Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-03-16 14:09:31

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -16,6 +16,7 @@ ArgoCD homelab project
 | **authentik** | [![authentik](https://ag.hexor.cy/api/badge?name=authentik&revision=true)](https://ag.hexor.cy/applications/argocd/authentik) |
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
+| **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
@@ -37,6 +38,8 @@ ArgoCD homelab project
 
 | Application | Status |
 | :--- | :---: |
+| **comfyui** | [![comfyui](https://ag.hexor.cy/api/badge?name=comfyui&revision=true)](https://ag.hexor.cy/applications/argocd/comfyui) |
+| **furumi-server** | [![furumi-server](https://ag.hexor.cy/api/badge?name=furumi-server&revision=true)](https://ag.hexor.cy/applications/argocd/furumi-server) |
 | **gitea** | [![gitea](https://ag.hexor.cy/api/badge?name=gitea&revision=true)](https://ag.hexor.cy/applications/argocd/gitea) |
 | **greece-notifier** | [![greece-notifier](https://ag.hexor.cy/api/badge?name=greece-notifier&revision=true)](https://ag.hexor.cy/applications/argocd/greece-notifier) |
 | **hexound** | [![hexound](https://ag.hexor.cy/api/badge?name=hexound&revision=true)](https://ag.hexor.cy/applications/argocd/hexound) |
@@ -45,6 +48,9 @@ ArgoCD homelab project
 | **jellyfin** | [![jellyfin](https://ag.hexor.cy/api/badge?name=jellyfin&revision=true)](https://ag.hexor.cy/applications/argocd/jellyfin) |
 | **k8s-secrets** | [![k8s-secrets](https://ag.hexor.cy/api/badge?name=k8s-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
 | **khm** | [![khm](https://ag.hexor.cy/api/badge?name=khm&revision=true)](https://ag.hexor.cy/applications/argocd/khm) |
+| **lidarr** | [![lidarr](https://ag.hexor.cy/api/badge?name=lidarr&revision=true)](https://ag.hexor.cy/applications/argocd/lidarr) |
+| **matrix** | [![matrix](https://ag.hexor.cy/api/badge?name=matrix&revision=true)](https://ag.hexor.cy/applications/argocd/matrix) |
+| **mtproxy** | [![mtproxy](https://ag.hexor.cy/api/badge?name=mtproxy&revision=true)](https://ag.hexor.cy/applications/argocd/mtproxy) |
 | **n8n** | [![n8n](https://ag.hexor.cy/api/badge?name=n8n&revision=true)](https://ag.hexor.cy/applications/argocd/n8n) |
 | **ollama** | [![ollama](https://ag.hexor.cy/api/badge?name=ollama&revision=true)](https://ag.hexor.cy/applications/argocd/ollama) |
 | **paperless** | [![paperless](https://ag.hexor.cy/api/badge?name=paperless&revision=true)](https://ag.hexor.cy/applications/argocd/paperless) |

k8s/apps/furumi-server/deployment.yaml

@@ -22,7 +22,10 @@ spec:
           imagePullPolicy: Always
           env:
             - name: FURUMI_TOKEN
-              value: "f38387266e75effe891b7953eb9c06b4"
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-token
+                  key: TOKEN
             - name: FURUMI_ROOT
               value: "/media"
           ports:

k8s/apps/furumi-server/external-secrets.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: furumi-ng-token
+spec:
+  target:
+    name: furumi-ng-token
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        TOKEN: |-
+          {{ .token }}
+  data:
+    - secretKey: token
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f
+        property: fields[0].value

k8s/apps/furumi-server/kustomization.yaml

@@ -6,3 +6,4 @@ resources:
   - deployment.yaml
   - service.yaml
   - servicemonitor.yaml
+  - external-secrets.yaml

k8s/apps/matrix/external-secrets.yaml

@@ -52,16 +52,17 @@ spec:
         mas-oidc.yaml: |
           upstream_oauth2:
             providers:
-              - id: authentik
+              - id: 001KKV4EKY7KG98W2M9T806K6A
                 human_name: Authentik
                 issuer: https://idm.hexor.cy/application/o/matrix/
-                client_id: {{ .oauth_client_id }}
-                client_secret: {{ .oauth_client_secret }}
+                client_id: "{{ .oauth_client_id }}"
+                client_secret: "{{ .oauth_client_secret }}"
+                token_endpoint_auth_method: client_secret_post
                 scope: "openid profile email"
                 claims_imports:
                   localpart:
-                    action: require
-                    template: "{{ `{{ user.preferred_username }}` }}"
+                    action: suggest
+                    template: "{{ `{{ user.preferred_username | split(\"@\") | first }}` }}"
                   displayname:
                     action: suggest
                     template: "{{ `{{ user.name }}` }}"

k8s/apps/matrix/matrix-stack-values.yaml

@@ -24,6 +24,8 @@ hookshot:
 ## Synapse homeserver
 synapse:
   enabled: true
+  ingress:
+    host: synapse.matrix.hexor.cy
   postgres:
     host: psql.psql.svc
     port: 5432
@@ -43,6 +45,8 @@ synapse:
 ## Matrix Authentication Service
 matrixAuthenticationService:
   enabled: true
+  ingress:
+    host: auth.matrix.hexor.cy
   postgres:
     host: psql.psql.svc
     port: 5432
@@ -52,9 +56,15 @@ matrixAuthenticationService:
     password:
       secret: matrix-postgres-creds
       secretKey: mas_db_password
-  ## Authentik OIDC upstream provider
+  ## Admin policy
   additional:
-    0-oidc:
+    0-admin-policy:
+      config: |
+        policy:
+          data:
+            admin_users:
+              - username: ultradesu
+    1-oidc:
       configSecret: matrix-oidc-config
       configSecretKey: mas-oidc.yaml
   # nodeSelector:
@@ -64,7 +74,7 @@ matrixAuthenticationService:
 elementWeb:
   enabled: true
   ingress:
-    host: chat.hexor.cy
+    host: chat.matrix.hexor.cy
   # nodeSelector:
   #   kubernetes.io/hostname: nas.homenet
 
@@ -72,7 +82,7 @@ elementWeb:
 elementAdmin:
   enabled: true
   ingress:
-    host: matrix-admin.hexor.cy
+    host: admin.matrix.hexor.cy
   # nodeSelector:
   #   kubernetes.io/hostname: nas.homenet
 

k8s/core/cert-manager/issuer.yaml

@@ -37,4 +37,5 @@ spec:
           dnsZones:
             - "ps.hexor.cy"
             - "of.hexor.cy"
+            - "matrix.hexor.cy"
 

terraform/authentik/oauth2-apps.auto.tfvars

@@ -195,7 +195,7 @@ oauth_applications = {
     meta_description = "Matrix Chat"
     meta_icon        = "https://img.icons8.com/ios/100/40C057/matrix-logo.png"
     redirect_uris = [
-      "https://matrix.hexor.cy/_matrix/client/unstable/org.matrix.msc2965/auth/upstream/callback",
+      "https://auth.matrix.hexor.cy/upstream/callback/001KKV4EKY7KG98W2M9T806K6A",
     ]
     meta_launch_url            = "https://matrix.hexor.cy"
     client_type                = "confidential"
@@ -205,7 +205,7 @@ oauth_applications = {
     refresh_token_validity     = "days=30"
     scope_mappings             = ["openid", "profile", "email"]
     access_groups              = []
-    create_group               = true
+    create_group               = false
     signing_key                = "1b1b5bec-034a-4d96-871a-133f11322360"
   }
 }