chore(deps): update dependency argoproj/argo-cd to v3

.gitea/workflows/production.yaml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 📥Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: 🚀Validating the manifests
         uses: frenck/action-yamllint@v1.5.0
         with:

catalog-info.yaml

@@ -1,26 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Domain
-metadata:
-  name: dgse-cloud
-  description: "Infrastructure for DGSE Cloud services."
-spec:
-  owner: dgse-cloud
----
-apiVersion: backstage.io/v1alpha1
-kind: Location
-metadata:
-  name: artemis-cluster
-  description: A collection of all entities running on the Artemis cluster
-spec:
-  targets:
-    - ./clusters/artemis/catalog.yaml
-    - ./clusters/artemis/apps/argocd/catalog.yaml
-    - ./clusters/artemis/apps/cnpg/catalog.yaml
-    - ./clusters/artemis/apps/digital-garden/catalog.yaml
-    - ./clusters/artemis/apps/external-secrets/catalog.yaml
-    - ./clusters/artemis/apps/gitea/catalog.yaml
-    - ./clusters/artemis/apps/gitea-runners/catalog.yaml
-    - ./clusters/artemis/apps/immich/catalog.yaml
-    - ./clusters/artemis/apps/mailu/catalog.yaml
-    - ./clusters/artemis/apps/nextcloud/catalog.yaml

clusters/artemis/apps/argocd/catalog.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: argocd
-  description: "ArgoCD is a declarative, GitOps continuous delivery tool for Kubernetes."
-  links:
-    - url: https://cd.dgse.cloud
-      title: Dashboard
-      icon: dashboard
-  annotations:
-    argocd/app-name: argocd
-    argocd/app-namespace: argocd
-spec:
-  type: service
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster

clusters/artemis/apps/cnpg/catalog.yaml

@@ -1,14 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: cnpg
-  description: "CloudNativePG is a Kubernetes operator that manages PostgreSQL databases in a cloud-native way."
-  annotations:
-    argocd/app-name: cnpg
-    argocd/app-namespace: cnpg-system
-spec:
-  type: service
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster

clusters/artemis/apps/digital-garden/catalog.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: digital-garden
-  description: "A collection of notes, essays, and other writing that is published on the web."
-  links:
-    - url: https://groothuis.io
-      title: Public Website
-      icon: web
-  annotations:
-    argocd/app-name: digital-garden
-    argocd/app-namespace: digital-garden
-spec:
-  type: website
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster

clusters/artemis/apps/external-secrets/application.yaml

@@ -18,7 +18,6 @@ spec:
     name: in-cluster
   syncPolicy:
     syncOptions:
-      - ServerSideApply=true
       - CreateNamespace=true
     automated:
       prune: true

clusters/artemis/apps/external-secrets/catalog.yaml

@@ -1,14 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: external-secrets
-  description: "Vault Secrets Operator to sync secrets from Vault to Kubernetes"
-  annotations:
-    argocd/app-name: external-secrets
-    argocd/app-namespace: external-secrets
-spec:
-  type: service
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster

clusters/artemis/apps/gitea-runners/catalog.yaml

@@ -1,16 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: gitea-runners
-  description: "Gitea Action Runners"
-  annotations:
-    argocd/app-name: gitea-runners
-    argocd/app-namespace: gitea-runners
-spec:
-  type: service
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster
-  dependencyOf:
-    - component:gitea

clusters/artemis/apps/gitea/catalog.yaml

@@ -1,20 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: gitea
-  description: "Self-hosted Git Server"
-  links:
-    - url: https://git.dgse.cloud
-      title: Git Server
-      icon: web
-  annotations:
-    argocd/app-name: gitea
-    argocd/app-namespace: gitea
-spec:
-  type: service
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster
-  dependsOn:
-    - Component:gitea-runners

clusters/artemis/apps/immich/catalog.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: immich
-  description: "Self-hosted photo and video backup solution directly from your mobile phone."
-  links:
-    - url: https://photos.dgse.cloud
-      title: Git Server
-      icon: web
-  annotations:
-    argocd/app-name: immich
-    argocd/app-namespace: immich
-spec:
-  type: service
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster

clusters/artemis/apps/kener/app-project.yaml

@@ -2,15 +2,15 @@
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
-  name: osx
+  name: kener
 spec:
-  description: osx container to proxy shortcuts
+  description: Monitoring tool
   sourceRepos:
     - '*'
   sourceNamespaces:
     - '*'
   destinations:
-    - namespace: 'osx'
+    - namespace: 'kener'
       server: '*'
   clusterResourceWhitelist:
     - group: '*'

clusters/artemis/apps/kener/application.yaml

@@ -1,20 +1,20 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: osx
-  namespace: osx
+  name: kener
+  namespace: kener
   labels:
     platform.dgse.cloud/cluster: artemis
   finalizers:
     - resources-finalizer.argocd.argoproj.io
 spec:
-  project: osx
+  project: kener
   source:
     repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
-    path: manifests/artemis/osx
+    path: manifests/artemis/kener
     targetRevision: main
   destination:
-    namespace: osx
+    namespace: kener
     name: in-cluster
   syncPolicy:
     syncOptions:

clusters/artemis/apps/kustomization.yaml

@@ -13,9 +13,8 @@ resources:
   - pocket-id
   - vaultwarden
   - mailu
-  # - ntfy
+  - ntfy
   - penpot
   - immich
   - digital-garden
-  # - nextcloud
-  # - osx
+  - nextcloud

clusters/artemis/apps/mailu/catalog.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: mailu
-  description: "Self-hosted mail server"
-  links:
-    - url: https://mail.dgse.cloud
-      title: Mail Server
-      icon: web
-  annotations:
-    argocd/app-name: mailu
-    argocd/app-namespace: mailu
-spec:
-  type: service
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster

clusters/artemis/apps/nextcloud/catalog.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: nextcloud
-  description: "Self-hosted photo and video backup solution directly from your mobile phone."
-  links:
-    - url: https://nextcloud.dgse.cloud
-      title: Git Server
-      icon: web
-  annotations:
-    argocd/app-name: nextcloud
-    argocd/app-namespace: nextcloud
-    backstage.io/techdocs-ref: dir:.
-spec:
-  type: service
-  lifecycle: production
-  owner: owners
-  system: artemis-cluster

clusters/artemis/catalog.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: backstage.io/v1alpha1
-kind: System
-metadata:
-  name: artemis-cluster
-  description: "The Artemis cluster is a Kubernetes cluster hosting all infra for DGSE Cloud."
-spec:
-  owner: owners
-  domain: dgse-cloud

docs/index.md

@@ -1 +0,0 @@
-# NextCloud

manifests/artemis/argocd/backstage-rbac.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: backstage-argocd-server-access
-subjects:
-  - kind: ServiceAccount
-    name: backstage-argocd
-    namespace: argocd
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argocd-server

manifests/artemis/argocd/backstage-sa.yaml

@@ -1,6 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: backstage-argocd
-  namespace: argocd

manifests/artemis/argocd/kustomization.yaml

@@ -5,11 +5,9 @@ metadata:
   name: argocd
 
 resources:
-  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.3.0
+  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.1.9
   - ingressRoute.yaml
   - certificate.yaml
-  - backstage-sa.yaml
-  - backstage-rbac.yaml
 
 patches:
   - target:
@@ -47,9 +45,7 @@ patches:
       metadata:
         name: argocd-cm
       data:
-        accounts.admin: "apiKey, login"
-        accounts.backstage.enabled: "true"
-        admin.enabled: "true"
+        admin.enabled: "false"
         kustomize.buildOptions: --enable-helm
         url: https://cd.dgse.cloud
         oidc.config: |
@@ -122,23 +118,3 @@ patches:
         apiGroup: rbac.authorization.k8s.io
         kind: ClusterRole
         name: argocd-server
-
-  # Map Backstage SA to Argo CD role:admin (full Argo CD permissions)
-  - target:
-      kind: ConfigMap
-      name: argocd-rbac-cm
-    patch: |-
-      apiVersion: v1
-      kind: ConfigMap
-      metadata:
-        name: argocd-rbac-cm
-        namespace: argocd
-      data:
-        policy.csv: |
-          g, argocd_admins, role:admin
-          p, argocd_users, applications, list, *, allow
-          p, argocd_users, applications, sync, *, allow
-          p, argocd_users, applications, refresh, *, allow
-          p, argocd_users, applications, get, *, allow
-          g, system:serviceaccount:argocd:backstage-argocd, role:admin
-          p, system:serviceaccount:argocd:backstage-argocd, applications, *, */*, allow

manifests/artemis/external-secrets/kustomization.yaml

@@ -10,6 +10,6 @@ resources:
 helmCharts:
   - name: external-secrets
     repo: https://charts.external-secrets.io/
-    version: 1.2.0
+    version: 0.20.4
     releaseName: external-secrets
     namespace: external-secrets

manifests/artemis/gitea/kustomization.yaml

@@ -7,7 +7,7 @@ metadata:
 helmCharts:
   - name: gitea
     repo: https://dl.gitea.com/charts/
-    version: 12.5.0
+    version: 12.4.0
     releaseName: gitea
     namespace: gitea
     valuesFile: values.yaml

manifests/artemis/gitea/values.yaml

@@ -645,11 +645,11 @@ postgresql-ha:
     password: changeme4
     resources:
       limits:
-        cpu: 2000m
-        memory: 2Gi
+        cpu: 1000m
+        memory: 1Gi
       requests:
-        cpu: 1500m
-        memory: 2Gi
+        cpu: 750m
+        memory: 750Mi
 
   ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
   ## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`.

manifests/artemis/immich/kustomization.yaml

@@ -12,7 +12,7 @@ resources:
 helmCharts:
   - name: immich
     repo: https://immich-app.github.io/immich-charts
-    version: 0.10.3
+    version: 0.10.1
     releaseName: immich
     namespace: immich
     valuesFile: values.yaml

manifests/artemis/immich/values.yaml

@@ -94,7 +94,7 @@ server:
           secretName: immich-tls
 
 machine-learning:
-  enabled: false
+  enabled: true
   controllers:
     main:
       containers:

manifests/artemis/immich/volumeClaims.yaml

@@ -1,15 +1,15 @@
-# ---
-# apiVersion: v1
-# kind: PersistentVolumeClaim
-# metadata:
-#   name: immich-ml-pvc
-# spec:
-#   storageClassName: local-path
-#   accessModes:
-#     - ReadWriteOnce
-#   resources:
-#     requests:
-#       storage: 10Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-ml-pvc
+spec:
+  storageClassName: local-path
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

manifests/artemis/mailu/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: mailu
     repo: https://mailu.github.io/helm-charts/
-    version: 2.6.3
+    version: 2.1.2
     releaseName: mailu
     namespace: mailu
     valuesFile: values.yaml

manifests/artemis/mailu/values.yaml

@@ -166,7 +166,7 @@ limits:
     ipv6Mask: 56
     user: 100/day
     exemptionLength: 86400
-    exemption: "10.42.4.105"
+    exemption: "10.42.0.0/16"
 
   # Configuration to reduce outgoing spam in case of a compromised account. See the documentation for further information: https://mailu.io/1.9/configuration.html?highlight=MESSAGE_RATELIMIT
   ## @param limits.messageRatelimit.value Sets the `MESSAGE_RATELIMIT` environment variable in the `admin` pod

manifests/artemis/nextcloud/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: nextcloud
     repo: https://nextcloud.github.io/helm/
-    version: 8.5.2
+    version: 8.5.1
     releaseName: nextcloud
     namespace: nextcloud
     valuesFile: values.yaml

manifests/artemis/osx/deployment.yaml

@@ -1,58 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: macos
-  labels:
-    name: macos
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: macos
-  template:
-    metadata:
-      labels:
-        app: macos
-    spec:
-      containers:
-        - name: macos
-          image: dockurr/macos
-          env:
-            - name: VERSION
-              value: "14"
-            - name: DISK_SIZE
-              value: "64G"
-            - name: KVM
-              value: "N"
-          ports:
-            - containerPort: 8006
-              name: http
-              protocol: TCP
-            - containerPort: 5900
-              name: vnc
-              protocol: TCP
-          securityContext:
-            capabilities:
-              add:
-                - NET_ADMIN
-            privileged: true
-          volumeMounts:
-            - mountPath: /storage
-              name: storage
-            - mountPath: /dev/kvm
-              name: dev-kvm
-            - mountPath: /dev/net/tun
-              name: dev-tun
-      terminationGracePeriodSeconds: 120
-      volumes:
-        - name: storage
-          persistentVolumeClaim:
-            claimName: macos-pvc
-        - hostPath:
-            path: /dev/kvm
-          name: dev-kvm
-        - hostPath:
-            path: /dev/net/tun
-            type: CharDevice
-          name: dev-tun

manifests/artemis/osx/ingress.yaml

@@ -1,22 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-  name: osx-ingress
-spec:
-  rules:
-    - host: osx.dgse.cloud
-      http:
-        paths:
-          - backend:
-              service:
-                name: macos
-                port:
-                  number: 8006
-            path: /
-            pathType: Prefix
-  tls:
-    - hosts:
-        - osx.dgse.cloud
-      secretName: letsencrypt

manifests/artemis/osx/kustomization.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - service.yaml
-  - deployment.yaml
-  - pvc.yaml

manifests/artemis/osx/pvc.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: macos-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 64Gi

manifests/artemis/osx/service.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: macos
-spec:
-  internalTrafficPolicy: Cluster
-  ports:
-    - name: http
-      port: 8006
-      protocol: TCP
-      targetPort: 8006
-    - name: vnc
-      port: 5900
-      protocol: TCP
-      targetPort: 5900
-  selector:
-    app: macos
-  type: ClusterIP

manifests/artemis/penpot/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: penpot
     repo: http://helm.penpot.app
-    version: 0.32.0
+    version: 0.28.0
     releaseName: penpot
     namespace: penpot
     valuesFile: values.yaml

manifests/artemis/vault/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: vault
     repo: https://helm.releases.hashicorp.com/
-    version: 0.31.0
+    version: 0.30.0
     releaseName: vault
     namespace: vault
     valuesFile: values.yaml

manifests/artemis/vaultwarden/kustomization.yaml

@@ -7,7 +7,7 @@ metadata:
 helmCharts:
   - name: vaultwarden
     repo: https://guerzon.github.io/vaultwarden/
-    version: 0.34.4
+    version: 0.31.8
     releaseName: vaultwarden
     namespace: vaultwarden
     valuesFile: values.yaml

mkdocs.yaml

@@ -1,7 +0,0 @@
----
-site_name: "Nextcloud"
-site_description: "Self-hosted file hosting service"
-nav:
-  - Introduction: index.md
-plugins:
-  - techdocs-core

renovate.json

@@ -3,9 +3,6 @@
     "config:base"  
   ],
   "labels": ["Kind/Security"],
-  "major": {
-    "addLabels": ["Priority/High"]
-  },
   "minor": {
     "addLabels": ["Priority/Medium"]
   },