Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-23 11:55:52

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -13,10 +13,13 @@ ArgoCD homelab project
 | Application | Status |
 | :--- | :---: |
 | **argocd** | [![argocd](https://ag.hexor.cy/api/badge?name=argocd&revision=true)](https://ag.hexor.cy/applications/argocd/argocd) |
+| **auth-proxy** | [![auth-proxy](https://ag.hexor.cy/api/badge?name=auth-proxy&revision=true)](https://ag.hexor.cy/applications/argocd/auth-proxy) |
 | **authentik** | [![authentik](https://ag.hexor.cy/api/badge?name=authentik&revision=true)](https://ag.hexor.cy/applications/argocd/authentik) |
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
 | **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
+| **kanidm** | [![kanidm](https://ag.hexor.cy/api/badge?name=kanidm&revision=true)](https://ag.hexor.cy/applications/argocd/kanidm) |
+| **keycloak** | [![keycloak](https://ag.hexor.cy/api/badge?name=keycloak&revision=true)](https://ag.hexor.cy/applications/argocd/keycloak) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
@@ -62,9 +65,12 @@ ArgoCD homelab project
 | **sonarr-stack** | [![sonarr-stack](https://ag.hexor.cy/api/badge?name=sonarr-stack&revision=true)](https://ag.hexor.cy/applications/argocd/sonarr-stack) |
 | **stirling-pdf** | [![stirling-pdf](https://ag.hexor.cy/api/badge?name=stirling-pdf&revision=true)](https://ag.hexor.cy/applications/argocd/stirling-pdf) |
 | **syncthing** | [![syncthing](https://ag.hexor.cy/api/badge?name=syncthing&revision=true)](https://ag.hexor.cy/applications/argocd/syncthing) |
+| **teamspeak** | [![teamspeak](https://ag.hexor.cy/api/badge?name=teamspeak&revision=true)](https://ag.hexor.cy/applications/argocd/teamspeak) |
 | **tg-bots** | [![tg-bots](https://ag.hexor.cy/api/badge?name=tg-bots&revision=true)](https://ag.hexor.cy/applications/argocd/tg-bots) |
 | **vaultwarden** | [![vaultwarden](https://ag.hexor.cy/api/badge?name=vaultwarden&revision=true)](https://ag.hexor.cy/applications/argocd/vaultwarden) |
 | **vpn** | [![vpn](https://ag.hexor.cy/api/badge?name=vpn&revision=true)](https://ag.hexor.cy/applications/argocd/vpn) |
+| **web-petting** | [![web-petting](https://ag.hexor.cy/api/badge?name=web-petting&revision=true)](https://ag.hexor.cy/applications/argocd/web-petting) |
+| **wedding** | [![wedding](https://ag.hexor.cy/api/badge?name=wedding&revision=true)](https://ag.hexor.cy/applications/argocd/wedding) |
 | **xandikos** | [![xandikos](https://ag.hexor.cy/api/badge?name=xandikos&revision=true)](https://ag.hexor.cy/applications/argocd/xandikos) |
 
 </td>

k8s/apps/furumi-dev/deployment.yaml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: furumi-dev-player
+  labels:
+    app: furumi-dev-player
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: furumi-dev-player
+  template:
+    metadata:
+      labels:
+        app: furumi-dev-player
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+        - name: furumi-dev-player
+          image: ultradesu/furumusic:latest
+          imagePullPolicy: Always
+          env:
+            - name: FURU_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-dev-creds
+                  key: PG_STRING
+          ports:
+          - containerPort: 8000
+            name: http
+          volumeMounts:
+            - name: library
+              mountPath: /media
+            - name: inbox
+              mountPath: /inbox
+      volumes:
+        - name: library
+          hostPath:
+            path: /k8s/furumi-dev/library-new
+            type: DirectoryOrCreate
+        - name: inbox
+          hostPath:
+            path: /k8s/furumi-dev/inbox-new
+            type: DirectoryOrCreate
+

k8s/apps/furumi-dev/external-secrets.yaml

@@ -5,46 +5,46 @@ metadata:
   name: furumi-ng-creds
 spec:
   target:
-    name: furumi-ng-creds
+    name: furumi-dev-creds
     deletionPolicy: Delete
     template:
       type: Opaque
       data:
-        OIDC_CLIENT_ID: |-
-          {{ .client_id }}
-        OIDC_CLIENT_SECRET: |-
-          {{ .client_secret }}
-        OIDC_ISSUER_URL: https://idm.hexor.cy/application/o/furumi-dev/
-        OIDC_REDIRECT_URL: https://music-dev.hexor.cy/auth/callback
-        OIDC_SESSION_SECRET: |-
-          {{ .session_secret }}
+       #OIDC_CLIENT_ID: |-
+       #  {{ .client_id }}
+       #OIDC_CLIENT_SECRET: |-
+       #  {{ .client_secret }}
+       #OIDC_ISSUER_URL: https://idm.hexor.cy/application/o/furumi-dev/
+       #OIDC_REDIRECT_URL: https://music-dev.hexor.cy/auth/callback
+       #OIDC_SESSION_SECRET: |-
+       #  {{ .session_secret }}
         PG_STRING: |-
           postgres://furumi_dev:{{ .pg_pass }}@psql.psql.svc:5432/furumi_dev
   data:
-    - secretKey: client_id
-      sourceRef:
-        storeRef:
-          name: vaultwarden-login
-          kind: ClusterSecretStore
-      remoteRef:
-        key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
-        property: fields[0].value
-    - secretKey: client_secret
-      sourceRef:
-        storeRef:
-          name: vaultwarden-login
-          kind: ClusterSecretStore
-      remoteRef:
-        key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
-        property: fields[1].value
-    - secretKey: session_secret
-      sourceRef:
-        storeRef:
-          name: vaultwarden-login
-          kind: ClusterSecretStore
-      remoteRef:
-        key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
-        property: fields[2].value
+  # - secretKey: client_id
+  #   sourceRef:
+  #     storeRef:
+  #       name: vaultwarden-login
+  #       kind: ClusterSecretStore
+  #   remoteRef:
+  #     key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
+  #     property: fields[0].value
+  # - secretKey: client_secret
+  #   sourceRef:
+  #     storeRef:
+  #       name: vaultwarden-login
+  #       kind: ClusterSecretStore
+  #   remoteRef:
+  #     key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
+  #     property: fields[1].value
+  # - secretKey: session_secret
+  #   sourceRef:
+  #     storeRef:
+  #       name: vaultwarden-login
+  #       kind: ClusterSecretStore
+  #   remoteRef:
+  #     key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
+  #     property: fields[2].value
     - secretKey: pg_pass
       sourceRef:
         storeRef:

k8s/apps/furumi-dev/ingress.yaml

@@ -1,17 +1,8 @@
 ---
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: admin-strip
-spec:
-  stripPrefix:
-    prefixes:
-      - /admin
----
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: furumi-tls-ingress
+  name: furumi-dev-tls-ingress
   annotations:
     ingressClassName: traefik
     cert-manager.io/cluster-issuer: letsencrypt
@@ -22,45 +13,15 @@ spec:
     - host: music-dev.hexor.cy
       http:
         paths:
-          - path: /api
-            pathType: Prefix
-            backend:
-              service:
-                name: furumi-dev-web-player
-                port:
-                  number: 8080
           - path: /
             pathType: Prefix
             backend:
               service:
-                name: furumi-dev-node-player
+                name: furumi-dev-player
                 port:
-                  number: 3001
+                  number: 8000
   tls:
-    - secretName: furumi-tls
+    - secretName: furumi-dev-tls
       hosts:
-        - '*.hexor.cy'
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: furumi-dev-admin-ingress
-  annotations:
-    ingressClassName: traefik
-    traefik.ingress.kubernetes.io/router.middlewares: furumi-server-admin-strip@kubernetescrd,kube-system-https-redirect@kubernetescrd
-spec:
-  rules:
-    - host: music-dev.hexor.cy
-      http:
-        paths:
-          - path: /admin
-            pathType: Prefix
-            backend:
-              service:
-                name: furumi-dev-metadata-agent
-                port:
-                  number: 8090
-  tls:
-    - secretName: furumi-tls
-      hosts:
-        - '*.hexor.cy'
+        - music-dev.hexor.cy
+

k8s/apps/furumi-dev/kustomization.yaml

@@ -6,6 +6,4 @@ resources:
   - service.yaml
   - external-secrets.yaml
   - ingress.yaml
-  - web-player.yaml
-  - node-player.yaml
-  - metadata-agent.yaml
+  - deployment.yaml

k8s/apps/furumi-dev/metadata-agent.yaml

@@ -1,59 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: furumi-dev-metadata-agent
-  labels:
-    app: furumi-dev-metadata-agent
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: furumi-dev-metadata-agent
-  template:
-    metadata:
-      labels:
-        app: furumi-dev-metadata-agent
-    spec:
-      nodeSelector:
-        kubernetes.io/hostname: master.tail2fe2d.ts.net
-      containers:
-        - name: furumi-dev-metadata-agent
-          image: ultradesu/furumi-metadata-agent:dev
-          imagePullPolicy: Always
-          env:
-            - name: FURUMI_AGENT_DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: PG_STRING
-            - name: FURUMI_AGENT_INBOX_DIR
-              value: "/inbox"
-            - name: FURUMI_AGENT_STORAGE_DIR
-              value: "/media"
-            - name: FURUMI_AGENT_OLLAMA_URL
-              value: "http://100.120.76.49:1234"
-            - name: FURUMI_AGENT_OLLAMA_MODEL
-              value: "qwen2.5-32b-instruct"
-            - name: FURUMI_AGENT_POLL_INTERVAL_SECS
-              value: "10"
-            - name: RUST_LOG
-              value: "info"
-          ports:
-            - name: admin-ui
-              containerPort: 8090
-              protocol: TCP
-          volumeMounts:
-            - name: library
-              mountPath: /media
-            - name: inbox
-              mountPath: /inbox
-      volumes:
-        - name: library
-          hostPath:
-            path: /k8s/furumi-dev/library
-            type: DirectoryOrCreate
-        - name: inbox
-          hostPath:
-            path: /k8s/furumi-dev/inbox
-            type: DirectoryOrCreate
-

k8s/apps/furumi-dev/node-player.yaml

@@ -1,53 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: furumi-dev-node-player
-  labels:
-    app: furumi-dev-node-player
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: furumi-dev-node-player
-  template:
-    metadata:
-      labels:
-        app: furumi-dev-node-player
-    spec:
-      nodeSelector:
-        kubernetes.io/hostname: master.tail2fe2d.ts.net
-      containers:
-        - name: furumi-dev-node-player
-          image: ultradesu/furumi-node-player:dev
-          imagePullPolicy: Always
-          env:
-            - name: PORT
-              value: "3001"
-            - name: BASE_URL
-              value: "https://music-dev.hexor.cy"
-            - name: FRONTEND_ORIGIN
-              value: "https://music-dev.hexor.cy"
-            - name: SESSION_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_SESSION_SECRET
-            - name: OIDC_ISSUER_BASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_ISSUER_URL
-            - name: OIDC_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_CLIENT_ID
-            - name: OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_CLIENT_SECRET
-          ports:
-            - name: http
-              containerPort: 3001
-              protocol: TCP

k8s/apps/furumi-dev/service.yaml

@@ -2,47 +2,15 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: furumi-dev-metadata-agent
+  name: furumi-dev-player
   labels:
-    app: furumi-dev-metadata-agent
+    app: furumi-dev-player
 spec:
   type: ClusterIP
   selector:
-    app: furumi-dev-metadata-agent
-  ports:
-    - name: admin-ui
-      protocol: TCP
-      port: 8090
-      targetPort: 8090
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: furumi-dev-web-player
-  labels:
-    app: furumi-dev-web-player
-spec:
-  type: ClusterIP
-  selector:
-    app: furumi-dev-web-player
+    app: furumi-dev-player
   ports:
     - name: http
       protocol: TCP
-      port: 8080
-      targetPort: 8080
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: furumi-dev-node-player
-  labels:
-    app: furumi-dev-node-player
-spec:
-  type: ClusterIP
-  selector:
-    app: furumi-dev-node-player
-  ports:
-    - name: http
-      protocol: TCP
-      port: 3001
-      targetPort: 3001
+      port: 3000
+      targetPort: 3000

k8s/apps/furumi-dev/web-player.yaml

@@ -1,69 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: furumi-dev-web-player
-  labels:
-    app: furumi-dev-web-player
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: furumi-dev-web-player
-  template:
-    metadata:
-      labels:
-        app: furumi-dev-web-player
-    spec:
-      nodeSelector:
-        kubernetes.io/hostname: master.tail2fe2d.ts.net
-      containers:
-        - name: furumi-dev-web-player
-          image: ultradesu/furumi-web-player:dev
-          imagePullPolicy: Always
-          env:
-            - name: FURUMI_PLAYER_OIDC_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_CLIENT_ID
-            - name: FURUMI_PLAYER_OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_CLIENT_SECRET
-            - name: FURUMI_PLAYER_OIDC_ISSUER_URL
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_ISSUER_URL
-            - name: FURUMI_PLAYER_OIDC_REDIRECT_URL
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_REDIRECT_URL
-            - name: FURUMI_PLAYER_OIDC_SESSION_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: OIDC_SESSION_SECRET
-            - name: FURUMI_PLAYER_DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-ng-creds
-                  key: PG_STRING
-            - name: FURUMI_PLAYER_STORAGE_DIR
-              value: "/media"
-            - name: RUST_LOG
-              value: "info"
-          ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
-          volumeMounts:
-            - name: music
-              mountPath: /media
-      volumes:
-        - name: music
-          hostPath:
-            path: /k8s/furumi-dev/library
-            type: DirectoryOrCreate

k8s/core/postgresql/external-secrets.yaml

@@ -22,18 +22,18 @@ spec:
                 'OAUTH2_CLIENT_ID': '{{ .client_id }}',
                 'OAUTH2_CLIENT_SECRET': '{{ .client_secret }}',
                 
-                'OAUTH2_TOKEN_URL': '{{ .keycloak_url }}/realms/hexor/protocol/openid-connect/token',
-                'OAUTH2_AUTHORIZATION_URL': '{{ .keycloak_url }}/realms/hexor/protocol/openid-connect/auth',
-                'OAUTH2_SERVER_METADATA_URL': '{{ .keycloak_url }}/realms/hexor/.well-known/openid-configuration',
+                'OAUTH2_TOKEN_URL': '{{ .keycloak_url }}/auth/realms/hexor/protocol/openid-connect/token',
+                'OAUTH2_AUTHORIZATION_URL': '{{ .keycloak_url }}/auth/realms/hexor/protocol/openid-connect/auth',
+                'OAUTH2_SERVER_METADATA_URL': '{{ .keycloak_url }}/auth/realms/hexor/.well-known/openid-configuration',
                 'OAUTH2_API_BASE_URL': '{{ .keycloak_url }}',
-                'OAUTH2_USERINFO_ENDPOINT': '{{ .keycloak_url }}/realms/hexor/protocol/openid-connect/userinfo',
+                'OAUTH2_USERINFO_ENDPOINT': '{{ .keycloak_url }}/auth/realms/hexor/protocol/openid-connect/userinfo',
                 
                 'OAUTH2_SCOPE': 'openid profile email',
                 'OAUTH2_USERNAME_CLAIM': 'email',
                 'OAUTH2_BUTTON_COLOR': '#000000',
                 'OAUTH2_SSL_CERT_VERIFICATION': False,
                 
-                'OAUTH2_LOGOUT_URL': '{{ .keycloak_url }}/realms/hexor/protocol/openid-connect/logout',
+                'OAUTH2_LOGOUT_URL': '{{ .keycloak_url }}/auth/realms/hexor/protocol/openid-connect/logout',
             }
           ]
   data:

terraform/keycloak/terraform.tfvars

@@ -3,7 +3,8 @@ groups = [
   "hexor-guest",
   "game-servers-managers",
   "argocd-admins",
-  "web-petting"
+  "web-petting",
+  "Furumusic-Admins"
 ]
 
 proxy_applications = {
@@ -39,10 +40,15 @@ oauth2_applications = {
     web_origins               = ["https://gf.hexor.cy"]
     post_logout_redirect_uris = ["https://gf.hexor.cy/*"]
   }
+  FuruMusic = {
+    redirect_uris             = ["https://music.hexor.cy/auth/oidc/callback", "http://127.0.0.1:3000/auth/oidc/callback", "http://10.0.5.103:3000/auth/oidc/callback"]
+    web_origins               = ["https://music.hexor.cy", "http://127.0.0.1:3000", "http://10.0.5.103:3000"]
+    post_logout_redirect_uris = ["https://music.hexor.cy/*", "http://127.0.0.1:3000/*", "http://10.0.5.103:3000/*"]
+  }
   Web-Petting = {
-    redirect_uris             = ["https://pet.hexor.cy/admin/oidc/callback", "https://xn--l1acako8eb.xn--p1ai/admin/oidc/callback", "https://мурняня.рф/admin/oidc/callback", "http://127.0.0.1:3000/admin/oidc/callback"]
-    web_origins               = ["https://pet.hexor.cy", "https://xn--l1acako8eb.xn--p1ai", "https://мурняня.рф", "http://127.0.0.1:3000"]
-    post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*", "http://127.0.0.1:3000/*"]
+    redirect_uris             = ["https://pet.hexor.cy/admin/oidc/callback", "https://xn--l1acako8eb.xn--p1ai/admin/oidc/callback", "https://мурняня.рф/admin/oidc/callback"]
+    web_origins               = ["https://pet.hexor.cy", "https://xn--l1acako8eb.xn--p1ai", "https://мурняня.рф", ]
+    post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
   }
 }