ADD: update Nextcloud and Gitea configurations for domain and Docker settings; enhance Homarr deployment with resource limits and OIDC authentication

Co-authored-by: Copilot <copilot@github.com>

k3s/apps/Nextcloud/manifest/nextcloud-deployment.yaml

@@ -51,15 +51,15 @@ spec:
             - name: REDIS_HOST
               value: redis.nextcloud.svc.cluster.local
             - name: NEXTCLOUD_TRUSTED_DOMAINS
-              value: "henryathome.home64.de,192.168.178.0/24,192.168.178.138,nextcloud.nextcloud.svc.cluster.local"
+              value: "cloud.henryathome.home64.de,192.168.178.0/24,192.168.178.138,nextcloud.nextcloud.svc.cluster.local"
             - name: TRUSTED_PROXIES
               value: "192.168.178.120"
             - name: OVERWRITEHOST
-              value: "henryathome.home64.de"
+              value: "cloud.henryathome.home64.de"
             - name: OVERWRITEPROTOCOL
               value: "https"
             - name: OVERWRITECLIURL
-              value: "https://henryathome.home64.de"
+              value: "https://cloud.henryathome.home64.de"
           resources:
             requests:
               memory: "512Mi"

k3s/apps/gitea/gitea-runner.yaml

@@ -37,20 +37,28 @@ spec:
             - name: GITEA_RUNNER_NAME
               value: "k3s-runner-1"
             - name: GITEA_RUNNER_LABELS
-              value: "linux-x64:host,ubuntu-latest:docker://node:20-bookworm,alpine:docker://alpine:3.20"
+              value: "linux-x64:host,ubuntu-latest:docker://catthehacker/ubuntu:act-latest,ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04,alpine:docker://alpine:3.20"
             - name: GITEA_RUNNER_REGISTRATION_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: gitea-runner-secret
                   key: GITEA_RUNNER_REGISTRATION_TOKEN
             - name: DOCKER_HOST
-              value: "tcp://localhost:2375"
+              value: "unix:///var/run/docker.sock"
           command:
             - /bin/sh
             - -c
           args:
             - |
               set -e
+              until [ -S /var/run/docker.sock ]; do
+                echo "Waiting for Docker socket..."
+                sleep 2
+              done
+              if [ -f /data/.runner_labels ] && [ "$(cat /data/.runner_labels)" != "${GITEA_RUNNER_LABELS}" ]; then
+                rm -f /data/.runner
+              fi
+              printf '%s' "${GITEA_RUNNER_LABELS}" > /data/.runner_labels
               if [ ! -f /data/.runner ]; then
                 act_runner register \
                   --no-interactive \
@@ -63,20 +71,28 @@ spec:
           volumeMounts:
             - name: runner-data
               mountPath: /data
+            - name: docker-run
+              mountPath: /var/run
         - name: dind
           image: docker:27-dind
           imagePullPolicy: IfNotPresent
           securityContext:
             privileged: true
+          args:
+            - --insecure-registry=gitea.gitea.svc.cluster.local
           env:
             - name: DOCKER_TLS_CERTDIR
               value: ""
           volumeMounts:
             - name: docker-lib
               mountPath: /var/lib/docker
+            - name: docker-run
+              mountPath: /var/run
       volumes:
         - name: runner-data
           persistentVolumeClaim:
             claimName: gitea-runner-data
         - name: docker-lib
           emptyDir: {}
+        - name: docker-run
+          emptyDir: {}

k3s/apps/gitea/gitea.yaml

@@ -173,6 +173,10 @@ spec:
               value: giteapassword
             - name: GITEA__server__ROOT_URL
               value: "https://git.henryathome.home64.de"
+            - name: GITEA__server__DOMAIN
+              value: git.henryathome.home64.de
+            - name: GITEA__server__PROTOCOL
+              value: http
             - name: GITEA__server__SSH_DOMAIN
               value: git.henryathome.home64.de
             - name: GITEA__server__START_SSH_SERVER
@@ -181,6 +185,8 @@ spec:
               value: "32000"
             - name: GITEA__server__SSH_PORT
               value: "32000"
+            - name: GITEA__packages__ENABLED
+              value: "true"
           ports:
             - containerPort: 3000   # HTTP
             - containerPort: 32000     # SSH

k3s/apps/homarr/homarr-deployment.yaml

@@ -21,7 +21,24 @@ spec:
         - name: homarr
           image: ghcr.io/homarr-labs/homarr:latest
           imagePullPolicy: Always
+          resources:
+            requests:
+              cpu: 100m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 1Gi
           env:
+            - name: AUTH_PROVIDERS
+              value: "credentials,oidc"
+            - name: AUTH_OIDC_ISSUER
+              value: "https://authentik.henryathome.home64.de/application/o/homarr/"
+            - name: AUTH_OIDC_CLIENT_ID
+              value: "gLJekZnT5uwDXqWoTolP6YyktjdTAPmSAx7EVLcK"
+            - name: AUTH_OIDC_CLIENT_SECRET
+              value: "nX9qYyvtIH1PO3FFM13dvvKakv2eovyO9pFKNDYUKF0sycM8UFl0MgGkysqG5irpFsValNb2QkBLUKCRnCIcUt3M6ztCEe4po1Qqfvr0QZHRdH8d21vSHXMMdQmjQ2WN"
+            - name: AUTH_OIDC_CLIENT_NAME
+              value: "Authentik"
             - name: SECRET_ENCRYPTION_KEY
               valueFrom:
                 secretKeyRef: