Update authentik

kubernetes/authentik/authentik.yml

@@ -3,7 +3,7 @@ authentik:
     enabled: false
 global:
   image:
-    tag: 2024.6.0
+    tag: 2024.6.1
   env:
     - name: AUTHENTIK_WEB__THREADS
       value: "2"

kubernetes/authentik/kustomization.yaml

@@ -6,7 +6,7 @@ helmCharts:
   releaseName: authentik
   repo: https://charts.goauthentik.io
   valuesFile: ./authentik.yml
-  version: 2024.6.0
+  version: 2024.6.1
 kind: Kustomization
 namespace: authentik
 resources:

kubernetes/e6-gallery/e6-gallery.yaml

@@ -4,7 +4,6 @@ kind: Deployment
 metadata:
   name: e6-gallery
   namespace: e6-gallery
-
 spec:
   selector:
     matchLabels:

kubernetes/irc/Deployment-soju.yaml

@@ -33,6 +33,9 @@ spec:
             secretKeyRef:
               key: username
               name: postgres-soju
+        envFrom:
+          - secretRef:
+              name: soju
         image: git.gmem.ca/arch/soju:s3
         imagePullPolicy: Always
         name: soju

kubernetes/irc/config.in

@@ -1,9 +1,12 @@
 listen ircs://
 listen unix+admin:///app/admin
-listen ws+insecure://
+listen http+insecure://
 listen http+prometheus://localhost:9090
 hostname irc.gmem.ca
 title irc.gmem.ca
 db postgres "dbname=soju"
 message-store db
-tls /ssl/tls.crt /ssl/tls.key
+tls /ssl/tls.crt /ssl/tls.key
+
+file-upload s3 https://7dc420732ea679a530aee304ea49a63c.r2.cloudflarestorage.com/gabrielsimmer-com
+file-cdn https://stash.arch.dog

kubernetes/kustomization.yaml

@@ -27,3 +27,4 @@ resources:
 - vaultwarden
 - smarthome
 - cert-manager
+- e6-gallery

kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml

@@ -34,3 +34,18 @@ spec:
   rolloutRestartTargets:
     - name: vaultwarden
       kind: Deployment
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: vaultwarden-keys
+  namespace: vaultwarden
+spec:
+  destination:
+    create: true
+    name: vaultwarden-keys
+  mount: kv
+  path: vaultwarden/keys
+  refreshAfter: 30s
+  type: kv-v2
+  vaultAuthRef: vault

kubernetes/vaultwarden/deployment.yaml

@@ -4,7 +4,7 @@ metadata:
   name: vaultwarden
   namespace: vaultwarden
 spec:
-  replicas: 1
+  replicas: 2
   selector:
     matchLabels:
       app: vaultwarden
@@ -16,16 +16,26 @@ spec:
       volumes:
         - name: data-dir
           emptyDir: {}
+        - name: rsa-key
+          secret:
+            secretName: vaultwarden-keys
+      initContainers:
+        - name: copy-keys
+          image: busybox:1.36
+          command: ['sh', '-c', 'cp /keys/rsa_key.pem /data' ]
+          volumeMounts:
+            - name: data-dir
+              mountPath: /data
+            - name: rsa-key
+              mountPath: /keys
       containers:
         - name: vaultwarden
           image: vaultwarden/server:1.31.0
           resources:
             limits:
-              memory: "128Mi"
+              memory: "256Mi"
-              cpu: "500m"
             requests:
-              memory: "64Mi"
+              memory: "32Mi"
-              cpu: "100m"
           envFrom:
             - secretRef:
                 name: vaultwarden
@@ -41,6 +51,20 @@ spec:
           ports:
             - containerPort: 80
               name: web
+          livenessProbe:
+            httpGet:
+              path: /alive
+              port: 80
+            failureThreshold: 1
+            initialDelaySeconds: 2
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /alive
+              port: 80
+            failureThreshold: 1
+            initialDelaySeconds: 2
+            periodSeconds: 10
           volumeMounts:
             - name: data-dir
               mountPath: /data