLf6ZQ0e7+gVgI+73WUVg2NhkMraHzeMfHRa8bD2/BQ/bk45r0U0eyntXjYv9bkE7l954QPPVjJ59zlGzQfD0QMB3U8OiCdqUiyfyojulWNhwzuipwFX8HfLvSnkrIFNo/zeHJzUasha9UJY+NorzOnXvXWHN2aLN5Tr0Rh5Wk3//PzbYd9UlPSBDxLVw86Fg0SfHkhngMatSkfzLeYHwDSl8pSQI39uMJKVUOpflkeZVbWX8knjr4D+S16zhnqk6K37PDDV9hb6Sp7luAgFesBIn+gtwTpfwT0CDtotm6yNfHOnLvLOMlFn35N1ic5HghFW8h5mkJTgoAMkmU9Yehb9RjrEVAUbabR8RhchO9cqVyakAp9/4/Nb6pG09O2XIBMrKS5bdqEwuObM4ygFSz16ByzQ8dekGEQECej+o95bI1qNxO3Yaslh06Z2NKV1DUJ7 + OAUTH2_CLIENT_SECRET: AgCJgI3M7DDvNspsDLZ6CeXxYtPLs3WabskA5Tp9d4vNYUk5XvLbYUhzkxcdtWsG1dgazH+RrvgGgCZFVOw2cgb2EEkt+zxB10ihN7HwHtOGDMZDJFOLGso2VJvbKu4yntBTv/1w86gtz0n3CilhvAcEAD1UrmVrTwfJTF7DmCHVEEPCOLal/lF9rSMwFrhdLTUVp+eSEZ3kC+F8WQR69nk7JmWjEXeamJ+HzahLm2Bp2D9GtxaF37TjV0pXqgyybIpSfdabVGwcik3bT12lf+6gmEPDKvFoq2eUB7esIuSH+RCHy1M1Rk7EO81Ku3ELoSJPzd1JRuTn1jFY8DzOOQmUU6yFbZUdTWpECImnI+OwZYg82rPqG5Gy3xmKv+5h1SkejQwJ/olqG9M4BlG2DlTS2t9GAW7Z6Q7O4oglMpUmG3v8fZUblJT7HhyJv+K2FqZHuYjo64we+14qEnV0LvFdHhEoHrbKi7b7qwDYshHycZs+DcF9HiqkK1NMFjszY9W85uH1Trtx3yTEUC3t6yMacef1OTL8SMr7AQMlo4jo6QRzggGJw2EGIZqiAXAbpiiQyPfjoZ4A1jQlemwAd25SRfnGu7ZvGt/LOKZ/sBfMWhk3Eshw9ffvW2TQKA4oODb+6o6MiRVhL5UkqNxMLIt9IV7o7EnBsW7xQHgZUq9qq+Mqb2mvB2NVYC0skyQtHE7SU4nCOeSiIsmt4Y5jwjsGyHbAxJzp3H+cjcefZOf6Rb+iweNB5rtYBhQsTlPA6lZ9GPe04wRwMtyyv/sEh6LbDPvRyuIK5sLAApPZKBEmgqahri2/BNdARf54vHDkba3qlB2cgCxjJJdT1XuuPUn6+W7vE1gYrKP5TXBi/YZ2Qg== + template: + metadata: + creationTimestamp: null + name: miniflux + namespace: apps-roboces diff --git a/tofu/adguard/.terraform.lock.hcl b/tofu/adguard/.terraform.lock.hcl index 017db15..d94ca9d 100644 --- a/tofu/adguard/.terraform.lock.hcl +++ b/tofu/adguard/.terraform.lock.hcl @@ -2,22 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/gmichels/adguard" { - version = "1.3.0" - constraints = "1.3.0" + version = "1.4.0" + constraints = "1.4.0" hashes = [ - "h1:+kitlELoKeLVC9t6mLquBJf0iVjDtNPEZ9E6D9ByCbg=", - "h1:2J/Vvy1uHwaVfw0APj29Rct6atlhuHP4xHP6Rxcg2qk=", - "h1:53NXRzyBRKMBHJ1Jpwq9Z60chU4WF7AQC0JDKaySmh4=", - "h1:AqXkQD59ZBVeMoXIBtupdQQFRi3qNT5xsxGyzpZqB/c=", - "h1:D7ND3404y/Sp1qYh54napcpc540e6cZJp+uPyipiy9k=", - "h1:I/hVvoQ6a1Vra0ZZVoBBTuw/rxVW90bWZ3NzkoAqlXI=", - "h1:KrIbkttxLCXwJxq30Sjli4e3vKikDm3vRDDoWAr5J18=", - "h1:PFyxS0FrIJx/k4Cn7KM2aURGw8X86vl8iIwckrIghS8=", - "h1:PbakbdrEybp0gIAQhOZz4usql6qI0Im4AeofqNUrdrw=", - "h1:SIJNG/l86XOcu8HCrhoIUJYOPDVQl8NqikxgKPWu2aE=", - "h1:Vm9hJwPA9QxCwtB4jO7qCNVCj9d2RxIfoLf2GwU5CQw=", - "h1:oQb14Gnxd7ZI14HPuznFHfoF1ifi8JQ31AiRC7lADoo=", - "h1:vZvG2CrexiAksLReglbQDlI2lBe3w3G+AGYkQYP6cXw=", - "h1:zmOKKRKiB7x58zE2Lc08X918w4SMwIbg30JwcZYOD9s=", + "h1:/NpX9VX/L4xPE5qx/de9r38xvrcFJxB48XIVfRiq0yg=", + "h1:1/LC6CIN9PHj9gTTvqjRPvIFGlbDbCvXRMhWF6kfvgU=", + "h1:4Yv6QI3orVI7fU4iZKzqmFtyYN/DN0j5NTJsS7/K4r0=", + "h1:5EBWBER5TRFj5Vb5y8OkDE+hSJ1iuZ1lceo+OAnZKuQ=", + "h1:DLsv6YqzCIlcMA+YhIo5Gxfo5o7QDWFn9NB+sKlorVg=", + "h1:HIbqz848ofdi04Dlz1k/CRaBWaqmF1dsaXdNjCyphXA=", + "h1:a2r7wc/oGql7+2quCbWqoBx57PZKtSGNPKkpl0+JWr0=", + "h1:cf5lU4YXkmpySSGglX/CHDhnR02wcTgGJb2c+WeN4nY=", + "h1:e81XUcdFOCQKbYbc2y+l39wwUfA42BYGKHUw9/d7NDY=", + "h1:oZYgq+xjda87taDKv4XagO1hn7R+P7TH6ZntPSZj5mE=", + "h1:pypMW60X3dpQdUMfae+KXcYCN5Vie9k/G4uyN6uOdmg=", + "h1:twF2ZS5jY8SjcOtscBRCNTJkQKRlApwf+zW6iuolK7E=", + "h1:uok3K7NT+u+dFI3SmWrE4mkp3bJQMOrgrPi9pEh6aGc=", + "h1:v6z/PpjIlYpmfPP2cyvmGkUBT45tvmcvn4t7FmQTaGw=", + "zh:09ff041cc89c5c9b0d7e5c1cb207ffae2722b56acce8c8a6b4af710a8cbe25f1", + "zh:0a80d6c1416161c3dfb47ed0339502f74257ff79b4da7a1b7975698c1647ae2e", + "zh:17d8b9e3f454bd8e60a78203e1ae73e0008392e62a7a236e6479901437ae2a59", + "zh:53d7a01cd32f10f8509cf9b94b12b50e996f9b97a16d88c041a49dd1fa2db413", + "zh:55e2381e81795e7d1c9008f41d74a36ff8f2d85ed24f4867be1e3c8c81e38b40", + "zh:5af316c6cfccda7a704d8a20c66844d959c67eb21a966aa37c2fd1afda2dcae8", + "zh:5dac8d83ff4c8d68f143c352ff08fbf7565e99c76c33fd52da5ec2ffded581fa", + "zh:5effc9e9790ab096ea98fb81305312b808e860bb8c5436e21b8c3d77c679c854", + "zh:656c928eca94b1f18757e29f8979abf2d82a72b98b1859730ac0f1a2770edb6d", + "zh:696c12188f57799f496209e4f111254f7ab7ad98a125da2ede3bd6ea91946276", + "zh:c05ff47fd63990c4214267366ebbe51b9d7ce3a6e3bc2048aa52c813ed223b45", + "zh:ceb2b239fd57fe3b26bad9d62a245f39886b0ce6b2c3e245bdae84ea81ecc89b", + "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", + "zh:fa44ebb16cdd72ffa0c360a1df6312f57eeae1cd1c5a09fe73c017fa31ae3b48", + "zh:fa9b822858c851b1ca769e2053228f442e699498e9af274c8546424da4b79717", ] } diff --git a/tofu/adguard/main.tf b/tofu/adguard/main.tf index d8f8f22..a659cf3 100644 --- a/tofu/adguard/main.tf +++ b/tofu/adguard/main.tf @@ -9,7 +9,7 @@ terraform { required_providers { adguard = { source = "gmichels/adguard" - version = "1.3.0" + version = "1.4.0" } } } diff --git a/tofu/authentik/.terraform.lock.hcl b/tofu/authentik/.terraform.lock.hcl index 8e89a1a..fc45e2c 100644 --- a/tofu/authentik/.terraform.lock.hcl +++ b/tofu/authentik/.terraform.lock.hcl @@ -2,36 +2,23 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2024.10.0" - constraints = "2024.10.0" + version = "2024.10.2" + constraints = "2024.10.2" hashes = [ - "h1:77gvw55XkrmQhkU2oTQ0ZklyYiiASRBGeHwkNZSjoKA=", - "h1:7bK5erXZurSqE0kB7hdPw84neEZVaWGHe29g6UxnSog=", - "h1:AOCizcvQhcy1PnnP8epdtnB4TJWUU0qfmQV3dEaexLA=", - "h1:APn0CY837SrNL6lwzWPcqYZw+HezxwG4tRwbBJsubNk=", - "h1:FP2tuqZULFL1AVogOOR3C4EKLWeKox4g8lBKbjkQICY=", - "h1:JOpx6j4oo7vt49F1tB78zYs6DVXCFCt7/PW8FEiNVN4=", - "h1:MPyY7zw4obErJfdAXONRQv1UpE2Sg0VghQY6QgzYNYg=", - "h1:OTiDtXbBX/1GeLwjKtjRdYGKE/dvXPAWHJ5c83IIzus=", - "h1:RIEaU9cIFpE/ldxiDQXrKcwAcCgalV5uhn13ZW0AYOM=", - "h1:RxOL3LqYRcR5K4/fyAgYoj6cdDC0iqmYtPVc+ry6TbU=", - "h1:g6K0VqPAJJLNk/poUrcMLQqRsdp9FDnYFOmeu8ES+Ko=", - "h1:j4xktfH9LCWf084FHi1WLW60g4JmCPu/hnEJ5vv3bwY=", - "h1:oY+BEgwN4F/iWZDWUCsxSUc1C/OrgOiGxLKr+Frmzrw=", - "h1:tvdejhRCu6pz8i4+r6S6UzpdJvqCRjMgC9EnAYgQknE=", - "zh:0963745d1add67a8d1cf39d24eb57a92c9690b3a40dfa93e8c0a867ffedb0d30", - "zh:3cd24784cd0095bf2e3220c4a88493fcbac6da0c7ed9b38d510d6dfb46516a9e", - "zh:485ca7c00ce91f0a7bd02d0c56fa42e5f578feed4a45ba230f1f29eabdde6817", - "zh:4dc7a309e3d6d200eb9d8f2779581882dc33b02d1c7cdf05fd3b788dd20f6446", - "zh:6518e6dfef428272326f6e384113d1a3b12fad0ed74cf2b203348f83f917d726", - "zh:6ba235ad94663718fbc556efbd70f63c62a1c33d3b9f01203105c3a6d1c9b996", - "zh:7655ecb8793f18ac07c6de153028acc9f991cb6239e6dc72a47dd18db0b44854", - "zh:86c739997af49ff1a4ec3d792af362e4ed6b28b11606117ef70b2019420e9f15", - "zh:94e8582824377f704458ed38b0116055fac0a31e2b4ae961d215c3dc1ac7420c", - "zh:989b69d8b004ebad6004c2d4d5345f056b1b23315b6017884f5fd859645c79e1", - "zh:d8946c1c56864b78533c4e4f88d62765ba6ce75c196812e3224a61686914be29", - "zh:de9b2bf9944e743e1d56763b257abbc9450d8752d94ff5e8520a44549594e815", - "zh:e109fddbe90f44ccd16593246fcf2be81ae7966bdeabb39ddd52e541f762af0a", - "zh:e91aba428fc341577e7d7b2ea1bbb01706ada575a98b51e10b9765275084b702", + "h1:qjDOLb8+12kZHSM3VsItQCsZYJhDMD4bNKSZi15HQ28=", + "zh:06c6c9bb2716052fefc1013ed1a77a12159d5625fe43857700c282e80e2fbba1", + "zh:121e45b3d3675df24e2c1bb107e2ed15fc9f1ec8b602b9bdaebec71481addf0c", + "zh:2aec74c8df3e3eb56fb09edcb1c7f43c91f932b2ef2327aa855ba0819f11169e", + "zh:4f2bf009f43293a24cc8941d4bbab340a53f569a9331aa615a7934f500a64290", + "zh:64b150655b47c60e6ae72a2ee754f5019b2baabd4dc292a6b2b960b3a206e218", + "zh:78bf3fd7cbac489d23a620743e5af5b85b31fc548433cf86f0861878b68f2666", + "zh:7ce7a02671056d476d17652d780ee2bd309ce34eb77746719b7b277ca66b7c58", + "zh:84fdb911186918cbba86c1390ce18a4423f0d748216f2d9c8421801b34b41f16", + "zh:95db38fb110302707cd70471f5cb2bf361ed6d5987f7b6fe5f3c5855f9dc9b64", + "zh:9c24dbf6512637bb1d4201a901dddef0210b440ad8b02717ca1167b75afa6882", + "zh:a83bc8bfe87e44c788c3c974e764c7bfb1c5fb982f427a5b928c50e55b48dea6", + "zh:b5a4d5d1f2f0e8d65ad29a23bfd72d0d4e3e06e9bacea9463a10e67137833409", + "zh:d1e08a662ab7c80373bc13446c9b316a671fcddec6aeffef7ab3649d1bbfb76b", + "zh:e1c50a791f2d53f7b464ab122f92062547d5a4ad71297f5e7f0375453cd2034f", ] } diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index 246f494..c9008b5 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -8,7 +8,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2024.10.0" + version = "2024.10.2" } } } @@ -17,6 +17,7 @@ data "authentik_user" "catalin" { username = "catalin" } + resource "authentik_group" "ci" { name = "ci" users = [data.authentik_user.catalin.id] @@ -32,20 +33,9 @@ resource "authentik_group" "vpn" { is_superuser = false } - -module "firezone" { - source = "../modules/authentik-oidc" - app_name = "Firezone" - app_slug = "firezone" - client_id = var.firezone_client_id - client_secret = var.firezone_client_secret - app_access_group_id = authentik_group.admins.id - redirect_uris = ["https://fz.fukurokuju.dev/auth/oidc/authentik/callback/"] - app_icon = "https://www.firezone.dev/icon.svg" - app_description = "VPN" - app_publisher = "Firezone" - app_url = "https://fz.fukurokuju.dev" - sub_mode = "hashed_user_id" +resource "authentik_group" "ftp" { + name = "ftp" + is_superuser = false } module "gitea" { @@ -55,7 +45,7 @@ module "gitea" { client_id = var.gitea_client_id client_secret = var.gitea_client_secret app_access_group_id = "" - redirect_uris = ["https://git.roboces.dev/user/oauth2/authentik/callback"] + redirect_uris = [{ matching_mode = "strict", url = "https://git.roboces.dev/user/oauth2/authentik/callback" }] app_icon = "https://git.roboces.dev/assets/img/logo.svg" app_description = "Beyond coding. We forge." app_publisher = "Forgejo" @@ -70,12 +60,21 @@ module "miniflux" { client_id = var.miniflux_client_id client_secret = var.miniflux_client_secret app_access_group_id = "" - redirect_uris = ["https://feeds.roboces.dev/oauth2/oidc/callback", "https://feeds.fuku/oauth2/oidc/callback"] - app_icon = "https://miniflux.app/favicon.ico" - app_description = "RSS aggregator" - app_publisher = "Miniflux" - app_url = "https://feeds.roboces.dev" - sub_mode = "hashed_user_id" + redirect_uris = [ + { + matching_mode = "strict", + url = "https://feeds.roboces.dev/oauth2/oidc/callback" + }, + { + matching_mode = "strict", + url = "https://feeds.fuku/oauth2/oidc/callback" + } + ] + app_icon = "https://miniflux.app/favicon.ico" + app_description = "RSS aggregator" + app_publisher = "Miniflux" + app_url = "https://feeds.roboces.dev" + sub_mode = "hashed_user_id" } module "portainer" { @@ -86,7 +85,10 @@ module "portainer" { client_secret = var.portainer_client_secret app_access_group_id = authentik_group.admins.id redirect_uris = [ - "https://containers.fukurokuju.dev/" + { + matching_mode = "strict", + url = "https://containers.fukurokuju.dev/" + } ] app_icon = "https://www.portainer.io/hubfs/crane-icon.svg" app_description = "Kubernetes and Docker container Management Software" @@ -102,11 +104,13 @@ module "paperless" { client_id = var.paperless_client_id client_secret = var.paperless_client_secret app_access_group_id = "" - redirect_uris = ["https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/"] - app_icon = "https://paperless.roboces.dev/favicon.ico" - app_description = "Document manager" - app_publisher = "Paperless" - app_url = "https://paperless.roboces.dev" + redirect_uris = [ + { matching_mode = "strict", url = "https://paperless.roboces.dev/accounts/oidc/authentik/login/callback/" } + ] + app_icon = "https://paperless.roboces.dev/favicon.ico" + app_description = "Document manager" + app_publisher = "Paperless" + app_url = "https://paperless.roboces.dev" } module "sonarr" { @@ -142,6 +146,30 @@ module "lidarr" { app_icon = "https://lidarr.audio/img/background/logo.png" } +module "sftpgo" { + source = "../modules/authentik-oidc" + app_name = "SFTPGo" + app_slug = "SFTPGo" + client_id = var.sftpgo_client_id + client_secret = var.sftpgo_client_secret + client_type = "confidential" + app_access_group_id = authentik_group.ftp.id + redirect_uris = [ + { + matching_mode = "regex", + url = "https://ftp.fukurokuju.dev/.*" + } + ] + extra_property_mappings = [ + + ] + app_icon = "https://ftp.fukurokuju.dev/static/img/logo.png" + access_token_validity = "days=10" + app_url = "https://ftp.fukurokuju.dev" + app_description = "SFTPGo" + sub_mode = "user_username" +} + module "netbird" { source = "../modules/authentik-oidc" app_name = "netbird" @@ -151,13 +179,24 @@ module "netbird" { client_type = "public" app_access_group_id = authentik_group.vpn.id redirect_uris = [ - "https://vpn.fukurokuju.dev", - "https://vpn.fukurokuju.dev.*", - "http://localhost:53000" + { + matching_mode = "strict", + url = "https://vpn.fukurokuju.dev", + }, + { + matching_mode = "regex", + url = "https://vpn.fukurokuju.dev.*", + }, + { + matching_mode = "strict", + url = "http://localhost:53000" + }, + ] sub_mode = "user_id" extra_property_mappings = [ "goauthentik.io/providers/oauth2/scope-authentik_api" ] - app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" + app_icon = "https://vpn.fukurokuju.dev/apple-icon.png" + access_token_validity = "days=10" } diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf index c0f227e..50cba45 100644 --- a/tofu/authentik/vars.tf +++ b/tofu/authentik/vars.tf @@ -1,12 +1,3 @@ -variable "firezone_client_id" { - description = "Client ID" - type = string -} - -variable "firezone_client_secret" { - description = "Client secret" - type = string -} variable "gitea_client_id" { description = "Client ID" @@ -52,7 +43,18 @@ variable "netbird_client_id" { description = "Netbird client ID" type = string } + variable "netbird_client_secret" { description = "Netbird client secret" type = string } + +variable "sftpgo_client_id" { + description = "SFTPGo client ID" + type = string +} + +variable "sftpgo_client_secret" { + description = "SFTPGo client secret" + type = string +} diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index 8fa7348..7ba7af3 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -3,12 +3,12 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2024.10.0" + version = "2024.10.2" } } } -data "authentik_flow" "default-authorization-flow" { +data "authentik_flow" "default-authorization-implicit-flow" { slug = "default-provider-authorization-implicit-consent" } @@ -26,20 +26,25 @@ data "authentik_property_mapping_provider_scope" "default-scopes" { ], var.extra_property_mappings) } +data "authentik_flow" "default-provider-invalidation-flow" { + slug = "default-provider-invalidation-flow " +} resource "authentik_provider_oauth2" "provider_oidc" { - name = var.app_name - client_id = var.client_id - client_secret = var.client_secret - client_type = var.client_type - authorization_flow = data.authentik_flow.default-authorization-flow.id - authentication_flow = data.authentik_flow.default-authentication-flow.id - redirect_uris = var.redirect_uris - property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids - sub_mode = var.sub_mode - signing_key = var.oidc_signing_key - access_code_validity = var.access_code_validity - access_token_validity = var.access_token_validity + name = var.app_name + client_id = var.client_id + client_secret = var.client_secret + client_type = var.client_type + authorization_flow = data.authentik_flow.default-authorization-implicit-flow.id + authentication_flow = data.authentik_flow.default-authentication-flow.id + allowed_redirect_uris = var.redirect_uris + property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids + sub_mode = var.sub_mode + signing_key = var.oidc_signing_key + access_code_validity = var.access_code_validity + access_token_validity = var.access_token_validity + refresh_token_validity = var.refresh_token_validity + invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id } diff --git a/tofu/modules/authentik-oidc/vars.tf b/tofu/modules/authentik-oidc/vars.tf index 56796af..3430106 100644 --- a/tofu/modules/authentik-oidc/vars.tf +++ b/tofu/modules/authentik-oidc/vars.tf @@ -35,7 +35,7 @@ variable "app_access_group_id" { variable "redirect_uris" { description = "List of URIs allowed to redirect to" - type = list(string) + type = list(map(string)) } variable "sub_mode" { @@ -90,6 +90,11 @@ variable "access_token_validity" { default = "minutes=10" } +variable "refresh_token_validity" { + type = string + default = "days=30" +} + variable "extra_property_mappings" { type = list(string) default = [] diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index 6e3951c..3f8b728 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2024.10.0" + version = "2024.10.2" } } } @@ -16,6 +16,9 @@ data "authentik_flow" "default-authentication-flow" { slug = "default-authentication-flow" } +data "authentik_flow" "default-provider-invalidation-flow" { + slug = "default-provider-invalidation-flow " +} resource "authentik_provider_proxy" "provider_proxy" { authorization_flow = data.authentik_flow.default-authorization-flow.id @@ -24,6 +27,7 @@ resource "authentik_provider_proxy" "provider_proxy" { internal_host = var.internal_host name = var.app_name internal_host_ssl_validation = var.internal_host_ssl_validation + invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id }