Compare commits
114 commits
feat/tails
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 4525ba5078 | |||
| 9dd539c49c | |||
| 7f8bd9c31d | |||
| 81fd00b32d | |||
| dc44158b7d | |||
| c1555ba9a3 | |||
| 926f40daaf | |||
| 8c773bac1f | |||
| dcdee1b9c4 | |||
| 7263ecc20a | |||
| 85d1589f3e | |||
|
5a26981965 |
|||
|
375113b7c8 |
|||
|
c8cc8e3f20 |
|||
|
542dae2045 |
|||
| 7e6430640c | |||
| 9aba22b0b1 | |||
| 4a61991f4b | |||
|
ebfdfcc6da |
|||
| 98c3bbee28 | |||
| 6e25032468 | |||
| 8375b972c9 | |||
| 8b7746bb1e | |||
| 87d94bcc70 | |||
| e4b19d9e99 | |||
| 833e856903 | |||
| b5a1d35a70 | |||
|
b3ede23984 |
|||
| 49a0d53122 | |||
| 3c9110c459 | |||
| 4d7494ec7b | |||
| e74eadbbcc | |||
| 961c9db8a3 | |||
|
75e2172e9d |
|||
| 1984c78dcd | |||
| e0eddb137a | |||
| b31a170b16 | |||
| 62ed1889c7 | |||
|
0d8127037d |
|||
| 9fa9866ce2 | |||
|
af25a4e809 |
|||
|
1fa6ee3028 |
|||
|
6f9f930e04 |
|||
|
f8a965756c |
|||
|
e7eee7c894 |
|||
|
90f78305c5 |
|||
| 16fddc240f | |||
| 68cf9339e1 | |||
| 838dde47e6 | |||
| 0fe44b4b3a | |||
| 55b116672a | |||
| 5d430206dd | |||
| 7cb0c2b6b6 | |||
| 610f8af7cc | |||
| 028576be92 | |||
| b1940a2581 | |||
| 79f307f0b6 | |||
| 25464f94d7 | |||
| 5387e46cb2 | |||
| 4807e3b6db | |||
|
0b05fdcf73 |
|||
|
9de29c25eb |
|||
| b305270466 | |||
| 021170111d | |||
| b1635c088c | |||
| fa452a9940 | |||
| 3b16ee38a3 | |||
| fedc5e6969 | |||
|
6b934e23dc |
|||
| 3c676e9151 | |||
|
63e5a99360 |
|||
|
3f598b02f1 |
|||
| 4d0d2532fe | |||
| cf0e490096 | |||
| de2acfc690 | |||
| ba2b412931 | |||
|
ba3e9c69a0 |
|||
|
1fe44ddc30 |
|||
|
8f2669ab77 |
|||
|
9d01bc5177 |
|||
|
9627c49ad8 |
|||
|
708173d84e |
|||
|
b20e4f0ef4 |
|||
| 351119601f | |||
| b2ef06fdb8 | |||
| c5f8fef0f4 | |||
| 7bce1b85a9 | |||
| 79722144fa | |||
| fd5188f5c8 | |||
| 49fa998a47 | |||
| 83307d3a86 | |||
| 41b277b915 | |||
| 5c282202c1 | |||
| 6d85d8f90d | |||
| 1e4fb83472 | |||
| c991fd57ba | |||
| 26b2654443 | |||
| 2b71507c5e | |||
| c76d3db733 | |||
| 6ff4153f7d | |||
| cb69598081 | |||
| 28c8df1967 | |||
| ab6338496d | |||
| 6a56ed25a4 | |||
| e6fa586fbe | |||
| b144f9a03a | |||
| c07ddb4c86 | |||
| c5a6d64a8b | |||
| 9f00f56733 | |||
| 00d8d0adec | |||
| 2713604383 | |||
| a390412f56 | |||
| f41e6349ef | |||
| 970bc7e125 |
78 changed files with 1383 additions and 980 deletions
|
|
@ -7,11 +7,11 @@ jobs:
|
|||
pre-commit:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: https://code.forgejo.org/actions/checkout@v5
|
||||
- uses: https://code.forgejo.org/actions/checkout@v6
|
||||
- uses: https://code.forgejo.org/actions/setup-python@v6
|
||||
with:
|
||||
python-version: '3.10'
|
||||
- uses: opentofu/setup-opentofu@v1
|
||||
- uses: opentofu/setup-opentofu@v2
|
||||
with:
|
||||
tofu_version: 1.7.0
|
||||
- uses: pre-commit/action@v3.0.1
|
||||
|
|
@ -19,7 +19,7 @@ jobs:
|
|||
k8s:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: https://code.forgejo.org/actions/checkout@v5
|
||||
- uses: https://code.forgejo.org/actions/checkout@v6
|
||||
- name: Set up Kubeconform
|
||||
uses: bmuschko/setup-kubeconform@v1
|
||||
|
||||
|
|
@ -30,7 +30,7 @@ jobs:
|
|||
tflint:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: https://code.forgejo.org/actions/checkout@v5
|
||||
- uses: https://code.forgejo.org/actions/checkout@v6
|
||||
- uses: terraform-linters/setup-tflint@v6
|
||||
name: Setup TFLint
|
||||
with:
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ jobs:
|
|||
authentik:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: https://code.forgejo.org/actions/checkout@v5
|
||||
- uses: opentofu/setup-opentofu@v1
|
||||
- uses: https://code.forgejo.org/actions/checkout@v6
|
||||
- uses: opentofu/setup-opentofu@v2
|
||||
with:
|
||||
tofu_version: 1.8.1
|
||||
- name: Deploy
|
||||
|
|
@ -40,8 +40,8 @@ jobs:
|
|||
adguard:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: https://code.forgejo.org/actions/checkout@v5
|
||||
- uses: opentofu/setup-opentofu@v1
|
||||
- uses: https://code.forgejo.org/actions/checkout@v6
|
||||
- uses: opentofu/setup-opentofu@v2
|
||||
with:
|
||||
tofu_version: 1.7.0
|
||||
- name: Deploy
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v5.0.0
|
||||
rev: v6.0.0
|
||||
hooks:
|
||||
- id: trailing-whitespace
|
||||
- id: end-of-file-fixer
|
||||
|
|
@ -15,18 +15,18 @@ repos:
|
|||
- id: trailing-whitespace
|
||||
|
||||
- repo: https://github.com/antonbabenko/pre-commit-terraform
|
||||
rev: v1.92.1
|
||||
rev: v1.105.0
|
||||
hooks:
|
||||
- id: terraform_fmt
|
||||
|
||||
- repo: https://github.com/adrienverge/yamllint.git
|
||||
rev: v1.35.1
|
||||
rev: v1.38.0
|
||||
hooks:
|
||||
- id: yamllint
|
||||
args: [--format, parsable, --strict]
|
||||
|
||||
- repo: https://github.com/shellcheck-py/shellcheck-py
|
||||
rev: v0.10.0.1
|
||||
rev: v0.11.0.1
|
||||
hooks:
|
||||
- id: shellcheck
|
||||
files: \.sh
|
||||
|
|
|
|||
|
|
@ -1,41 +0,0 @@
|
|||
---
|
||||
x-runner-common: &runner-common
|
||||
image: code.forgejo.org/forgejo/runner:11.3.1
|
||||
links:
|
||||
- docker-in-docker
|
||||
depends_on:
|
||||
docker-in-docker:
|
||||
condition: service_started
|
||||
user: 1001:1001
|
||||
restart: unless-stopped
|
||||
command: '/bin/sh -c "sleep 5; forgejo-runner daemon"'
|
||||
environment:
|
||||
DOCKER_HOST: tcp://docker-in-docker:2375
|
||||
|
||||
networks:
|
||||
forgejo:
|
||||
external: false
|
||||
|
||||
services:
|
||||
docker-in-docker:
|
||||
image: docker:dind
|
||||
container_name: 'docker_dind'
|
||||
privileged: true
|
||||
command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false']
|
||||
restart: 'unless-stopped'
|
||||
|
||||
runner:
|
||||
<<: *runner-common
|
||||
container_name: 'runner'
|
||||
volumes:
|
||||
- ${FORGEJO_RUNNER_DATA:-/mnt/nas1/shared/forgejo-runner/data}:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
runner-2:
|
||||
<<: *runner-common
|
||||
container_name: 'runner2'
|
||||
volumes:
|
||||
- ${FORGEJO_RUNNER_DATA:-/mnt/nas1/shared/forgejo-runner/data2}:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
services:
|
||||
ganymede:
|
||||
container_name: ganymede
|
||||
image: ghcr.io/zibbp/ganymede:4.11.3
|
||||
image: ghcr.io/zibbp/ganymede:4.16.0
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DEBUG: ${GANYMEDE_DEBUG:-false}
|
||||
|
|
|
|||
|
|
@ -1,61 +0,0 @@
|
|||
FROM nextcloud:32.0.3-apache
|
||||
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ffmpeg \
|
||||
ghostscript \
|
||||
libmagickcore-7.q16-10-extra \
|
||||
procps \
|
||||
smbclient \
|
||||
supervisor \
|
||||
libreoffice \
|
||||
; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN set -ex; \
|
||||
\
|
||||
savedAptMark="$(apt-mark showmanual)"; \
|
||||
\
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libbz2-dev \
|
||||
#libc-client-dev \
|
||||
libkrb5-dev \
|
||||
libsmbclient-dev \
|
||||
; \
|
||||
\
|
||||
#docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
|
||||
docker-php-ext-install \
|
||||
bz2 \
|
||||
# imap \
|
||||
; \
|
||||
pecl install smbclient; \
|
||||
docker-php-ext-enable smbclient; \
|
||||
\
|
||||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
||||
apt-mark auto '.*' > /dev/null; \
|
||||
apt-mark manual $savedAptMark; \
|
||||
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
|
||||
| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query --search \
|
||||
| cut -d: -f1 \
|
||||
| sort -u \
|
||||
| xargs -rt apt-mark manual; \
|
||||
\
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN mkdir -p \
|
||||
/var/log/supervisord \
|
||||
/var/run/supervisord \
|
||||
;
|
||||
|
||||
COPY supervisord.conf /
|
||||
|
||||
ENV NEXTCLOUD_UPDATE=1
|
||||
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
---
|
||||
services:
|
||||
imaginary:
|
||||
image: nextcloud/aio-imaginary:latest
|
||||
cap_add:
|
||||
- SYS_NICE
|
||||
volumes:
|
||||
- type: tmpfs
|
||||
target: /tmp:exec
|
||||
environment:
|
||||
- TZ=Europe/Madrid
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- nextcloud
|
||||
|
||||
nextcloud:
|
||||
image: git.roboces.dev/catalin/fukuops:nextcloud-32.0.3
|
||||
volumes:
|
||||
- /mnt/nas1/legacy-storage/cloud/cloud/data:/var/www/html/data
|
||||
- /mnt/nas1/legacy-storage/cloud/cloud/config:/var/www/html/config
|
||||
- /mnt/nas1/legacy-storage/cloud/cloud/custom_apps:/var/www/html/custom_apps
|
||||
- /mnt/nas1/legacy-storage/cloud/cloud/apps:/var/www/html/apps
|
||||
- type: tmpfs
|
||||
target: /tmp:exec
|
||||
- supervisorlog:/var/log/supervisor:z
|
||||
- supervisorpid:/var/run/supervisord/:z
|
||||
environment:
|
||||
PHP_MEMORY_LIMIT: ${PHP_MEMORY_LIMIT:-2048M}
|
||||
NEXTCLOUD_INIT_HTACCESS: ${NEXTCLOUD_INIT_HTACCESS:-1}
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- '8080:80'
|
||||
networks:
|
||||
- nextcloud
|
||||
|
||||
networks:
|
||||
nextcloud: {}
|
||||
volumes:
|
||||
supervisorlog: {}
|
||||
supervisorpid: {}
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
[supervisord]
|
||||
nodaemon=true
|
||||
logfile=/var/log/supervisord/supervisord.log
|
||||
pidfile=/var/run/supervisord/supervisord.pid
|
||||
childlogdir=/var/log/supervisord/
|
||||
logfile_maxbytes=50MB ; maximum size of logfile before rotation
|
||||
logfile_backups=10 ; number of backed up logfiles
|
||||
loglevel=error
|
||||
|
||||
[program:apache2]
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=apache2-foreground
|
||||
|
||||
[program:cron]
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
command=/cron.sh
|
||||
|
|
@ -14,7 +14,7 @@ services:
|
|||
|
||||
webserver:
|
||||
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.5
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:2.20.15
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 8002:8000
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
services:
|
||||
rustical:
|
||||
image: ghcr.io/lennart-k/rustical:0.12.3
|
||||
image: ghcr.io/lennart-k/rustical:0.12.12
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- '4000:4000'
|
||||
volumes:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
services:
|
||||
tailscale:
|
||||
image: tailscale/tailscale:v1.92.4
|
||||
image: tailscale/tailscale:v1.96.5
|
||||
hostname: tailscale
|
||||
environment:
|
||||
TS_AUTHKEY: ${TS_AUTHKEY}
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
services:
|
||||
web_recipes:
|
||||
restart: always
|
||||
image: vabene1111/recipes:2.3.6
|
||||
volumes:
|
||||
- ${TANDOOR_STATICFILES:-/mnt/nas1/shared/tandoor/staticfiles}:/opt/recipes/staticfiles
|
||||
- ${TANDOOR_MEDIAFILES:-/mnt/nas1/shared/tandoor/mediafiles}:/opt/recipes/mediafiles
|
||||
environment:
|
||||
SECRET_KEY: ${TANDOOR_SECRET_KEY}
|
||||
TZ: ${TANDOOR_TZ:-Europe/Madrid}
|
||||
ALLOWED_HOSTS: ${TANDOOR_ALLOWED_HOSTS:-recipes.roboces.dev}
|
||||
SOCIAL_PROVIDERS: ${TANDOOR_SOCIAL_PROVIDERS:-allauth.socialaccount.providers.openid_connect}
|
||||
SOCIALACCOUNT_PROVIDERS: ${TANDOOR_SOCIALACCOUNT_PROVIDERS}
|
||||
POSTGRES_HOST: ${TANDOOR_POSTGRES_HOST:-192.168.1.3}
|
||||
POSTGRES_DB: ${TANDOOR_POSTGRES_DB:-tandoor}
|
||||
POSTGRES_PORT: ${TANDOOR_POSTGRES_PORT:-5432}
|
||||
POSTGRES_USER: ${TANDOOR_POSTGRES_USER}
|
||||
POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD}
|
||||
ports:
|
||||
- "8081:80"
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
TANDOOR_STATICFILES=
|
||||
TANDOOR_MEDIAFILES=
|
||||
TANDOOR_SECRET_KEY=
|
||||
TANDOOR_TZ=Europe/Madrid
|
||||
TANDOOR_ALLOWED_HOSTS=
|
||||
TANDOOR_SOCIALACCOUNT_PROVIDERS=
|
||||
TANDOOR_POSTGRES_HOST=
|
||||
TANDOOR_POSTGRES_DB=
|
||||
TANDOOR_POSTGRES_PORT=
|
||||
TANDOOR_POSTGRES_USER=
|
||||
TANDOOR_POSTGRES_PASSWORD=
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
services:
|
||||
vaultwarden:
|
||||
image: vaultwarden/server:1.35.2-alpine
|
||||
image: vaultwarden/server:1.36.0-alpine
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DATABASE_URL: ${DATABASE_URL}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ spec:
|
|||
sources:
|
||||
- chart: authentik
|
||||
repoURL: https://charts.goauthentik.io/
|
||||
targetRevision: 2025.12.*
|
||||
targetRevision: 2026.2.*
|
||||
helm:
|
||||
valuesObject:
|
||||
authentik:
|
||||
|
|
@ -26,7 +26,7 @@ spec:
|
|||
timeout: 30
|
||||
from: auth@fukurokuju.dev
|
||||
postgresql:
|
||||
host: psql15-postgres.apps-fuku.svc.cluster.local
|
||||
host: 192.168.1.3
|
||||
port: 5432
|
||||
name: auth
|
||||
user: file:///authentik-creds/pg_username
|
||||
|
|
|
|||
|
|
@ -1,46 +0,0 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: elastic
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-fuku
|
||||
server: https://kubernetes.default.svc
|
||||
sources:
|
||||
- chart: elasticsearch
|
||||
repoURL: registry-1.docker.io/bitnamicharts
|
||||
targetRevision: 22.1.6
|
||||
helm:
|
||||
valuesObject:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
master:
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: truenas-nfs-csi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
size: 50Gi
|
||||
ingress:
|
||||
enabled: true
|
||||
hostname: elastic.fuku
|
||||
tls: true
|
||||
selfSigned: true
|
||||
ingressClassName: traefik
|
||||
data:
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: truenas-nfs-csi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
size: 50Gi
|
||||
autoscaling:
|
||||
enabled: true
|
||||
maxReplicas: 3
|
||||
minReplicas: 1
|
||||
project: fuku
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
|
|
@ -14,10 +14,10 @@ spec:
|
|||
sources:
|
||||
- chart: forgejo
|
||||
repoURL: code.forgejo.org/forgejo-helm
|
||||
targetRevision: 16.0.1
|
||||
targetRevision: 17.0.1
|
||||
helm:
|
||||
valuesObject:
|
||||
replicaCount: 2
|
||||
replicaCount: 1
|
||||
service:
|
||||
http:
|
||||
type: LoadBalancer
|
||||
|
|
@ -49,15 +49,8 @@ spec:
|
|||
serviceMonitor:
|
||||
enabled: true
|
||||
config:
|
||||
indexer:
|
||||
ISSUE_INDEXER_CONN_STR: http://elastic-elasticsearch.apps-fuku.svc.cluster.local:9200
|
||||
ISSUE_INDEXER_ENABLED: true
|
||||
ISSUE_INDEXER_TYPE: elasticsearch
|
||||
REPO_INDEXER_ENABLED: false
|
||||
REPO_INDEXER_TYPE: elasticsearch
|
||||
actions:
|
||||
ENABLED: true
|
||||
DEFAULT_ACTIONS_URL: https://github.com
|
||||
ENABLED: false
|
||||
picture:
|
||||
DISABLE_GRAVATAR: false
|
||||
ENABLE_FEDERATED_AVATAR: true
|
||||
|
|
@ -106,9 +99,6 @@ spec:
|
|||
enabled: false
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
- path: k8s/services/forgejo
|
||||
repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
targetRevision: main
|
||||
project: roboces
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
|
|
|
|||
|
|
@ -1,38 +0,0 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: kubetail
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-fuku
|
||||
server: https://kubernetes.default.svc
|
||||
sources:
|
||||
- chart: kubetail
|
||||
repoURL: https://kubetail-org.github.io/helm-charts/
|
||||
targetRevision: 0.17.0
|
||||
helm:
|
||||
valuesObject:
|
||||
kubetail:
|
||||
dashboard:
|
||||
ingress:
|
||||
enabled: true
|
||||
className: traefik
|
||||
tls: []
|
||||
rules:
|
||||
- host: logs.fuku
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: kubetail-dashboard
|
||||
port:
|
||||
number: 8080
|
||||
|
||||
project: fuku
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
|
|
@ -13,7 +13,7 @@ spec:
|
|||
source:
|
||||
chart: kured
|
||||
repoURL: https://kubereboot.github.io/charts
|
||||
targetRevision: 5.10.*
|
||||
targetRevision: 5.11.*
|
||||
helm:
|
||||
valuesObject:
|
||||
configuration.rebootDays:
|
||||
|
|
|
|||
|
|
@ -18,13 +18,13 @@ spec:
|
|||
targetRevision: main
|
||||
- chart: meilisearch
|
||||
repoURL: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
targetRevision: 0.17.*
|
||||
targetRevision: 0.32.*
|
||||
helm:
|
||||
valuesObject:
|
||||
environment:
|
||||
MEILI_ENV: production
|
||||
auth:
|
||||
existingMasterKeySecret: meilisearch-master-key
|
||||
existingMasterKeySecret: meili
|
||||
service:
|
||||
type: NodePort
|
||||
port: 7700
|
||||
|
|
|
|||
|
|
@ -2,18 +2,84 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: miniflux
|
||||
namespace: argocd
|
||||
name: miniflux
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-roboces
|
||||
server: https://kubernetes.default.svc
|
||||
source:
|
||||
path: k8s/services/miniflux
|
||||
repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
targetRevision: main
|
||||
sources: []
|
||||
project: roboces
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-roboces
|
||||
server: https://kubernetes.default.svc
|
||||
sources:
|
||||
- path: k8s/charts/miniflux
|
||||
repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
targetRevision: main
|
||||
helm:
|
||||
valuesObject:
|
||||
replicaCount: 3
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 10000
|
||||
runAsGroup: 10000
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ingress:
|
||||
enabled: true
|
||||
className: "traefik"
|
||||
hosts:
|
||||
- host: feeds.roboces.dev
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
resources:
|
||||
requests:
|
||||
cpu: 300m
|
||||
memory: 300Mi
|
||||
ephemeral-storage: 2Gi
|
||||
limits:
|
||||
cpu: 400m
|
||||
memory: 500Mi
|
||||
ephemeral-storage: 4Gi
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 15
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 2
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
periodSeconds: 10
|
||||
podDisruptionBudget:
|
||||
enabled: true
|
||||
maxUnavailable: 1
|
||||
env:
|
||||
RUN_MIGRATIONS: "1"
|
||||
CREATE_ADMIN: "1"
|
||||
OAUTH2_PROVIDER: oidc
|
||||
OAUTH2_REDIRECT_URL: https://feeds.roboces.dev/oauth2/oidc/callback
|
||||
OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://auth.fukurokuju.dev/application/o/miniflux/
|
||||
OAUTH2_USER_CREATION: "1"
|
||||
FETCH_YOUTUBE_WATCH_TIME: "1"
|
||||
WORKER_POOL_SIZE: "1"
|
||||
POLLING_FREQUENCY: "120"
|
||||
BATCH_SIZE: "25"
|
||||
METRICS_COLLECTOR: "1"
|
||||
METRICS_ALLOWED_NETWORKS: 10.42.1.0/16
|
||||
secret:
|
||||
existingSecretName: miniflux
|
||||
project: roboces
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
|
|
|
|||
54
k8s/argo-apps/oxicloud.yaml
Normal file
54
k8s/argo-apps/oxicloud.yaml
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: oxicloud
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-roboces
|
||||
server: https://kubernetes.default.svc
|
||||
sources:
|
||||
- path: k8s/charts/oxicloud
|
||||
repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
targetRevision: main
|
||||
helm:
|
||||
valuesObject:
|
||||
image:
|
||||
repository: diocrafts/oxicloud
|
||||
pullPolicy: Always
|
||||
tag: "0.5.6"
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: "truenas-nfs-csi"
|
||||
accessMode: ReadWriteMany
|
||||
size: 50Gi
|
||||
service:
|
||||
type: LoadBalancer
|
||||
config:
|
||||
server:
|
||||
port: 8086
|
||||
host: "0.0.0.0"
|
||||
baseUrl: "https://cloud.roboces.dev"
|
||||
features:
|
||||
enableAuth: "true"
|
||||
enableSharing: "true"
|
||||
mimalloc:
|
||||
purgeDelay: "0"
|
||||
allowLargeOsPages: "0"
|
||||
secrets:
|
||||
existingSecret: oxicloud
|
||||
wopi:
|
||||
enabled: false
|
||||
ingress:
|
||||
className: "traefik"
|
||||
hosts:
|
||||
- host: cloud.roboces.dev
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
tls: []
|
||||
project: roboces
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
|
|
@ -15,7 +15,7 @@ spec:
|
|||
sources:
|
||||
- repoURL: https://portainer.github.io/k8s/
|
||||
chart: portainer
|
||||
targetRevision: 2.33.*
|
||||
targetRevision: 239.1.*
|
||||
helm:
|
||||
valuesObject:
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: psql15
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
namespace: apps-fuku
|
||||
server: 'https://kubernetes.default.svc'
|
||||
sources:
|
||||
- chart: postgres
|
||||
targetRevision: 1.3.6
|
||||
repoURL: https://groundhog2k.github.io/helm-charts/
|
||||
helm:
|
||||
valuesObject:
|
||||
service:
|
||||
type: LoadBalancer
|
||||
storage:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
className: truenas-nfs-csi
|
||||
requestedSize: 150Gi
|
||||
project: fuku
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: pulse
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-fuku
|
||||
server: https://kubernetes.default.svc
|
||||
project: fuku
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
sources:
|
||||
- repoURL: https://rcourtman.github.io/Pulse
|
||||
chart: pulse
|
||||
targetRevision: v5.0.*
|
||||
helm:
|
||||
valuesObject:
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
storageClass: truenas-nfs-csi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts:
|
||||
- host: pulse.fukurokuju.dev
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls: []
|
||||
monitoring:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
- path: k8s/services/pulse
|
||||
repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
targetRevision: main
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: redis
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-fuku
|
||||
server: https://kubernetes.default.svc
|
||||
sources:
|
||||
- chart: redis
|
||||
repoURL: registry-1.docker.io/cloudpirates
|
||||
targetRevision: "0.9.*"
|
||||
helm:
|
||||
valuesObject:
|
||||
auth:
|
||||
existingSecret: secrets-redis
|
||||
existingSecretPasswordKey: redis-password
|
||||
persistence:
|
||||
storageClass: truenas-nfs-csi
|
||||
size: 10Gi
|
||||
accessMode: ReadWriteMany
|
||||
service:
|
||||
type: LoadBalancer
|
||||
- repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
path: k8s/services/redis
|
||||
targetRevision: main
|
||||
project: fuku
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
|
|
@ -13,7 +13,7 @@ spec:
|
|||
sources:
|
||||
- chart: renovate
|
||||
repoURL: https://docs.renovatebot.com/helm-charts
|
||||
targetRevision: 45.86.*
|
||||
targetRevision: 46.142.*
|
||||
helm:
|
||||
valuesObject:
|
||||
renovate:
|
||||
|
|
|
|||
64
k8s/argo-apps/vault-sm.yaml
Normal file
64
k8s/argo-apps/vault-sm.yaml
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: vault-sm
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-fuku
|
||||
server: https://kubernetes.default.svc
|
||||
sources:
|
||||
- chart: vaultwarden-kubernetes-secrets
|
||||
repoURL: ghcr.io/antoniolago/charts
|
||||
targetRevision: 1.4.01
|
||||
helm:
|
||||
valuesObject:
|
||||
api:
|
||||
enabled: true
|
||||
service:
|
||||
type: LoadBalancer
|
||||
persistence:
|
||||
storageClass: truenas-nfs-csi
|
||||
dashboard:
|
||||
enabled: true
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ingress:
|
||||
enabled: true
|
||||
className: traefik
|
||||
hosts:
|
||||
- host: vault-secrets.fuku
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend: dashboard
|
||||
port: 80
|
||||
- path: /api
|
||||
pathType: Prefix
|
||||
backend: api
|
||||
port: 8080
|
||||
env:
|
||||
config:
|
||||
VAULTWARDEN__SERVERURL: "https://vault.roboces.dev"
|
||||
secrets:
|
||||
BW_CLIENTID:
|
||||
secretName: "vaultwarden-kubernetes-secrets"
|
||||
secretKey: "BW_CLIENTID"
|
||||
BW_CLIENTSECRET:
|
||||
secretName: "vaultwarden-kubernetes-secrets"
|
||||
secretKey: "BW_CLIENTSECRET"
|
||||
VAULTWARDEN__MASTERPASSWORD:
|
||||
secretName: "vaultwarden-kubernetes-secrets"
|
||||
secretKey: "VAULTWARDEN__MASTERPASSWORD"
|
||||
- path: k8s/services/vaultwarden-kubernetes-secrets
|
||||
repoURL: https://git.roboces.dev/catalin/fukuops.git
|
||||
targetRevision: main
|
||||
project: fuku
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
57
k8s/argo-apps/woodpecker.yaml
Normal file
57
k8s/argo-apps/woodpecker.yaml
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: woodpecker
|
||||
namespace: argocd
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-options: Force=true,Replace=true
|
||||
spec:
|
||||
destination:
|
||||
name: ''
|
||||
namespace: apps-roboces
|
||||
server: https://kubernetes.default.svc
|
||||
sources:
|
||||
- chart: woodpecker
|
||||
repoURL: ghcr.io/woodpecker-ci/helm
|
||||
targetRevision: 3.5.1
|
||||
helm:
|
||||
valuesObject:
|
||||
agent:
|
||||
persistence:
|
||||
storageClass: truenas-nfs-csi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
server:
|
||||
env:
|
||||
WOODPECKER_ADMIN: 'woodpecker,admin,catalin'
|
||||
WOODPECKER_HOST: 'https://ci.roboces.dev'
|
||||
WOODPECKER_FORGEJO: "true"
|
||||
WOODPECKER_FORGEJO_URL: "https://git.roboces.dev"
|
||||
WOODPECKER_FORGEJO_CLIENT:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: woodpecker
|
||||
key: WOODPECKER_FORGEJO_CLIENT
|
||||
WOODPECKER_FORGEJO_SECRET:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: woodpecker
|
||||
key: WOODPECKER_FORGEJO_SECRET
|
||||
persistentVolume:
|
||||
storageClass: truenas-nfs-csi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
hosts:
|
||||
- host: ci.roboces.dev
|
||||
paths:
|
||||
- path: /
|
||||
tls: []
|
||||
project: roboces
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
6
k8s/charts/miniflux/Chart.yaml
Normal file
6
k8s/charts/miniflux/Chart.yaml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: v2
|
||||
name: miniflux
|
||||
description: A Helm chart for Miniflux RSS reader
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: "2.2.18"
|
||||
62
k8s/charts/miniflux/templates/_helpers.tpl
Normal file
62
k8s/charts/miniflux/templates/_helpers.tpl
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "miniflux.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "miniflux.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "miniflux.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "miniflux.labels" -}}
|
||||
helm.sh/chart: {{ include "miniflux.chart" . }}
|
||||
{{ include "miniflux.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "miniflux.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "miniflux.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "miniflux.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "miniflux.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
73
k8s/charts/miniflux/templates/deployment.yaml
Normal file
73
k8s/charts/miniflux/templates/deployment.yaml
Normal file
|
|
@ -0,0 +1,73 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "miniflux.fullname" . }}
|
||||
labels:
|
||||
{{- include "miniflux.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
kube-score/ignore: pod-networkpolicy,deployment-has-host-podantiaffinity
|
||||
spec:
|
||||
{{- if not .Values.autoscaling.enabled }}
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "miniflux.selectorLabels" . | nindent 6 }}
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 50%
|
||||
maxUnavailable: 50%
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "miniflux.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ .Values.secret.existingSecretName | default (include "miniflux.fullname" .) }}
|
||||
env:
|
||||
{{- range $key, $value := .Values.env }}
|
||||
- name: {{ $key }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
{{- toYaml .Values.livenessProbe | nindent 12 }}
|
||||
readinessProbe:
|
||||
{{- toYaml .Values.readinessProbe | nindent 12 }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
restartPolicy: Always
|
||||
automountServiceAccountToken: false
|
||||
45
k8s/charts/miniflux/templates/ingress.yaml
Normal file
45
k8s/charts/miniflux/templates/ingress.yaml
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "miniflux.fullname" . -}}
|
||||
{{- $svcPort := .Values.service.port -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
labels:
|
||||
{{- include "miniflux.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.className }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
{{- if .pathType }}
|
||||
pathType: {{ .pathType }}
|
||||
{{- end }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
18
k8s/charts/miniflux/templates/poddisruptionbudget.yaml
Normal file
18
k8s/charts/miniflux/templates/poddisruptionbudget.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
{{- if .Values.podDisruptionBudget.enabled -}}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "miniflux.fullname" . }}
|
||||
labels:
|
||||
{{- include "miniflux.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if .Values.podDisruptionBudget.minAvailable }}
|
||||
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
|
||||
{{- end }}
|
||||
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
||||
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "miniflux.selectorLabels" . | nindent 6 }}
|
||||
{{- end }}
|
||||
13
k8s/charts/miniflux/templates/secret.yaml
Normal file
13
k8s/charts/miniflux/templates/secret.yaml
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
{{- if and .Values.secret.enabled (not .Values.secret.existingSecretName) -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "miniflux.fullname" . }}
|
||||
labels:
|
||||
{{- include "miniflux.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
{{- range $key, $value := .Values.secret.data }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
15
k8s/charts/miniflux/templates/service.yaml
Normal file
15
k8s/charts/miniflux/templates/service.yaml
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "miniflux.fullname" . }}
|
||||
labels:
|
||||
{{- include "miniflux.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: {{ .Values.service.targetPort }}
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "miniflux.selectorLabels" . | nindent 4 }}
|
||||
42
k8s/charts/miniflux/values.yaml
Normal file
42
k8s/charts/miniflux/values.yaml
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
# Configuration is managed in k8s/argo-apps/miniflux.yaml
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: miniflux/miniflux
|
||||
pullPolicy: Always
|
||||
tag: ""
|
||||
|
||||
imagePullSecrets: []
|
||||
podAnnotations: {}
|
||||
podSecurityContext: {}
|
||||
securityContext: {}
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 8888
|
||||
targetPort: 8080
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
|
||||
resources: {}
|
||||
|
||||
livenessProbe: {}
|
||||
readinessProbe: {}
|
||||
|
||||
autoscaling:
|
||||
enabled: false
|
||||
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
||||
podDisruptionBudget:
|
||||
enabled: false
|
||||
|
||||
env: {}
|
||||
|
||||
secret:
|
||||
enabled: false
|
||||
existingSecretName: ""
|
||||
data: {}
|
||||
23
k8s/charts/oxicloud/.helmignore
Normal file
23
k8s/charts/oxicloud/.helmignore
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
8
k8s/charts/oxicloud/Chart.yaml
Normal file
8
k8s/charts/oxicloud/Chart.yaml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
apiVersion: v2
|
||||
name: oxicloud
|
||||
description: |
|
||||
Ultra-fast, secure & lightweight self-hosted cloud storage — your files, photos, calendars & contacts, all in one place. Built in Rust.
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: "0.5.2"
|
||||
32
k8s/charts/oxicloud/templates/_helpers.tpl
Normal file
32
k8s/charts/oxicloud/templates/_helpers.tpl
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
{{/* Expand the name of the chart. */}}
|
||||
{{- define "oxicloud.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Create a default fully qualified app name. */}}
|
||||
{{- define "oxicloud.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Common labels */}}
|
||||
{{- define "oxicloud.labels" -}}
|
||||
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{ include "oxicloud.selectorLabels" . }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Selector labels */}}
|
||||
{{- define "oxicloud.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "oxicloud.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
22
k8s/charts/oxicloud/templates/configmap.yaml
Normal file
22
k8s/charts/oxicloud/templates/configmap.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "oxicloud.fullname" . }}-config
|
||||
data:
|
||||
OXICLOUD_SERVER_PORT: {{ .Values.config.server.port | quote }}
|
||||
OXICLOUD_SERVER_HOST: {{ .Values.config.server.host | quote }}
|
||||
{{- if .Values.config.server.baseUrl }}
|
||||
OXICLOUD_BASE_URL: {{ .Values.config.server.baseUrl | quote }}
|
||||
{{- end }}
|
||||
OXICLOUD_ENABLE_AUTH: {{ .Values.config.features.enableAuth | quote }}
|
||||
OXICLOUD_ENABLE_FILE_SHARING: {{ .Values.config.features.enableSharing | quote }}
|
||||
MIMALLOC_PURGE_DELAY: {{ .Values.config.mimalloc.purgeDelay | quote }}
|
||||
MIMALLOC_ALLOW_LARGE_OS_PAGES: {{ .Values.config.mimalloc.allowLargeOsPages | quote }}
|
||||
|
||||
{{- if .Values.wopi.enabled }}
|
||||
OXICLOUD_WOPI_ENABLED: "true"
|
||||
OXICLOUD_WOPI_DISCOVERY_URL: "{{ .Values.config.server.baseUrl }}/hosting/discovery"
|
||||
{{- else }}
|
||||
OXICLOUD_WOPI_ENABLED: "false"
|
||||
{{- end }}
|
||||
64
k8s/charts/oxicloud/templates/ingress.yaml
Normal file
64
k8s/charts/oxicloud/templates/ingress.yaml
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ include "oxicloud.fullname" . }}
|
||||
labels:
|
||||
{{- include "oxicloud.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.className }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ (index .Values.ingress.hosts 0).host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- if .Values.wopi.enabled }}
|
||||
# Route Collabora traffic to the WOPI pod
|
||||
- path: /browser
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "oxicloud.fullname" $ }}-wopi
|
||||
port:
|
||||
number: {{ .Values.wopi.collabora.service.port }}
|
||||
- path: /hosting
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "oxicloud.fullname" $ }}-wopi
|
||||
port:
|
||||
number: {{ .Values.wopi.collabora.service.port }}
|
||||
- path: /cool
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "oxicloud.fullname" $ }}-wopi
|
||||
port:
|
||||
number: {{ .Values.wopi.collabora.service.port }}
|
||||
{{- end }}
|
||||
|
||||
# Default Catch-All: Route everything else to OxiCloud
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "oxicloud.fullname" $ }}
|
||||
port:
|
||||
number: {{ $.Values.service.port }}
|
||||
{{- end }}
|
||||
19
k8s/charts/oxicloud/templates/secret.yaml
Normal file
19
k8s/charts/oxicloud/templates/secret.yaml
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
{{- if not .Values.secrets.existingSecret }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "oxicloud.fullname" . }}-secret
|
||||
labels:
|
||||
{{- include "oxicloud.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if .Values.secrets.jwtSecret }}
|
||||
OXICLOUD_JWT_SECRET: {{ .Values.secrets.jwtSecret | b64enc | quote }}
|
||||
{{- end }}
|
||||
DB_PASSWORD: {{ .Values.database.password | b64enc | quote }}
|
||||
{{- if .Values.wopi.enabled }}
|
||||
WOPI_ADMIN_USERNAME: {{ .Values.wopi.collabora.admin.username | b64enc | quote }}
|
||||
WOPI_ADMIN_PASSWORD: {{ .Values.wopi.collabora.admin.password | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
32
k8s/charts/oxicloud/templates/service.yaml
Normal file
32
k8s/charts/oxicloud/templates/service.yaml
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "oxicloud.fullname" . }}
|
||||
labels:
|
||||
{{- include "oxicloud.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "oxicloud.selectorLabels" . | nindent 4 }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "oxicloud.fullname" . }}-headless
|
||||
labels:
|
||||
{{- include "oxicloud.labels" . | nindent 4 }}
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "oxicloud.selectorLabels" . | nindent 4 }}
|
||||
53
k8s/charts/oxicloud/templates/statefulset.yaml
Normal file
53
k8s/charts/oxicloud/templates/statefulset.yaml
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: {{ include "oxicloud.fullname" . }}
|
||||
labels:
|
||||
{{- include "oxicloud.labels" . | nindent 4 }}
|
||||
spec:
|
||||
serviceName: {{ include "oxicloud.fullname" . }}-headless
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "oxicloud.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "oxicloud.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
containers:
|
||||
- name: oxicloud
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8086
|
||||
protocol: TCP
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "oxicloud.fullname" . }}-config
|
||||
- secretRef:
|
||||
name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }}
|
||||
volumeMounts:
|
||||
- name: storage-data
|
||||
mountPath: /app/storage
|
||||
{{- if not .Values.persistence.enabled }}
|
||||
volumes:
|
||||
- name: storage-data
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.persistence.enabled }}
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: storage-data
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ .Values.persistence.accessMode }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.persistence.storageClass }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size }}
|
||||
{{- end }}
|
||||
58
k8s/charts/oxicloud/templates/wopi-deployment.yaml
Normal file
58
k8s/charts/oxicloud/templates/wopi-deployment.yaml
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
---
|
||||
{{- if .Values.wopi.enabled -}}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "oxicloud.fullname" . }}-wopi
|
||||
labels:
|
||||
{{- include "oxicloud.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: wopi
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "oxicloud.selectorLabels" . | nindent 6 }}
|
||||
app.kubernetes.io/component: wopi
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "oxicloud.selectorLabels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: wopi
|
||||
spec:
|
||||
containers:
|
||||
- name: collabora
|
||||
image: "{{ .Values.wopi.collabora.image.repository }}:{{ .Values.wopi.collabora.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.wopi.collabora.image.pullPolicy }}
|
||||
# Required for Collabora to build chroot jails
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- MKNOD
|
||||
ports:
|
||||
- name: wopi
|
||||
containerPort: 9980
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: aliasgroup1
|
||||
value: "http://{{ .Values.wopi.collabora.domain }}"
|
||||
- name: server_name
|
||||
value: {{ .Values.wopi.collabora.domain | quote }}
|
||||
- name: extra_params
|
||||
value: {{ .Values.wopi.collabora.extraParams | quote }}
|
||||
- name: username
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }}
|
||||
key: WOPI_ADMIN_USERNAME
|
||||
- name: password
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ if .Values.secrets.existingSecret }}{{ .Values.secrets.existingSecret }}{{ else }}{{ include "oxicloud.fullname" . }}-secret{{ end }}
|
||||
key: WOPI_ADMIN_PASSWORD
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /hosting/discovery
|
||||
port: wopi
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
{{- end }}
|
||||
20
k8s/charts/oxicloud/templates/wopi-service.yaml
Normal file
20
k8s/charts/oxicloud/templates/wopi-service.yaml
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
{{- if .Values.wopi.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "oxicloud.fullname" . }}-wopi
|
||||
labels:
|
||||
{{- include "oxicloud.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: wopi
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: {{ .Values.wopi.collabora.service.port }}
|
||||
targetPort: wopi
|
||||
protocol: TCP
|
||||
name: wopi
|
||||
selector:
|
||||
{{- include "oxicloud.selectorLabels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: wopi
|
||||
{{- end }}
|
||||
67
k8s/charts/oxicloud/values.yaml
Normal file
67
k8s/charts/oxicloud/values.yaml
Normal file
|
|
@ -0,0 +1,67 @@
|
|||
---
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: oxicloud
|
||||
pullPolicy: IfNotPresent
|
||||
tag: "latest"
|
||||
|
||||
database:
|
||||
host: "postgres.example.com"
|
||||
port: 5432
|
||||
username: "postgres"
|
||||
password: "change_me_in_production"
|
||||
name: "oxicloud"
|
||||
|
||||
config:
|
||||
server:
|
||||
port: 8086
|
||||
host: "0.0.0.0"
|
||||
baseUrl: "https://cloud.example.com"
|
||||
features:
|
||||
enableAuth: "true"
|
||||
enableSharing: "true"
|
||||
mimalloc:
|
||||
purgeDelay: "0"
|
||||
allowLargeOsPages: "0"
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ""
|
||||
accessMode: ReadWriteOnce
|
||||
size: 50Gi
|
||||
|
||||
wopi:
|
||||
enabled: true
|
||||
collabora:
|
||||
url: "cloud.example.com"
|
||||
image:
|
||||
repository: collabora/code
|
||||
tag: latest
|
||||
pullPolicy: IfNotPresent
|
||||
service:
|
||||
port: 9980
|
||||
admin:
|
||||
username: admin
|
||||
password: "wopi_admin_password"
|
||||
extraParams: "--o:ssl.enable=false --o:ssl.termination=false --o:net.frame_ancestors=http://* https://*"
|
||||
|
||||
secrets:
|
||||
existingSecret: ""
|
||||
jwtSecret: ""
|
||||
oidcClientSecret: ""
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 8086
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
className: "traefik"
|
||||
annotations: {}
|
||||
hosts:
|
||||
- host: cloud.example.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
tls: []
|
||||
|
|
@ -3,7 +3,7 @@ image:
|
|||
# -- Docker repository to use
|
||||
repository: mbround18/valheim
|
||||
# -- Docker tag to use - use "latest" for most current version
|
||||
tag: "3.4"
|
||||
tag: "3.6"
|
||||
# -- Image pull policy
|
||||
pullPolicy: Always
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ spec:
|
|||
- https://charts.crystalnet.org
|
||||
- https://portainer.github.io/k8s/
|
||||
- https://docs.renovatebot.com/helm-charts
|
||||
- registry-1.docker.io/bitnamicharts
|
||||
- https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- https://kubetail-org.github.io/helm-charts/
|
||||
- https://groundhog2k.github.io/helm-charts/
|
||||
|
|
@ -33,3 +32,5 @@ spec:
|
|||
- https://vmware-tanzu.github.io/helm-charts/
|
||||
- https://helm.runix.net
|
||||
- https://rcourtman.github.io/Pulse
|
||||
- ghcr.io/antoniolago/charts
|
||||
- https://helm.elastic.co
|
||||
|
|
|
|||
|
|
@ -8,8 +8,11 @@ spec:
|
|||
destinations:
|
||||
- namespace: apps-roboces
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: woodpecker
|
||||
server: https://kubernetes.default.svc
|
||||
sourceRepos:
|
||||
- https://git.roboces.dev/catalin/fukuops.git
|
||||
- code.forgejo.org/forgejo-helm
|
||||
- https://git.roboces.dev/catalin/huesoporro.git
|
||||
- https://gitlab.com/api/v4/projects/64552889/packages/helm/release
|
||||
- ghcr.io/woodpecker-ci/helm
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp:
|
||||
name: secrets-factorio
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
encryptedData:
|
||||
game_password: AgCmUZilQTlqof5so2DyvjbCh3J8OAkz4lSQv++z+9XUz4/+KjwgEjP5SI9nf2WVfIHt7WiJN8oaPlYnm2XIdbBUrvKlTEuMAy2XeI8DE2+wKHXdbmLg7t3oZR/8kw3py9W3o4dlXp5XY2G4S3cG8TX0fkN58ni61mYv+zSvc6stcT/iveJqO5E+hXPcDSexzxQ/8DybS4D5g8W3N2OMhRoU0wwhYfXAuxN90BzFKgD6X/9Xy1c7pPQQkEidpA6l1uP5qIG/vChmIpqsOmQWbibGQn53el5ulPvaybx1wRu33eJJcSPRS+XthZv9dtwduFlboMT6QPWcVL5gSQ0ceCBidQIHGLRLxcHYPZz83miCeVYFY1xFegrwPBsXYEdfar5mufxgSQGtSHGzwEV0Ry+tcmjz9JqWpQBQVg10Bs0GYwvy/XGHi1BLCouAXXL//eVbGp1s9cl4uyN9Ymzt5zNrf/SvUweFsaCYrC6xVFA2CCsLbsyu/YbmKkO+cd1IwAle4luGmJHnZgrXKMwQFYoMTGsgEGYt87Itz7eOSmHEm/ZJwZ3oL6n0LGgHpJu1gb4Op0ZA9p44DKeg2fy5Go9rWeMOP0RIw8/SApE6QmT0Bw8QccddnTHhwuCLet2PoiUodKhFffTfGN6PGPeIcyQJpiEDxUI7nquWSNGTcMJDsR3LbzU6A8MpDQrrg5Az6YzyZOo7NLEMbitKLrqt9lfH5g7g # yamllint disable rule:line-length
|
||||
password: AgCTY4hn/wTGipH9oX7SgS44PE6wEe34AB2Pz9IeB5KcISZVGgWAUMtcffexV31jcNwz5TrztNam22Ys7qYbsZZVNOWm27/KZP3U04Jrq1cIPhY+xE1xF3vMqCd54r+kaeMO4hlDhBlE7Hs6BHdURTpPz8ocqihT2bft+Q8p2Myf3vPHXcDwoUyQj/AFYJdJJhyVfD5NDdacFhOmPTB/tUE4AW1Rz9oND6sy0x7NaP44vswVbhREpMA9wkltJRugRKUwXdfC6kOrfKa1R88aNOwkqc22F1U1PhcqUSAMYQxOA+zz3xMjrP8o70V1/FBKxnTBYVIpdHuwl2RpvC/TewJYVEu1xzp3texfgkTn6XXMp9InxfA6y1wpSVpMPYK5zPRCnmuyPTdSd+DrD6C6y2rstrHvvHxnLPtqo5REVjkfTGkEilmQ1+SllPMPk/6hKivahdmORixoI2MtOz4k4d+7rdPrrsRscMHAheyJTNdKC3wGoKFqbm+0zFV3GFaxM65K0USlYhPwyKG3FlHGj0t8HmXOr+M2cQKd4vqIrq8betRp08YPGMOT0Ea1KIvoP3z4yiJg2Z64d8d0Brof/h4fFd4kKgfMYm/CvkNh5zjFzEYi+K/6G/G99RBxwl7kK3eMB6CiuOnLITCw/Ok/LiRcdnIcAe7yobHG6FWHas4KPL5t4dPTxo12catoWtuJG7L20AIl3171+gO3jS0e4zAvZ+7S # yamllint disable rule:line-length
|
||||
token: AgByS4w6xSn0/FzWkgNazh7hyZjKTTmg9WtQ3oyKQUVF6FYg+qvPYYLuNu7rTwQOa4LGw3Cvf/yYT0+WU93BjfNCSVMfes1lE2dQzukK4+zEeDhZ4MSpBOBgYYwHJkrFyHpvVSAQkaPi40T0M8iJmFv+Oq1s8zRWmx84LMllaJuRGH/t9jMfmR3rF6JBcSmEmkmB7N8cD+ytPPtZKXGJXaWE0qvuNKNveqirLRt7E+B7z7yvhroaEHahHEseOQnJ6dKY83KzH1riHBTUNOVcI62hSkiYEbbZXAzxznxMKDs04w/BpOksTeg3OWD/RzwuRdX5M2zb3wrrqbF9r9yoLUbWBMS2bdUbUyLiqvfzKUWKAd8eZsS4+P8N5fbPrLgXmB+xRz5xiCQ+r/ZL4Nj9pfuSZMDKytIglldB6BT5gtnodiaCgAPrtLz2OMtBvvojpWOaaBbYWxbrnMhCG2YYU7Kd4UFXEttL/MVs7YkZow12AIngKqzz7vXo3K2iwRYoi2CjOwv3NeXSWk9LdTrTxs00iO8RT55wbAcg9HiNkYZFtrI+6sygvnHhDmNhYG0z7yHCpx13KIjoFEtVEcx2F9bbMftxBmZoOFaGtBhFSgH323CLGoFecdhv41cH9F5HHzpc13Pc5dShm6ZPgWrWG88w0Q4WIT6hiXlriSnd9xw0At4kl7wRBqusZgwDVTBCFbtKS6Gg9msBZnZzADI/aeljY3QXGg2YT/2Ra2c3quY= # yamllint disable rule:line-length
|
||||
template: # yamllint disable rule:line-length
|
||||
metadata:
|
||||
creationTimestamp:
|
||||
name: secrets-factorio
|
||||
namespace: apps-fuku
|
||||
type: Opaque
|
||||
|
|
@ -102,17 +102,15 @@ spec:
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gitea-ini-redis
|
||||
namespace: apps-roboces
|
||||
spec:
|
||||
encryptedData:
|
||||
cache: AgAd4e8faLRBWaHzBxEF8VQbPQ1Kg6d4jfSwesrdJVijhmvE+ruGfbiwL0FXhn0XLfVAB1f99+Wvus93fOwfeh3RA95L1AZK/7+QntNHQe6LP2+ydZaPQfAOdkQBf+7ZQG04QiTqr3Ckkh3eNIvAyFMIrmaYf9qY5BwVMYrjg8iNi0jRgfgSBm5w3Dd3V0G3ry3yI4aawQN7pj9PuhA3pSqq3ynK4qXdf/6nEqvA5+7m/Ys0xWSOJwAgWHUVT2KLQ7rvI4y1TiCciWEpFvhIbwtE+bc+lOARJBBUCmRcDKOD5N3qXYX4846XUTTm3W8LhO7e9cIE0saPsPkS/qKkMgW51hh2r70hgTKi9/174I6tVYU4t208UScrNlF3AkGqHzXsisI8Yw28OApLrwxkFbh/y9zbci/KmQGpw2RZYdFeXuS1RGzGDDaiCwZIUONChchAPxb0PGpDZpGrW/MOAdJFj700YW+Abzihr0GV0bSnKHf/uYdXn+3+Oz2Uk35B+Vwc+tqKCHpSzoa4SRNlwGlQ71ysEKx6zUmcPEalqKnNHMmVOocRuQuxGnRasj62tNwZmg9hC/1IriMEJJkdEcymlo7pQqQ8YXmkKAUu3w69S5v9LKBG/DGzhxUagqhErM8KSMOjXmfoNIZEVE3ey9sUDtRZTnLgDj2rl9avAAnGo7+qF6etPNuKGFknK+xTegy3DwyzBEjXzgNaKhkBqvDS+Iggko+CEspBdUqerjIydU2dXwdiY2t+wm5gztDAimROvgouW5GqwUFK50s4tcSJjvsiw4OsOBZp6r/61lejlggk
|
||||
queue: AgC2LtW2jJPhh062ezMvWLLIAlyUNYO084VrSHsJ/K9UvZNVhFc6CnUrgcrvT/AIQflMYTm4RHKJgt4P5slzmKzHT/hc8RqB3L5FIhBsnmy/w55bXkrsohwcwzmw867a7bmnbAlyUglsAkKraMSpasTW4rOiMoCwXYKVtGcsDn1JLUj9Hp62BPXkQJ1Cr36lK/6Z4dHUwStVmq+wYAnm9sp1axnlwAqPgZ3mfqndKh9qZYjI2CIMuQ46HFDiwZGUSgspaVezMb7nkCk9CaoUTi1zHxsbCBMVv/abdvTPmZjqgXzR88EsAGTZMSpljc2ZB8zU9zwkkEBA5TPV4kVUNHTpDJirFvlofc7gST7CkCeoBhQ6P+vgokPa2AhcWeXVgR0PUoecpqpIqdFkAOluS7Gcu3GNu43IRzR6+9oHgbL/SHebQvK/hzVVq3yGAKaGmIXTLJS1wMm4k2KBqqaT1MpWFwO4YowRuKrOMXf634WzPsU3zOpkSbHEke6vvU2glDEdSwOGs1zPbO6Xzhqj5kTtDIiCs70mnxk1Zwve/1kYhBE/JZTi6QcQbG1uEDq8bsygj1qJZbGQMekUHQzIIfGTeOuXfoBch77MEMHu4h/2F+IC5O487FiPrQ64uBZ4I6gRM1PsiPxWnvmtNEXtLt+mMNp+l8Uuk5mvET5i0RpIH62/JYinhheDNgxwubXVEFuUClSzXomNt3GWy0KNAWsxouZEh0CQDfxmw4lTnjPcGegcZtrIqncDpe6/6gTIblOs7L41LEkOyOmBSHROQBeA11fVvE4Y
|
||||
session: AgAwlEuCZq+5T0AXDJ8PXllX5lzaiBK0nlZsMlvJQKl+FNgGhuZkqZhQQSPq53W9KlJbVkRr5KFAkLY0p0CznGoI2xPaxbZ3z6c/kVU1mBqmTOF8HJ2oKBhjRKaZhlwFARpbgrqYkZRS5syb6SwtNT48NPuTKwRgzu3xxwUBkfuyHxZX4IP7/9GtEAWK1nqYXU3rxLYbRq/utSuQYnOd3Uu3ZYjQZz0din0R8VTHp01STMHgGzbX08PEwz2JH/C4Q6CUC/GcXSgSajg0PJECbibGoGEJXTVT1HWucWH7B0CQSAMYzosqPZV3JwTN+4HESZ2H9YBRHbGWpp5KGBicT+rleQ36+jva6qWmwfcXXZgsYDUCx+kb8e+b7cBZhPHDf9w9ZEzXe2OUUoKZQBt5LbjTSRtt//PhWQy16mxi0996zGAWUwshVefWsbdSFZiKOI+lL/i0yVZUn3R/olmP7de9b4iapZ7TUzvovm7ZTFU+5SgCLRk125NJNoUXdrh7Y1Hym8xlMSnajHGDjuMxrwtAU/Nq7JN9WQr5XFSEdiuP38sLdQzHdXaht4lXJn5KUf8H55ie0JNVvspwtZ2fQGo/dJXBf9EMa6s6qW/Lf9O2JVU/0sSCAl/jz2tMI9VZ4scHzOlpscmKyBFcoGFb7JtYzkPTCQn7Hz7RlgUeLLir6D6+q3vLXrz+oMbwNChlENlBS1M1Ho1BKwZgBRj75nog3k5EOEi3ym6B/g3xc2YWnlZkL+ZM0TFuTFy2y36RMKb90744tAVXNXHaVz0i85ATJJ8Vs/OogMDN8yKHBPaqlZQ=
|
||||
cache: AgBfhhRVgy0VonwvXF+qqhh1x9+Z1e0o/OJCI11srR6XLVCf+SIBejOSYyoYChS8HYgBdIuqKNS7Un5bdws5NF1HC0gbf8/XRCfivocceoXVta2MugJxz7Y0+9Ro3RH9uEKi6KVqAyHcev1oOW0eqmkNqHust06+VKa5Bw8F4NHa/3a1Rl9b9xaMwrJLxVMKZMyAIl2/WISUovKFPTjPU1HK9ftEaXwzj5HG/s2jm/MjrrvcoA5z1OGUm02xjqyooUNM6gsuNy8LTXDQybeav+PxlQztcOfNaqipTUkHLjmGWiste/Yl6ik05Dkh7BKmL2czY0KPhxtNGcUq4e2oE+b6DKGcJpbuSVxZLSqTKhg6Jing1GwNyembfRE3nwsvYgj9nzit1SZoQXWnIuBjxlfWGjGJeaj6PmcG1YK4wvwFFqBKIhUGH6fhWjxDl7y1FPsxxGvFg9Fnvcjex34K4J6UmnGO3G2Dts/V4pgJTGx5lp6wpvYVtr7U9ENRTym8GM5oVZ3DT0lONKcfZXRH4EDcMHKMfJ/nDnpQWJC+lihcTRVeSznxu8I073hk6MMAZ8Ho5/28rOCOdJc2HI807ipe39BzTn4U+ows34uFG55GgaTdfbbeFwLjrcVc9ht1WaApkdj8Bnt9inmFPsI14Zwb4Ap/gSSO+ztwhnwrA2rWD7fko53INLJLUb4/49H1xRpMeqEkjoUb76zpdnazuF0ksqs1zhPOUTpnQniduotkwZZrtdU2WPRxVzHXTaZD6/1oTrmFBoBOLnkBPz1CXY/rxMoxHrFoS3zdUtLYWXKqVZy5
|
||||
queue: AgC1CxaTdBFeP3M4x8TMJKK2QsWydXC/eAslML9T1yzl4ZStKioMh8QJKbhj6oY3KTLyqBHpLZSGFuhtX/y9Z4JvkFhihfsKtlYL8OrNvO3kxjzku5l3vR6tJ5vCQfIi27hUjVKHN4L/6DGsegbgBGIidCsN5kHRv4C5ToAw/EvxgbHIRILIo+KOBALT1kqKIF+Zdd4fQGbIExwclhFl5SgzumXPh+/j1NUZ1peYYFRnvr5G9aeKPpgJ2wK4eMPQ3ZyaAcRCtxdEhZUF1DF0ESBQ++Nr/gU4GMoron/wSr5cUFmNjSoUTJA3xJeEROyoSGaaH45mLDYH5QZdeA/av8e6vaiMIuWr/UgV7wONFKsJLf0q9Fcr726maJwGiMmIjeCwLq4k+ZI+N6S8/xNe2sTrRUmwjWtbL82ZmafvoUwv0lmxxXpmFqZmG/Zy/KCx9QSDaBJBCStoCgMZZ04HdnxnxFdFj2DMXyshVxH3wqEFAKY0oDfrnIBxzngOEXxu0APp7rlMvFq++HMJ7+JC+JBLG6zfNSfpQyuXEwfSkvowA1i9uhAQVb3D7nSS39xKF7oK8aYDVK4j9QL3w9qxOkYW7bHVd4zDgtiidKDAFWoloMnjPYQDwJojc/dc52+SxJGH8qpYJ8cn7BOy80cvmkwQ2ITGGPo9FXyvMttD0hUmFRouNb4t4PHdmKauuml6hcfF3dqLqrvBhJ0H7tKRJMCK+rHehIQt8VNPhp2JN7n5/KKt5vtMFDUDpc/BbHiDqg3qnICTMESzWZD752tOucW7TJAA89JU
|
||||
session: AgA+o9DsObwNhAaDpkgh7ZJ9Vx+xzjex+JG2k4yfv1EbLFDpdrSnKOl5BzEZyvydxoWG7Jtlhf/QoWKPUMBMgoRS+cMAH4R3C1FHxFbiEzh/olQBH2DyGnK5d+hAy3RmTC+Kgwgh4sdePWJ3KxwbaAa18tsju9fThQOBD+TOw5khZi2YUehDiviqCV3VGH+caJgDxAmXtut1mHaFLB4QXLzX9vPoULGmxGMARiMSrEqMruTRff17dZ3s0VPeu/s/Lau5yP7oPeMjhNw8P9W8QP/KnW28y0QETtXZyvmNQGCwxyVp7sHfDgo1slxWsgjDpep/jXiyfVeV8KL2AWE2pekGD0CVaCWPOV/MOrU+pe8xBrEcaXQMpWLT5d4/Unu8TLZ7RdEdgrOI8bOVrl9TO51itw0V7EorfeaKxB6j/flRMd8vU0i29+/UOTbEeRtxuHoyH4zy+v7h49b5ODN88z7f6uEp7diuS3WEHs30EHYtXRSMA6V6+H1aaUMEM0lWG6CXtccgAToqlw3k/+Mod8kVagPNQnJ6YB7BFqu74nHo/3lGKHT6+jRfLWUhbJ5teG0pLTutNN0jIqEUY4NfeLVtKhab5Nkxr6UFSUltQwO/dwVD2mqC80yXjf1Bhq07YGIV/M5DYf7oV1+z6UWoQwALcjCdZNgPkbyGqznfGsBpafJwv3MCmZwt50r8FH4ksb8P8lo28Eqepcf+vVL6C+tJGwm3F0CbawhU9mTLb0ksiYXrY3VYmYzUZVWHsosWI05bhQgN2g+B4+ANYX0SXtEc0/YbD8HusQvnoXWbj3CkQd0=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: gitea-ini-redis
|
||||
namespace: apps-roboces
|
||||
type: Opaque
|
||||
|
|
@ -120,15 +118,13 @@ spec:
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: secrets-forgejo-db
|
||||
namespace: apps-roboces
|
||||
spec:
|
||||
encryptedData:
|
||||
database: AgCPUgtry8Pctkfr+pQvJ8TQpj2YJ9TwUBaRXo7JP4MMsWOXazfVxd8A7sqnNicpmXJ5hx3OMwfxTFg3KcyGWGbTxTGkwJj0Lxwo92sDxhd59NORadlqQYOx19z8foQ+3HSdkhPAEAHzNq2IBgUcTPRZTKuAXyIsrSVbgaAEwWz8fCkwP/CEJvgC7xztQA0MzrPagH2hlbD4MZ0E7mBhrpo9YTQfvSEDQo0dNKsh/4xvXQoriayDtxoRq2mF8jc3f4f6wmbNWrGsdOv84KAXgLm7bzmffTwqCM1dTbuOCLtxvt1M5r39HQTAsBp1H5yWCFsx4paWyhdVh9t3sjDzEYZNYSLrga/bLJ2+CaQWaLpLJBC9u8r4ANHs+KqwdiMyo1RXqlJsfg1gn/udBpXelzpwtWIWIMtsvNrWxOBhOFsWCFnVvxJWwdcxLoe5wmH75OhbP6Ewl7SddL/4kyXqgZfQi1DsbK5VftWdo7aDEVrwTa4Jq4WF7TbTX9GwIxUQ6ahuBzq4De+vZ/jCV0rE7WtGBvxLHIXb6pX7sNsJFwGYvy63SIhWnQXadeTjLNdy3Tq9aK/HeQJsqXPOAAm/oc2udBkygWs2D77NM0wEcH0YU8i0wPS5ig6HxLQTrf0qLew3E8KOjNyetar1QHVl3iTqGQ0C4U5TgIke54eh8/X1Vgd11dgZBpRx8JsUWMe7Itm+819FB+0tMwWJqrmoFyCEBL7rLl+VAS+oabIXD/ruHJFc/blgtLRqatLtOTARqDsfVK9Bm0YpcsDjEbqAiRGHmOaK8Qp9ywle9sh+iVUG4ODFun2goVfgwYcsD62B7CUMb80ZYiY04dTmXjcIzYww+zGkjhqaIPmB/OHovw==
|
||||
database: AgBouV3XhCd3Z66sDHDz0nbqbvAfip94yr9R90stLz2H/vJFGyx4xumE/9xe3b5GUd9aYQbTonhzHFl+zP3yoeTsGIGAbuvpeDimDKUIdnI6MJ2oGVHSn08QY/eu2vuj4nUODCeWPE7W5EFqxCxCq1YxZZpoBLzE3zBuIf8R48KAxs7aau8k4WPPSBxHgXuIeUWR/fNtQrA032f1wS5p6bae8403ro4aithq7J6DiOz69MXIQWwqufay+krsEEqIoE8CioQP993w+AUH1q2tk6O7WQLuzKt4T0mZm6F3cWyNbpCV9GT7q5LtejFn1NAwsmM4UG2toZfuWe9NgiSwyqNNUW7IjzfW/+CF3UfAtkgDfn7IAFu1Wg0yzufsnJuazFy2FiVDYNiHYS3Rq1iboKQl84svuq6oYdgvK6kf4IUfU2j02TgCyYc79/sLFqlbLOsZI07fAg/tDIzRkWQyG5P1HreIiDYZdgm50BgAzyEsvLjguKqPUl/c0LLwS6IxleN6RgcxfczCnaf3lezPXol37qCcyTqCqyiYlpI0i0Y45RTpLmTlyATVpzXCiir3IM0yEbK0ff2y2c7czTdoQSaIowAguUD3SamNY5y3530ZQDbZAXF0U4nDq7Pn59tfrlvvlsA8cSGjgyjwGJobGJUCsGWfOtKSbTNV0zd6EFHlqN5ilf15BSaWXU+6g/UbJKxjgk5aNpXH8LHuAQBVAxpRQR6CNlaz6kp87b5CEnLtPCE9nlQGYBXA9sqdvABGSTGdJzf5k57w7Q5LiTLwA6h8x8TCbkRgArl4r5RGEdtfBr3ZBCzKL+EHJGYGHas=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: secrets-forgejo-db
|
||||
namespace: apps-roboces
|
||||
type: Opaque
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: meilisearch-master-key
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
encryptedData:
|
||||
MEILI_MASTER_KEY: AgBcQDv79lsUJF09YTd+zsuC9Ufhgs74mk5sxIrgaAQW/5yBupPgIsZw+g33qDqejuG+hfdhvkTOFHYetNuEDjnPWEpySjMLiB6N/HXMSuPimbOSjhHP3d7jgnWnIluUPs3RsvxDzaHCygVsS2a5ul7+qJGbiQTlmcV/rMVkqiw95mxwswkZhWi1Da1QYPgjRkazbCV0JAVhYYoo7VBnxceyGOS7Um5BsdyDMmXCn0qegU2FDlXTcBBur48hlyRqie/DxyZi3Yx/yiOnVH7g7H41H6hLJpKhQTMQbnohAqUC2UZZJlwrc8b/3kisFw/pxBP7S47hn9iseQcw18mXs6SzlXbhWm+CyNsKEvuXJAMVlaCrOCqs8Kf8ZlraCJYYq8mx+zoA7yAHnRdC4uByR5SGwnXJgq4WJD3wx90NuVbTcJfpQ+bNMPpRS8W+66S9j+rBVk6YcqCqL62JPSf0I9ZKCrNJrtbx5WyxbcVAgZdd2oxxXq6fG4I/wvqn/LN7nAqDwaCjU0395R+vM89o24h8pMTNOUhY1Dqxh0rKQOnTACc12kmhwQucdtjwkFzM7PJxW8d8GGdvgPoIxe27sguUMvn6IFo8h0JmGrbAyDEeR113s/gwQm9ozM9KJXXyImfiRJCcDSlny0rTNWZaGonXuSezFuhcSazepd0v85ofHgIflQQjMfLUNz1b9+ci4SbnpoJwzlrY2d6SyJSIA7Bz223j9UcRgDvRvIz3
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: meilisearch-master-key
|
||||
namespace: apps-fuku
|
||||
|
|
@ -1,96 +0,0 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: miniflux-deployment
|
||||
namespace: apps-roboces
|
||||
labels:
|
||||
app.kubernetes.io/name: miniflux
|
||||
app.kubernetes.io/managed-by: argo
|
||||
app.kubernetes.io/version: 2.2.13
|
||||
annotations:
|
||||
kube-score/ignore: pod-networkpolicy,deployment-has-host-podantiaffinity
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: miniflux
|
||||
replicas: 3
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 50%
|
||||
maxUnavailable: 50%
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: miniflux
|
||||
app.kubernetes.io/version: 2.2.13
|
||||
spec:
|
||||
containers:
|
||||
- name: miniflux
|
||||
image: miniflux/miniflux:2.2.13
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 10000
|
||||
runAsGroup: 10000
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
resources:
|
||||
requests:
|
||||
cpu: 300m
|
||||
memory: 300Mi
|
||||
ephemeral-storage: 2Gi
|
||||
limits:
|
||||
cpu: 400m
|
||||
memory: 500Mi
|
||||
ephemeral-storage: 4Gi
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 15
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 2
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
periodSeconds: 10
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: miniflux
|
||||
env:
|
||||
- name: RUN_MIGRATIONS
|
||||
value: '1'
|
||||
- name: CREATE_ADMIN
|
||||
value: '1'
|
||||
- name: OAUTH2_PROVIDER
|
||||
value: oidc
|
||||
- name: OAUTH2_REDIRECT_URL
|
||||
value: https://feeds.roboces.dev/oauth2/oidc/callback
|
||||
- name: OAUTH2_OIDC_DISCOVERY_ENDPOINT
|
||||
value: https://auth.fukurokuju.dev/application/o/miniflux/
|
||||
- name: OAUTH2_USER_CREATION
|
||||
value: '1'
|
||||
- name: FETCH_YOUTUBE_WATCH_TIME
|
||||
value: '1'
|
||||
- name: WORKER_POOL_SIZE
|
||||
value: '1'
|
||||
- name: POLLING_FREQUENCY
|
||||
value: '120'
|
||||
- name: BATCH_SIZE
|
||||
value: '25'
|
||||
- name: METRICS_COLLECTOR
|
||||
value: '1'
|
||||
- name: METRICS_ALLOWED_NETWORKS
|
||||
value: 10.42.1.0/16
|
||||
restartPolicy: Always
|
||||
automountServiceAccountToken: false
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: miniflux
|
||||
namespace: apps-roboces
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
rules:
|
||||
- host: feeds.roboces.dev
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: miniflux-service
|
||||
port:
|
||||
number: 8888
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: miniflux-pdb
|
||||
namespace: apps-roboces
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: miniflux
|
||||
maxUnavailable: 1
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: miniflux
|
||||
namespace: apps-roboces
|
||||
spec:
|
||||
encryptedData:
|
||||
ADMIN_PASSWORD: AgBbFquTKFmBFHnsexbzAFrfPtr0ipW7Hs/2aBFdITZJG87rHmvDo5l/sW//fPjW24kVgbey1YEwdPMcwyhd9AX6dkxXxlrAwshMk3mZc7ZefBne2dT/cGBBvY1EhTaIhtvJwEzsOJ0LEV6Lr5NtZeFMxqpgwd5ap93qGS5F/pZPkYwHHZZ7pv8pjXwVMqOlFFhgG+Lo8915Q1SSo7gvkMOz26gFel/FaYAAuA0Rj+NTAlBbgXaDraabhWX71J5fzyLt8vxqlEvpaXzLFJBqlvvo0HLI6ODS9XDuAfEsng70qT+zoSXwcb/zKuTjQ7nlC9Bsri73NBY4wqzxFTE6a4kb7XTmHDFMjetSraAqewJP7kjI/4/hlKO3ioawnQD9GCnfMEGlcdW0Cf9ENaoiJro+3Bi/ya0x3Zuf20fPY7ALh0TcIV5FvUh40gMkcY2mqGabkerPcXozCpY+RV00N3CjDpqLvux69LL7gFKAN+mZJ7+V2XxHTgtCMww+VhCG3BvRqC8zLGaU+QYN0VIsqb6f82J19Ok12hyn6w3quh+SgSQRenhO205cg579pUA//QneiFLYOKx8C+4rUobj2J8Q594xYR8Qu6/6yJzuzO1vCDDsVuaWewcOB31rsZhRIKu+0eogCSK0AOenYLqFmNcMYXJzbvfsuw5+yK24jW3Vhux4lTQ4qbUuaz3O/8AZJTrC5raEzerm7heElYAqig==
|
||||
ADMIN_USERNAME: AgCDJJHFCX0GiNN92fsmuDXk+p/jqyovj48PbrP9SDBoA1W3ehq8GBbcI+ZkOJ5ogHK/LHDQ+Dr9+Ral341nJ1G64oZimUYarJQHpqJNmnTnFx5qPGXayf06bE9xXZdLBxv/f/AuB9dgDHLJO/M0p0XSjsVjAtTAcGb5hdb281gvOIgf3PsOHyRL8qx8W+KkQ9Q7AufvvAzmszRY7VLaOzdW6X+34sgMeclsuPJ41uArod0qYt2MEZt/ssBDsr94EiAnITX/n3qb29xwhPUJV7UIEtTtM/Z0W4bjbG5YMVGnyIlNNdl8/B9gmFX2TLH8TEu4ynC8cxVvZytnk+N8AUHrK/d2BwpAHPeUPETkfCa9TGdtuMP9xtf5pPDsaAKFKxkKFFcjn497K78yMyCtm8VJn21L+e2bylfE6Nrry6L5Mc8LUCViqoR+CHF9vk590uFKM9FhIZEQ7Jb5DYiftyE0stYt3b1vLeBSZCt1VFaQBBKkth3N4EIEY48tTrE4pDmuesz/phgQtZO7ulp/t+Hq+wej8P1xbh1HjQ5Sq8xc8oysCMvdQy6bYckFHd73Ctn2VeMEZYH81x6GhlYp1Q8lgHl6fUwbWWDFvlDD2oyfjAD9hQEmt3qF4b73So4h+pNiG32o9Nv4t8yKj7ACPD3wJZi5RSLPeaDonX/SnX0ocV0uitR+LlzaI81gwzpgIe4jYpqNpQ==
|
||||
DATABASE_URL: AgApgzFV2gNZtppBMCo1WtPVS+WrNly+6JvrZQAiv1FHQuqQYPmaZvFJ9VHXZ7cOFVH+8gSVBYgDSUdPfhjkVaK4frFrxAPLdNjqjqXNRQngI+yF5YtlZr74TP6mLlmY3wqRKS5w2M8mEX+7ME+E5XxIalweUoFecRri6ZsJ8ubNnJUA3afGFvHugnLCrMzmIlur1x3rz5HTv7crxWajECvHpjYvb5hIjdbIWDV6OiKMYpUIjGJFFylP5X6O14PJpQXtN5vAIz5Kvf/1zLuAG9lxsR+P0Ab7wCLIqIQG6utoZMIpNP3PvscD2D4DJnRsH3soUdHSUe+8RIpR0os3nl7Q+YKD5cuP1dS7NJdb7ER6l/RagFUCDMbrFpP13QInIPI3oiMyW6hPNkVs9kCM9efL9POG/O2PMaE0SlJzK0i1HKUT/DDiyTnXFdjVk5UY1Ltt0t7i67/nBoq0GZwZjJBVCyCOz68icISW/kZprI1/7XssukQyaRw8Nwk68jYHg3iXazBz3NR+RPTl8JcKimv+GhSewEToSHemAGO4kWAZXunVP3Pnn/D9+4Ng7wTypE7xUReXlkwJMIEoMad3Scdx/DdIwbbmhOONjgl9Sd5twl7Bj6UWPDf6/awL+fVhz/brr51jV0dF/+2uty6CATxhPvf7CdKP4rsXIE3iLzqiLtaHD2hQN/b43/ipuhULu3ymqA1RJPsOQfSu7exR5pabWUxQ7rDZAS05h1+NumGxCmPUudRHGid3Djj3S8Eq730TlOBW9LDoVPml33icLp1HEV3pa2yTN0t5oU0=
|
||||
OAUTH2_CLIENT_ID: AgCEyqsIU2Q6PCXzmQDyl/aIZBtUSuWmkgr8MWVmWTrwnTKxTKq60wQzbjpA42x5QI7761xftvFjPx0UYwv+06PdvG8eJDhCYEjimrq9oSuuTq/SwBhxT3NwcwUJ9H/N+pe1K4qwARwgfAowoXiWQ8d1PHKTQ2NleOlXNGuIy83e9KDGWjMDnIbQr3NqFn5Kdv4V1A5eFZyDkm6FmpXl0JbuWNVBzC/kQDhsgZzRKDBYMqXAlp1CymvT2KsGa+PEDXZsYAGnf//JfIx30Qtqc8urmDzWIedHGBtDhNQPI+1P4mZCJ5ue5XmvlZr35C1w6EMsBzK/B+a0MRSqO5l2zyWdSTFXLWR7XjqvtCYt4XTSAqJNnVd8H4y/V9AD3hyQGnTPHFhqfTyO0JXdFdHWPt99Xk7yRENnRrnCPs/2IWympqsi7dYF/hrXUeQO3bTW5qMttDWblDDzPvOaz9egRjDfVk7HDiFTC3q0v8d4zlVpDcWPkduVNbI9OaKSzIW/9kSrF2aI8KtG8QYMoKWQMAKBNEyy3u53pmZ1JNGVFweRvOjUPj69aqOAjI+4T81TPDlbitujVyaFr5qKAcNVMNJhUCkJJtVyVPlUbShAh1OKpIclpK8QaB/a3BS8OPZQYTg2G++7wrPbDlP4BszjhGdJZuAJ4X/TRRra+IfjTYS0QVxWCq1x8uj3jhT1XBpoSNCuQNcBQHjlKFFXKW7oXbAa077CCtI550QOJKblnBIicsQLcySyZVjd
|
||||
OAUTH2_CLIENT_SECRET: AgBX99LPH02S5NgguyWm9cj7NDgafTzygg5qkv1GG2Z23fe7ebuH9AQmvV0LQKZx6NosZsH/mG5d3etrc+zQXfsuzGfp5ubzlSwJOfFjUQDBc+h91IKJLmTgLSCYWkt5hrxMp2sAqzDQ+uFQr7VF7hA1G79HTKSd4NzLFLas967ft0Rgqm7hOSnPbE8lqoWOy+WezjzdmHfNqqFFdyYy8X5G18gEglaBta/cYzorSwESv/oZhuQK+RaNeyb8bShWrbw5NVudAYidWTouuZxp21bv4wYYzqFi4Lzwn57bYLFf5L/1JhVklWsF7cWLSVRQch86kgScV8gp9DK5OI+g7xKI9fwM4v7D8JkujC3pp0ONtLku0Wv/498J4yqWf43ZNyqBi7HiX/4jl4Rwy2J3IDN2Uj18GR1FxS8TgWI4NChugIzmuYKywk7fKd+2NxulOe9X8dtflLLiSuwOWkIzWMB8MYOtR+RqJVLyEA2GZaKRtskiRGfzPYcacj/FHRHwWuO2uuXQhHSZetcW+YjOCmwm+q7WKbH0wRpMoMOIeMwQJ9Tew0NgOepOrtwkx0mj0qdNu5O0HvQU3tCxt7wKLN9hk6zt50iWFnoloQCjK1CmTVr01JoIhKh+LUH+sHVt5dtW0LVR1+757uh35/DYqdTK4KcHQEGf8Cf08yfAv5ZyfTluBxp35iORsVCm63Py7txVaBwoJO1qg5Hmpvj0G7woBPC2V/0DOJJ0+QAGqtrFvbNTcRORS3G6mmKwJObA1WsqWifdBLArrF52Z+9vncLxHw/ty2/++R4ljISrkAMQilrfNc9xqNeG+KE+PSRfQFS1Kc/lcotJLgbbpUjr/bOwB+8TuG1EHXBRINgcWXFcXw==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: miniflux
|
||||
namespace: apps-roboces
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: miniflux-service
|
||||
namespace: apps-roboces
|
||||
labels:
|
||||
app.kubernetes.io/name: miniflux
|
||||
app.kubernetes.io/managed-by: argo
|
||||
app.kubernetes.io/version: 2.2.13
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: miniflux
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- name: miniflux-service
|
||||
protocol: TCP
|
||||
port: 8888
|
||||
targetPort: 8080
|
||||
|
|
@ -1,105 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: pulse-agent
|
||||
namespace: apps-fuku
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: pulse-agent-read
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes", "pods"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["apps"]
|
||||
resources: ["deployments"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: pulse-agent-read
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pulse-agent
|
||||
namespace: apps-fuku
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: pulse-agent-read
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: pulse-agent
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: pulse-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: pulse-agent
|
||||
spec:
|
||||
serviceAccountName: pulse-agent
|
||||
containers:
|
||||
- name: pulse-agent
|
||||
image: rcourtman/pulse:v5.0.17
|
||||
command: ["/opt/pulse/bin/pulse-agent-linux-amd64"]
|
||||
args:
|
||||
- --enable-kubernetes
|
||||
env:
|
||||
- name: PULSE_URL
|
||||
value: "https://pulse.fukurokuju.dev"
|
||||
- name: PULSE_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: pulse-agent-secrets
|
||||
key: PULSE_TOKEN
|
||||
- name: PULSE_AGENT_ID
|
||||
value: "k8s-cluster"
|
||||
- name: PULSE_ENABLE_HOST
|
||||
value: "true"
|
||||
- name: HOST_PROC
|
||||
value: "/host/proc"
|
||||
- name: HOST_SYS
|
||||
value: "/host/sys"
|
||||
- name: HOST_ETC
|
||||
value: "/host/etc"
|
||||
- name: PULSE_KUBE_INCLUDE_ALL_PODS
|
||||
value: "true"
|
||||
- name: PULSE_KUBE_INCLUDE_ALL_DEPLOYMENTS
|
||||
value: "true"
|
||||
securityContext:
|
||||
privileged: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: host-proc
|
||||
mountPath: /host/proc
|
||||
readOnly: true
|
||||
- name: host-sys
|
||||
mountPath: /host/sys
|
||||
readOnly: true
|
||||
- name: host-root
|
||||
mountPath: /host/root
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: host-proc
|
||||
hostPath:
|
||||
path: /proc
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
- name: host-root
|
||||
hostPath:
|
||||
path: /
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: pulse-agent-secrets
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
encryptedData:
|
||||
PULSE_TOKEN: AgBBxrJ80IpJ0RvYKQuN6p3G8vIdSL9nESO9OTAR0NiMjSGZNbNEELKE/a1f2ixQUSsNc/k31c+7GlAi+8PmNC4c7rmRJTe+z3uO/BNNLYeTi7DsEk9/oJZTWn7iOcLogiZJQKxbGozCp/S8zrWisH67N2ZHmzz5UEJAzq57+fBEyAk22/WR0QMfW3oOYHGZFNR5AdAxrdfyRwTvSEOz4R2YlrQKRtOFVIPG/aEaAn42AGYfrq2cLVEiCygjE+8nZQ62TMmQqMiwiCjk5do9uRhhiRimuD78FrNnFU5dSwe/11ji5sSrEPjszPB8O0TBbsCssxfz48cKRm/6IdI9B5pKHYob68Ed8u5UgpRU/ZhUWJLyXuZF/Tgw+WcIsVkQXb3eqQTARBeZueugnA23lnzxh5gjR17wjPw7ePYaLiUWTYikOK5HvgpJyiuB0ev2cjGSqYeeAAn5ewCGM/NODXUAlFdC+N9S7ft1+chJrHoaXgHy8J9LWm/maKW99+yT08a68RvGGoZtFPZNlFjzurNF6EY9SLUFf0RLzShkyq6uuOzLm8gENyDIQ+Ru7wWEwyEcUz4ceAR5I78k0gCIDR1o4Ti22asdbRjMptZdOTbep+PWmu2K1oUvxXtXwgKkn8pvTkJpcdejqehnYPWfRAI3Guxi7LQDf++yShKS1NdXMdjhtFoNLa03xHM/G94sF3/mnJwivNhur1V7iC1yCY5NlruPr4KCd5AgOnKqoreRRvRbCVlFO1mtP6XV4sjqEIhmZyXWFJ76bwAC+hxSlFzL
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: pulse-agent-secrets
|
||||
namespace: apps-fuku
|
||||
type: Opaque
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: secrets-redis
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
encryptedData:
|
||||
redis-password: AgBqJ2pqIbdtOtbGnmalrdzSEZYBDhkyhZNv3fEsgLmvZ55ehXreELEZGKcOCqgVKCQZnfLTA7X4vyR6oZVhSdvcJeULmHrmO7ynItoyowvmY5njE7jTWTsSKypCXJXS0u81TD8+sF0DCRrALo4fzCfyxHWg2x7qyVOllOfhaWpggFsqqn7fMLUdhumnW2C5bEj2x/8PkW4aLI86osjKlwDiMXTE6nULQ4Fx76zzjuhCDLN0RGG4xTqVzDcbt+F7cpULyTJ9Kvq53UPMMaCq0huIkU/JYmAHMUcXF2Q1HUdh/K/R0KYqhlEN7t9JPJgsi7s7IKpp0EFRHOfvkZAm5bAqG34q0p/1Hce+0ifOZsQYp4nmj/1uEGshXhWETSI7mAw/sEdG+uJvLP6Sz7KkaLXhV8tGHfyXqwNyo+jV6JqIsynOY5UZc8zN170nQXwM5KzQyIsNz1yjDFGBIC4y/gjwaDXioaMGVg+PRxFEUAahssdPPZ8ug3M8EaqqgPlHTye+LwHDVDJZAWmnYJ6ajYWGqeCx7pKw2+vhr8V4ToSyG3hsPEbREwVSO50fKOL/MelRC24Rrzv8uthtHjHniLt1DJzPkXJUAnMaV4UsJ21Ge5PQo7Op0G/RNSnka2LAt3I6CVbUb0UoBhSNPmDVD5/0pn5oM/PSd0oqszUsFdxoIOpCIt3ReZUD6eHOlcuK8H65nwsb7Cbyde8a8GTD9q7SoDo2IQ==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: secrets-redis
|
||||
namespace: apps-fuku
|
||||
type: Opaque
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: valheim-secrets
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
encryptedData:
|
||||
server-password: AgBsm7Qg9ej7FtFh5twb4ALyL0I/fzVukURvFg17aweeDX7bM/9p/Yq7S2XG8gbqOYbC1GxknGMHQUnTXqXC9YZ4tZVUAptTCrAsPZHhHiet8bM39KCo2tGa5mCyC7lcmxae26cHuKj8Df6iMQCHL9ZH58A2SU8OIaszkonjwvSnbk6u7/HLCE8UyqP1JjXBMd4wx4BFDrhbauZr10f51tI55ksY+x44QQNrz84QEXmQ/dgwdzGAWqcPQTf57BebSI+ZKtUIvrMpNtz1ioqGnH3vWlb7QnqyqcyAYri3W3j8DB03EpfI2QjYi5Rs1NaJoO8L5HFdHW5p+rmttuwRxiEUPmURftH25o6Mgv/EcWGsB1TpyyFXM8JNU01lWJ+Wty316YF1BV3zHqdQeKu82R/wSv+iVm1dYKTfSOLe3YJr+aFnhYX3hCpBup1cB2KeOe/X9wTo2ETdvKhcIJPz8x7TRcXaCerVmVBw6LagmmdtMsCL4AIXw2gdkBeGONQmOzR1hDyTBAmpTv59WYzAJcCPZRE6gGxCPqH32G36E7WGEI4UOsjvT3GkVDnYx4FUDppzSP0ebnHZOwwAPFtXojHUaHg7ZTjZiuXDQa9Hkqt4mIOKa0i1HI0MyPu8eZJjoRXNS4j1yLfDCP2eSuhGjtVNbbyQthaITolitZ0VeUU8St1iKB7rvAGHqhBoPSw9TOBVSsBcHgIAV64oRqto4kM8
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: valheim-secrets
|
||||
namespace: apps-fuku
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: vaultwarden-kubernetes-secrets
|
||||
namespace: apps-fuku
|
||||
spec:
|
||||
encryptedData:
|
||||
BW_CLIENTID: AgB6UpzjiBqifwHwm4YfevKVQLTt/2JxrTdJ0O29i416TrvPvYlrofG6ihWQDIr7zAROq5RE1YI1mFdczzcHTccMV+/rPPBTY04rdkoypc17/+P5eVLO03dcSldhbcgiMJQYgji+U59SFebPxxPI9gn6GmOss368Wqgdffu/d7V6RtvBNN+qgIu1FjS26FYxKRKi/mEjPmF6GCkkWRHkkpimdjKalVkuQXiu04cwDTSRYNmgePv5ihem/5tP7ZqgQCFpYafpia6CnQwhHNoPP4Dq+cV5VVPw7AfVdm28HgFLiZhiUWXoGiiFvTZcDwViG4T80gqxtfN/2ur94V7zc/PTGXSsVWBJYM93/jf3zcK7h5wag0nXeYm7nD+NT1JM/2NZguqLVl3iX4qE+f0C83dPTUrBv8+9H3aw0YLI/zgnT8Fdg6VAdbGrXMXrTEqm2IChRZ65/WIgwaRWIH+ETsWPFqUj3mH9Cx8NkNNSRfTqmZS28VEfcCzutSgTJ4zs2VwTYDBBD1QQSMrhUSLrCihWLK3ZTjVTEwAaoUObnaFrYpNBGVZQne9zzWO38/y4NQ2D1Q1YTx0cBP8qcKit9v1GFmOcNDsVG1WCFkZh0qz4j37SOBH0J00sG1lwGvkb05pOjcGVUexjzvHloUjSauFypW+2XQqnVshMbNgKgZYZmZmWbHf8nyq7+wssivbjB5qX5foiCN/Qp2WtIG92k08ZU1+hTq/w/GX8DI/UsbSLU7p/0vpAKMDBuw==
|
||||
BW_CLIENTSECRET: AgBfsr/ECO+lxSojrp1Ailv7SOYMqtGzmQCmXI3g7+K0W+RT7dOHuZOk7VlvYG5l4qVjriXhMo1xGcGYf8WeAebx+OWTs9Y9sRQ7eGnQW/KD7ihV3vCy2+jEdWZas9wEN1coUUt7Lbg09jz+nrt8Di2xFigJWSjuWejyAwmnRC0O0gLSudidf2x1aTeclid1tFvubbKbYUrLbTCLPW1bDuDs8BseRX6sF8/CVR1ZKWbcADUYvP7Amygc4WMElRREMQJjKBiPYNA4OuepvpQDlNVz/wq499XJAnFMDP8BhKxYalwOqTYzWQT0DA4mwBokMnpRE0VJ3erAAKQwzDHqO8pFE5bqhgzjwTWryH0ZmRF96JVLxx5IMetb8jYEPAHA/ymz9GmSUyVDXDRoeyH2xM4vuD/6A2JXc6kgcpfRx+5UJUybajO7urvHBCS/5X5cEiEOyEtqPMqkRdv2LgN1wXMEU88eK2NqpVX7zhLIJgoMusdHtkDmSlS+pFIb3GwGQRmn5khj5xkyQKweMoPvC5Pq+T/F5/2NziJGRj56HYvaiOPfyfzetaw7Zh3I+umMfZ6mtKD7ntYB1EYaqIMhTlAQv8DxS98t19LOke3h5QKcX6SdKeAqAvlqxuYZ5rweNtZsDevtnaFdmDzbve6xbZrtNwAurpZMYC/7tetyH+jFHrcFjDCuMMLdD5t4d8NW50nks71Pofe6KO/8lkzNOjiQwBIUfG+8Y6bAmPiBBr0=
|
||||
VAULTWARDEN__MASTERPASSWORD: AgBlRRDUcWw8Kq8IJ/dBk1RQwA6jg4VtpDTzU9eRtkdZfBoEI+KnQt2QHtGv7ZMmyCHztRAoJcEWyoN25RMdG4dQQN40IOPBiv7D8e036nQv7rQqZWE7mPPs9veskS+8sE+h3HFlwIEytn4721nHw4DNl2Uwbtgo1rTRRyJ3Px2UoCfnCU1xVtimWhj7uLjf2kPkSvWRUFZFfzSkuMWtiAPDxspk7q8CTktdiUHV6ZsuuIcZfJ1mHkuredVGYpOcrKLJcwGE7Auzn382lILNwkSuiZjt0T+O5A0c406SPVGU/ovofbRgdUQmmIbS+q6y17HMDkwLutdmIyJgqMEPJXR0KfebjzdtaNdSbmL68QsdECqCbQm6Az3uMEOJ8TVm9rH5yfZZoXLMVjzHgwtQbV9vBb0ubMUKdqJahD0zUQ/1FqDtYHt9OBv8bLh8SXiTKNxz2GByHjcGFUNZhZac1eTqmtYxxUhk4KNFsqx7FvJNUi0VTfINvHAd9Tjlrd0vQbST3VgdiIEHcuxW5HShdSnl8o5WXKmEtlecMqB3Y/C6IIPF+CZ6HoMgfE59G2dchnNccSwdZRa0n6OWt3BWJi7fuhrBXvTBpa5Zxrqh6o1VX3k5wXDgBRN7a8pZawhuCXbcBcrhcs+wDm7YlK3Gj3F01dIOGc7qMpdMWUHcUxCikC9Wlnp5b+OKB2huiHWr2p8v0IeOu8MfC65GEkx/dInxW1CkitHsGVA=
|
||||
template:
|
||||
metadata:
|
||||
name: vaultwarden-kubernetes-secrets
|
||||
namespace: apps-fuku
|
||||
type: Opaque
|
||||
162
scripts/k3scale.sh
Executable file
162
scripts/k3scale.sh
Executable file
|
|
@ -0,0 +1,162 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
usage() {
|
||||
cat <<EOF
|
||||
Usage: $(basename "$0") REPLICAS [RESOURCE...] [OPTIONS]
|
||||
|
||||
Scale up or down one or several deployments/statefulsets.
|
||||
|
||||
Arguments:
|
||||
REPLICAS Number of replicas to scale to
|
||||
RESOURCE Resource to scale in "namespace/name" format, or just "name"
|
||||
(uses current context namespace). Can be specified multiple times.
|
||||
|
||||
Commands:
|
||||
--all Scale all deployments and statefulsets in the namespace
|
||||
--all-namespaces
|
||||
Scale all deployments and statefulsets across all namespaces
|
||||
|
||||
Options:
|
||||
-h, --help Show this help message
|
||||
-n, --namespace NAMESPACE
|
||||
Namespace to use (default: current context namespace)
|
||||
--dry-run Print what would be scaled without making changes
|
||||
-v Pass -v to kubectl (minimal output)
|
||||
-vv Pass -vv to kubectl (more output)
|
||||
-vvv Pass -vvv to kubectl (debug output)
|
||||
|
||||
Examples:
|
||||
$(basename "$0") 1 mynamespace/mydeployment
|
||||
$(basename "$0") 1 mynamespace/mydeployment mydeployment2
|
||||
$(basename "$0") 1 --all
|
||||
$(basename "$0") 1 --all --namespace mynamespace
|
||||
$(basename "$0") 0 --all-namespaces --dry-run
|
||||
EOF
|
||||
}
|
||||
|
||||
KUBECTL_V=""
|
||||
NAMESPACE=""
|
||||
DRY_RUN=false
|
||||
REPLICAS=""
|
||||
RESOURCES=()
|
||||
ALL=false
|
||||
ALL_NAMESPACES=false
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
-n|--namespace)
|
||||
NAMESPACE="$2"
|
||||
shift 2
|
||||
;;
|
||||
--dry-run)
|
||||
DRY_RUN=true
|
||||
shift
|
||||
;;
|
||||
-v|-vv|-vvv)
|
||||
KUBECTL_V="$1"
|
||||
shift
|
||||
;;
|
||||
--all)
|
||||
ALL=true
|
||||
shift
|
||||
;;
|
||||
--all-namespaces)
|
||||
ALL_NAMESPACES=true
|
||||
shift
|
||||
;;
|
||||
-*)
|
||||
echo "Error: Unknown option: $1" >&2
|
||||
usage >&2
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
if [[ -z "$REPLICAS" ]]; then
|
||||
REPLICAS="$1"
|
||||
else
|
||||
RESOURCES+=("$1")
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -z "$REPLICAS" ]]; then
|
||||
echo "Error: REPLICAS is required" >&2
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$ALL" == false && "$ALL_NAMESPACES" == false && ${#RESOURCES[@]} -eq 0 ]]; then
|
||||
echo "Error: Must specify --all, --all-namespaces, or at least one RESOURCE" >&2
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
NAMESPACE_ARG=()
|
||||
if [[ -n "$NAMESPACE" ]]; then
|
||||
NAMESPACE_ARG=("-n" "$NAMESPACE")
|
||||
fi
|
||||
|
||||
DRY_RUN_ARG=()
|
||||
if [[ "$DRY_RUN" == true ]]; then
|
||||
DRY_RUN_ARG=("--dry-run=client")
|
||||
fi
|
||||
|
||||
KUBECTL_BASE=(kubectl)
|
||||
if [[ -n "$KUBECTL_V" ]]; then
|
||||
KUBECTL_BASE+=( "$KUBECTL_V" )
|
||||
fi
|
||||
KUBECTL_BASE+=( "${NAMESPACE_ARG[@]}" )
|
||||
KUBECTL_BASE+=( "${DRY_RUN_ARG[@]}" )
|
||||
|
||||
scale_resource() {
|
||||
local resource="$1"
|
||||
local ns name
|
||||
|
||||
if [[ "$resource" == */* ]]; then
|
||||
ns="${resource%%/*}"
|
||||
name="${resource#*/}"
|
||||
else
|
||||
ns="${NAMESPACE:-$(kubectl "${NAMESPACE_ARG[@]}" config view --minify --output jsonpath='{.contexts[0].context.namespace}' 2>/dev/null || echo "default")}"
|
||||
name="$resource"
|
||||
fi
|
||||
|
||||
for kind in deployment statefulset; do
|
||||
if "${KUBECTL_BASE[@]}" get "$kind" "$name" -n "$ns" &>/dev/null; then
|
||||
echo "Scaling $kind/$ns/$name to $REPLICAS replicas${DRY_RUN:+ (dry-run)}"
|
||||
"${KUBECTL_BASE[@]}" scale "$kind" "$name" -n "$ns" --replicas="$REPLICAS"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
|
||||
echo "Error: Resource '$resource' not found as deployment or statefulset" >&2
|
||||
return 1
|
||||
}
|
||||
|
||||
get_resources() {
|
||||
local ns_flag=()
|
||||
if [[ "$ALL_NAMESPACES" == true ]]; then
|
||||
ns_flag=("--all-namespaces")
|
||||
elif [[ -n "$NAMESPACE" ]]; then
|
||||
ns_flag=("-n" "$NAMESPACE")
|
||||
fi
|
||||
|
||||
"${KUBECTL_BASE[@]}" get "${ns_flag[@]}" deployment,statefulset -o jsonpath='{range .items[*]}{.metadata.namespace}/{.kind}/{.metadata.name}{"\n"}{end}' 2>/dev/null | while IFS=/ read -r ns kind name; do
|
||||
echo "$ns/$name"
|
||||
done
|
||||
}
|
||||
|
||||
if [[ "$ALL" == true || "$ALL_NAMESPACES" == true ]]; then
|
||||
while IFS= read -r resource; do
|
||||
[[ -n "$resource" ]] && scale_resource "$resource"
|
||||
done < <(get_resources)
|
||||
else
|
||||
for resource in "${RESOURCES[@]}"; do
|
||||
scale_resource "$resource"
|
||||
done
|
||||
fi
|
||||
0
scripts/proxmox-power.sh
Normal file → Executable file
0
scripts/proxmox-power.sh
Normal file → Executable file
129
scripts/update-argo.sh
Executable file
129
scripts/update-argo.sh
Executable file
|
|
@ -0,0 +1,129 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
check_kubectl() {
|
||||
if ! command -v kubectl &>/dev/null; then
|
||||
echo "Error: kubectl is not installed or not in PATH" >&2
|
||||
exit 1
|
||||
fi
|
||||
log_info "kubectl found at $(command -v kubectl)"
|
||||
}
|
||||
|
||||
VERBOSE=0
|
||||
|
||||
log_debug() { [[ $VERBOSE -ge 3 ]] && echo "[DEBUG] $*" || true; }
|
||||
log_verbose() { [[ $VERBOSE -ge 2 ]] && echo "[VERBOSE] $*" || true; }
|
||||
log_info() { [[ $VERBOSE -ge 1 ]] && echo "[INFO] $*" || true; }
|
||||
log_error() { echo "[ERROR] $*" >&2; }
|
||||
|
||||
usage() {
|
||||
cat <<EOF
|
||||
Usage: $(basename "$0") [OPTIONS] [VERSION]
|
||||
|
||||
Upgrade ArgoCD to a new version. Requires an existing ArgoCD installation.
|
||||
|
||||
Examples:
|
||||
$(basename "$0") # queries the current argo version and tries to update to the immediate newest version
|
||||
$(basename "$0") v4.3.0 # incrementally update to target version
|
||||
|
||||
Options:
|
||||
-h, --help Show this help message
|
||||
--dry-run Show what would be done without making changes
|
||||
-v Verbose output (info level)
|
||||
-vv More verbose output (info + verbose level)
|
||||
-vvv Debug output (all log levels)
|
||||
EOF
|
||||
}
|
||||
|
||||
DRY_RUN=false
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
--dry-run)
|
||||
DRY_RUN=true
|
||||
shift
|
||||
;;
|
||||
-v|-vv|-vvv)
|
||||
case "$1" in
|
||||
-v) VERBOSE=1 ;;
|
||||
-vv) VERBOSE=2 ;;
|
||||
-vvv) VERBOSE=3 ;;
|
||||
esac
|
||||
shift
|
||||
;;
|
||||
-*)
|
||||
echo "Error: Unknown option: $1" >&2
|
||||
usage >&2
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
TARGET_VERSION="$1"
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
log_debug "Script started with target version: ${TARGET_VERSION:-auto}"
|
||||
|
||||
check_kubectl
|
||||
|
||||
log_info "Checking current kubectl context"
|
||||
CURRENT_CONTEXT=$(kubectl config current-context 2>/dev/null)
|
||||
log_verbose "Current context: $CURRENT_CONTEXT"
|
||||
|
||||
log_info "Checking for ArgoCD installation"
|
||||
if ! kubectl get ns argocd &>/dev/null; then
|
||||
log_error "ArgoCD namespace not found. This script only upgrades existing installations."
|
||||
exit 1
|
||||
fi
|
||||
log_verbose "ArgoCD namespace found"
|
||||
|
||||
log_info "Checking current ArgoCD version"
|
||||
CURRENT_VERSION=$(kubectl get deployment argocd-server -n argocd -o jsonpath='{.spec.template.spec.containers[0].image}' 2>/dev/null)
|
||||
if [[ -n "$CURRENT_VERSION" ]]; then
|
||||
CURRENT_VERSION=$(echo "$CURRENT_VERSION" | sed 's/.*argocd:v\?//' | tr -d ' \n')
|
||||
if [[ -n "$CURRENT_VERSION" ]]; then
|
||||
CURRENT_VERSION="${CURRENT_VERSION#v}"
|
||||
log_verbose "Current ArgoCD version: $CURRENT_VERSION"
|
||||
else
|
||||
log_error "Could not extract ArgoCD version from image: $CURRENT_VERSION"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -z "$TARGET_VERSION" ]]; then
|
||||
log_info "No target version specified, querying for latest version"
|
||||
log_verbose "Fetching latest release from GitHub"
|
||||
LATEST_VERSION=$(curl -s https://api.github.com/repos/argoproj/argo-cd/releases/latest | grep -oP '"tag_name":\s*"\K[^"]+' | sed 's/^v//')
|
||||
if [[ -n "$LATEST_VERSION" ]]; then
|
||||
log_verbose "Latest version available: $LATEST_VERSION"
|
||||
TARGET_VERSION="$LATEST_VERSION"
|
||||
else
|
||||
echo "Error: Could not fetch latest version" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
log_info "Target version: $TARGET_VERSION"
|
||||
|
||||
log_debug "Determining update path from $CURRENT_VERSION to $TARGET_VERSION"
|
||||
|
||||
log_info "Applying ArgoCD manifests"
|
||||
log_verbose "Downloading manifest from https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml"
|
||||
curl -sLO "https://raw.githubusercontent.com/argoproj/argo-cd/v${TARGET_VERSION}/manifests/install.yaml"
|
||||
|
||||
log_debug "Applying manifest with kubectl"
|
||||
if [[ "$DRY_RUN" == true ]]; then
|
||||
log_verbose "Dry-run mode: would apply manifest"
|
||||
kubectl apply -n argocd -f install.yaml --dry-run=client
|
||||
else
|
||||
kubectl apply -n argocd -f install.yaml
|
||||
fi
|
||||
|
||||
log_verbose "Cleaning up downloaded manifest"
|
||||
rm -f install.yaml
|
||||
|
||||
log_info "Update to ArgoCD $TARGET_VERSION initiated"
|
||||
58
tofu/adguard/.terraform.lock.hcl
generated
58
tofu/adguard/.terraform.lock.hcl
generated
|
|
@ -2,37 +2,35 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/gmichels/adguard" {
|
||||
version = "1.6.2"
|
||||
constraints = "1.6.2"
|
||||
version = "1.7.0"
|
||||
constraints = "1.7.0"
|
||||
hashes = [
|
||||
"h1:4rfmv0e8MoRPw+CTZBxTlPZbOSvPnIIt8kwVIIRIqbc=",
|
||||
"h1:FUOYxkRfDHxiAlTKpvfZpNpRdCkq7Gs9JcZjLWo+guM=",
|
||||
"h1:FewdC+pt/Z8XC1M5M49D74MYnMzVjwVoAcnonmbxhwA=",
|
||||
"h1:RAXQ/T7oF42hDSuXH7hH85uj8QmHRS+ArP5pO4ILslc=",
|
||||
"h1:a5SEI5KSX0cENGjd+IrxMj4l0Cr5GWvTP8Ng3cJaLTg=",
|
||||
"h1:gNdYW6qM5jJTA2M9BHzVtuCTSmY2Fi/r08A/duZR8Yg=",
|
||||
"h1:gnBusJUhlOSxn2JG5V0N3aHWAcTtMLcSjRSMKm8+6S4=",
|
||||
"h1:hwB3SSfBITtOIggACNkdTnA8hG2AzYaFgG3WJny3290=",
|
||||
"h1:iGjswHan6q6vYBTxR+WFBCUwCN7jmg7mAvFnv4P3/m8=",
|
||||
"h1:mBxI5srrplxBHZLuXfEVZzwph3mCl9SQv0e9nR2GhQ4=",
|
||||
"h1:o3CYF1B/kMBktAn1cWJuqW84VqZkM5K3A1BPw6v5fnA=",
|
||||
"h1:sX4l50R6dzuHdQJFBfGDY6lZc4bCGKjxkKRtoKmx/1g=",
|
||||
"h1:shVeqrDxxOvnsD//ryu7IoxwPsGb+6FeLmum3szd/mU=",
|
||||
"h1:wY3pI9C3lEZ9nZRIqky5cqfwLm+u7Wi/9HBVCo4o9/M=",
|
||||
"zh:0337224a2b6418ba38cedf7f2cef9b154f51db4791b03d6b5745cb26f60614d2",
|
||||
"zh:09addda402962c46cd236ae1703ba9632f377897e8d321678cf0e4428a5071f7",
|
||||
"zh:1f7b511933d6ca8fbdcd5bb50bba910e88b73fee57ae2922e01f18470350929e",
|
||||
"zh:2bd2a45c4cddd19b2a55d6d658184df25f002e0b7a929da48b5086922ae846d6",
|
||||
"zh:30ed44fd468132273029302fc16de4e76a1f10b816862e2e5dfca545e5b67f70",
|
||||
"zh:3f73e37f6410509f7811db77b53f6e332c24344ad800a1d56bcf6af2a706d998",
|
||||
"zh:5215dbeb6edbe0e7fae238580bb649745824d3744cc0d3b407244383ddeefd96",
|
||||
"zh:543a6b4d814607884791306ae661a1d3475af90785712fb6c94e2b616f75afba",
|
||||
"zh:8402d7a2d501ff0c9fe2216bf80f6bc133f0277cc3f184d3d37f4628b778f18b",
|
||||
"zh:894ac1fce4fd92c66684d64d41356d5d02ebcf3a68e4ae1150314732f9ac384f",
|
||||
"zh:ad547c8c8413de6886cf563129b117a0aab79b9841e7486e58a639c74eeacc12",
|
||||
"zh:b9d69a6f99256cbd741ddc881f8665eec6e51ee1a4b99918ae8e9bdcf73cf31d",
|
||||
"zh:d254d2dae145dbe5435be32b821198d9d5dca81fb67e06499eb8a8bd78a34ba5",
|
||||
"zh:df327c22ba4437fa5e879ae70ce8330363a4e6f320711e7bd2ac249db3a3a551",
|
||||
"h1:1vvJ6KcLUR8U2BHNtj7tMsgEsGXzTKMIFsHfcZYEVyc=",
|
||||
"h1:5BDrsrU/Sdain/+KkhbNzxVL81rh69wG4iKOIBf9qys=",
|
||||
"h1:70gWtux/jVZQgsDjr8+j0aRHKkGZqRWCmzoX9ddC7f4=",
|
||||
"h1:Qdqipgukxph9vqXiEKVzFSgXfEmGiGw1JrrQvwJOtco=",
|
||||
"h1:QveIrziFNxu+Go7pl7qjH5tqPOb8pgzfTdunVgsJ3vg=",
|
||||
"h1:UrJdOlCLAWC7/I2Co02RtOKT3tSGb8TwOgJ7s0sOtCo=",
|
||||
"h1:W6nZfQzWb3Ds1JRytBqzsZoNBa6x4OOe9J87f1nyCRA=",
|
||||
"h1:c3RK8fSEr2yfPySC0WemOC/CR3608Ra4vFwGhvdrswg=",
|
||||
"h1:jizPinVWDQUN6rKwiBgRm7PcgUJe4AWlCWghgH0v7xI=",
|
||||
"h1:lb9gv3IiUZDA4P/kpuvOqZmidWMIbpG+sUecM1QclNo=",
|
||||
"h1:sRIMccvZq71/CxTknprnRozCChEZSq4Nmt+M+DOjTq8=",
|
||||
"h1:uOdtIfvNVEHheucpt51bSCYtX2W1LKELlOkBTbjBm6o=",
|
||||
"h1:woGvhSgZDFj5+yH5uHonXSIn6AaeZekb3t9oXMZB/DQ=",
|
||||
"zh:0b83aa1ade1a6f7c9b1af0488dad43bf00e733d1517463d4bee51c17612546da",
|
||||
"zh:15d784c16545efaf6c368b642995bb0d0ef61b6961e67b072430d445ef6c02fc",
|
||||
"zh:1c4da4d20c98795fee1ac0cd9ffd880a68f06992d6fe849342c4b19f79c8aff9",
|
||||
"zh:41afcdcc5236fa40a0b7ec614cb830ef03d45f8f1b8988d24d80ec999ef34b9b",
|
||||
"zh:4c8e832a5a842420b5163eb5eb2bd7d460ece524efc618bdba64e4f4a2d403b5",
|
||||
"zh:58e19d2f9e4bd9f2a13b631c3213157ea80ef3aa7b3b8edcd8fb341f9c06c5e5",
|
||||
"zh:7380ca4d053255f787ded10c26b19ebd23d3563ddbb36d0be66bb2cef293d27d",
|
||||
"zh:7b21589bb31084bb68b2deb96bd4130b8b13c1c71614704d13d4cbdfc583f3c7",
|
||||
"zh:82aee49172286676cdccbc97b809b84acf3edeb164ae77cafa837118ee3769a6",
|
||||
"zh:95431a266520cce112474616c27c80f0017625ef7d80aaf69118360222d7974b",
|
||||
"zh:a6dc4b60beafc471d049b856df4bf793838b1e8b2079efe4a12ebf6fbd482098",
|
||||
"zh:d9c5c35be3ae54a52fb444b61e442445e74df6a4ab5bc4884b0f5d55eacc4ced",
|
||||
"zh:f6bd2db5d9a178c9b5b020e505affc245a0ceaa8e662f37ad9743d65e1153322",
|
||||
"zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ terraform {
|
|||
required_providers {
|
||||
adguard = {
|
||||
source = "gmichels/adguard"
|
||||
version = "1.6.2"
|
||||
version = "1.7.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
58
tofu/authentik/.terraform.lock.hcl
generated
58
tofu/authentik/.terraform.lock.hcl
generated
|
|
@ -2,36 +2,34 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/goauthentik/authentik" {
|
||||
version = "2025.12.0"
|
||||
constraints = "2025.12.0"
|
||||
version = "2026.2.0"
|
||||
constraints = "2026.2.0"
|
||||
hashes = [
|
||||
"h1:1WOionGZogRGfcwgsBshgGDDMFWqioq62s/FmpTonI8=",
|
||||
"h1:7EkbL1fO5vkX5IvlGhKIjWcEPIc7U3zS/x0+rMC+NKE=",
|
||||
"h1:N65bk3gPCHEJE8c68LCjQ2NMwDKDJlt0+ofnmeNM4FI=",
|
||||
"h1:S2NDeRAxbfKPGvBqM7WES5znedi0V2AWc5wxkczYDd8=",
|
||||
"h1:ZmqC2orWU2UItPZJZfsSnBBX7Ds0OEk8EarBtWjuFsc=",
|
||||
"h1:aofPDDDWm9c87uip8IwKlhGDePNNr6Sy0Q+m9NgOols=",
|
||||
"h1:f3+jlDlxpgKdCbcB7ac4lVn5pdSMM1e2Qh0AB0RDNsA=",
|
||||
"h1:jt+Gtla0Z7zN4gCltMg//aDfCoSIdCyFF4ept4Qwc6E=",
|
||||
"h1:msEjekUeIUKY6lipADjuQpaU1HPrp0MU19R9LpZv5UM=",
|
||||
"h1:t61WX+9iOOCLlZ8tt/vZP7X8M/Q7F5k6QUyduYtpVf8=",
|
||||
"h1:tI7fyxvSatX28mp0woFsBbhrnzgeZTZAaitzKThlyAo=",
|
||||
"h1:wzjwM6RA9Jth4iCN5J9dzxnfjO56ZFl1T5rAQhuU1og=",
|
||||
"h1:xZZSwrSXnUCPmP9U3EY9fKPmBru58wZozovF2+i//oY=",
|
||||
"h1:z/+UpU0PH5hae3WEqJO7Lreo0wYO77UuJrimJyV3Mcg=",
|
||||
"zh:0ce23bd10c1782a3ae9321a572093df2c283df9003fc1cf33f6e63df18a81b7a",
|
||||
"zh:0de1db5b3363603e6bd25c9c420e24e872bcfe8d43a7015b710a0292ffa7a649",
|
||||
"zh:1d719e62eb5195a6461cdf2e175960093cdb77b190a7b15eb3fd0e1fc38409e1",
|
||||
"zh:3adba178a720c90f296183479872a82719f5497b24e90224c044bcc9e29092b7",
|
||||
"zh:54e5895e61a39b955be26977c273d9581beccf0e22ec58932708472cab40b03b",
|
||||
"zh:59b8df5b3be8bf9e8a8dcc7b5edf96b0ca505f93fc0db022cc33513172dbc2c8",
|
||||
"zh:6d86630e353b874ad43d09e3d3541ba4f824c578122a21c7895a452a0534ca05",
|
||||
"zh:b6c7466446ce685971dee0c7b2dcb16917e3d23805a51d7a2091e475908c8d87",
|
||||
"zh:ca306de78ea0f99f698548d51b094501e8299340ccc9c6549d1b62fc1fe29456",
|
||||
"zh:cc6bd38417c0a6c0d7a1c8533007c113155d82d085ea705d955dadf62b2f9f66",
|
||||
"zh:da657c9db5647620fca377fdc934db6a0f6d05d4cc0dd91a47404850805fd6da",
|
||||
"zh:dc0b1effedb7a35d1756be915ff8b48d0f422b7a9da75e7f14a2d3efa2d4806f",
|
||||
"zh:eef8d1715e9cfcb6cbe05dc071390ee91276d12f6fd870bac116af47518f6176",
|
||||
"zh:f4c0cd2168f59d4fbf4b1fada95a9c973224bbf81975e948f741ad18ef665690",
|
||||
"h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=",
|
||||
"h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=",
|
||||
"h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=",
|
||||
"h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=",
|
||||
"h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=",
|
||||
"h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=",
|
||||
"h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=",
|
||||
"h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=",
|
||||
"h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=",
|
||||
"h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=",
|
||||
"h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=",
|
||||
"h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=",
|
||||
"h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=",
|
||||
"zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0",
|
||||
"zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01",
|
||||
"zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2",
|
||||
"zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61",
|
||||
"zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad",
|
||||
"zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5",
|
||||
"zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9",
|
||||
"zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8",
|
||||
"zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de",
|
||||
"zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5",
|
||||
"zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a",
|
||||
"zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331",
|
||||
"zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.12.0"
|
||||
version = "2026.2.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -37,22 +37,11 @@ resource "authentik_group" "arrs" {
|
|||
is_superuser = false
|
||||
}
|
||||
|
||||
resource "authentik_group" "vpn" {
|
||||
name = "vpn"
|
||||
resource "authentik_group" "cloud" {
|
||||
name = "cloud"
|
||||
is_superuser = false
|
||||
}
|
||||
|
||||
resource "authentik_group" "ftp" {
|
||||
name = "ftp"
|
||||
is_superuser = false
|
||||
}
|
||||
|
||||
resource "authentik_group" "mediamanager" {
|
||||
name = "mediamanager"
|
||||
is_superuser = false
|
||||
}
|
||||
|
||||
|
||||
module "gitea" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Gitea"
|
||||
|
|
@ -181,30 +170,6 @@ module "prowlarr" {
|
|||
internal_host_ssl_validation = false
|
||||
}
|
||||
|
||||
module "sftpgo" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "SFTPGo"
|
||||
app_slug = "SFTPGo"
|
||||
client_id = var.sftpgo_client_id
|
||||
client_secret = var.sftpgo_client_secret
|
||||
client_type = "confidential"
|
||||
app_access_group_id = authentik_group.ftp.id
|
||||
redirect_uris = [
|
||||
{
|
||||
matching_mode = "regex",
|
||||
url = "https://ftp.fukurokuju.dev/.*"
|
||||
}
|
||||
]
|
||||
extra_property_mappings = [
|
||||
|
||||
]
|
||||
app_icon = "https://ftp.fukurokuju.dev/static/img/logo.png"
|
||||
access_token_validity = "days=10"
|
||||
app_url = "https://ftp.fukurokuju.dev"
|
||||
app_description = "SFTPGo"
|
||||
sub_mode = "user_username"
|
||||
}
|
||||
|
||||
module "rustical" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "rustical"
|
||||
|
|
@ -227,17 +192,6 @@ module "jellyfin" {
|
|||
app_access_group_id = authentik_group.arrs.id
|
||||
}
|
||||
|
||||
module "tandoor" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Tandoor"
|
||||
app_slug = "tandoor"
|
||||
app_access_group_id = ""
|
||||
app_url = "https://recipes.roboces.dev"
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://recipes.roboces.dev/accounts/oidc/authentik/login/callback/" }]
|
||||
app_icon = "https://recipes.roboces.dev/static/assets/logo_color_192.c9b9177ff941.png"
|
||||
client_id = var.tandoor_client_id
|
||||
client_secret = var.tandoor_client_secret
|
||||
}
|
||||
|
||||
module "ganymede" {
|
||||
source = "../modules/authentik-oidc"
|
||||
|
|
@ -261,14 +215,16 @@ module "jellyseerr" {
|
|||
app_access_group_id = authentik_group.arrs.id
|
||||
}
|
||||
|
||||
module "pulse" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Pulse"
|
||||
app_slug = "pulse"
|
||||
app_url = "https://pulse.fukurokuju.dev"
|
||||
client_id = var.pulse_client_id
|
||||
client_secret = var.pulse_client_secret
|
||||
app_icon = "https://pulse.fukurokuju.dev/logo.svg"
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://pulse.fukurokuju.dev/api/oidc/callback" }]
|
||||
app_access_group_id = authentik_group.admins.id
|
||||
module "cloud" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Cloud"
|
||||
app_slug = "cloud"
|
||||
app_url = "https://cloud.roboces.dev"
|
||||
client_id = var.oxicloud_client_id
|
||||
client_secret = var.oxicloud_client_secret
|
||||
app_icon = "https://cloud.roboces.dev/themes/opencloud/assets/favicon.svg"
|
||||
redirect_uris = [{
|
||||
matching_mode = "strict", url = "https://cloud.roboces.dev/api/auth/oidc/callback"
|
||||
}]
|
||||
app_access_group_id = authentik_group.cloud.id
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,13 +8,9 @@ TF_VAR_portainer_client_id=
|
|||
TF_VAR_portainer_client_secret=
|
||||
TF_VAR_paperless_client_id=
|
||||
TF_VAR_paperless_client_secret=
|
||||
TF_VAR_sftpgo_client_id=
|
||||
TF_VAR_sftpgo_client_secret=
|
||||
TF_VAR_rustical_client_id=
|
||||
TF_VAR_rustical_client_secret=
|
||||
TF_VAR_tandoor_client_id=
|
||||
TF_VAR_tandoor_client_secret=
|
||||
TF_VAR_ganymede_client_id=
|
||||
TF_VAR_ganymede_client_secret=
|
||||
TF_VAR_pulse_client_id=
|
||||
TF_VAR_pulse_client_secret=
|
||||
TF_VAR_oxicloud_client_id=aef61f77326b813cf8d8ba71d1ac994b5642685ca37e4710ab0079e91d87702d55fd9775d473b05aff45603bf08e78dba26850af3a815f3c3ac171d163368aa0
|
||||
TF_VAR_oxicloud_client_secret=a4038df17c9fd06f86372aeaaae8f3fd1374d8978983af7b398d948ef15d1efe522a1faa2fc7652bc410c516d96cd2e4211dad4e05ba6297bdd8d9090460d5fc
|
||||
|
|
|
|||
|
|
@ -39,15 +39,6 @@ variable "paperless_client_secret" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "sftpgo_client_id" {
|
||||
description = "SFTPGo client ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "sftpgo_client_secret" {
|
||||
description = "SFTPGo client secret"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "rustical_client_id" {
|
||||
description = "Rustical client ID"
|
||||
|
|
@ -59,15 +50,6 @@ variable "rustical_client_secret" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "tandoor_client_id" {
|
||||
description = "Tandoor client ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "tandoor_client_secret" {
|
||||
description = "Tandoor client secret"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ganymede_client_id" {
|
||||
description = "Ganymede client ID"
|
||||
|
|
@ -79,12 +61,12 @@ variable "ganymede_client_secret" {
|
|||
type = string
|
||||
}
|
||||
|
||||
variable "pulse_client_id" {
|
||||
description = "Pulse client ID"
|
||||
variable "oxicloud_client_id" {
|
||||
description = "Oxicloud client ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "pulse_client_secret" {
|
||||
description = "Pulse client secret"
|
||||
variable "oxicloud_client_secret" {
|
||||
description = "Oxicloud client secret"
|
||||
type = string
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.12.0"
|
||||
version = "2026.2.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
58
tofu/modules/authentik-ldap/.terraform.lock.hcl
generated
58
tofu/modules/authentik-ldap/.terraform.lock.hcl
generated
|
|
@ -2,36 +2,34 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/goauthentik/authentik" {
|
||||
version = "2025.12.0"
|
||||
constraints = "2025.12.0"
|
||||
version = "2026.2.0"
|
||||
constraints = "2026.2.0"
|
||||
hashes = [
|
||||
"h1:1WOionGZogRGfcwgsBshgGDDMFWqioq62s/FmpTonI8=",
|
||||
"h1:7EkbL1fO5vkX5IvlGhKIjWcEPIc7U3zS/x0+rMC+NKE=",
|
||||
"h1:N65bk3gPCHEJE8c68LCjQ2NMwDKDJlt0+ofnmeNM4FI=",
|
||||
"h1:S2NDeRAxbfKPGvBqM7WES5znedi0V2AWc5wxkczYDd8=",
|
||||
"h1:ZmqC2orWU2UItPZJZfsSnBBX7Ds0OEk8EarBtWjuFsc=",
|
||||
"h1:aofPDDDWm9c87uip8IwKlhGDePNNr6Sy0Q+m9NgOols=",
|
||||
"h1:f3+jlDlxpgKdCbcB7ac4lVn5pdSMM1e2Qh0AB0RDNsA=",
|
||||
"h1:jt+Gtla0Z7zN4gCltMg//aDfCoSIdCyFF4ept4Qwc6E=",
|
||||
"h1:msEjekUeIUKY6lipADjuQpaU1HPrp0MU19R9LpZv5UM=",
|
||||
"h1:t61WX+9iOOCLlZ8tt/vZP7X8M/Q7F5k6QUyduYtpVf8=",
|
||||
"h1:tI7fyxvSatX28mp0woFsBbhrnzgeZTZAaitzKThlyAo=",
|
||||
"h1:wzjwM6RA9Jth4iCN5J9dzxnfjO56ZFl1T5rAQhuU1og=",
|
||||
"h1:xZZSwrSXnUCPmP9U3EY9fKPmBru58wZozovF2+i//oY=",
|
||||
"h1:z/+UpU0PH5hae3WEqJO7Lreo0wYO77UuJrimJyV3Mcg=",
|
||||
"zh:0ce23bd10c1782a3ae9321a572093df2c283df9003fc1cf33f6e63df18a81b7a",
|
||||
"zh:0de1db5b3363603e6bd25c9c420e24e872bcfe8d43a7015b710a0292ffa7a649",
|
||||
"zh:1d719e62eb5195a6461cdf2e175960093cdb77b190a7b15eb3fd0e1fc38409e1",
|
||||
"zh:3adba178a720c90f296183479872a82719f5497b24e90224c044bcc9e29092b7",
|
||||
"zh:54e5895e61a39b955be26977c273d9581beccf0e22ec58932708472cab40b03b",
|
||||
"zh:59b8df5b3be8bf9e8a8dcc7b5edf96b0ca505f93fc0db022cc33513172dbc2c8",
|
||||
"zh:6d86630e353b874ad43d09e3d3541ba4f824c578122a21c7895a452a0534ca05",
|
||||
"zh:b6c7466446ce685971dee0c7b2dcb16917e3d23805a51d7a2091e475908c8d87",
|
||||
"zh:ca306de78ea0f99f698548d51b094501e8299340ccc9c6549d1b62fc1fe29456",
|
||||
"zh:cc6bd38417c0a6c0d7a1c8533007c113155d82d085ea705d955dadf62b2f9f66",
|
||||
"zh:da657c9db5647620fca377fdc934db6a0f6d05d4cc0dd91a47404850805fd6da",
|
||||
"zh:dc0b1effedb7a35d1756be915ff8b48d0f422b7a9da75e7f14a2d3efa2d4806f",
|
||||
"zh:eef8d1715e9cfcb6cbe05dc071390ee91276d12f6fd870bac116af47518f6176",
|
||||
"zh:f4c0cd2168f59d4fbf4b1fada95a9c973224bbf81975e948f741ad18ef665690",
|
||||
"h1:/y7//ItB3vYvtDzSgrd7eY4QHGQ7b2G/rF/rtXdvUiY=",
|
||||
"h1:2MTCDpaUJ9AAckFf+lfhq5VNkl4/e1is7XIHfjFX20U=",
|
||||
"h1:EECfgcbT6h+ppgQ3x06iQZSheZ4vJ6NVwXGYGzyuQQ4=",
|
||||
"h1:Hg5gBZc/mPbMwH3r5AVbDycUFoeh1LlHtAvVKsnruTY=",
|
||||
"h1:J9+XlKbvc8x99ZV779XH0swZhsJo+Zcrh7UCK5pKQKY=",
|
||||
"h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=",
|
||||
"h1:imSeB1o2GiuyBKsK6prOkOT7dQVDK42TaxGWAb+wEvg=",
|
||||
"h1:jpOkyfrzbb/LBCdW/0R2Ag+X9bRw6X1/2BRMoImfgQ8=",
|
||||
"h1:pT8YP3VDxKxhT1X+UXmjN78C+8NNb3fIANWNjR0xRX4=",
|
||||
"h1:pum2uBRNDUjPeP9aYszm+6GU+K7tZIpbbLrsN39l8iw=",
|
||||
"h1:qYcmNSTHIU6XefHE11SmywKqgp84B6n2Fzwdj/8dRN8=",
|
||||
"h1:zH1hHNBUvxXZBzxyQa6OPjDAlZyr3rA7LqwTVVZDW9s=",
|
||||
"h1:zacZCsqLyCstv+qE+VhFvwCIGLQEdNBsMIM7r9umUSQ=",
|
||||
"zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0",
|
||||
"zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01",
|
||||
"zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2",
|
||||
"zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61",
|
||||
"zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad",
|
||||
"zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5",
|
||||
"zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9",
|
||||
"zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8",
|
||||
"zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de",
|
||||
"zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5",
|
||||
"zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a",
|
||||
"zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331",
|
||||
"zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.12.0"
|
||||
version = "2026.2.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.12.0"
|
||||
version = "2026.2.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ terraform {
|
|||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.12.0"
|
||||
version = "2026.2.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue