Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: Mafyuh/iac
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: a786a607b7a16140684a32f242afec65e4b35369
Choose a base ref
..
head repository: Mafyuh/iac
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: be54484f0ab2ae89c11cf128eff9ef5cee238bdb
Choose a head ref
53 changes: 32 additions & 21 deletions .forgejo/workflows/CD.yml
Original file line number Diff line number Diff line change
@@ -36,71 +36,82 @@ jobs:
shell: bash
run: |
IFS=' ' read -r -a folder_array <<< "${{ steps.detect-changes.outputs.folders }}"
hosts=""
folders=""
for folder in "${folder_array[@]}"; do
case $folder in
actual)
target_host="ubu.lan"
host="ubu.lan"
;;
arrs)
target_host="arrs.lan"
host="arrs.lan"
;;
arm)
target_host="arm.lan"
host="arm.lan"
;;
AI)
target_host="ai.lan"
host="ai.lan"
;;
authentik)
target_host="auth.lan"
host="auth.lan"
;;
ag-main)
target_host="dns.lan"
host="dns.lan"
;;
exporters)
target_host="all"
host="all"
;;
grafana)
target_host="ubu.lan"
host="ubu.lan"
;;
jellyfin)
target_host="jf.lan"
host="jf.lan"
;;
kasm)
target_host="kasm.lan"
host="kasm.lan"
;;
netboot)
target_host="netboot.lan"
host="netboot.lan"
;;
nexterm)
target_host="ubu.lan"
host="ubu.lan"
;;
npm)
target_host="npm.lan"
host="npm.lan"
;;
plex)
target_host="plex.lan"
host="plex.lan"
;;
paperless)
target_host="ubu.lan"
host="ubu.lan"
;;
portainer)
target_host="port.lan"
host="port.lan"
;;
runner)
target_host="runner.lan"
host="runner.lan"
;;
# Add cases for other folders/hosts
*)
echo "Unknown folder: $folder"
exit 1
;;
esac
echo "Deploying to $target_host for folder $folder"
echo "target_host=$target_host" >> $GITHUB_ENV
echo "folder=$folder" >> $GITHUB_ENV
if [ -z "$hosts" ]; then
hosts="$host"
folders="$folder"
else
hosts="$hosts,$host"
folders="$folders,$folder"
fi
done
echo "Deploying to hosts: $hosts for folders: $folders"
echo "target_host=$hosts" >> $GITHUB_ENV
echo "folder=$folders" >> $GITHUB_ENV
- name: Get Secrets from Bitwarden
id: bitwarden-secrets
uses: https://github.com/bitwarden/sm-action@v2
43 changes: 28 additions & 15 deletions .github/renovate.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
"config:recommended"
],
"flux": {
"fileMatch": [
@@ -14,26 +14,39 @@
]
},
"packageRules": [
{
"matchPackageNames": ["authentik"],
"registryUrls": ["https://charts.goauthentik.io"]
},
{
"matchPackageNames": ["ingress-nginx"],
"registryUrls": ["https://kubernetes.github.io/ingress-nginx"]
},
{
"matchPackageNames": ["reflector"],
"registryUrls": ["https://emberstack.github.io/helm-charts"]
}
],
{
"matchPackageNames": [
"authentik"
],
"registryUrls": [
"https://charts.goauthentik.io"
]
},
{
"matchPackageNames": [
"ingress-nginx"
],
"registryUrls": [
"https://kubernetes.github.io/ingress-nginx"
]
},
{
"matchPackageNames": [
"reflector"
],
"registryUrls": [
"https://emberstack.github.io/helm-charts"
]
}
],
"kubernetes": {
"fileMatch": [
"(^|/)kubernetes/.+\\.ya?ml$"
]
},
"regexManagers": [
"customManagers": [
{
"customType": "regex",
"fileMatch": [
"(^|/)kubernetes/apps/.+/helmrelease\\.ya?ml$"
],
4 changes: 2 additions & 2 deletions ansible/playbooks/deploy-docker.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
- name: Deploy application
hosts: "{{ target_host }}"
hosts: "{{ target_host.split(',') | join(',') }}"
vars:
repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder }}"
repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder.split(',') | join(',') }}"
secrets_mapping_file: "/home/{{ ansible_user }}/iac/docker/secret-mappings.yml"
tasks:
- name: Ensure the repository is up-to-date
4 changes: 2 additions & 2 deletions docker/AI/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
ollama:
image: ollama/ollama:0.5.9
image: ollama/ollama:0.5.10
container_name: ollama
restart: unless-stopped
networks:
@@ -18,7 +18,7 @@ services:
capabilities: [gpu]

open-webui:
image: ghcr.io/open-webui/open-webui:v0.5.11
image: ghcr.io/open-webui/open-webui:0.5.12
container_name: open-webui
restart: unless-stopped
networks:
4 changes: 2 additions & 2 deletions docker/arm/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -133,7 +133,7 @@ services:
networks:
- gitea_main
n8n:
image: ghcr.io/n8n-io/n8n:1.79.0
image: ghcr.io/n8n-io/n8n:1.79.1
container_name: n8n
ports:
- 5678:5678
@@ -187,7 +187,7 @@ services:
- postgres

syncthing:
image: ghcr.io/linuxserver/syncthing@sha256:c04574ea8538099697d9668a1e3667b9dd91a17f6e4fc3fb6fbe8e52d8ce91ec
image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
container_name: syncthing
hostname: ARM
environment:
6 changes: 3 additions & 3 deletions docker/arrs/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -48,7 +48,7 @@ services:
- PGID=1000

radarr:
image: ghcr.io/linuxserver/radarr@sha256:f4c9c64c42e84a3c03590afd9da2e420c69b5e936b4549778c5d4c00d907ba33
image: ghcr.io/linuxserver/radarr@sha256:1184ee84bc5329c4f62c070a04d73eaf7918878410ca48a1f3dbf82b684eee27
container_name: radarr
ports:
- "7878:7878"
@@ -65,7 +65,7 @@ services:
- apparmor:unconfined

sonarr:
image: ghcr.io/linuxserver/sonarr@sha256:20b81f5054d31f0151be3c5e282a85361cc24b7ffaab67a997bb4379caa8485b
image: ghcr.io/linuxserver/sonarr@sha256:28d9dcbc846aed74bd47dc90305e016183443ddc3dfa3e8bcac268fc653a6e5e
container_name: sonarr
ports:
- "8989:8989"
@@ -129,7 +129,7 @@ services:
restart: unless-stopped

syncthing:
image: ghcr.io/linuxserver/syncthing@sha256:c04574ea8538099697d9668a1e3667b9dd91a17f6e4fc3fb6fbe8e52d8ce91ec
image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
container_name: syncthing
hostname: ARRS
environment:
4 changes: 2 additions & 2 deletions docker/grafana/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -40,7 +40,7 @@ services:
- grafana

loki:
image: grafana/loki:3.3.2
image: grafana/loki:3.4.2
container_name: loki
volumes:
- /docker/appdata/loki:/etc/loki
@@ -52,7 +52,7 @@ services:
- grafana

promtail:
image: grafana/promtail:3.3.2
image: grafana/promtail:3.4.2
container_name: promtail
volumes:
- /var/log:/var/log
6 changes: 3 additions & 3 deletions docker/jellyfin/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
services:
jellyfin:
image: ghcr.io/linuxserver/jellyfin@sha256:229f348800b9e2683d2a37f9fa7300a045a8d777f6fb9a5c7c39542c8a5d4373
image: ghcr.io/linuxserver/jellyfin@sha256:7cdcd4b6b60765290af7a2740960ce30c1f5548313ae60f7e23f6995ed4d147e
container_name: jellyfin
devices:
- /dev/dri/renderD129:/dev/dri/renderD129
@@ -23,7 +23,7 @@ services:
- apparmor:unconfined

makemkv:
image: jlesage/makemkv@sha256:ca6d9778b679ea2a51a10592a7756f93acca4f7a7142d787e9959921cd6bc547
image: jlesage/makemkv@sha256:c0fa01dabfd36bc72cec432e695132b6c78ae9403bb134e82c452935d3681766
container_name: makemkv
ports:
- 5800:5800
@@ -40,7 +40,7 @@ services:
- apparmor:unconfined

syncthing:
image: ghcr.io/linuxserver/syncthing@sha256:c04574ea8538099697d9668a1e3667b9dd91a17f6e4fc3fb6fbe8e52d8ce91ec
image: ghcr.io/linuxserver/syncthing@sha256:c112da0ec1025ac250ef5272186eb6d6cf1f2777747288c8c526b4a894b8b1b3
container_name: syncthing
hostname: JF
environment:
4 changes: 2 additions & 2 deletions docker/kasm/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
services:
kasm:
image: ghcr.io/linuxserver/kasm@sha256:b93c0d0d67148417db80fb053e4fa36b4c9d83972a88b247d40573ff0267aa63
image: ghcr.io/linuxserver/kasm@sha256:5ff0ef8bd7f279cb6806aae9caabe5457eaadd89fb0f02e63ce26dcdac747d10
container_name: kasm
privileged: true
environment:
@@ -24,7 +24,7 @@ services:

minio:
command: server /data --console-address ":9001"
image: minio/minio@sha256:a62e44a7db506b8ed114a44e67b4996c4f1ecca981d9c6e40aa2581334999313
image: minio/minio@sha256:640c22768ed5dbc92eacc14502a1b06a1c708fa60431345c78dfc22917062e93
environment:
- MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD
- MINIO_ROOT_USER=mafyuh
2 changes: 1 addition & 1 deletion docker/netboot/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
services:
netbootxyz:
image: ghcr.io/linuxserver/netbootxyz@sha256:38a0a001182533d929d094bea6de932cded1f9fa52872789121cedc8110d7eab
image: ghcr.io/linuxserver/netbootxyz@sha256:dfc1542b3ce301f9cacf68859eb216fd5ffb58b92b0f33efdd181bc3c33906d8
container_name: netboot
environment:
- PUID=1000
2 changes: 1 addition & 1 deletion docker/plex/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
plex:
image: ghcr.io/linuxserver/plex@sha256:a0a83cc0f305e92d3885fb2b414c7299606427358bb2f0b38d20e0c3e3eeb094
image: ghcr.io/linuxserver/plex@sha256:76d2cf7acc05bba64356dc47fa8d061135519f380c86d0a9a46a48c6bb37102e
container_name: plex
network_mode: host
environment:
2 changes: 1 addition & 1 deletion kubernetes/apps/production/arr/qbitty/deployment.yaml
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: qbitty
image: ghcr.io/hotio/qbittorrent@sha256:170e632840122025ebbb4b4a1f88522ed46f79ce0c935784700b9ad31dd6184e
image: ghcr.io/hotio/qbittorrent@sha256:43312cb59ec3054d99848481f0913336275b7afa18ef814d2091e0b87509fc23
imagePullPolicy: IfNotPresent
env:
- name: VPN_ENABLED
9 changes: 9 additions & 0 deletions kubernetes/apps/production/arr/radarr/ingress.yaml
Original file line number Diff line number Diff line change
@@ -3,6 +3,15 @@ kind: Ingress
metadata:
name: radarr
namespace: arr
annotations:
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
https://radarr.local.mafyuh.dev/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
spec:
ingressClassName: nginx
rules:
2 changes: 1 addition & 1 deletion kubernetes/apps/production/arr/sonarr/deployment.yaml
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@ spec:
fsGroupChangePolicy: OnRootMismatch
containers:
- name: sonarr
image: ghcr.io/onedr0p/sonarr:rolling@sha256:55c6878a5367fc2398d15c9a16a70653f5e5f42c9fe9b708a038f2781fb0360f
image: ghcr.io/onedr0p/sonarr:rolling@sha256:004aa9dc8e670e28b3ee2dc65b3b850ea3bd5a45d3c5ce5068bc4d45583c1770
imagePullPolicy: IfNotPresent
resources:
requests:
8 changes: 6 additions & 2 deletions kubernetes/apps/production/nginx/helmrelease.yaml
Original file line number Diff line number Diff line change
@@ -16,5 +16,9 @@ spec:
namespace: flux-system
values:
controller:
service:
type: LoadBalancer
allowSnippetAnnotations: "true"
config:
annotations-risk-level: "Critical"
enable-annotation-validation: false
service:
type: LoadBalancer
2 changes: 1 addition & 1 deletion terraform/main.tf
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@ terraform {
required_providers {
proxmox = {
source = "bpg/proxmox"
version = "0.70.1"
version = "0.71.0"
}
bitwarden-secrets = {
source = "sebastiaan-dev/bitwarden-secrets"
2 changes: 1 addition & 1 deletion terraform/proxmox/provider.tf
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@ terraform {
required_providers {
proxmox = {
source = "bpg/proxmox"
version = "0.70.1"
version = "0.71.0"
}
bitwarden-secrets = {
source = "sebastiaan-dev/bitwarden-secrets"