Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-18 01:34:44 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
Added Gitea captcha
2026-06-18 01:34:44 +00:00 · 2026-06-18 02:32:33 +01:00 · 2026-06-18 02:30:49 +01:00 · 2026-06-18 02:27:24 +01:00 · 2026-06-18 00:06:14 +01:00 · 2026-06-17 15:27:17 +01:00
7 changed files with 88 additions and 39 deletions
@@ -30,6 +30,21 @@ data:
      fi
    }

+    delete_rule() {
+      local table_args=()
+      if [ "${1:-}" = "-t" ]; then
+        table_args=("$1" "$2")
+        shift 2
+      fi
+
+      local chain="$1"
+      shift
+
+      while iptables "${table_args[@]}" -D "${chain}" "$@" >/dev/null 2>&1; do
+        true
+      done
+    }
+
    ensure_append_rule() {
      local table_args=()
      if [ "${1:-}" = "-t" ]; then
@@ -56,6 +71,7 @@ data:

    sysctl -w net.ipv4.ip_forward=1

+    delete_rule INPUT -i tailscale0 -p udp -m comment --comment amneziawg-block-tailscale -j DROP
    ensure_insert_rule INPUT -i "${EXT_IF}" -p udp --dport "${PORT}" -m comment --comment amneziawg-allow-external -j ACCEPT
    ensure_insert_rule INPUT -i tailscale0 -p udp --dport "${PORT}" -m comment --comment amneziawg-block-tailscale -j DROP
    ensure_append_rule INPUT -i awg0 -m comment --comment amneziawg-awg-input -j ACCEPT
@@ -100,6 +116,7 @@ data:
    fi

    delete_rule INPUT -i tailscale0 -p udp --dport "${PORT}" -m comment --comment amneziawg-block-tailscale -j DROP
+    delete_rule INPUT -i tailscale0 -p udp -m comment --comment amneziawg-block-tailscale -j DROP
    delete_rule INPUT -i awg0 -m comment --comment amneziawg-awg-input -j ACCEPT
    delete_rule FORWARD -i awg0 -m comment --comment amneziawg-forward-in -j ACCEPT
    delete_rule FORWARD -o awg0 -m comment --comment amneziawg-forward-out -j ACCEPT
@@ -41,18 +41,18 @@ spec:
            - name: GITEA__service__REGISTER_MANUAL_CONFIRM
              value: "true"
            - name: GITEA__service__ENABLE_CAPTCHA
-              value: "false"
-            - name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
              value: "true"
+            - name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
+              value: "false"
            - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA
              value: "true"
            - name: GITEA__service__CAPTCHA_TYPE
-              value: "hcaptcha"
+              value: "cfturnstile"
            - name: GITEA__webhook__ALLOWED_HOST_LIST
              value: "*"
          envFrom:
          - secretRef:
-              name: gitea-recapcha-creds
+              name: gitea-runner-act-runner-secrets
          ports:
            - name: http
              containerPort: 3000
@@ -13,6 +13,10 @@ spec:
      data:
        token: |-
          {{ .password }}
+        GITEA__service__CF_TURNSTILE_SITEKEY: |-
+          {{ .CF_TURNSTILE_SITEKEY }}
+        GITEA__service__CF_TURNSTILE_SECRET: |-
+          {{ .CF_TURNSTILE_SECRET }}
  data:
    - secretKey: password
      sourceRef:
@@ -22,38 +26,19 @@ spec:
      remoteRef:
        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
        property: login.password
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: gitea-recapcha-creds
-spec:
-  refreshInterval: 1m
-  target:
-    name: gitea-recapcha-creds
-    deletionPolicy: Delete
-    template:
-      type: Opaque
-      data:
-        GITEA__service__HCAPTCHA_SITEKEY: |-
-          {{ .HCAPTCHA_SITEKEY }}
-        GITEA__service__HCAPTCHA_SECRET: |-
-          {{ .HCAPTCHA_SECRET }}
-  data:
-    - secretKey: HCAPTCHA_SITEKEY
+    - secretKey: CF_TURNSTILE_SITEKEY
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
-        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
-        property: login.username
-    - secretKey: HCAPTCHA_SECRET
+        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
+        property: fields[0].value
+    - secretKey: CF_TURNSTILE_SECRET
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
-        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
-        property: login.password
+        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
+        property: fields[1].value
@@ -7,6 +7,6 @@ data:
  LLAMA_ARG_HOST: 0.0.0.0
  LLAMA_ARG_PORT: "8080"
  LLAMA_ARG_HF_REPO: "unsloth/gemma-4-12b-it-GGUF:Q6_K"
-  LLAMA_ARG_CTX_SIZE: "32768"
+  LLAMA_ARG_CTX_SIZE: "128000"
  LLAMA_ARG_FLASH_ATTN: auto
  LLAMA_ARG_FIT: "on"
@@ -15,14 +15,14 @@ resources:
  - service.yaml
  - ingress.yaml

-helmCharts:
-  - name: yacy
-    repo: https://gt.hexor.cy/api/packages/ab/helm
-    version: 0.1.2
-    releaseName: yacy
-    namespace: n8n
-    valuesFile: values-yacy.yaml
-    includeCRDs: true
+# helmCharts:
+#   - name: yacy
+#     repo: https://gt.hexor.cy/api/packages/ab/helm
+#     version: 0.1.2
+#     releaseName: yacy
+#     namespace: n8n
+#     valuesFile: values-yacy.yaml
+#     includeCRDs: true

 commonLabels:
  app.kubernetes.io/name: n8n
@@ -7,7 +7,7 @@ kind: Kustomization
 helmCharts:
  - name: longhorn
    repo: https://charts.longhorn.io
-    version: 1.11.2
+    version: 1.12.0
    releaseName: longhorn
    namespace: longhorn
    valuesFile: values.yaml
@@ -1,7 +1,54 @@
+global:
+  tolerations:
+    - key: "workload"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+
+longhornManager:
+  tolerations:
+    - key: "workload"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+
+longhornDriver:
+  tolerations:
+    - key: "workload"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"
+
 longhornUI:
  replicas: 1
+  tolerations:
+    - key: "workload"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node.kubernetes.io/unreachable"
+      operator: "Exists"
+      effect: "NoExecute"

 defaultSettings:
+  taintToleration: "workload=ai:NoSchedule; workload=desktop:NoSchedule; node.kubernetes.io/unreachable:NoSchedule; node.kubernetes.io/unreachable:NoExecute"
  # Keep new instance-manager pods schedulable on nodes with high CPU requests.
  guaranteedInstanceManagerCPU: '{"v1":"6","v2":"6"}'
Author	SHA1	Message	Date
Gitea Actions Bot	6cbc573d12	Auto-update README with current k8s applications Keycloak Terraform / Terraform (pull_request) Successful in 2m46s Details Generated by CI/CD workflow on 2026-06-18 01:34:44 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.	2026-06-18 01:34:44 +00:00
ab	a094d3b925	Added Gitea captcha Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 5s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 5s Details	2026-06-18 02:32:33 +01:00
ab	9508a8483c	Added Gitea captcha Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 6s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 5s Details	2026-06-18 02:30:49 +01:00
ab	c5919259f6	Added Gitea captcha Check with kubeconform / lint (push) Successful in 14s Details Auto-update README / Generate README and Create MR (push) Failing after 2m57s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Failing after 16m35s Details	2026-06-18 02:27:24 +01:00
Ultradesu	83de150f87	Fix amnezia iptables Check with kubeconform / lint (push) Successful in 12s Details Auto-update README / Generate README and Create MR (push) Failing after 10m47s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Failing after 13m0s Details	2026-06-18 00:06:14 +01:00
Ultradesu	70d785769e	Update longhorn tolerations Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 13s Details Check with kubeconform / lint (push) Successful in 10s Details Auto-update README / Generate README and Create MR (push) Successful in 10s Details	2026-06-17 15:27:17 +01:00
Ultradesu	f129977993	Update longhorn Check with kubeconform / lint (push) Successful in 10s Details Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Failing after 11m23s Details Auto-update README / Generate README and Create MR (push) Failing after 14m14s Details	2026-06-17 15:02:52 +01:00
Ultradesu	cf4c70075c	N8N: Disable yacy Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 13s Details Auto-update README / Generate README and Create MR (push) Failing after 10m15s Details Check with kubeconform / lint (push) Failing after 11m22s Details	2026-06-17 14:51:47 +01:00
Ultradesu	2b979b5f43	Changed uk-desktop llm context window	2026-06-17 13:18:07 +01:00