Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-04-30 10:22:54

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -66,6 +66,7 @@ ArgoCD homelab project
 | **tg-bots** | [![tg-bots](https://ag.hexor.cy/api/badge?name=tg-bots&revision=true)](https://ag.hexor.cy/applications/argocd/tg-bots) |
 | **vaultwarden** | [![vaultwarden](https://ag.hexor.cy/api/badge?name=vaultwarden&revision=true)](https://ag.hexor.cy/applications/argocd/vaultwarden) |
 | **vpn** | [![vpn](https://ag.hexor.cy/api/badge?name=vpn&revision=true)](https://ag.hexor.cy/applications/argocd/vpn) |
+| **web-petting** | [![web-petting](https://ag.hexor.cy/api/badge?name=web-petting&revision=true)](https://ag.hexor.cy/applications/argocd/web-petting) |
 | **wedding** | [![wedding](https://ag.hexor.cy/api/badge?name=wedding&revision=true)](https://ag.hexor.cy/applications/argocd/wedding) |
 | **xandikos** | [![xandikos](https://ag.hexor.cy/api/badge?name=xandikos&revision=true)](https://ag.hexor.cy/applications/argocd/xandikos) |
 

k8s/apps/gitea/deployment.yaml

@@ -48,6 +48,8 @@ spec:
               value: "true"
             - name: GITEA__service__CAPTCHA_TYPE
               value: "hcaptcha"
+            - name: GITEA__webhook__ALLOWED_HOST_LIST
+              value: "*"
           envFrom:
           - secretRef:
               name: gitea-recapcha-creds

k8s/apps/matrix/matrix-stack-values.yaml

@@ -26,9 +26,9 @@ matrixRTC:
     host: livekit.matrix.hexor.cy
   sfu:
     enabled: true
-    manualIP: "138.201.61.182"
+    manualIP: "78.24.180.234"
     nodeSelector:
-      kubernetes.io/hostname: master.tail2fe2d.ts.net
+      kubernetes.io/hostname: spb.tail2fe2d.ts.net
     exposedServices:
       rtcTcp:
         enabled: true
@@ -60,8 +60,8 @@ synapse:
     storage:
       size: 20Gi
     maxUploadSize: 100M
-  # nodeSelector:
-  #   kubernetes.io/hostname: nas.homenet
+    nodeSelector:
+      kubernetes.io/hostname: master.tail2fe2d.ts.net
 
 ## Matrix Authentication Service
 matrixAuthenticationService:
@@ -88,24 +88,24 @@ matrixAuthenticationService:
     1-oidc:
       configSecret: matrix-oidc-config
       configSecretKey: mas-oidc.yaml
-  # nodeSelector:
-  #   kubernetes.io/hostname: nas.homenet
+    nodeSelector:
+      kubernetes.io/hostname: master.tail2fe2d.ts.net
 
 ## Element Web client
 elementWeb:
   enabled: true
   ingress:
     host: chat.matrix.hexor.cy
-  # nodeSelector:
-  #   kubernetes.io/hostname: nas.homenet
+  nodeSelector:
+    kubernetes.io/hostname: master.tail2fe2d.ts.net
 
 ## Element Admin panel
 elementAdmin:
   enabled: true
   ingress:
     host: admin.matrix.hexor.cy
-  # nodeSelector:
-  #   kubernetes.io/hostname: nas.homenet
+  nodeSelector:
+    kubernetes.io/hostname: master.tail2fe2d.ts.net
 
 ## Well-known delegation on the base domain (host is derived from serverName)
 wellKnownDelegation:

k8s/apps/pasarguard/deployment.yaml

@@ -34,7 +34,7 @@ spec:
               mountPath: /templates/subscription
       containers:
         - name: pasarguard-web
-          image: 'pasarguard/panel:dev'
+          image: 'pasarguard/panel:v3.0.1'
           imagePullPolicy: Always
           envFrom:
             - secretRef:
@@ -75,6 +75,9 @@ apiVersion: v1
 kind: Service
 metadata:
   name: pasarguard
+  annotations:
+    traefik.ingress.kubernetes.io/service.serversscheme: https
+    traefik.ingress.kubernetes.io/service.serverstransport: pasarguard-pasarguard-transport@kubernetescrd
 spec:
   selector:
     app: pasarguard

k8s/apps/pasarguard/ingress.yaml

@@ -0,0 +1,31 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: pasarguard-transport
+spec:
+  insecureSkipVerify: true
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pasarguard-ingress
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: ps.hexor.cy
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: pasarguard
+                port:
+                  number: 80
+  tls:
+    - secretName: pasarguard-tls
+      hosts:
+        - ps.hexor.cy

k8s/apps/pasarguard/kustomization.yaml

@@ -9,3 +9,4 @@ resources:
   - ./certificate.yaml
   - ./configmap-scripts.yaml
   - ./servicemonitor.yaml
+  - ./ingress.yaml

k8s/apps/web-petting/app.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: web-petting
+  namespace: argocd
+spec:
+  project: apps
+  destination:
+    namespace: web-petting
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/apps/web-petting
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
+

k8s/apps/web-petting/deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-petting
+  labels:
+    app: web-petting
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: web-petting
+  template:
+    metadata:
+      labels:
+        app: web-petting
+    spec:
+      nodeSelector:
+        kubernetes.io/os: linux
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: web-petting-data
+      containers:
+      - name: web-petting
+        image: ultradesu/web-petting:0.1.0
+        imagePullPolicy: Always
+        args:
+#         - "tail"
+#         - "-F"
+#         - "/1"
+          - "web-petting"
+          - "-l"
+          - "0.0.0.0:3000"
+        ports:
+        - containerPort: 3000
+          name: http
+        volumeMounts:
+          - name: data
+            mountPath: /data
+        env:
+        - name: RUST_LOG
+          value: "info"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+          limits:
+            memory: "128Mi"
+            cpu: "150m"

k8s/apps/web-petting/ingress.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: web-petting-tls-ingress
+  annotations:
+    ingressClassName: traefik
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  rules:
+    - host: pet.hexor.cy
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: web-petting
+                port:
+                  number: 80
+  tls:
+    - secretName: web-petting-tls
+      hosts:
+        - pet.hexor.cy
+

k8s/apps/web-petting/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+  - storage.yaml
+

k8s/apps/web-petting/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: web-petting
+  labels:
+    app: web-petting
+spec:
+  type: ClusterIP
+  selector:
+    app: web-petting
+  ports:
+  - port: 80
+    targetPort: 3000
+    protocol: TCP
+    name: http

k8s/apps/web-petting/storage.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: web-petting-data
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 10Gi

k8s/apps/wedding/deployment.yaml

@@ -15,6 +15,8 @@ spec:
       labels:
         app: wedding
     spec:
+      nodeSelector:
+        kubernetes.io/hostname: spb.tail2fe2d.ts.net
       initContainers:
         - name: git-clone
           image: alpine/git:latest
@@ -26,16 +28,17 @@ spec:
             - name: source
               mountPath: /src
         - name: zola-build
-          image: ghcr.io/getzola/zola:v0.19.2
+          image: ghcr.io/getzola/zola:v0.22.1
           command:
             - /bin/zola
           args:
             - --root
             - /src
             - build
+            - --base-url
+            - https://wedding.hexor.cy/
             - --output-dir
-            - /public
-            - --force
+            - /public/html
           volumeMounts:
             - name: source
               mountPath: /src
@@ -50,6 +53,7 @@ spec:
           volumeMounts:
             - name: public
               mountPath: /usr/share/nginx/html
+              subPath: html
               readOnly: true
           resources:
             requests:

k8s/apps/wedding/kustomization.yaml

@@ -7,3 +7,4 @@ resources:
   - deployment.yaml
   - service.yaml
   - ingress.yaml
+  - webhook.yaml

k8s/apps/wedding/webhook.yaml

@@ -0,0 +1,71 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: webhook-script
+data:
+  serve.sh: |
+    #!/bin/sh
+    echo "Webhook server listening on :8080"
+    while true; do
+      echo -e "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nConnection: close\r\n\r\nok" \
+        | nc -l -p 8080 > /dev/null
+      echo "Received webhook, restarting deployment..."
+      kubectl rollout restart deployment/wedding
+    done
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wedding-webhook
+  labels:
+    app: wedding-webhook
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wedding-webhook
+  template:
+    metadata:
+      labels:
+        app: wedding-webhook
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: spb.tail2fe2d.ts.net
+      serviceAccountName: wedding-deployer
+      containers:
+        - name: webhook
+          image: alpine/k8s:1.32.3
+          command: ["sh", "/scripts/serve.sh"]
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - name: script
+              mountPath: /scripts
+              readOnly: true
+          resources:
+            requests:
+              memory: 16Mi
+              cpu: 5m
+            limits:
+              memory: 32Mi
+              cpu: 50m
+      volumes:
+        - name: script
+          configMap:
+            name: webhook-script
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wedding-webhook
+spec:
+  selector:
+    app: wedding-webhook
+  ports:
+    - port: 8080
+      targetPort: 8080
+      protocol: TCP

k8s/core/system-upgrade/plan.yaml

@@ -7,6 +7,8 @@ metadata:
 spec:
   concurrency: 1
   cordon: true
+  tolerations:
+  - operator: Exists
   nodeSelector:
     matchExpressions:
     - key: node-role.kubernetes.io/control-plane
@@ -16,7 +18,7 @@ spec:
   serviceAccountName: system-upgrade
   upgrade:
     image: rancher/k3s-upgrade
-  version: v1.35.2+k3s1
+  version: v1.35.4+k3s1
 ---
 # Agent plan
 apiVersion: upgrade.cattle.io/v1
@@ -27,6 +29,8 @@ metadata:
 spec:
   concurrency: 1
   cordon: true
+  tolerations:
+  - operator: Exists
   nodeSelector:
     matchExpressions:
     - key: node-role.kubernetes.io/control-plane
@@ -39,4 +43,4 @@ spec:
   serviceAccountName: system-upgrade
   upgrade:
     image: rancher/k3s-upgrade
-  version: v1.35.2+k3s1
+  version: v1.35.4+k3s1