mirror of
https://github.com/vhaudiquet/homeprod.git
synced 2026-05-08 17:47:24 +00:00
Compare commits
10 Commits
dependabot
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 3a6a621193 | |||
17ab87e276
|
|||
|
56f67dd447 | ||
|
|
33bdb8f3b0 | ||
|
|
1b4e2dafbc | ||
|
|
9f59f7cea0 | ||
|
524d0d7d3c
|
|||
|
51b22d769e
|
|||
|
4bd0274714
|
|||
|
69e3a793c8
|
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
esphome:
|
||||
image: ghcr.io/esphome/esphome:2026.4.4
|
||||
image: ghcr.io/esphome/esphome:2026.4.5
|
||||
ports:
|
||||
- "6052"
|
||||
networks:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
n8n:
|
||||
image: docker.n8n.io/n8nio/n8n:2.19.2
|
||||
image: docker.n8n.io/n8nio/n8n:2.19.5
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
- N8N_SECURE_COOKIE=false
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
services:
|
||||
jackett:
|
||||
container_name: jackett
|
||||
image: ghcr.io/hotio/jackett:release-v0.24.1815
|
||||
image: ghcr.io/hotio/jackett:release-v0.24.1822
|
||||
ports:
|
||||
- "9117"
|
||||
networks:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
radicale:
|
||||
image: tomsquest/docker-radicale:3.7.1.0
|
||||
image: tomsquest/docker-radicale:3.7.2.0
|
||||
container_name: radicale
|
||||
ports:
|
||||
- 5232
|
||||
|
||||
@@ -47,7 +47,9 @@ resource "proxmox_virtual_environment_file" "ai-cloud-config" {
|
||||
resource "proxmox_virtual_environment_vm" "ai" {
|
||||
name = "ai-${var.proxmox_node_name}"
|
||||
node_name = var.proxmox_node_name
|
||||
on_boot = true
|
||||
|
||||
on_boot = false
|
||||
started = false
|
||||
|
||||
agent {
|
||||
enabled = true
|
||||
|
||||
@@ -61,7 +61,7 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
|
||||
}
|
||||
|
||||
memory {
|
||||
floating = 22222
|
||||
floating = 32000
|
||||
dedicated = 38768
|
||||
}
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ resource "proxmox_virtual_environment_vm" "kube" {
|
||||
|
||||
memory {
|
||||
dedicated = 32768
|
||||
floating = 16192
|
||||
floating = 22222
|
||||
}
|
||||
|
||||
boot_order = ["scsi0", "ide0"]
|
||||
@@ -89,6 +89,12 @@ resource "proxmox_virtual_environment_vm" "kube" {
|
||||
vlan_id = 2
|
||||
}
|
||||
|
||||
network_device {
|
||||
bridge = "vmbr0"
|
||||
model = "virtio"
|
||||
vlan_id = 2
|
||||
}
|
||||
|
||||
operating_system {
|
||||
type = "l26"
|
||||
}
|
||||
|
||||
@@ -37,14 +37,30 @@ data:
|
||||
|
||||
@umami host umami.vhaudiquet.fr
|
||||
|
||||
handle @authentik { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @auth-nook { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @nook-mg { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @nook { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @sse-nook { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @gitea { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @flux-wh { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @umami { reverse_proxy traefik.traefik.svc.cluster.local:80 }
|
||||
handle @authentik {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @auth-nook {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @nook-mg {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @nook {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @sse-nook {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @gitea {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @flux-wh {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
handle @umami {
|
||||
reverse_proxy traefik.traefik.svc.cluster.local:80
|
||||
}
|
||||
|
||||
# Docker VM services (via Traefik)
|
||||
@alexscript host alexscript.vhaudiquet.fr
|
||||
@@ -52,10 +68,18 @@ data:
|
||||
@jellyfin host flix.vhaudiquet.fr
|
||||
@mail host mail.vhaudiquet.fr
|
||||
|
||||
handle @alexscript { reverse_proxy 10.1.2.212:80 }
|
||||
handle @clips { reverse_proxy 10.1.2.212:80 }
|
||||
handle @jellyfin { reverse_proxy 10.1.2.212:80 }
|
||||
handle @mail { reverse_proxy 10.1.2.212:80 }
|
||||
handle @alexscript {
|
||||
reverse_proxy 10.1.2.212:80
|
||||
}
|
||||
handle @clips {
|
||||
reverse_proxy 10.1.2.212:80
|
||||
}
|
||||
handle @jellyfin {
|
||||
reverse_proxy 10.1.2.212:80
|
||||
}
|
||||
handle @mail {
|
||||
reverse_proxy 10.1.2.212:80
|
||||
}
|
||||
}
|
||||
|
||||
semery.fr {
|
||||
|
||||
@@ -17,3 +17,14 @@ spec:
|
||||
valuesFrom:
|
||||
- kind: Secret
|
||||
name: caddy-values
|
||||
# Patch the Service to add loadBalancerIP since the chart doesn't support it
|
||||
postRenderers:
|
||||
- kustomize:
|
||||
patches:
|
||||
- target:
|
||||
kind: Service
|
||||
name: caddy
|
||||
patch: |
|
||||
- op: add
|
||||
path: /spec/loadBalancerIP
|
||||
value: "10.1.2.152"
|
||||
|
||||
@@ -13,8 +13,6 @@ image:
|
||||
tag: 2.11.2
|
||||
service:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
io.cilium/lb-ipam-ips: 10.1.2.152
|
||||
externalTrafficPolicy: Local
|
||||
# Disable ingress - Caddy IS the edge proxy
|
||||
ingress:
|
||||
@@ -26,17 +24,10 @@ resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 256Mi
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
# Caddy needs root to bind to ports 80/443 and write runtime data
|
||||
# Using restrictive security context causes "operation not permitted"
|
||||
podSecurityContext: {}
|
||||
securityContext: {}
|
||||
health:
|
||||
path: /
|
||||
port: 9999
|
||||
@@ -44,8 +35,8 @@ health:
|
||||
volumes:
|
||||
- name: certificates
|
||||
secret:
|
||||
secretName: ENC[AES256_GCM,data:hpxK4mqVNwVRWutC4ufnqhzu,iv:D/7vhjkr5buSFJ42UeGKicPJA7YxHhv+vmakFFE11Vk=,tag:AExbVZIQu+wrUb5jq86toA==,type:str]
|
||||
optional: ENC[AES256_GCM,data:y19uLw==,iv:S5VEP6p7GspKtXeTDumHy1xJ0yW1qu/t4yqy3bhlZSE=,tag:mkZiVVboLoOhGd1EcE9PaA==,type:bool]
|
||||
secretName: ENC[AES256_GCM,data:Er1F+5xhWKUT43+7jU/pwxWP,iv:Ohc3jFIQ4Enmbhd0F44SYWJiHlj1oFOrMdtM4oYKQEU=,tag:Kk8Y8aFSKMyGmY/uRVvyLw==,type:str]
|
||||
optional: ENC[AES256_GCM,data:JdlpGQ==,iv:xaoqonC9cGHXizHuAFrjhC4ZEtZ2IICeg2hxvGjyFM4=,tag:JYmlIXgIMON7z4++FrBGKQ==,type:bool]
|
||||
- name: routes
|
||||
configMap:
|
||||
name: caddy-routes
|
||||
@@ -66,6 +57,10 @@ config:
|
||||
# The main Caddyfile content - imports routes from external ConfigMap
|
||||
# This keeps routes in a separate, easily editable file
|
||||
caddyFile: |
|
||||
:80 {
|
||||
redir https://{host}{uri} permanent
|
||||
}
|
||||
|
||||
import /etc/caddy/routes/Caddyfile
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
@@ -77,27 +72,27 @@ affinity:
|
||||
app.kubernetes.io/name: caddy
|
||||
topologyKey: kubernetes.io/hostname
|
||||
sops:
|
||||
lastmodified: "2026-05-07T22:47:47Z"
|
||||
mac: ENC[AES256_GCM,data:LQqoe/wDLAUJWLiEGoID3CSI4bQmdVaroAkq7Kk9Ullt85X3VmYMOrLXjn1Qew95rpG6gB9Bl7rvv0J7mUDJtewhfkSsSXKTYJAcn4VVoNGZ3PZu9/w5HNvOqDhTkXBWKEgQK4+HMKKEhW8iQ5aJ+oTAEZfKsp9k8+mqgHId100=,iv:E/v+fY9iKM9W9NFSGNtiJV6ZeaAb2Fy2hGDgOBwmFyU=,tag:JOD69j8SUS5339+zrV9L4g==,type:str]
|
||||
lastmodified: "2026-05-08T11:43:14Z"
|
||||
mac: ENC[AES256_GCM,data:K0HWw8yTPKy6e3aQV4SdiVwrCjiyCFlFbeycAiyJq4IdlKX9v4wFvjVFLR8VziH8oXJXdUUhr+LOiqNI5HwghXkVn2dOP2ij9jvXZtMic4P0AUN16PfWoedu9ozA+xsGHZ1OTUv+sxvKEUo5Z5Wp+u761w/Xqdn5hHmU2Komatk=,iv:ICwn/LvizIjXVfgiMje50dQ11JAH37wSla29bGAnjuA=,tag:mV7rtahUy4ODZaA7baM12w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-05-07T22:47:46Z"
|
||||
- created_at: "2026-05-08T11:43:13Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7uy4qQr71wiARAAt5P8/X84OYKnWvKc5qRpwHNQwbfqrB/SHkX82oJ8ZlXJ
|
||||
/vlKVDOBrlntePt4cyKT6c3Ubw4xDj/1U3PkvM44AXSRHH8E5dSUI+5T/0+SBlfU
|
||||
6XlkF6cpng/ydMvImTAi3+8bmC3yHE/NEegreldjFj7l2hdFuvfyOp7pmE//Ljox
|
||||
D7tkq9v1/IlvPfeAY0xIEotr1nb41OEhM7OhPQjtGUeufD0eCUhCQaZSo+CjTrf2
|
||||
cG+eE/O2jCLNjWJ33wK1AHtHX1mlyzW8sRkRVgg511G8iquFjD11ZuDZPEIC8Yle
|
||||
idftTlPh0ZTOGXcfDVn5Pq9dgkZ3K6ufhvEb8mw0NrPsysY21PdDaIzLo58b4t2m
|
||||
akJ1xCciwsQDorKfFjpG7gFzV1KvMzw/KjEUFxg5JfKaFGTPhgsf50OiM6VPf4gP
|
||||
cTS5QNewdnbnzHE756PkZqfqdt6Tt9xqji8r72PwTSUy6yaK/lV9owAIZ6V2yTdt
|
||||
l3DckDp0HsU/w98fabiX9CsrJUWeUfioElw2ibXWcXNHmqPoFl1Bf/AbF20t6P9p
|
||||
+1J0vMu6ONsBGv2Flmle2Ya7OQbZF4lQB4dQLUBDKdZArsB5Sspm3Rf+4iP9qUF+
|
||||
Pr/OotbiaOLsEZybIf+L2d5ON4zCbNAU5VbpfWMKH0AsPcIH5Ruw7d/OutAGZOvS
|
||||
XAGAEBjVlZ2IRU6CSPJDG/9TqBHyBHfriV+BoGlKlXbPMoJAZI2wX1o7+M6S65ho
|
||||
aiR70aCo2kIgFvxxBeY1FxtB0DB8Zeoul7ovvhKIq2u9s7X/OSIa0X5dm6sZ
|
||||
=fg1O
|
||||
hQIMA7uy4qQr71wiAQ//aGnCSLLWTkhToTh833OJ1GwgN82F8R+RgsfpKIW+XNvI
|
||||
YdTCgaFrYdCGXsaLHijb7vVwCU0VRf/ufZfQp2+GupqRHCbMLSmlkoiyr9ImGlYX
|
||||
VWQDajv74H/3CcyCQNjqfFRdUHLE+rfNuYaH/p3+/Ee2bgJi52f3uRdJ4lXSCWIf
|
||||
KW9lLbwjlfGnOnsnDkaPwcZW9QL353Mi82yXOu7OihobUaVgr83nESXbAS/k4mx1
|
||||
whOXAoEDeLQZfZrITEewOQ0PHjWJwKc0x2YCiQ0If33GSfDjzWPoDuXmQo/xhk98
|
||||
Nt3aNTMDvjriGNOIcZyUlEjq1HqCmd3pQSD5h8soR9Do/NsTocyK1da49iz91dha
|
||||
jwoEga2iFis9Zd9rr7Caf3pWtmKENUGFJl15tpaelvk13jUebSyDubw0OIYbbILr
|
||||
dVZAeiOHrRMD5crxG05zvOeLMASuL/IrK97RLBAonZLEkRrfgAwZHK2U0rq2HXpI
|
||||
wlp4yDlF/eILvmMgAruP7lW0q/m5+DfxQtcZdamtm3FWj9m0iUAthvw02fplmFci
|
||||
xJ82rkfkPAZSm7/yPJ9yiea+tKgX8yk1uArRtf8rsG6SED2lCRKmux8ElcZc5DYV
|
||||
hyLivTN7X5Nr05mvaPIptCVm1iYoWaiQNZcPDax/LBZJhNaJgPUz1ue1Ppf422PS
|
||||
XgE4dh3x1ulcUhXm4nK/0FzKmJUOjcygPeGWmia0ZOEHub/ju+z8LgRAkBasqRXP
|
||||
4aepPm5xVY0g/Z0xksxIWpYUnLRzs0uUKd+zz1MvmWlZckxUO5wWJUWRcwCBDz4=
|
||||
=Ql2K
|
||||
-----END PGP MESSAGE-----
|
||||
fp: DC6910268E657FF70BA7EC289974494E76938DDC
|
||||
encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$
|
||||
|
||||
Reference in New Issue
Block a user