Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-05 21:04:51 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
2026-06-05 21:04:51 +00:00
10 changed files with 10 additions and 215 deletions
@@ -6,7 +6,7 @@ data:
  LLAMA_CACHE: /models
  LLAMA_ARG_HOST: 0.0.0.0
  LLAMA_ARG_PORT: "8080"
-  LLAMA_ARG_HF_REPO: "unsloth/Qwen3.6-35B-A3B-MTP-GGUF:UD-Q6_K"
+  LLAMA_ARG_HF_REPO: "igorls/gemma-4-12B-it-heretic-GGUF:Q8_0"
  LLAMA_ARG_CTX_SIZE: "32768"
  LLAMA_ARG_FLASH_ATTN: auto
  LLAMA_ARG_FIT: "on"
@@ -53,8 +53,8 @@ spec:
          upstream_oauth2:
            providers:
              - id: 001KKV4EKY7KG98W2M9T806K6A
-                human_name: SSO Login
+                human_name: Authentik
-                issuer: https://auth.hexor.cy/auth/realms/hexor
+                issuer: https://idm.hexor.cy/application/o/matrix/
                client_id: "{{ .oauth_client_id }}"
                client_secret: "{{ .oauth_client_secret }}"
                token_endpoint_auth_method: client_secret_post
@@ -93,4 +93,3 @@ spec:
        metadataPolicy: None
        key: ca76867f-49f3-4a30-9ef3-b05af35ee49a
        property: fields[1].value
                    on_conflict: replace
@@ -18,8 +18,8 @@ spec:
            "openid_connect": {
              "APPS": [
                {
-                  "provider_id": "keycloak",
+                  "provider_id": "authentik",
-                  "name": "Keycloak",
+                  "name": "Authentik",
                  "client_id": "{{ .oauth_id }}",
                  "secret": "{{ .oauth_secret }}",
                  "settings": {
@@ -46,7 +46,7 @@ spec:
              mountPath: /scripts
      containers:
        - name: pasarguard-node
-          image: pasarguard/node:v0.5.2
+          image: pasarguard/node:v0.5.0
          imagePullPolicy: Always
          command:
            - /bin/sh
@@ -34,7 +34,7 @@ spec:
              mountPath: /templates/subscription
      containers:
        - name: pasarguard-web
-          image: pasarguard/panel:v5.0.1
+          image: pasarguard/panel:v4.0.2
          imagePullPolicy: Always
          envFrom:
            - secretRef:
@@ -6,7 +6,6 @@ resources:
  - nfs-storage.yaml
  - coredns-internal-resolve.yaml
  - https-middleware.yaml
  - node-external-ip-labeler.yaml
 helmCharts:
  - name: csi-driver-nfs
@@ -16,3 +15,4 @@ helmCharts:
    namespace: kube-system
    #valuesFile: values.yaml
    includeCRDs: true
@@ -1,173 +0,0 @@
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: node-external-ip-labeler
  namespace: kube-system
  labels:
    app: node-external-ip-labeler
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: node-external-ip-labeler
  labels:
    app: node-external-ip-labeler
 rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "patch", "update"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: node-external-ip-labeler
  labels:
    app: node-external-ip-labeler
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: node-external-ip-labeler
 subjects:
  - kind: ServiceAccount
    name: node-external-ip-labeler
    namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: node-external-ip-labeler
  namespace: kube-system
  labels:
    app: node-external-ip-labeler
 rules:
  - apiGroups: ["batch"]
    resources: ["jobs"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: node-external-ip-labeler
  namespace: kube-system
  labels:
    app: node-external-ip-labeler
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: node-external-ip-labeler
 subjects:
  - kind: ServiceAccount
    name: node-external-ip-labeler
    namespace: kube-system
 ---
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: node-external-ip-labeler
  namespace: kube-system
  labels:
    app: node-external-ip-labeler
 spec:
  schedule: "17 3 * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      backoffLimit: 1
      template:
        metadata:
          labels:
            app: node-external-ip-labeler
        spec:
          serviceAccountName: node-external-ip-labeler
          restartPolicy: Never
          tolerations:
            - operator: Exists
          containers:
            - name: fanout
              image: bitnami/kubectl:latest
              imagePullPolicy: IfNotPresent
              command:
                - /bin/bash
                - -lc
              args:
                - |
                  set -euo pipefail
                  clean_name() {
                    echo "$1" \
                      | tr '[:upper:]' '[:lower:]' \
                      | tr -c 'a-z0-9-' '-' \
                      | sed 's/^-*//;s/-*$//' \
                      | cut -c1-45
                  }
                  for NODE_NAME in $(kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}'); do
                    NODE_CLEAN="$(clean_name "${NODE_NAME}")"
                    JOB_NAME="node-external-ip-${NODE_CLEAN}"
                    kubectl delete job "${JOB_NAME}" -n kube-system --ignore-not-found=true --wait=true --timeout=60s
                    cat <<EOF | kubectl apply -f -
                  apiVersion: batch/v1
                  kind: Job
                  metadata:
                    name: ${JOB_NAME}
                    namespace: kube-system
                    labels:
                      app: node-external-ip-labeler
                      target-node: "${NODE_CLEAN}"
                  spec:
                    ttlSecondsAfterFinished: 86400
                    backoffLimit: 2
                    template:
                      metadata:
                        labels:
                          app: node-external-ip-labeler
                          target-node: "${NODE_CLEAN}"
                      spec:
                        serviceAccountName: node-external-ip-labeler
                        nodeName: "${NODE_NAME}"
                        hostNetwork: true
                        dnsPolicy: ClusterFirstWithHostNet
                        restartPolicy: Never
                        tolerations:
                          - operator: Exists
                        containers:
                          - name: label-node
                            image: bitnami/kubectl:latest
                            imagePullPolicy: IfNotPresent
                            env:
                              - name: NODE_NAME
                                value: "${NODE_NAME}"
                            command:
                              - /bin/bash
                              - -lc
                            args:
                              - |
                                set -euo pipefail
                                json_ip() {
                                  sed -n 's/.*"ip"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p'
                                }
                                IPV4="\$(curl -fsS --connect-timeout 10 --max-time 30 'https://api.ipify.org?format=json' | json_ip)"
                                IP64="\$(curl -fsS --connect-timeout 10 --max-time 30 'https://api64.ipify.org?format=json' | json_ip || true)"
                                if [ -z "\${IPV4}" ]; then
                                  echo "Unable to detect external IPv4 for node ${NODE_NAME}"
                                  exit 1
                                fi
                                kubectl label node "${NODE_NAME}" external-ipv4="\${IPV4}" --overwrite
                                kubectl annotate node "${NODE_NAME}" homelab.hexor.cy/external-ipv4="\${IPV4}" --overwrite
                                if echo "\${IP64}" | grep -q ':'; then
                                  kubectl annotate node "${NODE_NAME}" homelab.hexor.cy/external-ipv6="\${IP64}" --overwrite
                                elif [ -n "\${IP64}" ]; then
                                  kubectl annotate node "${NODE_NAME}" homelab.hexor.cy/external-ipv4-api64="\${IP64}" --overwrite
                                fi
                  EOF
                  done
@@ -13,7 +13,7 @@ resources:
 helmCharts:
  - name: pgadmin4
    repo: https://helm.runix.net
-    version: 1.64.0
+    version: 1.50.0
    releaseName: pgmanager
    namespace: psql
    valuesFile: pgadmin4-values.yaml
@@ -36,7 +36,7 @@ spec:
    spec:
      nodeSelector:
        #kubernetes.io/hostname: home.homenet
-        kubernetes.io/hostname: music.tail2fe2d.ts.net
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
      terminationGracePeriodSeconds: 10
      containers:
        - name: prom-a2s-exporter
@@ -60,35 +60,4 @@ oauth2_applications = {
    web_origins               = ["https://pet.hexor.cy", "https://xn--l1acako8eb.xn--p1ai", "https://мурняня.рф", ]
    post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
  }
  Paperless-ngx = {
    redirect_uris             = ["https://docs.hexor.cy/accounts/oidc/authentik/login/callback/"]
    web_origins               = ["https://docs.hexor.cy"]
    post_logout_redirect_uris = ["https://docs.hexor.cy/*"]
  }
  Immich = {
    redirect_uris             = [
      "https://photos.hexor.cy/auth/login",
      "https://photos.hexor.cy/user-settings",
      "app.immich:///oauth-callback",
      "http://photos.homenet:30283/auth/login",
      "http://photos.homenet:30283/user-settings"
    ]
    web_origins               = ["https://photos.hexor.cy", "http://photos.homenet:30283"]
    post_logout_redirect_uris = ["https://photos.hexor.cy/*", "http://photos.homenet:30283/*"]
  }
  HomeAssistant-LMS = {
    redirect_uris             = ["http://ha-lms:8123/auth/oidc/callback", "http://ha-lms.homenet:8123/auth/oidc/callback"]
    web_origins               = ["http://ha-lms:8123", "http://ha-lms.homenet:8123"]
    post_logout_redirect_uris = ["http://ha-lms:8123/*", "http://ha-lms.homenet:8123/*"]
  }
  HomeAssistant-LND = {
    redirect_uris             = ["http://ha-london:8123/auth/oidc/callback", "http://ha-london.tail2fe2d.ts.net:8123/auth/oidc/callback"]
    web_origins               = ["http://ha-london:8123", "http://ha-london.tail2fe2d.ts.net:8123"]
    post_logout_redirect_uris = ["http://ha-london:8123/*", "http://ha-london.tail2fe2d.ts.net:8123/*"]
  }
  Matrix-Chat = {
    redirect_uris             = ["https://auth.matrix.hexor.cy/upstream/callback/001KKV4EKY7KG98W2M9T806K6A"]
    web_origins               = ["https://auth.matrix.hexor.cy"]
    post_logout_redirect_uris = ["https://auth.matrix.hexor.cy/*"]
  }
 }