Wanted to get a better picture of my personal finances. Used to use Mint for this but no longer do and dont really want to and would rather self host if possible.

Found Firefly III seems to fit the bill and can implment Oauth.

Setup

• Firefly II Helm Chart, using the core helm chart as will BYO postgres.
• Postgres - combination of bitnami helm chart + alpine images for arm64 support with some added features for my cloud.
• oauth2 proxy - combination of first party helm chart + registration pieces for my IDP.

Firefly supports multiuser/remote user authentication via trusted headers

Previously, I had been using the Layer2 ip advertisement of metallb for my cluster. This worked out of the box, but over time some cracks appeared. Some devices, epecially IoT and other smart devices, did not play very nicely with this. They would periodically be unable to route to loadbalancer ips. This create random drop outs of connectivity which really killed the experiance. Resolving this would involve dropping arp caches and/or bouncing the metallb speakers. Limped along with this for a while before putting together a path forward with BGP.

While one of the main tennants of this cluster project is to be entirely selfhosted. There are some things that simply cannot be. One of those things is public DNS.

Chose cloudflare as a domain registrar because not only does it have a terraform provider to manage configuration as code, but also has free to use tunnel proxies as a mechanism to ingress public traffic (more on these later) and the community has created the cloudflare-operator for first class integration of those proxies inside of kubernetes. A perfect match.