renovate[bot]
1efb017ef0
chore(deps): renovate 2025-01-26
...
chore(deps): update helm release argo-cd to v7.7.17
chore(deps): update keycloak docker tag to v24.4.6
chore(deps): update helm release node-feature-discovery to v0.17.1
chore(deps): update sealed-secrets docker tag to v2.5.4
chore(deps): update proxmox-csi-plugin docker tag to v0.3.4
chore(deps): update dependency cert-manager/cert-manager to v1.16.3
chore(deps): update dependency siderolabs/talos to v1.9.2
chore(deps): update netbird
chore(deps): update netbirdio/relay docker tag to v0.36.3
chore(deps): update cilium to v1.16.6
chore(deps): update docker.io/adguard/adguardhome docker tag to v0.107.56
chore(deps): update media containers
chore(deps): update terraform talos to v0.7.1
chore(deps): update dependency crossplane-contrib/provider-keycloak to v1.10.1
chore(deps): update terraform proxmox to v0.70.0
2025-01-26 15:59:50 +01:00
Vegard Hagen
ee741467dd
fix(lldap): add tmp-volume for bootstrapping
2025-01-26 15:43:41 +01:00
Vegard Hagen
5ae1a6d829
fix(lldap): add hash seed
2025-01-25 15:34:28 +01:00
Vegard Hagen
e071e10538
refactor(lldap): use alpine rootless image
2025-01-20 21:46:11 +01:00
Vegard Hagen
a7ea9468e8
feat(authelia): use ldaps with lldap
...
this is kind of a pointless change, but kinda cool to try
2025-01-19 13:41:43 +01:00
Vegard Hagen
035d42adb8
test(lldap): enable ldaps
2025-01-19 11:51:17 +01:00
Vegard Hagen
5563a63f56
feat(lldap): add cnpg database for persistence
2025-01-19 10:24:12 +01:00
Vegard Hagen
baa30f0e03
feat(lldap): add a test user
2025-01-18 15:41:38 +01:00
Vegard Hagen
7a949afadd
feat(authelia): add smtp integration
2025-01-18 14:45:28 +01:00
Vegard Hagen
8da8d82bf4
feat(lldap): add smtp integration
2025-01-17 16:28:31 +01:00
Vegard Hagen
08d579c500
docs: update work in progress
2025-01-17 15:15:24 +01:00
renovate[bot]
ab7a292b60
chore(deps): renovate 2025-01-12
...
chore(deps): update keycloak docker tag to v24.4.0
chore(deps): update keycloak docker tag to v24.4.0
chore(deps): update terraform proxmox to v0.69.1
chore(deps): update terraform proxmox to v0.69.1
chore(deps): update helm release argo-cd to v7.7.15
chore(deps): update cloudflare/cloudflared docker tag to v2025
chore(deps): update media containers
2025-01-17 15:15:00 +01:00
Vegard Hagen
d816953b98
feat(authelia): harden oidc clients
2025-01-11 10:43:34 +01:00
Vegard Hagen
ae355bb427
fix(netbird): clean up configuration
2025-01-10 21:34:06 +01:00
Vegard Hagen
e658857bf8
fix(netbird): change user_id claim
2025-01-09 19:45:27 +01:00
Vegard Hagen
c483d0fa5a
feat(netbird): change oidc provider to authelia
...
This makes it possible to decommission keycloak and crossplane
2025-01-09 19:26:27 +01:00
Vegard Hagen
fee02d4b16
fix(netbird): change oidc clientId
2025-01-08 20:31:07 +01:00
Vegard Hagen
0195f99252
feat(netbird): use built-in mechanism for jwk sign key refresh
...
https://github.com/netbirdio/netbird/pull/808
2025-01-08 20:23:54 +01:00
Vegard Hagen
037fc29129
feat(netbird): remove idp-integration
...
IDP integration is not needed. Removing it might allow Authelia-integration
2025-01-08 20:16:13 +01:00
Vegard Hagen
2ec6244fca
fix(netbird): change dashboard redirect URLs
...
default callback url contains a fragment component in violation OAuth2.0 spec
https://github.com/authelia/authelia/discussions/7185#discussioncomment-11613126
14d2d68819/src/utils/config.ts (L26-L27)
2025-01-08 18:57:12 +01:00
Vegard Hagen
2674d91a48
feat(auth): enable kubectl oidc auth
2025-01-06 21:30:23 +01:00
Vegard Hagen
edd0a15345
fix(authelia): increase db disk size
2025-01-06 21:27:16 +01:00
Vegard Hagen
3c2c08b367
fix(authelia): clean up values-file
2025-01-06 20:33:26 +01:00
Vegard Hagen
ce5fc25504
feat(authelia): use a cnpg managed db
...
use a database for presistent storage of users and sessions
2025-01-06 20:14:45 +01:00
Vegard Hagen
2eacd07803
chore: format code
2025-01-05 20:01:44 +01:00
Vegard Hagen
b090a54d75
fix(coturn): only use tls-port
2025-01-05 19:53:53 +01:00
Vegard Hagen
a535a76c31
feat(coturn): use plain manifests instead of helm chart
2025-01-05 19:28:43 +01:00
Vegard Hagen
3cbc35aaf9
fix(netbird-signal): harden security
2025-01-05 15:43:44 +01:00
Vegard Hagen
c35ba49135
fix(netbird-relay): harden security
2025-01-05 15:40:20 +01:00
Vegard Hagen
a99b4c6e14
fix(netbird-management): harden security
2025-01-05 15:36:57 +01:00
Vegard Hagen
1c585e2ce4
fix(netbird-dashboard): harden security
2025-01-05 15:36:49 +01:00
Vegard Hagen
c9ffd698c8
fix(netbird-agent): allow read root fs and add sysctl
...
The agent seems to assume it's running with full root privileges,
something we don't want. Accommodate by changing manually.
2025-01-05 14:56:24 +01:00
Vegard Hagen
a89e51b027
refactor(netbird): use env-variable name as key in secrets
...
this makes the configuration less verbose
2025-01-05 12:02:11 +01:00
Vegard Hagen
56d2a42b9d
feat(netbird): replace backend helm chart with plain manifests
...
no need for all the patching anymore
2025-01-05 11:34:25 +01:00
Vegard Hagen
0149a02e4c
feat(netbird): replace dashboard helm chart with plain manifests
...
imho the chart doesn't add much here
2025-01-04 21:53:23 +01:00
Vegard Hagen
31c6b25013
fix(netbird): new agent setup key
2025-01-04 10:18:31 +01:00
Vegard Hagen
5ecf061fc3
fix(keycloak): move crossplane-keycloak-credentials to keycloak from crossplane namespace
2025-01-04 09:47:39 +01:00
Vegard Hagen
aa1a078294
feat(netbird): add relay service
...
This is a required step for solving #81
Netbird 0.29.0 added its own relay service based on websockets
2025-01-03 17:43:11 +01:00
renovate[bot]
132df0aeda
chore(deps): renovate 2025-01-03
...
chore(deps): update netbird
chore(deps): update keycloak docker tag to v24.3.2
chore(deps): update ghcr.io/authelia/authelia docker tag to v4.38.18
chore(deps): update proxmox-csi-plugin docker tag to v0.3.1
chore(deps): update helm release argo-cd to v7.7.12
2025-01-03 15:50:26 +01:00
Vegard Hagen
15adc6f863
feat(netbird): configuring oidc-clients using new XOidcClient composition
2025-01-03 15:24:19 +01:00
Vegard Hagen
bff741753a
feat(crossplane): try to organise crossplane crds
...
also add a keycloak-oidc-client composition
2025-01-03 14:55:12 +01:00
Vegard Hagen
253e65a708
fix(keycloak): update crossplane keycloak-provider
2025-01-03 13:50:47 +01:00
Vegard Hagen
b07b728855
fix(netbird): update oidc client
...
trying to fix id_token_hint error with keycloak
2025-01-03 10:13:39 +01:00
Vegard Hagen
e4fbd938c1
fix(dns): tweak unbound setting again
...
Still some intermittent issues with DNS-resolving
2025-01-02 14:38:58 +01:00
renovate[bot]
668f052356
chore(deps): renovate PRs december 26th
...
chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-12-24-debian-rootless
chore(deps): update helm release cert-manager to v1.16.2
chore(deps): update keycloak docker tag to v24.3.1
chore(deps): update terraform proxmox to v0.69.0
chore(deps): update cloudflare/cloudflared docker tag to v2024.12.2
chore(deps): update media containers
chore(deps): update cilium to v1.16.5
chore(deps): update netbird
chore(deps): update helm release argo-cd to v7.7.11
chore(deps): update helm release authelia to v0.9.14
chore(deps): update docker.io/adguard/adguardhome docker tag to v0.107.55
chore(deps): update helm release crossplane to v1.18.2
chore(deps): update dependency crossplane-contrib/function-auto-ready to v0.4.0
chore(deps): update helm release cloudnative-pg to v0.23.0
chore(deps): update helm release node-feature-discovery to v0.17.0
chore(deps): update dependency siderolabs/talos to v1.9.1
chore(deps): update registry.k8s.io/git-sync/git-sync docker tag to v4.4.0
chore(deps): update proxmox-csi-plugin docker tag to v0.3.0
chore(deps): update sealed-secrets docker tag to v2.5.0
chore(deps): update terraform kubernetes to v2.35.1
chore(deps): update terraform talos to v0.7.0
fix(lldap): correct avatar url
2024-12-26 22:36:44 +01:00
Vegard Hagen
48b6fc376a
fix(vpn): remove security context for agent
2024-12-12 20:02:56 +01:00
Vegard Hagen
02eb0a62d7
fix(vpn): remove read only root fs for netbird agent
2024-12-12 20:02:56 +01:00
Vegard Hagen
eb74b5baff
fix(dns): tweak dns settingss after update
2024-12-12 20:02:38 +01:00
Vegard Hagen
e48986a5a2
feat(authelia): add kubectl oidc account
2024-12-01 22:33:36 +01:00
Vegard Hagen
ffa170117b
fix(keycloak): new postgres volume
2024-12-01 21:48:26 +01:00
