viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[ci skip] add Homepage gethomepage.dev annotations to all services

Browse source 
Add Kubernetes ingress annotations for Homepage auto-discovery across
~88 services organized into 11 groups. Enable serviceAccount for RBAC,
configure group layouts, and add Grafana/Frigate/Speedtest widgets.
This commit is contained in:
Viktor Barzin 2026-03-07 16:41:36 +00:00
parent f7994e012e
commit af74aa297d
No known key found for this signature in database
GPG key ID: 0EB088298288D958
76 changed files with 722 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

8
stacks/platform/modules/authentik/main.tf
View file

@ -59,6 +59,14 @@ module "ingress" {
name = "authentik"
service_name = "goauthentik-server"
tls_secret_name = var.tls_secret_name
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Authentik"
"gethomepage.dev/description" = "Identity provider"
"gethomepage.dev/icon" = "authentik.png"
"gethomepage.dev/group" = "Identity & Security"
"gethomepage.dev/pod-selector" = ""
}
}
module "ingress-outpost" {

1
stacks/platform/modules/crowdsec/values.yaml
View file

@ -109,6 +109,7 @@ lapi:
gethomepage.dev/description: "Web Application Firewall"
gethomepage.dev/icon: "crowdsec.png"
gethomepage.dev/name: "CrowdSec"
gethomepage.dev/group: "Identity & Security"
gethomepage.dev/widget.type: "crowdsec"
gethomepage.dev/widget.url: "http://crowdsec-service.crowdsec.svc.cluster.local:8080"
gethomepage.dev/widget.username: "${homepage_username}"

8
stacks/platform/modules/headscale/main.tf
View file

@ -251,6 +251,14 @@ module "ingress" {
name = "headscale"
port = 8080
tls_secret_name = var.tls_secret_name
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Headscale"
"gethomepage.dev/description" = "VPN mesh network"
"gethomepage.dev/icon" = "headscale.png"
"gethomepage.dev/group" = "Identity & Security"
"gethomepage.dev/pod-selector" = ""
}
}
module "ingress-ui" {

8
stacks/platform/modules/k8s-portal/main.tf
View file

@ -121,6 +121,14 @@ module "ingress" {
name = "k8s-portal"
tls_secret_name = var.tls_secret_name
protected = true # Require Authentik login
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "K8s Portal"
"gethomepage.dev/description" = "Kubernetes portal"
"gethomepage.dev/icon" = "kubernetes.png"
"gethomepage.dev/group" = "Core Platform"
"gethomepage.dev/pod-selector" = ""
}
}
# Unprotected ingress for the setup script (needs to be curl-able without auth)

8
stacks/platform/modules/mailserver/roundcubemail.tf
View file

@ -217,4 +217,12 @@ module "ingress" {
service_name = "roundcubemail"
tls_secret_name = var.tls_secret_name
rybbit_site_id = "082f164faa7d"
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Roundcube Mail"
"gethomepage.dev/description" = "Webmail client"
"gethomepage.dev/icon" = "roundcube.png"
"gethomepage.dev/group" = "Other"
"gethomepage.dev/pod-selector" = ""
}
}

10
stacks/platform/modules/monitoring/grafana_chart_values.yaml
View file

@ -18,6 +18,16 @@ ingress:
annotations:
traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd"
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
gethomepage.dev/enabled: "true"
gethomepage.dev/name: "Grafana"
gethomepage.dev/description: "Dashboards & observability"
gethomepage.dev/icon: "grafana.png"
gethomepage.dev/group: "Core Platform"
gethomepage.dev/pod-selector: ""
gethomepage.dev/widget.type: "grafana"
gethomepage.dev/widget.url: "http://monitoring-grafana.monitoring.svc.cluster.local"
gethomepage.dev/widget.username: "admin"
gethomepage.dev/widget.password: "${grafana_admin_password}"
tls:
- secretName: "tls-secret"
hosts:

7
stacks/platform/modules/monitoring/prometheus_chart_values.tpl
View file

@ -15,6 +15,12 @@ alertmanager:
annotations:
traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd"
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
gethomepage.dev/enabled: "true"
gethomepage.dev/name: "Alertmanager"
gethomepage.dev/description: "Alert routing"
gethomepage.dev/icon: "alertmanager.png"
gethomepage.dev/group: "Core Platform"
gethomepage.dev/pod-selector: ""
tls:
- secretName: "tls-secret"
hosts:
@ -151,6 +157,7 @@ server:
gethomepage.dev/description: "Prometheus"
gethomepage.dev/icon: "prometheus.png"
gethomepage.dev/name: "Prometheus"
gethomepage.dev/group: "Core Platform"
gethomepage.dev/widget.type: "prometheus"
gethomepage.dev/widget.url: "http://prometheus-server.monitoring.svc.cluster.local:80"
gethomepage.dev/pod-selector: ""

66
stacks/platform/modules/reverse_proxy/main.tf
View file

@ -30,7 +30,7 @@ module "pfsense" {
extra_annotations = {
"gethomepage.dev/enabled" : "true"
"gethomepage.dev/description" : "Cluster Firewall"
# gethomepage.dev/group: Media
"gethomepage.dev/group" : "Identity & Security"
"gethomepage.dev/icon" : "pfsense.png"
"gethomepage.dev/name" : "pFsense"
"gethomepage.dev/widget.type" : "pfsense"
@ -58,6 +58,14 @@ module "nas" {
max_body_size = "0m"
depends_on = [kubernetes_namespace.reverse-proxy]
rybbit_site_id = "1e11f8449f7d"
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Synology NAS"
"gethomepage.dev/description" = "Network storage"
"gethomepage.dev/icon" = "synology.png"
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/pod-selector" = ""
}
}
# https://files.viktorbarzin.me/
@ -72,6 +80,7 @@ module "nas-files" {
ingress_path = ["/sharing", "/scripts", "/webman", "/wfmlogindialog.js", "/fsdownload"]
max_body_size = "0m"
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
# https://idrac.viktorbarzin.me/
@ -83,7 +92,14 @@ module "idrac" {
tls_secret_name = var.tls_secret_name
backend_protocol = "HTTPS"
strip_auth_headers = true
extra_annotations = {}
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "iDRAC"
"gethomepage.dev/description" = "Server management"
"gethomepage.dev/icon" = "dell.png"
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/pod-selector" = ""
}
depends_on = [kubernetes_namespace.reverse-proxy]
}
@ -99,7 +115,7 @@ module "tp-link-gateway" {
depends_on = [kubernetes_namespace.reverse-proxy]
protected = true
strip_auth_headers = true
extra_annotations = {}
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
# https://truenas.viktorbarzin.me/
@ -114,7 +130,7 @@ module "truenas" {
extra_annotations = {
"gethomepage.dev/enabled" : "true"
"gethomepage.dev/description" : "TrueNAS"
# gethomepage.dev/group: Media
"gethomepage.dev/group" : "Infrastructure"
"gethomepage.dev/icon" : "truenas.png"
"gethomepage.dev/name" : "TrueNAS"
"gethomepage.dev/widget.type" : "truenas"
@ -136,6 +152,14 @@ module "r730" {
tls_secret_name = var.tls_secret_name
backend_protocol = "HTTPS"
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "R730"
"gethomepage.dev/description" = "Dell PowerEdge server"
"gethomepage.dev/icon" = "dell.png"
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/pod-selector" = ""
}
}
# https://proxmox.viktorbarzin.me/
@ -149,6 +173,14 @@ module "proxmox" {
max_body_size = "0" # unlimited
depends_on = [kubernetes_namespace.reverse-proxy]
rybbit_site_id = "190a7ad3e1c7"
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Proxmox"
"gethomepage.dev/description" = "Hypervisor"
"gethomepage.dev/icon" = "proxmox.png"
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/pod-selector" = ""
}
}
# https://registry.viktorbarzin.me/
@ -162,6 +194,12 @@ module "docker-registry-ui" {
extra_annotations = {
# Override middleware chain to remove rate-limit; the UI fires many API calls to list repos/tags
"traefik.ingress.kubernetes.io/router.middlewares" = "traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd"
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Docker Registry"
"gethomepage.dev/description" = "Container registry"
"gethomepage.dev/icon" = "docker.png"
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/pod-selector" = ""
}
}
@ -174,6 +212,7 @@ module "valchedrym" {
port = 80
backend_protocol = "HTTP"
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
# https://ip150.viktorbarzin.me/
@ -199,6 +238,7 @@ module "mladost3" {
port = 8080
tls_secret_name = var.tls_secret_name
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
# # https://server-switch.viktorbarzin.me/
@ -221,6 +261,14 @@ module "ha-sofia" {
depends_on = [kubernetes_namespace.reverse-proxy]
protected = false
rybbit_site_id = "590fc392690a"
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Home Assistant Sofia"
"gethomepage.dev/description" = "Smart home hub"
"gethomepage.dev/icon" = "home-assistant.png"
"gethomepage.dev/group" = "Smart Home"
"gethomepage.dev/pod-selector" = ""
}
}
# https://ha-london.viktorbarzin.me/
@ -232,6 +280,14 @@ module "ha-london" {
tls_secret_name = var.tls_secret_name
depends_on = [kubernetes_namespace.reverse-proxy]
protected = false
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Home Assistant London"
"gethomepage.dev/description" = "Smart home hub"
"gethomepage.dev/icon" = "home-assistant.png"
"gethomepage.dev/group" = "Smart Home"
"gethomepage.dev/pod-selector" = ""
}
}
# https://london.viktorbarzin.me/
@ -266,6 +322,7 @@ module "pi-lights" {
tls_secret_name = var.tls_secret_name
protected = true
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}
# module "ups" { # .NET app doesn't work well behind host
@ -292,4 +349,5 @@ module "mbp14" {
tls_secret_name = var.tls_secret_name
protected = true
depends_on = [kubernetes_namespace.reverse-proxy]
extra_annotations = { "gethomepage.dev/enabled" = "false" }
}

2
stacks/platform/modules/technitium/main.tf
View file

@ -291,7 +291,7 @@ module "ingress" {
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/description" = "Internal DNS Server and Recursive Resolver"
# gethomepage.dev/group: Media
"gethomepage.dev/group" = "Infrastructure"
"gethomepage.dev/icon" : "technitium.png"
"gethomepage.dev/name" = "Technitium"
"gethomepage.dev/widget.type" = "technitium"

8
stacks/platform/modules/traefik/main.tf
View file

@ -267,6 +267,14 @@ module "ingress" {
port = 8080
tls_secret_name = var.tls_secret_name
protected = true
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Traefik"
"gethomepage.dev/description" = "Reverse proxy & ingress"
"gethomepage.dev/icon" = "traefik.png"
"gethomepage.dev/group" = "Core Platform"
"gethomepage.dev/pod-selector" = ""
}
}
# Bot-block resilience proxy: nginx reverse proxy in front of Poison Fountain

2
stacks/platform/modules/uptime-kuma/main.tf
View file

@ -148,7 +148,7 @@ module "ingress" {
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/description" = "Uptime monitor"
# gethomepage.dev/group: Media
"gethomepage.dev/group" = "Core Platform"
"gethomepage.dev/icon" : "uptime-kuma.png"
"gethomepage.dev/name" = "Uptime Kuma"
"gethomepage.dev/widget.type" = "uptimekuma"

8
stacks/platform/modules/vaultwarden/main.tf
View file

@ -178,4 +178,12 @@ module "ingress" {
name = "vaultwarden"
tls_secret_name = var.tls_secret_name
rybbit_site_id = "b8fc85e18683"
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Vaultwarden"
"gethomepage.dev/description" = "Password manager"
"gethomepage.dev/icon" = "vaultwarden.png"
"gethomepage.dev/group" = "Other"
"gethomepage.dev/pod-selector" = ""
}
}

8
stacks/platform/modules/vpa/main.tf
View file

@ -84,6 +84,14 @@ module "ingress" {
port = 80
tls_secret_name = var.tls_secret_name
protected = true
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/name" = "Goldilocks"
"gethomepage.dev/description" = "Resource recommendations"
"gethomepage.dev/icon" = "goldilocks.png"
"gethomepage.dev/group" = "Core Platform"
"gethomepage.dev/pod-selector" = ""
}
depends_on = [helm_release.goldilocks]
}