.forgejo/workflows/deploy-kaniko.yaml

@@ -1,24 +0,0 @@
----
-name: Kaniko deployments
-
-on:  # yamllint disable-line rule:truthy
-  push:
-    branches:
-      - 'main'
-      - 'ci/debug'
-
-jobs:
-  nextcloud:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - name: Kaniko build
-        uses: aevea/action-kaniko@v0.13.0
-        with:
-          image: catalin/fukuops
-          username: kaniko
-          password: ${{ secrets.REGISTRY_PASSWORD }}
-          cache: true
-          registry: git.roboces.dev
-          tag: nextcloud-30.0.1
-          path: docker/nextcloud

.forgejo/workflows/deploy-tofu.yaml

@@ -5,6 +5,7 @@ on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - 'main'
+      - 'ci/debug'
 
 jobs:
   authentik:
@@ -27,9 +28,7 @@ jobs:
           TF_VAR_portainer_client_id: ${{ secrets.TF_VAR_portainer_client_id }}
           TF_VAR_portainer_client_secret: ${{ secrets.TF_VAR_portainer_client_secret }}
           TF_VAR_paperless_client_id: ${{ secrets.TF_VAR_paperless_client_id }}
-          TF_VAR_paperless_client_secret: ${{ secrets.TF_VAR_paperless_secret }}
+          TF_VAR_paperless_client_secret: ${{ secrets.TF_VAR_paperless_client_secret }}
-          TF_VAR_netbird_client_id: ${{ secrets.TF_VAR_netbird_client_id }}
-          TF_VAR_netbird_client_secret: ${{ secrets.TF_VAR_netbird_client_secret }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         run: |

Makefile

@@ -4,10 +4,16 @@ lint--pre-commit:
 lint--kubeconform:
 	kubeconform -strict -ignore-missing-schemas k8s/
 
+SHELl=/bin/bash
+lint--kubescore:
+	kube-score score $$(find k8s -type f -print -name "*.yaml")
+
 lint--tflint:
 	tflint --recursive
 
+
 lint:
 	make lint--pre-commit
 	make lint--kubeconform
+	make lint--kube
 	make lint--tflint

README.md

@@ -2,4 +2,3 @@
 
 [![Last build status](https://git.roboces.dev/catalin/fukuops/badges/workflows/ci.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions)
 [![Tofu deployments](https://git.roboces.dev/catalin/fukuops/badges/workflows/deploy-tofu.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions)
-[![Kaniko deployments](https://git.roboces.dev/catalin/fukuops/badges/workflows/deploy-kaniko.yaml/badge.svg)](https://git.roboces.dev/catalin/fukuops/actions)

docker/forgejo-runner/docker-compose.yml

@@ -1,6 +1,6 @@
 ---
 x-runner-common: &runner-common
-  image: code.forgejo.org/forgejo/runner:4.0.0
+  image: code.forgejo.org/forgejo/runner:3.5.1
   links:
     - docker-in-docker
   depends_on:

docker/netbird/docker-compose.yml

@@ -1,7 +1,7 @@
 ---
 services:
   dashboard:
-    image: netbirdio/dashboard:v2.6.2
+    image: netbirdio/dashboard:latest
     restart: unless-stopped
     ports:
       - 8005:80
@@ -23,7 +23,7 @@ services:
         max-size: "500m"
         max-file: "2"
   signal:
-    image: netbirdio/signal:0.30.3
+    image: netbirdio/signal:latest
     restart: unless-stopped
     volumes:
       - netbird-signal:/var/lib/netbird
@@ -35,7 +35,7 @@ services:
         max-size: "500m"
         max-file: "2"
   relay:
-    image: netbirdio/relay:0.30.3
+    image: netbirdio/relay:latest
     restart: unless-stopped
     environment:
       NB_LOG_LEVEL: ${NB_LOG_LEVEL:-info}
@@ -50,7 +50,7 @@ services:
         max-size: "500m"
         max-file: "2"
   management:
-    image: netbirdio/management:0.30.3
+    image: netbirdio/management:latest
     restart: unless-stopped
     depends_on:
       - dashboard
@@ -74,9 +74,8 @@ services:
         max-file: "2"
     environment:
       - NETBIRD_STORE_ENGINE_POSTGRES_DSN=
-
   coturn:
-    image: coturn/coturn:4.6
+    image: coturn/coturn:latest
     restart: unless-stopped
     domainname: vpn.fukurokuju.dev
     volumes:
@@ -91,7 +90,7 @@ services:
         max-file: "2"
 
   peer-1:
-    image: netbirdio/netbird:0.30.3
+    image: netbirdio/netbird:0.29.4
     restart: unless-stopped
     volumes:
       - ${NETBIRD_PEER_VOLUME:-/mnt/nas1/shared/netbird/peer-1}/data:/etc/netbird

docker/nextcloud/Dockerfile

@@ -1,4 +1,4 @@
-FROM nextcloud:30.0.1-apache
+FROM nextcloud:30.0.0-apache
 
 RUN set -ex; \
     \

docker/nextcloud/docker-compose.yml

@@ -14,7 +14,7 @@ services:
       - nextcloud
 
   nextcloud:
-    image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.1
+    image: git.roboces.dev/catalin/fukuops:nextcloud-30.0.0
     volumes:
       - /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data
       - /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config

docker/paperless/docker-compose.yml

@@ -14,7 +14,7 @@ services:
 
   webserver:
 
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.13.2
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.12.1
     restart: unless-stopped
     ports:
       - 8002:8000

docker/vaultwarden/docker-compose.yml

@@ -1,7 +1,7 @@
 ---
 services:
   vaultwarden:
-    image: vaultwarden/server:1.32.3-alpine
+    image: vaultwarden/server:1.32.0-alpine
     restart: unless-stopped
     environment:
       DATABASE_URL: ${DATABASE_URL}

k8s/argo-apps/elastic.yaml

@@ -12,7 +12,7 @@ spec:
   sources:
     - chart: elasticsearch
       repoURL: registry-1.docker.io/bitnamicharts
-      targetRevision: 21.3.22
+      targetRevision: 21.3.18
       helm:
         valuesObject:
           service:

k8s/argo-apps/factorio.yaml

@@ -12,7 +12,7 @@ spec:
     sources:
         - chart: factorio-server-charts
           repoURL: https://sqljames.github.io/factorio-server-charts/
-          targetRevision: 2.0.*
+          targetRevision: 1.2.*
           helm:
               valuesObject:
                   rcon:
@@ -20,9 +20,9 @@ spec:
                   nodeSelector:
                       kubernetes.io/hostname: agent1
                   image:
-                      tag: latest
+                      tag: 1.1.101
                   factorioServer:
-                      save_name: fukurokuju-space
+                      save_name: fukurokuju
                   admin_list:
                       - Phireh
                   account:

k8s/argo-apps/forgejo.yaml

@@ -12,7 +12,7 @@ spec:
   sources:
     - chart: forgejo
       repoURL: code.forgejo.org/forgejo-helm
-      targetRevision: 10.0.1
+      targetRevision: 8.2.3
       helm:
         valuesObject:
           replicaCount: 2

k8s/argo-apps/renovate.yaml

@@ -13,7 +13,7 @@ spec:
   sources:
     - chart: renovate
       repoURL: https://docs.renovatebot.com/helm-charts
-      targetRevision: 38.132.*
+      targetRevision: 38.95.*
       helm:
         valuesObject:
           renovate:

k8s/services/miniflux/deployment.yaml

@@ -28,7 +28,7 @@ spec:
     spec:
       containers:
         - name: miniflux
-          image: miniflux/miniflux:2.2.2
+          image: miniflux/miniflux:2.2.1
           imagePullPolicy: Always
           securityContext:
             allowPrivilegeEscalation: false