From 96c27e6df1b368af4890a9d1ef9274d22a8820ff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jun 2024 19:10:51 +0200 Subject: [PATCH] A lot of stuff --- badhouseplants/helmfile.yaml | 25 ++++++--- badhouseplants/values/secrets.argocd.yaml | 18 +++--- .../values/secrets.db-instances.yaml | 22 +++++--- badhouseplants/values/secrets.gitea.yaml | 36 ++++++------ .../values/secrets.postgres16-gitea.yaml | 24 ++++++++ badhouseplants/values/values.authentik.yaml | 56 +++++++++++++++++++ .../values/values.db-instances.yaml | 10 ++++ badhouseplants/values/values.funkwhale.yaml | 1 + badhouseplants/values/values.gitea.yaml | 29 +++++++--- badhouseplants/values/values.mailu.yaml | 29 ++++++++-- badhouseplants/values/values.minio.yaml | 2 + badhouseplants/values/values.namespaces.yaml | 6 +- .../values/values.postgres16-gitea.yaml | 35 ++++++++++++ badhouseplants/values/values.postgres16.yaml | 8 +++ badhouseplants/values/values.traefik.yaml | 4 +- badhouseplants/values/values.vaultwarden.yaml | 1 + .../values/values.vaultwardentest.yaml | 1 + .../values/values.woodpecker-ci.yaml | 1 + badhouseplants/values/values.zot.yaml | 1 + common/values.database.yaml | 2 +- common/values.tcp-route.yaml | 2 +- releases.yaml | 50 +++++++++-------- repositories.yaml | 6 +- scripts/migrate_postgres.sh | 4 ++ 24 files changed, 283 insertions(+), 90 deletions(-) create mode 100644 badhouseplants/values/secrets.postgres16-gitea.yaml create mode 100644 badhouseplants/values/values.authentik.yaml create mode 100644 badhouseplants/values/values.postgres16-gitea.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 05f6226..7fffed1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -2,6 +2,15 @@ {{ readFile "../releases.yaml" }} releases: + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false - <<: *namespaces installed: true - <<: *roles @@ -10,9 +19,9 @@ releases: installed: true - <<: *cilium installed: true - + - <<: *authentik - <<: *local-path-provisioner - + - <<: *mailu - <<: *zot installed: true - <<: *keel @@ -30,7 +39,7 @@ releases: - <<: *gitea installed: true - namespace: gitea-service + namespace: applications createNamespace: false - <<: *funkwhale @@ -53,6 +62,9 @@ releases: namespace: database-service createNamespace: true + - <<: *postgres16-gitea + namespace: databases + createNamespace: false - <<: *db-operator installed: true namespace: database-service @@ -89,15 +101,10 @@ releases: createNamespace: false - <<: *docker-mailserver - installed: true + installed: false namespace: applications createNamespace: true - - <<: *mailu - installed: false - namespace: mailu-application - createNamespace: false - - <<: *longhorn installed: true namespace: longhorn-system diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 81405e1..ae9dae7 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,9 +1,9 @@ configs: cm: - dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] + dex.config: ENC[AES256_GCM,data:LCLzkdGS1CqPGPCpkf/Zqqk046aUlc1fiptooZnHN6qlJaSa18O2I6/t2sCZ+4V/5nkX5jX8EYpQ+S5gzqwnVdCfmgLNZMXHMM6MtRRvlX3sBxygT8KfQQN/aPb2A/n/sebDYV5P5ykzNAzbGLjJ5fc6Nz/QJTaPIBvHrez5VQZY3NBkP4fXb8gRYD3yw9mA4V0wXlW2sDlPmvnGMcj/RTvJGWhbtX/pWMSaLHBPoAR7wp/sTUDzkcRSvfANimzyXe8B5Zz+Xgo4bUV9T8lr5+rdxAYOlP0deg2lBR7mXr86JqVhLZp2Y8v6DNO3MgBmXzpbkIhg8hc7Tbe6I5+mqIZpIc7YPFJM7DhOB+QFAa3WHhcdwGcIkcECNipMcYDu0KBA1CSLlyVgsQLHPTubEp/8/0kC9HkZt+63dIlmR4IEnGVmUPMYmwym5Palsl3BN1LrTsA4WRIJwG4Ac4jUNCZiNF8rQu7CPa9a/mf+6NdVSJ/L9Gt1THnkzbN8xGK0CyEHWmrJ1drzC61SCfXIHxWMQn9NOegOtBkqjo6AE8KdmBmpqYqZW70t9iWFUN/wjfgwmNSM+JgUOE0s8A0B7oP+YS2gqQvbCmcP5CoPhtFwV4oNj+ZY+0dRjMF0EIh3pTsZUJhMuOK7W/fV3DpNGf7mT0WcrHd3nsgvbu+sijuM9I7ljvBGYJegvva8YP1g6OjJLckvC/nFt8Acfsqb6TaJhsEvpEQgg84Mn9vniW5zNhpIitkQVZ/DjZ0+cw5B8hWWZ65w66Xu0H4IR0RjEyuC8rDjEvdvBlKC22HiBoJvfASBlBrokIxj6YTp6je+xo7FOctmZfMOqm/yeydHJlR3z6NAY1tTnvn8VzLtXqFjwwC8wIoC944HnpZniXc1OAuIH1InIlSm9UC8eP29szuWufwPdInX2W3lE4bcJlmDMk1XxhA3dgh+HBNtZlSOuoG6ZkW/TinWHTx1GWqZ9nXNYbCptBdwCljc2TAmZzW37ZfovnYin5vaPUZQEX4Zq5fuF3YHHediwiVDbLAV2E+P0h2L4qWLFSEDzTXuI+/jsLN2a9TbuDEGBMZ5LL9tk+7A026Hw7yqkNiCjh7sIQ4OmQaIjPAeuKAUBY4jLomLCQOQfDdBbB7XLtpOJPwnM2EW1QVCPKC+WDHG+cv6ha4a4L0zsbS6VJvngfl2YKtZJrzrorBtH/enQuE/PPEal4eBrZ6DDuh0VKmnQbu4mdnrHc+06mMdBEEft3k+D5IoFUgEROoWFQ3DeY11gYCXzt0XMxYBs31S4jdbRmIe7kXsZmtZZPk=,iv:FwR1dU7UqgS9aqpNej3SbBnpAR5bqTwqxrn8SaowZrE=,tag:DlPZlqrfUKfpCZMz4/r1MQ==,type:str] credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:eC93yjQa8Id4Ub69bS5P3MlLKKgt9ZJCIT4vEIsW8yBrq+zvhGmf/sNBL/wmX+mSdxgGpbEuC75Oo0pHZMx7NFgifOIAqbdeSMBj4mw3pJqK4GLPxbEQ4sn07cs/AR1/pvbzPO18cwzrTEgKQdat2RGqJJWNmw/YcWQ9uUGYGyYIK81Mbz28QaeK9SaMAYRPB0Awh/liMVL1oOm1dTsn5BAUvEA7Co0NIcK0CkemKeBUq+WGJDKfmiApa6sWek1F4UB7wbhUR9el2zd2P0TPnuO4HO+B6tRSupQ7honmWFRKkRuC/og6xklTU1W9V/6sRAgG/raHlNwcmWozLrf3TGYSuYWWKQjabvQ9DiKsqcMyMmpisd3H9zkI+GQE0d2ORGTInf8KU6iLaLAzNeO6k1OVkrIw0EMN0fP6hN3bHT7aCHLZwFYkJoWLlRo15MNxNvaut2uCrbt9bN/vlmELLMgUX+7p+xtFhmRngZ8dZ1jO2Geqv3osCPOgspvqOOhvRwomfWxyzonpZTVe6JdH6VO7SV40G0vycMPK4WoqTcoLF845DV0TtdaSdyNea9FK6VDfj7+B2251Sqohs7eu1LlWKvO/58isZvLcCnn2HsTbcvnyJQBnTlwrpmB5U7T1rMINs8qer73eo/GpxoSMuYCcJpjdQCdcADgpIqCN9nWj6A2iidk5QqaHaXGUnV5TsNOmu65/DBgCU7WVqRIiUFC3nPzeALgBscmMCrqYJFB8UushleJsvq9yj9xXlhbYFCp2kmx0kMQG7R8dr0pjDePeVYnqjd8kxaVsQNfsHLohoxIjAHFfekDSnApQju07jPHngODe1SDqc5pxXJ1b1Nonefz80ZZhfFXcCEoUb3Njgr2OIftaeBP0EbOa28OheFxXIPm63d5WsolDPpfX2TiiQfFhxpcAzzHXSdweJfUAjes5AARCoJ0HD66qMkZ8QfbTHJQgBTOH6fqdlJJv2OdaTMhsEA9YZEF9xKdczME1qrCgNJvQdGYid7+uSzHIZyU/c4gxW7BZJdtVZzE0my2DgVYpvj3yhSz94wAUUMUOW1lJLde4zbXpgy+WY2WS4dhlvN9tBBRUgnvrBLizJCXUB75DqABYdkmyjx6STWZB42f2r2o5FasvDcjpsTjgjlujN/eTYTllRTAHlzBIE3BNsl/8w3S82eJX0VqqLvvSokRWplbPsTeoaChNhJdlbLDqVUprRLkU7C6zg7EvFYxiKnZ3KsbtL/0cLbWps7B0Oz9W9Kz2QXK7DYQy5PFovRJvrspdqPI4R4FhtggXvy8Cvj3cb6FS1h8y9d+Uf9JYGB+FvXvcr2b+ZWCEKINvArJ7Aeg7Thd5/9ptTaAxXzUG6QEWajigA5jYahDPSAEv3nLnaTS/YOCstR/uhsyTvi2ggrP2S7LN/l8Sbw1pFVdH+E1JcrVE+MP8+KQtkXLB4ggfVYC6w3OG0zNjOYsy402bLjsdz8SDgXJAedb3B097ODkHt/ZFkH70C3MOTWFrREAnQ3W2TlffJtMYfwG+6uenxu5mQ49kXQIu5qN4NzVKYuK+ly/KWAlC53ldxOeS17EjcKdqptpPadJsysm/jwX/9BFbalYcKSRgHb04pFsaL+AtSEGneqjPQBs2Z1ab7IAwEfw67aR9x7+m8FKmtkpaBzATWyf2OL0aL6dYCZ8B/Fagr9tUXWNsROBeChhiBXp+S/1JK4rsIdUEM2UleIJSjNooSJBHsz24NddfhgeTczawCSeL81OkQy1Qav770IDdFI3kNx2nKsg9d+0si+00e9JczvyaWuwgd4nJdtLevcY87/m0qgpedmyz4GPhOydvY3/07J7NWJ7vGLUqBVsbGqLqqdnXZM0z2DLYrCtwmpv0HuLZbljwsbVm2nQHvhjHrxD43MW1DN22zpAWq08hed+z1E9hBXlo/MCsltXkdW93rb440Zu4HTsPET5P1ZO+gNNIqb0oDMMLj/9WKLUospTR0S73xhRUx8CQF+PP6MP0EO0KeCoz26rY342YPkohAjKWCBhqo/6YkyQMv8VhAfF7QU74AG0F3oyPU1mMnOWavdB27nxFbsBfyVV0ccbmba2+huQmv3Hur+wEjAzHlHdESEbYQLk7efbIzh8zjiHiFHuCY1yvWoiSv0mqipTdqL1bN1yDckidSkZCzny2+PmB3rYdKiyBBmNBWwhFAAWO7EHx1N4D7tZg88pDEZNKQuUsoL1Fi5L+LQX5Y0Wm85v5R/w4OV0QSfkaU4Y1WhVAGlFjjJeDWm6f9jekYAhEL2R9bNcGOS4x17mhp735H9Ukr5lC6Iqa3r+TMaSfHdqPGqXeqpDFsBcja2LyafpiuH5fYOMiQqjRWPy1/1ASWTL/9osN+ZSD9z5cJ+qBDO15VG4DBeRAVU8415wnQf67FM8PD8HbNzdV1wAHY/wNMKbonFoLm9zn3fRDNIeb9HMynXK8i0cxlogRh4OSnysPLawJzmJyBxsiuBoUzw5dMpfrp79UOTmuRutDvtgKkQyR6Ko6qmAPUYnTLvrTSWY9uH7VLXpgwBfKZ+++Tdfo1p+cl1TObBYX4NYywFLy0HO2+I7YRse7MyrVEzEn/vE03E6rWmY/oTuNBREsH9vuJl9rPdiP9KEVL6uoRvsC2wQ6e5ar0TcUyMr96s3MtNTR9ZgXuKqoZrs38+4DTpV0rUhdVXtGKLE+OUH3+yVD+AcCFZ0/CuUz1FDlRdYCrPRD+cWlxKVCrS4aNV1KmdNl5DBE/G4gdf9u4MQoiTItJ6tX22eugJ6/EY366HR+vvh3u5NjhW8uG0KHMtjzSV75uxNC/1v5qeh90oaL+bKKgHBKHbs8zQX4o8Vf6m6zjQOCnPSyWFLVrQciXCDqjVafdI/SLCNxDKfTe0ZQLVzkNcjNK3S7H63E5jq5swPKB8npoZ3atscHgaa46wQgo4QumZdczDxzB/aMmTPpOB4cHydwTSy91Iv6QqjuWxaUdqCNrzMquo5HPKB5IdcsTpeW7iO403Qr/xhB3/eNPWU6LfjWN+hjnTdwt//8B6mOIYSuXY/OguR1XzabcxhqV9XDzuS6qE0iX0+FrZjuoBIdbZGs7hmDtG12/OITOciqcfeVU208SNx5/ROTiJx6XBrIcPdTsKAR2TIq6JG9P35cme9kSuEnJFjBDmvlD267arJ+LV+3MUZmt1qZriRfP4tmdlmkQ59s8QfZVW/L7s5DSWUFgXCpNn6Lazdejj3Ywun1bo62tM3DHcSUdDh3kfskiHEJ1lAuEZtFDJ8EPLMQ1eocowaKAiUJwod8ROih6G6S1qEifOCB1ns67CpQ/flfn3fBKtGiYvKb0993i5PLYuM5Aqs/9vo6QgKc8LHQuKLbNREs/Lvae6jLtzanNjSFIdITOAr1Ktlhp0ZzhnD/tvgkBex3Kx7u7Izlz90nvpG0hw8siXuRNfQTu6zyN+CmxXTS3SJPlQ==,iv:Azu/spL2e3S8phNkdvub23q5EGC32VLNtkbLHfzFRJ8=,tag:YyaUvje5hIf+GqCmjPubfQ==,type:str] sops: kms: [] gcp_kms: [] @@ -13,14 +13,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw - MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 - V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 - THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 - DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbTJ4Q2lkWnp2Um5ZYjVZ + SjRmU1g2SVd6NCtMZEkyL2hHemlBSGhlMGh3ClVUckVtM3dlYU1IYXNSdVV2Ymd2 + U0FSQlJvUkthclRFWnB4ck9FY0lKdVEKLS0tIGZQT1c5VTZEWExGZ3duZEI3cExC + RDA2Rzl4eG5UdVNKRFpFMThtNnl2aE0K7IaaTNZIGTTdck/xPGGYYdZTZBEzGZ3U + iAZLLL+Aons4oSO2NRL7P/Bxx9n6eyXQsYVzo+FkM/Wzz3ReiKaVjA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-22T23:43:36Z" - mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] + lastmodified: "2024-06-27T15:57:41Z" + mac: ENC[AES256_GCM,data:OlIN1jNrcc3MWjaeD4IWUYJi+PA+RDf+KgD3XnttSPPqXX7iBwV0tSpoZ4tXsJSfAGzXTauOC3goFWH/uPHDJVyxFt0SrB0+sW4/YN7MPPzxmYo63XkEgA/3fmMSpZkUEitTwZOUGhSVWgHwBXJ6UGGZ0yRqb47w8VlVlbOt6zg=,iv:eZWX5LFA5E0aGCkTuwUbC5hWrzE9LW2ejR7amXsIAEo=,tag:xcUwqLpeS0wtrWmw+D2oWQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index ffe6efa..764441f 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -1,8 +1,12 @@ dbinstances: + postgres16-gitea: + secrets: + adminUser: ENC[AES256_GCM,data:vMINVc9s2Es=,iv:Ry5so0+WPntFh6c3nMojw5b4vONdq+Ys5F7256psGaw=,tag:YbWaWwZ5SiYMOSXQ9n9t8A==,type:str] + adminPassword: ENC[AES256_GCM,data:xqlIJgMylef69LEC1M8s16UPCnaPlZuokO+rBPWC11ruBEkBD2FHOEvkCMsGcnPldmQ=,iv:WBO4LFIFGU8q9rWxFYdUac650QxOfmOT0b0PmOsdVZU=,tag:QpFfVINvBkrWW0+pPyj6Og==,type:str] postgres16: secrets: - adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] - adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] + adminUser: ENC[AES256_GCM,data:NsrkusJt+1c=,iv:MA8vXZRhOeO8XilEgpwiqvoJbNjghTcl4CJmHE5mjR0=,tag:awYDx0rT2HCIm6zDvG5L4w==,type:str] + adminPassword: ENC[AES256_GCM,data:cgEW0YTi5MRgGEVAfCvRjPmzLtzy,iv:I7+VS6pZGUrd9To8+eX7EoIoQg099kaYeWXMXKfkS50=,tag:n9LgvnvSa3JjyB+gwT3lQw==,type:str] sops: kms: [] gcp_kms: [] @@ -12,14 +16,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl - RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx - Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho - d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq - Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSG10ditaUG8rTlhaVUhs + cXJHQ2JXaW9IalZHN21ZZGQrZzZ1T1FOWlRRCkZOc2JmNDh5M3YzSXNTa3R2U2hj + ckVRVklsRlh1RlFES3JDdjBPSkxVN2sKLS0tIHVzL2VQbnFnUklyamNvN1VmUW5W + d0xSNVM5OWxzbW9YRUE1ZEhZZ3dtR1EKI01GcMKUlu6mU237nGipXghGB/sduRjn + AKpwYgh9IN55ZrDRUsZOHBkded5IlQAwcmbJIjxJi1Ce5XMSQnKF4Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-17T01:05:06Z" - mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] + lastmodified: "2024-06-28T15:55:32Z" + mac: ENC[AES256_GCM,data:reAQfZlF8N/0BiMFe0ayCzNmHTpPECKSdpTKACA4MFbCu7BHoPJjnn+rOwvonIGoZE2BVQx4pyKjWSLkRyog9EBg2/5VMh+jm5VjgrK5ztbK1RpSQV5pnQaQXDgT7VFAx1WYpg+gfgO2JxA5vHgvRlarjzPp0AJdoo3MmvCoHBg=,iv:S2f8fqMGq76dsGUK4fYLTWcFdv2mMq580Lih79Rfc68=,tag:fOvKeOl/sMFb9bQhHy/GeA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 55bd2b4..139dcc0 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str] - password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str] + username: ENC[AES256_GCM,data:rcTmdLge12Q=,iv:NI5oBD3KpfrHmqy4YAfjf2Zw+NJxhqXnFlxy+Ht+TIg=,tag:i58IbKkc/RKQdsESQToCHg==,type:str] + password: ENC[AES256_GCM,data:RJ4jO8+d5zR4s/7QNzw3IdEZw6Q=,iv:e/Uuth+rdWYLxQhdDaKiLV9eGyDh3c2o6ObHsnUT6FQ=,tag:cE/ZNadxTTRt/XW9oYMfaQ==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str] + PASSWD: ENC[AES256_GCM,data:vxpdjf8RmLzi9sfAAl6rWXR9B+A=,iv:n+Yc4d8NJBHx26PSXoI/LMFXlXzWalNuRmNKeV3bPB0=,tag:KTpMNFB8DKneRhWdlG8pEw==,type:str] database: - PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str] + PASSWD: ENC[AES256_GCM,data:Lfhx3j4Q1i9srZ8yQ9PwuOCQz/0q2qo=,iv:MW6XyuG4L/2KjuK5glWMF9nYBlbsAHn0NJqlR0le+Lk=,tag:N3ZBuovYISutMY8SIfvwbg==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:oocuP9ddSMRKvsdWKsuc++yNwyy2g4jxhfYSHmXFlE8DB4YN2hcnR8cADunwjr+dmdbUsuazzasCGVJNTn590ftZ4+8T0lDOZlHeQb9MbAXfu6u3J0hw7sKSuzqgDMmFyFP4etfflqzl6nvJjGp8xPv0ZHTaYk8lZSh357VjSg==,iv:/zCwb49eglEN9z5ui61njFHNwliSjgEx8Jf4Nea0rp0=,tag:t3O7Mib4WzdLFWEpDWdJfA==,type:str] cache: - HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str] + HOST: ENC[AES256_GCM,data:h8WMw/IcWae/rfVv2UeCOSavjmq2P+kiGRA59SGRiSowFnqh57FIoVxLFIiqfsOqt5GrJh5H9WKAawDPsEBRhCdy0ciB0O5t/t7aBWZ4+YV5noWQTvfQB39vqAp3EXGhYAo5qsdEk8x0shFs3LbO0nnrFYggmZbHErsiHsnv1g==,iv:tIm03iYdmwWOQpIOMfUuF+GeAGbtrVgxStn0fzN2TE4=,tag:xo5hB0u/ybwoR38pK5BMqg==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str] + CONN_STR: ENC[AES256_GCM,data:dZNUXJYpGAD9AyFoK9q4r1sawQTJN4Jd8pRn4ArWzgWZlPIqtqsIZyuS/v+JTzLf3ovjEQoBtm1lSBoXrtkWfeny5KmCoWZRvT6/SmBgpO0RjkdSEGwo9GTnWbcgK0uzjg2hQojUKBLkIsxSv9h/ZEGUQ5dSd8Hb+y09hvcGVw==,iv:b0SuaiixzJ719GOShswZqj5qgaHqtjyeKAGbxlo155w=,tag:e5hmBEvZEQ3WTALHkoVUSA==,type:str] oauth: - - name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str] - provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str] - key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str] - secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str] + - name: ENC[AES256_GCM,data:Zm+sSCp0,iv:aZfvNxE0Y6urfByvpM+oA2CH+zZfFaaRL2KPVu11FQQ=,tag:uRArqbkp7SIebztUS+nDxA==,type:str] + provider: ENC[AES256_GCM,data:EI+yEwyd,iv:QqZObgWEUiXvdMn0VCm/lpzReTIeucWhh5aB8yQ2JeQ=,tag:hD72fCo7+h3LNIlQ3NAcJg==,type:str] + key: ENC[AES256_GCM,data:gM8p5PONOwdM9g+ZvM9INkJY3NI=,iv:ibQyiXIuXPJTmixintxbc/BsMID1vh28QNvdsDbI5Fw=,tag:KGB/MDQRXdAiJ1wauyRs5g==,type:str] + secret: ENC[AES256_GCM,data:Rmgl2K4n1TM1jd25bOM0VmjaM45kHlH9AHMbHCl/zQX7x8BwHG+Jkw==,iv:D9KHktqo7FQJ+tlJLAVlOuceGNKU3eAFSQv8fj8WKWE=,tag:NfTNy8fX3vsF/OgZVQnt+A==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ - M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5 - TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC - OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X - RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5oQmlrdFVQd1VNaHBM + dDlkYWVZR3dQRkxOYlhHek9PRmZZNm1pVXdzCjgvVkpOUnhNZll2QXNiY1Jyenhn + Uk9XSWtiK3FWSzJ0NHV5c3lCdDN1VEkKLS0tIEY2dTNNQS84M2xFeUZETCsxT0Vr + Z1NYdXFpdXlBSzNIeXEzYlNJZXRkZ2sKr5Wifcy7HNLYwhD8rPkHKwsaTZXDm9sn + gJnlmBIzz73oHB0Tw07YiRWkZd3JNgFCuWm03x+F72Yk4QAvUq/q3w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-09T09:32:40Z" - mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str] + lastmodified: "2024-06-28T16:06:23Z" + mac: ENC[AES256_GCM,data:RKe1RMx1A9k2/41QOoQn+TK0dCmSZ0h9jBlkqOWT5lPLzWHJudv7BpZOTgBcHEExmNLYgFJvevUDpwC04ZMrvZ5VCPnlLZbEGzutpYi3/Ieu3Yc/XeWGYUW++yErzzHSP47IA+NxHba2MiBIOWW7txkm+3oUeMbKLLQ5ILvAQyY=,iv:HYpyrOMaa5VrQd/ZtOk47wJoOHjZmMqqazJZ0hQ5wp0=,tag:VNKstOYqHUzpNme3yBtUkQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.postgres16-gitea.yaml b/badhouseplants/values/secrets.postgres16-gitea.yaml new file mode 100644 index 0000000..d19a46d --- /dev/null +++ b/badhouseplants/values/secrets.postgres16-gitea.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:4hWLoVdIKbRllUcRcLrnTmn49sZTfT8WJVf7np+eycp1tvPuxvr+1LuZUSFsmBH1l5Q=,iv:5TyazJWw5AeaUPq2uBLu6h5GjGIZzUDosaclTk+0Sp8=,tag:07IYy3U+ZFd3PZ41fN9Wug==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cUM5SnJIZGVXSXJsSkRS + dDZsWWJmODMxQ0JYQUVVNEJ0djhtWjdTNXg4ClYzZ2JFeXZicHRobUt0NHJDcXBn + NkZ2Q2JpaXIzdEUwODlLbUdwaUJiRkUKLS0tIFhMbnFRaHgxTXhXM3lLUEpRb3hS + aHltWVpVMUZQMUxNZlVFb1JEbFdKcVUK1dMISCWCZo+XJTp3ECToue5Q3I9lfGoT + yxVkq+M3UZUkAkJ/dMZBOCqAuaSdCCa1NqN6J3IlFaxGLasEDffHaA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-28T15:56:26Z" + mac: ENC[AES256_GCM,data:EyeLowunCJcO8Gzd314Gjc434g170R56OyGNG4iywfoaCsY6Kd5EJm7PeEPKsLx+f4M5vfxSD+pkJUABa1MALXgveHZXdiINg1MgpcOw02r2lYIN21ywSz/UJKxz0xZsWaJTnCkVfG2aHmOEFAlcm8wtalctzSeI0qB5RvSkJ8U=,iv:K5SEFucGJPPhl5vWIEjc7Ptx3sv44aXw/2PDMKv6H4s=,tag:LZm7C1M6bB++YUbqC3YYPg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.authentik.yaml b/badhouseplants/values/values.authentik.yaml new file mode 100644 index 0000000..be006ea --- /dev/null +++ b/badhouseplants/values/values.authentik.yaml @@ -0,0 +1,56 @@ +--- +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: + enabled: true + name: authentik-postgres16 + instance: postgres16 + credentials: + host: "{{ .Hostname }}" + username: "{{ .Username }}" + password: "{{ .Password }}" + database: "{{ .Database }}" +authentik: + postgresql: + host: file:///postgres-creds/host + user: file:///postgres-creds/username + password: file:///postgres-creds/password + name: file:///postgres-creds/database + secret_key: "TKSzEEQnu$^GKtHDMSVb!&Z8f5EuwTxC&^EZXeRKXWf%Vk53w5" + # This sends anonymous usage-data, stack traces on errors and + # performance data to authentik.error-reporting.a7k.io, and is fully opt-in + error_reporting: + enabled: false +redis: + enabled: true +server: + ingress: + annotations: + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + enabled: true + hosts: + - authentik.badhouseplants.net + tls: + - secretName: authentik-tls-secret + hosts: + - authentik.badhouseplants.net + volumes: + - name: postgres-creds + secret: + secretName: authentik-postgres16-creds + volumeMounts: + - name: postgres-creds + mountPath: /postgres-creds + readOnly: true +worker: + volumes: + - name: postgres-creds + secret: + secretName: authentik-postgres16-creds + volumeMounts: + - name: postgres-creds + mountPath: /postgres-creds + readOnly: true + diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index bfd0e1d..9a26143 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -1,5 +1,15 @@ --- dbinstances: + postgres16-gitea: + monitoring: + enabled: false + adminSecretRef: + Name: postgres16-gitea-secret + Namespace: databases + engine: postgres + generic: + host: postgres16-gitea-postgresql.databases.svc.cluster.local + port: 5432 postgres16: monitoring: enabled: false diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 16d0606..ff7f32b 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -33,6 +33,7 @@ celery: ingress: enabled: true annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure kubernetes.io/ingress.class: traefik kubernetes.io/tls-acme: "true" kubernetes.io/ingress.allow-http: "false" diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 607d4bd..2f11747 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,4 +1,12 @@ --- +traefik: + enabled: true + tcpRoutes: + - name: gitea-ssh + service: gitea-ssh + match: HostSNI(`*`) + entrypoint: ssh + port: 22 # ------------------------------------------ # -- Database extension is used to manage # -- database with db-operator @@ -6,7 +14,7 @@ ext-database: enabled: true name: gitea-postgres16 - instance: postgres16 + instance: postgres16-gitea # ------------------------------------------ # -- Kubernetes related values @@ -19,6 +27,7 @@ ingress: kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: "" cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure hosts: - host: git.badhouseplants.net paths: @@ -33,11 +42,11 @@ clusterDomain: cluster.local resources: limits: - cpu: 300m - memory: 512Mi + cpu: 512m + memory: 1024Mi requests: - cpu: 50m - memory: 128Mi + cpu: 512m + memory: 256Mi persistence: enabled: true @@ -57,9 +66,9 @@ gitea: config: database: DB_TYPE: postgres - HOST: postgres16-postgresql.database-service.svc.cluster.local - NAME: gitea-service-gitea-postgres16 - USER: gitea-service-gitea-postgres16 + HOST: postgres16-gitea-postgresql.databases.svc.cluster.local + NAME: applications-gitea-postgres16 + USER: applications-gitea-postgres16 APP_NAME: Bad Houseplants Gitea ui: meta: @@ -105,10 +114,12 @@ gitea: SMTP_PORT: 587 USER: overlord@badhouseplants.net indexer: - REPO_INDEXER_ENABLED: true + REPO_INDEXER_ENABLED: false REPO_INDEXER_PATH: indexers/repos.bleve MAX_FILE_SIZE: 1048576 REPO_INDEXER_EXCLUDE: resources/bin/** + picture: + ENABLE_FEDERATED_AVATAR: false service: ssh: type: ClusterIP diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 966fbac..8023e10 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,4 +1,4 @@ ---- + # ------------------------------------------ # -- Database extension is used to manage # -- database with db-operator @@ -57,14 +57,17 @@ traefik: subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - - badhouseplants.net - email.badhouseplants.net +extraTls: + - hosts: + - badhouseplants.net + secretName: mailu-root-domain domain: badhouseplants.net persistence: single_pvc: false limits: messageRatelimit: - value: "10/day" + value: "100/day" tls: outboundLevel: secure ingress: @@ -76,12 +79,18 @@ ingress: kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: "" cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure tlsFlavorOverride: mail - realIpFrom: traefik.kube-system.svc.cluster.local - realIpHeader: "X-Real-IP" + # realIpFrom: traefik.kube-system.svc.cluster.local + # realIpHeader: "X-Real-IP" front: hostPort: enabled: false + extraEnvVars: + - name: PROXY_PROTOCOL + value: "mail" + - name: REAL_IP_FROM + value: "10.244.0.0/16,10.43.0.0/16" admin: resources: requests: @@ -89,7 +98,15 @@ admin: cpu: 70m limits: memory: 700Mi - cpu: 400m + cpu: 600m + startupProbe: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + persistence: size: 1Gi redis: diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 19b39a0..f2ccb1d 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -28,6 +28,7 @@ ingress: kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: "" cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure path: / hosts: - s3.badhouseplants.net @@ -44,6 +45,7 @@ consoleIngress: kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: "" cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure path: / hosts: - minio.badhouseplants.net diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index c11513c..b4ef325 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -12,7 +12,6 @@ namespaces: - name: gitea-service - name: funkwhale-application - name: database-service - - name: mail-service - name: vaultwarden-application - name: woodpecker-ci - name: openvpn-service @@ -21,3 +20,8 @@ namespaces: istio-injection: enabled - name: badhouseplants-preview - name: kube-services + - name: databases + - name: applications + - name: development + - name: devops + - name: games diff --git a/badhouseplants/values/values.postgres16-gitea.yaml b/badhouseplants/values/values.postgres16-gitea.yaml new file mode 100644 index 0000000..2851516 --- /dev/null +++ b/badhouseplants/values/values.postgres16-gitea.yaml @@ -0,0 +1,35 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false +primary: + resources: + limits: + ephemeral-storage: 1Gi + memory: 512Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 256Mi + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsNonRoot: false + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml index 92cef0b..844da46 100644 --- a/badhouseplants/values/values.postgres16.yaml +++ b/badhouseplants/values/values.postgres16.yaml @@ -9,6 +9,14 @@ persistence: metrics: enabled: false primary: + resources: + limits: + ephemeral-storage: 1Gi + memory: 512Mi + requests: + cpu: 512m + ephemeral-storage: 50Mi + memory: 128Mi podSecurityContext: enabled: true fsGroupChangePolicy: Always diff --git a/badhouseplants/values/values.traefik.yaml b/badhouseplants/values/values.traefik.yaml index fb92321..bff1302 100644 --- a/badhouseplants/values/values.traefik.yaml +++ b/badhouseplants/values/values.traefik.yaml @@ -4,7 +4,7 @@ service: spec: externalTrafficPolicy: Local ports: - git-ssh: + ssh: port: 22 expose: default: true @@ -45,7 +45,7 @@ ports: protocol: TCP exposedPort: 587 expose: - default: true + default: true imap: port: 143 protocol: TCP diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index 8114432..6d15088 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -64,6 +64,7 @@ vaultwarden: ingress: enabled: true annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure kubernetes.io/ingress.class: traefik kubernetes.io/tls-acme: "true" kubernetes.io/ingress.allow-http: "false" diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml index 7796066..f1f9daa 100644 --- a/badhouseplants/values/values.vaultwardentest.yaml +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -43,6 +43,7 @@ ingress: enabled: true annotations: kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure kubernetes.io/tls-acme: "true" kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: "" diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 62ced72..b559413 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -26,6 +26,7 @@ server: kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: "" cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure hosts: - host: ci.badhouseplants.net paths: diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index 753b7ae..b28628d 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -2,6 +2,7 @@ ingress: enabled: true className: ~ annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure kubernetes.io/ingress.class: traefik kubernetes.io/tls-acme: "true" kubernetes.io/ingress.allow-http: "false" diff --git a/common/values.database.yaml b/common/values.database.yaml index eba45ae..d4831e9 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -19,7 +19,7 @@ ext-database: templates: {{- range $key, $value := .Values.credentials }} - name: {{ $key }} - template: {{ $value }} + template: {{ $value | quote }} secret: true {{- end }} {{- end }} diff --git a/common/values.tcp-route.yaml b/common/values.tcp-route.yaml index c293c38..5331ede 100644 --- a/common/values.tcp-route.yaml +++ b/common/values.tcp-route.yaml @@ -15,6 +15,6 @@ traefik: - match: {{ .match }} services: - name: {{ .service }} - nativeLB: false + nativeLB: true port: {{ .port }} {{- end }} diff --git a/releases.yaml b/releases.yaml index f07b763..5ba7a54 100644 --- a/releases.yaml +++ b/releases.yaml @@ -251,26 +251,7 @@ templates: # ---------------------------- # -- Drone # ---------------------------- - drone-common: - labels: - bundle: drone - drone: &drone - name: drone - chart: drone/drone - version: 0.6.5 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: drone-common - drone-runner-docker: &drone-runner-docker - name: drone-runner-docker - chart: drone/drone-runner-docker - version: 0.6.2 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: drone-common woodpecker-ci: &woodpecker-ci name: woodpecker-ci @@ -304,6 +285,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-tcp-routes - template: ext-database funkwhale: &funkwhale @@ -326,15 +308,27 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.5.3 + version: 19.6.0 inherit: - template: default-env-values - template: default-env-secrets postgres16: &postgres16 + labels: + bundle: postgres name: postgres16 chart: bitnami/postgresql - version: 15.5.5 + version: 15.5.11 + inherit: + - template: default-env-values + - template: default-env-secrets + + postgres16-gitea: &postgres16-gitea + labels: + bundle: postgres + name: postgres16-gitea + chart: bitnami/postgresql + version: 15.5.11 inherit: - template: default-env-values - template: default-env-secrets @@ -363,7 +357,7 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.3.1 + version: 2.4.0 inherit: - template: default-env-values - template: ext-tcp-routes @@ -393,7 +387,8 @@ templates: mailu: &mailu name: mailu chart: mailu/mailu - version: 1.5.0 + namespace: applications + version: 2.0.0 inherit: - template: default-env-values - template: default-env-secrets @@ -462,3 +457,12 @@ templates: inherit: - template: default-env-values + authentik: &authentik + name: authentik + chart: goauthentik/authentik + version: 2024.6.0 + namespace: applications + createNamespace: false + inherit: + - template: default-env-values + - template: ext-database diff --git a/repositories.yaml b/repositories.yaml index 5ffcf86..cf3feec 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -31,8 +31,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - # - name: allanger-gitea - # url: https://git.badhouseplants.net/api/packages/allanger/helm + #- name: allanger-gitea + # url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker @@ -63,3 +63,5 @@ repositories: url: https://traefik.github.io/charts - name: local-path-provisioner url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26 + - name: goauthentik + url: https://charts.goauthentik.io/ diff --git a/scripts/migrate_postgres.sh b/scripts/migrate_postgres.sh index 33fa417..3c6c971 100644 --- a/scripts/migrate_postgres.sh +++ b/scripts/migrate_postgres.sh @@ -2,12 +2,16 @@ export PGHOST=$OLD_PGHOST export PGPASSWORD=$OLD_PGPASSWORD export PGDATABASE=$OLD_PGDATABASE +export PGPORT=$OLD_PGPORT +export PGUSER=$OLD_PGUSER DUMP_FILE=/tmp/$PGDATABASE.dump pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv export PGHOST=$NEW_PGHOST export PGPASSWORD=$NEW_PGPASSWORD export PGDATABASE=$NEW_PGDATABASE +export PGPORT=$NEW_PGPORT +export PGUSER=$NEW_PGUSER pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""