Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-03-19 13:41:59 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
Update k8s/core/postgresql/external-secrets.yaml
2026-03-19 13:41:59 +00:00 · 2026-03-19 13:41:27 +00:00 · 2026-03-18 11:59:13 +00:00 · 2026-03-18 11:57:40 +00:00 · 2026-03-18 11:39:11 +00:00 · 2026-03-18 11:39:09 +00:00
10 changed files with 283 additions and 8 deletions
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ ArgoCD homelab project
 | **authentik** | [![authentik](https://ag.hexor.cy/api/badge?name=authentik&revision=true)](https://ag.hexor.cy/applications/argocd/authentik) |
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
+| **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
@@ -37,6 +38,8 @@ ArgoCD homelab project

 | Application | Status |
 | :--- | :---: |
+| **comfyui** | [![comfyui](https://ag.hexor.cy/api/badge?name=comfyui&revision=true)](https://ag.hexor.cy/applications/argocd/comfyui) |
+| **furumi-server** | [![furumi-server](https://ag.hexor.cy/api/badge?name=furumi-server&revision=true)](https://ag.hexor.cy/applications/argocd/furumi-server) |
 | **gitea** | [![gitea](https://ag.hexor.cy/api/badge?name=gitea&revision=true)](https://ag.hexor.cy/applications/argocd/gitea) |
 | **greece-notifier** | [![greece-notifier](https://ag.hexor.cy/api/badge?name=greece-notifier&revision=true)](https://ag.hexor.cy/applications/argocd/greece-notifier) |
 | **hexound** | [![hexound](https://ag.hexor.cy/api/badge?name=hexound&revision=true)](https://ag.hexor.cy/applications/argocd/hexound) |
@@ -45,6 +48,9 @@ ArgoCD homelab project
 | **jellyfin** | [![jellyfin](https://ag.hexor.cy/api/badge?name=jellyfin&revision=true)](https://ag.hexor.cy/applications/argocd/jellyfin) |
 | **k8s-secrets** | [![k8s-secrets](https://ag.hexor.cy/api/badge?name=k8s-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
 | **khm** | [![khm](https://ag.hexor.cy/api/badge?name=khm&revision=true)](https://ag.hexor.cy/applications/argocd/khm) |
+| **lidarr** | [![lidarr](https://ag.hexor.cy/api/badge?name=lidarr&revision=true)](https://ag.hexor.cy/applications/argocd/lidarr) |
+| **matrix** | [![matrix](https://ag.hexor.cy/api/badge?name=matrix&revision=true)](https://ag.hexor.cy/applications/argocd/matrix) |
+| **mtproxy** | [![mtproxy](https://ag.hexor.cy/api/badge?name=mtproxy&revision=true)](https://ag.hexor.cy/applications/argocd/mtproxy) |
 | **n8n** | [![n8n](https://ag.hexor.cy/api/badge?name=n8n&revision=true)](https://ag.hexor.cy/applications/argocd/n8n) |
 | **ollama** | [![ollama](https://ag.hexor.cy/api/badge?name=ollama&revision=true)](https://ag.hexor.cy/applications/argocd/ollama) |
 | **paperless** | [![paperless](https://ag.hexor.cy/api/badge?name=paperless&revision=true)](https://ag.hexor.cy/applications/argocd/paperless) |
--- a/k8s/apps/furumi-server/external-secrets.yaml
+++ b/k8s/apps/furumi-server/external-secrets.yaml
@@ -20,6 +20,8 @@ spec:
        OIDC_REDIRECT_URL: https://music.hexor.cy/auth/callback
        OIDC_SESSION_SECRET: |-
          {{ .session_secret }}
+        PG_STRING: |-
+          postgres://furumi:{{ .pg_pass }}@psql.psql.svc:5432/furumi
  data:
    - secretKey: token
      sourceRef:
@@ -53,3 +55,11 @@ spec:
      remoteRef:
        key: b8b8c3a2-c3fe-42d3-9402-0ae305e1455f
        property: fields[3].value
+    - secretKey: pg_pass
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[16].value
--- a/k8s/apps/furumi-server/ingress.yaml
+++ b/k8s/apps/furumi-server/ingress.yaml
@@ -1,4 +1,13 @@
 ---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: admin-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /admin
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -17,12 +26,34 @@ spec:
            pathType: Prefix
            backend:
              service:
-                name: furumi-server-web
+                name: furumi-web-player
                port:
                  number: 8080
  tls:
    - secretName: furumi-tls
      hosts:
        - '*.hexor.cy'
-
-
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: furumi-admin-ingress
+  annotations:
+    ingressClassName: traefik
+    traefik.ingress.kubernetes.io/router.middlewares: furumi-server-admin-strip@kubernetescrd,kube-system-https-redirect@kubernetescrd
+spec:
+  rules:
+    - host: music.hexor.cy
+      http:
+        paths:
+          - path: /admin
+            pathType: Prefix
+            backend:
+              service:
+                name: furumi-metadata-agent
+                port:
+                  number: 8090
+  tls:
+    - secretName: furumi-tls
+      hosts:
+        - '*.hexor.cy'
--- a/k8s/apps/furumi-server/kustomization.yaml
+++ b/k8s/apps/furumi-server/kustomization.yaml
@@ -8,3 +8,5 @@ resources:
  - servicemonitor.yaml
  - external-secrets.yaml
  - ingress.yaml
+  - web-player.yaml
+  - metadata-agent.yaml
--- a/k8s/apps/furumi-server/metadata-agent.yaml
+++ b/k8s/apps/furumi-server/metadata-agent.yaml
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: furumi-metadata-agent
+  labels:
+    app: furumi-metadata-agent
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: furumi-metadata-agent
+  template:
+    metadata:
+      labels:
+        app: furumi-metadata-agent
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+        - name: furumi-metadata-agent
+          image: ultradesu/furumi-metadata-agent:trunk
+          imagePullPolicy: Always
+          env:
+            - name: FURUMI_AGENT_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: PG_STRING
+            - name: FURUMI_AGENT_INBOX_DIR
+              value: "/inbox"
+            - name: FURUMI_AGENT_STORAGE_DIR
+              value: "/media"
+            - name: FURUMI_AGENT_OLLAMA_URL
+              value: "http://ollama.ollama.svc:11434"
+            - name: FURUMI_AGENT_OLLAMA_MODEL
+              value: "qwen3:14b"
+            - name: FURUMI_AGENT_POLL_INTERVAL_SECS
+              value: "10"
+            - name: RUST_LOG
+              value: "info"
+          ports:
+            - name: admin-ui
+              containerPort: 8090
+              protocol: TCP
+          volumeMounts:
+            - name: library
+              mountPath: /media
+            - name: inbox
+              mountPath: /inbox
+      volumes:
+        - name: library
+          hostPath:
+            path: /k8s/furumi/library
+            type: DirectoryOrCreate
+        - name: inbox
+          hostPath:
+            path: /k8s/furumi/inbox
+            type: DirectoryOrCreate
+
--- a/k8s/apps/furumi-server/service.yaml
+++ b/k8s/apps/furumi-server/service.yaml
@@ -32,13 +32,29 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: furumi-server-web
+  name: furumi-metadata-agent
  labels:
-    app: furumi-server
+    app: furumi-metadata-agent
 spec:
  type: ClusterIP
  selector:
-    app: furumi-server
+    app: furumi-metadata-agent
+  ports:
+    - name: admin-ui
+      protocol: TCP
+      port: 8090
+      targetPort: 8090
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: furumi-web-player
+  labels:
+    app: furumi-web-player
+spec:
+  type: ClusterIP
+  selector:
+    app: furumi-web-player
  ports:
    - name: web-ui
      protocol: TCP
--- a/k8s/apps/furumi-server/web-player.yaml
+++ b/k8s/apps/furumi-server/web-player.yaml
@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: furumi-web-player
+  labels:
+    app: furumi-web-player
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: furumi-web-player
+  template:
+    metadata:
+      labels:
+        app: furumi-web-player
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+        - name: furumi-web-player
+          image: ultradesu/furumi-web-player:trunk
+          imagePullPolicy: Always
+          env:
+            - name: FURUMI_PLAYER_OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_CLIENT_ID
+            - name: FURUMI_PLAYER_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_CLIENT_SECRET
+            - name: FURUMI_PLAYER_OIDC_ISSUER_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_ISSUER_URL
+            - name: FURUMI_PLAYER_OIDC_REDIRECT_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_REDIRECT_URL
+            - name: FURUMI_PLAYER_OIDC_SESSION_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_SESSION_SECRET
+            - name: FURUMI_PLAYER_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: PG_STRING
+            - name: FURUMI_PLAYER_STORAGE_DIR
+              value: "/media"
+            - name: RUST_LOG
+              value: "info"
+          ports:
+            - name: web-ui
+              containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - name: music
+              mountPath: /media
+      volumes:
+        - name: music
+          hostPath:
+            path: /k8s/furumi/library
+            type: DirectoryOrCreate
+
--- a/k8s/core/postgresql/external-secrets.yaml
+++ b/k8s/core/postgresql/external-secrets.yaml
@@ -133,6 +133,8 @@ spec:
          {{ .mas }}
        USER_furumi: |-
          {{ .furumi }}
+        USER_furumi_dev: |-
+          {{ .furumi_dev }}
  data:
    - secretKey: authentik
      sourceRef:
@@ -310,4 +312,15 @@ spec:
        metadataPolicy: None
        key: 2a9deb39-ef22-433e-a1be-df1555625e22
        property: fields[16].value
+    - secretKey: furumi_dev
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+        key: 2a9deb39-ef22-433e-a1be-df1555625e22
+        property: fields[17].value

--- a/terraform/authentik/main.tf
+++ b/terraform/authentik/main.tf
@@ -292,7 +292,60 @@ resource "authentik_outpost" "outposts" {
    authentik_host_browser         = ""
    object_naming_template         = "ak-outpost-%(name)s"
    authentik_host_insecure        = false
-    kubernetes_json_patches        = null
+    kubernetes_json_patches = {
+      deployment = [
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__HOST"
+            value = "psql.psql.svc"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__PORT"
+            value = "5432"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__NAME"
+            value = "authentik"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name = "AUTHENTIK_POSTGRESQL__USER"
+            valueFrom = {
+              secretKeyRef = {
+                name = "authentik-creds"
+                key  = "AUTHENTIK_POSTGRESQL__USER"
+              }
+            }
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name = "AUTHENTIK_POSTGRESQL__PASSWORD"
+            valueFrom = {
+              secretKeyRef = {
+                name = "authentik-creds"
+                key  = "AUTHENTIK_POSTGRESQL__PASSWORD"
+              }
+            }
+          }
+        }
+      ]
+    }
    kubernetes_service_type        = "ClusterIP"
    kubernetes_image_pull_secrets  = []
    kubernetes_ingress_class_name  = null
--- a/terraform/authentik/proxy-apps.auto.tfvars
+++ b/terraform/authentik/proxy-apps.auto.tfvars
@@ -151,7 +151,7 @@ EOT
    meta_icon                    = "https://img.icons8.com/liquid-glass/48/key.png"
    mode                         = "proxy"
    outpost                      = "kubernetes-outpost"
-    access_groups                = ["admins", "khm"] # Используем существующие группы
+    access_groups                = ["admins", "khm"]
    create_group                 = true
    access_groups                = ["admins"]
  }
@@ -191,5 +191,20 @@ EOT
    create_group                 = true
    access_groups                = ["admins"]
  }
+  "ollama-public" = {
+    name                         = "Ollama Public"
+    slug                         = "ollama-public"
+    group                        = "AI"
+    external_host                = "https://ollama.hexor.cy"
+    internal_host                = "http://ollama.ollama.svc:11434"
+    internal_host_ssl_validation = false
+    meta_description             = ""
+    meta_icon                    = "https://img.icons8.com/external-icongeek26-outline-icongeek26/64/external-llama-animal-head-icongeek26-outline-icongeek26.png"
+    mode                         = "proxy"
+    outpost                      = "kubernetes-outpost"
+    intercept_header_auth        = true
+    create_group                 = true
+    access_groups                = ["admins"]
+  }
 }
Author	SHA1	Message	Date
Gitea Actions Bot	d1654bbefa	Auto-update README with current k8s applications Some checks failed Terraform / Terraform (pull_request) Failing after 18s Details Generated by CI/CD workflow on 2026-03-19 13:41:59 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.	2026-03-19 13:41:59 +00:00
ab	5e4e82296f	Update k8s/core/postgresql/external-secrets.yaml All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 8s Details Auto-update README / Generate README and Create MR (push) Successful in 18s Details	2026-03-19 13:41:27 +00:00
AB-UK	27bc3f31c9	Fixed IDM outpust Some checks failed Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Terraform / Terraform (push) Failing after 12s Details	2026-03-18 11:59:13 +00:00
AB-UK	1ba9226a3b	Fixed IDM outpust Some checks failed Terraform / Terraform (push) Failing after 15s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details	2026-03-18 11:57:40 +00:00
AB-UK	4f7477ee94	Fixed IDM outpust All checks were successful Terraform / Terraform (push) Successful in 41s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 5s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 7s Details	2026-03-18 11:39:11 +00:00
AB-UK	87627e5ffb	Fixed IDM outpust	2026-03-18 11:39:09 +00:00
ab	87e38501e3	Update k8s/core/authentik/values.yaml All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 22s Details	2026-03-18 11:30:53 +00:00
ab	ae211ac7d0	Update terraform/authentik/proxy-apps.auto.tfvars All checks were successful Terraform / Terraform (push) Successful in 32s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 6s Details	2026-03-18 11:26:42 +00:00
AB-UK	086f9e17df	Update furumi All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 8s Details Auto-update README / Generate README and Create MR (push) Successful in 19s Details	2026-03-18 03:51:32 +00:00
AB-UK	327bcc90d8	Update furumi All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 11s Details Check with kubeconform / lint (push) Successful in 8s Details Auto-update README / Generate README and Create MR (push) Successful in 26s Details	2026-03-18 03:27:14 +00:00
AB-UK	7d2beb584c	Update furumi All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 12s Details	2026-03-18 03:24:31 +00:00
AB-UK	a889518e3b	Update furumi All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 10s Details	2026-03-18 03:22:20 +00:00
AB-UK	4575cd69a9	Update furumi All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 9s Details Auto-update README / Generate README and Create MR (push) Successful in 18s Details	2026-03-18 03:21:12 +00:00
AB-UK	6460684218	Update furumi All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 8s Details Auto-update README / Generate README and Create MR (push) Successful in 20s Details	2026-03-18 03:18:39 +00:00
AB-UK	935b9e0a51	Update furumi All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 11s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 21s Details	2026-03-18 03:15:13 +00:00
AB-UK	9e68fc91a2	Update furumi All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 8s Details Auto-update README / Generate README and Create MR (push) Successful in 15s Details	2026-03-18 03:13:51 +00:00