remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 3 Packages Projects Releases Wiki Activity

Compare commits

base: remoll:feature/matrix
Branches Tags
remoll:main remoll:renovate/loki-6.x remoll:renovate/prometheus-node-exporter-4.x remoll:renovate/prometheus-operator-prometheus-operator-0.x remoll:feature/headscale remoll:feature/media-downloads remoll:feature/crowdsec remoll:feature/matrix remoll:feature/llm remoll:feature/gaming remoll:feature/affine remoll:feature/unified-file-sync
...
compare: remoll:c5aa0eb38f8cb984826e564ddf728909adf31d15
Branches Tags
remoll:renovate/loki-6.x remoll:main remoll:renovate/prometheus-node-exporter-4.x remoll:renovate/prometheus-operator-prometheus-operator-0.x remoll:feature/headscale remoll:feature/media-downloads remoll:feature/crowdsec remoll:feature/matrix remoll:feature/llm remoll:feature/gaming remoll:feature/affine remoll:feature/unified-file-sync

388 Commits
feature/ma ... c5aa0eb38f

Author SHA1 Message Date
Renovate Bot
c5aa0eb38f Update ghcr.io/coder/code-server Docker tag to v4.99.4 2025-05-02 20:01:12 +00:00
Remy Moll
a261e063f4 Merge pull request 'Update Helm release grafana to v8.14.1' (#434) from renovate/grafana-8.x into main 
Reviewed-on: #434
 2025-05-02 08:05:21 +00:00
Renovate Bot
6c3d4e522f Update Helm release grafana to v8.14.1 2025-05-01 22:01:11 +00:00
Remy Moll
f5ec343738 update immich, revert minecraft update 2025-05-01 14:01:13 +02:00
Remy Moll
df58f85de3 Merge pull request 'Update Helm release authelia to v0.10.6' (#422) from renovate/authelia-0.x into main 
Reviewed-on: #422
 2025-05-01 12:00:15 +00:00
Remy Moll
a464fa6f7b Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.21.0' (#430) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #430
 2025-05-01 12:00:04 +00:00
Remy Moll
71d1f4d111 Merge pull request 'Update Helm release redis to v20.13.4' (#431) from renovate/redis-20.x into main 
Reviewed-on: #431
 2025-05-01 11:44:10 +00:00
Remy Moll
f1d3c8df11 Merge pull request 'Update Helm release grafana to v8.14.0' (#426) from renovate/grafana-8.x into main 
Reviewed-on: #426
 2025-05-01 11:43:55 +00:00
Remy Moll
8059d30b45 Merge pull request 'Update Helm release traefik to v35.2.0' (#427) from renovate/traefik-35.x into main 
Reviewed-on: #427
 2025-05-01 11:43:37 +00:00
Remy Moll
70d07e2e18 Merge pull request 'Update renovate/renovate Docker tag to v40' (#432) from renovate/renovate-renovate-40.x into main 
Reviewed-on: #432
 2025-05-01 11:42:59 +00:00
Renovate Bot
59aad770da Update renovate/renovate Docker tag to v40 2025-04-30 10:05:23 +00:00
Renovate Bot
bb70970e38 Update Helm release redis to v20.13.4 2025-04-30 08:01:52 +00:00
Renovate Bot
48bbfd28de Update Helm release grafana to v8.14.0 2025-04-30 00:05:05 +00:00
Renovate Bot
b61171c21c Update Helm release traefik to v35.2.0 2025-04-29 18:05:20 +00:00
Remy Moll
ad310ae8d3 update minecraft server version 2025-04-27 21:41:33 +02:00
Renovate Bot
01f6d3a5d2 Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.21.0 2025-04-27 18:02:25 +00:00
Remy Moll
0c87d7c7ab Merge pull request 'Update Helm release prometheus-node-exporter to v4.45.3' (#428) from renovate/prometheus-node-exporter-4.x into main 
Reviewed-on: #428
 2025-04-27 11:35:46 +00:00
Remy Moll
52772ce8d1 fix invalid value 2025-04-26 19:39:32 +02:00
Remy Moll
e2765325fc Merge pull request 'Update Helm release redis to v20.13.2' (#425) from renovate/redis-20.x into main 
Reviewed-on: #425
 2025-04-26 17:27:10 +00:00
Remy Moll
9074dab74e Merge pull request 'Manage stump' (#429) from feature/stump into main 
Reviewed-on: #429
 2025-04-26 17:26:41 +00:00
Remy Moll
4cc23e7acb manage stump through argo 2025-04-26 19:25:41 +02:00
Remy Moll
e39863275f allow uploads 2025-04-26 19:24:16 +02:00
Remy Moll
4ebc0b1069 improve minecraft performance by using a non nfs volume for live data 2025-04-26 14:07:34 +02:00
Renovate Bot
0688846033 Update Helm release prometheus-node-exporter to v4.45.3 2025-04-25 18:02:09 +00:00
Remy Moll
75a7f6b9b7 update immich 2025-04-24 22:51:52 +02:00
Remy Moll
1ead67d10b add stump 2025-04-24 22:51:21 +02:00
Renovate Bot
451a992d8d Update Helm release redis to v20.13.2 2025-04-24 12:02:48 +00:00
Remy Moll
7049403d60 Merge pull request 'Update Helm release redis to v20.13.0' (#423) from renovate/redis-20.x into main 
Reviewed-on: #423
 2025-04-23 08:28:52 +00:00
Remy Moll
380e74a82a Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.61' (#424) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #424
 2025-04-23 08:27:37 +00:00
Renovate Bot
1a89391702 Update Helm release redis to v20.13.0 2025-04-22 18:02:25 +00:00
Renovate Bot
1ba5687c4b Update adguard/adguardhome Docker tag to v0.107.61 2025-04-22 18:02:14 +00:00
Renovate Bot
37f3da0f9d Update Helm release authelia to v0.10.6 2025-04-22 18:02:06 +00:00
Remy Moll
9cba318022 Merge pull request 'Update dependency prometheus-operator/prometheus-operator to v0.82.0' (#421) from renovate/prometheus-operator-prometheus-operator-0.x into main 
Reviewed-on: #421
 2025-04-20 23:17:06 +00:00
Remy Moll
3f8b6bd228 Merge pull request 'Update ghcr.io/coder/code-server Docker tag to v4.99.3' (#413) from renovate/ghcr.io-coder-code-server-4.x into main 
Reviewed-on: #413
 2025-04-20 23:15:58 +00:00
Remy Moll
a6b1f52580 Merge pull request 'Update Helm release grafana to v8.12.1' (#419) from renovate/grafana-8.x into main 
Reviewed-on: #419
 2025-04-20 22:22:46 +00:00
Remy Moll
d3bf3f1680 Merge pull request 'Update Helm release redis to v20.12.1' (#416) from renovate/redis-20.x into main 
Reviewed-on: #416
 2025-04-20 21:56:53 +00:00
Remy Moll
4de54f76b2 Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.60' (#418) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #418
 2025-04-20 15:17:47 +00:00
Remy Moll
5b0ae4971c Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.15.3' (#420) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #420
 2025-04-20 15:17:06 +00:00
Remy Moll
341bacbb56 Merge pull request 'Update Helm release traefik to v35' (#412) from renovate/traefik-35.x into main 
Reviewed-on: #412
 2025-04-20 15:16:35 +00:00
Renovate Bot
fcb03b1120 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.15.3 2025-04-20 00:02:21 +00:00
Renovate Bot
f22ca6fc14 Update Helm release traefik to v35 2025-04-18 16:05:18 +00:00
Renovate Bot
ebbad2b4a9 Update ghcr.io/coder/code-server Docker tag to v4.99.3 2025-04-17 20:05:16 +00:00
Renovate Bot
e257f9e063 Update dependency prometheus-operator/prometheus-operator to v0.82.0 2025-04-17 10:05:21 +00:00
Renovate Bot
c6095888a7 Update Helm release grafana to v8.12.1 2025-04-16 20:02:00 +00:00
Renovate Bot
bac8c5d40e Update Helm release redis to v20.12.1 2025-04-16 16:02:33 +00:00
Renovate Bot
047810e60c Update adguard/adguardhome Docker tag to v0.107.60 2025-04-14 12:05:30 +00:00
Remy Moll
6027c40630 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.15.1' (#417) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #417
 2025-04-10 08:19:52 +00:00
Remy Moll
5541be46fd Merge pull request 'Update Helm release grafana to v8.11.4' (#415) from renovate/grafana-8.x into main 
Reviewed-on: #415
 2025-04-10 08:19:24 +00:00
Renovate Bot
efbdb5a9ce Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.15.1 2025-04-10 00:05:41 +00:00
Renovate Bot
0749490292 Update Helm release grafana to v8.11.4 2025-04-09 12:02:27 +00:00
Remy Moll
092010dd75 Merge pull request 'Update Helm release prometheus-node-exporter to v4.45.2' (#411) from renovate/prometheus-node-exporter-4.x into main 
Reviewed-on: #411
 2025-04-09 08:18:30 +00:00
Remy Moll
42d67db99d Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.15.0' (#414) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #414
 2025-04-09 08:17:36 +00:00
Renovate Bot
c51b6965e8 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.15.0 2025-04-08 18:03:39 +00:00
Renovate Bot
ecac04b548 Update Helm release prometheus-node-exporter to v4.45.2 2025-04-07 16:02:17 +00:00
Remy Moll
e63bc3e177 Merge pull request 'Update Helm release loki to v6.29.0' (#388) from renovate/loki-6.x into main 
Reviewed-on: #388
 2025-04-06 13:46:37 +00:00
Remy Moll
44cccf7767 Merge pull request 'Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.29.0' (#391) from renovate/docker.io-bitnami-sealed-secrets-controller-0.x into main 
Reviewed-on: #391
 2025-04-06 13:29:31 +00:00
Remy Moll
3e64cfe53c Merge pull request 'Update Helm release grafana to v8.11.3' (#407) from renovate/grafana-8.x into main 
Reviewed-on: #407
 2025-04-06 13:20:24 +00:00
Remy Moll
ebb78d138d Merge pull request 'Update quay.io/thanos/thanos Docker tag to v0.38.0' (#406) from renovate/quay.io-thanos-thanos-0.x into main 
Reviewed-on: #406
 2025-04-06 13:16:33 +00:00
Remy Moll
648ba08399 Merge pull request 'Update octodns/octodns Docker tag to v2025.04' (#408) from renovate/octodns-octodns-2025.x into main 
Reviewed-on: #408
 2025-04-06 13:14:37 +00:00
Remy Moll
c575b3cae3 Merge pull request 'Update actualbudget/actual-server Docker tag to v25.4.0' (#409) from renovate/actualbudget-actual-server-25.x into main 
Reviewed-on: #409
 2025-04-06 13:03:14 +00:00
Remy Moll
b791b04b7e Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.10.7' (#410) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #410
 2025-04-06 13:02:52 +00:00
Renovate Bot
b8800ecc95 Update jellyfin/jellyfin Docker tag to v10.10.7 2025-04-05 20:02:15 +00:00
Renovate Bot
63a82943dd Update actualbudget/actual-server Docker tag to v25.4.0 2025-04-05 04:02:31 +00:00
Renovate Bot
376c1cf38f Update octodns/octodns Docker tag to v2025.04 2025-04-04 20:02:33 +00:00
Renovate Bot
159f2fa696 Update Helm release grafana to v8.11.3 2025-04-04 18:01:59 +00:00
Renovate Bot
24d0e59f4a Update quay.io/thanos/thanos Docker tag to v0.38.0 2025-04-03 10:02:38 +00:00
Remy Moll
2b72217fbe Merge pull request 'Update homeassistant/home-assistant Docker tag to v2025.4' (#405) from renovate/homeassistant-home-assistant-2025.x into main 
Reviewed-on: #405
 2025-04-03 08:10:43 +00:00
Renovate Bot
d0d045b348 Update homeassistant/home-assistant Docker tag to v2025.4 2025-04-02 18:02:32 +00:00
Remy Moll
45bac8fec1 Merge pull request 'Update Helm release prometheus-node-exporter to v4.45.0' (#397) from renovate/prometheus-node-exporter-4.x into main 
Reviewed-on: #397
 2025-04-01 22:05:10 +00:00
Remy Moll
df1ecbe645 Merge pull request 'Update Helm release authelia to v0.10.4' (#398) from renovate/authelia-0.x into main 
Reviewed-on: #398
 2025-04-01 22:04:41 +00:00
Remy Moll
6ed0327812 Merge pull request 'Update Helm release traefik to v34.5.0' (#400) from renovate/traefik-34.x into main 
Reviewed-on: #400
 2025-04-01 22:03:55 +00:00
Remy Moll
f232efb2fa Merge pull request 'Update Helm release grafana to v8.11.1' (#404) from renovate/grafana-8.x into main 
Reviewed-on: #404
 2025-04-01 22:03:28 +00:00
Remy Moll
e62382159c Merge pull request 'Update Helm release gitea to v11.0.1' (#403) from renovate/gitea-11.x into main 
Reviewed-on: #403
 2025-04-01 22:03:06 +00:00
Renovate Bot
bec5124d8d Update Helm release grafana to v8.11.1 2025-04-01 20:02:28 +00:00
Renovate Bot
5445621fc7 Update Helm release gitea to v11.0.1 2025-04-01 16:02:39 +00:00
Renovate Bot
1ae91430e2 Update Helm release traefik to v34.5.0 2025-03-31 14:03:26 +00:00
Remy Moll
b9223ecd89 Merge pull request 'Update owncloud/ocis Docker tag to v7.1.2' (#399) from renovate/owncloud-ocis-7.x into main 
Reviewed-on: #399
 2025-03-31 07:26:10 +00:00
Renovate Bot
af20f12608 Update owncloud/ocis Docker tag to v7.1.2 2025-03-30 12:03:07 +00:00
Remy Moll
119a520dcd Merge pull request 'Update Helm release grafana to v8.11.0' (#393) from renovate/grafana-8.x into main 
Reviewed-on: #393
 2025-03-30 11:47:26 +00:00
Renovate Bot
86ffbccafd Update Helm release authelia to v0.10.4 2025-03-29 16:02:27 +00:00
Remy Moll
8b2892220d immich update 2025-03-28 11:19:48 +01:00
Renovate Bot
0212f19650 Update Helm release prometheus-node-exporter to v4.45.0 2025-03-28 10:03:17 +00:00
Remy Moll
f4e8318396 update minecraft modpack 2025-03-27 22:54:41 +01:00
Renovate Bot
e586285ed8 Update Helm release grafana to v8.11.0 2025-03-27 18:02:48 +00:00
Renovate Bot
1710a336a7 Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.29.0 2025-03-27 12:04:07 +00:00
Renovate Bot
c4db09d00e Update Helm release loki to v6.29.0 2025-03-26 22:03:05 +00:00
Remy Moll
4a06fcda92 Merge pull request 'Update Helm release redis to v20.11.4' (#382) from renovate/redis-20.x into main 
Reviewed-on: #382
 2025-03-24 07:42:38 +00:00
Remy Moll
4790b8e57a Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.59' (#379) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #379
 2025-03-24 07:41:18 +00:00
Renovate Bot
309fadded7 Update Helm release redis to v20.11.4 2025-03-23 10:02:28 +00:00
Renovate Bot
7dbca93691 Update adguard/adguardhome Docker tag to v0.107.59 2025-03-21 12:05:15 +00:00
Remy Moll
d0409edeb6 Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v2.8.0' (#376) from renovate/ghcr.io-mealie-recipes-mealie-2.x into main 
Reviewed-on: #376
 2025-03-20 09:19:56 +00:00
Remy Moll
043e5cfb65 Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.58' (#377) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #377
 2025-03-20 09:19:20 +00:00
Renovate Bot
d80062b388 Update adguard/adguardhome Docker tag to v0.107.58 2025-03-19 20:02:26 +00:00
Renovate Bot
b8f564342f Update ghcr.io/mealie-recipes/mealie Docker tag to v2.8.0 2025-03-18 20:02:14 +00:00
Remy Moll
60b5078f9d Update authelia version & implement required changes 2025-03-18 17:23:31 +01:00
Remy Moll
3c9697ba42 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.20.0' (#375) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #375
 2025-03-18 09:26:45 +00:00
Renovate Bot
e5cf88f11d Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.20.0 2025-03-18 00:02:45 +00:00
Remy Moll
448b2b3c34 Merge pull request 'Update Helm release redis to v20.11.3' (#346) from renovate/redis-20.x into main 
Reviewed-on: #346
 2025-03-17 10:40:44 +00:00
Remy Moll
5471ac7343 Merge pull request 'Update ghcr.io/coder/code-server Docker tag to v4.98.2' (#366) from renovate/ghcr.io-coder-code-server-4.x into main 
Reviewed-on: #366
 2025-03-17 09:34:54 +00:00
Remy Moll
51f4f503eb Merge pull request 'Update Helm release traefik to v34.4.1' (#355) from renovate/traefik-34.x into main 
Reviewed-on: #355
 2025-03-17 09:34:03 +00:00
Remy Moll
fe8cda32a8 Merge pull request 'Update Helm release cloudnative-pg to v0.23.2' (#362) from renovate/cloudnative-pg-0.x into main 
Reviewed-on: #362
 2025-03-17 09:33:27 +00:00
Remy Moll
fe08375b4b Merge pull request 'Update Helm release grafana to v8.10.4' (#372) from renovate/grafana-8.x into main 
Reviewed-on: #372
 2025-03-17 09:32:36 +00:00
Remy Moll
219802bdc2 Merge pull request 'Update dependency prometheus-operator/prometheus-operator to v0.81.0' (#367) from renovate/prometheus-operator-prometheus-operator-0.x into main 
Reviewed-on: #367
 2025-03-17 09:31:56 +00:00
Remy Moll
a229a89098 Merge pull request 'Update octodns/octodns Docker tag to v2025' (#373) from renovate/octodns-octodns-2025.x into main 
Reviewed-on: #373
 2025-03-17 09:31:09 +00:00
Renovate Bot
69004e76c6 Update octodns/octodns Docker tag to v2025 2025-03-17 00:06:04 +00:00
Renovate Bot
37e823c9ea Update Helm release grafana to v8.10.4 2025-03-16 22:02:26 +00:00
Remy Moll
434f5a9b57 Merge pull request 'Update Helm release loki to v6.28.0' (#369) from renovate/loki-6.x into main 
Reviewed-on: #369
 2025-03-16 18:46:51 +00:00
Remy Moll
4e650d0dba Merge pull request 'Update Helm release grafana to v8.10.3' (#368) from renovate/grafana-8.x into main 
Reviewed-on: #368
 2025-03-16 18:45:39 +00:00
Remy Moll
edf076169d Merge pull request 'Update Helm release authelia to v0.10.0' (#371) from renovate/authelia-0.x into main 
Reviewed-on: #371
 2025-03-16 18:44:32 +00:00
Remy Moll
276c725e3c Merge pull request 'Update owncloud/ocis Docker tag to v7.1.1' (#370) from renovate/owncloud-ocis-7.x into main 
Reviewed-on: #370
 2025-03-16 18:42:50 +00:00
Renovate Bot
35f0273b2b Update Helm release authelia to v0.10.0 2025-03-16 12:03:25 +00:00
Renovate Bot
1ec7c7b3ec Update ghcr.io/coder/code-server Docker tag to v4.98.2 2025-03-15 04:05:41 +00:00
Renovate Bot
4bb263d901 Update owncloud/ocis Docker tag to v7.1.1 2025-03-14 18:02:54 +00:00
Renovate Bot
8d876debf4 Update Helm release loki to v6.28.0 2025-03-13 02:03:59 +00:00
Renovate Bot
0737cf3a77 Update Helm release grafana to v8.10.3 2025-03-13 02:03:09 +00:00
Renovate Bot
1a9044943c Update dependency prometheus-operator/prometheus-operator to v0.81.0 2025-03-11 16:06:00 +00:00
Remy Moll
08bececb27 Merge pull request 'Update tombursch/kitchenowl Docker tag to v0.6.11' (#363) from renovate/tombursch-kitchenowl-0.x into main 
Reviewed-on: #363
 2025-03-11 11:03:27 +00:00
Renovate Bot
d58278e110 Update Helm release redis to v20.11.3 2025-03-10 14:03:09 +00:00
Renovate Bot
21b4856678 Update tombursch/kitchenowl Docker tag to v0.6.11 2025-03-09 20:06:08 +00:00
Remy Moll
76bee2e51f update immich to 129.1 2025-03-08 12:53:36 +01:00
Renovate Bot
bac5295984 Update Helm release cloudnative-pg to v0.23.2 2025-03-08 00:05:12 +00:00
Remy Moll
a0bf8f6347 Merge pull request 'Update ghcr.io/coder/code-server Docker tag to v4.97.2' (#336) from renovate/ghcr.io-coder-code-server-4.x into main 
Reviewed-on: #336
 2025-03-07 23:50:55 +00:00
Remy Moll
573bd29bdc Merge pull request 'Update homeassistant/home-assistant Docker tag to v2025.3' (#358) from renovate/homeassistant-home-assistant-2025.x into main 
Reviewed-on: #358
 2025-03-07 23:49:48 +00:00
Remy Moll
b5ea282038 Merge pull request 'Update owncloud/ocis Docker tag to v7.1.0' (#359) from renovate/owncloud-ocis-7.x into main 
Reviewed-on: #359
 2025-03-07 23:46:05 +00:00
Remy Moll
d602914a68 Merge pull request 'Update sissbruecker/linkding Docker tag to v1.39.1' (#361) from renovate/sissbruecker-linkding-1.x into main 
Reviewed-on: #361
 2025-03-07 23:45:07 +00:00
Renovate Bot
6cd75a84b7 Update sissbruecker/linkding Docker tag to v1.39.1 2025-03-06 20:05:37 +00:00
Renovate Bot
a915b0541c Update owncloud/ocis Docker tag to v7.1.0 2025-03-06 14:05:58 +00:00
Renovate Bot
d57f44cf9e Update homeassistant/home-assistant Docker tag to v2025.3 2025-03-06 00:05:50 +00:00
Renovate Bot
087da0db97 Update Helm release traefik to v34.4.1 2025-03-05 12:02:41 +00:00
Remy Moll
74c31bd668 update immich version 2025-03-05 10:30:51 +01:00
Remy Moll
e5f5f59785 update immich version 2025-03-05 10:30:31 +01:00
Remy Moll
7051b2168a Merge pull request 'Update Helm release prometheus-node-exporter to v4.44.1' (#344) from renovate/prometheus-node-exporter-4.x into main 
Reviewed-on: #344
 2025-03-04 08:17:25 +00:00
Remy Moll
87fcd525db Merge pull request 'Update actualbudget/actual-server Docker tag to v25.3.1' (#352) from renovate/actualbudget-actual-server-25.x into main 
Reviewed-on: #352
 2025-03-04 07:59:04 +00:00
Remy Moll
904ff6ad95 Merge pull request 'Update Helm release gitea to v11' (#351) from renovate/gitea-11.x into main 
Reviewed-on: #351
 2025-03-03 08:18:47 +00:00
Renovate Bot
6863806a32 Update actualbudget/actual-server Docker tag to v25.3.1 2025-03-03 02:05:06 +00:00
Renovate Bot
f10af61bb6 Update Helm release gitea to v11 2025-03-01 18:06:09 +00:00
Remy Moll
437bd6e2ba Merge pull request 'Update actualbudget/actual-server Docker tag to v25.3.0' (#350) from renovate/actualbudget-actual-server-25.x into main 
Reviewed-on: #350
 2025-03-01 13:45:50 +00:00
Remy Moll
6aad946ed5 Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v2.7.1' (#349) from renovate/ghcr.io-mealie-recipes-mealie-2.x into main 
Reviewed-on: #349
 2025-03-01 13:45:24 +00:00
Renovate Bot
b98d8d7e18 Update actualbudget/actual-server Docker tag to v25.3.0 2025-03-01 02:07:43 +00:00
Renovate Bot
a7e3af06a6 Update ghcr.io/mealie-recipes/mealie Docker tag to v2.7.1 2025-02-28 12:07:07 +00:00
Remy Moll
0ae7c18783 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.5' (#345) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #345
 2025-02-28 08:41:59 +00:00
Renovate Bot
9a376cea5c Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.5 2025-02-27 12:04:08 +00:00
Renovate Bot
3f949e5b01 Update Helm release prometheus-node-exporter to v4.44.1 2025-02-27 12:03:41 +00:00
Remy Moll
287b7aa291 revert renovate upgrade 2025-02-27 12:37:55 +01:00
Remy Moll
36b2227544 Merge pull request 'Update Helm release redis to v20.8.0' (#341) from renovate/redis-20.x into main 
Reviewed-on: #341
 2025-02-23 10:00:20 +00:00
Remy Moll
129c0ef41b Merge pull request 'Update Helm release authelia to v0.9.16' (#328) from renovate/authelia-0.x into main 
Reviewed-on: #328
 2025-02-23 09:59:46 +00:00
Remy Moll
5006bfcae7 Merge pull request 'Update sissbruecker/linkding Docker tag to v1.38.1' (#342) from renovate/sissbruecker-linkding-1.x into main 
Reviewed-on: #342
 2025-02-23 09:59:27 +00:00
Remy Moll
0df361f907 Merge pull request 'Update renovate/renovate Docker tag to v40' (#343) from renovate/renovate-renovate-40.x into main 
Reviewed-on: #343
 2025-02-23 09:58:50 +00:00
Renovate Bot
d49abeb36d Update renovate/renovate Docker tag to v40 2025-02-22 22:06:04 +00:00
Renovate Bot
061ac2e79d Update sissbruecker/linkding Docker tag to v1.38.1 2025-02-22 20:03:13 +00:00
Renovate Bot
fefe5e61bd Update Helm release redis to v20.8.0 2025-02-22 16:03:26 +00:00
Remy Moll
5a473621b1 Merge pull request 'Update dependency prometheus-operator/prometheus-operator to v0.80.1' (#337) from renovate/prometheus-operator-prometheus-operator-0.x into main 
Reviewed-on: #337
 2025-02-22 11:26:25 +00:00
Remy Moll
c966a2233e Merge pull request 'Update Helm release grafana to v8.10.1' (#329) from renovate/grafana-8.x into main 
Reviewed-on: #329
 2025-02-22 10:43:34 +00:00
Remy Moll
1b7b1587f8 Merge pull request 'Update Helm release traefik to v34.4.0' (#338) from renovate/traefik-34.x into main 
Reviewed-on: #338
 2025-02-22 10:42:57 +00:00
Remy Moll
8d3157ce83 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.4' (#339) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #339
 2025-02-22 10:41:59 +00:00
Remy Moll
ed312fc25f Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.57' (#340) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #340
 2025-02-22 10:41:44 +00:00
Renovate Bot
d3307e6449 Update Helm release grafana to v8.10.1 2025-02-22 00:10:53 +00:00
Renovate Bot
70cf3a5c94 Update adguard/adguardhome Docker tag to v0.107.57 2025-02-20 16:03:23 +00:00
Renovate Bot
6f5020d1d2 Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.4 2025-02-20 02:03:17 +00:00
Renovate Bot
3f9e333d7f Update Helm release traefik to v34.4.0 2025-02-19 18:03:25 +00:00
Renovate Bot
2b417486cb Update dependency prometheus-operator/prometheus-operator to v0.80.1 2025-02-19 12:03:01 +00:00
Remy Moll
06814fb033 Merge pull request 'Update Helm release redis to v20.7.1' (#332) from renovate/redis-20.x into main 
Reviewed-on: #332
 2025-02-19 08:53:45 +00:00
Remy Moll
0103d138dd Merge pull request 'Update alpine/git Docker tag to v2.47.2' (#331) from renovate/alpine-git-2.x into main 
Reviewed-on: #331
 2025-02-19 08:49:49 +00:00
Remy Moll
ab71beaa4f Merge pull request 'Update Helm release loki to v6.27.0' (#330) from renovate/loki-6.x into main 
Reviewed-on: #330
 2025-02-19 08:47:35 +00:00
Remy Moll
df2b12eedc Merge pull request 'Update Helm release prometheus-node-exporter to v4.44.0' (#335) from renovate/prometheus-node-exporter-4.x into main 
Reviewed-on: #335
 2025-02-19 08:47:14 +00:00
Renovate Bot
be28ebb784 Update ghcr.io/coder/code-server Docker tag to v4.97.2 2025-02-18 20:06:19 +00:00
Remy Moll
ae3e36b6b1 update immich 2025-02-18 17:25:06 +01:00
Remy Moll
30dae69a02 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.3' (#333) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #333
 2025-02-18 14:12:39 +00:00
Remy Moll
5cb6ceb2fa Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.10.6' (#334) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #334
 2025-02-18 14:01:42 +00:00
Renovate Bot
979f44640d Update Helm release prometheus-node-exporter to v4.44.0 2025-02-17 18:06:34 +00:00
Renovate Bot
f43ececde3 Update jellyfin/jellyfin Docker tag to v10.10.6 2025-02-17 00:11:50 +00:00
Renovate Bot
512419f1ef Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.3 2025-02-17 00:11:41 +00:00
Renovate Bot
fd1658e686 Update Helm release redis to v20.7.1 2025-02-16 20:03:16 +00:00
Renovate Bot
9e87f36ce2 Update alpine/git Docker tag to v2.47.2 2025-02-16 06:03:07 +00:00
Renovate Bot
b700d057ae Update Helm release loki to v6.27.0 2025-02-15 00:03:39 +00:00
Remy Moll
2c489fde01 Merge pull request 'Update Helm release loki to v6.26.0' (#327) from renovate/loki-6.x into main 
Reviewed-on: #327
 2025-02-14 13:30:42 +00:00
Remy Moll
08329cf510 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.2' (#326) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #326
 2025-02-14 13:29:59 +00:00
Remy Moll
6c1277b593 Merge pull request 'Update tombursch/kitchenowl Docker tag to v0.6.10' (#325) from renovate/tombursch-kitchenowl-0.x into main 
Reviewed-on: #325
 2025-02-14 13:29:40 +00:00
Renovate Bot
0124725b19 Update Helm release authelia to v0.9.16 2025-02-13 00:03:14 +00:00
Renovate Bot
3ba4d6ee50 Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.2 2025-02-12 18:03:10 +00:00
Renovate Bot
d57a8dae3d Update Helm release loki to v6.26.0 2025-02-12 14:03:09 +00:00
Renovate Bot
e5731d76de Update tombursch/kitchenowl Docker tag to v0.6.10 2025-02-11 00:13:11 +00:00
Remy Moll
24bcadc8dd Merge pull request 'Update Helm release traefik to v34.3.0' (#320) from renovate/traefik-34.x into main 
Reviewed-on: #320
 2025-02-10 10:21:05 +00:00
Remy Moll
ebeaf5b400 Merge pull request 'Update actualbudget/actual-server Docker tag to v25.2.1' (#317) from renovate/actualbudget-actual-server-25.x into main 
Reviewed-on: #317
 2025-02-10 10:16:34 +00:00
Remy Moll
a41ecaebe5 Merge pull request 'Update sissbruecker/linkding Docker tag to v1.38.0' (#321) from renovate/sissbruecker-linkding-1.x into main 
Reviewed-on: #321
 2025-02-10 10:16:20 +00:00
Remy Moll
ccd142129e Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v2.6.0' (#318) from renovate/ghcr.io-mealie-recipes-mealie-2.x into main 
Reviewed-on: #318
 2025-02-10 10:15:49 +00:00
Remy Moll
54579e6f91 Merge pull request 'Update tombursch/kitchenowl Docker tag to v0.6.9' (#322) from renovate/tombursch-kitchenowl-0.x into main 
Reviewed-on: #322
 2025-02-10 10:15:31 +00:00
Renovate Bot
21cdeb6893 Update tombursch/kitchenowl Docker tag to v0.6.9 2025-02-09 18:09:27 +00:00
Renovate Bot
d616c0fcc6 Update sissbruecker/linkding Docker tag to v1.38.0 2025-02-09 10:08:48 +00:00
Remy Moll
469091ec3e Merge pull request 'Update owncloud/ocis Docker tag to v7.0.1' (#319) from renovate/owncloud-ocis-7.x into main 
Reviewed-on: #319
 2025-02-07 20:46:18 +00:00
Renovate Bot
e9372cb2cc Update Helm release traefik to v34.3.0 2025-02-07 18:02:56 +00:00
Renovate Bot
419654757a Update owncloud/ocis Docker tag to v7.0.1 2025-02-07 12:03:05 +00:00
Renovate Bot
632e333602 Update ghcr.io/mealie-recipes/mealie Docker tag to v2.6.0 2025-02-06 22:03:15 +00:00
Renovate Bot
3a5d7068ad Update actualbudget/actual-server Docker tag to v25.2.1 2025-02-06 22:03:09 +00:00
Remy Moll
f994c69ecc Merge pull request 'Update Helm release traefik to v34' (#292) from renovate/traefik-34.x into main 
Reviewed-on: #292
 2025-02-06 18:27:48 +00:00
Remy Moll
9fb2631e87 Merge pull request 'Update Helm release grafana to v8.9.0' (#304) from renovate/grafana-8.x into main 
Reviewed-on: #304
 2025-02-06 18:25:01 +00:00
Remy Moll
8ddf4f2ffb Merge pull request 'Update Helm release redis to v20.7.0' (#311) from renovate/redis-20.x into main 
Reviewed-on: #311
 2025-02-06 18:24:10 +00:00
Remy Moll
eb6e9dbb76 Merge pull request 'Update Helm release loki to v6.25.1' (#314) from renovate/loki-6.x into main 
Reviewed-on: #314
 2025-02-06 18:23:19 +00:00
Remy Moll
e5ac9e9a14 Merge pull request 'Update Helm release authelia to v0.9.15' (#313) from renovate/authelia-0.x into main 
Reviewed-on: #313
 2025-02-06 18:22:43 +00:00
Remy Moll
c3889442a1 Merge pull request 'Update dependency prometheus-operator/prometheus-operator to v0.80.0' (#312) from renovate/prometheus-operator-prometheus-operator-0.x into main 
Reviewed-on: #312
 2025-02-06 18:21:33 +00:00
Remy Moll
eaebe66de1 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.7' (#303) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #303
 2025-02-06 18:20:41 +00:00
Remy Moll
a543d784f4 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.0' (#307) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #307
 2025-02-06 18:20:03 +00:00
Remy Moll
52686d5315 Merge pull request 'Update homeassistant/home-assistant Docker tag to v2025.2' (#315) from renovate/homeassistant-home-assistant-2025.x into main 
Reviewed-on: #315
 2025-02-06 18:19:37 +00:00
Remy Moll
b86047145b Merge pull request 'Update actualbudget/actual-server Docker tag to v25.2.0' (#316) from renovate/actualbudget-actual-server-25.x into main 
Reviewed-on: #316
 2025-02-06 18:19:21 +00:00
Renovate Bot
f2d4bc629c Update actualbudget/actual-server Docker tag to v25.2.0 2025-02-05 22:06:06 +00:00
Renovate Bot
f68669c4d6 Update homeassistant/home-assistant Docker tag to v2025.2 2025-02-05 20:06:12 +00:00
Renovate Bot
cc49ce8d11 Update Helm release loki to v6.25.1 2025-02-05 12:03:02 +00:00
Renovate Bot
60984488b2 Update Helm release authelia to v0.9.15 2025-02-05 10:02:34 +00:00
Renovate Bot
45bdcfc191 Update dependency prometheus-operator/prometheus-operator to v0.80.0 2025-02-04 16:05:53 +00:00
Renovate Bot
6ed6762b8e Update Helm release redis to v20.7.0 2025-02-04 14:03:00 +00:00
Renovate Bot
1584b5d709 Update Helm release grafana to v8.9.0 2025-02-04 02:02:54 +00:00
Renovate Bot
cc70e6f7c6 Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.19.0 2025-02-02 22:02:53 +00:00
Renovate Bot
49781eb932 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.7 2025-01-31 18:02:09 +00:00
Remy Moll
ecf1e6e468 update immich version 2025-01-31 15:02:18 +01:00
Remy Moll
c3b530dee7 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.6' (#302) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #302
 2025-01-31 14:00:17 +00:00
Renovate Bot
a8622d2f60 Update Helm release traefik to v34 2025-01-28 18:02:47 +00:00
Renovate Bot
b95a2ad6b1 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.6 2025-01-28 02:02:55 +00:00
Remy Moll
1bb4b643c0 Merge pull request 'Update sissbruecker/linkding Docker tag to v1.37.0' (#301) from renovate/sissbruecker-linkding-1.x into main 
Reviewed-on: #301
 2025-01-27 08:26:35 +00:00
Renovate Bot
3b5ed5ef26 Update sissbruecker/linkding Docker tag to v1.37.0 2025-01-27 00:02:25 +00:00
Remy Moll
1f6f065172 Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.10.5' (#298) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #298
 2025-01-26 11:23:11 +00:00
Renovate Bot
7534b11b9b Update jellyfin/jellyfin Docker tag to v10.10.5 2025-01-25 20:02:19 +00:00
Remy Moll
a4c94f0c29 update immich 2025-01-25 09:37:44 +01:00
Remy Moll
f8a58abb98 Merge pull request 'Update ghcr.io/coder/code-server Docker tag to v4.96.4' (#291) from renovate/ghcr.io-coder-code-server-4.x into main 
Reviewed-on: #291
 2025-01-24 20:24:50 +00:00
Remy Moll
2a1925982d Merge pull request 'Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.28.0' (#286) from renovate/docker.io-bitnami-sealed-secrets-controller-0.x into main 
Reviewed-on: #286
 2025-01-24 20:24:31 +00:00
Remy Moll
d7e9e8eda1 Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.56' (#295) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #295
 2025-01-24 20:21:43 +00:00
Renovate Bot
a5a2db29a7 Update adguard/adguardhome Docker tag to v0.107.56 2025-01-23 16:02:22 +00:00
Remy Moll
4ab06c344c Merge pull request 'Update Helm release grafana to v8.8.5' (#288) from renovate/grafana-8.x into main 
Reviewed-on: #288
 2025-01-23 09:25:37 +00:00
Remy Moll
62e757a098 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.5' (#289) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #289
 2025-01-23 09:24:11 +00:00
Remy Moll
950706b5d8 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.18.1' (#290) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #290
 2025-01-23 09:23:39 +00:00
Remy Moll
0dc32f0bef Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.10.4' (#293) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #293
 2025-01-23 09:23:18 +00:00
Remy Moll
d3d68331b4 Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v2.5.0' (#294) from renovate/ghcr.io-mealie-recipes-mealie-2.x into main 
Reviewed-on: #294
 2025-01-23 09:22:55 +00:00
Renovate Bot
73439a376f Update ghcr.io/mealie-recipes/mealie Docker tag to v2.5.0 2025-01-22 18:03:13 +00:00
Renovate Bot
30906411e6 Update jellyfin/jellyfin Docker tag to v10.10.4 2025-01-22 04:03:02 +00:00
Renovate Bot
877356e696 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.5 2025-01-22 02:03:16 +00:00
Renovate Bot
0f4dcd7d99 Update Helm release grafana to v8.8.5 2025-01-21 18:02:28 +00:00
Renovate Bot
a8fa42e46f Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.18.1 2025-01-21 00:02:53 +00:00
Renovate Bot
3ac1fe7729 Update ghcr.io/coder/code-server Docker tag to v4.96.4 2025-01-20 20:02:45 +00:00
Remy Moll
79293f14e8 kitchenowl + code server 2025-01-19 18:47:03 +01:00
Remy Moll
2aa7f0509b Merge pull request 'Update Helm release loki to v6.25.0' (#287) from renovate/loki-6.x into main 
Reviewed-on: #287
 2025-01-18 10:41:35 +00:00
Renovate Bot
2600ece2dd Update Helm release loki to v6.25.0 2025-01-17 22:02:43 +00:00
Renovate Bot
92033aafe4 Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.28.0 2025-01-16 12:02:09 +00:00
Remy Moll
72434b5fef Merge pull request 'Update Helm release grafana to v8.8.3' (#285) from renovate/grafana-8.x into main 
Reviewed-on: #285
 2025-01-16 09:20:43 +00:00
Remy Moll
d8006e1a42 Merge pull request 'Update Helm release redis to v20.6.3' (#284) from renovate/redis-20.x into main 
Reviewed-on: #284
 2025-01-16 09:20:21 +00:00
Remy Moll
de3d513395 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.3' (#283) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #283
 2025-01-16 09:19:56 +00:00
Renovate Bot
adf061fcd7 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.3 2025-01-15 22:05:21 +00:00
Renovate Bot
2333465b59 Update Helm release grafana to v8.8.3 2025-01-15 22:02:12 +00:00
Renovate Bot
a8e14e0f1d Update Helm release redis to v20.6.3 2025-01-15 12:02:18 +00:00
Remy Moll
3c0a403352 gitea burst resources 2025-01-14 19:42:25 +01:00
Remy Moll
07ea858c72 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.1' (#282) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #282
 2025-01-14 10:04:15 +00:00
Renovate Bot
916497be69 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.14.1 2025-01-14 02:02:12 +00:00
Remy Moll
3a2575d7bf lil adguard blocklist update 2025-01-13 17:50:31 +01:00
Remy Moll
8ac84f79dd Merge pull request 'Update Helm release redis to v20.6.2' (#280) from renovate/redis-20.x into main 
Reviewed-on: #280
 2025-01-09 09:20:58 +00:00
Remy Moll
657f836664 update immich 2025-01-09 10:17:19 +01:00
Renovate Bot
108abba08c Update Helm release redis to v20.6.2 2025-01-08 10:01:45 +00:00
Remy Moll
c303e1b4a7 Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v2.4.2' (#277) from renovate/ghcr.io-mealie-recipes-mealie-2.x into main 
Reviewed-on: #277
 2025-01-07 15:24:49 +00:00
Renovate Bot
4502a129bf Update ghcr.io/mealie-recipes/mealie Docker tag to v2.4.2 2025-01-07 10:01:41 +00:00
Remy Moll
5ebc123788 Merge pull request 'Update actualbudget/actual-server Docker tag to v25' (#276) from renovate/actualbudget-actual-server-25.x into main 
Reviewed-on: #276
 2025-01-07 09:59:19 +00:00
Renovate Bot
94fac8c1af Update actualbudget/actual-server Docker tag to v25 2025-01-07 08:01:38 +00:00
Remy Moll
694cecdb1c Merge pull request 'Update homeassistant/home-assistant Docker tag to v2025' (#275) from renovate/homeassistant-home-assistant-2025.x into main 
Reviewed-on: #275
 2025-01-06 09:55:33 +00:00
Remy Moll
eb23d752bf pin mealie version 2025-01-05 18:10:59 +01:00
Remy Moll
599e51e7af fix some service monitors 2025-01-05 17:47:01 +01:00
Remy Moll
16161bafb7 monitoring swtich back to prometheus-operator 2025-01-05 17:18:27 +01:00
Renovate Bot
c371ff885f Update homeassistant/home-assistant Docker tag to v2025 2025-01-05 14:02:02 +00:00
Remy Moll
2a56392af0 slow down renovate 2025-01-05 13:40:50 +01:00
Remy Moll
0a15330379 update ocis 2025-01-04 11:54:26 +01:00
Remy Moll
57f7a93acf Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.7' (#273) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #273
 2025-01-03 11:59:37 +00:00
Renovate Bot
f603de439c Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.7 2025-01-01 22:31:44 +00:00
Remy Moll
f8e9028810 monitoring fixes 2024-12-28 14:21:54 +01:00
Remy Moll
ee20223507 monitoring cleanup 2024-12-23 22:40:35 +01:00
Remy Moll
d6faeb3e4c immich update 2024-12-23 20:59:59 +01:00
Remy Moll
c248c10fb9 Merge pull request 'Update Helm release cloudnative-pg to v0.23.0' (#272) from renovate/cloudnative-pg-0.x into main 
Reviewed-on: #272
 2024-12-23 19:57:59 +00:00
Remy Moll
fd2fd109e4 Merge pull request 'Update Helm release grafana to v8.8.2' (#266) from renovate/grafana-8.x into main 
Reviewed-on: #266
 2024-12-23 19:57:42 +00:00
Remy Moll
1e6db5d1fa Merge pull request 'Update Helm release redis to v20.6.1' (#267) from renovate/redis-20.x into main 
Reviewed-on: #267
 2024-12-23 19:57:11 +00:00
Remy Moll
2436bc6ea4 Merge pull request 'Update Helm release metallb to v0.14.9' (#269) from renovate/metallb-0.x into main 
Reviewed-on: #269
 2024-12-23 19:56:54 +00:00
Remy Moll
ac6ede67d9 Merge pull request 'Update vikunja/vikunja Docker tag to v0.24.6' (#271) from renovate/vikunja-vikunja-0.x into main 
Reviewed-on: #271
 2024-12-23 19:56:17 +00:00
Renovate Bot
19296874a7 Update Helm release cloudnative-pg to v0.23.0 2024-12-23 17:31:34 +00:00
Renovate Bot
122c9012df Update vikunja/vikunja Docker tag to v0.24.6 2024-12-23 05:01:30 +00:00
Renovate Bot
7d8a5d9ab3 Update Helm release redis to v20.6.1 2024-12-22 03:02:03 +00:00
Renovate Bot
e5465adc39 Update Helm release metallb to v0.14.9 2024-12-17 16:31:31 +00:00
Renovate Bot
9d304e56e1 Update Helm release grafana to v8.8.2 2024-12-17 03:01:49 +00:00
Remy Moll
bcfb37b686 Merge pull request 'Update Helm release grafana to v8.7.0' (#265) from renovate/grafana-8.x into main 
Reviewed-on: #265
 2024-12-15 18:01:44 +00:00
Remy Moll
dcce4fb564 Merge pull request 'Update Helm release traefik to v33.2.1' (#264) from renovate/traefik-33.x into main 
Reviewed-on: #264
 2024-12-15 18:01:25 +00:00
Renovate Bot
9103aa77ed Update Helm release grafana to v8.7.0 2024-12-14 02:02:29 +00:00
Renovate Bot
cf07408d66 Update Helm release traefik to v33.2.1 2024-12-14 02:02:17 +00:00
Remy Moll
e423174254 update immich 2024-12-12 14:36:43 +01:00
Remy Moll
78b9c67172 Merge pull request 'Update Helm release redis to v20.5.0' (#260) from renovate/redis-20.x into main 
Reviewed-on: #260
 2024-12-12 13:26:57 +00:00
Remy Moll
8acebd5c5d Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.55' (#261) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #261
 2024-12-12 13:26:04 +00:00
Remy Moll
31ea08c652 Merge pull request 'Update quay.io/thanos/thanos Docker tag to v0.37.2' (#262) from renovate/quay.io-thanos-thanos-0.x into main 
Reviewed-on: #262
 2024-12-12 13:25:43 +00:00
Remy Moll
cd3c500054 Merge pull request 'Update Helm release traefik to v33.2.0' (#263) from renovate/traefik-33.x into main 
Reviewed-on: #263
 2024-12-12 13:25:33 +00:00
Renovate Bot
4f700d290c Update Helm release traefik to v33.2.0 2024-12-11 18:34:17 +00:00
Renovate Bot
c91d649b0b Update Helm release redis to v20.5.0 2024-12-11 17:01:37 +00:00
Renovate Bot
bdc5843107 Update quay.io/thanos/thanos Docker tag to v0.37.2 2024-12-11 17:01:35 +00:00
Renovate Bot
2364bd89cf Update adguard/adguardhome Docker tag to v0.107.55 2024-12-11 17:01:29 +00:00
Remy Moll
511d3b7573 Merge pull request 'Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.27.3' (#255) from renovate/docker.io-bitnami-sealed-secrets-controller-0.x into main 
Reviewed-on: #255
 2024-12-10 08:47:13 +00:00
Remy Moll
c911335fea Merge pull request 'Update quay.io/thanos/thanos Docker tag to v0.37.1' (#253) from renovate/quay.io-thanos-thanos-0.x into main 
Reviewed-on: #253
 2024-12-10 08:46:58 +00:00
Remy Moll
da5619ef41 Merge pull request 'Update homeassistant/home-assistant Docker tag to v2024.12' (#254) from renovate/homeassistant-home-assistant-2024.x into main 
Reviewed-on: #254
 2024-12-10 08:46:43 +00:00
Remy Moll
19ab40a15d Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.5' (#256) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #256
 2024-12-10 08:46:11 +00:00
Remy Moll
6a8267a5ed Merge pull request 'Update actualbudget/actual-server Docker tag to v24.12.0' (#257) from renovate/actualbudget-actual-server-24.x into main 
Reviewed-on: #257
 2024-12-10 08:45:53 +00:00
Remy Moll
c8d9bfdbeb Merge pull request 'Update alpine/git Docker tag to v2.47.1' (#258) from renovate/alpine-git-2.x into main 
Reviewed-on: #258
 2024-12-10 08:45:39 +00:00
Renovate Bot
f51ed7565a Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.5 2024-12-08 15:31:28 +00:00
Remy Moll
c744741cfe Merge pull request 'Update Helm release authelia to v0.9.14' (#252) from renovate/authelia-0.x into main 
Reviewed-on: #252
 2024-12-08 13:55:23 +00:00
Renovate Bot
d783b8b791 Update alpine/git Docker tag to v2.47.1 2024-12-08 05:01:39 +00:00
Renovate Bot
05fd1c622e Update actualbudget/actual-server Docker tag to v24.12.0 2024-12-06 23:01:32 +00:00
Renovate Bot
8f2037d359 Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.27.3 2024-12-06 22:31:24 +00:00
Renovate Bot
85d3b901ed Update homeassistant/home-assistant Docker tag to v2024.12 2024-12-04 20:02:15 +00:00
Renovate Bot
4aaf5ed01c Update quay.io/thanos/thanos Docker tag to v0.37.1 2024-12-04 09:01:27 +00:00
Renovate Bot
1c0f751cba Update Helm release authelia to v0.9.14 2024-12-03 23:31:21 +00:00
Remy Moll
8bd18ed532 Merge pull request 'Update Helm release traefik to v33.1.0' (#250) from renovate/traefik-33.x into main 
Reviewed-on: #250
 2024-12-03 08:52:19 +00:00
Remy Moll
f6cbbfb750 Merge pull request 'Update Helm release redis to v20.4.0' (#251) from renovate/redis-20.x into main 
Reviewed-on: #251
 2024-12-03 08:51:10 +00:00
Remy Moll
38581bc262 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.3' (#249) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #249
 2024-12-03 08:50:38 +00:00
Remy Moll
27436dc902 some fixes 2024-12-02 17:01:36 +01:00
Remy Moll
11ad39805d move away from vikunja helm chart, oidc 2024-12-02 14:27:43 +01:00
Remy Moll
3814359266 git oauth locked in 2024-12-02 13:41:57 +01:00
Renovate Bot
67536dbcd4 Update Helm release redis to v20.4.0 2024-12-02 10:31:25 +00:00
Renovate Bot
812e956e6b Update Helm release traefik to v33.1.0 2024-12-02 10:01:24 +00:00
Remy Moll
78fce20fe5 argo scopes reduced 2024-12-01 16:19:16 +01:00
Remy Moll
d097dddf7a give paperless more memory 2024-12-01 15:42:27 +01:00
Renovate Bot
d45dfe8898 Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.3 2024-11-30 23:01:31 +00:00
Remy Moll
73ffe2bac9 Merge pull request 'Update quay.io/thanos/thanos Docker tag to v0.37.0' (#247) from renovate/quay.io-thanos-thanos-0.x into main 
Reviewed-on: #247
 2024-11-29 17:51:39 +00:00
Remy Moll
a87a966d60 Merge pull request 'Update Helm release grafana to v8.6.4' (#248) from renovate/grafana-8.x into main 
Reviewed-on: #248
 2024-11-29 17:51:27 +00:00
Remy Moll
a332e92890 atuhelia update and secret fix 2024-11-29 18:46:26 +01:00
Renovate Bot
7e67927b6c Update Helm release grafana to v8.6.4 2024-11-29 14:31:33 +00:00
Remy Moll
5f0fd69272 try to improve qol 2024-11-27 11:23:12 +01:00
Renovate Bot
aeeb5f5548 Update quay.io/thanos/thanos Docker tag to v0.37.0 2024-11-25 12:31:38 +00:00
Remy Moll
3bce044221 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.2' (#244) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #244
 2024-11-23 11:49:50 +00:00
Remy Moll
5907a3524e Merge pull request 'Update Helm release grafana to v8.6.1' (#245) from renovate/grafana-8.x into main 
Reviewed-on: #245
 2024-11-23 11:49:31 +00:00
Renovate Bot
a2f7ef237e Update Helm release grafana to v8.6.1 2024-11-22 02:31:27 +00:00
Renovate Bot
94910663f6 Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.2 2024-11-21 22:01:28 +00:00
Remy Moll
a07cfd7c56 gitea auth fix? 2024-11-19 17:38:05 +01:00
Remy Moll
26ff001a20 upgrade gitea postgres version 2024-11-19 11:56:33 +01:00
Remy Moll
e222a3c431 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.1' (#242) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #242
 2024-11-19 08:36:17 +00:00
Remy Moll
8c3d4c379b Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.10.3' (#243) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #243
 2024-11-19 08:35:56 +00:00
Renovate Bot
d30585435c Update jellyfin/jellyfin Docker tag to v10.10.3 2024-11-19 04:01:31 +00:00
Renovate Bot
ea0b9dfba2 Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.17.1 2024-11-18 20:01:32 +00:00
Remy Moll
b6fe511b4a Merge pull request 'Update Helm release gitea to v10.6.0' (#237) from renovate/gitea-10.x into main 
Reviewed-on: #237
 2024-11-18 19:06:06 +00:00
Remy Moll
a47fee1d82 Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.10.2' (#240) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #240
 2024-11-18 19:04:30 +00:00
Remy Moll
c679e322de Merge pull request 'Update owncloud/ocis Docker tag to v5.0.9' (#241) from renovate/owncloud-ocis-5.x into main 
Reviewed-on: #241
 2024-11-18 19:03:46 +00:00
Remy Moll
efbe042953 Merge pull request 'Update Helm release cloudnative-pg to v0.22.1' (#215) from renovate/cloudnative-pg-0.x into main 
Reviewed-on: #215
 2024-11-18 19:02:52 +00:00
Remy Moll
db232355d3 Merge pull request 'Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.27.2' (#230) from renovate/docker.io-bitnami-sealed-secrets-controller-0.x into main 
Reviewed-on: #230
 2024-11-18 19:02:06 +00:00
Renovate Bot
b080140fd8 Update owncloud/ocis Docker tag to v5.0.9 2024-11-18 19:01:49 +00:00
Renovate Bot
c4bf247638 Update jellyfin/jellyfin Docker tag to v10.10.2 2024-11-18 19:01:43 +00:00
Remy Moll
7247a6dd22 Merge pull request 'Update renovate/renovate Docker tag to v39' (#232) from renovate/renovate-renovate-39.x into main 
Reviewed-on: #232
 2024-11-18 19:00:56 +00:00
Remy Moll
5244c813d4 Merge pull request 'Update adguard/adguardhome Docker tag to v0.107.54' (#233) from renovate/adguard-adguardhome-0.x into main 
Reviewed-on: #233
 2024-11-18 19:00:40 +00:00
Remy Moll
0490680092 Merge pull request 'Update Helm release redis to v20.3.0' (#197) from renovate/redis-20.x into main 
Reviewed-on: #197
 2024-11-18 19:00:01 +00:00
Remy Moll
334a660478 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.13.5' (#238) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #238
 2024-11-18 18:59:41 +00:00
Remy Moll
d8285eee31 Merge pull request 'Update Helm release grafana to v8.6.0' (#239) from renovate/grafana-8.x into main 
Reviewed-on: #239
 2024-11-18 18:58:05 +00:00
Renovate Bot
5411ed4689 Update Helm release redis to v20.3.0 2024-11-14 10:32:13 +00:00
Renovate Bot
8b4fd03d3c Update Helm release grafana to v8.6.0 2024-11-10 22:01:57 +00:00
Renovate Bot
0f4214bb33 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.13.5 2024-11-10 17:01:41 +00:00
Renovate Bot
8014076013 Update Helm release gitea to v10.6.0 2024-11-10 14:31:43 +00:00
Remy Moll
d7d1f8750e Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.10.1' (#231) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #231
 2024-11-07 14:12:53 +00:00
Remy Moll
1008b11c7c Merge pull request 'Update homeassistant/home-assistant Docker tag to v2024.11' (#236) from renovate/homeassistant-home-assistant-2024.x into main 
Reviewed-on: #236
 2024-11-07 14:08:26 +00:00
Renovate Bot
f120d8d81f Update homeassistant/home-assistant Docker tag to v2024.11 2024-11-06 20:34:21 +00:00
Renovate Bot
0e0b941764 Update adguard/adguardhome Docker tag to v0.107.54 2024-11-06 13:31:25 +00:00
Renovate Bot
b703843e1c Update renovate/renovate Docker tag to v39 2024-11-05 11:04:09 +00:00
Renovate Bot
a2d6417156 Update jellyfin/jellyfin Docker tag to v10.10.1 2024-11-05 10:01:39 +00:00
Renovate Bot
ffaf26ccea Update docker.io/bitnami/sealed-secrets-controller Docker tag to v0.27.2 2024-11-05 10:01:36 +00:00
Remy Moll
4dcdb39e67 immich and argo fixes 2024-11-05 10:45:27 +01:00
Remy Moll
f825c54a3b Merge pull request 'Update Helm release traefik to v33' (#228) from renovate/traefik-33.x into main 
Reviewed-on: #228
 2024-11-05 09:43:48 +00:00
Remy Moll
265aa16b3d Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.13.4' (#225) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #225
 2024-11-05 09:42:24 +00:00
Remy Moll
74f54c50a6 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.16.2' (#226) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #226
 2024-11-05 09:41:53 +00:00
Remy Moll
305d7f372e Merge pull request 'Update Helm release grafana to v8.5.12' (#227) from renovate/grafana-8.x into main 
Reviewed-on: #227
 2024-11-05 09:41:39 +00:00
Remy Moll
669388b9c8 Merge pull request 'Update actualbudget/actual-server Docker tag to v24.11.0' (#229) from renovate/actualbudget-actual-server-24.x into main 
Reviewed-on: #229
 2024-11-05 09:41:23 +00:00
Renovate Bot
95b673cd02 Update Helm release grafana to v8.5.12 2024-11-04 23:01:35 +00:00
Renovate Bot
dc28d64da3 Update actualbudget/actual-server Docker tag to v24.11.0 2024-11-03 15:04:15 +00:00
Renovate Bot
1b5ab7e4ff Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.13.4 2024-11-03 14:31:58 +00:00
Renovate Bot
9f17f9555f Update Helm release traefik to v33 2024-10-30 13:34:33 +00:00
Renovate Bot
d01373319d Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.16.2 2024-10-29 22:01:32 +00:00
Remy Moll
c05d3b0627 bump immich version 2024-10-29 10:53:31 +01:00
Remy Moll
6fc8f5378b Merge pull request 'Update Helm release gitea to v10.5.0' (#216) from renovate/gitea-10.x into main 
Reviewed-on: #216
 2024-10-29 09:36:33 +00:00
Remy Moll
e375069fb8 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.16.1' (#220) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #220
 2024-10-29 09:35:51 +00:00
Remy Moll
d24a130fb8 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.13.1' (#221) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #221
 2024-10-29 08:45:02 +00:00
Renovate Bot
264e017a6e Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.16.1 2024-10-28 22:34:08 +00:00
Renovate Bot
03f15899a6 Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.13.1 2024-10-28 19:01:34 +00:00
Remy Moll
7416019040 make authelia store sessions longer 2024-10-28 14:29:04 +01:00
Remy Moll
5d11ea12e8 Merge pull request 'Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.13.0' (#218) from renovate/ghcr.io-paperless-ngx-paperless-ngx-2.x into main 
Reviewed-on: #218
 2024-10-28 12:52:26 +00:00
Remy Moll
9d716aa0a0 Merge pull request 'Update jellyfin/jellyfin Docker tag to v10.10.0' (#219) from renovate/jellyfin-jellyfin-10.x into main 
Reviewed-on: #219
 2024-10-28 12:52:08 +00:00
Remy Moll
d78253b1a9 add linkding deployment 2024-10-28 13:42:01 +01:00
Renovate Bot
cb9625de56 Update jellyfin/jellyfin Docker tag to v10.10.0 2024-10-26 18:04:15 +00:00
Renovate Bot
a38812bced Update ghcr.io/paperless-ngx/paperless-ngx Docker tag to v2.13.0 2024-10-25 17:34:20 +00:00
Remy Moll
f95b7a4129 Merge pull request 'Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.15.1' (#217) from renovate/ghcr.io-advplyr-audiobookshelf-2.x into main 
Reviewed-on: #217
 2024-10-22 09:12:31 +00:00
Remy Moll
fb12bb6e5b Merge pull request 'Update Helm release grafana to v8.5.8' (#211) from renovate/grafana-8.x into main 
Reviewed-on: #211
 2024-10-22 09:11:52 +00:00
Renovate Bot
83659c5c4b Update Helm release grafana to v8.5.8 2024-10-19 02:01:59 +00:00
Renovate Bot
c780899feb Update ghcr.io/advplyr/audiobookshelf Docker tag to v2.15.1 2024-10-18 22:01:56 +00:00
Renovate Bot
df27fb1a03 Update Helm release gitea to v10.5.0 2024-10-18 15:31:54 +00:00
Renovate Bot
af102859c6 Update Helm release cloudnative-pg to v0.22.1 2024-10-17 12:01:32 +00:00
Remy Moll
fa00ff136b oauth fixes 2024-10-16 14:15:03 +02:00
Remy Moll
8805fb0b78 remove dendrite from main 2024-10-15 17:52:51 +02:00
118 changed files with 1478 additions and 351 deletions
Expand all files Collapse all files

50
apps/adguard/configmap.yaml
View File

@@ -27,7 +27,10 @@ data:
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns10.quad9.net/dns-query
- tls://1.1.1.1
- tls://dns.google
- tls://p0.freedns.controld.com
- tls://dns.quad9.net
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
@@ -35,8 +38,7 @@ data:
- 2620:fe::10
- 2620:fe::fe:10
fallback_dns: []
all_servers: false
fastest_addr: false
upstream_mode: load_balance
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
@@ -72,6 +74,8 @@ data:
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: true
hostsfile_enabled: true
tls:
enabled: false
server_name: ""
@@ -88,12 +92,14 @@ data:
private_key_path: ""
strict_sni_check: false
querylog:
dir_path: ""
ignored: []
interval: 2160h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
dir_path: ""
ignored: []
interval: 24h
enabled: true
@@ -110,6 +116,10 @@ data:
url: https://someonewhocares.org/hosts/zero/hosts
name: Dan Pollock's List
id: 1684963532
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt
name: Peter Lowe's Blocklist
id: 1735824753
whitelist_filters: []
user_rules: []
dhcp:
@@ -134,13 +144,36 @@ data:
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: UTC
ids: []
time_zone: Europe/Berlin
sun:
start: 18h
end: 23h59m
mon:
start: 18h
end: 23h59m
tue:
start: 18h
end: 23h59m
wed:
start: 18h
end: 23h59m
thu:
start: 18h
end: 23h59m
fri:
start: 18h
end: 23h59m
sat:
start: 18h
end: 23h59m
ids:
- reddit
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
ecosia: true
google: true
pixabay: true
yandex: true
@@ -149,11 +182,13 @@ data:
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safe_fs_patterns:
- /opt/adguardhome/data/userfilters/*
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
filters_update_interval: 168
blocked_response_ttl: 10
filtering_enabled: true
parental_enabled: true
@@ -168,6 +203,7 @@ data:
hosts: true
persistent: []
log:
enabled: true
file: ""
max_backups: 0
max_size: 100
@@ -179,4 +215,4 @@ data:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 27
schema_version: 29

2
apps/adguard/kustomization.yaml
View File

@@ -10,7 +10,7 @@ resources:
images:
- name: adguard/adguardhome
newName: adguard/adguardhome
newTag: v0.107.53
newTag: v0.107.61
namespace: adguard

2
apps/audiobookshelf/kustomization.yaml
View File

@@ -12,4 +12,4 @@ namespace: audiobookshelf
images:
- name: audiobookshelf
newName: ghcr.io/advplyr/audiobookshelf
newTag: "2.15.0"
newTag: "2.21.0"

41
apps/code-server/deployment.yaml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-server
spec:
replicas: 1
selector:
matchLabels:
app: code-server
template:
metadata:
labels:
app: code-server
spec:
containers:
- name: code-server
image: code-server
ports:
- containerPort: 8080
env:
- name: TZ
value: Europe/Berlin
- name: CONFIG_PATH
value: /data/config
- name: METADATA_PATH
value: /data/metadata
volumeMounts:
- name: data
mountPath: /home/coder
resources:
requests:
cpu: "50m"
memory: "100Mi"
limits:
cpu: "6"
memory: "16Gi"
volumes:
- name: data
persistentVolumeClaim:
claimName: code-server-data

9
apps/dendrite/ingress.yaml → apps/code-server/ingress.yaml
View File

@@ -1,18 +1,17 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: dendrite-ingressroute
name: audiobookshelf-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`dendrite.kluster.moll.re`)
- match: Host(`code.kluster.moll.re`)
kind: Rule
services:
- name: dendrite
port: 8008
# scheme: https
- name: code-server-web
port: 8080
tls:
certResolver: default-tls

15
apps/code-server/kustomization.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- pvc.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
namespace: code-server
images:
- name: code-server
newName: ghcr.io/coder/code-server
newTag: 4.99.4-fedora

0
apps/monitoring/namespace.yaml → apps/code-server/namespace.yaml
View File

11
apps/code-server/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: code-server-data
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

11
apps/code-server/service.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: code-server-web
spec:
selector:
app: code-server
ports:
- port: 8080
targetPort: 8080
type: LoadBalancer

2
apps/files/kustomization.yaml
View File

@@ -13,4 +13,4 @@ namespace: files
images:
- name: ocis
newName: owncloud/ocis
newTag: "5.0.8"
newTag: "7.1.2"

4
apps/files/ocis-config.sealedsecret.yaml
View File

File diff suppressed because one or more lines are too long

2
apps/finance/kustomization.yaml
View File

@@ -13,4 +13,4 @@ resources:
images:
- name: actualbudget
newName: actualbudget/actual-server
newTag: 24.10.1
newTag: 25.4.0

17
apps/grafana/grafana-admin.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: grafana-admin-secret
namespace: grafana
spec:
encryptedData:
password: AgAU6g/CwKj+1gPpt4DLvLsS0YCvJdVHWw4W4bRhibE9brVvcJtGB3D9MTJrSLVVwusaE6OR59og7oW5ge3yTd/9bbclXYLrxEi7OwvkQjCvo8MfD8yhJO9nV4Xs9Mjk2Z4SHGYuq6wvcssuJrpz5f0XEC7ocTRA+u0UaE+/b4FrYF71uyKGvj8GSXgLZUjGPFsGfPzwJn7cLBmlclVHx1xGbFpUc042m5Mulpn0QolFQnOwZiW4PL8pQyz1MXVRwCsz0RJd5apZL3XJ4X7BLMoAp+diHQ2xi3zoU9VScp+J2QgvFdRKgDa6v7Jz1f+HCwq5W/DoegwFXBrcMIfF2YrnvTnc1PCVwD9IHOeylO7J2hfi8teQiqTvvRlVgdBTLqoqlVovemf5k6ke6JfjTwnsJjTNnL7MKN5Qt0o7N2XRZ3ba9jp8cKbI7fyFQKaU2QEf2PIkp82kEnixmpA1aATgeA3W4E5Km7sKHUEB81+pwnOe54tzD2ShgQX/+UiswhWYTT+gdZKL1udBBemUDC0z9PSJNTPTy+hq+G4CIzVQUYxlioM3c+3geF7YLU8yXisj84pk44GN9KX3z5x+M2+LZL7agAWPUjxtrP2V+id7dNJQfCm0aSMeo57dVfb4zlBUAAgKIKjX+j1KqCVqE9zEO2F/QX7mY6MJTP2me3wmY7JAVRJ7d6bbkyyoDhs8JErLYLp0A+Eh+qx8nWgM9ErPVSA0
user: AgB8ZLG2EuERjg1nKdH/xadbUuIR2c8a9gF5fE8ctrp4DNDLLuuqmjyoHRiWpkrtfnE1yKg1rPP+asV9Lj5iVmE9J+OB3QUOeFS4MHciBNj7pa68zfFgnHP4kxMX6aXyKRQrYruYjHwfzCpOM1zyTEphuGlnokjQXxjF/mZsoM2NWn7WGReqfxqH95tJXfs9AUC5vVv/PHqd+KKRZH7+G1AnWVJ7RFQHedR7wyftO4/rkm8deMuZWtOLl25fAOyOr7+hSqT69s9/uTKSLJXjobSqtulqsR+v5lkwx2ThNKzmcEcuoenKG6lk8XLRSIscccZH3JTPh6IknQWUOC4nmYj+XUxE8Go0RX/4eL+D/6FrYrtp0gr3HOCLAGU4vAHMeKfJoyqykJVnvY6QY6bFgaziyOlWaoEHpg6g0vHHDwyX7HIDcQfJZGOLH9dhrWJ2sOkzyuuxfqWEgz/M2eBW4EUAudHwfTLPocSMUI+D6fjeciMojet5uxWMP7ZHh/E061f5+Vfk6CKYd9Kpi69Xah8KEyyHYP5NImkdIwjgllaEAd/FBE2+QJyTVZlUQC7y9ObagDMCUFaFbTS5QOLh5BOJDL5buEYFWG0IhoH47SC/pKeEOQH//uvoo27K9zvxTOQN1YOTrxCozmexMOsTIdhvU0dOnJDBrThSHKYLCeIokDOgUUT52FqDH51RoLoK3UkyGbMoq+M=
template:
metadata:
creationTimestamp: null
name: grafana-admin-secret
namespace: grafana
type: Opaque

16
apps/grafana/grafana-auth.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: grafana-auth
namespace: grafana
spec:
encryptedData:
client_secret: AgCEdC1/ERlPQyQP+bd9gcW33Yrvl4uRbx+RF5AY4vYAquOzxmLTygMl/WZlB5wlCE5idIHgto6/fUWVZrQbmfClRqsW2pFoddKQAtS9cQNXwMjLCm7e0lXk9GM9O3ZwktmklFbCu8XewHmefGHhoJ28vPxPMaINv1fM4zYKvNz5RHf0dJfTHgxb68wRYjAbE/eJpRcVE3a29Yw6Gfa8Mb+cFI7RTHvjuv9LBgWqM6b3qvvJ4wYR2WKuiQrnJ5xAtHpMAI/2R80qq151wlaZueDZ1PwjRBHURkmPTmwZnrMrmIugNge7Tpww+ArZlG9kDfSu1aTJidbXbcpN6fyt1qARTCYrBlbn60PTYLnPL/NObvMCpjS6DsYsYz7MJ7WoOupu46Ib5paZHmak+CilC6lb9LjJj4EKfRsagZmWT07JavhHBW/tqjB3GToccIz4fOAOdA9aU51J4wCL2ctp2SgzCEKe2EaBK/f9nDd9ASmmon9PDwRDVtG8yTukrNcZHNzodi09Af81DB0RNa36Z3Sjt5xu94paN+mjiOWGf2JduVEq+60NbPvDbPE9e1aVH3DdQcij2WGZaTE8dAGLSsLoOkIq3m2E+Mbk1Re1gI9H18xJM72ivb5uDe7pzReyvO5DY4Pfq8JgQhPxWcDq9ScmWS6Bb+jdCKytFq5NafSAl+akPbbwN+1GFu33if/P5D9I2TwOA8V1wyVU
template:
metadata:
creationTimestamp: null
name: grafana-auth
namespace: grafana
type: Opaque

0
apps/monitoring/grafana.ingress.yaml → apps/grafana/grafana.ingress.yaml
View File

17
apps/monitoring/grafana.values.yaml → apps/grafana/grafana.values.yaml
View File

@@ -35,13 +35,17 @@ datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Thanos
type: prometheus
url: http://thanos-querier.prometheus.svc:10902
isDefault: true
- name: Prometheus
type: prometheus
url: http://prometheus.prometheus.svc:9090
url: http://prometheus.monitoring.svc:9090
isDefault: true
- name: Thanos
type: prometheus
url: http://thanos-querier.monitoring.svc:10902
isDefault: false
- name: Loki
type: loki
url: http://loki.monitoring.svc:3100
isDefault: false
dashboardProviders:
@@ -90,4 +94,5 @@ grafana.ini:
api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo
tls_skip_verify_insecure: true
auto_login: true
use_pkce: true
use_pkce: true
role_attribute_path: contains(groups[*], 'apps_admin') && 'Admin' || 'Editor'

4
apps/monitoring/kustomization.yaml → apps/grafana/kustomization.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
namespace: grafana
resources:
- namespace.yaml
@@ -17,5 +17,5 @@ helmCharts:
- releaseName: grafana
name: grafana
repo: https://grafana.github.io/helm-charts
version: 8.5.4
version: 8.14.1
valuesFile: grafana.values.yaml

0
infrastructure/prometheus/namespace.yaml → apps/grafana/namespace.yaml
View File

2
apps/homeassistant/deployment.yaml
View File

@@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: homeassistant
image: homeassistant/home-assistant
image: homeassistant
ports:
- containerPort: 8123
env:

4
apps/homeassistant/kustomization.yaml
View File

@@ -13,6 +13,6 @@ resources:
images:
- name: homeassistant/home-assistant
- name: homeassistant
newName: homeassistant/home-assistant
newTag: "2024.10"
newTag: "2025.4"

36
apps/immich/ingress.yaml
View File

@@ -1,14 +1,5 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: stripprefix
spec:
stripPrefix:
prefixes:
- /api
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: websocket
spec:
@@ -21,19 +12,18 @@ spec:
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: immich-ingressroute
name: immich-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`immich.kluster.moll.re`)
kind: Rule
services:
- name: immich-server
port: 3001
passHostHeader: true
middlewares:
- name: websocket
tls:
certResolver: default-tls
entryPoints:
- websecure
routes:
- match: Host(`immich.kluster.moll.re`)
kind: Rule
services:
- name: immich-server
port: 2283
middlewares:
- name: websocket
tls:
certResolver: default-tls

9
apps/immich/kustomization.yaml
View File

@@ -6,6 +6,7 @@ resources:
- pvc.yaml
- postgres.yaml
- postgres.sealedsecret.yaml
- servicemonitor.yaml
namespace: immich
@@ -14,20 +15,20 @@ namespace: immich
helmCharts:
- name: immich
releaseName: immich
version: 0.8.1
version: 0.9.2
valuesFile: values.yaml
repo: https://immich-app.github.io/immich-charts
images:
- name: ghcr.io/immich-app/immich-machine-learning
newTag: v1.117.0
newTag: v1.132.3
- name: ghcr.io/immich-app/immich-server
newTag: v1.117.0
newTag: v1.132.3
patches:
- path: patch-redis-pvc.yaml
target:
kind: StatefulSet
name: immich-redis-master
name: immich-redis-master

14
apps/immich/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: immich-service-monitor
spec:
endpoints:
- port: metrics-api
scheme: http
- port: metrics-ms
scheme: http
selector:
matchLabels:
app.kubernetes.io/name: server
app.kubernetes.io/service: immich-server

4
apps/immich/values.yaml
View File

@@ -37,10 +37,6 @@ immich:
existingClaim: data
# Dependencies
postgresql:
enabled: false
redis:
enabled: true
architecture: standalone

42
apps/kitchenowl/deployment.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kitchenowl
spec:
replicas: 1
selector:
matchLabels:
app: kitchenowl
template:
metadata:
labels:
app: kitchenowl
spec:
containers:
- name: kitchenowl
image: kitchenowl
ports:
- containerPort: 8080
env:
- name: TZ
value: Europe/Berlin
envFrom:
- configMapRef:
name: kitchenowl-config
- secretRef:
name: kitchenowl-oauth
volumeMounts:
- name: data
mountPath: /data
resources:
requests:
cpu: "50m"
memory: "100Mi"
limits:
cpu: "100m"
memory: "1Gi"
volumes:
- name: data
persistentVolumeClaim:
claimName: kitchenowl-data

17
apps/kitchenowl/ingress.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: kitchenowl-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`kitchen.kluster.moll.re`)
kind: Rule
services:
- name: kitchenowl-web
port: 8080
tls:
certResolver: default-tls

7
apps/kitchenowl/kitchenowl-config.configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: kitchenowl-config
data:
FRONT_URL: https://kitchen.kluster.moll.re
DISABLE_USERNAME_PASSWORD_LOGIN: "true"

19
apps/kitchenowl/kitchenowl-oauth.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: kitchenowl-oauth
namespace: kitchenowl
spec:
encryptedData:
JWT_SECRET_KEY: AgAclRIJS25ACVe4NqLQbAree6c6WpTBHnLpe3ZQJ0ScHG/EbW/ooABZj7y1ABAn/mCc+hBYXYHm81FNUfUtSuLKi2UlORbTCsfmisYH49WX0Lpku9LTM/8az9tjE0tjUUrJZcRUuJfdNJMDPQx7IPjUQ7sKk/exFnkPEbK98+AElXyHpPKXd9dxiCgll0n+ksbF9BDUR8KY8IB2Zvh4cXPww578qe/9XYnxLV8uY9K8KPvhl7NI40SIaL4PX8KmsDlBh1bpOR/OxhIwAGEZDQp/KROy6msrIOYW4SHM9nlSUSD4WvV8UjcbV1oNnYpE1usFOuxSfQlJ1zlFepKUv40JykyunvQv9nqVbEogsrS4o5N3gNEaB9yyFSHIlevp32LVpAuZu3cNplmT+Zg7+ODpCWIcVgmOAeapvB+X7H4ScbKVcYLAzrRFDtnS4Vo1M+RERhr0AuMU/tz0lGs99oRkCw2ZIg015R125u0VcRNqzgCtbBM5BFiKiP2kYrHn02Q6o5tRWxDQfrfb0mnfD5c/gM4+btlfM6DZMpr/l1kLlm8PDEpPGbkhK1XiAyJ4erHPDMLcmZXrSyxX9R1g8n7vnLnkqx5LkGmnltQI2FM7StxC6IrMlxY0nPnkq1lHhTz7yCpQJNXgfXZLVvov+f6jlD6WJhYHZCL/hIFfx3ybjGYZwJ0m84lH0OQJQw5dtsbPVqqoYZIPieqdRmHw7M7TTmFuQJXD94lZj5gsln1sMqs=
OIDC_CLIENT_ID: AgDOxWtGCiFrIP5aWHimrR6bu0uMS1/i1v1Kzo1lIR3j3zlw/Da2oCPNx1ZuhNAp9UMIs2euc8mtrWkyv4R6pcci+IxXiGzlQNBSkMfWu4DwhwlEdnVyCVehfE00t0ytBxX6NeLfS1b8JOtH9yo3e22fdaeTwn/iwGLNwi1BJxMmzk9pVp7jzXH09Zia8UvUmXw5GyGpIOIiGcIfaXkr1ZnY2l30jTw8eS7HaouzfWHWTpNXkMLN3qim4vs/B1Sgz/y9tUyVo/qMhWLdEcVklYHT7xHx03SPD7RtK+zdYZCqvDtj+tsdpYHt05zeGV+wflNQuiocjwP8TW7vhtbjKrf9lQIxB5CErju178ELOVrpsPBAYMgdEl7qZeKdSpydIwe3VbOg3XJ7O/Ps1KSnRYwrCvgE4ZCMm3geHyJxSiKRhBcuVYz5JkNd5ylD0Eq9NL5RCqJ4szL9NaGNPbzkvcdZzAnbTYFTzyqZ+XHX/BUFisXl5bKNHtaqAsOK8woGYnxJiawKRrwDUmHXU4RB3QiPCPhHSLU7OkvU+XDhyQqLa8bKEQzj9dUf4bX3Savk4noiRsXMYJznAlgMPo0Q4taxVIoyQHELYwIIdP5YRuw27B9wKUR7e2hhu4FTOEcyhwuFql3OuAjq8HJCDX6+COkL2WYFFxWBnbSCYEdzfbMBCHjrUUonijcQluU2VbaHODNMAvB16MRKapAW
OIDC_CLIENT_SECRET: AgAylnSUXwInlh/WvyCiFz+8asbCSZA6kk84Rt6l7bHVYw34c58lJHsZK2OvOIlHuaMe/ewnTqxVd0hI1Azl+wd/5NygMYlntKquq0vuzlhLrGc3u+0SOn9N2P6quA3slF9KR94CYsDx9ogy+EsEoA1yrsydB8S0g9W8syraR1MtpM0ZkcJ/D78OZ6qzyXUuBNAZc+iX/r96NvoMiGNYavgG7npOJh/pkKNYPuNkt4zpbAFjVyoCfgZd4V2nmZ6dhEVy8odW+jcsMn6OJ1OZVlPb1beq49lBEcaJqk83ZtKbq2evtBYHw9YAnENVq92ecenw/YL5LXUhOxeN0M9Amo99/O6pQwwrT1mtZqhTTeTIZTAxqmJKgyxGhE4DJUR/s71bc7K9hd2WvdAYnCyVC2uGa0MwXp4V7UuaN9GerldT8lcFxOpRnD7yroqVTqebjAJIkIinp5NNZ2ZP/LCiCwKKHHT19Pchn615WOPTofC6es/spIdQ8a1Nf2J5YzvRjsduFS55U6tMaC7cuV8kqKH9xTTf/sDHt+68wVEAO9koAe1zpO+zR2Pq3VuCnvcDGIwXopXjvyjfujEEhEWZl51PVJLZqtkP5Wg2wHvlgjJBbbIGTrqh4xa9pK7wLDM2hUFx1q/YKqwfP0EGVTc96G8Wermj0DtIqclqFLr54DtxVe+Rr8J4edG6YQ26/seYsrZ1Oq2PejHQt8u9EzQYAtYYlBsw2ujCWys6KrbhaVr3
OIDC_ISSUER: AgA2JPd5axkL5YIRA95qm/iH8wgM2J0AjKjgGClWabYJ3UKIk0hi/L/zR+1Pw9Z+6amYXj7Q0FxLqCcNYG+H5ABxnqUi7Gl8gvfVbegaO3q5QiO27g18RMDssNHDSun8PPaxHBvBD68hxgsaXntu8sZavCGdwEK0TzLJi7eH/4jtHlofzfYgaCsGqeOBgvs/q87PVJ/qxazXlY9e7abbRAKl9ZMY7Wga58/IU2HhWwYMvI53yQyGMcKf3XiI9iNHgIcj1+TmlgQo+PRKyopNfzgFbey7on8woQXphY+ioqQ0hyworpxAVoWlvzKKopt1xBDr4zxzkzbWyxtjwPVOOH3iyenZz8tZa/JkNYWxkWHbh0KCs9yUIji3D3shQOFM/NtE17THsQm3NgpZ2lg9ET1v6uXqwfOLiQ+J1JQLwNFnYeruH2lK4EGt2nDCq2VycOIjW4kMpiJ4LiT8gap9HwYjTpAn+opicYn5e9fmpgiHdMPvrsG1m9edg0cbwdSpEelliHnAUfKsxMV2e1fLsga6yrhBLSXIQs8rbURRa6wqVvGoLB86a9Q5Rm94Jfm0Sa9v5LMGRYvqO5LbLrjrR8e/2r17pHQE8ynMQCAW1yVTe09FcgRwYhDUohfThtjIh16sdoC97eUel7fo/POt3atP69JsCIBZstprhVtBIBssmavpIotVqi8F2/yUkhrZR26mH3gsOxkNTEk6XzHHtJRu0cU+BmObTvYgMi3DHg==
template:
metadata:
creationTimestamp: null
name: kitchenowl-oauth
namespace: kitchenowl
type: Opaque

17
apps/kitchenowl/kustomization.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- pvc.yaml
- kitchenowl-oauth.sealedsecret.yaml
- kitchenowl-config.configmap.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
namespace: kitchenowl
images:
- name: kitchenowl
newName: tombursch/kitchenowl
newTag: v0.6.11

4
apps/kitchenowl/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder

11
apps/kitchenowl/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: kitchenowl-data
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

10
apps/kitchenowl/service.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: kitchenowl-web
spec:
selector:
app: kitchenowl
ports:
- port: 8080
targetPort: 8080

40
apps/linkding/deployment.yaml Normal file
View File

@@ -0,0 +1,40 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: linkding
spec:
replicas: 1
selector:
matchLabels:
app: linkding
template:
metadata:
labels:
app: linkding
spec:
containers:
- name: linkding
image: linkding
ports:
- containerPort: 9090
env:
- name: TZ
value: Europe/Berlin
envFrom:
- secretRef:
name: oauth-config
volumeMounts:
- name: linkding-data
mountPath: /etc/linkding/data
resources:
requests:
cpu: "100m"
memory: "200Mi"
limits:
cpu: "1"
memory: "1Gi"
volumes:
- name: linkding-data
persistentVolumeClaim:
claimName: data

17
apps/linkding/ingress.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: linkding-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`linkding.kluster.moll.re`)
kind: Rule
services:
- name: linkding-web
port: 9090
tls:
certResolver: default-tls

16
apps/linkding/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- ingress.yaml
- service.yaml
- pvc.yaml
- deployment.yaml
- oauth.sealedsecret.yaml
namespace: linkding
images:
- name: linkding
newName: sissbruecker/linkding
newTag: "1.39.1"

4
apps/linkding/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder

22
apps/linkding/oauth.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,22 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: oauth-config
namespace: linkding
spec:
encryptedData:
LD_ENABLE_OIDC: AgBfiwAdh1RD8gpzzVnF6y3c8kn5NFbms0T74pmj1aaFD0uQd/dqIxrvZxiBMzgqdrrVUCxRlpG3tiJYMpDEVXQPwRj8uuAizYFEP4uuGFpCtErjb+Y+aOdXSPRCVPbIqROiE+qswNT5KkJm6rR3FPckWipiQdzfpoq+G00MARKqzo4sNrx8+JzgoBFbS/tVPej3VdmDy8iceeVCQ2dJs+roRw+jOfCxqiUjHH5SyoZPnCTlmTZcwr3F9gBGEWGyEl0FNVgL/ku7WEL2COeIIE/2r4RWPqZU4DkPtIv/J4Dosxuw7EQnC5kzTgJGB/TF9Mn/FcS7iYQZKATvWzjC/cTdwZ+aG1qZGz87wM4fxQ05GhgEUkVOlGgxlzxk9BUL3l9Xsaa1KTivaQ4dvB/jm3j12b9rPfO2CXB4jPK7Pk1vKbr5icPXa8dyFY4hiJ1PYh/295a7ZM02n3ao4uHw8KSaxK9GxsCFBxr59q+6ZpjOGnTHZvKGfJHn3jEcIT8k89J5gqrlWjLqR50TEJj3jPZ3QDPN/u1Bf0wAoIOGK7jpnwIXQpacudU2pxZNWC2KtdZbcF9QzuOqKVFABmabdCkBtLa34cyZdweBaCfLRg1Ic0yxrWGzctnwM0Rfd+OzsEpLB7GHKllV597znF5QiK3rQrl5TmgHf0jC1OmMsBkNYCRo2AhYsBN5nli0dgD1y028rsW6
OIDC_OP_AUTHORIZATION_ENDPOINT: AgBYHGF/D1tzWRy2issyi3oZjYK/m5cuwdlHuqboPBBHybfTwCkvSfWAL8FSGAgoLYWZEwwoGr5GDSCnAWfhoYwVgCxWw7y4IohCkUSrwbzTVwJxoRTeWIilzwAdH2zX3mZJVHTYCQiLTCjv+MPRsF5FZP4+STtgfecK5Fjgb3sIfZa/yazbN6jf7bdaR91yX2iddeZn7B80aQvu3jOkujPX9yCJz/H+1BN35CtC7KLhFrKgw6uvfQi3g90On5uBHwrC53ve4rEvcOgi575WBA3fDYW4RxNb8yxxocQOuqNRa3jUa/RIjOnX9tFoG/QIXY89DUSsgpAZFWIlV4np4KOe4V+xWT1khz2TPRDaakDumkNmE/sAjpYfGX13+88A0N/hO9o2aXJhEXOFZ5eulyAwDdIodMg6lQTG43OhdSZLFfR5TrnzkVR1pIzwPMutgf8jai4dyYK+SV+oyGeZosNpD484gzhjMGkz8Djs7/cADcvJVmGfWWYvjenlfvFC5lK7F+355o9L38fUeG2lhRw8NsPWuzsiH7m6GaSEfEPcdqj/AohArtUnf9cfF04tocPwCuNLeIgR42W+cfapD9g14sN9v4Z7g/5IQSqL2EhNR9xQMoIT9BkBEhI9JR518Yds/Z89Lg0HsMw6UCrkg6um1If80gjHyRa7JrfxzepKifWNn9/suHlhecaeXcSOKMCCFYDtHyvO4/gCe8/PXjyVc/SUZNBDJsDOikVvVJfKqDlEkimfl+BISzkMv5ALxGDHMRc=
OIDC_OP_JWKS_ENDPOINT: AgAg+6Ty8o++uc+UfaVNtJviu1A771rtazn9pj7KafqgIx1xNuPtUBwGEScfku8glUy0bS8r7MyMNlUe3sIYfnDKQmmHBVHFoiJ0IjLZP/pV51A4fT2DUrFv9pnIemqjFD2jew5ToXhuHwUc+Y3LvX8M8aPpB/J+DjIIvgKQe2faHyWt4c24jOZaH56xJhI114LIXD0A7Qvq4O7UfpIUNfYSMojTH7VURptL18Mh1YRKJmil1PmRIstX9Smr3ltAG9Rw032v9ISdDmV+OyuhPo1Wk3AU85RdOQ9hZGMSFXQXFEqQUp/N76n875KDUMT4W57//YGFRUrm8w4oB+PlkjGV2pG7DNYVxUZEmi5UXwY8fTI+KljAZHSk/YOSku+gc75hWYXX6s3g/R6/IWmr9sV5O5N0bc3guQ96nnRmjuzb3HebM0hPfPS+6/xn29erTDETs1bvfCQ9oWNMomDsH4FVz5gC+zwrUvUD3Af3TVsU5g+lfOE83+pmMMWcJFn8Z0uldud0jR27o/ftKgBDmUaGi3zCQWJrYxtXehBy9fo0K7QpbYnLHvNnXVX9fGQ0PZNMc8N0wYZUDuhOv114lqfbVR5dHYoger4iT0xC+SHcWGgvyjqb4YI7bfnY+bnh8TLfuI/ttw1l7/ev79/yvjrtgPuBwN9ygUxENLR2Ur1Cc/u72d+ST4NIg5esth+y9Z2JdP/3+nlYctnyakWhEkUyBPK+5Iyacv29t1bMXoesB6Ub5WsXaw==
OIDC_OP_TOKEN_ENDPOINT: AgBRpyDYbQlq7dcqJ2Gd+CfSRZRgvpuUsIngAXX85dt0dChYhQ/YvnFl9r3GqsXNBrWQBa0uE7t+uXxo+oobjgfSibq28kQBL92PM/s7OctINTJBN3q0Gdv43vnliS69/WR21kZkLuAmPne1nL+FZJXavIUF8N6CX3gKb4WMdv+Rl4AAmUo9vsB1C7mxDcS1CppUeJ8KdF5qkb8Xag28Lv2rDA7W9Ne+tNGFi4q/UWqdU76iUxrHu/Kfg6RD0rYlOaW+0b3A5Rvj5oU8ho1Z/eIsA9NaZNYBQjtGAk9fiD2EB9IcFi6kYv5zGZsRcPTzMv/35Wh+lV8I3mDRGcfkmzQsZ8Hcfx7c3zpemZqvY7LMgrvO5AatWKYZUFPsTcaT/mVFmAaVuq5PqeuCQhqekug3rdQxxf2n1cWMMnbptf4g19oTFKx3FtXImpPk97Iv9RbMATKHE/nnfin5/7PtQNn9VBBW785hzzB7cs+IiEzdjGu7MnFlKaGEoS94eZtgLSEmpIMeXFW6V0rXHQ6J+CUjBjiEpAh6LKsh4De+IrWFuzAYH0jwowuY2r4VX3jx+Yv8SFEJ5AfDYbvx8qX1zy1dGfsQvrAai298QCOTizLmeuJLMIC0qlNLZWrYhf8XzF2/N8/bC0R0Pyr+6Jxo8HrtHyFcnl8ckHycWosCOkQmQIbX+vOffOpQ6vYUkHM4MqIAiTl6G+bxjtxBZUTXvqX1sKCEO7pccL8gJZQ+ICN9nP785JAd4eW2JeGW
OIDC_OP_USER_ENDPOINT: AgBD4amxFPHYQR6JWjNTsPM63NNI+f9DgZ9+whv5f3bUo7KNtB05vAYYQtAdMYJR+5499S6t0BYwOi4cNxQVJyga1bKogqih3EI/QlJeLvoFvDFj2wEMmCkT5MS+qemtPJwXK7JTHzUFX74b+S/a30/mvWKkMRHzc+G+E678/RDIScFJFssfJVMJB4Kp9T4y+v9jJAKZRixkx2lOR48JR5umXwxm+xQGaexeJOv0MZY4Am4P/nJcWM+Gk1Ka/ih+VAJRLsu9dgvShytQ1OHaAPMRu6H7Wb2bLrzpz4rTcGbZA3aTgHfItjWQpBV3fhNvyNW8QRbRFSyxHBC4snqW5Bl77u4KdMicwL/0x1JhwP6cx+/TVEyZ2n+5Y5PyOW+E7LXtiZGZ/eRw3xVLxvrFDwY0EBMqAUWHyQjwlZLctjxgBud5XDtT4athaNq5hnCELMepRI05kF+o5ECxKWoFXN5rXrwrlcgftCV9PTZbP8pkxyau8O28C4YX07J65G9ntV3VIg9tAXww6X68YHIQEdAgjNOI1soWt15q582OlhXBTTKAf/QU7mrSCn5FH0Q4Z7VLIsJwMz0orGB69Qxo/lLF7z+pQEE4PArceoLi7cffQV/+VzUBOACDdfKFiN3LTDuoMm6lvkAOdmzXccmXlEGvNEwLR+8Ac26Ld4fAnEFSLIJpwQHheIQRY19qbN5+cOa+RmuOroxWWA2P/8uSlp4kXVvAmPJOt8PprI3h8iRG5zBv+J8kE8wpI1scJdDr
OIDC_RP_CLIENT_ID: AgCOGuVP8BVfAT5FRmmJLptdv+8vtppOgpzJ2LXU3vR3sjQE4MLKgWwoAyrnkAa2IMrsmkg5+pyHBDlp1AMba3OTVZmhyEVLrFe/vCiL45hEaW2l6kiwlIW3nZnoJlGG2Ugj4SX8YCQGlyr19vEFcPdieWlKpHfda/EP4xYhXMSzXCxFCtT7uGjgnBlrV0uXeFCezYGzvmA4SbDli7fvGv5H85cwgUlMdSn2ZIP3DAxQ8gP0ETF6KaOK5QVP0e/7kw9SK3oo4XHE2c8AjHLFFnmz/uf07+7LuOunSqunolbVy+Lm2mHHnzx+0PBmMYvl7FHY/TkBZaVjVaZtrELbFYaraop8iE6hFMvOYNa/1BFY1x0aeRfPb0jt5IPnuebllnEh4P7JUQxef4Bqbjp8u7P+uOBWnQbeMEp5F3rWE8qy09NnjsKPz87Jw9pb0aPgXWLKVHjJpArhcb6gTJLESCw9kgT+c0pYI0s3BYmwNkJ+6wxflvTLb5z3YyY5/+8/s3PgDz6Hj4tyA8tBru/KQwnBVMw0GhF5YwlZ4SYHPwVX+ZMj9UQc6swNsrxKLqs5Ci7KjvzEDUJ4/aW+rv8naoCiebIJrbmLB8iSqNGh90s1S9BJsQaWXbKYday3spt0eg+tH/iQgAnUAjd9RK3TxkkmWVjmeUc/rOltsbaIvy6/WdyKnF8/f9B03Pm5eal73yC7reFyGYiXvA==
OIDC_RP_CLIENT_SECRET: AgA+Q9osGcUgiGsyPfHph3vGiNBjmL7pK3JlaE4PoI+eGsvb+3Ozf9KnfHSMm2R0fq/eukFn6i25MZ/mKYliVSIcjWbnGDFSysiCAwirKTUXoFUo87zmguNUPr8Rr45m1AIaJb31T4MKeFQRHSg715rs/6fKlbejUWUBZuMTN1DXkWr+00atj0JmmZPScSfRmwKNsHnoZCUWFE/DaFChpoCU4fCp5vL9P2LcdzsY84vue8y7Trg0e/LpEi6+DzSoxurE9jwjoUauXmZnOSW3jFgy+u5c9Oa3RC+IB/UUsmHI8eUVOXGdQsSFufrAMd1uyPRa2g+aCX0zX5boZC9dTGqaT+D/6xXnMFsvw5K+K4Y/QZ+j9ZHx0232sPCFVi2HaYHV51c2Xi6tizy+/0J27/4gvaVREXw94pmsaI5rt9sNDHoKw6LwkPO8heqkYzfIWhAg5vKswDn/MWAVTIzIubdTvrDjVWxoJ2FM9sCUsai/X7rj6QUiVTgbWuYYO0hMrT2Q9y05n68hWOmpqmna4/JGIE+N48h0/wAHLsLeV4ZNLJdJhQovOSkYsB5FIYPTuihFASLhE+uf8VBwSfYlwcWORz7dssAYvCJAx3huYZCSHrT4WPtLt4Ok/IuplXvVbZ/d6NISqE/g+BiNmN7r4DZQ/QbN4TD9t6BQESKkTqPHYIiVtZHdalgPFFSS8JP2wv50mSh/imjlX51ruHGQbVbIfZnfJGwLEL0KN/Zn3BMrNtMgCqEs3itnGQQnBchQ
template:
metadata:
creationTimestamp: null
name: oauth-config
namespace: linkding
type: Opaque

11
apps/linkding/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: data
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

13
apps/linkding/service.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: linkding-web
labels:
app: linkding
spec:
selector:
app: linkding
ports:
- port: 9090
targetPort: 9090
name: http

2
apps/media/kustomization.yaml
View File

@@ -12,4 +12,4 @@ resources:
images:
- name: jellyfin/jellyfin
newName: jellyfin/jellyfin
newTag: 10.9.11
newTag: 10.10.7

8
apps/minecraft/README.md
View File

@@ -1,3 +1,11 @@
## Setup
Because minecraft is quite sensitive to io performance, we want the data to be stored on a local disk. But hostpath is not well supported in talos (and is not persistent), so we use an ephemeral volume instead. In order to do this, we create an emptyDir volume and mount it to the pod.
We use an initContaier that copies the data to the local storage. Afterwards, copying from the local storage back to the persistent storage is handled by a preStop lifecycle event.
This way, we can have the best of both worlds: fast local storage and persistent storage.
## Sending a command
```
kubectl exec -it -n minecraft deploy/minecraft-server -- /bin/bash

2
apps/minecraft/curseforge.sealedsecret.yaml
View File

@@ -7,7 +7,7 @@ metadata:
namespace: minecraft
spec:
encryptedData:
key: AgBYeAiejdmxDBorvgnxQX5YvUhR3NId2vfWybMKlc27e6D/bKglLNyZMk70xSnFAPjcDmZ20mYjFPYvDOr9T6IU/REJ8QlzoKAn0xW779R4SkIxRToT+dJv+OM2avgQ9uqp7vja29xeXMjYAnQML+QGZKcrT8mE04G/Ty8rdUiv3yUXK5HFAR3SUF35aVLdlthLjpRkv1s0R7GAP4L2pNzBJNV3i37viceUSSjU0zpOa23fsQOkPAs67AIukAJBqh/hyF/hR9H1GeYZNTI3OcHcvC2iNk/XGstvv0Zy6ApzoebsfWGdsbVn+QUI0EBw+mSTPqpl71cbkz0v4S4XAVndosxWpe6AIgm5MBTU0FXIyGyoFDe1aMPq8BXiQikYVwB48oVNh9KF0xXX5AOG0whB/FEsL3OJsiNQvQ3R/Hru43JBn64oxjVtLfM3E7u8v/xr1VQahX8dylDmb4s5EV01U6O4y19Ou4td1eEMlhpJb0fBPDRUYuWxZAEDGmp+U4tAakyPed11VkcZPPn9fKAAcv8sGs3TYAbbF18hqsBnv2Wd+i7ZEvKwmdmfR/T0r1TJGsvKI7jaW0QtH256XrSxQp7a52qMKMVQWOSKw2k27t/IkRhxT2Prw4GfJvaVr4RozUaBf3LV/hfDWlDfmM2zg3X9W8HkzjotGg021OLxsa0Wzmhffvb8h4bvZwxeq3U1xaJocqXui7z0rT2pF4z3wYHR/lPtexHcOA2M8gfBGKb1rBKh+kW+N+/ZfVLNI0mokg5vrTO2nR2rb4c=
key: AgDG6apUvB38rB9tH+/ya5Af/32IUJjHiEGZFdYYqesuqyPB/qf99EtC/7CwqD6bDQQPVycJVcxwZuF8QtYfPXzv//yMkqEUJ2G1/Q5J8I6bjNGLR636UhliUpCkH1QDOspWJUjwKDVxlFN9l0g9UajvxnqLyGzbWPeay0sJEBvAY8ltEZpLP21V+GD+HgPk3HIfSFFBMsULS6GPCjMaFxkxQb6cG3K4Ej4NHCHRGOmax+4Rk7lwMyAHlXLlrwj/ytxrnHDWrugLIJE9KKmJn6UVNTuk6olgkhleg2PixV7oOiDVyu9ZQP8wbdppzRix6dnIcFEYJ1ZDK1rNF5QErYO0gBytiJnSsdFO0jUMsdBrho2FgUc5GgIdmgXWJJz3lrGFqXaRVvbPsBZTUAsQRh2+4IfqfWmAkEjBcjs1K8WWJfS+rO9e02KoHBT4decdsd8Qfr5EFdPIzMrkUoRMI9CJnIa5u2nR08Hhd9iojbL64FZ26kXMODtEdKmlo+HwjufLX5rYJVSfOyZYzivd/kgKA87YTFaMLKej07w3ofGrPYSoCnmLfJyoQdNyJhdonBDsgM1GgRWQZDpgJ1df0SB02A5lZ4V7lHWr8KlANv9YLuMoZnVehsH1NZjNQHDInIRiTLahEBbjcJzQz4vU1UWG100ATszEYKOUVkzPnTgkqKYU99ZQ23bHP8z7iAWQeumb6V84NTi6jNITBvU4yTFLuAiI3nW34Vb1mFVLwfWqMjEYX8gBB4yMSaVshB/japfkyXU0pYg4mK9gsB4=
template:
metadata:
creationTimestamp: null

47
apps/minecraft/job.yaml
View File

@@ -4,14 +4,27 @@ metadata:
name: start-server
spec:
template:
metadata:
labels:
app: minecraft-server
spec:
restartPolicy: OnFailure
initContainers:
- name: copy-data-to-local
image: alpine
command: ["/bin/sh"]
args: ["-c", "cp -r /data/* /local-data/"]
volumeMounts:
- name: local-data
mountPath: /local-data
- name: minecraft-data
mountPath: /data
containers:
- name: minecraft-server
image: minecraft
resources:
limits:
memory: "10000Mi"
memory: "11000Mi"
cpu: "5"
requests:
memory: "1500Mi"
@@ -29,13 +42,13 @@ spec:
name: curseforge-api
key: key
- name: CF_PAGE_URL
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/5413446"
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/5925838"
- name: VERSION
value: "1.18.2"
- name: INIT_MEMORY
value: "1G"
- name: MAX_MEMORY
value: "8G"
value: "10G"
- name: MOTD
value: "VaultHunters baby!"
- name: ENABLE_RCON
@@ -43,15 +56,37 @@ spec:
- name: CREATE_CONSOLE_IN_PIPE
value: "true"
- name: ONLINE_MODE
value: "true"
value: "false"
- name: ENABLE_AUTOSTOP
value: "true"
- name: AUTOSTOP_TIMEOUT_EST
value: "1800" # stop 30 min after last disconnect
volumeMounts:
- name: minecraft-data
- name: local-data
mountPath: /data
- name: copy-data-to-persistent
image: rsync
command: ["/bin/sh"]
# args: ["-c", "sleep infinity"]
args: ["/run-rsync.sh"]
volumeMounts:
- name: local-data
mountPath: /local-data
- name: minecraft-data
mountPath: /persistent-data
- name: rsync-config
mountPath: /run-rsync.sh
subPath: run-rsync.sh
volumes:
- name: minecraft-data
persistentVolumeClaim:
claimName: minecraft-data
- name: local-data
emptyDir: {}
- name: rsync-config
configMap:
name: rsync-config
defaultMode: 0777

7
apps/minecraft/kustomization.yaml
View File

@@ -8,6 +8,7 @@ resources:
- pvc.yaml
- job.yaml
- service.yaml
- rsync.configmap.yaml
- curseforge.sealedsecret.yaml
@@ -15,3 +16,9 @@ images:
- name: minecraft
newName: itzg/minecraft-server
newTag: java21
- name: alpine
newName: alpine
newTag: "3.21"
- name: rsync
newName: eeacms/rsync
newTag: "2.6"

42
apps/minecraft/rsync.configmap.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: rsync-config
data:
run-rsync.sh: |-
#!/bin/sh
set -eu
echo "Starting rsync..."
no_change_count=0
while [ "$no_change_count" -lt 3 ]; do
# use the i flag to get per line output of each change
rsync_output=$(rsync -avzi --delete /local-data/ /persistent-data/)
# echo "$rsync_output"
# in this format rsync outputs at least 4 lines:
# ---
# sending incremental file list
#
# sent 145,483 bytes received 717 bytes 26,581.82 bytes/sec
# total size is 708,682,765 speedup is 4,847.35
# ---
# even though a non-zero number of bytes is sent, no changes were made
line_count=$(echo "$rsync_output" | wc -l)
if [ "$line_count" -eq 4 ]; then
echo "Rsync output was: $rsync_output"
no_change_count=$((no_change_count + 1))
echo "No changes detected. Incrementing no_change_count to $no_change_count."
else
no_change_count=0
echo "Changes detected. Resetting no_change_count to 0."
fi
echo "Rsync completed. Sleeping for 10 minutes..."
sleep 600
done
echo "No changes detected for 3 consecutive runs. Exiting."

17
apps/monitoring/grafana-admin.sealedsecret.yaml
View File

@@ -1,17 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: grafana-admin-secret
namespace: monitoring
spec:
encryptedData:
password: AgAwMLnsYN1y8JQSqgGQbNG/8jKensTDsEw6ogITdkhDRlJcg8HQ5t7a6xLzNCrLHLJiQW8YOoyLT4lvFkBRMOa2EYcrDvBiRD0PjygWLIscKa7dA+jpAUf/icD9zsiDnTym2yf+VUANcmEgE6DiNvlcsrcmYqiR4pKVUTDlKPNOjOpTJ3nXETb3/sbt69E0JSGwtkvusYQSXKLU9KLbciihv+ycdkdlC9xy9myd4+vYZYXSh/eAvyZeb/hsmdSX7yaASmupMvet6Qsdt99PNzFQxtbQH+LQvYalVZ8bjWZQvCN/p0bA4H15otKBfe8rtEwVthgvyEvo6TK0Mg0pFY/b3AOGFmImnT3rDmgG6S8KTZH0Jce17ksFqvELQmHjqHuYpQsPDl44glM8kWRJ9Mf/Z424LRwZlJNVcOkuVl4qFqPUjzd2rWIyF0RaD0BE012C0ThJxKn2l17lVJbNtdUiR3qNpW01ot2m0CgKd2kXbjDmgRgAll4WgrukfCIn9ZnE0gVCFLJuK3MOQAaipFYy/bDO0izwl9T8nldgcI8OfiC3NTk2O+Es5jJRXu0oJGaC3HrTB7wXiwOoELvAsxLTPxKBiN9mCHCMtZX0PEtrio0dFRQ6Pi5xPng0KVT0I9dvGNsPdhPETNOB913WEvbgP8Gt3cj016nCzk51eUsYbXPpNL2B4kmbIhecqW/8kwKQPwYjVlBSXj3NxjzwMY6PvOl1
user: AgBqmjCYGMqy5zBE+vhtsynOvhWdHWDJDyl1D+laBtLjXTJwzRbNTdunHYo1ekwyqQ6Cr5pi4YMiLxAl1LIHF+Lfsp2QlY+ResAGzp9WgSBtNQDX3EmLDQofeWxMUDdMtMsE9wiKLCfNGDkRDsGquXTz+YFq03m1vH9cB8Bp+1ClWOTui+/Ce0MZlWsJZX1W8WXH7XTirtwUo0s53pc4AplUUH97ZEK3KSIxWa3gLCn0sAPDDLPX+JVA2xtpMq1XuVFiFifjzEtG2h0dejiF35FtSAR+rR4YmEfimk3QpRDfOqV5QUxvjCG+dTV49upSevF2mvbHW+o+lB6vEc6l9cZXvlbnMdaep3NmOsJcJ8wQIdFpFK4iVzFOTKSEbzLPlZ/J+sjS5vDXsfthorIO2faMA1iIf+I663zNxQU5btaK4TNYOZQlrFVjAmioRLkDhGZ6tDUPX/zMv+Crt+0HCwyEyhmvFZckDvezTZrxARSXXMKBVcvjHCyUNkz7ubZRiMU0PGM7fYuHr659e+XMRvj+LFA68ZaEIzCQpCFJenWWYAXgUdRG4LQ1LP2MwvRHpkOYSoRkHIpX7jOfhX82A60h/ta/CdbWifqNyL9OecvE3FKsZu/Kr0taw9W6nm6FBhQLgFkOnFrqp9dWnxfHruXuDBgcn0iE8nR7Ht2zS7hfQPeR4a3Y0xK3Plqbzdrb9HKnWQQhf14=
template:
metadata:
creationTimestamp: null
name: grafana-admin-secret
namespace: monitoring
type: Opaque

16
apps/monitoring/grafana-auth.sealedsecret.yaml
View File

@@ -1,16 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: grafana-auth
namespace: monitoring
spec:
encryptedData:
client_secret: AgCcKsnS3u2eI+fNVC9hAZ3QRFOHFErAzs5aQgX51CSdJwM03SZUoTyrDi5JPcHUVyS3MbevFH5piMhDTARMI3bLOjYlcwMbpf77JCPa7o95Y9asA/FW3lXicYt3biN9xBXJBz7Ws3fVRtEzyf6DmbGedT9gaX8aPwrUVbP19RdyJiuu76oB1A/jdUkX4K+X6kVvmoP/BWdypk/kdQJrzBNt00DIXF4NHfYey36AuhpBtqYZs4faA/tBXMXLE4RxPNtcHwNfVjnRj3v3qzNufD1fnweJvLq2UfLMrQjoR9XDVnM0zkpautylkI7yrvcoEH7ljnf6b1FMogOEZUfH1BIdqTd/WwrrlCqE58OPfJWthIfN+pQ8LvdHsGo3jc9gXvfXS2cStyhP06eTZ4D79kG+RtDQGOsD/Wpx7EcM6hbB3+dIjcs3wEAIGjpIVtY9JayW8YeRnFApMuhDST1+hscm+LdoGvaSTlAuGzv9BbVrPX/Fo9XKeYHlbG/x71Er+vF8WbW0wUa46MHLvbEy376XIdJDYi+vjl4eqznZ6YhvPbawhoKXT8ZcKUcUAjVcMue/O/jCSPZplbn3vdSCeqPTiqVqDw9PTMIeWFUepgPMxiGpFRAqdwIecFBnYItq0dXoGlFrZpo0S6AECgZjxzUR5EgdkdPlDDs2CN+d9yP7f2S+gmL7AIlQr74NW1GrTGw2x/rD4IJhunh7
template:
metadata:
creationTimestamp: null
name: grafana-auth
namespace: monitoring
type: Opaque

2
apps/paperless/deployment.yaml
View File

@@ -55,7 +55,7 @@ spec:
memory: "200Mi"
limits:
cpu: "2"
memory: "1Gi"
memory: "4Gi"
volumes:
- name: data
persistentVolumeClaim:

4
apps/paperless/kustomization.yaml
View File

@@ -14,14 +14,14 @@ namespace: paperless
images:
- name: paperless
newName: ghcr.io/paperless-ngx/paperless-ngx
newTag: "2.12.1"
newTag: "2.15.3"
helmCharts:
- name: redis
releaseName: redis
repo: https://charts.bitnami.com/bitnami
version: 20.1.5
version: 20.13.4
valuesInline:
auth:
enabled: false

1
apps/recipes/ingress.yaml
View File

@@ -14,3 +14,4 @@ spec:
port: 9000
tls:
certResolver: default-tls

4
apps/recipes/kustomization.yaml
View File

@@ -13,5 +13,5 @@ resources:
images:
- name: mealie
newTag: v1.12.0
newName: ghcr.io/mealie-recipes/mealie
newTag: v2.8.0
newName: ghcr.io/mealie-recipes/mealie

22
apps/recipes/mealie-oauth.sealedsecret.yaml
View File

@@ -7,17 +7,17 @@ metadata:
namespace: recipes
spec:
encryptedData:
OIDC_ADMIN_GROUP: AgCTE4M54XEyKP1cHcsosZwIp5GYcvZPIzb7sgOpvVJb7mzKT9kYFOqUkwc1eyn4bjqaXu6SJyP3M4ss3K7CgkNWMsSjBVrYpP6yqsREoWqoETwwecSxRS7hrK8pJb6kRKBKyLDd2oaFMxeg0y1lm9+ul4HwNL+uPcNLSX7KRue1Hy5xqjDNlwL2mzU9JVVZGqEW8FyvPCRKMPliQtK7WpTUbadKbltN9RKrRa4PqFW9xyBrg8Al35Xj7HrNfwt8YAUDeq+73QMLtbP3y2orSck2I46h9DKW4foqYWGnVh/272fvQSXDr3tr8Il969o5M/IfVzpRS74f4zU0LeI4POxT9EgBL2sALoKhxil0EZGJ3dsPREvSS7eccCMY8n0AQE8rOT8AHyRDhd8RzsCoyPoDTAJJWf4oGS4aSH/N7f6CvsMF2EdOSCghBWC7klfRFxraWcbTiFRi5ICxlFL4GkiB9svNWpQlCkiduR9RZTop1DU+xJK2XgBmTampbjlEiS+yf9L7tXpCRvp+vRcxHwlvsMUncIxUzY3CPTST6FrVOL0BMtLeKI+MmgaCxgzo6BBAUKBZSCJbJKLTrcnhviLJnxYXKYPah5ozfk5XBzcz4C7dWuhN6N1Uwa08nDtHbuN9Mj0AWElT3HAqf3naowVBeXgLV6vRNTwYOIVoqGhyVG0O65DpwuxUdFZMUBpmhFz1QTpAZ6cbDZbL
OIDC_AUTH_ENABLED: AgAQ48wodtQ11peCbSpBL61n28GMeMJPq6cmb0a39x/n+AJGOZbjcE2e/xdFu06J+ahHTehi2QtwWxlRBi4Op6sbjdn5cXkTZ+8vGB3v/JQZQzJpGraFT1WTPZ9onYXTLl8iGsZSteF3iaxSOMzLswMahDvk/DCNrIY78mkTpqSC3Pggf9GnAWTQKOnuTFYyStBaL9ExyDBiJkbFahm/bC8h7QG9OXD93bDQrApS/W6LF+3CU6TOKj1VXmeVuMpxGdasC4B5ShL9kvBz66i5P7BJYjPfTEJfIACIFzZQmLJwxzfST1kV0urdQ9PZmcvQLapxGI4xUssD275hSPrUE6XXMLyo0BzVEBPq5QsMW5UZB1sOPQMcIajdzWagByFJWcBU1mFMwJXVUHQXlsMDEl1pDTGbSS660XCS1aAtmVb19ToXH/GIEkWlohiNpVqI+D8ypoAwMzF1FnHGvyxF6maHV4vZA4zDE7bT4S+E6dEmXM2cc0essUDlbwgOTLi/3fuqxIar3Dub857H0B9++SeriHrSUJD1A/9IOZQQNsAOwEOylK+9BuyhHYFVzk9l2lKnCRYqif75wusyoly+4yBS69LGzg4mc4Bk6LejZe91VnZLlZB3M6fZzS87qWoSKuEibxJ469KVrCPNc5mn33gfg5nW/05rSYcBnl1VazPmA18sZyX1nWnQUwwErg98jGn7Ft0q
OIDC_AUTO_REDIRECT: AgBuLoXhaCs86FfeiagJQg2bnz99Poebydj212AdXpt66Lx1nciFlJMzZ03ahJiF5T8lalxPLSzkHnc5VHBT8yRSrKe1lCisDmXVv9SBBoZHntu9zQdJeChkkHImxILlJVZk4steD2CyIBDj2xjbjUfRjFYJX4F1WrzSDXG4Vf5bal8tPXNuqbHEGfx7xw9CRetMD4cfDESyKl7FgbXi4vyLgGyNTnKTAvY1w72Y7WKminiScj7S39TZZIVH7wJyvvsNEv7MCgwaPeT+W5pNwpx34oqfumTHTeJUwQWccwCnZknhOl9jwNRJ4cHFAsVArT1yvjLCbMir9p1DvP2w0R/A8CzPgDQxbJno1QKeGnw02YVlsYH5KiOKkQQdT6/kT+kk444Mg0JLPbG7XZSUZXGmVl5n31DuDFvTGum5BQOwFzYfOim1MM1OJyFiM7XuaCZCzSMNUQHtLGv3kBHZFhIS5PXqMjfdV/RAv3QhZgAnJzGYLEDawOwy4KwIXTk9b55OX7AyEwQzwMlJUujg/+IJP28BH71tgVtgQsVDnWVT2GtWW+UMamXhqh+YK6VD2BZ/81D/p0BEGq8m/dweP/qv3MK/CGBjgtIFOHnEcNZkqMH4HhrxFeu6fabUpT6+C5cGNyYJSEFpbUqjJRb7vBPIu/ewb8Y43SNikzaSp3/1A2LtkGDyzcRckQYTuFIiIg5r3jcg
OIDC_CLIENT_ID: AgBQiUtbuXKJABinO8VfjQ+yIj0a4AEvKboHd544CxYdx1OfZd0DZLsKpkowZS+Wl5QiheC/+8HFqsRzzwKas2i4IyOpihhSW/xd6X7XjDtu2Tjwuol1oRel5AmBpBj6Kl6zTvgLbHE+iUaJi7u5f2Pw0w2vXAJWxg9nhOFVEfTVtKaafYqVVXPB1KTqRPzwR5zsTuIZToEx0BvA95yWM5oKRPnjlSLk1vHMBDPqdgUq+7u+7qhj7C+rvhI7nuTOWRk0NzsELBl3AyAg82w0r+I9H7buU8OHPEhVOID//UIc/wL/QuaJNxeFiU+rM6K0CD6MMGQanuUngaEr/ZpEdxe82hGSuaLik2mWfvG4J4328a1bmmTT/JgPPDQW8Xtg68Tsqj9zT4rfaVt/+TttMMgj4oAFkyVLGZkp1sfgIX5zT7gHc0fCusTR5gGNLJ5PmHyqCu9D2jP1ERLRltiyXH6wms8+aACj+wsmo1OKUjmqrtqtAWNwZz2bmOJhhUgkP1mPz4o2LeECjBPPv9uPWkMb67ZUI4+Qp8o7J0SgQt4ZlRqhg04Rh5MxCY9TvbhLxQD5QqTktmGYWo6cDVnIEIKd/XOSG9pBT6bTGsRLicgRxjDwm/0ZU1Y3stI6UhONKYA1HG8rso8ZfRLvDsgp1Zb8tH/GAw+bl2HkOw1DbyFXWeRxau3RPwTym3GYjFgWZhP5ScOu2Rjg
OIDC_CONFIGURATION_URL: AgBiXJGc7WugRqlUE58fVPkkKkka3G39lhajhuR7EQePZ1HdE1D02/XncXgRO0r7C4kPAX3oZ1Uczo0XAMxQxAZye9NNFNei7E4rlc3BTNOOxCc2Uj57DjuqFA74cHcjs0xRCJ1KVMEcGX8zdG85v/qEI9Oru7vQf8YT3giTKNHDZMgeyrbCMFNS0cyXniseMMVIkiX0ky6TfcFdn84bZiqJYwXwnNNzeM/kJe01NvEe3DuvxZTEme8LNkie7CTgaMHfEYeXZWIh+JqkIPW+48uDYe4ojf/Ts9P2jwzf6qW8XyqwlLti0MxoVH6IqbLbJ9JVJZ94WNMm2tcjigD1eSV2klNxXYZefyqqratQpfi7Ou/KXdfs9Reijj7dtfZDOnztVouS7ivBLlufqdxgyJrnQok1MxQloZs602CBPRDE+oSHGh5ean2wbJLqt/Vl9NxcsFZpWI4tazZ0DUhD5pgS4MXoG8D+RXIz4++nfn+XhYhv84vP4VJh6kCF84dKSYDFUKkAMGJSZRDCcs4jaORO/DZLUUnytnOHV8Mo2ypfC9KgETdnbXWT7OcdCQPesABE/l2lN9KDYHxL6DqE3GibmCqE7yk6TOF36pmVeEsECeBkmcl2DpHVu9PRBiwO0YVTGUr9AVmwO3vAR+2LAVHkDmU+jn/e5SFHg2dkEpWDORC7Zn4vZrjy3pmTJdxBthVwTYqmdnWk4uvppyKP2l6MBtaVPqtB35sDuYtLGSFV1FLBJGJueW+Kk2cGbNxJJEEhBUf6ZHCDWLrZEJPN
OIDC_GROUPS_CLAIM: AgBjsoq/VaSx/P7PnODa2TIiSy/noUFrVmPuIPAyjoZP/w62zmwTqy8Ln4yRKywmsy+n9CMGgauUzkEU8HSuWJ0Moxzt+NBRpuA3nL5R8b0hMsdQXCvY3L5zqyvPH7hfY1LRVcM5cVyzTR2CTVUNbO04EeGaFt8Mh8tsmyHk+Cf8VidbkeqgEpee8tNO638F4xQGx9aob7H7UVKOou8CdpOvH3zsNFzGmSbwv9qm1sgcTxkZkjt8cGH/c4k30p8szcMFQmUK7dzrZAma5bDPg5BuwspCnRXoGVWLYN02jHYDg/08qLpL/vL+pPpChf0DMB4j2M+s5EDHnbcfT7S7pf2NkHCnWINCJSKLMUIcBSFXXEkbmSrHo1Ft6aHf/i6JHld4CT0dQs5AyK68mCzkZTWoHU6MM8+/3/J3J/TWkSP8HOyBY3gWPOU4hYEQQQlJp3T+mnnua70mo/vMr4CuZFyxLjz872CDwG5WfZkzJxM69s0XRkHEmsXi7VYjn7NThrqhh2lqbiIIJNpAemjruRl49T3gtfstVdxfgp3dfz/H/4FWRy5KY5XDUjGwYBXDCpaEey42CFSiT1w9yXV67emahUwKekvq1vvuz2bWzaTYGtCW77WzCO1cC26hORPAYbZZxgSeDgWmxMIhJF6tVFNSAu11rMjcMUKErujC5cKWb8N4DuF0H4cQv36SESKBdVCOMPzPxDg=
OIDC_PROVIDER_NAME: AgBHYuK2JYedcaHwDca/c1RKzq8YgO9cJ0lXPY2+ain+lwFJwZ7oMOPevVOq3RoUHznEYbRxKw0CLE+110NFr16bav4bn4pXRD5CeqQDAWPIxxouu+w2NgWijnqfKnVYrtrprQlfGO9mYsZiEGj/sbftX2Wd73L7oXp/6Ab+28rnxtv3KF46wXo8yfqzOGf+QRQKdT+2pv58zjN3UCGrSANirLHvmY8+a73YiVW8/xuJZN4og3JbPW65FwBpgnvQCaHKFTbPyPIpILx7sKz2yxGzT6Jt2PeSjdwou/fT70tmrwOVucbHJkKUsd/jkI0gzRPLr9Fo5LcALAKQsn70hNQIRgTFgCy4ILurJMBKeYtHkNMdnBwKRh4NlTgJB2vNXq604480ta20Z3E2m3DUxW6XPFTQN9uC5/7IT0e/F4UgQai6HENwAqIPGuOM4eKeouw8pr+RoLMI76Z0B6xWhLRqxrZknzwzOngpaku8w9SeJPkifSFwxxFjacAqFrMwLGT1kg/KIJcBa3BUK8gVRLzqJd9hq1hQtavmm6T3W9PW8yCG3IP4b/Kxsm0+B1pXSaFC2a3elFu5lgw7JeJO22NwPmCUw3cX/zfYcn4u1MSsn2Wlr5tLNwjfpeGXb0w9eGStEZNKpj/OLo5W6sxdO1PIdCRd/IdxFuDd3q3G9cJTP7aMjeWSQhr7bzgzx1K78zZ9h4Qiw4YXrw==
OIDC_REMEMBER_ME: AgARqfhGDWYi0iqE//vNsJfgZBYJklJ7KUUHm3GkD27gNk0JtOobt/RlE3UV4cBGkstjGQkEGldkwshtQk/hAuuu8Qb9PpeDxQOUABAFX7NDcr2hWnDosFSShq724ycY6B63vjzahMBYEGo9tAB07VPy6RtvZDH5EGYcubfSe2GgX/P9VcKq64eO2NkOHJWc1A9cPqQGYqFi3YZkN1yaix7kRW7sL627Slv3nU/yLpFpEwUi9ayzDBCDxfiBZoRZh+Gy4VpD2S0XmTNYgr+uRTmFxEm0gL4qvualqahssswG6x+l6S+KizbLOkhNmLtZ12t166mZLWlzUPQKiJwEiWUK5DfJs2LtZCWyqVko9972df+buaQ4yPEBO212OoM1gF0P0JaTJ7TNzo0hhYxDIBZPIx9RnG7XzqI+sccj/OLQMeyB4p9gbbKHP4YJyyYQTSPK3dHG8BFdfUDyyq1tv5IkzKRHmy48xaumN6KCPsCqrpr8j1XL9oLPGPtDgf9VRjfp01FkTg9ujskxjnfAt6fNw8JThMyRUdInagos8Wh/qxPPV33yN+EvQaooXxq1FhvZtLVAXsErzqXnNbLBmQGx87IpBT4KMpXBWmQ7+XaiFCWXQ2pdXRtwL9IT7c6dtyCpUpYtlVjYuh8L64W8GJuRUjzg6pRbcw0205MFUZfWuOObAHK67K+ChNgzzsCCy4GHVtpp
OIDC_SIGNUP_ENABLED: AgBju2S3K1/i7oEsF+KyOIAyduYJMqA5c/spXNVDtFDgrf5+v8dIa25b1LyNZWctBPLZrcuviQtY3uJWgBbY4cKagheBlwN/eCijghdFLR5U9iFNJUv31zkmnVeOAZqkLKAmO1fmHfgqrZ8+UG5YlaRXcGsMjtuCuteKhF+/ss8VxWNwsWVcJc+xcfK11UG/ogrQ3+h/Ii1RCiS5WSMmQB3uNRvyNQEdDJHdtK6gifK5ZHboHN36Rx3DEzyr3eDeIJasyYgfDtepTBTyw5cb/7yFhRMSraHTpGy3uxJwzzNL1YdCi2EHyllJMea1/AvxUQXQAxD3zOSmNwQdroE8NU/Y+Y/vuCOLVrLeveHaTUWvI9PkIlIxbU1Xql7UGf7s+Y1PTnG7aXWNYNuTCgaw03TO5bhAPX1tBubVT9oVUZgjOH+XGY4nImtBOt/1bJ2xmciC6t2nt+8lUxLfNuFS/876vJokYtd22YHGqHuGSLhAdWg7LcwIilx4iCB3OY0ORBtdE0hDOu5KR282vRqGu5vi977k6kD7sL2far0fHjpb8rOaJqfy56UsF1CjClqQWB0F2vPh/ZNjecC87ei0ds3hCEhGtXxYYdJ1u9U3lZHyvA37NxKaagTHZCmhgs4M6Pdqm5YjsO0iDorv+aBnRkZysqzdG8LPuZNy7BkqxejW9icS5+b4TeJgCButl2Cb2RO77tda
OIDC_USER_CLAIM: AgCKYNaYTjJxEFBsijRDPNXRH2nodeUMG6SBa/emB6QKNh9jnQISn9poaZXZ8Tc/xwy1sLJ3m02x+Uh7/PE+A/jiQ26uc8FVvnjvzzUOaily9Hj+xgKZnjQHmNpxPBfj3pzomWZIEoEHybsWGrae1jDzIBxSeKbMYgTGfwJoWt9n4lnQ1Z++Z5/Texp7o+oV5ZJqsEqvjebTUT+nwWaDicKpDA/QbAjD+ysCim+gh8q8FXDCHZKNgD4OcXONTpDR185EpBYV0EKSMytlz5bdBSKHxVUACTATjf3WrFDG5NtckzmJA3bA85Xl39Jxi9pLP9D0SLk5cSOLkwNbLVL1EeQ4Q2FApXcPGhmEAgan11HQo2vJW3Dsn1R3G69zNC2ArMC6Dz6pH5f8nFId5lyTKsQQs25fCf/BV2we3910a9hGKAEPdkp27xGczu0mBdo3LLWeiFaQcDo326N2pqNm3119mdCdu5I7rhjGGvOLZ7z1c8XwS9NdE0Kb3iQZLqu1xr/FSeQZLd9NNF6qYtyFM3CtdqKSgdM4vpsRkqMEiZA84u7hdglXohuaVOjIaQD66bi0He1LemzyzRkRD57zxdVSvubKIQmedNpeG2yOT7pjZqVEk7FwWPaWZZiK61UhBZNvGXUKSMEWVJ1DIr9QBsK2E4/EGdqWKa/A5+75PKvv1TpINTw26z9schtduuPfaGO4Z/2ThfPlYFwD2eoVMZpAYjI=
OIDC_USER_GROUP: AgCTGx9h4At2lcx4tN5YUBN2PRHG9ex3curTTq4kid+kKQXRUOYckYC3LNzC7aIbJ8byhFHtJVF/T37olPkgJjWzPN6C16C9eGDv8bgq6JnG9faveeXr2zjcceZ9O3bSb4sRxlQ5Zke1Asc2olYP/H6br4VPDdKkDsJ5h5/B/W/dd9FDXuPAbTp32bK/l+3YStR4Zpmaldt4hostPu9TXfE+UxJqcLCFMtQuHsHEtFV3Pimt0XIkoNPsodpKKoAhje8vNwk5YYSlhzH13XgZvKcP43z8bfekicOgRNM6T27sVGRrFM4sE635406sOXWXbxJzwlBQJTqajCtX+tAtei3LHdr0l1sjjyMDzlREUq6RYt/6klMZrLW5gsdma769AFA76JX+e+wjekmv72/aqUVn9635IamFM1J6+jIWKdWo76vJwzR/EisO12vkSbocSoAEsUxc3rGMN2aLZEvo0LjsjENKlj8fNxog5i+4jO9Bc0AXEQaFhlQwPdIKlylQPhrSiW/cnDG1WemDn+e77a9NiOkDxMXGequzdC5KyIeIrSjITXpg1MQNa039yIKkjfVL0uMsH7OL7+qzKPSPm5LOABBxKducSHHK4t364YD+8e7KeQStHjaCTpcxgf43at4BKuQ31Ty2bWfpMRofGRBvJPusgjXrdutNEAIVrzFfW11o0Yx06U7CRF5198yXHCig3zKgxgQW
OIDC_ADMIN_GROUP: AgChDLTJLcQutEytCeipPcd9KOPQzh2LiObcGcqSBv54IojcwOSYrdKODrF3l8IR98L4PH7sAvS756vlZy+UxElgtwa951zqYGwf3SHoBMU8fl3QU7ZG44vGHKAZ8+gi1ybDaImUW6xH3TK24PSWH8bvwjLs2JAGCUQ1hPzOQ7yQQRPRTRk8jbhDkBefy718eSMqTSrxJqakIPgicZcIeMg16d7pFMkztEuo8iZCPTF8XgDbY0HVJ/pGxAf/rgerLCeOfdKF1tJRulUt1VzmX4A7Votyg521twa6RIN2NvgJHRYEmMPTosrBO/i70OwYcy8QI3PaWisoId0MFSSYk+n1iCU0EM3pXVal5rDoji4EVjazcuRjZ+TQ4SZh6jkRrHGyDNtrs1w7Hdw0GSwb8ONoGPiZF+qU34kDQH7tkNZ+iaG5in8kwSbZoLH2vrdUv/2yNXtHGFM4eJNwcfwMqs1wbS3zt2c73JQ0HgE2c4ocy4iTJbtd13fouNH+MPFl6BJXcMjvMdUaxerEFZQhhdvyx69ATMyLsUqgodr+vSFo+uA9gtv5JPyiA8HPJPJ05plSBAS/QxaV+F9NCbmI/XG2MM/i55dy5dX3lLaTehDtZ/TZK/mVHlkue+4lHisrtXFL2UGlqdX/QPNX+ccZ0qLKjnvobflBPqPr0y35KE+QNOVNlup2mVJjMr/dgNqi6Xm34UwX4GaW9y5Q
OIDC_AUTH_ENABLED: AgCC/9BtmP59y8keEx9z6f2ifXdatpR4BBSCpLlpELjSBPAk5QrZ5v50n8Raz6zUt7+HVL5CYsShGRPoVqTd+evEqDCbbY+0y8fu0Xrapcq2V0I+DBfOzob0V53HpIzHdcAEyGXEqhE9zTDoTlZszmUCQzB/ih7Jr8V0bq3AKh9n+y4REYsHoiecPPb1MeuJmp9mfuSU+dVqvW8GYwumLQmpH1+PrWeQvf94y48yMJ78wroR3MoUIrTPuVe0RCAK+A25ODrXSaT9et0qx4mzS+qW2Vjpyh7MiNQhJdaYrGHlcUcje9C/RRsqzFdwXQqONwAAQUfH21fxMjpyAD4O3pc5X31kZ216w4iTp5DlTYBH7Ci8sUySaweQT1XdCBTqZTd+Q1fkU9UJqkLFZZ0Vds6K0GSQlqxcL43t5jp96n5uCm4qgaEX7oBpz6CqYM0Zh1OsfFe3ju3IBaPLNpboY9BwXaOlnYIMS+BR7hZGWf45cyEjL5IyEQIfpCw9drTzwnQAkiHtWo/8gzgds9FcW0cVPNx8XQjlZYw/voYhFJZcpNkwk+wl4Vs6kHPwtYAhR7nHj7nyqyd72IEutd0LZSL2ICMFKQ3XbYKa7JZlKLeL0gy3YKm8D5I+BRDBR4AB8MrjzSkJR0C+FOHVMImxLIHblEtVoOla4xWbu9aa+fB5hUrJ9EpwSiBYJWQzKshHx6cvX7Zc
OIDC_AUTO_REDIRECT: AgB6K8H8eDmuaRhPeeKVtkPBzvtdEgNzBeqBLEPOW5tE0YiWT53mlQaW8eMtCUI/yvIKY8Tjcwg/CoiAgtboalS+HoJ5vUqfBBgeqYRE8xdRw6QJhLjKIViyg/wsTp0epmL50XX2qg6FINVWT6A8P3OXmVP+kxxr5dZDJ5jT7Af1j3XC0uGZWja9DWkfz7AXiUh89kekGqO4rkplQIBmPOUl9re1D5JFuL7mCmqBo4MNHV0baf451+XaOQF5jKT/luyHkvjs2V0+YZY7BvBqmqg3Dt+buAMyFnXAziVgcpSRzPQtGSCq9WJK5JsDfZltTVkzyJP83Vb3fPtOnBs+7ZWYshOh/1r84hbdEUOjTec9zcYQY/1MGc+4t6DsK0st03cNYWhKBBeN8nmUGMfca5kGWnRx5nJ6rjrF+Tw7yXJdjRiZ5Kom+VwcBtT7bXsxpoUYqAY1W4oUhpCrGGG6431DbUbjWMSaHPDiGdF6rIMD3OmbOaUxGTooCvesoRTdia9pO5Jk/c694N1MVKW+SNInuyZZ3BI8oxi74NV1zZYwTCADHSvWShuqCkZtnX1Rz1kNlI2e++HFnObvfbdXSyDymwJ0WX8rO8sXJYzEkJLv021Tdn64+1jBKviAi7m7FfS9/E07AR7OWyEjv2KYgxsZMC3KR8mEs9WZYYqkvCuKdWQofpLOTjkMVJ69X37EKUCGzUvr
OIDC_CLIENT_ID: AgBosCGO5L+/1WJIGaNA4Z6vbqJL57JtuRXQDEICAiTJns4YBqvpbiIg+LZ6b5DDwHi0uq/v1yd61TV0+A6U7t5LYjRsywryseP+vGycDQlPWIBAegs/gVzMspNOrJe+g00VEfbrkZl9U63WMKAVBJS4Qd+MHzgnSxZ0IFMP/vaSE7JQ25LqSMjWs/OOBF4EJbTf9RV35/6kk6VpYIOLlT9Y4FaFwilj1Fve7YROIms5RykrLeEhIw/XeKjviyZqbE+rRsM+3lo0FPwVTruTGNbqLBrYox2FSVK6y+xPp9IHREu+17gf7ROLSj8PIhG3Q0mWOSfdv2qbB7RxOfNf4eGwy1m4rL+DDwLU/g2rZNnIvxa2C+l927ADFj5fJCuBPV9o8PtJjD5zsE2wpdqJ/PJMpg0106LylewH662hvIYL3u5s3Pc3mW0jPElgygnZYihSRxzxvEYdfw7+gV4alhlU++X/C/qwbzw1g+ZqgbVYH/jZxixsAu7fOiFRW2G0qkvnKnwJstnjs/Q81R816dnRylETxtINTpyvSF5MAPE1g0HL2Ocs1rOqLsL68FpPnI9GgOD0bkStuYSq+6adMyPmJgyzOqa9sGjhQvrLI4AISx0YVDZLaG7UIp18UF9AFQhImkv6hh8jpOHR1sYmmWKBwbyBJHtEpDn4/RKGjb2v/AHvUtZcE9TAM7kQeP1fRWPXPcA3SfF7
OIDC_CLIENT_SECRET: AgAI7LDC9J+IQk6qPSxs5PSyr5fKAflxBxfCd2IcjQUKc4mCLzWdcQkyxXuOqLETCpT9yNFlRA+g0k3Bc+Sp+Y9rmF9nS9EyshezZOMT8/G5bacEBXgxxlqyTQUqXp7FpKK30lrBvxa56xDeatF5G6H68lLfJ86K2FH35f8IvRJv+GqFrOQ+PL1M9Kl+N6XpNihy70+jpDornbNpyr48yFawAone6zKg9qFxeJ4FHPL5wYrS0r++JoEoCGo4XZ34mPHQ1jiK3wPiiuGhf6dbAvh/wlCH2+ehiTnOQwKUY5C12gVwafOrA5BRI/TBjlTrAEG1qjxdff10fkkuFaa3Y07V+lz316H1+8xdzPVNDN5bG0hVVVWmj1jAuqUnOqPEfzPOc4jUFVom2wSXI1SS3n1oeDnTiO/5vkmTRcQZdGeuLM0+StTtXHmbtrfU6ZyfdtKoZ209jR997pYmNf8PrDbhKtcvJaxbT6RHqXpJwk4fKtQeLInY0Pl0HSg3f+OVLdikESgX8mJm/nGJxwN/y1cSjLawMoZhbvHP4aWKWokLxAvX4pfUfm9iv5fm2pwQ2eWWKAI0P9I1l9Dbbs0u2HC7QLI3EsJFQ/D1gkhall8cLPQmg9LnsXpnxnKXtIMLS8sNqE5TyXTX1AvFJz79dT7nezS20TLF2chZ1ch6tpM0n7JNYVaD5Rgxqc9XFpUvJrGHYjSR7twjXZd0XRVXCOBKWwe6aSdPi5OXtu1tBvvXTjoqMbQrGgk=
OIDC_CONFIGURATION_URL: AgCZnFFlMYEQgPBXanDrQRdfPad/xux4wIVXpPfOqsDGzWSYu0HYDuoO8cETdf0fI0dppwAb9167Iz+sz9t36b4jb5X4nXTVWa4Co90s3uDwRsvMcg1dNMK8EDABxlGS9XThwehs6qXyYSN06CF+SyrGZonDgVcXb0pEW5B/EHFc5TwRrvYvVe9z8v8JbNehQet3HxXZBepkuntI5CzCkCseTvOiKV6oohr9l1DaK8e0IHQdq7XZshdZ7/CmafVY87fGElC5J2nhAML10fXHwyJ8HA99mwLFIvBLnlAc4KnG3FS2uysvoKrUs+GPXRgXMBlsL67upV5jO2B7VKQRpy0VcO7oYiwMV7Lc9EkOOgVNghIKGkCVQqN3JOuaNg3vuJlutDjLlDk+oCBP0BvYkZ1U+1NmndKRG/7YNXJ+MOe3KZ2gWGZgQLzpbmQRq81FxTn2rSNhZyBsMHyviIZFqZJyXnln6xPRIi4uuxtRQY9PLVcwHd6Q9hi6n8QGBYNc+AEsGwy+9upkZ6hpyo4hcOCJi/e0aUH92+Y/feNGYAPFBHP1sTHP2sEbVFISQadDdsxQIvQvaJy0J9+UKghz/qAsipkBYc2mv/waJwlpnFqDoCTOIkIadutyBAehkXawNsDXcWPU52hGpQ6dQQKCIxsRKBO0JQsI5rFf4jc/PxfSUYu2Fps34mmMggAb00UBLDb2arNdI/OcSirZ04XSp6G7Eeqn6gfMfrrhnnqpg7zokXXNMcLPJcrV0jHflauahmft5+LnWHfYVa0uNAJP
OIDC_PROVIDER_NAME: AgBI3oFosMR5sPgr6JqFPJX8U8A2XNNYpZ7C4XIW9VPeczIU5NUNQaePowps509Y0ddHXPwASr0OeTgIVU2Z68Hg6Tpj8CehL+P+DaFMOqMOub0qmrakLBBaWcaXprQi2eys7mP9jqiC4iMx23w1Yen9lid9FSjLIEpfLE1VsPzAUcrvGMW8dbgwchrxKnb0HG0e/bsyaLubzEZWHfPaUo4cSWQf4KWAhYBlfZQAbNPkatOskzKw7nZ03X6RI5oub6hjcBclRjMh28MsExIRJDwWtB/inwLpWEAiPOU7xQmjQJdC2BqmKXHyTk6Z9rnwgUjG3pgH74mNH7/pF1ekOK220JYTbMa6Uga0r/v971AlC6RBEo8kuaJ/xptSdHp8lfg1spJ1sYobV782+zmJ0rc615BsYwef4lcFDBSXKnk42NhUNY6OORNbwD/tW/Mxac3o1OOoe3mSgRnFXJLqTh9i7D6kN7TiQ8HXNgkEfZKoqCloKo2TKW2gB++hXJTiZ1ItocaDPbPSIaq3LJsIw6YwwkXxBQeOmZhYLpaPI8dHjn1h8Jg2CPKNQJdAossrsHpBrEM+UXA1HxVmUCv/q5WIum+tO1d7sKeCuZ/g0JOcNK/tX2+tYY5fDT2G97GrXSGpgZgIfhYhWStYfkcOdB5ayqj0ncadZ0uJ3akFWBLHAr6sYemmVtW+BYbMLTTjlprGq8EIu3Kyqw==
OIDC_REMEMBER_ME: AgA0vxQG7k6gaMmviyTVccCkIl4r37YHX97gO8ZlFtZFhBNIXti7Ocn3R2paSf5J4A7xT5Ml5imfdn1jS6XXBM/z6oXA7kvyrh5V04vcueGXtOk6PSzdqMB+qsmZr8VuY+41CllUwXyXGDLMCzQ6tA9K1rdLEQoA8TYdDi3KI91vb4JgOTaAum+JHXI8N3ZguzXyF7nTR/nTtoqvKoD9b6/B69Gu7FDuef0AEAf/aFYQb6JSNeStKbYYyNjY30/MdECEf5Y5kl6mtAT54KwNiz/GF9JMKa3yAO4XVc0Pq3Fo4BoptW/8yyngnhrjB8c6/LydTbwQgrxXO6JJKOnLMMrNq+llBNFyBqUD3ZyVzY3CRAetL3loAdoA+zTQCAKMoRjL22m48yyxdBSC9Fwy9crb95DqJaEQa1M5UrDqt3uWsEoJhrT5dUUnC45N4Yk9/cTWLMf/xSqP9tRWVcw4wyU8b/ptuCTqq6WvMVeS+MCLCnQnZB6s/sdFQBm7x75P2llro7iwYp72YRAfV1jZavUXc6XxdVvvyFV8Q4bNRxLvXgjnuvD+6STTmqzlceVkxcv1KvDyvjxHtcy4qxr3dU0h+vmo7kkTFfcaJpmIP4CTVc+lkNvj6FvkXwtmiW/RMG7kW8ES7I+tHSD2hJle8FWciAwP9iZadszTVOSgyx+S7alOXGczUDAe0bpWqeNnIBkJYpX0
OIDC_SIGNUP_ENABLED: AgB/TkKgJ1GioaGCvyXVA+RRHJ64/KqBt19dNm3LUdxGrhQYOq0zDmNET26w8FneYXrP4zH3IY+ZvXkS3L5i9PNBXkUGhXaoNXPx2KYm6c6YeGkrW+sDlCVPFx2zypCIgXNpJHiTIb2vfZHTyVMvmpo1m9nlQVfdueFV5ToLwt4pWR04VYCzXoaSILqJAuX5IBkhac8hsr4yc6u+RuLhtDTmziB/3+/FWA+Gsv82U8CNDBCMAyLZ+439F9aiJv+scOzVzzmmIxfCz4GPzfiTmMcwlsAjqMs42C62x8m+yoPAs9/Ur7f0p7JYE8fjYQbWP2OliJic2Nm9KaS/o8akojIKlIN36Y1I/srimuH9LbuRJlwRQjTQ4qq3quiW7Z/7Tgsm71ISPqeLUHO2xR0714MnDMW+dOwRoQzBaNZepo2aEb2DhiVzT1OLsSeGCs6UOTau9sjd5ow+pCBZWUNPAzrcskw4cSfoHGfWiMf6wytCp6agiwnogM9wMAdjFXi9VnHxNmn4oViCmeg/y36z0RDyW1p8fU5fv68qWoqiPH5lbzJUcKDzW9HpfcuaGaAKJrr3RbEqdqxh6pc8hLwzzCo+FxiX/UAnMd+2BCFWzEQzWznyin2Z9vv4d7dYYiKRmoLxNQO5T6xSZvv0DYd9dhSxy8HB/viZuBh7AiprORuh26jCotcbKZq13/x5xC7qm7t4WQzO
OIDC_USER_CLAIM: AgA/FYOGrV1qHlvdlJd8HNOdG2VlAVTo6nEoAtJRn3G7z3OkexS3O51x3TsiIhpKliaFl2/ATZFk5okUnUSeoibqpxpLNVMpVF6VX6IrnjxdbtznGpyz7sIri9RvKZwTpuDT8wNrJ2q7t1xwvnK7QYxKzf+rIkQqcSzN9k0QF7XPE7ijeWSjqMpbjRya+vxjWR12L5BRmtUgjrm7J/8uRMkVQQtl3/Y0c99qMwj91v1F37RejoqOLC6OFdCOhVvwatq0C+y3F7BB6Zl2EQBYoinVuSfmlJ9rorSyAeNeeVb7s5vm+WflB4Dn+taJAFCuGiq7DK8n1XDvkW7kThlJckdXBfEiCOlzYCSdiJ33ToV2mWo0zSOZC5UrYslx5hhzwdb+Nw7/74c3g0TeV8doLWhczpd38eYEkYrFIZdQdBtwK+Lwlb7Bq2eT9X3l73uE2ho+u+o2o4RtQdCw00TouBJQBf/vhyEfk6eWuhHikIUVSQAOm8mCKaOseH+m0RMrpbDDRbl7pcrozSUJjP1eygTVPJwQF6uFjIbvNHsodP1ld83HTR3vMfwfwwngocEonnayUDeYfk2KOdWONUFmfh6k6miULhNr7QVnTit6b7EwsrLuu8UqJzih/pINELf/mA2oliD2TCQH6WwSu+G7W/BjECO2ANyJE/1UQxQxaw8NtmRtcuIU6cdHi7ow5ENYLnYb1GXQBH4TGGZgKBaBGUEz5gQ=
OIDC_USER_GROUP: AgBIMaa7sVROh0jXJQLrnKVKzCRg2Xg55d4Xp5sQFQ/hBlrFwSE+fj/Irx2hGx8TiuotN3wG0dIJgxLt2IGcXSZoO4iABz6tI88yJgP6InRjU83qxFusjxljOb7JI4Vz/OV4XpxMEibcv+TF2z2669p+6hBbdgGwWAO0luCYPKgwTZWDZr9J2KOqCK0rs2uVtR//UnfUNTM8IbEHDxKJ9aKmB3Xxpgo6xw5ydx2V5J6juXF7gZbthGapgerEMx0D+cdCQwyRmZZaA03IuZbNqgouYPpMJr15vCGsyZWM3mOJ1GOBSnZVTsubmd0WO199LDognEjKNTN+IPbTZUp53zMjcFf9bCfHNZe/+bTs3Jyb2IEH57OAjuMhiA8gU8oBPq9i+CI+NH76MTXrIKdiLtUAfQ0Br1bdR72AmWNpaIC2cGA60QVAtTvHtr/SZBkaQos+KpVXeHVG9WiK4ejfVkFX5r3EjVxPQFs7sGw4DCuytaNjSM66vWqsodC38bKqB5RACR2ApDJXGgQtA5L3jFHzV/Qb66S0I5WsX1+u3E8Sx53Q2/xI/MKnK0VrLy1Pnlrb7GWNyyOQJhB764D8UwA6ElTt29/IkJu6c378yOGsZSNMd689mfoPLeYhby9DMLgQOFMRx5euXIzojpuomtuclP80BzGUHBvLKLKZGLf8HiN8ko0X250MdAouFa3EhNvKjaQ6YYa5
template:
metadata:
creationTimestamp: null

48
apps/stump/deployment.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: stump
spec:
replicas: 1
selector:
matchLabels:
app: stump
template:
metadata:
labels:
app: stump
spec:
containers:
- name: stump
image: stump
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 10801
envFrom:
- configMapRef:
name: stump-config
volumeMounts:
- name: stump-data
mountPath: /data
- name: stump-config
mountPath: /config
volumes:
- name: stump-config
persistentVolumeClaim:
claimName: stump-config
- name: stump-data
persistentVolumeClaim:
claimName: stump-data

17
apps/stump/ingress.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: stump-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`stump.kluster.moll.re`)
kind: Rule
services:
- name: stump-web
port: 10801
tls:
certResolver: default-tls

17
apps/stump/kustomization.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- pvc.yaml
- stump-config.configmap.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
namespace: stump
images:
- name: stump
newName: aaronleopold/stump
newTag: "0.0.10"

4
apps/stump/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder

23
apps/stump/pvc.yaml Normal file
View File

@@ -0,0 +1,23 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: stump-data
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: stump-config
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

10
apps/stump/service.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: stump-web
spec:
selector:
app: stump
ports:
- port: 10801
targetPort: 10801

8
apps/stump/stump-config.configmap.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: stump-config
data:
STUMP_ENABLE_UPLOAD: "true"
STUMP_CONFIG_DIR: /config
ENABLE_KOREADER_SYNC: "true"

43
apps/todos/deployment.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: todos
labels:
app: todos
spec:
selector:
matchLabels:
app: todos
replicas: 1
template:
metadata:
labels:
app: todos
spec:
containers:
- name: todos
image: todos
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 200m
memory: 200Mi
ports:
- containerPort: 3456
name: web
volumeMounts:
- name: data
mountPath: /db
- name: config
mountPath: /app/vikunja/config.yml
subPath: config.yml
volumes:
- name: data
persistentVolumeClaim:
claimName: data
- name: config
secret:
secretName: todos-config

10
apps/todos/ingress.yaml
View File

@@ -7,15 +7,11 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`todos.kluster.moll.re`) && PathPrefix(`/api/v1`)
- match: Host(`todos.kluster.moll.re`)
kind: Rule
services:
- name: todos-api
- name: todos-web
port: 3456
- match: Host(`todos.kluster.moll.re`) && PathPrefix(`/`)
kind: Rule
services:
- name: todos-frontend
port: 80
tls:
certResolver: default-tls

14
apps/todos/kustomization.yaml
View File

@@ -6,13 +6,13 @@ namespace: todos
resources:
- namespace.yaml
- pvc.yaml
- todos-config.sealedsecret.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
# helmCharts:
# - name: vikunja
# version: 0.1.5
# repo: https://charts.oecis.io
# valuesFile: values.yaml
# releaseName: todos
# managed by argocd directly
images:
- name: todos
newName: vikunja/vikunja
newTag: 0.24.6

11
apps/todos/service.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: todos-web
spec:
selector:
app: todos
ports:
- name: todos
port: 3456
targetPort: 3456

16
apps/todos/todos-config.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: todos-config
namespace: todos
spec:
encryptedData:
config.yml: AgBRKmf5GSn6EcCH4r+I/lJkNiwZp0Pa/TFloYlPzqJ1aQWrTRDCLiljHYs1n/PTBWWv5SdWj+3Uvx4M+tzTXpRTp1dWomJ1C8pUDpf4N7SSZeAMoJxz5/mSUpA1YsYwiy/jhOzSsaeC80JX9WTXhCE5cnox/OUjcDf62vVg/7kgy8tHYpCSRmTGMah82642gP0/rlLpp+ctb29oYttmL0fWafHMRHgZYwkO1Ol7tmfbVOfr/bQljTQD3h/f0+ef2s3kDNtAkXSBAwHo6TfukB5bZi+pj3q3TLHAWU/belC38RZtIYW7trJf20WzbxxWKcS7rnQ8GHJqpbNgoWdnBQgP5OGHzySnQrdIAWLvOxw3JdJ8S1ZMbZfWASGpeIdfTI1p99Bhu1MGE3nnAzUCM93sLySE/mjjGDPdA9+Q7orgLGX3ct+w4deu1ABLR/HWxFYvPah11xs+MyzBFVh2rRj+MMzSWwQmbo+widmHWnzx6fjTiLd8eyGmvz1M9hBwFjqUTjbAR70S4xx2ALlYqAtbmJUk07PmTdTMhvokvaY5NX7Ylahx2oFE2q/FxMBwvPZVyI9tSbrZHEK9a67QaXnnwyfSqj3nErNkpdAa/zSJ9M6SG5cJrJvZCBn5cFg6pxtY65wZoj0GWMZ5kF2oqxDuekdjitWGMTp5q6ROJYSs/o3Lc/Abga9pSZYEtNrHr68tJuSeO61s9TjUftbkxkJ97/dwTfVQOd7aJui2EDp8NVcZg0CkEOgI7tt0nOEsll30RWS46QJwUbJM34FD646bpEk50K/GsIvFovKjZjtoCjeKczGdMpYS2XFwEMb8UjgSATxcVYjSWwvx+7prEChvoyVcg8Bi8ZEGcBVxSAD9fJu8PtyPBeijs7ZVwVyGGxiSafd3gAPU8spSuvbEDl/VZAKy9k2vrI2c/gtTqwaIasnBHudIbbNqDHlTlH8dk0z+kuNg/AzqheZWireMvBvgQ3TlHan0RN6+vVpZCY5XbzWkj/DEmoor8UfeuYt3GD7/JHniAorMPj61n2od7TLXmLunPG/B/zNpJCgJ8LgtUriDDZno99IDCXaZ/MO2+jppMaKizl83axxrv9HUTYDDgtX4RqLLdutd4i/AsOe0GgayFrOjUtDVOL6MKhX7dRJfbNsL5IcGEVZ1cdzcjjazoDpSlDdMC6E1XNS1NWprqUpmfjFPtFk1FWW3oRF3iEYUimngYvy6oTx3d70EZ+eOdEvp6A+aHbmG6fyEQb3AKYhMIOsn4AbKpDLjTsHiqWNGwT9ummS5kOLhnWBBB4ohDpCl4UMCtP61+1lhtx//Jne8QFAoq31MMFcCO2X3b2JfD6egLDc8Vwju6NHNy7jrmkponKqKxQPSs0w9Aj2biUBuFkMCiAik0Cf1fPk59bjJqs2ypwURDPAs1ShPoSU=
template:
metadata:
creationTimestamp: null
name: todos-config
namespace: todos
type: Opaque

51
apps/todos/values.yaml
View File

@@ -1,51 +0,0 @@
######################
# VIKUNJA COMPONENTS #
######################
# You can find the default values that this `values.yaml` overrides, in the comment at the top of this file.
api:
enabled: true
image:
tag: 0.22.1
persistence:
# This is your Vikunja data will live, you can either let
# the chart create a new PVC for you or provide an existing one.
data:
enabled: true
existingClaim: data
accessMode: ReadWriteOnce
size: 10Gi
mountPath: /app/vikunja/files
ingress:
main:
enabled: false
configMaps:
# The configuration for Vikunja's api.
# https://vikunja.io/docs/config-options/
config:
enabled: true
data:
config.yml: |
service:
frontendUrl: https://todos.kluster.moll.re
database:
type: sqlite
path: /app/vikunja/files/vikunja.db
registration: false
env:
frontend:
enabled: true
image:
tag: 0.22.1
ingress:
main:
enabled: false
postgresql:
enabled: false
redis:
enabled: false
typesense:
enabled: false

8
infrastructure/argocd/argocd-cmd-params.configmap.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmd-params-cm
data:
# server.insecure: "true"
# DID NOT FIX RELOAD LOOPS
# application.namespaces: "*"

3
infrastructure/argocd/argocd-oauth.configmap.yaml
View File

@@ -12,10 +12,11 @@ data:
# If you want to store sensitive data in another Kubernetes Secret, instead of argocd-secret. ArgoCD knows to check the keys under data in your Kubernetes Secret for a corresponding key whenever a value in a configmap or secret starts with $, then your Kubernetes Secret name and : (colon).
clientSecret: $argocd-oauth:client-secret
skipAudienceCheckWhenTokenHasNoAudience: true
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
requestedScopes: ["openid", "profile", "email", "groups"]
# Optional set of OIDC claims to request on the ID token.
requestedIDTokenClaims: {"groups": {"essential": true}}

4
infrastructure/argocd/argocd-oauth.sealedsecret.yaml
View File

@@ -7,10 +7,12 @@ metadata:
namespace: argocd
spec:
encryptedData:
client-secret: AgAGtwiMd6OOz2IT2QJJR6unSYgLqNVJCb63a6hHko749nK8Kx1WgLwCYT/UURQYUusqMMPkNqbkA+jLUgh92fa7MKhtj4GysSvWavB+j8oFWT3YZbNcYNoJsTxg8mIRKiMFmp5um703e5RtGCv7eiOWdVtHftVv1BycPVeVHUuLU5usc8lmgnTTEPiRUEUB8MjGd7bIEgJ9q5oAiRTiwefickS1NgC02K2K8hVAhG/VkP0lqYn0xYgsy4W4i/7Q7AxRxCwX3y23spjXNUCRJRYvgF7Cf+MHdBgk6xPtvJF3jDLJfw8H2ilUx0GaxkESCDIE/FSVlbhMXmUdVYB9SLVo9K/tzqHe536ufGWO+U7H92mhZl5oZcA7qP9iXLUy13sAY/slixbKT6y4BJ3Tnt/pK1IydASsOE/uuwuN5q6AHWvG++DSHEPfE8xOH3bRVph8aIJD9hi8UlH7KGlEDPIaY3twpaJDUweaGVRTEnjvxW/hKfp2SF8A0PtGDeKSSii/XBZjxjROdOvE2+xM/WTVdVqddvErzogEKfljMvb5Z4OQiNj7fFvFMVuRD55To8p/cYZu+KHx+D8tuUMH3zk6AdADs/0bjI0xAz3PJUAmVp4RE4k0vP8LAImF5rWkIyVUcvJmP8S90jf0d7usJaEFd1ZayFLyUnwGAkP8ua2RiupnNUrZ/49A31cGm1RCpw00DGEJ/5VK6VMP1+T4KOUP5pB90FUYVHUv6S8dAg==
client-secret: AgBmXMtAHgooKGgj3s/ndddVxxOXqUYyGev5BeUoAYL9IYYT3yB54cQp7v1suEwVGUJQQPOgc3YDUeS5kdOLcpYi7mOi7/aJYPmUHx1DU644JsebpeqJNMFt52SCynLjP9Vntlbkji9mPCQj0tHGhqleA+3y9mamuz3tZ+kaSY4+qUywXekMQz13YQgagQc+0BK2xzUzVedNj2AB0NmCIs8oOIL1ZL0iMi/+/a1VSh/pzm3Tv/ap3w5nqP6FUbZLcL0hU6+VTa6ZqoDcIIEm5x23tDXwgbHM7CJ5E/bHu+cNrvVO9XqI5x4KRIe/TDJGmO3oZ4bdeU2mtIxTXIHG3kKFCQzKPqteffctEusvdyqkpCqPsLUny8loOQKX8XjY6K6a7fMsYUsKkJ1Le3Zuif0AhzNvDCX69pz3uPEOf6ZR2pU0B0g3fc3gIwIuY97WiHzHg++pLJ6/yT32Ja9Ub6k72fJDA1HvvAOY0+fXoJdOwkJCfGFF/dXLp2M1/3xxDI05mJeFywE9NYBrb2yRNN9XAdwSJ5mpRnyiyBlMv/1W52yDBCavyMR+vLlyxaXGeVHvDSTdGCY8bCBEz2kbm3WEFxGR/LM3ls6d8WvvT5YJ+RxxEYSN/o0Zi233AK53toni+e2luBBIjUITa+QUIxpeWrz2aAe19PO+XiDHu8G2sErWxwE336USCnOiFIkqeJpBqtfOm0sWnxmQWhucMqTlGYdbus+DBkWWM23JLFuRsOI/VawqRg==
template:
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/part-of: argocd
name: argocd-oauth
namespace: argocd
type: Opaque

11
infrastructure/argocd/argocd-rbac.configmap.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
data:
policy.csv: |
# use oidc group apps_admin as admin group in argocd
g, apps_admin, role:admin
g, argocd, role:readonly
# all other user that might have entered via oidc, are blocked: deny everything
policy.default: deny

6
infrastructure/argocd/argocd.configmap.yaml
View File

@@ -3,4 +3,8 @@ kind: ConfigMap
metadata:
name: argocd-cm
data:
kustomize.buildOptions: --enable-helm
kustomize.buildOptions: --enable-helm
# switch to annotation based resource tracking as per
# https://argo-cd.readthedocs.io/en/stable/user-guide/resource_tracking/
application.resourceTrackingMethod: annotation+label
admin.enabled: "false"

26
infrastructure/argocd/ingress.yaml
View File

@@ -1,19 +1,17 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: argocd-ingressroute
name: argocd-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`argocd.kluster.moll.re`)
kind: Rule
services:
- name: argocd-server
port: 443
tls:
certResolver: default-tls
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`argocd.kluster.moll.re`)
services:
- name: argocd-server
port: 443
scheme: https
tls:
certResolver: default-tls

9
infrastructure/argocd/kustomization.yaml
View File

@@ -3,15 +3,20 @@ kind: Kustomization
namespace: argocd
resources:
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
- namespace.yaml
- https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.3/manifests/install.yaml
- ingress.yaml
- argo-apps.application.yaml
- bootstrap-repo.sealedsecret.yaml
- argocd-oauth.sealedsecret.yaml
- servicemonitor.yaml
# DID NOT FIX RELOAD LOOPS
# - github.com/argoproj/argo-cd/examples/k8s-rbac/argocd-server-applications?ref=master
patches:
- path: known-hosts.configmap.yaml
- path: argocd.configmap.yaml
- path: known-hosts.configmap.yaml
- path: argocd-oauth.configmap.yaml
- path: argocd-rbac.configmap.yaml
- path: argocd-cmd-params.configmap.yaml

2
infrastructure/argocd/namespace.yaml
View File

@@ -2,3 +2,5 @@ apiVersion: v1
kind: Namespace
metadata:
name: argocd
labels:
pod-security.kubernetes.io/enforce: privileged

77
infrastructure/argocd/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: argocd-metrics
labels:
release: prometheus-operator
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-metrics
endpoints:
- port: metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: argocd-server-metrics
labels:
release: prometheus-operator
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-server-metrics
endpoints:
- port: metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: argocd-repo-server-metrics
labels:
release: prometheus-operator
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
endpoints:
- port: metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: argocd-applicationset-controller-metrics
labels:
release: prometheus-operator
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-applicationset-controller
endpoints:
- port: metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: argocd-dex-server
labels:
release: prometheus-operator
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
endpoints:
- port: metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: argocd-redis-haproxy-metrics
labels:
release: prometheus-operator
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
endpoints:
- port: http-exporter-port

10
infrastructure/authelia/README.md Normal file
View File

@@ -0,0 +1,10 @@
### Adding clients
Generate a new secret + hash:
```
k exec -it -n authelia deployments/authelia -- authelia crypto hash generate pbkdf2
```
give the client the hash, store the secret in `authelia-oidc.secret.yaml` and seal it.
}cnnhzH|Mf/yLn(v4rF#>KnGMgUS+TY

20
infrastructure/authelia/authelia-internal.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: authelia-internal
namespace: authelia
spec:
encryptedData:
identity_providers.oidc.hmac.key: AgBiAFMdVNGubsvfYu9oi6SE1AF8ZmiSbiSPjZhrSjpw8J8vN0Zjm/4TQX+I+qD7GQu0zO72D2hF/26fBZrLx2N1IJAj0va1NYEkmGgAaYa3lVC948n5OzyNPpOwfFCMBKo/BJwh0VeZ0wa7gm6L7+Gfk+YutGmkNa7Cuf+F/e8LxlT0MHlyoj+YGzeNEWkm2uUv73f74ND+a15AnBkvGMfm5A8vt/EdN3IOqD8EUCwRpf+lqhrJe9Mwp28kHp4NdO2W97I40BWA7LFXQco7CuhjNafHkpaNMZ1bkbYLjlpqyC6Xs7bCZU9wMIPOHL9cGt2QvfQG5gMWrJmJsyes9qadBk/TKmqPi3iPH2DzUYO2vMETI765RVrL6IVOwxXc663JxfpZVQTiCSXz8oCVYZ7Ka7gcjXSPTMSxwD2cBVG9KDwjntYaXTairO/Kyx0HiPbbXzhENYkqY7oZvJde/l83l5TvPi+M4/a0Pa8COq8voRw+Fkrfw/qhPDn4AZnuanceOLog3xfrXw0Z45rZ34unovKP+3NjTdBUX5YB8OgGd5tXc4Ur6oK8nxt5IhQ1EzJkh1VEUU8pbDaw9EX1xCKZxVk86MEzW7zqFZWRve5Sp34CJdwHcUk8hLs2PweEzyvibLJIACn1mQoM6nC+Wep5iYXjUzQ9qobItzKFpw/mGsceCu8VqNoBtQBws+I47EF2NkzT45szvxF9tvSzmgmRBHtzES11bqePopHvye4310pywFYJ/WeiWOLEn1IEd4rrTJ6zIoqU1QH9qHShT4SoT0uC5wqz+Tgl64OdMIHKwQLcWih7A5lcDMv+jPV1Xvd52g3EYx13epNTPHtHwi4sBlFi1VuDrwXgTAlnpvM6N5Ij0qNNK5NMcWHerbLyOaMzng1pOtRfYA5UKGG4KYQd49vh5Fw9mHsk9/lelT+iyTs4GhA=
identity_validation.reset_password.jwt.hmac.key: AgCOsW1JBwnAB7BEIkEwqTLNHX5N/HrqHoxz7axdr3ppES7BnPKGRak846aKHrUVEykAV470SCgdwomTh/KBVAvHtml9L8h+FBu24rDbqZjHnL/BVy+2SkukNoVq6A2vDQRI521HBZntQQljhG0XTFTMMyI7tUhhM/PwmzeyZpKsDPcw6EJAMk9ERxdYtM7iaYEIAAcn0N2NPI7+I/A7nMKYpx4oGr79tobQyM1aDQF2VFwlRq1vqCrkEzBtPUPa9SrfnFE2GrIJlIR3xh/h5SmXCaAjF0uZFjPBPMrHSU4XtZVqtmwIEXpXFqjf+M6N5LTA5rKEviHV5oSJ4sDbMC1GMzwYw8u1Z2gvi/sP87ncbtSbW6ereAXC/5i7/bkOiyBlwVbNV+YcY6RlHG6DzEO/4Fqx9ET6XJhms1TcNb8Cp/VA7NS79IYbtnnZozefHnZAKQa7k/SR8tUVcVET2LhW6/j4QhxhFsASbws/yaZkEKdQnDqCpDlMkXKWxAt/7wlu/URTKlYTtCV5tvhrDj14Hdvs2CtpbXsYuf9FEn6OkRjFFXtr2c8tlOgh63qLoDfgmc+NlfLmkOGEtfEi9KCt9UY4qBAh2bc0PkkKod5JhMoiBUCwc2H8WlXAeUj2v7UmB5fvaP+IbeNKGf6+v8adVW3m7tckFeARG71QHkv049EKVfNyIP+CvBhEFZwTMNtzYGhr280zpEuvKowVXYlLp9pSBA/3vEIFcsnNzQfg2eFzsETOVtHXd7KnPoRKk29fTXmgIKdMThaSgvs72LoGdiYpYPaVrRKgCeqCah697bsOo6q2gv/jAeofRkcoaUx3sMb8nZJ3fnijr5Z5DFq6PM2VyJy8PlgfoIKO/w1nkQ==
oidc.jwks.key: AgCuYKmdCv3LcmH8zpNAuS5oeHjf/cEmcAlGjRfv2CtfXmlYhcysDLeo2Cyn9kMUEPyRwxhQ/b9G6ZfkfuIh83v4j8PFBitoyaAmDNLmhn/tEjxUG4ddRZ+X1m+Skqs/QyGSt8w4iCBv2tzVV8v9mbbh0GSEk4Nz/tOi8oyUBF/RF0Pgan7JubQ9E7uT2c2rD+hVeWJx9dL6Vv6z/OdbNEjpDvlMNjpQBqMj7H0dMXSnMIxoQHXn2TduI/2qoc84qfNf8diGaG9DN/lrm4rebPwQZvwkidSKEGCCca8ICwXEN2b2q2TijiaVGJPtpd+R9n3BDa8SHi94ptwxuWwHEQBA5QlkK5TMUT8SGLzUIJK5Z/sX7QQcTxxSX2pySA+3eKveBIiHJeLjiuABkioo9uZMoWsp/piwZBQy5xB7yF2WIGz6cAg1Y098Khw8ZYrnYrJSHG35/Ai9270eiJOvdXDvOdiXEbxUhI6EGwypl1E18AevE3Pe6OcthEfwErbYdEevSNSfUNthC6gFh/PM8qCEi9ZpX1IrbDq/4lyPltKNbhev7OJuci2CF4kc/kMu9Swdih2p4UV/FOHk6z0hfpjxuqXBwdQYcNOZvyZgnGNjb0fqtrKN953A8Skb8+g1XeWzOVxRYGLi/M/oUaWiy2ksLgxlEhKgSzlQ2al0qMBTdr+I+W3bm1HjITocnEFHR54x7+i6V9LydtWXqy08xH1p4LXi56+PtoUQ6901nE8vyofVcuoV1tqqrnVv+L7XHqsM2qGgdvsYlYBttt3zBy/JbOTcUhVe0KIjRGtuAF2MPJWSxcyFc0crfC7dYmKllV3sKO+MowyDjDQ7OQ3MxgPufLKMRJUAB1XsX5BUE5HyQketKHE5hYWzLR+PmQPShq6wc/Er36jPBLkGUsNVJhUdPewbEzZEcqeBdDsncXUwZjcjAlclWpM1VYxT71BLBT0SUL6YyoeesW0RZ+LG/reD9klfYQM5vfhXTDax5crOcp5BIo8T7mJEYIFBvUU0ruAi3Ur7GqgSCCE8AAcILTeqex22KP6JcFUB7nzFsn3PlUv1lJ+TJutmUe3aGXjVMQGD2B3s5cMHCcqMD302gj39gLVsCV4gQo2hb+UeZcfz7X2ltJ0H6ch/CHeLZbBQoCreVVDWBcoMl4tncdbrkdFK0Bo1tCjY+MScsYATswn4/fbEIKALBVO4gS/WI4NcbGl6HXyNnJvbYv+6l48EHcTHtMqER1hur7Wkso3YpC5zHx7RVfnuCTXP9kWPcCCr1VMj4Uth86LB5xi4FIs3X8DvoyOTVgUyu4T9tedldhMurOh8qt/kqxdxjKkREFk80sH2kb61xPypY/779hLXG9PeDHLFyETYgdHiJWSv8UhizVVOBErjKUljWZ2y5zZam8DNKI6QRislPE++pYsqQw2Pe0iyjjcSWMAriCVJW1klkgmOkEoweFjD98CIUWJUcJx/as1YOIc+QqtVRKH/1AA/CuPrPJWfPXzGBfNFXveQB/G9lvJ4MNfVLNdAz5kUv6bGnGaAyR2LFTl/ficNZv8IFBQvHi91CLe0PjMoq32SO/wCJMX9f7yESWgFnCWS/HfuzWJR+f30hbsM/JbE8hXQQ8/VPgzgRkaKPz3XW9j4w6Wb2mBX3GAYtRtGUKfWsOJWIOjKDlqd73HiIM31MUsiDMgo4DdSV9ocEuH+Y8EiAgtK8P1nSUp2Y6wRVZ5dMz471GC/qAtZS2eYEYzbe57sX2i+pjmA790O28fZauEipPs4d8tbUyef+wPD+aJLyYLRX+R19IU5y+Hk7VdFoi/o+5roDyqAESYfOKhY2dRV6MjLvgbb0g4spJBPefFppKxEW46pi/zMniqUmel+czm704i9/Hr8LrZHUwHQqPN+iLqLTvQQo9Uj0xNzeM+fF4BG+QpYPPl8hNlRFcz/H486i7z1qIRjDvCHko5nQx6nMjJgY3DVyCV6w92NvWKsuWtJ5S+LyCe3Mt2z3R+l7JVntf0xPcAaUjruEnPC9jkpiD7GtZJaeqqm9X6NwanPrTD9KRw3czDyN00H51tmqut/St0O9ThpCNDDO06TrtvWIGmbO3zuBLawOnYniISNhpwpCO1jfV5J8zg8iv57LclG1O7LcwqAbLg6fdYNRnViIn3FRmwrIunSjcL+KbQP6sPQRHqiRxUbO0jp8v48wfzrxc1V4hzvrzlMQzIFRwqGKRjRaHzsBVjln1Ec8Bbg3bvVVCr60rVNVQEy40ldTz22nNjecAUp88v5DXqslHgwD1jEA7rDAmjAIpdN0fVOZBHKxalXVzq/cYssuAMg8NgJXCoLvi+mZj+iR8LsV4OtrSd8nJSCADrVrLJwccHjRo0GnPBD3jJFchy77gPN+8OnzRXPVVuuMSOjrxfAfrjwCUkj3KybOH3MMLu5NUFz27DcpLRxBqACQOtSOshkuuJuk1FXIexssFMZvO2StYecv5R880WX0LqZwKNTJRqQOXTGaV1VWNEexSu4iegOtaX0UZQNyDyHygNU9JXsve4u/2Sd6VyTy/i69XouFCY21DE/fonqBGuIen+TqxshpPJGy3HZJ7Y044rFCcWyTjzz8XH5s836CUWmwri+DsGeT/L/E3C+zR17ImU1Na4IA8f11ThR5aaomfTEwbNseFr8L51dJrgQl/QgRJrViHwowLDVClCbhszVKFg7i0ERRjSNNxZ9tUluOyCHSeg4wP1DOERumYwj5oV9I0isAOpG5cCDUDMrrZP831YmeUgJsH5aciRZmho9/p+Q0R+s7v0PA2HKtRNOfIm1VWSL7y185LKvYO6DPfZNDnOFobwg9ANP7H7kdE1GOlsnEQYWTFlc8wtRLfENNCHlBUwrIGJUoNPlSHVG3PXGz4vah6wwJD/QBH+9TKtLvdV1+2T4+cdCIn08MbdlHDKvWLraMtmSOTJKNJxtXOuXfdAuGYIoqyc1Em7nbV/Oo4de/n1zWkrwZPeTx7d9D1Io/ana8+2LlJEjrIltr4IzdnuCtImbANCDA45VFmlq87s+2lYdbKDvDMNUviw//s80G3qTT3VpGFnnyEF6TsJzpTJ7PrpE1A0PMufNbg8kJTMBifBU+XzoBDTqBwPzim4VqwazuScOqzwZDTgLdQhGzeo1bKIJKHrLOEgZm1KCp+tjPPhnhK0zIGUjqB+UL2+3IvHDmVr9ly7buGub+kuyBiXnoIr4B6bwa7cpFgNU9zmTng+hFlTDgfSLBlz+69knYDlEpgE6BsVfTcXFpfVgS/eRHH04OrYB0t7kwUD0Ku+Ljpn6nd/x7/gcDOGaiQH7TpW1qKTF8E5+sfbn7f8j6fGYRT7dDQ0n4ljZ8qAYsPw3k+hY1MBIiNqAfQKpwTc88yB6EmB7Ul1N28tsLTuEGCCHtXvhTaQLTFzTVoKdtn5B8eNJDqOdBc5+g0qPgp1W8cVESH9nc80pcGo382GND/QllOEmmaKEasYEzPeMJAcPM4UxMuXF7SnadQweoCTIPXuQyZW+eKlMW4RlC5DHQ1m4NymrN6GFptQtTiG5v182BR2ibp4NogkEyZhHeMCtGXZV6QgGbnoJ24ii0vY4iO/08YgXOxDLcH83vvdiya/WxO/75rRVH052z0doEC4jLUleLEs398o59LBEolHSyPYOemzHLOkSB7w6acxiuujb9nujMuE2im5httFXKhq0cu6ytxlVKtKbVwB1y5lZigpTAh9FZXki8OBNIEa1FwtrYsoLz4hJP2CyRqUrHCY9WmCDTOUFTq7NrltBL2+wFvbPAtJbrzM0ALJYNaOb7J5N8R8sP3voXaL5DEEFoS57+xSvtx+lIOCNweJqzzZMoxZ2p9JL6qaJxG+EJIGTeHhWMxX9UJTJJACgB2W/cZyCaD43E5XIxSC6czgdOgwii27fFAJKJabmj+FsSwYBMiyHiFE=
session.encryption.key: AgB6LuT3btnwlDtP19iS6TAA6hz5t2gtXn93/sKI+ANzRvDtAUEJf934pWS0xhWu8Zfqwe5YuPy6Hb7CYG1Xk76Z3IFAEKcENcAA4Ngl6f80yBPgaL+6pzkeHyouYhpuRFenPoCcoa60OuusnDBUvBO0v6Mtqd39nACDJwdrJH0VzoLiWlMPzNsqJSkX+qNumrFlahqEtpswgoQBFtgljfMh8jCfAiqtwwe4Gx77B3GHNDuRQ7tSKhq5pSPUfDE9i/a1fb5yd1z8mlDkbivb0/yhvBsUi7stV9TE7HpBcsxtd6vSzt+MgXsflFfHZ9HU7oVVS0PuDzeDEXac9r2XDA96eUdhz/9NF3d9BvBMZqsi4YlF9tvsODNR7BofF5axxuRb2sptVwM5HuexXhG6S2PPpjLWi0BnY2P4Y12rXUhtYTisKgk7J1H5kZ1XYdjySFIQpMnWvdQD4TDmvqCi2YbnDts5labuFPQmgdrguRbqb1W94Pwg3SOuhJdsNJkfvXFBOOPf2eJBdGsrv4hOFiWt87pNh5Idzi9DAsV9CHZyLwxchwSpNre3yb1TnrTUE9xuQexY/xviAKAc1XjLsKyapryyAtv1AF6UnZMECDyElyenWblPBlWyOYTAWk8yiYl11C/2cipP6+pv8/XpbHKaQKGVQLIQdixXVGKRZwChTo5b3wliSJD2FXiC7ZkWfjOHlgXa+1DNYEoAlUfIU+IMdTP+x82QIjeYRH5wmhujd0JrYu4AygU1Zg==
storage.encryption.key: AgBOR7VfqNstwSBQ3pZIuHUo6m6bcbqTRluZ+G52d2djiyYm2E6FEfzeNrVgPSyw/9CuWXnzzQRyyGVvwP9FwtF6wWqNByhtY4sHd4xoHLEv3L4ZNRvNCf/iCGw0yI46k7nGifvIGw7BNWMkzGVOY+926aa9CAahxh27nQf0dztuFM3DPX4ASKpJ7c3IRGbMi0x0gPTU+Z1/3JLlhn+WvM95UpbPq75LHSzo4A2YfdluZEOpvvo8M5NnPgvHIvRC3tjZuXsDJwRQhqLVa8oFdrjJ7DvMonScKyv4IF/fttd4K0h+g/WZqCRix1dw/7LburKVicYBLl4IQJDIDORKXIUqU1M7i28UVF6DBe/r6jBTGDJcqv9Zor5hoQHuswyC0p+2+sm0EGUvGJLGJ4aqq5UBSsZyD98vMwGT3H3sofIqESHJo4O6rOSo+NFag2P/E1Ij2PFN2+wJTMRJ467CPnzEC85/mm3Tii+NRRb4CKEuxh+zfmVB/Bpny+7zjL7atS3BFR95PbI1jM5yI4uu1uHaVJaXjI3nQKYKjYetS3POOdxae5YRs8CywtZWkv+wUnlbPlzB7XRObQ2yzwNj8tZL8/846TykafDsvPB51B4wAnY8w1LaxNYBTZHQGco/rO7fUNEbuwPyDcbDtUaNxbUD7Yfu1pUY2fay0YtTLDlm1FEZePm9LLKQVj2K703Hu4YA2F/wKhcWKfjtijaC6z8KTaPQiVpjhA==
template:
metadata:
creationTimestamp: null
name: authelia-internal
namespace: authelia
type: Opaque

2
infrastructure/authelia/authelia-ldap.sealedsecret.yaml
View File

File diff suppressed because one or more lines are too long

9
infrastructure/authelia/authelia-oidc.sealedsecret.yaml
View File

File diff suppressed because one or more lines are too long

2
infrastructure/authelia/authelia-smtp.sealedsecret.yaml
View File

@@ -7,7 +7,7 @@ metadata:
namespace: authelia
spec:
encryptedData:
smtp.yml: AgAHiNwse+aFYVoun500VoUTUKg22yDSn+cD9pLO4HKG26nqmOxkiTSi5BELpzWouqHXiHNwYLEKPv13ZFJX6AFfFskspBfe+svLvLSzEvtH8kNCSJar0G5jcACEk27xcCxTN0nhmjc6L9lmZF8UUth7l5Mrsl0EG+79pCNYhUtjy16g7HdbmYgmgrY6d7VWCen2R4HZK4A9zPx+8HEsoMzUD0mG+uKKKfmqYaxJ563Gzp7trDcQRXd4tmea9MM8t+bk9TYCDvBj9JbsNuIdzFk8MArlvlesDYqiJj/8wny49NoVyX8vvGVDF3Y5s+OmKA9+MoBIYNc4oT4FLcc14wpnMnk5WgbKtTYfExcGTdTWuTTVWPsF18dvbKTU3C6dnf2kh9T8CydIdu27jwrBbChWffxNbh5nlLlQT3Xvogai8o6qhMn+EqTnw/u93OIxNzPEooVP349VVW/mlhGX3od/IlVzXiIlQIxL5EP2pRCXL2T1KONvkpbClJ/BTuwfjRZTXz3ZaRhaTPdBAZ+bpkRkt+kEAecjqaf9EF+pHy+dOaR4tIrwBWBbrAy47iV4e/Q60B97bRHzgo9N1uaYonGmyzmyVc9TXIkhf7PIlu/cSyDaHKdobVx0AA0p2usi5D1QYMcS9fngXyM1U9imO6QiYopysxQ9gJL8rfuySRJ/YQ6JJ71fLdMxsiQ0r21D7v7LEdJK5SKLovpnmPgk4PBoL9E4ZPE6g5zRXZFj1IxpKkOqRMpyBzBvas9Q1OFFs0Y79kGtyWIXb7Z2HGYmMU1us9Pm95xVF/V34sAtMIEz7qi+SaXQHFvyqbaiJ48U8qHhHL5y+lt9e8PGmQo0tRWfHMejs5BCcFAEZKDiif6zUEsjV/WC9WKO9NUjvRiu0CYCq5z9QzKaZQqWo0LPeM6DMY8pT3w4OqpJ/OLyMfbdoWT/uQ1JW5npApGifL0lhWRIkQHCG7oZA/BkJfbiexV8jwtToS+UX/s9HkbkuQ/O4zDte8qg/Xzh5TOj5AxlAPN6wGCwd6t1RTSITSKVMnTpFabkEvPYnGeiyWU8TrckvaKmhRUNoj2ZWQCCffHKp/bimEHxRqFnW6B+cu35reTjFc2dqp12EhCBR727G0EARx3Gt/LSdPh8OYt+Bs0rLaHiUrCJh4HRBJPmg0PARVwDL7OWx6pwtclnrALmfELKKaopy6yFctDogOtkvxHbL8DNhJqNuQJo6ttzlHhz4bnQcWb2K92HIw==
smtp.yml: AgCfZqHvV3N/S7C3BCeBZv5erYNnbc3yuhYswXBxJUmvfWt/oyEi0VM9830cV740zF532ZteMaEC47Yer1dm1zwBb8degsSPOnivTU3HVN1MQKMxB0T9roN7ytXnS48dIVLlZAy5/7AqU/+F081zJeGW/8lsQKJ7QVa3zG7BDGJmaExxttrB5ZsSiVmFldSQap1FNIcPFU1O4N1w59r29IsUNbOVpnb4NqONBBh7Lt/RoUwYVmdMT8OxOAtgovft1z+KuZN2ZnvBlm3EgY70wAWTs/tSmZLWuDGa8yo0M6LPIjO9zlc+l1YuI25AqGHDuhGU+H+gQWZhtIglwKHtU8oUuDchWxQpb4tJSokpyegkWrpty8vBEEGK9CtLk13EmPUHTPicv9XYgwxvROeXB7+6/gQC8Yc/PzjjZwSrNo8SC/rF4VJY9jXMJ2nS7UkubcfdOY/bKhu1jZENrav7Zd/z5hiy2stg2LFJ2rnzIrSKeYWN3ygR24KRGh/7Bpwz6LhCkPdrfJJyymA+Azwq06CoyyPTLkYRMpTdkzx8zLNCvfQfmEKYRxRcXVBDfSr/Wn/9QNmCAG/rp1Ep23xRYegQRTUyGD2JVVSjE0WcMRRnqb70IYfEPk4w5TS14RcO2/59Lvs+1mF8g9JfLhrxOjLDAvnSKjN5KZ3PgLdpqbkcVjUb0Hs18SAilmZhs5cQtNR++LqYePIe1r7R3V9IPIvPudCs7/2BrLLpuREhTdQIiA3catZ6kLZgHuh/KswFEDAcZ1NisSNvZZLAKTHupIe7XjBp+0zGHLZ7hgbA/Ojf4e6M4RLjqR41Uix+stkKuwWwdoXs/YAf2GUl6+4fb/8iPVUwPA7XHf92ALxv5neNEDlo4awXvuBQG8XdmaCqkYXBe1GE+vgmzfQhr1gjcO1VxvpsAJXT9/Ak1whQbs8kLfwxDfGp3CYQxx+eaxxm4Q2xumeQYXHFyhNZ5d5XOpmlx9EovRwM/uGoZdslykZ27ZbKRMYcqwhJ16CS/y5ptMcEbB1RkqodM55UCslR/fo+9aJejX0x8V91U2bm8eFrDFhFJsM6Z6oClxOXeAbSoE8m4KclRWTtF4+CIXq+qszdWzwqrHBWvKAtVwGo3L08Sxw24ajT9Rw1Ay2kvb4xO2SVzIRhHdzIFpF6iSiDqBJsSH7SL0kP1C07j3vl95qZBp01BW8BUnVxFyqOVMvVnXMaNQZdFrsq4MVEsxDftgciF9oE8rVv4Q==
template:
metadata:
creationTimestamp: null

280
infrastructure/authelia/authelia.values.yaml
View File

@@ -1,4 +1,3 @@
ingress:
enabled: false
@@ -6,80 +5,255 @@ ingress:
pod:
kind: 'Deployment'
replicas: 1
extraVolumes:
- name: config-ldap
secret:
secretName: authelia-ldap
- name: config-oidc
secret:
secretName: authelia-oidc
- name: config-smtp
secret:
secretName: authelia-smtp
extraVolumeMounts:
- name: config-ldap
mountPath: /extra-config/ldap.yml
readOnly: true
- name: config-oidc
mountPath: /extra-config/oidc.yml
readOnly: true
- name: config-smtp
mountPath: /extra-config/smtp.yml
readOnly: true
##
## Authelia Config Map Generator
##
configMap:
# Enable the configMap source for the Authelia config.
# If this is false you need to provide a volumeMount via PV/PVC or other means that mounts to /config.
disabled: false
key: 'configuration.yml'
# do not use a pre-existing configMap
# BUT, include sub-maps wich OVERRIDE the values generated by the helm chart
key: 'configuration.yaml'
# include sub-maps wich OVERRIDE the values generated by the helm chart
extraConfigs:
- /extra-config/ldap.yml
- /extra-config/oidc.yml
- /extra-config/smtp.yml
- /secrets/authelia-smtp/smtp.yml
# many of the values remain default from the helm chart
authentication_backend:
ldap:
enabled: true
implementation: 'custom'
address: 'ldap://lldap:3890'
base_dn: 'DC=moll,DC=re'
additional_users_dn: 'OU=people'
users_filter: "(&({username_attribute}={input})(objectClass=person))"
additional_groups_dn: 'OU=groups'
groups_filter: "(member={dn})"
## The username of the admin user.
user: 'uid=authelia,ou=people,dc=moll,dc=re'
password:
# ## Disables this secret and leaves configuring it entirely up to you.
# disabled: false
# ## The secret name. The ~ name is special as it is the secret we generate either automatically or via the
# ## secret_value option below.
# secret_name: ~
# ## The value of a generated secret when using the ~ secret_name.
# value: ''
# ## The path to the secret. If it has a '/' prefix it's assumed to be an absolute path within the pod. Otherwise
# ## it uses the format '{mountPath}/{secret_name}/{path}' where '{mountPath}' refers to the 'secret.mountPath'
# ## value, '{secret_name}' is the secret_name above, and '{path}' is this value.
path: 'authentication.ldap.password.txt'
secret_name: authelia-ldap
attributes:
display_name: displayName
username: uid
group_name: cn
mail: mail
file:
enabled: false
session:
inactivity: '2d'
expiration: '7d'
remember_me: '1M'
cookies:
- name: authelia_session
domain: auth.kluster.moll.re
encryption_key:
secret_name: authelia-internal
storage:
encryption_key:
value: 'authelia-encryption-key'
secret_name: authelia-internal
local:
enabled: true
file: /config/db.sqlite3
##
## Authelia Secret Configuration.
##
secret:
disabled: false
existingSecret: ''
identity_validation:
reset_password:
secret:
secret_name: authelia-internal
path: 'identity_validation.reset_password.jwt.hmac.key'
certificates:
# don't use the pre-existing secret
existingSecret: ''
identity_providers:
oidc:
enabled: true
hmac_secret:
secret_name: authelia-internal
path: 'identity_providers.oidc.hmac.key'
# lifespans:
# access_token: '1 hour'
# authorize_code: '1 minute'
# id_token: '1 hour'
# refresh_token: '1 hour and 30 minutes'
jwks:
- algorithm: 'RS256'
key:
path: '/secrets/authelia-internal/oidc.jwks.key'
cors:
allowed_origins_from_client_redirect_uris: true
clients:
- client_id: 'grafana'
client_name: 'Grafana'
client_secret:
path: '/secrets/authelia-oidc/client.grafana'
public: false
authorization_policy: 'one_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://grafana.kluster.moll.re/login/generic_oauth'
scopes:
- 'openid'
- 'profile'
- 'groups'
- 'email'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
consent_mode: 'implicit'
- client_id: 'recipes'
client_name: 'Recipes'
client_secret:
path: '/secrets/authelia-oidc/client.recipes'
public: false
authorization_policy: 'one_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://recipes.kluster.moll.re/login'
scopes:
- 'openid'
- 'email'
- 'profile'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
consent_mode: 'implicit'
- client_id: 'gitea'
client_name: 'Gitea'
client_secret:
path: '/secrets/authelia-oidc/client.gitea'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://git.kluster.moll.re/user/oauth2/authelia/callback'
scopes:
- 'openid'
- 'email'
- 'profile'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
consent_mode: 'implicit'
- client_id: 'argocd'
client_name: 'Argo CD'
client_secret:
path: '/secrets/authelia-oidc/client.argocd'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://argocd.kluster.moll.re/auth/callback'
scopes:
- 'openid'
- 'groups'
- 'email'
- 'profile'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
consent_mode: 'implicit'
- client_id: 'paperless'
client_name: 'Paperless'
client_secret:
path: '/secrets/authelia-oidc/client.paperless'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://paperless.kluster.moll.re/accounts/oidc/authelia/login/callback/'
scopes:
- 'openid'
- 'profile'
- 'email'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
consent_mode: 'implicit'
- client_id: 'linkding'
client_name: 'LinkDing'
client_secret:
path: '/secrets/authelia-oidc/client.linkding'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://linkding.kluster.moll.re/oidc/callback/'
scopes:
- 'openid'
- 'groups'
- 'email'
- 'profile'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
consent_mode: 'implicit'
- client_id: 'todos'
client_name: 'Todos'
client_secret:
path: '/secrets/authelia-oidc/client.todos'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://todos.kluster.moll.re/auth/openid/authelia'
scopes:
- 'openid'
- 'groups'
- 'email'
- 'profile'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
consent_mode: 'implicit'
- client_id: 'kitchenowl'
client_name: 'KitchenOwl'
client_secret:
path: '/secrets/authelia-oidc/client.kitchenowl'
public: false
token_endpoint_auth_method: 'client_secret_post'
authorization_policy: 'one_factor'
redirect_uris:
- 'https://kitchen.kluster.moll.re/signin/redirect'
- kitchenowl:///signin/redirect
# mobile app as well
scopes:
- openid
- email
- profile
# notifier
# is set through a secret
##
## Authelia Persistence Configuration.
##
## Useful in scenarios where you need persistent storage.
## Auth Provider Use Case: file; we recommend you use the ldap provider instead.
## Storage Provider Use Case: local; we recommend you use the mysql/mariadb or postgres provider instead.
## Configuration Use Case: when you want to manually configure the configuration entirely (set configMap.enabled = false).
##
persistence:
enabled: true
storageClass: 'nfs-client'
secret:
mountPath: '/secrets'
additionalSecrets:
# the oidc client secrets referenced in the oidc config
authelia-oidc: {}
authelia-internal: {}
authelia-ldap: {}
authelia-smtp: {}

3
infrastructure/authelia/kustomization.yaml
View File

@@ -14,6 +14,7 @@ resources:
- authelia-ldap.sealedsecret.yaml
- authelia-oidc.sealedsecret.yaml
- authelia-smtp.sealedsecret.yaml
- authelia-internal.sealedsecret.yaml
- ingress.yaml
@@ -26,6 +27,6 @@ images:
helmCharts:
- name: authelia
releaseName: authelia
version: 0.9.9
version: 0.10.6
repo: https://charts.authelia.com
valuesFile: authelia.values.yaml

0
infrastructure/authelia/lldap.ingress.yaml
View File

4
infrastructure/external-dns/kustomization.yaml
View File

@@ -11,8 +11,8 @@ resources:
images:
- name: octodns
newName: octodns/octodns # has all plugins
newTag: "2024.09"
newTag: "2025.04"
- name: git
newName: alpine/git
newTag: "v2.45.2"
newTag: "v2.47.2"

13
infrastructure/gitea/gitea.values.yaml
View File

@@ -1,3 +1,6 @@
strategy:
type: Recreate
## @section Service
service:
@@ -56,7 +59,8 @@ ingress:
resources:
limits:
cpu: 1
memory: 1Gi
memory: 5Gi
# high memory should be allowed to handle package uploads
requests:
cpu: 100m
memory: 128Mi
@@ -96,6 +100,7 @@ gitea:
email: "gitea@delete.me"
metrics:
# service monitor is configured manually
enabled: true
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
@@ -116,6 +121,10 @@ gitea:
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: false
service:
DISABLE_REGISTRATION: true
oauth2_client:
ENABLE_AUTO_REGISTRATION: true
oauth:
- name: authelia
@@ -125,7 +134,9 @@ gitea:
existingSecret: gitea-oauth
required-claim-name: groups
required-claim-value: gitea
group-claim-name: groups
admin-group: apps_admin
# since we want to reuse the postgres secret, we cannot directly use it in

2
infrastructure/gitea/kustomization.yaml
View File

@@ -23,6 +23,6 @@ helmCharts:
- name: gitea
namespace: gitea # needs to be set explicitly for svc to be referenced correctly
releaseName: gitea
version: 10.4.1
version: 11.0.1
valuesFile: gitea.values.yaml
repo: https://dl.gitea.io/charts/

6
infrastructure/gitea/postgres-password.sealedsecret.yaml
View File

@@ -7,9 +7,9 @@ metadata:
namespace: gitea
spec:
encryptedData:
database: AgB8FeAX7Dx/SO/deoqeIRNPMe7DwgKtwFznjntm9TNnEJQDLVVu+D80eolcrTTOhlZJZgtKvpM9xgw7DLtKG+ARACaPYgaMW2m4V/B87Z3xAU0DCF16sv9LVIfNA8KyQZWYthEcWLpqoB0zVFBrb2PxI8QIV22QkNG4oITMCv/Xjf7P+pTa6iWWSLdPcR2tQVfkHsdWWJvtLcrLkI7i+sWjQOW8tgV8QAcQr5JcxEjSgb3X1J3R1EEVHsPAqQcdpUB7eQ7T9SbIaIpTXw05Tant42GMgALVx2J5TAzqLPdaVaUlKVRoN26eVthYhY9qKbskXkXZp/0Sa/RxXoVHt1jMyZFicMzp5w5yC3DZd9gTtsZOrn21NS1QAVh6twB2bxtf7EHjpS5AyvhaF9qbbGkZtUh4IhFSOpd6bMGZLZqQMcH+Ih9b+jv0j3cLBLY0Bzsj4u5yLvoqhOBcxLoVnW3N3x248y3ZUWkO7hPwP+Lo5FOX/cmK9VHvn5ZhNWNNO9xv0LYSzhqnAvVyTgvAGLDTrZbnp36Q+JkqlhrhFQoQkXRQ2HHNU5CC+o59OL0RnshJg4UUed1ETmOPCJmcPZdKNvfUiW1PUB2AwDeWhRyN6wjwzreioSN6qHrxctXpEQohTwzGeG+rgG0tj9V3yHn1Er1j0pR6S9VJBkaQ0qnaInSthxSC5MkXTKXFmW8YfHQqXKmQcQ==
password: AgB+i/mSHnQJnBpRu1cGwKzqrqoSzKfbGkxWTv57ozmiVkEendzudwKu+3MJQh9fHrBwUa0Cu2OqIzGqMQIwDKC5+LDiYAnDOfacu/VBX6mWVABIeg8fqU/PRqym/sGxJtcmwPdo8H8zJm+/vyPpLv4dkYYjHFkAhF3QShq1qMhfeaB/vd6ZNjQEfvCWX14V2F/RTq8skuwQkVQJoz9OsaF+KiTmKC7R1aeZaTUUCFIWGGIq9V2k3O7VAITGJanAT5IYo+epQf2HLsC2xyIUs9prk1rF0yUishgc2bsb4joPULl/G2VUgafH9SKQ37TFqZi2z20gVutrkLyuCMk25tW7m+z4+YCC/dJ9aW/31sFUwSnVhdYh6gwsnNP5GzSguAoOq+6izVD8hV2QzfdIYPrIZyADI7HY9o4LK8YuRS5KgJdaCU3kWYY+tVTSvkGFCWu5q/pBihBG2bN83asTHZcnkocMEvCaTsbPq2CN8/WCRZJs84M6CEzCioNmuGAmUU+fEF/MVEZtTI+6yCrJkOEHdVywtdLufNPGFut97XF+YvJZ1UZ6AW546JGmlmEMFukNHi1XDBm/mWL8e1H6xwLe6I9rwL6YTDrji3IixdERS+a6tq2vcksU5EjW9x9WYt6ctZD/cfhEFAvpssJLCs2vmjNgMhmilPoTppvXyUYnE4bCZuVFRrO/a+ogjXUU2nkqnyKQsA==
username: AgCS0tZPssPP8LFwMdTWrXd64oYKb/vmEH8ir+fnc7MgnPkW9kop+hF2X7/KIWTVNe1MAkreW40DxZ6/T4UO7gGTGv52BItcQp87Rr+RMZ5Y720bhivBC33zmDXlWR7TQDMqo733cdcWRnMDvCSvzKV1Mn18iF0VqhOlDZITcyConmKIWcuzzElt90iYtC9o3UIYw6crBD6l9ikrFwU1wH9mL+FdvM8fWG83qkbJGoaqjxj5FEgMXwXFUWVzUqC8dEe8wiHcyq7eeFpyXrF7/WtAiZOwPBy6EG4zFQoRSihR+qme+pZdXP+fHVzGrcBsMxjW4l16R1MmyS9PLpA3r+LdX81K7XHPEctNihrV4U1Dmb2fkANcP2SV95Moftb160WRkfR1cElHxOJs0kaKbZ0P4k74U2UFaZSVIEw85fYm1TE0C5qnpFKktOhOhSKcia+XGG58TQLuosQCYH+P1OZ1LbFfj9O/NBmqWnH2dBIRCC5Ba6b+nNpOQaSztMeEOCSCdYmglS9MmP34zzFjusZ8hAj7ebe25gCo1UCSxYR/xEjrGQsyXY9VB9IPjVO8F7Ms9ex3KITYoib5HcMFCvDUOKl3SOmsJmzf/ahufHXRr/NdPFAoqLU6sehcNAx8LKp/795h3N3PBqol/y9Kv4xbAquz8/qY0giHJfaWcKP/LuVZ81s6MvQlnqn/UWXWzQgNo/RbZw==
database: AgDONZUiFyHQLH3lq7vBovX5fqIDdxViQr8PFAh3hnHM8PqJpZ5MCkBL65hVuKmQ6EgrMj+0smPbfk9Rfwq42wFw+i2cgTgN69G9iMwp47+ng5GADPiQ2tIJQNFfqz9VQP0mmu9VXnckoBU0HXQmV21jkK2AKk5YHVLmIhu++1g8LjjYSBMP8iYiritOuyHbOn8OP26FmqBvnTCGg4pFzd/WIhsj7Zz9BeP+AOP/BTA+VZCOqBJJDzztHp9xYamcWslDX2snQG1Iw/rs4zyBVx+sWWPJgkiLmY1aRDnVYmwkh9RC81usrtrC9FZ6VYoxsufGj+Ie25hbbUukqKFuwk3V0dbZTRGa+4xHr7535fDYSxFm8/dkAyh8yM03VUy/2dhrtv9qWM1Yu50tcEoe/YoBdwItyNk/AELjfCvfXzwDttzsl85QVtSil+V6WRhpiQlH5EGhqSMzH9eduAddMrIEMQiSqn9J/vME5j7fJhgFs0bP7kqB9UKT6yTIU8QchRRUUYZwEFevLox01dRtJDoa8DVuO1G2LDZVUEoHrfEvFwzRGhuBH9B2yXAZLXgXbOreoiPi76xI0fw9VNXJ90KYcpwuMv8MykdNWQLsyCraf/WJIXMpm+UEVMqArJnscky0K1YHX6eQeQx0BU5hEeIAZucOwimSv2jJLqlBK/heiMgfp0pWu2lIu+tQ4AarkFsWNdbiBA==
password: AgAp0473gvkk/8OFkxg59+LArAD7v8rRryOuYnScxkhJxSngXnnLXYr2iaeOMgjWryOPtWEWa0F6+hDaTtsp+vhg0X8rtdvyonV/I/I/K5rV70N/bao+kIf5LfcntZ6RjGaQtaeHjh15tY3LxmJ3PdJpDcLJXn1+iBsfTnEEsBFDKolD2RcXwH+74feX+Q8bG7KkAo4r0OfEaO/KC2FCC8vg/AHgzNUFL08mnK7DPgNjgNc3MYk/+Ey91LfvMD9NfuO1xrlsV6gy12gVwZV14kfAqHL4DvifmaHY14hScJC3tK6HqmSitKmNRcJZ3Ad2y7rS63X6DeaXmKFpDDYk69ubfVWBT5CWaBHfYHCWJqJITtoJq4PdLp7xRchRrZblqLUKnTrs8Dmry4qapa/uAma4k84ZSnFl6XeM8n8ZYpx3Tx91fwsYLCWiGX7AblFsEmzsT7jf0wTri7HYyNcF1s5YhL59ZO7iGzruAJRDA4BMrXWFrNjsDQrCR4FTYDIr4cR05mi9nPd2C5dAzZtARpBQZgr/lruE3GKgalYF0oxIJGYKcDbCO5pntAPpL/7rbhdjVtvpUg2d+wJYkVIn6zTaOmr0TCnMOzFPzwwbxrr7U8opfYcjep2XeVOfHKfitrgKwFCwO/CsbP+ao0b6PT7K9KGqrI5lVrEAO+pOU6s3Omgm3AJGzGEIzIXCnkeD2dYsRrfyHM0zQ23+iUyUk8x3XIItFe7cq34X935y+bbViqAQ
username: AgBInyjzij13Ea3HB2CPXENjd6g5dJ3j3p3hgbO7oT5ld/GFgcwgjkduq5D8edouDzKEcoPMrAAS0XX46d9l618ZMxxKGdNq+Yw8intpziaI5AB9xDPesP5+mjXw08Clf5GfTMQW9SqYbNVm+GGwIKo05P3Z+cLtv8l8jqqJbMmEMQ9Ir/gRgPVbpPKFC4zX4BTuIKpaRrPiyraD2hmGXrvDaFBIt8lSmLyEh3UclW5cTBJQIRnstBv8mbIRDf4zS/bJtQPknncVASBVVHynEauMTqd4+sPdG/8y7KYsrH3rfrXWLEecmiu9E7mgxw7M6qur8qoi88KX3Ydjngy56mj3nQQ8k1knc8I50cg6yT42Z6vaKeAoqtDzkxEvOlIzXZVwikPAuIf7B7VPZSE6qz7Xgo4QQ5FGONE5JnFGLosqSqEMnBtOXEZgHCrOerJo2f3Mw1fkaJ2OLnd93w97IODIM3LU8bVsRFbjiRYPbZiM2H5f6Rnsw3M7/qlkdmXyda4xnOeSp3i39UfSrtIAJO8HPo9lk+ANOBO7Q8SBAkFXH8V2Hva4NSKtPwmBZjtOGeUDB7Nfv2KT4jvQRBdlpfLtDMDzBmq2sL7ua2Uq5u6FDy0tAmWeU4m3GGSNlheVQZSfAW3+icvs/WlqotAloTy12Dq/H6DgcRI0W2V0bRxoIQ3z6N+cAHbL892g8wdPUFu9mSBZhA==
template:
metadata:
creationTimestamp: null

2
infrastructure/gitea/postgres.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: gitea-postgres
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:11
imageName: ghcr.io/cloudnative-pg/postgresql:16
bootstrap:
initdb:
owner: gitea

2
infrastructure/metallb-system/kustomization.yaml
View File

@@ -10,6 +10,6 @@ namespace: metallb-system
helmCharts:
- name: metallb
repo: https://metallb.github.io/metallb
version: 0.14.8
version: 0.14.9
releaseName: metallb
valuesFile: values.yaml

33
infrastructure/monitoring/kustomization.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
resources:
- namespace.yaml
# prometheus-operator crds
- https://github.com/prometheus-operator/prometheus-operator?ref=v0.82.0
# single prometheus instance with a thanos sidecar
- prometheus.yaml
- thanos-store.statefulset.yaml
- thanos-query.deployment.yaml
- thanos-objstore-config.sealedsecret.yaml
images:
- name: thanos
newName: quay.io/thanos/thanos
newTag: v0.38.0
helmCharts:
- name: loki
releaseName: loki
repo: https://grafana.github.io/helm-charts
version: 6.29.0
valuesFile: loki.values.yaml
- name: prometheus-node-exporter
releaseName: prometheus-node-exporter
repo: https://prometheus-community.github.io/helm-charts
version: 4.45.3
valuesFile: prometheus-node-exporter.values.yaml

86
infrastructure/monitoring/loki.values.yaml Normal file
View File

@@ -0,0 +1,86 @@
loki:
commonConfig:
replication_factor: 1
schemaConfig:
configs:
- from: "2024-04-01"
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: loki_index_
period: 24h
auth_enabled: false
pattern_ingester:
enabled: true
limits_config:
allow_structured_metadata: true
volume_enabled: true
retention_period: 672h # 28 days retention
ruler:
enable_api: true
storage:
bucketNames:
# don't care since we use the filesystem
chunks: NOTUSED
ruler: NOTUSED
admin: NOTUSED
type: filesystem
filesystem:
chunks_directory: /var/loki/chunks
rules_directory: /var/loki/rules
admin_api_directory: /var/loki/admin
minio:
enabled: false
deploymentMode: SingleBinary
singleBinary:
replicas: 1
persistence:
# -- Enable StatefulSetAutoDeletePVC feature
enableStatefulSetAutoDeletePVC: true
# -- Enable persistent disk
enabled: true
# -- Size of persistent disk
size: 10Gi
# -- Storage class to be used.
# If defined, storageClassName: <storageClass>.
# If set to "-", storageClassName: "", which disables dynamic provisioning.
# If empty or set to null, no storageClassName spec is
# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
storageClass: nfs-client
# -- Section for configuring optional Helm test
helm:
enabled: false
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0

6
infrastructure/monitoring/namespace.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder
labels:
pod-security.kubernetes.io/enforce: privileged

18
infrastructure/monitoring/prometheus-node-exporter.values.yaml Normal file
View File

@@ -0,0 +1,18 @@
prometheus:
monitor:
enabled: true
jobLabel: "node-exporter"
selectorOverride:
app.kubernetes.io/name: prometheus-node-exporter
app.kubernetes.io/part-of: prometheus-node-exporter
resources:
limits:
cpu: 200m
memory: 50Mi
requests:
cpu: 100m
memory: 30Mi

2
infrastructure/prometheus/prometheus.yaml → infrastructure/monitoring/prometheus.yaml
View File

@@ -39,7 +39,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: prometheus
namespace: prometheus # needs to be the same as in the kustomization.yaml
namespace: monitoring # needs to be the same as in the kustomization.yaml
---
apiVersion: monitoring.coreos.com/v1
kind: Prometheus

16
infrastructure/monitoring/thanos-objstore-config.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: thanos-objstore-config
namespace: monitoring
spec:
encryptedData:
thanos.yaml: AgAqlul2V1idfgbWvq/0ljSFlxOOsQmwlGd+jRvDDyi1nlR8woHrp7lW6AxJ/8mBtb5htCuJzLgx+HVrN/EN+fRn5xG3D5+8xs4jWBOQ49MgLSAjJavFPcVY5xiBpGaw/N8aotlbfv6Wa2/+cmiAzVDPwnOj5zCS/EU58Tu2YFeVSbMUlu0NFAeyBW0DVT2enuVLToP4Ge4T0U9F99NHOh2zlVG82iI+4RxCu/WBkOU/urVleGwCYkcr/ItmXiwRXbwnWUtEUf28Q4ArpuZXFkKZUMoIwOjkXgOn/ySBLVvf0yy1+WOcYAIX9ouxu6i4T1GAZO9RnKeMJOIyebI3EOMA2dxQFpQg2/XhhHz2Ds2oDX/yr7vXbZJGyiCvTnnFUvFALKWIjRXXWphdqHDk6iP8tFIKVFsn7UxgMVFRcs6DmcMpBgFOcjpHr4HFZap5G9hI3cscmkNfwU+JOXkDEGRpZkkECza4wlQln8Wptq1qa+I+DSclqLOcvoEvNCJCIIgh5tINJ0KiZcrBvymUZZ9VduH4TFHR/UQK7M7It892TDNUlIp2UDWiuQ2DJysOJXmvSiNo8PGWSyDJwKJPhaWqXz9RUsb4D8gq/a+0qC7DOICrJEUj7WL8dwaKoQa32Cf+wopwrjFWSE7pAfiBJo+Dqa9jHIDv2hVsdU8NXqiFK35XHyUT4i0KWc+UZg4ObotGxYMvRtJuc3S7ZGTJ4YKDP5iThuNSuNd1pd1YjirpvVtL2o5BYh2i55F3DfVREofYpBCjK1e43mHOwEUYZ7Ff6p1+S0PXZnkL53xHMiiW3yr0v1g2ZYk7vzkENb9epzm24fNX/4ZiJdb0glEJmB674bgDSeh9PA5q8nJIKk6vsbrzfaAYWIn5Ai9MPbAVfg9pPkMyy9ydd+SqecujkWm++4dHqB1WJUg=
template:
metadata:
creationTimestamp: null
name: thanos-objstore-config
namespace: monitoring
type: Opaque

0
infrastructure/prometheus/thanos-query.deployment.yaml → infrastructure/monitoring/thanos-query.deployment.yaml
View File

0
infrastructure/prometheus/thanos-store.statefulset.yaml → infrastructure/monitoring/thanos-store.statefulset.yaml
View File

22
infrastructure/pg-ha/README.md
View File

@@ -1,3 +1,23 @@
# Rebuilding the kluster
When rebuilding the kluster from scratch, the CNPG containers
When rebuilding the kluster from scratch, the CNPG containers will be considered as new and will be set up according to their `initdb` config.
Since most of the clusters here are formally defined as a fresh clusters, the following will happen:
- in the relevant PVC the `pgdata` folder will be renamed to `pgdata-old`
- a fresh `pgdata` folder will be created
- a database with RBAC as defined in the `initdb` config will be created
This is problematic since the PVC content is the actual state of the database in the present setup. In order to get back to a functional state, some manual intervention is therefore required.
1. Bootstrap the kubernetes cluster
2. Wait for the CNPG containers to be up and running - they will be setup fresh at this point
3. follow the procedure from [https://cloudnative-pg.io/documentation/1.20/declarative_hibernation/](https://cloudnative-pg.io/documentation/1.20/declarative_hibernation/):
- hibernate the postgresql cluster
- wait for the pod to be shut down
- copy the `pgdata-old` content to the `pgdata` folder
- de-hibernate the postgresql cluster
4. The database should now be in a functional state
Also see https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#preserving-changes-made-to-an-applications-annotations-and-labels

2
infrastructure/pg-ha/kustomization.yaml
View File

@@ -9,6 +9,6 @@ namespace: pg-ha
helmCharts:
- name: cloudnative-pg
releaseName: pg-controller
version: 0.22.0
version: 0.23.2
valuesFile: values.yaml
repo: https://cloudnative-pg.io/charts/

20
infrastructure/prometheus/kustomization.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: prometheus
resources:
- namespace.yaml
# prometheus-operator crds
- https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.70.0/bundle.yaml
- prometheus.yaml
- thanos-objstore-config.sealedsecret.yaml
# thanos deployment from kube-thanos project
- thanos-store.statefulset.yaml
- thanos-query.deployment.yaml
images:
- name: thanos
newName: quay.io/thanos/thanos
newTag: v0.36.1

16
infrastructure/prometheus/thanos-objstore-config.sealedsecret.yaml
View File

@@ -1,16 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: thanos-objstore-config
namespace: prometheus
spec:
encryptedData:
thanos.yaml: AgByW/LKzPh0QeNsHR8Us4bJ/0chIQErhfh5plY1tjqiZyNLlxZ+NygYYzVggW02k4gAsKs68trbLBbeTTEhpKYP8hUphNb13lrgp07wYpOQjUF57i6RjPM2QNJpO0qLSk/nOPIOtR3XKn+nXxdJDmh3j5y0zxVz5O7MLh7adwOaHlyWTLMJjI1cda8YljDp2FYs24lHHMw4gXAYUecGDJNQqw5Xy9IiGh8kBbcKe3j6bVCj1yxPbHszmvZ2s+Q+mnndXnoeLMhwjZhMF8/PETxmSZ2bs41k3lHm/2rcPQCJsl9CuJEGKhu6ndKrVhtury4/US/FheEOoGF0YZk/AQMHII/mxy8haPNxtQTDs4rfYz/BA8cMMZll44wxOY9gAOmhm3sG6GI9wcB1Z65p98xSuDaInknO80l07vwMAAvmrZbT53Fmefrxl+jE1pImcGEsL0MfP621nTXlOBW9keF+6aUOubrwjPKKSXdqZU21acNbaIeRQSJyaOBStAKLfnPFmaryGisgNu0hCk/WmszZ0/s/ilvdMdAD6kKoiKL/NWfXtHATh/fnd76bKfSzNQk6e+WWfomToYVU0HRgAaWnIzjB9Q4tjxkbRwteEodU+K1BvD4xQ0sfQB2vHlDjQGC3pjIUFCWG0SzQGb7oe6+X2CJpcNIBHwF661iELJpJkg8dLsPtwb+8Rj6BL+ZtyVKYv18nDNON0WVpwJb/IHHSmxfYD5b/q6fATCFj55IXK5Nr4VO65a2Sv5Iv0/TTUVkwb8dkMmwfs5qcQiZ4oKWx8Ol6GkjDZrFARUtHQ/9KiZ9xDj3tPic2TeQfKr27sgc4lEL8RSxaRKHkkxIAioea3YgFfBm7ZfoxMlzJnQ1vI2vDvJcRXhWKSGdXiKOddwLSVMZFsSRRi9AxH87Sjt7j1wvsA7xgBqc=
template:
metadata:
creationTimestamp: null
name: thanos-objstore-config
namespace: prometheus
type: Opaque

Some files were not shown because too many files have changed in this diff Show More