Compare commits
1 Commits
main
...
add-depend
| Author | SHA1 | Date | |
|---|---|---|---|
| 5fd54f297a |
@ -16,15 +16,19 @@ steps:
|
||||
notification:
|
||||
image: deblan/woodpecker-email
|
||||
settings:
|
||||
dsn:
|
||||
from_secret: smtp_dsn
|
||||
from:
|
||||
address: woody@badhouseplants.net
|
||||
name: Woody Woodpecker
|
||||
from: woody@badhouseplants.net
|
||||
host: badhouseplants.net
|
||||
skip_verify: true
|
||||
no_starttls: false
|
||||
username:
|
||||
from_secret: smtp_username
|
||||
password:
|
||||
from_secret: smtp_password
|
||||
recipients:
|
||||
- allanger@badhouseplants.net
|
||||
subject: CDH result
|
||||
target: main
|
||||
recipients_only: true
|
||||
attachment: result.html
|
||||
when:
|
||||
- status: [success, failure]
|
||||
|
||||
@ -1,25 +1,11 @@
|
||||
when:
|
||||
event: push
|
||||
|
||||
|
||||
.k8s-limits: &k8s-limits
|
||||
backend_options:
|
||||
kubernetes:
|
||||
resources:
|
||||
requests:
|
||||
memory: 1024Mi
|
||||
cpu: 1000m
|
||||
limits:
|
||||
memory: 1512Mi
|
||||
cpu: 1500m
|
||||
|
||||
matrix:
|
||||
ENVIRONMENT:
|
||||
- badhouseplants
|
||||
- etersoft
|
||||
steps:
|
||||
diff:
|
||||
<<: *k8s-limits
|
||||
image: ghcr.io/helmfile/helmfile:canary
|
||||
secrets: [sops_age_key, kubeconfig_content]
|
||||
when:
|
||||
@ -31,7 +17,6 @@ steps:
|
||||
- echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
|
||||
- helmfile -e $ENVIRONMENT diff --suppress-secrets
|
||||
apply:
|
||||
<<: *k8s-limits
|
||||
image: ghcr.io/helmfile/helmfile:canary
|
||||
secrets: [sops_age_key, kubeconfig_content]
|
||||
when:
|
||||
|
||||
4
Makefile
Normal file
4
Makefile
Normal file
@ -0,0 +1,4 @@
|
||||
create_crb:
|
||||
kubectl create clusterrolebinding drone-deployer-workaround \
|
||||
--clusterrole=cluster-admin \
|
||||
--serviceaccount=drone-service:default
|
||||
@ -2,4 +2,4 @@
|
||||
[](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config)
|
||||
|
||||
# CRD hooks
|
||||
I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will.
|
||||
I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will.
|
||||
@ -2,21 +2,20 @@
|
||||
{{ readFile "../releases.yaml" }}
|
||||
|
||||
releases:
|
||||
- <<: *namespaces
|
||||
- <<: *drone
|
||||
installed: true
|
||||
- <<: *roles
|
||||
installed: true
|
||||
- <<: *coredns
|
||||
installed: true
|
||||
- <<: *cilium
|
||||
installed: true
|
||||
|
||||
- <<: *local-path-provisioner
|
||||
namespace: drone-service
|
||||
createNamespace: false
|
||||
|
||||
- <<: *zot
|
||||
- <<: *drone-runner-docker
|
||||
installed: true
|
||||
- <<: *keel
|
||||
- <<: *traefik
|
||||
namespace: drone-service
|
||||
createNamespace: false
|
||||
|
||||
- <<: *longhorn
|
||||
installed: true
|
||||
namespace: longhorn-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *argocd
|
||||
installed: true
|
||||
@ -28,6 +27,11 @@ releases:
|
||||
namespace: nrodionov-application
|
||||
createNamespace: false
|
||||
|
||||
- <<: *minecraft
|
||||
installed: true
|
||||
namespace: minecraft-application
|
||||
createNamespace: false
|
||||
|
||||
- <<: *gitea
|
||||
installed: true
|
||||
namespace: gitea-service
|
||||
@ -38,6 +42,21 @@ releases:
|
||||
namespace: funkwhale-application
|
||||
createNamespace: false
|
||||
|
||||
- <<: *prometheus
|
||||
installed: true
|
||||
namespace: monitoring-system
|
||||
createNamespace: true
|
||||
|
||||
- <<: *loki
|
||||
installed: true
|
||||
namespace: monitoring-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *promtail
|
||||
installed: true
|
||||
namespace: monitoring-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *bitwarden
|
||||
installed: false
|
||||
namespace: bitwarden-application
|
||||
@ -68,41 +87,26 @@ releases:
|
||||
namespace: database-service
|
||||
createNamespace: true
|
||||
|
||||
- <<: *woodpecker-ci
|
||||
- <<: *docker-mailserver
|
||||
installed: true
|
||||
namespace: woodpecker-ci
|
||||
namespace: mail-service
|
||||
createNamespace: true
|
||||
|
||||
- <<: *istio-gateway-resources
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *vaultwarden
|
||||
createNamespace: true
|
||||
installed: true
|
||||
namespace: vaultwarden-application
|
||||
|
||||
- <<: *vaultwardentest
|
||||
createNamespace: false
|
||||
installed: true
|
||||
namespace: applications
|
||||
|
||||
- <<: *openvpn-xor
|
||||
- <<: *woodpecker-ci
|
||||
installed: true
|
||||
namespace: openvpn-service
|
||||
createNamespace: false
|
||||
|
||||
- <<: *docker-mailserver
|
||||
installed: true
|
||||
namespace: applications
|
||||
namespace: woodpecker-ci
|
||||
createNamespace: true
|
||||
|
||||
- <<: *mailu
|
||||
installed: false
|
||||
namespace: mailu-application
|
||||
createNamespace: false
|
||||
|
||||
- <<: *longhorn
|
||||
installed: true
|
||||
namespace: longhorn-system
|
||||
createNamespace: false
|
||||
|
||||
bases:
|
||||
- ../environments.yaml
|
||||
- ../repositories.yaml
|
||||
|
||||
@ -1,9 +1,10 @@
|
||||
server:
|
||||
config:
|
||||
dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str]
|
||||
configs:
|
||||
cm:
|
||||
dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str]
|
||||
credentialTemplates:
|
||||
ssh-creds:
|
||||
sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str]
|
||||
sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -13,14 +14,14 @@ sops:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw
|
||||
MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0
|
||||
V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3
|
||||
THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4
|
||||
DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
|
||||
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
|
||||
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
|
||||
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
|
||||
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-22T23:43:36Z"
|
||||
mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str]
|
||||
lastmodified: "2023-03-04T16:16:37Z"
|
||||
mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.7.3
|
||||
|
||||
@ -1,24 +0,0 @@
|
||||
env:
|
||||
secret:
|
||||
BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str]
|
||||
BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2
|
||||
OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl
|
||||
a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY
|
||||
TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg
|
||||
H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-03-27T08:47:35Z"
|
||||
mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
@ -1,8 +1,16 @@
|
||||
dbinstances:
|
||||
postgres:
|
||||
secrets:
|
||||
adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str]
|
||||
adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str]
|
||||
postgres16:
|
||||
secrets:
|
||||
adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str]
|
||||
adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str]
|
||||
adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str]
|
||||
adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str]
|
||||
mysql:
|
||||
secrets:
|
||||
adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str]
|
||||
adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -12,14 +20,14 @@ sops:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl
|
||||
RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx
|
||||
Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho
|
||||
d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq
|
||||
Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
|
||||
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
|
||||
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
|
||||
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
|
||||
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-17T01:05:06Z"
|
||||
mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str]
|
||||
lastmodified: "2023-10-04T02:28:20Z"
|
||||
mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.8.0
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str]
|
||||
djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str]
|
||||
postgresql:
|
||||
auth:
|
||||
password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str]
|
||||
password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str]
|
||||
redis:
|
||||
auth:
|
||||
password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str]
|
||||
password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -14,14 +14,14 @@ sops:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty
|
||||
dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG
|
||||
SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y
|
||||
ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC
|
||||
nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw
|
||||
TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL
|
||||
VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y
|
||||
dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA
|
||||
GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-09T09:33:11Z"
|
||||
mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str]
|
||||
lastmodified: "2023-10-04T18:47:37Z"
|
||||
mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.8.0
|
||||
|
||||
@ -1,23 +1,23 @@
|
||||
gitea:
|
||||
admin:
|
||||
username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str]
|
||||
password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str]
|
||||
username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str]
|
||||
password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str]
|
||||
config:
|
||||
mailer:
|
||||
PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str]
|
||||
PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str]
|
||||
database:
|
||||
PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str]
|
||||
PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str]
|
||||
session:
|
||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str]
|
||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str]
|
||||
cache:
|
||||
HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str]
|
||||
HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str]
|
||||
queue:
|
||||
CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str]
|
||||
CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str]
|
||||
oauth:
|
||||
- name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str]
|
||||
provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str]
|
||||
key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str]
|
||||
secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str]
|
||||
- name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str]
|
||||
provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str]
|
||||
key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str]
|
||||
secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -27,14 +27,14 @@ sops:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ
|
||||
M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5
|
||||
TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC
|
||||
OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X
|
||||
RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94
|
||||
QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu
|
||||
LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4
|
||||
Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
|
||||
WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-09T09:32:40Z"
|
||||
mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str]
|
||||
lastmodified: "2023-10-15T09:58:05Z"
|
||||
mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
||||
@ -1,21 +1,21 @@
|
||||
secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str]
|
||||
initialAccount:
|
||||
enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool]
|
||||
username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str]
|
||||
domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str]
|
||||
password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str]
|
||||
enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool]
|
||||
username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str]
|
||||
domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str]
|
||||
password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str]
|
||||
postgresql:
|
||||
auth:
|
||||
password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str]
|
||||
postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str]
|
||||
password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str]
|
||||
postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str]
|
||||
secretKeys:
|
||||
adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str]
|
||||
replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str]
|
||||
userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str]
|
||||
adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str]
|
||||
replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str]
|
||||
userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str]
|
||||
global:
|
||||
database:
|
||||
roundcube:
|
||||
password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str]
|
||||
password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -25,14 +25,14 @@ sops:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS
|
||||
L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu
|
||||
Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj
|
||||
aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i
|
||||
l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw
|
||||
YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh
|
||||
b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv
|
||||
RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp
|
||||
QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-04T09:30:41Z"
|
||||
mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str]
|
||||
lastmodified: "2023-04-28T08:37:51Z"
|
||||
mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.7.3
|
||||
|
||||
28
badhouseplants/values/secrets.minecraft.yaml
Normal file
28
badhouseplants/values/secrets.minecraft.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
minecraftServer:
|
||||
rcon:
|
||||
password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str]
|
||||
mcbackup:
|
||||
resticEnvs:
|
||||
RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str]
|
||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str]
|
||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
|
||||
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
|
||||
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
|
||||
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
|
||||
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-15T15:32:19Z"
|
||||
mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
@ -1,22 +0,0 @@
|
||||
env:
|
||||
SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB
|
||||
d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV
|
||||
YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM
|
||||
NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz
|
||||
qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-06T15:16:21Z"
|
||||
mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
@ -1,10 +1,10 @@
|
||||
vaultwarden:
|
||||
smtp:
|
||||
username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str]
|
||||
username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str]
|
||||
password:
|
||||
value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str]
|
||||
value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str]
|
||||
adminToken:
|
||||
value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str]
|
||||
value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -14,14 +14,14 @@ sops:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
|
||||
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
|
||||
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
|
||||
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
|
||||
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo
|
||||
WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3
|
||||
dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a
|
||||
U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT
|
||||
HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-30T18:44:39Z"
|
||||
mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str]
|
||||
lastmodified: "2023-12-25T19:33:37Z"
|
||||
mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
||||
@ -1,27 +0,0 @@
|
||||
vaultwarden:
|
||||
smtp:
|
||||
username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str]
|
||||
password:
|
||||
value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str]
|
||||
adminToken:
|
||||
value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
|
||||
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
|
||||
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
|
||||
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
|
||||
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-06T15:15:43Z"
|
||||
mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
@ -1,23 +0,0 @@
|
||||
configFiles:
|
||||
config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str]
|
||||
authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0
|
||||
NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du
|
||||
RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB
|
||||
M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp
|
||||
VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-05T17:37:17Z"
|
||||
mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
@ -1,4 +1,18 @@
|
||||
---
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: argocd-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
kind: http
|
||||
hostname: argo.badhouseplants.net
|
||||
service: argocd-server
|
||||
port: 80
|
||||
|
||||
controller:
|
||||
resources:
|
||||
limits:
|
||||
@ -34,35 +48,32 @@ dex:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
|
||||
redis:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
|
||||
global:
|
||||
domain: argo.badhouseplants.net
|
||||
|
||||
server:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
ingressClassName: traefik
|
||||
tls: true
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
rbacConfig:
|
||||
policy.default: role:readonly
|
||||
scopes: "[email, group]"
|
||||
policy.csv: |
|
||||
g, allanger@zohomail.com, role:admin
|
||||
g, rodion.n.rodionov@gmail.com, role:admin
|
||||
p, drone, applications, *, badhouseplants/*,allow
|
||||
config:
|
||||
exec.enabled: "true"
|
||||
url: https://argo.badhouseplants.net
|
||||
kustomize.buildOptions: "--enable-alpha-plugins"
|
||||
accounts.drone: apiKey, login
|
||||
accounts.drone.enabled: "true"
|
||||
|
||||
extraArgs:
|
||||
- --insecure
|
||||
servicePort:
|
||||
servicePortHttp: 80
|
||||
servicePortHttps: 80
|
||||
|
||||
repoServer:
|
||||
metrics:
|
||||
@ -74,22 +85,6 @@ repoServer:
|
||||
- name: regcred
|
||||
|
||||
configs:
|
||||
params:
|
||||
server.insecure: true
|
||||
rbac:
|
||||
policy.default: role:readonly
|
||||
scopes: "[email, group]"
|
||||
policy.csv: |
|
||||
g, allanger@zohomail.com, role:admin
|
||||
g, allanger@badhouseplants.net, role:admin
|
||||
g, rodion.n.rodionov@gmail.com, role:admin
|
||||
p, drone, applications, *, badhouseplants/*,allow
|
||||
cm:
|
||||
exec.enabled: "true"
|
||||
url: https://argo.badhouseplants.net
|
||||
kustomize.buildOptions: "--enable-alpha-plugins"
|
||||
accounts.drone: apiKey, login
|
||||
accounts.drone.enabled: "true"
|
||||
credentialTemplates:
|
||||
ssh-creds:
|
||||
url: git@github.com
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: chartmuseum
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: helm.badhouseplants.net
|
||||
service: chartmuseum
|
||||
port: 8080
|
||||
env:
|
||||
open:
|
||||
AUTH_ANONYMOUS_GET: true
|
||||
DISABLE_API: false
|
||||
CORS_ALLOWORIGIN: "*"
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 2Gi
|
||||
path: /storage
|
||||
@ -1,10 +0,0 @@
|
||||
operator:
|
||||
replicas: 1
|
||||
endpointRoutes:
|
||||
# -- Enable use of per endpoint routes instead of routing via
|
||||
# the cilium_host interface.
|
||||
enabled: true
|
||||
ipam:
|
||||
ciliumNodeUpdateRate: "15s"
|
||||
operator:
|
||||
clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]
|
||||
@ -1,32 +0,0 @@
|
||||
service:
|
||||
clusterIP: 10.43.0.10
|
||||
|
||||
servers:
|
||||
- zones:
|
||||
- zone: .
|
||||
port: 53
|
||||
plugins:
|
||||
- name: errors
|
||||
# Serves a /health endpoint on :8080, required for livenessProbe
|
||||
- name: health
|
||||
configBlock: |-
|
||||
lameduck 5s
|
||||
# Serves a /ready endpoint on :8181, required for readinessProbe
|
||||
- name: ready
|
||||
# Required to query kubernetes API for data
|
||||
- name: kubernetes
|
||||
parameters: cluster.local in-addr.arpa ip6.arpa
|
||||
configBlock: |-
|
||||
pods insecure
|
||||
fallthrough in-addr.arpa ip6.arpa
|
||||
ttl 30
|
||||
# Serves a /metrics endpoint on :9153, required for serviceMonitor
|
||||
- name: prometheus
|
||||
parameters: 0.0.0.0:9153
|
||||
- name: forward
|
||||
parameters: . 1.1.1.1 1.0.0.1
|
||||
- name: cache
|
||||
parameters: 30
|
||||
- name: loop
|
||||
- name: reload
|
||||
- name: loadbalance
|
||||
@ -1,5 +1,15 @@
|
||||
---
|
||||
dbinstances:
|
||||
postgres:
|
||||
monitoring:
|
||||
enabled: false
|
||||
adminSecretRef:
|
||||
Name: postgres-secret
|
||||
Namespace: database-service
|
||||
engine: postgres
|
||||
generic:
|
||||
host: postgres-postgresql
|
||||
port: 5432
|
||||
postgres16:
|
||||
monitoring:
|
||||
enabled: false
|
||||
@ -10,3 +20,13 @@ dbinstances:
|
||||
generic:
|
||||
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||
port: 5432
|
||||
mysql:
|
||||
monitoring:
|
||||
enabled: false
|
||||
adminSecretRef:
|
||||
Name: mysql-secret
|
||||
Namespace: database-service
|
||||
engine: mysql
|
||||
generic:
|
||||
host: mysql
|
||||
port: 3306
|
||||
|
||||
@ -1,67 +1,125 @@
|
||||
traefik:
|
||||
istio-gateway:
|
||||
enabled: true
|
||||
tcpRoutes:
|
||||
- name: docker-mailserver-smtp
|
||||
gateways:
|
||||
- name: badhouseplants-email
|
||||
servers:
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: smtp
|
||||
number: 25
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: pop3
|
||||
number: 110
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: imap
|
||||
number: 143
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: smtps
|
||||
number: 465
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: submission
|
||||
number: 587
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: imaps
|
||||
number: 993
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: pop3s
|
||||
number: 995
|
||||
protocol: TCP
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: docker-mailserver-smpt
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
service: docker-mailserver
|
||||
match: HostSNI(`*`)
|
||||
entrypoint: smtp
|
||||
hostname: badhouseplants.net
|
||||
port_match: 25
|
||||
port: 25
|
||||
- name: docker-mailserver-smtps
|
||||
match: HostSNI(`*`)
|
||||
- name: docker-mailserver-smpts
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 465
|
||||
hostname: badhouseplants.net
|
||||
service: docker-mailserver
|
||||
entrypoint: smtps
|
||||
port: 465
|
||||
- name: docker-mailserver-smpt-startls
|
||||
match: HostSNI(`*`)
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
hostname: badhouseplants.net
|
||||
port_match: 587
|
||||
service: docker-mailserver
|
||||
entrypoint: smtp-startls
|
||||
port: 587
|
||||
- name: docker-mailserver-imap
|
||||
match: HostSNI(`*`)
|
||||
kind: tcp
|
||||
hostname: badhouseplants.net
|
||||
gateway: badhouseplants-email
|
||||
port_match: 143
|
||||
service: docker-mailserver
|
||||
entrypoint: imap
|
||||
port: 143
|
||||
- name: docker-mailserver-imaps
|
||||
match: HostSNI(`*`)
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
hostname: badhouseplants.net
|
||||
port_match: 993
|
||||
service: docker-mailserver
|
||||
entrypoint: imaps
|
||||
port: 993
|
||||
- name: docker-mailserver-pop3
|
||||
match: HostSNI(`*`)
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 110
|
||||
hostname: badhouseplants.net
|
||||
service: docker-mailserver
|
||||
entrypoint: pop3
|
||||
port: 110
|
||||
- name: docker-mailserver-pop3s
|
||||
match: HostSNI(`*`)
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 993
|
||||
hostname: badhouseplants.net
|
||||
service: docker-mailserver
|
||||
entrypoint: pop3s
|
||||
port: 993
|
||||
- name: docker-mailserver-rainloop
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: mail.badhouseplants.net
|
||||
service: docker-mailserver-rainloop
|
||||
port: 80
|
||||
|
||||
rainloop:
|
||||
enabled: true
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts:
|
||||
- mail.badhouseplants.net
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
tls:
|
||||
- secretName: mail-tls-secret
|
||||
hosts:
|
||||
- mail.badhouseplants.net
|
||||
|
||||
enabled: false
|
||||
demoMode:
|
||||
enabled: false
|
||||
domains:
|
||||
- badhouseplants.net
|
||||
- mail.badhouseplants.net
|
||||
ssl:
|
||||
useExisting: true
|
||||
existingName: mail-tls-secret
|
||||
issuer:
|
||||
name: badhouseplants-issuer
|
||||
kind: ClusterIssuer
|
||||
dnsname: badhouseplants.net
|
||||
dns01provider: cloudflare
|
||||
useExisting: false
|
||||
pod:
|
||||
dockermailserver:
|
||||
enable_fail2ban: "0"
|
||||
|
||||
@ -30,22 +30,6 @@ celery:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 75Mi
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
host: funkwhale.badhouseplants.net
|
||||
protocol: http
|
||||
|
||||
tls:
|
||||
- secretName: funkwhale-tls-secret
|
||||
hosts:
|
||||
- funkwhale.badhouseplants.net
|
||||
|
||||
extraEnv:
|
||||
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
|
||||
FUNKWHALE_PROTOCOL: https
|
||||
@ -55,7 +39,8 @@ persistence:
|
||||
size: 10Gi
|
||||
s3:
|
||||
enabled: false
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
postgresql:
|
||||
enabled: false
|
||||
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||
|
||||
@ -1,5 +1,25 @@
|
||||
---
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: gitea-http
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: git.badhouseplants.net
|
||||
service: gitea-http
|
||||
port: 3000
|
||||
- name: gitea-ssh
|
||||
kind: tcp
|
||||
gateway: istio-system/badhouseplants-ssh
|
||||
hostname: "*"
|
||||
port_match: 22
|
||||
service: gitea-ssh
|
||||
port: 22
|
||||
# ------------------------------------------
|
||||
# -- Database extension is used to manage
|
||||
# -- database with db-operator
|
||||
# ------------------------------------------
|
||||
@ -7,27 +27,9 @@ ext-database:
|
||||
enabled: true
|
||||
name: gitea-postgres16
|
||||
instance: postgres16
|
||||
|
||||
# ------------------------------------------
|
||||
# -- Kubernetes related values
|
||||
# ------------------------------------------
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
hosts:
|
||||
- host: git.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: gitea-tls-secret
|
||||
hosts:
|
||||
- git.badhouseplants.net
|
||||
replicaCount: 1
|
||||
clusterDomain: cluster.local
|
||||
|
||||
@ -41,10 +43,12 @@ resources:
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 15Gi
|
||||
size: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
# ------------------------------------------
|
||||
# -- Main Gitea settings
|
||||
# ------------------------------------------
|
||||
@ -121,21 +125,3 @@ postgresql-ha:
|
||||
enabled: false
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
|
||||
extraDeploy:
|
||||
- |
|
||||
{{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}-ssh
|
||||
spec:
|
||||
entryPoints:
|
||||
- git-ssh
|
||||
routes:
|
||||
- match: HostSNI(`git.badhouseplants.net`)
|
||||
services:
|
||||
- name: "{{ include "gitea.fullname" . }}-ssh"
|
||||
port: 22
|
||||
nativeLB: true
|
||||
{{- end }}
|
||||
|
||||
@ -22,16 +22,6 @@ istio-gateway:
|
||||
gateways:
|
||||
- name: badhouseplants-net
|
||||
servers:
|
||||
- hosts:
|
||||
- badhouseplants.net
|
||||
- '*.badhouseplants.net'
|
||||
port:
|
||||
name: grpc-web
|
||||
number: 8080
|
||||
protocol: HTTPS
|
||||
tls:
|
||||
credentialName: badhouseplants-wildcard-tls
|
||||
mode: SIMPLE
|
||||
- hosts:
|
||||
- badhouseplants.net
|
||||
- '*.badhouseplants.net'
|
||||
|
||||
@ -1,11 +1,6 @@
|
||||
service:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
ports:
|
||||
- name: shadowsocks
|
||||
port: 8388
|
||||
protocol: TCP
|
||||
targetPort: 8388
|
||||
- name: minecraft
|
||||
port: 25565
|
||||
protocol: TCP
|
||||
@ -18,10 +13,6 @@ service:
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 80
|
||||
- name: grpc-web
|
||||
port: 8080
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
- name: https
|
||||
port: 443
|
||||
protocol: TCP
|
||||
@ -30,6 +21,10 @@ service:
|
||||
port: 1194
|
||||
protocol: TCP
|
||||
targetPort: 1194
|
||||
- name: tcp
|
||||
port: 25
|
||||
protocol: TCP
|
||||
targetPort: 25
|
||||
# -----------
|
||||
# -- Email
|
||||
# -----------
|
||||
|
||||
@ -8,7 +8,7 @@ global:
|
||||
proxy:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 20m
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
memory: 128Mi
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
storageClass:
|
||||
create: true
|
||||
defaultClass: false
|
||||
@ -1,99 +1,22 @@
|
||||
---
|
||||
global:
|
||||
dnsService: "coredns"
|
||||
|
||||
singleBinary:
|
||||
replicas: 1
|
||||
persistence:
|
||||
size: 5Gi
|
||||
loki:
|
||||
auth_enabled: false
|
||||
commonConfig:
|
||||
replication_factor: 1
|
||||
storage:
|
||||
type: 'filesystem'
|
||||
commonConfig:
|
||||
replication_factor: 1
|
||||
schemaConfig:
|
||||
configs:
|
||||
- from: 2024-04-01
|
||||
store: tsdb
|
||||
object_store: s3
|
||||
schema: v13
|
||||
index:
|
||||
prefix: loki_index_
|
||||
period: 24h
|
||||
ingester:
|
||||
chunk_encoding: snappy
|
||||
tracing:
|
||||
enabled: true
|
||||
querier:
|
||||
# Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing
|
||||
max_concurrent: 2
|
||||
|
||||
compactor:
|
||||
retention_enabled: true
|
||||
limits_config:
|
||||
retention_period: 14d
|
||||
|
||||
monitoring:
|
||||
selfMonitoring:
|
||||
enabled: false
|
||||
lokiCanary:
|
||||
enabled: false
|
||||
|
||||
#gateway:
|
||||
# ingress:
|
||||
# enabled: true
|
||||
# hosts:
|
||||
# - host: FIXME
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
|
||||
deploymentMode: SingleBinary
|
||||
singleBinary:
|
||||
persistence:
|
||||
size: 5Gi
|
||||
replicas: 1
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 0.5
|
||||
memory: 512Mi
|
||||
extraEnv:
|
||||
# Keep a little bit lower than memory limits
|
||||
- name: GOMEMLIMIT
|
||||
value: 3750MiB
|
||||
|
||||
chunksCache:
|
||||
# default is 500MB, with limited memory keep this smaller
|
||||
writebackSizeLimit: 10MB
|
||||
|
||||
minio:
|
||||
test:
|
||||
enabled: false
|
||||
|
||||
# Zero out replica counts of other deployment modes
|
||||
backend:
|
||||
replicas: 0
|
||||
read:
|
||||
replicas: 0
|
||||
write:
|
||||
replicas: 0
|
||||
|
||||
ingester:
|
||||
replicas: 0
|
||||
querier:
|
||||
replicas: 0
|
||||
queryFrontend:
|
||||
replicas: 0
|
||||
queryScheduler:
|
||||
replicas: 0
|
||||
distributor:
|
||||
replicas: 0
|
||||
compactor:
|
||||
replicas: 0
|
||||
indexGateway:
|
||||
replicas: 0
|
||||
bloomCompactor:
|
||||
replicas: 0
|
||||
bloomGateway:
|
||||
replicas: 0
|
||||
retention_enabled: true
|
||||
limits_config:
|
||||
retention_period: 14d
|
||||
|
||||
@ -1,14 +1,13 @@
|
||||
defaultSettings:
|
||||
backupTarget: s3://longhorn@us-east1/backupstore
|
||||
backupTarget: s3://longhorn@us-east1/backupstore
|
||||
backupTargetCredentialSecret: aws-secret
|
||||
guaranteedEngineManagerCPU: 6
|
||||
guaranteedReplicaManagerCPU: 6
|
||||
storageOverProvisioningPercentage: 300
|
||||
storageMinimalAvailablePercentage: 5
|
||||
storageReservedPercentageForDefaultDisk: 1
|
||||
defaultDataPath: /media/longhorn
|
||||
defaultDataPath: /media-longhorn
|
||||
csi:
|
||||
kubeletRootDir: /var/lib/kubelet/
|
||||
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
|
||||
persistence:
|
||||
defaultClassReplicaCount: 1
|
||||
enablePSP: false
|
||||
|
||||
@ -1,64 +1,81 @@
|
||||
---
|
||||
# ------------------------------------------
|
||||
# -- Database extension is used to manage
|
||||
# -- database with db-operator
|
||||
# ------------------------------------------
|
||||
ext-database:
|
||||
certificate:
|
||||
enabled: true
|
||||
name: mailu-postgres16
|
||||
instance: postgres16
|
||||
extraDatabase:
|
||||
enabled: true
|
||||
name: roundcube-postgres16
|
||||
instance: postgres16
|
||||
|
||||
certificate:
|
||||
- name: mailu
|
||||
secretName: mailu-certificate
|
||||
issuer:
|
||||
kind: ClusterIssuer
|
||||
name: badhouseplants-issuer
|
||||
dnsNames:
|
||||
- badhouseplants.net
|
||||
- "email.badhouseplants.net"
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
traefik:
|
||||
istio:
|
||||
enabled: true
|
||||
tcpRoutes:
|
||||
- name: mailu-smtp
|
||||
service: mailu-front
|
||||
match: HostSNI(`*`)
|
||||
entrypoint: smtp
|
||||
port: 25
|
||||
- name: mailu-smtps
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: smtps
|
||||
port: 465
|
||||
- name: mailu-smpt-startls
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: smtp-startls
|
||||
port: 587
|
||||
- name: mailu-imap
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: imap
|
||||
port: 143
|
||||
- name: mailu-imaps
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: imaps
|
||||
port: 993
|
||||
- name: mailu-pop3
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: pop3
|
||||
port: 110
|
||||
- name: mailu-pop3s
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: pop3s
|
||||
port: 993
|
||||
subnet: 10.244.0.0/16
|
||||
istio:
|
||||
- name: mailu-web
|
||||
kind: http
|
||||
gateway: badhouseplants-net
|
||||
hostname: email.badhouseplants.net
|
||||
service: mailu-fr ont
|
||||
port: 80
|
||||
# - name: mailu-smpt
|
||||
# kind: tcp
|
||||
# gateway: badhouseplants-mail
|
||||
# service: mailu-front
|
||||
# hostname: email.badhousplants.net
|
||||
# port_match: 25
|
||||
# port: 25
|
||||
# - name: mailu-smpts
|
||||
# kind: tcp
|
||||
# gateway: badhouseplants-mail
|
||||
# port_match: 465
|
||||
# hostname: email.badhousplants.net
|
||||
# service: mailu-front
|
||||
# port: 465
|
||||
# - name: mailu-smpt-startls
|
||||
# kind: tcp
|
||||
# gateway: badhouseplants-mail
|
||||
# hostname: email.badhousplants.net
|
||||
# port_match: 587
|
||||
# service: mailu-front
|
||||
# port: 587
|
||||
# - name: mailu-imap
|
||||
# kind: tcp
|
||||
# hostname: email.badhousplants.net
|
||||
# gateway: badhouseplants-mail
|
||||
# port_match: 143
|
||||
# service: mailu-front
|
||||
# port: 143
|
||||
# - name: mailu-imaps
|
||||
# kind: tcp
|
||||
# gateway: badhouseplants-mail
|
||||
# hostname: email.badhousplants.net
|
||||
# port_match: 993
|
||||
# service: mailu-front
|
||||
# port: 993
|
||||
# - name: mailu-pop3
|
||||
# kind: tcp
|
||||
# gateway: badhouseplants-mail
|
||||
# port_match: 110
|
||||
# hostname: email.badhousplants.net
|
||||
# service: mailu-front
|
||||
# port: 110
|
||||
# - name: mailu-pop3s
|
||||
# kind: tcp
|
||||
# gateway: badhouseplants-mail
|
||||
# port_match: 993
|
||||
# hostname: email.badhousplants.net
|
||||
# service: mailu-front
|
||||
# port: 993
|
||||
subnet: 10.1.0.0/16
|
||||
sessionCookieSecure: true
|
||||
hostnames:
|
||||
- badhouseplants.net
|
||||
- email.badhouseplants.net
|
||||
- post.badhouseplants.net
|
||||
domain: badhouseplants.net
|
||||
persistence:
|
||||
single_pvc: false
|
||||
@ -68,20 +85,11 @@ limits:
|
||||
tls:
|
||||
outboundLevel: secure
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
tls: true
|
||||
annotations:
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
enabled: false
|
||||
tls: false
|
||||
tlsFlavorOverride: mail
|
||||
realIpFrom: traefik.kube-system.svc.cluster.local
|
||||
realIpHeader: "X-Real-IP"
|
||||
front:
|
||||
hostPort:
|
||||
enabled: false
|
||||
selfSigned: false
|
||||
existingSecret: mailu-certificate
|
||||
admin:
|
||||
resources:
|
||||
requests:
|
||||
@ -99,10 +107,9 @@ redis:
|
||||
cpu: 70m
|
||||
limits:
|
||||
memory: 200Mi
|
||||
cpu: 200m
|
||||
master:
|
||||
persistence:
|
||||
enabled: false
|
||||
cpu: 200m
|
||||
persistence:
|
||||
size: 1Gi
|
||||
postfix:
|
||||
resources:
|
||||
requests:
|
||||
@ -110,7 +117,7 @@ postfix:
|
||||
cpu: 200m
|
||||
limits:
|
||||
memory: 1024Mi
|
||||
cpu: 200m
|
||||
cpu: 200m
|
||||
persistence:
|
||||
size: 1Gi
|
||||
dovecot:
|
||||
@ -121,7 +128,7 @@ dovecot:
|
||||
cpu: 70m
|
||||
limits:
|
||||
memory: 400Mi
|
||||
cpu: 300m
|
||||
cpu: 300m
|
||||
persistence:
|
||||
size: 1Gi
|
||||
roundcube:
|
||||
@ -131,24 +138,26 @@ roundcube:
|
||||
cpu: 70m
|
||||
limits:
|
||||
memory: 200Mi
|
||||
cpu: 200m
|
||||
cpu: 200m
|
||||
persistence:
|
||||
size: 1Gi
|
||||
mysql:
|
||||
enabled: false
|
||||
postgresql:
|
||||
enabled: false
|
||||
## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically.
|
||||
externalDatabase:
|
||||
## @param externalDatabase.enabled Set to true to use an external database
|
||||
enabled: true
|
||||
type: postgresql
|
||||
existingSecret: mailu-postgres16-creds
|
||||
existingSecretDatabaseKey: POSTGRES_DB
|
||||
existingSecretUsernameKey: POSTGRES_USER
|
||||
existingSecretPasswordKey: POSTGRES_PASSWORD
|
||||
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||
port: 5432
|
||||
auth:
|
||||
enablePostgresUser: true
|
||||
username: mailu
|
||||
database: mailu
|
||||
persistence:
|
||||
enabled: false
|
||||
storageClass: ""
|
||||
accessMode: ReadWriteOnce
|
||||
size: 2Gi
|
||||
front:
|
||||
logLevel: DEBUG
|
||||
hostPort:
|
||||
enabled: true
|
||||
rspamd:
|
||||
resources:
|
||||
requests:
|
||||
@ -157,7 +166,7 @@ rspamd:
|
||||
limits:
|
||||
memory: 500Mi
|
||||
cpu: 400m
|
||||
startupProbe:
|
||||
startupProbe:
|
||||
periodSeconds: 30
|
||||
failureThreshold: 900
|
||||
timeoutSeconds: 20
|
||||
@ -170,10 +179,3 @@ webmail:
|
||||
accessModes: [ReadWriteOnce]
|
||||
claimNameOverride: ""
|
||||
annotations: {}
|
||||
global:
|
||||
database:
|
||||
roundcube:
|
||||
database: applications-roundcube-postgres16
|
||||
username: applications-roundcube-postgres16
|
||||
existingSecret: roundcube-postgres16-creds
|
||||
existingSecretPasswordKey: POSTGRES_PASSWORD
|
||||
|
||||
@ -1,5 +0,0 @@
|
||||
metallb:
|
||||
enabled: true
|
||||
ippools:
|
||||
- name: fuji
|
||||
addresses: 195.201.249.91-195.201.249.91
|
||||
180
badhouseplants/values/values.minecraft.yaml
Normal file
180
badhouseplants/values/values.minecraft.yaml
Normal file
@ -0,0 +1,180 @@
|
||||
---
|
||||
# --------------------------------------------------
|
||||
# -- Extensions values
|
||||
# --------------------------------------------------
|
||||
service-account:
|
||||
enabled: true
|
||||
resources:
|
||||
- name: minecraft-exporter
|
||||
label:
|
||||
app: minecraft-minecraft-metrics
|
||||
endpoints:
|
||||
port: metrics
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: minecraft-tcp
|
||||
gateway: istio-system/badhouseplants-minecraft
|
||||
kind: tcp
|
||||
port_match: 25565
|
||||
hostname: "*"
|
||||
service: minecraft-minecraft
|
||||
port: 25565
|
||||
# --------------------------------------------------
|
||||
# -- Main values
|
||||
# --------------------------------------------------
|
||||
image:
|
||||
tag: java17-graalvm-ce
|
||||
pullPolicy: Always
|
||||
|
||||
resources:
|
||||
requests:
|
||||
memory: 3Gi
|
||||
cpu: 256m
|
||||
limits:
|
||||
memory: 3Gi
|
||||
|
||||
lifecycle:
|
||||
postStart:
|
||||
- bash
|
||||
- -c
|
||||
- for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345
|
||||
|
||||
readinessProbe:
|
||||
command:
|
||||
- mc-health
|
||||
periodSeconds: 20
|
||||
failureThreshold: 50
|
||||
timeoutSeconds: 10
|
||||
livenessProbe:
|
||||
timeoutSeconds: 10
|
||||
|
||||
minecraftServer:
|
||||
overrideServerProperties: true
|
||||
eula: "TRUE"
|
||||
onlineMode: false
|
||||
difficulty: hard
|
||||
hardcore: true
|
||||
version: 1.20.1
|
||||
maxWorldSize: 90000
|
||||
type: "PAPER"
|
||||
paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar
|
||||
gameMode: survival
|
||||
pvp: true
|
||||
rcon:
|
||||
enabled: true
|
||||
withGeneratedPassword: false
|
||||
port: 25575
|
||||
serviceType: ClusterIP
|
||||
extraPorts:
|
||||
- name: metrics
|
||||
containerPort: 9225
|
||||
protocol: TCP
|
||||
service:
|
||||
enabled: true
|
||||
embedded: false
|
||||
labels:
|
||||
exporter: minecraft
|
||||
type: ClusterIP
|
||||
port: 9925
|
||||
ingress:
|
||||
enabled: false
|
||||
persistence:
|
||||
dataDir:
|
||||
enabled: true
|
||||
Size: 15Gi
|
||||
mcbackup:
|
||||
enabled: false
|
||||
backupInterval: 2h
|
||||
pauseIfNoPlayers: "false"
|
||||
pruneBackupsDays: 2
|
||||
rconRetries: 5
|
||||
rconRetryInterval: 10s
|
||||
excludes: "*.jar,cache,logs"
|
||||
backupMethod: restic
|
||||
resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft
|
||||
resticAdditionalTags: "mc_backups"
|
||||
pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2"
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 100m
|
||||
persistence:
|
||||
backupDir:
|
||||
enabled: false
|
||||
# ---------------------------------------------
|
||||
# -- Install Plugins
|
||||
# ---------------------------------------------
|
||||
initContainers:
|
||||
- name: 0-install-prometheus-exporter
|
||||
image: alpine/curl
|
||||
command:
|
||||
- curl
|
||||
- -L
|
||||
- "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar"
|
||||
- -o
|
||||
- /data/plugins/prometheus-exporter.jar
|
||||
volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
readOnly: false
|
||||
- name: 0-install-password-plugin
|
||||
image: alpine/curl
|
||||
command:
|
||||
- curl
|
||||
- -L
|
||||
- "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar"
|
||||
- -o
|
||||
- /data/plugins/PasswordProtect.jar
|
||||
volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
readOnly: false
|
||||
- name: 0-install-gravity-control-plugin
|
||||
image: alpine/curl
|
||||
command:
|
||||
- curl
|
||||
- -L
|
||||
- https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar
|
||||
- -o
|
||||
- /data/plugins/GravityControl-1.3.0.jar
|
||||
volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
readOnly: false
|
||||
- name: 0-install-fast-minecart-plugin
|
||||
image: alpine/curl
|
||||
command:
|
||||
- curl
|
||||
- -L
|
||||
- https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar
|
||||
- -o
|
||||
- /data/plugins/FastMinecarts.jar
|
||||
volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
- name: 1-add-plugins-to-minecraft
|
||||
image: alpine/curl
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- cp -r /in /out/plugins
|
||||
volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /in
|
||||
readOnly: false
|
||||
- name: datadir
|
||||
mountPath: /out
|
||||
extraVolumes:
|
||||
- volumeMounts:
|
||||
- name: plugins
|
||||
mountPath: /data/plugins
|
||||
readOnly: false
|
||||
volumes:
|
||||
- name: plugins
|
||||
emptyDir:
|
||||
sizeLimit: 500Mi
|
||||
@ -19,39 +19,6 @@ istio:
|
||||
service: minio
|
||||
port: 9000
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: ~
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
path: /
|
||||
hosts:
|
||||
- s3.badhouseplants.net
|
||||
tls:
|
||||
- secretName: s3-tls-secret
|
||||
hosts:
|
||||
- s3.badhouseplants.net
|
||||
consoleIngress:
|
||||
enabled: true
|
||||
ingressClassName: ~
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
path: /
|
||||
hosts:
|
||||
- minio.badhouseplants.net
|
||||
tls:
|
||||
- secretName: minio-tls-secret
|
||||
hosts:
|
||||
- minio.badhouseplants.net
|
||||
|
||||
rootUser: 'overlord'
|
||||
replicas: 1
|
||||
mode: standalone
|
||||
|
||||
@ -1,23 +1,11 @@
|
||||
namespaces:
|
||||
- name: longhorn-system
|
||||
- name: minio-service
|
||||
- name: argo-system
|
||||
- name: nrodionov-application
|
||||
- name: minecraft-application
|
||||
annotations:
|
||||
badohouseplants.net/git-repo: |
|
||||
https://git.badhouseplants.net/badhouseplants/minecraft-helmfile
|
||||
badhouseplants.net/ci: |
|
||||
https://ci.badhouseplants.net/repos/15
|
||||
- name: gitea-service
|
||||
- name: funkwhale-application
|
||||
- name: database-service
|
||||
- name: mail-service
|
||||
- name: vaultwarden-application
|
||||
- name: woodpecker-ci
|
||||
- name: openvpn-service
|
||||
- name: badhouseplants-main
|
||||
labels:
|
||||
istio-injection: enabled
|
||||
- name: badhouseplants-preview
|
||||
- name: kube-services
|
||||
---
|
||||
ns:
|
||||
- name: monitoring-system
|
||||
templates:
|
||||
- |
|
||||
{{ range .Values.ns }}
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
{{ end }}
|
||||
|
||||
@ -17,20 +17,7 @@ ext-database:
|
||||
enabled: true
|
||||
name: nrodionov-mysql
|
||||
instance: mysql
|
||||
ingress:
|
||||
enabled: true
|
||||
pathType: ImplementationSpecific
|
||||
hostname: dev.nrodionov.info
|
||||
path: /
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
tls: true
|
||||
tlsWwwPrefix: false
|
||||
selfSigned: false
|
||||
|
||||
wordpressBlogName: Николай Николаевич Родионов
|
||||
wordpressUsername: admin
|
||||
wordpressFirstName: Nikolai
|
||||
|
||||
@ -3,34 +3,26 @@
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
# istio:
|
||||
# enabled: true
|
||||
# istio:
|
||||
# - name: openvpn-tcp-xor
|
||||
# gateway: istio-system/badhouseplants-vpn
|
||||
# kind: tcp
|
||||
# port_match: 1194
|
||||
# hostname: "*"
|
||||
# service: openvpn-xor
|
||||
# port: 1194
|
||||
# ------------------------------------------
|
||||
traefik:
|
||||
istio:
|
||||
enabled: true
|
||||
tcpRoutes:
|
||||
- name: openvpn-xor
|
||||
service: openvpn-xor
|
||||
match: HostSNI(`*`)
|
||||
entrypoint: openvpn
|
||||
istio:
|
||||
- name: openvpn-tcp
|
||||
gateway: istio-system/badhouseplants-vpn
|
||||
kind: tcp
|
||||
port_match: 1194
|
||||
hostname: "*"
|
||||
service: openvpn
|
||||
port: 1194
|
||||
|
||||
# ------------------------------------------
|
||||
image:
|
||||
tag: v2.6.5-xor-4.0.0beta08
|
||||
storage:
|
||||
class: longhorn
|
||||
size: 512Mi
|
||||
|
||||
openvpn:
|
||||
proto: tcp
|
||||
host: 195.201.249.91
|
||||
|
||||
host: 195.201.250.50
|
||||
easyrsa:
|
||||
cn: Bad Houseplants
|
||||
country: Germany
|
||||
@ -8,20 +8,3 @@ persistence:
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
primary:
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroupChangePolicy: Always
|
||||
sysctls: []
|
||||
supplementalGroups: []
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: {}
|
||||
runAsNonRoot: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
@ -87,7 +87,6 @@ prometheus:
|
||||
storage: 12Gi
|
||||
|
||||
grafana:
|
||||
assertNoLeakedSecrets: false
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 2Gi
|
||||
|
||||
@ -7,5 +7,5 @@ config:
|
||||
pipelineStages:
|
||||
- match:
|
||||
pipeline_name: "drop-all"
|
||||
selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}'
|
||||
selector: '{namespace!~"mail-service|woodpecker"}'
|
||||
action: drop
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
roles:
|
||||
- name: minecraft-admin
|
||||
namespace: minecraft-application
|
||||
kind: Role
|
||||
rules:
|
||||
- apiGroups: ["*"]
|
||||
resources: ["*"]
|
||||
verbs: ["*"]
|
||||
namespace: ["minecraft-application"]
|
||||
@ -1,55 +0,0 @@
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: tandoor-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
kind: http
|
||||
hostname: tandoor.badhouseplants.net
|
||||
service: tandoor
|
||||
port: 8080
|
||||
|
||||
ext-database:
|
||||
enabled: true
|
||||
name: tandoor-postgres16
|
||||
instance: postgres16
|
||||
credentials:
|
||||
POSTGRES_HOST: |-
|
||||
"{{ .Hostname }}"
|
||||
POSTGRES_PORT: |-
|
||||
"{{ .Port }}"
|
||||
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: tandoor-postgres16-creds
|
||||
env:
|
||||
TZ: UTC
|
||||
DB_ENGINE: django.db.backends.postgresql
|
||||
EMAIL_HOST: badhouseplants.net
|
||||
EMAIL_PORT: 587
|
||||
EMAIL_HOST_USER: overlord@badhouseplants.net
|
||||
EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g
|
||||
EMAIL_USE_TLS: 1
|
||||
EMAIL_USE_SSL: 0
|
||||
DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
retain: true
|
||||
storageClass: longhorn
|
||||
accessMode: ReadWriteOnce
|
||||
size: 1Gi
|
||||
media:
|
||||
enabled: true
|
||||
mountPath: /opt/recipes/mediafiles
|
||||
retain: true
|
||||
storageClass: longhorn
|
||||
accessMode: ReadWriteOnce
|
||||
size: 1Gi
|
||||
static:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /opt/recipes/staticfiles
|
||||
django-js-reverse:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /opt/recipes/cookbook/static/django_js_reverse
|
||||
@ -1,78 +0,0 @@
|
||||
globalArguments:
|
||||
- "--serversTransport.insecureSkipVerify=true"
|
||||
service:
|
||||
spec:
|
||||
externalTrafficPolicy: Local
|
||||
ports:
|
||||
git-ssh:
|
||||
port: 22
|
||||
expose:
|
||||
default: true
|
||||
exposedPort: 22
|
||||
protocol: TCP
|
||||
openvpn:
|
||||
port: 1194
|
||||
expose:
|
||||
default: true
|
||||
exposedPort: 1194
|
||||
protocol: TCP
|
||||
valve-server:
|
||||
port: 27015
|
||||
expose:
|
||||
default: true
|
||||
exposedPort: 27015
|
||||
protocol: UDP
|
||||
valve-rcon:
|
||||
port: 27015
|
||||
expose:
|
||||
default: true
|
||||
exposedPort: 27015
|
||||
protocol: TCP
|
||||
smtp:
|
||||
port: 25
|
||||
protocol: TCP
|
||||
exposedPort: 25
|
||||
expose:
|
||||
default: true
|
||||
smtps:
|
||||
port: 465
|
||||
protocol: TCP
|
||||
exposedPort: 465
|
||||
expose:
|
||||
default: true
|
||||
smtp-startls:
|
||||
port: 587
|
||||
protocol: TCP
|
||||
exposedPort: 587
|
||||
expose:
|
||||
default: true
|
||||
imap:
|
||||
port: 143
|
||||
protocol: TCP
|
||||
exposedPort: 143
|
||||
expose:
|
||||
default: true
|
||||
imaps:
|
||||
port: 993
|
||||
protocol: TCP
|
||||
exposedPort: 993
|
||||
expose:
|
||||
default: true
|
||||
pop3:
|
||||
port: 110
|
||||
protocol: TCP
|
||||
exposedPort: 110
|
||||
expose:
|
||||
default: true
|
||||
pop3s:
|
||||
port: 995
|
||||
protocol: TCP
|
||||
exposedPort: 995
|
||||
expose:
|
||||
default: true
|
||||
minecraft:
|
||||
port: 25565
|
||||
protocol: TCP
|
||||
exposedPort: 25565
|
||||
expose:
|
||||
default: true
|
||||
@ -20,7 +20,7 @@ ext-database:
|
||||
enabled: true
|
||||
name: vaultwarden-postgres16
|
||||
instance: postgres16
|
||||
service:
|
||||
service:
|
||||
port: 8080
|
||||
vaultwarden:
|
||||
smtp:
|
||||
@ -53,28 +53,11 @@ vaultwarden:
|
||||
connectionRetries: 15
|
||||
maxConnections: 10
|
||||
storage:
|
||||
enabled: true
|
||||
enabled: false
|
||||
size: 1Gi
|
||||
class: longhorn
|
||||
class: default
|
||||
dataDir: /data
|
||||
logging:
|
||||
enabled: false
|
||||
logfile: "/data/vaultwarden.log"
|
||||
loglevel: "warn"
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
hosts:
|
||||
- host: vault.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: vault-tls-secret
|
||||
hosts:
|
||||
- vault.badhouseplants.net
|
||||
|
||||
@ -1,58 +0,0 @@
|
||||
service:
|
||||
port: 8080
|
||||
vaultwarden:
|
||||
smtp:
|
||||
host: mail.badhouseplants.net
|
||||
security: "starttls"
|
||||
port: 587
|
||||
from: vaulttest@badhouseplants.net
|
||||
fromName: Vault Warden
|
||||
authMechanism: "Plain"
|
||||
acceptInvalidHostnames: "false"
|
||||
acceptInvalidCerts: "false"
|
||||
debug: false
|
||||
domain: https://vaulttest.badhouseplants.net
|
||||
websocket:
|
||||
enabled: true
|
||||
address: "0.0.0.0"
|
||||
port: 3012
|
||||
rocket:
|
||||
port: "8080"
|
||||
workers: "10"
|
||||
webVaultEnabled: "true"
|
||||
signupsAllowed: true
|
||||
invitationsAllowed: true
|
||||
signupDomains: "https://vaulttest.badhouseplants.net"
|
||||
signupsVerify: false
|
||||
showPassHint: true
|
||||
# database:
|
||||
# existingSecret: vaultwarden-postgres16-creds
|
||||
# existingSecretKey: CONNECTION_STRING
|
||||
# connectionRetries: 15
|
||||
# maxConnections: 10
|
||||
storage:
|
||||
enabled: true
|
||||
size: 512Mi
|
||||
class: longhorn
|
||||
dataDir: /data
|
||||
logging:
|
||||
enabled: false
|
||||
logfile: "/data/vaultwarden.log"
|
||||
loglevel: "warn"
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
hosts:
|
||||
- host: vaulttest.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: vault-tls-secret
|
||||
hosts:
|
||||
- vaulttest.badhouseplants.net
|
||||
@ -18,22 +18,6 @@ ext-database:
|
||||
credentials:
|
||||
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
|
||||
server:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
hosts:
|
||||
- host: ci.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
tls:
|
||||
- secretName: woodpecker-tls-secret
|
||||
hosts:
|
||||
- ci.badhouseplants.net
|
||||
#image:
|
||||
# registry: git.badhouseplants.net
|
||||
# repository: allanger/woodpecker-server
|
||||
@ -50,21 +34,22 @@ server:
|
||||
WOODPECKER_HOST: "https://ci.badhouseplants.net"
|
||||
WOODPECKER_ESCALATE: true
|
||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
||||
extraSecretNamesForEnvFrom:
|
||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
|
||||
extraSecretNamesForEnvFrom:
|
||||
- woodpecker-postgres16-creds
|
||||
agent:
|
||||
#image:
|
||||
# registry: git.badhouseplants.net
|
||||
# repository: allanger/woodpecker-agent
|
||||
# pullPolicy: Always
|
||||
# tag: dev
|
||||
image:
|
||||
registry: git.badhouseplants.net
|
||||
repository: allanger/woodpecker-agent
|
||||
pullPolicy: Always
|
||||
tag: dev
|
||||
enabled: true
|
||||
extraSecretNamesForEnvFrom: []
|
||||
env:
|
||||
WOODPECKER_SERVER: woodpecker-ci-server:9000
|
||||
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
|
||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
|
||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
|
||||
serviceAccount:
|
||||
create: true
|
||||
rbac:
|
||||
|
||||
@ -1,47 +0,0 @@
|
||||
ingress:
|
||||
enabled: true
|
||||
className: ~
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
pathtype: ImplementationSpecific
|
||||
hosts:
|
||||
- host: registry.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
tls:
|
||||
- secretName: zot-secret-tls
|
||||
hosts:
|
||||
- registry.badhouseplants.net
|
||||
strategy:
|
||||
type: Recreate
|
||||
service:
|
||||
type: ClusterIP
|
||||
persistence: true
|
||||
pvc:
|
||||
create: true
|
||||
accessMode: "ReadWriteOnce"
|
||||
storage: 5Gi
|
||||
storageClassName: longhorn
|
||||
mountConfig: true
|
||||
mountSecret: true
|
||||
#configFiles:
|
||||
# ui.json: |-
|
||||
# {
|
||||
# "log": {
|
||||
# "level": "info"
|
||||
# },
|
||||
# "extensions": {
|
||||
# "search": {
|
||||
# "cve": {
|
||||
# "updateInterval": "2h"
|
||||
# }
|
||||
# },
|
||||
# "ui": {
|
||||
# "enable": true
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
@ -1,23 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@ -1,24 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: namespaces
|
||||
description: A Helm chart for Kubernetes
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "1.16.0"
|
||||
@ -1,43 +0,0 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "namespaces.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "namespaces.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "namespaces.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "namespaces.labels" -}}
|
||||
helm.sh/chart: {{ include "namespaces.chart" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
{{- if .Values.namespaces }}
|
||||
{{- range $ns := .Values.namespaces }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ $ns.name }}
|
||||
labels:
|
||||
{{- include "namespaces.labels" $ | nindent 4 }}
|
||||
{{- with $ns.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- with $ns.annotations}}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,20 +0,0 @@
|
||||
namespaces:
|
||||
- name: giantswarm-flux
|
||||
labels:
|
||||
name: giantswarm-flux
|
||||
- name: giantswarm
|
||||
labels:
|
||||
name: giantswarm
|
||||
- name: monitoring
|
||||
labels:
|
||||
name: monitoring
|
||||
- name: org-giantswarm
|
||||
labels:
|
||||
name: org-giantswarm
|
||||
- name: flux-system
|
||||
labels:
|
||||
name: flux-system
|
||||
- name: flux-giantswarm
|
||||
labels:
|
||||
name: flux-giantswarm
|
||||
- name: policy-exception
|
||||
@ -1,6 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: flux-system
|
||||
labels:
|
||||
name: flux-system
|
||||
@ -1,6 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: giantswarm-flux
|
||||
labels:
|
||||
name: giantswarm-flux
|
||||
@ -1,6 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: giantswarm
|
||||
labels:
|
||||
name: giantswarm
|
||||
@ -1,5 +0,0 @@
|
||||
resources:
|
||||
- ./giantswarm-flux.yml
|
||||
- ./giantswarm.yml
|
||||
- ./monitoring.yml
|
||||
- ./org-giantswarm.yml
|
||||
@ -1,6 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: monitoring
|
||||
labels:
|
||||
name: monitoring
|
||||
@ -1,6 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: org-giantswarm
|
||||
labels:
|
||||
name: org-giantswarm
|
||||
@ -1,23 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@ -1,6 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: roles
|
||||
description: A Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: "1.16.0"
|
||||
@ -1,43 +0,0 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "roles.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "roles.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "roles.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "roles.labels" -}}
|
||||
helm.sh/chart: {{ include "roles.chart" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
{{- if .Values.roles }}
|
||||
{{- range $roles := .Values.roles }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: {{ $roles.kind }}
|
||||
metadata:
|
||||
name: {{ $roles.name }}
|
||||
namespace: {{ $roles.namespace }}
|
||||
labels:
|
||||
{{- include "roles.labels" $ | nindent 4 }}
|
||||
{{- with $roles.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $roles.annotations}}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- with $roles.rules }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,9 +0,0 @@
|
||||
roles:
|
||||
- name: minecraft-admin
|
||||
namespace: minecraft-application
|
||||
kind: Role
|
||||
rules:
|
||||
- apiGroups: ["*"]
|
||||
resources: ["*"]
|
||||
verbs: ["*"]
|
||||
namespace: ["minecraft-application"]
|
||||
@ -1,23 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@ -1,6 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: root
|
||||
description: A Helm chart for Kubernetes
|
||||
type: application
|
||||
version: 0.1.5
|
||||
appVersion: "1.16.0"
|
||||
@ -1,62 +0,0 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "root.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "root.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "root.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "root.labels" -}}
|
||||
helm.sh/chart: {{ include "root.chart" . }}
|
||||
{{ include "root.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "root.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "root.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "root.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,25 +0,0 @@
|
||||
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: root
|
||||
spec:
|
||||
interval: 30s
|
||||
url: {{ .Values.url }}
|
||||
ref:
|
||||
branch: {{ .Values.branch }}
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: root
|
||||
spec:
|
||||
interval: 30s
|
||||
targetNamespace: flux-system
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: root
|
||||
path: "."
|
||||
prune: false
|
||||
timeout: 1m
|
||||
{{- end }}
|
||||
@ -1,25 +0,0 @@
|
||||
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: root-self
|
||||
spec:
|
||||
interval: 30s
|
||||
url: {{ .Values.self.url }}
|
||||
ref:
|
||||
branch: {{ .Values.self.branch }}
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: root-self
|
||||
spec:
|
||||
interval: 30s
|
||||
targetNamespace: flux-system
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: root-self
|
||||
path: "."
|
||||
prune: false
|
||||
timeout: 1m
|
||||
{{- end }}
|
||||
@ -1,5 +0,0 @@
|
||||
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
|
||||
branch: main
|
||||
self:
|
||||
url: git@git.badhouseplants.net:giantswarm/root-config.git
|
||||
branch: master
|
||||
@ -10,7 +10,7 @@ ext-database:
|
||||
spec:
|
||||
secretName: "{{ .Values.name }}-creds"
|
||||
instance: "{{ .Values.instance }}"
|
||||
deletionProtected: true
|
||||
deletionProtected: false
|
||||
backup:
|
||||
enable: false
|
||||
cron: 0 0 * * *
|
||||
@ -23,28 +23,3 @@ ext-database:
|
||||
secret: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
- |
|
||||
{{- if (.Values.extraDatabase).enabled }}
|
||||
---
|
||||
apiVersion: kinda.rocks/v1beta1
|
||||
kind: Database
|
||||
metadata:
|
||||
name: "{{ .Values.extraDatabase.name }}"
|
||||
spec:
|
||||
secretName: "{{ .Values.extraDatabase.name }}-creds"
|
||||
instance: "{{ .Values.extraDatabase.instance }}"
|
||||
deletionProtected: true
|
||||
backup:
|
||||
enable: false
|
||||
cron: 0 0 * * *
|
||||
{{- if .Values.extraDatabase.credentials }}
|
||||
credentials:
|
||||
templates:
|
||||
{{- range $key, $value := .Values.extraDatabase.credentials }}
|
||||
- name: {{ $key }}
|
||||
template: {{ $value }}
|
||||
secret: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
---
|
||||
metallb:
|
||||
templates:
|
||||
- |
|
||||
{{ range .Values.ippools }}
|
||||
---
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: IPAddressPool
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
addresses:
|
||||
- {{ .addresses }}
|
||||
{{ end }}
|
||||
@ -1,20 +0,0 @@
|
||||
---
|
||||
traefik:
|
||||
templates:
|
||||
- |
|
||||
{{ range .Values.tcpRoutes }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
entryPoints:
|
||||
- {{ .entrypoint }}
|
||||
routes:
|
||||
- match: {{ .match }}
|
||||
services:
|
||||
- name: {{ .service }}
|
||||
nativeLB: true
|
||||
port: {{ .port }}
|
||||
{{- end }}
|
||||
@ -1,13 +0,0 @@
|
||||
---
|
||||
tcproute:
|
||||
templates:
|
||||
- |
|
||||
---
|
||||
{{ range .Values.routes }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: {{ printf "%s-%s" .Release.Name .name }}
|
||||
spec:
|
||||
{{ tpl (.routes | toYaml | indent 2 | toString) $ }}
|
||||
{{ end }}
|
||||
27
crd.yaml
27
crd.yaml
@ -1,27 +0,0 @@
|
||||
templates:
|
||||
# ---------------------------
|
||||
# -- Hooks
|
||||
# ---------------------------
|
||||
crd-management-hook:
|
||||
hooks:
|
||||
- events: ["preapply"]
|
||||
showlogs: true
|
||||
command: "sh"
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|
||||
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|
||||
|| true
|
||||
- events: ["prepare"]
|
||||
showlogs: true
|
||||
command: "sh"
|
||||
args:
|
||||
- -c
|
||||
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
|
||||
- events: ["postuninstall"]
|
||||
showlogs: true
|
||||
command: "sh"
|
||||
args:
|
||||
- -c
|
||||
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
|
||||
7
docs/restic.md
Normal file
7
docs/restic.md
Normal file
@ -0,0 +1,7 @@
|
||||
# Restic
|
||||
|
||||
We are using restic for backing up the Minecraft server
|
||||
|
||||
## How to restore
|
||||
|
||||
TODO: Describe the restoration process
|
||||
@ -1,26 +1,4 @@
|
||||
---
|
||||
{{ readFile "../releases.yaml" }}
|
||||
|
||||
releases:
|
||||
- <<: *openvpn
|
||||
installed: true
|
||||
namespace: openvpn-service
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istio-base
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istio-gateway
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istiod
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
bases:
|
||||
- ../environments.yaml
|
||||
|
||||
@ -1,21 +1,21 @@
|
||||
rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str]
|
||||
rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str]
|
||||
users:
|
||||
- accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str]
|
||||
policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str]
|
||||
- accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str]
|
||||
policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str]
|
||||
#ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment]
|
||||
#ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment]
|
||||
#ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment]
|
||||
#ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment]
|
||||
#ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment]
|
||||
#ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment]
|
||||
#ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment]
|
||||
- accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str]
|
||||
policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str]
|
||||
- accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str]
|
||||
policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str]
|
||||
oidc:
|
||||
enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool]
|
||||
configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str]
|
||||
clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str]
|
||||
clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str]
|
||||
claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str]
|
||||
redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str]
|
||||
comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str]
|
||||
claimPrefix: ""
|
||||
scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -25,14 +25,14 @@ sops:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6
|
||||
MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U
|
||||
SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX
|
||||
ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg
|
||||
mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz
|
||||
QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I
|
||||
R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa
|
||||
UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6
|
||||
vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-04T08:44:29Z"
|
||||
mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str]
|
||||
lastmodified: "2023-11-04T19:00:41Z"
|
||||
mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
||||
@ -1,24 +0,0 @@
|
||||
global:
|
||||
postgresql:
|
||||
auth:
|
||||
postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
|
||||
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
|
||||
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
|
||||
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
|
||||
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-04T02:27:48Z"
|
||||
mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.0
|
||||
@ -1,13 +0,0 @@
|
||||
defaultSettings:
|
||||
backupTarget: s3://longhorn@us-east1/backupstore
|
||||
backupTargetCredentialSecret: aws-secret
|
||||
guaranteedEngineManagerCPU: 6
|
||||
guaranteedReplicaManagerCPU: 6
|
||||
storageOverProvisioningPercentage: 300
|
||||
storageMinimalAvailablePercentage: 5
|
||||
defaultDataPath: /media-longhorn
|
||||
csi:
|
||||
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
|
||||
persistence:
|
||||
defaultClassReplicaCount: 1
|
||||
enablePSP: false
|
||||
@ -1,5 +0,0 @@
|
||||
metallb:
|
||||
enabled: true
|
||||
ippools:
|
||||
- name: etersoft
|
||||
addresses: 91.232.225.63-91.232.225.63
|
||||
@ -18,16 +18,6 @@ istio:
|
||||
hostname: s3.e.badhouseplants.net
|
||||
service: minio
|
||||
port: 9000
|
||||
image:
|
||||
repository: quay.io/minio/minio
|
||||
tag: RELEASE.2024-01-11T07-46-16Z-cpuv1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
mcImage:
|
||||
repository: quay.io/minio/mc
|
||||
tag: RELEASE.2024-01-11T05-49-32Z-cpuv1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
rootUser: 'overlord'
|
||||
replicas: 1
|
||||
mode: standalone
|
||||
@ -95,10 +85,6 @@ buckets:
|
||||
policy: none
|
||||
purge: false
|
||||
versioning: false
|
||||
- name: velero-test
|
||||
policy: none
|
||||
purge: false
|
||||
versioning: false
|
||||
- name: restic
|
||||
policy: none
|
||||
purge: false
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
architecture: standalone
|
||||
|
||||
auth:
|
||||
database: postgres
|
||||
|
||||
persistence:
|
||||
size: 1Gi
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
@ -1,56 +0,0 @@
|
||||
templates:
|
||||
# ----------------------------
|
||||
# -- Extensions
|
||||
# ----------------------------
|
||||
ext-istio-gateway:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: istio-gateway
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
|
||||
|
||||
ext-istio-resource:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: istio
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
|
||||
ext-certificate:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: certificate
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
|
||||
ext-metallb:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: metallb
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
|
||||
service-monitor:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: service-monitor
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
|
||||
namespace:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: ns
|
||||
inherit:
|
||||
- template: default-common-values
|
||||
- template: default-env-values
|
||||
|
||||
ext-database:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: ext-database
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'
|
||||
@ -8,33 +8,40 @@ bases:
|
||||
releases:
|
||||
- <<: *metrics-server
|
||||
installed: true
|
||||
namespace: kube-system
|
||||
|
||||
- <<: *istio-base
|
||||
installed: true
|
||||
|
||||
- <<: *istio-gateway
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istiod
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *cert-manager
|
||||
installed: true
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *minio
|
||||
installed: true
|
||||
namespace: minio-service
|
||||
createNamespace: false
|
||||
|
||||
- <<: *openvpn
|
||||
installed: true
|
||||
namespace: openvpn-service
|
||||
createNamespace: false
|
||||
|
||||
- <<: *metallb
|
||||
installed: true
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *reflector
|
||||
installed: true
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *metallb-resources
|
||||
installed: true
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
namespace: reflector-system
|
||||
createNamespace: true
|
||||
|
||||
helmfiles:
|
||||
- path: {{.Environment.Name }}/helmfile.yaml
|
||||
|
||||
@ -1,235 +0,0 @@
|
||||
charts:
|
||||
- repository: metrics-server
|
||||
name: metrics-server
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: metallb
|
||||
name: metallb
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: bedag
|
||||
name: raw
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: jetstack
|
||||
name: cert-manager
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: longhorn
|
||||
name: longhorn
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: argo
|
||||
name: argo-cd
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: prometheus-community
|
||||
name: kube-prometheus-stack
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: grafana
|
||||
name: loki
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: grafana
|
||||
name: promtail
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: istio
|
||||
name: base
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: istio
|
||||
name: gateway
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: istio
|
||||
name: istiod
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: allanger-gitea
|
||||
name: openvpn-xor
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: allanger-gitea
|
||||
name: openvpn
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: drone
|
||||
name: drone
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: drone
|
||||
name: drone-runner-docker
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: woodpecker
|
||||
name: woodpecker
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: bitnami
|
||||
name: wordpress
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: minio
|
||||
name: minio
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: gitea
|
||||
name: gitea
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: ananace-charts
|
||||
name: funkwhale
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: bitwarden
|
||||
name: vaultwarden
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: bitnami
|
||||
name: redis
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: bitnami
|
||||
name: postgresql
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: db-operator
|
||||
name: db-operator
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: db-operator
|
||||
name: db-instances
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: bitnami
|
||||
name: mysql
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: allanger-gitea
|
||||
name: docker-mailserver
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: allanger-gitea
|
||||
name: vaultwarden
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: emberstack
|
||||
name: reflector
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: mailu
|
||||
name: mailu
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: gabe565
|
||||
name: tandoor
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: coredns
|
||||
name: coredns
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: cilium
|
||||
name: cilium
|
||||
mirrors:
|
||||
- custom-commands
|
||||
- repository: zot
|
||||
name: zot
|
||||
mirrors:
|
||||
- custom-commands
|
||||
mirrors:
|
||||
- name: custom-commands
|
||||
custom_command:
|
||||
package:
|
||||
- helm package -d package .
|
||||
upload:
|
||||
- helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants
|
||||
- rm -rf ./package
|
||||
repositories:
|
||||
- name: metrics-server
|
||||
helm:
|
||||
url: https://kubernetes-sigs.github.io/metrics-server/
|
||||
- name: jetstack
|
||||
helm:
|
||||
url: https://charts.jetstack.io
|
||||
- name: istio
|
||||
helm:
|
||||
url: https://istio-release.storage.googleapis.com/charts
|
||||
- name: drone
|
||||
helm:
|
||||
url: https://charts.drone.io
|
||||
- name: bitnami
|
||||
helm:
|
||||
url: https://charts.bitnami.com/bitnami
|
||||
- name: minio
|
||||
helm:
|
||||
url: https://charts.min.io/
|
||||
- name: longhorn
|
||||
helm:
|
||||
url: https://charts.longhorn.io
|
||||
- name: gitea
|
||||
helm:
|
||||
url: https://dl.gitea.io/charts/
|
||||
- name: ananace-charts
|
||||
helm:
|
||||
url: https://ananace.gitlab.io/charts
|
||||
- name: argo
|
||||
helm:
|
||||
url: https://argoproj.github.io/argo-helm
|
||||
- name: bedag
|
||||
helm:
|
||||
url: https://bedag.github.io/helm-charts/
|
||||
- name: metallb
|
||||
helm:
|
||||
url: https://metallb.github.io/metallb
|
||||
- name: prometheus-community
|
||||
helm:
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
- name: grafana
|
||||
helm:
|
||||
url: https://grafana.github.io/helm-charts
|
||||
- name: bitwarden
|
||||
helm:
|
||||
url: https://constin.github.io/vaultwarden-helm/
|
||||
- name: db-operator
|
||||
helm:
|
||||
url: https://db-operator.github.io/charts
|
||||
- name: allanger-gitea
|
||||
helm:
|
||||
url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||
- name: badhouseplants
|
||||
helm:
|
||||
url: https://badhouseplants.github.io/helm-charts/
|
||||
- name: woodpecker
|
||||
helm:
|
||||
url: https://woodpecker-ci.org
|
||||
- name: firefly-iii
|
||||
helm:
|
||||
url: https://firefly-iii.github.io/kubernetes/
|
||||
- name: emberstack
|
||||
helm:
|
||||
url: https://emberstack.github.io/helm-charts
|
||||
- name: gabe565
|
||||
helm:
|
||||
url: https://charts.gabe565.com
|
||||
- name: mailu
|
||||
helm:
|
||||
url: https://mailu.github.io/helm-charts/
|
||||
- name: coredns
|
||||
helm:
|
||||
url: https://coredns.github.io/helm
|
||||
- name: cilium
|
||||
helm:
|
||||
url: https://helm.cilium.io/
|
||||
- name: phybros-helm-charts
|
||||
helm:
|
||||
url: https://phybros.github.io/helm-charts
|
||||
- name: nextcloud
|
||||
helm:
|
||||
url: https://nextcloud.github.io/helm/
|
||||
- name: zot
|
||||
helm:
|
||||
url: https://zotregistry.dev/helm-charts/
|
||||
|
||||
@ -7,4 +7,4 @@ metadata:
|
||||
namespace: metallb-system
|
||||
spec:
|
||||
addresses:
|
||||
- 195.201.249.91-195.201.249.91
|
||||
- 195.201.250.50-195.201.250.50
|
||||
|
||||
12
manifests/badhouseplants/namespace-creator-binding.yaml
Normal file
12
manifests/badhouseplants/namespace-creator-binding.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: namespace-manager
|
||||
subjects:
|
||||
- kind: User
|
||||
name: badhousplants
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: namespace-manager
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
8
manifests/badhouseplants/namespace-creator-role.yaml
Normal file
8
manifests/badhouseplants/namespace-creator-role.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: namespace-manager
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get", "watch", "list", "create", "delete"]
|
||||
@ -1,81 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
labels:
|
||||
kubernetes.io/metadata.name: debug
|
||||
name: debug
|
||||
---
|
||||
# httpbin.yaml
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
name: httpbin
|
||||
namespace: debug
|
||||
spec:
|
||||
hosts:
|
||||
- "httpbin.badhouseplants.net"
|
||||
gateways:
|
||||
- istio-system/badhouseplants-net
|
||||
http:
|
||||
- route:
|
||||
- destination:
|
||||
port:
|
||||
number: 8000
|
||||
host: httpbin
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: httpbin
|
||||
namespace: debug
|
||||
spec:
|
||||
rules:
|
||||
- host: "httpbin.badhouseplants.net"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: httpbin
|
||||
port:
|
||||
number: 8000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: httpbin
|
||||
namespace: debug
|
||||
labels:
|
||||
app: httpbin
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 8000
|
||||
selector:
|
||||
app: httpbin
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: httpbin
|
||||
namespace: debug
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: httpbin
|
||||
version: v1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: httpbin
|
||||
version: v1
|
||||
spec:
|
||||
containers:
|
||||
- image: docker.io/citizenstig/httpbin
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: httpbin
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
@ -1,19 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx
|
||||
replicas: 2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:1.14.2
|
||||
ports:
|
||||
- containerPort: 80
|
||||
@ -1,11 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx
|
||||
spec:
|
||||
selector:
|
||||
app: nginx
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
type: LoadBalancer
|
||||
@ -1,11 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: ubuntu
|
||||
spec:
|
||||
containers:
|
||||
- name: ubuntu
|
||||
image: ubuntu
|
||||
command:
|
||||
- sleep
|
||||
- infinity
|
||||
@ -1,18 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: cluster-issuer
|
||||
app.kubernetes.io/name: acme-cluster-issuer
|
||||
name: badhouseplants-issuer-http01
|
||||
spec:
|
||||
acme:
|
||||
email: allanger@zohomail.com
|
||||
preferredChain: ""
|
||||
privateKeySecretRef:
|
||||
name: badhouseplants-issuer-htt01-account-key
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
ingressClassName: traefik
|
||||
@ -1,11 +0,0 @@
|
||||
---
|
||||
# Source: raw/charts/metallb/templates/resources.yaml
|
||||
---
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: IPAddressPool
|
||||
metadata:
|
||||
name: etersoft
|
||||
spec:
|
||||
addresses:
|
||||
- 91.232.225.63-91.232.225.63
|
||||
|
||||
@ -1,78 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: shadowsocks-deployment
|
||||
labels:
|
||||
app: shadowsocks
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: shadowsocks
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: shadowsocks
|
||||
spec:
|
||||
containers:
|
||||
- name: shadowsocks-libev
|
||||
image: shadowsocks/shadowsocks-libev
|
||||
env:
|
||||
- name: METHOD
|
||||
value: chacha20-ietf-poly1305
|
||||
- name: PASSWORD
|
||||
value: test12345
|
||||
ports:
|
||||
- containerPort: 8388
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: shadowsocks
|
||||
labels:
|
||||
app: shadowsocks
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8388
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: shadowsocks
|
||||
---
|
||||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: badhouseplants-shadowsocks
|
||||
namespace: istio-system
|
||||
spec:
|
||||
selector:
|
||||
istio: ingressgateway
|
||||
servers:
|
||||
- hosts:
|
||||
- '*'
|
||||
port:
|
||||
name: tcp
|
||||
number: 8388
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
name: shadowsocks
|
||||
spec:
|
||||
gateways:
|
||||
- istio-system/badhouseplants-shadowsocks
|
||||
hosts:
|
||||
- '*'
|
||||
tcp:
|
||||
- match:
|
||||
- port: 8388
|
||||
route:
|
||||
- destination:
|
||||
host: shadowsocks
|
||||
port:
|
||||
number: 8388
|
||||
224
releases.yaml
224
releases.yaml
@ -1,3 +1,4 @@
|
||||
---
|
||||
templates:
|
||||
# ---------------------------
|
||||
# -- Hooks
|
||||
@ -48,14 +49,6 @@ templates:
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
|
||||
|
||||
ext-tcp-routes:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: traefik
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml'
|
||||
|
||||
ext-istio-resource:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -63,7 +56,6 @@ templates:
|
||||
alias: istio
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
|
||||
|
||||
ext-certificate:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -71,13 +63,7 @@ templates:
|
||||
alias: certificate
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
|
||||
ext-metallb:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: metallb
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
|
||||
|
||||
service-monitor:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -106,64 +92,50 @@ templates:
|
||||
# ----------------------------
|
||||
# -- System
|
||||
# ----------------------------
|
||||
namespaces: &namespaces
|
||||
name: namespaces
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
|
||||
namespace: kube-public
|
||||
createNamespace: false
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
roles: &roles
|
||||
name: roles
|
||||
chart: '{{ requiredEnv "PWD" }}/charts/roles'
|
||||
namespace: kube-public
|
||||
createNamespace: false
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
metrics-server: &metrics-server
|
||||
name: metrics-server
|
||||
chart: metrics-server/metrics-server
|
||||
version: 3.12.1
|
||||
version: 3.11.0
|
||||
namespace: kube-system
|
||||
createNamespace: true
|
||||
values:
|
||||
- common/values.{{ .Release.Name }}.yaml
|
||||
|
||||
metallb: &metallb
|
||||
name: metallb
|
||||
chart: metallb/metallb
|
||||
version: 0.14.5
|
||||
|
||||
metallb-resources: &metallb-resources
|
||||
name: metallb-resources
|
||||
chart: bedag/raw
|
||||
version: 2.0.0
|
||||
inherit:
|
||||
- template: ext-metallb
|
||||
- template: default-env-values
|
||||
version: 0.13.12
|
||||
namespace: metallb-system
|
||||
createNamespace: true
|
||||
|
||||
cert-manager: &cert-manager
|
||||
name: cert-manager
|
||||
chart: jetstack/cert-manager
|
||||
version: 1.15.0
|
||||
version: 1.13.3
|
||||
namespace: cert-manager
|
||||
createNamespace: true
|
||||
set:
|
||||
- name: installCRDs
|
||||
value: true
|
||||
|
||||
longhorn: &longhorn
|
||||
name: longhorn
|
||||
chart: longhorn/longhorn
|
||||
version: 1.6.2
|
||||
version: 1.5.3
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
argocd: &argocd
|
||||
name: argocd
|
||||
chart: argo/argo-cd
|
||||
version: 7.1.3
|
||||
version: 5.51.6
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
- template: ext-istio-resource
|
||||
# -------------------------------------------------------------------
|
||||
# -- Monitoring
|
||||
# -------------------------------------------------------------------
|
||||
monitoring-common:
|
||||
labels:
|
||||
bundle: monitoring
|
||||
@ -171,17 +143,18 @@ templates:
|
||||
prometheus: &prometheus
|
||||
name: prometheus
|
||||
chart: prometheus-community/kube-prometheus-stack
|
||||
version: 58.5.3
|
||||
version: 55.3.1
|
||||
inherit:
|
||||
- template: monitoring-common
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: crd-management-hook
|
||||
- template: ext-istio-resource
|
||||
|
||||
loki: &loki
|
||||
name: loki
|
||||
chart: grafana/loki
|
||||
version: 6.5.2
|
||||
version: 5.41.1
|
||||
inherit:
|
||||
- template: monitoring-common
|
||||
- template: default-env-values
|
||||
@ -189,7 +162,7 @@ templates:
|
||||
promtail: &promtail
|
||||
name: promtail
|
||||
chart: grafana/promtail
|
||||
version: 6.15.5
|
||||
version: 6.15.3
|
||||
inherit:
|
||||
- template: monitoring-common
|
||||
- template: default-env-values
|
||||
@ -197,9 +170,11 @@ templates:
|
||||
# -- Istio
|
||||
# ----------------------------
|
||||
istio-common:
|
||||
version: 1.20.1
|
||||
labels:
|
||||
bundle: istio
|
||||
version: 1.22.0
|
||||
namespace: istio-system
|
||||
createNamespace: true
|
||||
|
||||
istio-base: &istio-base
|
||||
name: istio-base
|
||||
@ -211,6 +186,8 @@ templates:
|
||||
istio-gateway: &istio-gateway
|
||||
name: istio-ingressgateway
|
||||
chart: istio/gateway
|
||||
needs:
|
||||
- istio-system/istio-base
|
||||
inherit:
|
||||
- template: istio-common
|
||||
- template: default-env-values
|
||||
@ -227,6 +204,8 @@ templates:
|
||||
istiod: &istiod
|
||||
name: istiod
|
||||
chart: istio/istiod
|
||||
needs:
|
||||
- istio-system/istio-base
|
||||
inherit:
|
||||
- template: istio-common
|
||||
- template: default-env-values
|
||||
@ -234,20 +213,13 @@ templates:
|
||||
# ----------------------------
|
||||
# -- Applications
|
||||
# ----------------------------
|
||||
openvpn-xor: &openvpn-xor
|
||||
name: openvpn-xor
|
||||
chart: allanger-gitea/openvpn-xor
|
||||
version: 1.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-tcp-routes
|
||||
|
||||
openvpn: &openvpn
|
||||
name: openvpn
|
||||
chart: allanger-gitea/openvpn
|
||||
version: 1.2.0
|
||||
version: 1.0.7
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-istio-resource
|
||||
# ----------------------------
|
||||
# -- Drone
|
||||
# ----------------------------
|
||||
@ -261,6 +233,7 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: drone-common
|
||||
|
||||
drone-runner-docker: &drone-runner-docker
|
||||
@ -275,35 +248,49 @@ templates:
|
||||
woodpecker-ci: &woodpecker-ci
|
||||
name: woodpecker-ci
|
||||
chart: woodpecker/woodpecker
|
||||
version: 1.5.0
|
||||
version: 1.0.1
|
||||
inherit:
|
||||
- template: ext-database
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
nrodionov: &nrodionov
|
||||
name: nrodionov
|
||||
chart: bitnami/wordpress
|
||||
version: 22.4.10
|
||||
version: 18.1.24
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
minio: &minio
|
||||
name: minio
|
||||
chart: minio/minio
|
||||
version: 5.2.0
|
||||
version: 5.0.14
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
minecraft: &minecraft
|
||||
name: minecraft
|
||||
chart: minecraft-server-charts/minecraft
|
||||
version: 4.12.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
gitea: &gitea
|
||||
name: gitea
|
||||
chart: gitea/gitea
|
||||
version: 10.2.0
|
||||
version: 9.6.1
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
funkwhale: &funkwhale
|
||||
@ -313,6 +300,7 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
bitwarden: &bitwarden
|
||||
@ -322,11 +310,12 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
redis: &redis
|
||||
name: redis
|
||||
chart: bitnami/redis
|
||||
version: 19.5.3
|
||||
version: 18.5.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -334,7 +323,7 @@ templates:
|
||||
postgres16: &postgres16
|
||||
name: postgres16
|
||||
chart: bitnami/postgresql
|
||||
version: 15.5.5
|
||||
version: 13.2.24
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -342,12 +331,12 @@ templates:
|
||||
db-operator: &db-operator
|
||||
name: db-operator
|
||||
chart: db-operator/db-operator
|
||||
version: 1.25.0
|
||||
version: 1.14.1
|
||||
|
||||
db-instances: &db-instances
|
||||
name: db-instances
|
||||
chart: db-operator/db-instances
|
||||
version: 2.3.1
|
||||
version: 2.1.1
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -355,7 +344,7 @@ templates:
|
||||
mysql: &mysql
|
||||
name: mysql
|
||||
chart: bitnami/mysql
|
||||
version: 11.1.2
|
||||
version: 9.14.4
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -363,102 +352,23 @@ templates:
|
||||
docker-mailserver: &docker-mailserver
|
||||
name: docker-mailserver
|
||||
chart: allanger-gitea/docker-mailserver
|
||||
version: 2.3.1
|
||||
version: 2.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-tcp-routes
|
||||
- template: ext-istio-gateway
|
||||
- template: ext-istio-resource
|
||||
|
||||
vaultwarden: &vaultwarden
|
||||
name: vaultwarden
|
||||
chart: allanger-gitea/vaultwarden
|
||||
version: 1.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
|
||||
vaultwarden-test: &vaultwardentest
|
||||
name: vaultwardentest
|
||||
chart: allanger-gitea/vaultwarden
|
||||
version: 1.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
reflector: &reflector
|
||||
name: reflector
|
||||
chart: emberstack/reflector
|
||||
version: 7.1.262
|
||||
|
||||
mailu: &mailu
|
||||
name: mailu
|
||||
chart: mailu/mailu
|
||||
version: 1.5.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-certificate
|
||||
- template: ext-tcp-routes
|
||||
- template: ext-database
|
||||
|
||||
tandoor: &tandoor
|
||||
name: tandoor
|
||||
chart: gabe565/tandoor
|
||||
version: 0.9.5
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-database
|
||||
|
||||
coredns: &coredns
|
||||
name: coredns
|
||||
chart: coredns/coredns
|
||||
version: 1.31.0
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
cilium: &cilium
|
||||
name: cilium
|
||||
chart: cilium/cilium
|
||||
version: 1.15.6
|
||||
createNamespace: false
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
zot: &zot
|
||||
name: zot
|
||||
chart: zot/zot
|
||||
version: 0.1.56
|
||||
createNamespace: false
|
||||
namespace: kube-services
|
||||
chart: badhouseplants/vaultwarden
|
||||
version: 1.0.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
keel: &keel
|
||||
name: keel
|
||||
chart: keel/keel
|
||||
version: 1.0.3
|
||||
createNamespace: false
|
||||
namespace: kube-system
|
||||
|
||||
traefik: &traefik
|
||||
name: traefik
|
||||
chart: traefik/traefik
|
||||
version: 28.3.0
|
||||
createNamespace: false
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
local-path-provisioner: &local-path-provisioner
|
||||
name: local-path-provisioner
|
||||
chart: local-path-provisioner/local-path-provisioner
|
||||
createNamespace: false
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-database
|
||||
|
||||
reflector: &reflector
|
||||
name: reflector
|
||||
chart: emberstack/reflector
|
||||
version: 7.1.216
|
||||
|
||||
@ -1,4 +0,0 @@
|
||||
repositories:
|
||||
- name: badhouseplants-oci
|
||||
url: registry.badhouseplants.net/badhouseplants
|
||||
oci: true
|
||||
@ -11,6 +11,8 @@ repositories:
|
||||
url: https://charts.bitnami.com/bitnami
|
||||
- name: minio
|
||||
url: https://charts.min.io/
|
||||
- name: minecraft-server-charts
|
||||
url: https://itzg.github.io/minecraft-server-charts/
|
||||
- name: longhorn
|
||||
url: https://charts.longhorn.io
|
||||
- name: gitea
|
||||
@ -31,8 +33,8 @@ repositories:
|
||||
url: https://constin.github.io/vaultwarden-helm/
|
||||
- name: db-operator
|
||||
url: https://db-operator.github.io/charts
|
||||
# - name: allanger-gitea
|
||||
# url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||
- name: allanger-gitea
|
||||
url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||
- name: badhouseplants
|
||||
url: https://badhouseplants.github.io/helm-charts/
|
||||
- name: woodpecker
|
||||
@ -41,25 +43,3 @@ repositories:
|
||||
url: https://firefly-iii.github.io/kubernetes/
|
||||
- name: emberstack
|
||||
url: https://emberstack.github.io/helm-charts
|
||||
- name: gabe565
|
||||
url: https://charts.gabe565.com
|
||||
- name: mailu
|
||||
url: https://mailu.github.io/helm-charts/
|
||||
- name: coredns
|
||||
url: https://coredns.github.io/helm
|
||||
- name: cilium
|
||||
url: https://helm.cilium.io/
|
||||
- name: phybros-helm-charts
|
||||
url: https://phybros.github.io/helm-charts
|
||||
- name: nextcloud
|
||||
url: https://nextcloud.github.io/helm/
|
||||
- name: zot
|
||||
url: https://zotregistry.dev/helm-charts/
|
||||
- name: chartmuseum
|
||||
url: https://chartmuseum.github.io/charts
|
||||
- name: keel
|
||||
url: https://charts.keel.sh
|
||||
- name: traefik
|
||||
url: https://traefik.github.io/charts
|
||||
- name: local-path-provisioner
|
||||
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@ -1,24 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: namespaces
|
||||
description: A Helm chart for Kubernetes
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "1.16.0"
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user