Added Gitea captcha

README.md

@@ -42,7 +42,6 @@ ArgoCD homelab project
 
 | Application | Status |
 | :--- | :---: |
-| **amnezia** | [![amnezia](https://ag.hexor.cy/api/badge?name=amnezia&revision=true)](https://ag.hexor.cy/applications/argocd/amnezia) |
 | **comfyui** | [![comfyui](https://ag.hexor.cy/api/badge?name=comfyui&revision=true)](https://ag.hexor.cy/applications/argocd/comfyui) |
 | **furumi** | [![furumi](https://ag.hexor.cy/api/badge?name=furumi&revision=true)](https://ag.hexor.cy/applications/argocd/furumi) |
 | **gitea** | [![gitea](https://ag.hexor.cy/api/badge?name=gitea&revision=true)](https://ag.hexor.cy/applications/argocd/gitea) |
@@ -54,7 +53,6 @@ ArgoCD homelab project
 | **k8s-secrets** | [![k8s-secrets](https://ag.hexor.cy/api/badge?name=k8s-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
 | **khm** | [![khm](https://ag.hexor.cy/api/badge?name=khm&revision=true)](https://ag.hexor.cy/applications/argocd/khm) |
 | **lidarr** | [![lidarr](https://ag.hexor.cy/api/badge?name=lidarr&revision=true)](https://ag.hexor.cy/applications/argocd/lidarr) |
-| **llamacpp** | [![llamacpp](https://ag.hexor.cy/api/badge?name=llamacpp&revision=true)](https://ag.hexor.cy/applications/argocd/llamacpp) |
 | **matrix** | [![matrix](https://ag.hexor.cy/api/badge?name=matrix&revision=true)](https://ag.hexor.cy/applications/argocd/matrix) |
 | **mtproxy** | [![mtproxy](https://ag.hexor.cy/api/badge?name=mtproxy&revision=true)](https://ag.hexor.cy/applications/argocd/mtproxy) |
 | **n8n** | [![n8n](https://ag.hexor.cy/api/badge?name=n8n&revision=true)](https://ag.hexor.cy/applications/argocd/n8n) |

k8s/apps/amnezia/configmap-scripts.yaml

@@ -30,6 +30,21 @@ data:
       fi
     }
 
+    delete_rule() {
+      local table_args=()
+      if [ "${1:-}" = "-t" ]; then
+        table_args=("$1" "$2")
+        shift 2
+      fi
+
+      local chain="$1"
+      shift
+
+      while iptables "${table_args[@]}" -D "${chain}" "$@" >/dev/null 2>&1; do
+        true
+      done
+    }
+
     ensure_append_rule() {
       local table_args=()
       if [ "${1:-}" = "-t" ]; then
@@ -56,6 +71,7 @@ data:
 
     sysctl -w net.ipv4.ip_forward=1
 
+    delete_rule INPUT -i tailscale0 -p udp -m comment --comment amneziawg-block-tailscale -j DROP
     ensure_insert_rule INPUT -i "${EXT_IF}" -p udp --dport "${PORT}" -m comment --comment amneziawg-allow-external -j ACCEPT
     ensure_insert_rule INPUT -i tailscale0 -p udp --dport "${PORT}" -m comment --comment amneziawg-block-tailscale -j DROP
     ensure_append_rule INPUT -i awg0 -m comment --comment amneziawg-awg-input -j ACCEPT
@@ -100,6 +116,7 @@ data:
     fi
 
     delete_rule INPUT -i tailscale0 -p udp --dport "${PORT}" -m comment --comment amneziawg-block-tailscale -j DROP
+    delete_rule INPUT -i tailscale0 -p udp -m comment --comment amneziawg-block-tailscale -j DROP
     delete_rule INPUT -i awg0 -m comment --comment amneziawg-awg-input -j ACCEPT
     delete_rule FORWARD -i awg0 -m comment --comment amneziawg-forward-in -j ACCEPT
     delete_rule FORWARD -o awg0 -m comment --comment amneziawg-forward-out -j ACCEPT

k8s/apps/gitea/deployment.yaml

@@ -41,18 +41,18 @@ spec:
             - name: GITEA__service__REGISTER_MANUAL_CONFIRM
               value: "true"
             - name: GITEA__service__ENABLE_CAPTCHA
-              value: "false"
-            - name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
               value: "true"
+            - name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
+              value: "false"
             - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA
               value: "true"
             - name: GITEA__service__CAPTCHA_TYPE
-              value: "hcaptcha"
+              value: "cfturnstile"
             - name: GITEA__webhook__ALLOWED_HOST_LIST
               value: "*"
           envFrom:
           - secretRef:
-              name: gitea-recapcha-creds
+              name: gitea-runner-act-runner-secrets
           ports:
             - name: http
               containerPort: 3000

k8s/apps/gitea/external-secrets.yaml

@@ -13,6 +13,10 @@ spec:
       data:
         token: |-
           {{ .password }}
+        GITEA__service__CF_TURNSTILE_SITEKEY: |-
+          {{ .CF_TURNSTILE_SITEKEY }}
+        GITEA__service__CF_TURNSTILE_SECRET: |-
+          {{ .CF_TURNSTILE_SECRET }}
   data:
     - secretKey: password
       sourceRef:
@@ -22,38 +26,19 @@ spec:
       remoteRef:
         key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
         property: login.password
-
+    - secretKey: CF_TURNSTILE_SITEKEY
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: gitea-recapcha-creds
-spec:
-  refreshInterval: 1m
-  target:
-    name: gitea-recapcha-creds
-    deletionPolicy: Delete
-    template:
-      type: Opaque
-      data:
-        GITEA__service__HCAPTCHA_SITEKEY: |-
-          {{ .HCAPTCHA_SITEKEY }}
-        GITEA__service__HCAPTCHA_SECRET: |-
-          {{ .HCAPTCHA_SECRET }}
-  data:
-    - secretKey: HCAPTCHA_SITEKEY
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
+        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
-        property: login.username
+        property: fields[0].value
-    - secretKey: HCAPTCHA_SECRET
+    - secretKey: CF_TURNSTILE_SECRET
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
+        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
-        property: login.password
+        property: fields[1].value