Auto-update README with current k8s applications

Generated by CI/CD workflow on 2025-12-28 12:44:18

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -56,6 +56,7 @@ ArgoCD homelab project
 | **tg-bots** | [![tg-bots](https://ag.hexor.cy/api/badge?name=tg-bots&revision=true)](https://ag.hexor.cy/applications/argocd/tg-bots) |
 | **vaultwarden** | [![vaultwarden](https://ag.hexor.cy/api/badge?name=vaultwarden&revision=true)](https://ag.hexor.cy/applications/argocd/vaultwarden) |
 | **vpn** | [![vpn](https://ag.hexor.cy/api/badge?name=vpn&revision=true)](https://ag.hexor.cy/applications/argocd/vpn) |
+| **xandikos** | [![xandikos](https://ag.hexor.cy/api/badge?name=xandikos&revision=true)](https://ag.hexor.cy/applications/argocd/xandikos) |
 
 </td>
 </tr>

k8s/apps/xandikos/external-secrets.yaml

@@ -0,0 +1,31 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: mmdl-secrets
+spec:
+  target:
+    name: mmdl-secrets
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        DB_DIALECT: 'postgres'
+        DB_HOST: psql.psql.svc
+        DB_USER: mmdl
+        DB_NAME: mmdl
+        DB_PORT: "5432"
+        DB_PASS: |-
+          {{ .pg_pass }}
+        AES_PASSWORD: |-
+          {{ .pg_pass }}
+
+  data:
+    - secretKey: pg_pass
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[12].value

k8s/apps/xandikos/kustomization.yaml

@@ -7,5 +7,5 @@ resources:
   - mmdl-deployment.yaml
   - mmdl-service.yaml
   - ingress.yaml
-
+  - external-secrets.yaml
 

k8s/apps/xandikos/mmdl-deployment.yaml

@@ -26,6 +26,9 @@ spec:
         - name: mmdl
           image: intriin/mmdl:latest
           imagePullPolicy: Always
+          envFrom:
+            - secretRef:
+                name: mmdl-secrets
           env:
             - name: NEXTAUTH_URL
               value: "https://cal.hexor.cy"

k8s/core/argocd/appprojects.yaml

@@ -47,3 +47,20 @@ spec:
     server: https://kubernetes.default.svc
   sourceRepos:
   - ssh://git@gt.hexor.cy:30022/ab/homelab.git
+
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: desktop
+  namespace: argocd
+spec:
+  clusterResourceWhitelist:
+  - group: '*'
+    kind: '*'
+  description: Hexor Home Lab Desktop Apps
+  destinations:
+  - namespace: '*'
+    server: https://kubernetes.default.svc
+  sourceRepos:
+  - ssh://git@gt.hexor.cy:30022/ab/homelab.git

k8s/core/postgresql/external-secrets.yaml

@@ -123,6 +123,8 @@ spec:
           {{ .remnawave }}
         USER_umami: |-
           {{ .umami }}
+        USER_mmdl: |-
+          {{ .mmdl }}
   data:
     - secretKey: authentik
       sourceRef:
@@ -245,3 +247,14 @@ spec:
         metadataPolicy: None
         key: 2a9deb39-ef22-433e-a1be-df1555625e22
         property: fields[11].value
+    - secretKey: mmdl
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[12].value

k8s/desktop/khm/app.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: khm-client
+  namespace: argocd
+spec:
+  project: desktop
+  destination:
+    namespace: default
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/desktop/khm
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true

k8s/desktop/khm/khm-client-cronjob.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: khm-client
+  labels:
+    app: khm-client
+spec:
+  schedule: "* * * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app: khm-client
+        spec:
+          restartPolicy: OnFailure
+          nodeSelector:
+            node-role.kubernetes.io/desktop: ""
+          tolerations:
+            - key: workload
+              operator: Equal
+              value: desktop
+              effect: NoSchedule
+          hostNetwork: false
+          containers:
+            - name: khm-client
+              image: 'ultradesu/khm:latest'
+              imagePullPolicy: Always
+              securityContext:
+                privileged: false
+              resources:
+                requests:
+                  memory: "64Mi"
+                  cpu: "50m"
+                limits:
+                  memory: "256Mi"
+                  cpu: "200m"
+              command:
+                - /usr/local/bin/khm
+                - --known-hosts
+                - /host-ssh/known_hosts
+                - --host
+                - https://khm.hexor.cy
+                - --flow=work
+                - --basic-auth=ultradesu:JiMkWGaA0UZRkzzqtdPvvE0D5vIMCrH7LZGvK2Ux6eGSWECrPlh7UH1khdEm
+                - --in-place
+              volumeMounts:
+                - name: known-hosts
+                  mountPath: /host-ssh/known_hosts
+                  subPath: known_hosts
+          volumes:
+            - name: known-hosts
+              hostPath:
+                path: /home/ab/.ssh/known_hosts

k8s/desktop/khm/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app.yaml
+  - khm-client-cronjob.yaml