From 89539752054dc260b4b3e2028223f1815f9b64de Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 23 Oct 2023 22:16:51 +0200 Subject: [PATCH] Start refactoring --- helmfile/.sops.yaml | 6 + helmfile/badhouseplants/helmfile.yaml | 113 +++++++ helmfile/badhouseplants/namespaces.yaml | 10 + .../badhouseplants/values/secrets.argocd.yaml | 27 ++ .../values/secrets.bitwarden.yaml | 24 ++ .../values/secrets.db-instances.yaml | 33 ++ .../values/secrets.drone-runner-docker.yaml | 22 ++ .../badhouseplants/values/secrets.drone.yaml | 24 ++ .../values/secrets.funkwhale.yaml | 27 ++ .../badhouseplants/values/secrets.gitea.yaml | 40 +++ .../values/secrets.iredmail.yaml | 25 ++ .../badhouseplants/values/secrets.mailu.yaml | 38 +++ .../values/secrets.minecraft.yaml | 28 ++ .../badhouseplants/values/secrets.minio.yaml | 35 ++ .../badhouseplants/values/secrets.mysql.yaml | 23 ++ .../values/secrets.nrodionov.yaml | 28 ++ .../values/secrets.postgres.yaml | 24 ++ .../values/secrets.postgres16.yaml | 24 ++ .../values/secrets.prometheus.yaml | 26 ++ .../badhouseplants/values/secrets.redis.yaml | 26 ++ .../values/secrets.vaultwarden.yaml | 27 ++ .../values/secrets.woodpecker-agent.yaml | 23 ++ .../values/secrets.woodpecker-ci.yaml | 26 ++ .../badhouseplants/values/values.argocd.yaml | 108 ++++++ .../values/values.bitwarden.yaml | 40 +++ .../values/values.db-instances.yaml | 32 ++ .../values/values.docker-mailserver.yaml | 129 ++++++++ .../values/values.drone-runner-docker.yaml | 16 + .../badhouseplants/values/values.drone.yaml | 18 + .../values/values.funkwhale.yaml | 56 ++++ .../badhouseplants/values/values.gitea.yaml | 122 +++++++ .../values/values.iredmail.yaml | 4 + .../values.istio-gateway-resources.yaml | 69 ++++ .../values/values.istio-ingressgateway.yaml | 67 ++++ .../badhouseplants/values/values.istiod.yaml | 14 + .../badhouseplants/values/values.loki.yaml | 11 + .../values/values.longhorn.yaml | 13 + .../badhouseplants/values/values.mailu.yaml | 181 ++++++++++ .../values/values.minecraft.yaml | 180 ++++++++++ .../badhouseplants/values/values.minio.yaml | 121 +++++++ .../badhouseplants/values/values.mysql.yaml | 6 + .../values/values.namespaces.yaml | 11 + .../values/values.nrodionov.yaml | 58 ++++ .../badhouseplants/values/values.openvpn.yaml | 38 +++ .../values/values.postgres.yaml | 10 + .../values/values.postgres16.yaml | 10 + .../values/values.prometheus.yaml | 146 ++++++++ .../values/values.promtail.yaml | 5 + .../badhouseplants/values/values.redis.yaml | 7 + .../values/values.vaultwarden.yaml | 63 ++++ .../values/values.woodpecker-ci.yaml | 38 +++ helmfile/common/values.certificate.yaml | 20 ++ helmfile/common/values.database.yaml | 16 + helmfile/common/values.istio-gateway.yaml | 16 + helmfile/common/values.istio.yaml | 36 ++ helmfile/common/values.metrics-server.yaml | 4 + helmfile/common/values.ns.yaml | 8 + helmfile/common/values.service-monitor.yaml | 16 + helmfile/environments.yaml | 5 + helmfile/etersoft/helmfile.yaml | 5 + helmfile/etersoft/values/secrets.minio.yaml | 38 +++ .../values/values.istio-ingressgateway.yaml | 21 ++ helmfile/etersoft/values/values.istiod.yaml | 7 + helmfile/etersoft/values/values.minio.yaml | 94 ++++++ helmfile/etersoft/values/values.openvpn.yaml | 43 +++ helmfile/extensions.yaml | 42 +++ helmfile/helmfile.yaml | 50 +++ helmfile/releases.yaml | 313 ++++++++++++++++++ helmfile/repositories.yaml | 42 +++ 69 files changed, 3028 insertions(+) create mode 100644 helmfile/.sops.yaml create mode 100644 helmfile/badhouseplants/helmfile.yaml create mode 100644 helmfile/badhouseplants/namespaces.yaml create mode 100644 helmfile/badhouseplants/values/secrets.argocd.yaml create mode 100644 helmfile/badhouseplants/values/secrets.bitwarden.yaml create mode 100644 helmfile/badhouseplants/values/secrets.db-instances.yaml create mode 100644 helmfile/badhouseplants/values/secrets.drone-runner-docker.yaml create mode 100644 helmfile/badhouseplants/values/secrets.drone.yaml create mode 100644 helmfile/badhouseplants/values/secrets.funkwhale.yaml create mode 100644 helmfile/badhouseplants/values/secrets.gitea.yaml create mode 100644 helmfile/badhouseplants/values/secrets.iredmail.yaml create mode 100644 helmfile/badhouseplants/values/secrets.mailu.yaml create mode 100644 helmfile/badhouseplants/values/secrets.minecraft.yaml create mode 100644 helmfile/badhouseplants/values/secrets.minio.yaml create mode 100644 helmfile/badhouseplants/values/secrets.mysql.yaml create mode 100644 helmfile/badhouseplants/values/secrets.nrodionov.yaml create mode 100644 helmfile/badhouseplants/values/secrets.postgres.yaml create mode 100644 helmfile/badhouseplants/values/secrets.postgres16.yaml create mode 100644 helmfile/badhouseplants/values/secrets.prometheus.yaml create mode 100644 helmfile/badhouseplants/values/secrets.redis.yaml create mode 100644 helmfile/badhouseplants/values/secrets.vaultwarden.yaml create mode 100644 helmfile/badhouseplants/values/secrets.woodpecker-agent.yaml create mode 100644 helmfile/badhouseplants/values/secrets.woodpecker-ci.yaml create mode 100644 helmfile/badhouseplants/values/values.argocd.yaml create mode 100644 helmfile/badhouseplants/values/values.bitwarden.yaml create mode 100644 helmfile/badhouseplants/values/values.db-instances.yaml create mode 100644 helmfile/badhouseplants/values/values.docker-mailserver.yaml create mode 100644 helmfile/badhouseplants/values/values.drone-runner-docker.yaml create mode 100644 helmfile/badhouseplants/values/values.drone.yaml create mode 100644 helmfile/badhouseplants/values/values.funkwhale.yaml create mode 100644 helmfile/badhouseplants/values/values.gitea.yaml create mode 100644 helmfile/badhouseplants/values/values.iredmail.yaml create mode 100644 helmfile/badhouseplants/values/values.istio-gateway-resources.yaml create mode 100644 helmfile/badhouseplants/values/values.istio-ingressgateway.yaml create mode 100644 helmfile/badhouseplants/values/values.istiod.yaml create mode 100644 helmfile/badhouseplants/values/values.loki.yaml create mode 100644 helmfile/badhouseplants/values/values.longhorn.yaml create mode 100644 helmfile/badhouseplants/values/values.mailu.yaml create mode 100644 helmfile/badhouseplants/values/values.minecraft.yaml create mode 100644 helmfile/badhouseplants/values/values.minio.yaml create mode 100644 helmfile/badhouseplants/values/values.mysql.yaml create mode 100644 helmfile/badhouseplants/values/values.namespaces.yaml create mode 100644 helmfile/badhouseplants/values/values.nrodionov.yaml create mode 100644 helmfile/badhouseplants/values/values.openvpn.yaml create mode 100644 helmfile/badhouseplants/values/values.postgres.yaml create mode 100644 helmfile/badhouseplants/values/values.postgres16.yaml create mode 100644 helmfile/badhouseplants/values/values.prometheus.yaml create mode 100644 helmfile/badhouseplants/values/values.promtail.yaml create mode 100644 helmfile/badhouseplants/values/values.redis.yaml create mode 100644 helmfile/badhouseplants/values/values.vaultwarden.yaml create mode 100644 helmfile/badhouseplants/values/values.woodpecker-ci.yaml create mode 100644 helmfile/common/values.certificate.yaml create mode 100644 helmfile/common/values.database.yaml create mode 100644 helmfile/common/values.istio-gateway.yaml create mode 100644 helmfile/common/values.istio.yaml create mode 100644 helmfile/common/values.metrics-server.yaml create mode 100644 helmfile/common/values.ns.yaml create mode 100644 helmfile/common/values.service-monitor.yaml create mode 100644 helmfile/environments.yaml create mode 100644 helmfile/etersoft/helmfile.yaml create mode 100644 helmfile/etersoft/values/secrets.minio.yaml create mode 100644 helmfile/etersoft/values/values.istio-ingressgateway.yaml create mode 100644 helmfile/etersoft/values/values.istiod.yaml create mode 100644 helmfile/etersoft/values/values.minio.yaml create mode 100644 helmfile/etersoft/values/values.openvpn.yaml create mode 100644 helmfile/extensions.yaml create mode 100644 helmfile/helmfile.yaml create mode 100644 helmfile/releases.yaml create mode 100644 helmfile/repositories.yaml diff --git a/helmfile/.sops.yaml b/helmfile/.sops.yaml new file mode 100644 index 0000000..99e7207 --- /dev/null +++ b/helmfile/.sops.yaml @@ -0,0 +1,6 @@ +creation_rules: + - path_regex: .*/values/secrets.* + key_groups: + - age: + - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + diff --git a/helmfile/badhouseplants/helmfile.yaml b/helmfile/badhouseplants/helmfile.yaml new file mode 100644 index 0000000..89ced65 --- /dev/null +++ b/helmfile/badhouseplants/helmfile.yaml @@ -0,0 +1,113 @@ +--- +{{ readFile "../releases.yaml" }} + +releases: + - <<: *drone + installed: true + namespace: drone-service + createNamespace: false + + - <<: *drone-runner-docker + installed: true + namespace: drone-service + createNamespace: false + + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + + - <<: *argocd + installed: true + namespace: argo-system + createNamespace: false + + - <<: *nrodionov + installed: true + namespace: nrodionov-application + createNamespace: false + + - <<: *minecraft + installed: true + namespace: minecraft-application + createNamespace: false + + - <<: *gitea + installed: true + namespace: gitea-service + createNamespace: false + + - <<: *funkwhale + installed: true + namespace: funkwhale-application + createNamespace: false + + - <<: *prometheus + installed: true + namespace: monitoring-system + createNamespace: true + + - <<: *loki + installed: false + namespace: monitoring-system + createNamespace: false + + - <<: *promtail + installed: false + namespace: monitoring-system + createNamespace: false + + - <<: *bitwarden + installed: false + namespace: bitwarden-application + createNamespace: true + + - <<: *redis + installed: true + namespace: database-service + createNamespace: true + + - <<: *postgres16 + installed: true + namespace: database-service + createNamespace: true + + - <<: *db-operator + installed: true + namespace: database-service + createNamespace: true + + - <<: *db-instances + installed: true + namespace: database-service + createNamespace: true + + - <<: *mysql + installed: true + namespace: database-service + createNamespace: true + + - <<: *docker-mailserver + installed: true + namespace: mail-service + createNamespace: true + + - <<: *istio-gateway-resources + installed: true + namespace: istio-system + createNamespace: false + + - <<: *vaultwarden + createNamespace: true + installed: true + namespace: vaultwarden-application + + - <<: *woodpecker-ci + installed: true + namespace: woodpecker + createNamespace: true + +bases: + - ../environments.yaml + - ../repositories.yaml + diff --git a/helmfile/badhouseplants/namespaces.yaml b/helmfile/badhouseplants/namespaces.yaml new file mode 100644 index 0000000..5421b9d --- /dev/null +++ b/helmfile/badhouseplants/namespaces.yaml @@ -0,0 +1,10 @@ +--- +releases: + - name: namespaces + chart: bedag/raw + version: 2.0.0 + values: + - ./values/values.namespaces.yaml +bases: + - ../environments.yaml + - ../repositories.yaml diff --git a/helmfile/badhouseplants/values/secrets.argocd.yaml b/helmfile/badhouseplants/values/secrets.argocd.yaml new file mode 100644 index 0000000..371d4d1 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.argocd.yaml @@ -0,0 +1,27 @@ +server: + config: + dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] +configs: + credentialTemplates: + ssh-creds: + sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-03-04T16:16:37Z" + mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.bitwarden.yaml b/helmfile/badhouseplants/values/secrets.bitwarden.yaml new file mode 100644 index 0000000..4407926 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.bitwarden.yaml @@ -0,0 +1,24 @@ +env: + ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str] +smtp: + password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKL3M4VWJBQzZQdHRDcXVw + VWIwcjd0Zm44V01DTW1aV2FhV1QvT2hpcUVZClJ2dHdvcDYxalEvMXB2a1F1WlRy + K1VOYmg4cWprSHpLSVJVK1lYVXR5cWMKLS0tIGJ3bHNIZE9zR3RuZmpmMlZBQ1Qr + dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1 + amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-15T12:20:48Z" + mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/helmfile/badhouseplants/values/secrets.db-instances.yaml b/helmfile/badhouseplants/values/secrets.db-instances.yaml new file mode 100644 index 0000000..f8caa3a --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.db-instances.yaml @@ -0,0 +1,33 @@ +dbinstances: + postgres: + secrets: + adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] + adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] + postgres16: + secrets: + adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] + adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] + mysql: + secrets: + adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] + adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-04T02:28:20Z" + mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/helmfile/badhouseplants/values/secrets.drone-runner-docker.yaml b/helmfile/badhouseplants/values/secrets.drone-runner-docker.yaml new file mode 100644 index 0000000..eb18677 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.drone-runner-docker.yaml @@ -0,0 +1,22 @@ +env: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 + Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi + aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ + em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh + DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-21T09:27:21Z" + mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.drone.yaml b/helmfile/badhouseplants/values/secrets.drone.yaml new file mode 100644 index 0000000..82877c3 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.drone.yaml @@ -0,0 +1,24 @@ +env: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:W1OAxQIUbVU8uYHtxujhPyww4jscNH4LwMAGOU5v,iv:ouToTniIMiy757x40MKMtmLFBVzpuGxSYOTMZmmN8ck=,tag:RZ/cb7cRXDQSAQwGqdX+zw==,type:str] + DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:7Ohn3nGR9VeIhAr9EdW1/juRFo3TXpKIwU07hD8mGoyBrbyn,iv:9/y3Ou8H/PL2hMsirJaqviKGQuzVlzL43iGAKQb9NII=,tag:EZoo2F4/HoOcacWOVU9yjA==,type:str] + DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:2wAbiSJdDb5lGUOocK14pZtwQI0EFmXGStAigKsPGAZUKyn7M0B6xBO1+B3wZYVnIKEohiNIZF7k,iv:Y9aCzdSH5cAIZfk84Clto/IrQMRaoH+bOkvbP+9CcLM=,tag:FVfLsEA56WGNCl/8ut4F/Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaREllV3RqUVg0anpIU1Rj + RFh3WkdGdEU5bWg0bWk3bWU5OHFkeFF6SGh3CmlOek9zL2w4a0ZHc0p0WTNucE1Q + dVpDeW93QlNHZGY1dWhOc0FneUFjQUUKLS0tIEhuZE1CMmZLZFIxbXJTZmIzcEE4 + QStxOG1iMWlxQ2dmOXRabXp4cm9NSU0K/+CRAc7DH4PgbQscXvDb7yLe8VoEpixr + icD3GL37kYE2D4h1cm+p+/b7BF4/yjNlCUvo5cITXRjZAuiWGwUixQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-18T17:11:19Z" + mac: ENC[AES256_GCM,data:d9G44MW63rUa/MQaW/rLQQ4dlgOOje6qaS1V7yWT3HrkRLOXRCfuK5E+XeWC1PuQwMk0ghaNYJDT0FTnBsoJbxlu+7Vb91qlItn+azvldOFDvtGTRpAK7bPjM+p+G4/gZsgarFxaTh7py6Z/HsoqP1RvaK8GWNhRl7VfTiFuUrA=,iv:e4IXbSSiHMTPc3WijuwgF8L5aG5iMMfu6P/IYD2cp5A=,tag:aGqcqjjrO+PfYxfIAgSmeQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.funkwhale.yaml b/helmfile/badhouseplants/values/secrets.funkwhale.yaml new file mode 100644 index 0000000..1730f80 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.funkwhale.yaml @@ -0,0 +1,27 @@ +djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] +postgresql: + auth: + password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] +redis: + auth: + password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw + TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL + VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y + dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA + GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-04T18:47:37Z" + mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/helmfile/badhouseplants/values/secrets.gitea.yaml b/helmfile/badhouseplants/values/secrets.gitea.yaml new file mode 100644 index 0000000..6d28634 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.gitea.yaml @@ -0,0 +1,40 @@ +gitea: + admin: + username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] + password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] + config: + mailer: + PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] + database: + PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] + session: + PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] + cache: + HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] + queue: + CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] + oauth: + - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] + provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] + key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] + secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 + QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu + LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 + Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN + WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-15T09:58:05Z" + mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/helmfile/badhouseplants/values/secrets.iredmail.yaml b/helmfile/badhouseplants/values/secrets.iredmail.yaml new file mode 100644 index 0000000..e2f189e --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.iredmail.yaml @@ -0,0 +1,25 @@ +config: + env: + FIRST_MAIL_DOMAIN_ADMIN_PASSWORD: ENC[AES256_GCM,data:dcrMgiX2egbSllo4esVRcJ340oQBRpVkRA==,iv:NQpe96WmGRAnLmeAK0VT/zdJ8MS/8RfAJIwNsL8alHY=,tag:CjppOC4SEW7a9u4Q2xlm8g==,type:str] + MLMMJADMIN_API_TOKEN: ENC[AES256_GCM,data:OxsD/v9ACQuoyHrxZmIdq8TUqmbWCh8GhGaSQTBGfS+vp+v2rdfKIm4WTnI=,iv:68Vli4aaCOiFixooz5cHABuRLuOrw9/HNpBNQzVwAkg=,tag:RXBXFzGCOO6MhoeNhES/+w==,type:str] + ROUNDCUBE_DES_KEY: ENC[AES256_GCM,data:RZni9nCThb9xzzNrN6JTQsLetnMB9cSo1L7hwLERnbA=,iv:L3r0I8sQkoicwy6odvuF3HfIEDQVgnOtn/OMpF16Dis=,tag:ZFaoIywA+FJ/GHAZAGjU2g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZlAvUXJBdzM3RjJMdHNG + SjRpSTBYNUs5NEoxRFdLZDN0a2IyQlp1ODB3CnQycFk3SkM2Ny82U1RZZmE1cWxG + TTQxUzhWRWlPQmxYUnN5dVJpb0FWa1EKLS0tIDZSK1NvSmNUQkZucFJCM3FiRHlI + L0VKb2JCc29XWjVkODJxTmxPZXZJc3MKyDy9BH0W1OgEONm3PLCskOWtIr2YW2V8 + 3Lc0Au6lLYetVCvSB82/uylZBHc9yQ2rNdLBUrm1zyDZJW/BmNpVLQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-17T05:06:27Z" + mac: ENC[AES256_GCM,data:WP9F1N5ZTYwJk3UfiSwf/QJHp06pawdbu6kUBOMTq1tWOZ/zhCRe0vJzU7alUxhw1RZu8f6tUNeh6qXxt/4mrSuy5dRjOKOJyRioIcRCdg4Z+2jVycDAA2VlPB1oDQj0CIdrW4hvM02KZKxcOy9KP8iRQaYqLlhvWrTAQZ9HAIA=,iv:d/wZUbaU9EkBPRIxqCDDXpp8AMjjHnXxej726q37Ni4=,tag:AC4FvAFBTYOcI02bFD+MHw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.mailu.yaml b/helmfile/badhouseplants/values/secrets.mailu.yaml new file mode 100644 index 0000000..5e20299 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.mailu.yaml @@ -0,0 +1,38 @@ +secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str] +initialAccount: + enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool] + username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] + domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] + password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str] +postgresql: + auth: + password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] + postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str] + secretKeys: + adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str] + userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str] +global: + database: + roundcube: + password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw + YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh + b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv + RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp + QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-04-28T08:37:51Z" + mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.minecraft.yaml b/helmfile/badhouseplants/values/secrets.minecraft.yaml new file mode 100644 index 0000000..1639eb7 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.minecraft.yaml @@ -0,0 +1,28 @@ +minecraftServer: + rcon: + password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] +mcbackup: + resticEnvs: + RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-15T15:32:19Z" + mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.minio.yaml b/helmfile/badhouseplants/values/secrets.minio.yaml new file mode 100644 index 0000000..a4ce952 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.minio.yaml @@ -0,0 +1,35 @@ +rootPassword: ENC[AES256_GCM,data:7baD0HwMztU27TymEWp+Ad1s8Zc=,iv:CXiTBEGU1tr99ibNxcFO6RtiC7gjtqSqYrtfmbwocIQ=,tag:ravi1nGLEVSqELVskv71CA==,type:str] +users: + - accessKey: ENC[AES256_GCM,data:9ZhHOes+vQM=,iv:ltKbQ0KW8/Jmn7kmTaGaDcerlkquTXhGr0wbMMwxNgA=,tag:X6n+44dvPAm4v2rcxYkPEQ==,type:str] + secretKey: ENC[AES256_GCM,data:mzWBQcPitrpwIMqBrbtBs3RBDg==,iv:cLA6Wvmf5il54DFkNbwQ27wPxAm/eqSrxAc3MVELero=,tag:nUc83Ctqw4PTwirkUr803A==,type:str] + policy: ENC[AES256_GCM,data:szr/D/u/ng0=,iv:jzm7Q4zdKQpNV0FgJ4jA9CuN7r912ySBJHmxKeQGS2I=,tag:cKarFmhIbBEtslSxOc4mcA==,type:str] +oidc: + enabled: ENC[AES256_GCM,data:lK45+A==,iv:NcoTJPt4XZGRlVRwpsmuI5nu66cGVksQBRAwRval5JY=,tag:kjtPLITQLBOqjF3IaJAL8w==,type:bool] + configUrl: ENC[AES256_GCM,data:ZNVvWPlFPA1xgfysavsEusfxE2ySIM9FYatYqfWPnUrHKMtCxYlrn1ip3nTYL2JHvjM3yltLBNbqWMCGlgtw,iv:p1F2DqCFaKvjYKhMieFytnMuggrec8DmBzDATLTVe+8=,tag:3EtpPSyRlGThov5OcZfV+g==,type:str] + clientId: ENC[AES256_GCM,data:kO7PkjN+5GqZCxChvtbTQb/5zo7nVxfh7MZqbDoJLIKMEfth,iv:ti3Xlc3sRVOVGtxGw/pT5iBy5rBqV2v+MhiNF3Krb9U=,tag:3LUDIkq08zGmvjJtSnE/jA==,type:str] + clientSecret: ENC[AES256_GCM,data:PVe+8SlNrznBiFVNpuQXIcuPkUXyUJ7DObZpRvlgA8JjUHXTy3VY7soyJVBZEMfYbNjSLLcKcWM=,iv:fbh2RcQdPf3jUt2AOI3xp09SSEaWzI4rLGZmlZY46uM=,tag:wvEBkkPsXoQXAP7fN1iDMA==,type:str] + claimName: ENC[AES256_GCM,data:+XEw9sQ5,iv:DgGZf/GwkJsk4lfI8TBBaGfwN8YESMu9BSOBLJkbz78=,tag:A4hvQYEaZxPNf9CZp9+YUQ==,type:str] + redirectUri: ENC[AES256_GCM,data:+Q8cNCvslAcO4m7VJwNe/CpEntyHfuHOrHqqtlrDILkfc0IRAA8aSbZwbA2v+So=,iv:GwzNILyqLuAYUQFKbt5WE+VCdOzSTBmGCAHcCAnzxXk=,tag:p9/86/r2DfT1mkQu+aQJfQ==,type:str] + comment: ENC[AES256_GCM,data:TO3kA0i503ZA+EFhKa2AZw==,iv:Cl3NvvgXz71AaCgMl062urNtcBtgk832vtxTs9MJwik=,tag:JwerK2q1L7xMv/NIoWkESw==,type:str] + claimPrefix: "" + scopes: ENC[AES256_GCM,data:TuXqq8d+Xo/1ZNi036wx1GhbNPSF2sv8uYUy,iv:u9VfqbAGR94vLPD7nnsKuz5b2sbpUhs1TT7Ah8quX7c=,tag:jZplD/t4rA+p7TtisrC9mg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VjY3eWQ4V29rQ2VUejA5 + cG1JTTBCVWY5WGpaVFpDNU8yRTJaUEcwYTI4CnhHVjZrSFVnTGg1Yyt2ekM2YkRr + RzljT003RFVURFVRaThaNnYyOTZka1UKLS0tIFYyd1JIQzQ2VEZ2b2xabXM4TFVp + NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y + zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-03-13T07:52:39Z" + mac: ENC[AES256_GCM,data:ognemBsF32MrBDoUTcmwW1W5VI//FADb/p0Do8aQttsikYMVLcFZqWx7Dyhu8CfOWsXL/atVLh2Gj3dkxjsmDFI8uUd4gwq0oMYtk7gR09WrrigDtV1UPgDgyLO3nW4/YmTYGx0fLcsFyGJMm1Pp08Sk+oGcP2Xt+zBAch6/xyE=,iv:Q6dAGFlaTQL7zbR1Z868zo3HbWW4/xpoaWdyw/k/c0U=,tag:I6X2USyt1AhgzjlY469jOA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.mysql.yaml b/helmfile/badhouseplants/values/secrets.mysql.yaml new file mode 100644 index 0000000..52fd510 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.mysql.yaml @@ -0,0 +1,23 @@ +auth: + rootPassword: ENC[AES256_GCM,data:X7htluDDokepRf8GVV4eu+pGM2o=,iv:DJ893dKr/4SFBEl8HnYv2PMb3Nb2AfL1RVgN2QmDRmA=,tag:W6QX7k92P7bgi3Ji/64xHg==,type:str] + password: ENC[AES256_GCM,data:hlXWCWbFnmbuUg==,iv:d9ZmklpwJa13wyNjrqNfFMEbJDSQ+NeyB4gj+59g09Q=,tag:Ps4oq5XWDIx7HnvCCnB/FQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-30T15:06:09Z" + mac: ENC[AES256_GCM,data:oiigjlyNoSm5hcdB58MWUxhqcYzE5XtA5LEDUCUX4r0inNd8UuLP029jz6bvQ7E/wFpiGNVTFAlFB1HA/YVwai/siovy5H2DL6g4LS3k+fxLKc3lwo3BvkaBi9X2aYu7vGBJpNe3KxBdWFyjkEQVoux1RD8JJBYNquMu9tW3K/g=,iv:1H7pF0Tr6GcgDt9ItXiTBOTFa55wb9pOdTF3jNJlPiY=,tag:dQ9nrAKr+qo4JpqD2wJXjg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.nrodionov.yaml b/helmfile/badhouseplants/values/secrets.nrodionov.yaml new file mode 100644 index 0000000..0f98798 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.nrodionov.yaml @@ -0,0 +1,28 @@ +wordpressPassword: ENC[AES256_GCM,data:yYE91wuc9uOzIQ==,iv:jLqs0BZcEIG73roA/wxtK74xX+osePoIaKhg6XvuAXE=,tag:9a3n1tbRAy4TaU0OE8uZcQ==,type:str] +wordpressEmail: ENC[AES256_GCM,data:Fy6mIfhu0DuO+MSp1TPN7On6cFZk,iv:bxYiJBYgbuQsWPRWKfubmNZ/jShMBLeiPDyw7XtOAkY=,tag:RyBuqoNGoTzKR68RNSgumA==,type:str] +mariadb: + auth: + rootPassword: ENC[AES256_GCM,data:oex+HDJ5SnaYrw==,iv:5HfGr27bpbXTROVMIWodMUe0WN6T3tXEESYSXwUUxw0=,tag:K83scpenVclwsEnGolsQiQ==,type:str] + database: ENC[AES256_GCM,data:xqBbXrRmtrUPaCZBC4NTelk=,iv:HOQHpilfi5TpD1jqI8XaEzO6W4CfdLBsTn+ACFWNhdE=,tag:EnsdqkExZi7PE7X4LlwBxA==,type:str] + username: ENC[AES256_GCM,data:oxVjkciMzifFIuhF,iv:kQsEGv9HIB+RTs54KfU8s/fpp1ooyzLK5lBQJZGSvy0=,tag:Y0uzVdsGb6McWRGPk2dNBQ==,type:str] + password: ENC[AES256_GCM,data:HV2d0nHUrOdE2Suju6/EUQ==,iv:HLOoCUdtOhm7ss8WSBkEAT4ulR+fwSNF4Oqv1XwDfrU=,tag:BBlW+z5LLmvtIwG69+De0Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1V2tQdkFWenZWZU1pT1JY + cXpVV3UxNnN6and1R0lBd1NrcXdWNTdibkFnCkJxeERBYyt4ZUtabWl5dlIxNmJZ + blhSUHZWTk1PVS9RUThlNFRBREh0T1UKLS0tIENKK200NnRDNUJCeGNTeFB5Z1BI + a2l5SG4yTjhmUlorWlJNbmFDekN5LzgKCS8nqMu72GDYjuSrfgbp/KZbHfhOdpyu + WpT0T6pk/oOc9ohQKGD/jvcjrMW7OZ5uYpZc/4gPdLKcOnNB+BEo/g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-19T20:44:54Z" + mac: ENC[AES256_GCM,data:ZCsQBgVwgAEfVh3Qhyiq7WDbthwliLqDzy4cyfpRN54oQ1SfuTofLKJmdPgmdraDJaCjxgb9zM0RfXS9x2wcFXWc2Q8I06TmWIEbZ1jehSqlQk1WmWWP7P6LqIvA0AY/c32tUhO9kmuftiOcT8sDmiFB/MqHBahAmdTT+0vo4LI=,iv:gcSDUwTMmuNtNTf4wtmSlXSvbje25wd288gnLEQx294=,tag:lcwpAyfDRgGfZ+H07ZkcZw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.postgres.yaml b/helmfile/badhouseplants/values/secrets.postgres.yaml new file mode 100644 index 0000000..a3223c8 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.postgres.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:NopZyPWiTKPPVzLcvVLN3JgMQjQ=,iv:rWVhR2wChvQSIa7eBPrvnWO2ydLZ2D8oF87INiy8NX4=,tag:Xb0qbED6QXu5QBgHY6hrOA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-21T12:58:01Z" + mac: ENC[AES256_GCM,data:ShHWH9RIL4rJ5X0IvThOtyM28AC+1bJLr4PJJdYSLtV9T7Wcs2LbmWxtM2tpRyzMeZjYKJrsstGYgxBevr1BpfGBIeR4+JCwrbdK4AOq2VbLMpH7nMOU/huuUpxOopweRBTwZOEMRBkSkEk4qPvebLHEqUi6aNGdtxOINmHv/fA=,iv:C/iJOSshanbhSQ9Be712aSN2B8aXndPpP4655SQONeQ=,tag:BAJIzrYfh8a59OzkxDOrbw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 \ No newline at end of file diff --git a/helmfile/badhouseplants/values/secrets.postgres16.yaml b/helmfile/badhouseplants/values/secrets.postgres16.yaml new file mode 100644 index 0000000..e466bb1 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.postgres16.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-04T02:27:48Z" + mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/helmfile/badhouseplants/values/secrets.prometheus.yaml b/helmfile/badhouseplants/values/secrets.prometheus.yaml new file mode 100644 index 0000000..8e23981 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.prometheus.yaml @@ -0,0 +1,26 @@ +grafana: + adminPassword: ENC[AES256_GCM,data:AuPGLXN861DvndWdecukXKzt91sGGIMBToj7tO3J,iv:gKmj0gurV77e/jbxdyxhaxkmmsp738vB6ZAfzRFf45M=,tag:rKOkedx87g4MlRk6npgXiA==,type:str] + adminUser: ENC[AES256_GCM,data:Esh/6bXMez8=,iv:cRdvkpnO8gNOaKy+4kPcq69ksdXxuZClnjSvBp4yto8=,tag:ZgycOsDXJIT1mrN6nJHw3g==,type:str] + grafana.ini: + auth.generic_oauth: + client_secret: ENC[AES256_GCM,data:+4Qfo4aR9TMZprWL9U6lFx4B86d3ywH2O5K6rM5hmv2gROeFinp7k5p9C2pgNubIK9W3TlWSZAw=,iv:uFX2Lz3s2/aR5rcwsDvfuUGbKHNxh43ZiuCNaT5b1dw=,tag:8YdsVMaHbP6wqjubb9Ab2w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeTlhQ2xpK0dvMU00ejh4 + bjZxZVMvMEFobGFqYU55a3dxcTlnRitkS2wwCmJVNHhQNHJHTVBxbk4xQ1RWbkFv + TUNGY3YvQUIyTUJYNEZmOWRYd3JaUHcKLS0tIHJ5STVXV0hxRUdYQmNXSFR2U0Vv + NXQ5SjNQUW9JOStDclZuYUlqV3FaWWsKvu2T2LmDjuJgnB0djjhJczsvDjFsH/D/ + QDPkkl2G1luDoIjBj21uoy0daqfyskd4Yw2ZsPsZU6zuEGdFj52Qbw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-29T11:41:00Z" + mac: ENC[AES256_GCM,data:7Xs7W6smDPr8fp4AapKcUvHUsYRKkTQ3wb4CuDmL0ziQs2d73ueezEembp7RRaBQ/Q5jACY1dHQg42+4YymcTt8NqJ6SE4G7f9iqJu3rr5g5lh8mYP8ft8J1/l2jrQtCSfxyzuG2CPZRycQIo+0Tq++w6iK0iy6ExPt8cDNR2Ao=,iv:v8m4CEW6FG5rWV8fKsqACh37X9yzsB/Bl1wh+4348rI=,tag:Up71zDf12JMDjK8uIxnsLA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.redis.yaml b/helmfile/badhouseplants/values/secrets.redis.yaml new file mode 100644 index 0000000..14b99c2 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.redis.yaml @@ -0,0 +1,26 @@ +global: + redis: + #ENC[AES256_GCM,data:QRLnzdJ/lmaItppUMOZO33kySISWDfMdjr2nrEjBuhucnoglEVNF9Wy5IVbt5CNERajCADTVWNy/N40uCv+9n3PQVKl+Ki6YV+Q24Bzy,iv:8PvJ2yU7AW+/XkP+/9OQcrdCVAomnRexkNNw+2rjoho=,tag:U4gbrqqBwvXC63qn7jFmPQ==,type:comment] + #ENC[AES256_GCM,data:69gagNeejZaafGWo/Rll,iv:kW13FOrc/j//BxVj4JgEC0G/DQIOPHil0uNXpOM2/W0=,tag:sqviMlgQHiN397ukswoNsg==,type:comment] + #ENC[AES256_GCM,data:C8ta7Vtb3LpOotE=,iv:Kdat2trhQIQHxIpD7xhUoLRYo+a4PgzpB+S0w32somA=,tag:jgH656M8a14QhA//sN6MGg==,type:comment] + password: ENC[AES256_GCM,data:qdV5FH2K4w9gj4SFznfflY8Uw3ohSCO4lOE4Hea4,iv:/XYT2xiHlfRB1NLkw+Qm/QaWehvs9v8PUp2ZfMxeyRA=,tag:06XSi3K7y+9a50nZK1LAfQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-29T20:22:15Z" + mac: ENC[AES256_GCM,data:DIdcvQXu7rivXdPFPjfzs1AeJ5bRvUBD+Hq9mH7Hp/+iqrG03fWSF2NF1ra8KfEIg6TDsyMnQLWvipxBlA654BLBNrABFoGwLsdVsATBORz0kNNY862qfyhSOaaTBHTWhPVpbjGnYav+bi5pfvbLC9yJm3SjIRtUbnaNVWvqMq0=,iv:d7SaPZLb/px7fy+bGJnH3bfNBmqbhwMijyNB0jfYgLE=,tag:LT5hJoDcSiP5FVgj0M2sCA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/badhouseplants/values/secrets.vaultwarden.yaml b/helmfile/badhouseplants/values/secrets.vaultwarden.yaml new file mode 100644 index 0000000..9c2e617 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.vaultwarden.yaml @@ -0,0 +1,27 @@ +vaultwarden: + smtp: + username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] + password: + value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str] + adminToken: + value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo + WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 + dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a + U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT + HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-20T07:01:25Z" + mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/helmfile/badhouseplants/values/secrets.woodpecker-agent.yaml b/helmfile/badhouseplants/values/secrets.woodpecker-agent.yaml new file mode 100644 index 0000000..f71db04 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.woodpecker-agent.yaml @@ -0,0 +1,23 @@ +env: + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str] + WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1 + RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz + ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0 + SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY + 870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-05T08:06:51Z" + mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/helmfile/badhouseplants/values/secrets.woodpecker-ci.yaml b/helmfile/badhouseplants/values/secrets.woodpecker-ci.yaml new file mode 100644 index 0000000..dedead1 --- /dev/null +++ b/helmfile/badhouseplants/values/secrets.woodpecker-ci.yaml @@ -0,0 +1,26 @@ +server: + env: + WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str] +agent: + env: + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:rnxJ1aKdMnJDXbiQFIUP2a1zaB/hfdXZ0YLwegT+aMSM4tBRV+YgQ/0OvoUuoTC2j1Jtp1SnY94=,iv:XHDR0WSiG1zwOkqTUnVtw0hLceWyI4W5sYNrsnXAAik=,tag:6mddyqwUd/mOQeEGIJlQhQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5 + QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn + bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4 + WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8 + ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-14T16:17:58Z" + mac: ENC[AES256_GCM,data:guD5+TBhN9n0WKRN4Ffzo0khhL+3CroELwxTfvUPmxQndFBzOnw/kvj8ZP/NBHMwAiQ1sirUdoJE0QKruHpkHlPs0slyNK0adGExPlSmn9fS5egltbtthzZYbftTJKFlImo3/3Z6tapBWN8neJNc3fhtZbItuwgfYJecXPPqW7Q=,iv:bqqhU1KDfzIN4LOY4dMpSw8XT/2j+NiD74M56jSpjWE=,tag:VGXSlEreapoSFCUnfHXIXA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/helmfile/badhouseplants/values/values.argocd.yaml b/helmfile/badhouseplants/values/values.argocd.yaml new file mode 100644 index 0000000..7d01d6c --- /dev/null +++ b/helmfile/badhouseplants/values/values.argocd.yaml @@ -0,0 +1,108 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: argocd-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: argo.badhouseplants.net + service: argocd-server + port: 80 + +controller: + resources: + limits: + memory: 512Mi + cpu: 200m + requests: + cpu: 100m + memory: 512Mi + metrics: + enabled: true + applicationLabels: + enabled: false + labels: [] + service: + annotations: {} + labels: {} + servicePort: 8082 + portName: http-metrics + serviceMonitor: + enabled: false + interval: 30s + relabelings: [] + metricRelabelings: [] + selector: {} + scheme: "" + tlsConfig: {} + additionalLabels: {} + rules: + enabled: false + spec: [] +dex: + metrics: + enabled: false + serviceMonitor: + enabled: false +redis: + metrics: + enabled: false + serviceMonitor: + enabled: false +server: + metrics: + enabled: true + serviceMonitor: + enabled: false + rbacConfig: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, *, badhouseplants/*,allow + config: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" + + extraArgs: + - --insecure + +repoServer: + metrics: + enabled: false + serviceMonitor: + enabled: false + + imagePullSecrets: + - name: regcred + +configs: + credentialTemplates: + ssh-creds: + url: git@github.com + +applicationSet: + metrics: + enabled: false + serviceMonitor: + enabled: false + + repositories: + argo-deployment: + url: git@github.com:allanger/argo-deployment.git + name: argo-deployment + insecure: "true" + type: git + cluster-config: + url: git@github.com:allanger/cluster-config.git + name: cluster-config + insecure: "true" + type: git diff --git a/helmfile/badhouseplants/values/values.bitwarden.yaml b/helmfile/badhouseplants/values/values.bitwarden.yaml new file mode 100644 index 0000000..00e0898 --- /dev/null +++ b/helmfile/badhouseplants/values/values.bitwarden.yaml @@ -0,0 +1,40 @@ +--- +image: + repository: vaultwarden/server + tag: 1.28.1 + +istio: + enabled: true + istio: + - name: bitwarden-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: bitwarden.badhouseplants.net + service: bitwarden-vaultwarden + port: 80 + + # pathType is only for k8s >= 1.1= + pathType: Prefix + +env: + SIGNUPS_ALLOWED: false + DOMAIN: "https://bitwarden.badhouseplants.net" + WEB_VAULT_ENABLED: true + +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 800Mi + storageClass: longhorn + +smtp: + host: badhouseplants.net + security: "starttls" + port: 587 + from: bitwarden@badhouseplants.net + fromName: bitwarden + username: + value: overlord@badhouseplants.net + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" \ No newline at end of file diff --git a/helmfile/badhouseplants/values/values.db-instances.yaml b/helmfile/badhouseplants/values/values.db-instances.yaml new file mode 100644 index 0000000..8e16c19 --- /dev/null +++ b/helmfile/badhouseplants/values/values.db-instances.yaml @@ -0,0 +1,32 @@ +--- +dbinstances: + postgres: + monitoring: + enabled: false + adminSecretRef: + Name: postgres-secret + Namespace: database-service + engine: postgres + generic: + host: postgres-postgresql + port: 5432 + postgres16: + monitoring: + enabled: false + adminSecretRef: + Name: postgres16-secret + Namespace: database-service + engine: postgres + generic: + host: postgres16-postgresql.database-service.svc.cluster.local + port: 5432 + mysql: + monitoring: + enabled: false + adminSecretRef: + Name: mysql-secret + Namespace: database-service + engine: mysql + generic: + host: mysql + port: 3306 diff --git a/helmfile/badhouseplants/values/values.docker-mailserver.yaml b/helmfile/badhouseplants/values/values.docker-mailserver.yaml new file mode 100644 index 0000000..47d6a99 --- /dev/null +++ b/helmfile/badhouseplants/values/values.docker-mailserver.yaml @@ -0,0 +1,129 @@ +istio-gateway: + enabled: true + gateways: + - name: badhouseplants-email + servers: + - hosts: + - "*" + port: + name: smtp + number: 25 + protocol: TCP + - hosts: + - "*" + port: + name: pop3 + number: 110 + protocol: TCP + - hosts: + - "*" + port: + name: imap + number: 143 + protocol: TCP + - hosts: + - "*" + port: + name: smtps + number: 465 + protocol: TCP + - hosts: + - "*" + port: + name: submission + number: 587 + protocol: TCP + - hosts: + - "*" + port: + name: imaps + number: 993 + protocol: TCP + - hosts: + - "*" + port: + name: pop3s + number: 995 + protocol: TCP +istio: + enabled: true + istio: + - name: docker-mailserver-smpt + kind: tcp + gateway: badhouseplants-email + service: docker-mailserver + hostname: badhouseplants.net + port_match: 25 + port: 25 + - name: docker-mailserver-smpts + kind: tcp + gateway: badhouseplants-email + port_match: 465 + hostname: badhouseplants.net + service: docker-mailserver + port: 465 + - name: docker-mailserver-smpt-startls + kind: tcp + gateway: badhouseplants-email + hostname: badhouseplants.net + port_match: 587 + service: docker-mailserver + port: 587 + - name: docker-mailserver-imap + kind: tcp + hostname: badhouseplants.net + gateway: badhouseplants-email + port_match: 143 + service: docker-mailserver + port: 143 + - name: docker-mailserver-imaps + kind: tcp + gateway: badhouseplants-email + hostname: badhouseplants.net + port_match: 993 + service: docker-mailserver + port: 993 + - name: docker-mailserver-pop3 + kind: tcp + gateway: badhouseplants-email + port_match: 110 + hostname: badhouseplants.net + service: docker-mailserver + port: 110 + - name: docker-mailserver-pop3s + kind: tcp + gateway: badhouseplants-email + port_match: 993 + hostname: badhouseplants.net + service: docker-mailserver + port: 993 + - name: docker-mailserver-rainloop + kind: http + gateway: istio-system/badhouseplants-net + hostname: mail.badhouseplants.net + service: docker-mailserver-rainloop + port: 80 + +rainloop: + enabled: true + ingress: + enabled: false +demoMode: + enabled: false +domains: + - badhouseplants.net + - mail.badhouseplants.net +ssl: + issuer: + name: badhouseplants-issuer + kind: ClusterIssuer + dnsname: badhouseplants.net + dns01provider: cloudflare + useExisting: false +pod: + dockermailserver: + enable_fail2ban: "0" + ssl_type: manual +service: + type: ClusterIP +spfTestsDisabled: true diff --git a/helmfile/badhouseplants/values/values.drone-runner-docker.yaml b/helmfile/badhouseplants/values/values.drone-runner-docker.yaml new file mode 100644 index 0000000..923e72d --- /dev/null +++ b/helmfile/badhouseplants/values/values.drone-runner-docker.yaml @@ -0,0 +1,16 @@ +--- +env: + DRONE_RPC_HOST: drone.badhouseplants.net + DRONE_RPC_PROTO: https + DRONE_NAMESPACE_DEFAULT: drone-service +rbac: + buildNamespaces: + - drone-service +dind: + resources: + limits: + cpu: 2000m + memory: 2024Mi + requests: + cpu: 100m + memory: 512Mi \ No newline at end of file diff --git a/helmfile/badhouseplants/values/values.drone.yaml b/helmfile/badhouseplants/values/values.drone.yaml new file mode 100644 index 0000000..8a1eb82 --- /dev/null +++ b/helmfile/badhouseplants/values/values.drone.yaml @@ -0,0 +1,18 @@ +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: drone-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: drone.badhouseplants.net + service: drone + port: 8080 +env: + DRONE_SERVER_HOST: drone.badhouseplants.net + DRONE_SERVER_PROTO: https + DRONE_GITEA_SERVER: https://git.badhouseplants.net + DRONE_USER_CREATE: username:allanger,admin:true diff --git a/helmfile/badhouseplants/values/values.funkwhale.yaml b/helmfile/badhouseplants/values/values.funkwhale.yaml new file mode 100644 index 0000000..e5aeb81 --- /dev/null +++ b/helmfile/badhouseplants/values/values.funkwhale.yaml @@ -0,0 +1,56 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: funkwhale-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: funkwhale.badhouseplants.net + service: funkwhale + port: 80 + +ext-database: + enabled: true + name: funkwhale-postgres16 + instance: postgres16 + +replicaCount: 1 +celery: + worker: + replicaCount: 1 + beat: + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 10m + memory: 75Mi +extraEnv: + FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net + FUNKWHALE_PROTOCOL: https +persistence: + enabled: true + accessMode: ReadWriteMany + size: 10Gi +s3: + enabled: false +ingress: + enabled: false +postgresql: + enabled: false + host: postgres16-postgresql.database-service.svc.cluster.local + auth: + username: funkwhale-application-funkwhale-postgres16 + database: funkwhale-application-funkwhale-postgres16 + +redis: + enabled: false + host: redis-master.database-service.svc.cluster.local + auth: + enabled: true + database: 3 diff --git a/helmfile/badhouseplants/values/values.gitea.yaml b/helmfile/badhouseplants/values/values.gitea.yaml new file mode 100644 index 0000000..ee27307 --- /dev/null +++ b/helmfile/badhouseplants/values/values.gitea.yaml @@ -0,0 +1,122 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: gitea-http + kind: http + gateway: istio-system/badhouseplants-net + hostname: git.badhouseplants.net + service: gitea-http + port: 3000 + - name: gitea-ssh + kind: tcp + gateway: istio-system/badhouseplants-ssh + hostname: "*" + port_match: 22 + service: gitea-ssh + port: 22 +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: + enabled: true + name: gitea-postgres16 + instance: postgres16 +# ------------------------------------------ +# -- Kubernetes related values +# ------------------------------------------ +replicaCount: 1 +clusterDomain: cluster.local + +resources: + limits: + cpu: 300m + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi + +persistence: + enabled: true + size: 10Gi + accessModes: + - ReadWriteOnce + +ingress: + enabled: false +# ------------------------------------------ +# -- Main Gitea settings +# ------------------------------------------ +gitea: + metrics: + enabled: true + serviceMonitor: + # -- TODO(@allanger): Enable it once prometheus is configured + enabled: false + config: + database: + DB_TYPE: postgres + HOST: postgres16-postgresql.database-service.svc.cluster.local + NAME: gitea-service-gitea-postgres16 + USER: gitea-service-gitea-postgres16 + APP_NAME: Bad Houseplants Gitea + ui: + meta: + AUTHOR: Bad Houseplants + DESCRIPTION: ...by allanger + repository: + DEFAULT_BRANCH: main + MAX_CREATION_LIMIT: 0 + DISABLED_REPO_UNITS: repo.wiki + service: + DISABLE_REGISTRATION: false + server: + DOMAIN: git.badhouseplants.net + ROOT_URL: https://git.badhouseplants.net + LFS_START_SERVER: true + LANDING_PAGE: explore + START_SSH_SERVER: true + admin: + DISABLE_REGULAR_ORG_CREATION: true + packages: + ENABLED: true + cron: + enabled: true + attachment: + MAX_SIZE: 100 + actions: + ENABLED: true + oauth2_client: + REGISTER_EMAIL_CONFIRM: false + ENABLE_AUTO_REGISTRATION: true + session: + PROVIDER: redis + cache: + ENABLED: true + ADAPTER: redis + queue: + TYPE: redis + mailer: + ENABLED: true + FROM: gitea@badhouseplants.net + PROTOCOL: smtp+startls + SMTP_ADDR: badhouseplants.net + SMTP_PORT: 587 + USER: overlord@badhouseplants.net +service: + ssh: + type: ClusterIP + port: 22 + clusterIP: +# ------------------------------------------ +# -- Disabled dependencies +# ------------------------------------------ +postgresql-ha: + enabled: false +redis-cluster: + enabled: false diff --git a/helmfile/badhouseplants/values/values.iredmail.yaml b/helmfile/badhouseplants/values/values.iredmail.yaml new file mode 100644 index 0000000..fd50394 --- /dev/null +++ b/helmfile/badhouseplants/values/values.iredmail.yaml @@ -0,0 +1,4 @@ +config: + env: + HOSTNAME: mail.badhouseplants.net + FIRST_MAIL_DOMAIN: badhouseplants.net \ No newline at end of file diff --git a/helmfile/badhouseplants/values/values.istio-gateway-resources.yaml b/helmfile/badhouseplants/values/values.istio-gateway-resources.yaml new file mode 100644 index 0000000..adb884f --- /dev/null +++ b/helmfile/badhouseplants/values/values.istio-gateway-resources.yaml @@ -0,0 +1,69 @@ +istio-gateway: + enabled: true + gateways: + - name: badhouseplants-net + servers: + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: http + number: 80 + protocol: HTTP2 + tls: + httpsRedirect: true + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE + - name: nrodionov-info + servers: + - hosts: + - nrodionov.info + - dev.nrodionov.info + port: + name: http + number: 80 + protocol: HTTP2 + tls: + httpsRedirect: false + - hosts: + - nrodionov.info + - dev.nrodionov.info + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: nrodionov-wildcard-tls + mode: SIMPLE + - name: badhouseplants-vpn + servers: + - hosts: + - '*' + port: + name: tcp + number: 1194 + protocol: TCP + - name: badhouseplants-ssh + servers: + - hosts: + - '*' + port: + name: ssh + number: 22 + protocol: TCP + - name: badhouseplants-minecraft + servers: + - hosts: + - '*' + port: + name: minecraft + number: 25565 + protocol: TCP diff --git a/helmfile/badhouseplants/values/values.istio-ingressgateway.yaml b/helmfile/badhouseplants/values/values.istio-ingressgateway.yaml new file mode 100644 index 0000000..a5d2656 --- /dev/null +++ b/helmfile/badhouseplants/values/values.istio-ingressgateway.yaml @@ -0,0 +1,67 @@ +service: + type: LoadBalancer + ports: + - name: minecraft + port: 25565 + protocol: TCP + targetPort: 25565 + - name: ssh-gitea + port: 22 + protocol: TCP + targetPort: 22 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + - name: tcp + port: 1194 + protocol: TCP + targetPort: 1194 + - name: tcp + port: 25 + protocol: TCP + targetPort: 25 + # ----------- + # -- Email + # ----------- + - name: smtp + port: 25 + protocol: TCP + targetPort: 25 + - name: smtps + port: 465 + protocol: TCP + targetPort: 465 + - name: smtp-startls + port: 587 + protocol: TCP + targetPort: 587 + - name: imap + port: 143 + protocol: TCP + targetPort: 143 + - name: imaps + port: 993 + protocol: TCP + targetPort: 993 + - name: pop3 + port: 110 + protocol: TCP + targetPort: 110 + - name: pop3s + port: 995 + protocol: TCP + targetPort: 995 +podAnnotations: + proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }' +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 1024Mi diff --git a/helmfile/badhouseplants/values/values.istiod.yaml b/helmfile/badhouseplants/values/values.istiod.yaml new file mode 100644 index 0000000..01529ce --- /dev/null +++ b/helmfile/badhouseplants/values/values.istiod.yaml @@ -0,0 +1,14 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 2048Mi +global: + proxy: + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 128Mi diff --git a/helmfile/badhouseplants/values/values.loki.yaml b/helmfile/badhouseplants/values/values.loki.yaml new file mode 100644 index 0000000..0be3069 --- /dev/null +++ b/helmfile/badhouseplants/values/values.loki.yaml @@ -0,0 +1,11 @@ +--- +singleBinary: + replicas: 1 +loki: + auth_enabled: false + commonConfig: + replication_factor: 1 +compactor: + retention_enabled: true +limits_config: + retention_period: 2d diff --git a/helmfile/badhouseplants/values/values.longhorn.yaml b/helmfile/badhouseplants/values/values.longhorn.yaml new file mode 100644 index 0000000..078e6ab --- /dev/null +++ b/helmfile/badhouseplants/values/values.longhorn.yaml @@ -0,0 +1,13 @@ +defaultSettings: + backupTarget: s3://longhorn@us-east1/backupstore + backupTargetCredentialSecret: aws-secret + guaranteedEngineManagerCPU: 6 + guaranteedReplicaManagerCPU: 6 + storageOverProvisioningPercentage: 300 + storageMinimalAvailablePercentage: 5 + defaultDataPath: /media-longhorn +csi: + kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet +persistence: + defaultClassReplicaCount: 1 +enablePSP: false diff --git a/helmfile/badhouseplants/values/values.mailu.yaml b/helmfile/badhouseplants/values/values.mailu.yaml new file mode 100644 index 0000000..0612e49 --- /dev/null +++ b/helmfile/badhouseplants/values/values.mailu.yaml @@ -0,0 +1,181 @@ +--- +certificate: + enabled: true + certificate: + - name: mailu + secretName: mailu-certificate + issuer: + kind: ClusterIssuer + name: badhouseplants-issuer + dnsNames: + - badhouseplants.net + - "email.badhouseplants.net" +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: mailu-web + kind: http + gateway: badhouseplants-net + hostname: email.badhouseplants.net + service: mailu-fr ont + port: 80 + # - name: mailu-smpt + # kind: tcp + # gateway: badhouseplants-mail + # service: mailu-front + # hostname: email.badhousplants.net + # port_match: 25 + # port: 25 + # - name: mailu-smpts + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 465 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 465 + # - name: mailu-smpt-startls + # kind: tcp + # gateway: badhouseplants-mail + # hostname: email.badhousplants.net + # port_match: 587 + # service: mailu-front + # port: 587 + # - name: mailu-imap + # kind: tcp + # hostname: email.badhousplants.net + # gateway: badhouseplants-mail + # port_match: 143 + # service: mailu-front + # port: 143 + # - name: mailu-imaps + # kind: tcp + # gateway: badhouseplants-mail + # hostname: email.badhousplants.net + # port_match: 993 + # service: mailu-front + # port: 993 + # - name: mailu-pop3 + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 110 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 110 + # - name: mailu-pop3s + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 993 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 993 +subnet: 10.1.0.0/16 +sessionCookieSecure: true +hostnames: + - post.badhouseplants.net +domain: badhouseplants.net +persistence: + single_pvc: false +limits: + messageRatelimit: + value: "10/day" +tls: + outboundLevel: secure +ingress: + enabled: false + tls: false + tlsFlavorOverride: mail + selfSigned: false + existingSecret: mailu-certificate +admin: + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 700Mi + cpu: 400m + persistence: + size: 1Gi +redis: + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 200Mi + cpu: 200m + persistence: + size: 1Gi +postfix: + resources: + requests: + memory: 1024Mi + cpu: 200m + limits: + memory: 1024Mi + cpu: 200m + persistence: + size: 1Gi +dovecot: + logLevel: DEBUG + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 400Mi + cpu: 300m + persistence: + size: 1Gi +roundcube: + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 200Mi + cpu: 200m + persistence: + size: 1Gi +mysql: + enabled: false +postgresql: + enabled: true + auth: + enablePostgresUser: true + username: mailu + database: mailu + persistence: + enabled: false + storageClass: "" + accessMode: ReadWriteOnce + size: 2Gi +front: + logLevel: DEBUG + hostPort: + enabled: true +rspamd: + resources: + requests: + memory: 100Mi + cpu: 100m + limits: + memory: 500Mi + cpu: 400m + startupProbe: + periodSeconds: 30 + failureThreshold: 900 + timeoutSeconds: 20 + livenessProbe: {} + readinessProbe: {} +webmail: + persistence: + size: 2Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} diff --git a/helmfile/badhouseplants/values/values.minecraft.yaml b/helmfile/badhouseplants/values/values.minecraft.yaml new file mode 100644 index 0000000..e5df96a --- /dev/null +++ b/helmfile/badhouseplants/values/values.minecraft.yaml @@ -0,0 +1,180 @@ +--- +# -------------------------------------------------- +# -- Extensions values +# -------------------------------------------------- +service-account: + enabled: true + resources: + - name: minecraft-exporter + label: + app: minecraft-minecraft-metrics + endpoints: + port: metrics +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minecraft-tcp + gateway: istio-system/badhouseplants-minecraft + kind: tcp + port_match: 25565 + hostname: "*" + service: minecraft-minecraft + port: 25565 +# -------------------------------------------------- +# -- Main values +# -------------------------------------------------- +image: + tag: java17-graalvm-ce + pullPolicy: Always + +resources: + requests: + memory: 3Gi + cpu: 256m + limits: + memory: 3Gi + +lifecycle: + postStart: + - bash + - -c + - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 + +readinessProbe: + command: + - mc-health + periodSeconds: 20 + failureThreshold: 50 + timeoutSeconds: 10 +livenessProbe: + timeoutSeconds: 10 + +minecraftServer: + overrideServerProperties: true + eula: "TRUE" + onlineMode: false + difficulty: hard + hardcore: true + version: 1.20.1 + maxWorldSize: 90000 + type: "PAPER" + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar + gameMode: survival + pvp: true + rcon: + enabled: true + withGeneratedPassword: false + port: 25575 + serviceType: ClusterIP + extraPorts: + - name: metrics + containerPort: 9225 + protocol: TCP + service: + enabled: true + embedded: false + labels: + exporter: minecraft + type: ClusterIP + port: 9925 + ingress: + enabled: false +persistence: + dataDir: + enabled: true + Size: 15Gi +mcbackup: + enabled: false + backupInterval: 2h + pauseIfNoPlayers: "false" + pruneBackupsDays: 2 + rconRetries: 5 + rconRetryInterval: 10s + excludes: "*.jar,cache,logs" + backupMethod: restic + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft + resticAdditionalTags: "mc_backups" + pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" + resources: + requests: + memory: 512Mi + cpu: 100m + persistence: + backupDir: + enabled: false +# --------------------------------------------- +# -- Install Plugins +# --------------------------------------------- +initContainers: + - name: 0-install-prometheus-exporter + image: alpine/curl + command: + - curl + - -L + - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" + - -o + - /data/plugins/prometheus-exporter.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-password-plugin + image: alpine/curl + command: + - curl + - -L + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" + - -o + - /data/plugins/PasswordProtect.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar + - -o + - /data/plugins/GravityControl-1.3.0.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-fast-minecart-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FastMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + - name: 1-add-plugins-to-minecraft + image: alpine/curl + command: + - sh + - -c + - cp -r /in /out/plugins + volumeMounts: + - name: plugins + mountPath: /in + readOnly: false + - name: datadir + mountPath: /out +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi diff --git a/helmfile/badhouseplants/values/values.minio.yaml b/helmfile/badhouseplants/values/values.minio.yaml new file mode 100644 index 0000000..2ae9119 --- /dev/null +++ b/helmfile/badhouseplants/values/values.minio.yaml @@ -0,0 +1,121 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minio-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: minio.badhouseplants.net + service: minio-console + port: 9001 + - name: s3-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: s3.badhouseplants.net + service: minio + port: 9000 + +rootUser: 'overlord' +replicas: 1 +mode: standalone +environment: + MINIO_SERVER_URL: "https://s3.badhouseplants.net:443" +tls: + enabled: false + certSecret: '' + publicCrt: public.crt + privateKey: private.key +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 10Gi +service: + type: ClusterIP + clusterIP: ~ + port: '9000' +consoleService: + type: ClusterIP + clusterIP: ~ + port: '9001' +resources: + requests: + memory: 2Gi +buckets: + - name: badhouseplants-net + policy: download + purge: false + versioning: false + - name: badhouseplants-js + policy: download + purge: false + versioning: false + - name: badhouseplants-net-main + policy: download + purge: false + versioning: false + - name: sharing + policy: download + purge: false + versioning: false + - name: allanger-music + policy: download + purge: false + versioning: false + - name: badhouseplants-brew + policy: download + purge: false + versioning: false +metrics: + serviceMonitor: + enabled: false + public: true + additionalLabels: {} +policies: + - name: allanger + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: badhouseplants:owners + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: badhouseplants + statements: + - resources: + - 'arn:aws:s3:::badhouseplants-net' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::badhouseplants-net/*' + actions: + - "s3:*" + - name: sharing + statements: + - resources: + - 'arn:aws:s3:::sharing' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::sharing/*' + actions: + - "s3:*" diff --git a/helmfile/badhouseplants/values/values.mysql.yaml b/helmfile/badhouseplants/values/values.mysql.yaml new file mode 100644 index 0000000..b2209a0 --- /dev/null +++ b/helmfile/badhouseplants/values/values.mysql.yaml @@ -0,0 +1,6 @@ +primary: + persistence: + size: 500Mi + +auth: + createDatabase: false diff --git a/helmfile/badhouseplants/values/values.namespaces.yaml b/helmfile/badhouseplants/values/values.namespaces.yaml new file mode 100644 index 0000000..b477a0b --- /dev/null +++ b/helmfile/badhouseplants/values/values.namespaces.yaml @@ -0,0 +1,11 @@ +--- +ns: + - name: monitoring-system +templates: + - | + {{ range .Values.ns }} + apiVersion: v1 + kind: Namespace + metadata: + name: {{ .name }} + {{ end }} diff --git a/helmfile/badhouseplants/values/values.nrodionov.yaml b/helmfile/badhouseplants/values/values.nrodionov.yaml new file mode 100644 index 0000000..14d1b8c --- /dev/null +++ b/helmfile/badhouseplants/values/values.nrodionov.yaml @@ -0,0 +1,58 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: nrodionov-http + gateway: istio-system/nrodionov-info + kind: http + hostname: dev.nrodionov.info + service: nrodionov-wordpress + port: 8080 + +ext-database: + enabled: true + name: nrodionov-mysql + instance: mysql + +wordpressBlogName: Николай Николаевич Родионов +wordpressUsername: admin +wordpressFirstName: Nikolai +wordpressLastName: Rodionov +wordpressTablePrefix: wp_ +wordpressScheme: http +existingWordPressConfigurationSecret: "" +resources: + requests: + memory: 300Mi + cpu: 10m +service: + type: ClusterIP + ports: + http: 8080 + https: 8443 + +persistence: + enabled: true + storageClass: "" + accessModes: + - ReadWriteOnce + accessMode: ReadWriteOnce + size: 2Gi + dataSource: {} + existingClaim: "" + selector: {} + +mariadb: + enabled: true + primary: + persistence: + enabled: true + storageClass: "" + accessModes: + - ReadWriteOnce + size: 3Gi + diff --git a/helmfile/badhouseplants/values/values.openvpn.yaml b/helmfile/badhouseplants/values/values.openvpn.yaml new file mode 100644 index 0000000..073bdfa --- /dev/null +++ b/helmfile/badhouseplants/values/values.openvpn.yaml @@ -0,0 +1,38 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: openvpn-tcp + gateway: istio-system/badhouseplants-vpn + kind: tcp + port_match: 1194 + hostname: "*" + service: openvpn + port: 1194 +# ------------------------------------------ +image: + tag: v2.6.5-xor-4.0.0beta08 +storage: + class: longhorn + size: 512Mi + +openvpn: + proto: tcp + host: 195.201.250.50 +easyrsa: + cn: Bad Houseplants + country: Germany + province: NRW + city: Duesseldorf + org: Bad Houseplants + email: allanger@zohomail.com + +service: + type: ClusterIP + port: 1194 + targetPort: 1194 + protocol: TCP diff --git a/helmfile/badhouseplants/values/values.postgres.yaml b/helmfile/badhouseplants/values/values.postgres.yaml new file mode 100644 index 0000000..db7f7ab --- /dev/null +++ b/helmfile/badhouseplants/values/values.postgres.yaml @@ -0,0 +1,10 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false \ No newline at end of file diff --git a/helmfile/badhouseplants/values/values.postgres16.yaml b/helmfile/badhouseplants/values/values.postgres16.yaml new file mode 100644 index 0000000..cbcb751 --- /dev/null +++ b/helmfile/badhouseplants/values/values.postgres16.yaml @@ -0,0 +1,10 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false diff --git a/helmfile/badhouseplants/values/values.prometheus.yaml b/helmfile/badhouseplants/values/values.prometheus.yaml new file mode 100644 index 0000000..712e0d7 --- /dev/null +++ b/helmfile/badhouseplants/values/values.prometheus.yaml @@ -0,0 +1,146 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: grafana-https + gateway: istio-system/badhouseplants-net + kind: http + hostname: "grafana.badhouseplants.net" + service: prometheus-grafana + port: 80 + +coreDns: + enabled: false +kubeEtcd: + enabled: false +kubelet: + enabled: false +kubeApiServer: + enabled: false + +prometheus-node-exporter: + prometheus: + monitor: + enabled: true + jobLabel: jobLabel + interval: 60s + +defaultRules: + create: true + rules: + alertmanager: true + etcd: false + configReloaders: false + general: true + k8s: true + kubeApiserverAvailability: false + kubeApiserverBurnrate: false + kubeApiserverHistogram: false + kubeApiserverSlos: false + kubeControllerManager: false + kubelet: false + kubeProxy: false + kubePrometheusGeneral: false + kubePrometheusNodeRecording: false + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeSchedulerAlerting: false + kubeSchedulerRecording: true + kubeStateMetrics: true + network: false + node: true + nodeExporterAlerting: true + nodeExporterRecording: true + prometheus: true + prometheusOperator: true + windows: false + +prometheus: + prometheusSpec: + enableAdminAPI: true + retentionSize: 10GB + podMonitorNamespaceSelector: + any: true + podMonitorSelector: {} + podMonitorSelectorNilUsesHelmValues: false + ruleNamespaceSelector: + any: true + ruleSelector: {} + ruleSelectorNilUsesHelmValues: false + serviceMonitorNamespaceSelector: + any: true + serviceMonitorSelector: {} + serviceMonitorSelectorNilUsesHelmValues: false + storageSpec: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 10Gi + +grafana: + persistence: + enabled: true + size: 2Gi + grafana.ini: + server: + root_url: https://grafana.badhouseplants.net + auth.generic_oauth: + name: Gitea + icon: signin + enabled: true + allow_sign_up: true + auto_login: false + client_id: 0ce70a7d-f267-44cc-9686-71048277e51d + scopes: openid profile email groups + empty_scopes: false + auth_url: https://git.badhouseplants.net/login/oauth/authorize + token_url: https://git.badhouseplants.net/login/oauth/access_token + api_url: https://git.badhouseplants.net/login/oauth/userinfo + tls_skip_verify_insecure: false + use_pkce: true + role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer' + + dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: true + editable: false + options: + path: /var/lib/grafana/dashboards/default + + dashboards: + default: + gitea-dashboard: + gnetId: 13192 + revision: 1 + datasource: Prometheus + argo-dashboard: + gnetId: 14584 + revision: 1 + datasource: Prometheus + + datasources: + loki.yaml: + apiVersion: 1 + datasources: + - name: Loki + type: loki + access: proxy + uid: loki + editable: false + url: http://loki.monitoring-system:3100/ + jsonData: + maxLines: 1000 diff --git a/helmfile/badhouseplants/values/values.promtail.yaml b/helmfile/badhouseplants/values/values.promtail.yaml new file mode 100644 index 0000000..7846cec --- /dev/null +++ b/helmfile/badhouseplants/values/values.promtail.yaml @@ -0,0 +1,5 @@ +--- +config: + clients: + # - url: http://loki.monitoring-system:3100 + - url: http://loki-gateway/loki/api/v1/push diff --git a/helmfile/badhouseplants/values/values.redis.yaml b/helmfile/badhouseplants/values/values.redis.yaml new file mode 100644 index 0000000..b27501d --- /dev/null +++ b/helmfile/badhouseplants/values/values.redis.yaml @@ -0,0 +1,7 @@ +metrics: + enabled: false + +architecture: standalone +master: + persistence: + enabled: false \ No newline at end of file diff --git a/helmfile/badhouseplants/values/values.vaultwarden.yaml b/helmfile/badhouseplants/values/values.vaultwarden.yaml new file mode 100644 index 0000000..b2bd5a3 --- /dev/null +++ b/helmfile/badhouseplants/values/values.vaultwarden.yaml @@ -0,0 +1,63 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: vaultwarden-http + kind: http + gateway: istio-system/badhouseplants-net + hostname: vault.badhouseplants.net + service: vaultwarden + port: 8080 +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: + enabled: true + name: vaultwarden-postgres16 + instance: postgres16 +service: + port: 8080 +vaultwarden: + smtp: + host: badhouseplants.net + security: "starttls" + port: 587 + from: vaultwarden@badhouseplants.net + fromName: Vault Warden + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" + debug: false + domain: https://vault.badhouseplants.net + websocket: + enabled: true + address: "0.0.0.0" + port: 3012 + rocket: + port: "8080" + workers: "10" + webVaultEnabled: "true" + signupsAllowed: false + invitationsAllowed: true + signupDomains: "https://vault.badhouseplants.com" + signupsVerify: "true" + showPassHint: "false" + database: + existingSecret: vaultwarden-postgres16-creds + existingSecretKey: CONNECTION_STRING + connectionRetries: 15 + maxConnections: 10 + storage: + enabled: false + size: 1Gi + class: default + dataDir: /data + logging: + enabled: false + logfile: "/data/vaultwarden.log" + loglevel: "warn" diff --git a/helmfile/badhouseplants/values/values.woodpecker-ci.yaml b/helmfile/badhouseplants/values/values.woodpecker-ci.yaml new file mode 100644 index 0000000..c19c116 --- /dev/null +++ b/helmfile/badhouseplants/values/values.woodpecker-ci.yaml @@ -0,0 +1,38 @@ +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: woodpecker-server-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: ci.badhouseplants.net + service: woodpecker-ci-server + port: 80 +server: + image: + tag: v1.0.2 + enabled: true + env: + WOODPECKER_GITEA: true + WOODPECKER_GITEA_URL: https://git.badhouseplants.net + WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 + WOODPECKER_OPEN: true + WOODPECKER_ADMIN: "woodpecker,allanger" + WOODPECKER_HOST: "https://ci.badhouseplants.net" + extraSecretNamesForEnvFrom: [] +agent: + image: + tag: v1.0.2 + enabled: true + extraSecretNamesForEnvFrom: [] + env: + WOODPECKER_SERVER: woodpecker-ci-server:9000 + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1Gi + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: + serviceAccount: + create: true + rbac: + create: true diff --git a/helmfile/common/values.certificate.yaml b/helmfile/common/values.certificate.yaml new file mode 100644 index 0000000..21d1933 --- /dev/null +++ b/helmfile/common/values.certificate.yaml @@ -0,0 +1,20 @@ +--- +certificate: + templates: + - | + {{ range .Values.certificate }} + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: {{ .name }} + spec: + dnsNames: + {{- range .dnsNames }} + - {{ . | quote }} + {{- end }} + issuerRef: + kind: {{ .issuer.kind }} + name: {{ .issuer.name }} + secretName: {{ .secretName }} + {{ end }} diff --git a/helmfile/common/values.database.yaml b/helmfile/common/values.database.yaml new file mode 100644 index 0000000..9680113 --- /dev/null +++ b/helmfile/common/values.database.yaml @@ -0,0 +1,16 @@ +--- +ext-database: + templates: + - | + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.name }}" + spec: + secretName: "{{ .Values.name }}-creds" + instance: "{{ .Values.instance }}" + deletionProtected: false + backup: + enable: false + cron: 0 0 * * * diff --git a/helmfile/common/values.istio-gateway.yaml b/helmfile/common/values.istio-gateway.yaml new file mode 100644 index 0000000..d54bfa7 --- /dev/null +++ b/helmfile/common/values.istio-gateway.yaml @@ -0,0 +1,16 @@ +--- +istio-gateway: + templates: + - | + {{ range .Values.gateways }} + --- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: {{ .name }} + spec: + selector: + istio: ingressgateway + servers: + {{ toYaml .servers | indent 4 }} + {{ end }} diff --git a/helmfile/common/values.istio.yaml b/helmfile/common/values.istio.yaml new file mode 100644 index 0000000..1c834bc --- /dev/null +++ b/helmfile/common/values.istio.yaml @@ -0,0 +1,36 @@ +--- +istio: + templates: + - | + {{ range .Values.istio }} + --- + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + name: {{ .name }} + spec: + gateways: + - "{{ .gateway }}" + hosts: + - {{ .hostname | quote }} + {{- if eq .kind "http" }} + http: + - match: + - uri: + prefix: / + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{- else if eq .kind "tcp" }} + tcp: + - match: + - port: {{ .port_match }} + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{ end }} + {{ end }} diff --git a/helmfile/common/values.metrics-server.yaml b/helmfile/common/values.metrics-server.yaml new file mode 100644 index 0000000..ad6879b --- /dev/null +++ b/helmfile/common/values.metrics-server.yaml @@ -0,0 +1,4 @@ +apiService: + insecureSkipTLSVerify: true +args: + - --kubelet-insecure-tls diff --git a/helmfile/common/values.ns.yaml b/helmfile/common/values.ns.yaml new file mode 100644 index 0000000..02caabf --- /dev/null +++ b/helmfile/common/values.ns.yaml @@ -0,0 +1,8 @@ +ns: + templates: + - | + apiVersion: v1 + kind: Namespace + metadata: + name: {{ .Values.name }} + diff --git a/helmfile/common/values.service-monitor.yaml b/helmfile/common/values.service-monitor.yaml new file mode 100644 index 0000000..f44401a --- /dev/null +++ b/helmfile/common/values.service-monitor.yaml @@ -0,0 +1,16 @@ +--- +service-monitor: + templates: + - | + {{ range .Values.service-monitor.resources }} + apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + name: {{ .name }} + spec: + selector: + matchLabels: + app: {{ .label.app }} + endpoints: + - port: {{ .endpoints.port }} + {{ end }} diff --git a/helmfile/environments.yaml b/helmfile/environments.yaml new file mode 100644 index 0000000..13a3ca2 --- /dev/null +++ b/helmfile/environments.yaml @@ -0,0 +1,5 @@ +environments: + badhouseplants: + kubeContext: badhouseplants + etersoft: + kubeContext: etersoft diff --git a/helmfile/etersoft/helmfile.yaml b/helmfile/etersoft/helmfile.yaml new file mode 100644 index 0000000..af38673 --- /dev/null +++ b/helmfile/etersoft/helmfile.yaml @@ -0,0 +1,5 @@ +--- + +bases: + - ../environments.yaml + - ../repositories.yaml diff --git a/helmfile/etersoft/values/secrets.minio.yaml b/helmfile/etersoft/values/secrets.minio.yaml new file mode 100644 index 0000000..858d3c9 --- /dev/null +++ b/helmfile/etersoft/values/secrets.minio.yaml @@ -0,0 +1,38 @@ +rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] +users: + - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] + secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] + policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] + - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] + secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] + policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] +oidc: + enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] + configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] + clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str] + clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str] + claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] + redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] + comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] + claimPrefix: "" + scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz + QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I + R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa + UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 + vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-03-26T11:56:18Z" + mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/helmfile/etersoft/values/values.istio-ingressgateway.yaml b/helmfile/etersoft/values/values.istio-ingressgateway.yaml new file mode 100644 index 0000000..4f93e51 --- /dev/null +++ b/helmfile/etersoft/values/values.istio-ingressgateway.yaml @@ -0,0 +1,21 @@ +--- +service: + type: LoadBalancer + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + - name: openvpn + port: 1194 + protocol: TCP + targetPort: 1194 + diff --git a/helmfile/etersoft/values/values.istiod.yaml b/helmfile/etersoft/values/values.istiod.yaml new file mode 100644 index 0000000..036279e --- /dev/null +++ b/helmfile/etersoft/values/values.istiod.yaml @@ -0,0 +1,7 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 256Mi + diff --git a/helmfile/etersoft/values/values.minio.yaml b/helmfile/etersoft/values/values.minio.yaml new file mode 100644 index 0000000..25c0888 --- /dev/null +++ b/helmfile/etersoft/values/values.minio.yaml @@ -0,0 +1,94 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minio-http + gateway: badhouseplants-net + kind: http + hostname: min.e.badhouseplants.net + service: minio-console + port: 9001 + - name: s3-http + gateway: badhouseplants-net + kind: http + hostname: s3.e.badhouseplants.net + service: minio + port: 9000 +rootUser: 'overlord' +replicas: 1 +mode: standalone +environment: + MINIO_SERVER_URL: "https://s3.e.badhouseplants.net:443" +tls: + enabled: false + certSecret: '' + publicCrt: public.crt + privateKey: private.key +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 30Gi +service: + type: ClusterIP + clusterIP: ~ + port: '9000' +consoleService: + type: ClusterIP + clusterIP: ~ + port: '9001' +resources: + requests: + memory: 0.7Gi +policies: + - name: badhouseplants:owners + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: badhouseplants + statements: + - resources: + - 'arn:aws:s3:::badhouseplants-net' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::badhouseplants-net/*' + actions: + - "s3:*" + - name: backup + statements: + - resources: + - 'arn:aws:s3:::longhorn/*' + - 'arn:aws:s3:::longhorn' + - 'arn:aws:s3:::restic/*' + - 'arn:aws:s3:::restic' + actions: + - "s3:DeleteObject" + - "s3:GetObject" + - "s3:ListBucket" + - "s3:PutObject" +buckets: + - name: longhorn + policy: none + purge: false + versioning: false + - name: restic + policy: none + purge: false + versioning: false +metrics: + serviceMonitor: + enabled: false + public: true + additionalLabels: {} diff --git a/helmfile/etersoft/values/values.openvpn.yaml b/helmfile/etersoft/values/values.openvpn.yaml new file mode 100644 index 0000000..7f2d53d --- /dev/null +++ b/helmfile/etersoft/values/values.openvpn.yaml @@ -0,0 +1,43 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: openvpn-tcp + gateway: etersoft-vpn + kind: tcp + port_match: 1194 + hostname: "*" + service: openvpn + port: 1194 + +storage: + class: microk8s-hostpath + size: 5Gi +openvpn: + server: "tcp://91.232.225.63:1194" +service: + type: ClusterIP + port: 1194 + targetPort: 1194 + protocol: TCP +istio-resources: + enabled: true + gateways: + - metadata: + name: etersoft-vpn + namespace: istio-system + spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: openvpn + number: 1194 + protocol: TCP + diff --git a/helmfile/extensions.yaml b/helmfile/extensions.yaml new file mode 100644 index 0000000..61f1e4b --- /dev/null +++ b/helmfile/extensions.yaml @@ -0,0 +1,42 @@ +templates: + # ---------------------------- + # -- Extensions + # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio-gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: certificate + values: + - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' + + service-monitor: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: service-monitor + values: + - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' + + ext-database: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ext-database + values: + - '{{ requiredEnv "PWD" }}/common/values.database.yaml' diff --git a/helmfile/helmfile.yaml b/helmfile/helmfile.yaml new file mode 100644 index 0000000..738d891 --- /dev/null +++ b/helmfile/helmfile.yaml @@ -0,0 +1,50 @@ +--- +{{ readFile "releases.yaml" }} + +bases: + - environments.yaml + - repositories.yaml + +releases: + - <<: *metrics-server + installed: true + namespace: kube-system + createNamespace: false + + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + + - <<: *cert-manager + installed: true + namespace: cert-manager + createNamespace: false + + - <<: *minio + installed: true + namespace: minio-service + createNamespace: false + + - <<: *openvpn + installed: true + namespace: openvpn-service + createNamespace: false + + - <<: *metallb + installed: true + namespace: metallb-system + createNamespace: true + +helmfiles: + - path: {{.Environment.Name }}/helmfile.yaml diff --git a/helmfile/releases.yaml b/helmfile/releases.yaml new file mode 100644 index 0000000..62120ee --- /dev/null +++ b/helmfile/releases.yaml @@ -0,0 +1,313 @@ +--- +templates: + # --------------------------- + # -- Hooks + # --------------------------- + crd-management-hook: + hooks: + - events: ["preapply"] + showlogs: true + command: "sh" + args: + - -c + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true + - events: ["prepare"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" + - events: ["postuninstall"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" + # ---------------------------- + # -- Configs + # ---------------------------- + default-common-values: + values: + - '{{ requiredEnv "PWD" }}/common/values.{{ .Release.Name }}.yaml' + default-env-values: + values: + - '{{ requiredEnv "PWD" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml' + default-env-secrets: + secrets: + - '{{ requiredEnv "PWD" }}/{{ .Environment.Name }}/values/secrets.{{ .Release.Name }}.yaml' + # ---------------------------- + # -- Releases + # ---------------------------- + # -- System + # ---------------------------- + metrics-server: &metrics-server + name: metrics-server + chart: metrics-server/metrics-server + version: 3.11.0 + values: + - common/values.{{ .Release.Name }}.yaml + + metallb: &metallb + name: metallb + chart: metallb/metallb + version: 0.13.12 + + cert-manager: &cert-manager + name: cert-manager + chart: jetstack/cert-manager + version: 1.13.1 + set: + - name: installCRDs + value: true + longhorn: &longhorn + name: longhorn + chart: longhorn/longhorn + version: 1.5.1 + inherit: + - template: default-env-values + + argocd: &argocd + name: argocd + chart: argo/argo-cd + version: 5.46.8 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + + monitoring-common: + labels: + bundle: monitoring + + prometheus: &prometheus + name: prometheus + chart: prometheus-community/kube-prometheus-stack + version: 51.10.0 + inherit: + - template: monitoring-common + - template: default-env-values + - template: default-env-secrets + - template: crd-management-hook + - template: ext-istio-resource + + loki: &loki + name: loki + chart: grafana/loki + version: 5.35.0 + inherit: + - template: monitoring-common + - template: default-env-values + + promtail: &promtail + name: promtail + chart: grafana/promtail + version: 6.15.3 + inherit: + - template: monitoring-common + - template: default-env-values + # ---------------------------- + # -- Istio + # ---------------------------- + istio-common: + labels: + bundle: istio + version: 1.19.3 + + istio-base: &istio-base + name: istio-base + chart: istio/base + inherit: + - template: crd-management-hook + - template: istio-common + + istio-gateway: &istio-gateway + name: istio-ingressgateway + chart: istio/gateway + inherit: + - template: istio-common + - template: default-env-values + + istio-gateway-resources: &istio-gateway-resources + name: istio-gateway-resources + chart: bedag/raw + version: 2.0.0 + inherit: + - template: ext-istio-gateway + - template: default-env-values + + istiod: &istiod + name: istiod + chart: istio/istiod + inherit: + - template: istio-common + - template: default-env-values + + # ---------------------------- + # -- Applications + # ---------------------------- + openvpn: &openvpn + name: openvpn + chart: allanger-gitea/openvpn + version: 1.0.7 + inherit: + - template: default-env-values + - template: ext-istio-resource + # ---------------------------- + # -- Drone + # ---------------------------- + drone-common: + labels: + bundle: drone + drone: &drone + name: drone + chart: drone/drone + version: 0.6.5 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: drone-common + + drone-runner-docker: &drone-runner-docker + name: drone-runner-docker + chart: drone/drone-runner-docker + version: 0.6.1 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: drone-common + + woodpecker-ci: &woodpecker-ci + name: woodpecker-ci + chart: woodpecker/woodpecker + version: 0.4.2 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + + nrodionov: &nrodionov + name: nrodionov + chart: bitnami/wordpress + version: 18.0.7 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database + + minio: &minio + name: minio + chart: minio/minio + version: 5.0.14 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + + minecraft: &minecraft + name: minecraft + chart: minecraft-server-charts/minecraft + version: 4.11.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + + gitea: &gitea + name: gitea + chart: gitea/gitea + version: 9.5.1 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database + + funkwhale: &funkwhale + name: funkwhale + chart: ananace-charts/funkwhale + version: 2.0.3 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database + + mailu: &mailu + name: mailu + chart: mailu/mailu + version: 1.2.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-certificate + + bitwarden: &bitwarden + name: bitwarden + chart: bitwarden/vaultwarden + version: 0.1.7 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + + redis: &redis + name: redis + chart: bitnami/redis + version: 18.1.6 + inherit: + - template: default-env-values + - template: default-env-secrets + + postgres16: &postgres16 + name: postgres16 + chart: bitnami/postgresql + version: 13.1.5 + inherit: + - template: default-env-values + - template: default-env-secrets + + db-operator: &db-operator + name: db-operator + chart: db-operator/db-operator + version: 1.11.2 + + db-instances: &db-instances + name: db-instances + chart: db-operator/db-instances + version: 1.4.2 + inherit: + - template: default-env-values + - template: default-env-secrets + + mysql: &mysql + name: mysql + chart: bitnami/mysql + version: 9.12.5 + inherit: + - template: default-env-values + - template: default-env-secrets + + docker-mailserver: &docker-mailserver + name: docker-mailserver + chart: allanger-gitea/docker-mailserver + version: 2.1.3 + inherit: + - template: default-env-values + - template: ext-istio-gateway + - template: ext-istio-resource + + vaultwarden: &vaultwarden + name: vaultwarden + chart: badhouseplants/vaultwarden + version: 1.0.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database diff --git a/helmfile/repositories.yaml b/helmfile/repositories.yaml new file mode 100644 index 0000000..0d52f2e --- /dev/null +++ b/helmfile/repositories.yaml @@ -0,0 +1,42 @@ +--- +repositories: + - name: metrics-server + url: https://kubernetes-sigs.github.io/metrics-server/ + - name: jetstack + url: https://charts.jetstack.io + - name: istio + url: https://istio-release.storage.googleapis.com/charts + - name: drone + url: https://charts.drone.io + - name: bitnami + url: https://charts.bitnami.com/bitnami + - name: minio + url: https://charts.min.io/ + - name: minecraft-server-charts + url: https://itzg.github.io/minecraft-server-charts/ + - name: longhorn + url: https://charts.longhorn.io + - name: gitea + url: https://dl.gitea.io/charts/ + - name: ananace-charts + url: https://ananace.gitlab.io/charts + - name: argo + url: https://argoproj.github.io/argo-helm + - name: bedag + url: https://bedag.github.io/helm-charts/ + - name: metallb + url: https://metallb.github.io/metallb + - name: prometheus-community + url: https://prometheus-community.github.io/helm-charts + - name: grafana + url: https://grafana.github.io/helm-charts + - name: bitwarden + url: https://constin.github.io/vaultwarden-helm/ + - name: db-operator + url: https://db-operator.github.io/charts + - name: allanger-gitea + url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: badhouseplants + url: https://badhouseplants.github.io/helm-charts/ + - name: woodpecker + url: https://woodpecker-ci.org