Compare commits

...
This repository has been archived on 2024-09-11. You can view files and clone it, but cannot push or open issues or pull requests.

2 Commits

Author SHA1 Message Date
06c11576f5
More changes 2024-07-05 10:08:57 +02:00
60e57f3b45
A lot of changes that are hard to track 2024-07-05 09:20:55 +02:00
31 changed files with 454 additions and 161 deletions

View File

@ -2,6 +2,15 @@
{{ readFile "../releases.yaml" }} {{ readFile "../releases.yaml" }}
releases: releases:
- <<: *istio-base
installed: false
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: false
namespace: istio-system
createNamespace: false
- <<: *namespaces - <<: *namespaces
installed: true installed: true
- <<: *roles - <<: *roles
@ -10,9 +19,9 @@ releases:
installed: true installed: true
- <<: *cilium - <<: *cilium
installed: true installed: true
- <<: *authentik
- <<: *local-path-provisioner - <<: *local-path-provisioner
- <<: *mailu
- <<: *zot - <<: *zot
installed: true installed: true
- <<: *keel - <<: *keel
@ -20,7 +29,7 @@ releases:
- <<: *argocd - <<: *argocd
installed: true installed: true
namespace: argo-system namespace: platform
createNamespace: false createNamespace: false
- <<: *nrodionov - <<: *nrodionov
@ -30,7 +39,7 @@ releases:
- <<: *gitea - <<: *gitea
installed: true installed: true
namespace: gitea-service namespace: applications
createNamespace: false createNamespace: false
- <<: *funkwhale - <<: *funkwhale
@ -53,6 +62,9 @@ releases:
namespace: database-service namespace: database-service
createNamespace: true createNamespace: true
- <<: *postgres16-gitea
namespace: databases
createNamespace: false
- <<: *db-operator - <<: *db-operator
installed: true installed: true
namespace: database-service namespace: database-service
@ -70,7 +82,7 @@ releases:
- <<: *woodpecker-ci - <<: *woodpecker-ci
installed: true installed: true
namespace: woodpecker-ci namespace: platform
createNamespace: true createNamespace: true
- <<: *vaultwarden - <<: *vaultwarden
@ -89,15 +101,10 @@ releases:
createNamespace: false createNamespace: false
- <<: *docker-mailserver - <<: *docker-mailserver
installed: true installed: false
namespace: applications namespace: applications
createNamespace: true createNamespace: true
- <<: *mailu
installed: false
namespace: mailu-application
createNamespace: false
- <<: *longhorn - <<: *longhorn
installed: true installed: true
namespace: longhorn-system namespace: longhorn-system

View File

@ -1,9 +1,9 @@
configs: configs:
cm: cm:
dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] dex.config: ENC[AES256_GCM,data:LCLzkdGS1CqPGPCpkf/Zqqk046aUlc1fiptooZnHN6qlJaSa18O2I6/t2sCZ+4V/5nkX5jX8EYpQ+S5gzqwnVdCfmgLNZMXHMM6MtRRvlX3sBxygT8KfQQN/aPb2A/n/sebDYV5P5ykzNAzbGLjJ5fc6Nz/QJTaPIBvHrez5VQZY3NBkP4fXb8gRYD3yw9mA4V0wXlW2sDlPmvnGMcj/RTvJGWhbtX/pWMSaLHBPoAR7wp/sTUDzkcRSvfANimzyXe8B5Zz+Xgo4bUV9T8lr5+rdxAYOlP0deg2lBR7mXr86JqVhLZp2Y8v6DNO3MgBmXzpbkIhg8hc7Tbe6I5+mqIZpIc7YPFJM7DhOB+QFAa3WHhcdwGcIkcECNipMcYDu0KBA1CSLlyVgsQLHPTubEp/8/0kC9HkZt+63dIlmR4IEnGVmUPMYmwym5Palsl3BN1LrTsA4WRIJwG4Ac4jUNCZiNF8rQu7CPa9a/mf+6NdVSJ/L9Gt1THnkzbN8xGK0CyEHWmrJ1drzC61SCfXIHxWMQn9NOegOtBkqjo6AE8KdmBmpqYqZW70t9iWFUN/wjfgwmNSM+JgUOE0s8A0B7oP+YS2gqQvbCmcP5CoPhtFwV4oNj+ZY+0dRjMF0EIh3pTsZUJhMuOK7W/fV3DpNGf7mT0WcrHd3nsgvbu+sijuM9I7ljvBGYJegvva8YP1g6OjJLckvC/nFt8Acfsqb6TaJhsEvpEQgg84Mn9vniW5zNhpIitkQVZ/DjZ0+cw5B8hWWZ65w66Xu0H4IR0RjEyuC8rDjEvdvBlKC22HiBoJvfASBlBrokIxj6YTp6je+xo7FOctmZfMOqm/yeydHJlR3z6NAY1tTnvn8VzLtXqFjwwC8wIoC944HnpZniXc1OAuIH1InIlSm9UC8eP29szuWufwPdInX2W3lE4bcJlmDMk1XxhA3dgh+HBNtZlSOuoG6ZkW/TinWHTx1GWqZ9nXNYbCptBdwCljc2TAmZzW37ZfovnYin5vaPUZQEX4Zq5fuF3YHHediwiVDbLAV2E+P0h2L4qWLFSEDzTXuI+/jsLN2a9TbuDEGBMZ5LL9tk+7A026Hw7yqkNiCjh7sIQ4OmQaIjPAeuKAUBY4jLomLCQOQfDdBbB7XLtpOJPwnM2EW1QVCPKC+WDHG+cv6ha4a4L0zsbS6VJvngfl2YKtZJrzrorBtH/enQuE/PPEal4eBrZ6DDuh0VKmnQbu4mdnrHc+06mMdBEEft3k+D5IoFUgEROoWFQ3DeY11gYCXzt0XMxYBs31S4jdbRmIe7kXsZmtZZPk=,iv:FwR1dU7UqgS9aqpNej3SbBnpAR5bqTwqxrn8SaowZrE=,tag:DlPZlqrfUKfpCZMz4/r1MQ==,type:str]
credentialTemplates: credentialTemplates:
ssh-creds: ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] sshPrivateKey: ENC[AES256_GCM,data:eC93yjQa8Id4Ub69bS5P3MlLKKgt9ZJCIT4vEIsW8yBrq+zvhGmf/sNBL/wmX+mSdxgGpbEuC75Oo0pHZMx7NFgifOIAqbdeSMBj4mw3pJqK4GLPxbEQ4sn07cs/AR1/pvbzPO18cwzrTEgKQdat2RGqJJWNmw/YcWQ9uUGYGyYIK81Mbz28QaeK9SaMAYRPB0Awh/liMVL1oOm1dTsn5BAUvEA7Co0NIcK0CkemKeBUq+WGJDKfmiApa6sWek1F4UB7wbhUR9el2zd2P0TPnuO4HO+B6tRSupQ7honmWFRKkRuC/og6xklTU1W9V/6sRAgG/raHlNwcmWozLrf3TGYSuYWWKQjabvQ9DiKsqcMyMmpisd3H9zkI+GQE0d2ORGTInf8KU6iLaLAzNeO6k1OVkrIw0EMN0fP6hN3bHT7aCHLZwFYkJoWLlRo15MNxNvaut2uCrbt9bN/vlmELLMgUX+7p+xtFhmRngZ8dZ1jO2Geqv3osCPOgspvqOOhvRwomfWxyzonpZTVe6JdH6VO7SV40G0vycMPK4WoqTcoLF845DV0TtdaSdyNea9FK6VDfj7+B2251Sqohs7eu1LlWKvO/58isZvLcCnn2HsTbcvnyJQBnTlwrpmB5U7T1rMINs8qer73eo/GpxoSMuYCcJpjdQCdcADgpIqCN9nWj6A2iidk5QqaHaXGUnV5TsNOmu65/DBgCU7WVqRIiUFC3nPzeALgBscmMCrqYJFB8UushleJsvq9yj9xXlhbYFCp2kmx0kMQG7R8dr0pjDePeVYnqjd8kxaVsQNfsHLohoxIjAHFfekDSnApQju07jPHngODe1SDqc5pxXJ1b1Nonefz80ZZhfFXcCEoUb3Njgr2OIftaeBP0EbOa28OheFxXIPm63d5WsolDPpfX2TiiQfFhxpcAzzHXSdweJfUAjes5AARCoJ0HD66qMkZ8QfbTHJQgBTOH6fqdlJJv2OdaTMhsEA9YZEF9xKdczME1qrCgNJvQdGYid7+uSzHIZyU/c4gxW7BZJdtVZzE0my2DgVYpvj3yhSz94wAUUMUOW1lJLde4zbXpgy+WY2WS4dhlvN9tBBRUgnvrBLizJCXUB75DqABYdkmyjx6STWZB42f2r2o5FasvDcjpsTjgjlujN/eTYTllRTAHlzBIE3BNsl/8w3S82eJX0VqqLvvSokRWplbPsTeoaChNhJdlbLDqVUprRLkU7C6zg7EvFYxiKnZ3KsbtL/0cLbWps7B0Oz9W9Kz2QXK7DYQy5PFovRJvrspdqPI4R4FhtggXvy8Cvj3cb6FS1h8y9d+Uf9JYGB+FvXvcr2b+ZWCEKINvArJ7Aeg7Thd5/9ptTaAxXzUG6QEWajigA5jYahDPSAEv3nLnaTS/YOCstR/uhsyTvi2ggrP2S7LN/l8Sbw1pFVdH+E1JcrVE+MP8+KQtkXLB4ggfVYC6w3OG0zNjOYsy402bLjsdz8SDgXJAedb3B097ODkHt/ZFkH70C3MOTWFrREAnQ3W2TlffJtMYfwG+6uenxu5mQ49kXQIu5qN4NzVKYuK+ly/KWAlC53ldxOeS17EjcKdqptpPadJsysm/jwX/9BFbalYcKSRgHb04pFsaL+AtSEGneqjPQBs2Z1ab7IAwEfw67aR9x7+m8FKmtkpaBzATWyf2OL0aL6dYCZ8B/Fagr9tUXWNsROBeChhiBXp+S/1JK4rsIdUEM2UleIJSjNooSJBHsz24NddfhgeTczawCSeL81OkQy1Qav770IDdFI3kNx2nKsg9d+0si+00e9JczvyaWuwgd4nJdtLevcY87/m0qgpedmyz4GPhOydvY3/07J7NWJ7vGLUqBVsbGqLqqdnXZM0z2DLYrCtwmpv0HuLZbljwsbVm2nQHvhjHrxD43MW1DN22zpAWq08hed+z1E9hBXlo/MCsltXkdW93rb440Zu4HTsPET5P1ZO+gNNIqb0oDMMLj/9WKLUospTR0S73xhRUx8CQF+PP6MP0EO0KeCoz26rY342YPkohAjKWCBhqo/6YkyQMv8VhAfF7QU74AG0F3oyPU1mMnOWavdB27nxFbsBfyVV0ccbmba2+huQmv3Hur+wEjAzHlHdESEbYQLk7efbIzh8zjiHiFHuCY1yvWoiSv0mqipTdqL1bN1yDckidSkZCzny2+PmB3rYdKiyBBmNBWwhFAAWO7EHx1N4D7tZg88pDEZNKQuUsoL1Fi5L+LQX5Y0Wm85v5R/w4OV0QSfkaU4Y1WhVAGlFjjJeDWm6f9jekYAhEL2R9bNcGOS4x17mhp735H9Ukr5lC6Iqa3r+TMaSfHdqPGqXeqpDFsBcja2LyafpiuH5fYOMiQqjRWPy1/1ASWTL/9osN+ZSD9z5cJ+qBDO15VG4DBeRAVU8415wnQf67FM8PD8HbNzdV1wAHY/wNMKbonFoLm9zn3fRDNIeb9HMynXK8i0cxlogRh4OSnysPLawJzmJyBxsiuBoUzw5dMpfrp79UOTmuRutDvtgKkQyR6Ko6qmAPUYnTLvrTSWY9uH7VLXpgwBfKZ+++Tdfo1p+cl1TObBYX4NYywFLy0HO2+I7YRse7MyrVEzEn/vE03E6rWmY/oTuNBREsH9vuJl9rPdiP9KEVL6uoRvsC2wQ6e5ar0TcUyMr96s3MtNTR9ZgXuKqoZrs38+4DTpV0rUhdVXtGKLE+OUH3+yVD+AcCFZ0/CuUz1FDlRdYCrPRD+cWlxKVCrS4aNV1KmdNl5DBE/G4gdf9u4MQoiTItJ6tX22eugJ6/EY366HR+vvh3u5NjhW8uG0KHMtjzSV75uxNC/1v5qeh90oaL+bKKgHBKHbs8zQX4o8Vf6m6zjQOCnPSyWFLVrQciXCDqjVafdI/SLCNxDKfTe0ZQLVzkNcjNK3S7H63E5jq5swPKB8npoZ3atscHgaa46wQgo4QumZdczDxzB/aMmTPpOB4cHydwTSy91Iv6QqjuWxaUdqCNrzMquo5HPKB5IdcsTpeW7iO403Qr/xhB3/eNPWU6LfjWN+hjnTdwt//8B6mOIYSuXY/OguR1XzabcxhqV9XDzuS6qE0iX0+FrZjuoBIdbZGs7hmDtG12/OITOciqcfeVU208SNx5/ROTiJx6XBrIcPdTsKAR2TIq6JG9P35cme9kSuEnJFjBDmvlD267arJ+LV+3MUZmt1qZriRfP4tmdlmkQ59s8QfZVW/L7s5DSWUFgXCpNn6Lazdejj3Ywun1bo62tM3DHcSUdDh3kfskiHEJ1lAuEZtFDJ8EPLMQ1eocowaKAiUJwod8ROih6G6S1qEifOCB1ns67CpQ/flfn3fBKtGiYvKb0993i5PLYuM5Aqs/9vo6QgKc8LHQuKLbNREs/Lvae6jLtzanNjSFIdITOAr1Ktlhp0ZzhnD/tvgkBex3Kx7u7Izlz90nvpG0hw8siXuRNfQTu6zyN+CmxXTS3SJPlQ==,iv:Azu/spL2e3S8phNkdvub23q5EGC32VLNtkbLHfzFRJ8=,tag:YyaUvje5hIf+GqCmjPubfQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -13,14 +13,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbTJ4Q2lkWnp2Um5ZYjVZ
MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 SjRmU1g2SVd6NCtMZEkyL2hHemlBSGhlMGh3ClVUckVtM3dlYU1IYXNSdVV2Ymd2
V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 U0FSQlJvUkthclRFWnB4ck9FY0lKdVEKLS0tIGZQT1c5VTZEWExGZ3duZEI3cExC
THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 RDA2Rzl4eG5UdVNKRFpFMThtNnl2aE0K7IaaTNZIGTTdck/xPGGYYdZTZBEzGZ3U
DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== iAZLLL+Aons4oSO2NRL7P/Bxx9n6eyXQsYVzo+FkM/Wzz3ReiKaVjA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T23:43:36Z" lastmodified: "2024-06-27T15:57:41Z"
mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] mac: ENC[AES256_GCM,data:OlIN1jNrcc3MWjaeD4IWUYJi+PA+RDf+KgD3XnttSPPqXX7iBwV0tSpoZ4tXsJSfAGzXTauOC3goFWH/uPHDJVyxFt0SrB0+sW4/YN7MPPzxmYo63XkEgA/3fmMSpZkUEitTwZOUGhSVWgHwBXJ6UGGZ0yRqb47w8VlVlbOt6zg=,iv:eZWX5LFA5E0aGCkTuwUbC5hWrzE9LW2ejR7amXsIAEo=,tag:xcUwqLpeS0wtrWmw+D2oWQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View File

@ -0,0 +1,24 @@
authentik:
email:
password: ENC[AES256_GCM,data:j5JFI7KqO2dOjl0xi4KhvnF04tc=,iv:/YH+XId24X69lRXrp73ZhKGOcuEtXn/ZvqlJwMTgdRk=,tag:YBh/slhCstFpXxE4y05Viw==,type:str]
secret_key: ENC[AES256_GCM,data:zbs2HX75h3rITd/JRPVa60AhrWgDp/syWFttnadRyDJFFM4/6YFOUhJNcGGQis6Tz5Q=,iv:1iYOTqBU3WHNPBa5TpSwi6+h6IT8Joc6Z4c2UKY7xQ8=,tag:DcRfBP69i17zKFobMA3WFQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGK0hPSEY4d3N4QS9aM0h3
NXRYZ1BMdXozVzdJWmlzWnIySXBwcHVrVUhrClgvRENGTHdJMnVsTjdSN2NseUtT
cjJ0emRObHdXTUhDejhhVEI1U0xvNlkKLS0tIHh2NGhzbGZDMm9ObDVxN1NYYS9u
WlhXbFVQbFZUNFlGWEhoVktxUXRuZUUKJNSS+vhG5McKrxvqCIT9dGivcReZOud7
HEReDoZcf0+7c4JgnrcT0AvvTR5fHPnfveTkwHym3LHMYbZnIPueig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-30T18:36:34Z"
mac: ENC[AES256_GCM,data:djXTiatawc1OuJ5VqfbR8wS2xKrvVZigGLyQa7tx6/zbgcP2yLQJvcYeZj6zHhQasFzaiNbD05Qz+9Td0ysxZuAnajQ+CaulnIOhy/FhaiiQFtqFTR7xEsFIiUBxTPEJkhVNlKTxzjJ1AX2dagiov75otC6jbueQqYTXaGGcdko=,iv:oWbWTUqlM1zQ7zfC5FZkNJJ8RxvM9+fvTWobgJCmLQE=,tag:7Jb9XBBq1OI0ghqOqxiJJA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View File

@ -1,8 +1,12 @@
dbinstances: dbinstances:
postgres16-gitea:
secrets:
adminUser: ENC[AES256_GCM,data:vMINVc9s2Es=,iv:Ry5so0+WPntFh6c3nMojw5b4vONdq+Ys5F7256psGaw=,tag:YbWaWwZ5SiYMOSXQ9n9t8A==,type:str]
adminPassword: ENC[AES256_GCM,data:xqlIJgMylef69LEC1M8s16UPCnaPlZuokO+rBPWC11ruBEkBD2FHOEvkCMsGcnPldmQ=,iv:WBO4LFIFGU8q9rWxFYdUac650QxOfmOT0b0PmOsdVZU=,tag:QpFfVINvBkrWW0+pPyj6Og==,type:str]
postgres16: postgres16:
secrets: secrets:
adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] adminUser: ENC[AES256_GCM,data:NsrkusJt+1c=,iv:MA8vXZRhOeO8XilEgpwiqvoJbNjghTcl4CJmHE5mjR0=,tag:awYDx0rT2HCIm6zDvG5L4w==,type:str]
adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] adminPassword: ENC[AES256_GCM,data:cgEW0YTi5MRgGEVAfCvRjPmzLtzy,iv:I7+VS6pZGUrd9To8+eX7EoIoQg099kaYeWXMXKfkS50=,tag:n9LgvnvSa3JjyB+gwT3lQw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,14 +16,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSG10ditaUG8rTlhaVUhs
RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx cXJHQ2JXaW9IalZHN21ZZGQrZzZ1T1FOWlRRCkZOc2JmNDh5M3YzSXNTa3R2U2hj
Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho ckVRVklsRlh1RlFES3JDdjBPSkxVN2sKLS0tIHVzL2VQbnFnUklyamNvN1VmUW5W
d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq d0xSNVM5OWxzbW9YRUE1ZEhZZ3dtR1EKI01GcMKUlu6mU237nGipXghGB/sduRjn
Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== AKpwYgh9IN55ZrDRUsZOHBkded5IlQAwcmbJIjxJi1Ce5XMSQnKF4Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-17T01:05:06Z" lastmodified: "2024-06-28T15:55:32Z"
mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] mac: ENC[AES256_GCM,data:reAQfZlF8N/0BiMFe0ayCzNmHTpPECKSdpTKACA4MFbCu7BHoPJjnn+rOwvonIGoZE2BVQx4pyKjWSLkRyog9EBg2/5VMh+jm5VjgrK5ztbK1RpSQV5pnQaQXDgT7VFAx1WYpg+gfgO2JxA5vHgvRlarjzPp0AJdoo3MmvCoHBg=,iv:S2f8fqMGq76dsGUK4fYLTWcFdv2mMq580Lih79Rfc68=,tag:fOvKeOl/sMFb9bQhHy/GeA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View File

@ -1,23 +1,23 @@
gitea: gitea:
admin: admin:
username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str] username: ENC[AES256_GCM,data:rcTmdLge12Q=,iv:NI5oBD3KpfrHmqy4YAfjf2Zw+NJxhqXnFlxy+Ht+TIg=,tag:i58IbKkc/RKQdsESQToCHg==,type:str]
password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str] password: ENC[AES256_GCM,data:RJ4jO8+d5zR4s/7QNzw3IdEZw6Q=,iv:e/Uuth+rdWYLxQhdDaKiLV9eGyDh3c2o6ObHsnUT6FQ=,tag:cE/ZNadxTTRt/XW9oYMfaQ==,type:str]
config: config:
mailer: mailer:
PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str] PASSWD: ENC[AES256_GCM,data:vxpdjf8RmLzi9sfAAl6rWXR9B+A=,iv:n+Yc4d8NJBHx26PSXoI/LMFXlXzWalNuRmNKeV3bPB0=,tag:KTpMNFB8DKneRhWdlG8pEw==,type:str]
database: database:
PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str] PASSWD: ENC[AES256_GCM,data:Lfhx3j4Q1i9srZ8yQ9PwuOCQz/0q2qo=,iv:MW6XyuG4L/2KjuK5glWMF9nYBlbsAHn0NJqlR0le+Lk=,tag:N3ZBuovYISutMY8SIfvwbg==,type:str]
session: session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str] PROVIDER_CONFIG: ENC[AES256_GCM,data:oocuP9ddSMRKvsdWKsuc++yNwyy2g4jxhfYSHmXFlE8DB4YN2hcnR8cADunwjr+dmdbUsuazzasCGVJNTn590ftZ4+8T0lDOZlHeQb9MbAXfu6u3J0hw7sKSuzqgDMmFyFP4etfflqzl6nvJjGp8xPv0ZHTaYk8lZSh357VjSg==,iv:/zCwb49eglEN9z5ui61njFHNwliSjgEx8Jf4Nea0rp0=,tag:t3O7Mib4WzdLFWEpDWdJfA==,type:str]
cache: cache:
HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str] HOST: ENC[AES256_GCM,data:h8WMw/IcWae/rfVv2UeCOSavjmq2P+kiGRA59SGRiSowFnqh57FIoVxLFIiqfsOqt5GrJh5H9WKAawDPsEBRhCdy0ciB0O5t/t7aBWZ4+YV5noWQTvfQB39vqAp3EXGhYAo5qsdEk8x0shFs3LbO0nnrFYggmZbHErsiHsnv1g==,iv:tIm03iYdmwWOQpIOMfUuF+GeAGbtrVgxStn0fzN2TE4=,tag:xo5hB0u/ybwoR38pK5BMqg==,type:str]
queue: queue:
CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str] CONN_STR: ENC[AES256_GCM,data:dZNUXJYpGAD9AyFoK9q4r1sawQTJN4Jd8pRn4ArWzgWZlPIqtqsIZyuS/v+JTzLf3ovjEQoBtm1lSBoXrtkWfeny5KmCoWZRvT6/SmBgpO0RjkdSEGwo9GTnWbcgK0uzjg2hQojUKBLkIsxSv9h/ZEGUQ5dSd8Hb+y09hvcGVw==,iv:b0SuaiixzJ719GOShswZqj5qgaHqtjyeKAGbxlo155w=,tag:e5hmBEvZEQ3WTALHkoVUSA==,type:str]
oauth: oauth:
- name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str] - name: ENC[AES256_GCM,data:Zm+sSCp0,iv:aZfvNxE0Y6urfByvpM+oA2CH+zZfFaaRL2KPVu11FQQ=,tag:uRArqbkp7SIebztUS+nDxA==,type:str]
provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str] provider: ENC[AES256_GCM,data:EI+yEwyd,iv:QqZObgWEUiXvdMn0VCm/lpzReTIeucWhh5aB8yQ2JeQ=,tag:hD72fCo7+h3LNIlQ3NAcJg==,type:str]
key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str] key: ENC[AES256_GCM,data:gM8p5PONOwdM9g+ZvM9INkJY3NI=,iv:ibQyiXIuXPJTmixintxbc/BsMID1vh28QNvdsDbI5Fw=,tag:KGB/MDQRXdAiJ1wauyRs5g==,type:str]
secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str] secret: ENC[AES256_GCM,data:Rmgl2K4n1TM1jd25bOM0VmjaM45kHlH9AHMbHCl/zQX7x8BwHG+Jkw==,iv:D9KHktqo7FQJ+tlJLAVlOuceGNKU3eAFSQv8fj8WKWE=,tag:NfTNy8fX3vsF/OgZVQnt+A==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -27,14 +27,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5oQmlrdFVQd1VNaHBM
M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5 dDlkYWVZR3dQRkxOYlhHek9PRmZZNm1pVXdzCjgvVkpOUnhNZll2QXNiY1Jyenhn
TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC Uk9XSWtiK3FWSzJ0NHV5c3lCdDN1VEkKLS0tIEY2dTNNQS84M2xFeUZETCsxT0Vr
OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X Z1NYdXFpdXlBSzNIeXEzYlNJZXRkZ2sKr5Wifcy7HNLYwhD8rPkHKwsaTZXDm9sn
RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg== gJnlmBIzz73oHB0Tw07YiRWkZd3JNgFCuWm03x+F72Yk4QAvUq/q3w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-09T09:32:40Z" lastmodified: "2024-06-28T16:06:23Z"
mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str] mac: ENC[AES256_GCM,data:RKe1RMx1A9k2/41QOoQn+TK0dCmSZ0h9jBlkqOWT5lPLzWHJudv7BpZOTgBcHEExmNLYgFJvevUDpwC04ZMrvZ5VCPnlLZbEGzutpYi3/Ieu3Yc/XeWGYUW++yErzzHSP47IA+NxHba2MiBIOWW7txkm+3oUeMbKLLQ5ILvAQyY=,iv:HYpyrOMaa5VrQd/ZtOk47wJoOHjZmMqqazJZ0hQ5wp0=,tag:VNKstOYqHUzpNme3yBtUkQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:4hWLoVdIKbRllUcRcLrnTmn49sZTfT8WJVf7np+eycp1tvPuxvr+1LuZUSFsmBH1l5Q=,iv:5TyazJWw5AeaUPq2uBLu6h5GjGIZzUDosaclTk+0Sp8=,tag:07IYy3U+ZFd3PZ41fN9Wug==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cUM5SnJIZGVXSXJsSkRS
dDZsWWJmODMxQ0JYQUVVNEJ0djhtWjdTNXg4ClYzZ2JFeXZicHRobUt0NHJDcXBn
NkZ2Q2JpaXIzdEUwODlLbUdwaUJiRkUKLS0tIFhMbnFRaHgxTXhXM3lLUEpRb3hS
aHltWVpVMUZQMUxNZlVFb1JEbFdKcVUK1dMISCWCZo+XJTp3ECToue5Q3I9lfGoT
yxVkq+M3UZUkAkJ/dMZBOCqAuaSdCCa1NqN6J3IlFaxGLasEDffHaA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-28T15:56:26Z"
mac: ENC[AES256_GCM,data:EyeLowunCJcO8Gzd314Gjc434g170R56OyGNG4iywfoaCsY6Kd5EJm7PeEPKsLx+f4M5vfxSD+pkJUABa1MALXgveHZXdiINg1MgpcOw02r2lYIN21ywSz/UJKxz0xZsWaJTnCkVfG2aHmOEFAlcm8wtalctzSeI0qB5RvSkJ8U=,iv:K5SEFucGJPPhl5vWIEjc7Ptx3sv44aXw/2PDMKv6H4s=,tag:LZm7C1M6bB++YUbqC3YYPg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View File

@ -0,0 +1,64 @@
---
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: authentik-postgres16
instance: postgres16
credentials:
host: "{{ .Hostname }}"
username: "{{ .Username }}"
password: "{{ .Password }}"
database: "{{ .Database }}"
authentik:
email:
host: email.badhouseplants.net
port: 587
username: bot@badhouseplants.net
use_tls: false
use_ssl: false
timeout: 30
from: bot@badhouseplants.net
postgresql:
host: file:///postgres-creds/host
user: file:///postgres-creds/username
password: file:///postgres-creds/password
name: file:///postgres-creds/database
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
# This sends anonymous usage-data, stack traces on errors and
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
error_reporting:
enabled: false
redis:
enabled: true
server:
ingress:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
enabled: true
hosts:
- authentik.badhouseplants.net
tls:
- secretName: authentik-tls-secret
hosts:
- authentik.badhouseplants.net
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
readOnly: true
worker:
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
readOnly: true

View File

@ -1,5 +1,15 @@
--- ---
dbinstances: dbinstances:
postgres16-gitea:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-gitea-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-gitea-postgresql.databases.svc.cluster.local
port: 5432
postgres16: postgres16:
monitoring: monitoring:
enabled: false enabled: false

View File

@ -33,6 +33,7 @@ celery:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"

View File

@ -1,4 +1,12 @@
--- ---
traefik:
enabled: true
tcpRoutes:
- name: gitea-ssh
service: gitea-ssh
match: HostSNI(`*`)
entrypoint: ssh
port: 22
# ------------------------------------------ # ------------------------------------------
# -- Database extension is used to manage # -- Database extension is used to manage
# -- database with db-operator # -- database with db-operator
@ -6,7 +14,7 @@
ext-database: ext-database:
enabled: true enabled: true
name: gitea-postgres16 name: gitea-postgres16
instance: postgres16 instance: postgres16-gitea
# ------------------------------------------ # ------------------------------------------
# -- Kubernetes related values # -- Kubernetes related values
@ -19,6 +27,7 @@ ingress:
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: "" kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts: hosts:
- host: git.badhouseplants.net - host: git.badhouseplants.net
paths: paths:
@ -33,11 +42,11 @@ clusterDomain: cluster.local
resources: resources:
limits: limits:
cpu: 300m cpu: 512m
memory: 512Mi memory: 1024Mi
requests: requests:
cpu: 50m cpu: 512m
memory: 128Mi memory: 256Mi
persistence: persistence:
enabled: true enabled: true
@ -57,9 +66,9 @@ gitea:
config: config:
database: database:
DB_TYPE: postgres DB_TYPE: postgres
HOST: postgres16-postgresql.database-service.svc.cluster.local HOST: postgres16-gitea-postgresql.databases.svc.cluster.local
NAME: gitea-service-gitea-postgres16 NAME: applications-gitea-postgres16
USER: gitea-service-gitea-postgres16 USER: applications-gitea-postgres16
APP_NAME: Bad Houseplants Gitea APP_NAME: Bad Houseplants Gitea
ui: ui:
meta: meta:
@ -105,10 +114,12 @@ gitea:
SMTP_PORT: 587 SMTP_PORT: 587
USER: overlord@badhouseplants.net USER: overlord@badhouseplants.net
indexer: indexer:
REPO_INDEXER_ENABLED: true REPO_INDEXER_ENABLED: false
REPO_INDEXER_PATH: indexers/repos.bleve REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576 MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/** REPO_INDEXER_EXCLUDE: resources/bin/**
picture:
ENABLE_FEDERATED_AVATAR: false
service: service:
ssh: ssh:
type: ClusterIP type: ClusterIP

View File

@ -1,4 +1,4 @@
---
# ------------------------------------------ # ------------------------------------------
# -- Database extension is used to manage # -- Database extension is used to manage
# -- database with db-operator # -- database with db-operator
@ -57,14 +57,17 @@ traefik:
subnet: 10.244.0.0/16 subnet: 10.244.0.0/16
sessionCookieSecure: true sessionCookieSecure: true
hostnames: hostnames:
- badhouseplants.net
- email.badhouseplants.net - email.badhouseplants.net
extraTls:
- hosts:
- badhouseplants.net
secretName: mailu-root-domain
domain: badhouseplants.net domain: badhouseplants.net
persistence: persistence:
single_pvc: false single_pvc: false
limits: limits:
messageRatelimit: messageRatelimit:
value: "10/day" value: "100/day"
tls: tls:
outboundLevel: secure outboundLevel: secure
ingress: ingress:
@ -76,12 +79,18 @@ ingress:
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: "" kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
tlsFlavorOverride: mail tlsFlavorOverride: mail
realIpFrom: traefik.kube-system.svc.cluster.local # realIpFrom: traefik.kube-system.svc.cluster.local
realIpHeader: "X-Real-IP" # realIpHeader: "X-Real-IP"
front: front:
hostPort: hostPort:
enabled: false enabled: false
extraEnvVars:
- name: PROXY_PROTOCOL
value: "mail"
- name: REAL_IP_FROM
value: "10.244.0.0/16,10.43.0.0/16"
admin: admin:
resources: resources:
requests: requests:
@ -89,7 +98,15 @@ admin:
cpu: 70m cpu: 70m
limits: limits:
memory: 700Mi memory: 700Mi
cpu: 400m cpu: 600m
startupProbe:
enabled: true
failureThreshold: 10
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
persistence: persistence:
size: 1Gi size: 1Gi
redis: redis:

View File

@ -28,6 +28,7 @@ ingress:
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: "" kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: / path: /
hosts: hosts:
- s3.badhouseplants.net - s3.badhouseplants.net
@ -44,6 +45,7 @@ consoleIngress:
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: "" kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: / path: /
hosts: hosts:
- minio.badhouseplants.net - minio.badhouseplants.net

View File

@ -1,23 +1,18 @@
namespaces: namespaces:
- name: longhorn-system - name: longhorn-system
- name: minio-service - name: minio-service
- name: argo-system
- name: nrodionov-application - name: nrodionov-application
- name: minecraft-application
annotations:
badohouseplants.net/git-repo: |
https://git.badhouseplants.net/badhouseplants/minecraft-helmfile
badhouseplants.net/ci: |
https://ci.badhouseplants.net/repos/15
- name: gitea-service
- name: funkwhale-application - name: funkwhale-application
- name: database-service - name: database-service
- name: mail-service
- name: vaultwarden-application - name: vaultwarden-application
- name: woodpecker-ci
- name: openvpn-service - name: openvpn-service
- name: badhouseplants-main - name: badhouseplants-main
labels: labels:
istio-injection: enabled istio-injection: enabled
- name: badhouseplants-preview - name: badhouseplants-preview
- name: kube-services - name: kube-services
- name: databases
- name: applications
- name: development
- name: platform
- name: games

View File

@ -0,0 +1,35 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false
primary:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 256Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

View File

@ -9,6 +9,14 @@ persistence:
metrics: metrics:
enabled: false enabled: false
primary: primary:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 512m
ephemeral-storage: 50Mi
memory: 128Mi
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroupChangePolicy: Always fsGroupChangePolicy: Always

View File

@ -6,4 +6,14 @@ roles:
- apiGroups: ["*"] - apiGroups: ["*"]
resources: ["*"] resources: ["*"]
verbs: ["*"] verbs: ["*"]
namespace: ["minecraft-application"] namespace:
- minecraft-application
- name: minecraft-admin
namespace: games
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace:
- games

View File

@ -4,7 +4,10 @@ service:
spec: spec:
externalTrafficPolicy: Local externalTrafficPolicy: Local
ports: ports:
git-ssh: web:
redirectTo:
port: websecure
ssh:
port: 22 port: 22
expose: expose:
default: true default: true

View File

@ -64,6 +64,7 @@ vaultwarden:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"

View File

@ -22,7 +22,7 @@ vaultwarden:
webVaultEnabled: "true" webVaultEnabled: "true"
signupsAllowed: true signupsAllowed: true
invitationsAllowed: true invitationsAllowed: true
signupDomains: "https://vaulttest.badhouseplants.net" signupDomains: "test.test"
signupsVerify: false signupsVerify: false
showPassHint: true showPassHint: true
# database: # database:
@ -43,6 +43,7 @@ ingress:
enabled: true enabled: true
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: "" kubernetes.io/ingress.global-static-ip-name: ""

View File

@ -2,15 +2,6 @@
# -- Istio extenstion. Just because I'm # -- Istio extenstion. Just because I'm
# -- not using ingress nginx # -- not using ingress nginx
# ------------------------------------------ # ------------------------------------------
istio:
enabled: true
istio:
- name: woodpecker-server-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: ci.badhouseplants.net
service: woodpecker-ci-server
port: 80
ext-database: ext-database:
enabled: true enabled: true
name: woodpecker-postgres16 name: woodpecker-postgres16
@ -26,6 +17,7 @@ server:
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: "" kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts: hosts:
- host: ci.badhouseplants.net - host: ci.badhouseplants.net
paths: paths:
@ -34,11 +26,6 @@ server:
- secretName: woodpecker-tls-secret - secretName: woodpecker-tls-secret
hosts: hosts:
- ci.badhouseplants.net - ci.badhouseplants.net
#image:
# registry: git.badhouseplants.net
# repository: allanger/woodpecker-server
# pullPolicy: Always
# tag: icon
enabled: true enabled: true
env: env:
WOODPECKER_GITEA: true WOODPECKER_GITEA: true
@ -49,21 +36,16 @@ server:
WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_ADMIN: "woodpecker,allanger"
WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_HOST: "https://ci.badhouseplants.net"
WOODPECKER_ESCALATE: true WOODPECKER_ESCALATE: true
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_NAMESPACE: platform
extraSecretNamesForEnvFrom: extraSecretNamesForEnvFrom:
- woodpecker-postgres16-creds - woodpecker-postgres16-creds
agent: agent:
#image:
# registry: git.badhouseplants.net
# repository: allanger/woodpecker-agent
# pullPolicy: Always
# tag: dev
enabled: true enabled: true
extraSecretNamesForEnvFrom: [] extraSecretNamesForEnvFrom: []
env: env:
WOODPECKER_SERVER: woodpecker-ci-server:9000 WOODPECKER_SERVER: woodpecker-ci-server:9000
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_NAMESPACE: platform
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
serviceAccount: serviceAccount:
create: true create: true

View File

@ -2,6 +2,7 @@ ingress:
enabled: true enabled: true
className: ~ className: ~
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.allow-http: "false"

View File

@ -19,7 +19,7 @@ ext-database:
templates: templates:
{{- range $key, $value := .Values.credentials }} {{- range $key, $value := .Values.credentials }}
- name: {{ $key }} - name: {{ $key }}
template: {{ $value }} template: {{ $value | quote }}
secret: true secret: true
{{- end }} {{- end }}
{{- end }} {{- end }}

View File

@ -8,17 +8,17 @@ releases:
createNamespace: false createNamespace: false
- <<: *istio-base - <<: *istio-base
installed: true installed: false
namespace: istio-system namespace: istio-system
createNamespace: false createNamespace: false
- <<: *istio-gateway - <<: *istio-gateway
installed: true installed: false
namespace: istio-system namespace: istio-system
createNamespace: false createNamespace: false
- <<: *istiod - <<: *istiod
installed: true installed: false
namespace: istio-system namespace: istio-system
createNamespace: false createNamespace: false

View File

@ -0,0 +1,14 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vaultflux
namespace: argo-system
spec:
project: default
source:
repoURL: git@git.badhouseplants.net:badhouseplants/k8s-cluster-config.git
targetRevision: try-argo-and-flux
path: manifests/debug/istio
destination:
server: https://kubernetes.default.svc
namespace: default

View File

@ -7,22 +7,22 @@ metadata:
name: debug name: debug
--- ---
# httpbin.yaml # httpbin.yaml
apiVersion: networking.istio.io/v1alpha3 #apiVersion: networking.istio.io/v1alpha3
kind: VirtualService #kind: VirtualService
metadata: #metadata:
name: httpbin # name: httpbin
namespace: debug # namespace: debug
spec: #spec:
hosts: # hosts:
- "httpbin.badhouseplants.net" # - "httpbin.badhouseplants.net"
gateways: # gateways:
- istio-system/badhouseplants-net # - istio-system/badhouseplants-net
http: # http:
- route: # - route:
- destination: # - destination:
port: # port:
number: 8000 # number: 8000
host: httpbin # host: httpbin
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
@ -79,3 +79,19 @@ spec:
name: httpbin name: httpbin
ports: ports:
- containerPort: 8000 - containerPort: 8000
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ubuntu
namespace: argo-system
spec:
project: default
source:
repoURL: git@git.badhouseplants.net:badhouseplants/k8s-cluster-config.git
targetRevision: try-argo-and-flux
path: manifests/debug/ubuntu
destination:
server: https://kubernetes.default.svc
namespace: default

View File

@ -0,0 +1,52 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: podinfo
namespace: default
spec:
interval: 5m
url: https://git.badhouseplants.net/api/packages/allanger/helm
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: podinfo
namespace: default
spec:
interval: 10m
timeout: 5m
chart:
spec:
chart: vaultwarden
version: '1.2.0'
sourceRef:
kind: HelmRepository
name: podinfo
interval: 5m
releaseName: vaultflux
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
test:
enable: true
driftDetection:
mode: enabled
ignore:
- paths: ["/spec/replicas"]
target:
kind: Deployment
postRenderers:
- kustomize:
patches:
- target:
labelSelector: app.kubernetes.io/instance=vaultflux
patch: |
- op: add
path: "/metadata/labels/argocd.argoproj.io~1instances"
value: vaultflux
values:
replicaCount: 2

View File

@ -145,9 +145,9 @@ templates:
cert-manager: &cert-manager cert-manager: &cert-manager
name: cert-manager name: cert-manager
chart: jetstack/cert-manager chart: jetstack/cert-manager
version: 1.15.0 version: 1.15.1
set: set:
- name: installCRDs - name: crds.enabled
value: true value: true
longhorn: &longhorn longhorn: &longhorn
name: longhorn name: longhorn
@ -159,7 +159,7 @@ templates:
argocd: &argocd argocd: &argocd
name: argocd name: argocd
chart: argo/argo-cd chart: argo/argo-cd
version: 7.1.3 version: 7.3.3
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -199,7 +199,7 @@ templates:
istio-common: istio-common:
labels: labels:
bundle: istio bundle: istio
version: 1.22.0 version: 1.22.2
istio-base: &istio-base istio-base: &istio-base
name: istio-base name: istio-base
@ -251,26 +251,7 @@ templates:
# ---------------------------- # ----------------------------
# -- Drone # -- Drone
# ---------------------------- # ----------------------------
drone-common:
labels:
bundle: drone
drone: &drone
name: drone
chart: drone/drone
version: 0.6.5
inherit:
- template: default-env-values
- template: default-env-secrets
- template: drone-common
drone-runner-docker: &drone-runner-docker
name: drone-runner-docker
chart: drone/drone-runner-docker
version: 0.6.2
inherit:
- template: default-env-values
- template: default-env-secrets
- template: drone-common
woodpecker-ci: &woodpecker-ci woodpecker-ci: &woodpecker-ci
name: woodpecker-ci name: woodpecker-ci
@ -284,7 +265,7 @@ templates:
nrodionov: &nrodionov nrodionov: &nrodionov
name: nrodionov name: nrodionov
chart: bitnami/wordpress chart: bitnami/wordpress
version: 22.4.10 version: 22.4.16
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -304,6 +285,7 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-tcp-routes
- template: ext-database - template: ext-database
funkwhale: &funkwhale funkwhale: &funkwhale
@ -326,15 +308,27 @@ templates:
redis: &redis redis: &redis
name: redis name: redis
chart: bitnami/redis chart: bitnami/redis
version: 19.5.3 version: 19.6.0
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
postgres16: &postgres16 postgres16: &postgres16
labels:
bundle: postgres
name: postgres16 name: postgres16
chart: bitnami/postgresql chart: bitnami/postgresql
version: 15.5.5 version: 15.5.11
inherit:
- template: default-env-values
- template: default-env-secrets
postgres16-gitea: &postgres16-gitea
labels:
bundle: postgres
name: postgres16-gitea
chart: bitnami/postgresql
version: 15.5.11
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -342,12 +336,12 @@ templates:
db-operator: &db-operator db-operator: &db-operator
name: db-operator name: db-operator
chart: db-operator/db-operator chart: db-operator/db-operator
version: 1.25.0 version: 1.27.1
db-instances: &db-instances db-instances: &db-instances
name: db-instances name: db-instances
chart: db-operator/db-instances chart: db-operator/db-instances
version: 2.3.1 version: 2.3.4
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -355,7 +349,7 @@ templates:
mysql: &mysql mysql: &mysql
name: mysql name: mysql
chart: bitnami/mysql chart: bitnami/mysql
version: 11.1.2 version: 11.1.4
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -363,7 +357,7 @@ templates:
docker-mailserver: &docker-mailserver docker-mailserver: &docker-mailserver
name: docker-mailserver name: docker-mailserver
chart: allanger-gitea/docker-mailserver chart: allanger-gitea/docker-mailserver
version: 2.3.1 version: 2.4.0
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: ext-tcp-routes - template: ext-tcp-routes
@ -393,7 +387,8 @@ templates:
mailu: &mailu mailu: &mailu
name: mailu name: mailu
chart: mailu/mailu chart: mailu/mailu
version: 1.5.0 namespace: applications
version: 2.0.0
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -462,3 +457,13 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
authentik: &authentik
name: authentik
chart: goauthentik/authentik
version: 2024.6.0
namespace: applications
createNamespace: false
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database

View File

@ -31,8 +31,8 @@ repositories:
url: https://constin.github.io/vaultwarden-helm/ url: https://constin.github.io/vaultwarden-helm/
- name: db-operator - name: db-operator
url: https://db-operator.github.io/charts url: https://db-operator.github.io/charts
# - name: allanger-gitea #- name: allanger-gitea
# url: https://git.badhouseplants.net/api/packages/allanger/helm # url: https://git.badhouseplants.net/api/packages/allanger/helm
- name: badhouseplants - name: badhouseplants
url: https://badhouseplants.github.io/helm-charts/ url: https://badhouseplants.github.io/helm-charts/
- name: woodpecker - name: woodpecker
@ -63,3 +63,5 @@ repositories:
url: https://traefik.github.io/charts url: https://traefik.github.io/charts
- name: local-path-provisioner - name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26 url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26
- name: goauthentik
url: https://charts.goauthentik.io/

View File

@ -2,17 +2,21 @@
export PGHOST=$OLD_PGHOST export PGHOST=$OLD_PGHOST
export PGPASSWORD=$OLD_PGPASSWORD export PGPASSWORD=$OLD_PGPASSWORD
export PGDATABASE=$OLD_PGDATABASE export PGDATABASE=$OLD_PGDATABASE
export PGPORT=$OLD_PGPORT
export PGUSER=$OLD_PGUSER
DUMP_FILE=/tmp/$PGDATABASE.dump DUMP_FILE=/tmp/$PGDATABASE.dump
pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv #pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
#
export PGHOST=$NEW_PGHOST #export PGHOST=$NEW_PGHOST
export PGPASSWORD=$NEW_PGPASSWORD #export PGPASSWORD=$NEW_PGPASSWORD
export PGDATABASE=$NEW_PGDATABASE #export PGDATABASE=$NEW_PGDATABASE
pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv #export PGPORT=$NEW_PGPORT
#export PGUSER=$NEW_PGUSER
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\"" #pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\"" #
psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\"" #psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
#psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
#psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
rm -f /tmp/output rm -f /tmp/output