Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gitea Actions Bot
|
3d99719a06 | ||
 Ultradesu
|
c850ad291a | ||
 ab
|
4228217497 | ||
|
ab
|
df2e2ec68d | ||
|
ab
|
180fd33ffc | ||
|
ab
|
bbb8ca0323 | ||
|
ab
|
ec91419b36 | ||
|
ab
|
1384b96742 | ||
|
ab
|
ab138b033a | ||
|
ab
|
968e633bf8 |
@@ -53,6 +53,7 @@ ArgoCD homelab project
|
||||
| **k8s-secrets** | [](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
|
||||
| **khm** | [](https://ag.hexor.cy/applications/argocd/khm) |
|
||||
| **lidarr** | [](https://ag.hexor.cy/applications/argocd/lidarr) |
|
||||
| **llamacpp** | [](https://ag.hexor.cy/applications/argocd/llamacpp) |
|
||||
| **matrix** | [](https://ag.hexor.cy/applications/argocd/matrix) |
|
||||
| **mtproxy** | [](https://ag.hexor.cy/applications/argocd/mtproxy) |
|
||||
| **n8n** | [](https://ag.hexor.cy/applications/argocd/n8n) |
|
||||
|
||||
@@ -53,8 +53,8 @@ spec:
|
||||
upstream_oauth2:
|
||||
providers:
|
||||
- id: 001KKV4EKY7KG98W2M9T806K6A
|
||||
human_name: Authentik
|
||||
issuer: https://idm.hexor.cy/application/o/matrix/
|
||||
human_name: SSO Login
|
||||
issuer: https://auth.hexor.cy/auth/realms/hexor
|
||||
client_id: "{{ .oauth_client_id }}"
|
||||
client_secret: "{{ .oauth_client_secret }}"
|
||||
token_endpoint_auth_method: client_secret_post
|
||||
@@ -93,3 +93,4 @@ spec:
|
||||
metadataPolicy: None
|
||||
key: ca76867f-49f3-4a30-9ef3-b05af35ee49a
|
||||
property: fields[1].value
|
||||
on_conflict: replace
|
||||
|
||||
@@ -18,8 +18,8 @@ spec:
|
||||
"openid_connect": {
|
||||
"APPS": [
|
||||
{
|
||||
"provider_id": "authentik",
|
||||
"name": "Authentik",
|
||||
"provider_id": "keycloak",
|
||||
"name": "Keycloak",
|
||||
"client_id": "{{ .oauth_id }}",
|
||||
"secret": "{{ .oauth_secret }}",
|
||||
"settings": {
|
||||
|
||||
@@ -46,7 +46,7 @@ spec:
|
||||
mountPath: /scripts
|
||||
containers:
|
||||
- name: pasarguard-node
|
||||
image: pasarguard/node:v0.5.0
|
||||
image: pasarguard/node:v0.5.2
|
||||
imagePullPolicy: Always
|
||||
command:
|
||||
- /bin/sh
|
||||
|
||||
@@ -34,7 +34,7 @@ spec:
|
||||
mountPath: /templates/subscription
|
||||
containers:
|
||||
- name: pasarguard-web
|
||||
image: pasarguard/panel:v4.0.2
|
||||
image: pasarguard/panel:v5.0.1
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- secretRef:
|
||||
|
||||
@@ -6,6 +6,7 @@ resources:
|
||||
- nfs-storage.yaml
|
||||
- coredns-internal-resolve.yaml
|
||||
- https-middleware.yaml
|
||||
- node-external-ip-labeler.yaml
|
||||
|
||||
helmCharts:
|
||||
- name: csi-driver-nfs
|
||||
@@ -15,4 +16,3 @@ helmCharts:
|
||||
namespace: kube-system
|
||||
#valuesFile: values.yaml
|
||||
includeCRDs: true
|
||||
|
||||
|
||||
@@ -0,0 +1,173 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: node-external-ip-labeler
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: node-external-ip-labeler
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "list", "patch", "update"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: node-external-ip-labeler
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: node-external-ip-labeler
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: node-external-ip-labeler
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: node-external-ip-labeler
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
rules:
|
||||
- apiGroups: ["batch"]
|
||||
resources: ["jobs"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: node-external-ip-labeler
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: node-external-ip-labeler
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: node-external-ip-labeler
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: node-external-ip-labeler
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
spec:
|
||||
schedule: "17 3 * * *"
|
||||
concurrencyPolicy: Forbid
|
||||
successfulJobsHistoryLimit: 3
|
||||
failedJobsHistoryLimit: 3
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
spec:
|
||||
serviceAccountName: node-external-ip-labeler
|
||||
restartPolicy: Never
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
containers:
|
||||
- name: fanout
|
||||
image: bitnami/kubectl:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/bash
|
||||
- -lc
|
||||
args:
|
||||
- |
|
||||
set -euo pipefail
|
||||
|
||||
clean_name() {
|
||||
echo "$1" \
|
||||
| tr '[:upper:]' '[:lower:]' \
|
||||
| tr -c 'a-z0-9-' '-' \
|
||||
| sed 's/^-*//;s/-*$//' \
|
||||
| cut -c1-45
|
||||
}
|
||||
|
||||
for NODE_NAME in $(kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}'); do
|
||||
NODE_CLEAN="$(clean_name "${NODE_NAME}")"
|
||||
JOB_NAME="node-external-ip-${NODE_CLEAN}"
|
||||
|
||||
kubectl delete job "${JOB_NAME}" -n kube-system --ignore-not-found=true --wait=true --timeout=60s
|
||||
|
||||
cat <<EOF | kubectl apply -f -
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: ${JOB_NAME}
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
target-node: "${NODE_CLEAN}"
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 86400
|
||||
backoffLimit: 2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: node-external-ip-labeler
|
||||
target-node: "${NODE_CLEAN}"
|
||||
spec:
|
||||
serviceAccountName: node-external-ip-labeler
|
||||
nodeName: "${NODE_NAME}"
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
restartPolicy: Never
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
containers:
|
||||
- name: label-node
|
||||
image: bitnami/kubectl:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: NODE_NAME
|
||||
value: "${NODE_NAME}"
|
||||
command:
|
||||
- /bin/bash
|
||||
- -lc
|
||||
args:
|
||||
- |
|
||||
set -euo pipefail
|
||||
|
||||
json_ip() {
|
||||
sed -n 's/.*"ip"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p'
|
||||
}
|
||||
|
||||
IPV4="\$(curl -fsS --connect-timeout 10 --max-time 30 'https://api.ipify.org?format=json' | json_ip)"
|
||||
IP64="\$(curl -fsS --connect-timeout 10 --max-time 30 'https://api64.ipify.org?format=json' | json_ip || true)"
|
||||
|
||||
if [ -z "\${IPV4}" ]; then
|
||||
echo "Unable to detect external IPv4 for node ${NODE_NAME}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
kubectl label node "${NODE_NAME}" external-ipv4="\${IPV4}" --overwrite
|
||||
kubectl annotate node "${NODE_NAME}" homelab.hexor.cy/external-ipv4="\${IPV4}" --overwrite
|
||||
|
||||
if echo "\${IP64}" | grep -q ':'; then
|
||||
kubectl annotate node "${NODE_NAME}" homelab.hexor.cy/external-ipv6="\${IP64}" --overwrite
|
||||
elif [ -n "\${IP64}" ]; then
|
||||
kubectl annotate node "${NODE_NAME}" homelab.hexor.cy/external-ipv4-api64="\${IP64}" --overwrite
|
||||
fi
|
||||
EOF
|
||||
done
|
||||
@@ -13,7 +13,7 @@ resources:
|
||||
helmCharts:
|
||||
- name: pgadmin4
|
||||
repo: https://helm.runix.net
|
||||
version: 1.50.0
|
||||
version: 1.64.0
|
||||
releaseName: pgmanager
|
||||
namespace: psql
|
||||
valuesFile: pgadmin4-values.yaml
|
||||
|
||||
@@ -60,4 +60,35 @@ oauth2_applications = {
|
||||
web_origins = ["https://pet.hexor.cy", "https://xn--l1acako8eb.xn--p1ai", "https://мурняня.рф", ]
|
||||
post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
|
||||
}
|
||||
Paperless-ngx = {
|
||||
redirect_uris = ["https://docs.hexor.cy/accounts/oidc/authentik/login/callback/"]
|
||||
web_origins = ["https://docs.hexor.cy"]
|
||||
post_logout_redirect_uris = ["https://docs.hexor.cy/*"]
|
||||
}
|
||||
Immich = {
|
||||
redirect_uris = [
|
||||
"https://photos.hexor.cy/auth/login",
|
||||
"https://photos.hexor.cy/user-settings",
|
||||
"app.immich:///oauth-callback",
|
||||
"http://photos.homenet:30283/auth/login",
|
||||
"http://photos.homenet:30283/user-settings"
|
||||
]
|
||||
web_origins = ["https://photos.hexor.cy", "http://photos.homenet:30283"]
|
||||
post_logout_redirect_uris = ["https://photos.hexor.cy/*", "http://photos.homenet:30283/*"]
|
||||
}
|
||||
HomeAssistant-LMS = {
|
||||
redirect_uris = ["http://ha-lms:8123/auth/oidc/callback", "http://ha-lms.homenet:8123/auth/oidc/callback"]
|
||||
web_origins = ["http://ha-lms:8123", "http://ha-lms.homenet:8123"]
|
||||
post_logout_redirect_uris = ["http://ha-lms:8123/*", "http://ha-lms.homenet:8123/*"]
|
||||
}
|
||||
HomeAssistant-LND = {
|
||||
redirect_uris = ["http://ha-london:8123/auth/oidc/callback", "http://ha-london.tail2fe2d.ts.net:8123/auth/oidc/callback"]
|
||||
web_origins = ["http://ha-london:8123", "http://ha-london.tail2fe2d.ts.net:8123"]
|
||||
post_logout_redirect_uris = ["http://ha-london:8123/*", "http://ha-london.tail2fe2d.ts.net:8123/*"]
|
||||
}
|
||||
Matrix-Chat = {
|
||||
redirect_uris = ["https://auth.matrix.hexor.cy/upstream/callback/001KKV4EKY7KG98W2M9T806K6A"]
|
||||
web_origins = ["https://auth.matrix.hexor.cy"]
|
||||
post_logout_redirect_uris = ["https://auth.matrix.hexor.cy/*"]
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user