Compare commits
2 Commits
add-depend
...
fix-check-
| Author | SHA1 | Date | |
|---|---|---|---|
| 9d43635ef6 | |||
| 240400097f |
@ -93,9 +93,10 @@ type: docker
|
||||
name: Check helmfiles
|
||||
trigger:
|
||||
event:
|
||||
- cron
|
||||
cron:
|
||||
- daily
|
||||
# - cron
|
||||
- push
|
||||
# cron:
|
||||
# - daily
|
||||
|
||||
steps:
|
||||
- name: Check badhouseplants
|
||||
@ -105,6 +106,8 @@ steps:
|
||||
SOPS_AGE_KEY:
|
||||
from_secret: SOPS_AGE_KEY
|
||||
commands:
|
||||
- helmfile -e badhouseplants fetch
|
||||
- helmfile -e badhouseplants list
|
||||
- echo "Hey, bud, some helm releases are outdated:" > message_file.tpl
|
||||
- cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl
|
||||
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
# ----------------------------------------------
|
||||
# -- Check da helm pipeline
|
||||
# ----------------------------------------------
|
||||
when:
|
||||
- event: cron
|
||||
cron: nightly
|
||||
steps:
|
||||
check badhouseplants:
|
||||
image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable
|
||||
secrets:
|
||||
- sops_age_key
|
||||
environment:
|
||||
RUST_LOG: info
|
||||
commands:
|
||||
- cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html
|
||||
notification:
|
||||
image: deblan/woodpecker-email
|
||||
settings:
|
||||
from: woody@badhouseplants.net
|
||||
host: badhouseplants.net
|
||||
skip_verify: true
|
||||
no_starttls: false
|
||||
username:
|
||||
from_secret: smtp_username
|
||||
password:
|
||||
from_secret: smtp_password
|
||||
recipients:
|
||||
- allanger@badhouseplants.net
|
||||
subject: CDH result
|
||||
target: main
|
||||
recipients_only: true
|
||||
attachment: result.html
|
||||
when:
|
||||
- status: [success, failure]
|
||||
@ -1,29 +0,0 @@
|
||||
when:
|
||||
event: push
|
||||
matrix:
|
||||
ENVIRONMENT:
|
||||
- badhouseplants
|
||||
- etersoft
|
||||
steps:
|
||||
diff:
|
||||
image: ghcr.io/helmfile/helmfile:canary
|
||||
secrets: [sops_age_key, kubeconfig_content]
|
||||
when:
|
||||
- branch:
|
||||
exclude:
|
||||
- main
|
||||
commands:
|
||||
- mkdir $HOME/.kube
|
||||
- echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
|
||||
- helmfile -e $ENVIRONMENT diff --suppress-secrets
|
||||
apply:
|
||||
image: ghcr.io/helmfile/helmfile:canary
|
||||
secrets: [sops_age_key, kubeconfig_content]
|
||||
when:
|
||||
- branch:
|
||||
include:
|
||||
- main
|
||||
commands:
|
||||
- mkdir $HOME/.kube
|
||||
- echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
|
||||
- helmfile -e $ENVIRONMENT apply
|
||||
@ -48,17 +48,17 @@ releases:
|
||||
createNamespace: true
|
||||
|
||||
- <<: *loki
|
||||
installed: true
|
||||
installed: false
|
||||
namespace: monitoring-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *promtail
|
||||
installed: true
|
||||
installed: false
|
||||
namespace: monitoring-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *bitwarden
|
||||
installed: false
|
||||
installed: true
|
||||
namespace: bitwarden-application
|
||||
createNamespace: true
|
||||
|
||||
@ -67,7 +67,7 @@ releases:
|
||||
namespace: database-service
|
||||
createNamespace: true
|
||||
|
||||
- <<: *postgres16
|
||||
- <<: *postgres
|
||||
installed: true
|
||||
namespace: database-service
|
||||
createNamespace: true
|
||||
@ -83,29 +83,10 @@ releases:
|
||||
createNamespace: true
|
||||
|
||||
- <<: *mysql
|
||||
installed: false
|
||||
installed: true
|
||||
namespace: database-service
|
||||
createNamespace: true
|
||||
|
||||
- <<: *docker-mailserver
|
||||
installed: true
|
||||
namespace: mail-service
|
||||
createNamespace: true
|
||||
|
||||
- <<: *istio-gateway-resources
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *vaultwarden
|
||||
createNamespace: true
|
||||
installed: true
|
||||
namespace: vaultwarden-application
|
||||
|
||||
- <<: *woodpecker-ci
|
||||
installed: true
|
||||
namespace: woodpecker-ci
|
||||
createNamespace: true
|
||||
|
||||
bases:
|
||||
- ../environments.yaml
|
||||
|
||||
@ -1,7 +1,5 @@
|
||||
env:
|
||||
ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str]
|
||||
smtp:
|
||||
password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -17,8 +15,8 @@ sops:
|
||||
dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1
|
||||
amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-15T12:20:48Z"
|
||||
mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str]
|
||||
lastmodified: "2023-07-16T18:40:43Z"
|
||||
mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.7.3
|
||||
@ -3,10 +3,6 @@ dbinstances:
|
||||
secrets:
|
||||
adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str]
|
||||
adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str]
|
||||
postgres16:
|
||||
secrets:
|
||||
adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str]
|
||||
adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str]
|
||||
mysql:
|
||||
secrets:
|
||||
adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str]
|
||||
@ -26,8 +22,8 @@ sops:
|
||||
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
|
||||
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-04T02:28:20Z"
|
||||
mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str]
|
||||
lastmodified: "2023-07-30T15:07:28Z"
|
||||
mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.0
|
||||
version: 3.7.3
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str]
|
||||
postgresql:
|
||||
auth:
|
||||
password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str]
|
||||
redis:
|
||||
auth:
|
||||
password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str]
|
||||
@ -20,8 +20,8 @@ sops:
|
||||
dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA
|
||||
GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-04T18:47:37Z"
|
||||
mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str]
|
||||
lastmodified: "2023-07-29T20:22:20Z"
|
||||
mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.0
|
||||
version: 3.7.3
|
||||
|
||||
@ -4,9 +4,9 @@ gitea:
|
||||
password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str]
|
||||
config:
|
||||
mailer:
|
||||
PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str]
|
||||
ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool]
|
||||
database:
|
||||
PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str]
|
||||
PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str]
|
||||
session:
|
||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str]
|
||||
cache:
|
||||
@ -33,8 +33,8 @@ sops:
|
||||
Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
|
||||
WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-15T09:58:05Z"
|
||||
mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str]
|
||||
lastmodified: "2023-07-29T20:30:31Z"
|
||||
mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.7.3
|
||||
|
||||
@ -1,24 +0,0 @@
|
||||
global:
|
||||
postgresql:
|
||||
auth:
|
||||
postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
|
||||
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
|
||||
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
|
||||
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
|
||||
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-04T02:27:48Z"
|
||||
mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.0
|
||||
@ -1,27 +0,0 @@
|
||||
vaultwarden:
|
||||
smtp:
|
||||
username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str]
|
||||
password:
|
||||
value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str]
|
||||
adminToken:
|
||||
value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo
|
||||
WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3
|
||||
dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a
|
||||
U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT
|
||||
HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-25T19:33:37Z"
|
||||
mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
@ -1,23 +0,0 @@
|
||||
env:
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str]
|
||||
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1
|
||||
RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz
|
||||
ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0
|
||||
SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY
|
||||
870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-05T08:06:51Z"
|
||||
mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.0
|
||||
@ -1,27 +0,0 @@
|
||||
server:
|
||||
env:
|
||||
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str]
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str]
|
||||
agent:
|
||||
env:
|
||||
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5
|
||||
QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn
|
||||
bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4
|
||||
WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8
|
||||
ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-18T17:43:53Z"
|
||||
mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
@ -7,7 +7,7 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: argocd-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
gateway: badhouseplants-net
|
||||
kind: http
|
||||
hostname: argo.badhouseplants.net
|
||||
service: argocd-server
|
||||
|
||||
@ -7,7 +7,7 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: bitwarden-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
gateway: badhouseplants-net
|
||||
kind: http
|
||||
hostname: bitwarden.badhouseplants.net
|
||||
service: bitwarden-vaultwarden
|
||||
@ -17,24 +17,21 @@ istio:
|
||||
pathType: Prefix
|
||||
|
||||
env:
|
||||
|
||||
SIGNUPS_ALLOWED: false
|
||||
DOMAIN: "https://bitwarden.badhouseplants.net"
|
||||
# YUBICO_CLIENT_ID
|
||||
# YUBICO_SECRET_KEY
|
||||
# DATA_FOLDER
|
||||
# DATABASE_URL
|
||||
# ATTACHMENTS_FOLDER
|
||||
# ICON_CACHE_FOLDER
|
||||
# ROCKET_LIMITS
|
||||
# ROCKET_WORKERS
|
||||
WEB_VAULT_ENABLED: true
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 800Mi
|
||||
storageClass: longhorn
|
||||
|
||||
smtp:
|
||||
host: badhouseplants.net
|
||||
security: "starttls"
|
||||
port: 587
|
||||
from: bitwarden@badhouseplants.net
|
||||
fromName: bitwarden
|
||||
username:
|
||||
value: overlord@badhouseplants.net
|
||||
authMechanism: "Plain"
|
||||
acceptInvalidHostnames: "false"
|
||||
acceptInvalidCerts: "false"
|
||||
storageClass: longhorn
|
||||
@ -10,16 +10,6 @@ dbinstances:
|
||||
generic:
|
||||
host: postgres-postgresql
|
||||
port: 5432
|
||||
postgres16:
|
||||
monitoring:
|
||||
enabled: false
|
||||
adminSecretRef:
|
||||
Name: postgres16-secret
|
||||
Namespace: database-service
|
||||
engine: postgres
|
||||
generic:
|
||||
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||
port: 5432
|
||||
mysql:
|
||||
monitoring:
|
||||
enabled: false
|
||||
|
||||
@ -1,129 +0,0 @@
|
||||
istio-gateway:
|
||||
enabled: true
|
||||
gateways:
|
||||
- name: badhouseplants-email
|
||||
servers:
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: smtp
|
||||
number: 25
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: pop3
|
||||
number: 110
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: imap
|
||||
number: 143
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: smtps
|
||||
number: 465
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: submission
|
||||
number: 587
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: imaps
|
||||
number: 993
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: pop3s
|
||||
number: 995
|
||||
protocol: TCP
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: docker-mailserver-smpt
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
service: docker-mailserver
|
||||
hostname: badhouseplants.net
|
||||
port_match: 25
|
||||
port: 25
|
||||
- name: docker-mailserver-smpts
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 465
|
||||
hostname: badhouseplants.net
|
||||
service: docker-mailserver
|
||||
port: 465
|
||||
- name: docker-mailserver-smpt-startls
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
hostname: badhouseplants.net
|
||||
port_match: 587
|
||||
service: docker-mailserver
|
||||
port: 587
|
||||
- name: docker-mailserver-imap
|
||||
kind: tcp
|
||||
hostname: badhouseplants.net
|
||||
gateway: badhouseplants-email
|
||||
port_match: 143
|
||||
service: docker-mailserver
|
||||
port: 143
|
||||
- name: docker-mailserver-imaps
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
hostname: badhouseplants.net
|
||||
port_match: 993
|
||||
service: docker-mailserver
|
||||
port: 993
|
||||
- name: docker-mailserver-pop3
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 110
|
||||
hostname: badhouseplants.net
|
||||
service: docker-mailserver
|
||||
port: 110
|
||||
- name: docker-mailserver-pop3s
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 993
|
||||
hostname: badhouseplants.net
|
||||
service: docker-mailserver
|
||||
port: 993
|
||||
- name: docker-mailserver-rainloop
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: mail.badhouseplants.net
|
||||
service: docker-mailserver-rainloop
|
||||
port: 80
|
||||
|
||||
rainloop:
|
||||
enabled: true
|
||||
ingress:
|
||||
enabled: false
|
||||
demoMode:
|
||||
enabled: false
|
||||
domains:
|
||||
- badhouseplants.net
|
||||
- mail.badhouseplants.net
|
||||
ssl:
|
||||
issuer:
|
||||
name: badhouseplants-issuer
|
||||
kind: ClusterIssuer
|
||||
dnsname: badhouseplants.net
|
||||
dns01provider: cloudflare
|
||||
useExisting: false
|
||||
pod:
|
||||
dockermailserver:
|
||||
enable_fail2ban: "0"
|
||||
ssl_type: manual
|
||||
service:
|
||||
type: ClusterIP
|
||||
spfTestsDisabled: true
|
||||
@ -6,7 +6,7 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: drone-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
gateway: badhouseplants-net
|
||||
kind: http
|
||||
hostname: drone.badhouseplants.net
|
||||
service: drone
|
||||
|
||||
@ -7,7 +7,7 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: funkwhale-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
gateway: badhouseplants-net
|
||||
kind: http
|
||||
hostname: funkwhale.badhouseplants.net
|
||||
service: funkwhale
|
||||
@ -15,8 +15,8 @@ istio:
|
||||
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: funkwhale-postgres16
|
||||
instance: postgres16
|
||||
name: funkwhale-postgres
|
||||
instance: postgres
|
||||
|
||||
replicaCount: 1
|
||||
celery:
|
||||
@ -43,10 +43,10 @@ ingress:
|
||||
enabled: false
|
||||
postgresql:
|
||||
enabled: false
|
||||
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||
host: postgres-postgresql.database-service.svc.cluster.local
|
||||
auth:
|
||||
username: funkwhale-application-funkwhale-postgres16
|
||||
database: funkwhale-application-funkwhale-postgres16
|
||||
username: funkwhale-application-funkwhale-postgres
|
||||
database: funkwhale-application-funkwhale-postgres
|
||||
|
||||
redis:
|
||||
enabled: false
|
||||
|
||||
@ -8,13 +8,13 @@ istio:
|
||||
istio:
|
||||
- name: gitea-http
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
gateway: badhouseplants-net
|
||||
hostname: git.badhouseplants.net
|
||||
service: gitea-http
|
||||
port: 3000
|
||||
- name: gitea-ssh
|
||||
kind: tcp
|
||||
gateway: istio-system/badhouseplants-ssh
|
||||
gateway: badhouseplants-ssh
|
||||
hostname: "*"
|
||||
port_match: 22
|
||||
service: gitea-ssh
|
||||
@ -25,8 +25,8 @@ istio:
|
||||
# ------------------------------------------
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: gitea-postgres16
|
||||
instance: postgres16
|
||||
name: gitea-postgres
|
||||
instance: postgres
|
||||
# ------------------------------------------
|
||||
# -- Kubernetes related values
|
||||
# ------------------------------------------
|
||||
@ -43,7 +43,7 @@ resources:
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
size: 6Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
|
||||
@ -61,9 +61,9 @@ gitea:
|
||||
config:
|
||||
database:
|
||||
DB_TYPE: postgres
|
||||
HOST: postgres16-postgresql.database-service.svc.cluster.local
|
||||
NAME: gitea-service-gitea-postgres16
|
||||
USER: gitea-service-gitea-postgres16
|
||||
HOST: postgres-postgresql.database-service.svc.cluster.local
|
||||
NAME: gitea-service-gitea-postgres
|
||||
USER: gitea-service-gitea-postgres
|
||||
APP_NAME: Bad Houseplants Gitea
|
||||
ui:
|
||||
meta:
|
||||
@ -101,18 +101,6 @@ gitea:
|
||||
ADAPTER: redis
|
||||
queue:
|
||||
TYPE: redis
|
||||
mailer:
|
||||
ENABLED: true
|
||||
FROM: gitea@badhouseplants.net
|
||||
PROTOCOL: smtp+startls
|
||||
SMTP_ADDR: badhouseplants.net
|
||||
SMTP_PORT: 587
|
||||
USER: overlord@badhouseplants.net
|
||||
indexer:
|
||||
REPO_INDEXER_ENABLED: true
|
||||
REPO_INDEXER_PATH: indexers/repos.bleve
|
||||
MAX_FILE_SIZE: 1048576
|
||||
REPO_INDEXER_EXCLUDE: resources/bin/**
|
||||
service:
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
@ -124,4 +112,4 @@ service:
|
||||
postgresql-ha:
|
||||
enabled: false
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
enabled: false
|
||||
@ -1,88 +0,0 @@
|
||||
certificate:
|
||||
enabled: true
|
||||
certificate:
|
||||
- name: nrodionov-wildcard
|
||||
secretName: nrodionov-wildcard-tls
|
||||
issuer:
|
||||
kind: ClusterIssuer
|
||||
name: badhouseplants-issuer
|
||||
dnsNames:
|
||||
- nrodionov.info
|
||||
- "*.nrodionov.info"
|
||||
- name: badhouseplants-wildcard
|
||||
secretName: badhouseplants-wildcard-tls
|
||||
issuer:
|
||||
kind: ClusterIssuer
|
||||
name: badhouseplants-issuer
|
||||
dnsNames:
|
||||
- badhouseplants.net
|
||||
- "*.badhouseplants.net"
|
||||
istio-gateway:
|
||||
enabled: true
|
||||
gateways:
|
||||
- name: badhouseplants-net
|
||||
servers:
|
||||
- hosts:
|
||||
- badhouseplants.net
|
||||
- '*.badhouseplants.net'
|
||||
port:
|
||||
name: http
|
||||
number: 80
|
||||
protocol: HTTP2
|
||||
tls:
|
||||
httpsRedirect: true
|
||||
- hosts:
|
||||
- badhouseplants.net
|
||||
- '*.badhouseplants.net'
|
||||
port:
|
||||
name: https
|
||||
number: 443
|
||||
protocol: HTTPS
|
||||
tls:
|
||||
credentialName: badhouseplants-wildcard-tls
|
||||
mode: SIMPLE
|
||||
- name: nrodionov-info
|
||||
servers:
|
||||
- hosts:
|
||||
- nrodionov.info
|
||||
- dev.nrodionov.info
|
||||
port:
|
||||
name: http
|
||||
number: 80
|
||||
protocol: HTTP2
|
||||
tls:
|
||||
httpsRedirect: true
|
||||
- hosts:
|
||||
- nrodionov.info
|
||||
- dev.nrodionov.info
|
||||
port:
|
||||
name: https
|
||||
number: 443
|
||||
protocol: HTTPS
|
||||
tls:
|
||||
credentialName: nrodionov-wildcard-tls
|
||||
mode: SIMPLE
|
||||
- name: badhouseplants-vpn
|
||||
servers:
|
||||
- hosts:
|
||||
- '*'
|
||||
port:
|
||||
name: tcp
|
||||
number: 1194
|
||||
protocol: TCP
|
||||
- name: badhouseplants-ssh
|
||||
servers:
|
||||
- hosts:
|
||||
- '*'
|
||||
port:
|
||||
name: ssh
|
||||
number: 22
|
||||
protocol: TCP
|
||||
- name: badhouseplants-minecraft
|
||||
servers:
|
||||
- hosts:
|
||||
- '*'
|
||||
port:
|
||||
name: minecraft
|
||||
number: 25565
|
||||
protocol: TCP
|
||||
@ -1,3 +1,4 @@
|
||||
---
|
||||
service:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
|
||||
@ -1,22 +1,11 @@
|
||||
---
|
||||
singleBinary:
|
||||
replicas: 1
|
||||
persistence:
|
||||
size: 5Gi
|
||||
loki:
|
||||
auth_enabled: false
|
||||
commonConfig:
|
||||
replication_factor: 1
|
||||
storage:
|
||||
type: 'filesystem'
|
||||
monitoring:
|
||||
selfMonitoring:
|
||||
enabled: false
|
||||
lokiCanary:
|
||||
enabled: false
|
||||
test:
|
||||
enabled: false
|
||||
compactor:
|
||||
retention_enabled: true
|
||||
limits_config:
|
||||
retention_period: 14d
|
||||
retention_period: 2d
|
||||
|
||||
@ -21,7 +21,7 @@ istio:
|
||||
kind: http
|
||||
gateway: badhouseplants-net
|
||||
hostname: email.badhouseplants.net
|
||||
service: mailu-fr ont
|
||||
service: mailu-front
|
||||
port: 80
|
||||
# - name: mailu-smpt
|
||||
# kind: tcp
|
||||
|
||||
@ -18,7 +18,7 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: minecraft-tcp
|
||||
gateway: istio-system/badhouseplants-minecraft
|
||||
gateway: badhouseplants-minecraft
|
||||
kind: tcp
|
||||
port_match: 25565
|
||||
hostname: "*"
|
||||
@ -110,7 +110,7 @@ mcbackup:
|
||||
# -- Install Plugins
|
||||
# ---------------------------------------------
|
||||
initContainers:
|
||||
- name: 0-install-prometheus-exporter
|
||||
- name: install-prometheus-exporter
|
||||
image: alpine/curl
|
||||
command:
|
||||
- curl
|
||||
@ -122,7 +122,7 @@ initContainers:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
readOnly: false
|
||||
- name: 0-install-password-plugin
|
||||
- name: install-password-plugin
|
||||
image: alpine/curl
|
||||
command:
|
||||
- curl
|
||||
@ -134,7 +134,7 @@ initContainers:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
readOnly: false
|
||||
- name: 0-install-gravity-control-plugin
|
||||
- name: install-gravity-control-plugin
|
||||
image: alpine/curl
|
||||
command:
|
||||
- curl
|
||||
@ -146,29 +146,6 @@ initContainers:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
readOnly: false
|
||||
- name: 0-install-fast-minecart-plugin
|
||||
image: alpine/curl
|
||||
command:
|
||||
- curl
|
||||
- -L
|
||||
- https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar
|
||||
- -o
|
||||
- /data/plugins/FastMinecarts.jar
|
||||
volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
- name: 1-add-plugins-to-minecraft
|
||||
image: alpine/curl
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- cp -r /in /out/plugins
|
||||
volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /in
|
||||
readOnly: false
|
||||
- name: datadir
|
||||
mountPath: /out
|
||||
extraVolumes:
|
||||
- volumeMounts:
|
||||
- name: plugins
|
||||
|
||||
@ -7,13 +7,13 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: minio-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
gateway: badhouseplants-net
|
||||
kind: http
|
||||
hostname: minio.badhouseplants.net
|
||||
service: minio-console
|
||||
port: 9001
|
||||
- name: s3-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
gateway: badhouseplants-net
|
||||
kind: http
|
||||
hostname: s3.badhouseplants.net
|
||||
service: minio
|
||||
@ -64,6 +64,11 @@ buckets:
|
||||
- name: allanger-music
|
||||
policy: download
|
||||
purge: false
|
||||
versioning: false
|
||||
- name: badhouseplants-brew
|
||||
policy: download
|
||||
purge: false
|
||||
versioning: false
|
||||
metrics:
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
|
||||
@ -7,7 +7,7 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: nrodionov-http
|
||||
gateway: istio-system/nrodionov-info
|
||||
gateway: nrodionov-info
|
||||
kind: http
|
||||
hostname: dev.nrodionov.info
|
||||
service: nrodionov-wordpress
|
||||
|
||||
@ -7,12 +7,19 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: openvpn-tcp
|
||||
gateway: istio-system/badhouseplants-vpn
|
||||
gateway: badhouseplants-vpn
|
||||
kind: tcp
|
||||
port_match: 1194
|
||||
hostname: "*"
|
||||
service: openvpn
|
||||
port: 1194
|
||||
- name: openvpn-tcp-fake-port
|
||||
gateway: badhouseplants-vpn
|
||||
kind: tcp
|
||||
port_match: 25
|
||||
hostname: "*"
|
||||
service: openvpn
|
||||
port: 1194
|
||||
# ------------------------------------------
|
||||
image:
|
||||
tag: v2.6.5-xor-4.0.0beta08
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
architecture: standalone
|
||||
|
||||
auth:
|
||||
database: postgres
|
||||
|
||||
persistence:
|
||||
size: 1Gi
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
@ -7,7 +7,7 @@ istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: grafana-https
|
||||
gateway: istio-system/badhouseplants-net
|
||||
gateway: badhouseplants-net
|
||||
kind: http
|
||||
hostname: "grafana.badhouseplants.net"
|
||||
service: prometheus-grafana
|
||||
@ -64,8 +64,7 @@ defaultRules:
|
||||
prometheus:
|
||||
prometheusSpec:
|
||||
enableAdminAPI: true
|
||||
retentionSize: 7GB
|
||||
retention: 20d
|
||||
retentionSize: 10GB
|
||||
podMonitorNamespaceSelector:
|
||||
any: true
|
||||
podMonitorSelector: {}
|
||||
@ -84,7 +83,7 @@ prometheus:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 12Gi
|
||||
storage: 10Gi
|
||||
|
||||
grafana:
|
||||
persistence:
|
||||
|
||||
@ -3,9 +3,3 @@ config:
|
||||
clients:
|
||||
# - url: http://loki.monitoring-system:3100
|
||||
- url: http://loki-gateway/loki/api/v1/push
|
||||
snippets:
|
||||
pipelineStages:
|
||||
- match:
|
||||
pipeline_name: "drop-all"
|
||||
selector: '{namespace!~"mail-service|woodpecker"}'
|
||||
action: drop
|
||||
|
||||
@ -1,11 +1,7 @@
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
secretAnnotations:
|
||||
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
|
||||
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
|
||||
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application"
|
||||
architecture: standalone
|
||||
master:
|
||||
persistence:
|
||||
enabled: false
|
||||
enabled: false
|
||||
@ -1,63 +0,0 @@
|
||||
---
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: vaultwarden-http
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: vault.badhouseplants.net
|
||||
service: vaultwarden
|
||||
port: 8080
|
||||
# ------------------------------------------
|
||||
# -- Database extension is used to manage
|
||||
# -- database with db-operator
|
||||
# ------------------------------------------
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: vaultwarden-postgres16
|
||||
instance: postgres16
|
||||
service:
|
||||
port: 8080
|
||||
vaultwarden:
|
||||
smtp:
|
||||
host: badhouseplants.net
|
||||
security: "starttls"
|
||||
port: 587
|
||||
from: vaultwarden@badhouseplants.net
|
||||
fromName: Vault Warden
|
||||
authMechanism: "Plain"
|
||||
acceptInvalidHostnames: "false"
|
||||
acceptInvalidCerts: "false"
|
||||
debug: false
|
||||
domain: https://vault.badhouseplants.net
|
||||
websocket:
|
||||
enabled: true
|
||||
address: "0.0.0.0"
|
||||
port: 3012
|
||||
rocket:
|
||||
port: "8080"
|
||||
workers: "10"
|
||||
webVaultEnabled: "true"
|
||||
signupsAllowed: false
|
||||
invitationsAllowed: true
|
||||
signupDomains: "https://vault.badhouseplants.com"
|
||||
signupsVerify: "true"
|
||||
showPassHint: "false"
|
||||
database:
|
||||
existingSecret: vaultwarden-postgres16-creds
|
||||
existingSecretKey: CONNECTION_STRING
|
||||
connectionRetries: 15
|
||||
maxConnections: 10
|
||||
storage:
|
||||
enabled: false
|
||||
size: 1Gi
|
||||
class: default
|
||||
dataDir: /data
|
||||
logging:
|
||||
enabled: false
|
||||
logfile: "/data/vaultwarden.log"
|
||||
loglevel: "warn"
|
||||
@ -1,56 +0,0 @@
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: woodpecker-server-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
kind: http
|
||||
hostname: ci.badhouseplants.net
|
||||
service: woodpecker-ci-server
|
||||
port: 80
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: woodpecker-postgres16
|
||||
instance: postgres16
|
||||
credentials:
|
||||
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
|
||||
server:
|
||||
#image:
|
||||
# registry: git.badhouseplants.net
|
||||
# repository: allanger/woodpecker-server
|
||||
# pullPolicy: Always
|
||||
# tag: icon
|
||||
enabled: true
|
||||
env:
|
||||
WOODPECKER_GITEA: true
|
||||
WOODPECKER_GITEA_URL: https://git.badhouseplants.net
|
||||
WOODPECKER_DATABASE_DRIVER: postgres
|
||||
WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634
|
||||
WOODPECKER_OPEN: true
|
||||
WOODPECKER_ADMIN: "woodpecker,allanger"
|
||||
WOODPECKER_HOST: "https://ci.badhouseplants.net"
|
||||
WOODPECKER_ESCALATE: true
|
||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
|
||||
extraSecretNamesForEnvFrom:
|
||||
- woodpecker-postgres16-creds
|
||||
agent:
|
||||
image:
|
||||
registry: git.badhouseplants.net
|
||||
repository: allanger/woodpecker-agent
|
||||
pullPolicy: Always
|
||||
tag: dev
|
||||
enabled: true
|
||||
extraSecretNamesForEnvFrom: []
|
||||
env:
|
||||
WOODPECKER_SERVER: woodpecker-ci-server:9000
|
||||
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
|
||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
|
||||
serviceAccount:
|
||||
create: true
|
||||
rbac:
|
||||
create: true
|
||||
@ -14,12 +14,3 @@ ext-database:
|
||||
backup:
|
||||
enable: false
|
||||
cron: 0 0 * * *
|
||||
{{- if .Values.credentials }}
|
||||
credentials:
|
||||
templates:
|
||||
{{- range $key, $value := .Values.credentials }}
|
||||
- name: {{ $key }}
|
||||
template: {{ $value }}
|
||||
secret: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
---
|
||||
istio-gateway:
|
||||
templates:
|
||||
- |
|
||||
{{ range .Values.gateways }}
|
||||
---
|
||||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
selector:
|
||||
istio: ingressgateway
|
||||
servers:
|
||||
{{ toYaml .servers | indent 4 }}
|
||||
{{ end }}
|
||||
@ -10,7 +10,7 @@ istio:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
gateways:
|
||||
- "{{ .gateway }}"
|
||||
- "istio-system/{{ .gateway }}"
|
||||
hosts:
|
||||
- {{ .hostname | quote }}
|
||||
{{- if eq .kind "http" }}
|
||||
|
||||
@ -9,8 +9,8 @@ users:
|
||||
oidc:
|
||||
enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool]
|
||||
configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str]
|
||||
clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str]
|
||||
clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str]
|
||||
clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str]
|
||||
clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str]
|
||||
claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str]
|
||||
redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str]
|
||||
comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str]
|
||||
@ -31,8 +31,8 @@ sops:
|
||||
UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6
|
||||
vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-04T19:00:41Z"
|
||||
mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str]
|
||||
lastmodified: "2023-03-26T11:56:18Z"
|
||||
mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.7.3
|
||||
|
||||
@ -73,8 +73,6 @@ policies:
|
||||
- 'arn:aws:s3:::longhorn'
|
||||
- 'arn:aws:s3:::restic/*'
|
||||
- 'arn:aws:s3:::restic'
|
||||
- 'arn:aws:s3:::etcd/*'
|
||||
- 'arn:aws:s3:::etcd'
|
||||
actions:
|
||||
- "s3:DeleteObject"
|
||||
- "s3:GetObject"
|
||||
@ -89,10 +87,6 @@ buckets:
|
||||
policy: none
|
||||
purge: false
|
||||
versioning: false
|
||||
- name: etcd
|
||||
policy: none
|
||||
versioning: false
|
||||
purge: false
|
||||
metrics:
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
|
||||
@ -14,8 +14,6 @@ istio:
|
||||
service: openvpn
|
||||
port: 1194
|
||||
|
||||
image:
|
||||
tag: v2.6.5-xor-4.0.0beta08
|
||||
storage:
|
||||
class: microk8s-hostpath
|
||||
size: 5Gi
|
||||
|
||||
@ -8,9 +8,13 @@ bases:
|
||||
releases:
|
||||
- <<: *metrics-server
|
||||
installed: true
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istio-base
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istio-gateway
|
||||
installed: true
|
||||
@ -24,6 +28,8 @@ releases:
|
||||
|
||||
- <<: *cert-manager
|
||||
installed: true
|
||||
namespace: cert-manager
|
||||
createNamespace: false
|
||||
|
||||
- <<: *minio
|
||||
installed: true
|
||||
@ -37,10 +43,7 @@ releases:
|
||||
|
||||
- <<: *metallb
|
||||
installed: true
|
||||
|
||||
- <<: *reflector
|
||||
installed: true
|
||||
namespace: reflector-system
|
||||
namespace: metallb-system
|
||||
createNamespace: true
|
||||
|
||||
helmfiles:
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: namespace-manager
|
||||
subjects:
|
||||
- kind: User
|
||||
name: badhousplants
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: namespace-manager
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
@ -1,8 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: namespace-manager
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get", "watch", "list", "create", "delete"]
|
||||
0
message_file.tpl
Normal file
0
message_file.tpl
Normal file
128
releases.yaml
128
releases.yaml
@ -41,14 +41,6 @@ templates:
|
||||
# ----------------------------
|
||||
# -- Extensions
|
||||
# ----------------------------
|
||||
ext-istio-gateway:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: istio-gateway
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
|
||||
|
||||
ext-istio-resource:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -82,9 +74,9 @@ templates:
|
||||
|
||||
ext-database:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: ext-database
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: ext-database
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'
|
||||
# ----------------------------
|
||||
@ -96,46 +88,37 @@ templates:
|
||||
name: metrics-server
|
||||
chart: metrics-server/metrics-server
|
||||
version: 3.11.0
|
||||
namespace: kube-system
|
||||
createNamespace: true
|
||||
values:
|
||||
- common/values.{{ .Release.Name }}.yaml
|
||||
|
||||
metallb: &metallb
|
||||
name: metallb
|
||||
chart: metallb/metallb
|
||||
version: 0.13.12
|
||||
namespace: metallb-system
|
||||
createNamespace: true
|
||||
version: 0.13.11
|
||||
|
||||
cert-manager: &cert-manager
|
||||
name: cert-manager
|
||||
chart: jetstack/cert-manager
|
||||
version: 1.13.3
|
||||
namespace: cert-manager
|
||||
createNamespace: true
|
||||
version: 1.13.0
|
||||
set:
|
||||
- name: installCRDs
|
||||
value: true
|
||||
|
||||
longhorn: &longhorn
|
||||
name: longhorn
|
||||
chart: longhorn/longhorn
|
||||
version: 1.5.3
|
||||
version: 1.5.1
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
argocd: &argocd
|
||||
name: argocd
|
||||
chart: argo/argo-cd
|
||||
version: 5.51.6
|
||||
version: 5.46.7
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
# -------------------------------------------------------------------
|
||||
# -- Monitoring
|
||||
# -------------------------------------------------------------------
|
||||
|
||||
monitoring-common:
|
||||
labels:
|
||||
bundle: monitoring
|
||||
@ -143,7 +126,7 @@ templates:
|
||||
prometheus: &prometheus
|
||||
name: prometheus
|
||||
chart: prometheus-community/kube-prometheus-stack
|
||||
version: 55.3.1
|
||||
version: 51.2.0
|
||||
inherit:
|
||||
- template: monitoring-common
|
||||
- template: default-env-values
|
||||
@ -154,7 +137,7 @@ templates:
|
||||
loki: &loki
|
||||
name: loki
|
||||
chart: grafana/loki
|
||||
version: 5.41.1
|
||||
version: 5.23.0
|
||||
inherit:
|
||||
- template: monitoring-common
|
||||
- template: default-env-values
|
||||
@ -162,7 +145,7 @@ templates:
|
||||
promtail: &promtail
|
||||
name: promtail
|
||||
chart: grafana/promtail
|
||||
version: 6.15.3
|
||||
version: 6.15.2
|
||||
inherit:
|
||||
- template: monitoring-common
|
||||
- template: default-env-values
|
||||
@ -170,11 +153,9 @@ templates:
|
||||
# -- Istio
|
||||
# ----------------------------
|
||||
istio-common:
|
||||
version: 1.20.1
|
||||
labels:
|
||||
bundle: istio
|
||||
namespace: istio-system
|
||||
createNamespace: true
|
||||
version: 1.19.0
|
||||
|
||||
istio-base: &istio-base
|
||||
name: istio-base
|
||||
@ -186,26 +167,13 @@ templates:
|
||||
istio-gateway: &istio-gateway
|
||||
name: istio-ingressgateway
|
||||
chart: istio/gateway
|
||||
needs:
|
||||
- istio-system/istio-base
|
||||
inherit:
|
||||
- template: istio-common
|
||||
- template: default-env-values
|
||||
|
||||
istio-gateway-resources: &istio-gateway-resources
|
||||
name: istio-gateway-resources
|
||||
chart: bedag/raw
|
||||
version: 2.0.0
|
||||
inherit:
|
||||
- template: ext-istio-gateway
|
||||
- template: ext-certificate
|
||||
- template: default-env-values
|
||||
|
||||
istiod: &istiod
|
||||
name: istiod
|
||||
chart: istio/istiod
|
||||
needs:
|
||||
- istio-system/istio-base
|
||||
inherit:
|
||||
- template: istio-common
|
||||
- template: default-env-values
|
||||
@ -216,7 +184,7 @@ templates:
|
||||
openvpn: &openvpn
|
||||
name: openvpn
|
||||
chart: allanger-gitea/openvpn
|
||||
version: 1.0.7
|
||||
version: 1.0.6
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-istio-resource
|
||||
@ -239,26 +207,16 @@ templates:
|
||||
drone-runner-docker: &drone-runner-docker
|
||||
name: drone-runner-docker
|
||||
chart: drone/drone-runner-docker
|
||||
version: 0.6.2
|
||||
version: 0.6.1
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: drone-common
|
||||
|
||||
woodpecker-ci: &woodpecker-ci
|
||||
name: woodpecker-ci
|
||||
chart: woodpecker/woodpecker
|
||||
version: 1.0.1
|
||||
inherit:
|
||||
- template: ext-database
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
nrodionov: &nrodionov
|
||||
name: nrodionov
|
||||
chart: bitnami/wordpress
|
||||
version: 18.1.24
|
||||
version: 17.1.11
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -268,7 +226,7 @@ templates:
|
||||
minio: &minio
|
||||
name: minio
|
||||
chart: minio/minio
|
||||
version: 5.0.14
|
||||
version: 5.0.13
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -277,7 +235,7 @@ templates:
|
||||
minecraft: &minecraft
|
||||
name: minecraft
|
||||
chart: minecraft-server-charts/minecraft
|
||||
version: 4.12.0
|
||||
version: 4.10.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -286,7 +244,7 @@ templates:
|
||||
gitea: &gitea
|
||||
name: gitea
|
||||
chart: gitea/gitea
|
||||
version: 9.6.1
|
||||
version: 9.4.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -296,13 +254,23 @@ templates:
|
||||
funkwhale: &funkwhale
|
||||
name: funkwhale
|
||||
chart: ananace-charts/funkwhale
|
||||
version: 2.0.5
|
||||
version: 2.0.3
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
mailu: &mailu
|
||||
name: mailu
|
||||
chart: mailu/mailu
|
||||
version: 1.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-certificate
|
||||
|
||||
bitwarden: &bitwarden
|
||||
name: bitwarden
|
||||
chart: bitwarden/vaultwarden
|
||||
@ -315,15 +283,15 @@ templates:
|
||||
redis: &redis
|
||||
name: redis
|
||||
chart: bitnami/redis
|
||||
version: 18.5.0
|
||||
version: 18.1.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
postgres16: &postgres16
|
||||
name: postgres16
|
||||
postgres: &postgres
|
||||
name: postgres
|
||||
chart: bitnami/postgresql
|
||||
version: 13.2.24
|
||||
version: 12.12.7
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -331,12 +299,12 @@ templates:
|
||||
db-operator: &db-operator
|
||||
name: db-operator
|
||||
chart: db-operator/db-operator
|
||||
version: 1.14.1
|
||||
version: 1.11.0
|
||||
|
||||
db-instances: &db-instances
|
||||
name: db-instances
|
||||
chart: db-operator/db-instances
|
||||
version: 2.1.1
|
||||
version: 1.4.2
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -344,31 +312,7 @@ templates:
|
||||
mysql: &mysql
|
||||
name: mysql
|
||||
chart: bitnami/mysql
|
||||
version: 9.14.4
|
||||
version: 9.12.3
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
docker-mailserver: &docker-mailserver
|
||||
name: docker-mailserver
|
||||
chart: allanger-gitea/docker-mailserver
|
||||
version: 2.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-istio-gateway
|
||||
- template: ext-istio-resource
|
||||
|
||||
vaultwarden: &vaultwarden
|
||||
name: vaultwarden
|
||||
chart: badhouseplants/vaultwarden
|
||||
version: 1.0.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
reflector: &reflector
|
||||
name: reflector
|
||||
chart: emberstack/reflector
|
||||
version: 7.1.216
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
---
|
||||
repositories:
|
||||
- name: metrics-server
|
||||
url: https://kubernetes-sigs.github.io/metrics-server/
|
||||
@ -34,12 +35,4 @@ repositories:
|
||||
- name: db-operator
|
||||
url: https://db-operator.github.io/charts
|
||||
- name: allanger-gitea
|
||||
url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||
- name: badhouseplants
|
||||
url: https://badhouseplants.github.io/helm-charts/
|
||||
- name: woodpecker
|
||||
url: https://woodpecker-ci.org
|
||||
- name: firefly-iii
|
||||
url: https://firefly-iii.github.io/kubernetes/
|
||||
- name: emberstack
|
||||
url: https://emberstack.github.io/helm-charts
|
||||
url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
#!/bin/bash
|
||||
export PGHOST=$OLD_PGHOST
|
||||
export PGPASSWORD=$OLD_PGPASSWORD
|
||||
export PGDATABASE=$OLD_PGDATABASE
|
||||
DUMP_FILE=/tmp/$PGDATABASE.dump
|
||||
pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
|
||||
|
||||
export PGHOST=$NEW_PGHOST
|
||||
export PGPASSWORD=$NEW_PGPASSWORD
|
||||
export PGDATABASE=$NEW_PGDATABASE
|
||||
pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
|
||||
|
||||
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
|
||||
psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
|
||||
psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
|
||||
|
||||
rm -f /tmp/output
|
||||
|
||||
psql -c "\
|
||||
SELECT format(\
|
||||
'ALTER TABLE %I.%I.%I OWNER TO %I;',\
|
||||
table_catalog,\
|
||||
table_schema,\
|
||||
table_name,\
|
||||
'${PGDATABASE}')\
|
||||
FROM information_schema.tables \
|
||||
WHERE table_schema='public'" | grep ALTER > /tmp/output
|
||||
|
||||
psql -c "\
|
||||
SELECT format(\
|
||||
'ALTER SEQUENCE %I.%I.%I OWNER TO %I;',\
|
||||
sequence_catalog,\
|
||||
sequence_schema,\
|
||||
sequence_name,\
|
||||
'${PGDATABASE}')\
|
||||
FROM information_schema.sequences \
|
||||
WHERE sequence_schema='public'" | grep ALTER >> /tmp/output
|
||||
|
||||
psql -c "$(cat /tmp/output)"
|
||||
Reference in New Issue
Block a user