Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-03-16 11:03:46

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -16,6 +16,7 @@ ArgoCD homelab project
 | **authentik** | [![authentik](https://ag.hexor.cy/api/badge?name=authentik&revision=true)](https://ag.hexor.cy/applications/argocd/authentik) |
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
+| **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
@@ -37,6 +38,8 @@ ArgoCD homelab project
 
 | Application | Status |
 | :--- | :---: |
+| **comfyui** | [![comfyui](https://ag.hexor.cy/api/badge?name=comfyui&revision=true)](https://ag.hexor.cy/applications/argocd/comfyui) |
+| **furumi-server** | [![furumi-server](https://ag.hexor.cy/api/badge?name=furumi-server&revision=true)](https://ag.hexor.cy/applications/argocd/furumi-server) |
 | **gitea** | [![gitea](https://ag.hexor.cy/api/badge?name=gitea&revision=true)](https://ag.hexor.cy/applications/argocd/gitea) |
 | **greece-notifier** | [![greece-notifier](https://ag.hexor.cy/api/badge?name=greece-notifier&revision=true)](https://ag.hexor.cy/applications/argocd/greece-notifier) |
 | **hexound** | [![hexound](https://ag.hexor.cy/api/badge?name=hexound&revision=true)](https://ag.hexor.cy/applications/argocd/hexound) |
@@ -45,6 +48,9 @@ ArgoCD homelab project
 | **jellyfin** | [![jellyfin](https://ag.hexor.cy/api/badge?name=jellyfin&revision=true)](https://ag.hexor.cy/applications/argocd/jellyfin) |
 | **k8s-secrets** | [![k8s-secrets](https://ag.hexor.cy/api/badge?name=k8s-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
 | **khm** | [![khm](https://ag.hexor.cy/api/badge?name=khm&revision=true)](https://ag.hexor.cy/applications/argocd/khm) |
+| **lidarr** | [![lidarr](https://ag.hexor.cy/api/badge?name=lidarr&revision=true)](https://ag.hexor.cy/applications/argocd/lidarr) |
+| **matrix** | [![matrix](https://ag.hexor.cy/api/badge?name=matrix&revision=true)](https://ag.hexor.cy/applications/argocd/matrix) |
+| **mtproxy** | [![mtproxy](https://ag.hexor.cy/api/badge?name=mtproxy&revision=true)](https://ag.hexor.cy/applications/argocd/mtproxy) |
 | **n8n** | [![n8n](https://ag.hexor.cy/api/badge?name=n8n&revision=true)](https://ag.hexor.cy/applications/argocd/n8n) |
 | **ollama** | [![ollama](https://ag.hexor.cy/api/badge?name=ollama&revision=true)](https://ag.hexor.cy/applications/argocd/ollama) |
 | **paperless** | [![paperless](https://ag.hexor.cy/api/badge?name=paperless&revision=true)](https://ag.hexor.cy/applications/argocd/paperless) |

k8s/apps/matrix/external-secrets.yaml

@@ -21,16 +21,22 @@ spec:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: CHANGE_ME
-        property: CHANGE_ME
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[14].value
     - secretKey: mas_db_password
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: CHANGE_ME
-        property: CHANGE_ME
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[15].value
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
@@ -46,11 +52,12 @@ spec:
         mas-oidc.yaml: |
           upstream_oauth2:
             providers:
-              - id: authentik
+              - id: 001KKV4EKY7KG98W2M9T806K6A
                 human_name: Authentik
                 issuer: https://idm.hexor.cy/application/o/matrix/
-                client_id: {{ .oauth_client_id }}
-                client_secret: {{ .oauth_client_secret }}
+                client_id: "{{ .oauth_client_id }}"
+                client_secret: "{{ .oauth_client_secret }}"
+                token_endpoint_auth_method: client_secret_post
                 scope: "openid profile email"
                 claims_imports:
                   localpart:
@@ -70,13 +77,19 @@ spec:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: CHANGE_ME
-        property: CHANGE_ME
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: ca76867f-49f3-4a30-9ef3-b05af35ee49a
+        property: fields[0].value
     - secretKey: oauth_client_secret
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: CHANGE_ME
-        property: CHANGE_ME
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: ca76867f-49f3-4a30-9ef3-b05af35ee49a
+        property: fields[1].value

k8s/apps/matrix/matrix-stack-values.yaml

@@ -20,12 +20,12 @@ matrixRTC:
   enabled: false
 hookshot:
   enabled: false
-haproxy:
-  enabled: false
 
 ## Synapse homeserver
 synapse:
   enabled: true
+  ingress:
+    host: matrix.hexor.cy
   postgres:
     host: psql.psql.svc
     port: 5432
@@ -35,6 +35,11 @@ synapse:
     password:
       secret: matrix-postgres-creds
       secretKey: synapse_db_password
+  additional:
+    0-unsafe-locale:
+      config: |
+        database:
+          allow_unsafe_locale: true
   media:
     storage:
       size: 20Gi
@@ -45,6 +50,8 @@ synapse:
 ## Matrix Authentication Service
 matrixAuthenticationService:
   enabled: true
+  ingress:
+    host: auth.matrix.hexor.cy
   postgres:
     host: psql.psql.svc
     port: 5432
@@ -78,8 +85,6 @@ elementAdmin:
   # nodeSelector:
   #   kubernetes.io/hostname: nas.homenet
 
-## Well-known delegation on the base domain
+## Well-known delegation on the base domain (host is derived from serverName)
 wellKnownDelegation:
   enabled: true
-  ingress:
-    host: matrix.hexor.cy

k8s/core/postgresql/external-secrets.yaml

@@ -127,6 +127,10 @@ spec:
           {{ .mmdl }}
         USER_n8n: |-
           {{ .n8n }}
+        USER_synapse: |-
+          {{ .synapse }}
+        USER_mas: |-
+          {{ .mas }}
   data:
     - secretKey: authentik
       sourceRef:
@@ -271,4 +275,26 @@ spec:
         metadataPolicy: None
         key: 2a9deb39-ef22-433e-a1be-df1555625e22
         property: fields[13].value
+    - secretKey: synapse
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[14].value
+    - secretKey: mas
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[15].value
 

terraform/authentik/oauth2-apps.auto.tfvars

@@ -188,5 +188,25 @@ oauth_applications = {
     create_group               = true
     signing_key                = "1b1b5bec-034a-4d96-871a-133f11322360"
   }
+  "matrix" = {
+    name             = "Matrix Chat"
+    slug             = "matrix"
+    group            = "Tools"
+    meta_description = "Matrix Chat"
+    meta_icon        = "https://img.icons8.com/ios/100/40C057/matrix-logo.png"
+    redirect_uris = [
+      "https://matrix.hexor.cy/_matrix/client/unstable/org.matrix.msc2965/auth/upstream/callback",
+    ]
+    meta_launch_url            = "https://matrix.hexor.cy"
+    client_type                = "confidential"
+    include_claims_in_id_token = true
+    access_code_validity       = "minutes=1"
+    access_token_validity      = "minutes=5"
+    refresh_token_validity     = "days=30"
+    scope_mappings             = ["openid", "profile", "email"]
+    access_groups              = []
+    create_group               = true
+    signing_key                = "1b1b5bec-034a-4d96-871a-133f11322360"
+  }
 }