stem95su: scheduled Drive->site sync CronJob (every 10m)

CronJob stem95su-gdrive-sync (*/10) mounts the content PVC RW and
rclone-syncs the read-only Drive folder "claude" (stem claude/files) onto
it (rclone/rclone:1.74.3, scope=drive.readonly, empty-source guard +
--max-delete 25). ESO ExternalSecret stem95su-rclone <- Vault
secret/stem95su. Requires the GCP OAuth app published to Production or the
refresh token expires ~weekly.

Lands the gdrive-sync stack on master (it had landed on a feature branch
by accident on the shared devvm checkout).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-09 08:42:26 +00:00
parent 05b50d2b96
commit 6d224861c4
1168 changed files with 120 additions and 358547 deletions

View file

@ -1,81 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/cloudflare/cloudflare" {
version = "4.52.7"
constraints = "~> 4.0"
hashes = [
"h1:pPItIWii5oymR+geZB219ROSPuSODPLTlM4S/u8xLvM=",
"zh:0c904ce31a4c6c4a5b3bf7ff1560e77c0cc7e2450c8553ded8e8c90398e1418b",
"zh:36183d310c36373fe4cb936b83c595c6fd3b0a94bc7827f28e5789ccbf59752e",
"zh:556a568a6f0235e8f41647de9e4d3a1e7b1d6502df8b19b54ec441f1c653ea10",
"zh:633ebbd5b0245e75e500ef9be4d9e62288f97e8da3baaa51323892a786d90285",
"zh:6acfe60cf52a65ba8f044f748548d2119e7f4fd7f8ebcb14698960d87c68f529",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
"zh:904acc31ebb9d6ef68c792074b30532ee61bf515f19e0a3c75b46f126cca1f13",
"zh:a1d0a81246afc8750286d3f6fe7a8fbe6460dd2662407b28dbfbabb612e5fa9d",
"zh:a41a36fe253fc365fe2b7ffc749624688b2693b4634862fda161179ab100029f",
"zh:a7ef269e77ffa8715c8945a2c14322c7ff159ea44c15f62505f3cbb2cae3b32d",
"zh:b01aa3bed30610633b762df64332b26f8844a68c3960cebcb30f04918efc67fe",
"zh:b069cc2cd18cae10757df3ae030508eac8d55de7e49eda7a5e3e11f2f7fe6455",
"zh:b2d2c6313729ebb7465dceece374049e2d08bda34473901be9ff46a8836d42b2",
"zh:db0e114edaf4bc2f3d4769958807c83022bfbc619a00bdf4c4bd17faa4ab2d8b",
"zh:ecc0aa8b9044f664fd2aaf8fa992d976578f78478980555b4b8f6148e8d1a5fe",
]
}
provider "registry.terraform.io/goauthentik/authentik" {
version = "2024.12.1"
constraints = "~> 2024.10"
hashes = [
"h1:roBMd+gi+TGgikH/bMzEI8JfvJiMAQWt+8FmokCrQIs=",
]
}
provider "registry.terraform.io/hashicorp/helm" {
version = "3.1.1"
hashes = [
"h1:47CqNwkxctJtL/N/JuEj+8QMg8mRNI/NWeKO5/ydfZU=",
"h1:5b2ojWKT0noujHiweCds37ZreRFRQLNaErdJLusJN88=",
"zh:1a6d5ce931708aec29d1f3d9e360c2a0c35ba5a54d03eeaff0ce3ca597cd0275",
"zh:3411919ba2a5941801e677f0fea08bdd0ae22ba3c9ce3309f55554699e06524a",
"zh:81b36138b8f2320dc7f877b50f9e38f4bc614affe68de885d322629dd0d16a29",
"zh:95a2a0a497a6082ee06f95b38bd0f0d6924a65722892a856cfd914c0d117f104",
"zh:9d3e78c2d1bb46508b972210ad706dd8c8b106f8b206ecf096cd211c54f46990",
"zh:a79139abf687387a6efdbbb04289a0a8e7eaca2bd91cdc0ce68ea4f3286c2c34",
"zh:aaa8784be125fbd50c48d84d6e171d3fb6ef84a221dbc5165c067ce05faab4c8",
"zh:afecd301f469975c9d8f350cc482fe656e082b6ab0f677d1a816c3c615837cc1",
"zh:c54c22b18d48ff9053d899d178d9ffef7d9d19785d9bf310a07d648b7aac075b",
"zh:db2eefd55aea48e73384a555c72bac3f7d428e24147bedb64e1a039398e5b903",
"zh:ee61666a233533fd2be971091cecc01650561f1585783c381b6f6e8a390198a4",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "3.1.0"
hashes = [
"h1:oodIAuFMikXNmEtil5MQgP4dfSctUBYQiGJfjbsF3NY=",
]
}
provider "registry.terraform.io/hashicorp/vault" {
version = "4.8.0"
constraints = "~> 4.0"
hashes = [
"h1:GPfhH6dr1LY0foPBDYv9bEGifx7eSwYqFcEAOWOUxLk=",
"h1:aHqgWQhDBMeZO9iUKwJYMlh4q+xNMUlMIcjRbF4d02Y=",
"zh:269ab13433f67684012ae7e15876532b0312f5d0d2002a9cf9febb1279ce5ea6",
"zh:4babc95bf0c40eb85005db1dc2ca403c46be4a71dd3e409db3711a56f7a5ca0e",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:86e27c1c625ecc24446a11eeffc3ac319b36c2b4e51251db8579256a0dbcf136",
"zh:a32f31da94824009e26b077374440b52098aecb93c92ff55dc3d31dd37c4ea25",
"zh:be0a18c6c0425518bab4fbffd82078b82036a88503b5d76064de551c9f646cbf",
"zh:be5a77fdfd36863ebeec79cd12b1d13322ffad6821d157a0b279789fa06b5937",
"zh:be8317d142a3caad74c7d936039ae27076a1b2b8312ef5208e2871a5f525977c",
"zh:c94a84895a3d9954b80e983eed4603330a5cdbbd8eef5b3c99278c2d1402ef3c",
"zh:de1fb712784dd8415f011ca5346a34f87fab6046c730557615247e511dbc7d98",
"zh:e3eafae7da550f86cae395d6660b2a0e93ec8d2b0e0e5ef982ec762e961fc952",
"zh:ff35fb1ab6add288f0f368981e56f780b50405accd1937131cba1137999c8d83",
]
}

View file

@ -1,117 +0,0 @@
# Homepage Ingress Mapping
Total mapped services: **114**\
Widget-capable matches (candidate): **27**
| Namespace | Ingress | URL | Homepage widget candidate |
|---|---|---|---|
| `actualbudget` | `budget-anca` | `https://budget-anca.viktorbarzin.me` | `link-only` |
| `actualbudget` | `budget-emo` | `https://budget-emo.viktorbarzin.me` | `link-only` |
| `actualbudget` | `budget-viktor` | `https://budget-viktor.viktorbarzin.me` | `link-only` |
| `affine` | `affine` | `https://affine.viktorbarzin.me` | `link-only` |
| `aiostreams` | `aiostreams` | `https://aiostreams.viktorbarzin.me` | `link-only` |
| `audiobookshelf` | `audiobookshelf` | `https://audiobookshelf.viktorbarzin.me` | `audiobookshelf` |
| `authentik` | `authentik` | `https://authentik.viktorbarzin.me` | `authentik` |
| `calibre` | `calibre` | `https://calibre.viktorbarzin.me` | `link-only` |
| `calibre` | `stacks` | `https://stacks.viktorbarzin.me` | `link-only` |
| `changedetection` | `changedetection` | `https://changedetection.viktorbarzin.me` | `changedetectionio` |
| `city-guesser` | `city-guesser` | `https://city-guesser.viktorbarzin.me` | `link-only` |
| `crowdsec` | `crowdsec-web` | `https://crowdsec-web.viktorbarzin.me` | `crowdsec` |
| `cyberchef` | `cc` | `https://cc.viktorbarzin.me` | `link-only` |
| `dashy` | `dashy` | `https://dashy.viktorbarzin.me` | `link-only` |
| `dawarich` | `dawarich` | `https://dawarich.viktorbarzin.me` | `link-only` |
| `dbaas` | `pgadmin` | `https://pgadmin.viktorbarzin.me` | `link-only` |
| `dbaas` | `pma` | `https://pma.viktorbarzin.me` | `link-only` |
| `ebook2audiobook` | `audiblez-web` | `https://audiblez.viktorbarzin.me` | `link-only` |
| `ebook2audiobook` | `ebook2audiobook` | `https://ebook2audiobook.viktorbarzin.me` | `link-only` |
| `echo` | `echo` | `https://echo.viktorbarzin.me` | `link-only` |
| `excalidraw` | `draw` | `https://draw.viktorbarzin.me` | `link-only` |
| `f1-stream` | `f1` | `https://f1.viktorbarzin.me` | `link-only` |
| `forgejo` | `forgejo` | `https://forgejo.viktorbarzin.me` | `link-only` |
| `freedify` | `music-emo` | `https://music-emo.viktorbarzin.me` | `link-only` |
| `freedify` | `music-viktor` | `https://music-viktor.viktorbarzin.me` | `link-only` |
| `freshrss` | `rss` | `https://rss.viktorbarzin.me` | `freshrss` |
| `frigate` | `frigate` | `https://frigate.viktorbarzin.me` | `frigate` |
| `frigate` | `frigate-lan` | `https://frigate-lan.viktorbarzin.lan` | `frigate` |
| `grampsweb` | `family` | `https://family.viktorbarzin.me` | `link-only` |
| `hackmd` | `hackmd` | `https://hackmd.viktorbarzin.me` | `link-only` |
| `headscale` | `headscale` | `https://headscale.viktorbarzin.me` | `headscale` |
| `health` | `health` | `https://health.viktorbarzin.me` | `link-only` |
| `homepage` | `homepage` | `https://home.viktorbarzin.me` | `link-only` |
| `immich` | `highlights-immich` | `https://highlights-immich.viktorbarzin.me` | `immich` |
| `immich` | `immich` | `https://immich.viktorbarzin.me` | `immich` |
| `jsoncrack` | `json` | `https://json.viktorbarzin.me` | `link-only` |
| `k8s-portal` | `k8s-portal` | `https://k8s-portal.viktorbarzin.me` | `link-only` |
| `kms` | `kms` | `https://kms.viktorbarzin.me` | `link-only` |
| `linkwarden` | `linkwarden` | `https://linkwarden.viktorbarzin.me` | `linkwarden` |
| `mailserver` | `mail` | `https://mail.viktorbarzin.me` | `link-only` |
| `matrix` | `matrix` | `https://matrix.viktorbarzin.me` | `link-only` |
| `meshcentral` | `meshcentral` | `https://meshcentral.viktorbarzin.me` | `link-only` |
| `monitoring` | `grafana` | `https://grafana.viktorbarzin.me` | `grafana` |
| `monitoring` | `hetrix-redirect-ingress` | `https://status.viktorbarzin.me` | `link-only` |
| `monitoring` | `hetrix-yotovski-redirect-ingress` | `https://yotovski-status.viktorbarzin.me` | `link-only` |
| `monitoring` | `idrac-redfish-exporter` | `https://idrac-redfish-exporter.viktorbarzin.lan` | `link-only` |
| `monitoring` | `prometheus-alertmanager` | `https://alertmanager.viktorbarzin.me` | `link-only` |
| `monitoring` | `prometheus-server` | `https://prometheus.viktorbarzin.me` | `prometheus` |
| `monitoring` | `snmp-exporter` | `https://snmp-exporter.viktorbarzin.lan` | `link-only` |
| `n8n` | `n8n` | `https://n8n.viktorbarzin.me` | `link-only` |
| `navidrome` | `navidrome` | `https://navidrome.viktorbarzin.me` | `navidrome` |
| `netbox` | `netbox` | `https://netbox.viktorbarzin.me` | `link-only` |
| `networking-toolbox` | `networking-toolbox` | `https://networking-toolbox.viktorbarzin.me` | `link-only` |
| `nextcloud` | `nextcloud` | `https://nextcloud.viktorbarzin.me` | `nextcloud` |
| `nextcloud` | `whiteboard` | `https://whiteboard.viktorbarzin.me` | `nextcloud` |
| `ntfy` | `ntfy` | `https://ntfy.viktorbarzin.me` | `link-only` |
| `nvidia` | `nvidia-exporter` | `https://nvidia-exporter.viktorbarzin.lan` | `link-only` |
| `onlyoffice` | `onlyoffice` | `https://onlyoffice.viktorbarzin.me` | `link-only` |
| `openclaw` | `openclaw` | `https://openclaw.viktorbarzin.me` | `link-only` |
| `owntracks` | `owntracks` | `https://owntracks.viktorbarzin.me` | `link-only` |
| `paperless-ngx` | `paperless-ngx` | `https://pdf.viktorbarzin.me` | `paperlessngx` |
| `plotting-book` | `plotting-book` | `https://plotting-book.viktorbarzin.me` | `link-only` |
| `poison-fountain` | `poison-fountain` | `https://poison.viktorbarzin.me` | `link-only` |
| `privatebin` | `privatebin` | `https://pb.viktorbarzin.me` | `link-only` |
| `realestate-crawler` | `wrongmove` | `https://wrongmove.viktorbarzin.me` | `link-only` |
| `resume` | `resume` | `https://resume.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `files` | `https://files.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `gw` | `https://gw.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `ha-london` | `https://ha-london.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `ha-sofia` | `https://ha-sofia.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `idrac` | `https://idrac.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `london` | `https://london.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `mbp14` | `https://mbp14.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `mladost3` | `https://mladost3.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `nas` | `https://nas.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `pfsense` | `https://pfsense.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `pi` | `https://pi.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `proxmox` | `https://proxmox.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `r730` | `https://r730.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `registry` | `https://registry.viktorbarzin.me` | `link-only` |
| `reverse-proxy` | `valchedrym` | `https://valchedrym.viktorbarzin.me` | `link-only` |
| `rybbit` | `rybbit` | `https://rybbit.viktorbarzin.me` | `link-only` |
| `send` | `send` | `https://send.viktorbarzin.me` | `link-only` |
| `servarr` | `flaresolverr` | `https://flaresolverr.viktorbarzin.me` | `link-only` |
| `servarr` | `listenarr` | `https://listenarr.viktorbarzin.me` | `link-only` |
| `servarr` | `prowlarr` | `https://prowlarr.viktorbarzin.me` | `prowlarr` |
| `servarr` | `qbittorrent` | `https://qbittorrent.viktorbarzin.me` | `qbittorrent` |
| `speedtest` | `speedtest` | `https://speedtest.viktorbarzin.me` | `speedtest-tracker` |
| `stirling-pdf` | `stirling-pdf` | `https://stirling-pdf.viktorbarzin.me` | `link-only` |
| `tandoor` | `tandoor` | `https://tandoor.viktorbarzin.me` | `tandoor` |
| `technitium` | `technitium` | `https://technitium.viktorbarzin.me` | `technitium` |
| `technitium` | `technitium-doh` | `https://dns.viktorbarzin.me` | `technitium` |
| `trading-bot` | `trading` | `https://trading.viktorbarzin.me` | `link-only` |
| `traefik` | `traefik` | `https://traefik.viktorbarzin.me` | `traefik` |
| `travel-blog` | `travel` | `https://travel.viktorbarzin.me` | `link-only` |
| `tuya-bridge` | `tuya-bridge` | `https://tuya-bridge.viktorbarzin.me` | `link-only` |
| `uptime-kuma` | `uptime` | `https://uptime.viktorbarzin.me` | `uptime-kuma` |
| `url` | `shlink` | `https://shlink.viktorbarzin.me` | `shlink` |
| `url` | `url` | `https://url.viktorbarzin.me` | `link-only` |
| `vaultwarden` | `vaultwarden` | `https://vaultwarden.viktorbarzin.me` | `link-only` |
| `vpa` | `goldilocks` | `https://goldilocks.viktorbarzin.me` | `link-only` |
| `wealthfolio` | `wealthfolio` | `https://wealthfolio.viktorbarzin.me` | `link-only` |
| `webhook-handler` | `webhook-handler` | `https://webhook.viktorbarzin.me` | `link-only` |
| `website` | `blog` | `https://viktorbarzin.me` | `link-only` |
| `woodpecker` | `ci` | `https://ci.viktorbarzin.me` | `link-only` |
| `xray` | `xray-grpc` | `https://xray-grpc.viktorbarzin.me` | `link-only` |
| `xray` | `xray-vless` | `https://xray-vless.viktorbarzin.me` | `link-only` |
| `xray` | `xray-ws` | `https://xray-ws.viktorbarzin.me` | `link-only` |
| `ytdlp` | `yt-highlights` | `https://yt-highlights.viktorbarzin.me` | `link-only` |
| `ytdlp` | `ytdlp` | `https://yt.viktorbarzin.me` | `link-only` |

View file

@ -1,188 +0,0 @@
variable "tls_secret_name" {
type = string
sensitive = true
}
module "tls_secret" {
source = "../../modules/kubernetes/setup_tls_secret"
namespace = kubernetes_namespace.homepage.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_namespace" "homepage" {
metadata {
name = "homepage"
labels = {
"istio-injection" : "disabled"
tier = local.tiers.aux
"keel.sh/enrolled" = "true"
}
}
lifecycle {
# KYVERNO_LIFECYCLE_V1: goldilocks-vpa-auto-mode ClusterPolicy stamps this label on every namespace
ignore_changes = [metadata[0].labels["goldilocks.fairwinds.com/vpa-update-mode"]]
}
}
resource "helm_release" "homepage" {
namespace = kubernetes_namespace.homepage.metadata[0].name
create_namespace = false
name = "homepage"
atomic = true
repository = "http://jameswynn.github.io/helm-charts"
chart = "homepage"
values = [file("${path.module}/values.yaml")]
}
# --- Caching proxy: nginx in front of Homepage for stale-while-revalidate on /api/ ---
resource "kubernetes_config_map" "cache_proxy" {
metadata {
name = "homepage-cache-config"
namespace = kubernetes_namespace.homepage.metadata[0].name
}
data = {
"default.conf" = <<-EOT
proxy_cache_path /tmp/cache levels=1:2 keys_zone=hp:10m max_size=500m inactive=24h;
server {
listen 80;
resolver kube-dns.kube-system.svc.cluster.local valid=5s;
set $upstream http://homepage.homepage.svc.cluster.local:3000;
location /api/ {
proxy_pass $upstream;
proxy_cache hp;
proxy_cache_valid 200 24h;
proxy_cache_use_stale updating error timeout;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_key "$request_uri";
proxy_set_header Host $host;
proxy_next_upstream error timeout http_500 http_502 http_503;
proxy_next_upstream_tries 3;
add_header X-Cache-Status $upstream_cache_status;
}
location / {
proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
EOT
}
}
resource "kubernetes_deployment" "cache_proxy" {
metadata {
name = "homepage-cache"
namespace = kubernetes_namespace.homepage.metadata[0].name
}
spec {
replicas = 1
selector {
match_labels = { app = "homepage-cache" }
}
template {
metadata {
labels = { app = "homepage-cache" }
}
spec {
container {
name = "nginx"
image = "nginx:alpine"
port {
container_port = 80
}
resources {
requests = { cpu = "10m", memory = "64Mi" }
limits = { memory = "64Mi" }
}
volume_mount {
name = "config"
mount_path = "/etc/nginx/conf.d"
}
}
volume {
name = "config"
config_map {
name = kubernetes_config_map.cache_proxy.metadata[0].name
}
}
}
}
}
lifecycle {
ignore_changes = [
spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1
metadata[0].annotations["keel.sh/policy"],
metadata[0].annotations["keel.sh/trigger"],
metadata[0].annotations["keel.sh/pollSchedule"], # KYVERNO_LIFECYCLE_V2
metadata[0].annotations["keel.sh/match-tag"],
spec[0].template[0].spec[0].container[0].image, # KEEL_IGNORE_IMAGE Keel manages tag updates
metadata[0].annotations["kubernetes.io/change-cause"],
metadata[0].annotations["deployment.kubernetes.io/revision"],
spec[0].template[0].metadata[0].annotations["keel.sh/update-time"], # KEEL_LIFECYCLE_V1
]
}
}
resource "kubernetes_service" "cache_proxy" {
metadata {
name = "homepage-cache"
namespace = kubernetes_namespace.homepage.metadata[0].name
}
spec {
selector = { app = "homepage-cache" }
port {
port = 80
target_port = 80
}
}
}
module "anubis" {
source = "../../modules/kubernetes/anubis_instance"
name = "homepage"
namespace = kubernetes_namespace.homepage.metadata[0].name
target_url = "http://${kubernetes_service.cache_proxy.metadata[0].name}.${kubernetes_namespace.homepage.metadata[0].name}.svc.cluster.local"
shared_store_url = "redis://redis-master.redis.svc.cluster.local:6379/9"
}
module "ingress" {
source = "../../modules/kubernetes/ingress_factory"
auth = "none" # Anubis-fronted; PoW challenge gates bots, no Authentik
namespace = kubernetes_namespace.homepage.metadata[0].name
name = "homepage"
host = "home"
dns_type = "proxied"
service_name = module.anubis.service_name
port = module.anubis.service_port
extra_middlewares = ["traefik-x402@kubernetescrd"]
tls_secret_name = var.tls_secret_name
anti_ai_scraping = false
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Homepage"
"gethomepage.dev/description" = "Service dashboard"
"gethomepage.dev/group" = "Core Platform"
"gethomepage.dev/icon" = "homepage.png"
}
}
# CI retrigger 2026-05-16T13:42:57+00:00 bulk enrollment apply (pipeline #689 killed)
# CI retrigger v2 2026-05-16T13:46:35+00:00
# CI retrigger v3 2026-05-16T14:06:39Z
# CI retrigger v4 2026-05-16T14:13:59Z
# CI retrigger v5 2026-05-16T23:10:38Z
# CI retrigger v6 2026-05-16T23:18:58Z

View file

@ -1,37 +0,0 @@
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
terraform {
required_providers {
vault = {
source = "hashicorp/vault"
version = "~> 4.0"
}
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 4"
}
authentik = {
source = "goauthentik/authentik"
version = "~> 2024.10"
}
}
}
variable "kube_config_path" {
type = string
default = "~/.kube/config"
}
provider "kubernetes" {
config_path = var.kube_config_path
}
provider "helm" {
kubernetes = {
config_path = var.kube_config_path
}
}
provider "vault" {
address = "https://vault.viktorbarzin.me"
skip_child_token = true
}

View file

@ -1 +0,0 @@
../../secrets

View file

@ -1,8 +0,0 @@
include "root" {
path = find_in_parent_folders()
}
dependency "platform" {
config_path = "../platform"
skip_outputs = true
}

View file

@ -1,112 +0,0 @@
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.10.1
# Enable RBAC. RBAC is necessary to use Kubernetes integration
enableRbac: true
serviceAccount:
name: ""
# Create service account. Needed when RBAC is enabled for K8s annotation auto-discovery.
create: true
service:
main:
ports:
http:
port: 3000
controller:
strategy: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
# Ingress managed by ingress_factory module in main.tf (routes through caching proxy)
ingress:
main:
enabled: false
# All the config files for Homepage can be specified under their relevant config block.
config:
bookmarks:
- Developer:
- Github:
- abbr: Viktor Barzin
href: https://github.com/viktorbarzin
services: [] # All services via K8s annotation auto-discovery
widgets:
- resources:
backend: kubernetes
expanded: true
cpu: true
memory: true
- search:
provider: []
focus: true
target: _blank
- kubernetes:
cluster:
show: true
cpu: true
memory: true
showLabel: true
label: "cluster"
nodes:
show: true
cpu: true
memory: true
showLabel: true
kubernetes:
mode: cluster
docker:
settings:
hideErrors: true
quicklaunch:
searchDescriptions: true
hideInternetSearch: true
showSearchSuggestions: true
hideVisitURL: false
layout:
Core Platform:
style: row
columns: 4
Identity & Security:
style: row
columns: 3
Infrastructure:
style: row
columns: 4
Development & CI:
style: row
columns: 4
Automation:
style: row
columns: 3
Productivity:
style: row
columns: 4
Media & Entertainment:
style: row
columns: 4
Smart Home:
style: row
columns: 3
AI & Data:
style: row
columns: 3
Finance & Personal:
style: row
columns: 3
Other:
style: row
columns: 4
env:
HOMEPAGE_ALLOWED_HOSTS: home.viktorbarzin.me
persistence:
logs:
enabled: true
type: emptyDir
mountPath: /app/config/logs