From f3d5a7cff3c217c2b644ecd74829a1a5df3031a6 Mon Sep 17 00:00:00 2001 From: vhaudiquet Date: Mon, 15 Sep 2025 23:52:33 +0200 Subject: [PATCH] Updated values to change cluster domain to .lan Commited previous changes on docker stack: gitea actions, dependabot --- .github/dependabot.yml | 2 + docker/gitea-actions/docker-compose.yml | 6 +++ kubernetes/code/gitea/values.yaml | 48 +++++++++++----------- kubernetes/personal/linkwarden/values.yaml | 47 +++++++++++---------- 4 files changed, 55 insertions(+), 48 deletions(-) create mode 100644 docker/gitea-actions/docker-compose.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4fc6c40..ef961f8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,6 +5,8 @@ updates: schedule: interval: weekly directories: + - "/docker/gitea-actions" + - "/docker/home/esphome" - "/docker/home/ha-linky" - "/docker/home/home-assistant" - "/docker/home/matter-server" diff --git a/docker/gitea-actions/docker-compose.yml b/docker/gitea-actions/docker-compose.yml new file mode 100644 index 0000000..83e4ac6 --- /dev/null +++ b/docker/gitea-actions/docker-compose.yml @@ -0,0 +1,6 @@ +services: + runner: + image: docker.io/gitea/act_runner:nightly + env_file: .env + volumes: + - /var/run/docker.sock:/var/run/docker.sock \ No newline at end of file diff --git a/kubernetes/code/gitea/values.yaml b/kubernetes/code/gitea/values.yaml index 46ff2ec..ce91642 100644 --- a/kubernetes/code/gitea/values.yaml +++ b/kubernetes/code/gitea/values.yaml @@ -17,10 +17,10 @@ postgresql: global: postgresql: auth: - postgressPassword: ENC[AES256_GCM,data:Pg6Fb2P94hrPOg==,iv:W9+TwZmwpO+7HY/QaEeTSWHTjUHp6atTzAQanRaqrMo=,tag:l6WX5UuArzII9HDx00Xeqg==,type:str] - password: ENC[AES256_GCM,data:sAwMOA5ZJ9+1yA==,iv:Tj3APXpcos0NnWVPyA7UF5v4PFXCcLMc6axixY0dSMU=,tag:hMq2tBjgFiQ9E1P8L/cQqA==,type:str] + postgressPassword: ENC[AES256_GCM,data:VUX2PSBXjfVXAQ==,iv:EokbkSVOl89e6mtIt2F2EnPTcdbSlxMccJ+AYkwz4CA=,tag:N0qeu/PKO5kdyiXIQufkMQ==,type:str] + password: ENC[AES256_GCM,data:QU81CjR0T2EJuw==,iv:GV+2aLlO9q0f+6ydXgW8DEWjYs/MbYl3C/pslCHUfZM=,tag:IrC50vQyUc3KZhM6+A89wg==,type:str] database: gitea - username: ENC[AES256_GCM,data:LnwP35s=,iv:kYwKsKsqG3j6zwKn85Qw1zHbnuq9pKsULei1Zf8xDhE=,tag:QZYqKryO9k73aGaU9jhKvg==,type:str] + username: ENC[AES256_GCM,data:EhkRSB8=,iv:4bQZYn0WwOTfL0mA5hzENSzq49GBFMbYeYyx5ofcoVM=,tag:0pb3hrwfuWV8JSlM26tiSA==,type:str] volumePermissions: enabled: true postgresql-ha: @@ -31,18 +31,18 @@ persistence: extraVolumes: - name: git nfs: - server: truenas.local + server: truenas.lan path: /mnt/main_storage/git extraContainerVolumeMounts: - name: git mountPath: /git -clusterDomain: kube-talos.local +clusterDomain: kube-talos.lan gitea: oauth: - name: Authentik provider: openidConnect - key: ENC[AES256_GCM,data:xawtVv9/90vuYW4s1iSSPW6+zAIS/vRUYy/96+F45uQhl6klhDd72w==,iv:TND3ygRySTgFH5/+fgAaCtWC/uSo/7G8LE5Cm7ykBYQ=,tag:mGiPMVkefMbDRnkax4KtPw==,type:str] - secret: ENC[AES256_GCM,data:mjnoOrRyow9k451fpxWLFHOQivk3K9t2ml71LdCXtLn43n1zlt3SC6BA5Gon35llX5ri9zaIAuBzfbjhLdd/40gaUbDOY7YVtIIwx4DJeYgBpH49pvCFfB785Ves0cIe8VP4gBrxhyfSRIu0VXWtVVYydak9Qj5Xs7o+rzIoypE=,iv:9WENZKZMpjJvakSJqTo5WdEQrdt2ZJe15kKm8/QIlGg=,tag:zUmlzCF9yepVVU26Zb5p6Q==,type:str] + key: ENC[AES256_GCM,data:izCBYkFigzgaZaERrTulvtxTRhGlvmglOOp6myaFg+4YKZIUls141Q==,iv:MOu0KNyCYqzwK4aghIJLfxpp6YNjhrfN/MTvlWj+dfQ=,tag:bLe9P1og6xuxLqA6d4fSfg==,type:str] + secret: ENC[AES256_GCM,data:DG6WH1asGPcK87IjyqoGau/JRL6A1Uu2Q+xq9XxMa0betH4yTiT68IW3f95TxPQo7NL9bEpiOKgX4qfHFu80+Qah65l5YC67OC+bnnUy4KVZ46drFWrDZMZbKPlDuSiZEav+ABszH9cc6HAoDg8LKmwtpM7TfWNbfpmYyv6iPCs=,iv:gPlM4Ol7KFVU1snuanuA7iib4AQH2+nKT2sX2h9JXlI=,tag:sddwFIZjVik+ojl2BI5o7g==,type:str] autoDiscoverUrl: https://authentik.vhaudiquet.fr/application/o/gitea/.well-known/openid-configuration config: APP_NAME: Gitea @@ -69,27 +69,27 @@ gitea: ISSUE_INDEXER_TYPE: bleve REPO_INDEXER_ENABLED: true sops: - lastmodified: "2025-08-01T13:28:21Z" - mac: ENC[AES256_GCM,data:pZmOp0UUzavviJpNKkAqDD0/rwktHuJW5qAWKQRQDTwzfgNRhKTb93uv5jMEEoI0YwUWSJIaASrIet7DR+KgAr7eD7xRain1rp+qBH/G6vMvmD5/8Q35H0MGK+GcLpJ4r8TULnKYpr/e/GTjDSkbiJhaFF7ZeBnsAZRPGcBdGwg=,iv:GXcduCy6rdaLcFNPYW4/bZVFPUW3JCMtA/vdqiDxeVU=,tag:FoI9JA9Me0vDEKeE3yALZQ==,type:str] + lastmodified: "2025-09-15T21:48:05Z" + mac: ENC[AES256_GCM,data:T5Ub0m8vGt+5AbJ8UiQlYLr7nLLodiPUlvdiCM9AD19YdKwiTiKmZVMTEW9rompVbPoHLArzb/reqmQ2D2D5CMNs8SgOfWiLD4/Y3qmnnxjwJi/0c6RNGmkTipYYwYu7gLVoL6GgQoNZmpr29MwNTEzCPN781XqMnxhxKtp18+A=,iv:6/t/i7a4Qr6/JDiNz9IPzaKSYZBWT8mxPB3Nnd/w9CI=,tag:l7NS89WXa8h33siY7UNTvw==,type:str] pgp: - - created_at: "2025-08-01T13:28:21Z" + - created_at: "2025-09-15T21:48:05Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA7uy4qQr71wiAQ/+K4DEoUdBd5qpNPtUdAf9GG7sEwg4E5acLfQnUDIF7V3w - b0EBXA4lRI55fcxgyNa2GwSeW/InKpobwCcTl+qFft8RMIh7xa/9pvC7A2dD00O4 - asivZUZoo71qDKHssUw1O8WIQOfjxqN0HvrcyJgl8svMyU/w6iu8XG/xP8cr6y03 - bT7eR8XlSXXQBbjTJSaUTlQyv8jLUkM0tLKY926yUI1UAN6cUFBzNe9mUhI9gO0S - bzeoDVH2aXBcYq/MPL20daaJ92fis0ucbf3lZpkaJZc8oMN5vmh7n0gq87DXOcqY - EkwOg8okslMUc7C0r6aFH/q8RLOFu4F98f6Erhy3NT7DOiUjgpFSVcQHKsQTx6C4 - 8dLd+abnJz0L1xshI07FJFgGX6pS/wme7o9GYNMU8I0S1COcHh7PlgZry4I9AzbL - K4M5HRwfdu62T5zsSmRD9+cBXHSE/JBkWEcl+/rOGnilnWhfdQtCvvG77bDgskab - 0JPtbQNLc8vnImSs8DTSNFWbhC2Elgqqa4CJcSnfOgCmuF2auG6oz2X3xS0AfGdR - cih2TjakxBcQlv2Hm73n7dkA1aZaYBpDk3wWXgQ7in2VRofsFeZ5JNNfOA3nPHJC - d3CMkPFbiKQvLUtkR90yjbkj9gYOD6sDPE0RWiFUT7sOpiPN/3lYNqSQRPRcsyXS - XgHaDTHRMuJahx8vR9h43Rw9n78WeC9AuNGH8nYkjxYUsV42sVie8VqXHe4IIbt9 - 9CPF5nFm4c6DNaWHieQO6NTxWhpaqEkuMmlKKmnniGt4xS3XrdjTEfArUT/V+Pg= - =Xy3U + hQIMA7uy4qQr71wiAQ//ZYp2oZsd950lEsQEYF8twms5kD+IwszzVFi71sGrdvTB + 3Hi3bzDDc57PcP6lzxs0wA4LaIkAVkK290nYofhxNk6r4sbX7Imqni6ECYhw1Tik + XkxfR8KIlZrVNNYRvFiwcYRfcqfoiwW5fNVfw09p1replIwyqcucg4c0MgGgxj2G + n8h95hiQPKr4Iq4qf7tsp+9EsYD3PBZAQWngbihlU67FwRinHUYn9sWO/o5qe1Rs + UVqdejDYssQjcebCu8pZvx0wSSBTZYov149fGpWCzrkHyNVkEUKaLbs8Js2AMN/1 + TgIym0AQ+U/RN0vkBujghwtiC8H9VkaFQ6UE9eSfSqP+yUY9UtAvQhGuAv+2KYqN + DTtL7+IeIg19V51PUTLvvPo6I+jhKtTQhnvdKzzktZ+h3ff1y9r4OF/f5mgWpxz8 + FF1aO+oxufAvP4HdOWAn9B7KAwOdd1vLuxUHhI/DQqxmSoeJ51F6K+JJl5GYFBuy + HlgToIbCMeoBj5Yt/1g49nGLfSwN84MG90NNob+wmCtbrX1hEHW0Gv4fz8gGo5fi + hkQtd0OfvsRZHZgrK+HXdQfAZ3v7F5onod28ZSaJHj8HsJ7d5Bl7UNG/NmZ/jqwq + lEnA70BoD7wQLuEojP5TnF2lEdNAbRAounXPpT7JLdbFjdVfA47xchLD9aUY1dfS + XgFwyvyBo0ocLKAHkCoBgfVdCjUnoCH5Bi0aONiEROumTTyv+NQBRoP2UiniQYPw + ZL0OnDYOXviLwbsmMKB8J8KatKRuvOojT4kF+xGA2fUtsachPFYWPWvtRGNZ88Q= + =6Lnz -----END PGP MESSAGE----- fp: DC6910268E657FF70BA7EC289974494E76938DDC encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$ diff --git a/kubernetes/personal/linkwarden/values.yaml b/kubernetes/personal/linkwarden/values.yaml index e9b0a08..55b306e 100644 --- a/kubernetes/personal/linkwarden/values.yaml +++ b/kubernetes/personal/linkwarden/values.yaml @@ -18,13 +18,13 @@ configuration: disableNewSSOUsers: false PublicCredentialsEnabled: false authURL: http://linkwarden.lan/api/v1/auth - authSecret: ENC[AES256_GCM,data:EiVFUCrQDIAPZV6E/e6nrSoelTxGzS0Z7RbdaQ2OvJssoAC9hRJMbpvDNvfUrwTyX8EDB9ve3f/WrMhysdhFVQ==,iv:3/rTezM96Dx2FK4ycNQFWAgR5nzdYrBPhLukYGOOMDE=,tag:OSHaqUoFT7LBSECNlvvwlw==,type:str] + authSecret: ENC[AES256_GCM,data:UUZagqAY6+9AM4gMv9WFsWFSzjLxAALUz2iGg3dBIrpP+JCdJWVbXIRpZ8bZPJxvwnTcZSPOsLHlqzeqJRHubA==,iv:xgPnCNp2dpy8UG/fjEHPUxdXYXEQzFn3K/EX9lfjpWo=,tag:1uFZDdgGUvMvyKHj93z4yw==,type:str] sso: enabled: true authentik: enabled: true - clientId: ENC[AES256_GCM,data:jhyc4YGI8D+AV8FiWpecHqQd3Ofn6q+oazPGsHrzrXfCzifyJJ/ucA==,iv:/piiI86v4qiKHa+eGjCTCG6Ge6sDWn6hH8Fdt+lSN/k=,tag:CIOTGsUFUndiHuEkFM5adA==,type:str] - clientSecret: ENC[AES256_GCM,data:4Kcy07WuvO+raatmL1gl34oF2AM9BXlqzyauMMWNY7wQZqdF5rrNfvMAngv3iPQoxok8VMJSuGFbuoO+bA2SkZ6lqsnELfCAxOLcVkfRmQYgQkqKZnoqGiz9XWlqGN/oDaFzJzi1RdddCFYIA8jvKzk2TKhzNqtKt584oaW3I24=,iv:f/waKwFPclf+mIvbRZyZGkbQUI+IbfrpMOe/hIlIbl0=,tag:TBrp+/wI+KejpabV+qQT7w==,type:str] + clientId: ENC[AES256_GCM,data:6XqAMjwywGgZK23ywm1GKWpIhIrXNa28Z52+0J1yhocBxLXoJAiocw==,iv:DiIpcD0H6wnIkXCMPmhLEHTzE6qKQrotGZ7q7Lv2iME=,tag:Kx80RoPf7BFMWEO1lZ4wCQ==,type:str] + clientSecret: ENC[AES256_GCM,data:OO8vjjWVxzUNuY/Jhk348RykWnVRQ/xthunOyI4XVzCmT0WXAH/uWSupljfWQW8aj4WzUUHMpJOvFpd3iYTExFn6QqyBisOgVzS9jy4sP4qdhnSpu9jXzEUNmKyjQncl3QTQCcPZMjlGGf0oJzZgHivVWl6rFbnYQOJHDlu3r48=,iv:H2OvOpH2yxUivH8RTvSnM9k86i9jUJKcUmNPpSSos6g=,tag:XXTyOC+Hj7BvgZJ7qxEZyA==,type:str] customName: Authentik issuer: https://authentik.vhaudiquet.fr/application/o/linkwarden persistence: @@ -32,33 +32,32 @@ persistence: storageClass: nfs-csi postgres: enabled: true - host: linkwarden-postgresql.linkwarden.svc.kube-talos.local - username: ENC[AES256_GCM,data:LbnLYvnjWTUDQg==,iv:Q8lWuAHQ8/oWgid2x3y59Kkmb0J6Qoq116I8irrXfqA=,tag:X8nUn7ANT3jLhWC08Nikjw==,type:str] - password: ENC[AES256_GCM,data:waU5WStYJrFWIQ==,iv:46Duu3hG0sxiOWQCs9t2ZYSvkq1Z5Hh5neCKCuyefF4=,tag:GYVkYSL4PtRW3J9BeWhE0g==,type:str] + host: linkwarden-postgresql.linkwarden.svc.kube-talos.lan + username: ENC[AES256_GCM,data:N+ozpU6TgAZSLA==,iv:XJT1fUe2XqSxpuuPfmzbyrJUUInUEhLyNddOX0jogZQ=,tag:z9rCjOKISMT+wpfwUzFd1Q==,type:str] + password: ENC[AES256_GCM,data:G7dF3Oo+1wzL9g==,iv:yAjh22rwaBhKtHgYAmQEjFSMFspOpG2hThwwjAo2KJk=,tag:DdXlyNk+TfR0IuSpQG3+Zg==,type:str] database: linkwarden sops: - lastmodified: "2025-08-27T10:07:51Z" - mac: ENC[AES256_GCM,data:LeVxOQHa95hSM3yFlWxiJBIYIKXQWagN3TPrOzyBfU4g3I1qe0TzLyOiV/y8oKcqd7hqPRPGtZfRzsPRhhfwMR+EnRnlCwGbb28vEyePyxX18sOPEhMHTvraq3iBSZfjtUVcBSgUEz1MBKvVQWFmXngeiCMP4aBGIJ4nXcuME+c=,iv:n9X9gmuV4E3fSaUyMF7HeeVefUeRYMTZ9SxLKIeXKmQ=,tag:++yTmGsIESRCIpM/4HqrFg==,type:str] + lastmodified: "2025-09-15T21:48:06Z" + mac: ENC[AES256_GCM,data:i9Mg17Z72cBJOSvmOlHkl0x0/FqhpCqS8iTGTYKlXacXi9E0nYYZr/y74qVjhubEaI1y6cRYXgaePI47lkyfvTzB3VGEpEs/y5fiL+PfiuV8Z18J9244+TyoasYR/a2sdRuJcY5jm6PSTKoGiwGnyZEthVwt1T38yr5msW3D79A=,iv:yj7uCySaoZcnO+7XsgB1EMfZOMwHSA0mtJXUq66MUgQ=,tag:YRvUG0/hj8Bjp+pMdJvePQ==,type:str] pgp: - - created_at: "2025-08-27T10:07:49Z" + - created_at: "2025-09-15T21:48:06Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA7uy4qQr71wiARAAjt0w0gAnu2x6nyM5Y+qvO5k8DVy+PHUPV3FLwyJ3NmSg - WvyIgnaOC2n/agjRUZS9z2uVmRge/f4/lHbMdXQg06UKmz5fK51V8ArB15HZtZnQ - TKT+FWZDOSMu7/mHluHdSYLdatXv5tsuqq2Y2I1vI08JelPfANvEr/jHKsUXjmQO - Ugffrf8BJ3bnVdSXQDkRYO5ipkcTbblZkad+KayPtOJWlV+TJd58u1fWvoMeYNzy - 2MCOUiJwmw42BsOBuXj7FPso4z7rP1QnG3r4Sh3NjAJkxmz+rxFn2Ty7N2bseG2Q - cImuvgr65A5xpvGolsLO9BBLIb/RG4ikwy8cpldhIEZHbbzzJYlPeXji5GVeHN7G - bKuMod5TlDFqiTBi+2TNXMehziXBDEEbTMesxdB6vXykuVxYiyY9U1Hpjo60nAJc - mcWPmEbO6379ELeJLZTtoZzk2pfIwW+KNrtHx7kaurvMf8AaDt5s5fbR7DM9lCho - kh+ukOoUdE9Qp2CEd9/xGieuvS1QUvgnwiQVGCmoZUwqtpdnIQOz6Hu4o4or19eT - WVyeIDHLIy8Q7tQa7WY+2SXnWxiZIgK7V6vF/uqHONtpJS161Ne5Qr2cZhIm3EXB - hGxjbn5fj0BRR8km0mKQN7IQNd7vS0CdUbGpGs7gejaYLchXcUp/qETsjSNdRrvU - aAEJAhAR5GVQA8k6Cs5kVZnrlRjRJgkRVP1QVZodeh+QwBRQvLax77rZmQs9Ll+4 - wu12edEEIcPTWiIigaNFjjUSC70kqNRk3SihKulMw45CVyi19WtmfsC3ap4wgAB2 - NsD+WI15xFmp - =8Rs1 + hQIMA7uy4qQr71wiAQ//dICUFaREdeVKhKkK7iPji73IRFZEnwoZwEnR0vtCBL3d + HXFfdXUMOVcXOvkkuF9zG52flUZBpVgilQz2W8Y7xI3tU8xX6wxmuz8LjegidCHk + R2xKAJ5iCEWZTIouFwg4fM399Mm9xhiIPuM4+25DAZnSJJAc7fQ2NaNaA8vjbJQ7 + YUnqkmE+QPGbyeykudlTFfl/zZzrgKbQqWuUmD/vq1XckUaPxM5cdeFDsg87AZCs + o51lQ39b+CpWmdbDbJDF5nMWUrCzIz9okptoNfHM/5E0Jg53JBsXBvsqwWTOI5vo + djilDfsyu5nQj7UDstaax839T7P5gm5ass2/YtIjgrJUczyRt6vS97zuXLsbEGpH + 6hXHan7OormqbmISnFrL68Q4w6JUZev43bdzqtX0EnYHNZVLXH3qAxD5EnuL/i20 + oY/oMEteFh86Smw/LXwtWjVfPKYzNQ6GTkTCzM3hVcfMOzdFVPgYDM+5EXF+/oAB + +BGqZvWW4G3G9sbPTRSJ1k+toWuC/erY41r+g3+KHbW73YdqIVwBsTDAFhPPNbe5 + hnr1JFLQ75GHdDRnKRl3nZSPc2j9JMUtMhX+rKwLb/0DoVjNz0lFut/Tj+6xiG/1 + SqHTpROU1tkip+rP0shzdu218+hjrzj+cDKkawoqmpD9gOm83P7YEqrIwcBj+TPS + XgE3UHtwHdJM38kfPm1fkTuCejlAQ3Hsz6W4PSbXJfY8w1gO241dEzy+b0At9Rv2 + 6IklhRBAs4ioH/hD653yz0mkCYRpOLYDJU2iMWZdv61YLXb4rsnAwr6xLbDHDXM= + =69Pc -----END PGP MESSAGE----- fp: DC6910268E657FF70BA7EC289974494E76938DDC encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$