scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-10-29 09:02:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
323 Commits 3 Branches 1 Tag
c9ffd698c8fe9ec504b653babdbe7c3c484ed6c4
Commit Graph

323 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vegard Hagen
c9ffd698c8 fix(netbird-agent): allow read root fs and add sysctl 
The agent seems to assume it's running with full root privileges,
something we don't want. Accommodate by changing manually.
 2025-01-05 14:56:24 +01:00
Vegard Hagen
a89e51b027 refactor(netbird): use env-variable name as key in secrets 
this makes the configuration less verbose
 2025-01-05 12:02:11 +01:00
Vegard Hagen
56d2a42b9d feat(netbird): replace backend helm chart with plain manifests 
no need for all the patching anymore
 2025-01-05 11:34:25 +01:00
Vegard Hagen
0149a02e4c feat(netbird): replace dashboard helm chart with plain manifests 
imho the chart doesn't add much here
 2025-01-04 21:53:23 +01:00
Vegard Hagen
31c6b25013 fix(netbird): new agent setup key 2025-01-04 10:18:31 +01:00
Vegard Hagen
5ecf061fc3 fix(keycloak): move crossplane-keycloak-credentials to keycloak from crossplane namespace 2025-01-04 09:47:39 +01:00
Vegard Hagen
aa1a078294 feat(netbird): add relay service 
This is a required step for solving #81

Netbird 0.29.0 added its own relay service based on websockets
 2025-01-03 17:43:11 +01:00
renovate[bot]
132df0aeda chore(deps): renovate 2025-01-03 
chore(deps): update netbird

chore(deps): update keycloak docker tag to v24.3.2

chore(deps): update ghcr.io/authelia/authelia docker tag to v4.38.18

chore(deps): update proxmox-csi-plugin docker tag to v0.3.1

chore(deps): update helm release argo-cd to v7.7.12
 2025-01-03 15:50:26 +01:00
Vegard Hagen
15adc6f863 feat(netbird): configuring oidc-clients using new XOidcClient composition 2025-01-03 15:24:19 +01:00
Vegard Hagen
bff741753a feat(crossplane): try to organise crossplane crds 
also add a keycloak-oidc-client composition
 2025-01-03 14:55:12 +01:00
Vegard Hagen
253e65a708 fix(keycloak): update crossplane keycloak-provider 2025-01-03 13:50:47 +01:00
Vegard Hagen
b07b728855 fix(netbird): update oidc client 
trying to fix id_token_hint error with keycloak
 2025-01-03 10:13:39 +01:00
Vegard Hagen
e4fbd938c1 fix(dns): tweak unbound setting again 
Still some intermittent issues with DNS-resolving
 2025-01-02 14:38:58 +01:00
renovate[bot]
668f052356 chore(deps): renovate PRs december 26th 
chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-12-24-debian-rootless

chore(deps): update helm release cert-manager to v1.16.2

chore(deps): update keycloak docker tag to v24.3.1

chore(deps): update terraform proxmox to v0.69.0

chore(deps): update cloudflare/cloudflared docker tag to v2024.12.2

chore(deps): update media containers

chore(deps): update cilium to v1.16.5

chore(deps): update netbird

chore(deps): update helm release argo-cd to v7.7.11

chore(deps): update helm release authelia to v0.9.14

chore(deps): update docker.io/adguard/adguardhome docker tag to v0.107.55

chore(deps): update helm release crossplane to v1.18.2

chore(deps): update dependency crossplane-contrib/function-auto-ready to v0.4.0

chore(deps): update helm release cloudnative-pg to v0.23.0

chore(deps): update helm release node-feature-discovery to v0.17.0

chore(deps): update dependency siderolabs/talos to v1.9.1

chore(deps): update registry.k8s.io/git-sync/git-sync docker tag to v4.4.0

chore(deps): update proxmox-csi-plugin docker tag to v0.3.0

chore(deps): update sealed-secrets docker tag to v2.5.0

chore(deps): update terraform kubernetes to v2.35.1

chore(deps): update terraform talos to v0.7.0

fix(lldap): correct avatar url
 2024-12-26 22:36:44 +01:00
Vegard Hagen
48b6fc376a fix(vpn): remove security context for agent 2024-12-12 20:02:56 +01:00
Vegard Hagen
02eb0a62d7 fix(vpn): remove read only root fs for netbird agent 2024-12-12 20:02:56 +01:00
Vegard Hagen
eb74b5baff fix(dns): tweak dns settingss after update 2024-12-12 20:02:38 +01:00
Vegard Hagen
e48986a5a2 feat(authelia): add kubectl oidc account 2024-12-01 22:33:36 +01:00
Vegard Hagen
ffa170117b fix(keycloak): new postgres volume 2024-12-01 21:48:26 +01:00
renovate[bot]
acd6052af7 chore(deps): merge renovate PRs 
chore(deps): update keycloak docker tag to v24

chore(deps): update sealed-secrets docker tag to v2.4.11

chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-11-17-debian-rootless

chore(deps): update helm release argo-cd to v7.7.3

chore(deps): update netbird to v0.32.0

chore(deps): update dependency siderolabs/talos to v1.8.3

chore(deps): update media containers
 2024-11-17 17:03:36 +01:00
Sebastian Klamar
1d3f025625 feat(renovate): rebase stale PRs 
use renovate's :rebaseStalePrs option for rebasing existing PRs any time the base branch has been updated
 2024-11-17 17:03:36 +01:00
Milos Milosavljevic
1a46529d96 fix(cert-manager): remove deprecated flag 
cert-manager deprecated flag

Gateway API CRDs

Correction
 2024-11-17 17:03:35 +01:00
Vegard Stenhjem Hagen
694d56b32d fix: update renovate syntax 2024-11-17 17:03:35 +01:00
renovate[bot]
d898ef76e9 chore(deps): renovate bonanza 
chore(deps): update helm release intel-device-plugins-operator to v0.31.1

chore(deps): update helm release intel-device-plugins-gpu to v0.31.1

chore(deps): update docker.io/adguard/adguardhome docker tag to v0.107.53

chore(deps): update sealed-secrets docker tag to v2.4.9

chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-11-04-debian-rootless

chore(deps): update docker.io/adguard/adguardhome docker tag to v0.107.54

chore(deps): update cloudflare/cloudflared docker tag to v2024.11.0

chore(deps): update ghcr.io/authelia/authelia docker tag to v4.38.17

chore(deps): update helm release authelia to v0.9.9

chore(deps): update helm release cert-manager to v1.16.1

chore(deps): update dependency cilium/cilium to v1.16.3

chore(deps): update dependency intel/intel-device-plugins-for-kubernetes to v0.31.1

chore(deps): update helm release cloudnative-pg to v0.22.1

chore(deps): update dependency umputun/remark42 to v1.14.0

chore(deps): update helm release node-feature-discovery to v0.16.6

chore(deps): update terraform talos to v0.6.1

chore(deps): update dependency siderolabs/talos to v1.8.2

chore(deps): update terraform proxmox to v0.66.3

chore(deps): update helm release argo-cd to v7.7.0

chore(deps): update terraform kubernetes to v2.33.0

chore(deps): update registry.k8s.io/git-sync/git-sync docker tag to v4.3.0

chore(deps): update docker.io/mvance/unbound docker tag to v1.22.0

chore(deps): update helm release crossplane to v1.18.0

chore(deps): update media containers

chore(deps): update netbird

chore(deps): update ghcr.io/onedr0p/qbittorrent docker tag to v5

chore(deps): update helm release coturn to v1

chore(config): migrate config renovate.json
 2024-11-17 17:03:35 +01:00
Vegard Hagen
4dd769fdf7 feat: add extra admin user 2024-11-17 17:03:35 +01:00
Vegard Hagen
237a321ec3 chore(qBit): downgrade to 4.6.5 2024-11-17 17:03:35 +01:00
Vegard Hagen
0c19b80b75 feat(authelia): add "optional" secrets in config 2024-11-17 17:03:35 +01:00
Vegard Hagen
403d32b9ed feat(authelia): make cert-manager generate jwks 2024-11-17 17:03:35 +01:00
Vegard Hagen
140fbc249b feat(tofu): use new talos_image_factory_schematic resource 
talos provider 0.6 added a new resource for generating the image schematic id
 2024-11-17 17:03:34 +01:00
Vegard Hagen
8d8e0ca87a fix(authelia): add access_control policy rule 2024-11-17 17:03:34 +01:00
Vegard Hagen
996bf85daf chore(talos): upgrade last node ctrl-00 
Regular 'terraform apply' was enough this time

We're now on Talos 1.8.1 and Kubernetes 1.31.1
 2024-11-17 17:03:34 +01:00
Vegard Hagen
4c8066a130 chore(talos): upgrade node ctrl-02 
It worked with 'tofu apply -refresh=false'! Still had to manually shut down the VM though. Still scary!
 2024-11-17 17:03:34 +01:00
Vegard Hagen
094d72abdf chore(talos): upgrade node ctrl-01 
start manual talos upgrade process

Issue with upgrading 'endppoint' node (ctrl-02) since API becomes unresponsive. Either do proper LB or maybe 'tofu apply -refresh=false'
 2024-11-17 17:03:34 +01:00
renovate[bot]
d291132624 chore(deps): merge renovate PRs 
chore(deps): update netbird

chore(deps): update helm release crossplane to v1.17.1

chore(deps): update media containers

chore(deps): update dependency crossplane-contrib/function-auto-ready to v0.3.0

chore(deps): update helm release argo-cd to v7.6.8

chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-10-10-debian-rootless

chore(deps): update proxmox-csi-plugin docker tag to v0.2.13

chore(deps): update ghcr.io/authelia/authelia docker tag to v4.38.16

chore(deps): update terraform proxmox to v0.66.1

chore(deps): update terraform talos to v0.6.0

chore(deps): update dependency cilium/cilium to v1.16.2

chore(deps): update dependency siderolabs/talos to v1.8.1
 2024-11-17 17:03:34 +01:00
Vegard Hagen
6d137906d1 feat(authelia): add ES256 jwk and use it 2024-11-17 17:03:34 +01:00
Vegard Hagen
cbf1210859 fix(cert-manager): update API token 2024-11-17 17:03:34 +01:00
Vegard Hagen
9a92b48c97 feat(authelia): enable 2FA 2024-11-17 17:03:33 +01:00
Vegard Hagen
d077f4b035 feat(authelia): add ES256 jwk 2024-11-17 17:03:33 +01:00
Vegard Hagen
e0ce01c80f fix(oidc): conceal jwks signing key 2024-11-17 17:03:33 +01:00
Vegard Hagen
53855a6d27 fix(oidc): conceal argo cd client secret 2024-11-17 17:03:33 +01:00
Vegard Hagen
86395edc1f feat(authelia): add Argo CD client 2024-11-17 17:03:33 +01:00
Vegard Hagen
c88403691b feat(lldap): create and use own authelia user 2024-11-17 17:03:33 +01:00
Vegard Hagen
ba69146b4b feat(auth): add Authelia for OIDC 
Use Authelia in an attempt to replace Keycloak. Kanidm is another alternative we're going to try later.
 2024-11-17 17:03:33 +01:00
Vegard Hagen
6ac8652e24 chore(torrent): change torrent ports 2024-11-17 17:03:32 +01:00
Vegard Hagen
c524a6ab65 feat(cilium): enable maglev loadBalancer 
Maglev Consistent Hashing should improve resiliency in case of failures https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/\#maglev-consistent-hashing
 2024-11-17 17:03:32 +01:00
Vegard Hagen
af79c5b906 fix(argocd): turn on server-side diff 
https://argo-cd.readthedocs.io/en/latest/user-guide/diff-strategies/\#server-side-diff

This should solve out-of-sync for e.g. Cilium ref https://github.com/argoproj/argo-cd/issues/19038
 2024-11-17 17:03:32 +01:00
renovate[bot]
d6d5a2ad02 chore(deps): merge renovate PRs 
chore(deps): update terraform restapi to v1.20.0

chore(deps): update cloudflare/cloudflared docker tag to v2024.9.1

chore(deps): update terraform proxmox to v0.64.0

chore(deps): update keycloak docker tag to v22.2.3

chore(deps): update sealed-secrets docker tag to v2.4.6

chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-09-11

chore(deps): update media containers

chore(deps): update terraform talos to v0.6.0-beta.0

chore(deps): update helm release argo-cd to v7.5.2

chore(deps): update helm release crossplane to v1.17.0
 2024-11-17 17:03:32 +01:00
Vegard Hagen
ddb7f0fd9f feat(lldap): bootstrap lldap users with script 2024-11-17 17:03:32 +01:00
Vegard Hagen
2a3f01736d feat(ldap): add lldap as ldap server 2024-11-17 17:03:32 +01:00
Vegard Hagen
1d0ae6d437 feat(cnpg): configure test-database for external connection 2024-11-17 17:03:32 +01:00