Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gitea Actions Bot
|
429a073faf | ||
 ab
|
78c1519398 | ||
|
ab
|
d8a5a916e1 | ||
|
ab
|
a840dd674a | ||
|
ab
|
a094d3b925 | ||
|
ab
|
9508a8483c | ||
|
ab
|
c5919259f6 |
@@ -42,6 +42,7 @@ ArgoCD homelab project
|
||||
|
||||
| Application | Status |
|
||||
| :--- | :---: |
|
||||
| **amnezia** | [](https://ag.hexor.cy/applications/argocd/amnezia) |
|
||||
| **comfyui** | [](https://ag.hexor.cy/applications/argocd/comfyui) |
|
||||
| **furumi** | [](https://ag.hexor.cy/applications/argocd/furumi) |
|
||||
| **gitea** | [](https://ag.hexor.cy/applications/argocd/gitea) |
|
||||
@@ -53,6 +54,7 @@ ArgoCD homelab project
|
||||
| **k8s-secrets** | [](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
|
||||
| **khm** | [](https://ag.hexor.cy/applications/argocd/khm) |
|
||||
| **lidarr** | [](https://ag.hexor.cy/applications/argocd/lidarr) |
|
||||
| **llamacpp** | [](https://ag.hexor.cy/applications/argocd/llamacpp) |
|
||||
| **matrix** | [](https://ag.hexor.cy/applications/argocd/matrix) |
|
||||
| **mtproxy** | [](https://ag.hexor.cy/applications/argocd/mtproxy) |
|
||||
| **n8n** | [](https://ag.hexor.cy/applications/argocd/n8n) |
|
||||
|
||||
@@ -41,18 +41,18 @@ spec:
|
||||
- name: GITEA__service__REGISTER_MANUAL_CONFIRM
|
||||
value: "true"
|
||||
- name: GITEA__service__ENABLE_CAPTCHA
|
||||
value: "false"
|
||||
- name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
|
||||
value: "true"
|
||||
- name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
|
||||
value: "false"
|
||||
- name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA
|
||||
value: "true"
|
||||
- name: GITEA__service__CAPTCHA_TYPE
|
||||
value: "hcaptcha"
|
||||
value: "cfturnstile"
|
||||
- name: GITEA__webhook__ALLOWED_HOST_LIST
|
||||
value: "*"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: gitea-recapcha-creds
|
||||
name: gitea-runner-act-runner-secrets
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
|
||||
@@ -13,6 +13,10 @@ spec:
|
||||
data:
|
||||
token: |-
|
||||
{{ .password }}
|
||||
GITEA__service__CF_TURNSTILE_SITEKEY: |-
|
||||
{{ .CF_TURNSTILE_SITEKEY }}
|
||||
GITEA__service__CF_TURNSTILE_SECRET: |-
|
||||
{{ .CF_TURNSTILE_SECRET }}
|
||||
data:
|
||||
- secretKey: password
|
||||
sourceRef:
|
||||
@@ -22,38 +26,19 @@ spec:
|
||||
remoteRef:
|
||||
key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
|
||||
property: login.password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-recapcha-creds
|
||||
spec:
|
||||
refreshInterval: 1m
|
||||
target:
|
||||
name: gitea-recapcha-creds
|
||||
deletionPolicy: Delete
|
||||
template:
|
||||
type: Opaque
|
||||
data:
|
||||
GITEA__service__HCAPTCHA_SITEKEY: |-
|
||||
{{ .HCAPTCHA_SITEKEY }}
|
||||
GITEA__service__HCAPTCHA_SECRET: |-
|
||||
{{ .HCAPTCHA_SECRET }}
|
||||
data:
|
||||
- secretKey: HCAPTCHA_SITEKEY
|
||||
- secretKey: CF_TURNSTILE_SITEKEY
|
||||
sourceRef:
|
||||
storeRef:
|
||||
name: vaultwarden-login
|
||||
kind: ClusterSecretStore
|
||||
remoteRef:
|
||||
key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
|
||||
property: login.username
|
||||
- secretKey: HCAPTCHA_SECRET
|
||||
key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
|
||||
property: fields[0].value
|
||||
- secretKey: CF_TURNSTILE_SECRET
|
||||
sourceRef:
|
||||
storeRef:
|
||||
name: vaultwarden-login
|
||||
kind: ClusterSecretStore
|
||||
remoteRef:
|
||||
key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
|
||||
property: login.password
|
||||
key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
|
||||
property: fields[1].value
|
||||
|
||||
@@ -0,0 +1,45 @@
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: auth-proxy
|
||||
spec:
|
||||
forwardAuth:
|
||||
address: http://auth-proxy.auth-proxy.svc:80/auth
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-Auth-Request-User
|
||||
- X-Auth-Request-Email
|
||||
- X-Auth-Request-Groups
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: prometheus
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`prom.hexor.cy`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: auth-proxy
|
||||
services:
|
||||
- name: prometheus-kube-prometheus-prometheus
|
||||
port: 9090
|
||||
tls:
|
||||
secretName: prometheus-tls
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: prometheus-tls
|
||||
spec:
|
||||
secretName: prometheus-tls
|
||||
issuerRef:
|
||||
name: letsencrypt
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- prom.hexor.cy
|
||||
@@ -4,6 +4,7 @@ kind: Kustomization
|
||||
resources:
|
||||
- persistentVolume.yaml
|
||||
- external-secrets.yaml
|
||||
- ingress.yaml
|
||||
- grafana-alerting-configmap.yaml
|
||||
- alertmanager-config.yaml
|
||||
- dashboards/telemt-dashboard-cm.yaml
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
|
||||
alertmanager:
|
||||
config:
|
||||
global:
|
||||
@@ -25,7 +24,7 @@ alertmanager:
|
||||
{{ end }}
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
enabled: false
|
||||
ingressClassName: traefik
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
@@ -46,7 +45,7 @@ alertmanager:
|
||||
|
||||
prometheus:
|
||||
ingress:
|
||||
enabled: true
|
||||
enabled: false
|
||||
ingressClassName: traefik
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
|
||||
@@ -16,6 +16,10 @@ proxy_applications = {
|
||||
domain = "pass.hexor.cy"
|
||||
allowed_groups = ["hexor-admin", "app-pass"]
|
||||
}
|
||||
Prometheus = {
|
||||
domain = "prom.hexor.cy"
|
||||
allowed_groups = ["hexor-admin"]
|
||||
}
|
||||
}
|
||||
|
||||
oauth2_applications = {
|
||||
|
||||
Reference in New Issue
Block a user