Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-05-19 12:45:51

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -13,10 +13,13 @@ ArgoCD homelab project
 | Application | Status |
 | :--- | :---: |
 | **argocd** | [![argocd](https://ag.hexor.cy/api/badge?name=argocd&revision=true)](https://ag.hexor.cy/applications/argocd/argocd) |
+| **auth-proxy** | [![auth-proxy](https://ag.hexor.cy/api/badge?name=auth-proxy&revision=true)](https://ag.hexor.cy/applications/argocd/auth-proxy) |
 | **authentik** | [![authentik](https://ag.hexor.cy/api/badge?name=authentik&revision=true)](https://ag.hexor.cy/applications/argocd/authentik) |
 | **cert-manager** | [![cert-manager](https://ag.hexor.cy/api/badge?name=cert-manager&revision=true)](https://ag.hexor.cy/applications/argocd/cert-manager) |
 | **external-secrets** | [![external-secrets](https://ag.hexor.cy/api/badge?name=external-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/external-secrets) |
 | **gpu** | [![gpu](https://ag.hexor.cy/api/badge?name=gpu&revision=true)](https://ag.hexor.cy/applications/argocd/gpu) |
+| **kanidm** | [![kanidm](https://ag.hexor.cy/api/badge?name=kanidm&revision=true)](https://ag.hexor.cy/applications/argocd/kanidm) |
+| **keycloak** | [![keycloak](https://ag.hexor.cy/api/badge?name=keycloak&revision=true)](https://ag.hexor.cy/applications/argocd/keycloak) |
 | **kube-system-custom** | [![kube-system-custom](https://ag.hexor.cy/api/badge?name=kube-system-custom&revision=true)](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
 | **kubernetes-dashboard** | [![kubernetes-dashboard](https://ag.hexor.cy/api/badge?name=kubernetes-dashboard&revision=true)](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
 | **longhorn** | [![longhorn](https://ag.hexor.cy/api/badge?name=longhorn&revision=true)](https://ag.hexor.cy/applications/argocd/longhorn) |
@@ -62,9 +65,12 @@ ArgoCD homelab project
 | **sonarr-stack** | [![sonarr-stack](https://ag.hexor.cy/api/badge?name=sonarr-stack&revision=true)](https://ag.hexor.cy/applications/argocd/sonarr-stack) |
 | **stirling-pdf** | [![stirling-pdf](https://ag.hexor.cy/api/badge?name=stirling-pdf&revision=true)](https://ag.hexor.cy/applications/argocd/stirling-pdf) |
 | **syncthing** | [![syncthing](https://ag.hexor.cy/api/badge?name=syncthing&revision=true)](https://ag.hexor.cy/applications/argocd/syncthing) |
+| **teamspeak** | [![teamspeak](https://ag.hexor.cy/api/badge?name=teamspeak&revision=true)](https://ag.hexor.cy/applications/argocd/teamspeak) |
 | **tg-bots** | [![tg-bots](https://ag.hexor.cy/api/badge?name=tg-bots&revision=true)](https://ag.hexor.cy/applications/argocd/tg-bots) |
 | **vaultwarden** | [![vaultwarden](https://ag.hexor.cy/api/badge?name=vaultwarden&revision=true)](https://ag.hexor.cy/applications/argocd/vaultwarden) |
 | **vpn** | [![vpn](https://ag.hexor.cy/api/badge?name=vpn&revision=true)](https://ag.hexor.cy/applications/argocd/vpn) |
+| **web-petting** | [![web-petting](https://ag.hexor.cy/api/badge?name=web-petting&revision=true)](https://ag.hexor.cy/applications/argocd/web-petting) |
+| **wedding** | [![wedding](https://ag.hexor.cy/api/badge?name=wedding&revision=true)](https://ag.hexor.cy/applications/argocd/wedding) |
 | **xandikos** | [![xandikos](https://ag.hexor.cy/api/badge?name=xandikos&revision=true)](https://ag.hexor.cy/applications/argocd/xandikos) |
 
 </td>

k8s/apps/furumi-dev/deployment.yaml

@@ -1,46 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: furumi-dev-player
-  labels:
-    app: furumi-dev-player
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: furumi-dev-player
-  template:
-    metadata:
-      labels:
-        app: furumi-dev-player
-    spec:
-      nodeSelector:
-        kubernetes.io/hostname: master.tail2fe2d.ts.net
-      containers:
-        - name: furumi-dev-player
-          image: ultradesu/furumusic:latest
-          imagePullPolicy: Always
-          env:
-            - name: FURU_DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: furumi-dev-creds
-                  key: PG_STRING
-          ports:
-          - containerPort: 8000
-            name: http
-          volumeMounts:
-            - name: library
-              mountPath: /media
-            - name: inbox
-              mountPath: /inbox
-      volumes:
-        - name: library
-          hostPath:
-            path: /k8s/furumi-dev/library-new
-            type: DirectoryOrCreate
-        - name: inbox
-          hostPath:
-            path: /k8s/furumi-dev/inbox-new
-            type: DirectoryOrCreate
-

k8s/apps/furumi-dev/external-secrets.yaml

@@ -5,46 +5,46 @@ metadata:
   name: furumi-ng-creds
 spec:
   target:
-    name: furumi-dev-creds
+    name: furumi-ng-creds
     deletionPolicy: Delete
     template:
       type: Opaque
       data:
-       #OIDC_CLIENT_ID: |-
+        OIDC_CLIENT_ID: |-
-       #  {{ .client_id }}
+          {{ .client_id }}
-       #OIDC_CLIENT_SECRET: |-
+        OIDC_CLIENT_SECRET: |-
-       #  {{ .client_secret }}
+          {{ .client_secret }}
-       #OIDC_ISSUER_URL: https://idm.hexor.cy/application/o/furumi-dev/
+        OIDC_ISSUER_URL: https://idm.hexor.cy/application/o/furumi-dev/
-       #OIDC_REDIRECT_URL: https://music-dev.hexor.cy/auth/callback
+        OIDC_REDIRECT_URL: https://music-dev.hexor.cy/auth/callback
-       #OIDC_SESSION_SECRET: |-
+        OIDC_SESSION_SECRET: |-
-       #  {{ .session_secret }}
+          {{ .session_secret }}
         PG_STRING: |-
-          postgresql://furumi_dev:{{ .pg_pass }}@psql.psql.svc/furumi_dev
+          postgres://furumi_dev:{{ .pg_pass }}@psql.psql.svc:5432/furumi_dev
   data:
-  # - secretKey: client_id
+    - secretKey: client_id
-  #   sourceRef:
+      sourceRef:
-  #     storeRef:
+        storeRef:
-  #       name: vaultwarden-login
+          name: vaultwarden-login
-  #       kind: ClusterSecretStore
+          kind: ClusterSecretStore
-  #   remoteRef:
+      remoteRef:
-  #     key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
+        key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
-  #     property: fields[0].value
+        property: fields[0].value
-  # - secretKey: client_secret
+    - secretKey: client_secret
-  #   sourceRef:
+      sourceRef:
-  #     storeRef:
+        storeRef:
-  #       name: vaultwarden-login
+          name: vaultwarden-login
-  #       kind: ClusterSecretStore
+          kind: ClusterSecretStore
-  #   remoteRef:
+      remoteRef:
-  #     key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
+        key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
-  #     property: fields[1].value
+        property: fields[1].value
-  # - secretKey: session_secret
+    - secretKey: session_secret
-  #   sourceRef:
+      sourceRef:
-  #     storeRef:
+        storeRef:
-  #       name: vaultwarden-login
+          name: vaultwarden-login
-  #       kind: ClusterSecretStore
+          kind: ClusterSecretStore
-  #   remoteRef:
+      remoteRef:
-  #     key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
+        key: 960735e6-2cc9-4b68-9bd3-e6786e5a0cd6
-  #     property: fields[2].value
+        property: fields[2].value
     - secretKey: pg_pass
       sourceRef:
         storeRef:

k8s/apps/furumi-dev/ingress.yaml

@@ -1,8 +1,17 @@
 ---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: admin-strip
+spec:
+  stripPrefix:
+    prefixes:
+      - /admin
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: furumi-dev-tls-ingress
+  name: furumi-tls-ingress
   annotations:
     ingressClassName: traefik
     cert-manager.io/cluster-issuer: letsencrypt
@@ -13,15 +22,45 @@ spec:
     - host: music-dev.hexor.cy
       http:
         paths:
+          - path: /api
+            pathType: Prefix
+            backend:
+              service:
+                name: furumi-dev-web-player
+                port:
+                  number: 8080
           - path: /
             pathType: Prefix
             backend:
               service:
-                name: furumi-dev-player
+                name: furumi-dev-node-player
                 port:
-                  number: 8000
+                  number: 3001
   tls:
-    - secretName: furumi-dev-tls
+    - secretName: furumi-tls
       hosts:
-        - music-dev.hexor.cy
+        - '*.hexor.cy'
-
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: furumi-dev-admin-ingress
+  annotations:
+    ingressClassName: traefik
+    traefik.ingress.kubernetes.io/router.middlewares: furumi-server-admin-strip@kubernetescrd,kube-system-https-redirect@kubernetescrd
+spec:
+  rules:
+    - host: music-dev.hexor.cy
+      http:
+        paths:
+          - path: /admin
+            pathType: Prefix
+            backend:
+              service:
+                name: furumi-dev-metadata-agent
+                port:
+                  number: 8090
+  tls:
+    - secretName: furumi-tls
+      hosts:
+        - '*.hexor.cy'

k8s/apps/furumi-dev/kustomization.yaml

@@ -6,4 +6,6 @@ resources:
   - service.yaml
   - external-secrets.yaml
   - ingress.yaml
-  - deployment.yaml
+  - web-player.yaml
+  - node-player.yaml
+  - metadata-agent.yaml

k8s/apps/furumi-dev/metadata-agent.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: furumi-dev-metadata-agent
+  labels:
+    app: furumi-dev-metadata-agent
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: furumi-dev-metadata-agent
+  template:
+    metadata:
+      labels:
+        app: furumi-dev-metadata-agent
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+        - name: furumi-dev-metadata-agent
+          image: ultradesu/furumi-metadata-agent:dev
+          imagePullPolicy: Always
+          env:
+            - name: FURUMI_AGENT_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: PG_STRING
+            - name: FURUMI_AGENT_INBOX_DIR
+              value: "/inbox"
+            - name: FURUMI_AGENT_STORAGE_DIR
+              value: "/media"
+            - name: FURUMI_AGENT_OLLAMA_URL
+              value: "http://100.120.76.49:1234"
+            - name: FURUMI_AGENT_OLLAMA_MODEL
+              value: "qwen2.5-32b-instruct"
+            - name: FURUMI_AGENT_POLL_INTERVAL_SECS
+              value: "10"
+            - name: RUST_LOG
+              value: "info"
+          ports:
+            - name: admin-ui
+              containerPort: 8090
+              protocol: TCP
+          volumeMounts:
+            - name: library
+              mountPath: /media
+            - name: inbox
+              mountPath: /inbox
+      volumes:
+        - name: library
+          hostPath:
+            path: /k8s/furumi-dev/library
+            type: DirectoryOrCreate
+        - name: inbox
+          hostPath:
+            path: /k8s/furumi-dev/inbox
+            type: DirectoryOrCreate
+

k8s/apps/furumi-dev/node-player.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: furumi-dev-node-player
+  labels:
+    app: furumi-dev-node-player
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: furumi-dev-node-player
+  template:
+    metadata:
+      labels:
+        app: furumi-dev-node-player
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+        - name: furumi-dev-node-player
+          image: ultradesu/furumi-node-player:dev
+          imagePullPolicy: Always
+          env:
+            - name: PORT
+              value: "3001"
+            - name: BASE_URL
+              value: "https://music-dev.hexor.cy"
+            - name: FRONTEND_ORIGIN
+              value: "https://music-dev.hexor.cy"
+            - name: SESSION_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_SESSION_SECRET
+            - name: OIDC_ISSUER_BASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_ISSUER_URL
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_CLIENT_ID
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_CLIENT_SECRET
+          ports:
+            - name: http
+              containerPort: 3001
+              protocol: TCP

k8s/apps/furumi-dev/service.yaml

@@ -2,15 +2,47 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: furumi-dev-player
+  name: furumi-dev-metadata-agent
   labels:
-    app: furumi-dev-player
+    app: furumi-dev-metadata-agent
 spec:
   type: ClusterIP
   selector:
-    app: furumi-dev-player
+    app: furumi-dev-metadata-agent
+  ports:
+    - name: admin-ui
+      protocol: TCP
+      port: 8090
+      targetPort: 8090
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: furumi-dev-web-player
+  labels:
+    app: furumi-dev-web-player
+spec:
+  type: ClusterIP
+  selector:
+    app: furumi-dev-web-player
   ports:
     - name: http
       protocol: TCP
-      port: 8000
+      port: 8080
-      targetPort: 8000
+      targetPort: 8080
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: furumi-dev-node-player
+  labels:
+    app: furumi-dev-node-player
+spec:
+  type: ClusterIP
+  selector:
+    app: furumi-dev-node-player
+  ports:
+    - name: http
+      protocol: TCP
+      port: 3001
+      targetPort: 3001

k8s/apps/furumi-dev/web-player.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: furumi-dev-web-player
+  labels:
+    app: furumi-dev-web-player
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: furumi-dev-web-player
+  template:
+    metadata:
+      labels:
+        app: furumi-dev-web-player
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: master.tail2fe2d.ts.net
+      containers:
+        - name: furumi-dev-web-player
+          image: ultradesu/furumi-web-player:dev
+          imagePullPolicy: Always
+          env:
+            - name: FURUMI_PLAYER_OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_CLIENT_ID
+            - name: FURUMI_PLAYER_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_CLIENT_SECRET
+            - name: FURUMI_PLAYER_OIDC_ISSUER_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_ISSUER_URL
+            - name: FURUMI_PLAYER_OIDC_REDIRECT_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_REDIRECT_URL
+            - name: FURUMI_PLAYER_OIDC_SESSION_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: OIDC_SESSION_SECRET
+            - name: FURUMI_PLAYER_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: furumi-ng-creds
+                  key: PG_STRING
+            - name: FURUMI_PLAYER_STORAGE_DIR
+              value: "/media"
+            - name: RUST_LOG
+              value: "info"
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - name: music
+              mountPath: /media
+      volumes:
+        - name: music
+          hostPath:
+            path: /k8s/furumi-dev/library
+            type: DirectoryOrCreate

k8s/core/postgresql/external-secrets.yaml

@@ -22,18 +22,18 @@ spec:
                 'OAUTH2_CLIENT_ID': '{{ .client_id }}',
                 'OAUTH2_CLIENT_SECRET': '{{ .client_secret }}',
                 
-                'OAUTH2_TOKEN_URL': '{{ .keycloak_url }}/auth/realms/hexor/protocol/openid-connect/token',
+                'OAUTH2_TOKEN_URL': '{{ .keycloak_url }}/realms/hexor/protocol/openid-connect/token',
-                'OAUTH2_AUTHORIZATION_URL': '{{ .keycloak_url }}/auth/realms/hexor/protocol/openid-connect/auth',
+                'OAUTH2_AUTHORIZATION_URL': '{{ .keycloak_url }}/realms/hexor/protocol/openid-connect/auth',
-                'OAUTH2_SERVER_METADATA_URL': '{{ .keycloak_url }}/auth/realms/hexor/.well-known/openid-configuration',
+                'OAUTH2_SERVER_METADATA_URL': '{{ .keycloak_url }}/realms/hexor/.well-known/openid-configuration',
                 'OAUTH2_API_BASE_URL': '{{ .keycloak_url }}',
-                'OAUTH2_USERINFO_ENDPOINT': '{{ .keycloak_url }}/auth/realms/hexor/protocol/openid-connect/userinfo',
+                'OAUTH2_USERINFO_ENDPOINT': '{{ .keycloak_url }}/realms/hexor/protocol/openid-connect/userinfo',
                 
                 'OAUTH2_SCOPE': 'openid profile email',
                 'OAUTH2_USERNAME_CLAIM': 'email',
                 'OAUTH2_BUTTON_COLOR': '#000000',
                 'OAUTH2_SSL_CERT_VERIFICATION': False,
                 
-                'OAUTH2_LOGOUT_URL': '{{ .keycloak_url }}/auth/realms/hexor/protocol/openid-connect/logout',
+                'OAUTH2_LOGOUT_URL': '{{ .keycloak_url }}/realms/hexor/protocol/openid-connect/logout',
             }
           ]
   data:

terraform/keycloak/terraform.tfvars

@@ -3,8 +3,7 @@ groups = [
   "hexor-guest",
   "game-servers-managers",
   "argocd-admins",
-  "web-petting",
+  "web-petting"
-  "Furumusic-Admins"
 ]
 
 proxy_applications = {
@@ -40,15 +39,10 @@ oauth2_applications = {
     web_origins               = ["https://gf.hexor.cy"]
     post_logout_redirect_uris = ["https://gf.hexor.cy/*"]
   }
-  FuruMusic = {
-    redirect_uris             = ["https://music-dev.hexor.cy/auth/oidc/callback", "http://127.0.0.1:3000/auth/oidc/callback", "http://10.0.5.103:3000/auth/oidc/callback"]
-    web_origins               = ["https://music-dev.hexor.cy", "http://127.0.0.1:3000", "http://10.0.5.103:3000"]
-    post_logout_redirect_uris = ["https://music-dev.hexor.cy/*", "http://127.0.0.1:3000/*", "http://10.0.5.103:3000/*"]
-  }
   Web-Petting = {
-    redirect_uris             = ["https://pet.hexor.cy/admin/oidc/callback", "https://xn--l1acako8eb.xn--p1ai/admin/oidc/callback", "https://мурняня.рф/admin/oidc/callback"]
+    redirect_uris             = ["https://pet.hexor.cy/admin/oidc/callback", "https://xn--l1acako8eb.xn--p1ai/admin/oidc/callback", "https://мурняня.рф/admin/oidc/callback", "http://127.0.0.1:3000/admin/oidc/callback"]
-    web_origins               = ["https://pet.hexor.cy", "https://xn--l1acako8eb.xn--p1ai", "https://мурняня.рф", ]
+    web_origins               = ["https://pet.hexor.cy", "https://xn--l1acako8eb.xn--p1ai", "https://мурняня.рф", "http://127.0.0.1:3000"]
-    post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*"]
+    post_logout_redirect_uris = ["https://pet.hexor.cy/*", "https://xn--l1acako8eb.xn--p1ai/*", "https://мурняня.рф/*", "http://127.0.0.1:3000/*"]
   }
 }