07a619b274
Fix step-issuer ARM64 compatibility on pi3
...
The default kube-rbac-proxy image (gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0) is AMD64-only and fails on pi3 (ARM64). This commit overrides the image to use quay.io/brancz/kube-rbac-proxy:v0.15.0, which supports ARM64.
Note: pi2 (ARMv7) may work with AMD64 images, but pi3 (ARM64) requires an ARM64-compatible image.
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai >
2026-04-08 11:04:03 +02:00
9931f81998
Update Docker storage configuration and revoke token task
2026-04-07 19:19:03 +02:00
437fd506ed
Fix Vault Gitea OIDC setup: remove trailing slash from bound_issuer and pass CA certificate
2026-04-07 19:17:47 +02:00
943915be74
gitea act runner: reuse docker images
2026-04-07 09:20:30 +02:00
8a82d14797
upgrade gitea version to 1.25.5
2026-04-06 10:55:20 +02:00
0285d171ff
tweack backup and setup cronjob to fix pg table ownership
2026-03-15 22:14:12 +01:00
55d137132f
backup k3s volumes
2026-01-23 18:26:28 +01:00
451dfa5133
restart traefik when editing crowdsec middleware
2026-01-03 20:08:00 +01:00
17e99db641
runner image and setup for gitea workflow with self signed cert
2026-01-03 12:44:27 +01:00
5b3c896a25
use self signed cert for internal domain arcodange.lab
2025-12-31 17:38:04 +01:00
91219c49f1
use exposed webapp.arcodange.fr instead in gitea cicd
2025-12-23 14:23:12 +01:00
1fd47e9d97
install pihole to fix failing duckdns name servers
2025-12-23 14:20:04 +01:00
8d6be311ae
argocd: add --enable-helm to kustomize ; enable shell from web ui
2025-12-10 13:48:22 +01:00
2b4aa30a64
use cache redis with crowdsec traefik bouncer
2025-12-06 15:09:36 +01:00
cd3c4d86ff
install socat package to enable kubectl port-forward
2025-12-06 15:09:12 +01:00
f4cb04c9c9
configure crowdsec captcha with cloudflare turnstile
2025-12-03 16:45:25 +01:00
17a0f23bbb
declare gitea external service
2025-12-01 16:22:44 +01:00
f7bfe2f71d
get cloudflared client real ip and fix crowdsec mw
2025-11-29 17:24:51 +01:00
72628f0f0e
add crowdsec plugin and middleware for traefik
2025-11-26 14:20:09 +01:00
9b09e6bd86
fixes and set preferred_ip since new interface eth0
2025-10-09 17:27:42 +02:00
68fb29357a
add tag to run single arcodange.factory.gitea_sync role
2025-09-09 09:03:51 +02:00
6d3adb5834
setup cron local mail reporting and longhorn recurring backup job
2025-09-08 13:25:02 +02:00
c6807851c5
edit crontab to store backup for postgres and gitea
2025-08-28 19:35:52 +02:00
c5a8d5ef52
fixes
2025-08-28 10:13:16 +02:00
6ec2d299fc
fix gitea action registration
2025-08-27 18:11:14 +02:00
3cfc5f2bfd
refactor storage and setup shared backup directory
2025-08-27 17:26:05 +02:00
588a6482e9
setup longhorn and prepare nfs server to store backups
2025-08-14 15:42:33 +02:00
b4bde14809
fixes
2025-08-09 17:01:18 +02:00
561331b825
fixes
2025-08-07 15:51:53 +02:00
b8636a6d48
document uv python package manager command for ansible setup - minor fixes in playbook
2025-08-05 12:22:27 +02:00
58aece92b6
disable allowIp middleware while fixing ip filtering - upgrade traefik and fix gitea admin urls by adding prefix
2025-08-04 17:35:11 +02:00
b185999478
add pi3 to inventory + fixes
2024-12-15 22:13:03 +01:00
fa0df6f175
create gitea tofu bot user
2024-11-05 23:31:13 +01:00
1c22b946d6
role management for postgres synergy with vault dynamic credentials
2024-10-30 12:23:14 +01:00
f9a47c8ccf
traefik CA pem is a client crt not the Authority (let's encrypt) and is not needed here
2024-10-18 19:27:00 +02:00
50399328dc
configure vault oidc login and cicd jwt login
2024-10-07 17:39:27 +02:00
2fd5ee703b
gitea_action: fix extra_hosts
2024-09-29 17:11:38 +02:00
ed45b993a9
fix ingress pending status
2024-09-28 22:09:44 +02:00
407bf12165
setup gitea as oidc provider for tool vault
2024-09-27 18:21:52 +02:00
1332def067
setup pgbouncer role and pg function
2024-09-05 19:38:27 +02:00
aa127b53ec
reference tool repo
2024-08-29 14:42:20 +02:00
3c77cb007a
upgrade to traefik v3 - switched to DaemonSet to prevent NAT and keep source IP
2024-08-26 19:27:45 +02:00
3b4140a0c1
deploy argo cd
2024-08-21 18:46:41 +02:00
95f365dbb5
provide PACKAGES_TOKEN secret
2024-08-20 11:25:19 +02:00
aaaee3066a
new gitea_sync role
2024-08-18 11:34:37 +02:00
22533623bd
désactiver le mode mirroir pour pouvoir 'git push' sur gitea
2024-08-17 14:15:40 +02:00
4d83e9fceb
gitea add ssh key in setup
2024-08-17 13:49:36 +02:00
459d255471
new role gitea_repo
2024-08-16 13:53:03 +02:00
1b832cbd1d
setup gitea mailer
2024-08-13 17:28:44 +02:00
cb4d679d8b
k3s setup and git action runner
2024-08-12 21:45:16 +02:00
