Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-04-06 11:10:56

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -16,6 +16,7 @@ ArgoCD homelab project
 | **authentik** | [![authentik](https://ag.hexor.cy/api/badge?name=authentik&revision=true)](https://ag.hexor.cy/applications/argocd/authentik) |
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
+| **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
@@ -37,6 +38,9 @@ ArgoCD homelab project
 
 | Application | Status |
 | :--- | :---: |
+| **comfyui** | [![comfyui](https://ag.hexor.cy/api/badge?name=comfyui&revision=true)](https://ag.hexor.cy/applications/argocd/comfyui) |
+| **furumi-dev** | [![furumi-dev](https://ag.hexor.cy/api/badge?name=furumi-dev&revision=true)](https://ag.hexor.cy/applications/argocd/furumi-dev) |
+| **furumi-server** | [![furumi-server](https://ag.hexor.cy/api/badge?name=furumi-server&revision=true)](https://ag.hexor.cy/applications/argocd/furumi-server) |
 | **gitea** | [![gitea](https://ag.hexor.cy/api/badge?name=gitea&revision=true)](https://ag.hexor.cy/applications/argocd/gitea) |
 | **greece-notifier** | [![greece-notifier](https://ag.hexor.cy/api/badge?name=greece-notifier&revision=true)](https://ag.hexor.cy/applications/argocd/greece-notifier) |
 | **hexound** | [![hexound](https://ag.hexor.cy/api/badge?name=hexound&revision=true)](https://ag.hexor.cy/applications/argocd/hexound) |
@@ -45,6 +49,9 @@ ArgoCD homelab project
 | **jellyfin** | [![jellyfin](https://ag.hexor.cy/api/badge?name=jellyfin&revision=true)](https://ag.hexor.cy/applications/argocd/jellyfin) |
 | **k8s-secrets** | [![k8s-secrets](https://ag.hexor.cy/api/badge?name=k8s-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
 | **khm** | [![khm](https://ag.hexor.cy/api/badge?name=khm&revision=true)](https://ag.hexor.cy/applications/argocd/khm) |
+| **lidarr** | [![lidarr](https://ag.hexor.cy/api/badge?name=lidarr&revision=true)](https://ag.hexor.cy/applications/argocd/lidarr) |
+| **matrix** | [![matrix](https://ag.hexor.cy/api/badge?name=matrix&revision=true)](https://ag.hexor.cy/applications/argocd/matrix) |
+| **mtproxy** | [![mtproxy](https://ag.hexor.cy/api/badge?name=mtproxy&revision=true)](https://ag.hexor.cy/applications/argocd/mtproxy) |
 | **n8n** | [![n8n](https://ag.hexor.cy/api/badge?name=n8n&revision=true)](https://ag.hexor.cy/applications/argocd/n8n) |
 | **ollama** | [![ollama](https://ag.hexor.cy/api/badge?name=ollama&revision=true)](https://ag.hexor.cy/applications/argocd/ollama) |
 | **paperless** | [![paperless](https://ag.hexor.cy/api/badge?name=paperless&revision=true)](https://ag.hexor.cy/applications/argocd/paperless) |

k8s/apps/mtproxy/kustomization.yaml

@@ -5,7 +5,11 @@ resources:
   - ./app.yaml
   - ./rbac.yaml
   - ./daemonset.yaml
+  - ./telemt-daemonset.yaml
   - ./external-secrets.yaml
+  - ./telemt-external-secrets.yaml
+  - ./telemt-service.yaml
+  - ./telemt-servicemonitor.yaml
   - ./service.yaml
   - ./secret-reader.yaml
 # - ./storage.yaml

k8s/apps/mtproxy/secret-reader.yaml

@@ -23,7 +23,7 @@ spec:
         imagePullPolicy: Always
         args:
           - "--secrets"
-          - "mtproxy-links"
+          - "mtproxy-links,telemt-links"
           - "--namespace"
           - "mtproxy"
           - "--port"

k8s/apps/mtproxy/telemt-daemonset.yaml

@@ -0,0 +1,114 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: telemt
+  labels:
+    app: telemt
+spec:
+  selector:
+    matchLabels:
+      app: telemt
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: telemt
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: mtproxy
+                    operator: Exists
+      serviceAccountName: mtproxy
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      initContainers:
+        - name: register-proxy
+          image: bitnami/kubectl:latest
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: tgproxy-secret
+                  key: SECRET
+            - name: TELEMT_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: telemt-secret
+                  key: PORT
+          command:
+            - /bin/bash
+            - -c
+            - |
+              set -e
+              NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+              SERVER=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.mtproxy}')
+              if [ -z "${SERVER}" ]; then
+                echo "ERROR: node ${NODE_NAME} has no mtproxy label"
+                exit 1
+              fi
+              # Build ee-prefixed secret for secure mode
+              EE_SECRET="ee${SECRET}"
+              LINK="tg://proxy?server=${SERVER}&port=${TELEMT_PORT}&secret=${EE_SECRET}"
+              echo "Registering telemt: ${SERVER} -> ${LINK}"
+              if kubectl get secret telemt-links -n "${NAMESPACE}" &>/dev/null; then
+                kubectl patch secret telemt-links -n "${NAMESPACE}" \
+                  --type merge -p "{\"stringData\":{\"${SERVER}\":\"${LINK}\"}}"
+              else
+                kubectl create secret generic telemt-links -n "${NAMESPACE}" \
+                  --from-literal="${SERVER}=${LINK}"
+              fi
+              echo "Done"
+      containers:
+        - name: telemt
+          image: ghcr.io/telemt/telemt:latest
+          imagePullPolicy: Always
+          ports:
+            - name: proxy
+              containerPort: 30444
+              protocol: TCP
+            - name: api
+              containerPort: 9091
+              protocol: TCP
+          workingDir: /run/telemt
+          env:
+            - name: RUST_LOG
+              value: info
+          volumeMounts:
+            - name: workdir
+              mountPath: /run/telemt
+            - name: config
+              mountPath: /run/telemt/config.toml
+              subPath: config.toml
+              readOnly: true
+            - name: etcdir
+              mountPath: /etc/telemt
+          securityContext:
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+      volumes:
+        - name: config
+          secret:
+            secretName: telemt-secret
+            items:
+              - key: config.toml
+                path: config.toml
+        - name: workdir
+          emptyDir:
+            medium: Memory
+            sizeLimit: 1Mi
+        - name: etcdir
+          emptyDir:
+            medium: Memory
+            sizeLimit: 1Mi

k8s/apps/mtproxy/telemt-external-secrets.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: telemt-secret
+spec:
+  target:
+    name: telemt-secret
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        SECRET: |-
+          {{ .secret }}
+        PORT: "30444"
+        config.toml: |
+          [general]
+          use_middle_proxy = true
+          log_level = "normal"
+
+          [general.modes]
+          classic = false
+          secure = false
+          tls = true
+
+          [general.links]
+          show = "*"
+          public_port = 30444
+
+          [server]
+          port = 30444
+          metrics_port = 9090
+
+          [server.api]
+          enabled = true
+          listen = "0.0.0.0:9091"
+          whitelist = ["0.0.0.0/0"]
+
+          [[server.listeners]]
+          ip = "0.0.0.0"
+
+          [censorship]
+          tls_domain = "ya.ru"
+          mask = true
+          tls_emulation = true
+          tls_front_dir = "tlsfront"
+
+          [access.users]
+          user = "{{ .secret }}"
+  data:
+    - secretKey: secret
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 58a37daf-72d8-430d-86bd-6152aa8f888d
+        property: fields[0].value

k8s/apps/mtproxy/telemt-service.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: telemt-metrics
+  labels:
+    app: telemt
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    app: telemt
+  ports:
+    - port: 9090
+      targetPort: 9090
+      protocol: TCP
+      name: metrics

k8s/apps/mtproxy/telemt-servicemonitor.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: telemt-metrics
+  labels:
+    app: telemt
+    release: prometheus
+spec:
+  selector:
+    matchLabels:
+      app: telemt
+  endpoints:
+    - port: metrics
+      path: /metrics
+      interval: 30s
+      scrapeTimeout: 10s
+      honorLabels: true
+  namespaceSelector:
+    matchNames:
+      - mtproxy