From ef4430c1b2300daca7eb40f8321bd16c5e14d525 Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Fri, 9 Jan 2026 11:15:13 +0100 Subject: [PATCH] added homarr --- argocd-apps/homelab.yaml | 22 +++ homarr-system/homarr.yaml | 357 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 379 insertions(+) create mode 100644 homarr-system/homarr.yaml diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index a585844..9e95195 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -899,4 +899,26 @@ spec: syncOptions: - CreateNamespace=true - PruneLast=true +--- +# Homarr +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: homarr + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: homarr-system + destination: + server: https://kubernetes.default.svc + namespace: homarr-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true --- \ No newline at end of file diff --git a/homarr-system/homarr.yaml b/homarr-system/homarr.yaml new file mode 100644 index 0000000..9161355 --- /dev/null +++ b/homarr-system/homarr.yaml @@ -0,0 +1,357 @@ +# Homarr - Personal Dashboards +# Version: v1.49.1 +# Features: PostgreSQL (shared), Redis, Authentik OIDC +# URL: home.dooplex.hu +--- +apiVersion: v1 +kind: Namespace +metadata: + name: homarr-system + labels: + app.kubernetes.io/name: homarr +--- +# ============================================================================= +# REDIS - Required for Homarr in Kubernetes +# ============================================================================= +apiVersion: apps/v1 +kind: Deployment +metadata: + name: homarr-redis + namespace: homarr-system + labels: + app.kubernetes.io/name: homarr-redis + app.kubernetes.io/instance: homarr + app.kubernetes.io/component: cache +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: homarr-redis + app.kubernetes.io/instance: homarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: homarr-redis + app.kubernetes.io/instance: homarr + app.kubernetes.io/component: cache + spec: + containers: + - name: redis + image: redis:7-alpine + imagePullPolicy: IfNotPresent + command: + - redis-server + - --appendonly + - "yes" + - --maxmemory + - "128mb" + - --maxmemory-policy + - "allkeys-lru" + ports: + - containerPort: 6379 + name: redis + protocol: TCP + resources: + requests: + cpu: 25m + memory: 64Mi + limits: + cpu: 200m + memory: 192Mi + livenessProbe: + exec: + command: + - sh + - -c + - redis-cli ping | grep PONG + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 3 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - sh + - -c + - redis-cli ping | grep PONG + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 3 + timeoutSeconds: 3 + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: homarr-redis +--- +apiVersion: v1 +kind: Service +metadata: + name: homarr-redis + namespace: homarr-system + labels: + app.kubernetes.io/name: homarr-redis + app.kubernetes.io/instance: homarr +spec: + type: ClusterIP + ports: + - name: redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/name: homarr-redis + app.kubernetes.io/instance: homarr +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: homarr-redis + namespace: homarr-system + labels: + app.kubernetes.io/name: homarr-redis + app.kubernetes.io/instance: homarr +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi +--- +# ============================================================================= +# HOMARR APPLICATION +# ============================================================================= +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: homarr-data + namespace: homarr-system + labels: + app.kubernetes.io/name: homarr + app.kubernetes.io/instance: homarr + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 5Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: homarr + namespace: homarr-system + labels: + app.kubernetes.io/name: homarr + app.kubernetes.io/instance: homarr + app.kubernetes.io/version: v1.49.1 +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: homarr + app.kubernetes.io/instance: homarr + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: homarr + app.kubernetes.io/instance: homarr + app.kubernetes.io/version: v1.49.1 + spec: + containers: + - name: homarr + image: ghcr.io/homarr-labs/homarr:v1.49.1 + imagePullPolicy: IfNotPresent + env: + # =================== + # General Settings + # =================== + - name: TZ + value: "Europe/Budapest" + - name: LOG_LEVEL + value: "info" + + # =================== + # URLs + # =================== + - name: BASE_URL + value: "https://home.dooplex.hu" + - name: NEXTAUTH_URL + value: "https://home.dooplex.hu" + + # =================== + # Security + # =================== + - name: SECRET_ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: homarr-secrets + key: SECRET_ENCRYPTION_KEY + + # =================== + # Database - PostgreSQL (shared cluster) + # =================== + - name: DB_DRIVER + value: "node-postgres" + - name: DB_DIALECT + value: "postgresql" + - name: DB_HOST + value: "postgresql-rw.database-system.svc.cluster.local" + - name: DB_PORT + value: "5432" + - name: DB_NAME + value: "homarr" + - name: DB_USER + valueFrom: + secretKeyRef: + name: homarr-db + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: homarr-db + key: password + + # =================== + # Redis (external for K8s) + # =================== + - name: REDIS_IS_EXTERNAL + value: "true" + - name: REDIS_HOST + value: "homarr-redis" + - name: REDIS_PORT + value: "6379" + + # =================== + # Authentication - Authentik OIDC + # =================== + - name: AUTH_PROVIDERS + value: "oidc" + - name: AUTH_OIDC_ISSUER + value: "https://authentik.dooplex.hu/application/o/homarr/" + - name: AUTH_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: homarr-secrets + key: AUTH_OIDC_CLIENT_ID + - name: AUTH_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: homarr-secrets + key: AUTH_OIDC_CLIENT_SECRET + - name: AUTH_OIDC_CLIENT_NAME + value: "Authentik" + - name: AUTH_OIDC_SCOPE_OVERWRITE + value: "openid email profile groups" + - name: AUTH_OIDC_GROUPS_ATTRIBUTE + value: "groups" + - name: AUTH_LOGOUT_REDIRECT_URL + value: "https://authentik.dooplex.hu/application/o/homarr/end-session/" + # Auto-login with OIDC (skip login page) + - name: AUTH_OIDC_AUTO_LOGIN + value: "true" + + ports: + - containerPort: 7575 + name: http + protocol: TCP + + resources: + requests: + cpu: 50m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + + livenessProbe: + httpGet: + path: /api/health + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 3 + + readinessProbe: + httpGet: + path: /api/health + port: http + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + + volumeMounts: + - name: data + mountPath: /appdata + + volumes: + - name: data + persistentVolumeClaim: + claimName: homarr-data +--- +apiVersion: v1 +kind: Service +metadata: + name: homarr + namespace: homarr-system + labels: + app.kubernetes.io/name: homarr + app.kubernetes.io/instance: homarr +spec: + type: ClusterIP + ports: + - name: http + port: 7575 + targetPort: http + selector: + app.kubernetes.io/name: homarr + app.kubernetes.io/instance: homarr +--- +# ============================================================================= +# INGRESS - External and Internal access +# ============================================================================= +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: homarr + namespace: homarr-system + labels: + app.kubernetes.io/name: homarr + app.kubernetes.io/instance: homarr + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: home.dooplex.hu + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "50m" + # Proxy buffer settings for OIDC + nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" + nginx.ingress.kubernetes.io/proxy-buffers-number: "4" + nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "32k" +spec: + ingressClassName: nginx-internal + rules: + - host: home.dooplex.hu + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: homarr + port: + number: 7575 + tls: + - hosts: + - home.dooplex.hu + secretName: homarr-tls \ No newline at end of file