Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-06-17 23:08:39

This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.

README.md

@@ -42,6 +42,7 @@ ArgoCD homelab project
 
 | Application | Status |
 | :--- | :---: |
+| **amnezia** | [![amnezia](https://ag.hexor.cy/api/badge?name=amnezia&revision=true)](https://ag.hexor.cy/applications/argocd/amnezia) |
 | **comfyui** | [![comfyui](https://ag.hexor.cy/api/badge?name=comfyui&revision=true)](https://ag.hexor.cy/applications/argocd/comfyui) |
 | **furumi** | [![furumi](https://ag.hexor.cy/api/badge?name=furumi&revision=true)](https://ag.hexor.cy/applications/argocd/furumi) |
 | **gitea** | [![gitea](https://ag.hexor.cy/api/badge?name=gitea&revision=true)](https://ag.hexor.cy/applications/argocd/gitea) |
@@ -53,6 +54,7 @@ ArgoCD homelab project
 | **k8s-secrets** | [![k8s-secrets](https://ag.hexor.cy/api/badge?name=k8s-secrets&revision=true)](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
 | **khm** | [![khm](https://ag.hexor.cy/api/badge?name=khm&revision=true)](https://ag.hexor.cy/applications/argocd/khm) |
 | **lidarr** | [![lidarr](https://ag.hexor.cy/api/badge?name=lidarr&revision=true)](https://ag.hexor.cy/applications/argocd/lidarr) |
+| **llamacpp** | [![llamacpp](https://ag.hexor.cy/api/badge?name=llamacpp&revision=true)](https://ag.hexor.cy/applications/argocd/llamacpp) |
 | **matrix** | [![matrix](https://ag.hexor.cy/api/badge?name=matrix&revision=true)](https://ag.hexor.cy/applications/argocd/matrix) |
 | **mtproxy** | [![mtproxy](https://ag.hexor.cy/api/badge?name=mtproxy&revision=true)](https://ag.hexor.cy/applications/argocd/mtproxy) |
 | **n8n** | [![n8n](https://ag.hexor.cy/api/badge?name=n8n&revision=true)](https://ag.hexor.cy/applications/argocd/n8n) |

k8s/apps/gitea/deployment.yaml

@@ -41,18 +41,18 @@ spec:
             - name: GITEA__service__REGISTER_MANUAL_CONFIRM
               value: "true"
             - name: GITEA__service__ENABLE_CAPTCHA
-              value: "true"
-            - name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
               value: "false"
+            - name: GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN
+              value: "true"
             - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA
               value: "true"
             - name: GITEA__service__CAPTCHA_TYPE
-              value: "cfturnstile"
+              value: "hcaptcha"
             - name: GITEA__webhook__ALLOWED_HOST_LIST
               value: "*"
           envFrom:
           - secretRef:
-              name: gitea-runner-act-runner-secrets
+              name: gitea-recapcha-creds
           ports:
             - name: http
               containerPort: 3000

k8s/apps/gitea/external-secrets.yaml

@@ -13,10 +13,6 @@ spec:
       data:
         token: |-
           {{ .password }}
-        GITEA__service__CF_TURNSTILE_SITEKEY: |-
-          {{ .CF_TURNSTILE_SITEKEY }}
-        GITEA__service__CF_TURNSTILE_SECRET: |-
-          {{ .CF_TURNSTILE_SECRET }}
   data:
     - secretKey: password
       sourceRef:
@@ -26,19 +22,38 @@ spec:
       remoteRef:
         key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
         property: login.password
-    - secretKey: CF_TURNSTILE_SITEKEY
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: gitea-recapcha-creds
+spec:
+  refreshInterval: 1m
+  target:
+    name: gitea-recapcha-creds
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        GITEA__service__HCAPTCHA_SITEKEY: |-
+          {{ .HCAPTCHA_SITEKEY }}
+        GITEA__service__HCAPTCHA_SECRET: |-
+          {{ .HCAPTCHA_SECRET }}
+  data:
+    - secretKey: HCAPTCHA_SITEKEY
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
+        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
-        property: fields[0].value
+        property: login.username
-    - secretKey: CF_TURNSTILE_SECRET
+    - secretKey: HCAPTCHA_SECRET
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
+        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
-        property: fields[1].value
+        property: login.password

k8s/core/prom-stack/ingress.yaml

@@ -1,45 +0,0 @@
----
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: auth-proxy
-spec:
-  forwardAuth:
-    address: http://auth-proxy.auth-proxy.svc:80/auth
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-Auth-Request-User
-      - X-Auth-Request-Email
-      - X-Auth-Request-Groups
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: prometheus
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`prom.hexor.cy`)
-      kind: Rule
-      middlewares:
-        - name: auth-proxy
-      services:
-        - name: prometheus-kube-prometheus-prometheus
-          port: 9090
-  tls:
-    secretName: prometheus-tls
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: prometheus-tls
-spec:
-  secretName: prometheus-tls
-  issuerRef:
-    name: letsencrypt
-    kind: ClusterIssuer
-  dnsNames:
-    - prom.hexor.cy

k8s/core/prom-stack/kustomization.yaml

@@ -4,7 +4,6 @@ kind: Kustomization
 resources:
   - persistentVolume.yaml
   - external-secrets.yaml
-  - ingress.yaml
   - grafana-alerting-configmap.yaml
   - alertmanager-config.yaml
   - dashboards/telemt-dashboard-cm.yaml

k8s/core/prom-stack/prom-values.yaml

@@ -1,3 +1,4 @@
+
 alertmanager:
   config:
     global:
@@ -24,7 +25,7 @@ alertmanager:
               {{ end }}
 
   ingress:
-    enabled: false
+    enabled: true
     ingressClassName: traefik
     annotations:
       cert-manager.io/cluster-issuer: letsencrypt
@@ -45,7 +46,7 @@ alertmanager:
 
 prometheus:
   ingress:
-    enabled: false
+    enabled: true
     ingressClassName: traefik
     annotations:
       cert-manager.io/cluster-issuer: letsencrypt

terraform/keycloak/terraform.tfvars

@@ -16,10 +16,6 @@ proxy_applications = {
     domain         = "pass.hexor.cy"
     allowed_groups = ["hexor-admin", "app-pass"]
   }
-  Prometheus = {
-    domain         = "prom.hexor.cy"
-    allowed_groups = ["hexor-admin"]
-  }
 }
 
 oauth2_applications = {