# ============================================================================= # Homepage - Application Dashboard # Version: v1.8.0 # Namespace: homepage-system # Domain: homepage.dooplex.hu # Authentication: Authentik Proxy (Forward Auth) # ============================================================================= # # PREREQUISITES - Create in Authentik: # 1. Create Proxy Provider: # - Name: homepage-proxy # - Authorization flow: default-provider-authorization-implicit-consent # - Mode: Forward auth (single application) # - External host: https://homepage.dooplex.hu # # 2. Create Application: # - Name: Homepage # - Slug: homepage # - Provider: (select the proxy provider created above) # - Launch URL: https://homepage.dooplex.hu # # 3. Create Outpost (or add to existing): # - Name: homepage-outpost (or use existing proxy outpost) # - Type: Proxy # - Applications: Add the Homepage application # # After deployment, Authentik will auto-create the outpost deployment. # Update the ingress auth-url annotation with the correct outpost service name. # # ============================================================================= --- apiVersion: v1 kind: Namespace metadata: name: homepage-system labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage --- apiVersion: v1 kind: ServiceAccount metadata: name: homepage namespace: homepage-system labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage secrets: - name: homepage --- apiVersion: v1 kind: Secret metadata: name: homepage namespace: homepage-system labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage annotations: kubernetes.io/service-account.name: homepage type: kubernetes.io/service-account-token --- # ClusterRole for Homepage to discover services and get cluster metrics apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: homepage labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage rules: # Core resources for service discovery - apiGroups: [""] resources: - namespaces - pods - nodes - services - endpoints - configmaps - secrets verbs: ["get", "list", "watch"] # Apps resources for pod discovery - apiGroups: ["apps"] resources: - deployments - replicasets - statefulsets - daemonsets verbs: ["get", "list", "watch"] # Networking for ingress discovery - apiGroups: ["networking.k8s.io"] resources: - ingresses verbs: ["get", "list", "watch"] # Traefik IngressRoute CRD (if used) - apiGroups: ["traefik.containo.us", "traefik.io"] resources: - ingressroutes verbs: ["get", "list", "watch"] # Gateway API (if used) - apiGroups: ["gateway.networking.k8s.io"] resources: - httproutes - gateways verbs: ["get", "list", "watch"] # Metrics - apiGroups: ["metrics.k8s.io"] resources: - nodes - pods verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: homepage labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: homepage subjects: - kind: ServiceAccount name: homepage namespace: homepage-system --- apiVersion: v1 kind: ConfigMap metadata: name: homepage-config namespace: homepage-system labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage data: # Kubernetes connection configuration kubernetes.yaml: | mode: cluster ingress: true # Global settings settings.yaml: | title: Dooplex Dashboard favicon: https://nextcloud.dooplex.hu/s/9H89T5kgNRpkQDP/download theme: dark color: slate headerStyle: clean layout: Infrastructure: style: row columns: 4 Media: style: row columns: 4 Productivity: style: row columns: 4 Monitoring: style: row columns: 4 providers: longhorn: url: http://192.168.0.209 # Services configuration - customize as needed services.yaml: | - Infrastructure: - ArgoCD: icon: argo-cd.png href: https://argocd.dooplex.hu description: GitOps Deployment namespace: argocd app: argocd-server - Authentik: icon: authentik.png href: https://authentik.dooplex.hu description: Identity Provider - Longhorn: icon: longhorn.png href: http://192.168.0.209 description: Storage Management - Gitea: icon: gitea.png href: https://gitea.dooplex.hu description: Git Repository - Termix: icon: termix.png href: https://termix.dooplex.hu description: Web-based Server Management - qBittorrent: icon: qbittorrent.png href: https://qbittorrent.dooplex.hu description: Torrent widget: type: qbittorrent url: http://qbittorrent.host.or.ip username: "{{HOMEPAGE_VAR_QBITTORRENT_USER}}" password: "{{HOMEPAGE_VAR_QBITTORRENT_PASS}}" enableLeechProgress: true # optional, defaults to false enableLeechSize: true # optional, defaults to false - Media: - AudioBookshelf: icon: audiobookshelf.png href: https://audiobookshelf.dooplex.hu description: AudioBooks widget: type: audiobookshelf url: http://audiobookshelf.audiobookshelf-system.svc.cluster.local key: "{{HOMEPAGE_VAR_AUDIOBOOKSHELF_API_KEY}}" - Calibre-Web: icon: calibre-web.png href: https://books.dooplex.hu description: eBooks widget: type: calibreweb url: http://calibre-web.calibre-system.svc.cluster.local:8083 username: "{{HOMEPAGE_VAR_CALIBREWEB_USER}}" password: "{{HOMEPAGE_VAR_CALIBREWEB_PASS}}" - Immich: icon: immich.png href: https://photos.dooplex.hu description: Photos widget: type: immich url: http://immich-server.immich-system.svc.cluster.local:2283 key: "{{HOMEPAGE_VAR_IMMICH_API_KEY}}" version: 2 - Plex: icon: plex.png href: https://plex.dooplex.hu description: Media Server - Sonarr: icon: sonarr.png href: https://sonarr.dooplex.hu description: TV Shows widget: type: sonarr url: http://sonarr.servarr-system.svc.cluster.local:8989 key: "{{HOMEPAGE_VAR_SONARR_API_KEY}}" - Radarr: icon: radarr.png href: https://radarr.dooplex.hu description: Movies widget: type: radarr url: http://radarr.servarr-system.svc.cluster.local:7878 key: "{{HOMEPAGE_VAR_RADARR_API_KEY}}" - RadarrKids: icon: https://nextcloud.dooplex.hu/s/E3LB8dJTTpyDSge/download href: https://radarrkids.dooplex.hu description: Kids Movies widget: type: radarr url: http://radarrkids.servarr-system.svc.cluster.local:7879 key: "{{HOMEPAGE_VAR_RADARRKIDS_API_KEY}}" - Prowlarr: icon: prowlarr.png href: https://prowlarr.dooplex.hu description: Indexer Manager widget: type: prowlarr url: http://prowlarr.servarr-system.svc.cluster.local:9696 key: "{{HOMEPAGE_VAR_PROWLARR_API_KEY}}" - Seerr: icon: overseerr.png href: https://seerr.dooplex.hu description: Movie, TV Show Request widget: type: overseerr url: http://seerr.servarr-system.svc.cluster.local:5055 key: "{{HOMEPAGE_VAR_SEERR_API_KEY}}" - Productivity: - ActialBudget: icon: actual-budget.png href: https://actualbudget.dooplex.hu description: Finance Manager - Adventurelog: icon: adventure-log.png href: https://adventures.dooplex.hu description: Documenting Travels - Bookstack: icon: bookstack.png href: https://bookstack.dooplex.hu description: Documentation, Wiki - Nextcloud: icon: nextcloud.png href: https://nextcloud.dooplex.hu description: Cloud Storage - Outline: icon: outline.png href: https://outline.dooplex.hu description: Team Wiki, Documentation - Paperless: icon: paperless-ngx.png href: https://paperless.dooplex.hu description: Document Management - Privatebin: icon: privatebin.png href: https://privatebin.dooplex.hu description: Pastebin - Tandoor: icon: tandoor-recipes.png href: https://tandoor.dooplex.hu description: Recipe Manager widget: type: tandoor url: http://tandoor.tandoor-system.svc.cluster.local:8080 key: "{{HOMEPAGE_VAR_TANDOOR_API_KEY}}" - Vaultwarden: icon: bitwarden.png href: https://vaultwarden.dooplex.hu description: Password Manager - Monitoring: - Grafana: icon: grafana.png href: https://grafana.dooplex.hu description: Dashboards & Metrics widget: type: grafana url: http://grafana.mon-system.svc.cluster.local:3000 username: "{{HOMEPAGE_VAR_GRAFANA_USER}}" password: "{{HOMEPAGE_VAR_GRAFANA_PASS}}" - Prometheus: icon: prometheus.png href: http://prometheus.home description: Metrics Collection (LAN Only) - Uptime Kuma: icon: uptime-kuma.png href: https://uptimekuma.dooplex.hu description: Uptime Monitoring widget: type: uptimekuma url: http://uptimekuma.uptimekuma-system.svc.cluster.local:3001 slug: homepage # Widgets configuration widgets.yaml: | - logo: icon: https://nextcloud.dooplex.hu/s/sD9GdyEZNFdxRns/download - greeting: text_size: xl text: "Welcome!" - datetime: text_size: l format: dateStyle: long timeStyle: short hour12: false - kubernetes: cluster: show: true cpu: true memory: true showLabel: true label: "dooplex" nodes: show: true cpu: true memory: true showLabel: true - longhorn: expanded: true total: true labels: true nodes: false - search: provider: duckduckgo target: _blank # Bookmarks bookmarks.yaml: | - Developer: - GitHub: - abbr: GH href: https://github.com icon: github.png - Gitea: - abbr: GT href: https://gitea.dooplex.hu icon: gitea.png - Documentation: - Kubernetes: - abbr: K8s href: https://kubernetes.io/docs icon: kubernetes.png - ArgoCD: - abbr: Argo href: https://argo-cd.readthedocs.io icon: argocd.png # Docker settings (not used in k8s mode) docker.yaml: "" # Custom CSS custom.css: | #information-widgets .information-widget-logo img { max-height: 120px !important; width: auto !important; } # Custom JS custom.js: "" --- apiVersion: apps/v1 kind: Deployment metadata: name: homepage namespace: homepage-system labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage app.kubernetes.io/version: "v1.8.0" spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage template: metadata: labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage app.kubernetes.io/version: "v1.8.0" spec: serviceAccountName: homepage automountServiceAccountToken: true dnsPolicy: ClusterFirst enableServiceLinks: true containers: - name: homepage image: ghcr.io/gethomepage/homepage:v1.8.0 imagePullPolicy: IfNotPresent env: # Required for external access - name: HOMEPAGE_ALLOWED_HOSTS value: "*" # Timezone - name: TZ value: "Europe/Budapest" # Optional: Widget API keys (create secret with these if needed) - name: HOMEPAGE_VAR_TANDOOR_API_KEY valueFrom: secretKeyRef: name: homepage-secrets key: tandoor-api-key - name: HOMEPAGE_VAR_PROWLARR_API_KEY valueFrom: secretKeyRef: name: homepage-secrets key: prowlarr-api-key - name: HOMEPAGE_VAR_SONARR_API_KEY valueFrom: secretKeyRef: name: homepage-secrets key: sonarr-api-key - name: HOMEPAGE_VAR_RADARR_API_KEY valueFrom: secretKeyRef: name: homepage-secrets key: radarr-api-key - name: HOMEPAGE_VAR_RADARRKIDS_API_KEY valueFrom: secretKeyRef: name: homepage-secrets key: radarrkids-api-key - name: HOMEPAGE_VAR_SEERR_API_KEY valueFrom: secretKeyRef: name: homepage-secrets key: seerr-api-key - name: HOMEPAGE_VAR_IMMICH_API_KEY valueFrom: secretKeyRef: name: homepage-secrets key: immich-api-key - name: HOMEPAGE_VAR_AUDIOBOOKSHELF_API_KEY valueFrom: secretKeyRef: name: homepage-secrets key: audiobookshelf-api-key - name: HOMEPAGE_VAR_GRAFANA_USER valueFrom: secretKeyRef: name: homepage-secrets key: grafana-user - name: HOMEPAGE_VAR_GRAFANA_PASS valueFrom: secretKeyRef: name: homepage-secrets key: grafana-pass - name: HOMEPAGE_VAR_QBITTORRENT_USER valueFrom: secretKeyRef: name: homepage-secrets key: qbittorrent-user - name: HOMEPAGE_VAR_QBITTORRENT_PASS valueFrom: secretKeyRef: name: homepage-secrets key: qbittorrent-pass - name: HOMEPAGE_VAR_CALIBREWEB_USER valueFrom: secretKeyRef: name: homepage-secrets key: calibreweb-user - name: HOMEPAGE_VAR_CALIBREWEB_PASS valueFrom: secretKeyRef: name: homepage-secrets key: calibreweb-pass ports: - name: http containerPort: 3000 protocol: TCP livenessProbe: httpGet: path: /api/healthcheck port: http initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 10 failureThreshold: 3 readinessProbe: httpGet: path: /api/healthcheck port: http initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 resources: requests: cpu: 50m memory: 128Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: config mountPath: /app/config/kubernetes.yaml subPath: kubernetes.yaml - name: config mountPath: /app/config/settings.yaml subPath: settings.yaml - name: config mountPath: /app/config/services.yaml subPath: services.yaml - name: config mountPath: /app/config/widgets.yaml subPath: widgets.yaml - name: config mountPath: /app/config/bookmarks.yaml subPath: bookmarks.yaml - name: config mountPath: /app/config/docker.yaml subPath: docker.yaml - name: config mountPath: /app/config/custom.css subPath: custom.css - name: config mountPath: /app/config/custom.js subPath: custom.js volumes: - name: config configMap: name: homepage-config --- apiVersion: v1 kind: Service metadata: name: homepage namespace: homepage-system labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage spec: type: ClusterIP ports: - name: http port: 3000 targetPort: http protocol: TCP selector: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage --- # Ingress WITH Authentik proxy authentication # Update the auth-url annotation with your actual outpost service name after Authentik creates it apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: homepage namespace: homepage-system labels: app.kubernetes.io/name: homepage app.kubernetes.io/instance: homepage annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: homepage.dooplex.hu,homepage.home nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "32k" # Authentik Forward Auth annotations # Update 'homepage-outpost' with your actual outpost name nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-homepage-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx nginx.ingress.kubernetes.io/auth-signin: https://homepage.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; # Homepage auto-discovery annotation gethomepage.dev/enabled: "true" gethomepage.dev/name: "Homepage" gethomepage.dev/description: "Application Dashboard" gethomepage.dev/group: "Infrastructure" gethomepage.dev/icon: "homepage.png" spec: ingressClassName: nginx-internal rules: - host: homepage.dooplex.hu http: paths: - path: / pathType: Prefix backend: service: name: homepage port: number: 3000 - host: homepage.home http: paths: - path: / pathType: Prefix backend: service: name: homepage port: number: 3000 tls: - hosts: - homepage.dooplex.hu secretName: homepage-tls ---