diff --git a/docs/runbooks/kms-public-exposure.md b/docs/runbooks/kms-public-exposure.md index 049f8c5d..88d02ddd 100644 --- a/docs/runbooks/kms-public-exposure.md +++ b/docs/runbooks/kms-public-exposure.md @@ -70,14 +70,23 @@ how to tune the rate limit, how to revoke if abused. `kms_connection_probes_total{source}` (`source` ∈ `internal_pod`, `cluster_node`, `external`) and log to stdout, but never post to Slack. Real activations still post. -- **Website `/scripts` carve-out**: the website is Anubis-fronted (PoW - challenge). `/scripts/*` is carved out to the bare nginx backend - (`module.ingress_scripts` in `stacks/kms`) because PowerShell `iwr | iex` - is a non-JS client and can't solve the PoW — without the carve-out the - one-liner downloads the Anubis challenge HTML and `iex` chokes on it. - Everything except `/scripts/*` stays behind Anubis. Verify: - `curl -A curl https://kms.viktorbarzin.me/scripts/setup-kms.ps1` returns - the script (not "Making sure you're not a bot!"). +- **Website `/scripts` + `/keys.json` carve-out**: the website is Anubis-fronted + (PoW challenge). `/scripts/*` and `/keys.json` are carved out to the bare + nginx backend (`module.ingress_scripts` in `stacks/kms`, `ingress_path`) + because PowerShell `iwr | iex` / `ConvertFrom-Json` are non-JS clients that + can't solve the PoW — without the carve-out they'd download the Anubis + challenge HTML and choke. Everything else stays behind Anubis. Verify: + `curl -A curl https://kms.viktorbarzin.me/scripts/setup-kms.ps1` and + `.../keys.json` both return real content (not "Making sure you're not a bot!"). +- **Auto-key selection**: the scripts no longer require the user to pick a GVLK. + `/keys.json` is `data/products.yaml` rendered to JSON (Hugo KEYS output format). + When no Volume License key is installed, `setup-kms.ps1` / `kms-bootstrap.ps1` + detect the edition — Windows via registry `EditionID` (+ `CurrentBuildNumber` + for LTSC/Server, which share an EditionID across releases), Office via the + Click-to-Run `ProductReleaseIds` — fetch `/keys.json`, and `slmgr /ipk` / + `ospp /inpkey` the matching key before activating. Only fires when not already + licensed (never clobbers a working retail key). Azure-Edition server SKUs are + intentionally unmapped (they collide with Datacenter and KMS may fail there). ## Where the logs are diff --git a/stacks/actualbudget/.terraform.lock.hcl b/stacks/actualbudget/.terraform.lock.hcl index 0fa50ca1..6f5a4a60 100644 --- a/stacks/actualbudget/.terraform.lock.hcl +++ b/stacks/actualbudget/.terraform.lock.hcl @@ -24,6 +24,14 @@ provider "registry.terraform.io/cloudflare/cloudflare" { ] } +provider "registry.terraform.io/gavinbunney/kubectl" { + version = "1.19.0" + constraints = "~> 1.14" + hashes = [ + "h1:9QkxPjp0x5FZFfJbE+B7hBOoads9gmdfj9aYu5N4Sfc=", + ] +} + provider "registry.terraform.io/goauthentik/authentik" { version = "2024.12.1" constraints = "~> 2024.10" @@ -125,3 +133,11 @@ provider "registry.terraform.io/hashicorp/vault" { "zh:ff35fb1ab6add288f0f368981e56f780b50405accd1937131cba1137999c8d83", ] } + +provider "registry.terraform.io/telmate/proxmox" { + version = "3.0.2-rc07" + constraints = "3.0.2-rc07" + hashes = [ + "h1:zp5hpQJQ4t4zROSLqdltVpBO+Riy9VugtfFbpyTw1aM=", + ] +} diff --git a/stacks/actualbudget/backend.tf b/stacks/actualbudget/backend.tf index 6811c9ff..2de0713f 100644 --- a/stacks/actualbudget/backend.tf +++ b/stacks/actualbudget/backend.tf @@ -1,7 +1,7 @@ # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa terraform { backend "pg" { - conn_str = "postgres://terraform_state:ts7DGcKmTTY-5ujz4mhh@10.0.20.200:5432/terraform_state?sslmode=disable" + conn_str = "postgres://terraform_state:WR2rnNyiLIb-gUcIxOeF@10.0.20.200:5432/terraform_state?sslmode=disable" schema_name = "actualbudget" } } diff --git a/stacks/actualbudget/providers.tf b/stacks/actualbudget/providers.tf index 012af700..3d0bc2c6 100644 --- a/stacks/actualbudget/providers.tf +++ b/stacks/actualbudget/providers.tf @@ -13,6 +13,17 @@ terraform { source = "goauthentik/authentik" version = "~> 2024.10" } + # kubectl (gavinbunney) — workaround for hashicorp/kubernetes + # `kubernetes_manifest` panics on Kyverno CRDs. See beads code-e2dp. + # Declared for all stacks but only used where opted-in. + kubectl = { + source = "gavinbunney/kubectl" + version = "~> 1.14" + } + proxmox = { + source = "telmate/proxmox" + version = "3.0.2-rc07" + } } } @@ -35,3 +46,8 @@ provider "vault" { address = "https://vault.viktorbarzin.me" skip_child_token = true } + +provider "kubectl" { + config_path = var.kube_config_path + load_config_file = true +} diff --git a/stacks/blog/.terraform.lock.hcl b/stacks/blog/.terraform.lock.hcl index 522ec0cc..1445955c 100644 --- a/stacks/blog/.terraform.lock.hcl +++ b/stacks/blog/.terraform.lock.hcl @@ -87,3 +87,11 @@ provider "registry.terraform.io/hashicorp/vault" { "zh:ff35fb1ab6add288f0f368981e56f780b50405accd1937131cba1137999c8d83", ] } + +provider "registry.terraform.io/telmate/proxmox" { + version = "3.0.2-rc07" + constraints = "3.0.2-rc07" + hashes = [ + "h1:zp5hpQJQ4t4zROSLqdltVpBO+Riy9VugtfFbpyTw1aM=", + ] +} diff --git a/stacks/blog/providers.tf b/stacks/blog/providers.tf index d5469984..3d0bc2c6 100644 --- a/stacks/blog/providers.tf +++ b/stacks/blog/providers.tf @@ -20,6 +20,10 @@ terraform { source = "gavinbunney/kubectl" version = "~> 1.14" } + proxmox = { + source = "telmate/proxmox" + version = "3.0.2-rc07" + } } } diff --git a/stacks/changedetection/.terraform.lock.hcl b/stacks/changedetection/.terraform.lock.hcl index fabbc047..1445955c 100644 --- a/stacks/changedetection/.terraform.lock.hcl +++ b/stacks/changedetection/.terraform.lock.hcl @@ -24,6 +24,14 @@ provider "registry.terraform.io/cloudflare/cloudflare" { ] } +provider "registry.terraform.io/gavinbunney/kubectl" { + version = "1.19.0" + constraints = "~> 1.14" + hashes = [ + "h1:9QkxPjp0x5FZFfJbE+B7hBOoads9gmdfj9aYu5N4Sfc=", + ] +} + provider "registry.terraform.io/goauthentik/authentik" { version = "2024.12.1" constraints = "~> 2024.10" @@ -79,3 +87,11 @@ provider "registry.terraform.io/hashicorp/vault" { "zh:ff35fb1ab6add288f0f368981e56f780b50405accd1937131cba1137999c8d83", ] } + +provider "registry.terraform.io/telmate/proxmox" { + version = "3.0.2-rc07" + constraints = "3.0.2-rc07" + hashes = [ + "h1:zp5hpQJQ4t4zROSLqdltVpBO+Riy9VugtfFbpyTw1aM=", + ] +} diff --git a/stacks/changedetection/backend.tf b/stacks/changedetection/backend.tf index f3121d04..352664d9 100644 --- a/stacks/changedetection/backend.tf +++ b/stacks/changedetection/backend.tf @@ -1,7 +1,7 @@ # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa terraform { backend "pg" { - conn_str = "postgres://terraform_state:SBlzGxotNUN6HH9d0S-m@10.0.20.200:5432/terraform_state?sslmode=disable" + conn_str = "postgres://terraform_state:WR2rnNyiLIb-gUcIxOeF@10.0.20.200:5432/terraform_state?sslmode=disable" schema_name = "changedetection" } } diff --git a/stacks/changedetection/providers.tf b/stacks/changedetection/providers.tf index 012af700..3d0bc2c6 100644 --- a/stacks/changedetection/providers.tf +++ b/stacks/changedetection/providers.tf @@ -13,6 +13,17 @@ terraform { source = "goauthentik/authentik" version = "~> 2024.10" } + # kubectl (gavinbunney) — workaround for hashicorp/kubernetes + # `kubernetes_manifest` panics on Kyverno CRDs. See beads code-e2dp. + # Declared for all stacks but only used where opted-in. + kubectl = { + source = "gavinbunney/kubectl" + version = "~> 1.14" + } + proxmox = { + source = "telmate/proxmox" + version = "3.0.2-rc07" + } } } @@ -35,3 +46,8 @@ provider "vault" { address = "https://vault.viktorbarzin.me" skip_child_token = true } + +provider "kubectl" { + config_path = var.kube_config_path + load_config_file = true +} diff --git a/stacks/excalidraw/providers.tf b/stacks/excalidraw/providers.tf index 3d0bc2c6..aade8799 100644 --- a/stacks/excalidraw/providers.tf +++ b/stacks/excalidraw/providers.tf @@ -20,10 +20,13 @@ terraform { source = "gavinbunney/kubectl" version = "~> 1.14" } +<<<<<<< Updated upstream proxmox = { source = "telmate/proxmox" version = "3.0.2-rc07" } +======= +>>>>>>> Stashed changes } } diff --git a/stacks/immich/.terraform.lock.hcl b/stacks/immich/.terraform.lock.hcl index 60a2173c..c5bb773f 100644 --- a/stacks/immich/.terraform.lock.hcl +++ b/stacks/immich/.terraform.lock.hcl @@ -29,21 +29,6 @@ provider "registry.terraform.io/gavinbunney/kubectl" { constraints = "~> 1.14" hashes = [ "h1:9QkxPjp0x5FZFfJbE+B7hBOoads9gmdfj9aYu5N4Sfc=", - "zh:1dec8766336ac5b00b3d8f62e3fff6390f5f60699c9299920fc9861a76f00c71", - "zh:43f101b56b58d7fead6a511728b4e09f7c41dc2e3963f59cf1c146c4767c6cb7", - "zh:4c4fbaa44f60e722f25cc05ee11dfaec282893c5c0ffa27bc88c382dbfbaa35c", - "zh:51dd23238b7b677b8a1abbfcc7deec53ffa5ec79e58e3b54d6be334d3d01bc0e", - "zh:5afc2ebc75b9d708730dbabdc8f94dd559d7f2fc5a31c5101358bd8d016916ba", - "zh:6be6e72d4663776390a82a37e34f7359f726d0120df622f4a2b46619338a168e", - "zh:72642d5fcf1e3febb6e5d4ae7b592bb9ff3cb220af041dbda893588e4bf30c0c", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a1da03e3239867b35812ee031a1060fed6e8d8e458e2eaca48b5dd51b35f56f7", - "zh:b98b6a6728fe277fcd133bdfa7237bd733eae233f09653523f14460f608f8ba2", - "zh:bb8b071d0437f4767695c6158a3cb70df9f52e377c67019971d888b99147511f", - "zh:dc89ce4b63bfef708ec29c17e85ad0232a1794336dc54dd88c3ba0b77e764f71", - "zh:dd7dd18f1f8218c6cd19592288fde32dccc743cde05b9feeb2883f37c2ff4b4e", - "zh:ec4bd5ab3872dedb39fe528319b4bba609306e12ee90971495f109e142d66310", - "zh:f610ead42f724c82f5463e0e71fa735a11ffb6101880665d93f48b4a67b9ad82", ] } @@ -52,20 +37,6 @@ provider "registry.terraform.io/goauthentik/authentik" { constraints = "~> 2024.10" hashes = [ "h1:roBMd+gi+TGgikH/bMzEI8JfvJiMAQWt+8FmokCrQIs=", - "zh:090260dc7889ea822ec1d899344e1ee23eba5290461989c0796149c9511f2316", - "zh:13c2655ff824b0dc4b9bb832b5ca6d41dba97cb280330258c5fef4115e236209", - "zh:166a73c3a810c9c895d68a8ff968158f339f8a2c1c03e20ec9fc5ed99cc64e20", - "zh:203777eae1cdc711233315499643180604cff2324411b186b7cf07fdbe16f655", - "zh:3b2f18c9a8d28dac74dc6bbf168c946855ab9c68f053578d4630c50d5eaf30a0", - "zh:4822275985f6b74b6196c47112316a4252db22cf4ceaef7c9ab4c66d488abf2f", - "zh:53ea97562666c8a5a2f6d63d418a302a7f8ee4b7bb7da35dedaa89aa5708b7f0", - "zh:56b8a230901e3550c92a1d3f58ee9dafe9853f30fe4315af3ab28ae63262e15d", - "zh:6293ab7b1fd8206a0c853591f50186aca4a1eff117b2a773e10760a23a2c83e9", - "zh:9433970f79fb92d8aae3ee436db5630ab312c78b6dc9df9c1db3273a18f8aaa1", - "zh:95df406214f79b3b98222d7c7fe8fc319a3d90b7a9d53e1d5abbda5dfb8b9436", - "zh:a85880da0552a42c8f449390fbd7d8b03541d1a13e04bba9f1404fa658754260", - "zh:a95f6e9bd62c67e70eba1b1a14728856b9a6a28cd1e5e3be54a7718882c87e7f", - "zh:dd599b51c5beb34a4c6feece244fde07d2558d69929449ab1fd39a5ebe738781", ] } @@ -92,18 +63,6 @@ provider "registry.terraform.io/hashicorp/kubernetes" { version = "3.1.0" hashes = [ "h1:oodIAuFMikXNmEtil5MQgP4dfSctUBYQiGJfjbsF3NY=", - "zh:0215c5c60be62028c09a2f22458e89cda3ef5830a632299f1d401eb3538874b0", - "zh:09ebb9f442431e278a310a9423f32caf467cb4b3cad3fe59573ca71fa7b14e20", - "zh:0c4e5912f83bb35846ae0a9ae54fc320706ee61894cd21cc6b4181b1c5a2fa5c", - "zh:1678c982853ad461e65ccb5e79d585e13ed109dd47dab2a66d3a7a304faeef65", - "zh:1c050a5c15e330457a9c18caacf61a923c59d663e13f2962e4b32f04fef523a0", - "zh:2c55bcec83be58ec132c7cb0a1ac644758b800d794fdc636d53a0eada0358a3a", - "zh:a062bb0aa316c08d8460c66a5d68da71da40de5d3bc3b31abcf3a1a9a19650f1", - "zh:a26fdea0afaa9b247c73c0b42843ca51ba7db0ac2571f9d3d50dcabd20ca1b98", - "zh:c872c9385a78d502bf5823d61cd3bb0f9a0585030e025eb12585c83451beeaa1", - "zh:f180879af931182beee4c8c0d9dab62b81d86f17ddcbe3786ef4c7cec9163a4e", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f70f5789264069e0eef06f9b5d5fde955ef7206f7d446d1ce51a4c37a3f3e02f", ] } diff --git a/stacks/llama-cpp/main.tf b/stacks/llama-cpp/main.tf index c0719bbf..2008f6d5 100644 --- a/stacks/llama-cpp/main.tf +++ b/stacks/llama-cpp/main.tf @@ -280,12 +280,19 @@ resource "kubernetes_deployment" "llama_swap" { # for it to be reachable". wait_for_rollout = false spec { +<<<<<<< Updated upstream # Restored to 1 on 2026-05-29 (was 0 during 2026-05-25 IO-storm recovery — # see docs/post-mortems/2026-05-25-immich-anca-elements-io-storm.md). The # immediate trigger was fire-planner's examples ingest needing qwen3-8b for # bulk Reddit-post extraction; only frigate is currently on the GPU on # k8s-node1 so contention is minimal. replicas = 1 +======= + # TEMP-SCALEDOWN-2026-05-25-IO-STORM: scaled to 0 during cluster recovery. + # Restore to 1 when cluster is fully stable. See post-mortem + # docs/post-mortems/2026-05-25-immich-anca-elements-io-storm.md. + replicas = 0 +>>>>>>> Stashed changes strategy { type = "Recreate" } selector { diff --git a/stacks/paperless-ngx/.terraform.lock.hcl b/stacks/paperless-ngx/.terraform.lock.hcl index 9fbd2e13..06e31d76 100644 --- a/stacks/paperless-ngx/.terraform.lock.hcl +++ b/stacks/paperless-ngx/.terraform.lock.hcl @@ -24,6 +24,14 @@ provider "registry.terraform.io/cloudflare/cloudflare" { ] } +provider "registry.terraform.io/gavinbunney/kubectl" { + version = "1.19.0" + constraints = "~> 1.14" + hashes = [ + "h1:9QkxPjp0x5FZFfJbE+B7hBOoads9gmdfj9aYu5N4Sfc=", + ] +} + provider "registry.terraform.io/goauthentik/authentik" { version = "2024.12.1" constraints = "~> 2024.10" @@ -105,3 +113,11 @@ provider "registry.terraform.io/hashicorp/vault" { "zh:ff35fb1ab6add288f0f368981e56f780b50405accd1937131cba1137999c8d83", ] } + +provider "registry.terraform.io/telmate/proxmox" { + version = "3.0.2-rc07" + constraints = "3.0.2-rc07" + hashes = [ + "h1:zp5hpQJQ4t4zROSLqdltVpBO+Riy9VugtfFbpyTw1aM=", + ] +} diff --git a/stacks/paperless-ngx/backend.tf b/stacks/paperless-ngx/backend.tf index 647481ef..b2676120 100644 --- a/stacks/paperless-ngx/backend.tf +++ b/stacks/paperless-ngx/backend.tf @@ -1,7 +1,7 @@ # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa terraform { backend "pg" { - conn_str = "postgres://terraform_state:ts7DGcKmTTY-5ujz4mhh@10.0.20.200:5432/terraform_state?sslmode=disable" + conn_str = "postgres://terraform_state:WR2rnNyiLIb-gUcIxOeF@10.0.20.200:5432/terraform_state?sslmode=disable" schema_name = "paperless-ngx" } } diff --git a/stacks/paperless-ngx/providers.tf b/stacks/paperless-ngx/providers.tf index 012af700..3d0bc2c6 100644 --- a/stacks/paperless-ngx/providers.tf +++ b/stacks/paperless-ngx/providers.tf @@ -13,6 +13,17 @@ terraform { source = "goauthentik/authentik" version = "~> 2024.10" } + # kubectl (gavinbunney) — workaround for hashicorp/kubernetes + # `kubernetes_manifest` panics on Kyverno CRDs. See beads code-e2dp. + # Declared for all stacks but only used where opted-in. + kubectl = { + source = "gavinbunney/kubectl" + version = "~> 1.14" + } + proxmox = { + source = "telmate/proxmox" + version = "3.0.2-rc07" + } } } @@ -35,3 +46,8 @@ provider "vault" { address = "https://vault.viktorbarzin.me" skip_child_token = true } + +provider "kubectl" { + config_path = var.kube_config_path + load_config_file = true +} diff --git a/stacks/platform/providers.tf b/stacks/platform/providers.tf index 860c9eba..3d0bc2c6 100644 --- a/stacks/platform/providers.tf +++ b/stacks/platform/providers.tf @@ -5,6 +5,25 @@ terraform { source = "hashicorp/vault" version = "~> 4.0" } + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4" + } + authentik = { + source = "goauthentik/authentik" + version = "~> 2024.10" + } + # kubectl (gavinbunney) — workaround for hashicorp/kubernetes + # `kubernetes_manifest` panics on Kyverno CRDs. See beads code-e2dp. + # Declared for all stacks but only used where opted-in. + kubectl = { + source = "gavinbunney/kubectl" + version = "~> 1.14" + } + proxmox = { + source = "telmate/proxmox" + version = "3.0.2-rc07" + } } } @@ -27,3 +46,8 @@ provider "vault" { address = "https://vault.viktorbarzin.me" skip_child_token = true } + +provider "kubectl" { + config_path = var.kube_config_path + load_config_file = true +} diff --git a/stacks/speedtest/.terraform.lock.hcl b/stacks/speedtest/.terraform.lock.hcl index e8910be1..4d09adde 100644 --- a/stacks/speedtest/.terraform.lock.hcl +++ b/stacks/speedtest/.terraform.lock.hcl @@ -24,6 +24,22 @@ provider "registry.terraform.io/cloudflare/cloudflare" { ] } +provider "registry.terraform.io/gavinbunney/kubectl" { + version = "1.19.0" + constraints = "~> 1.14" + hashes = [ + "h1:9QkxPjp0x5FZFfJbE+B7hBOoads9gmdfj9aYu5N4Sfc=", + ] +} + +provider "registry.terraform.io/goauthentik/authentik" { + version = "2024.12.1" + constraints = "~> 2024.10" + hashes = [ + "h1:roBMd+gi+TGgikH/bMzEI8JfvJiMAQWt+8FmokCrQIs=", + ] +} + provider "registry.terraform.io/hashicorp/helm" { version = "3.1.1" hashes = [ @@ -91,3 +107,11 @@ provider "registry.terraform.io/hashicorp/vault" { "zh:ff35fb1ab6add288f0f368981e56f780b50405accd1937131cba1137999c8d83", ] } + +provider "registry.terraform.io/telmate/proxmox" { + version = "3.0.2-rc07" + constraints = "3.0.2-rc07" + hashes = [ + "h1:zp5hpQJQ4t4zROSLqdltVpBO+Riy9VugtfFbpyTw1aM=", + ] +} diff --git a/stacks/speedtest/backend.tf b/stacks/speedtest/backend.tf index 1a377446..1be54a65 100644 --- a/stacks/speedtest/backend.tf +++ b/stacks/speedtest/backend.tf @@ -1,7 +1,7 @@ # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa terraform { backend "pg" { - conn_str = "postgres://terraform_state:SBlzGxotNUN6HH9d0S-m@10.0.20.200:5432/terraform_state?sslmode=disable" + conn_str = "postgres://terraform_state:WR2rnNyiLIb-gUcIxOeF@10.0.20.200:5432/terraform_state?sslmode=disable" schema_name = "speedtest" } } diff --git a/stacks/speedtest/providers.tf b/stacks/speedtest/providers.tf index b337a2e9..3d0bc2c6 100644 --- a/stacks/speedtest/providers.tf +++ b/stacks/speedtest/providers.tf @@ -9,6 +9,21 @@ terraform { source = "cloudflare/cloudflare" version = "~> 4" } + authentik = { + source = "goauthentik/authentik" + version = "~> 2024.10" + } + # kubectl (gavinbunney) — workaround for hashicorp/kubernetes + # `kubernetes_manifest` panics on Kyverno CRDs. See beads code-e2dp. + # Declared for all stacks but only used where opted-in. + kubectl = { + source = "gavinbunney/kubectl" + version = "~> 1.14" + } + proxmox = { + source = "telmate/proxmox" + version = "3.0.2-rc07" + } } } @@ -31,3 +46,8 @@ provider "vault" { address = "https://vault.viktorbarzin.me" skip_child_token = true } + +provider "kubectl" { + config_path = var.kube_config_path + load_config_file = true +} diff --git a/stacks/trading-bot/backend.tf b/stacks/trading-bot/backend.tf index d9fff500..ebd9fdd0 100644 --- a/stacks/trading-bot/backend.tf +++ b/stacks/trading-bot/backend.tf @@ -1,7 +1,7 @@ # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa terraform { backend "pg" { - conn_str = "postgres://terraform_state:LicuZK1nVl4ILE5HF-A9@10.0.20.200:5432/terraform_state?sslmode=disable" + conn_str = "postgres://terraform_state:WR2rnNyiLIb-gUcIxOeF@10.0.20.200:5432/terraform_state?sslmode=disable" schema_name = "trading-bot" } } diff --git a/stacks/url/.terraform.lock.hcl b/stacks/url/.terraform.lock.hcl index 05f8a359..1a38d8df 100644 --- a/stacks/url/.terraform.lock.hcl +++ b/stacks/url/.terraform.lock.hcl @@ -70,22 +70,9 @@ provider "registry.terraform.io/goauthentik/authentik" { } provider "registry.terraform.io/hashicorp/helm" { - version = "3.1.1" + version = "3.1.2" hashes = [ - "h1:47CqNwkxctJtL/N/JuEj+8QMg8mRNI/NWeKO5/ydfZU=", - "h1:5b2ojWKT0noujHiweCds37ZreRFRQLNaErdJLusJN88=", - "zh:1a6d5ce931708aec29d1f3d9e360c2a0c35ba5a54d03eeaff0ce3ca597cd0275", - "zh:3411919ba2a5941801e677f0fea08bdd0ae22ba3c9ce3309f55554699e06524a", - "zh:81b36138b8f2320dc7f877b50f9e38f4bc614affe68de885d322629dd0d16a29", - "zh:95a2a0a497a6082ee06f95b38bd0f0d6924a65722892a856cfd914c0d117f104", - "zh:9d3e78c2d1bb46508b972210ad706dd8c8b106f8b206ecf096cd211c54f46990", - "zh:a79139abf687387a6efdbbb04289a0a8e7eaca2bd91cdc0ce68ea4f3286c2c34", - "zh:aaa8784be125fbd50c48d84d6e171d3fb6ef84a221dbc5165c067ce05faab4c8", - "zh:afecd301f469975c9d8f350cc482fe656e082b6ab0f677d1a816c3c615837cc1", - "zh:c54c22b18d48ff9053d899d178d9ffef7d9d19785d9bf310a07d648b7aac075b", - "zh:db2eefd55aea48e73384a555c72bac3f7d428e24147bedb64e1a039398e5b903", - "zh:ee61666a233533fd2be971091cecc01650561f1585783c381b6f6e8a390198a4", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "h1:lIuknMfM7+QTzPWs8VBocstZF0B3TpEMIj/bw+dLAOs=", ] } @@ -134,6 +121,7 @@ provider "registry.terraform.io/telmate/proxmox" { constraints = "3.0.2-rc07" hashes = [ "h1:zp5hpQJQ4t4zROSLqdltVpBO+Riy9VugtfFbpyTw1aM=", +<<<<<<< Updated upstream "zh:2ee860cd0a368b3eaa53f4a9ea46f16dab8a97929e813ea6ef55183f8112c2ca", "zh:415965fd915bae2040d7f79e45f64d6e3ae61149c10114efeac1b34687d7296c", "zh:6584b2055df0e32062561c615e3b6b2c291ca8c959440adda09ef3ec1e1436bd", @@ -148,5 +136,7 @@ provider "registry.terraform.io/telmate/proxmox" { "zh:d5ade3fae031cc629b7c512a7b60e46570f4c41665e88a595d7efd943dde5ab2", "zh:f388c15ad1ecfc09e7361e3b98bae9b627a3a85f7b908c9f40650969c949901c", "zh:f415cc6f735a3971faae6ac24034afdb9ee83373ef8de19a9631c187d5adc7db", +======= +>>>>>>> Stashed changes ] } diff --git a/stacks/vault/providers.tf b/stacks/vault/providers.tf index d5469984..3d0bc2c6 100644 --- a/stacks/vault/providers.tf +++ b/stacks/vault/providers.tf @@ -20,6 +20,10 @@ terraform { source = "gavinbunney/kubectl" version = "~> 1.14" } + proxmox = { + source = "telmate/proxmox" + version = "3.0.2-rc07" + } } } diff --git a/stacks/wealthfolio/.terraform.lock.hcl b/stacks/wealthfolio/.terraform.lock.hcl index 6c9afb10..c4699210 100644 --- a/stacks/wealthfolio/.terraform.lock.hcl +++ b/stacks/wealthfolio/.terraform.lock.hcl @@ -29,6 +29,7 @@ provider "registry.terraform.io/gavinbunney/kubectl" { constraints = "~> 1.14" hashes = [ "h1:9QkxPjp0x5FZFfJbE+B7hBOoads9gmdfj9aYu5N4Sfc=", +<<<<<<< Updated upstream "zh:1dec8766336ac5b00b3d8f62e3fff6390f5f60699c9299920fc9861a76f00c71", "zh:43f101b56b58d7fead6a511728b4e09f7c41dc2e3963f59cf1c146c4767c6cb7", "zh:4c4fbaa44f60e722f25cc05ee11dfaec282893c5c0ffa27bc88c382dbfbaa35c", @@ -44,6 +45,8 @@ provider "registry.terraform.io/gavinbunney/kubectl" { "zh:dd7dd18f1f8218c6cd19592288fde32dccc743cde05b9feeb2883f37c2ff4b4e", "zh:ec4bd5ab3872dedb39fe528319b4bba609306e12ee90971495f109e142d66310", "zh:f610ead42f724c82f5463e0e71fa735a11ffb6101880665d93f48b4a67b9ad82", +======= +>>>>>>> Stashed changes ] } @@ -154,6 +157,7 @@ provider "registry.terraform.io/telmate/proxmox" { constraints = "3.0.2-rc07" hashes = [ "h1:zp5hpQJQ4t4zROSLqdltVpBO+Riy9VugtfFbpyTw1aM=", +<<<<<<< Updated upstream "zh:2ee860cd0a368b3eaa53f4a9ea46f16dab8a97929e813ea6ef55183f8112c2ca", "zh:415965fd915bae2040d7f79e45f64d6e3ae61149c10114efeac1b34687d7296c", "zh:6584b2055df0e32062561c615e3b6b2c291ca8c959440adda09ef3ec1e1436bd", @@ -168,5 +172,7 @@ provider "registry.terraform.io/telmate/proxmox" { "zh:d5ade3fae031cc629b7c512a7b60e46570f4c41665e88a595d7efd943dde5ab2", "zh:f388c15ad1ecfc09e7361e3b98bae9b627a3a85f7b908c9f40650969c949901c", "zh:f415cc6f735a3971faae6ac24034afdb9ee83373ef8de19a9631c187d5adc7db", +======= +>>>>>>> Stashed changes ] } diff --git a/stacks/wealthfolio/backend.tf b/stacks/wealthfolio/backend.tf index a4f7562d..6cd17f45 100644 --- a/stacks/wealthfolio/backend.tf +++ b/stacks/wealthfolio/backend.tf @@ -1,7 +1,7 @@ # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa terraform { backend "pg" { - conn_str = "postgres://terraform_state:LicuZK1nVl4ILE5HF-A9@10.0.20.200:5432/terraform_state?sslmode=disable" + conn_str = "postgres://terraform_state:WR2rnNyiLIb-gUcIxOeF@10.0.20.200:5432/terraform_state?sslmode=disable" schema_name = "wealthfolio" } }