@highstate/library 0.4.4 → 0.4.6

package/dist/index.mjs

@@ -8,25 +8,21 @@ const keyTypeSchema = Type.Union([
 ]);
 const keyPairEntity = defineEntity({
   type: "ssh.key-pair",
-  sensitive: true,
   schema: Type.Object({
     type: keyTypeSchema,
     privateKey: Type.String(),
     publicKey: Type.String()
-  })
-});
-const publicKeyEntity = defineEntity({
-  type: "ssh.public-key",
-  schema: Type.Object({
-    publicKey: Type.String()
-  })
+  }),
+  meta: {
+    color: "#2b5797"
+  }
 });
 const credentialsSchema = Type.Object({
   endpoint: Type.Optional(Type.String()),
   user: Type.Optional(Type.String()),
   port: Type.Optional(Type.Number()),
   password: Type.Optional(Type.String()),
-  privateKey: Type.Optional(keyPairEntity.schema)
+  keyPair: Type.Optional(keyPairEntity.schema)
 });
 const keyPair = defineUnit({
   type: "ssh.key-pair",
@@ -38,7 +34,7 @@ const keyPair = defineUnit({
   },
   meta: {
     displayName: "SSH Key Pair",
-    description: "Generates a new ED25519 SSH key pair.",
+    description: "Holds the ED25519 SSH key pair and generates the private key if not provided.",
     category: "ssh",
     primaryIcon: "charm:key",
     primaryIconColor: "#ffffff",
@@ -51,45 +47,13 @@ const keyPair = defineUnit({
     path: "ssh/key-pair"
   }
 });
-const existingPublicKey = defineUnit({
-  type: "ssh.existing-public-key",
-  args: {
-    type: {
-      schema: keyTypeSchema,
-      description: "The type of the key pair."
-    },
-    publicKey: {
-      schema: Type.String(),
-      description: "The public key in OpenSSH format."
-    }
-  },
-  outputs: {
-    publicKey: publicKeyEntity
-  },
-  meta: {
-    displayName: "SSH Existing Public Key",
-    description: "Uses an existing SSH public key.",
-    category: "ssh",
-    primaryIcon: "charm:key",
-    primaryIconColor: "#ffffff",
-    secondaryIcon: "mdi:public",
-    secondaryIconColor: "#ffffff"
-  },
-  source: {
-    type: "npm",
-    package: "@highstate/common",
-    path: "ssh/existing-public-key"
-  }
-});
 
 var ssh = /*#__PURE__*/Object.freeze({
   __proto__: null,
   credentialsSchema: credentialsSchema,
-  existingPublicKey: existingPublicKey,
   keyPair: keyPair,
   keyPairEntity: keyPairEntity,
-  keyTypeSchema: keyTypeSchema,
-  publicKeyEntity: publicKeyEntity
+  keyTypeSchema: keyTypeSchema
 });
 
 const serverEntity = defineEntity({
@@ -103,80 +67,38 @@ const serverEntity = defineEntity({
     color: "#009688"
   }
 });
-const innerCircuitEntity = defineEntity({
-  type: "common.inner-circuit",
+const interfaceEntity = defineEntity({
+  type: "common.interface",
   schema: Type.Object({
     interface: Type.String()
   }),
   meta: {
     color: "#2196F3",
-    description: "The inner circuit of a network where the traffic is flowing inside the single kernel."
-  }
-});
-const outerCircuitEntity = defineEntity({
-  type: "common.outer-circuit",
-  schema: Type.Object({
-    interface: Type.String()
-  }),
-  meta: {
-    color: "#FFC107",
-    description: "The outer circuit of a network which traffic will be routed to another network."
-  }
-});
-const gatewayEntity = defineEntity({
-  type: "common.gateway",
-  schema: Type.Object({
-    endpoint: Type.String()
-  }),
-  meta: {
-    color: "#4CAF50"
+    description: "The interface in a network space of the kernel which can accept or transmit packets."
   }
 });
-const tlsIssuerEntity = defineEntity({
-  type: "common.tls-issuer",
+const endpointEntity = defineEntity({
+  type: "common.endpoint",
   schema: Type.Object({
     endpoint: Type.String()
   }),
   meta: {
-    color: "#f06292"
+    color: "#FFC107",
+    description: "The L3-L4 endpoint for some network service."
   }
 });
 const dnsProviderEntity = defineEntity({
   type: "common.dns-provider",
   schema: Type.Object({
-    endpoint: Type.String()
+    name: Type.String(),
+    type: Type.String(),
+    data: Type.Record(Type.String(), Type.Unknown()),
+    domain: Type.String()
   }),
   meta: {
     color: "#FF5722"
   }
 });
-const accessPointEntity = defineEntity({
-  type: "common.access-point",
-  schema: Type.Object({
-    name: Type.String()
-  })
-});
-const accessPoint = defineUnit({
-  type: "common.access-point",
-  inputs: {
-    gateway: gatewayEntity,
-    tlsIssuer: tlsIssuerEntity,
-    dnsProvider: dnsProviderEntity
-  },
-  outputs: {
-    accessPoint: accessPointEntity
-  },
-  meta: {
-    displayName: "Access Point",
-    description: "An access point which can be used to connect to services.",
-    primaryIcon: "mdi:access-point"
-  },
-  source: {
-    type: "npm",
-    package: "@highstate/common",
-    path: "access-point"
-  }
-});
 const existingServer = defineUnit({
   type: "common.existing-server",
   args: {
@@ -205,15 +127,11 @@ const existingServer = defineUnit({
 
 var common = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  accessPoint: accessPoint,
-  accessPointEntity: accessPointEntity,
   dnsProviderEntity: dnsProviderEntity,
+  endpointEntity: endpointEntity,
   existingServer: existingServer,
-  gatewayEntity: gatewayEntity,
-  innerCircuitEntity: innerCircuitEntity,
-  outerCircuitEntity: outerCircuitEntity,
-  serverEntity: serverEntity,
-  tlsIssuerEntity: tlsIssuerEntity
+  interfaceEntity: interfaceEntity,
+  serverEntity: serverEntity
 });
 
 const clusterEntity$2 = defineEntity({
@@ -223,7 +141,7 @@ const clusterEntity$2 = defineEntity({
     insecure: Type.Optional(Type.Boolean()),
     username: Type.Optional(Type.String()),
     defaultNodeName: Type.String(),
-    defaultDatastoreId: Type.Optional(Type.String()),
+    defaultDatastoreId: Type.String(),
     password: Type.Optional(Type.String()),
     apiToken: Type.Optional(Type.String())
   }),
@@ -246,7 +164,7 @@ const connection$1 = defineUnit({
     endpoint: Type.String(),
     insecure: Type.Optional(Type.Boolean()),
     username: Type.Optional(Type.String()),
-    defaultNodeName: Type.String(),
+    defaultNodeName: Type.Optional(Type.String()),
     defaultDatastoreId: Type.Optional(Type.String())
   },
   secrets: {
@@ -324,23 +242,23 @@ const virtualMachine = defineUnit({
   type: "proxmox.virtual-machine",
   args: {
     nodeName: Type.Optional(Type.String()),
-    cores: Type.Optional(Type.Number()),
-    sockets: Type.Optional(Type.Number()),
-    memory: Type.Optional(Type.Number()),
+    cpuType: Type.Optional(Type.String({ default: "host" })),
+    cores: Type.Optional(Type.Number({ default: 1 })),
+    sockets: Type.Optional(Type.Number({ default: 1 })),
+    memory: Type.Optional(Type.Number({ default: 512 })),
     ipv4: Type.Optional(Type.String()),
     ipv4Gateway: Type.Optional(Type.String()),
     dns: Type.Optional(Type.Array(Type.String())),
     datastoreId: Type.Optional(Type.String()),
-    diskSize: Type.Optional(Type.Number()),
-    bridge: Type.Optional(Type.String())
+    diskSize: Type.Optional(Type.Number({ default: 8 })),
+    bridge: Type.Optional(Type.String({ default: "vmbr0" })),
+    sshPort: Type.Optional(Type.Number({ default: 22 })),
+    sshUser: Type.Optional(Type.String({ default: "root" })),
+    waitForAgent: Type.Optional(Type.Boolean({ default: true }))
   },
   inputs: {
     proxmoxCluster: clusterEntity$2,
     image: imageEntity,
-    sshPublicKey: {
-      entity: publicKeyEntity,
-      required: false
-    },
     sshKeyPair: {
       entity: keyPairEntity,
       required: false
@@ -376,51 +294,96 @@ var proxmox = /*#__PURE__*/Object.freeze({
 
 const clusterEntity$1 = defineEntity({
   type: "k8s.cluster",
-  sensitive: true,
   schema: Type.Object({
-    kubeconfig: Type.String()
+    name: Type.String(),
+    kubeconfig: Type.String(),
+    cni: Type.String()
   }),
   meta: {
     color: "#2196F3"
   }
 });
-const routeEntity = defineEntity({
-  type: "k8s.route",
+const existingCluster = defineUnit({
+  type: "k8s.existing-cluster",
+  secrets: {
+    kubeconfig: Type.Record(Type.String(), Type.Any())
+  },
+  outputs: {
+    cluster: clusterEntity$1
+  },
+  meta: {
+    displayName: "Existing Cluster",
+    description: "An existing Kubernetes cluster.",
+    primaryIcon: "mdi:kubernetes"
+  },
+  source: {
+    type: "npm",
+    package: "@highstate/k8s",
+    path: "existing-cluster"
+  }
+});
+const gatewayEntity = defineEntity({
+  type: "k8s.gateway",
   schema: Type.Object({
-    someField: Type.String()
+    clusterName: Type.String(),
+    gatewayClassName: Type.String(),
+    httpListenerPort: Type.Number(),
+    httpsListenerPort: Type.Number(),
+    ip: Type.String()
   }),
   meta: {
-    color: "#F44336"
+    color: "#4CAF50"
   }
 });
-const traefikGateway = defineUnit({
-  type: "k8s.traefik-gateway",
+const tlsIssuerEntity = defineEntity({
+  type: "k8s.tls-issuer",
+  schema: Type.Object({
+    clusterName: Type.String(),
+    clusterIssuerName: Type.String()
+  }),
+  meta: {
+    color: "#f06292"
+  }
+});
+const accessPointEntity = defineEntity({
+  type: "common.access-point",
+  schema: Type.Object({
+    gateway: gatewayEntity.schema,
+    tlsIssuer: tlsIssuerEntity.schema,
+    dnsProvider: dnsProviderEntity.schema
+  }),
+  meta: {
+    color: "#FFC107"
+  }
+});
+const accessPoint = defineUnit({
+  type: "k8s.access-point",
   inputs: {
-    k8sCluster: clusterEntity$1,
-    ingress: routeEntity
+    gateway: gatewayEntity,
+    tlsIssuer: tlsIssuerEntity,
+    dnsProvider: dnsProviderEntity
   },
   outputs: {
-    gateway: gatewayEntity
+    accessPoint: accessPointEntity
   },
   meta: {
-    displayName: "Traefik Gateway",
-    description: "A Traefik gateway for routing traffic to services.",
-    primaryIcon: "simple-icons:traefikproxy"
+    displayName: "Access Point",
+    description: "An access point which can be used to connect to services.",
+    primaryIcon: "mdi:access-point"
   },
   source: {
     type: "npm",
-    package: "@highstate/apps",
-    path: "traefik"
+    package: "@highstate/k8s",
+    path: "access-point"
   }
 });
 const certManager = defineUnit({
   type: "k8s.cert-manager",
   inputs: {
-    k8sCluster: clusterEntity$1,
-    dnsProvider: dnsProviderEntity
+    k8sCluster: clusterEntity$1
   },
   outputs: {
-    tlsIssuer: tlsIssuerEntity
+    k8sCluster: clusterEntity$1
   },
   meta: {
     displayName: "Cert Manager",
@@ -429,42 +392,67 @@ const certManager = defineUnit({
   },
   source: {
     type: "npm",
-    package: "@highstate/apps",
+    package: "@highstate/k8s",
     path: "cert-manager"
   }
 });
-const coredns = defineUnit({
-  type: "k8s.coredns",
+const dns01TlsIssuer = defineUnit({
+  type: "k8s.dns01-issuer",
   inputs: {
-    k8sCluster: clusterEntity$1
+    k8sCluster: clusterEntity$1,
+    dnsProvider: dnsProviderEntity
   },
   outputs: {
-    dnsProvider: dnsProviderEntity
+    tlsIssuer: tlsIssuerEntity
   },
   meta: {
-    displayName: "CoreDNS",
-    description: "A separate CoreDNS instance for custom DNS records.",
-    primaryIcon: "mdi:dns"
+    displayName: "DNS01 Issuer",
+    description: "A TLS issuer for issuing certificate using DNS01 challenge.",
+    primaryIcon: "mdi:certificate"
   },
   source: {
     type: "npm",
-    package: "@highstate/apps",
-    path: "coredns"
+    package: "@highstate/k8s",
+    path: "dns01-issuer"
+  }
+});
+const serviceTypeSchema = Type.Union([
+  Type.Literal("NodePort"),
+  Type.Literal("LoadBalancer"),
+  Type.Literal("ClusterIP")
+]);
+const serviceEntity = defineEntity({
+  type: "k8s.service",
+  schema: Type.Object({
+    clusterName: Type.String(),
+    name: Type.String(),
+    namespace: Type.String(),
+    selector: Type.Record(Type.String(), Type.String()),
+    serviceType: serviceTypeSchema,
+    ip: Type.Optional(Type.String()),
+    ports: Type.Array(Type.Number())
+  }),
+  meta: {
+    color: "#2196F3"
   }
 });
 
 var k8s = /*#__PURE__*/Object.freeze({
   __proto__: null,
+  accessPoint: accessPoint,
+  accessPointEntity: accessPointEntity,
   certManager: certManager,
   clusterEntity: clusterEntity$1,
-  coredns: coredns,
-  routeEntity: routeEntity,
-  traefikGateway: traefikGateway
+  dns01TlsIssuer: dns01TlsIssuer,
+  existingCluster: existingCluster,
+  gatewayEntity: gatewayEntity,
+  serviceEntity: serviceEntity,
+  serviceTypeSchema: serviceTypeSchema,
+  tlsIssuerEntity: tlsIssuerEntity
 });
 
 const clusterEntity = defineEntity({
   type: "talos.cluster",
-  sensitive: true,
   schema: Type.Object({
     clientConfiguration: Type.String(),
     machineSecrets: Type.String()
@@ -473,6 +461,12 @@ const clusterEntity = defineEntity({
     color: "#2d2d2d"
   }
 });
+const cniSchema = Type.Union([
+  Type.Literal("cilium"),
+  Type.Literal("flannel"),
+  Type.Literal("none")
+]);
+const csiSchema = Type.Union([Type.Literal("local-path-provisioner"), Type.Literal("none")]);
 const cluster$1 = defineUnit({
   type: "talos.cluster",
   args: {
@@ -497,6 +491,29 @@ const cluster$1 = defineUnit({
         By default, the name of the instance is used.
       `
     },
+    cni: {
+      schema: Type.Optional({ ...cniSchema, default: "cilium" }),
+      description: text`
+        The CNI plugin to use.
+
+        The following options are available:
+        - "cilium" (default)
+        - "flannel" (built-in in Talos)
+        - "none" (disable CNI, must be installed manually)
+
+        The "cilium" CNI plugin is recommended to cover advanced network policies like FQDNs.
+      `
+    },
+    csi: {
+      schema: Type.Optional({ ...csiSchema, default: "local-path-provisioner" }),
+      description: text`
+        The CSI plugin to use.
+
+        The following options are available:
+        - "local-path-provisioner" (default)
+        - "none" (disable CSI, must be installed manually if needed)
+      `
+    },
     sharedConfigPatch: {
       schema: Type.Optional(Type.Record(Type.String(), Type.Any())),
       description: text`
@@ -532,8 +549,7 @@ const cluster$1 = defineUnit({
   },
   outputs: {
     k8sCluster: clusterEntity$1,
-    talosCluster: clusterEntity,
-    egress: routeEntity
+    talosCluster: clusterEntity
   },
   meta: {
     displayName: "Talos Cluster",
@@ -553,7 +569,9 @@ const cluster$1 = defineUnit({
 var talos = /*#__PURE__*/Object.freeze({
   __proto__: null,
   cluster: cluster$1,
-  clusterEntity: clusterEntity
+  clusterEntity: clusterEntity,
+  cniSchema: cniSchema,
+  csiSchema: csiSchema
 });
 
 const backendSchema = Type.Union([
@@ -581,7 +599,11 @@ const identityEntity = defineEntity({
     network: Type.Optional(networkEntity.schema),
     address: Type.String(),
     privateKey: Type.String(),
-    presharedKeyPart: Type.Optional(Type.String())
+    presharedKeyPart: Type.Optional(Type.String()),
+    k8sServices: Type.Array(serviceEntity.schema),
+    exitNode: Type.Boolean(),
+    listenPort: Type.Optional(Type.Number()),
+    externalIp: Type.Optional(Type.String())
   }),
   meta: {
     color: "#F44336"
@@ -678,12 +700,6 @@ const identity = defineUnit({
      * The address may be any IPv4 or IPv6 address. CIDR notation is also supported.
      */
     address: Type.String(),
-    /**
-     * The endpoint of the WireGuard peer.
-     *
-     * Does not affect node which implements the identity, but is used in the peer configuration of other nodes.
-     */
-    endpoint: Type.Optional(Type.String()),
     /**
      * The list of allowed IPs for the peer.
      *
@@ -697,7 +713,27 @@ const identity = defineUnit({
      *
      * Just an alias for the `allowedIps` with the value of `0.0.0.0/0, ::/0`.
      */
-    exitNode: Type.Optional(Type.Boolean())
+    exitNode: Type.Optional(Type.Boolean()),
+    /**
+     * The port to listen on.
+     *
+     * Used by the implementation of the identity and to calculate the endpoint of the peer.
+     */
+    listenPort: Type.Optional(Type.Number()),
+    /**
+     * The external IP address of the WireGuard identity.
+     *
+     * Used by the implementation of the identity and to calculate the endpoint of the peer.
+     */
+    externalIp: Type.Optional(Type.String()),
+    /**
+     * The endpoint of the WireGuard peer.
+     *
+     * By default, the endpoint is calculated as `externalIp:listenPort`.
+     *
+     * If overridden, does not affect node which implements the identity, but is used in the peer configuration of other nodes.
+     */
+    endpoint: Type.Optional(Type.String())
   },
   secrets: {
     /**
@@ -722,6 +758,16 @@ const identity = defineUnit({
     network: {
       entity: networkEntity,
       required: false
+    },
+    /**
+     * The list of Kubernetes services to expose the WireGuard identity.
+     *
+     * Their IP addresses will be added to the `allowedIps` of the identity and passed to the node to set up network policies.
+     */
+    k8sServices: {
+      entity: serviceEntity,
+      multiple: true,
+      required: false
     }
   },
   outputs: {
@@ -743,29 +789,17 @@ const identity = defineUnit({
 const node = defineUnit({
   type: "wireguard.node",
   args: {
-    listenPort: Type.Optional(Type.Number()),
-    externalIp: Type.Optional(Type.String()),
-    serviceType: Type.Optional(
-      Type.Union([
-        Type.Literal("NodePort"),
-        Type.Literal("LoadBalancer"),
-        Type.Literal("ClusterIP")
-      ])
-    )
+    appName: Type.Optional(Type.String()),
+    serviceType: Type.Optional(serviceTypeSchema)
   },
   inputs: {
     identity: identityEntity,
-    k8sCluster: {
-      entity: clusterEntity$1,
-      required: false
-    },
+    k8sCluster: clusterEntity$1,
     peers: {
       entity: peerEntity,
       multiple: true,
       required: false
-    },
-    innerCircuit: innerCircuitEntity,
-    outerCircuit: outerCircuitEntity
+    }
   },
   meta: {
     description: "The WireGuard node running on the Kubernetes.",
@@ -834,7 +868,8 @@ const generator = defineComponent({
           address: cidr.start({ from: index, type: "addressObject" }).address
         },
         inputs: {
-          network: inputs.network
+          network: inputs.network,
+          k8sServices: []
         }
       });
       peers.push(wgPeer);
@@ -865,39 +900,88 @@ var wireguard = /*#__PURE__*/Object.freeze({
   presharedKeyModeSchema: presharedKeyModeSchema
 });
 
-const mariadbEntity = defineEntity({
-  type: "mariadb",
+const repoEntity = defineEntity({
+  type: "restic.repo",
   schema: Type.Object({
-    rootPassword: Type.String(),
-    databases: Type.Array(Type.String())
+    password: Type.String(),
+    remoteDomains: Type.Array(Type.String()),
+    type: Type.Literal("rclone"),
+    rcloneConfig: Type.String(),
+    remoteName: Type.String(),
+    basePath: Type.String()
   }),
   meta: {
-    color: "#f06292"
+    color: "#e56901"
   }
 });
-const postgresqlEntity = defineEntity({
-  type: "postgresql",
+const repo = defineUnit({
+  type: "restic.repo",
+  args: {
+    remoteDomains: Type.Optional(Type.Array(Type.String())),
+    basePath: Type.Optional(Type.String())
+  },
+  secrets: {
+    password: Type.Optional(Type.String()),
+    rcloneConfig: Type.String({ multiline: true })
+  },
+  outputs: {
+    repo: repoEntity
+  },
+  meta: {
+    primaryIconColor: "#e56901",
+    primaryIcon: "material-symbols:backup"
+  },
+  source: {
+    type: "npm",
+    package: "@highstate/restic",
+    path: "repo"
+  }
+});
+
+var restic = /*#__PURE__*/Object.freeze({
+  __proto__: null,
+  repo: repo,
+  repoEntity: repoEntity
+});
+
+const mariadbEntity = defineEntity({
+  type: "mariadb",
   schema: Type.Object({
+    host: Type.String(),
+    port: Type.Number(),
     rootPassword: Type.String(),
-    databases: Type.Array(Type.String())
+    clusterName: Type.Optional(Type.String()),
+    clusterHost: Type.String(),
+    clusterIp: Type.String(),
+    fqdn: Type.Optional(Type.String())
   }),
   meta: {
-    color: "#336791"
+    color: "#f06292"
   }
 });
 const mariadb = defineUnit({
   type: "apps.mariadb",
+  args: {
+    fqdn: Type.Optional(Type.String()),
+    appName: Type.Optional(Type.String())
+  },
   secrets: {
-    rootPassword: Type.String()
+    rootPassword: Type.Optional(Type.String())
   },
   inputs: {
-    k8sCluster: clusterEntity$1
+    k8sCluster: clusterEntity$1,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    dnsProvider: {
+      entity: dnsProviderEntity,
+      required: false
+    }
   },
   outputs: {
-    mariadb: {
-      entity: mariadbEntity,
-      displayName: "MariaDB"
-    }
+    mariadb: mariadbEntity,
+    service: serviceEntity
   },
   meta: {
     displayName: "MariaDB",
@@ -907,23 +991,49 @@ const mariadb = defineUnit({
   },
   source: {
     type: "npm",
-    package: "@highstate/apps",
-    path: "mariadb"
+    package: "@highstate/mariadb",
+    path: "app"
+  }
+});
+
+const postgresqlEntity = defineEntity({
+  type: "postgresql",
+  schema: Type.Object({
+    host: Type.String(),
+    port: Type.Number(),
+    rootPassword: Type.String(),
+    clusterName: Type.Optional(Type.String()),
+    clusterHost: Type.String(),
+    clusterIp: Type.String(),
+    fqdn: Type.Optional(Type.String())
+  }),
+  meta: {
+    color: "#336791"
   }
 });
 const postgresql = defineUnit({
   type: "apps.postgresql",
+  args: {
+    fqdn: Type.Optional(Type.String()),
+    appName: Type.Optional(Type.String())
+  },
   secrets: {
-    rootPassword: Type.String()
+    rootPassword: Type.Optional(Type.String())
   },
   inputs: {
-    k8sCluster: clusterEntity$1
+    k8sCluster: clusterEntity$1,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    dnsProvider: {
+      entity: dnsProviderEntity,
+      required: false
+    }
   },
   outputs: {
-    postgresql: {
-      entity: postgresqlEntity,
-      displayName: "PostgreSQL"
-    }
+    postgresql: postgresqlEntity,
+    service: serviceEntity
   },
   meta: {
     displayName: "PostgreSQL",
@@ -933,33 +1043,61 @@ const postgresql = defineUnit({
   },
   source: {
     type: "npm",
-    package: "@highstate/apps",
-    path: "postgresql"
+    package: "@highstate/postgresql",
+    path: "app"
   }
 });
+
 const vaultwarden = defineUnit({
   type: "apps.vaultwarden",
   args: {
-    domain: Type.String()
+    fqdn: Type.String(),
+    appName: Type.Optional(Type.String())
   },
   inputs: {
-    mariadb: {
-      entity: mariadbEntity,
-      displayName: "MariaDB"
-    },
-    accessPoint: accessPointEntity
+    mariadb: mariadbEntity,
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity$1
+  },
+  secrets: {
+    mariadbPassword: Type.Optional(Type.String())
   },
   meta: {
     displayName: "Vaultwarden",
     description: "The Vaultwarden password manager deployed on Kubernetes.",
     primaryIcon: "simple-icons:vaultwarden"
   },
+  source: {
+    type: "npm",
+    package: "@highstate/vaultwarden"
+  }
+});
+
+const zitadel = defineUnit({
+  type: "apps.zitadel",
+  args: {
+    domain: Type.String()
+  },
+  inputs: {
+    postgresql: {
+      entity: postgresqlEntity,
+      displayName: "PostgreSQL"
+    },
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity$1
+  },
+  meta: {
+    displayName: "Zitadel",
+    description: "The Zitadel IAM deployed on Kubernetes.",
+    primaryIcon: "hugeicons:access"
+  },
   source: {
     type: "npm",
     package: "@highstate/apps",
-    path: "vaultwarden"
+    path: "zitadel"
   }
 });
+
 const gitea = defineUnit({
   type: "apps.gitea",
   args: {
@@ -970,7 +1108,8 @@ const gitea = defineUnit({
       entity: mariadbEntity,
       displayName: "MariaDB"
     },
-    accessPoint: accessPointEntity
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity$1
   },
   meta: {
     displayName: "Gitea",
@@ -983,61 +1122,135 @@ const gitea = defineUnit({
     path: "gitea"
   }
 });
-const zitadel = defineUnit({
-  type: "apps.zitadel",
+
+const traefikGateway = defineUnit({
+  type: "apps.traefik-gateway",
   args: {
-    domain: Type.String()
+    className: Type.Optional(Type.String()),
+    serviceType: Type.Optional(serviceTypeSchema)
   },
   inputs: {
-    postgresql: {
-      entity: postgresqlEntity,
-      displayName: "PostgreSQL"
-    },
+    k8sCluster: clusterEntity$1
+  },
+  outputs: {
+    gateway: gatewayEntity,
+    service: serviceEntity
+  },
+  meta: {
+    displayName: "Traefik Gateway",
+    description: "A Traefik gateway for routing traffic to services.",
+    primaryIcon: "simple-icons:traefikproxy"
+  },
+  source: {
+    type: "npm",
+    package: "@highstate/traefik",
+    path: "gateway"
+  }
+});
+
+const kubernetesDashboard = defineUnit({
+  type: "apps.kubernetes-dashboard",
+  args: {
+    fqdn: Type.String(),
+    appName: Type.Optional(Type.String())
+  },
+  inputs: {
+    k8sCluster: clusterEntity$1,
     accessPoint: accessPointEntity
   },
   meta: {
-    displayName: "Zitadel",
-    description: "The Zitadel IAM deployed on Kubernetes.",
-    primaryIcon: "hugeicons:access"
+    displayName: "Kubernetes Dashboard",
+    description: "The Kubernetes Dashboard deployed on Kubernetes.",
+    primaryIcon: "simple-icons:kubernetes",
+    secondaryIcon: "mdi:dashboard"
   },
   source: {
     type: "npm",
-    package: "@highstate/apps",
-    path: "zitadel"
+    package: "@highstate/kubernetes-dashboard"
+  }
+});
+
+const grocy = defineUnit({
+  type: "apps.grocy",
+  args: {
+    fqdn: Type.String(),
+    appName: Type.Optional(Type.String())
+  },
+  inputs: {
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    },
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity$1
+  },
+  meta: {
+    displayName: "Grocy",
+    description: "Grocy is a web-based self-hosted groceries & household management solution for your home.",
+    primaryIcon: "simple-icons:grocy"
+  },
+  source: {
+    type: "npm",
+    package: "@highstate/grocy"
   }
 });
 
-var apps = /*#__PURE__*/Object.freeze({
+const maybe = defineUnit({
+  type: "apps.maybe",
+  args: {
+    fqdn: Type.String(),
+    appName: Type.Optional(Type.String())
+  },
+  inputs: {
+    postgresql: postgresqlEntity,
+    accessPoint: accessPointEntity,
+    k8sCluster: clusterEntity$1,
+    resticRepo: {
+      entity: repoEntity,
+      required: false
+    }
+  },
+  secrets: {
+    postgresqlPassword: Type.Optional(Type.String()),
+    secretKey: Type.Optional(Type.String())
+  },
+  meta: {
+    displayName: "Maybe",
+    description: "The OS for your personal finances.",
+    primaryIcon: "arcticons:finance-manager"
+  },
+  source: {
+    type: "npm",
+    package: "@highstate/maybe"
+  }
+});
+
+var index = /*#__PURE__*/Object.freeze({
   __proto__: null,
   gitea: gitea,
+  grocy: grocy,
+  kubernetesDashboard: kubernetesDashboard,
   mariadb: mariadb,
   mariadbEntity: mariadbEntity,
+  maybe: maybe,
   postgresql: postgresql,
   postgresqlEntity: postgresqlEntity,
+  traefikGateway: traefikGateway,
   vaultwarden: vaultwarden,
   zitadel: zitadel
 });
 
-const connectionEntity = defineEntity({
-  type: "cloudflare.connection",
-  schema: Type.Object({
-    apiKey: Type.String()
-  }),
-  meta: {
-    color: "#f38020"
-  }
-});
 const connection = defineUnit({
   type: "cloudflare.connection",
   secrets: {
-    apiKey: Type.String()
+    apiToken: Type.String()
   },
   outputs: {
-    connection: connectionEntity
+    dnsProvider: dnsProviderEntity
   },
   meta: {
     displayName: "Cloudflare Connection",
-    description: "Creates a new Cloudflare connection.",
+    description: "Creates a new Cloudflare connection for one zone.",
     primaryIcon: "simple-icons:cloudflare"
   },
   source: {
@@ -1046,36 +1259,10 @@ const connection = defineUnit({
     path: "connection"
   }
 });
-const zone = defineUnit({
-  type: "cloudflare.zone",
-  args: {
-    zoneId: Type.String(),
-    domain: Type.String()
-  },
-  inputs: {
-    connection: connectionEntity
-  },
-  outputs: {
-    dnsProvider: dnsProviderEntity
-  },
-  meta: {
-    displayName: "Cloudflare Zone",
-    description: "Creates a new Cloudflare zone.",
-    primaryIcon: "simple-icons:cloudflare",
-    secondaryIcon: "material-symbols:domain"
-  },
-  source: {
-    type: "npm",
-    package: "@highstate/cloudflare",
-    path: "zone"
-  }
-});
 
 var cloudflare = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  connection: connection,
-  connectionEntity: connectionEntity,
-  zone: zone
+  connection: connection
 });
 
 const cluster = defineUnit({
@@ -1114,7 +1301,7 @@ const channelEntity = defineEntity({
 const obfuscatorNode = defineUnit({
   type: "xt-wgobfs.obfuscator",
   outputs: {
-    outerCircuit: outerCircuitEntity,
+    outerCircuit: endpointEntity,
     channel: channelEntity
   },
   source: {
@@ -1132,7 +1319,7 @@ const deobfuscatorNode = defineUnit({
     channel: channelEntity
   },
   outputs: {
-    outerCircuit: outerCircuitEntity
+    outerCircuit: endpointEntity
   },
   source: {
     type: "npm",
@@ -1151,4 +1338,4 @@ var xtWgobfs = /*#__PURE__*/Object.freeze({
   obfuscatorNode: obfuscatorNode
 });
 
-export { apps, cloudflare, common, k3s, k8s, proxmox, ssh, talos, wireguard, xtWgobfs };
+export { index as apps, cloudflare, common, k3s, k8s, proxmox, restic, ssh, talos, wireguard, xtWgobfs };