chore(ci): lint files (#15238)

**Description**
<!--
Please include a summary of the change and which issue is fixed. Please
also include relevant motivation and context. List any dependencies that
are required for this change.
-->

Run-ed pre-commit on all files

⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._
This commit is contained in:
Stavros Kois
2023-11-22 10:24:05 +02:00
committed by GitHub
parent 807e52636f
commit f1ee39bac0
16 changed files with 157 additions and 160 deletions
+18 -19
View File
@@ -14,14 +14,14 @@ We also document which versions of TrueNAS will receive TrueCharts updates and f
### Supported Versions of TrueNAS SCALE
| TrueNAS version | Branch | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
| ---------------- | -------- | ---------------------- | ------------------------- | --------------------- | -------------------------------------------------------------------------------------------------------------- |
| 22.12.4.1 or prior| `master` | :x: | :x: | :x: | Update to 23.10.X Supported Version [TrueNAS SCALE](https://www.truenas.com/docs/scale/23.10/) |
| 22.12.4.2 | `master` | :white_check_mark: | :white_check_mark: | :x: | Stable Release as of 2023-10-13 Recommended to update to 23.10.x [TrueNAS SCALE](https://www.truenas.com/docs/scale/23.10/) |
| 23.10.0 | `master` | :white_check_mark: | :white_check_mark: | :white_check_mark: | Stable Release as of 2023-10-24 |
| 23.10.0.1 | `master` | :white_check_mark: | :white_check_mark: | :white_check_mark: | Stable Release as of 2023-10-31 |
| Nightly | `master` | :white_check_mark: | :x: | :white_check_mark: | Please only submit bug reports during codefreeze |
| 23.10.1 | `master` | :white_check_mark: | :x: | :x: | To Be Released |
| TrueNAS version | Branch | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
| ------------------ | -------- | ---------------------- | ------------------------- | --------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| 22.12.4.1 or prior | `master` | :x: | :x: | :x: | Update to 23.10.X Supported Version [TrueNAS SCALE](https://www.truenas.com/docs/scale/23.10/) |
| 22.12.4.2 | `master` | :white_check_mark: | :white_check_mark: | :x: | Stable Release as of 2023-10-13 Recommended to update to 23.10.x [TrueNAS SCALE](https://www.truenas.com/docs/scale/23.10/) |
| 23.10.0 | `master` | :white_check_mark: | :white_check_mark: | :white_check_mark: | Stable Release as of 2023-10-24 |
| 23.10.0.1 | `master` | :white_check_mark: | :white_check_mark: | :white_check_mark: | Stable Release as of 2023-10-31 |
| Nightly | `master` | :white_check_mark: | :x: | :white_check_mark: | Please only submit bug reports during codefreeze |
| 23.10.1 | `master` | :white_check_mark: | :x: | :x: | To Be Released |
## TrueCharts on Talos-OS
@@ -29,23 +29,22 @@ Support for Talos-OS with either Rancher or FluxCD are in early alpha.
### Supported Versions of Talos-OS
| Talos-OS version | Branch | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
| ---------------- | -------- | ---------------------- | ------------------------- | --------------------- | -------------------------------------------------------------------------------------------------------------- |
| 1.5 | `master` | :white_check_mark: | :x: | :x: | |
| 1.6 | `master` | :white_check_mark: | :x: | :x: | |
| Talos-OS version | Branch | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
| ---------------- | -------- | ---------------------- | ------------------------- | --------------------- | ----- |
| 1.5 | `master` | :white_check_mark: | :x: | :x: | |
| 1.6 | `master` | :white_check_mark: | :x: | :x: | |
### Supported Versions of FluxCD
| FluxCD version | Branch | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
| ---------------- | -------- | ---------------------- | ------------------------- | --------------------- | -------------------------------------------------------------------------------------------------------------- |
| 1.2.1 or prior | `master` | :white_check_mark: | :x: | :x: | |
| FluxCD version | Branch | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
| -------------- | -------- | ---------------------- | ------------------------- | --------------------- | ----- |
| 1.2.1 or prior | `master` | :white_check_mark: | :x: | :x: | |
### Rancher Versions of Rancher
| TrueNAS version | Branch | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
| ---------------- | -------- | ---------------------- | ------------------------- | --------------------- | -------------------------------------------------------------------------------------------------------------- |
| v2.7.9 or prior | `master` | :white_check_mark: | :x: | :x: | |
| TrueNAS version | Branch | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes |
| --------------- | -------- | ---------------------- | ------------------------- | --------------------- | ----- |
| v2.7.9 or prior | `master` | :white_check_mark: | :x: | :x: | |
:::warning Support Guidelines
+1 -1
View File
@@ -124,7 +124,7 @@ jobs:
# Add truechart source
tcsource="https://github.com/truecharts/charts/tree/master/charts/$train/$chartname" go-yq -i '.sources += env(tcsource)' "${chart}/Chart.yaml"
# Get the container image name that was parsed out of the Dockerfile for the website.
container=$(cat website/docs/charts/description_list.md | grep "\[${chartname}\]" | cut -f3 -d '|' | grep -v 'Not Found' || echo "" || echo "failed-container-fetch")
container=$(cat website/docs/charts/description_list.md | grep "\[${chartname}\]" | cut -f3 -d '|' | grep -v 'Not Found' || echo "" || echo "failed-container-fetch")
# Convert the container image name to a URL.
if [ ! -z "$container" ]; then
prefix=""
+107 -107
View File
@@ -1,107 +1,107 @@
# Authelia Rules
This is a collection of some common Authelia Rules.
:::note[RULE ORDER]
It is important that rules are created in the correct order in Authelia. Rules are processed from top to bottom with the first matching rule being applied. The most narrow rules should be applied first with the most broad rules last.
:::
All rules requiring Authelia authentication were configured with `two_factor` (2FA). If you do not want 2FA on some or all rules replace the Policy with `one_factor`
## API Rule
This rule will bypass Authelia for API level access in most apps. This should always be your first rule.
Domain: `*.domain.tld`
Policy: `bypass`
Subject: `Not Used (Do Not Add)`
Networks: `Not Used (Do Not Add)`
Resources:
- `^/api([/?].*)?$`
- `^/identity.*$`
- `^/triggers.*$`
- `^/meshagents.*$`
- `^/meshsettings.*$`
- `^/agent.*$`
- `^/control.*$`
- `^/meshrelay.*$`
- `^/wl.*$`
![authelia-api](./img/authelia-api.png)
## Vaultwarden
These rules will protect the Vaultwarden admin page with Authelia but bypass when accessing the web vault. The order of these rules is critical or the admin page will not be protected.
### Rule 1
Domain: `vaultwarden.domain.tld`
Policy: `two_factor`
Subject: `Not Used (Do Not Add)`
Networks: `Not Used (Do Not Add)`
Resources: `^*/admin.*$`
![authelia-vw1](./img/authelia-vw1.png)
### Rule 2
Domain: `vaultwarden.domain.tld`
Policy: `bypass`
Subject: `Not Used (Do Not Add)`
Networks: `Not Used (Do Not Add)`
Resources: `Not Used (Do Not Add)`
![authelia-vw2](./img/authelia-vw2.png)
## User Rule
This rule will allow users in the `lldap_user` group access to only the specified applications.
Domain:
- `radarr.domain.tld`
- `sonarr.domain.tld`
Policy: `two_factor`
Subject: `group:lldap_user`
Networks: `Not Used (Do Not Add)`
Resources: `Not Used (Do Not Add)`
![authelia-user](./img/authelia-user.png)
## Catch All Rule
This rule will catch any access requests not covered by other rules.
Domain:
- `domain.tld`
- `*.domain.tld`
Policy: `two_factor`
Subject: `group:lldap_admin`
Networks: `Not Used (Do Not Add)`
Resources: `Not Used (Do Not Add)`
![authelia-catch](./img/authelia-catch.png)
# Authelia Rules
This is a collection of some common Authelia Rules.
:::note[RULE ORDER]
It is important that rules are created in the correct order in Authelia. Rules are processed from top to bottom with the first matching rule being applied. The most narrow rules should be applied first with the most broad rules last.
:::
All rules requiring Authelia authentication were configured with `two_factor` (2FA). If you do not want 2FA on some or all rules replace the Policy with `one_factor`
## API Rule
This rule will bypass Authelia for API level access in most apps. This should always be your first rule.
Domain: `*.domain.tld`
Policy: `bypass`
Subject: `Not Used (Do Not Add)`
Networks: `Not Used (Do Not Add)`
Resources:
- `^/api([/?].*)?$`
- `^/identity.*$`
- `^/triggers.*$`
- `^/meshagents.*$`
- `^/meshsettings.*$`
- `^/agent.*$`
- `^/control.*$`
- `^/meshrelay.*$`
- `^/wl.*$`
![authelia-api](./img/authelia-api.png)
## Vaultwarden
These rules will protect the Vaultwarden admin page with Authelia but bypass when accessing the web vault. The order of these rules is critical or the admin page will not be protected.
### Rule 1
Domain: `vaultwarden.domain.tld`
Policy: `two_factor`
Subject: `Not Used (Do Not Add)`
Networks: `Not Used (Do Not Add)`
Resources: `^*/admin.*$`
![authelia-vw1](./img/authelia-vw1.png)
### Rule 2
Domain: `vaultwarden.domain.tld`
Policy: `bypass`
Subject: `Not Used (Do Not Add)`
Networks: `Not Used (Do Not Add)`
Resources: `Not Used (Do Not Add)`
![authelia-vw2](./img/authelia-vw2.png)
## User Rule
This rule will allow users in the `lldap_user` group access to only the specified applications.
Domain:
- `radarr.domain.tld`
- `sonarr.domain.tld`
Policy: `two_factor`
Subject: `group:lldap_user`
Networks: `Not Used (Do Not Add)`
Resources: `Not Used (Do Not Add)`
![authelia-user](./img/authelia-user.png)
## Catch All Rule
This rule will catch any access requests not covered by other rules.
Domain:
- `domain.tld`
- `*.domain.tld`
Policy: `two_factor`
Subject: `group:lldap_admin`
Networks: `Not Used (Do Not Add)`
Resources: `Not Used (Do Not Add)`
![authelia-catch](./img/authelia-catch.png)
+18 -18
View File
@@ -231,7 +231,7 @@ questions:
- variable: name
label: "Cookie Name"
description: |
The name of the session cookie. By default this is set to authelia_session.
The name of the session cookie. By default this is set to authelia_session.
Its mostly useful to change this if you are doing development or running multiple instances of Authelia.
schema:
type: string
@@ -240,9 +240,9 @@ questions:
- variable: same_site
label: "SameSite Value"
description: |
You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally
the most desirable option for Authelia. None is not recommended unless you absolutely know what youre doing
and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in
You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally
the most desirable option for Authelia. None is not recommended unless you absolutely know what youre doing
and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in
this state but its available as an option anyway.
schema:
type: string
@@ -255,7 +255,7 @@ questions:
- variable: expiration
label: "Expiration Time"
description: |
The period of time before the cookie expires and the session is destroyed. This is overriden by
The period of time before the cookie expires and the session is destroyed. This is overriden by
remember_me_duration when the remember me box is checked.
schema:
type: string
@@ -264,7 +264,7 @@ questions:
- variable: inactivity
label: "Inactivity Time"
description: |
The period of time the user can be inactive for until the session is destroyed when the remember me box is
The period of time the user can be inactive for until the session is destroyed when the remember me box is
not checked or is otherwise disabled. Useful if you want long session timers but dont want unused devices to be vulnerable.
schema:
type: string
@@ -273,7 +273,7 @@ questions:
- variable: remember_me_duration
label: "Remember-Me duration"
description: |
The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user
The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user
selecting this option negates the inactivity timeout. Setting this to -1 disables this feature entirely.
schema:
type: string
@@ -296,7 +296,7 @@ questions:
- variable: find_time
label: "Find Time"
description: |
The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to
The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to
2m this means the user must have 3 failed logins in 2 minutes.
schema:
type: string
@@ -305,7 +305,7 @@ questions:
- variable: ban_time
label: "Ban Duration"
description: |
The period of time the user is banned for after meeting the max_retries and find_time configuration.
The period of time the user is banned for after meeting the max_retries and find_time configuration.
After this duration the account will be able to login again.
schema:
type: string
@@ -314,8 +314,8 @@ questions:
- variable: authentication_backend
group: "App Configuration"
label: "Authentication Backend Provider"
description: |
Used for verifying user passwords and retrieve information such as email
description: |
Used for verifying user passwords and retrieve information such as email
address and groups users belong to.
schema:
additional_attrs: true
@@ -707,8 +707,8 @@ questions:
- variable: default_policy
label: "Default Policy"
description: |
The default policy defines the policy applied if no rules section apply to the information known about the request.
It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all
The default policy defines the policy applied if no rules section apply to the information known about the request.
It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all
with Authelia should not be configured in your reverse proxy to perform authentication with Authelia at all for performance reasons.
schema:
type: string
@@ -780,7 +780,7 @@ questions:
- variable: policy
label: "Policy"
description: |
The specific policy to apply to the selected rule. This is not criteria for a match, this is the
The specific policy to apply to the selected rule. This is not criteria for a match, this is the
action to take when a match is made.
schema:
type: string
@@ -797,9 +797,9 @@ questions:
- variable: subject
label: "Subject"
description: |
This criteria matches identifying characteristics about the subject. Currently this is either
user or groups the user belongs to. This allows you to effectively control exactly what each user is
authorized to access or to specifically require two-factor authentication to specific users. Subjects
This criteria matches identifying characteristics about the subject. Currently this is either
user or groups the user belongs to. This allows you to effectively control exactly what each user is
authorized to access or to specifically require two-factor authentication to specific users. Subjects
are prefixed with either user: or group: to identify which part of the identity to check.
schema:
type: list
@@ -1010,7 +1010,7 @@ questions:
- variable: consent_mode
label: "Consent Mode"
description: |
Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or
Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or
implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)
schema:
type: string
@@ -31,7 +31,7 @@ After creating the cluster certificate, verify it is working by checking the `Ap
After you have verified the certificate was created successfully, edit the settings of the app you wish to use it for and go to the _Ingress_ section.
If you have previously used a single domain certificate from clusterissuer, remove the specified issuer name. Then, click on _Show Advanced Settings_ and add a _TLS_ entry. Enter the name of your cluster certificate, and the certificate host(s) which it will be used for. These are usually the same as your app host(s), unless you wish to use more than one certificate. Save the chart.
If you have previously used a single domain certificate from clusterissuer, remove the specified issuer name. Then, click on _Show Advanced Settings_ and add a _TLS_ entry. Enter the name of your cluster certificate, and the certificate host(s) which it will be used for. These are usually the same as your app host(s), unless you wish to use more than one certificate. Save the chart.
:::note
@@ -33,4 +33,3 @@
{{- include "tc.v1.common.spawner.certificate" . | nindent 0 -}}
{{- end -}}
{{- end -}}
@@ -8,8 +8,8 @@ Inspired by Kubernetes DNS, Kubernetes' cluster-internal DNS server, ExternalDNS
### Prerequisites (required for Support on TrueCharts Discord)
- Traefik
- Clusterissuer / Cert-manager installed (vital if exposed externally)
- Traefik
- Clusterissuer / Cert-manager installed (vital if exposed externally)
Please follow the [Getting Started](https://truecharts.org/manual/SCALE/guides/getting-started) guide on the [Truecharts](https://truecharts.org) website.
@@ -21,7 +21,7 @@ This guide will cover 2 scenarios, `Cloudflare` and `Pi-Hole` / `Pihole`, for mo
These instructions taken from [external-dns cloudflare tutorial](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/cloudflare.md)
#### Step 1:
#### Step 1:
Enter `CF_API_TOKEN` (preferred) or `CF_API_EMAIL`/`CF_API_KEY`
@@ -29,7 +29,7 @@ Enter `CF_API_TOKEN` (preferred) or `CF_API_EMAIL`/`CF_API_KEY`
#### Step 2:
Enter preferences for Logs and DNS updates (I suggest >5m to prevent log spam) and select `cloudflare` as provider and select sources. I find `ingress` and `service` covers everything. If you want to filter by multiple domains add your `Domain Filter Entry`
Enter preferences for Logs and DNS updates (I suggest >5m to prevent log spam) and select `cloudflare` as provider and select sources. I find `ingress` and `service` covers everything. If you want to filter by multiple domains add your `Domain Filter Entry`
![Cloudflare App Config 1](img/Cloudflare-App-Config-1.png)
@@ -49,7 +49,7 @@ workload:
readOnlyRootFilesystem: true
runAsNonRoot: true
env:
ES_Serilog__MinimumLevel__Default: '{{ .Values.kubernetesReflector.logLevel }}'
ES_Serilog__MinimumLevel__Default: "{{ .Values.kubernetesReflector.logLevel }}"
ES_Reflector__Watcher__Timeout: ""
ES_Reflector__Kubernetes__SkipTlsVerify: "false"
probes:
-1
View File
@@ -3,7 +3,6 @@ image:
pullPolicy: IfNotPresent
tag: v1.2.0@sha256:70a578170bca4a7a1040d44cb5ff143d5e9c2c2f32f9d48f1ad4519d61c35451
service:
main:
ports:
-1
View File
@@ -26,7 +26,6 @@ workload:
BORG_UID: "{{ .Values.securityContext.container.PUID }}"
BORG_GID: "{{ .Values.securityContext.pod.fsGroup }}"
persistence:
borg:
enabled: true
-1
View File
@@ -31,7 +31,6 @@ cs2:
- +game_mode 1
- -usercon
workload:
main:
podSpec:
@@ -1 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -1
View File
@@ -1 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -1
View File
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: ""2023.11.2"
appVersion: "2023.11.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
+3 -1
View File
@@ -70,7 +70,9 @@ workload:
# - Touch `/tmp/healty` to use with the readiness, liveness and startup probes
# - Start socat in proxy mode
# - On exit remove `/tmp/healthy`
args: ["-c", 'export TARGET_IP=$(getent hosts ''{{ printf "%v-autodiscovery" (include "tc.v1.common.lib.chart.names.fullname" $) }}'' | awk ''{ print $1 }'') && [[ ! -z $TARGET_IP ]] && touch /tmp/healthy && socat UDP-LISTEN:7359,fork,reuseaddr,rcvbuf=8096 UDP4-SENDTO:${TARGET_IP}:7359,rcvbuf=8096 ; rm -rf /tmp/healthy']
args:
- "-c"
- 'export TARGET_IP=$(getent hosts ''{{ printf "%v-autodiscovery" (include "tc.v1.common.lib.chart.names.fullname" $) }}'' | awk ''{ print $1 }'') && [[ ! -z $TARGET_IP ]] && touch /tmp/healthy && socat UDP-LISTEN:7359,fork,reuseaddr,rcvbuf=8096 UDP4-SENDTO:${TARGET_IP}:7359,rcvbuf=8096 ; rm -rf /tmp/healthy'
probes:
readiness:
enabled: true
+1 -1
View File
@@ -36,7 +36,7 @@ Or
- Simply delete the `CACHES` section, while not optimal for large installs is truly used with 50+ users according to Seafile docs.
Either of these steps will prevents the logs filling up with:
Either of these steps will prevents the logs filling up with:
```
2023-11-15 03:54:55,368 [ERROR] django.pylibmc:167 set_many MemcachedError: error 47 from memcached_set_multi: SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY