Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gitea Actions Bot
|
08076d2285 |
@@ -25,7 +25,6 @@ ArgoCD homelab project
|
||||
| **longhorn** | [](https://ag.hexor.cy/applications/argocd/longhorn) |
|
||||
| **postgresql** | [](https://ag.hexor.cy/applications/argocd/postgresql) |
|
||||
| **prom-stack** | [](https://ag.hexor.cy/applications/argocd/prom-stack) |
|
||||
| **reloader** | [](https://ag.hexor.cy/applications/argocd/reloader) |
|
||||
| **system-upgrade** | [](https://ag.hexor.cy/applications/argocd/system-upgrade) |
|
||||
|
||||
### Games
|
||||
|
||||
@@ -22,7 +22,7 @@ spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`proxy.hexor.cy`)
|
||||
- match: Host(`secret-reader.hexor.cy`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: auth-proxy
|
||||
@@ -30,16 +30,16 @@ spec:
|
||||
- name: secret-reader
|
||||
port: 80
|
||||
tls:
|
||||
secretName: proxy-tls
|
||||
secretName: secret-reader-tls
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: proxy-tls
|
||||
name: secret-reader-tls
|
||||
spec:
|
||||
secretName: proxy-tls
|
||||
secretName: secret-reader-tls
|
||||
issuerRef:
|
||||
name: letsencrypt
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- proxy.hexor.cy
|
||||
- secret-reader.hexor.cy
|
||||
|
||||
@@ -9,18 +9,18 @@ resources:
|
||||
helmCharts:
|
||||
- name: ollama
|
||||
repo: https://otwld.github.io/ollama-helm/
|
||||
version: 1.58.0
|
||||
version: 1.49.0
|
||||
releaseName: ollama
|
||||
namespace: ollama
|
||||
valuesFile: ollama-values.yaml
|
||||
includeCRDs: true
|
||||
- name: open-webui
|
||||
repo: https://helm.openwebui.com/
|
||||
version: 14.8.0
|
||||
version: 12.10.0
|
||||
releaseName: openweb-ui
|
||||
namespace: ollama
|
||||
valuesFile: openweb-ui-values.yaml
|
||||
includeCRDs: true
|
||||
|
||||
patches:
|
||||
- path: patch-runtimeclass.yaml
|
||||
- path: patch-runtimeclass.yaml
|
||||
@@ -2,8 +2,8 @@ clusterDomain: cluster.local
|
||||
|
||||
extraEnvVars:
|
||||
GLOBAL_LOG_LEVEL: debug
|
||||
OAUTH_PROVIDER_NAME: keycloak
|
||||
OPENID_PROVIDER_URL: https://auth.hexor.cy/auth/realms/hexor/.well-known/openid-configuration
|
||||
OAUTH_PROVIDER_NAME: authentik
|
||||
OPENID_PROVIDER_URL: https://idm.hexor.cy/application/o/openwebui/.well-known/openid-configuration
|
||||
OPENID_REDIRECT_URI: https://ai.hexor.cy/oauth/oidc/callback
|
||||
WEBUI_URL: https://ai.hexor.cy
|
||||
# Allows auto-creation of new users using OAuth. Must be paired with ENABLE_LOGIN_FORM=false.
|
||||
@@ -31,7 +31,7 @@ ollama:
|
||||
- qwen3-vl:8b
|
||||
|
||||
pipelines:
|
||||
enabled: false
|
||||
enabled: true
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
||||
|
||||
@@ -57,4 +57,4 @@ ingress:
|
||||
traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
|
||||
host: "ai.hexor.cy"
|
||||
tls: true
|
||||
existingSecret: ollama-tls
|
||||
existingSecret: ollama-tls
|
||||
@@ -236,52 +236,29 @@ data:
|
||||
|
||||
cd /app
|
||||
|
||||
write_xray_api_port() {
|
||||
API_PORT="$1"
|
||||
case "$API_PORT" in
|
||||
""|*[!0-9]*)
|
||||
return
|
||||
;;
|
||||
esac
|
||||
|
||||
CURRENT_PORT=""
|
||||
if [ -f /shared/xray-api-port ]; then
|
||||
CURRENT_PORT=$(cat /shared/xray-api-port)
|
||||
fi
|
||||
|
||||
if [ "$API_PORT" != "$CURRENT_PORT" ]; then
|
||||
echo "Found xray API port: $API_PORT"
|
||||
echo -n "$API_PORT" > /shared/xray-api-port
|
||||
fi
|
||||
}
|
||||
|
||||
LOG_PIPE="/tmp/pasarguard-main.log"
|
||||
rm -f "$LOG_PIPE"
|
||||
mkfifo "$LOG_PIPE"
|
||||
|
||||
# Capture main logs so the Xray API listener is not confused with Xray's metrics listener.
|
||||
{
|
||||
while IFS= read -r line; do
|
||||
echo "$line"
|
||||
case "$line" in
|
||||
*"transport/internet/tcp: listening TCP on 127.0.0.1:"*)
|
||||
API_PORT=$(echo "$line" | sed -n 's/.*listening TCP on 127\.0\.0\.1:\([0-9][0-9]*\).*/\1/p')
|
||||
write_xray_api_port "$API_PORT"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
} < "$LOG_PIPE" &
|
||||
LOG_READER_PID=$!
|
||||
|
||||
# Start main process in background
|
||||
./main > "$LOG_PIPE" 2>&1 &
|
||||
./main &
|
||||
MAIN_PID=$!
|
||||
|
||||
|
||||
# Start continuous port monitoring in background
|
||||
{
|
||||
sleep 10 # Wait for xray to start initially
|
||||
LAST_PORT=""
|
||||
|
||||
while true; do
|
||||
API_PORT=$(netstat -tlpn | grep xray | grep 127.0.0.1 | awk '{print $4}' | cut -d: -f2 | head -1)
|
||||
if [ -n "$API_PORT" ] && [ "$API_PORT" != "$LAST_PORT" ]; then
|
||||
echo "Found xray API port: $API_PORT"
|
||||
echo -n "$API_PORT" > /shared/xray-api-port
|
||||
LAST_PORT="$API_PORT"
|
||||
fi
|
||||
sleep 5 # Check every 5 seconds
|
||||
done
|
||||
} &
|
||||
PORT_MONITOR_PID=$!
|
||||
|
||||
# Wait for main process to finish
|
||||
wait $MAIN_PID
|
||||
MAIN_STATUS=$?
|
||||
|
||||
# Clean up log reader
|
||||
wait $LOG_READER_PID 2>/dev/null
|
||||
rm -f "$LOG_PIPE"
|
||||
exit $MAIN_STATUS
|
||||
|
||||
# Clean up port monitor
|
||||
kill $PORT_MONITOR_PID 2>/dev/null
|
||||
|
||||
@@ -116,20 +116,14 @@ spec:
|
||||
- name: metrics
|
||||
containerPort: 9550
|
||||
protocol: TCP
|
||||
startupProbe:
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /scrape
|
||||
port: metrics
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 36
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: metrics
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
failureThreshold: 6
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /scrape
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: reloader
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: core
|
||||
destination:
|
||||
namespace: reloader
|
||||
server: https://kubernetes.default.svc
|
||||
source:
|
||||
repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
|
||||
targetRevision: HEAD
|
||||
path: k8s/core/reloader
|
||||
syncPolicy:
|
||||
automated:
|
||||
selfHeal: true
|
||||
prune: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
@@ -1,13 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- app.yaml
|
||||
|
||||
helmCharts:
|
||||
- name: reloader
|
||||
repo: https://stakater.github.io/stakater-charts
|
||||
version: 2.2.12
|
||||
releaseName: reloader
|
||||
namespace: reloader
|
||||
valuesFile: values.yaml
|
||||
@@ -1,24 +0,0 @@
|
||||
reloader:
|
||||
watchGlobally: true
|
||||
autoReloadAll: true
|
||||
reloadOnCreate: true
|
||||
reloadOnDelete: false
|
||||
reloadStrategy: annotations
|
||||
ignoreConfigMaps: false
|
||||
ignoreSecrets: false
|
||||
ignoreJobs: false
|
||||
ignoreCronJobs: false
|
||||
enableHA: true
|
||||
syncAfterRestart: true
|
||||
logLevel: info
|
||||
rbac:
|
||||
enabled: true
|
||||
deployment:
|
||||
replicas: 2
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 150m
|
||||
memory: 512Mi
|
||||
@@ -9,12 +9,12 @@ groups = [
|
||||
|
||||
proxy_applications = {
|
||||
secret-reader = {
|
||||
domain = "proxy.hexor.cy"
|
||||
allowed_groups = ["hexor-admin", "app-pass"]
|
||||
domain = "secret-reader.hexor.cy"
|
||||
allowed_groups = ["hexor-guest", "hexor-admin"]
|
||||
}
|
||||
pass = {
|
||||
domain = "pass.hexor.cy"
|
||||
allowed_groups = ["hexor-admin", "app-pass"]
|
||||
allowed_groups = ["hexor-guest", "hexor-admin"]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -40,11 +40,6 @@ oauth2_applications = {
|
||||
web_origins = ["https://gf.hexor.cy"]
|
||||
post_logout_redirect_uris = ["https://gf.hexor.cy/*"]
|
||||
}
|
||||
openwebui = {
|
||||
redirect_uris = ["https://ai.hexor.cy/oauth/oidc/callback"]
|
||||
web_origins = ["https://ai.hexor.cy"]
|
||||
post_logout_redirect_uris = ["https://ai.hexor.cy/*"]
|
||||
}
|
||||
FuruMusic = {
|
||||
redirect_uris = ["https://music.hexor.cy/auth/oidc/callback"]
|
||||
web_origins = ["https://music.hexor.cy"]
|
||||
@@ -61,3 +56,4 @@ oauth2_applications = {
|
||||
post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user