chore(deps): update helm release penpot to v0.34.0

clusters/artemis/apps/grainlab-production/app-project.yaml

@@ -1,17 +0,0 @@
----
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: grainlab-production
-spec:
-  description: GrianLab Production environment
-  sourceRepos:
-    - '*'
-  sourceNamespaces:
-    - '*'
-  destinations:
-    - namespace: 'grainlab-production'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

clusters/artemis/apps/grainlab-production/application.yaml

@@ -1,24 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: grainlab-production
-  namespace: grainlab-production
-  labels:
-    platform.dgse.cloud/cluster: artemis
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: grainlab-production
-  source:
-    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
-    path: manifests/artemis/grainlab-production
-    targetRevision: main
-  destination:
-    namespace: grainlab-production
-    name: in-cluster
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-    automated:
-      prune: true
-      selfHeal: true

clusters/artemis/apps/grainlab-production/kustomization.yaml

@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - app-project.yaml
-  - application.yaml

clusters/artemis/apps/grainlab-staging/app-project.yaml

@@ -1,17 +0,0 @@
----
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: grainlab-staging
-spec:
-  description: GrianLab Staging environment
-  sourceRepos:
-    - '*'
-  sourceNamespaces:
-    - '*'
-  destinations:
-    - namespace: 'grainlab-staging'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

clusters/artemis/apps/grainlab-staging/application.yaml

@@ -1,24 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: grainlab-staging
-  namespace: grainlab-staging
-  labels:
-    platform.dgse.cloud/cluster: artemis
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: grainlab-staging
-  source:
-    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
-    path: manifests/artemis/grainlab-staging
-    targetRevision: main
-  destination:
-    namespace: grainlab-staging
-    name: in-cluster
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-    automated:
-      prune: true
-      selfHeal: true

clusters/artemis/apps/grainlab-staging/kustomization.yaml

@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - app-project.yaml
-  - application.yaml

clusters/artemis/apps/homebox/app-project.yaml

@@ -1,17 +0,0 @@
----
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: homebox
-spec:
-  description: Inventory for the home
-  sourceRepos:
-    - '*'
-  sourceNamespaces:
-    - '*'
-  destinations:
-    - namespace: 'homebox'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

clusters/artemis/apps/homebox/application.yaml

@@ -1,24 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: homebox
-  namespace: homebox
-  labels:
-    platform.dgse.cloud/cluster: artemis
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: homebox
-  source:
-    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
-    path: manifests/artemis/homebox
-    targetRevision: main
-  destination:
-    namespace: homebox
-    name: in-cluster
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-    automated:
-      prune: true
-      selfHeal: true

clusters/artemis/apps/homebox/kustomization.yaml

@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - app-project.yaml
-  - application.yaml

clusters/artemis/apps/kustomization.yaml

@@ -16,6 +16,4 @@ resources:
   - penpot
   - immich
   - digital-garden
-  - homebox
+  - kaneo
-  - grainlab-staging
-  - grainlab-production

manifests/artemis/external-secrets/kustomization.yaml

@@ -10,6 +10,6 @@ resources:
 helmCharts:
   - name: external-secrets
     repo: https://charts.external-secrets.io/
-    version: 2.2.0
+    version: 1.2.0
     releaseName: external-secrets
     namespace: external-secrets

manifests/artemis/grainlab-production/app-deployment.yaml

@@ -1,59 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: grainlab
-  namespace: grainlab-production
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: grainlab
-  template:
-    metadata:
-      labels:
-        app: grainlab
-    spec:
-      imagePullSecrets:
-        - name: ghcr-cred
-      containers:
-        - name: grainlab
-          image: ghcr.io/daniel-luke/grainlab:1.0.6
-          imagePullPolicy: Always
-
-          ports:
-            - containerPort: 3000
-          env:
-            - name: NODE_ENV
-              value: "production"
-            - name: PORT
-              value: "3000"
-            - name: HOST
-              value: "0.0.0.0"
-          envFrom:
-            - secretRef:
-                name: grainlab-app
-            - secretRef:
-                name: grainlab-database
-            - secretRef:
-                name: grainlab-s3
-            - secretRef:
-                name: grainlab-smtp
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 3000
-            initialDelaySeconds: 10
-            periodSeconds: 5
-            failureThreshold: 6
-          livenessProbe:
-            httpGet:
-              path: /
-              port: 3000
-            initialDelaySeconds: 30
-            periodSeconds: 10
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-            limits:
-              memory: 512Mi

manifests/artemis/grainlab-production/app-ingress.yaml

@@ -1,25 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: grainlab
-  namespace: grainlab-production
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  rules:
-    - host: www.grainlab.app
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: grainlab
-                port:
-                  number: 80
-  tls:
-    - hosts:
-        - www.grainlab.app
-        - grainlab.app
-      secretName: letsencrypt

manifests/artemis/grainlab-production/app-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: grainlab
-  namespace: grainlab-production
-spec:
-  selector:
-    app: grainlab
-  ports:
-    - port: 80
-      targetPort: 3000

manifests/artemis/grainlab-production/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: grainlab-production

manifests/artemis/grainlab-production/postgres-cluster.yaml

@@ -1,24 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: grainlab-db
-  namespace: grainlab-production
-spec:
-  instances: 1
-
-  bootstrap:
-    initdb:
-      database: grainlab
-      owner: grainlab
-      secret:
-        name: grainlab-db-credentials
-
-  storage:
-    size: 10Gi
-
-  resources:
-    requests:
-      cpu: 100m
-      memory: 256Mi
-    limits:
-      memory: 512Mi

manifests/artemis/grainlab-production/www-redirect.yaml

@@ -1,26 +0,0 @@
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: www-redirect
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: Host(`grainlab.app`)
-      middlewares:
-        - name: redirect-to-www
-      services:
-        - kind: TraefikService
-          name: noop@internal
----
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: redirect-to-www
-spec:
-  redirectRegex:
-    permanent: true
-    regex: "^https?://(?:www\\.)?(.+)"
-    replacement: "https://www.${1}"

manifests/artemis/grainlab-staging/app-deployment.yaml

@@ -1,59 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: grainlab
-  namespace: grainlab-staging
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: grainlab
-  template:
-    metadata:
-      labels:
-        app: grainlab
-    spec:
-      imagePullSecrets:
-        - name: ghcr-cred
-      containers:
-        - name: grainlab
-          image: ghcr.io/daniel-luke/grainlab:staging
-          imagePullPolicy: Always
-
-          ports:
-            - containerPort: 3000
-          env:
-            - name: NODE_ENV
-              value: "production"
-            - name: PORT
-              value: "3000"
-            - name: HOST
-              value: "0.0.0.0"
-          envFrom:
-            - secretRef:
-                name: grainlab-app
-            - secretRef:
-                name: grainlab-database
-            - secretRef:
-                name: grainlab-s3
-            - secretRef:
-                name: grainlab-smtp
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 3000
-            initialDelaySeconds: 10
-            periodSeconds: 5
-            failureThreshold: 6
-          livenessProbe:
-            httpGet:
-              path: /
-              port: 3000
-            initialDelaySeconds: 30
-            periodSeconds: 10
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-            limits:
-              memory: 512Mi

manifests/artemis/grainlab-staging/app-ingress.yaml

@@ -1,24 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: grainlab
-  namespace: grainlab-staging
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  rules:
-    - host: staging.grainlab.app
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: grainlab
-                port:
-                  number: 80
-  tls:
-    - hosts:
-        - staging.grainlab.app
-      secretName: letsencrypt

manifests/artemis/grainlab-staging/app-service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: grainlab
-  namespace: grainlab-staging
-spec:
-  selector:
-    app: grainlab
-  ports:
-    - port: 80
-      targetPort: 3000

manifests/artemis/grainlab-staging/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: grainlab-staging

manifests/artemis/grainlab-staging/postgres-cluster.yaml

@@ -1,24 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: grainlab-db
-  namespace: grainlab-staging
-spec:
-  instances: 1
-
-  bootstrap:
-    initdb:
-      database: grainlab
-      owner: grainlab
-      secret:
-        name: grainlab-db-credentials
-
-  storage:
-    size: 10Gi
-
-  resources:
-    requests:
-      cpu: 100m
-      memory: 256Mi
-    limits:
-      memory: 512Mi

manifests/artemis/homebox/deployment.yaml

@@ -1,27 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: homebox
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: homebox
-  template:
-    metadata:
-      labels:
-        app: homebox
-    spec:
-      containers:
-        - name: homebox
-          image: ghcr.io/sysadminsmedia/homebox:latest
-          ports:
-            - containerPort: 7745
-          volumeMounts:
-            - mountPath: /data
-              name: homebox-data
-      volumes:
-        - name: homebox-data
-          persistentVolumeClaim:
-            claimName: homebox-pvc

manifests/artemis/homebox/ingress.yaml

@@ -1,23 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: homebox-ingress
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  rules:
-    - host: inventory.dgse.cloud
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: homebox-svc
-                port:
-                  number: 7745
-  tls:
-    - hosts:
-        - inventory.dgse.cloud
-      secretName: letsencrypt

manifests/artemis/homebox/kustomization.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - service.yaml
-  - ingress.yaml
-  - deployment.yaml
-  - pvc.yaml

manifests/artemis/homebox/pvc.yaml

@@ -1,12 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: homebox-pvc
-spec:
-  storageClassName: local-path
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 25Gi

manifests/artemis/homebox/service.yaml

@@ -1,12 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: homebox-svc
-spec:
-  selector:
-    app: homebox
-  ports:
-    - protocol: TCP
-      port: 7745
-      targetPort: 7745

manifests/artemis/mailu/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: mailu
     repo: https://mailu.github.io/helm-charts/
-    version: 2.1.2
+    version: 2.6.3
     releaseName: mailu
     namespace: mailu
     valuesFile: values.yaml

manifests/artemis/mailu/values.yaml

@@ -1350,11 +1350,11 @@ postfix:
   ##     my_variable = my_value
   overrides:
     postfix.cf: |
-      inet_protocols = ipv4
-      smtp_address_preference = ipv4
       smtpd_helo_restrictions = reject_unknown_helo_hostname
       smtpd_sender_restrictions = reject_unknown_sender_domain
       smtpd_client_restrictions = permit_mynetworks
+      smtp_data_restrictions = reject_unauth_pipelining
+      smtp_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
       smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
       smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
 

manifests/artemis/penpot/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: penpot
     repo: http://helm.penpot.app
-    version: 0.32.0
+    version: 0.34.0
     releaseName: penpot
     namespace: penpot
     valuesFile: values.yaml