Merge branch 'main' into authentik

2024-11-07 17:03:59 +01:00 · 2024-03-26 13:36:29 +01:00 · 2024-03-26 13:36:29 +01:00 · ed2e1e74dc
commit ed2e1e74dc
parent 6ad4e19da2 6c3b88fb95
30 changed files with 272 additions and 162 deletions
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -1,12 +1,5 @@
 ### Pull Request
-*Please write all text in English in order to facilitate communication and collaboration, and follow this checklist. It will help the contributors to review your PR. Thank you!*
+*Please write all text in English in order to facilitate communication and collaboration. Thank you!*
 - [ ] My pull request has a descriptive title. (unlike `Update index.md`). Check [this](https://www.conventionalcommits.org/en/v1.0.0/) guide regarding titles.
 - [ ] If applicable, I have tested these changes locally.
 *If your pull request closes a GitHub issue, replace the XXXXX below with the issue number.*
 Closes #XXXXX
 ---
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,7 @@
-.obsidian
+# Ignore local development files
 **/.vscode
 **/.env
 **/.DS_Store
 # Docker Secrets, Environment Files
 **/secret.*
 **/.env
--- a/docker-compose/ansiblesemaphore/docker-compose.yaml
+++ b/docker-compose/ansiblesemaphore/docker-compose.yaml
@ -4,7 +4,7 @@ volumes:
    driver: local
 services:
  mysql:
-    image: mysql:8.0
+    image: mysql:8.3
    hostname: mysql
    volumes:
      - semaphore-mysql:/var/lib/mysql
@ -16,7 +16,7 @@ services:
    restart: unless-stopped
  semaphore:
    container_name: ansiblesemaphore
-    image: semaphoreui/semaphore:v2.9.45
+    image: semaphoreui/semaphore:v2.9.58
    user: "${UID}:${GID}"
    ports:
      - 3000:3000
--- a/docker-compose/cadvisor/docker-compose.yaml
+++ b/docker-compose/cadvisor/docker-compose.yaml
@ -1,17 +1,17 @@
---
+---
-services:
+services:
-  cadvisor:
+  cadvisor:
-    image: gcr.io/cadvisor/cadvisor:v0.47.0     
+    image: gcr.io/cadvisor/cadvisor:v0.49.1
-    container_name: cadvisor
+    container_name: cadvisor
-    ports:
+    ports:
-      - 8080:8080
+      - 8080:8080
-    volumes:
+    volumes:
-      - /:/rootfs:ro
+      - /:/rootfs:ro
-      - /var/run:/var/run:ro
+      - /var/run:/var/run:ro
-      - /sys:/sys:ro
+      - /sys:/sys:ro
-      - /var/lib/docker/:/var/lib/docker:ro
+      - /var/lib/docker/:/var/lib/docker:ro
-      - /dev/disk/:/dev/disk:ro
+      - /dev/disk/:/dev/disk:ro
-    devices:
+    devices:
-      - /dev/kmsg
+      - /dev/kmsg
-    privileged: true
+    privileged: true
-    restart: unless-stopped
+    restart: unless-stopped
--- a/docker-compose/grafana/docker-compose.yaml
+++ b/docker-compose/grafana/docker-compose.yaml
@ -4,7 +4,7 @@ volumes:
    driver: local
 services:
  grafana:
-    image: grafana/grafana-oss:10.3.3
+    image: docker.io/grafana/grafana-oss:10.4.1
    container_name: grafana
    ports:
      - "3000:3000"
--- a/docker-compose/heimdall/docker-compose.yaml
+++ b/docker-compose/heimdall/docker-compose.yaml
@ -1,7 +1,7 @@
 ---
 services:
  heimdall:
-    image: lscr.io/linuxserver/heimdall:2.6.1
+    image: lscr.io/linuxserver/heimdall:2021.11.28
    container_name: heimdall
    environment:
      - PUID=1000
--- a/docker-compose/homeassistant/docker-compose.yaml
+++ b/docker-compose/homeassistant/docker-compose.yaml
@ -2,10 +2,11 @@
 services:
  homeassistant:
    container_name: homeassistant
-    image: "ghcr.io/home-assistant/home-assistant:2023.6"
+    image: ghcr.io/home-assistant/home-assistant:2024.3.3
    volumes:
      - ./config:/config
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
    # devices:
    #   - /dev/ttyACMO  # (optional) Add serial devices to the container
    privileged: true
--- a/docker-compose/homepage/docker-compose.yaml
+++ b/docker-compose/homepage/docker-compose.yaml
@ -0,0 +1,33 @@
 ---
 services:
  homepage:
    image: ghcr.io/gethomepage/homepage::v0.8.9
    container_name: homepage
    environment:
      - LOG_LEVEL=info
    # (Optional) Run as a specific user
    #   - PUID=your-user-id
    #   - PGID=your-group-id
    # (Optional) For secret variables
    #   - HOMEPAGE_VAR_YOURSECRET=your-secret-key
    ports:
      - 3000:3000
    volumes:
      - ./config:/app/config
      - ./images:/app/images  # for custom background images
      - ./icons:/app/icons  # for custom icons
    restart: unless-stopped
  # (Optional) For secure docker socket integration
  # dockerproxy:
  #   image: ghcr.io/tecnativa/docker-socket-proxy:v0.1.1
  #   container_name: homepage-demo-1-dockerproxy
  #   environment:
  #     - CONTAINERS=1 # Allow access to viewing containers
  #     - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
  #     - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
  #     - POST=0 # Disallow any POST operations (effectively read-only)
  #   ports:
  #     - 127.0.0.1:2375:2375
  #   volumes:
  #     - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
  #   restart: unless-stopped
--- a/docker-compose/nextcloud/docker-compose.yaml
+++ b/docker-compose/nextcloud/docker-compose.yaml
@ -19,7 +19,7 @@ services:
  nextcloud-db:
    # See compatibility matrix for Nextcloud 28
    # https://docs.nextcloud.com/server/28/admin_manual/installation/system_requirements.html
-    image: docker.io/library/mariadb:10.6.17
+    image: docker.io/library/mariadb:11.3.2
    container_name: nextcloud-db
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
--- a/docker-compose/nginxproxymanager/docker-compose.yaml
+++ b/docker-compose/nginxproxymanager/docker-compose.yaml
@ -5,7 +5,7 @@ volumes:
  nginxproxymanager-db:
 services:
  nginxproxymanager:
-    image: jc21/nginx-proxy-manager:2.10.3
+    image: docker.io/jc21/nginx-proxy-manager:2.11.1
    ports:
      - 80:80
      - 81:81
@ -20,7 +20,7 @@ services:
      - nginxproxymanager-data:/data
      - nginxproxymanager-ssl:/etc/letsencrypt
  nginxproxymanager-db:
-    image: jc21/mariadb-aria:10.4.15
+    image: jc21/mariadb-aria:10.11.5
    environment:
      - MYSQL_ROOT_PASSWORD=npm
      - MYSQL_DATABASE=npm
--- a/docker-compose/nodeexporter/docker-compose.yaml
+++ b/docker-compose/nodeexporter/docker-compose.yaml
@ -1,10 +1,10 @@
---
+---
-services:
+services:
-  node_exporter:
+  node_exporter:
-    image: quay.io/prometheus/node-exporter:v1.5.0
+    image: quay.io/prometheus/node-exporter:v1.7.0
-    container_name: node_exporter
+    container_name: node_exporter
-    command: "--path.rootfs=/host"
+    command: "--path.rootfs=/host"
-    pid: host
+    pid: host
-    restart: unless-stopped
+    restart: unless-stopped
-    volumes:
+    volumes:
      - /:/host:ro,rslave
--- a/docker-compose/nvidiasmi/docker-compose.yaml
+++ b/docker-compose/nvidiasmi/docker-compose.yaml
@ -1,7 +1,7 @@
 ---
 services:
  nvidia_smi_exporter:
-    image: utkuozdemir/nvidia_gpu_exporter:0.3.0
+    image: utkuozdemir/nvidia_gpu_exporter:1.2.0
    container_name: nvidia_smi_exporter
    runtime: nvidia
    environment:
--- a/docker-compose/passbolt/docker-compose.yaml
+++ b/docker-compose/passbolt/docker-compose.yaml
@ -6,7 +6,7 @@ volumes:
 services:
  passbolt-db:
    container_name: passbolt-db
-    image: mariadb:10.3
+    image: mariadb:11.3
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=true
      - MYSQL_DATABASE=$PASSBOLT_DB_NAME
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@ -0,0 +1,45 @@
 ---
 services:
  postgres:
    image: postgres:16.2
    container_name: postgres
    environment:
      - POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums}
      - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD-}
      - POSTGRES_USER=${POSTGRES_USER:-postgres}
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - POSTGRES_DB=${POSTGRES_DB:-$POSTGRES_USER}
      - TZ=${TZ:-UTC}
    ports:
      - 5432:5432
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-postgres}"']
      start_period: 30s
      interval: 10s
      timeout: 10s
      retries: 5
    # (Optional)  When using custom network, see also
    #             https://docs.docker.com/compose/compose-file/compose-file-v3/#networks
    #
    # networks:
    #   - yournetwork
    secrets:
      - postgres_password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
 # (Optional)  When using custom network, see also
 #             https://docs.docker.com/compose/compose-file/compose-file-v3/#network-configuration-reference
 #
 # networks:
 #   yournetwork:
 #     external: true
 secrets:
  postgres_password:
    file: secret.postgres_password.txt
 volumes:
  postgres_data:
    driver: local
--- a/docker-compose/prometheus/config/prometheus.yml
+++ b/docker-compose/prometheus/config/prometheus.yml
@ -1,27 +1,27 @@
-global:
+global:
-  scrape_interval:     15s # By default, scrape targets every 15 seconds.
+  scrape_interval:     15s # By default, scrape targets every 15 seconds.
-
+
-  # Attach these labels to any time series or alerts when communicating with
+  # Attach these labels to any time series or alerts when communicating with
-  # external systems (federation, remote storage, Alertmanager).
+  # external systems (federation, remote storage, Alertmanager).
-  # external_labels:
+  # external_labels:
-  #  monitor: 'codelab-monitor'
+  #  monitor: 'codelab-monitor'
-
+
-# A scrape configuration containing exactly one endpoint to scrape:
+# A scrape configuration containing exactly one endpoint to scrape:
-# Here it's Prometheus itself.
+# Here it's Prometheus itself.
-scrape_configs:
+scrape_configs:
-  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
-  - job_name: 'prometheus'
+  - job_name: 'prometheus'
-    # Override the global default and scrape targets from this job every 5 seconds.
+    # Override the global default and scrape targets from this job every 5 seconds.
-    scrape_interval: 5s
+    scrape_interval: 5s
-    static_configs:
+    static_configs:
-      - targets: ['localhost:9090']
+      - targets: ['localhost:9090']
-
+
-  # Example job for node_exporter
+  # Example job for node_exporter
-  # - job_name: 'node_exporter'
+  # - job_name: 'node_exporter'
-  #   static_configs:
+  #   static_configs:
-  #     - targets: ['node_exporter:9100']
+  #     - targets: ['node_exporter:9100']
-
+
-  # Example job for cadvisor
+  # Example job for cadvisor
-  # - job_name: 'cadvisor'
+  # - job_name: 'cadvisor'
-  #   static_configs:
+  #   static_configs:
-  #     - targets: ['cadvisor:8080']
+  #     - targets: ['cadvisor:8080']
--- a/docker-compose/prometheus/docker-compose.yaml
+++ b/docker-compose/prometheus/docker-compose.yaml
@ -4,7 +4,7 @@ volumes:
    driver: local
 services:
  prometheus:
-    image: prom/prometheus:v2.50.1
+    image: prom/prometheus:v2.51.0
    container_name: prometheus
    ports:
      - 9090:9090
--- a/docker-compose/teleport/docker-compose.yaml
+++ b/docker-compose/teleport/docker-compose.yaml
@ -5,7 +5,7 @@
 #     external: true
 services:
  teleport:
-    image: public.ecr.aws/gravitational/teleport-distroless:13
+    image: public.ecr.aws/gravitational/teleport-distroless:15
    container_name: teleport
    ports:
      # -- (Optional) Remove this section, when using Traefik
--- a/docker-compose/traefik/config/conf/example-externalservice.yaml
+++ b/docker-compose/traefik/config/conf/example-externalservice.yaml
@ -0,0 +1,16 @@
 http:
  routers:
    your-local-router:
      rule: "Host(`your-local-service.your-domain.com`) && PathPrefix(`/`)"
      service: your-local-service
      priority: 1000
      entryPoints:
        - web
        # (optional) Permanent Redirect to HTTPS
        # - websecure
  services:
    your-local-service:
      loadBalancer:
        servers:
          - url: "http://your-local-service:port"
--- a/kubernetes/traefik/values.yml
+++ b/kubernetes/traefik/values.yml
@ -84,7 +84,7 @@ deployment:
    # The "volume-permissions" init container is required if you run into permission issues.
    # Related issue: https://github.com/containous/traefik/issues/6972
    - name: volume-permissions
-      image: busybox:1.31.1
+      image: busybox:1.36.1
      command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"]
      volumeMounts:
        - name: ssl-certs
--- a/renovate.json
+++ b/renovate.json
@ -0,0 +1,19 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "labels": ["renovate"],
  "packageRules": [
    {
      "depTypeList": [ "devDependencies", "require-dev" ],
      "updateTypes": [ "patch", "minor", "digest"],
      "groupName": "devDependencies (non-major)"
    }
  ],
  "extends": [
    "config:base",
    ":preserveSemverRanges",
    ":dependencyDashboard",
    ":rebaseStalePrs",
    ":enableVulnerabilityAlertsWithLabel('security')",
    "group:recommended"
  ]
 }
--- a/terraform/cloudflare/provider.tf
+++ b/terraform/cloudflare/provider.tf
@ -8,7 +8,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "~> 3.0"
+      version = "~> 4.0"
    }
  }
 }
--- a/terraform/kubectl/provider.tf
+++ b/terraform/kubectl/provider.tf
@ -9,7 +9,7 @@ terraform {
    required_providers {
        kubectl = {
            source = "gavinbunney/kubectl"
-            version = "1.13.1"
+            version = "1.14.0"
        }
    }
 }
--- a/terraform/kubernetes/provider.tf
+++ b/terraform/kubernetes/provider.tf
@ -9,7 +9,7 @@ terraform {
    required_providers {
        kubernetes = {
            source = "hashicorp/kubernetes"
-            version = "2.8.0"     
+            version = "2.27.0"     
        }
    }
 }
--- a/terraform/templates/cloud-deployment-example/main.tf
+++ b/terraform/templates/cloud-deployment-example/main.tf
@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
        source = "cloudflare/cloudflare"
-        version = "~> 3.0"
+        version = "~> 4.0"
    }
    civo = {
        source = "civo/civo"
--- a/terraform/templates/kubernetes-automation-example/provider.tf
+++ b/terraform/templates/kubernetes-automation-example/provider.tf
@ -9,19 +9,19 @@ terraform {
        }
        helm = {
            source = "hashicorp/helm"
-            version = "2.4.1"
+            version = "2.12.1"
        }
        kubernetes = {
            source = "hashicorp/kubernetes"
-            version = "2.8.0"     
+            version = "2.27.0"     
        }
        kubectl = {
            source = "gavinbunney/kubectl"
-            version = "1.13.1"
+            version = "1.14.0"
        }
        cloudflare = {
            source = "cloudflare/cloudflare"
-            version = "~> 3.0"
+            version = "~> 4.0"
        }
    }
 }
--- a/terraform/templates/simple-docker-example/main.tf
+++ b/terraform/templates/simple-docker-example/main.tf
@ -2,7 +2,7 @@ terraform {
  required_providers {
    docker = {
      source = "kreuzwerker/docker"
-      version = "~> 2.13.0"
+      version = "~> 3.0.0"
    }
  }
 }
--- a/vagrant/hyperv/ubuntu/docker/Vagrantfile
+++ b/vagrant/hyperv/ubuntu/docker/Vagrantfile
@ -1,20 +1,20 @@
-# -*- mode: ruby -*-
+# -*- mode: ruby -*-
-# vi: set ft=ruby :
+# vi: set ft=ruby :
-
+
-Vagrant.configure("2") do |config|
+Vagrant.configure("2") do |config|
-  config.vm.box = "generic/ubuntu2004"
+  config.vm.box = "generic/ubuntu2004"
-  config.vm.network "public_network"
+  config.vm.network "public_network"
-  config.vm.synced_folder ".", "/vagrant_data", disabled: true
+  config.vm.synced_folder ".", "/vagrant_data", disabled: true
-  config.vm.provider "hyperv"
+  config.vm.provider "hyperv"
-  config.vm.provider "hyperv" do |h|
+  config.vm.provider "hyperv" do |h|
-    h.enable_virtualization_extensions = false
+    h.enable_virtualization_extensions = false
-    h.linked_clone = true
+    h.linked_clone = true
-    h.memory = 2048
+    h.memory = 2048
-    h.vmname = "ubuntu_docker_1"
+    h.vmname = "ubuntu_docker_1"
-  end
+  end
-
+
-  config.vm.provision "ansible" do |a|
+  config.vm.provision "ansible" do |a|
-    a.verbose = "v"
+    a.verbose = "v"
-    a.playbook = "playbook.yaml"
+    a.playbook = "playbook.yaml"
-  end
+  end
-end
+end
--- a/vagrant/hyperv/ubuntu/microk8s-installed/Vagrantfile
+++ b/vagrant/hyperv/ubuntu/microk8s-installed/Vagrantfile
@ -1,20 +1,20 @@
-# -*- mode: ruby -*-
+# -*- mode: ruby -*-
-# vi: set ft=ruby :
+# vi: set ft=ruby :
-
+
-Vagrant.configure("2") do |config|
+Vagrant.configure("2") do |config|
-  config.vm.box = "generic/ubuntu2004"
+  config.vm.box = "generic/ubuntu2004"
-  config.vm.network "public_network"
+  config.vm.network "public_network"
-  config.vm.synced_folder ".", "/vagrant_data", disabled: true
+  config.vm.synced_folder ".", "/vagrant_data", disabled: true
-  config.vm.provider "hyperv"
+  config.vm.provider "hyperv"
-  config.vm.provider "hyperv" do |h|
+  config.vm.provider "hyperv" do |h|
-    h.enable_virtualization_extensions = false
+    h.enable_virtualization_extensions = false
-    h.linked_clone = true
+    h.linked_clone = true
-    h.memory = 2048
+    h.memory = 2048
-    h.vmname = "ubuntu_plain_1"
+    h.vmname = "ubuntu_plain_1"
-  end
+  end
-
+
-  config.vm.provision "ansible" do |a|
+  config.vm.provision "ansible" do |a|
-    a.verbose = "v"
+    a.verbose = "v"
-    a.playbook = "playbook.yaml"
+    a.playbook = "playbook.yaml"
-  end
+  end
-end
+end
--- a/vagrant/hyperv/ubuntu/plain-with-cockpit/Vagrantfile
+++ b/vagrant/hyperv/ubuntu/plain-with-cockpit/Vagrantfile
@ -1,22 +1,22 @@
-# -*- mode: ruby -*-
+# -*- mode: ruby -*-
-# vi: set ft=ruby :
+# vi: set ft=ruby :
-
+
-Vagrant.configure("2") do |config|
+Vagrant.configure("2") do |config|
-  config.vm.box = "generic/ubuntu2004"
+  config.vm.box = "generic/ubuntu2004"
-  config.vm.network "public_network", bridge: "BRIDGE"
+  config.vm.network "public_network", bridge: "BRIDGE"
-  config.vm.synced_folder ".", "/vagrant_data", disabled: true
+  config.vm.synced_folder ".", "/vagrant_data", disabled: true
-  config.vm.provider "hyperv"
+  config.vm.provider "hyperv"
-  config.vm.hostname = "ubuntu_plan-with-cockpit-1"
+  config.vm.hostname = "ubuntu_plan-with-cockpit-1"
-
+
-  config.vm.provider "hyperv" do |h|
+  config.vm.provider "hyperv" do |h|
-    h.enable_virtualization_extensions = false
+    h.enable_virtualization_extensions = false
-    h.linked_clone = true
+    h.linked_clone = true
-    h.memory = 2048
+    h.memory = 2048
-    h.vmname = "ubuntu_plan-with-cockpit-1"
+    h.vmname = "ubuntu_plan-with-cockpit-1"
-  end
+  end
-
+
-  config.vm.provision "ansible" do |a|
+  config.vm.provision "ansible" do |a|
-    a.verbose = "v"
+    a.verbose = "v"
-    a.playbook = "playbook.yaml"
+    a.playbook = "playbook.yaml"
-  end
+  end
-end
+end
--- a/vagrant/hyperv/ubuntu/plain/Vagrantfile
+++ b/vagrant/hyperv/ubuntu/plain/Vagrantfile
@ -1,15 +1,15 @@
-# -*- mode: ruby -*-
+# -*- mode: ruby -*-
-# vi: set ft=ruby :
+# vi: set ft=ruby :
-
+
-Vagrant.configure("2") do |config|
+Vagrant.configure("2") do |config|
-  config.vm.box = "generic/ubuntu2004"
+  config.vm.box = "generic/ubuntu2004"
-  config.vm.network "public_network"
+  config.vm.network "public_network"
-  config.vm.synced_folder ".", "/vagrant_data", disabled: true
+  config.vm.synced_folder ".", "/vagrant_data", disabled: true
-  config.vm.provider "hyperv"
+  config.vm.provider "hyperv"
-  config.vm.provider "hyperv" do |h|
+  config.vm.provider "hyperv" do |h|
-    h.enable_virtualization_extensions = false
+    h.enable_virtualization_extensions = false
-    h.linked_clone = true
+    h.linked_clone = true
-    h.memory = 2048
+    h.memory = 2048
-    h.vmname = "ubuntu_plain_1"
+    h.vmname = "ubuntu_plain_1"
-  end
+  end
-end
+end