chore(deps): update helm release vault to v0.32.0

clusters/artemis/apps/external-secrets/application.yaml

@@ -18,7 +18,6 @@ spec:
     name: in-cluster
   syncPolicy:
     syncOptions:
-      - ServerSideApply=true
       - CreateNamespace=true
     automated:
       prune: true

clusters/artemis/apps/kustomization.yaml

@@ -13,7 +13,9 @@ resources:
   - pocket-id
   - vaultwarden
   - mailu
+  - ntfy
   - penpot
   - immich
   - digital-garden
-  - kaneo
+  - nextcloud
+  - osx

clusters/artemis/apps/osx/app-project.yaml

@@ -2,15 +2,15 @@
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
-  name: kaneo
+  name: osx
 spec:
-  description: Project Management
+  description: osx container to proxy shortcuts
   sourceRepos:
     - '*'
   sourceNamespaces:
     - '*'
   destinations:
-    - namespace: 'kaneo'
+    - namespace: 'osx'
       server: '*'
   clusterResourceWhitelist:
     - group: '*'

clusters/artemis/apps/osx/application.yaml

@@ -1,20 +1,20 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: kaneo
+  name: osx
-  namespace: kaneo
+  namespace: osx
   labels:
     platform.dgse.cloud/cluster: artemis
   finalizers:
     - resources-finalizer.argocd.argoproj.io
 spec:
-  project: kaneo
+  project: osx
   source:
     repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
-    path: manifests/artemis/kaneo
+    path: manifests/artemis/osx
     targetRevision: main
   destination:
-    namespace: kaneo
+    namespace: osx
     name: in-cluster
   syncPolicy:
     syncOptions:

manifests/artemis/argocd/kustomization.yaml

@@ -5,7 +5,7 @@ metadata:
   name: argocd
 
 resources:
-  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.6
+  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.2
   - ingressRoute.yaml
   - certificate.yaml
   - backstage-sa.yaml

manifests/artemis/gitea/kustomization.yaml

@@ -7,7 +7,7 @@ metadata:
 helmCharts:
   - name: gitea
     repo: https://dl.gitea.com/charts/
-    version: 12.5.0
+    version: 12.4.0
     releaseName: gitea
     namespace: gitea
     valuesFile: values.yaml

manifests/artemis/gitea/values.yaml

@@ -645,11 +645,11 @@ postgresql-ha:
     password: changeme4
     resources:
       limits:
-        cpu: 2000m
+        cpu: 1000m
-        memory: 2Gi
+        memory: 1Gi
       requests:
-        cpu: 1500m
+        cpu: 750m
-        memory: 2Gi
+        memory: 750Mi
 
   ## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
   ## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`.

manifests/artemis/immich/values.yaml

@@ -94,7 +94,7 @@ server:
           secretName: immich-tls
 
 machine-learning:
-  enabled: false
+  enabled: true
   controllers:
     main:
       containers:

manifests/artemis/immich/volumeClaims.yaml

@@ -1,15 +1,15 @@
-# ---
+---
-# apiVersion: v1
+apiVersion: v1
-# kind: PersistentVolumeClaim
+kind: PersistentVolumeClaim
-# metadata:
+metadata:
-#   name: immich-ml-pvc
+  name: immich-ml-pvc
-# spec:
+spec:
-#   storageClassName: local-path
+  storageClassName: local-path
-#   accessModes:
+  accessModes:
-#     - ReadWriteOnce
+    - ReadWriteOnce
-#   resources:
+  resources:
-#     requests:
+    requests:
-#       storage: 10Gi
+      storage: 10Gi
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

manifests/artemis/kaneo/kustomization.yaml

@@ -1,16 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-metadata:
-  name: kaneo
-
-#resources:
-#  - secret.yaml
-
-helmCharts:
-  - name: charts/kaneo
-    repo: https://github.com/usekaneo/kaneo
-    version: 0.1.0
-    releaseName: kaneo
-    namespace: kaneo
-    valuesFile: values.yaml

manifests/artemis/kaneo/values.yaml

@@ -1,183 +0,0 @@
-# Global values
-nameOverride: ""
-fullnameOverride: ""
-replicaCount: 1
-# Autoscaling configuration
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 10
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-# Pod configuration
-podAnnotations: {}
-podSecurityContext: {}
-nodeSelector: {}
-tolerations: []
-affinity: {}
-# Service account configuration
-serviceAccount:
-  create: true
-  annotations: {}
-  name: ""
-# PostgreSQL database configuration
-postgresql:
-  # Set to true to deploy PostgreSQL as part of this chart
-  enabled: true
-  image:
-    repository: postgres
-    tag: 16-alpine
-    pullPolicy: IfNotPresent
-  # Database configuration
-  auth:
-    database: kaneo
-    username: kaneo_user
-    password: kaneo_password
-    # Use existing secret for database credentials (optional)
-    existingSecret: ""
-    secretKeys:
-      adminPasswordKey: postgres-password
-      userPasswordKey: password
-  # Persistence for PostgreSQL data
-  persistence:
-    enabled: true
-    size: 8Gi
-    storageClass: ""
-    accessMode: ReadWriteOnce
-  # PostgreSQL service configuration
-  service:
-    type: ClusterIP
-    port: 5432
-  # Resources for PostgreSQL
-  resources: {}
-  # resources:
-  #   limits:
-  #     cpu: 500m
-  #     memory: 512Mi
-  #   requests:
-  #     cpu: 100m
-  #     memory: 128Mi
-# API backend configuration
-api:
-  image:
-    repository: ghcr.io/usekaneo/api
-    tag: latest
-    pullPolicy: IfNotPresent
-  securityContext: {}
-  service:
-    type: ClusterIP
-    port: 1337
-    targetPort: 1337
-  # Resources are optional and disabled by default
-  resources: {}
-  # resources:
-  #   limits:
-  #     cpu: 500m
-  #     memory: 512Mi
-  #   requests:
-  #     cpu: 100m
-  #     memory: 128Mi
-
-  # Environment variables for the API
-  env:
-    jwtAccess: appelflap
-    existingSecret:
-      enabled: false
-      name: ""
-      key: jwt-access
-    disableRegistration: false
-    # Database configuration
-    database:
-      # Use external PostgreSQL (set postgresql.enabled to false)
-      # Important: when using external postgres, make sure you have set up the db user correctly:
-      #   CREATE DATABASE kaneo;
-      #   CREATE USER kaneo_user WITH PASSWORD 'your_password';
-      #   GRANT ALL PRIVILEGES ON DATABASE kaneo TO kaneo_user;
-      #   \c kaneo;
-      #   GRANT USAGE ON SCHEMA public TO kaneo_user;
-      #   GRANT CREATE ON SCHEMA public TO kaneo_user;
-      #   ALTER SCHEMA public OWNER TO kaneo_user;
-      external:
-        enabled: false
-        host: ""
-        port: 5432
-        database: kaneo
-        username: kaneo_user
-        password: ""
-        # Use existing secret for external database credentials in the form of a uri, e.g.: "postgresql://user:pass@host:port/db"
-        existingSecret:
-          enabled: false
-          name: ""
-          passwordKey: postgres_uri
-  livenessProbe:
-    httpGet:
-      path: /me
-      port: api
-    initialDelaySeconds: 30
-    periodSeconds: 10
-  readinessProbe:
-    httpGet:
-      path: /me
-      port: api
-    initialDelaySeconds: 5
-    periodSeconds: 10
-# Web frontend configuration
-web:
-  image:
-    repository: ghcr.io/usekaneo/web
-    tag: latest
-    pullPolicy: IfNotPresent
-  # Environment variables for the Web
-  env:
-    # Optional: Override the default API URL (http://localhost:1337)
-    # The /api path will be automatically appended to the URL
-    # Make sure this url matches the ingress host
-    # apiUrl: "https://kaneo.example.com"
-    apiUrl: ""
-  securityContext: {}
-  service:
-    type: ClusterIP
-    port: 80
-    targetPort: 80
-  # Resources are optional and disabled by default
-  resources: {}
-  # resources:
-  #   limits:
-  #     cpu: 300m
-  #     memory: 256Mi
-  #   requests:
-  #     cpu: 100m
-  #     memory: 128Mi
-
-  livenessProbe:
-    httpGet:
-      path: /
-      port: web
-    initialDelaySeconds: 30
-    periodSeconds: 10
-  readinessProbe:
-    httpGet:
-      path: /
-      port: web
-    initialDelaySeconds: 5
-    periodSeconds: 10
-# Ingress configuration
-ingress:
-  enabled: true
-  className: traefik
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-  hosts:
-    # Use the same host in the web env variable apiUrl (with http:// or https://)
-    - host: projects.dgse.cloud
-      paths:
-        - path: /?(.*)
-          pathType: ImplementationSpecific
-          service: web
-          port: 80
-        - path: /api/?(.*)
-          pathType: ImplementationSpecific
-          service: api
-          port: 1337
-  tls:
-    - projects.dgse.cloud

manifests/artemis/kener/db-cluster.yaml

@@ -0,0 +1,21 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: kener-postgres
+spec:
+  instances: 1
+  managed:
+    roles:
+      - name: kener
+        superuser: true
+        login: true
+  bootstrap:
+    initdb:
+      database: kener
+      owner: kener
+      secret:
+        name: kener-postgres-user
+
+  storage:
+    size: 4Gi
+    storageClass: local-path

manifests/artemis/kener/deployment.yaml

@@ -0,0 +1,79 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kener
+spec:
+  selector:
+    matchLabels:
+      app: kener
+  template:
+    metadata:
+      labels:
+        app: kener
+    spec:
+      containers:
+        - name: kener
+          image: rajnandan1/kener:latest
+          ports:
+            - containerPort: 3000
+              name: http
+          volumeMounts:
+            - name: kener-uploads
+              mountPath: "/app/uploads"
+          env:
+            - name: ORIGIN
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: ORIGIN
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: DATABASE_URL
+            - name: KENER_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: KENER_SECRET_KEY
+            - name: SMTP_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: SMTP_HOST
+            - name: SMTP_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: SMTP_PORT
+            - name: SMTP_USER
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: SMTP_USER
+            - name: SMTP_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: SMTP_PASS
+            - name: SMTP_SECURE
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: SMTP_SECURE
+            - name: SMTP_FROM_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: SMTP_FROM_EMAIL
+            - name: TZ
+              valueFrom:
+                secretKeyRef:
+                  name: kener-secret
+                  key: TZ
+
+      volumes:
+        - name: kener-uploads
+          persistentVolumeClaim:
+            claimName: kener-pvc

manifests/artemis/kener/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+  name: kener-ingress
+spec:
+  rules:
+    - host: monitor.dgse.cloud
+      http:
+        paths:
+          - backend:
+              service:
+                name: kener
+                port:
+                  number: 3000
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - monitor.dgse.cloud
+      secretName: letsencrypt

manifests/artemis/kener/kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata:
+  name: kener
+
+resources:
+  - secret.yaml
+  - db-cluster.yaml
+  - service.yaml
+  - pvc.yaml
+  - deployment.yaml
+  - ingress.yaml

manifests/artemis/kener/pvc.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kener-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi

manifests/artemis/kener/secret.yaml

@@ -0,0 +1,74 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: kener-secret
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: platform
+    kind: ClusterSecretStore
+  target:
+    name: kener-secret
+  data:
+    - secretKey: ORIGIN
+      remoteRef:
+        key: kener
+        property: ORIGIN
+    - secretKey: DATABASE_URL
+      remoteRef:
+        key: kener
+        property: DATABASE_URL
+    - secretKey: KENER_SECRET_KEY
+      remoteRef:
+        key: kener
+        property: KENER_SECRET_KEY
+    - secretKey: SMTP_HOST
+      remoteRef:
+        key: kener
+        property: SMTP_HOST
+    - secretKey: SMTP_PORT
+      remoteRef:
+        key: kener
+        property: SMTP_PORT
+    - secretKey: SMTP_USER
+      remoteRef:
+        key: kener
+        property: SMTP_USER
+    - secretKey: SMTP_PASS
+      remoteRef:
+        key: kener
+        property: SMTP_PASS
+    - secretKey: SMTP_SECURE
+      remoteRef:
+        key: kener
+        property: SMTP_SECURE
+    - secretKey: SMTP_FROM_EMAIL
+      remoteRef:
+        key: kener
+        property: SMTP_FROM_EMAIL
+    - secretKey: TZ
+      remoteRef:
+        key: kener
+        property: TZ
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: kener-postgres-user
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: platform
+    kind: ClusterSecretStore
+  target:
+    name: kener-postgres-user
+  data:
+    - secretKey: username
+      remoteRef:
+        key: kener
+        property: postgres_username
+    - secretKey: password
+      remoteRef:
+        key: kener
+        property: postgres_password

manifests/artemis/kener/service.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kener
+spec:
+  selector:
+    app: kener
+  ports:
+    - protocol: TCP
+      port: 3000
+      targetPort: 3000

manifests/artemis/ntfy/basicauth.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: basic-auth
+spec:
+  basicAuth:
+    secret: basic-auth

manifests/artemis/ntfy/configmap.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ntfy
+data:
+  server.yml: |
+    # Template: https://github.com/binwiederhier/ntfy/blob/main/server/server.yml
+    base-url: https://notifications.dgse.cloud
+    enable-login: true
+    enable-signup: false
+    upstream-base-url: "https://ntfy.sh"

manifests/artemis/ntfy/deployment.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ntfy
+spec:
+  selector:
+    matchLabels:
+      app: ntfy
+  template:
+    metadata:
+      labels:
+        app: ntfy
+    spec:
+      containers:
+        - name: ntfy
+          image: binwiederhier/ntfy
+          args: ["serve"]
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
+          ports:
+            - containerPort: 80
+              name: http
+          volumeMounts:
+            - name: config
+              mountPath: "/etc/ntfy"
+              readOnly: true
+      volumes:
+        - name: config
+          configMap:
+            name: ntfy

manifests/artemis/ntfy/ingress.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ntfy-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`notifications.dgse.cloud`)
+      kind: Rule
+      middlewares:
+        - name: basic-auth
+      services:
+        - name: ntfy
+          port: 80
+  tls:
+    secretName: letsencrypt

manifests/artemis/ntfy/service.yaml

@@ -0,0 +1,12 @@
+---
+# Basic service for port 80
+apiVersion: v1
+kind: Service
+metadata:
+  name: ntfy
+spec:
+  selector:
+    app: ntfy
+  ports:
+    - port: 80
+      targetPort: 80

manifests/artemis/osx/deployment.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: macos
+  labels:
+    name: macos
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: macos
+  template:
+    metadata:
+      labels:
+        app: macos
+    spec:
+      containers:
+        - name: macos
+          image: dockurr/macos
+          env:
+            - name: VERSION
+              value: "14"
+            - name: DISK_SIZE
+              value: "64G"
+            - name: KVM
+              value: "N"
+          ports:
+            - containerPort: 8006
+              name: http
+              protocol: TCP
+            - containerPort: 5900
+              name: vnc
+              protocol: TCP
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+            privileged: true
+          volumeMounts:
+            - mountPath: /storage
+              name: storage
+            - mountPath: /dev/kvm
+              name: dev-kvm
+            - mountPath: /dev/net/tun
+              name: dev-tun
+      terminationGracePeriodSeconds: 120
+      volumes:
+        - name: storage
+          persistentVolumeClaim:
+            claimName: macos-pvc
+        - hostPath:
+            path: /dev/kvm
+          name: dev-kvm
+        - hostPath:
+            path: /dev/net/tun
+            type: CharDevice
+          name: dev-tun

manifests/artemis/osx/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+  name: osx-ingress
+spec:
+  rules:
+    - host: osx.dgse.cloud
+      http:
+        paths:
+          - backend:
+              service:
+                name: macos
+                port:
+                  number: 8006
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - osx.dgse.cloud
+      secretName: letsencrypt

manifests/artemis/osx/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - service.yaml
+  - deployment.yaml
+  - pvc.yaml

manifests/artemis/osx/pvc.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: macos-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 64Gi

manifests/artemis/osx/service.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: macos
+spec:
+  internalTrafficPolicy: Cluster
+  ports:
+    - name: http
+      port: 8006
+      protocol: TCP
+      targetPort: 8006
+    - name: vnc
+      port: 5900
+      protocol: TCP
+      targetPort: 5900
+  selector:
+    app: macos
+  type: ClusterIP

manifests/artemis/penpot/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: penpot
     repo: http://helm.penpot.app
-    version: 0.32.0
+    version: 0.30.0
     releaseName: penpot
     namespace: penpot
     valuesFile: values.yaml

manifests/artemis/vault/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: vault
     repo: https://helm.releases.hashicorp.com/
-    version: 0.31.0
+    version: 0.32.0
     releaseName: vault
     namespace: vault
     valuesFile: values.yaml

manifests/artemis/vaultwarden/kustomization.yaml

@@ -7,7 +7,7 @@ metadata:
 helmCharts:
   - name: vaultwarden
     repo: https://guerzon.github.io/vaultwarden/
-    version: 0.34.6
+    version: 0.34.4
     releaseName: vaultwarden
     namespace: vaultwarden
     valuesFile: values.yaml