chore(deps): update dependency argoproj/argo-cd to v3.3.0

Reviewed-on: #35

.gitea/workflows/production.yaml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 📥Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: 🚀Validating the manifests
         uses: frenck/action-yamllint@v1.5.0
         with:

clusters/artemis/apps/external-secrets/application.yaml

@@ -18,6 +18,7 @@ spec:
     name: in-cluster
   syncPolicy:
     syncOptions:
+      - ServerSideApply=true
       - CreateNamespace=true
     automated:
       prune: true

clusters/artemis/apps/kustomization.yaml

@@ -13,8 +13,9 @@ resources:
   - pocket-id
   - vaultwarden
   - mailu
-  - ntfy
+  # - ntfy
   - penpot
   - immich
   - digital-garden
-  - nextcloud
+  # - nextcloud
+  # - osx

clusters/artemis/apps/nextcloud/catalog.yaml

@@ -11,7 +11,7 @@ metadata:
   annotations:
     argocd/app-name: nextcloud
     argocd/app-namespace: nextcloud
-    backstage.io/techdocs-ref: /docs
+    backstage.io/techdocs-ref: dir:.
 spec:
   type: service
   lifecycle: production

clusters/artemis/apps/osx/app-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: osx
+spec:
+  description: osx container to proxy shortcuts
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: 'osx'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artemis/apps/osx/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: osx
+  namespace: osx
+  labels:
+    platform.dgse.cloud/cluster: artemis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: osx
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artemis/osx
+    targetRevision: main
+  destination:
+    namespace: osx
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artemis/apps/osx/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

manifests/artemis/argocd/kustomization.yaml

@@ -5,7 +5,7 @@ metadata:
   name: argocd
 
 resources:
-  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.0
+  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.3.0
   - ingressRoute.yaml
   - certificate.yaml
   - backstage-sa.yaml

manifests/artemis/external-secrets/kustomization.yaml

@@ -10,6 +10,6 @@ resources:
 helmCharts:
   - name: external-secrets
     repo: https://charts.external-secrets.io/
-    version: 0.20.4
+    version: 1.2.0
     releaseName: external-secrets
     namespace: external-secrets

manifests/artemis/gitea/kustomization.yaml

@@ -7,7 +7,7 @@ metadata:
 helmCharts:
   - name: gitea
     repo: https://dl.gitea.com/charts/
-    version: 12.4.0
+    version: 12.5.0
     releaseName: gitea
     namespace: gitea
     valuesFile: values.yaml

manifests/artemis/gitea/values.yaml

@@ -645,11 +645,11 @@ postgresql-ha:
     password: changeme4
     resources:
       limits:
-        cpu: 1000m
-        memory: 1Gi
+        cpu: 2000m
+        memory: 2Gi
       requests:
-        cpu: 750m
-        memory: 750Mi
+        cpu: 1500m
+        memory: 2Gi
 
   ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
   ## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`.

manifests/artemis/immich/kustomization.yaml

@@ -12,7 +12,7 @@ resources:
 helmCharts:
   - name: immich
     repo: https://immich-app.github.io/immich-charts
-    version: 0.10.1
+    version: 0.10.3
     releaseName: immich
     namespace: immich
     valuesFile: values.yaml

manifests/artemis/immich/values.yaml

@@ -94,7 +94,7 @@ server:
           secretName: immich-tls
 
 machine-learning:
-  enabled: true
+  enabled: false
   controllers:
     main:
       containers:

manifests/artemis/immich/volumeClaims.yaml

@@ -1,15 +1,15 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: immich-ml-pvc
-spec:
-  storageClassName: local-path
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
+# ---
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   name: immich-ml-pvc
+# spec:
+#   storageClassName: local-path
+#   accessModes:
+#     - ReadWriteOnce
+#   resources:
+#     requests:
+#       storage: 10Gi
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

manifests/artemis/mailu/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: mailu
     repo: https://mailu.github.io/helm-charts/
-    version: 2.1.2
+    version: 2.6.3
     releaseName: mailu
     namespace: mailu
     valuesFile: values.yaml

manifests/artemis/mailu/values.yaml

@@ -166,7 +166,7 @@ limits:
     ipv6Mask: 56
     user: 100/day
     exemptionLength: 86400
-    exemption: "10.42.0.0/16"
+    exemption: "10.42.4.105"
 
   # Configuration to reduce outgoing spam in case of a compromised account. See the documentation for further information: https://mailu.io/1.9/configuration.html?highlight=MESSAGE_RATELIMIT
   ## @param limits.messageRatelimit.value Sets the `MESSAGE_RATELIMIT` environment variable in the `admin` pod

manifests/artemis/osx/deployment.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: macos
+  labels:
+    name: macos
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: macos
+  template:
+    metadata:
+      labels:
+        app: macos
+    spec:
+      containers:
+        - name: macos
+          image: dockurr/macos
+          env:
+            - name: VERSION
+              value: "14"
+            - name: DISK_SIZE
+              value: "64G"
+            - name: KVM
+              value: "N"
+          ports:
+            - containerPort: 8006
+              name: http
+              protocol: TCP
+            - containerPort: 5900
+              name: vnc
+              protocol: TCP
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+            privileged: true
+          volumeMounts:
+            - mountPath: /storage
+              name: storage
+            - mountPath: /dev/kvm
+              name: dev-kvm
+            - mountPath: /dev/net/tun
+              name: dev-tun
+      terminationGracePeriodSeconds: 120
+      volumes:
+        - name: storage
+          persistentVolumeClaim:
+            claimName: macos-pvc
+        - hostPath:
+            path: /dev/kvm
+          name: dev-kvm
+        - hostPath:
+            path: /dev/net/tun
+            type: CharDevice
+          name: dev-tun

manifests/artemis/osx/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+  name: osx-ingress
+spec:
+  rules:
+    - host: osx.dgse.cloud
+      http:
+        paths:
+          - backend:
+              service:
+                name: macos
+                port:
+                  number: 8006
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - osx.dgse.cloud
+      secretName: letsencrypt

manifests/artemis/osx/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - service.yaml
+  - deployment.yaml
+  - pvc.yaml

manifests/artemis/osx/pvc.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: macos-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 64Gi

manifests/artemis/osx/service.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: macos
+spec:
+  internalTrafficPolicy: Cluster
+  ports:
+    - name: http
+      port: 8006
+      protocol: TCP
+      targetPort: 8006
+    - name: vnc
+      port: 5900
+      protocol: TCP
+      targetPort: 5900
+  selector:
+    app: macos
+  type: ClusterIP

manifests/artemis/penpot/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: penpot
     repo: http://helm.penpot.app
-    version: 0.28.0
+    version: 0.32.0
     releaseName: penpot
     namespace: penpot
     valuesFile: values.yaml