diff --git a/docker/netbird/docker-compose.yml b/docker/netbird/docker-compose.yml index 3f0f306..eb7319d 100644 --- a/docker/netbird/docker-compose.yml +++ b/docker/netbird/docker-compose.yml @@ -91,7 +91,7 @@ services: max-file: "2" peer-1: - image: netbirdio/netbird:0.62.2 + image: netbirdio/netbird:0.62.1 restart: unless-stopped volumes: - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird diff --git a/docker/paperless/docker-compose.yml b/docker/paperless/docker-compose.yml index e1f79a8..58acc07 100644 --- a/docker/paperless/docker-compose.yml +++ b/docker/paperless/docker-compose.yml @@ -14,7 +14,7 @@ services: webserver: - image: ghcr.io/paperless-ngx/paperless-ngx:2.20.3 + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.0 restart: unless-stopped ports: - 8002:8000 diff --git a/k8s/argo-apps/dcsi.yaml b/k8s/argo-apps/dcsi.yaml index 9c9e48d..13a5a3c 100644 --- a/k8s/argo-apps/dcsi.yaml +++ b/k8s/argo-apps/dcsi.yaml @@ -2,39 +2,29 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: democratic-csi - namespace: argocd + name: democratic-csi + namespace: argocd spec: - destination: - name: '' - namespace: democratic-csi - server: https://kubernetes.default.svc - sources: - - chart: democratic-csi - repoURL: https://democratic-csi.github.io/charts/ - targetRevision: 0.15.* - helm: - releaseName: zfs-nfs - valuesObject: - node: - driver: - image: - tag: next - controller: - driver: - image: - tag: next - csiDriver: - name: org.dcsi.nfs - driver: - image: - tag: next - existingConfigSecret: secrets-dcsi - config: - driver: freenas-api-nfs - - repoURL: https://git.roboces.dev/catalin/fukuops.git - path: k8s/services/dcsi - targetRevision: main - project: management - syncPolicy: - automated: {} + destination: + name: '' + namespace: democratic-csi + server: https://kubernetes.default.svc + sources: + - chart: democratic-csi + repoURL: https://democratic-csi.github.io/charts/ + targetRevision: 0.15.* + helm: + releaseName: zfs-nfs + valuesObject: + csiDriver: + name: org.dcsi.nfs + driver: + existingConfigSecret: secrets-dcsi + config: + driver: freenas-api-nfs + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/dcsi + targetRevision: main + project: management + syncPolicy: + automated: {} diff --git a/tofu/authentik/.terraform.lock.hcl b/tofu/authentik/.terraform.lock.hcl index de2d5a9..ce22035 100644 --- a/tofu/authentik/.terraform.lock.hcl +++ b/tofu/authentik/.terraform.lock.hcl @@ -2,23 +2,36 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/goauthentik/authentik" { - version = "2025.10.1" - constraints = "2025.10.1" + version = "2025.10.0" + constraints = "2025.10.0" hashes = [ - "h1:X0bV1LqI7nu4np+xiGP8yLVfyl6rh/XNXz7QQ7Hsr6g=", - "zh:02ac2478c8901043a0455b8b6b8185e9814786bd802a9aa6d4126d4f56d4735d", - "zh:24d680732a9ea72a86c1e7bf4aa13ab9cc0c60ee4bd4cae8af43670eff88edd9", - "zh:4f415f177671eeea2234eb835479bbb710e811e60864cec6a00ee0e03a412fa3", - "zh:55498caa20504dd52a1870823e15dec6c78948eac2e6ec98e6ec122b5407630b", - "zh:570f9ca7f909bda94b97feab7898ef392e01ae6178d8a9d36aac984d8a433ec1", - "zh:92ac78b97e2d5310ed82233980f941ebecf69ae1f9d03f3e719d8687aa6f4cc7", - "zh:95f852a4e7d22daac86901ebc6b327d5987832b707ad3fd3aeff6c36dd088717", - "zh:98c8659f468a58a9d224b2fca9d5909d39bcabf9e2593e9b4a574dbffb6e2dca", - "zh:a7d1428ec803ae794ebb05d772fa44020827a6b762a5b2da11869fc618ea59cd", - "zh:b1ef054b09fed4282c625a38a4aa6d1276c58e541f4cffcc716aa7d2b773f30a", - "zh:b95e3edeb0da3ee0c0392afa18957cf7d41b2f71ed08a50f4bf38010aaf77d30", - "zh:c3ce9f57889e6bb33f34ee4cc4463a77652b811351bbb25e6fc5ba9dc0c61e14", - "zh:f6d2fe811ad5c242ced99a6b51b2d7f60f060d4bc6837fe1026c2abb7cb6f9a4", - "zh:f78b8e20e7d9f53e1622051c706369a7c6d0f1e37c16df67a214697cd5d0a4fb", + "h1:8nN6b5dEGbJJ5ajovedkO//QP4NrWU5GfrenIHAEyz0=", + "h1:EZlTiEEZ0a6AvlLuTKAIyhBI4m4poYUX4QW0wyHfIaw=", + "h1:ElpISil/0po3r4pb9KK7/pBCSLxL18a6IDHDSMFdmS0=", + "h1:F7+3L6JmVEG+PMizB9SuifxbznkZD3462LQpFMOW0M0=", + "h1:L1sFZI0qKeBpUUCMgQkuRge196DsrHaTUJKJWKm0V2w=", + "h1:OQgVyUOOLTGyosEpVHzE37h+91nHN5n9lKHt6nAOZyU=", + "h1:Ph1j1Flr4kXMZKCRlP4Hn0asAz1Yfpk+hf5t6aeF4mc=", + "h1:RjitcUcx/3QKUgs74q3ypbf7KQpg8BoNELW6sE4ONqk=", + "h1:Vw7hY7KdCtQ3hf00uCekrzdDgBJ2EnPXUAnj3ybLXPQ=", + "h1:fDQcyzUJqHb4qXOyze/Te0Fd3dVMdBcLQ+e2xOtsqbM=", + "h1:jKOzsHSorUnub0L+Lq+tPPhHmeKoaiPS8orF9zZf/i0=", + "h1:kXF4EEV9uzXzshloPfJQQzPbs0YVgjUu5aD+Fj040U0=", + "h1:pvMaS6PASVHMJxArSG1pAzS5Micb1fMcLz7MF7bO138=", + "h1:s3wkHrHE8Q/Dj+PIkvuPviLTUcK6h7aoAArrBKNJ8PE=", + "zh:0103a533f474db36223d8dbf2abc80f8d76a162b2e3042a2203f0d426f2c8e16", + "zh:03302f83cd5784435ef22864a936b88293284bfdc091ff2fd0cc18a40e97bb55", + "zh:0730ca92f8bc778dba52425d05c5dceb9ae57660797f88132c06a0bf8a4f4f55", + "zh:63ace720564b3549d482f0bc68b1f4596a1682faeef5fe4d40163abccda90ceb", + "zh:8c4acdc358b1f5b1c13192af81bba552c6ad98debd341d836f4adf1fb85610a8", + "zh:8f101bae1ab303b5e1b91ceb62d11386091a24c2bbd99bca4662bc88f127a8c4", + "zh:a683c5338f16d20a1432fbc093c35db388ec7ef9f657d7478e3a04fc72722ad7", + "zh:a99fcbaf234cb161c8d7018f62946178810c7645436229d05913ff432094734d", + "zh:aa7fc7a3e05e96522507a86ec50b53473ff3e917f56fb2fc7418070fe29f1abc", + "zh:bc3b9f7cce5f5fd4116700411c5f3d14c48a9b56115268094882d949b811e53a", + "zh:cba03e3c31ee1e83fcc25511a34ca5f7132e0bbb41f3edc7c7dc113edd5938db", + "zh:d1f168e7a87a3f74d9932b88daa367242d1e9a2ed1b7b9eaf44fcfcfc190305f", + "zh:eb5af50c8e13980da4830c5f23fa7d911ae07740b37cf9d6c5895da95374e940", + "zh:f9db4dbb47b257123bb70b770714552d873f9c8e2e8017c1de227757c8dfb074", ] } diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index 7b27b0c..5b58c64 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -8,7 +8,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.10.1" + version = "2025.10.0" } } } @@ -240,11 +240,12 @@ module "rustical" { app_access_group_id = "" } -module "jellyfin" { - source = "../modules/authentik-ldap" - app_name = "Jellyfin" - app_slug = "jellyfin" - base_dn = "DC=ldap,DC=fukurokuju,DC=dev" - name = "jellyfin" - app_access_group_id = authentik_group.arrs.id +module "mediamanager" { + source = "../modules/authentik-oidc" + app_name = "mediamanager" + app_slug = "mediamanager" + client_id = var.mediamanager_client_id + client_secret = var.mediamanager_client_secret + redirect_uris = [{ matching_mode = "strict", url = "https://mediamanager.roboces.dev/api/v1/auth/oauth/callback" }] + app_access_group_id = authentik_group.mediamanager.id } diff --git a/tofu/authentik/sample.env b/tofu/authentik/sample.env index a784c41..f7ff6ea 100644 --- a/tofu/authentik/sample.env +++ b/tofu/authentik/sample.env @@ -13,3 +13,5 @@ TF_VAR_sftpgo_client_secret= TF_VAR_netbird_client_id= TF_VAR_rustical_client_id= TF_VAR_rustical_client_secret= +TF_VAR_mediamanager_client_id= +TF_VAR_mediamanager_client_secret= diff --git a/tofu/modules/authentik-ldap/.terraform.lock.hcl b/tofu/modules/authentik-ldap/.terraform.lock.hcl deleted file mode 100644 index de2d5a9..0000000 --- a/tofu/modules/authentik-ldap/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/goauthentik/authentik" { - version = "2025.10.1" - constraints = "2025.10.1" - hashes = [ - "h1:X0bV1LqI7nu4np+xiGP8yLVfyl6rh/XNXz7QQ7Hsr6g=", - "zh:02ac2478c8901043a0455b8b6b8185e9814786bd802a9aa6d4126d4f56d4735d", - "zh:24d680732a9ea72a86c1e7bf4aa13ab9cc0c60ee4bd4cae8af43670eff88edd9", - "zh:4f415f177671eeea2234eb835479bbb710e811e60864cec6a00ee0e03a412fa3", - "zh:55498caa20504dd52a1870823e15dec6c78948eac2e6ec98e6ec122b5407630b", - "zh:570f9ca7f909bda94b97feab7898ef392e01ae6178d8a9d36aac984d8a433ec1", - "zh:92ac78b97e2d5310ed82233980f941ebecf69ae1f9d03f3e719d8687aa6f4cc7", - "zh:95f852a4e7d22daac86901ebc6b327d5987832b707ad3fd3aeff6c36dd088717", - "zh:98c8659f468a58a9d224b2fca9d5909d39bcabf9e2593e9b4a574dbffb6e2dca", - "zh:a7d1428ec803ae794ebb05d772fa44020827a6b762a5b2da11869fc618ea59cd", - "zh:b1ef054b09fed4282c625a38a4aa6d1276c58e541f4cffcc716aa7d2b773f30a", - "zh:b95e3edeb0da3ee0c0392afa18957cf7d41b2f71ed08a50f4bf38010aaf77d30", - "zh:c3ce9f57889e6bb33f34ee4cc4463a77652b811351bbb25e6fc5ba9dc0c61e14", - "zh:f6d2fe811ad5c242ced99a6b51b2d7f60f060d4bc6837fe1026c2abb7cb6f9a4", - "zh:f78b8e20e7d9f53e1622051c706369a7c6d0f1e37c16df67a214697cd5d0a4fb", - ] -} diff --git a/tofu/modules/authentik-ldap/main.tf b/tofu/modules/authentik-ldap/main.tf deleted file mode 100644 index 19cf5a6..0000000 --- a/tofu/modules/authentik-ldap/main.tf +++ /dev/null @@ -1,45 +0,0 @@ -terraform { - required_version = ">= 1.6" - required_providers { - authentik = { - source = "goauthentik/authentik" - version = "2025.10.1" - } - } -} - - -data "authentik_flow" "default-authentication-flow" { - slug = "default-authentication-flow" -} - -data "authentik_flow" "default-invalidation-flow" { - slug = "default-invalidation-flow" -} - - -resource "authentik_provider_ldap" "provider_ldap" { - base_dn = var.base_dn - bind_flow = data.authentik_flow.default-authentication-flow.id - name = var.name - unbind_flow = data.authentik_flow.default-invalidation-flow.id -} - - -resource "authentik_application" "app" { - name = var.app_name - slug = var.app_slug - protocol_provider = authentik_provider_ldap.provider_ldap.id - open_in_new_tab = var.open_in_new_tab - meta_icon = var.app_icon - meta_description = var.app_description - meta_publisher = var.app_publisher - meta_launch_url = var.app_url -} - -resource "authentik_policy_binding" "app_access" { - target = authentik_application.app.uuid - group = var.app_access_group_id - order = 0 - count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists -} diff --git a/tofu/modules/authentik-ldap/vars.tf b/tofu/modules/authentik-ldap/vars.tf deleted file mode 100644 index 3d44d35..0000000 --- a/tofu/modules/authentik-ldap/vars.tf +++ /dev/null @@ -1,52 +0,0 @@ -variable "app_name" { - description = "App name" - type = string -} - -variable "app_slug" { - description = "App slug, a human-readable URL identifier, e.g.: Google -> google" - type = string -} - - -variable "app_access_group_id" { - description = "ID of a group which will have access to the app" - type = string -} - - -variable "open_in_new_tab" { - type = bool - description = "Open apps in a new tab" - default = true -} - -variable "app_icon" { - type = string - default = "" -} - -variable "app_description" { - type = string - default = "" -} - -variable "app_publisher" { - type = string - default = "" -} -variable "app_url" { - type = string - default = "" -} - - -variable "base_dn" { - type = string - description = "Base DN" -} - -variable "name" { - type = string - description = "Name" -} diff --git a/tofu/modules/authentik-oidc/main.tf b/tofu/modules/authentik-oidc/main.tf index d78086a..beb4b02 100644 --- a/tofu/modules/authentik-oidc/main.tf +++ b/tofu/modules/authentik-oidc/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.10.1" + version = "2025.10.0" } } } diff --git a/tofu/modules/authentik-proxy/main.tf b/tofu/modules/authentik-proxy/main.tf index 49179aa..0d9c6f0 100644 --- a/tofu/modules/authentik-proxy/main.tf +++ b/tofu/modules/authentik-proxy/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { authentik = { source = "goauthentik/authentik" - version = "2025.10.1" + version = "2025.10.0" } } }