tika: Update to 2.9.2.1

Reviewed-on: #11

argocd/applications/firefly-iii.yaml

@@ -11,3 +11,6 @@ spec:
     path: firefly-iii
     repoURL: https://git.pyrocufflink.blue/infra/kubernetes.git
     targetRevision: master
+  syncPolicy:
+    automated:
+      prune: true

argocd/applications/paperless-ngx.yaml

@@ -11,3 +11,6 @@ spec:
     path: paperless-ngx
     repoURL: https://git.pyrocufflink.blue/infra/kubernetes.git
     targetRevision: master
+  syncPolicy:
+    automated:
+      prune: true

argocd/applications/postgresql.yaml

@@ -1,13 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: postgresql
-  namespace: argocd
-spec:
-  destination:
-    server: https://kubernetes.default.svc
-  project: default
-  source:
-    path: postgresql
-    repoURL: https://git.pyrocufflink.blue/infra/kubernetes.git
-    targetRevision: master

firefly-iii/kustomization.yaml

@@ -53,3 +53,6 @@ patches:
             secret:
               secretName: postgres-client-cert
               defaultMode: 0640
+images:
+- name: docker.io/fireflyiii/core
+  newTag: version-6.1.19

paperless-ngx/paperless-ngx.yaml

@@ -372,7 +372,7 @@ spec:
     spec:
       containers:
       - name: tika
-        image: docker.io/apache/tika:2.5.0
+        image: ghcr.io/paperless-ngx/tika:2.5.0-minimal
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: true

sshca/secrets.yaml

@@ -63,7 +63,7 @@ metadata:
   namespace: sshca
 spec:
   encryptedData:
-    machine-ids.json: AgB1dg6pf6q5I9530RYOp0RPL3H2q6iQvRTNrBjtNfDTJItt3eC7+YMscqV9YUMghjztm9j2XYXWmv267rputamlJv3zvWp2C6u56KURlQrgGv7nK9QsNUBVwZVProod3IiRSE+rEEu8slqB2Lcqev74z26MA6/4EG7Bbhzr/XRpVGV14H1+I1+M81D4Qq+zJKhml0K2H0hAoy0hhor3mtIJY/pjTgZadUFgJWScZnLhCE84Y56yZCnpUOOqu+Ipg573TWEvUgJILUKAx0u464lK8ZMuyjH72wObNl0jxAdm7QWt4bVeInUswqTxi/rNcMjTgeOR0h0EJOzZfP3OiACt7lLbcbZsfeM1F0aR3ttxN288Fi6c/+FbFJGQ/Vvjx9aSm+c5PvCtKHXWJ79k7PNJsXD0XK/eK1lq/03H9HfQ4Ath58PRNdR3bzz3lBctI6wrbaS8V3ref/O3O0aYp6+YidhkDXNxBXNnctKZc2kKoZ9WCA+2nnWezGdVAUq3Na5W5DVx6pwJrIWG6zQ+Dj8caPs2XUSxQPhAvq2uUinlDxkaSg5FrOvyPVq3Ee2pXHQMprGdwcT0wBobRiveg0O9hsrOmRtzH38AJfE6nUT2I4+ej4i1xlO0vufcTeuUpheIhEm3+Gvtp4GgeMVvuuqfU42DZN2i+SSKFvysMxkz+fDVfig41R2KCkgwLbgofkZLcoXk892gfCcF+4yg5XB5Rk1yCMsNuU7ZIkllMLHsYlq9ERmrE0f61FmOEw0KknBDiGnoGZrDapQTZ0J52HrcLeUmi8C+pWacJnczBrEsi1eGNFaE7tTCBEjWT3KegJ1cwO/YnfYMuE1DFpQJEkOVW/mxWqLTKw1I8Bwi5g/pj4H5MhbIHhPUsOuS6Nz9W6cW/9h7lCHf12zt+bAcH/OabioIjmF4ZcMQ04u9yTumYtmTVt8/0snq9YLMOLOvaTAJTFlJW3wgXf8c0UkTKp9ZpAZfROTJ42GNUXvtwKL3rP/tbQ8UGl80wKWtMgCm1uG3K/U51rFLcDCIAxHXjrwOuMhj8D8A9RSEnoy9CZRnTATa+bgSQZQtouzy+NQO/ikHkSgJxQ5rs/ISmK5ngOPV+rU9qO3hE8/90FtotEmW0P7tPI9vcxzy3s+q3xiuz0ErPmqQqGoUjhmUvSC3GhHGeOflF4Q3oJhFiAP51r+PlTRBv303mi1PRvsO6xekPHl5qoqjPbPI+ujvbvDupDjyqTxV3CGENLoBZbxTPAKmBZpoLeYsdyC/N2m0pUtDqYj5GqxQYrultkGt4lGbSr/WaACsC6JTgo5Cyw+jr+NIJUEUzzCYjeGjBZGQm/hVcXgw4RlKelq3p5YEVj6/Fxr8xY9rff/dKxG/ceg2+AomtvkOvSNgO/IBWtZWqQKRz+V2F4p3WkqnVowr93ikyUeTsjbZAcvOsijywvS22ojq7evodATK
+    machine-ids.json: AgBEw3mB+iTHiS27e0eYVVwastuttYZnXB72HAQbFWT45TkbqbQiCun4isnKDdj0HxfiCBiYEV6fB5HbNXfRZ39zX+imt48V6OlS9Jb7mu67hXzF/Di9cTf5rNQuch68v7FZKvRIspwsOuyy/DqhLLuWhyW8HXAH+zjbGKgV5CzJXsyhQmvw5vH/Yk7HHY+V3QV39dPa3E7bHr6d83sDWTkIb9pfkQH8grRoj+EgIOAdcxDLXXmsFiKs6ifMHMO3Vsx3ZeJ681KTMjA/WS1itpkh9dJJiEHdkzjJZ9VO0hQBGbyRrct0p/kN9EigYpwe80ssk/HEe/+B1dUjggZCvpixyhDb5tTWb9AlsxCK3XjztGXQPud9OO3mo+wiQ6uFmBFwMl+baueS0vr/qLYXhfQ06fryNSMvXDlZeS7puzwa2H5/teBN8j2SqnR4PHksDwFdK6Qn72OcjZdB8yi7sbHqd9ArfoWmS5rMGw8GUQnDspzyxT/UUKzRP/iRFiBv9GU3CzImh2Eo9SA4189xJxCO/aRJuqMucdGvdQ/Vr1sgSX1TBaNyb/q0+CKXThGykqHynNVdSsTyeKdqoMsms1uCV+6kQ7M6RCuEMklNIsnNdSgp0TRnJvTVWTS++JZTc9qS6a8mM07mfk2QaqRaR3urLS0DdED64HyyO+YehgzBuwJeglmhUaREtcYkYiF1jvUeeagk7iJ+EUXSDg0HlG+VhLj/87F9XBcs69sxR0q3Im/ZQv67egpMjI++AH+yPLFDyTbvD+l9HcQrc5hTccZDwDN8ZJnoaGPiFTagakIGfkEKG3ZTpPGx1d3dwZvo8HzEq+4Ye9q5JI2jB8C9O4tt04JVlZ/SdHOY+8C+KxEJEpIiu/+CJkwdSL3D26Yf/+UuQeRI+O8CtJ3Nk8pXFIC+b8D7xHhV359gCZrMwIbVGVUoclFsPHQLD8Hj7F01viJUtmLTtBprW2nMkE50NaHrnFXAoF4SX0dOfAfMEc8egkORi09Zo9djH8FvjscJNvHzK17qARpxZGtVwPdX/AhXhoHa4Al3ZJo1psaOuWiXEc0G1MS9Tfbq627cDG+ZZ3M+HvfRazSrweQkDHDiMVzOyvNpx7bymEqq43TD5/CECwdXiEk7l/Ozbkpp1Ad8Ux0za5Q04ge4BMKqjYrj/d3CFQg2GoyQazkrpS432m2tmWzuxOAQYnkYREqRVneCvgHeRJegLrWEs4CHUnVmhIJaWCAtt3ZLg5IEndq2AhsfoqMz82EzlXWghFz1ma0I1KNZYt3jIMB6K2s3bVkOKiif8AGeHfKKIRzuEmrl4w4SIfBlM+YdpM4mVSdRl95J1BmO4z97cBeYcf24lA3+roRTgvWthM/0LmusUULXoCfsEH7hM2AMcuBYG1qqKX0ReQCMNK6/9w1w/+ucDK263EjPWCJDMK1oWycc1dJeAWvQAbgSdjpZSwe0
   template:
     metadata:
       name: sshca-data

updatebot/projects/firefly-iii.toml

@@ -0,0 +1,13 @@
+[repo]
+url = "https://git.pyrocufflink.net/infra/kubernetes"
+token_file = "/run/secrets/updatebot/gitea.token"
+
+[projects.firefly-iii]
+kind = "kustomize"
+image = "docker.io/fireflyiii/core"
+tag_format = "version-{version}"
+
+[projects.firefly-iii.source]
+kind = "github"
+organization = "firefly-iii"
+repo = "firefly-iii"

updatebot/projects/paperless-ngx.toml

@@ -0,0 +1,32 @@
+[repo]
+url = "https://git.pyrocufflink.net/infra/kubernetes"
+token_file = "/run/secrets/updatebot/gitea.token"
+
+[projects.paperless-ngx]
+kind = "kustomize"
+image = "ghcr.io/paperless-ngx/paperless-ngx"
+
+[projects.paperless-ngx.source]
+kind = "github"
+organization = "paperless-ngx"
+repo = "paperless-ngx"
+
+[projects.gotenberg]
+kind = "kustomize"
+path = "paperless-ngx"
+image = "docker.io/gotenberg/gotenberg"
+
+[projects.gotenberg.source]
+kind = "github"
+organization = "gotenberg"
+repo = "gotenberg"
+
+[projects.tika]
+kind = "kustomize"
+path = "paperless-ngx"
+image = "docker.io/apache/tika"
+
+[projects.tika.source]
+kind = "docker"
+namespace = "apache"
+repository = "tika"

updatebot/updatebot.yaml

@@ -64,3 +64,139 @@ spec:
             secret:
               secretName: updatebot-ssh
               defaultMode: 0640
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: updatebot-firefly-iii
+  labels: &labels
+    app.kubernetes.io/name: updatebot-firefly-iii
+spec:
+  schedule: 33 6 * * 1
+  timeZone: America/Chicago
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels: *labels
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: updatebot
+            image: git.pyrocufflink.net/infra/updatebot
+            args:
+            - --branch-name
+            - updatebot/firefly-iii
+            securityContext:
+              readOnlyRootFilesystem: true
+            volumeMounts:
+            - mountPath: /etc/ssh/ssh_known_hosts
+              name: ssh-known-hosts
+              readOnly: true
+              subPath: ssh_known_hosts
+            - mountPath: /home/bot/.config/updatebot/config.toml
+              name: updatebot-config
+              readOnly: true
+              subPath: firefly-iii.toml
+            - mountPath: /home/bot/.ssh
+              name: updatebot-ssh
+              readOnly: true
+            - mountPath: /run/secrets/updatebot
+              name: updatebot-secrets
+              readOnly: true
+            - mountPath: /tmp
+              name: tmp
+              subPath: tmp
+          nodeSelector:
+            kubernetes.io/arch: amd64
+          securityContext:
+            runAsNonRoot: true
+            fsGroup: 25167
+          volumes:
+          - name: ssh-known-hosts
+            configMap:
+              name: ssh-known-hosts
+          - name: tmp
+            emptyDir:
+              medium: Memory
+          - name: updatebot-config
+            configMap:
+              name: updatebot-projects
+          - name: updatebot-secrets
+            secret:
+              secretName: updatebot
+              defaultMode: 0640
+          - name: updatebot-ssh
+            secret:
+              secretName: updatebot-ssh
+              defaultMode: 0640
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: updatebot-paperless-ngx
+  labels: &labels
+    app.kubernetes.io/name: updatebot-paperless-ngx
+spec:
+  schedule: 34 6 * * 1
+  timeZone: America/Chicago
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels: *labels
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: updatebot
+            image: git.pyrocufflink.net/infra/updatebot
+            args:
+            - --branch-name
+            - updatebot/paperless-ngx
+            securityContext:
+              readOnlyRootFilesystem: true
+            volumeMounts:
+            - mountPath: /etc/ssh/ssh_known_hosts
+              name: ssh-known-hosts
+              readOnly: true
+              subPath: ssh_known_hosts
+            - mountPath: /home/bot/.config/updatebot/config.toml
+              name: updatebot-config
+              readOnly: true
+              subPath: paperless-ngx.toml
+            - mountPath: /home/bot/.ssh
+              name: updatebot-ssh
+              readOnly: true
+            - mountPath: /run/secrets/updatebot
+              name: updatebot-secrets
+              readOnly: true
+            - mountPath: /tmp
+              name: tmp
+              subPath: tmp
+          nodeSelector:
+            kubernetes.io/arch: amd64
+          securityContext:
+            runAsNonRoot: true
+            fsGroup: 25167
+          volumes:
+          - name: ssh-known-hosts
+            configMap:
+              name: ssh-known-hosts
+          - name: tmp
+            emptyDir:
+              medium: Memory
+          - name: updatebot-config
+            configMap:
+              name: updatebot-projects
+          - name: updatebot-secrets
+            secret:
+              secretName: updatebot
+              defaultMode: 0640
+          - name: updatebot-ssh
+            secret:
+              secretName: updatebot-ssh
+              defaultMode: 0640