scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-10-29 09:02:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
340 Commits 3 Branches 1 Tag
e658857bf897065e8ab8cd8f390bdc63509e946e
Commit Graph

340 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vegard Hagen
e658857bf8 fix(netbird): change user_id claim 2025-01-09 19:45:27 +01:00
Vegard Hagen
c483d0fa5a feat(netbird): change oidc provider to authelia 
This makes it possible to decommission keycloak and crossplane
 2025-01-09 19:26:27 +01:00
Vegard Hagen
fee02d4b16 fix(netbird): change oidc clientId 2025-01-08 20:31:07 +01:00
Vegard Hagen
0195f99252 feat(netbird): use built-in mechanism for jwk sign key refresh 
https://github.com/netbirdio/netbird/pull/808
 2025-01-08 20:23:54 +01:00
Vegard Hagen
037fc29129 feat(netbird): remove idp-integration 
IDP integration is not needed. Removing it might allow Authelia-integration
 2025-01-08 20:16:13 +01:00
Vegard Hagen
2ec6244fca fix(netbird): change dashboard redirect URLs 
default callback url contains a fragment component in violation OAuth2.0 spec

https://github.com/authelia/authelia/discussions/7185#discussioncomment-11613126

14d2d68819/src/utils/config.ts (L26-L27)
 2025-01-08 18:57:12 +01:00
Vegard Hagen
2674d91a48 feat(auth): enable kubectl oidc auth 2025-01-06 21:30:23 +01:00
Vegard Hagen
edd0a15345 fix(authelia): increase db disk size 2025-01-06 21:27:16 +01:00
Vegard Hagen
3c2c08b367 fix(authelia): clean up values-file 2025-01-06 20:33:26 +01:00
Vegard Hagen
ce5fc25504 feat(authelia): use a cnpg managed db 
use a database for presistent storage of users and sessions
 2025-01-06 20:14:45 +01:00
Vegard Hagen
2eacd07803 chore: format code 2025-01-05 20:01:44 +01:00
Vegard Hagen
b090a54d75 fix(coturn): only use tls-port 2025-01-05 19:53:53 +01:00
Vegard Hagen
a535a76c31 feat(coturn): use plain manifests instead of helm chart 2025-01-05 19:28:43 +01:00
Vegard Hagen
3cbc35aaf9 fix(netbird-signal): harden security 2025-01-05 15:43:44 +01:00
Vegard Hagen
c35ba49135 fix(netbird-relay): harden security 2025-01-05 15:40:20 +01:00
Vegard Hagen
a99b4c6e14 fix(netbird-management): harden security 2025-01-05 15:36:57 +01:00
Vegard Hagen
1c585e2ce4 fix(netbird-dashboard): harden security 2025-01-05 15:36:49 +01:00
Vegard Hagen
c9ffd698c8 fix(netbird-agent): allow read root fs and add sysctl 
The agent seems to assume it's running with full root privileges,
something we don't want. Accommodate by changing manually.
 2025-01-05 14:56:24 +01:00
Vegard Hagen
a89e51b027 refactor(netbird): use env-variable name as key in secrets 
this makes the configuration less verbose
 2025-01-05 12:02:11 +01:00
Vegard Hagen
56d2a42b9d feat(netbird): replace backend helm chart with plain manifests 
no need for all the patching anymore
 2025-01-05 11:34:25 +01:00
Vegard Hagen
0149a02e4c feat(netbird): replace dashboard helm chart with plain manifests 
imho the chart doesn't add much here
 2025-01-04 21:53:23 +01:00
Vegard Hagen
31c6b25013 fix(netbird): new agent setup key 2025-01-04 10:18:31 +01:00
Vegard Hagen
5ecf061fc3 fix(keycloak): move crossplane-keycloak-credentials to keycloak from crossplane namespace 2025-01-04 09:47:39 +01:00
Vegard Hagen
aa1a078294 feat(netbird): add relay service 
This is a required step for solving #81

Netbird 0.29.0 added its own relay service based on websockets
 2025-01-03 17:43:11 +01:00
renovate[bot]
132df0aeda chore(deps): renovate 2025-01-03 
chore(deps): update netbird

chore(deps): update keycloak docker tag to v24.3.2

chore(deps): update ghcr.io/authelia/authelia docker tag to v4.38.18

chore(deps): update proxmox-csi-plugin docker tag to v0.3.1

chore(deps): update helm release argo-cd to v7.7.12
 2025-01-03 15:50:26 +01:00
Vegard Hagen
15adc6f863 feat(netbird): configuring oidc-clients using new XOidcClient composition 2025-01-03 15:24:19 +01:00
Vegard Hagen
bff741753a feat(crossplane): try to organise crossplane crds 
also add a keycloak-oidc-client composition
 2025-01-03 14:55:12 +01:00
Vegard Hagen
253e65a708 fix(keycloak): update crossplane keycloak-provider 2025-01-03 13:50:47 +01:00
Vegard Hagen
b07b728855 fix(netbird): update oidc client 
trying to fix id_token_hint error with keycloak
 2025-01-03 10:13:39 +01:00
Vegard Hagen
e4fbd938c1 fix(dns): tweak unbound setting again 
Still some intermittent issues with DNS-resolving
 2025-01-02 14:38:58 +01:00
renovate[bot]
668f052356 chore(deps): renovate PRs december 26th 
chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-12-24-debian-rootless

chore(deps): update helm release cert-manager to v1.16.2

chore(deps): update keycloak docker tag to v24.3.1

chore(deps): update terraform proxmox to v0.69.0

chore(deps): update cloudflare/cloudflared docker tag to v2024.12.2

chore(deps): update media containers

chore(deps): update cilium to v1.16.5

chore(deps): update netbird

chore(deps): update helm release argo-cd to v7.7.11

chore(deps): update helm release authelia to v0.9.14

chore(deps): update docker.io/adguard/adguardhome docker tag to v0.107.55

chore(deps): update helm release crossplane to v1.18.2

chore(deps): update dependency crossplane-contrib/function-auto-ready to v0.4.0

chore(deps): update helm release cloudnative-pg to v0.23.0

chore(deps): update helm release node-feature-discovery to v0.17.0

chore(deps): update dependency siderolabs/talos to v1.9.1

chore(deps): update registry.k8s.io/git-sync/git-sync docker tag to v4.4.0

chore(deps): update proxmox-csi-plugin docker tag to v0.3.0

chore(deps): update sealed-secrets docker tag to v2.5.0

chore(deps): update terraform kubernetes to v2.35.1

chore(deps): update terraform talos to v0.7.0

fix(lldap): correct avatar url
 2024-12-26 22:36:44 +01:00
Vegard Hagen
48b6fc376a fix(vpn): remove security context for agent 2024-12-12 20:02:56 +01:00
Vegard Hagen
02eb0a62d7 fix(vpn): remove read only root fs for netbird agent 2024-12-12 20:02:56 +01:00
Vegard Hagen
eb74b5baff fix(dns): tweak dns settingss after update 2024-12-12 20:02:38 +01:00
Vegard Hagen
e48986a5a2 feat(authelia): add kubectl oidc account 2024-12-01 22:33:36 +01:00
Vegard Hagen
ffa170117b fix(keycloak): new postgres volume 2024-12-01 21:48:26 +01:00
renovate[bot]
acd6052af7 chore(deps): merge renovate PRs 
chore(deps): update keycloak docker tag to v24

chore(deps): update sealed-secrets docker tag to v2.4.11

chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-11-17-debian-rootless

chore(deps): update helm release argo-cd to v7.7.3

chore(deps): update netbird to v0.32.0

chore(deps): update dependency siderolabs/talos to v1.8.3

chore(deps): update media containers
 2024-11-17 17:03:36 +01:00
Sebastian Klamar
1d3f025625 feat(renovate): rebase stale PRs 
use renovate's :rebaseStalePrs option for rebasing existing PRs any time the base branch has been updated
 2024-11-17 17:03:36 +01:00
Milos Milosavljevic
1a46529d96 fix(cert-manager): remove deprecated flag 
cert-manager deprecated flag

Gateway API CRDs

Correction
 2024-11-17 17:03:35 +01:00
Vegard Stenhjem Hagen
694d56b32d fix: update renovate syntax 2024-11-17 17:03:35 +01:00
renovate[bot]
d898ef76e9 chore(deps): renovate bonanza 
chore(deps): update helm release intel-device-plugins-operator to v0.31.1

chore(deps): update helm release intel-device-plugins-gpu to v0.31.1

chore(deps): update docker.io/adguard/adguardhome docker tag to v0.107.53

chore(deps): update sealed-secrets docker tag to v2.4.9

chore(deps): update ghcr.io/lldap/lldap docker tag to v2024-11-04-debian-rootless

chore(deps): update docker.io/adguard/adguardhome docker tag to v0.107.54

chore(deps): update cloudflare/cloudflared docker tag to v2024.11.0

chore(deps): update ghcr.io/authelia/authelia docker tag to v4.38.17

chore(deps): update helm release authelia to v0.9.9

chore(deps): update helm release cert-manager to v1.16.1

chore(deps): update dependency cilium/cilium to v1.16.3

chore(deps): update dependency intel/intel-device-plugins-for-kubernetes to v0.31.1

chore(deps): update helm release cloudnative-pg to v0.22.1

chore(deps): update dependency umputun/remark42 to v1.14.0

chore(deps): update helm release node-feature-discovery to v0.16.6

chore(deps): update terraform talos to v0.6.1

chore(deps): update dependency siderolabs/talos to v1.8.2

chore(deps): update terraform proxmox to v0.66.3

chore(deps): update helm release argo-cd to v7.7.0

chore(deps): update terraform kubernetes to v2.33.0

chore(deps): update registry.k8s.io/git-sync/git-sync docker tag to v4.3.0

chore(deps): update docker.io/mvance/unbound docker tag to v1.22.0

chore(deps): update helm release crossplane to v1.18.0

chore(deps): update media containers

chore(deps): update netbird

chore(deps): update ghcr.io/onedr0p/qbittorrent docker tag to v5

chore(deps): update helm release coturn to v1

chore(config): migrate config renovate.json
 2024-11-17 17:03:35 +01:00
Vegard Hagen
4dd769fdf7 feat: add extra admin user 2024-11-17 17:03:35 +01:00
Vegard Hagen
237a321ec3 chore(qBit): downgrade to 4.6.5 2024-11-17 17:03:35 +01:00
Vegard Hagen
0c19b80b75 feat(authelia): add "optional" secrets in config 2024-11-17 17:03:35 +01:00
Vegard Hagen
403d32b9ed feat(authelia): make cert-manager generate jwks 2024-11-17 17:03:35 +01:00
Vegard Hagen
140fbc249b feat(tofu): use new talos_image_factory_schematic resource 
talos provider 0.6 added a new resource for generating the image schematic id
 2024-11-17 17:03:34 +01:00
Vegard Hagen
8d8e0ca87a fix(authelia): add access_control policy rule 2024-11-17 17:03:34 +01:00
Vegard Hagen
996bf85daf chore(talos): upgrade last node ctrl-00 
Regular 'terraform apply' was enough this time

We're now on Talos 1.8.1 and Kubernetes 1.31.1
 2024-11-17 17:03:34 +01:00
Vegard Hagen
4c8066a130 chore(talos): upgrade node ctrl-02 
It worked with 'tofu apply -refresh=false'! Still had to manually shut down the VM though. Still scary!
 2024-11-17 17:03:34 +01:00
Vegard Hagen
094d72abdf chore(talos): upgrade node ctrl-01 
start manual talos upgrade process

Issue with upgrading 'endppoint' node (ctrl-02) since API becomes unresponsive. Either do proper LB or maybe 'tofu apply -refresh=false'
 2024-11-17 17:03:34 +01:00