Home Explore Help
Sign In
LBP
/
ChristianLempa_Boilerplates
mirror of https://github.com/ChristianLempa/boilerplates.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch 'main' into main

Christian Lempa 8 months ago
parent
fb3c23f811 487b411a1d
commit
bfb3f8deda
75 changed files with 699 additions and 226 deletions
Split View Show Diff Stats
  1. 65 0
      .editorconfig
  2. 1 1
      docker-compose/ansiblesemaphore/compose.yaml
  3. 4 4
      docker-compose/authentik/compose.yaml
  4. 1 1
      docker-compose/bind9/compose.yaml
  5. 1 1
      docker-compose/cadvisor/compose.yaml
  6. 38 0
      docker-compose/checkmk/compose.yaml
  7. 1 1
      docker-compose/clamav/compose.yaml
  8. 1 1
      docker-compose/dockge/compose.yaml
  9. 1 1
      docker-compose/factory/runner-pool/compose.yaml
  10. 1 1
      docker-compose/gitea/.env.example
  11. 1 1
      docker-compose/gitea/compose.yaml
  12. 9 0
      docker-compose/gitlab-runner/compose.yaml
  13. 25 0
      docker-compose/gitlab-runner/config/config.toml
  14. 1 1
      docker-compose/gitlab/compose.yaml
  15. 1 1
      docker-compose/grafana/compose.yaml
  16. 1 1
      docker-compose/homeassistant/compose.yaml
  17. 3 1
      docker-compose/homepage/compose.yaml
  18. 1 1
      docker-compose/homer/compose.yaml
  19. 40 0
      docker-compose/loki/compose.yaml
  20. 30 0
      docker-compose/loki/config/config.yaml
  21. 1 1
      docker-compose/mariadb/compose.yaml
  22. 4 4
      docker-compose/nextcloud/compose.yaml
  23. 16 3
      docker-compose/nginx/compose.yaml
  24. 1 0
      docker-compose/nginx/config/default.conf
  25. 1 1
      docker-compose/nginxproxymanager/compose.yaml
  26. 1 1
      docker-compose/nodeexporter/compose.yaml
  27. 1 1
      docker-compose/nvidiasmi/compose.yaml
  28. 40 0
      docker-compose/openwebui/compose.yaml
  29. 1 1
      docker-compose/passbolt/compose.yaml
  30. 28 14
      docker-compose/pihole/compose.yaml
  31. 1 1
      docker-compose/portainer/compose.yaml
  32. 1 1
      docker-compose/postgres/compose.yaml
  33. 1 1
      docker-compose/prometheus/compose.yaml
  34. 9 0
      docker-compose/promtail/compose.yaml
  35. 19 0
      docker-compose/promtail/config/config.yaml
  36. 1 1
      docker-compose/swag/compose.yaml
  37. 1 1
      docker-compose/teleport/compose.yaml
  38. 1 1
      docker-compose/traefik/compose.yaml
  39. 0 24
      docker-compose/twingate/connector/compose.yaml
  40. 23 0
      docker-compose/twingate_connector/compose.yaml
  41. 3 3
      docker-compose/wazuh/compose.yaml
  42. 1 1
      kubernetes/authentik/helm/values.yaml
  43. 3 3
      kubernetes/cert-manager/helm/values.yaml
  44. 11 11
      kubernetes/longhorn/helm/values.yaml
  45. 1 1
      kubernetes/portainer/helm/values.yaml
  46. 1 1
      kubernetes/traefik/helm/values.yaml
  47. 12 0
      kubernetes/twingate_connector/twingate_connector.yaml
  48. 10 0
      kubernetes/twingate_operator/helm/values.yaml
  49. 6 6
      packer/proxmox/ubuntu-server-focal-docker/ubuntu-server-focal-docker.pkr.hcl
  50. 6 6
      packer/proxmox/ubuntu-server-focal/ubuntu-server-focal.pkr.hcl
  51. 6 6
      packer/proxmox/ubuntu-server-jammy-docker/ubuntu-server-jammy-docker.pkr.hcl
  52. 6 6
      packer/proxmox/ubuntu-server-jammy/ubuntu-server-jammy.pkr.hcl
  53. 7 6
      packer/proxmox/ubuntu-server-noble/ubuntu-server-noble.pkr.hcl
  54. 26 4
      renovate.json
  55. 1 1
      terraform/civo/query.tf
  56. 3 3
      terraform/helm/certmanager.tf
  57. 4 4
      terraform/helm/traefik.tf
  58. 1 1
      terraform/kubernetes/provider.tf
  59. 2 2
      terraform/kubernetes/secret.tf
  60. 0 3
      terraform/proxmox/README.md
  61. 0 3
      terraform/proxmox/credentials.auto.tfvars
  62. 0 49
      terraform/proxmox/full-clone.tf
  63. 27 25
      terraform/proxmox/provider.tf
  64. 102 0
      terraform/proxmox/vm_qemu.tf
  65. 1 2
      terraform/templates/kubernetes-automation-example/certmanager.tf
  66. 1 1
      terraform/templates/kubernetes-automation-example/nginx1.tf
  67. 2 2
      terraform/templates/kubernetes-automation-example/provider.tf
  68. 2 2
      terraform/templates/kubernetes-automation-example/traefik.tf
  69. 1 1
      terraform/templates/simple-docker-example/main.tf
  70. 20 0
      terraform/twingate/provider.tf
  71. 7 0
      terraform/twingate/twingate_group.tf
  72. 7 0
      terraform/twingate/twingate_remote_network.tf
  73. 28 0
      terraform/twingate/twingate_resource.tf
  74. 3 0
      terraform/twingate/twingate_security_policy.tf
  75. 11 0
      terraform/twingate/twingate_user.tf

+ 65 - 0
.editorconfig
View File 

@@ -0,0 +1,65 @@
 
+# https://editorconfig.org/
 
+root = true
 
+
 
+[*]
 
+charset = utf-8
 
+end_of_line = lf
 
+indent_size = 4
 
+indent_style = space
 
+insert_final_newline = true
 
+trim_trailing_whitespace = true
 
+
 
+[/docker-compose/nginx/**/*.conf]
 
+indent_size = 2
 
+
 
+[/docker-compose/wazuh/**/*.conf]
 
+indent_size = 2
 
+
 
+[*.css]
 
+indent_size = 2
 
+
 
+[{*.go,go.mod}]
 
+indent_style = tab
 
+indent_size = unset
 
+
 
+[*.hcl]
 
+indent_size = unset
 
+
 
+[*{.min,.min.*,-min}.js]
 
+charset = unset
 
+indent_size = unset
 
+indent_style = unset
 
+insert_final_newline = unset
 
+max_line_length = off
 
+
 
+[*.json]
 
+indent_size = 2
 
+
 
+[*.md]
 
+indent_size = unset
 
+trim_trailing_whitespace = false
 
+
 
+[*.nix]
 
+indent_size = 2
 
+
 
+[*.py]
 
+indent_size = 4
 
+
 
+[*.tf]
 
+indent_size = unset
 
+
 
+[/packer/**/http/user-data]
 
+indent_size = 2
 
+
 
+[{*.{yaml,yml},.yamllint}]
 
+indent_size = 2
 
+
 
+[*.xml]
 
+indent_size = 2
 
+
 
+[Makefile]
 
+indent_style = tab
 
+indent_size = unset
 
+
 
+[Vagrantfile]
 
+indent_size = 2

+ 1 - 1
docker-compose/ansiblesemaphore/compose.yaml
View File 

@@ -16,7 +16,7 @@ services:
 
     restart: unless-stopped
 
   semaphore:
 
     container_name: ansiblesemaphore
 
-    image: docker.io/semaphoreui/semaphore:v2.11.2
 
+    image: docker.io/semaphoreui/semaphore:v2.14.12
 
     user: "${UID}:${GID}"
 
     ports:
 
       - 3000:3000

+ 4 - 4
docker-compose/authentik/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   server:
 
-    image: ghcr.io/goauthentik/server:2024.12.2
 
+    image: ghcr.io/goauthentik/server:2025.4.1
 
     container_name: authentik-server
 
     command: server
 
     environment:
 
@@ -50,7 +50,7 @@ services:
 
     restart: unless-stopped
 
 
   worker:
 
-    image: ghcr.io/goauthentik/server:2024.12.2
 
+    image: ghcr.io/goauthentik/server:2025.4.1
 
     container_name: authentik-worker
 
     command: worker
 
     environment:
 
@@ -88,7 +88,7 @@ services:
 
     restart: unless-stopped
 
 
   redis:
 
-    image: docker.io/library/redis:7.4.2
 
+    image: docker.io/library/redis:8.0.2
 
     container_name: authentik-redis
 
     command: --save 60 1 --loglevel warning
 
     healthcheck:
 
@@ -106,7 +106,7 @@ services:
 
     #   Alternatively, you can host your PostgreSQL database externally, and
 
     #   change the connection settings in the `authentik-server` and
 
     #   `authentik-worker`.
 
-    image: docker.io/library/postgres:17.2
 
+    image: docker.io/library/postgres:17.5
 
     container_name: authentik-db
 
     environment:
 
       - POSTGRES_USER=${POSTGRES_USER:-authentik}

+ 1 - 1
docker-compose/bind9/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   bind9:
 
-    image: docker.io/ubuntu/bind9:9.18-23.10_edge
 
+    image: docker.io/ubuntu/bind9:9.20-24.10_edge
 
     container_name: bind9
 
     ports:
 
       - "53:53"

+ 1 - 1
docker-compose/cadvisor/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   cadvisor:
 
-    image: gcr.io/cadvisor/cadvisor:v0.51.0
 
+    image: gcr.io/cadvisor/cadvisor:v0.52.1
 
     container_name: cadvisor
 
     ports:
 
       - 8080:8080

+ 38 - 0
docker-compose/checkmk/compose.yaml
View File 

@@ -0,0 +1,38 @@
 
+---
 
+services:
 
+  monitoring:
 
+    image: checkmk/check-mk-raw:2.4.0-latest
 
+    container_name: checkmk
 
+    ports:
 
+      - "8000:8000"
 
+      - "5000:5000"
 
+      - "162:162/udp"
 
+    environment:
 
+      - TZ=Europe/Berlin
 
+      - CMK_PASSWORD=${CMK_PASSWORD:?no password set}
 
+      - CMK_SITE_ID=${CMK_SITE_ID:-cmk}
 
+    tmpfs:
 
+      - /opt/omd/sites/cmk/tmp:uid=1000,gid=1000
 
+    volumes:
 
+      - /etc/localtime:/etc/localtime:ro
 
+      - data:/omd/sites:rw
 
+    networks:
 
+      - frontend
 
+    labels:
 
+      - traefik.enable=true
 
+      - traefik.http.services.checkmk.loadbalancer.server.port=5000
 
+      - traefik.http.services.checkmk.loadbalancer.server.scheme=http
 
+      - traefik.http.routers.checkmk.service=checkmk
 
+      - traefik.http.routers.checkmk.rule=Host(`checkmk.home.arpa`)
 
+      - traefik.http.routers.checkmk.entrypoints=websecure
 
+      - traefik.http.routers.checkmk.tls=true
 
+      - traefik.http.routers.checkmk.tls.certresolver=cloudflare
 
+    restart: unless-stopped
 
+
 
+volumes:
 
+  data:
 
+    driver: local
 
+
 
+networks:
 
+  frontend:
 
+    external: true

+ 1 - 1
docker-compose/clamav/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   clamav:
 
-    image: docker.io/clamav/clamav:1.4.1
 
+    image: docker.io/clamav/clamav:1.4.2
 
     container_name: clamav
 
     volumes:
 
       - ./config/clamd.conf:/etc/clamav/clamd.conf:ro

+ 1 - 1
docker-compose/dockge/compose.yaml
View File 

@@ -2,7 +2,7 @@
 
 services:
 
   dockge:
 
     container_name: dockge
 
-    image: docker.io/louislam/dockge:1.4.2
 
+    image: docker.io/louislam/dockge:1.5.0
 
     volumes:
 
       - /var/run/docker.sock:/var/run/docker.sock
 
       - dockge-data:/app/data

+ 1 - 1
docker-compose/factory/runner-pool/compose.yaml
View File 

@@ -2,7 +2,7 @@
 
 services:
 
   refactr-runner:
 
     container_name: factory-runnerpool-prod-1
 
-    image: docker.io/refactr/runner-pool:v0.153.0
 
+    image: docker.io/refactr/runner-pool:v0.153.4
 
     user: root
 
     volumes:
 
       - /run/docker.sock:/run/docker.sock

+ 1 - 1
docker-compose/gitea/.env.example
View File 

@@ -3,6 +3,6 @@
 
 # Add internal database credentials here...
 
 # POSTGRES_HOST     = "your-database-host"
 
 # POSTGRES_PORT     = "your-database-port"
 
-POSTGRES_DB       = "your-database-name"  
+POSTGRES_DB       = "your-database-name"
 
 POSTGRES_USER     = "your-database-user"
 
 POSTGRES_PASSWORD = "your-database-password"

+ 1 - 1
docker-compose/gitea/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   server:
 
-    image: gitea/gitea:1.23.1
 
+    image: gitea/gitea:1.23.8
 
     container_name: gitea-server
 
     environment:
 
       - USER_UID=1000

+ 9 - 0
docker-compose/gitlab-runner/compose.yaml
View File 

@@ -0,0 +1,9 @@
 
+---
 
+services:
 
+  gitlab-runner:
 
+    image: docker.io/gitlab/gitlab-runner:alpine-v17.9.1
 
+    container_name: gitlab-runner-1
 
+    volumes:
 
+      - ./config/config.toml:/etc/gitlab-runner/config.toml:ro
 
+      - /var/run/docker.sock:/var/run/docker.sock
 
+    restart: unless-stopped

+ 25 - 0
docker-compose/gitlab-runner/config/config.toml
View File 

@@ -0,0 +1,25 @@
 
+concurrent = 10
 
+log_level = "warning"
 
+log_format = "json"
 
+check_interval = 5
 
+
 
+[[runners]]
 
+  name = "gitlab-runner-1"
 
+  url = "gitlab.example.com"  # FIXME Change to your GitLab instance URL
 
+  executor = "docker"
 
+  token = ""  # FIXME Add your registration token here
 
+  limit = 0
 
+  # FIXME To increase rate limits, when pulling down images from the Docker Hub you might want to authenticate:
 
+  # 1. Create a Docker Hub account and generate a personal access token
 
+  # 2. Encode the username and token in base64
 
+  #    Example: echo -n 'username:token' | base64
 
+  # 3. Replace the <BASE64_ENCODED_AUTH> with the base64 encoded string
 
+  environment = ["DOCKER_AUTH_CONFIG={\"auths\":{\"https://index.docker.io/v1/\":{\"auth\":\"<BASE64_ENCODED_AUTH>\"}}}"]
 
+  [runners.docker]
 
+    tls_verify = false
 
+    image = "alpine:latest"
 
+    privileged = true
 
+    disable_cache = false
 
+    volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
 
+  [runners.cache]
 
+    Insecure = false

+ 1 - 1
docker-compose/gitlab/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   gitlab:
 
-    image: gitlab/gitlab-ce:17.8.1-ce.0
 
+    image: docker.io/gitlab/gitlab-ce:18.0.1-ce.0
 
     container_name: gitlab
 
     shm_size: '256m'
 
     environment: {}

+ 1 - 1
docker-compose/grafana/compose.yaml
View File 

@@ -4,7 +4,7 @@ volumes:
 
     driver: local
 
 services:
 
   grafana:
 
-    image: docker.io/grafana/grafana-oss:11.4.0
 
+    image: docker.io/grafana/grafana-oss:12.0.1
 
     container_name: grafana
 
     ports:
 
       - "3000:3000"

+ 1 - 1
docker-compose/homeassistant/compose.yaml
View File 

@@ -2,7 +2,7 @@
 
 services:
 
   homeassistant:
 
     container_name: homeassistant
 
-    image: ghcr.io/home-assistant/home-assistant:2025.1.3
 
+    image: ghcr.io/home-assistant/home-assistant:2025.5.3
 
     volumes:
 
       - ./config:/config
 
       - /etc/localtime:/etc/localtime:ro

+ 3 - 1
docker-compose/homepage/compose.yaml
View File 

@@ -1,9 +1,11 @@
 
 ---
 
 services:
 
   homepage:
 
-    image: ghcr.io/gethomepage/homepage:v0.10.9
 
+    image: ghcr.io/gethomepage/homepage:v1.3.2
 
     container_name: homepage
 
     environment:
 
+      # (Required) See https://gethomepage.dev/installation/#homepage_allowed_hosts
 
+      - HOMEPAGE_ALLOWED_HOSTS=${HOMEPAGE_ALLOWED_HOSTS:?HOMEPAGE_ALLOWED_HOSTS not set}
 
       - LOG_LEVEL=info
 
     # (Optional) Run as a specific user
 
     #   - PUID=your-user-id

+ 1 - 1
docker-compose/homer/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   homer:
 
-    image: docker.io/b4bz/homer:v24.12.1
 
+    image: docker.io/b4bz/homer:v25.05.2
 
     container_name: homer
 
     ports:
 
       - "8080:8080"

+ 40 - 0
docker-compose/loki/compose.yaml
View File 

@@ -0,0 +1,40 @@
 
+---
 
+services:
 
+  loki:
 
+    container_name: loki
 
+    image: docker.io/grafana/loki:3.5.1
 
+    command: "-config.file=/etc/loki/config.yaml"
 
+    ports:
 
+      # --> (Optional) Remove when using traefik...
 
+      - "3100:3100"
 
+      # <--
 
+    volumes:
 
+      - ./config/config.yaml:/etc/loki/config.yaml:ro
 
+      - data_loki:/loki:rw
 
+    # --> (Optional) When using traefik...
 
+    # labels:
 
+    #   - traefik.enable=true
 
+    #   # -- Traefik Services
 
+    #   - traefik.http.services.loki.loadbalancer.server.port=3100
 
+    #   # -- Traefik Routers
 
+    #   - traefik.http.routers.loki.entrypoints=websecure
 
+    #   - traefik.http.routers.loki.rule=Host(`loki-fqdn`)
 
+    #   - traefik.http.routers.loki.tls=true
 
+    #   - traefik.http.routers.loki.tls.certresolver=cloudflare
 
+    #   - traefik.http.routers.loki.service=loki
 
+    #   # -- (Optional) Authentication
 
+    #   # - traefik.http.routers.loki.middlewares=authentik-middleware@file
 
+    # networks:
 
+    #   - frontend
 
+    # <--
 
+    restart: unless-stopped
 
+
 
+volumes:
 
+  data_loki:
 
+    driver: local
 
+
 
+# --> (Optional) When using traefik...
 
+# networks:
 
+#   frontend:
 
+#     external: true
 
+# <--

+ 30 - 0
docker-compose/loki/config/config.yaml
View File 

@@ -0,0 +1,30 @@
 
+---
 
+auth_enabled: false
 
+
 
+server:
 
+  http_listen_port: 3100
 
+
 
+common:
 
+  instance_addr: 127.0.0.1
 
+  path_prefix: /loki
 
+  storage:
 
+    filesystem:
 
+      chunks_directory: /loki/chunks
 
+      rules_directory: /loki/rules
 
+  replication_factor: 1
 
+  ring:
 
+    kvstore:
 
+      store: inmemory
 
+
 
+schema_config:
 
+  configs:
 
+    - from: 2020-10-24
 
+      store: tsdb
 
+      object_store: filesystem
 
+      schema: v13
 
+      index:
 
+        prefix: index_
 
+        period: 24h
 
+
 
+ruler:
 
+  alertmanager_url: http://localhost:9093

+ 1 - 1
docker-compose/mariadb/compose.yaml
View File 

@@ -7,7 +7,7 @@ volumes:
 
   mariadb-data:
 
 services:
 
   mariadb:
 
-    image: docker.io/library/mariadb:11.6.2
 
+    image: docker.io/library/mariadb:11.7.2
 
     # (Optional) remove this section when you don't want to expose
 
     ports:
 
       - 3306:3306

+ 4 - 4
docker-compose/nextcloud/compose.yaml
View File 

@@ -4,7 +4,7 @@ volumes:
 
   nextcloud-db:
 
 services:
 
   nextcloud-app:
 
-    image: docker.io/library/nextcloud:30.0.5-apache
 
+    image: docker.io/library/nextcloud:31.0.5-apache
 
     container_name: nextcloud-app
 
     ports:
 
       - 80:80
 
@@ -17,9 +17,9 @@ services:
 
       - MYSQL_HOST=nextcloud-db
 
     restart: unless-stopped
 
   nextcloud-db:
 
-    # See compatibility matrix for Nextcloud 30
 
-    # https://docs.nextcloud.com/server/30/admin_manual/installation/system_requirements.html
 
-    image: docker.io/library/mariadb:10.11.10
 
+    # See compatibility matrix for Nextcloud 31
 
+    # https://docs.nextcloud.com/server/31/admin_manual/installation/system_requirements.html
 
+    image: docker.io/library/mariadb:10.11.13
 
     container_name: nextcloud-db
 
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
 
     volumes:

+ 16 - 3
docker-compose/nginx/compose.yaml
View File 

@@ -1,13 +1,26 @@
 
 ---
 
 services:
 
   nginx:
 
-    image: docker.io/library/nginx:1.26.2-alpine
 
+    image: docker.io/library/nginx:1.28.0-alpine
 
     container_name: nginx
 
     ports:
 
       - 80:80
 
-      # (optional) uncomment the line below to enable HTTPS
 
-      # - 443:443
 
+      - 443:443
 
     volumes:
 
       - ./config/default.conf:/etc/nginx/conf.d/default.conf:ro
 
       - ./data:/usr/share/nginx/html:ro
 
+    labels:
 
+      - traefik.enable=true
 
+      - traefik.http.services.nginx.loadbalancer.server.port=80
 
+      - traefik.http.routers.nginx.entrypoints=websecure
 
+      - traefik.http.routers.nginx.rule=Host(`example.com`)
 
+      - traefik.http.routers.nginx.tls=true
 
+      - traefik.http.routers.nginx.tls.certresolver=cloudflare
 
+      - traefik.http.routers.nginx.service=nginx
 
+    networks:
 
+      - frontend
 
     restart: unless-stopped
 
+
 
+networks:
 
+  frontend:
 
+    external: true

+ 1 - 0
docker-compose/nginx/config/default.conf
View File 

@@ -4,5 +4,6 @@ server {
 
   location / {
 
     root /usr/share/nginx/html;
 
     index index.html;
 
+    access_log on;
 
   }
 
 }

+ 1 - 1
docker-compose/nginxproxymanager/compose.yaml
View File 

@@ -5,7 +5,7 @@ volumes:
 
   nginxproxymanager-db:
 
 services:
 
   nginxproxymanager:
 
-    image: docker.io/jc21/nginx-proxy-manager:2.12.2
 
+    image: docker.io/jc21/nginx-proxy-manager:2.12.3
 
     ports:
 
       - 80:80
 
       - 81:81

+ 1 - 1
docker-compose/nodeexporter/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   node_exporter:
 
-    image: quay.io/prometheus/node-exporter:v1.8.2
 
+    image: quay.io/prometheus/node-exporter:v1.9.1
 
     container_name: node_exporter
 
     command: "--path.rootfs=/host"
 
     pid: host

+ 1 - 1
docker-compose/nvidiasmi/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   nvidia_smi_exporter:
 
-    image: docker.io/utkuozdemir/nvidia_gpu_exporter:1.3.0
 
+    image: docker.io/utkuozdemir/nvidia_gpu_exporter:1.3.2
 
     container_name: nvidia_smi_exporter
 
     runtime: nvidia
 
     environment:

+ 40 - 0
docker-compose/openwebui/compose.yaml
View File 

@@ -0,0 +1,40 @@
 
+---
 
+services:
 
+  openwebui:
 
+    image: ghcr.io/open-webui/open-webui:0.6.13
 
+    container_name: openwebui
 
+    ports:
 
+      - "8080:8080"
 
+    environment:
 
+      # Ollama Config
 
+      - OLLAMA_BASE_URL=http://ollama.example.com:11434
 
+      # Authentik SSO Config
 
+      - ENABLE_OAUTH_SIGNUP=true
 
+      - OAUTH_MERGE_ACCOUNTS_BY_EMAIL=false
 
+      - OAUTH_PROVIDER_NAME=authentik
 
+      - OPENID_PROVIDER_URL=https://authentik.example.com/application/o/openwebui-slug/.well-known/openid-configuration
 
+      - OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID}
 
+      - OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
 
+      - OAUTH_SCOPES=openid email profile
 
+      - OPENID_REDIRECT_URI=https://openwebui.example.com/oauth/oidc/callback
 
+    volumes:
 
+      - data:/app/backend/data:rw
 
+    networks:
 
+      - frontend
 
+    labels:
 
+      - traefik.enable=true
 
+      - traefik.http.routers.openwebui.rule=Host(`openwebui.example.com`)
 
+      - traefik.http.routers.openwebui.entrypoints=websecure
 
+      - traefik.http.routers.openwebui.tls=true
 
+      - traefik.http.routers.openwebui.tls.certresolver=cloudflare
 
+      - traefik.http.routers.openwebui.service=openwebui
 
+      - traefik.http.services.openwebui.loadBalancer.server.port=8080
 
+    restart: unless-stopped
 
+
 
+volumes:
 
+  data:
 
+    driver: local
 
+
 
+networks:
 
+  frontend:
 
+    external: true

+ 1 - 1
docker-compose/passbolt/compose.yaml
View File 

@@ -17,7 +17,7 @@ services:
 
     restart: unless-stopped
 
   passbolt:
 
     container_name: passbolt-app
 
-    image: docker.io/passbolt/passbolt:4.10.1-1-ce
 
+    image: docker.io/passbolt/passbolt:5.1.1-1-ce
 
     depends_on:
 
       - passbolt-db
 
     environment:

+ 28 - 14
docker-compose/pihole/compose.yaml
View File 

@@ -1,26 +1,40 @@
 
 ---
 
-version: '3'
 
-
 
-volumes:
 
-  dnsmasq:
 
-    driver: local
 
-  etcd:
 
-    driver: local
 
-
 
 services:
 
   pihole:
 
     container_name: pihole
 
-    image: docker.io/pihole/pihole:2024.07.0
 
+    image: docker.io/pihole/pihole:2025.05.1
 
     ports:
 
       - 53:53/tcp
 
       - 53:53/udp
 
       - 67:67/udp
 
-      - 80:80/tcp
 
-      - 443:443/tcp
 
+      - 8081:80/tcp
 
+      - 8443:443/tcp
 
     environment:
 
       - TZ=Europe/Berlin
 
-      - WEBPASSWORD=your-secret-password
 
+      - FTLCONF_webserver_api_password=${FTLCONF_webserver_api_password}
 
+      - FTLCONF_dns_upstreams=${FTLCONF_dns_upstreams:-8.8.8.8;8.8.4.4}
 
     volumes:
 
-      - dnsmasq:/etc/dnsmasq.d
 
-      - etcd:/etc/pihole
 
+      - config_dnsmasq:/etc/dnsmasq.d
 
+      - config_pihole:/etc/pihole
 
+    networks:
 
+      - frontend
 
+    labels:
 
+      - traefik.enable=true
 
+      # Pihole Web Interface
 
+      - traefik.http.routers.pihole.rule=Host(`example.com`)
 
+      - traefik.http.routers.pihole.entrypoints=websecure
 
+      - traefik.http.routers.pihole.tls=true
 
+      - traefik.http.routers.pihole.tls.certresolver=cloudflare
 
+      - traefik.http.routers.pihole.service=pihole
 
+      - traefik.http.services.pihole.loadBalancer.server.port=80
 
     restart: unless-stopped
 
+
 
+volumes:
 
+  config_dnsmasq:
 
+    driver: local
 
+  config_pihole:
 
+    driver: local
 
+
 
+networks:
 
+  frontend:
 
+    external: true

+ 1 - 1
docker-compose/portainer/compose.yaml
View File 

@@ -2,7 +2,7 @@
 
 services:
 
   app:
 
     container_name: portainer
 
-    image: docker.io/portainer/portainer-ce:2.26.1-alpine
 
+    image: docker.io/portainer/portainer-ce:2.30.1-alpine
 
     ports:
 
       # --> (Optional) Remove when using traefik...
 
       - 9000:9000

+ 1 - 1
docker-compose/postgres/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   postgres:
 
-    image: docker.io/library/postgres:17.2
 
+    image: docker.io/library/postgres:17.5
 
     container_name: postgres
 
     environment:
 
       - POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums}

+ 1 - 1
docker-compose/prometheus/compose.yaml
View File 

@@ -4,7 +4,7 @@ volumes:
 
     driver: local
 
 services:
 
   prometheus:
 
-    image: docker.io/prom/prometheus:v3.1.0
 
+    image: docker.io/prom/prometheus:v3.4.1
 
     container_name: prometheus
 
     ports:
 
       - 9090:9090

+ 9 - 0
docker-compose/promtail/compose.yaml
View File 

@@ -0,0 +1,9 @@
 
+---
 
+services:
 
+  promtail:
 
+    image: docker.io/grafana/promtail:3.5.1
 
+    command: "-config.file=/mnt/config/config.yaml"
 
+    volumes:
 
+      - ./config/config.yaml:/mnt/config/config.yaml:ro
 
+      - /var/log:/var/log:ro
 
+    restart: unless-stopped

+ 19 - 0
docker-compose/promtail/config/config.yaml
View File 

@@ -0,0 +1,19 @@
 
+---
 
+server:
 
+  http_listen_port: 9080
 
+  grpc_listen_port: 0
 
+
 
+positions:
 
+  filename: /tmp/positions.yaml
 
+
 
+clients:
 
+  - url: https://<USERNAME>:<PASSWORD>@<LOKI-FQDN>/loki/api/v1/push
 
+
 
+scrape_configs:
 
+  - job_name: system
 
+    static_configs:
 
+      - targets:
 
+          - localhost
 
+        labels:
 
+          job: varlogs
 
+          __path__: /var/log/*log

+ 1 - 1
docker-compose/swag/compose.yaml
View File 

@@ -15,7 +15,7 @@ services:
 
       - /opt/webserver_swag/config/mariadb:/config
 
     restart: unless-stopped
 
   swag:
 
-    image: docker.io/linuxserver/swag:3.1.0
 
+    image: docker.io/linuxserver/swag:3.3.0
 
     container_name: swag
 
     cap_add:
 
       - NET_ADMIN

+ 1 - 1
docker-compose/teleport/compose.yaml
View File 

@@ -5,7 +5,7 @@
 
 #     external: true
 
 services:
 
   teleport:
 
-    image: public.ecr.aws/gravitational/teleport-distroless:17.2.0
 
+    image: public.ecr.aws/gravitational/teleport-distroless:17.4.10
 
     container_name: teleport
 
     ports:
 
       # -- (Optional) Remove this section, when using Traefik

+ 1 - 1
docker-compose/traefik/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   traefik:
 
-    image: docker.io/library/traefik:v3.3.2
 
+    image: docker.io/library/traefik:v3.4.1
 
     container_name: traefik
 
     ports:
 
       - 80:80

+ 0 - 24
docker-compose/twingate/connector/compose.yaml
View File 

@@ -1,24 +0,0 @@
 
----
 
-# -- (Optional) When using a custom network
 
-# networks:
 
-#   your-custom-network:
 
-#     -- (Optional) When attaching an external network
 
-#     external: true
 
-services:
 
-  twingate_connector:
 
-    container_name: twingate_connector
 
-    image: docker.io/twingate/connector:1.73.0
 
-    environment:
 
-      - TWINGATE_NETWORK=your-twingate-network
 
-      - TWINGATE_ACCESS_TOKEN=${TWINGATE_ACCESS_TOKEN}
 
-      - TWINGATE_REFRESH_TOKEN=${TWINGATE_REFRESH_TOKEN}
 
-      # -- (Optional) Change loglevel
 
-      # - TWINGATE_LOG_LEVEL=3
 
-      # -- (Optional) Add custom DNS Server
 
-      # - TWINGATE_DNS=10.20.0.1
 
-    sysctls:
 
-      net.ipv4.ping_group_range: "0 2147483647"
 
-    # -- (Optional) When using a custom network
 
-    # networks:
 
-    #   - your-custom-network
 
-    restart: unless-stopped

+ 23 - 0
docker-compose/twingate_connector/compose.yaml
View File 

@@ -0,0 +1,23 @@
 
+---
 
+services:
 
+  twingate_connector:
 
+    container_name: twingate_connector
 
+    image: docker.io/twingate/connector:1.76.0
 
+    environment:
 
+      - TWINGATE_NETWORK=  # FIXME Add your Twingate network name here
 
+      - TWINGATE_ACCESS_TOKEN=${TWINGATE_ACCESS_TOKEN:?error}
 
+      - TWINGATE_REFRESH_TOKEN=${TWINGATE_REFRESH_TOKEN:?error}
 
+      - TWINGATE_LOG_LEVEL=1
 
+      - TWINGATE_DNS=  # FIXME Add your local DNS server here, if needed (e.g. 10.0.0.1), otherwise remove this line
 
+    sysctls:
 
+      net.ipv4.ping_group_range: "0 2147483647"
 
+    networks:
 
+      - frontend
 
+      - backend
 
+    restart: unless-stopped
 
+
 
+networks:
 
+  frontend:
 
+    external: true
 
+  backend:
 
+    external: true

+ 3 - 3
docker-compose/wazuh/compose.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 services:
 
   wazuh.manager:
 
-    image: docker.io/wazuh/wazuh-manager:4.10.1
 
+    image: docker.io/wazuh/wazuh-manager:4.12.0
 
     container_name: wazuh-prod-1-manager
 
     hostname: wazuh.manager
 
     ulimits:
 
@@ -55,7 +55,7 @@ services:
 
     restart: unless-stopped
 
 
   wazuh.indexer:
 
-    image: docker.io/wazuh/wazuh-indexer:4.10.1
 
+    image: docker.io/wazuh/wazuh-indexer:4.12.0
 
     container_name: wazuh-prod-1-indexer
 
     hostname: wazuh.indexer
 
     ports:
 
@@ -88,7 +88,7 @@ services:
 
     restart: unless-stopped
 
 
   wazuh.dashboard:
 
-    image: docker.io/wazuh/wazuh-dashboard:4.10.1
 
+    image: docker.io/wazuh/wazuh-dashboard:4.12.0
 
     container_name: wazuh-prod-1-dashboard
 
     hostname: wazuh.dashboard
 
     # --> (Optional) Remove the port mapping when using traefik

+ 1 - 1
kubernetes/authentik/helm/values.yaml
View File 

@@ -2,7 +2,7 @@
 
 global:
 
   image:
 
     repository: "ghcr.io/goauthentik/server"
 
-    tag: "2024.12.2"
 
+    tag: "2025.4.1"
 
     pullPolicy: IfNotPresent
 
 authentik:
 
   # (Required)  To generate a secret key run the following command:

+ 3 - 3
kubernetes/cert-manager/helm/values.yaml
View File 

@@ -1,15 +1,15 @@
 
 ---
 
 image:
 
   repository: quay.io/jetstack/cert-manager-controller
 
-  tag: v1.16.3
 
+  tag: v1.17.2
 
 webhook:
 
   image:
 
     repository: quay.io/jetstack/cert-manager-webhook
 
-    tag: v1.16.3
 
+    tag: v1.17.2
 
 cainjector:
 
   image:
 
     repository: quay.io/jetstack/cert-manager-cainjector
 
-    tag: v1.16.3
 
+    tag: v1.17.2
 
 
 crds:
 
   enabled: true

+ 11 - 11
kubernetes/longhorn/helm/values.yaml
View File 

@@ -3,38 +3,38 @@ image:
 
   longhorn:
 
     engine:
 
       repository: "longhornio/longhorn-engine"
 
-      tag: "v1.8.0"
 
+      tag: "v1.9.0"
 
     manager:
 
       repository: "longhornio/longhorn-manager"
 
-      tag: "v1.8.0"
 
+      tag: "v1.9.0"
 
     ui:
 
       repository: "longhornio/longhorn-ui"
 
-      tag: "v1.7.2"
 
+      tag: "v1.9.0"
 
     instanceManager:
 
       repository: "longhornio/longhorn-instance-manager"
 
-      tag: "v1.8.0"
 
+      tag: "v1.9.0"
 
     shareManager:
 
       repository: "longhornio/longhorn-share-manager"
 
-      tag: "v1.7.2"
 
+      tag: "v1.9.0"
 
     backingImageManager:
 
       repository: "longhornio/backing-image-manager"
 
-      tag: "v1.8.0"
 
+      tag: "v1.9.0"
 
     supportBundleKit:
 
       repository: "longhornio/support-bundle-kit"
 
-      tag: "v0.0.49"
 
+      tag: "v0.0.55"
 
   csi:
 
     attacher:
 
       repository: "longhornio/csi-attacher"
 
-      tag: "v4.8.0"
 
+      tag: "v4.8.1"
 
     provisioner:
 
       repository: "longhornio/csi-provisioner"
 
-      tag: "v5.1.0"
 
+      tag: "v5.2.0"
 
     nodeDriverRegistrar:
 
       repository: "longhornio/csi-node-driver-registrar"
 
       tag: "v2.13.0"
 
     resizer:
 
       repository: "longhornio/csi-resizer"
 
-      tag: "v1.13.1"
 
+      tag: "v1.13.2"
 
     snapshotter:
 
       repository: "longhornio/csi-snapshotter"
 
       tag: "v8.2.0"
 
@@ -48,6 +48,6 @@ image:
 
 # <--
 
 
 # --> (Optional) Change the default settings, like Backup Target here...
 
-# defaultSettings:
 
+# defaultBackupStore:
 
 #   backupTarget: "your-backup-target"  # <-- Replace with your backup target
 
 # <--

+ 1 - 1
kubernetes/portainer/helm/values.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 image:
 
   repository: portainer/portainer-ce
 
-  tag: 2.26.1
 
+  tag: 2.30.1
 
   pullPolicy: IfNotPresent
 
 
 service:

+ 1 - 1
kubernetes/traefik/helm/values.yaml
View File 

@@ -1,7 +1,7 @@
 
 ---
 
 image:
 
   repository: traefik
 
-  tag: v3.3.2
 
+  tag: v3.4.1
 
   pullPolicy: IfNotPresent
 
 
 # --> Change redirect HTTP to HTTPs by default here...

+ 12 - 0
kubernetes/twingate_connector/twingate_connector.yaml
View File 

@@ -0,0 +1,12 @@
 
+---
 
+apiVersion: twingate.com/v1beta
 
+kind: TwingateConnector  # NOTE This requires the Twingate Kubernetes Operator to be installed in your Kubernetes cluster.
 
+metadata:
 
+  name: twingate_connector
 
+  namespace: twingate
 
+spec:
 
+  image:
 
+    repository: "twingate/connector"
 
+    tag: "1.74.0"
 
+  name: twingate_connector
 
+  hasStatusNotificationsEnabled: false

+ 10 - 0
kubernetes/twingate_operator/helm/values.yaml
View File 

@@ -0,0 +1,10 @@
 
+---
 
+image:
 
+  repository: twingate/kubernetes-operator
 
+  pullPolicy: IfNotPresent
 
+  tag: "0.22.1"
 
+twingateOperator:
 
+  network: ""  # FIXME Add your Twingate network name here
 
+  remoteNetworkId: ""  # FIXME Add your Twingate remote network ID here
 
+  logFormat: "plain"
 
+  logVerbosity: "quiet"

+ 6 - 6
packer/proxmox/ubuntu-server-focal-docker/ubuntu-server-focal-docker.pkr.hcl
View File 

@@ -22,14 +22,14 @@ locals {
 
 
 # Resource Definiation for the VM Template
 
 source "proxmox" "ubuntu-server-focal-docker" {
 
- 
+
 
     # Proxmox Connection Settings
 
     proxmox_url = "${var.proxmox_api_url}"
 
     username    = "${var.proxmox_api_token_id}"
 
     token       = "${var.proxmox_api_token_secret}"
 
     # (Optional) Skip TLS Verification
 
     # insecure_skip_tls_verify = true
 
-    
+
 
     # VM General Settings
 
     node                 = "your-proxmox-node"
 
     vm_id                = "100"
 
@@ -68,16 +68,16 @@ source "proxmox" "ubuntu-server-focal-docker" {
 
 
     # VM CPU Settings
 
     cores = "1"
 
-    
+
 
     # VM Memory Settings
 
-    memory = "2048" 
+    memory = "2048"
 
 
     # VM Network Settings
 
     network_adapters {
 
         model    = "virtio"
 
         bridge   = "vmbr0"
 
         firewall = "false"
 
-    } 
+    }
 
 
     # VM Cloud-Init Settings
 
     cloud_init              = true
 
@@ -98,7 +98,7 @@ source "proxmox" "ubuntu-server-focal-docker" {
 
     # boot_key_interval = "500ms"
 
 
     # PACKER Autoinstall Settings
 
-    http_directory = "http" 
+    http_directory = "http"
 
     # (Optional) Bind IP Address and Port
 
     # http_bind_address = "0.0.0.0"
 
     # http_port_min     = 8802

+ 6 - 6
packer/proxmox/ubuntu-server-focal/ubuntu-server-focal.pkr.hcl
View File 

@@ -22,14 +22,14 @@ locals {
 
 
 # Resource Definiation for the VM Template
 
 source "proxmox" "ubuntu-server-focal" {
 
- 
+
 
     # Proxmox Connection Settings
 
     proxmox_url = "${var.proxmox_api_url}"
 
     username    = "${var.proxmox_api_token_id}"
 
     token       = "${var.proxmox_api_token_secret}"
 
     # (Optional) Skip TLS Verification
 
     # insecure_skip_tls_verify = true
 
-    
+
 
     # VM General Settings
 
     node                 = "your-proxmox-node"
 
     vm_id                = "100"
 
@@ -68,16 +68,16 @@ source "proxmox" "ubuntu-server-focal" {
 
 
     # VM CPU Settings
 
     cores = "1"
 
-    
+
 
     # VM Memory Settings
 
-    memory = "2048" 
+    memory = "2048"
 
 
     # VM Network Settings
 
     network_adapters {
 
         model    = "virtio"
 
         bridge   = "vmbr0"
 
         firewall = "false"
 
-    } 
+    }
 
 
     # VM Cloud-Init Settings
 
     cloud_init              = true
 
@@ -98,7 +98,7 @@ source "proxmox" "ubuntu-server-focal" {
 
     # boot_key_interval = "500ms"
 
 
     # PACKER Autoinstall Settings
 
-    http_directory = "http" 
+    http_directory = "http"
 
     # (Optional) Bind IP Address and Port
 
     # http_bind_address = "0.0.0.0"
 
     # http_port_min     = 8802

+ 6 - 6
packer/proxmox/ubuntu-server-jammy-docker/ubuntu-server-jammy-docker.pkr.hcl
View File 

@@ -22,14 +22,14 @@ locals {
 
 
 # Resource Definiation for the VM Template
 
 source "proxmox" "ubuntu-server-jammy" {
 
- 
+
 
     # Proxmox Connection Settings
 
     proxmox_url = "${var.proxmox_api_url}"
 
     username    = "${var.proxmox_api_token_id}"
 
     token       = "${var.proxmox_api_token_secret}"
 
     # (Optional) Skip TLS Verification
 
     # insecure_skip_tls_verify = true
 
-    
+
 
     # VM General Settings
 
     node                 = "your-proxmox-node"
 
     vm_id                = "100"
 
@@ -68,16 +68,16 @@ source "proxmox" "ubuntu-server-jammy" {
 
 
     # VM CPU Settings
 
     cores = "1"
 
-    
+
 
     # VM Memory Settings
 
-    memory = "2048" 
+    memory = "2048"
 
 
     # VM Network Settings
 
     network_adapters {
 
         model    = "virtio"
 
         bridge   = "vmbr0"
 
         firewall = "false"
 
-    } 
+    }
 
 
     # VM Cloud-Init Settings
 
     cloud_init              = true
 
@@ -99,7 +99,7 @@ source "proxmox" "ubuntu-server-jammy" {
 
     # boot_key_interval = "500ms"
 
 
     # PACKER Autoinstall Settings
 
-    http_directory = "http" 
+    http_directory = "http"
 
     # (Optional) Bind IP Address and Port
 
     # http_bind_address = "0.0.0.0"
 
     # http_port_min     = 8802

+ 6 - 6
packer/proxmox/ubuntu-server-jammy/ubuntu-server-jammy.pkr.hcl
View File 

@@ -22,14 +22,14 @@ locals {
 
 
 # Resource Definiation for the VM Template
 
 source "proxmox-iso" "ubuntu-server-jammy" {
 
- 
+
 
     # Proxmox Connection Settings
 
     proxmox_url = "${var.proxmox_api_url}"
 
     username    = "${var.proxmox_api_token_id}"
 
     token       = "${var.proxmox_api_token_secret}"
 
     # (Optional) Skip TLS Verification
 
     # insecure_skip_tls_verify = true
 
-    
+
 
     # VM General Settings
 
     node                 = "your-proxmox-node"
 
     vm_id                = "100"
 
@@ -68,16 +68,16 @@ source "proxmox-iso" "ubuntu-server-jammy" {
 
 
     # VM CPU Settings
 
     cores = "1"
 
-    
+
 
     # VM Memory Settings
 
-    memory = "2048" 
+    memory = "2048"
 
 
     # VM Network Settings
 
     network_adapters {
 
         model    = "virtio"
 
         bridge   = "vmbr0"
 
         firewall = "false"
 
-    } 
+    }
 
 
     # VM Cloud-Init Settings
 
     cloud_init              = true
 
@@ -99,7 +99,7 @@ source "proxmox-iso" "ubuntu-server-jammy" {
 
     # boot_key_interval = "500ms"
 
 
     # PACKER Autoinstall Settings
 
-    http_directory = "http" 
+    http_directory = "http"
 
     # (Optional) Bind IP Address and Port
 
     # http_bind_address = "0.0.0.0"
 
     # http_port_min     = 8802

+ 7 - 6
packer/proxmox/ubuntu-server-noble/ubuntu-server-noble.pkr.hcl
View File 

@@ -22,14 +22,14 @@ locals {
 
 
 # Resource Definiation for the VM Template
 
 source "proxmox-iso" "ubuntu-server-noble" {
 
- 
+
 
     # Proxmox Connection Settings
 
     proxmox_url = "${var.proxmox_api_url}"
 
     username    = "${var.proxmox_api_token_id}"
 
     token       = "${var.proxmox_api_token_secret}"
 
     # (Optional) Skip TLS Verification
 
     # insecure_skip_tls_verify = true
 
-    
+
 
     # VM General Settings
 
     node                 = "your-proxmox-node"
 
     vm_id                = "100"
 
@@ -68,16 +68,16 @@ source "proxmox-iso" "ubuntu-server-noble" {
 
 
     # VM CPU Settings
 
     cores = "1"
 
-    
+
 
     # VM Memory Settings
 
-    memory = "2048" 
+    memory = "2048"
 
 
     # VM Network Settings
 
     network_adapters {
 
         model    = "virtio"
 
         bridge   = "vmbr0"
 
         firewall = "false"
 
-    } 
+    }
 
 
     # VM Cloud-Init Settings
 
     cloud_init              = true
 
@@ -101,7 +101,8 @@ source "proxmox-iso" "ubuntu-server-noble" {
 
 
 
     # PACKER Autoinstall Settings
 
-    http_directory            = "http" 
+    http_directory          = "http"
 
+
 
     # (Optional) Bind IP Address and Port
 
     # http_bind_address       = "0.0.0.0"
 
     # http_port_min           = 8802

+ 26 - 4
renovate.json
View File 

@@ -12,8 +12,8 @@
 
     "renovate"
 
   ],
 
   "kubernetes": {
 
-    "fileMatch": [
 
-      "(^|/)kubernetes/.+/[^/]+\\.ya?ml$"
 
+    "managerFilePatterns": [
 
+      "/(^|/)kubernetes/.+/[^/]+\\.ya?ml$/"
 
     ]
 
   },
 
   "packageRules": [
 
@@ -78,6 +78,28 @@
 
         "/^([^/]+\\/)*(mariadb|postgres)(:.+)?$/"
 
       ]
 
     },
 
+    {
 
+      "description": "Do not match Canonical's Ubuntu version suffix as a compatibility hint",
 
+      "matchManagers": [
 
+        "docker-compose",
 
+        "dockerfile"
 
+      ],
 
+      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)(\\.(?<patch>\\d+))?(?:-\\d+(?:\\.\\d+)+_edge)?$",
 
+      "matchPackageNames": [
 
+        "/^([^/]+\\/)*ubuntu/bind9(:.+)?$/"
 
+      ]
 
+    },
 
+    {
 
+      "description": "Catch a potential `security` suffix as part of the patch release as Grafana does not follow semver for security releases",
 
+      "matchManagers": [
 
+        "docker-compose",
 
+        "dockerfile"
 
+      ],
 
+      "versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+(?:-security-\\d+)?)$",
 
+      "matchPackageNames": [
 
+        "/^([^/]+\\/)*grafana/grafana-oss(:.+)?$/"
 
+      ]
 
+    },
 
     {
 
       "description": "Over time Heimdall changed its versioning schema several times, ensure we only consider the current style",
 
       "matchManagers": [
 
@@ -116,8 +138,8 @@
 
     {
 
       "customType": "regex",
 
       "description": "Update Longhorn images in Helm",
 
-      "fileMatch": [
 
-        "(^|/)kubernetes/longhorn/helm/values.yaml$"
 
+      "managerFilePatterns": [
 
+        "/(^|/)kubernetes/longhorn/helm/values.yaml$/"
 
       ],
 
       "matchStrings": [
 
         "engine:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",

+ 1 - 1
terraform/civo/query.tf
View File 

@@ -2,7 +2,7 @@
 
 # ---
 
 # Query commonly used cloud resources from CIVO API
 
 
-# CIVO Instance Sizes 
+# CIVO Instance Sizes
 
 data "civo_size" "instance_xsmall" {
 
     filter {
 
         key = "name"

+ 3 - 3
terraform/helm/certmanager.tf
View File 

@@ -6,7 +6,7 @@ resource "kubernetes_namespace" "certmanager" {
 
 }
 
 
 resource "helm_release" "certmanager" {
 
-    
+
 
     depends_on = [kubernetes_namespace.certmanager]
 
 
     name = "certmanager"
 
@@ -24,8 +24,8 @@ resource "helm_release" "certmanager" {
 
 
 # (Optional) Create a Time-Sleep for Certificates and Issuer Manifests to deploy later
 
 # resource "time_sleep" "wait_for_certmanager" {
 
-# 
+#
 
 #     depends_on = [helm_release.certmanager]
 
-# 
+#
 
 #     create_duration = "10s"
 
 # }

+ 4 - 4
terraform/helm/traefik.tf
View File 

@@ -1,5 +1,5 @@
 
 resource "kubernetes_namespace" "traefik" {
 
-    
+
 
     metadata {
 
         name = "traefik"
 
     }
 
@@ -7,7 +7,7 @@ resource "kubernetes_namespace" "traefik" {
 
 }
 
 
 resource "helm_release" "traefik" {
 
-    
+
 
     depends_on = [kubernetes_namespace.traefik]
 
 
     name = "traefik"
 
@@ -25,7 +25,7 @@ resource "helm_release" "traefik" {
 
         name  = "ingressClass.isDefaultClass"
 
         value = "true"
 
     }
 
-    
+
 
     # Default Redirect
 
     set {
 
         name  = "ports.web.redirectTo"
 
@@ -42,5 +42,5 @@ resource "helm_release" "traefik" {
 
     set {
 
         name  = "tlsOptions.default.minVersion"
 
         value = "VersionTLS12"
 
-    }   
+    }
 
 }

+ 1 - 1
terraform/kubernetes/provider.tf
View File 

@@ -9,7 +9,7 @@ terraform {
 
     required_providers {
 
         kubernetes = {
 
             source = "hashicorp/kubernetes"
 
-            version = "2.35.1"     
+            version = "2.37.1"
 
         }
 
     }
 
 }

+ 2 - 2
terraform/kubernetes/secret.tf
View File 

@@ -1,7 +1,7 @@
 
 resource "kubernetes_secret" "cloudflare_api_key_secret" {
 
-  
+
 
     depends_on = [kubernetes_namespace.your-namespace-object]
 
-    
+
 
     metadata {
 
         name = "cloudflare-api-key-secret"
 
         namespace = "your-namespace"

+ 0 - 3
terraform/proxmox/README.md
View File 

@@ -1,3 +0,0 @@
 
-# Terraform Proxmox
 
-
 
-You can add an additional description here.

+ 0 - 3
terraform/proxmox/credentials.auto.tfvars
View File 

@@ -1,3 +0,0 @@
 
-proxmox_api_url = "https://0.0.0.0:8006/api2/json"  # Your Proxmox IP Address
 
-proxmox_api_token_id = "terraform@pam!terraform"  # API Token ID
 
-proxmox_api_token_secret = "your-api-token-secret"

+ 0 - 49
terraform/proxmox/full-clone.tf
View File 

@@ -1,49 +0,0 @@
 
-# Proxmox Full-Clone
 
-# ---
 
-# Create a new VM from a clone
 
-
 
-resource "proxmox_vm_qemu" "your-vm" {
 
-    
-    # VM General Settings
 
-    target_node = "your-proxmox-node"
 
-    vmid = "100"
 
-    name = "vm-name"
 
-    desc = "Description"
 
-
 
-    # VM Advanced General Settings
 
-    onboot = true 
-
 
-    # VM OS Settings
 
-    clone = "your-clone"
 
-
 
-    # VM System Settings
 
-    agent = 1
 
-    
-    # VM CPU Settings
 
-    cores = 1
 
-    sockets = 1
 
-    cpu = "host"    
-    
-    # VM Memory Settings
 
-    memory = 1024
 
-
 
-    # VM Network Settings
 
-    network {
 
-        bridge = "vmbr0"
 
-        model  = "virtio"
 
-    }
 
-
 
-    # VM Cloud-Init Settings
 
-    os_type = "cloud-init"
 
-
 
-    # (Optional) IP Address and Gateway
 
-    # ipconfig0 = "ip=0.0.0.0/0,gw=0.0.0.0"
 
-    
-    # (Optional) Default User
 
-    # ciuser = "your-username"
 
-    
-    # (Optional) Add your SSH KEY
 
-    # sshkeys = <<EOF
 
-    # #YOUR-PUBLIC-SSH-KEY
 
-    # EOF
 
-}

+ 27 - 25
terraform/proxmox/provider.tf
View File 

@@ -1,38 +1,40 @@
 
-# Proxmox Provider
 
-# ---
 
-# Initial Provider Configuration for Proxmox
 
-
 
 terraform {
 
+  required_version = ">= 0.13.0"
 
 
-    required_version = ">= 0.13.0"
 
-
 
-    required_providers {
 
-        proxmox = {
 
-            source = "telmate/proxmox"
 
-            version = ">= 2.9.14"
 
-        }
 
+  required_providers {
 
+    proxmox = {
 
+      # LINK https://github.com/Telmate/terraform-provider-proxmox
 
+      source = "telmate/proxmox"
 
+      version = "3.0.1-rc8"
 
     }
 
+  }
 
 }
 
 
-variable "proxmox_api_url" {
 
-    type = string
 
+variable "PROXMOX_URL" {
 
+  type = string
 
 }
 
 
-variable "proxmox_api_token_id" {
 
-    type = string
 
+variable "PROXMOX_USER" {
 
+  type      = string
 
+  sensitive = true
 
 }
 
 
-variable "proxmox_api_token_secret" {
 
-    type = string
 
+variable "PROXMOX_TOKEN" {
 
+  type      = string
 
+  sensitive = true
 
 }
 
 
-provider "proxmox" {
 
-
 
-    pm_api_url = var.proxmox_api_url
 
-    pm_api_token_id = var.proxmox_api_token_id
 
-    pm_api_token_secret = var.proxmox_api_token_secret
 
-
 
-    # (Optional) Skip TLS Verification
 
-    # pm_tls_insecure = true
 
+variable "PUBLIC_SSH_KEY" {
 
+  # NOTE This is the publich SSH key, you want to upload to VMs and LXC containers.
 
+  type      = string
 
+  sensitive = true
 
+}
 
 
+provider "proxmox" {
 
+  pm_api_url = var.PROXMOX_URL
 
+  pm_api_token_id = var.PROXMOX_USER
 
+  pm_api_token_secret = var.PROXMOX_TOKEN
 
+  
+  # NOTE Optional, but recommended to set to true if you are using self-signed certificates.
 
+  pm_tls_insecure = false
 
 }

+ 102 - 0
terraform/proxmox/vm_qemu.tf
View File 

@@ -0,0 +1,102 @@
 
+resource "proxmox_vm_qemu" "your-vm" {
 
+
 
+  # SECTION General Settings
 
+
 
+  name = "vm-name"
 
+  desc = "description"
 
+  agent = 1  # <-- (Optional) Enable QEMU Guest Agent
 
+
 
+  # FIXME Before deployment, set the correct target node name
 
+  target_node = "your-proxmox-node"
 
+
 
+  # FIXME Before deployment, set the desired VM ID (must be unique on the target node)
 
+  vmid = "100"
 
+
 
+  # !SECTION
 
+  
+  # SECTION Template Settings
 
+
 
+  # FIXME Before deployment, set the correct template or VM name in the clone field
 
+  #       or set full_clone to false, and remote "clone" to manage existing (imported) VMs
 
+  clone = "your-clone-name"
 
+  full_clone = true
 
+
 
+  # !SECTION
 
+
 
+  # SECTION Boot Process
 
+
 
+  onboot = true 
+
 
+  # NOTE Change startup, shutdown and auto reboot behavior
 
+  startup = ""
 
+  automatic_reboot = false
 
+
 
+  # !SECTION
 
+
 
+  # SECTION Hardware Settings
 
+
 
+  qemu_os = "other"
 
+  bios = "seabios"
 
+  cores = 2
 
+  sockets = 1
 
+  cpu_type = "host"
 
+  memory = 2048
 
+
 
+  # NOTE Minimum memory of the balloon device, set to 0 to disable ballooning
 
+  balloon = 2048
 
+  
+  # !SECTION
 
+
 
+  # SECTION Network Settings
 
+
 
+  network {
 
+    id     = 0  # NOTE Required since 3.x.x
 
+    bridge = "vmbr1"
 
+    model  = "virtio"
 
+  }
 
+
 
+  # !SECTION
 
+
 
+  # SECTION Disk Settings
 
+  
+  # NOTE Change the SCSI controller type, since Proxmox 7.3, virtio-scsi-single is the default one         
+  scsihw = "virtio-scsi-single"
 
+  
+  # NOTE New disk layout (changed in 3.x.x)
 
+  disks {
 
+    ide {
 
+      ide0 {
 
+        cloudinit {
 
+          storage = "local-lvm"
 
+        }
 
+      }
 
+    }
 
+    virtio {
 
+      virtio0 {
 
+        disk {
 
+          storage = "local-lvm"
 
+
 
+          # NOTE Since 3.x.x size change disk size will trigger a disk resize
 
+          size = "20G"
 
+
 
+          # NOTE Enable IOThread for better disk performance in virtio-scsi-single
 
+          #      and enable disk replication
 
+          iothread = true
 
+          replicate = false
 
+        }
 
+      }
 
+    }
 
+  }
 
+
 
+  # !SECTION
 
+
 
+  # SECTION Cloud Init Settings
 
+
 
+  # FIXME Before deployment, adjust according to your network configuration
 
+  ipconfig0 = "ip=0.0.0.0/0,gw=0.0.0.0"
 
+  nameserver = "0.0.0.0"
 
+  ciuser = "your-username"
 
+  sshkeys = var.PUBLIC_SSH_KEY
 
+
 
+  # !SECTION
 
+}

+ 1 - 2
terraform/templates/kubernetes-automation-example/certmanager.tf
View File 

@@ -7,7 +7,6 @@ resource "kubernetes_namespace" "certmanager" {
 
     metadata {
 
         name = "certmanager"
 
     }
 
-  
 }
 
 
 resource "helm_release" "certmanager" {
 
@@ -26,7 +25,7 @@ resource "helm_release" "certmanager" {
 
     set {
 
         name  = "installCRDs"
 
         value = "true"
 
-    }    
+    }
 
 }
 
 
 resource "time_sleep" "wait_for_certmanager" {

+ 1 - 1
terraform/templates/kubernetes-automation-example/nginx1.tf
View File 

@@ -100,7 +100,7 @@ spec:
 
     name: cloudflare-prod
 
     kind: ClusterIssuer
 
   dnsNames:
 
-  - 'your-domain'   
+  - 'your-domain'
 
     YAML
 
 }

+ 2 - 2
terraform/templates/kubernetes-automation-example/provider.tf
View File 

@@ -13,7 +13,7 @@ terraform {
 
         }
 
         kubernetes = {
 
             source = "hashicorp/kubernetes"
 
-            version = "2.35.1"     
+            version = "2.37.1"
 
         }
 
         kubectl = {
 
             source = "gavinbunney/kubectl"
 
@@ -40,7 +40,7 @@ variable "cloudflare_api_key" {
 
 
 provider "civo" {
 
     token = var.civo_token
 
-    
+
 
     # TODO: (optional) change region to your desired datacenter location
 
     # ---
 
     # region = "FRA1"

+ 2 - 2
terraform/templates/kubernetes-automation-example/traefik.tf
View File 

@@ -1,7 +1,7 @@
 
 # Traefik Deployment
 
 
 resource "kubernetes_namespace" "traefik" {
 
-    
+
 
     depends_on = [
 
         time_sleep.wait_for_kubernetes
 
     ]
 
@@ -31,7 +31,7 @@ resource "helm_release" "traefik" {
 
         name  = "ingressClass.isDefaultClass"
 
         value = "true"
 
     }
 
-    
+
 
     # Default Redirect
 
     set {
 
         name  = "ports.web.redirectTo"

+ 1 - 1
terraform/templates/simple-docker-example/main.tf
View File 

@@ -2,7 +2,7 @@ terraform {
 
   required_providers {
 
     docker = {
 
       source = "kreuzwerker/docker"
 
-      version = "~> 3.0.0"
 
+      version = "~> 3.6.0"
 
     }
 
   }
 
 }

+ 20 - 0
terraform/twingate/provider.tf
View File 

@@ -0,0 +1,20 @@
 
+terraform {
 
+  required_version = ">= 0.13.0"
 
+  required_providers {
 
+    twingate = {
 
+      source = "Twingate/twingate"
 
+      version = "3.3.1"
 
+    }
 
+  }
 
+}
 
+
 
+variable "TWINGATE_TOKEN" {
 
+  type        = string
 
+  description = "Twingate API Token"
 
+  sensitive   = true
 
+}
 
+
 
+provider "twingate" {
 
+  api_token = var.TWINGATE_TOKEN
 
+  network   = ""  # FIXME Add your Twingate network name here
 
+}

+ 7 - 0
terraform/twingate/twingate_group.tf
View File 

@@ -0,0 +1,7 @@
 
+resource "twingate_group" "administrators" {
 
+  name = "Administrators"
 
+
 
+  user_ids = [
 
+    data.twingate_user.admin.id
 
+  ]
 
+}

+ 7 - 0
terraform/twingate/twingate_remote_network.tf
View File 

@@ -0,0 +1,7 @@
 
+data "twingate_remote_network" "default_network" {
 
+  name = "default_network"
 
+}
 
+
 
+resource "twingate_remote_network" "new_network" {
 
+  name = "new_network"
 
+}

+ 28 - 0
terraform/twingate/twingate_resource.tf
View File 

@@ -0,0 +1,28 @@
 
+resource "twingate_resource" "new_resource" {
 
+  name                = "new_resource"
 
+  address             = "new_resource.home.arpa"
 
+  remote_network_id   = data.twingate_remote_network.default_network.id
 
+  security_policy_id  = data.twingate_security_policy.default_policy.id
 
+
 
+  protocols = {
 
+    allow_icmp = true
 
+    tcp = {
 
+      policy = "ALLOW_ALL"
 
+    }
 
+    udp = {
 
+      policy = "ALLOW_ALL"
 
+    }
 
+  }
 
+
 
+  dynamic "access_group" {
 
+    for_each = [
 
+      twingate_group.administrators.id
 
+    ]
 
+    content {
 
+      group_id = access_group.value
 
+      security_policy_id = data.twingate_security_policy.default_policy.id
 
+    }
 
+  }
 
+
 
+  is_active = true
 
+}

+ 3 - 0
terraform/twingate/twingate_security_policy.tf
View File 

@@ -0,0 +1,3 @@
 
+data "twingate_security_policy" "default_policy" {
 
+  name = "Default Policy"
 
+}

+ 11 - 0
terraform/twingate/twingate_user.tf
View File 

@@ -0,0 +1,11 @@
 
+data "twingate_user" "admin" {
 
+  id = ""  # FIXME Replace with actual user ID
 
+}
 
+
 
+resource "twingate_user" "new_user" {
 
+  email       = "new.user@example.com"
 
+  first_name  = "New"
 
+  last_name   = "User"
 
+  role        = "DEVOPS" # NOTE Defines the role, either ADMIN, DEVOPS, SUPPORT or MEMBER
 
+  send_invite = true
 
+}