badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

A lot of stuff

Browse Source
This commit is contained in:
Nikolai Rodionov 2024-06-29 19:10:51 +02:00
parent 766e9a9954
commit 96c27e6df1
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
24 changed files with 283 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
badhouseplants/helmfile.yaml
View File

@ -2,6 +2,15 @@
{{ readFile "../releases.yaml" }}
releases:
- <<: *istio-base
installed: true
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: true
namespace: istio-system
createNamespace: false
- <<: *namespaces
installed: true
- <<: *roles
@ -10,9 +19,9 @@ releases:
installed: true
- <<: *cilium
installed: true
- <<: *authentik
- <<: *local-path-provisioner
- <<: *mailu
- <<: *zot
installed: true
- <<: *keel
@ -30,7 +39,7 @@ releases:
- <<: *gitea
installed: true
namespace: gitea-service
namespace: applications
createNamespace: false
- <<: *funkwhale
@ -53,6 +62,9 @@ releases:
namespace: database-service
createNamespace: true
- <<: *postgres16-gitea
namespace: databases
createNamespace: false
- <<: *db-operator
installed: true
namespace: database-service
@ -89,15 +101,10 @@ releases:
createNamespace: false
- <<: *docker-mailserver
installed: true
installed: false
namespace: applications
createNamespace: true
- <<: *mailu
installed: false
namespace: mailu-application
createNamespace: false
- <<: *longhorn
installed: true
namespace: longhorn-system

18
badhouseplants/values/secrets.argocd.yaml
View File

@ -1,9 +1,9 @@
configs:
cm:
dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str]
dex.config: ENC[AES256_GCM,data:LCLzkdGS1CqPGPCpkf/Zqqk046aUlc1fiptooZnHN6qlJaSa18O2I6/t2sCZ+4V/5nkX5jX8EYpQ+S5gzqwnVdCfmgLNZMXHMM6MtRRvlX3sBxygT8KfQQN/aPb2A/n/sebDYV5P5ykzNAzbGLjJ5fc6Nz/QJTaPIBvHrez5VQZY3NBkP4fXb8gRYD3yw9mA4V0wXlW2sDlPmvnGMcj/RTvJGWhbtX/pWMSaLHBPoAR7wp/sTUDzkcRSvfANimzyXe8B5Zz+Xgo4bUV9T8lr5+rdxAYOlP0deg2lBR7mXr86JqVhLZp2Y8v6DNO3MgBmXzpbkIhg8hc7Tbe6I5+mqIZpIc7YPFJM7DhOB+QFAa3WHhcdwGcIkcECNipMcYDu0KBA1CSLlyVgsQLHPTubEp/8/0kC9HkZt+63dIlmR4IEnGVmUPMYmwym5Palsl3BN1LrTsA4WRIJwG4Ac4jUNCZiNF8rQu7CPa9a/mf+6NdVSJ/L9Gt1THnkzbN8xGK0CyEHWmrJ1drzC61SCfXIHxWMQn9NOegOtBkqjo6AE8KdmBmpqYqZW70t9iWFUN/wjfgwmNSM+JgUOE0s8A0B7oP+YS2gqQvbCmcP5CoPhtFwV4oNj+ZY+0dRjMF0EIh3pTsZUJhMuOK7W/fV3DpNGf7mT0WcrHd3nsgvbu+sijuM9I7ljvBGYJegvva8YP1g6OjJLckvC/nFt8Acfsqb6TaJhsEvpEQgg84Mn9vniW5zNhpIitkQVZ/DjZ0+cw5B8hWWZ65w66Xu0H4IR0RjEyuC8rDjEvdvBlKC22HiBoJvfASBlBrokIxj6YTp6je+xo7FOctmZfMOqm/yeydHJlR3z6NAY1tTnvn8VzLtXqFjwwC8wIoC944HnpZniXc1OAuIH1InIlSm9UC8eP29szuWufwPdInX2W3lE4bcJlmDMk1XxhA3dgh+HBNtZlSOuoG6ZkW/TinWHTx1GWqZ9nXNYbCptBdwCljc2TAmZzW37ZfovnYin5vaPUZQEX4Zq5fuF3YHHediwiVDbLAV2E+P0h2L4qWLFSEDzTXuI+/jsLN2a9TbuDEGBMZ5LL9tk+7A026Hw7yqkNiCjh7sIQ4OmQaIjPAeuKAUBY4jLomLCQOQfDdBbB7XLtpOJPwnM2EW1QVCPKC+WDHG+cv6ha4a4L0zsbS6VJvngfl2YKtZJrzrorBtH/enQuE/PPEal4eBrZ6DDuh0VKmnQbu4mdnrHc+06mMdBEEft3k+D5IoFUgEROoWFQ3DeY11gYCXzt0XMxYBs31S4jdbRmIe7kXsZmtZZPk=,iv:FwR1dU7UqgS9aqpNej3SbBnpAR5bqTwqxrn8SaowZrE=,tag:DlPZlqrfUKfpCZMz4/r1MQ==,type:str]
credentialTemplates:
ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str]
sshPrivateKey: ENC[AES256_GCM,data:eC93yjQa8Id4Ub69bS5P3MlLKKgt9ZJCIT4vEIsW8yBrq+zvhGmf/sNBL/wmX+mSdxgGpbEuC75Oo0pHZMx7NFgifOIAqbdeSMBj4mw3pJqK4GLPxbEQ4sn07cs/AR1/pvbzPO18cwzrTEgKQdat2RGqJJWNmw/YcWQ9uUGYGyYIK81Mbz28QaeK9SaMAYRPB0Awh/liMVL1oOm1dTsn5BAUvEA7Co0NIcK0CkemKeBUq+WGJDKfmiApa6sWek1F4UB7wbhUR9el2zd2P0TPnuO4HO+B6tRSupQ7honmWFRKkRuC/og6xklTU1W9V/6sRAgG/raHlNwcmWozLrf3TGYSuYWWKQjabvQ9DiKsqcMyMmpisd3H9zkI+GQE0d2ORGTInf8KU6iLaLAzNeO6k1OVkrIw0EMN0fP6hN3bHT7aCHLZwFYkJoWLlRo15MNxNvaut2uCrbt9bN/vlmELLMgUX+7p+xtFhmRngZ8dZ1jO2Geqv3osCPOgspvqOOhvRwomfWxyzonpZTVe6JdH6VO7SV40G0vycMPK4WoqTcoLF845DV0TtdaSdyNea9FK6VDfj7+B2251Sqohs7eu1LlWKvO/58isZvLcCnn2HsTbcvnyJQBnTlwrpmB5U7T1rMINs8qer73eo/GpxoSMuYCcJpjdQCdcADgpIqCN9nWj6A2iidk5QqaHaXGUnV5TsNOmu65/DBgCU7WVqRIiUFC3nPzeALgBscmMCrqYJFB8UushleJsvq9yj9xXlhbYFCp2kmx0kMQG7R8dr0pjDePeVYnqjd8kxaVsQNfsHLohoxIjAHFfekDSnApQju07jPHngODe1SDqc5pxXJ1b1Nonefz80ZZhfFXcCEoUb3Njgr2OIftaeBP0EbOa28OheFxXIPm63d5WsolDPpfX2TiiQfFhxpcAzzHXSdweJfUAjes5AARCoJ0HD66qMkZ8QfbTHJQgBTOH6fqdlJJv2OdaTMhsEA9YZEF9xKdczME1qrCgNJvQdGYid7+uSzHIZyU/c4gxW7BZJdtVZzE0my2DgVYpvj3yhSz94wAUUMUOW1lJLde4zbXpgy+WY2WS4dhlvN9tBBRUgnvrBLizJCXUB75DqABYdkmyjx6STWZB42f2r2o5FasvDcjpsTjgjlujN/eTYTllRTAHlzBIE3BNsl/8w3S82eJX0VqqLvvSokRWplbPsTeoaChNhJdlbLDqVUprRLkU7C6zg7EvFYxiKnZ3KsbtL/0cLbWps7B0Oz9W9Kz2QXK7DYQy5PFovRJvrspdqPI4R4FhtggXvy8Cvj3cb6FS1h8y9d+Uf9JYGB+FvXvcr2b+ZWCEKINvArJ7Aeg7Thd5/9ptTaAxXzUG6QEWajigA5jYahDPSAEv3nLnaTS/YOCstR/uhsyTvi2ggrP2S7LN/l8Sbw1pFVdH+E1JcrVE+MP8+KQtkXLB4ggfVYC6w3OG0zNjOYsy402bLjsdz8SDgXJAedb3B097ODkHt/ZFkH70C3MOTWFrREAnQ3W2TlffJtMYfwG+6uenxu5mQ49kXQIu5qN4NzVKYuK+ly/KWAlC53ldxOeS17EjcKdqptpPadJsysm/jwX/9BFbalYcKSRgHb04pFsaL+AtSEGneqjPQBs2Z1ab7IAwEfw67aR9x7+m8FKmtkpaBzATWyf2OL0aL6dYCZ8B/Fagr9tUXWNsROBeChhiBXp+S/1JK4rsIdUEM2UleIJSjNooSJBHsz24NddfhgeTczawCSeL81OkQy1Qav770IDdFI3kNx2nKsg9d+0si+00e9JczvyaWuwgd4nJdtLevcY87/m0qgpedmyz4GPhOydvY3/07J7NWJ7vGLUqBVsbGqLqqdnXZM0z2DLYrCtwmpv0HuLZbljwsbVm2nQHvhjHrxD43MW1DN22zpAWq08hed+z1E9hBXlo/MCsltXkdW93rb440Zu4HTsPET5P1ZO+gNNIqb0oDMMLj/9WKLUospTR0S73xhRUx8CQF+PP6MP0EO0KeCoz26rY342YPkohAjKWCBhqo/6YkyQMv8VhAfF7QU74AG0F3oyPU1mMnOWavdB27nxFbsBfyVV0ccbmba2+huQmv3Hur+wEjAzHlHdESEbYQLk7efbIzh8zjiHiFHuCY1yvWoiSv0mqipTdqL1bN1yDckidSkZCzny2+PmB3rYdKiyBBmNBWwhFAAWO7EHx1N4D7tZg88pDEZNKQuUsoL1Fi5L+LQX5Y0Wm85v5R/w4OV0QSfkaU4Y1WhVAGlFjjJeDWm6f9jekYAhEL2R9bNcGOS4x17mhp735H9Ukr5lC6Iqa3r+TMaSfHdqPGqXeqpDFsBcja2LyafpiuH5fYOMiQqjRWPy1/1ASWTL/9osN+ZSD9z5cJ+qBDO15VG4DBeRAVU8415wnQf67FM8PD8HbNzdV1wAHY/wNMKbonFoLm9zn3fRDNIeb9HMynXK8i0cxlogRh4OSnysPLawJzmJyBxsiuBoUzw5dMpfrp79UOTmuRutDvtgKkQyR6Ko6qmAPUYnTLvrTSWY9uH7VLXpgwBfKZ+++Tdfo1p+cl1TObBYX4NYywFLy0HO2+I7YRse7MyrVEzEn/vE03E6rWmY/oTuNBREsH9vuJl9rPdiP9KEVL6uoRvsC2wQ6e5ar0TcUyMr96s3MtNTR9ZgXuKqoZrs38+4DTpV0rUhdVXtGKLE+OUH3+yVD+AcCFZ0/CuUz1FDlRdYCrPRD+cWlxKVCrS4aNV1KmdNl5DBE/G4gdf9u4MQoiTItJ6tX22eugJ6/EY366HR+vvh3u5NjhW8uG0KHMtjzSV75uxNC/1v5qeh90oaL+bKKgHBKHbs8zQX4o8Vf6m6zjQOCnPSyWFLVrQciXCDqjVafdI/SLCNxDKfTe0ZQLVzkNcjNK3S7H63E5jq5swPKB8npoZ3atscHgaa46wQgo4QumZdczDxzB/aMmTPpOB4cHydwTSy91Iv6QqjuWxaUdqCNrzMquo5HPKB5IdcsTpeW7iO403Qr/xhB3/eNPWU6LfjWN+hjnTdwt//8B6mOIYSuXY/OguR1XzabcxhqV9XDzuS6qE0iX0+FrZjuoBIdbZGs7hmDtG12/OITOciqcfeVU208SNx5/ROTiJx6XBrIcPdTsKAR2TIq6JG9P35cme9kSuEnJFjBDmvlD267arJ+LV+3MUZmt1qZriRfP4tmdlmkQ59s8QfZVW/L7s5DSWUFgXCpNn6Lazdejj3Ywun1bo62tM3DHcSUdDh3kfskiHEJ1lAuEZtFDJ8EPLMQ1eocowaKAiUJwod8ROih6G6S1qEifOCB1ns67CpQ/flfn3fBKtGiYvKb0993i5PLYuM5Aqs/9vo6QgKc8LHQuKLbNREs/Lvae6jLtzanNjSFIdITOAr1Ktlhp0ZzhnD/tvgkBex3Kx7u7Izlz90nvpG0hw8siXuRNfQTu6zyN+CmxXTS3SJPlQ==,iv:Azu/spL2e3S8phNkdvub23q5EGC32VLNtkbLHfzFRJ8=,tag:YyaUvje5hIf+GqCmjPubfQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -13,14 +13,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw
MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0
V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3
THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4
DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbTJ4Q2lkWnp2Um5ZYjVZ
SjRmU1g2SVd6NCtMZEkyL2hHemlBSGhlMGh3ClVUckVtM3dlYU1IYXNSdVV2Ymd2
U0FSQlJvUkthclRFWnB4ck9FY0lKdVEKLS0tIGZQT1c5VTZEWExGZ3duZEI3cExC
RDA2Rzl4eG5UdVNKRFpFMThtNnl2aE0K7IaaTNZIGTTdck/xPGGYYdZTZBEzGZ3U
iAZLLL+Aons4oSO2NRL7P/Bxx9n6eyXQsYVzo+FkM/Wzz3ReiKaVjA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T23:43:36Z"
mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str]
lastmodified: "2024-06-27T15:57:41Z"
mac: ENC[AES256_GCM,data:OlIN1jNrcc3MWjaeD4IWUYJi+PA+RDf+KgD3XnttSPPqXX7iBwV0tSpoZ4tXsJSfAGzXTauOC3goFWH/uPHDJVyxFt0SrB0+sW4/YN7MPPzxmYo63XkEgA/3fmMSpZkUEitTwZOUGhSVWgHwBXJ6UGGZ0yRqb47w8VlVlbOt6zg=,iv:eZWX5LFA5E0aGCkTuwUbC5hWrzE9LW2ejR7amXsIAEo=,tag:xcUwqLpeS0wtrWmw+D2oWQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

22
badhouseplants/values/secrets.db-instances.yaml
View File

@ -1,8 +1,12 @@
dbinstances:
postgres16-gitea:
secrets:
adminUser: ENC[AES256_GCM,data:vMINVc9s2Es=,iv:Ry5so0+WPntFh6c3nMojw5b4vONdq+Ys5F7256psGaw=,tag:YbWaWwZ5SiYMOSXQ9n9t8A==,type:str]
adminPassword: ENC[AES256_GCM,data:xqlIJgMylef69LEC1M8s16UPCnaPlZuokO+rBPWC11ruBEkBD2FHOEvkCMsGcnPldmQ=,iv:WBO4LFIFGU8q9rWxFYdUac650QxOfmOT0b0PmOsdVZU=,tag:QpFfVINvBkrWW0+pPyj6Og==,type:str]
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str]
adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str]
adminUser: ENC[AES256_GCM,data:NsrkusJt+1c=,iv:MA8vXZRhOeO8XilEgpwiqvoJbNjghTcl4CJmHE5mjR0=,tag:awYDx0rT2HCIm6zDvG5L4w==,type:str]
adminPassword: ENC[AES256_GCM,data:cgEW0YTi5MRgGEVAfCvRjPmzLtzy,iv:I7+VS6pZGUrd9To8+eX7EoIoQg099kaYeWXMXKfkS50=,tag:n9LgvnvSa3JjyB+gwT3lQw==,type:str]
sops:
kms: []
gcp_kms: []
@ -12,14 +16,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl
RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx
Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho
d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq
Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSG10ditaUG8rTlhaVUhs
cXJHQ2JXaW9IalZHN21ZZGQrZzZ1T1FOWlRRCkZOc2JmNDh5M3YzSXNTa3R2U2hj
ckVRVklsRlh1RlFES3JDdjBPSkxVN2sKLS0tIHVzL2VQbnFnUklyamNvN1VmUW5W
d0xSNVM5OWxzbW9YRUE1ZEhZZ3dtR1EKI01GcMKUlu6mU237nGipXghGB/sduRjn
AKpwYgh9IN55ZrDRUsZOHBkded5IlQAwcmbJIjxJi1Ce5XMSQnKF4Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-17T01:05:06Z"
mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str]
lastmodified: "2024-06-28T15:55:32Z"
mac: ENC[AES256_GCM,data:reAQfZlF8N/0BiMFe0ayCzNmHTpPECKSdpTKACA4MFbCu7BHoPJjnn+rOwvonIGoZE2BVQx4pyKjWSLkRyog9EBg2/5VMh+jm5VjgrK5ztbK1RpSQV5pnQaQXDgT7VFAx1WYpg+gfgO2JxA5vHgvRlarjzPp0AJdoo3MmvCoHBg=,iv:S2f8fqMGq76dsGUK4fYLTWcFdv2mMq580Lih79Rfc68=,tag:fOvKeOl/sMFb9bQhHy/GeA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

36
badhouseplants/values/secrets.gitea.yaml
View File

@ -1,23 +1,23 @@
gitea:
admin:
username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str]
password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str]
username: ENC[AES256_GCM,data:rcTmdLge12Q=,iv:NI5oBD3KpfrHmqy4YAfjf2Zw+NJxhqXnFlxy+Ht+TIg=,tag:i58IbKkc/RKQdsESQToCHg==,type:str]
password: ENC[AES256_GCM,data:RJ4jO8+d5zR4s/7QNzw3IdEZw6Q=,iv:e/Uuth+rdWYLxQhdDaKiLV9eGyDh3c2o6ObHsnUT6FQ=,tag:cE/ZNadxTTRt/XW9oYMfaQ==,type:str]
config:
mailer:
PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str]
PASSWD: ENC[AES256_GCM,data:vxpdjf8RmLzi9sfAAl6rWXR9B+A=,iv:n+Yc4d8NJBHx26PSXoI/LMFXlXzWalNuRmNKeV3bPB0=,tag:KTpMNFB8DKneRhWdlG8pEw==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str]
PASSWD: ENC[AES256_GCM,data:Lfhx3j4Q1i9srZ8yQ9PwuOCQz/0q2qo=,iv:MW6XyuG4L/2KjuK5glWMF9nYBlbsAHn0NJqlR0le+Lk=,tag:N3ZBuovYISutMY8SIfvwbg==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str]
PROVIDER_CONFIG: ENC[AES256_GCM,data:oocuP9ddSMRKvsdWKsuc++yNwyy2g4jxhfYSHmXFlE8DB4YN2hcnR8cADunwjr+dmdbUsuazzasCGVJNTn590ftZ4+8T0lDOZlHeQb9MbAXfu6u3J0hw7sKSuzqgDMmFyFP4etfflqzl6nvJjGp8xPv0ZHTaYk8lZSh357VjSg==,iv:/zCwb49eglEN9z5ui61njFHNwliSjgEx8Jf4Nea0rp0=,tag:t3O7Mib4WzdLFWEpDWdJfA==,type:str]
cache:
HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str]
HOST: ENC[AES256_GCM,data:h8WMw/IcWae/rfVv2UeCOSavjmq2P+kiGRA59SGRiSowFnqh57FIoVxLFIiqfsOqt5GrJh5H9WKAawDPsEBRhCdy0ciB0O5t/t7aBWZ4+YV5noWQTvfQB39vqAp3EXGhYAo5qsdEk8x0shFs3LbO0nnrFYggmZbHErsiHsnv1g==,iv:tIm03iYdmwWOQpIOMfUuF+GeAGbtrVgxStn0fzN2TE4=,tag:xo5hB0u/ybwoR38pK5BMqg==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str]
CONN_STR: ENC[AES256_GCM,data:dZNUXJYpGAD9AyFoK9q4r1sawQTJN4Jd8pRn4ArWzgWZlPIqtqsIZyuS/v+JTzLf3ovjEQoBtm1lSBoXrtkWfeny5KmCoWZRvT6/SmBgpO0RjkdSEGwo9GTnWbcgK0uzjg2hQojUKBLkIsxSv9h/ZEGUQ5dSd8Hb+y09hvcGVw==,iv:b0SuaiixzJ719GOShswZqj5qgaHqtjyeKAGbxlo155w=,tag:e5hmBEvZEQ3WTALHkoVUSA==,type:str]
oauth:
- name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str]
provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str]
key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str]
secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str]
- name: ENC[AES256_GCM,data:Zm+sSCp0,iv:aZfvNxE0Y6urfByvpM+oA2CH+zZfFaaRL2KPVu11FQQ=,tag:uRArqbkp7SIebztUS+nDxA==,type:str]
provider: ENC[AES256_GCM,data:EI+yEwyd,iv:QqZObgWEUiXvdMn0VCm/lpzReTIeucWhh5aB8yQ2JeQ=,tag:hD72fCo7+h3LNIlQ3NAcJg==,type:str]
key: ENC[AES256_GCM,data:gM8p5PONOwdM9g+ZvM9INkJY3NI=,iv:ibQyiXIuXPJTmixintxbc/BsMID1vh28QNvdsDbI5Fw=,tag:KGB/MDQRXdAiJ1wauyRs5g==,type:str]
secret: ENC[AES256_GCM,data:Rmgl2K4n1TM1jd25bOM0VmjaM45kHlH9AHMbHCl/zQX7x8BwHG+Jkw==,iv:D9KHktqo7FQJ+tlJLAVlOuceGNKU3eAFSQv8fj8WKWE=,tag:NfTNy8fX3vsF/OgZVQnt+A==,type:str]
sops:
kms: []
gcp_kms: []
@ -27,14 +27,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ
M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5
TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC
OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X
RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5oQmlrdFVQd1VNaHBM
dDlkYWVZR3dQRkxOYlhHek9PRmZZNm1pVXdzCjgvVkpOUnhNZll2QXNiY1Jyenhn
Uk9XSWtiK3FWSzJ0NHV5c3lCdDN1VEkKLS0tIEY2dTNNQS84M2xFeUZETCsxT0Vr
Z1NYdXFpdXlBSzNIeXEzYlNJZXRkZ2sKr5Wifcy7HNLYwhD8rPkHKwsaTZXDm9sn
gJnlmBIzz73oHB0Tw07YiRWkZd3JNgFCuWm03x+F72Yk4QAvUq/q3w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-09T09:32:40Z"
mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str]
lastmodified: "2024-06-28T16:06:23Z"
mac: ENC[AES256_GCM,data:RKe1RMx1A9k2/41QOoQn+TK0dCmSZ0h9jBlkqOWT5lPLzWHJudv7BpZOTgBcHEExmNLYgFJvevUDpwC04ZMrvZ5VCPnlLZbEGzutpYi3/Ieu3Yc/XeWGYUW++yErzzHSP47IA+NxHba2MiBIOWW7txkm+3oUeMbKLLQ5ILvAQyY=,iv:HYpyrOMaa5VrQd/ZtOk47wJoOHjZmMqqazJZ0hQ5wp0=,tag:VNKstOYqHUzpNme3yBtUkQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
badhouseplants/values/secrets.postgres16-gitea.yaml Normal file
View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:4hWLoVdIKbRllUcRcLrnTmn49sZTfT8WJVf7np+eycp1tvPuxvr+1LuZUSFsmBH1l5Q=,iv:5TyazJWw5AeaUPq2uBLu6h5GjGIZzUDosaclTk+0Sp8=,tag:07IYy3U+ZFd3PZ41fN9Wug==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cUM5SnJIZGVXSXJsSkRS
dDZsWWJmODMxQ0JYQUVVNEJ0djhtWjdTNXg4ClYzZ2JFeXZicHRobUt0NHJDcXBn
NkZ2Q2JpaXIzdEUwODlLbUdwaUJiRkUKLS0tIFhMbnFRaHgxTXhXM3lLUEpRb3hS
aHltWVpVMUZQMUxNZlVFb1JEbFdKcVUK1dMISCWCZo+XJTp3ECToue5Q3I9lfGoT
yxVkq+M3UZUkAkJ/dMZBOCqAuaSdCCa1NqN6J3IlFaxGLasEDffHaA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-28T15:56:26Z"
mac: ENC[AES256_GCM,data:EyeLowunCJcO8Gzd314Gjc434g170R56OyGNG4iywfoaCsY6Kd5EJm7PeEPKsLx+f4M5vfxSD+pkJUABa1MALXgveHZXdiINg1MgpcOw02r2lYIN21ywSz/UJKxz0xZsWaJTnCkVfG2aHmOEFAlcm8wtalctzSeI0qB5RvSkJ8U=,iv:K5SEFucGJPPhl5vWIEjc7Ptx3sv44aXw/2PDMKv6H4s=,tag:LZm7C1M6bB++YUbqC3YYPg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

56
badhouseplants/values/values.authentik.yaml Normal file
View File

@ -0,0 +1,56 @@
---
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: authentik-postgres16
instance: postgres16
credentials:
host: "{{ .Hostname }}"
username: "{{ .Username }}"
password: "{{ .Password }}"
database: "{{ .Database }}"
authentik:
postgresql:
host: file:///postgres-creds/host
user: file:///postgres-creds/username
password: file:///postgres-creds/password
name: file:///postgres-creds/database
secret_key: "TKSzEEQnu$^GKtHDMSVb!&Z8f5EuwTxC&^EZXeRKXWf%Vk53w5"
# This sends anonymous usage-data, stack traces on errors and
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
error_reporting:
enabled: false
redis:
enabled: true
server:
ingress:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
enabled: true
hosts:
- authentik.badhouseplants.net
tls:
- secretName: authentik-tls-secret
hosts:
- authentik.badhouseplants.net
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
readOnly: true
worker:
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
readOnly: true

10
badhouseplants/values/values.db-instances.yaml
View File

@ -1,5 +1,15 @@
---
dbinstances:
postgres16-gitea:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-gitea-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-gitea-postgresql.databases.svc.cluster.local
port: 5432
postgres16:
monitoring:
enabled: false

1
badhouseplants/values/values.funkwhale.yaml
View File

@ -33,6 +33,7 @@ celery:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"

29
badhouseplants/values/values.gitea.yaml
View File

@ -1,4 +1,12 @@
---
traefik:
enabled: true
tcpRoutes:
- name: gitea-ssh
service: gitea-ssh
match: HostSNI(`*`)
entrypoint: ssh
port: 22
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
@ -6,7 +14,7 @@
ext-database:
enabled: true
name: gitea-postgres16
instance: postgres16
instance: postgres16-gitea
# ------------------------------------------
# -- Kubernetes related values
@ -19,6 +27,7 @@ ingress:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- host: git.badhouseplants.net
paths:
@ -33,11 +42,11 @@ clusterDomain: cluster.local
resources:
limits:
cpu: 300m
memory: 512Mi
cpu: 512m
memory: 1024Mi
requests:
cpu: 50m
memory: 128Mi
cpu: 512m
memory: 256Mi
persistence:
enabled: true
@ -57,9 +66,9 @@ gitea:
config:
database:
DB_TYPE: postgres
HOST: postgres16-postgresql.database-service.svc.cluster.local
NAME: gitea-service-gitea-postgres16
USER: gitea-service-gitea-postgres16
HOST: postgres16-gitea-postgresql.databases.svc.cluster.local
NAME: applications-gitea-postgres16
USER: applications-gitea-postgres16
APP_NAME: Bad Houseplants Gitea
ui:
meta:
@ -105,10 +114,12 @@ gitea:
SMTP_PORT: 587
USER: overlord@badhouseplants.net
indexer:
REPO_INDEXER_ENABLED: true
REPO_INDEXER_ENABLED: false
REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/**
picture:
ENABLE_FEDERATED_AVATAR: false
service:
ssh:
type: ClusterIP

29
badhouseplants/values/values.mailu.yaml
View File

@ -1,4 +1,4 @@
---
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
@ -57,14 +57,17 @@ traefik:
subnet: 10.244.0.0/16
sessionCookieSecure: true
hostnames:
- badhouseplants.net
- email.badhouseplants.net
extraTls:
- hosts:
- badhouseplants.net
secretName: mailu-root-domain
domain: badhouseplants.net
persistence:
single_pvc: false
limits:
messageRatelimit:
value: "10/day"
value: "100/day"
tls:
outboundLevel: secure
ingress:
@ -76,12 +79,18 @@ ingress:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
tlsFlavorOverride: mail
realIpFrom: traefik.kube-system.svc.cluster.local
realIpHeader: "X-Real-IP"
# realIpFrom: traefik.kube-system.svc.cluster.local
# realIpHeader: "X-Real-IP"
front:
hostPort:
enabled: false
extraEnvVars:
- name: PROXY_PROTOCOL
value: "mail"
- name: REAL_IP_FROM
value: "10.244.0.0/16,10.43.0.0/16"
admin:
resources:
requests:
@ -89,7 +98,15 @@ admin:
cpu: 70m
limits:
memory: 700Mi
cpu: 400m
cpu: 600m
startupProbe:
enabled: true
failureThreshold: 10
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
persistence:
size: 1Gi
redis:

2
badhouseplants/values/values.minio.yaml
View File

@ -28,6 +28,7 @@ ingress:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- s3.badhouseplants.net
@ -44,6 +45,7 @@ consoleIngress:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- minio.badhouseplants.net

6
badhouseplants/values/values.namespaces.yaml
View File

@ -12,7 +12,6 @@ namespaces:
- name: gitea-service
- name: funkwhale-application
- name: database-service
- name: mail-service
- name: vaultwarden-application
- name: woodpecker-ci
- name: openvpn-service
@ -21,3 +20,8 @@ namespaces:
istio-injection: enabled
- name: badhouseplants-preview
- name: kube-services
- name: databases
- name: applications
- name: development
- name: devops
- name: games

35
badhouseplants/values/values.postgres16-gitea.yaml Normal file
View File

@ -0,0 +1,35 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false
primary:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 256Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

8
badhouseplants/values/values.postgres16.yaml
View File

@ -9,6 +9,14 @@ persistence:
metrics:
enabled: false
primary:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 512m
ephemeral-storage: 50Mi
memory: 128Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always

2
badhouseplants/values/values.traefik.yaml
View File

@ -4,7 +4,7 @@ service:
spec:
externalTrafficPolicy: Local
ports:
git-ssh:
ssh:
port: 22
expose:
default: true

1
badhouseplants/values/values.vaultwarden.yaml
View File

@ -64,6 +64,7 @@ vaultwarden:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"

1
badhouseplants/values/values.vaultwardentest.yaml
View File

@ -43,6 +43,7 @@ ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""

1
badhouseplants/values/values.woodpecker-ci.yaml
View File

@ -26,6 +26,7 @@ server:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- host: ci.badhouseplants.net
paths:

1
badhouseplants/values/values.zot.yaml
View File

@ -2,6 +2,7 @@ ingress:
enabled: true
className: ~
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"

2
common/values.database.yaml
View File

@ -19,7 +19,7 @@ ext-database:
templates:
{{- range $key, $value := .Values.credentials }}
- name: {{ $key }}
template: {{ $value }}
template: {{ $value | quote }}
secret: true
{{- end }}
{{- end }}

2
common/values.tcp-route.yaml
View File

@ -15,6 +15,6 @@ traefik:
- match: {{ .match }}
services:
- name: {{ .service }}
nativeLB: false
nativeLB: true
port: {{ .port }}
{{- end }}

50
releases.yaml
View File

@ -251,26 +251,7 @@ templates:
# ----------------------------
# -- Drone
# ----------------------------
drone-common:
labels:
bundle: drone
drone: &drone
name: drone
chart: drone/drone
version: 0.6.5
inherit:
- template: default-env-values
- template: default-env-secrets
- template: drone-common
drone-runner-docker: &drone-runner-docker
name: drone-runner-docker
chart: drone/drone-runner-docker
version: 0.6.2
inherit:
- template: default-env-values
- template: default-env-secrets
- template: drone-common
woodpecker-ci: &woodpecker-ci
name: woodpecker-ci
@ -304,6 +285,7 @@ templates:
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-tcp-routes
- template: ext-database
funkwhale: &funkwhale
@ -326,15 +308,27 @@ templates:
redis: &redis
name: redis
chart: bitnami/redis
version: 19.5.3
version: 19.6.0
inherit:
- template: default-env-values
- template: default-env-secrets
postgres16: &postgres16
labels:
bundle: postgres
name: postgres16
chart: bitnami/postgresql
version: 15.5.5
version: 15.5.11
inherit:
- template: default-env-values
- template: default-env-secrets
postgres16-gitea: &postgres16-gitea
labels:
bundle: postgres
name: postgres16-gitea
chart: bitnami/postgresql
version: 15.5.11
inherit:
- template: default-env-values
- template: default-env-secrets
@ -363,7 +357,7 @@ templates:
docker-mailserver: &docker-mailserver
name: docker-mailserver
chart: allanger-gitea/docker-mailserver
version: 2.3.1
version: 2.4.0
inherit:
- template: default-env-values
- template: ext-tcp-routes
@ -393,7 +387,8 @@ templates:
mailu: &mailu
name: mailu
chart: mailu/mailu
version: 1.5.0
namespace: applications
version: 2.0.0
inherit:
- template: default-env-values
- template: default-env-secrets
@ -462,3 +457,12 @@ templates:
inherit:
- template: default-env-values
authentik: &authentik
name: authentik
chart: goauthentik/authentik
version: 2024.6.0
namespace: applications
createNamespace: false
inherit:
- template: default-env-values
- template: ext-database

6
repositories.yaml
View File

@ -31,8 +31,8 @@ repositories:
url: https://constin.github.io/vaultwarden-helm/
- name: db-operator
url: https://db-operator.github.io/charts
# - name: allanger-gitea
# url: https://git.badhouseplants.net/api/packages/allanger/helm
#- name: allanger-gitea
# url: https://git.badhouseplants.net/api/packages/allanger/helm
- name: badhouseplants
url: https://badhouseplants.github.io/helm-charts/
- name: woodpecker
@ -63,3 +63,5 @@ repositories:
url: https://traefik.github.io/charts
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26
- name: goauthentik
url: https://charts.goauthentik.io/

4
scripts/migrate_postgres.sh
View File

@ -2,12 +2,16 @@
export PGHOST=$OLD_PGHOST
export PGPASSWORD=$OLD_PGPASSWORD
export PGDATABASE=$OLD_PGDATABASE
export PGPORT=$OLD_PGPORT
export PGUSER=$OLD_PGUSER
DUMP_FILE=/tmp/$PGDATABASE.dump
pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
export PGHOST=$NEW_PGHOST
export PGPASSWORD=$NEW_PGPASSWORD
export PGDATABASE=$NEW_PGDATABASE
export PGPORT=$NEW_PGPORT
export PGUSER=$NEW_PGUSER
pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""