Compare commits
19 commits
e62785c68a
...
55ecfb71d0
| Author | SHA1 | Date | |
|---|---|---|---|
| 55ecfb71d0 | |||
| b144f9a03a | |||
| c07ddb4c86 | |||
| c5a6d64a8b | |||
| 9f00f56733 | |||
| 00d8d0adec | |||
| 2713604383 | |||
| a390412f56 | |||
| f41e6349ef | |||
| 970bc7e125 | |||
|
a0ff217915 |
|||
| 4b095e9fd3 | |||
|
aa05c20e2d |
|||
|
7a4f608d2e |
|||
|
1ce70d911f |
|||
| b61b882081 | |||
| 79c399ad0c | |||
| 1b1dc44b5b | |||
| 0706f4e637 |
28 changed files with 502 additions and 97 deletions
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
x-runner-common: &runner-common
|
||||
image: code.forgejo.org/forgejo/runner:11.3.1
|
||||
image: code.forgejo.org/forgejo/runner:12.6.3
|
||||
links:
|
||||
- docker-in-docker
|
||||
depends_on:
|
||||
|
|
|
|||
48
docker/ganymede/docker-compose.yml
Normal file
48
docker/ganymede/docker-compose.yml
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
services:
|
||||
ganymede:
|
||||
container_name: ganymede
|
||||
image: ghcr.io/zibbp/ganymede:4.11.5
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DEBUG: ${GANYMEDE_DEBUG:-false}
|
||||
TZ: ${GANYMEDE_TZ:-Europe/Madrid}
|
||||
VIDEOS_DIR: ${GANYMEDE_VIDEOS_DIR:-/data/videos}
|
||||
TEMP_DIR: ${GANYMEDE_TEMP_DIR:-/data/temp}
|
||||
LOGS_DIR: ${GANYMEDE_LOGS_DIR:-/data/logs}
|
||||
CONFIG_DIR: ${GANYMEDE_CONFIG_DIR:-/data/config}
|
||||
DB_HOST: ${GANYMEDE_DB_HOST:-192.168.1.3}
|
||||
DB_PORT: ${GANYMEDE_DB_PORT:-5432}
|
||||
DB_USER: ${GANYMEDE_DB_USER:-ganymede}
|
||||
DB_PASS: ${GANYMEDE_DB_PASS}
|
||||
DB_NAME: ${GANYMEDE_DB_NAME:-ganymede}
|
||||
DB_SSL: ${GANYMEDE_DB_SSL:-disable}
|
||||
TWITCH_CLIENT_ID: ${GANYMEDE_TWITCH_CLIENT_ID}
|
||||
TWITCH_CLIENT_SECRET: ${GANYMEDE_TWITCH_CLIENT_SECRET}
|
||||
MAX_CHAT_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS:-3}
|
||||
MAX_CHAT_RENDER_EXECUTIONS: ${GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS:-2}
|
||||
MAX_VIDEO_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS:-2}
|
||||
MAX_VIDEO_CONVERT_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS:-3}
|
||||
MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS:-2}
|
||||
OAUTH_ENABLED: ${GANYMEDE_OAUTH_ENABLED:-true}
|
||||
OAUTH_PROVIDER_URL: ${GANYMEDE_OAUTH_PROVIDER_URL:-https://auth.fukurokuju.dev/application/o/ganymede/}
|
||||
OAUTH_CLIENT_ID: ${GANYMEDE_OAUTH_CLIENT_ID}
|
||||
OAUTH_CLIENT_SECRET: ${GANYMEDE_OAUTH_CLIENT_SECRET}
|
||||
OAUTH_REDIRECT_URL: ${GANYMEDE_OAUTH_REDIRECT_URL:-https://vods.roboces.dev/api/v1/auth/oauth/callback}
|
||||
SHOW_SSO_LOGIN_BUTTON: ${GANYMEDE_SHOW_SSO_LOGIN_BUTTON:-true}
|
||||
FORCE_SSO_AUTH: ${GANYMEDE_FORCE_SSO_AUTH:-true}
|
||||
REQUIRE_LOGIN: ${GANYMEDE_REQUIRE_LOGIN:-true}
|
||||
volumes:
|
||||
- ${GANYMEDE_VIDEOS:-/mnt/vods/ganymede/videos}:/data/videos
|
||||
- ${GANYMEDE_TEMP:-/mnt/vods/ganymede/temp}:/data/temp
|
||||
- ${GANYMEDE_CACHE:-/mnt/vods/ganymede/cache}:/data/.cache
|
||||
- ${GANYMEDE_LOGS:-/mnt/vods/ganymede/logs}:/data/logs
|
||||
- ${GANYMEDE_CONFIG:-/mnt/vods/ganymede/config}:/data/config
|
||||
ports:
|
||||
- "4800:4000"
|
||||
healthcheck:
|
||||
test: curl --fail http://localhost:4000/health || exit 1
|
||||
interval: 60s
|
||||
retries: 5
|
||||
start_period: 60s
|
||||
timeout: 10s
|
||||
27
docker/ganymede/sample.env
Normal file
27
docker/ganymede/sample.env
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
GANYMEDE_DEBUG=false
|
||||
GANYMEDE_TZ=Europe/Madrid
|
||||
GANYMEDE_VIDEOS_DIR=/data/videos
|
||||
GANYMEDE_TEMP_DIR=/data/temp
|
||||
GANYMEDE_LOGS_DIR=/data/logs
|
||||
GANYMEDE_CONFIG_DIR=/data/config
|
||||
GANYMEDE_DB_HOST=192.168.1.3
|
||||
GANYMEDE_DB_PORT=5432
|
||||
GANYMEDE_DB_USER=ganymede
|
||||
GANYMEDE_DB_PASS=
|
||||
GANYMEDE_DB_NAME=ganymede
|
||||
GANYMEDE_DB_SSL=disable
|
||||
GANYMEDE_TWITCH_CLIENT_ID=
|
||||
GANYMEDE_TWITCH_CLIENT_SECRET=
|
||||
GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS=3
|
||||
GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS=2
|
||||
GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS=2
|
||||
GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS=3
|
||||
GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS=2
|
||||
GANYMEDE_OAUTH_ENABLED=true
|
||||
GANYMEDE_OAUTH_PROVIDER_URL=https://auth.fukurokuju.dev/application/o/ganymede/
|
||||
GANYMEDE_OAUTH_CLIENT_ID=
|
||||
GANYMEDE_OAUTH_CLIENT_SECRET=
|
||||
GANYMEDE_OAUTH_REDIRECT_URL=https://vods.roboces.dev/api/v1/auth/oauth/callback
|
||||
GANYMEDE_SHOW_SSO_LOGIN_BUTTON=true
|
||||
GANYMEDE_FORCE_SSO_AUTH=false
|
||||
GANYMEDE_REQUIRE_LOGIN=false
|
||||
|
|
@ -14,7 +14,7 @@ services:
|
|||
|
||||
webserver:
|
||||
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.5
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.6
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 8002:8000
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
services:
|
||||
rustical:
|
||||
image: ghcr.io/lennart-k/rustical:0.12.1
|
||||
image: ghcr.io/lennart-k/rustical:0.12.4
|
||||
ports:
|
||||
- '4000:4000'
|
||||
volumes:
|
||||
|
|
|
|||
18
docker/tailscale/docker-compose.yml
Normal file
18
docker/tailscale/docker-compose.yml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
services:
|
||||
tailscale:
|
||||
image: tailscale/tailscale:v1.92.5
|
||||
hostname: tailscale
|
||||
environment:
|
||||
TS_AUTHKEY: ${TS_AUTHKEY}
|
||||
TS_HOSTNAME: ${TS_HOSTNAME:-docker-exit-node}
|
||||
TS_EXTRA_ARGS: ${TS_EXTRA_ARGS:---advertise-exit-node}
|
||||
TS_ROUTES: ${TS_ROUTES:-192.168.1.0/24}
|
||||
TS_STATE_DIR: /var/lib/tailscale
|
||||
volumes:
|
||||
- ${TS_VOLUME:-/mnt/nas1/shared/tailscale}:/var/lib/tailscale
|
||||
devices:
|
||||
- /dev/net/tun:/dev/net/tun
|
||||
cap_add:
|
||||
- net_admin
|
||||
restart: unless-stopped
|
||||
5
docker/tailscale/sample.env
Normal file
5
docker/tailscale/sample.env
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
TS_AUTHKEY=
|
||||
TS_HOSTNAME=docker-exit-node
|
||||
TS_EXTRA_ARGS=--advertise-exit-node
|
||||
TS_ROUTES=192.168.1.0/24
|
||||
TS_VOLUME=/mnt/nas1/shared/tailscale
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
services:
|
||||
web_recipes:
|
||||
restart: always
|
||||
image: vabene1111/recipes:2.3.6
|
||||
image: vabene1111/recipes:2.4.2
|
||||
volumes:
|
||||
- ${TANDOOR_STATICFILES:-/mnt/nas1/shared/tandoor/staticfiles}:/opt/recipes/staticfiles
|
||||
- ${TANDOOR_MEDIAFILES:-/mnt/nas1/shared/tandoor/mediafiles}:/opt/recipes/mediafiles
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
services:
|
||||
vaultwarden:
|
||||
image: vaultwarden/server:1.34.3-alpine
|
||||
image: vaultwarden/server:1.35.2-alpine
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DATABASE_URL: ${DATABASE_URL}
|
||||
|
|
|
|||
|
|
@ -1,45 +0,0 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: factorio
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-fuku
|
||||
server: https://kubernetes.default.svc
|
||||
sources:
|
||||
- chart: factorio-server-charts
|
||||
repoURL: https://sqljames.github.io/factorio-server-charts/
|
||||
targetRevision: 2.5.*
|
||||
helm:
|
||||
valuesObject:
|
||||
rcon:
|
||||
passwordSecret: secrets-factorio
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: agent1
|
||||
image:
|
||||
tag: latest
|
||||
factorioServer:
|
||||
save_name: fukurokuju-space
|
||||
admin_list:
|
||||
- Phireh
|
||||
account:
|
||||
accountSecret: secrets-factorio
|
||||
server_settings:
|
||||
name: factorio-fukurokuju
|
||||
visibility:
|
||||
public: false
|
||||
require_user_verification: false
|
||||
persistence:
|
||||
storageClassName: truenas-nfs-csi
|
||||
serverPassword:
|
||||
passwordSecret: secrets-factorio
|
||||
|
||||
- repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
path: k8s/services/factorio
|
||||
targetRevision: main
|
||||
project: fuku
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
|
|
@ -14,7 +14,7 @@ spec:
|
|||
sources:
|
||||
- chart: forgejo
|
||||
repoURL: code.forgejo.org/forgejo-helm
|
||||
targetRevision: 15.1.0
|
||||
targetRevision: 16.0.2
|
||||
helm:
|
||||
valuesObject:
|
||||
replicaCount: 2
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ spec:
|
|||
targetRevision: main
|
||||
- chart: meilisearch
|
||||
repoURL: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
targetRevision: 0.24.*
|
||||
targetRevision: 0.25.*
|
||||
helm:
|
||||
valuesObject:
|
||||
environment:
|
||||
|
|
|
|||
43
k8s/argo-apps/pulse.yaml
Normal file
43
k8s/argo-apps/pulse.yaml
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: pulse
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-fuku
|
||||
server: https://kubernetes.default.svc
|
||||
project: fuku
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
sources:
|
||||
- repoURL: https://rcourtman.github.io/Pulse
|
||||
chart: pulse
|
||||
targetRevision: v5.0.*
|
||||
helm:
|
||||
valuesObject:
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
storageClass: truenas-nfs-csi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts:
|
||||
- host: pulse.fukurokuju.dev
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls: []
|
||||
monitoring:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
- path: k8s/services/pulse
|
||||
repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
targetRevision: main
|
||||
|
|
@ -13,7 +13,7 @@ spec:
|
|||
sources:
|
||||
- chart: renovate
|
||||
repoURL: https://docs.renovatebot.com/helm-charts
|
||||
targetRevision: 45.74.*
|
||||
targetRevision: 46.2.*
|
||||
helm:
|
||||
valuesObject:
|
||||
renovate:
|
||||
|
|
|
|||
|
|
@ -32,3 +32,4 @@ spec:
|
|||
- registry-1.docker.io/cloudpirates
|
||||
- https://vmware-tanzu.github.io/helm-charts/
|
||||
- https://helm.runix.net
|
||||
- https://rcourtman.github.io/Pulse
|
||||
|
|
|
|||
105
k8s/services/pulse/ds.yaml
Normal file
105
k8s/services/pulse/ds.yaml
Normal file
|
|
@ -0,0 +1,105 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: pulse-agent
|
||||
namespace: apps-fuku
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: pulse-agent-read
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes", "pods"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: pulse-agent-read
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pulse-agent
|
||||
namespace: apps-fuku
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: pulse-agent-read
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: pulse-agent
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: pulse-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: pulse-agent
|
||||
spec:
|
||||
serviceAccountName: pulse-agent
|
||||
containers:
|
||||
- name: pulse-agent
|
||||
image: rcourtman/pulse:v5.0.17
|
||||
command: ["/opt/pulse/bin/pulse-agent-linux-amd64"]
|
||||
args:
|
||||
- --enable-kubernetes
|
||||
env:
|
||||
- name: PULSE_URL
|
||||
value: "https://pulse.fukurokuju.dev"
|
||||
- name: PULSE_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: pulse-agent-secrets
|
||||
key: PULSE_TOKEN
|
||||
- name: PULSE_AGENT_ID
|
||||
value: "k8s-cluster"
|
||||
- name: PULSE_ENABLE_HOST
|
||||
value: "true"
|
||||
- name: HOST_PROC
|
||||
value: "/host/proc"
|
||||
- name: HOST_SYS
|
||||
value: "/host/sys"
|
||||
- name: HOST_ETC
|
||||
value: "/host/etc"
|
||||
- name: PULSE_KUBE_INCLUDE_ALL_PODS
|
||||
value: "true"
|
||||
- name: PULSE_KUBE_INCLUDE_ALL_DEPLOYMENTS
|
||||
value: "true"
|
||||
securityContext:
|
||||
privileged: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: host-proc
|
||||
mountPath: /host/proc
|
||||
readOnly: true
|
||||
- name: host-sys
|
||||
mountPath: /host/sys
|
||||
readOnly: true
|
||||
- name: host-root
|
||||
mountPath: /host/root
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: host-proc
|
||||
hostPath:
|
||||
path: /proc
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
- name: host-root
|
||||
hostPath:
|
||||
path: /
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
17
k8s/services/pulse/sealedsecrets.yaml
Normal file
17
k8s/services/pulse/sealedsecrets.yaml
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: pulse-agent-secrets
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
encryptedData:
|
||||
PULSE_TOKEN: AgBBxrJ80IpJ0RvYKQuN6p3G8vIdSL9nESO9OTAR0NiMjSGZNbNEELKE/a1f2ixQUSsNc/k31c+7GlAi+8PmNC4c7rmRJTe+z3uO/BNNLYeTi7DsEk9/oJZTWn7iOcLogiZJQKxbGozCp/S8zrWisH67N2ZHmzz5UEJAzq57+fBEyAk22/WR0QMfW3oOYHGZFNR5AdAxrdfyRwTvSEOz4R2YlrQKRtOFVIPG/aEaAn42AGYfrq2cLVEiCygjE+8nZQ62TMmQqMiwiCjk5do9uRhhiRimuD78FrNnFU5dSwe/11ji5sSrEPjszPB8O0TBbsCssxfz48cKRm/6IdI9B5pKHYob68Ed8u5UgpRU/ZhUWJLyXuZF/Tgw+WcIsVkQXb3eqQTARBeZueugnA23lnzxh5gjR17wjPw7ePYaLiUWTYikOK5HvgpJyiuB0ev2cjGSqYeeAAn5ewCGM/NODXUAlFdC+N9S7ft1+chJrHoaXgHy8J9LWm/maKW99+yT08a68RvGGoZtFPZNlFjzurNF6EY9SLUFf0RLzShkyq6uuOzLm8gENyDIQ+Ru7wWEwyEcUz4ceAR5I78k0gCIDR1o4Ti22asdbRjMptZdOTbep+PWmu2K1oUvxXtXwgKkn8pvTkJpcdejqehnYPWfRAI3Guxi7LQDf++yShKS1NdXMdjhtFoNLa03xHM/G94sF3/mnJwivNhur1V7iC1yCY5NlruPr4KCd5AgOnKqoreRRvRbCVlFO1mtP6XV4sjqEIhmZyXWFJ76bwAC+hxSlFzL
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: pulse-agent-secrets
|
||||
namespace: apps-fuku
|
||||
type: Opaque
|
||||
|
|
@ -85,8 +85,12 @@ resource "adguard_rewrite" "master2" {
|
|||
answer = "192.168.1.32"
|
||||
}
|
||||
|
||||
|
||||
resource "adguard_rewrite" "k3m3" {
|
||||
domain = "k3m3.fuku"
|
||||
answer = "192.168.1.43"
|
||||
}
|
||||
|
||||
resource "adguard_rewrite" "pulse" {
|
||||
answer = "pulse.fukurokuju.dev"
|
||||
domain = "192.168.1.12"
|
||||
}
|
||||
|
|
|
|||
47
tofu/authentik/.terraform.lock.hcl
generated
47
tofu/authentik/.terraform.lock.hcl
generated
|
|
@ -2,23 +2,36 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/goauthentik/authentik" {
|
||||
version = "2025.10.1"
|
||||
constraints = "2025.10.1"
|
||||
version = "2025.12.0"
|
||||
constraints = "2025.12.0"
|
||||
hashes = [
|
||||
"h1:X0bV1LqI7nu4np+xiGP8yLVfyl6rh/XNXz7QQ7Hsr6g=",
|
||||
"zh:02ac2478c8901043a0455b8b6b8185e9814786bd802a9aa6d4126d4f56d4735d",
|
||||
"zh:24d680732a9ea72a86c1e7bf4aa13ab9cc0c60ee4bd4cae8af43670eff88edd9",
|
||||
"zh:4f415f177671eeea2234eb835479bbb710e811e60864cec6a00ee0e03a412fa3",
|
||||
"zh:55498caa20504dd52a1870823e15dec6c78948eac2e6ec98e6ec122b5407630b",
|
||||
"zh:570f9ca7f909bda94b97feab7898ef392e01ae6178d8a9d36aac984d8a433ec1",
|
||||
"zh:92ac78b97e2d5310ed82233980f941ebecf69ae1f9d03f3e719d8687aa6f4cc7",
|
||||
"zh:95f852a4e7d22daac86901ebc6b327d5987832b707ad3fd3aeff6c36dd088717",
|
||||
"zh:98c8659f468a58a9d224b2fca9d5909d39bcabf9e2593e9b4a574dbffb6e2dca",
|
||||
"zh:a7d1428ec803ae794ebb05d772fa44020827a6b762a5b2da11869fc618ea59cd",
|
||||
"zh:b1ef054b09fed4282c625a38a4aa6d1276c58e541f4cffcc716aa7d2b773f30a",
|
||||
"zh:b95e3edeb0da3ee0c0392afa18957cf7d41b2f71ed08a50f4bf38010aaf77d30",
|
||||
"zh:c3ce9f57889e6bb33f34ee4cc4463a77652b811351bbb25e6fc5ba9dc0c61e14",
|
||||
"zh:f6d2fe811ad5c242ced99a6b51b2d7f60f060d4bc6837fe1026c2abb7cb6f9a4",
|
||||
"zh:f78b8e20e7d9f53e1622051c706369a7c6d0f1e37c16df67a214697cd5d0a4fb",
|
||||
"h1:1WOionGZogRGfcwgsBshgGDDMFWqioq62s/FmpTonI8=",
|
||||
"h1:7EkbL1fO5vkX5IvlGhKIjWcEPIc7U3zS/x0+rMC+NKE=",
|
||||
"h1:N65bk3gPCHEJE8c68LCjQ2NMwDKDJlt0+ofnmeNM4FI=",
|
||||
"h1:S2NDeRAxbfKPGvBqM7WES5znedi0V2AWc5wxkczYDd8=",
|
||||
"h1:ZmqC2orWU2UItPZJZfsSnBBX7Ds0OEk8EarBtWjuFsc=",
|
||||
"h1:aofPDDDWm9c87uip8IwKlhGDePNNr6Sy0Q+m9NgOols=",
|
||||
"h1:f3+jlDlxpgKdCbcB7ac4lVn5pdSMM1e2Qh0AB0RDNsA=",
|
||||
"h1:jt+Gtla0Z7zN4gCltMg//aDfCoSIdCyFF4ept4Qwc6E=",
|
||||
"h1:msEjekUeIUKY6lipADjuQpaU1HPrp0MU19R9LpZv5UM=",
|
||||
"h1:t61WX+9iOOCLlZ8tt/vZP7X8M/Q7F5k6QUyduYtpVf8=",
|
||||
"h1:tI7fyxvSatX28mp0woFsBbhrnzgeZTZAaitzKThlyAo=",
|
||||
"h1:wzjwM6RA9Jth4iCN5J9dzxnfjO56ZFl1T5rAQhuU1og=",
|
||||
"h1:xZZSwrSXnUCPmP9U3EY9fKPmBru58wZozovF2+i//oY=",
|
||||
"h1:z/+UpU0PH5hae3WEqJO7Lreo0wYO77UuJrimJyV3Mcg=",
|
||||
"zh:0ce23bd10c1782a3ae9321a572093df2c283df9003fc1cf33f6e63df18a81b7a",
|
||||
"zh:0de1db5b3363603e6bd25c9c420e24e872bcfe8d43a7015b710a0292ffa7a649",
|
||||
"zh:1d719e62eb5195a6461cdf2e175960093cdb77b190a7b15eb3fd0e1fc38409e1",
|
||||
"zh:3adba178a720c90f296183479872a82719f5497b24e90224c044bcc9e29092b7",
|
||||
"zh:54e5895e61a39b955be26977c273d9581beccf0e22ec58932708472cab40b03b",
|
||||
"zh:59b8df5b3be8bf9e8a8dcc7b5edf96b0ca505f93fc0db022cc33513172dbc2c8",
|
||||
"zh:6d86630e353b874ad43d09e3d3541ba4f824c578122a21c7895a452a0534ca05",
|
||||
"zh:b6c7466446ce685971dee0c7b2dcb16917e3d23805a51d7a2091e475908c8d87",
|
||||
"zh:ca306de78ea0f99f698548d51b094501e8299340ccc9c6549d1b62fc1fe29456",
|
||||
"zh:cc6bd38417c0a6c0d7a1c8533007c113155d82d085ea705d955dadf62b2f9f66",
|
||||
"zh:da657c9db5647620fca377fdc934db6a0f6d05d4cc0dd91a47404850805fd6da",
|
||||
"zh:dc0b1effedb7a35d1756be915ff8b48d0f422b7a9da75e7f14a2d3efa2d4806f",
|
||||
"zh:eef8d1715e9cfcb6cbe05dc071390ee91276d12f6fd870bac116af47518f6176",
|
||||
"zh:f4c0cd2168f59d4fbf4b1fada95a9c973224bbf81975e948f741ad18ef665690",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.10.1"
|
||||
version = "2025.12.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -22,6 +22,11 @@ resource "authentik_group" "ci" {
|
|||
users = [data.authentik_user.catalin.id]
|
||||
}
|
||||
|
||||
resource "authentik_group" "vods" {
|
||||
name = "vods"
|
||||
users = [data.authentik_user.catalin.id]
|
||||
}
|
||||
|
||||
resource "authentik_group" "admins" {
|
||||
name = "authentik Admins"
|
||||
is_superuser = true
|
||||
|
|
@ -47,6 +52,7 @@ resource "authentik_group" "mediamanager" {
|
|||
is_superuser = false
|
||||
}
|
||||
|
||||
|
||||
module "gitea" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Gitea"
|
||||
|
|
@ -128,7 +134,7 @@ module "sonarr" {
|
|||
app_slug = "sonarr"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
app_url = "https://sonarr.fukurokuju.dev"
|
||||
internal_host = "http://192.168.1.3:38013/"
|
||||
internal_host = "http://192.168.1.3:30113/"
|
||||
internal_host_ssl_validation = false
|
||||
app_icon = "https://sonarr.tv/img/logo.png"
|
||||
}
|
||||
|
|
@ -139,7 +145,7 @@ module "radarr" {
|
|||
app_slug = "radarr"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
app_url = "https://radarr.fukurokuju.dev"
|
||||
internal_host = "http://192.168.1.3:38012/"
|
||||
internal_host = "http://192.168.1.3:30025/"
|
||||
internal_host_ssl_validation = false
|
||||
app_icon = "https://radarr.video/img/background/logo.png"
|
||||
}
|
||||
|
|
@ -150,7 +156,7 @@ module "lidarr" {
|
|||
app_slug = "lidarr"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
app_url = "https://lidarr.fukurokuju.dev"
|
||||
internal_host = "http://192.168.1.3:38010/"
|
||||
internal_host = "http://192.168.1.3:30071/"
|
||||
internal_host_ssl_validation = false
|
||||
app_icon = "https://lidarr.audio/img/background/logo.png"
|
||||
}
|
||||
|
|
@ -171,7 +177,7 @@ module "prowlarr" {
|
|||
app_slug = "prowlarr"
|
||||
app_access_group_id = authentik_group.admins.id
|
||||
app_url = "https://prowlarr.fukurokuju.dev"
|
||||
internal_host = "http://192.168.1.3:38014"
|
||||
internal_host = "http://192.168.1.3:30050"
|
||||
internal_host_ssl_validation = false
|
||||
}
|
||||
|
||||
|
|
@ -199,11 +205,11 @@ module "sftpgo" {
|
|||
sub_mode = "user_username"
|
||||
}
|
||||
|
||||
|
||||
module "rustical" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "rustical"
|
||||
app_slug = "rustical"
|
||||
app_url = "https://cal.roboces.dev"
|
||||
client_id = var.rustical_client_id
|
||||
client_secret = var.rustical_client_secret
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }]
|
||||
|
|
@ -216,6 +222,8 @@ module "jellyfin" {
|
|||
app_slug = "jellyfin"
|
||||
base_dn = "DC=ldap,DC=fukurokuju,DC=dev"
|
||||
name = "jellyfin"
|
||||
app_url = "https://jelly.roboces.dev"
|
||||
app_icon = "https://jelly.roboces.dev/web/touchicon.f5bbb798cb2c65908633.png"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
}
|
||||
|
||||
|
|
@ -224,7 +232,43 @@ module "tandoor" {
|
|||
app_name = "Tandoor"
|
||||
app_slug = "tandoor"
|
||||
app_access_group_id = ""
|
||||
app_url = "https://recipes.roboces.dev"
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://recipes.roboces.dev/accounts/oidc/authentik/login/callback/" }]
|
||||
app_icon = "https://recipes.roboces.dev/static/assets/logo_color_192.c9b9177ff941.png"
|
||||
client_id = var.tandoor_client_id
|
||||
client_secret = var.tandoor_client_secret
|
||||
}
|
||||
|
||||
module "ganymede" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Ganymede"
|
||||
app_slug = "ganymede"
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://vods.roboces.dev/api/v1/auth/oauth/callback" }]
|
||||
client_id = var.ganymede_client_id
|
||||
client_secret = var.ganymede_client_secret
|
||||
app_url = "https://vods.roboces.dev"
|
||||
app_icon = "https://vods.roboces.dev/favicon.ico"
|
||||
app_access_group_id = authentik_group.vods.id
|
||||
}
|
||||
|
||||
module "jellyseerr" {
|
||||
source = "../modules/authentik-app"
|
||||
app_name = "Solicitudes Jelly"
|
||||
app_slug = "jellyseer"
|
||||
app_url = "https://requests.roboces.dev"
|
||||
app_icon = "https://requests.roboces.dev/os_icon.svg"
|
||||
app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
}
|
||||
|
||||
module "pulse" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Pulse"
|
||||
app_slug = "pulse"
|
||||
app_url = "https://pulse.fukurokuju.dev"
|
||||
client_id = var.pulse_client_id
|
||||
client_secret = var.pulse_client_secret
|
||||
app_icon = "https://pulse.fukurokuju.dev/logo.svg"
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://pulse.fukurokuju.dev/api/oidc/callback" }]
|
||||
app_access_group_id = authentik_group.admins.id
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,3 +14,7 @@ TF_VAR_rustical_client_id=
|
|||
TF_VAR_rustical_client_secret=
|
||||
TF_VAR_tandoor_client_id=
|
||||
TF_VAR_tandoor_client_secret=
|
||||
TF_VAR_ganymede_client_id=
|
||||
TF_VAR_ganymede_client_secret=
|
||||
TF_VAR_pulse_client_id=
|
||||
TF_VAR_pulse_client_secret=
|
||||
|
|
|
|||
|
|
@ -68,3 +68,23 @@ variable "tandoor_client_secret" {
|
|||
description = "Tandoor client secret"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ganymede_client_id" {
|
||||
description = "Ganymede client ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ganymede_client_secret" {
|
||||
description = "Ganymede client secret"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "pulse_client_id" {
|
||||
description = "Pulse client ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "pulse_client_secret" {
|
||||
description = "Pulse client secret"
|
||||
type = string
|
||||
}
|
||||
|
|
|
|||
26
tofu/modules/authentik-app/main.tf
Normal file
26
tofu/modules/authentik-app/main.tf
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
terraform {
|
||||
required_version = ">= 1.6"
|
||||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.12.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "authentik_application" "app" {
|
||||
name = var.app_name
|
||||
slug = var.app_slug
|
||||
open_in_new_tab = var.open_in_new_tab
|
||||
meta_icon = var.app_icon
|
||||
meta_description = var.app_description
|
||||
meta_publisher = var.app_publisher
|
||||
meta_launch_url = var.app_url
|
||||
}
|
||||
|
||||
resource "authentik_policy_binding" "app_access" {
|
||||
target = authentik_application.app.uuid
|
||||
group = var.app_access_group_id
|
||||
order = 0
|
||||
count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
|
||||
}
|
||||
62
tofu/modules/authentik-app/vars.tf
Normal file
62
tofu/modules/authentik-app/vars.tf
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
variable "app_name" {
|
||||
description = "App name"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "app_slug" {
|
||||
description = "App slug, a human-readable URL identifier, e.g.: Google -> google"
|
||||
type = string
|
||||
}
|
||||
|
||||
|
||||
variable "client_type" {
|
||||
type = string
|
||||
default = "confidential"
|
||||
|
||||
validation {
|
||||
condition = contains(["confidential", "public"], var.client_type)
|
||||
error_message = "client_type must be 'confidential' or 'public'"
|
||||
}
|
||||
}
|
||||
|
||||
variable "app_access_group_id" {
|
||||
description = "ID of a group which will have access to the app"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "sub_mode" {
|
||||
type = string
|
||||
default = "user_username"
|
||||
|
||||
validation {
|
||||
condition = contains(["user_id", "user_username", "hashed_user_id"], var.sub_mode)
|
||||
error_message = "sub_mode must be 'user_id', 'user_username' or 'hashed_user_id'"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
variable "open_in_new_tab" {
|
||||
type = bool
|
||||
description = "Open apps in a new tab"
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "app_icon" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "app_description" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "app_publisher" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "app_url" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
47
tofu/modules/authentik-ldap/.terraform.lock.hcl
generated
47
tofu/modules/authentik-ldap/.terraform.lock.hcl
generated
|
|
@ -2,23 +2,36 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/goauthentik/authentik" {
|
||||
version = "2025.10.1"
|
||||
constraints = "2025.10.1"
|
||||
version = "2025.12.0"
|
||||
constraints = "2025.12.0"
|
||||
hashes = [
|
||||
"h1:X0bV1LqI7nu4np+xiGP8yLVfyl6rh/XNXz7QQ7Hsr6g=",
|
||||
"zh:02ac2478c8901043a0455b8b6b8185e9814786bd802a9aa6d4126d4f56d4735d",
|
||||
"zh:24d680732a9ea72a86c1e7bf4aa13ab9cc0c60ee4bd4cae8af43670eff88edd9",
|
||||
"zh:4f415f177671eeea2234eb835479bbb710e811e60864cec6a00ee0e03a412fa3",
|
||||
"zh:55498caa20504dd52a1870823e15dec6c78948eac2e6ec98e6ec122b5407630b",
|
||||
"zh:570f9ca7f909bda94b97feab7898ef392e01ae6178d8a9d36aac984d8a433ec1",
|
||||
"zh:92ac78b97e2d5310ed82233980f941ebecf69ae1f9d03f3e719d8687aa6f4cc7",
|
||||
"zh:95f852a4e7d22daac86901ebc6b327d5987832b707ad3fd3aeff6c36dd088717",
|
||||
"zh:98c8659f468a58a9d224b2fca9d5909d39bcabf9e2593e9b4a574dbffb6e2dca",
|
||||
"zh:a7d1428ec803ae794ebb05d772fa44020827a6b762a5b2da11869fc618ea59cd",
|
||||
"zh:b1ef054b09fed4282c625a38a4aa6d1276c58e541f4cffcc716aa7d2b773f30a",
|
||||
"zh:b95e3edeb0da3ee0c0392afa18957cf7d41b2f71ed08a50f4bf38010aaf77d30",
|
||||
"zh:c3ce9f57889e6bb33f34ee4cc4463a77652b811351bbb25e6fc5ba9dc0c61e14",
|
||||
"zh:f6d2fe811ad5c242ced99a6b51b2d7f60f060d4bc6837fe1026c2abb7cb6f9a4",
|
||||
"zh:f78b8e20e7d9f53e1622051c706369a7c6d0f1e37c16df67a214697cd5d0a4fb",
|
||||
"h1:1WOionGZogRGfcwgsBshgGDDMFWqioq62s/FmpTonI8=",
|
||||
"h1:7EkbL1fO5vkX5IvlGhKIjWcEPIc7U3zS/x0+rMC+NKE=",
|
||||
"h1:N65bk3gPCHEJE8c68LCjQ2NMwDKDJlt0+ofnmeNM4FI=",
|
||||
"h1:S2NDeRAxbfKPGvBqM7WES5znedi0V2AWc5wxkczYDd8=",
|
||||
"h1:ZmqC2orWU2UItPZJZfsSnBBX7Ds0OEk8EarBtWjuFsc=",
|
||||
"h1:aofPDDDWm9c87uip8IwKlhGDePNNr6Sy0Q+m9NgOols=",
|
||||
"h1:f3+jlDlxpgKdCbcB7ac4lVn5pdSMM1e2Qh0AB0RDNsA=",
|
||||
"h1:jt+Gtla0Z7zN4gCltMg//aDfCoSIdCyFF4ept4Qwc6E=",
|
||||
"h1:msEjekUeIUKY6lipADjuQpaU1HPrp0MU19R9LpZv5UM=",
|
||||
"h1:t61WX+9iOOCLlZ8tt/vZP7X8M/Q7F5k6QUyduYtpVf8=",
|
||||
"h1:tI7fyxvSatX28mp0woFsBbhrnzgeZTZAaitzKThlyAo=",
|
||||
"h1:wzjwM6RA9Jth4iCN5J9dzxnfjO56ZFl1T5rAQhuU1og=",
|
||||
"h1:xZZSwrSXnUCPmP9U3EY9fKPmBru58wZozovF2+i//oY=",
|
||||
"h1:z/+UpU0PH5hae3WEqJO7Lreo0wYO77UuJrimJyV3Mcg=",
|
||||
"zh:0ce23bd10c1782a3ae9321a572093df2c283df9003fc1cf33f6e63df18a81b7a",
|
||||
"zh:0de1db5b3363603e6bd25c9c420e24e872bcfe8d43a7015b710a0292ffa7a649",
|
||||
"zh:1d719e62eb5195a6461cdf2e175960093cdb77b190a7b15eb3fd0e1fc38409e1",
|
||||
"zh:3adba178a720c90f296183479872a82719f5497b24e90224c044bcc9e29092b7",
|
||||
"zh:54e5895e61a39b955be26977c273d9581beccf0e22ec58932708472cab40b03b",
|
||||
"zh:59b8df5b3be8bf9e8a8dcc7b5edf96b0ca505f93fc0db022cc33513172dbc2c8",
|
||||
"zh:6d86630e353b874ad43d09e3d3541ba4f824c578122a21c7895a452a0534ca05",
|
||||
"zh:b6c7466446ce685971dee0c7b2dcb16917e3d23805a51d7a2091e475908c8d87",
|
||||
"zh:ca306de78ea0f99f698548d51b094501e8299340ccc9c6549d1b62fc1fe29456",
|
||||
"zh:cc6bd38417c0a6c0d7a1c8533007c113155d82d085ea705d955dadf62b2f9f66",
|
||||
"zh:da657c9db5647620fca377fdc934db6a0f6d05d4cc0dd91a47404850805fd6da",
|
||||
"zh:dc0b1effedb7a35d1756be915ff8b48d0f422b7a9da75e7f14a2d3efa2d4806f",
|
||||
"zh:eef8d1715e9cfcb6cbe05dc071390ee91276d12f6fd870bac116af47518f6176",
|
||||
"zh:f4c0cd2168f59d4fbf4b1fada95a9c973224bbf81975e948f741ad18ef665690",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.10.1"
|
||||
version = "2025.12.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.10.1"
|
||||
version = "2025.12.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.10.1"
|
||||
version = "2025.12.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue