chore(deps): update helm release vault to v0.32.0

Reviewed-on: #28

.gitea/workflows/production.yaml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 📥Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: 🚀Validating the manifests
         uses: frenck/action-yamllint@v1.5.0
         with:

clusters/artemis/apps/kustomization.yaml

@@ -18,3 +18,4 @@ resources:
   - immich
   - digital-garden
   - nextcloud
+  - osx

clusters/artemis/apps/osx/app-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: osx
+spec:
+  description: osx container to proxy shortcuts
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: 'osx'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artemis/apps/osx/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: osx
+  namespace: osx
+  labels:
+    platform.dgse.cloud/cluster: artemis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: osx
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artemis/osx
+    targetRevision: main
+  destination:
+    namespace: osx
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artemis/apps/osx/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

manifests/artemis/argocd/kustomization.yaml

@@ -5,7 +5,7 @@ metadata:
   name: argocd
 
 resources:
-  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.0
+  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.2
   - ingressRoute.yaml
   - certificate.yaml
   - backstage-sa.yaml

manifests/artemis/external-secrets/kustomization.yaml

@@ -10,6 +10,6 @@ resources:
 helmCharts:
   - name: external-secrets
     repo: https://charts.external-secrets.io/
-    version: 0.20.4
+    version: 1.2.0
     releaseName: external-secrets
     namespace: external-secrets

manifests/artemis/immich/kustomization.yaml

@@ -12,7 +12,7 @@ resources:
 helmCharts:
   - name: immich
     repo: https://immich-app.github.io/immich-charts
-    version: 0.10.1
+    version: 0.10.3
     releaseName: immich
     namespace: immich
     valuesFile: values.yaml

manifests/artemis/mailu/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: mailu
     repo: https://mailu.github.io/helm-charts/
-    version: 2.1.2
+    version: 2.6.3
     releaseName: mailu
     namespace: mailu
     valuesFile: values.yaml

manifests/artemis/mailu/values.yaml

@@ -166,7 +166,7 @@ limits:
     ipv6Mask: 56
     user: 100/day
     exemptionLength: 86400
-    exemption: "10.42.0.0/16"
+    exemption: "10.42.4.105"
 
   # Configuration to reduce outgoing spam in case of a compromised account. See the documentation for further information: https://mailu.io/1.9/configuration.html?highlight=MESSAGE_RATELIMIT
   ## @param limits.messageRatelimit.value Sets the `MESSAGE_RATELIMIT` environment variable in the `admin` pod

manifests/artemis/osx/deployment.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: macos
+  labels:
+    name: macos
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: macos
+  template:
+    metadata:
+      labels:
+        app: macos
+    spec:
+      containers:
+        - name: macos
+          image: dockurr/macos
+          env:
+            - name: VERSION
+              value: "14"
+            - name: DISK_SIZE
+              value: "64G"
+            - name: KVM
+              value: "N"
+          ports:
+            - containerPort: 8006
+              name: http
+              protocol: TCP
+            - containerPort: 5900
+              name: vnc
+              protocol: TCP
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+            privileged: true
+          volumeMounts:
+            - mountPath: /storage
+              name: storage
+            - mountPath: /dev/kvm
+              name: dev-kvm
+            - mountPath: /dev/net/tun
+              name: dev-tun
+      terminationGracePeriodSeconds: 120
+      volumes:
+        - name: storage
+          persistentVolumeClaim:
+            claimName: macos-pvc
+        - hostPath:
+            path: /dev/kvm
+          name: dev-kvm
+        - hostPath:
+            path: /dev/net/tun
+            type: CharDevice
+          name: dev-tun

manifests/artemis/osx/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+  name: osx-ingress
+spec:
+  rules:
+    - host: osx.dgse.cloud
+      http:
+        paths:
+          - backend:
+              service:
+                name: macos
+                port:
+                  number: 8006
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - osx.dgse.cloud
+      secretName: letsencrypt

manifests/artemis/osx/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - service.yaml
+  - deployment.yaml
+  - pvc.yaml

manifests/artemis/osx/pvc.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: macos-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 64Gi

manifests/artemis/osx/service.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: macos
+spec:
+  internalTrafficPolicy: Cluster
+  ports:
+    - name: http
+      port: 8006
+      protocol: TCP
+      targetPort: 8006
+    - name: vnc
+      port: 5900
+      protocol: TCP
+      targetPort: 5900
+  selector:
+    app: macos
+  type: ClusterIP

manifests/artemis/penpot/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: penpot
     repo: http://helm.penpot.app
-    version: 0.28.0
+    version: 0.30.0
     releaseName: penpot
     namespace: penpot
     valuesFile: values.yaml

manifests/artemis/vault/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: vault
     repo: https://helm.releases.hashicorp.com/
-    version: 0.31.0
+    version: 0.32.0
     releaseName: vault
     namespace: vault
     valuesFile: values.yaml