Compare commits
	
		
			122 Commits
		
	
	
		
			fix-check-
			...
			try-argo-a
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 06c11576f5 | |||
| 60e57f3b45 | |||
| 14dbe234ea | |||
| 697e5f3746 | |||
| d6d93998cb | |||
| 6c83d67c9c | |||
| 10d7936625 | |||
| 21f198b0fa | |||
| 5d4eae3152 | |||
| 262417f1cf | |||
| ff0f34551a | |||
| bcab058394 | |||
| c4dd8bd6e4 | |||
| ba7a32a17f | |||
| a47775d835 | |||
| 8a85d32722 | |||
| 2211d9b388 | |||
| 97117aa3f2 | |||
| 630819f887 | |||
| 773b70bb3a | |||
| e255ee4e99 | |||
| 9b8c729d65 | |||
| c5ade9c28b | |||
| b93d4e0b2b | |||
| cc1cf4e650 | |||
| 3c8f6a243c | |||
| 5b478e594e | |||
| fbf483cfc0 | |||
| a20017c9b7 | |||
| a6b30b3337 | |||
| 4d5ee1f6c5 | |||
| 21ff595d40 | |||
| d67cf1a273 | |||
| 99972808b7 | |||
| 1cb2c5f259 | |||
| f4c9224ae6 | |||
| fb6a016b66 | |||
| 0591ae21ce | |||
| b1f183d712 | |||
| 9c7e44e757 | |||
| 9cf8656ba5 | |||
| 896e939c2d | |||
| 25ea4c4254 | |||
| a95c4a9406 | |||
| 0f533964ea | |||
| 238231bdc8 | |||
| 2c33823d90 | |||
| 5b7fd5117e | |||
| 5236fd1cd7 | |||
| dd6db7b7cd | |||
| aa101786e0 | |||
| 18b8a3ec56 | |||
| 41ff1dadbf | |||
| af37b8011b | |||
| 106c701ce1 | |||
| afed983626 | |||
| e54ea10a13 | |||
| 1a7066aa7d | |||
| fb8a6f55f3 | |||
| 1ddab7a67f | |||
| e2b0647c94 | |||
| 91dfbedf64 | |||
| 04534d43d7 | |||
| 31da33b9d9 | |||
| f9c8716904 | |||
|   | a4a64011e3 | ||
|   | b675368776 | ||
|   | 7365a42479 | ||
|   | cb7188064a | ||
|   | 94f81a9213 | ||
|   | a616f03d71 | ||
|   | 30b59f6daa | ||
|   | 234da9a023 | ||
|   | 9c137f574d | ||
|   | 35599488dd | ||
|   | a9dc7658b9 | ||
|   | 663e29ebef | ||
|   | f94338d176 | ||
|   | f57301153a | ||
|   | 4b364c9c18 | ||
|   | fd7813a840 | ||
|   | c1da28126d | ||
|   | 627f433ff1 | ||
|   | 693169f963 | ||
|   | 4f258d9140 | ||
|   | fb0d11beee | ||
|   | ff64516cf7 | ||
|   | 4412cc5fbd | ||
|   | 76a7c5d4ef | ||
|   | a9bf45dcef | ||
|   | 3a74881b27 | ||
|   | 3a7df6e695 | ||
|   | f4cbb2b5c5 | ||
|   | 654731b7ef | ||
|   | b9954063cb | ||
|   | e18424d98a | ||
|   | f61ffc4161 | ||
|   | 4c55426441 | ||
|   | 4f42d4e73f | ||
|   | fb90882fcc | ||
|   | 164e4b2ffb | ||
|   | cffa11820f | ||
|   | e1ce435597 | ||
|   | 283bcc5cd2 | ||
|   | eed6c898c5 | ||
|   | 45e4555218 | ||
|   | 871ceb8e06 | ||
|   | 5201e2a589 | ||
|   | 63df23af17 | ||
|   | 250ee3ef26 | ||
|   | 212930ec1a | ||
|   | 54a7dad780 | ||
|   | ccaba4e70d | ||
|   | 89df5ff10c | ||
|   | eaf3f3988d | ||
|   | 546d887d98 | ||
|   | 35eae889b2 | ||
|   | bf6685ce6d | ||
|   | 0c7fbbd079 | ||
|   | 548700c1dd | ||
|   | b495f09261 | ||
|   | b2e58102ce | 
| @@ -93,10 +93,9 @@ type: docker | ||||
| name: Check helmfiles | ||||
| trigger: | ||||
|   event: | ||||
|     #    - cron | ||||
|     - push | ||||
|       #  cron: | ||||
|       #    - daily | ||||
|     - cron | ||||
|   cron: | ||||
|     - daily | ||||
|  | ||||
| steps: | ||||
|   - name: Check badhouseplants | ||||
| @@ -106,8 +105,6 @@ steps: | ||||
|       SOPS_AGE_KEY: | ||||
|         from_secret: SOPS_AGE_KEY | ||||
|     commands: | ||||
|       - helmfile -e badhouseplants fetch | ||||
|       - helmfile -e badhouseplants list | ||||
|       - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl | ||||
|       - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl | ||||
|  | ||||
|   | ||||
							
								
								
									
										30
									
								
								.woodpecker/.cdh.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								.woodpecker/.cdh.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,30 @@ | ||||
| # ---------------------------------------------- | ||||
| # -- Check da helm pipeline | ||||
| # ---------------------------------------------- | ||||
| when: | ||||
|   - event: cron | ||||
|     cron: nightly | ||||
| steps: | ||||
|   check badhouseplants: | ||||
|     image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable | ||||
|     secrets: | ||||
|       - sops_age_key | ||||
|     environment: | ||||
|       RUST_LOG: info | ||||
|     commands: | ||||
|       - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html | ||||
|   notification: | ||||
|     image: deblan/woodpecker-email | ||||
|     settings: | ||||
|       dsn: | ||||
|         from_secret: smtp_dsn | ||||
|       from: | ||||
|         address: woody@badhouseplants.net | ||||
|         name: Woody Woodpecker | ||||
|       recipients: | ||||
|         - allanger@badhouseplants.net | ||||
|       subject: CDH result | ||||
|       target: main | ||||
|       attachment: result.html | ||||
|     when: | ||||
|       - status: [success, failure] | ||||
							
								
								
									
										44
									
								
								.woodpecker/.helmfile.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										44
									
								
								.woodpecker/.helmfile.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,44 @@ | ||||
| when: | ||||
|   event: push | ||||
|  | ||||
|  | ||||
| .k8s-limits: &k8s-limits | ||||
|   backend_options: | ||||
|     kubernetes: | ||||
|       resources: | ||||
|         requests: | ||||
|           memory: 1024Mi | ||||
|           cpu: 1000m | ||||
|         limits: | ||||
|           memory: 1512Mi | ||||
|           cpu: 1500m | ||||
|  | ||||
| matrix: | ||||
|   ENVIRONMENT: | ||||
|     - badhouseplants | ||||
|     - etersoft | ||||
| steps: | ||||
|   diff: | ||||
|     <<: *k8s-limits | ||||
|     image: ghcr.io/helmfile/helmfile:canary | ||||
|     secrets: [sops_age_key, kubeconfig_content] | ||||
|     when: | ||||
|       - branch: | ||||
|           exclude: | ||||
|             - main | ||||
|     commands: | ||||
|       - mkdir $HOME/.kube | ||||
|       - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config | ||||
|       - helmfile -e $ENVIRONMENT diff --suppress-secrets | ||||
|   apply: | ||||
|     <<: *k8s-limits | ||||
|     image: ghcr.io/helmfile/helmfile:canary | ||||
|     secrets: [sops_age_key, kubeconfig_content] | ||||
|     when: | ||||
|       - branch: | ||||
|           include: | ||||
|             - main | ||||
|     commands: | ||||
|       - mkdir $HOME/.kube | ||||
|       - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config | ||||
|       - helmfile -e $ENVIRONMENT apply | ||||
							
								
								
									
										4
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								Makefile
									
									
									
									
									
								
							| @@ -1,4 +0,0 @@ | ||||
| create_crb: | ||||
| 	kubectl create clusterrolebinding drone-deployer-workaround \ | ||||
| 		--clusterrole=cluster-admin  \ | ||||
|   	--serviceaccount=drone-service:default | ||||
| @@ -2,4 +2,4 @@ | ||||
| [](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) | ||||
|  | ||||
| # CRD hooks | ||||
| I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will.  | ||||
| I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will.  | ||||
|   | ||||
| @@ -2,24 +2,34 @@ | ||||
| {{ readFile "../releases.yaml" }} | ||||
|  | ||||
| releases: | ||||
|   - <<: *drone | ||||
|     installed: true | ||||
|     namespace: drone-service | ||||
|   - <<: *istio-base | ||||
|     installed: false | ||||
|     namespace: istio-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *drone-runner-docker | ||||
|     installed: true | ||||
|     namespace: drone-service | ||||
|    | ||||
|   - <<: *istiod | ||||
|     installed: false | ||||
|     namespace: istio-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *longhorn | ||||
|   - <<: *namespaces | ||||
|     installed: true | ||||
|     namespace: longhorn-system | ||||
|     createNamespace: false | ||||
|   - <<: *roles | ||||
|     installed: true | ||||
|   - <<: *coredns | ||||
|     installed: true | ||||
|   - <<: *cilium | ||||
|     installed: true | ||||
|   - <<: *authentik  | ||||
|   - <<: *local-path-provisioner | ||||
|   - <<: *mailu | ||||
|   - <<: *zot | ||||
|     installed: true | ||||
|   - <<: *keel | ||||
|   - <<: *traefik | ||||
|  | ||||
|   - <<: *argocd | ||||
|     installed: true | ||||
|     namespace: argo-system | ||||
|     namespace: platform | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *nrodionov | ||||
| @@ -27,14 +37,9 @@ releases: | ||||
|     namespace: nrodionov-application | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *minecraft | ||||
|     installed: true | ||||
|     namespace: minecraft-application | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *gitea | ||||
|     installed: true | ||||
|     namespace: gitea-service | ||||
|     namespace: applications | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *funkwhale | ||||
| @@ -42,23 +47,8 @@ releases: | ||||
|     namespace: funkwhale-application | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *prometheus | ||||
|     installed: true | ||||
|     namespace: monitoring-system | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *loki | ||||
|     installed: false | ||||
|     namespace: monitoring-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *promtail | ||||
|     installed: false | ||||
|     namespace: monitoring-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *bitwarden | ||||
|     installed: true | ||||
|     installed: false | ||||
|     namespace: bitwarden-application | ||||
|     createNamespace: true | ||||
|  | ||||
| @@ -67,11 +57,14 @@ releases: | ||||
|     namespace: database-service | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *postgres | ||||
|   - <<: *postgres16 | ||||
|     installed: true | ||||
|     namespace: database-service | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *postgres16-gitea | ||||
|     namespace: databases | ||||
|     createNamespace: false | ||||
|   - <<: *db-operator | ||||
|     installed: true | ||||
|     namespace: database-service | ||||
| @@ -83,10 +76,39 @@ releases: | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *mysql | ||||
|     installed: true | ||||
|     installed: false | ||||
|     namespace: database-service | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *woodpecker-ci | ||||
|     installed: true | ||||
|     namespace: platform | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *vaultwarden | ||||
|     createNamespace: true | ||||
|     installed: true | ||||
|     namespace: vaultwarden-application | ||||
|    | ||||
|   - <<: *vaultwardentest | ||||
|     createNamespace: false | ||||
|     installed: true | ||||
|     namespace: applications | ||||
|  | ||||
|   - <<: *openvpn-xor | ||||
|     installed: true | ||||
|     namespace: openvpn-service | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *docker-mailserver | ||||
|     installed: false | ||||
|     namespace: applications | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *longhorn | ||||
|     installed: true | ||||
|     namespace: longhorn-system | ||||
|     createNamespace: false | ||||
|  | ||||
| bases: | ||||
|   - ../environments.yaml | ||||
|   | ||||
| @@ -1,10 +1,9 @@ | ||||
| server: | ||||
|     config: | ||||
|         dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] | ||||
| configs: | ||||
|     cm: | ||||
|         dex.config: ENC[AES256_GCM,data:LCLzkdGS1CqPGPCpkf/Zqqk046aUlc1fiptooZnHN6qlJaSa18O2I6/t2sCZ+4V/5nkX5jX8EYpQ+S5gzqwnVdCfmgLNZMXHMM6MtRRvlX3sBxygT8KfQQN/aPb2A/n/sebDYV5P5ykzNAzbGLjJ5fc6Nz/QJTaPIBvHrez5VQZY3NBkP4fXb8gRYD3yw9mA4V0wXlW2sDlPmvnGMcj/RTvJGWhbtX/pWMSaLHBPoAR7wp/sTUDzkcRSvfANimzyXe8B5Zz+Xgo4bUV9T8lr5+rdxAYOlP0deg2lBR7mXr86JqVhLZp2Y8v6DNO3MgBmXzpbkIhg8hc7Tbe6I5+mqIZpIc7YPFJM7DhOB+QFAa3WHhcdwGcIkcECNipMcYDu0KBA1CSLlyVgsQLHPTubEp/8/0kC9HkZt+63dIlmR4IEnGVmUPMYmwym5Palsl3BN1LrTsA4WRIJwG4Ac4jUNCZiNF8rQu7CPa9a/mf+6NdVSJ/L9Gt1THnkzbN8xGK0CyEHWmrJ1drzC61SCfXIHxWMQn9NOegOtBkqjo6AE8KdmBmpqYqZW70t9iWFUN/wjfgwmNSM+JgUOE0s8A0B7oP+YS2gqQvbCmcP5CoPhtFwV4oNj+ZY+0dRjMF0EIh3pTsZUJhMuOK7W/fV3DpNGf7mT0WcrHd3nsgvbu+sijuM9I7ljvBGYJegvva8YP1g6OjJLckvC/nFt8Acfsqb6TaJhsEvpEQgg84Mn9vniW5zNhpIitkQVZ/DjZ0+cw5B8hWWZ65w66Xu0H4IR0RjEyuC8rDjEvdvBlKC22HiBoJvfASBlBrokIxj6YTp6je+xo7FOctmZfMOqm/yeydHJlR3z6NAY1tTnvn8VzLtXqFjwwC8wIoC944HnpZniXc1OAuIH1InIlSm9UC8eP29szuWufwPdInX2W3lE4bcJlmDMk1XxhA3dgh+HBNtZlSOuoG6ZkW/TinWHTx1GWqZ9nXNYbCptBdwCljc2TAmZzW37ZfovnYin5vaPUZQEX4Zq5fuF3YHHediwiVDbLAV2E+P0h2L4qWLFSEDzTXuI+/jsLN2a9TbuDEGBMZ5LL9tk+7A026Hw7yqkNiCjh7sIQ4OmQaIjPAeuKAUBY4jLomLCQOQfDdBbB7XLtpOJPwnM2EW1QVCPKC+WDHG+cv6ha4a4L0zsbS6VJvngfl2YKtZJrzrorBtH/enQuE/PPEal4eBrZ6DDuh0VKmnQbu4mdnrHc+06mMdBEEft3k+D5IoFUgEROoWFQ3DeY11gYCXzt0XMxYBs31S4jdbRmIe7kXsZmtZZPk=,iv:FwR1dU7UqgS9aqpNej3SbBnpAR5bqTwqxrn8SaowZrE=,tag:DlPZlqrfUKfpCZMz4/r1MQ==,type:str] | ||||
|     credentialTemplates: | ||||
|         ssh-creds: | ||||
|             sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] | ||||
|             sshPrivateKey: ENC[AES256_GCM,data:eC93yjQa8Id4Ub69bS5P3MlLKKgt9ZJCIT4vEIsW8yBrq+zvhGmf/sNBL/wmX+mSdxgGpbEuC75Oo0pHZMx7NFgifOIAqbdeSMBj4mw3pJqK4GLPxbEQ4sn07cs/AR1/pvbzPO18cwzrTEgKQdat2RGqJJWNmw/YcWQ9uUGYGyYIK81Mbz28QaeK9SaMAYRPB0Awh/liMVL1oOm1dTsn5BAUvEA7Co0NIcK0CkemKeBUq+WGJDKfmiApa6sWek1F4UB7wbhUR9el2zd2P0TPnuO4HO+B6tRSupQ7honmWFRKkRuC/og6xklTU1W9V/6sRAgG/raHlNwcmWozLrf3TGYSuYWWKQjabvQ9DiKsqcMyMmpisd3H9zkI+GQE0d2ORGTInf8KU6iLaLAzNeO6k1OVkrIw0EMN0fP6hN3bHT7aCHLZwFYkJoWLlRo15MNxNvaut2uCrbt9bN/vlmELLMgUX+7p+xtFhmRngZ8dZ1jO2Geqv3osCPOgspvqOOhvRwomfWxyzonpZTVe6JdH6VO7SV40G0vycMPK4WoqTcoLF845DV0TtdaSdyNea9FK6VDfj7+B2251Sqohs7eu1LlWKvO/58isZvLcCnn2HsTbcvnyJQBnTlwrpmB5U7T1rMINs8qer73eo/GpxoSMuYCcJpjdQCdcADgpIqCN9nWj6A2iidk5QqaHaXGUnV5TsNOmu65/DBgCU7WVqRIiUFC3nPzeALgBscmMCrqYJFB8UushleJsvq9yj9xXlhbYFCp2kmx0kMQG7R8dr0pjDePeVYnqjd8kxaVsQNfsHLohoxIjAHFfekDSnApQju07jPHngODe1SDqc5pxXJ1b1Nonefz80ZZhfFXcCEoUb3Njgr2OIftaeBP0EbOa28OheFxXIPm63d5WsolDPpfX2TiiQfFhxpcAzzHXSdweJfUAjes5AARCoJ0HD66qMkZ8QfbTHJQgBTOH6fqdlJJv2OdaTMhsEA9YZEF9xKdczME1qrCgNJvQdGYid7+uSzHIZyU/c4gxW7BZJdtVZzE0my2DgVYpvj3yhSz94wAUUMUOW1lJLde4zbXpgy+WY2WS4dhlvN9tBBRUgnvrBLizJCXUB75DqABYdkmyjx6STWZB42f2r2o5FasvDcjpsTjgjlujN/eTYTllRTAHlzBIE3BNsl/8w3S82eJX0VqqLvvSokRWplbPsTeoaChNhJdlbLDqVUprRLkU7C6zg7EvFYxiKnZ3KsbtL/0cLbWps7B0Oz9W9Kz2QXK7DYQy5PFovRJvrspdqPI4R4FhtggXvy8Cvj3cb6FS1h8y9d+Uf9JYGB+FvXvcr2b+ZWCEKINvArJ7Aeg7Thd5/9ptTaAxXzUG6QEWajigA5jYahDPSAEv3nLnaTS/YOCstR/uhsyTvi2ggrP2S7LN/l8Sbw1pFVdH+E1JcrVE+MP8+KQtkXLB4ggfVYC6w3OG0zNjOYsy402bLjsdz8SDgXJAedb3B097ODkHt/ZFkH70C3MOTWFrREAnQ3W2TlffJtMYfwG+6uenxu5mQ49kXQIu5qN4NzVKYuK+ly/KWAlC53ldxOeS17EjcKdqptpPadJsysm/jwX/9BFbalYcKSRgHb04pFsaL+AtSEGneqjPQBs2Z1ab7IAwEfw67aR9x7+m8FKmtkpaBzATWyf2OL0aL6dYCZ8B/Fagr9tUXWNsROBeChhiBXp+S/1JK4rsIdUEM2UleIJSjNooSJBHsz24NddfhgeTczawCSeL81OkQy1Qav770IDdFI3kNx2nKsg9d+0si+00e9JczvyaWuwgd4nJdtLevcY87/m0qgpedmyz4GPhOydvY3/07J7NWJ7vGLUqBVsbGqLqqdnXZM0z2DLYrCtwmpv0HuLZbljwsbVm2nQHvhjHrxD43MW1DN22zpAWq08hed+z1E9hBXlo/MCsltXkdW93rb440Zu4HTsPET5P1ZO+gNNIqb0oDMMLj/9WKLUospTR0S73xhRUx8CQF+PP6MP0EO0KeCoz26rY342YPkohAjKWCBhqo/6YkyQMv8VhAfF7QU74AG0F3oyPU1mMnOWavdB27nxFbsBfyVV0ccbmba2+huQmv3Hur+wEjAzHlHdESEbYQLk7efbIzh8zjiHiFHuCY1yvWoiSv0mqipTdqL1bN1yDckidSkZCzny2+PmB3rYdKiyBBmNBWwhFAAWO7EHx1N4D7tZg88pDEZNKQuUsoL1Fi5L+LQX5Y0Wm85v5R/w4OV0QSfkaU4Y1WhVAGlFjjJeDWm6f9jekYAhEL2R9bNcGOS4x17mhp735H9Ukr5lC6Iqa3r+TMaSfHdqPGqXeqpDFsBcja2LyafpiuH5fYOMiQqjRWPy1/1ASWTL/9osN+ZSD9z5cJ+qBDO15VG4DBeRAVU8415wnQf67FM8PD8HbNzdV1wAHY/wNMKbonFoLm9zn3fRDNIeb9HMynXK8i0cxlogRh4OSnysPLawJzmJyBxsiuBoUzw5dMpfrp79UOTmuRutDvtgKkQyR6Ko6qmAPUYnTLvrTSWY9uH7VLXpgwBfKZ+++Tdfo1p+cl1TObBYX4NYywFLy0HO2+I7YRse7MyrVEzEn/vE03E6rWmY/oTuNBREsH9vuJl9rPdiP9KEVL6uoRvsC2wQ6e5ar0TcUyMr96s3MtNTR9ZgXuKqoZrs38+4DTpV0rUhdVXtGKLE+OUH3+yVD+AcCFZ0/CuUz1FDlRdYCrPRD+cWlxKVCrS4aNV1KmdNl5DBE/G4gdf9u4MQoiTItJ6tX22eugJ6/EY366HR+vvh3u5NjhW8uG0KHMtjzSV75uxNC/1v5qeh90oaL+bKKgHBKHbs8zQX4o8Vf6m6zjQOCnPSyWFLVrQciXCDqjVafdI/SLCNxDKfTe0ZQLVzkNcjNK3S7H63E5jq5swPKB8npoZ3atscHgaa46wQgo4QumZdczDxzB/aMmTPpOB4cHydwTSy91Iv6QqjuWxaUdqCNrzMquo5HPKB5IdcsTpeW7iO403Qr/xhB3/eNPWU6LfjWN+hjnTdwt//8B6mOIYSuXY/OguR1XzabcxhqV9XDzuS6qE0iX0+FrZjuoBIdbZGs7hmDtG12/OITOciqcfeVU208SNx5/ROTiJx6XBrIcPdTsKAR2TIq6JG9P35cme9kSuEnJFjBDmvlD267arJ+LV+3MUZmt1qZriRfP4tmdlmkQ59s8QfZVW/L7s5DSWUFgXCpNn6Lazdejj3Ywun1bo62tM3DHcSUdDh3kfskiHEJ1lAuEZtFDJ8EPLMQ1eocowaKAiUJwod8ROih6G6S1qEifOCB1ns67CpQ/flfn3fBKtGiYvKb0993i5PLYuM5Aqs/9vo6QgKc8LHQuKLbNREs/Lvae6jLtzanNjSFIdITOAr1Ktlhp0ZzhnD/tvgkBex3Kx7u7Izlz90nvpG0hw8siXuRNfQTu6zyN+CmxXTS3SJPlQ==,iv:Azu/spL2e3S8phNkdvub23q5EGC32VLNtkbLHfzFRJ8=,tag:YyaUvje5hIf+GqCmjPubfQ==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -14,14 +13,14 @@ sops: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 | ||||
|             MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF | ||||
|             cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 | ||||
|             MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf | ||||
|             pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbTJ4Q2lkWnp2Um5ZYjVZ | ||||
|             SjRmU1g2SVd6NCtMZEkyL2hHemlBSGhlMGh3ClVUckVtM3dlYU1IYXNSdVV2Ymd2 | ||||
|             U0FSQlJvUkthclRFWnB4ck9FY0lKdVEKLS0tIGZQT1c5VTZEWExGZ3duZEI3cExC | ||||
|             RDA2Rzl4eG5UdVNKRFpFMThtNnl2aE0K7IaaTNZIGTTdck/xPGGYYdZTZBEzGZ3U | ||||
|             iAZLLL+Aons4oSO2NRL7P/Bxx9n6eyXQsYVzo+FkM/Wzz3ReiKaVjA== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-03-04T16:16:37Z" | ||||
|     mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] | ||||
|     lastmodified: "2024-06-27T15:57:41Z" | ||||
|     mac: ENC[AES256_GCM,data:OlIN1jNrcc3MWjaeD4IWUYJi+PA+RDf+KgD3XnttSPPqXX7iBwV0tSpoZ4tXsJSfAGzXTauOC3goFWH/uPHDJVyxFt0SrB0+sW4/YN7MPPzxmYo63XkEgA/3fmMSpZkUEitTwZOUGhSVWgHwBXJ6UGGZ0yRqb47w8VlVlbOt6zg=,iv:eZWX5LFA5E0aGCkTuwUbC5hWrzE9LW2ejR7amXsIAEo=,tag:xcUwqLpeS0wtrWmw+D2oWQ==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.7.3 | ||||
|     version: 3.8.1 | ||||
|   | ||||
							
								
								
									
										24
									
								
								badhouseplants/values/secrets.authentik.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								badhouseplants/values/secrets.authentik.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| authentik: | ||||
|     email: | ||||
|         password: ENC[AES256_GCM,data:j5JFI7KqO2dOjl0xi4KhvnF04tc=,iv:/YH+XId24X69lRXrp73ZhKGOcuEtXn/ZvqlJwMTgdRk=,tag:YBh/slhCstFpXxE4y05Viw==,type:str] | ||||
|     secret_key: ENC[AES256_GCM,data:zbs2HX75h3rITd/JRPVa60AhrWgDp/syWFttnadRyDJFFM4/6YFOUhJNcGGQis6Tz5Q=,iv:1iYOTqBU3WHNPBa5TpSwi6+h6IT8Joc6Z4c2UKY7xQ8=,tag:DcRfBP69i17zKFobMA3WFQ==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGK0hPSEY4d3N4QS9aM0h3 | ||||
|             NXRYZ1BMdXozVzdJWmlzWnIySXBwcHVrVUhrClgvRENGTHdJMnVsTjdSN2NseUtT | ||||
|             cjJ0emRObHdXTUhDejhhVEI1U0xvNlkKLS0tIHh2NGhzbGZDMm9ObDVxN1NYYS9u | ||||
|             WlhXbFVQbFZUNFlGWEhoVktxUXRuZUUKJNSS+vhG5McKrxvqCIT9dGivcReZOud7 | ||||
|             HEReDoZcf0+7c4JgnrcT0AvvTR5fHPnfveTkwHym3LHMYbZnIPueig== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2024-06-30T18:36:34Z" | ||||
|     mac: ENC[AES256_GCM,data:djXTiatawc1OuJ5VqfbR8wS2xKrvVZigGLyQa7tx6/zbgcP2yLQJvcYeZj6zHhQasFzaiNbD05Qz+9Td0ysxZuAnajQ+CaulnIOhy/FhaiiQFtqFTR7xEsFIiUBxTPEJkhVNlKTxzjJ1AX2dagiov75otC6jbueQqYTXaGGcdko=,iv:oWbWTUqlM1zQ7zfC5FZkNJJ8RxvM9+fvTWobgJCmLQE=,tag:7Jb9XBBq1OI0ghqOqxiJJA==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
| @@ -1,5 +1,7 @@ | ||||
| env: | ||||
|     ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str] | ||||
| smtp: | ||||
|     password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -15,8 +17,8 @@ sops: | ||||
|             dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1 | ||||
|             amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-07-16T18:40:43Z" | ||||
|     mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str] | ||||
|     lastmodified: "2023-10-15T12:20:48Z" | ||||
|     mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.7.3 | ||||
|     version: 3.8.1 | ||||
|   | ||||
							
								
								
									
										24
									
								
								badhouseplants/values/secrets.chartmuseum.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								badhouseplants/values/secrets.chartmuseum.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| env: | ||||
|     secret: | ||||
|         BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str] | ||||
|         BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2 | ||||
|             OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl | ||||
|             a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY | ||||
|             TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg | ||||
|             H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2024-03-27T08:47:35Z" | ||||
|     mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
| @@ -1,12 +1,12 @@ | ||||
| dbinstances: | ||||
|     postgres: | ||||
|     postgres16-gitea: | ||||
|         secrets: | ||||
|             adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] | ||||
|             adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] | ||||
|     mysql: | ||||
|             adminUser: ENC[AES256_GCM,data:vMINVc9s2Es=,iv:Ry5so0+WPntFh6c3nMojw5b4vONdq+Ys5F7256psGaw=,tag:YbWaWwZ5SiYMOSXQ9n9t8A==,type:str] | ||||
|             adminPassword: ENC[AES256_GCM,data:xqlIJgMylef69LEC1M8s16UPCnaPlZuokO+rBPWC11ruBEkBD2FHOEvkCMsGcnPldmQ=,iv:WBO4LFIFGU8q9rWxFYdUac650QxOfmOT0b0PmOsdVZU=,tag:QpFfVINvBkrWW0+pPyj6Og==,type:str] | ||||
|     postgres16: | ||||
|         secrets: | ||||
|             adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] | ||||
|             adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] | ||||
|             adminUser: ENC[AES256_GCM,data:NsrkusJt+1c=,iv:MA8vXZRhOeO8XilEgpwiqvoJbNjghTcl4CJmHE5mjR0=,tag:awYDx0rT2HCIm6zDvG5L4w==,type:str] | ||||
|             adminPassword: ENC[AES256_GCM,data:cgEW0YTi5MRgGEVAfCvRjPmzLtzy,iv:I7+VS6pZGUrd9To8+eX7EoIoQg099kaYeWXMXKfkS50=,tag:n9LgvnvSa3JjyB+gwT3lQw==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -16,14 +16,14 @@ sops: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 | ||||
|             VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi | ||||
|             bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns | ||||
|             Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 | ||||
|             OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSG10ditaUG8rTlhaVUhs | ||||
|             cXJHQ2JXaW9IalZHN21ZZGQrZzZ1T1FOWlRRCkZOc2JmNDh5M3YzSXNTa3R2U2hj | ||||
|             ckVRVklsRlh1RlFES3JDdjBPSkxVN2sKLS0tIHVzL2VQbnFnUklyamNvN1VmUW5W | ||||
|             d0xSNVM5OWxzbW9YRUE1ZEhZZ3dtR1EKI01GcMKUlu6mU237nGipXghGB/sduRjn | ||||
|             AKpwYgh9IN55ZrDRUsZOHBkded5IlQAwcmbJIjxJi1Ce5XMSQnKF4Q== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-07-30T15:07:28Z" | ||||
|     mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str] | ||||
|     lastmodified: "2024-06-28T15:55:32Z" | ||||
|     mac: ENC[AES256_GCM,data:reAQfZlF8N/0BiMFe0ayCzNmHTpPECKSdpTKACA4MFbCu7BHoPJjnn+rOwvonIGoZE2BVQx4pyKjWSLkRyog9EBg2/5VMh+jm5VjgrK5ztbK1RpSQV5pnQaQXDgT7VFAx1WYpg+gfgO2JxA5vHgvRlarjzPp0AJdoo3MmvCoHBg=,iv:S2f8fqMGq76dsGUK4fYLTWcFdv2mMq580Lih79Rfc68=,tag:fOvKeOl/sMFb9bQhHy/GeA==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.7.3 | ||||
|     version: 3.8.1 | ||||
|   | ||||
| @@ -1,10 +1,10 @@ | ||||
| djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] | ||||
| djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str] | ||||
| postgresql: | ||||
|     auth: | ||||
|         password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str] | ||||
|         password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str] | ||||
| redis: | ||||
|     auth: | ||||
|         password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] | ||||
|         password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -14,14 +14,14 @@ sops: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw | ||||
|             TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL | ||||
|             VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y | ||||
|             dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA | ||||
|             GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty | ||||
|             dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG | ||||
|             SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y | ||||
|             ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC | ||||
|             nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-07-29T20:22:20Z" | ||||
|     mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str] | ||||
|     lastmodified: "2024-02-09T09:33:11Z" | ||||
|     mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.7.3 | ||||
|     version: 3.8.1 | ||||
|   | ||||
| @@ -1,23 +1,23 @@ | ||||
| gitea: | ||||
|     admin: | ||||
|         username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] | ||||
|         password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] | ||||
|         username: ENC[AES256_GCM,data:rcTmdLge12Q=,iv:NI5oBD3KpfrHmqy4YAfjf2Zw+NJxhqXnFlxy+Ht+TIg=,tag:i58IbKkc/RKQdsESQToCHg==,type:str] | ||||
|         password: ENC[AES256_GCM,data:RJ4jO8+d5zR4s/7QNzw3IdEZw6Q=,iv:e/Uuth+rdWYLxQhdDaKiLV9eGyDh3c2o6ObHsnUT6FQ=,tag:cE/ZNadxTTRt/XW9oYMfaQ==,type:str] | ||||
|     config: | ||||
|         mailer: | ||||
|             ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] | ||||
|             PASSWD: ENC[AES256_GCM,data:vxpdjf8RmLzi9sfAAl6rWXR9B+A=,iv:n+Yc4d8NJBHx26PSXoI/LMFXlXzWalNuRmNKeV3bPB0=,tag:KTpMNFB8DKneRhWdlG8pEw==,type:str] | ||||
|         database: | ||||
|             PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str] | ||||
|             PASSWD: ENC[AES256_GCM,data:Lfhx3j4Q1i9srZ8yQ9PwuOCQz/0q2qo=,iv:MW6XyuG4L/2KjuK5glWMF9nYBlbsAHn0NJqlR0le+Lk=,tag:N3ZBuovYISutMY8SIfvwbg==,type:str] | ||||
|         session: | ||||
|             PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] | ||||
|             PROVIDER_CONFIG: ENC[AES256_GCM,data:oocuP9ddSMRKvsdWKsuc++yNwyy2g4jxhfYSHmXFlE8DB4YN2hcnR8cADunwjr+dmdbUsuazzasCGVJNTn590ftZ4+8T0lDOZlHeQb9MbAXfu6u3J0hw7sKSuzqgDMmFyFP4etfflqzl6nvJjGp8xPv0ZHTaYk8lZSh357VjSg==,iv:/zCwb49eglEN9z5ui61njFHNwliSjgEx8Jf4Nea0rp0=,tag:t3O7Mib4WzdLFWEpDWdJfA==,type:str] | ||||
|         cache: | ||||
|             HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] | ||||
|             HOST: ENC[AES256_GCM,data:h8WMw/IcWae/rfVv2UeCOSavjmq2P+kiGRA59SGRiSowFnqh57FIoVxLFIiqfsOqt5GrJh5H9WKAawDPsEBRhCdy0ciB0O5t/t7aBWZ4+YV5noWQTvfQB39vqAp3EXGhYAo5qsdEk8x0shFs3LbO0nnrFYggmZbHErsiHsnv1g==,iv:tIm03iYdmwWOQpIOMfUuF+GeAGbtrVgxStn0fzN2TE4=,tag:xo5hB0u/ybwoR38pK5BMqg==,type:str] | ||||
|         queue: | ||||
|             CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] | ||||
|             CONN_STR: ENC[AES256_GCM,data:dZNUXJYpGAD9AyFoK9q4r1sawQTJN4Jd8pRn4ArWzgWZlPIqtqsIZyuS/v+JTzLf3ovjEQoBtm1lSBoXrtkWfeny5KmCoWZRvT6/SmBgpO0RjkdSEGwo9GTnWbcgK0uzjg2hQojUKBLkIsxSv9h/ZEGUQ5dSd8Hb+y09hvcGVw==,iv:b0SuaiixzJ719GOShswZqj5qgaHqtjyeKAGbxlo155w=,tag:e5hmBEvZEQ3WTALHkoVUSA==,type:str] | ||||
|     oauth: | ||||
|         - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] | ||||
|           provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] | ||||
|           key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] | ||||
|           secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] | ||||
|         - name: ENC[AES256_GCM,data:Zm+sSCp0,iv:aZfvNxE0Y6urfByvpM+oA2CH+zZfFaaRL2KPVu11FQQ=,tag:uRArqbkp7SIebztUS+nDxA==,type:str] | ||||
|           provider: ENC[AES256_GCM,data:EI+yEwyd,iv:QqZObgWEUiXvdMn0VCm/lpzReTIeucWhh5aB8yQ2JeQ=,tag:hD72fCo7+h3LNIlQ3NAcJg==,type:str] | ||||
|           key: ENC[AES256_GCM,data:gM8p5PONOwdM9g+ZvM9INkJY3NI=,iv:ibQyiXIuXPJTmixintxbc/BsMID1vh28QNvdsDbI5Fw=,tag:KGB/MDQRXdAiJ1wauyRs5g==,type:str] | ||||
|           secret: ENC[AES256_GCM,data:Rmgl2K4n1TM1jd25bOM0VmjaM45kHlH9AHMbHCl/zQX7x8BwHG+Jkw==,iv:D9KHktqo7FQJ+tlJLAVlOuceGNKU3eAFSQv8fj8WKWE=,tag:NfTNy8fX3vsF/OgZVQnt+A==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -27,14 +27,14 @@ sops: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 | ||||
|             QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu | ||||
|             LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 | ||||
|             Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN | ||||
|             WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5oQmlrdFVQd1VNaHBM | ||||
|             dDlkYWVZR3dQRkxOYlhHek9PRmZZNm1pVXdzCjgvVkpOUnhNZll2QXNiY1Jyenhn | ||||
|             Uk9XSWtiK3FWSzJ0NHV5c3lCdDN1VEkKLS0tIEY2dTNNQS84M2xFeUZETCsxT0Vr | ||||
|             Z1NYdXFpdXlBSzNIeXEzYlNJZXRkZ2sKr5Wifcy7HNLYwhD8rPkHKwsaTZXDm9sn | ||||
|             gJnlmBIzz73oHB0Tw07YiRWkZd3JNgFCuWm03x+F72Yk4QAvUq/q3w== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-07-29T20:30:31Z" | ||||
|     mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str] | ||||
|     lastmodified: "2024-06-28T16:06:23Z" | ||||
|     mac: ENC[AES256_GCM,data:RKe1RMx1A9k2/41QOoQn+TK0dCmSZ0h9jBlkqOWT5lPLzWHJudv7BpZOTgBcHEExmNLYgFJvevUDpwC04ZMrvZ5VCPnlLZbEGzutpYi3/Ieu3Yc/XeWGYUW++yErzzHSP47IA+NxHba2MiBIOWW7txkm+3oUeMbKLLQ5ILvAQyY=,iv:HYpyrOMaa5VrQd/ZtOk47wJoOHjZmMqqazJZ0hQ5wp0=,tag:VNKstOYqHUzpNme3yBtUkQ==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.7.3 | ||||
|     version: 3.8.1 | ||||
|   | ||||
| @@ -1,21 +1,21 @@ | ||||
| secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str] | ||||
| secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str] | ||||
| initialAccount: | ||||
|     enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool] | ||||
|     username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] | ||||
|     domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] | ||||
|     password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str] | ||||
|     enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool] | ||||
|     username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str] | ||||
|     domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str] | ||||
|     password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str] | ||||
| postgresql: | ||||
|     auth: | ||||
|         password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] | ||||
|         postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str] | ||||
|         password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str] | ||||
|         postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str] | ||||
|     secretKeys: | ||||
|         adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str] | ||||
|         replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str] | ||||
|         userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str] | ||||
|         adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str] | ||||
|         replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str] | ||||
|         userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str] | ||||
| global: | ||||
|     database: | ||||
|         roundcube: | ||||
|             password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str] | ||||
|             password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -25,14 +25,14 @@ sops: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw | ||||
|             YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh | ||||
|             b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv | ||||
|             RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp | ||||
|             QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS | ||||
|             L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu | ||||
|             Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj | ||||
|             aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i | ||||
|             l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-04-28T08:37:51Z" | ||||
|     mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str] | ||||
|     lastmodified: "2024-02-04T09:30:41Z" | ||||
|     mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.7.3 | ||||
|     version: 3.8.1 | ||||
|   | ||||
| @@ -1,28 +0,0 @@ | ||||
| minecraftServer: | ||||
|     rcon: | ||||
|         password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] | ||||
| mcbackup: | ||||
|     resticEnvs: | ||||
|         RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] | ||||
|         AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] | ||||
|         AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 | ||||
|             MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF | ||||
|             cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 | ||||
|             MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf | ||||
|             pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-08-15T15:32:19Z" | ||||
|     mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.7.3 | ||||
							
								
								
									
										24
									
								
								badhouseplants/values/secrets.postgres16-gitea.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								badhouseplants/values/secrets.postgres16-gitea.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| global: | ||||
|     postgresql: | ||||
|         auth: | ||||
|             postgresPassword: ENC[AES256_GCM,data:4hWLoVdIKbRllUcRcLrnTmn49sZTfT8WJVf7np+eycp1tvPuxvr+1LuZUSFsmBH1l5Q=,iv:5TyazJWw5AeaUPq2uBLu6h5GjGIZzUDosaclTk+0Sp8=,tag:07IYy3U+ZFd3PZ41fN9Wug==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cUM5SnJIZGVXSXJsSkRS | ||||
|             dDZsWWJmODMxQ0JYQUVVNEJ0djhtWjdTNXg4ClYzZ2JFeXZicHRobUt0NHJDcXBn | ||||
|             NkZ2Q2JpaXIzdEUwODlLbUdwaUJiRkUKLS0tIFhMbnFRaHgxTXhXM3lLUEpRb3hS | ||||
|             aHltWVpVMUZQMUxNZlVFb1JEbFdKcVUK1dMISCWCZo+XJTp3ECToue5Q3I9lfGoT | ||||
|             yxVkq+M3UZUkAkJ/dMZBOCqAuaSdCCa1NqN6J3IlFaxGLasEDffHaA== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2024-06-28T15:56:26Z" | ||||
|     mac: ENC[AES256_GCM,data:EyeLowunCJcO8Gzd314Gjc434g170R56OyGNG4iywfoaCsY6Kd5EJm7PeEPKsLx+f4M5vfxSD+pkJUABa1MALXgveHZXdiINg1MgpcOw02r2lYIN21ywSz/UJKxz0xZsWaJTnCkVfG2aHmOEFAlcm8wtalctzSeI0qB5RvSkJ8U=,iv:K5SEFucGJPPhl5vWIEjc7Ptx3sv44aXw/2PDMKv6H4s=,tag:LZm7C1M6bB++YUbqC3YYPg==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
							
								
								
									
										24
									
								
								badhouseplants/values/secrets.postgres16.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								badhouseplants/values/secrets.postgres16.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| global: | ||||
|     postgresql: | ||||
|         auth: | ||||
|             postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 | ||||
|             VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi | ||||
|             bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns | ||||
|             Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 | ||||
|             OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-10-04T02:27:48Z" | ||||
|     mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.0 | ||||
							
								
								
									
										22
									
								
								badhouseplants/values/secrets.tandoor.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								badhouseplants/values/secrets.tandoor.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | ||||
| env: | ||||
|     SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB | ||||
|             d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV | ||||
|             YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM | ||||
|             NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz | ||||
|             qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2024-01-06T15:16:21Z" | ||||
|     mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
							
								
								
									
										27
									
								
								badhouseplants/values/secrets.vaultwarden.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								badhouseplants/values/secrets.vaultwarden.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| vaultwarden: | ||||
|     smtp: | ||||
|         username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str] | ||||
|         password: | ||||
|             value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str] | ||||
|     adminToken: | ||||
|         value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr | ||||
|             R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C | ||||
|             M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI | ||||
|             a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS | ||||
|             hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2024-01-30T18:44:39Z" | ||||
|     mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
							
								
								
									
										27
									
								
								badhouseplants/values/secrets.vaultwardentest.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								badhouseplants/values/secrets.vaultwardentest.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| vaultwarden: | ||||
|     smtp: | ||||
|         username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] | ||||
|         password: | ||||
|             value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] | ||||
|     adminToken: | ||||
|         value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr | ||||
|             R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C | ||||
|             M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI | ||||
|             a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS | ||||
|             hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2024-06-06T15:15:43Z" | ||||
|     mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
							
								
								
									
										23
									
								
								badhouseplants/values/secrets.woodpecker-agent.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								badhouseplants/values/secrets.woodpecker-agent.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| env: | ||||
|     WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str] | ||||
|     WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1 | ||||
|             RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz | ||||
|             ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0 | ||||
|             SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY | ||||
|             870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-10-05T08:06:51Z" | ||||
|     mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.0 | ||||
							
								
								
									
										27
									
								
								badhouseplants/values/secrets.woodpecker-ci.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								badhouseplants/values/secrets.woodpecker-ci.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| server: | ||||
|     env: | ||||
|         WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str] | ||||
|         WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str] | ||||
| agent: | ||||
|     env: | ||||
|         WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5 | ||||
|             QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn | ||||
|             bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4 | ||||
|             WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8 | ||||
|             ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-11-18T17:43:53Z" | ||||
|     mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
							
								
								
									
										23
									
								
								badhouseplants/values/secrets.zot.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								badhouseplants/values/secrets.zot.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| configFiles: | ||||
|     config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str] | ||||
| authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0 | ||||
|             NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du | ||||
|             RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB | ||||
|             M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp | ||||
|             VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2024-05-05T17:37:17Z" | ||||
|     mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
| @@ -1,18 +1,4 @@ | ||||
| --- | ||||
| # ------------------------------------------ | ||||
| # -- Istio extenstion. Just because I'm | ||||
| # --  not using ingress nginx | ||||
| # ------------------------------------------ | ||||
| istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: argocd-http | ||||
|       gateway: badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: argo.badhouseplants.net | ||||
|       service: argocd-server | ||||
|       port: 80 | ||||
|  | ||||
| controller: | ||||
|   resources: | ||||
|     limits: | ||||
| @@ -48,32 +34,35 @@ dex: | ||||
|     enabled: false | ||||
|     serviceMonitor: | ||||
|       enabled: false | ||||
|  | ||||
| redis: | ||||
|   metrics: | ||||
|     enabled: false | ||||
|     serviceMonitor: | ||||
|       enabled: false | ||||
|  | ||||
| global: | ||||
|   domain: argo.badhouseplants.net | ||||
|  | ||||
| server: | ||||
|   ingress: | ||||
|     enabled: true | ||||
|     annotations: | ||||
|       kubernetes.io/tls-acme: "true" | ||||
|       kubernetes.io/ingress.allow-http: "false" | ||||
|       kubernetes.io/ingress.global-static-ip-name: "" | ||||
|       cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|     ingressClassName: traefik | ||||
|     tls: true | ||||
|   metrics: | ||||
|     enabled: true | ||||
|     serviceMonitor: | ||||
|       enabled: false | ||||
|   rbacConfig: | ||||
|     policy.default: role:readonly | ||||
|     scopes: "[email, group]" | ||||
|     policy.csv: | | ||||
|       g, allanger@zohomail.com, role:admin | ||||
|       g, rodion.n.rodionov@gmail.com, role:admin | ||||
|       p, drone, applications, *, badhouseplants/*,allow | ||||
|   config: | ||||
|     exec.enabled: "true" | ||||
|     url: https://argo.badhouseplants.net | ||||
|     kustomize.buildOptions: "--enable-alpha-plugins" | ||||
|     accounts.drone: apiKey, login | ||||
|     accounts.drone.enabled: "true" | ||||
|  | ||||
|   extraArgs: | ||||
|     - --insecure | ||||
|   servicePort: | ||||
|     servicePortHttp: 80 | ||||
|     servicePortHttps: 80 | ||||
|  | ||||
| repoServer: | ||||
|   metrics: | ||||
| @@ -85,6 +74,22 @@ repoServer: | ||||
|     - name: regcred | ||||
|  | ||||
| configs: | ||||
|   params: | ||||
|     server.insecure: true | ||||
|   rbac: | ||||
|     policy.default: role:readonly | ||||
|     scopes: "[email, group]" | ||||
|     policy.csv: | | ||||
|       g, allanger@zohomail.com, role:admin | ||||
|       g, allanger@badhouseplants.net, role:admin | ||||
|       g, rodion.n.rodionov@gmail.com, role:admin | ||||
|       p, drone, applications, *, badhouseplants/*,allow | ||||
|   cm: | ||||
|     exec.enabled: "true" | ||||
|     url: https://argo.badhouseplants.net | ||||
|     kustomize.buildOptions: "--enable-alpha-plugins" | ||||
|     accounts.drone: apiKey, login | ||||
|     accounts.drone.enabled: "true" | ||||
|   credentialTemplates: | ||||
|     ssh-creds: | ||||
|       url: git@github.com | ||||
|   | ||||
							
								
								
									
										64
									
								
								badhouseplants/values/values.authentik.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								badhouseplants/values/values.authentik.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | ||||
| --- | ||||
| # ------------------------------------------ | ||||
| # -- Database extension is used to manage | ||||
| # --  database with db-operator | ||||
| # ------------------------------------------ | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   name: authentik-postgres16 | ||||
|   instance: postgres16 | ||||
|   credentials: | ||||
|     host: "{{ .Hostname }}" | ||||
|     username: "{{ .Username }}" | ||||
|     password: "{{ .Password }}" | ||||
|     database: "{{ .Database }}" | ||||
| authentik: | ||||
|   email: | ||||
|     host: email.badhouseplants.net | ||||
|     port: 587 | ||||
|     username: bot@badhouseplants.net | ||||
|     use_tls: false | ||||
|     use_ssl: false | ||||
|     timeout: 30 | ||||
|     from: bot@badhouseplants.net | ||||
|   postgresql: | ||||
|     host: file:///postgres-creds/host | ||||
|     user: file:///postgres-creds/username | ||||
|     password: file:///postgres-creds/password | ||||
|     name: file:///postgres-creds/database | ||||
|   secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7" | ||||
|   # This sends anonymous usage-data, stack traces on errors and | ||||
|   # performance data to authentik.error-reporting.a7k.io, and is fully opt-in | ||||
|   error_reporting: | ||||
|     enabled: false | ||||
| redis: | ||||
|   enabled: true | ||||
| server: | ||||
|   ingress: | ||||
|     annotations: | ||||
|       cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|     enabled: true | ||||
|     hosts: | ||||
|       - authentik.badhouseplants.net | ||||
|     tls: | ||||
|     - secretName: authentik-tls-secret | ||||
|       hosts: | ||||
|         - authentik.badhouseplants.net | ||||
|   volumes: | ||||
|     - name: postgres-creds | ||||
|       secret: | ||||
|         secretName: authentik-postgres16-creds | ||||
|   volumeMounts: | ||||
|     - name: postgres-creds | ||||
|       mountPath: /postgres-creds | ||||
|       readOnly: true | ||||
| worker: | ||||
|   volumes: | ||||
|     - name: postgres-creds | ||||
|       secret: | ||||
|         secretName: authentik-postgres16-creds | ||||
|   volumeMounts: | ||||
|     - name: postgres-creds | ||||
|       mountPath: /postgres-creds | ||||
|       readOnly: true | ||||
|  | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: bitwarden-http | ||||
|       gateway: badhouseplants-net | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: bitwarden.badhouseplants.net | ||||
|       service: bitwarden-vaultwarden | ||||
| @@ -17,21 +17,24 @@ istio: | ||||
|   pathType: Prefix | ||||
|  | ||||
| env: | ||||
|  | ||||
|   SIGNUPS_ALLOWED: false | ||||
|   DOMAIN: "https://bitwarden.badhouseplants.net" | ||||
|   # YUBICO_CLIENT_ID | ||||
|   # YUBICO_SECRET_KEY | ||||
|   # DATA_FOLDER | ||||
|   # DATABASE_URL | ||||
|   # ATTACHMENTS_FOLDER | ||||
|   # ICON_CACHE_FOLDER | ||||
|   # ROCKET_LIMITS | ||||
|   # ROCKET_WORKERS | ||||
|   WEB_VAULT_ENABLED: true | ||||
|  | ||||
| persistence: | ||||
|   enabled: true | ||||
|   accessMode: ReadWriteOnce | ||||
|   size: 800Mi | ||||
|   storageClass: longhorn | ||||
|   storageClass: longhorn | ||||
|  | ||||
| smtp: | ||||
|   host: badhouseplants.net | ||||
|   security: "starttls" | ||||
|   port: 587 | ||||
|   from: bitwarden@badhouseplants.net | ||||
|   fromName: bitwarden | ||||
|   username: | ||||
|     value: overlord@badhouseplants.net | ||||
|   authMechanism: "Plain" | ||||
|   acceptInvalidHostnames: "false" | ||||
|   acceptInvalidCerts: "false" | ||||
							
								
								
									
										19
									
								
								badhouseplants/values/values.chartmuseum.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								badhouseplants/values/values.chartmuseum.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: chartmuseum | ||||
|       kind: http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       hostname: helm.badhouseplants.net | ||||
|       service: chartmuseum | ||||
|       port: 8080 | ||||
| env: | ||||
|   open: | ||||
|     AUTH_ANONYMOUS_GET: true | ||||
|     DISABLE_API: false | ||||
|     CORS_ALLOWORIGIN: "*" | ||||
| persistence: | ||||
|   enabled: true | ||||
|   accessMode: ReadWriteOnce | ||||
|   size: 2Gi | ||||
|   path: /storage | ||||
							
								
								
									
										10
									
								
								badhouseplants/values/values.cilium.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								badhouseplants/values/values.cilium.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| operator: | ||||
|   replicas: 1 | ||||
| endpointRoutes: | ||||
|   # -- Enable use of per endpoint routes instead of routing via | ||||
|   # the cilium_host interface. | ||||
|   enabled: true | ||||
| ipam: | ||||
|   ciliumNodeUpdateRate: "15s" | ||||
|   operator: | ||||
|     clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] | ||||
							
								
								
									
										32
									
								
								badhouseplants/values/values.coredns.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								badhouseplants/values/values.coredns.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | ||||
| service: | ||||
|   clusterIP: 10.43.0.10 | ||||
|  | ||||
| servers: | ||||
|   - zones: | ||||
|       - zone: . | ||||
|     port: 53 | ||||
|     plugins: | ||||
|     - name: errors | ||||
|     # Serves a /health endpoint on :8080, required for livenessProbe | ||||
|     - name: health | ||||
|       configBlock: |- | ||||
|         lameduck 5s | ||||
|     # Serves a /ready endpoint on :8181, required for readinessProbe | ||||
|     - name: ready | ||||
|     # Required to query kubernetes API for data | ||||
|     - name: kubernetes | ||||
|       parameters: cluster.local in-addr.arpa ip6.arpa | ||||
|       configBlock: |- | ||||
|         pods insecure | ||||
|         fallthrough in-addr.arpa ip6.arpa | ||||
|         ttl 30 | ||||
|     # Serves a /metrics endpoint on :9153, required for serviceMonitor | ||||
|     - name: prometheus | ||||
|       parameters: 0.0.0.0:9153 | ||||
|     - name: forward | ||||
|       parameters: . 1.1.1.1 1.0.0.1 | ||||
|     - name: cache | ||||
|       parameters: 30 | ||||
|     - name: loop | ||||
|     - name: reload | ||||
|     - name: loadbalance | ||||
| @@ -1,22 +1,22 @@ | ||||
| --- | ||||
| dbinstances: | ||||
|   postgres: | ||||
|   postgres16-gitea: | ||||
|     monitoring: | ||||
|       enabled: false | ||||
|     adminSecretRef: | ||||
|       Name: postgres-secret | ||||
|       Name: postgres16-gitea-secret | ||||
|       Namespace: databases | ||||
|     engine: postgres | ||||
|     generic: | ||||
|       host: postgres16-gitea-postgresql.databases.svc.cluster.local | ||||
|       port: 5432 | ||||
|   postgres16: | ||||
|     monitoring: | ||||
|       enabled: false | ||||
|     adminSecretRef: | ||||
|       Name: postgres16-secret | ||||
|       Namespace: database-service | ||||
|     engine: postgres | ||||
|     generic: | ||||
|       host: postgres-postgresql | ||||
|       host: postgres16-postgresql.database-service.svc.cluster.local | ||||
|       port: 5432 | ||||
|   mysql: | ||||
|     monitoring: | ||||
|       enabled: false | ||||
|     adminSecretRef: | ||||
|       Name: mysql-secret | ||||
|       Namespace: database-service | ||||
|     engine: mysql | ||||
|     generic: | ||||
|       host: mysql | ||||
|       port: 3306 | ||||
|   | ||||
							
								
								
									
										71
									
								
								badhouseplants/values/values.docker-mailserver.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										71
									
								
								badhouseplants/values/values.docker-mailserver.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,71 @@ | ||||
| traefik: | ||||
|   enabled: true | ||||
|   tcpRoutes: | ||||
|     - name: docker-mailserver-smtp | ||||
|       service: docker-mailserver | ||||
|       match: HostSNI(`*`) | ||||
|       entrypoint: smtp | ||||
|       port: 25 | ||||
|     - name: docker-mailserver-smtps | ||||
|       match: HostSNI(`*`) | ||||
|       service: docker-mailserver | ||||
|       entrypoint: smtps | ||||
|       port: 465 | ||||
|     - name: docker-mailserver-smpt-startls | ||||
|       match: HostSNI(`*`) | ||||
|       service: docker-mailserver | ||||
|       entrypoint: smtp-startls | ||||
|       port: 587 | ||||
|     - name: docker-mailserver-imap | ||||
|       match: HostSNI(`*`) | ||||
|       service: docker-mailserver | ||||
|       entrypoint: imap | ||||
|       port: 143 | ||||
|     - name: docker-mailserver-imaps | ||||
|       match: HostSNI(`*`) | ||||
|       service: docker-mailserver | ||||
|       entrypoint: imaps | ||||
|       port: 993 | ||||
|     - name: docker-mailserver-pop3 | ||||
|       match: HostSNI(`*`) | ||||
|       service: docker-mailserver | ||||
|       entrypoint: pop3 | ||||
|       port: 110 | ||||
|     - name: docker-mailserver-pop3s | ||||
|       match: HostSNI(`*`) | ||||
|       service: docker-mailserver | ||||
|       entrypoint: pop3s | ||||
|       port: 993 | ||||
|  | ||||
| rainloop: | ||||
|   enabled: true | ||||
|   ingress: | ||||
|     enabled: true | ||||
|     hosts:  | ||||
|       - mail.badhouseplants.net | ||||
|     annotations: | ||||
|       kubernetes.io/ingress.class: traefik | ||||
|       kubernetes.io/tls-acme: "true" | ||||
|       kubernetes.io/ingress.allow-http: "false" | ||||
|       kubernetes.io/ingress.global-static-ip-name: "" | ||||
|       cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|     tls: | ||||
|       - secretName: mail-tls-secret | ||||
|         hosts: | ||||
|           - mail.badhouseplants.net | ||||
|  | ||||
| demoMode: | ||||
|   enabled: false | ||||
| domains: | ||||
|   - badhouseplants.net | ||||
|   - mail.badhouseplants.net | ||||
| ssl: | ||||
|   useExisting: true | ||||
|   existingName: mail-tls-secret | ||||
| pod: | ||||
|   dockermailserver: | ||||
|     enable_fail2ban: "0" | ||||
|     ssl_type: manual | ||||
| service: | ||||
|   type: ClusterIP | ||||
| spfTestsDisabled: true | ||||
| @@ -6,7 +6,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: drone-http | ||||
|       gateway: badhouseplants-net | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: drone.badhouseplants.net | ||||
|       service: drone | ||||
|   | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: funkwhale-http | ||||
|       gateway: badhouseplants-net | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: funkwhale.badhouseplants.net | ||||
|       service: funkwhale | ||||
| @@ -15,8 +15,8 @@ istio: | ||||
|  | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   name: funkwhale-postgres | ||||
|   instance: postgres | ||||
|   name: funkwhale-postgres16 | ||||
|   instance: postgres16 | ||||
|  | ||||
| replicaCount: 1 | ||||
| celery: | ||||
| @@ -30,6 +30,23 @@ celery: | ||||
|       requests: | ||||
|         cpu: 10m | ||||
|         memory: 75Mi | ||||
| ingress:   | ||||
|   enabled: true | ||||
|   annotations: | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|   host: funkwhale.badhouseplants.net | ||||
|   protocol: http | ||||
|  | ||||
|   tls:  | ||||
|     - secretName: funkwhale-tls-secret | ||||
|       hosts: | ||||
|         - funkwhale.badhouseplants.net | ||||
|  | ||||
| extraEnv: | ||||
|   FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net | ||||
|   FUNKWHALE_PROTOCOL: https | ||||
| @@ -39,14 +56,13 @@ persistence: | ||||
|   size: 10Gi | ||||
| s3: | ||||
|   enabled: false | ||||
| ingress: | ||||
|   enabled: false | ||||
|  | ||||
| postgresql: | ||||
|   enabled: false | ||||
|   host: postgres-postgresql.database-service.svc.cluster.local | ||||
|   host: postgres16-postgresql.database-service.svc.cluster.local | ||||
|   auth: | ||||
|     username: funkwhale-application-funkwhale-postgres | ||||
|     database: funkwhale-application-funkwhale-postgres | ||||
|     username: funkwhale-application-funkwhale-postgres16 | ||||
|     database: funkwhale-application-funkwhale-postgres16 | ||||
|  | ||||
| redis: | ||||
|   enabled: false | ||||
|   | ||||
| @@ -1,23 +1,11 @@ | ||||
| --- | ||||
| # ------------------------------------------ | ||||
| # -- Istio extenstion. Just because I'm | ||||
| # --  not using ingress nginx | ||||
| # ------------------------------------------ | ||||
| istio: | ||||
| traefik: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: gitea-http | ||||
|       kind: http | ||||
|       gateway: badhouseplants-net | ||||
|       hostname: git.badhouseplants.net | ||||
|       service: gitea-http | ||||
|       port: 3000 | ||||
|   tcpRoutes: | ||||
|     - name: gitea-ssh | ||||
|       kind: tcp | ||||
|       gateway: badhouseplants-ssh | ||||
|       hostname: "*" | ||||
|       port_match: 22 | ||||
|       service: gitea-ssh | ||||
|       match: HostSNI(`*`) | ||||
|       entrypoint: ssh | ||||
|       port: 22 | ||||
| # ------------------------------------------ | ||||
| # -- Database extension is used to manage | ||||
| @@ -25,30 +13,47 @@ istio: | ||||
| # ------------------------------------------ | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   name: gitea-postgres | ||||
|   instance: postgres | ||||
|   name: gitea-postgres16 | ||||
|   instance: postgres16-gitea | ||||
|  | ||||
| # ------------------------------------------ | ||||
| # -- Kubernetes related values | ||||
| # ------------------------------------------ | ||||
| ingress: | ||||
|   enabled: true | ||||
|   annotations: | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|   hosts: | ||||
|     - host: git.badhouseplants.net | ||||
|       paths: | ||||
|         - path: / | ||||
|           pathType: Prefix | ||||
|   tls: | ||||
|     - secretName: gitea-tls-secret | ||||
|       hosts: | ||||
|         - git.badhouseplants.net | ||||
| replicaCount: 1 | ||||
| clusterDomain: cluster.local | ||||
|  | ||||
| resources: | ||||
|   limits: | ||||
|     cpu: 300m | ||||
|     memory: 512Mi | ||||
|     cpu: 512m | ||||
|     memory: 1024Mi | ||||
|   requests: | ||||
|     cpu: 50m | ||||
|     memory: 128Mi | ||||
|     cpu: 512m | ||||
|     memory: 256Mi | ||||
|  | ||||
| persistence: | ||||
|   enabled: true | ||||
|   size: 6Gi | ||||
|   size: 15Gi | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|  | ||||
| ingress: | ||||
|   enabled: false | ||||
| # ------------------------------------------ | ||||
| # -- Main Gitea settings | ||||
| # ------------------------------------------ | ||||
| @@ -61,9 +66,9 @@ gitea: | ||||
|   config: | ||||
|     database: | ||||
|       DB_TYPE: postgres | ||||
|       HOST: postgres-postgresql.database-service.svc.cluster.local | ||||
|       NAME: gitea-service-gitea-postgres | ||||
|       USER: gitea-service-gitea-postgres | ||||
|       HOST: postgres16-gitea-postgresql.databases.svc.cluster.local | ||||
|       NAME: applications-gitea-postgres16 | ||||
|       USER: applications-gitea-postgres16 | ||||
|     APP_NAME: Bad Houseplants Gitea | ||||
|     ui: | ||||
|       meta: | ||||
| @@ -101,6 +106,20 @@ gitea: | ||||
|       ADAPTER: redis | ||||
|     queue: | ||||
|       TYPE: redis | ||||
|     mailer: | ||||
|       ENABLED: true | ||||
|       FROM: gitea@badhouseplants.net | ||||
|       PROTOCOL: smtp+startls | ||||
|       SMTP_ADDR: badhouseplants.net | ||||
|       SMTP_PORT: 587 | ||||
|       USER: overlord@badhouseplants.net | ||||
|     indexer: | ||||
|       REPO_INDEXER_ENABLED: false | ||||
|       REPO_INDEXER_PATH: indexers/repos.bleve | ||||
|       MAX_FILE_SIZE: 1048576 | ||||
|       REPO_INDEXER_EXCLUDE: resources/bin/** | ||||
|     picture: | ||||
|       ENABLE_FEDERATED_AVATAR: false | ||||
| service: | ||||
|   ssh: | ||||
|     type: ClusterIP | ||||
| @@ -112,4 +131,22 @@ service: | ||||
| postgresql-ha: | ||||
|   enabled: false | ||||
| redis-cluster: | ||||
|   enabled: false | ||||
|   enabled: false | ||||
|  | ||||
| extraDeploy: | ||||
|   - | | ||||
|       {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} | ||||
|       apiVersion: traefik.io/v1alpha1 | ||||
|       kind: IngressRouteTCP | ||||
|       metadata: | ||||
|         name: {{ include "gitea.fullname" . }}-ssh | ||||
|       spec: | ||||
|         entryPoints: | ||||
|           - git-ssh | ||||
|         routes: | ||||
|           - match: HostSNI(`git.badhouseplants.net`) | ||||
|             services: | ||||
|               - name: "{{ include "gitea.fullname" . }}-ssh" | ||||
|                 port: 22 | ||||
|                 nativeLB: true | ||||
|       {{- end }} | ||||
|   | ||||
							
								
								
									
										98
									
								
								badhouseplants/values/values.istio-gateway-resources.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										98
									
								
								badhouseplants/values/values.istio-gateway-resources.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,98 @@ | ||||
| certificate: | ||||
|   enabled: true | ||||
|   certificate:  | ||||
|     - name: nrodionov-wildcard | ||||
|       secretName: nrodionov-wildcard-tls | ||||
|       issuer: | ||||
|         kind: ClusterIssuer | ||||
|         name: badhouseplants-issuer | ||||
|       dnsNames: | ||||
|         - nrodionov.info | ||||
|         - "*.nrodionov.info" | ||||
|     - name: badhouseplants-wildcard | ||||
|       secretName: badhouseplants-wildcard-tls | ||||
|       issuer: | ||||
|         kind: ClusterIssuer | ||||
|         name: badhouseplants-issuer | ||||
|       dnsNames: | ||||
|         - badhouseplants.net | ||||
|         - "*.badhouseplants.net" | ||||
| istio-gateway: | ||||
|   enabled: true | ||||
|   gateways: | ||||
|     - name: badhouseplants-net | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - badhouseplants.net | ||||
|           - '*.badhouseplants.net' | ||||
|           port: | ||||
|             name: grpc-web | ||||
|             number: 8080 | ||||
|             protocol: HTTPS | ||||
|           tls: | ||||
|             credentialName: badhouseplants-wildcard-tls | ||||
|             mode: SIMPLE | ||||
|         - hosts: | ||||
|           - badhouseplants.net | ||||
|           - '*.badhouseplants.net' | ||||
|           port: | ||||
|             name: http | ||||
|             number: 80 | ||||
|             protocol: HTTP2 | ||||
|           tls: | ||||
|             httpsRedirect: true | ||||
|         - hosts: | ||||
|           - badhouseplants.net | ||||
|           - '*.badhouseplants.net' | ||||
|           port: | ||||
|             name: https | ||||
|             number: 443 | ||||
|             protocol: HTTPS | ||||
|           tls: | ||||
|             credentialName: badhouseplants-wildcard-tls | ||||
|             mode: SIMPLE | ||||
|     - name: nrodionov-info | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - nrodionov.info | ||||
|           - dev.nrodionov.info | ||||
|           port: | ||||
|             name: http | ||||
|             number: 80 | ||||
|             protocol: HTTP2 | ||||
|           tls: | ||||
|             httpsRedirect: true | ||||
|         - hosts: | ||||
|           - nrodionov.info | ||||
|           - dev.nrodionov.info | ||||
|           port: | ||||
|             name: https | ||||
|             number: 443 | ||||
|             protocol: HTTPS | ||||
|           tls: | ||||
|             credentialName: nrodionov-wildcard-tls | ||||
|             mode: SIMPLE | ||||
|     - name: badhouseplants-vpn | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - '*' | ||||
|           port: | ||||
|             name: tcp | ||||
|             number: 1194 | ||||
|             protocol: TCP | ||||
|     - name: badhouseplants-ssh | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - '*' | ||||
|           port: | ||||
|             name: ssh | ||||
|             number: 22 | ||||
|             protocol: TCP | ||||
|     - name: badhouseplants-minecraft | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - '*' | ||||
|           port: | ||||
|             name: minecraft | ||||
|             number: 25565 | ||||
|             protocol: TCP | ||||
| @@ -1,7 +1,11 @@ | ||||
| --- | ||||
| service: | ||||
|   type: LoadBalancer | ||||
|   externalTrafficPolicy: Local | ||||
|   ports: | ||||
|     - name: shadowsocks | ||||
|       port: 8388 | ||||
|       protocol: TCP | ||||
|       targetPort: 8388 | ||||
|     - name: minecraft | ||||
|       port: 25565 | ||||
|       protocol: TCP | ||||
| @@ -14,6 +18,10 @@ service: | ||||
|       port: 80 | ||||
|       protocol: TCP | ||||
|       targetPort: 80 | ||||
|     - name: grpc-web | ||||
|       port: 8080 | ||||
|       protocol: TCP | ||||
|       targetPort: 8080 | ||||
|     - name: https | ||||
|       port: 443 | ||||
|       protocol: TCP | ||||
| @@ -22,10 +30,6 @@ service: | ||||
|       port: 1194 | ||||
|       protocol: TCP | ||||
|       targetPort: 1194 | ||||
|     - name: tcp | ||||
|       port: 25 | ||||
|       protocol: TCP | ||||
|       targetPort: 25 | ||||
|     # ----------- | ||||
|     # -- Email | ||||
|     # ----------- | ||||
|   | ||||
| @@ -8,7 +8,7 @@ global: | ||||
|   proxy: | ||||
|     resources: | ||||
|       requests: | ||||
|         cpu: 100m | ||||
|         cpu: 20m | ||||
|         memory: 128Mi | ||||
|       limits: | ||||
|         memory: 128Mi | ||||
|   | ||||
							
								
								
									
										3
									
								
								badhouseplants/values/values.local-path-provisioner.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								badhouseplants/values/values.local-path-provisioner.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | ||||
| storageClass: | ||||
|   create: true | ||||
|   defaultClass: false | ||||
| @@ -1,11 +1,99 @@ | ||||
| --- | ||||
| singleBinary: | ||||
|   replicas: 1 | ||||
| global: | ||||
|   dnsService: "coredns" | ||||
|  | ||||
| loki: | ||||
|   auth_enabled: false | ||||
|   commonConfig: | ||||
|     replication_factor: 1 | ||||
|   storage: | ||||
|     type: 'filesystem' | ||||
|   commonConfig: | ||||
|     replication_factor: 1 | ||||
|   schemaConfig: | ||||
|     configs: | ||||
|       - from: 2024-04-01 | ||||
|         store: tsdb | ||||
|         object_store: s3 | ||||
|         schema: v13 | ||||
|         index: | ||||
|           prefix: loki_index_ | ||||
|           period: 24h | ||||
|   ingester: | ||||
|     chunk_encoding: snappy | ||||
|   tracing: | ||||
|     enabled: true | ||||
|   querier: | ||||
|     # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing | ||||
|     max_concurrent: 2 | ||||
|  | ||||
| compactor: | ||||
|   retention_enabled: true | ||||
| limits_config: | ||||
|   retention_period: 2d | ||||
|   retention_period: 14d | ||||
|  | ||||
| monitoring: | ||||
|   selfMonitoring: | ||||
|     enabled: false | ||||
|   lokiCanary: | ||||
|     enabled: false | ||||
|  | ||||
| #gateway: | ||||
| #  ingress: | ||||
| #    enabled: true | ||||
| #    hosts: | ||||
| #      - host: FIXME | ||||
| #        paths: | ||||
| #          - path: / | ||||
| #            pathType: Prefix | ||||
|  | ||||
| deploymentMode: SingleBinary | ||||
| singleBinary: | ||||
|   persistence: | ||||
|     size: 5Gi | ||||
|   replicas: 1 | ||||
|   resources: | ||||
|     limits: | ||||
|       cpu: 1 | ||||
|       memory: 1Gi | ||||
|     requests: | ||||
|       cpu: 0.5 | ||||
|       memory: 512Mi | ||||
|   extraEnv: | ||||
|     # Keep a little bit lower than memory limits | ||||
|     - name: GOMEMLIMIT | ||||
|       value: 3750MiB | ||||
|  | ||||
| chunksCache: | ||||
|   # default is 500MB, with limited memory keep this smaller | ||||
|   writebackSizeLimit: 10MB | ||||
|  | ||||
| minio: | ||||
|   enabled: false | ||||
|  | ||||
| # Zero out replica counts of other deployment modes | ||||
| backend: | ||||
|   replicas: 0 | ||||
| read: | ||||
|   replicas: 0 | ||||
| write: | ||||
|   replicas: 0 | ||||
|  | ||||
| ingester: | ||||
|   replicas: 0 | ||||
| querier: | ||||
|   replicas: 0 | ||||
| queryFrontend: | ||||
|   replicas: 0 | ||||
| queryScheduler: | ||||
|   replicas: 0 | ||||
| distributor: | ||||
|   replicas: 0 | ||||
| compactor: | ||||
|   replicas: 0 | ||||
| indexGateway: | ||||
|   replicas: 0 | ||||
| bloomCompactor: | ||||
|   replicas: 0 | ||||
| bloomGateway: | ||||
|   replicas: 0 | ||||
|   | ||||
| @@ -1,13 +1,14 @@ | ||||
| defaultSettings: | ||||
|   backupTarget: s3://longhorn@us-east1/backupstore  | ||||
|   backupTarget: s3://longhorn@us-east1/backupstore | ||||
|   backupTargetCredentialSecret: aws-secret | ||||
|   guaranteedEngineManagerCPU: 6 | ||||
|   guaranteedReplicaManagerCPU: 6 | ||||
|   storageOverProvisioningPercentage: 300 | ||||
|   storageMinimalAvailablePercentage: 5 | ||||
|   defaultDataPath: /media-longhorn | ||||
|   storageReservedPercentageForDefaultDisk: 1 | ||||
|   defaultDataPath: /media/longhorn | ||||
| csi: | ||||
|   kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet | ||||
|   kubeletRootDir: /var/lib/kubelet/ | ||||
| persistence: | ||||
|   defaultClassReplicaCount: 1 | ||||
| enablePSP: false | ||||
|   | ||||
| @@ -1,95 +1,96 @@ | ||||
| --- | ||||
| certificate:  | ||||
|  | ||||
| # ------------------------------------------ | ||||
| # -- Database extension is used to manage | ||||
| # --  database with db-operator | ||||
| # ------------------------------------------ | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   certificate:  | ||||
|     - name: mailu | ||||
|       secretName: mailu-certificate | ||||
|       issuer: | ||||
|         kind: ClusterIssuer | ||||
|         name: badhouseplants-issuer | ||||
|       dnsNames: | ||||
|         - badhouseplants.net | ||||
|         - "email.badhouseplants.net" | ||||
|   name: mailu-postgres16 | ||||
|   instance: postgres16 | ||||
|   extraDatabase: | ||||
|     enabled: true | ||||
|     name: roundcube-postgres16 | ||||
|     instance: postgres16 | ||||
|  | ||||
| # ------------------------------------------ | ||||
| # -- Istio extenstion. Just because I'm | ||||
| # --  not using ingress nginx | ||||
| # ------------------------------------------ | ||||
| istio: | ||||
| traefik: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: mailu-web | ||||
|       kind: http | ||||
|       gateway: badhouseplants-net | ||||
|       hostname: email.badhouseplants.net | ||||
|   tcpRoutes: | ||||
|     - name: mailu-smtp | ||||
|       service: mailu-front | ||||
|       port: 80 | ||||
|     # - name: mailu-smpt | ||||
|       # kind: tcp | ||||
|       # gateway: badhouseplants-mail | ||||
|       # service: mailu-front | ||||
|       # hostname: email.badhousplants.net | ||||
|       # port_match: 25 | ||||
|       # port: 25 | ||||
|     # - name: mailu-smpts | ||||
|       # kind: tcp | ||||
|       # gateway: badhouseplants-mail | ||||
|       # port_match: 465 | ||||
|       # hostname: email.badhousplants.net | ||||
|       # service: mailu-front | ||||
|       # port: 465 | ||||
|     # - name: mailu-smpt-startls | ||||
|       # kind: tcp | ||||
|       # gateway: badhouseplants-mail | ||||
|       # hostname: email.badhousplants.net | ||||
|       # port_match: 587 | ||||
|       # service: mailu-front | ||||
|       # port: 587 | ||||
|     # - name: mailu-imap | ||||
|       # kind: tcp | ||||
|       # hostname: email.badhousplants.net | ||||
|       # gateway: badhouseplants-mail | ||||
|       # port_match: 143 | ||||
|       # service: mailu-front | ||||
|       # port: 143 | ||||
|     # - name: mailu-imaps | ||||
|       # kind: tcp | ||||
|       # gateway: badhouseplants-mail | ||||
|       # hostname: email.badhousplants.net | ||||
|       # port_match: 993 | ||||
|       # service: mailu-front | ||||
|       # port: 993 | ||||
|     # - name: mailu-pop3 | ||||
|       # kind: tcp | ||||
|       # gateway: badhouseplants-mail | ||||
|       # port_match: 110 | ||||
|       # hostname: email.badhousplants.net | ||||
|       # service: mailu-front | ||||
|       # port: 110 | ||||
|     # - name: mailu-pop3s | ||||
|       # kind: tcp | ||||
|       # gateway: badhouseplants-mail | ||||
|       # port_match: 993 | ||||
|       # hostname: email.badhousplants.net | ||||
|       # service: mailu-front | ||||
|       # port: 993 | ||||
| subnet: 10.1.0.0/16 | ||||
|       match: HostSNI(`*`) | ||||
|       entrypoint: smtp | ||||
|       port: 25 | ||||
|     - name: mailu-smtps | ||||
|       match: HostSNI(`*`) | ||||
|       service: mailu-front | ||||
|       entrypoint: smtps | ||||
|       port: 465 | ||||
|     - name: mailu-smpt-startls | ||||
|       match: HostSNI(`*`) | ||||
|       service: mailu-front | ||||
|       entrypoint: smtp-startls | ||||
|       port: 587 | ||||
|     - name: mailu-imap | ||||
|       match: HostSNI(`*`) | ||||
|       service: mailu-front | ||||
|       entrypoint: imap | ||||
|       port: 143 | ||||
|     - name: mailu-imaps | ||||
|       match: HostSNI(`*`) | ||||
|       service: mailu-front | ||||
|       entrypoint: imaps | ||||
|       port: 993 | ||||
|     - name: mailu-pop3 | ||||
|       match: HostSNI(`*`) | ||||
|       service: mailu-front | ||||
|       entrypoint: pop3 | ||||
|       port: 110 | ||||
|     - name: mailu-pop3s | ||||
|       match: HostSNI(`*`) | ||||
|       service: mailu-front | ||||
|       entrypoint: pop3s | ||||
|       port: 993 | ||||
| subnet: 10.244.0.0/16 | ||||
| sessionCookieSecure: true | ||||
| hostnames: | ||||
|   - post.badhouseplants.net | ||||
|   - email.badhouseplants.net | ||||
| extraTls: | ||||
|   - hosts: | ||||
|       - badhouseplants.net | ||||
|     secretName: mailu-root-domain | ||||
| domain: badhouseplants.net | ||||
| persistence: | ||||
|   single_pvc: false | ||||
| limits: | ||||
|   messageRatelimit: | ||||
|     value: "10/day" | ||||
|     value: "100/day" | ||||
| tls: | ||||
|   outboundLevel: secure | ||||
| ingress: | ||||
|   enabled: false | ||||
|   tls: false | ||||
|   enabled: true | ||||
|   ingressClassName: traefik | ||||
|   tls: true | ||||
|   annotations: | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|   tlsFlavorOverride: mail | ||||
|   selfSigned: false | ||||
|   existingSecret: mailu-certificate | ||||
|     #  realIpFrom: traefik.kube-system.svc.cluster.local | ||||
|     #  realIpHeader: "X-Real-IP" | ||||
| front: | ||||
|   hostPort: | ||||
|     enabled: false | ||||
|   extraEnvVars: | ||||
|     - name: PROXY_PROTOCOL | ||||
|       value: "mail" | ||||
|     - name: REAL_IP_FROM | ||||
|       value: "10.244.0.0/16,10.43.0.0/16" | ||||
| admin: | ||||
|   resources: | ||||
|     requests: | ||||
| @@ -97,7 +98,15 @@ admin: | ||||
|       cpu: 70m | ||||
|     limits: | ||||
|       memory: 700Mi | ||||
|       cpu: 400m | ||||
|       cpu: 600m | ||||
|   startupProbe: | ||||
|     enabled: true | ||||
|     failureThreshold: 10 | ||||
|     initialDelaySeconds: 10 | ||||
|     periodSeconds: 10 | ||||
|     successThreshold: 1 | ||||
|     timeoutSeconds: 5 | ||||
|  | ||||
|   persistence: | ||||
|     size: 1Gi | ||||
| redis: | ||||
| @@ -107,9 +116,10 @@ redis: | ||||
|       cpu: 70m | ||||
|     limits: | ||||
|       memory: 200Mi | ||||
|       cpu: 200m  | ||||
|   persistence: | ||||
|     size: 1Gi | ||||
|       cpu: 200m | ||||
|   master: | ||||
|     persistence: | ||||
|       enabled: false | ||||
| postfix: | ||||
|   resources: | ||||
|     requests: | ||||
| @@ -117,7 +127,7 @@ postfix: | ||||
|       cpu: 200m | ||||
|     limits: | ||||
|       memory: 1024Mi | ||||
|       cpu: 200m  | ||||
|       cpu: 200m | ||||
|   persistence: | ||||
|     size: 1Gi | ||||
| dovecot: | ||||
| @@ -128,7 +138,7 @@ dovecot: | ||||
|       cpu: 70m | ||||
|     limits: | ||||
|       memory: 400Mi | ||||
|       cpu: 300m  | ||||
|       cpu: 300m | ||||
|   persistence: | ||||
|     size: 1Gi | ||||
| roundcube: | ||||
| @@ -138,26 +148,24 @@ roundcube: | ||||
|       cpu: 70m | ||||
|     limits: | ||||
|       memory: 200Mi | ||||
|       cpu: 200m  | ||||
|       cpu: 200m | ||||
|   persistence: | ||||
|     size: 1Gi | ||||
| mysql: | ||||
|   enabled: false | ||||
| postgresql: | ||||
|   enabled: false | ||||
| ## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. | ||||
| externalDatabase: | ||||
|   ## @param externalDatabase.enabled Set to true to use an external database | ||||
|   enabled: true | ||||
|   auth: | ||||
|     enablePostgresUser: true | ||||
|     username: mailu | ||||
|     database: mailu | ||||
|   persistence: | ||||
|     enabled: false | ||||
|     storageClass: "" | ||||
|     accessMode: ReadWriteOnce | ||||
|     size: 2Gi | ||||
| front: | ||||
|   logLevel: DEBUG | ||||
|   hostPort: | ||||
|     enabled: true | ||||
|   type: postgresql | ||||
|   existingSecret: mailu-postgres16-creds | ||||
|   existingSecretDatabaseKey: POSTGRES_DB | ||||
|   existingSecretUsernameKey: POSTGRES_USER | ||||
|   existingSecretPasswordKey: POSTGRES_PASSWORD | ||||
|   host: postgres16-postgresql.database-service.svc.cluster.local | ||||
|   port: 5432 | ||||
| rspamd: | ||||
|   resources: | ||||
|     requests: | ||||
| @@ -166,7 +174,7 @@ rspamd: | ||||
|     limits: | ||||
|       memory: 500Mi | ||||
|       cpu: 400m | ||||
|   startupProbe:  | ||||
|   startupProbe: | ||||
|     periodSeconds: 30 | ||||
|     failureThreshold: 900 | ||||
|     timeoutSeconds: 20 | ||||
| @@ -179,3 +187,10 @@ webmail: | ||||
|     accessModes: [ReadWriteOnce] | ||||
|     claimNameOverride: "" | ||||
|     annotations: {} | ||||
| global: | ||||
|   database: | ||||
|     roundcube: | ||||
|       database: applications-roundcube-postgres16 | ||||
|       username: applications-roundcube-postgres16 | ||||
|       existingSecret: roundcube-postgres16-creds | ||||
|       existingSecretPasswordKey: POSTGRES_PASSWORD | ||||
|   | ||||
							
								
								
									
										5
									
								
								badhouseplants/values/values.metallb-resources.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								badhouseplants/values/values.metallb-resources.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| metallb: | ||||
|   enabled: true | ||||
|   ippools: | ||||
|     - name: fuji | ||||
|       addresses: 195.201.249.91-195.201.249.91 | ||||
| @@ -1,157 +0,0 @@ | ||||
| --- | ||||
| # -------------------------------------------------- | ||||
| # -- Extensions values | ||||
| # -------------------------------------------------- | ||||
| service-account: | ||||
|   enabled: true | ||||
|   resources: | ||||
|     - name: minecraft-exporter | ||||
|       label: | ||||
|         app: minecraft-minecraft-metrics | ||||
|       endpoints: | ||||
|         port: metrics | ||||
| # ------------------------------------------ | ||||
| # -- Istio extenstion. Just because I'm | ||||
| # --  not using ingress nginx | ||||
| # ------------------------------------------ | ||||
| istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: minecraft-tcp | ||||
|       gateway: badhouseplants-minecraft | ||||
|       kind: tcp | ||||
|       port_match: 25565 | ||||
|       hostname: "*" | ||||
|       service: minecraft-minecraft | ||||
|       port: 25565 | ||||
| # -------------------------------------------------- | ||||
| # -- Main values | ||||
| # -------------------------------------------------- | ||||
| image: | ||||
|   tag: java17-graalvm-ce | ||||
|   pullPolicy: Always | ||||
|  | ||||
| resources: | ||||
|   requests: | ||||
|     memory: 3Gi | ||||
|     cpu: 256m | ||||
|   limits: | ||||
|     memory: 3Gi | ||||
|  | ||||
| lifecycle: | ||||
|   postStart: | ||||
|     - bash | ||||
|     - -c | ||||
|     - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 | ||||
|  | ||||
| readinessProbe: | ||||
|   command: | ||||
|     - mc-health | ||||
|   periodSeconds: 20 | ||||
|   failureThreshold: 50 | ||||
|   timeoutSeconds: 10 | ||||
| livenessProbe: | ||||
|   timeoutSeconds: 10 | ||||
|  | ||||
| minecraftServer: | ||||
|   overrideServerProperties: true | ||||
|   eula: "TRUE" | ||||
|   onlineMode: false | ||||
|   difficulty: hard | ||||
|   hardcore: true | ||||
|   version: 1.20.1 | ||||
|   maxWorldSize: 90000 | ||||
|   type: "PAPER" | ||||
|   paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar | ||||
|   gameMode: survival | ||||
|   pvp: true | ||||
|   rcon: | ||||
|     enabled: true | ||||
|     withGeneratedPassword: false | ||||
|     port: 25575 | ||||
|     serviceType: ClusterIP | ||||
|   extraPorts: | ||||
|     - name: metrics | ||||
|       containerPort: 9225 | ||||
|       protocol: TCP | ||||
|       service: | ||||
|         enabled: true | ||||
|         embedded: false | ||||
|         labels: | ||||
|           exporter: minecraft | ||||
|         type: ClusterIP | ||||
|         port: 9925 | ||||
|       ingress: | ||||
|         enabled: false | ||||
| persistence: | ||||
|   dataDir: | ||||
|     enabled: true | ||||
|     Size: 15Gi | ||||
| mcbackup: | ||||
|   enabled: false | ||||
|   backupInterval: 2h | ||||
|   pauseIfNoPlayers: "false" | ||||
|   pruneBackupsDays: 2 | ||||
|   rconRetries: 5 | ||||
|   rconRetryInterval: 10s | ||||
|   excludes: "*.jar,cache,logs" | ||||
|   backupMethod: restic | ||||
|   resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft | ||||
|   resticAdditionalTags: "mc_backups" | ||||
|   pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" | ||||
|   resources: | ||||
|     requests: | ||||
|       memory: 512Mi | ||||
|       cpu: 100m | ||||
|   persistence: | ||||
|     backupDir: | ||||
|       enabled: false | ||||
| # --------------------------------------------- | ||||
| # -- Install Plugins | ||||
| # --------------------------------------------- | ||||
| initContainers: | ||||
|   - name: install-prometheus-exporter | ||||
|     image: alpine/curl | ||||
|     command: | ||||
|       - curl | ||||
|       - -L | ||||
|       - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" | ||||
|       - -o | ||||
|       - /data/plugins/prometheus-exporter.jar | ||||
|     volumeMounts: | ||||
|       - name: plugins | ||||
|         mountPath: /data/plugins | ||||
|         readOnly: false | ||||
|   - name: install-password-plugin | ||||
|     image: alpine/curl | ||||
|     command: | ||||
|       - curl | ||||
|       - -L | ||||
|       - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" | ||||
|       - -o | ||||
|       - /data/plugins/PasswordProtect.jar | ||||
|     volumeMounts: | ||||
|       - name: plugins | ||||
|         mountPath: /data/plugins | ||||
|         readOnly: false | ||||
|   - name: install-gravity-control-plugin | ||||
|     image: alpine/curl | ||||
|     command: | ||||
|       - curl | ||||
|       - -L | ||||
|       - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar | ||||
|       - -o | ||||
|       - /data/plugins/GravityControl-1.3.0.jar | ||||
|     volumeMounts: | ||||
|       - name: plugins | ||||
|         mountPath: /data/plugins | ||||
|         readOnly: false | ||||
| extraVolumes: | ||||
|   - volumeMounts: | ||||
|       - name: plugins | ||||
|         mountPath: /data/plugins | ||||
|         readOnly: false | ||||
|     volumes: | ||||
|       - name: plugins | ||||
|         emptyDir: | ||||
|           sizeLimit: 500Mi | ||||
| @@ -7,18 +7,53 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: minio-http | ||||
|       gateway: badhouseplants-net | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: minio.badhouseplants.net | ||||
|       service: minio-console | ||||
|       port: 9001 | ||||
|     - name: s3-http | ||||
|       gateway: badhouseplants-net | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: s3.badhouseplants.net | ||||
|       service: minio | ||||
|       port: 9000 | ||||
|  | ||||
| ingress: | ||||
|   enabled: true | ||||
|   ingressClassName: ~ | ||||
|   annotations: | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|   path: / | ||||
|   hosts: | ||||
|     - s3.badhouseplants.net | ||||
|   tls: | ||||
|     - secretName: s3-tls-secret | ||||
|       hosts: | ||||
|         - s3.badhouseplants.net | ||||
| consoleIngress: | ||||
|   enabled: true | ||||
|   ingressClassName: ~ | ||||
|   annotations: | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|   path: / | ||||
|   hosts: | ||||
|     - minio.badhouseplants.net | ||||
|   tls: | ||||
|     - secretName: minio-tls-secret | ||||
|       hosts: | ||||
|         - minio.badhouseplants.net | ||||
|  | ||||
| rootUser: 'overlord' | ||||
| replicas: 1 | ||||
| mode: standalone | ||||
| @@ -64,11 +99,6 @@ buckets: | ||||
|   - name: allanger-music | ||||
|     policy: download | ||||
|     purge: false | ||||
|     versioning: false | ||||
|   - name: badhouseplants-brew | ||||
|     policy: download | ||||
|     purge: false | ||||
|     versioning: false | ||||
| metrics: | ||||
|   serviceMonitor: | ||||
|     enabled: false | ||||
|   | ||||
| @@ -1,11 +1,18 @@ | ||||
| --- | ||||
| ns: | ||||
|   - name: monitoring-system | ||||
| templates: | ||||
|   - | | ||||
|     {{ range .Values.ns }} | ||||
|     apiVersion: v1 | ||||
|     kind: Namespace | ||||
|     metadata: | ||||
|       name: {{ .name }} | ||||
|     {{ end }} | ||||
| namespaces: | ||||
|   - name: longhorn-system | ||||
|   - name: minio-service | ||||
|   - name: nrodionov-application | ||||
|   - name: funkwhale-application | ||||
|   - name: database-service | ||||
|   - name: vaultwarden-application | ||||
|   - name: openvpn-service | ||||
|   - name: badhouseplants-main | ||||
|     labels: | ||||
|       istio-injection: enabled | ||||
|   - name: badhouseplants-preview | ||||
|   - name: kube-services | ||||
|   - name: databases | ||||
|   - name: applications | ||||
|   - name: development | ||||
|   - name: platform | ||||
|   - name: games | ||||
|   | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: nrodionov-http | ||||
|       gateway: nrodionov-info | ||||
|       gateway: istio-system/nrodionov-info | ||||
|       kind: http | ||||
|       hostname: dev.nrodionov.info | ||||
|       service: nrodionov-wordpress | ||||
| @@ -17,7 +17,20 @@ ext-database: | ||||
|   enabled: true | ||||
|   name: nrodionov-mysql | ||||
|   instance: mysql | ||||
|  | ||||
| ingress: | ||||
|   enabled: true | ||||
|   pathType: ImplementationSpecific | ||||
|   hostname: dev.nrodionov.info | ||||
|   path: / | ||||
|   annotations: | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|   tls: true | ||||
|   tlsWwwPrefix: false | ||||
|   selfSigned: false | ||||
| wordpressBlogName: Николай Николаевич Родионов | ||||
| wordpressUsername: admin | ||||
| wordpressFirstName: Nikolai | ||||
|   | ||||
| @@ -3,33 +3,34 @@ | ||||
| # -- Istio extenstion. Just because I'm | ||||
| # --  not using ingress nginx | ||||
| # ------------------------------------------ | ||||
| istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: openvpn-tcp | ||||
|       gateway: badhouseplants-vpn | ||||
|       kind: tcp | ||||
|       port_match: 1194 | ||||
|       hostname: "*" | ||||
|       service: openvpn | ||||
|       port: 1194 | ||||
|     - name: openvpn-tcp-fake-port | ||||
|       gateway: badhouseplants-vpn | ||||
|       kind: tcp | ||||
|       port_match: 25 | ||||
|       hostname: "*" | ||||
|       service: openvpn | ||||
|       port: 1194 | ||||
| # istio: | ||||
|   # enabled: true | ||||
|   # istio: | ||||
|     # - name: openvpn-tcp-xor | ||||
|       # gateway: istio-system/badhouseplants-vpn | ||||
|       # kind: tcp | ||||
|       # port_match: 1194 | ||||
|       # hostname: "*" | ||||
|       # service: openvpn-xor | ||||
|       # port: 1194 | ||||
| # ------------------------------------------ | ||||
| image: | ||||
|   tag: v2.6.5-xor-4.0.0beta08 | ||||
| traefik: | ||||
|   enabled: true | ||||
|   tcpRoutes: | ||||
|     - name: openvpn-xor | ||||
|       service: openvpn-xor | ||||
|       match: HostSNI(`*`) | ||||
|       entrypoint: openvpn | ||||
|       port: 1194 | ||||
| 
 | ||||
| storage: | ||||
|   class: longhorn | ||||
|   size: 512Mi | ||||
| 
 | ||||
| openvpn: | ||||
|   proto: tcp | ||||
|   host: 195.201.250.50 | ||||
|   host: 195.201.249.91 | ||||
| 
 | ||||
| easyrsa: | ||||
|   cn: Bad Houseplants | ||||
|   country: Germany | ||||
							
								
								
									
										35
									
								
								badhouseplants/values/values.postgres16-gitea.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								badhouseplants/values/values.postgres16-gitea.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| architecture: standalone | ||||
|  | ||||
| auth: | ||||
|   database: postgres | ||||
|  | ||||
| persistence: | ||||
|   size: 1Gi | ||||
|  | ||||
| metrics: | ||||
|   enabled: false | ||||
| primary: | ||||
|   resources:  | ||||
|     limits: | ||||
|       ephemeral-storage: 1Gi | ||||
|       memory: 512Mi | ||||
|     requests: | ||||
|       cpu: 100m | ||||
|       ephemeral-storage: 50Mi | ||||
|       memory: 256Mi | ||||
|   podSecurityContext: | ||||
|     enabled: true | ||||
|     fsGroupChangePolicy: Always | ||||
|     sysctls: [] | ||||
|     supplementalGroups: [] | ||||
|   containerSecurityContext: | ||||
|     enabled: true | ||||
|     seLinuxOptions: {} | ||||
|     runAsNonRoot: false | ||||
|     privileged: false | ||||
|     readOnlyRootFilesystem: true | ||||
|     allowPrivilegeEscalation: false | ||||
|     capabilities: | ||||
|       drop: ["ALL"] | ||||
|     seccompProfile: | ||||
|       type: "RuntimeDefault" | ||||
							
								
								
									
										35
									
								
								badhouseplants/values/values.postgres16.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								badhouseplants/values/values.postgres16.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| architecture: standalone | ||||
|  | ||||
| auth: | ||||
|   database: postgres | ||||
|  | ||||
| persistence: | ||||
|   size: 1Gi | ||||
|  | ||||
| metrics: | ||||
|   enabled: false | ||||
| primary: | ||||
|   resources:  | ||||
|     limits: | ||||
|       ephemeral-storage: 1Gi | ||||
|       memory: 512Mi | ||||
|     requests: | ||||
|       cpu: 512m | ||||
|       ephemeral-storage: 50Mi | ||||
|       memory: 128Mi | ||||
|   podSecurityContext: | ||||
|     enabled: true | ||||
|     fsGroupChangePolicy: Always | ||||
|     sysctls: [] | ||||
|     supplementalGroups: [] | ||||
|   containerSecurityContext: | ||||
|     enabled: true | ||||
|     seLinuxOptions: {} | ||||
|     runAsNonRoot: false | ||||
|     privileged: false | ||||
|     readOnlyRootFilesystem: false | ||||
|     allowPrivilegeEscalation: false | ||||
|     capabilities: | ||||
|       drop: ["ALL"] | ||||
|     seccompProfile: | ||||
|       type: "RuntimeDefault" | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: grafana-https | ||||
|       gateway: badhouseplants-net | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: "grafana.badhouseplants.net" | ||||
|       service: prometheus-grafana | ||||
| @@ -64,7 +64,8 @@ defaultRules: | ||||
| prometheus: | ||||
|   prometheusSpec: | ||||
|     enableAdminAPI: true | ||||
|     retentionSize: 10GB | ||||
|     retentionSize: 7GB | ||||
|     retention: 20d | ||||
|     podMonitorNamespaceSelector: | ||||
|       any: true | ||||
|     podMonitorSelector: {} | ||||
| @@ -83,9 +84,10 @@ prometheus: | ||||
|           accessModes: ["ReadWriteOnce"] | ||||
|           resources: | ||||
|             requests: | ||||
|               storage: 10Gi | ||||
|               storage: 12Gi | ||||
|  | ||||
| grafana: | ||||
|   assertNoLeakedSecrets: false | ||||
|   persistence: | ||||
|     enabled: true | ||||
|     size: 2Gi | ||||
|   | ||||
| @@ -3,3 +3,9 @@ config: | ||||
|   clients: | ||||
|     #    - url: http://loki.monitoring-system:3100 | ||||
|     - url: http://loki-gateway/loki/api/v1/push | ||||
|   snippets: | ||||
|     pipelineStages: | ||||
|       - match: | ||||
|           pipeline_name: "drop-all" | ||||
|           selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}' | ||||
|           action: drop | ||||
|   | ||||
| @@ -1,7 +1,11 @@ | ||||
| metrics: | ||||
|   enabled: false | ||||
|  | ||||
| secretAnnotations: | ||||
|   reflector.v1.k8s.emberstack.com/reflection-allowed: "true" | ||||
|   reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" | ||||
|   reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application" | ||||
| architecture: standalone | ||||
| master: | ||||
|   persistence: | ||||
|     enabled: false | ||||
|     enabled: false | ||||
|   | ||||
							
								
								
									
										19
									
								
								badhouseplants/values/values.roles.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								badhouseplants/values/values.roles.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| roles: | ||||
|   - name: minecraft-admin | ||||
|     namespace: minecraft-application | ||||
|     kind: Role | ||||
|     rules: | ||||
|       - apiGroups: ["*"] | ||||
|         resources: ["*"] | ||||
|         verbs: ["*"] | ||||
|         namespace: | ||||
|           - minecraft-application | ||||
|   - name: minecraft-admin | ||||
|     namespace: games | ||||
|     kind: Role | ||||
|     rules: | ||||
|       - apiGroups: ["*"] | ||||
|         resources: ["*"] | ||||
|         verbs: ["*"] | ||||
|         namespace: | ||||
|           - games | ||||
							
								
								
									
										55
									
								
								badhouseplants/values/values.tandoor.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								badhouseplants/values/values.tandoor.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | ||||
| istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: tandoor-http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: tandoor.badhouseplants.net | ||||
|       service: tandoor | ||||
|       port: 8080 | ||||
|  | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   name: tandoor-postgres16 | ||||
|   instance: postgres16 | ||||
|   credentials: | ||||
|     POSTGRES_HOST: |- | ||||
|       "{{ .Hostname }}" | ||||
|     POSTGRES_PORT: |- | ||||
|       "{{ .Port }}" | ||||
|  | ||||
| envFrom: | ||||
|   - secretRef: | ||||
|       name: tandoor-postgres16-creds | ||||
| env: | ||||
|   TZ: UTC | ||||
|   DB_ENGINE: django.db.backends.postgresql | ||||
|   EMAIL_HOST: badhouseplants.net | ||||
|   EMAIL_PORT: 587 | ||||
|   EMAIL_HOST_USER: overlord@badhouseplants.net | ||||
|   EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g | ||||
|   EMAIL_USE_TLS: 1 | ||||
|   EMAIL_USE_SSL: 0 | ||||
|   DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net | ||||
| persistence: | ||||
|   config: | ||||
|     enabled: true | ||||
|     retain: true | ||||
|     storageClass: longhorn | ||||
|     accessMode: ReadWriteOnce | ||||
|     size: 1Gi | ||||
|   media: | ||||
|     enabled: true | ||||
|     mountPath: /opt/recipes/mediafiles | ||||
|     retain: true | ||||
|     storageClass: longhorn | ||||
|     accessMode: ReadWriteOnce | ||||
|     size: 1Gi | ||||
|   static: | ||||
|     enabled: true | ||||
|     type: emptyDir | ||||
|     mountPath: /opt/recipes/staticfiles | ||||
|   django-js-reverse: | ||||
|     enabled: true | ||||
|     type: emptyDir | ||||
|     mountPath: /opt/recipes/cookbook/static/django_js_reverse | ||||
							
								
								
									
										81
									
								
								badhouseplants/values/values.traefik.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										81
									
								
								badhouseplants/values/values.traefik.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,81 @@ | ||||
| globalArguments: | ||||
|   - "--serversTransport.insecureSkipVerify=true" | ||||
| service: | ||||
|   spec: | ||||
|     externalTrafficPolicy: Local | ||||
| ports: | ||||
|   web: | ||||
|     redirectTo: | ||||
|       port: websecure | ||||
|   ssh: | ||||
|     port: 22 | ||||
|     expose: | ||||
|       default: true | ||||
|     exposedPort: 22 | ||||
|     protocol: TCP | ||||
|   openvpn: | ||||
|     port: 1194 | ||||
|     expose: | ||||
|       default: true | ||||
|     exposedPort: 1194 | ||||
|     protocol: TCP | ||||
|   valve-server: | ||||
|     port: 27015 | ||||
|     expose: | ||||
|       default: true | ||||
|     exposedPort: 27015 | ||||
|     protocol: UDP | ||||
|   valve-rcon: | ||||
|     port: 27015 | ||||
|     expose: | ||||
|       default: true | ||||
|     exposedPort: 27015 | ||||
|     protocol: TCP | ||||
|   smtp: | ||||
|     port: 25 | ||||
|     protocol: TCP | ||||
|     exposedPort: 25 | ||||
|     expose: | ||||
|       default: true | ||||
|   smtps: | ||||
|     port: 465 | ||||
|     protocol: TCP | ||||
|     exposedPort: 465 | ||||
|     expose: | ||||
|       default: true | ||||
|   smtp-startls: | ||||
|     port: 587 | ||||
|     protocol: TCP | ||||
|     exposedPort: 587 | ||||
|     expose: | ||||
|       default: true   | ||||
|   imap: | ||||
|     port: 143 | ||||
|     protocol: TCP | ||||
|     exposedPort: 143 | ||||
|     expose: | ||||
|       default: true | ||||
|   imaps: | ||||
|     port: 993 | ||||
|     protocol: TCP | ||||
|     exposedPort: 993 | ||||
|     expose: | ||||
|       default: true | ||||
|   pop3: | ||||
|     port: 110 | ||||
|     protocol: TCP | ||||
|     exposedPort: 110 | ||||
|     expose: | ||||
|       default: true | ||||
|   pop3s: | ||||
|     port: 995 | ||||
|     protocol: TCP | ||||
|     exposedPort: 995 | ||||
|     expose: | ||||
|       default: true | ||||
|   minecraft: | ||||
|     port: 25565 | ||||
|     protocol: TCP | ||||
|     exposedPort: 25565 | ||||
|     expose: | ||||
|       default: true | ||||
							
								
								
									
										81
									
								
								badhouseplants/values/values.vaultwarden.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										81
									
								
								badhouseplants/values/values.vaultwarden.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,81 @@ | ||||
| --- | ||||
| # ------------------------------------------ | ||||
| # -- Istio extenstion. Just because I'm | ||||
| # --  not using ingress nginx | ||||
| # ------------------------------------------ | ||||
| istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: vaultwarden-http | ||||
|       kind: http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       hostname: vault.badhouseplants.net | ||||
|       service: vaultwarden | ||||
|       port: 8080 | ||||
| # ------------------------------------------ | ||||
| # -- Database extension is used to manage | ||||
| # --  database with db-operator | ||||
| # ------------------------------------------ | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   name: vaultwarden-postgres16 | ||||
|   instance: postgres16 | ||||
| service: | ||||
|   port: 8080 | ||||
| vaultwarden: | ||||
|   smtp: | ||||
|     host: badhouseplants.net | ||||
|     security: "starttls" | ||||
|     port: 587 | ||||
|     from: vaultwarden@badhouseplants.net | ||||
|     fromName: Vault Warden | ||||
|     authMechanism: "Plain" | ||||
|     acceptInvalidHostnames: "false" | ||||
|     acceptInvalidCerts: "false" | ||||
|     debug: false | ||||
|   domain: https://vault.badhouseplants.net | ||||
|   websocket: | ||||
|     enabled: true | ||||
|     address: "0.0.0.0" | ||||
|     port: 3012 | ||||
|   rocket: | ||||
|     port: "8080" | ||||
|     workers: "10" | ||||
|   webVaultEnabled: "true" | ||||
|   signupsAllowed: false | ||||
|   invitationsAllowed: true | ||||
|   signupDomains: "https://vault.badhouseplants.com" | ||||
|   signupsVerify: "true" | ||||
|   showPassHint: "false" | ||||
|   database: | ||||
|     existingSecret: vaultwarden-postgres16-creds | ||||
|     existingSecretKey: CONNECTION_STRING | ||||
|     connectionRetries: 15 | ||||
|     maxConnections: 10 | ||||
|   storage: | ||||
|     enabled: true | ||||
|     size: 1Gi | ||||
|     class: longhorn | ||||
|     dataDir: /data | ||||
|   logging: | ||||
|     enabled: false | ||||
|     logfile: "/data/vaultwarden.log" | ||||
|     loglevel: "warn" | ||||
| ingress: | ||||
|   enabled: true | ||||
|   annotations: | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|   hosts: | ||||
|     - host: vault.badhouseplants.net | ||||
|       paths: | ||||
|         - path: / | ||||
|           pathType: Prefix | ||||
|   tls: | ||||
|     - secretName: vault-tls-secret | ||||
|       hosts: | ||||
|         - vault.badhouseplants.net | ||||
							
								
								
									
										59
									
								
								badhouseplants/values/values.vaultwardentest.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										59
									
								
								badhouseplants/values/values.vaultwardentest.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,59 @@ | ||||
| service: | ||||
|   port: 8080 | ||||
| vaultwarden: | ||||
|   smtp: | ||||
|     host: mail.badhouseplants.net | ||||
|     security: "starttls" | ||||
|     port: 587 | ||||
|     from: vaulttest@badhouseplants.net | ||||
|     fromName: Vault Warden | ||||
|     authMechanism: "Plain" | ||||
|     acceptInvalidHostnames: "false" | ||||
|     acceptInvalidCerts: "false" | ||||
|     debug: false | ||||
|   domain: https://vaulttest.badhouseplants.net | ||||
|   websocket: | ||||
|     enabled: true | ||||
|     address: "0.0.0.0" | ||||
|     port: 3012 | ||||
|   rocket: | ||||
|     port: "8080" | ||||
|     workers: "10" | ||||
|   webVaultEnabled: "true" | ||||
|   signupsAllowed: true | ||||
|   invitationsAllowed: true | ||||
|   signupDomains: "test.test" | ||||
|   signupsVerify: false | ||||
|   showPassHint: true | ||||
|   # database: | ||||
|     # existingSecret: vaultwarden-postgres16-creds | ||||
|     # existingSecretKey: CONNECTION_STRING | ||||
|     # connectionRetries: 15 | ||||
|     # maxConnections: 10 | ||||
|   storage: | ||||
|     enabled: true | ||||
|     size: 512Mi | ||||
|     class: longhorn | ||||
|     dataDir: /data | ||||
|   logging: | ||||
|     enabled: false | ||||
|     logfile: "/data/vaultwarden.log" | ||||
|     loglevel: "warn" | ||||
| ingress: | ||||
|   enabled: true | ||||
|   annotations: | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|   hosts: | ||||
|     - host: vaulttest.badhouseplants.net | ||||
|       paths: | ||||
|         - path: / | ||||
|           pathType: Prefix | ||||
|   tls: | ||||
|     - secretName: vault-tls-secret | ||||
|       hosts: | ||||
|         - vaulttest.badhouseplants.net | ||||
							
								
								
									
										53
									
								
								badhouseplants/values/values.woodpecker-ci.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										53
									
								
								badhouseplants/values/values.woodpecker-ci.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,53 @@ | ||||
| # ------------------------------------------ | ||||
| # -- Istio extenstion. Just because I'm | ||||
| # --  not using ingress nginx | ||||
| # ------------------------------------------ | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   name: woodpecker-postgres16 | ||||
|   instance: postgres16 | ||||
|   credentials: | ||||
|     WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" | ||||
| server: | ||||
|   ingress: | ||||
|     enabled: true | ||||
|     annotations: | ||||
|       kubernetes.io/ingress.class: traefik | ||||
|       kubernetes.io/tls-acme: "true" | ||||
|       kubernetes.io/ingress.allow-http: "false" | ||||
|       kubernetes.io/ingress.global-static-ip-name: "" | ||||
|       cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|       traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|     hosts: | ||||
|       - host: ci.badhouseplants.net | ||||
|         paths: | ||||
|           - path: / | ||||
|     tls: | ||||
|       - secretName: woodpecker-tls-secret | ||||
|         hosts: | ||||
|           - ci.badhouseplants.net | ||||
|   enabled: true | ||||
|   env: | ||||
|     WOODPECKER_GITEA: true | ||||
|     WOODPECKER_GITEA_URL: https://git.badhouseplants.net | ||||
|     WOODPECKER_DATABASE_DRIVER: postgres | ||||
|     WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 | ||||
|     WOODPECKER_OPEN: true | ||||
|     WOODPECKER_ADMIN: "woodpecker,allanger" | ||||
|     WOODPECKER_HOST: "https://ci.badhouseplants.net" | ||||
|     WOODPECKER_ESCALATE: true | ||||
|     WOODPECKER_BACKEND_K8S_NAMESPACE: platform | ||||
|   extraSecretNamesForEnvFrom: | ||||
|     - woodpecker-postgres16-creds | ||||
| agent: | ||||
|   enabled: true | ||||
|   extraSecretNamesForEnvFrom: [] | ||||
|   env: | ||||
|     WOODPECKER_SERVER: woodpecker-ci-server:9000 | ||||
|     WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi | ||||
|     WOODPECKER_BACKEND_K8S_NAMESPACE: platform | ||||
|     WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn | ||||
|   serviceAccount: | ||||
|     create: true | ||||
|   rbac: | ||||
|     create: true | ||||
							
								
								
									
										48
									
								
								badhouseplants/values/values.zot.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										48
									
								
								badhouseplants/values/values.zot.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,48 @@ | ||||
| ingress: | ||||
|   enabled: true | ||||
|   className: ~ | ||||
|   annotations:  | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: web,websecure | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     kubernetes.io/tls-acme: "true" | ||||
|     kubernetes.io/ingress.allow-http: "false" | ||||
|     kubernetes.io/ingress.global-static-ip-name: "" | ||||
|     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 | ||||
|   pathtype: ImplementationSpecific | ||||
|   hosts: | ||||
|     - host: registry.badhouseplants.net | ||||
|       paths: | ||||
|         - path: / | ||||
|   tls:  | ||||
|     - secretName: zot-secret-tls | ||||
|       hosts: | ||||
|         - registry.badhouseplants.net | ||||
| strategy: | ||||
|   type: Recreate | ||||
| service: | ||||
|   type: ClusterIP | ||||
| persistence: true | ||||
| pvc: | ||||
|   create: true | ||||
|   accessMode: "ReadWriteOnce" | ||||
|   storage: 5Gi | ||||
|   storageClassName: longhorn | ||||
| mountConfig: true | ||||
| mountSecret: true | ||||
|   #configFiles: | ||||
|   #  ui.json: |- | ||||
|   #    { | ||||
|   #      "log": { | ||||
|   #        "level": "info" | ||||
|   #      }, | ||||
|   #      "extensions": { | ||||
|   #        "search": { | ||||
|   #          "cve": { | ||||
|   #            "updateInterval": "2h" | ||||
|   #          } | ||||
|   #        }, | ||||
|   #        "ui": { | ||||
|   #          "enable": true | ||||
|   #        } | ||||
|   #      } | ||||
|   #    } | ||||
							
								
								
									
										23
									
								
								charts/namespaces/chart/.helmignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								charts/namespaces/chart/.helmignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| # Patterns to ignore when building packages. | ||||
| # This supports shell glob matching, relative path matching, and | ||||
| # negation (prefixed with !). Only one pattern per line. | ||||
| .DS_Store | ||||
| # Common VCS dirs | ||||
| .git/ | ||||
| .gitignore | ||||
| .bzr/ | ||||
| .bzrignore | ||||
| .hg/ | ||||
| .hgignore | ||||
| .svn/ | ||||
| # Common backup files | ||||
| *.swp | ||||
| *.bak | ||||
| *.tmp | ||||
| *.orig | ||||
| *~ | ||||
| # Various IDEs | ||||
| .project | ||||
| .idea/ | ||||
| *.tmproj | ||||
| .vscode/ | ||||
							
								
								
									
										24
									
								
								charts/namespaces/chart/Chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								charts/namespaces/chart/Chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| apiVersion: v2 | ||||
| name: namespaces | ||||
| description: A Helm chart for Kubernetes | ||||
|  | ||||
| # A chart can be either an 'application' or a 'library' chart. | ||||
| # | ||||
| # Application charts are a collection of templates that can be packaged into versioned archives | ||||
| # to be deployed. | ||||
| # | ||||
| # Library charts provide useful utilities or functions for the chart developer. They're included as | ||||
| # a dependency of application charts to inject those utilities and functions into the rendering | ||||
| # pipeline. Library charts do not define any templates and therefore cannot be deployed. | ||||
| type: application | ||||
|  | ||||
| # This is the chart version. This version number should be incremented each time you make changes | ||||
| # to the chart and its templates, including the app version. | ||||
| # Versions are expected to follow Semantic Versioning (https://semver.org/) | ||||
| version: 0.1.0 | ||||
|  | ||||
| # This is the version number of the application being deployed. This version number should be | ||||
| # incremented each time you make changes to the application. Versions are not expected to | ||||
| # follow Semantic Versioning. They should reflect the version the application is using. | ||||
| # It is recommended to use it with quotes. | ||||
| appVersion: "1.16.0" | ||||
							
								
								
									
										43
									
								
								charts/namespaces/chart/templates/_helpers.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								charts/namespaces/chart/templates/_helpers.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| {{/* | ||||
| Expand the name of the chart. | ||||
| */}} | ||||
| {{- define "namespaces.name" -}} | ||||
| {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create a default fully qualified app name. | ||||
| We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||||
| If release name contains chart name it will be used as a full name. | ||||
| */}} | ||||
| {{- define "namespaces.fullname" -}} | ||||
| {{- if .Values.fullnameOverride }} | ||||
| {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} | ||||
| {{- else }} | ||||
| {{- $name := default .Chart.Name .Values.nameOverride }} | ||||
| {{- if contains $name .Release.Name }} | ||||
| {{- .Release.Name | trunc 63 | trimSuffix "-" }} | ||||
| {{- else }} | ||||
| {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create chart name and version as used by the chart label. | ||||
| */}} | ||||
| {{- define "namespaces.chart" -}} | ||||
| {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Common labels | ||||
| */}} | ||||
| {{- define "namespaces.labels" -}} | ||||
| helm.sh/chart: {{ include "namespaces.chart" . }} | ||||
| {{- if .Chart.AppVersion }} | ||||
| app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||||
| {{- end }} | ||||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | ||||
| {{- end }} | ||||
|  | ||||
							
								
								
									
										19
									
								
								charts/namespaces/chart/templates/namespaces.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								charts/namespaces/chart/templates/namespaces.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| {{- if .Values.namespaces }} | ||||
| {{- range $ns := .Values.namespaces }} | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: {{ $ns.name }} | ||||
|   labels: | ||||
|     {{- include "namespaces.labels" $ | nindent 4 }} | ||||
|     {{- with $ns.labels }} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|   annotations: | ||||
|     "helm.sh/resource-policy": keep | ||||
|     {{- with $ns.annotations}} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										20
									
								
								charts/namespaces/chart/values.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								charts/namespaces/chart/values.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| namespaces: | ||||
|   - name: giantswarm-flux | ||||
|     labels: | ||||
|       name: giantswarm-flux | ||||
|   - name: giantswarm | ||||
|     labels: | ||||
|       name: giantswarm | ||||
|   - name: monitoring | ||||
|     labels: | ||||
|       name: monitoring | ||||
|   - name: org-giantswarm | ||||
|     labels: | ||||
|       name: org-giantswarm | ||||
|   - name: flux-system | ||||
|     labels: | ||||
|       name: flux-system | ||||
|   - name: flux-giantswarm | ||||
|     labels: | ||||
|       name: flux-giantswarm | ||||
|   - name: policy-exception | ||||
							
								
								
									
										6
									
								
								charts/namespaces/kustomize/flux-system.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								charts/namespaces/kustomize/flux-system.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: flux-system | ||||
|   labels: | ||||
|     name: flux-system | ||||
							
								
								
									
										6
									
								
								charts/namespaces/kustomize/giantswarm-flux.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								charts/namespaces/kustomize/giantswarm-flux.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: giantswarm-flux | ||||
|   labels: | ||||
|     name: giantswarm-flux | ||||
							
								
								
									
										6
									
								
								charts/namespaces/kustomize/giantswarm.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								charts/namespaces/kustomize/giantswarm.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: giantswarm | ||||
|   labels: | ||||
|     name: giantswarm | ||||
							
								
								
									
										5
									
								
								charts/namespaces/kustomize/kustomization.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								charts/namespaces/kustomize/kustomization.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| resources: | ||||
|   - ./giantswarm-flux.yml | ||||
|   - ./giantswarm.yml | ||||
|   - ./monitoring.yml | ||||
|   - ./org-giantswarm.yml | ||||
							
								
								
									
										6
									
								
								charts/namespaces/kustomize/monitoring.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								charts/namespaces/kustomize/monitoring.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: monitoring | ||||
|   labels: | ||||
|     name: monitoring | ||||
							
								
								
									
										6
									
								
								charts/namespaces/kustomize/org-giantswarm.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								charts/namespaces/kustomize/org-giantswarm.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: org-giantswarm | ||||
|   labels: | ||||
|     name: org-giantswarm | ||||
							
								
								
									
										23
									
								
								charts/roles/.helmignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								charts/roles/.helmignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| # Patterns to ignore when building packages. | ||||
| # This supports shell glob matching, relative path matching, and | ||||
| # negation (prefixed with !). Only one pattern per line. | ||||
| .DS_Store | ||||
| # Common VCS dirs | ||||
| .git/ | ||||
| .gitignore | ||||
| .bzr/ | ||||
| .bzrignore | ||||
| .hg/ | ||||
| .hgignore | ||||
| .svn/ | ||||
| # Common backup files | ||||
| *.swp | ||||
| *.bak | ||||
| *.tmp | ||||
| *.orig | ||||
| *~ | ||||
| # Various IDEs | ||||
| .project | ||||
| .idea/ | ||||
| *.tmproj | ||||
| .vscode/ | ||||
							
								
								
									
										6
									
								
								charts/roles/Chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								charts/roles/Chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| apiVersion: v2 | ||||
| name: roles | ||||
| description: A Helm chart for Kubernetes | ||||
| type: application | ||||
| version: 0.1.0 | ||||
| appVersion: "1.16.0" | ||||
							
								
								
									
										43
									
								
								charts/roles/templates/_helpers.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								charts/roles/templates/_helpers.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| {{/* | ||||
| Expand the name of the chart. | ||||
| */}} | ||||
| {{- define "roles.name" -}} | ||||
| {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create a default fully qualified app name. | ||||
| We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||||
| If release name contains chart name it will be used as a full name. | ||||
| */}} | ||||
| {{- define "roles.fullname" -}} | ||||
| {{- if .Values.fullnameOverride }} | ||||
| {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} | ||||
| {{- else }} | ||||
| {{- $name := default .Chart.Name .Values.nameOverride }} | ||||
| {{- if contains $name .Release.Name }} | ||||
| {{- .Release.Name | trunc 63 | trimSuffix "-" }} | ||||
| {{- else }} | ||||
| {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create chart name and version as used by the chart label. | ||||
| */}} | ||||
| {{- define "roles.chart" -}} | ||||
| {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Common labels | ||||
| */}} | ||||
| {{- define "roles.labels" -}} | ||||
| helm.sh/chart: {{ include "roles.chart" . }} | ||||
| {{- if .Chart.AppVersion }} | ||||
| app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||||
| {{- end }} | ||||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | ||||
| {{- end }} | ||||
|  | ||||
							
								
								
									
										23
									
								
								charts/roles/templates/namespaces.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								charts/roles/templates/namespaces.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| {{- if .Values.roles }} | ||||
| {{- range $roles := .Values.roles }} | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: {{ $roles.kind }} | ||||
| metadata: | ||||
|   name: {{ $roles.name }} | ||||
|   namespace: {{ $roles.namespace }} | ||||
|   labels: | ||||
|     {{- include "roles.labels" $ | nindent 4 }} | ||||
|     {{- with $roles.labels }} | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|     {{- end }} | ||||
|   {{- with $roles.annotations}} | ||||
|   annotations: | ||||
|     {{- toYaml . | nindent 4 }} | ||||
|   {{- end }} | ||||
| rules: | ||||
| {{- with $roles.rules }} | ||||
| {{- toYaml . | nindent 2 }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										9
									
								
								charts/roles/values.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								charts/roles/values.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| roles: | ||||
|   - name: minecraft-admin | ||||
|     namespace: minecraft-application | ||||
|     kind: Role | ||||
|     rules: | ||||
|       - apiGroups: ["*"] | ||||
|         resources: ["*"] | ||||
|         verbs: ["*"] | ||||
|         namespace: ["minecraft-application"] | ||||
							
								
								
									
										23
									
								
								charts/root/.helmignore
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								charts/root/.helmignore
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| # Patterns to ignore when building packages. | ||||
| # This supports shell glob matching, relative path matching, and | ||||
| # negation (prefixed with !). Only one pattern per line. | ||||
| .DS_Store | ||||
| # Common VCS dirs | ||||
| .git/ | ||||
| .gitignore | ||||
| .bzr/ | ||||
| .bzrignore | ||||
| .hg/ | ||||
| .hgignore | ||||
| .svn/ | ||||
| # Common backup files | ||||
| *.swp | ||||
| *.bak | ||||
| *.tmp | ||||
| *.orig | ||||
| *~ | ||||
| # Various IDEs | ||||
| .project | ||||
| .idea/ | ||||
| *.tmproj | ||||
| .vscode/ | ||||
							
								
								
									
										6
									
								
								charts/root/Chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								charts/root/Chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| apiVersion: v2 | ||||
| name: root | ||||
| description: A Helm chart for Kubernetes | ||||
| type: application | ||||
| version: 0.1.5 | ||||
| appVersion: "1.16.0" | ||||
							
								
								
									
										62
									
								
								charts/root/templates/_helpers.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										62
									
								
								charts/root/templates/_helpers.tpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,62 @@ | ||||
| {{/* | ||||
| Expand the name of the chart. | ||||
| */}} | ||||
| {{- define "root.name" -}} | ||||
| {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create a default fully qualified app name. | ||||
| We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||||
| If release name contains chart name it will be used as a full name. | ||||
| */}} | ||||
| {{- define "root.fullname" -}} | ||||
| {{- if .Values.fullnameOverride }} | ||||
| {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} | ||||
| {{- else }} | ||||
| {{- $name := default .Chart.Name .Values.nameOverride }} | ||||
| {{- if contains $name .Release.Name }} | ||||
| {{- .Release.Name | trunc 63 | trimSuffix "-" }} | ||||
| {{- else }} | ||||
| {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create chart name and version as used by the chart label. | ||||
| */}} | ||||
| {{- define "root.chart" -}} | ||||
| {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Common labels | ||||
| */}} | ||||
| {{- define "root.labels" -}} | ||||
| helm.sh/chart: {{ include "root.chart" . }} | ||||
| {{ include "root.selectorLabels" . }} | ||||
| {{- if .Chart.AppVersion }} | ||||
| app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||||
| {{- end }} | ||||
| app.kubernetes.io/managed-by: {{ .Release.Service }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Selector labels | ||||
| */}} | ||||
| {{- define "root.selectorLabels" -}} | ||||
| app.kubernetes.io/name: {{ include "root.name" . }} | ||||
| app.kubernetes.io/instance: {{ .Release.Name }} | ||||
| {{- end }} | ||||
|  | ||||
| {{/* | ||||
| Create the name of the service account to use | ||||
| */}} | ||||
| {{- define "root.serviceAccountName" -}} | ||||
| {{- if .Values.serviceAccount.create }} | ||||
| {{- default (include "root.fullname" .) .Values.serviceAccount.name }} | ||||
| {{- else }} | ||||
| {{- default "default" .Values.serviceAccount.name }} | ||||
| {{- end }} | ||||
| {{- end }} | ||||
							
								
								
									
										25
									
								
								charts/root/templates/root.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								charts/root/templates/root.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| {{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} | ||||
| apiVersion: source.toolkit.fluxcd.io/v1 | ||||
| kind: GitRepository | ||||
| metadata: | ||||
|   name: root | ||||
| spec: | ||||
|   interval: 30s | ||||
|   url: {{ .Values.url }} | ||||
|   ref: | ||||
|     branch: {{ .Values.branch }} | ||||
| --- | ||||
| apiVersion: kustomize.toolkit.fluxcd.io/v1 | ||||
| kind: Kustomization | ||||
| metadata: | ||||
|   name: root | ||||
| spec: | ||||
|   interval: 30s | ||||
|   targetNamespace: flux-system | ||||
|   sourceRef: | ||||
|     kind: GitRepository | ||||
|     name: root | ||||
|   path: "." | ||||
|   prune: false | ||||
|   timeout: 1m | ||||
| {{- end }} | ||||
							
								
								
									
										25
									
								
								charts/root/templates/self.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								charts/root/templates/self.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| {{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} | ||||
| apiVersion: source.toolkit.fluxcd.io/v1 | ||||
| kind: GitRepository | ||||
| metadata: | ||||
|   name: root-self | ||||
| spec: | ||||
|   interval: 30s | ||||
|   url: {{ .Values.self.url }} | ||||
|   ref: | ||||
|     branch: {{ .Values.self.branch }} | ||||
| --- | ||||
| apiVersion: kustomize.toolkit.fluxcd.io/v1 | ||||
| kind: Kustomization | ||||
| metadata: | ||||
|   name: root-self | ||||
| spec: | ||||
|   interval: 30s | ||||
|   targetNamespace: flux-system | ||||
|   sourceRef: | ||||
|     kind: GitRepository | ||||
|     name: root-self | ||||
|   path: "." | ||||
|   prune: false | ||||
|   timeout: 1m | ||||
| {{- end }} | ||||
							
								
								
									
										5
									
								
								charts/root/values.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								charts/root/values.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| url: https://git.badhouseplants.net/giantswarm/cluster-example.git | ||||
| branch: main | ||||
| self: | ||||
|   url: git@git.badhouseplants.net:giantswarm/root-config.git | ||||
|   branch: master | ||||
| @@ -10,7 +10,41 @@ ext-database: | ||||
|         spec: | ||||
|           secretName: "{{ .Values.name  }}-creds" | ||||
|           instance: "{{ .Values.instance }}" | ||||
|           deletionProtected: false | ||||
|           deletionProtected: true | ||||
|           backup: | ||||
|             enable: false | ||||
|             cron: 0 0 * * * | ||||
|           {{- if .Values.credentials }} | ||||
|           credentials: | ||||
|             templates: | ||||
|               {{- range $key, $value := .Values.credentials }} | ||||
|               - name: {{ $key }} | ||||
|                 template: {{ $value | quote }} | ||||
|                 secret: true | ||||
|               {{- end }} | ||||
|           {{- end }} | ||||
|        | ||||
|     - | | ||||
|         {{- if (.Values.extraDatabase).enabled }} | ||||
|         --- | ||||
|         apiVersion: kinda.rocks/v1beta1 | ||||
|         kind: Database | ||||
|         metadata: | ||||
|           name: "{{ .Values.extraDatabase.name }}" | ||||
|         spec: | ||||
|           secretName: "{{ .Values.extraDatabase.name  }}-creds" | ||||
|           instance: "{{ .Values.extraDatabase.instance }}" | ||||
|           deletionProtected: true | ||||
|           backup: | ||||
|             enable: false | ||||
|             cron: 0 0 * * * | ||||
|           {{- if .Values.extraDatabase.credentials }} | ||||
|           credentials: | ||||
|             templates: | ||||
|               {{- range $key, $value := .Values.extraDatabase.credentials }} | ||||
|               - name: {{ $key }} | ||||
|                 template: {{ $value }} | ||||
|                 secret: true | ||||
|               {{- end }} | ||||
|           {{- end }} | ||||
|         {{- end }} | ||||
|   | ||||
							
								
								
									
										16
									
								
								common/values.istio-gateway.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								common/values.istio-gateway.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| istio-gateway: | ||||
|   templates: | ||||
|     - | | ||||
|         {{ range .Values.gateways }} | ||||
|         --- | ||||
|         apiVersion: networking.istio.io/v1beta1 | ||||
|         kind: Gateway | ||||
|         metadata: | ||||
|           name: {{ .name }} | ||||
|         spec: | ||||
|           selector:  | ||||
|             istio: ingressgateway | ||||
|           servers: | ||||
|         {{ toYaml .servers | indent 4 }} | ||||
|         {{ end }} | ||||
| @@ -10,7 +10,7 @@ istio: | ||||
|           name: {{ .name }} | ||||
|         spec: | ||||
|           gateways: | ||||
|           - "istio-system/{{ .gateway }}" | ||||
|           - "{{ .gateway }}" | ||||
|           hosts: | ||||
|           -  {{ .hostname | quote }} | ||||
|           {{- if eq  .kind "http" }} | ||||
|   | ||||
							
								
								
									
										14
									
								
								common/values.metallb.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								common/values.metallb.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | ||||
| --- | ||||
| metallb: | ||||
|   templates: | ||||
|     - | | ||||
|         {{ range .Values.ippools }} | ||||
|         --- | ||||
|         apiVersion: metallb.io/v1beta1 | ||||
|         kind: IPAddressPool | ||||
|         metadata: | ||||
|           name: {{ .name }} | ||||
|         spec: | ||||
|           addresses: | ||||
|           - {{ .addresses }} | ||||
|         {{ end }} | ||||
							
								
								
									
										20
									
								
								common/values.tcp-route.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								common/values.tcp-route.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| --- | ||||
| traefik: | ||||
|   templates: | ||||
|     - | | ||||
|         {{ range .Values.tcpRoutes }} | ||||
|         --- | ||||
|         apiVersion: traefik.io/v1alpha1 | ||||
|         kind: IngressRouteTCP | ||||
|         metadata: | ||||
|           name: {{ .name }} | ||||
|         spec: | ||||
|           entryPoints: | ||||
|           - {{ .entrypoint }} | ||||
|           routes: | ||||
|           - match: {{ .match }} | ||||
|             services: | ||||
|             - name: {{ .service }} | ||||
|               nativeLB: true | ||||
|               port: {{ .port }} | ||||
|         {{- end }} | ||||
							
								
								
									
										13
									
								
								common/values.tcproute.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								common/values.tcproute.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| --- | ||||
| tcproute: | ||||
|   templates: | ||||
|     -  | | ||||
|       --- | ||||
|         {{ range .Values.routes }} | ||||
|         apiVersion: traefik.io/v1alpha1 | ||||
|         kind: IngressRouteTCP | ||||
|         metadata: | ||||
|           name: {{ printf "%s-%s" .Release.Name .name }} | ||||
|         spec: | ||||
|           {{ tpl (.routes | toYaml | indent 2 | toString) $  }} | ||||
|         {{ end }} | ||||
							
								
								
									
										27
									
								
								crd.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								crd.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| templates: | ||||
|   # --------------------------- | ||||
|   # -- Hooks | ||||
|   # --------------------------- | ||||
|   crd-management-hook: | ||||
|     hooks: | ||||
|       - events: ["preapply"] | ||||
|         showlogs: true | ||||
|         command: "sh" | ||||
|         args: | ||||
|           - -c | ||||
|           - | | ||||
|             helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f  - \ | ||||
|             || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f  - \ | ||||
|             || true | ||||
|       - events: ["prepare"] | ||||
|         showlogs: true | ||||
|         command: "sh" | ||||
|         args: | ||||
|           - -c | ||||
|           - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" | ||||
|       - events: ["postuninstall"] | ||||
|         showlogs: true | ||||
|         command: "sh" | ||||
|         args: | ||||
|           - -c | ||||
|           - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" | ||||
| @@ -1,7 +0,0 @@ | ||||
| # Restic | ||||
|  | ||||
| We are using restic for backing up the Minecraft server | ||||
|  | ||||
| ## How to restore | ||||
|  | ||||
| TODO: Describe the restoration process | ||||
| @@ -1,4 +1,26 @@ | ||||
| --- | ||||
| {{ readFile "../releases.yaml" }} | ||||
|  | ||||
| releases: | ||||
|   - <<: *openvpn | ||||
|     installed: true | ||||
|     namespace: openvpn-service | ||||
|     createNamespace: false | ||||
|    | ||||
|   - <<: *istio-base | ||||
|     installed: false | ||||
|     namespace: istio-system | ||||
|     createNamespace: false | ||||
|    | ||||
|   - <<: *istio-gateway | ||||
|     installed: false | ||||
|     namespace: istio-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *istiod | ||||
|     installed: false | ||||
|     namespace: istio-system | ||||
|     createNamespace: false | ||||
|  | ||||
| bases: | ||||
|   - ../environments.yaml | ||||
|   | ||||
| @@ -1,21 +1,21 @@ | ||||
| rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] | ||||
| rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str] | ||||
| users: | ||||
|     - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] | ||||
|       secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] | ||||
|       policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] | ||||
|     - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] | ||||
|       secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] | ||||
|       policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] | ||||
| oidc: | ||||
|     enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] | ||||
|     configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] | ||||
|     clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str] | ||||
|     clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str] | ||||
|     claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] | ||||
|     redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] | ||||
|     comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] | ||||
|     claimPrefix: "" | ||||
|     scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] | ||||
|     - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str] | ||||
|       secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str] | ||||
|       policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str] | ||||
|     - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str] | ||||
|       secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str] | ||||
|       policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str] | ||||
|       #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment] | ||||
|       #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment] | ||||
|       #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment] | ||||
|       #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment] | ||||
|       #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment] | ||||
|       #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment] | ||||
|       #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment] | ||||
|       #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment] | ||||
|       #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment] | ||||
|       #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -25,14 +25,14 @@ sops: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz | ||||
|             QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I | ||||
|             R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa | ||||
|             UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 | ||||
|             vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6 | ||||
|             MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U | ||||
|             SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX | ||||
|             ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg | ||||
|             mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-03-26T11:56:18Z" | ||||
|     mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str] | ||||
|     lastmodified: "2024-02-04T08:44:29Z" | ||||
|     mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.7.3 | ||||
|     version: 3.8.1 | ||||
|   | ||||
							
								
								
									
										24
									
								
								etersoft/values/secrets.postgres16.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								etersoft/values/secrets.postgres16.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| global: | ||||
|     postgresql: | ||||
|         auth: | ||||
|             postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 | ||||
|             VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi | ||||
|             bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns | ||||
|             Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 | ||||
|             OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-10-04T02:27:48Z" | ||||
|     mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.0 | ||||
							
								
								
									
										13
									
								
								etersoft/values/values.longhorn.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								etersoft/values/values.longhorn.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| defaultSettings: | ||||
|   backupTarget: s3://longhorn@us-east1/backupstore  | ||||
|   backupTargetCredentialSecret: aws-secret | ||||
|   guaranteedEngineManagerCPU: 6 | ||||
|   guaranteedReplicaManagerCPU: 6 | ||||
|   storageOverProvisioningPercentage: 300 | ||||
|   storageMinimalAvailablePercentage: 5 | ||||
|   defaultDataPath: /media-longhorn | ||||
| csi: | ||||
|   kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet | ||||
| persistence: | ||||
|   defaultClassReplicaCount: 1 | ||||
| enablePSP: false | ||||
							
								
								
									
										5
									
								
								etersoft/values/values.metallb-resources.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								etersoft/values/values.metallb-resources.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| metallb: | ||||
|   enabled: true | ||||
|   ippools: | ||||
|     - name: etersoft | ||||
|       addresses: 91.232.225.63-91.232.225.63 | ||||
| @@ -18,6 +18,16 @@ istio: | ||||
|       hostname: s3.e.badhouseplants.net | ||||
|       service: minio | ||||
|       port: 9000 | ||||
| image: | ||||
|   repository: quay.io/minio/minio | ||||
|   tag: RELEASE.2024-01-11T07-46-16Z-cpuv1 | ||||
|   pullPolicy: IfNotPresent | ||||
|  | ||||
| mcImage: | ||||
|   repository: quay.io/minio/mc | ||||
|   tag: RELEASE.2024-01-11T05-49-32Z-cpuv1 | ||||
|   pullPolicy: IfNotPresent | ||||
|  | ||||
| rootUser: 'overlord' | ||||
| replicas: 1 | ||||
| mode: standalone | ||||
| @@ -73,6 +83,8 @@ policies: | ||||
|         - 'arn:aws:s3:::longhorn' | ||||
|         - 'arn:aws:s3:::restic/*' | ||||
|         - 'arn:aws:s3:::restic' | ||||
|         - 'arn:aws:s3:::etcd/*' | ||||
|         - 'arn:aws:s3:::etcd' | ||||
|       actions: | ||||
|         - "s3:DeleteObject" | ||||
|         - "s3:GetObject" | ||||
| @@ -83,10 +95,18 @@ buckets: | ||||
|     policy: none | ||||
|     purge: false | ||||
|     versioning: false | ||||
|   - name: velero-test | ||||
|     policy: none | ||||
|     purge: false | ||||
|     versioning: false | ||||
|   - name: restic | ||||
|     policy: none | ||||
|     purge: false | ||||
|     versioning: false | ||||
|   - name: etcd | ||||
|     policy: none | ||||
|     versioning: false | ||||
|     purge: false | ||||
| metrics: | ||||
|   serviceMonitor: | ||||
|     enabled: false | ||||
|   | ||||
| @@ -14,6 +14,8 @@ istio: | ||||
|       service: openvpn | ||||
|       port: 1194 | ||||
|  | ||||
| image: | ||||
|   tag: v2.6.5-xor-4.0.0beta08 | ||||
| storage: | ||||
|   class: microk8s-hostpath | ||||
|   size: 5Gi | ||||
|   | ||||
							
								
								
									
										10
									
								
								etersoft/values/values.postgres16.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								etersoft/values/values.postgres16.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| architecture: standalone | ||||
|  | ||||
| auth: | ||||
|   database: postgres | ||||
|  | ||||
| persistence: | ||||
|   size: 1Gi | ||||
|  | ||||
| metrics: | ||||
|   enabled: false | ||||
							
								
								
									
										56
									
								
								extensions.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										56
									
								
								extensions.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,56 @@ | ||||
| templates: | ||||
|   # ---------------------------- | ||||
|   # -- Extensions | ||||
|   # ---------------------------- | ||||
|   ext-istio-gateway: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
|         version: 2.0.0 | ||||
|         alias: istio-gateway | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' | ||||
|  | ||||
|   ext-istio-resource: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
|         version: 2.0.0 | ||||
|         alias: istio | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' | ||||
|   ext-certificate: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
|         version: 2.0.0 | ||||
|         alias: certificate | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' | ||||
|   ext-metallb: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
|         version: 2.0.0 | ||||
|         alias: metallb | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' | ||||
|   service-monitor: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
|         version: 2.0.0 | ||||
|         alias: service-monitor | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' | ||||
|   namespace: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
|         version: 2.0.0 | ||||
|         alias: ns | ||||
|     inherit: | ||||
|       - template: default-common-values | ||||
|       - template: default-env-values | ||||
|  | ||||
|   ext-database: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
|         version: 2.0.0 | ||||
|         alias: ext-database | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.database.yaml' | ||||
| @@ -11,24 +11,9 @@ releases: | ||||
|     namespace: kube-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *istio-base | ||||
|     installed: true | ||||
|     namespace: istio-system | ||||
|     createNamespace: false | ||||
|    | ||||
|   - <<: *istio-gateway | ||||
|     installed: true | ||||
|     namespace: istio-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *istiod | ||||
|     installed: true | ||||
|     namespace: istio-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *cert-manager | ||||
|     installed: true | ||||
|     namespace: cert-manager | ||||
|     namespace: kube-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *minio | ||||
| @@ -36,15 +21,20 @@ releases: | ||||
|     namespace: minio-service | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *openvpn | ||||
|     installed: true | ||||
|     namespace: openvpn-service | ||||
|     createNamespace: false | ||||
|    | ||||
|   - <<: *metallb | ||||
|     installed: true | ||||
|     namespace: metallb-system | ||||
|     createNamespace: true | ||||
|     namespace: kube-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *reflector | ||||
|     installed: true | ||||
|     namespace: kube-system | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *metallb-resources | ||||
|     installed: true | ||||
|     namespace: kube-system | ||||
|     createNamespace: false | ||||
|  | ||||
| helmfiles: | ||||
|   - path: {{.Environment.Name }}/helmfile.yaml | ||||
|   | ||||
							
								
								
									
										235
									
								
								helmule/helmule.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										235
									
								
								helmule/helmule.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,235 @@ | ||||
| charts: | ||||
|   - repository: metrics-server | ||||
|     name: metrics-server | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: metallb | ||||
|     name: metallb | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: bedag | ||||
|     name: raw | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: jetstack | ||||
|     name: cert-manager | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: longhorn | ||||
|     name: longhorn | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: argo | ||||
|     name: argo-cd | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: prometheus-community | ||||
|     name: kube-prometheus-stack | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: grafana | ||||
|     name: loki | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: grafana | ||||
|     name: promtail | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: istio | ||||
|     name: base | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: istio | ||||
|     name: gateway | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: istio | ||||
|     name: istiod | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: allanger-gitea | ||||
|     name: openvpn-xor | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: allanger-gitea | ||||
|     name: openvpn | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: drone | ||||
|     name: drone | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: drone | ||||
|     name: drone-runner-docker | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: woodpecker | ||||
|     name: woodpecker | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: bitnami | ||||
|     name: wordpress | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: minio | ||||
|     name: minio | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: gitea | ||||
|     name: gitea | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: ananace-charts | ||||
|     name: funkwhale | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: bitwarden | ||||
|     name: vaultwarden | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: bitnami | ||||
|     name: redis | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: bitnami | ||||
|     name: postgresql | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: db-operator | ||||
|     name: db-operator | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: db-operator | ||||
|     name: db-instances | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: bitnami | ||||
|     name: mysql | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: allanger-gitea | ||||
|     name: docker-mailserver | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: allanger-gitea | ||||
|     name: vaultwarden | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: emberstack | ||||
|     name: reflector | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: mailu | ||||
|     name: mailu | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: gabe565 | ||||
|     name: tandoor | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: coredns | ||||
|     name: coredns | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: cilium | ||||
|     name: cilium | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
|   - repository: zot | ||||
|     name: zot | ||||
|     mirrors: | ||||
|       - custom-commands | ||||
| mirrors: | ||||
|   - name: custom-commands | ||||
|     custom_command: | ||||
|       package: | ||||
|         - helm package -d package . | ||||
|       upload: | ||||
|         - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants | ||||
|         - rm -rf ./package | ||||
| repositories: | ||||
|   - name: metrics-server | ||||
|     helm: | ||||
|       url: https://kubernetes-sigs.github.io/metrics-server/ | ||||
|   - name: jetstack | ||||
|     helm: | ||||
|       url: https://charts.jetstack.io | ||||
|   - name: istio | ||||
|     helm: | ||||
|       url: https://istio-release.storage.googleapis.com/charts | ||||
|   - name: drone | ||||
|     helm: | ||||
|       url: https://charts.drone.io | ||||
|   - name: bitnami | ||||
|     helm: | ||||
|       url: https://charts.bitnami.com/bitnami | ||||
|   - name: minio | ||||
|     helm: | ||||
|       url: https://charts.min.io/ | ||||
|   - name: longhorn | ||||
|     helm: | ||||
|       url: https://charts.longhorn.io | ||||
|   - name: gitea | ||||
|     helm: | ||||
|       url: https://dl.gitea.io/charts/ | ||||
|   - name: ananace-charts | ||||
|     helm: | ||||
|       url: https://ananace.gitlab.io/charts | ||||
|   - name: argo | ||||
|     helm: | ||||
|       url: https://argoproj.github.io/argo-helm | ||||
|   - name: bedag | ||||
|     helm: | ||||
|       url: https://bedag.github.io/helm-charts/ | ||||
|   - name: metallb | ||||
|     helm: | ||||
|       url: https://metallb.github.io/metallb | ||||
|   - name: prometheus-community | ||||
|     helm: | ||||
|       url: https://prometheus-community.github.io/helm-charts | ||||
|   - name: grafana | ||||
|     helm: | ||||
|       url: https://grafana.github.io/helm-charts | ||||
|   - name: bitwarden | ||||
|     helm: | ||||
|       url: https://constin.github.io/vaultwarden-helm/ | ||||
|   - name: db-operator | ||||
|     helm: | ||||
|       url: https://db-operator.github.io/charts | ||||
|   - name: allanger-gitea | ||||
|     helm: | ||||
|       url: https://git.badhouseplants.net/api/packages/allanger/helm | ||||
|   - name: badhouseplants | ||||
|     helm: | ||||
|       url: https://badhouseplants.github.io/helm-charts/ | ||||
|   - name: woodpecker | ||||
|     helm: | ||||
|       url: https://woodpecker-ci.org | ||||
|   - name: firefly-iii | ||||
|     helm: | ||||
|       url: https://firefly-iii.github.io/kubernetes/ | ||||
|   - name: emberstack | ||||
|     helm: | ||||
|       url: https://emberstack.github.io/helm-charts | ||||
|   - name: gabe565 | ||||
|     helm: | ||||
|       url: https://charts.gabe565.com | ||||
|   - name: mailu | ||||
|     helm: | ||||
|       url: https://mailu.github.io/helm-charts/ | ||||
|   - name: coredns | ||||
|     helm: | ||||
|       url: https://coredns.github.io/helm | ||||
|   - name: cilium | ||||
|     helm: | ||||
|       url: https://helm.cilium.io/ | ||||
|   - name: phybros-helm-charts | ||||
|     helm: | ||||
|       url: https://phybros.github.io/helm-charts | ||||
|   - name: nextcloud | ||||
|     helm: | ||||
|       url: https://nextcloud.github.io/helm/ | ||||
|   - name: zot | ||||
|     helm: | ||||
|       url: https://zotregistry.dev/helm-charts/ | ||||
|  | ||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user