badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:main
Branches Tags
badhouseplants:main
badhouseplants:renovate/configure
badhouseplants:try-argo-and-flux
badhouseplants:fail-kust
badhouseplants:add-dependencies
badhouseplants:refactor-helmfiles
badhouseplants:rook-ceph-arm
badhouseplants:invalid.config
badhouseplants:try-elementor
badhouseplants:prepare-arm-cluster
badhouseplants:try-tekton
badhouseplants:fix-check-da-helm
badhouseplants:try-arm
badhouseplants:upgrading-openvpn
..
compare: badhouseplants:upgrading-openvpn
Branches Tags
badhouseplants:renovate/configure
badhouseplants:try-argo-and-flux
badhouseplants:fail-kust
badhouseplants:main
badhouseplants:add-dependencies
badhouseplants:refactor-helmfiles
badhouseplants:rook-ceph-arm
badhouseplants:invalid.config
badhouseplants:try-elementor
badhouseplants:prepare-arm-cluster
badhouseplants:try-tekton
badhouseplants:fix-check-da-helm
badhouseplants:try-arm
badhouseplants:upgrading-openvpn

1 Commits
main ... upgrading-

Author SHA1 Message Date
Nikolai Rodionov
6b942be2d2
WIP: Chenge openvpn port 2023-08-08 13:37:53 +02:00
137 changed files with 632 additions and 3602 deletions
Show Stats Expand all files Collapse all files

14
.drone.yml
View File

@ -105,16 +105,4 @@ steps:
SOPS_AGE_KEY:
from_secret: SOPS_AGE_KEY
commands:
- echo "Hey, bud, some helm releases are outdated:" > message_file.tpl
- cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl
- name: Send telegram notification
when:
status:
- failure
image: appleboy/drone-telegram
settings:
token:
from_secret: TELEGRAM_TOKEN
to: 131601077
message_file: message_file.tpl
- cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o

30
.woodpecker/.cdh.yml
View File

@ -1,30 +0,0 @@
# ----------------------------------------------
# -- Check da helm pipeline
# ----------------------------------------------
when:
- event: cron
cron: nightly
steps:
check badhouseplants:
image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable
secrets:
- sops_age_key
environment:
RUST_LOG: info
commands:
- cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html
notification:
image: deblan/woodpecker-email
settings:
dsn:
from_secret: smtp_dsn
from:
address: woody@badhouseplants.net
name: Woody Woodpecker
recipients:
- allanger@badhouseplants.net
subject: CDH result
target: main
attachment: result.html
when:
- status: [success, failure]

44
.woodpecker/.helmfile.yml
View File

@ -1,44 +0,0 @@
when:
event: push
.k8s-limits: &k8s-limits
backend_options:
kubernetes:
resources:
requests:
memory: 1024Mi
cpu: 1000m
limits:
memory: 1512Mi
cpu: 1500m
matrix:
ENVIRONMENT:
- badhouseplants
- etersoft
steps:
diff:
<<: *k8s-limits
image: ghcr.io/helmfile/helmfile:canary
secrets: [sops_age_key, kubeconfig_content]
when:
- branch:
exclude:
- main
commands:
- mkdir $HOME/.kube
- echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
- helmfile -e $ENVIRONMENT diff --suppress-secrets
apply:
<<: *k8s-limits
image: ghcr.io/helmfile/helmfile:canary
secrets: [sops_age_key, kubeconfig_content]
when:
- branch:
include:
- main
commands:
- mkdir $HOME/.kube
- echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
- helmfile -e $ENVIRONMENT apply

4
Makefile Normal file
View File

@ -0,0 +1,4 @@
create_crb:
kubectl create clusterrolebinding drone-deployer-workaround \
--clusterrole=cluster-admin \
--serviceaccount=drone-service:default

2
README.md
View File

@ -2,4 +2,4 @@
[![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config)
# CRD hooks
I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will.
I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will.

80
badhouseplants/helmfile.yaml
View File

@ -2,21 +2,15 @@
{{ readFile "../releases.yaml" }}
releases:
- <<: *namespaces
installed: true
- <<: *roles
installed: true
- <<: *coredns
installed: true
- <<: *cilium
- <<: *drone
installed: true
namespace: drone-service
createNamespace: false
- <<: *local-path-provisioner
- <<: *zot
- <<: *longhorn
installed: true
- <<: *keel
- <<: *traefik
namespace: longhorn-system
createNamespace: false
- <<: *argocd
installed: true
@ -28,6 +22,11 @@ releases:
namespace: nrodionov-application
createNamespace: false
- <<: *minecraft
installed: true
namespace: minecraft-application
createNamespace: false
- <<: *gitea
installed: true
namespace: gitea-service
@ -38,8 +37,23 @@ releases:
namespace: funkwhale-application
createNamespace: false
- <<: *bitwarden
- <<: *prometheus
installed: true
namespace: monitoring-system
createNamespace: true
- <<: *loki
installed: false
namespace: monitoring-system
createNamespace: false
- <<: *promtail
installed: false
namespace: monitoring-system
createNamespace: false
- <<: *bitwarden
installed: true
namespace: bitwarden-application
createNamespace: true
@ -48,7 +62,7 @@ releases:
namespace: database-service
createNamespace: true
- <<: *postgres16
- <<: *postgres
installed: true
namespace: database-service
createNamespace: true
@ -64,46 +78,14 @@ releases:
createNamespace: true
- <<: *mysql
installed: false
installed: true
namespace: database-service
createNamespace: true
- <<: *woodpecker-ci
installed: true
namespace: woodpecker-ci
createNamespace: true
- <<: *vaultwarden
createNamespace: true
installed: true
namespace: vaultwarden-application
- <<: *vaultwardentest
createNamespace: false
installed: true
namespace: applications
- <<: *openvpn-xor
installed: true
namespace: openvpn-service
createNamespace: false
- <<: *docker-mailserver
installed: true
namespace: applications
createNamespace: true
- <<: *mailu
installed: false
namespace: mailu-application
createNamespace: false
- <<: *longhorn
installed: true
namespace: longhorn-system
createNamespace: false
bases:
- ../environments.yaml
- ../repositories.yaml
#helmfiles:
# - namespaces.yaml

23
badhouseplants/values/secrets.argocd.yaml
View File

@ -1,9 +1,10 @@
server:
config:
dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str]
configs:
cm:
dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str]
credentialTemplates:
ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str]
sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str]
sops:
kms: []
gcp_kms: []
@ -13,14 +14,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw
MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0
V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3
THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4
DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T23:43:36Z"
mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str]
lastmodified: "2023-03-04T16:16:37Z"
mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.7.3

8
badhouseplants/values/secrets.bitwarden.yaml
View File

@ -1,7 +1,5 @@
env:
ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str]
smtp:
password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -17,8 +15,8 @@ sops:
dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1
amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-15T12:20:48Z"
mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str]
lastmodified: "2023-07-16T18:40:43Z"
mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.7.3

24
badhouseplants/values/secrets.chartmuseum.yaml
View File

@ -1,24 +0,0 @@
env:
secret:
BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str]
BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2
OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl
a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY
TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg
H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-27T08:47:35Z"
mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

26
badhouseplants/values/secrets.db-instances.yaml
View File

@ -1,8 +1,12 @@
dbinstances:
postgres16:
postgres:
secrets:
adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str]
adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str]
adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str]
adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str]
mysql:
secrets:
adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str]
adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str]
sops:
kms: []
gcp_kms: []
@ -12,14 +16,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl
RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx
Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho
d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq
Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-17T01:05:06Z"
mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str]
lastmodified: "2023-07-30T15:07:28Z"
mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.7.3

22
badhouseplants/values/secrets.funkwhale.yaml
View File

@ -1,10 +1,10 @@
djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str]
djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str]
password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str]
redis:
auth:
password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str]
password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,14 +14,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty
dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG
SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y
ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC
nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw
TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL
VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y
dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA
GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-09T09:33:11Z"
mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str]
lastmodified: "2023-07-29T20:22:20Z"
mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.7.3

38
badhouseplants/values/secrets.gitea.yaml
View File

@ -1,23 +1,23 @@
gitea:
admin:
username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str]
password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str]
username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str]
password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str]
config:
mailer:
PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str]
ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool]
database:
PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str]
PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str]
PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str]
cache:
HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str]
HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str]
queue:
CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str]
CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str]
oauth:
- name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str]
provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str]
key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str]
secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str]
- name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str]
provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str]
key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str]
secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str]
sops:
kms: []
gcp_kms: []
@ -27,14 +27,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ
M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5
TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC
OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X
RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94
QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu
LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4
Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-09T09:32:40Z"
mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str]
lastmodified: "2023-07-29T20:30:31Z"
mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.7.3

38
badhouseplants/values/secrets.mailu.yaml
View File

@ -1,21 +1,21 @@
secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str]
secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str]
initialAccount:
enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool]
username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str]
domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str]
password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str]
enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool]
username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str]
domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str]
password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str]
postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str]
password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str]
postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str]
secretKeys:
adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str]
replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str]
userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str]
adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str]
replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str]
userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str]
global:
database:
roundcube:
password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str]
password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str]
sops:
kms: []
gcp_kms: []
@ -25,14 +25,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS
L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu
Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj
aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i
l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw
YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh
b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv
RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp
QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-04T09:30:41Z"
mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str]
lastmodified: "2023-04-28T08:37:51Z"
mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.7.3

24
badhouseplants/values/secrets.postgres16.yaml
View File

@ -1,24 +0,0 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-04T02:27:48Z"
mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

22
badhouseplants/values/secrets.tandoor.yaml
View File

@ -1,22 +0,0 @@
env:
SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB
d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV
YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM
NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz
qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-06T15:16:21Z"
mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

27
badhouseplants/values/secrets.vaultwarden.yaml
View File

@ -1,27 +0,0 @@
vaultwarden:
smtp:
username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str]
password:
value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str]
adminToken:
value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T18:44:39Z"
mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

27
badhouseplants/values/secrets.vaultwardentest.yaml
View File

@ -1,27 +0,0 @@
vaultwarden:
smtp:
username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str]
password:
value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str]
adminToken:
value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-06T15:15:43Z"
mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

23
badhouseplants/values/secrets.woodpecker-agent.yaml
View File

@ -1,23 +0,0 @@
env:
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str]
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1
RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz
ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0
SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY
870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-05T08:06:51Z"
mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

27
badhouseplants/values/secrets.woodpecker-ci.yaml
View File

@ -1,27 +0,0 @@
server:
env:
WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str]
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str]
agent:
env:
WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5
QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn
bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4
WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8
ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-18T17:43:53Z"
mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

23
badhouseplants/values/secrets.zot.yaml
View File

@ -1,23 +0,0 @@
configFiles:
config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str]
authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0
NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du
RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB
M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp
VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-05T17:37:17Z"
mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

61
badhouseplants/values/values.argocd.yaml
View File

@ -1,4 +1,18 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: argocd-http
gateway: badhouseplants-net
kind: http
hostname: argo.badhouseplants.net
service: argocd-server
port: 80
controller:
resources:
limits:
@ -34,35 +48,32 @@ dex:
enabled: false
serviceMonitor:
enabled: false
redis:
metrics:
enabled: false
serviceMonitor:
enabled: false
global:
domain: argo.badhouseplants.net
server:
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
ingressClassName: traefik
tls: true
metrics:
enabled: true
serviceMonitor:
enabled: false
rbacConfig:
policy.default: role:readonly
scopes: "[email, group]"
policy.csv: |
g, allanger@zohomail.com, role:admin
g, rodion.n.rodionov@gmail.com, role:admin
p, drone, applications, *, badhouseplants/*,allow
config:
exec.enabled: "true"
url: https://argo.badhouseplants.net
kustomize.buildOptions: "--enable-alpha-plugins"
accounts.drone: apiKey, login
accounts.drone.enabled: "true"
extraArgs:
- --insecure
servicePort:
servicePortHttp: 80
servicePortHttps: 80
repoServer:
metrics:
@ -74,22 +85,6 @@ repoServer:
- name: regcred
configs:
params:
server.insecure: true
rbac:
policy.default: role:readonly
scopes: "[email, group]"
policy.csv: |
g, allanger@zohomail.com, role:admin
g, allanger@badhouseplants.net, role:admin
g, rodion.n.rodionov@gmail.com, role:admin
p, drone, applications, *, badhouseplants/*,allow
cm:
exec.enabled: "true"
url: https://argo.badhouseplants.net
kustomize.buildOptions: "--enable-alpha-plugins"
accounts.drone: apiKey, login
accounts.drone.enabled: "true"
credentialTemplates:
ssh-creds:
url: git@github.com

25
badhouseplants/values/values.bitwarden.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: bitwarden-http
gateway: istio-system/badhouseplants-net
gateway: badhouseplants-net
kind: http
hostname: bitwarden.badhouseplants.net
service: bitwarden-vaultwarden
@ -17,24 +17,21 @@ istio:
pathType: Prefix
env:
SIGNUPS_ALLOWED: false
DOMAIN: "https://bitwarden.badhouseplants.net"
# YUBICO_CLIENT_ID
# YUBICO_SECRET_KEY
# DATA_FOLDER
# DATABASE_URL
# ATTACHMENTS_FOLDER
# ICON_CACHE_FOLDER
# ROCKET_LIMITS
# ROCKET_WORKERS
WEB_VAULT_ENABLED: true
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 800Mi
storageClass: longhorn
smtp:
host: badhouseplants.net
security: "starttls"
port: 587
from: bitwarden@badhouseplants.net
fromName: bitwarden
username:
value: overlord@badhouseplants.net
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
storageClass: longhorn

19
badhouseplants/values/values.chartmuseum.yaml
View File

@ -1,19 +0,0 @@
istio:
enabled: true
istio:
- name: chartmuseum
kind: http
gateway: istio-system/badhouseplants-net
hostname: helm.badhouseplants.net
service: chartmuseum
port: 8080
env:
open:
AUTH_ANONYMOUS_GET: true
DISABLE_API: false
CORS_ALLOWORIGIN: "*"
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 2Gi
path: /storage

10
badhouseplants/values/values.cilium.yaml
View File

@ -1,10 +0,0 @@
operator:
replicas: 1
endpointRoutes:
# -- Enable use of per endpoint routes instead of routing via
# the cilium_host interface.
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]

32
badhouseplants/values/values.coredns.yaml
View File

@ -1,32 +0,0 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

16
badhouseplants/values/values.db-instances.yaml
View File

@ -1,12 +1,22 @@
---
dbinstances:
postgres16:
postgres:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Name: postgres-secret
Namespace: database-service
engine: postgres
generic:
host: postgres16-postgresql.database-service.svc.cluster.local
host: postgres-postgresql
port: 5432
mysql:
monitoring:
enabled: false
adminSecretRef:
Name: mysql-secret
Namespace: database-service
engine: mysql
generic:
host: mysql
port: 3306

71
badhouseplants/values/values.docker-mailserver.yaml
View File

@ -1,71 +0,0 @@
traefik:
enabled: true
tcpRoutes:
- name: docker-mailserver-smtp
service: docker-mailserver
match: HostSNI(`*`)
entrypoint: smtp
port: 25
- name: docker-mailserver-smtps
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: smtps
port: 465
- name: docker-mailserver-smpt-startls
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: smtp-startls
port: 587
- name: docker-mailserver-imap
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: imap
port: 143
- name: docker-mailserver-imaps
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: imaps
port: 993
- name: docker-mailserver-pop3
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: pop3
port: 110
- name: docker-mailserver-pop3s
match: HostSNI(`*`)
service: docker-mailserver
entrypoint: pop3s
port: 993
rainloop:
enabled: true
ingress:
enabled: true
hosts:
- mail.badhouseplants.net
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls:
- secretName: mail-tls-secret
hosts:
- mail.badhouseplants.net
demoMode:
enabled: false
domains:
- badhouseplants.net
- mail.badhouseplants.net
ssl:
useExisting: true
existingName: mail-tls-secret
pod:
dockermailserver:
enable_fail2ban: "0"
ssl_type: manual
service:
type: ClusterIP
spfTestsDisabled: true

2
badhouseplants/values/values.drone.yaml
View File

@ -6,7 +6,7 @@ istio:
enabled: true
istio:
- name: drone-http
gateway: istio-system/badhouseplants-net
gateway: badhouseplants-net
kind: http
hostname: drone.badhouseplants.net
service: drone

32
badhouseplants/values/values.funkwhale.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: funkwhale-http
gateway: istio-system/badhouseplants-net
gateway: badhouseplants-net
kind: http
hostname: funkwhale.badhouseplants.net
service: funkwhale
@ -15,8 +15,8 @@ istio:
ext-database:
enabled: true
name: funkwhale-postgres16
instance: postgres16
name: funkwhale-postgres
instance: postgres
replicaCount: 1
celery:
@ -30,22 +30,6 @@ celery:
requests:
cpu: 10m
memory: 75Mi
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
host: funkwhale.badhouseplants.net
protocol: http
tls:
- secretName: funkwhale-tls-secret
hosts:
- funkwhale.badhouseplants.net
extraEnv:
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
FUNKWHALE_PROTOCOL: https
@ -55,17 +39,17 @@ persistence:
size: 10Gi
s3:
enabled: false
ingress:
enabled: false
postgresql:
enabled: false
host: postgres16-postgresql.database-service.svc.cluster.local
host: postgres-postgresql.database-service.svc.cluster.local
auth:
username: funkwhale-application-funkwhale-postgres16
database: funkwhale-application-funkwhale-postgres16
username: funkwhale-application-funkwhale-postgres
database: funkwhale-application-funkwhale-postgres
redis:
enabled: false
host: redis-master.database-service.svc.cluster.local
auth:
enabled: true
database: 3

84
badhouseplants/values/values.gitea.yaml
View File

@ -1,33 +1,35 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: gitea-http
kind: http
gateway: badhouseplants-net
hostname: git.badhouseplants.net
service: gitea-http
port: 3000
- name: gitea-ssh
kind: tcp
gateway: badhouseplants-ssh
hostname: "*"
port_match: 22
service: gitea-ssh
port: 22
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: gitea-postgres16
instance: postgres16
name: gitea-postgres
instance: postgres
# ------------------------------------------
# -- Kubernetes related values
# ------------------------------------------
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: git.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls-secret
hosts:
- git.badhouseplants.net
replicaCount: 1
clusterDomain: cluster.local
@ -41,10 +43,12 @@ resources:
persistence:
enabled: true
size: 15Gi
size: 6Gi
accessModes:
- ReadWriteOnce
ingress:
enabled: false
# ------------------------------------------
# -- Main Gitea settings
# ------------------------------------------
@ -57,9 +61,9 @@ gitea:
config:
database:
DB_TYPE: postgres
HOST: postgres16-postgresql.database-service.svc.cluster.local
NAME: gitea-service-gitea-postgres16
USER: gitea-service-gitea-postgres16
HOST: postgres-postgresql.database-service.svc.cluster.local
NAME: gitea-service-gitea-postgres
USER: gitea-service-gitea-postgres
APP_NAME: Bad Houseplants Gitea
ui:
meta:
@ -97,18 +101,6 @@ gitea:
ADAPTER: redis
queue:
TYPE: redis
mailer:
ENABLED: true
FROM: gitea@badhouseplants.net
PROTOCOL: smtp+startls
SMTP_ADDR: badhouseplants.net
SMTP_PORT: 587
USER: overlord@badhouseplants.net
indexer:
REPO_INDEXER_ENABLED: true
REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/**
service:
ssh:
type: ClusterIP
@ -120,22 +112,4 @@ service:
postgresql-ha:
enabled: false
redis-cluster:
enabled: false
extraDeploy:
- |
{{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ include "gitea.fullname" . }}-ssh
spec:
entryPoints:
- git-ssh
routes:
- match: HostSNI(`git.badhouseplants.net`)
services:
- name: "{{ include "gitea.fullname" . }}-ssh"
port: 22
nativeLB: true
{{- end }}
enabled: false

98
badhouseplants/values/values.istio-gateway-resources.yaml
View File

@ -1,98 +0,0 @@
certificate:
enabled: true
certificate:
- name: nrodionov-wildcard
secretName: nrodionov-wildcard-tls
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer
dnsNames:
- nrodionov.info
- "*.nrodionov.info"
- name: badhouseplants-wildcard
secretName: badhouseplants-wildcard-tls
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer
dnsNames:
- badhouseplants.net
- "*.badhouseplants.net"
istio-gateway:
enabled: true
gateways:
- name: badhouseplants-net
servers:
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: grpc-web
number: 8080
protocol: HTTPS
tls:
credentialName: badhouseplants-wildcard-tls
mode: SIMPLE
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: true
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: badhouseplants-wildcard-tls
mode: SIMPLE
- name: nrodionov-info
servers:
- hosts:
- nrodionov.info
- dev.nrodionov.info
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: true
- hosts:
- nrodionov.info
- dev.nrodionov.info
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: nrodionov-wildcard-tls
mode: SIMPLE
- name: badhouseplants-vpn
servers:
- hosts:
- '*'
port:
name: tcp
number: 1194
protocol: TCP
- name: badhouseplants-ssh
servers:
- hosts:
- '*'
port:
name: ssh
number: 22
protocol: TCP
- name: badhouseplants-minecraft
servers:
- hosts:
- '*'
port:
name: minecraft
number: 25565
protocol: TCP

14
badhouseplants/values/values.istio-ingressgateway.yaml
View File

@ -1,11 +1,7 @@
---
service:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: shadowsocks
port: 8388
protocol: TCP
targetPort: 8388
- name: minecraft
port: 25565
protocol: TCP
@ -18,10 +14,6 @@ service:
port: 80
protocol: TCP
targetPort: 80
- name: grpc-web
port: 8080
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
@ -30,6 +22,10 @@ service:
port: 1194
protocol: TCP
targetPort: 1194
- name: ovpn2
port: 1195
protocol: TCP
targetPort: 1195
# -----------
# -- Email
# -----------

2
badhouseplants/values/values.istiod.yaml
View File

@ -8,7 +8,7 @@ global:
proxy:
resources:
requests:
cpu: 20m
cpu: 100m
memory: 128Mi
limits:
memory: 128Mi

3
badhouseplants/values/values.local-path-provisioner.yaml
View File

@ -1,3 +0,0 @@
storageClass:
create: true
defaultClass: false

94
badhouseplants/values/values.loki.yaml
View File

@ -1,99 +1,11 @@
---
global:
dnsService: "coredns"
singleBinary:
replicas: 1
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: 'filesystem'
commonConfig:
replication_factor: 1
schemaConfig:
configs:
- from: 2024-04-01
store: tsdb
object_store: s3
schema: v13
index:
prefix: loki_index_
period: 24h
ingester:
chunk_encoding: snappy
tracing:
enabled: true
querier:
# Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing
max_concurrent: 2
compactor:
retention_enabled: true
limits_config:
retention_period: 14d
monitoring:
selfMonitoring:
enabled: false
lokiCanary:
enabled: false
#gateway:
# ingress:
# enabled: true
# hosts:
# - host: FIXME
# paths:
# - path: /
# pathType: Prefix
deploymentMode: SingleBinary
singleBinary:
persistence:
size: 5Gi
replicas: 1
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 0.5
memory: 512Mi
extraEnv:
# Keep a little bit lower than memory limits
- name: GOMEMLIMIT
value: 3750MiB
chunksCache:
# default is 500MB, with limited memory keep this smaller
writebackSizeLimit: 10MB
minio:
enabled: false
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0
retention_period: 2d

7
badhouseplants/values/values.longhorn.yaml
View File

@ -1,14 +1,13 @@
defaultSettings:
backupTarget: s3://longhorn@us-east1/backupstore
backupTarget: s3://longhorn@us-east1/backupstore
backupTargetCredentialSecret: aws-secret
guaranteedEngineManagerCPU: 6
guaranteedReplicaManagerCPU: 6
storageOverProvisioningPercentage: 300
storageMinimalAvailablePercentage: 5
storageReservedPercentageForDefaultDisk: 1
defaultDataPath: /media/longhorn
defaultDataPath: /media-longhorn
csi:
kubeletRootDir: /var/lib/kubelet/
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
persistence:
defaultClassReplicaCount: 1
enablePSP: false

182
badhouseplants/values/values.mailu.yaml
View File

@ -1,64 +1,81 @@
---
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
certificate:
enabled: true
name: mailu-postgres16
instance: postgres16
extraDatabase:
enabled: true
name: roundcube-postgres16
instance: postgres16
certificate:
- name: mailu
secretName: mailu-certificate
issuer:
kind: ClusterIssuer
name: badhouseplants-issuer
dnsNames:
- badhouseplants.net
- "email.badhouseplants.net"
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
traefik:
istio:
enabled: true
tcpRoutes:
- name: mailu-smtp
istio:
- name: mailu-web
kind: http
gateway: badhouseplants-net
hostname: email.badhouseplants.net
service: mailu-front
match: HostSNI(`*`)
entrypoint: smtp
port: 25
- name: mailu-smtps
match: HostSNI(`*`)
service: mailu-front
entrypoint: smtps
port: 465
- name: mailu-smpt-startls
match: HostSNI(`*`)
service: mailu-front
entrypoint: smtp-startls
port: 587
- name: mailu-imap
match: HostSNI(`*`)
service: mailu-front
entrypoint: imap
port: 143
- name: mailu-imaps
match: HostSNI(`*`)
service: mailu-front
entrypoint: imaps
port: 993
- name: mailu-pop3
match: HostSNI(`*`)
service: mailu-front
entrypoint: pop3
port: 110
- name: mailu-pop3s
match: HostSNI(`*`)
service: mailu-front
entrypoint: pop3s
port: 993
subnet: 10.244.0.0/16
port: 80
# - name: mailu-smpt
# kind: tcp
# gateway: badhouseplants-mail
# service: mailu-front
# hostname: email.badhousplants.net
# port_match: 25
# port: 25
# - name: mailu-smpts
# kind: tcp
# gateway: badhouseplants-mail
# port_match: 465
# hostname: email.badhousplants.net
# service: mailu-front
# port: 465
# - name: mailu-smpt-startls
# kind: tcp
# gateway: badhouseplants-mail
# hostname: email.badhousplants.net
# port_match: 587
# service: mailu-front
# port: 587
# - name: mailu-imap
# kind: tcp
# hostname: email.badhousplants.net
# gateway: badhouseplants-mail
# port_match: 143
# service: mailu-front
# port: 143
# - name: mailu-imaps
# kind: tcp
# gateway: badhouseplants-mail
# hostname: email.badhousplants.net
# port_match: 993
# service: mailu-front
# port: 993
# - name: mailu-pop3
# kind: tcp
# gateway: badhouseplants-mail
# port_match: 110
# hostname: email.badhousplants.net
# service: mailu-front
# port: 110
# - name: mailu-pop3s
# kind: tcp
# gateway: badhouseplants-mail
# port_match: 993
# hostname: email.badhousplants.net
# service: mailu-front
# port: 993
subnet: 10.1.0.0/16
sessionCookieSecure: true
hostnames:
- badhouseplants.net
- email.badhouseplants.net
- post.badhouseplants.net
domain: badhouseplants.net
persistence:
single_pvc: false
@ -68,20 +85,11 @@ limits:
tls:
outboundLevel: secure
ingress:
enabled: true
ingressClassName: traefik
tls: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
enabled: false
tls: false
tlsFlavorOverride: mail
realIpFrom: traefik.kube-system.svc.cluster.local
realIpHeader: "X-Real-IP"
front:
hostPort:
enabled: false
selfSigned: false
existingSecret: mailu-certificate
admin:
resources:
requests:
@ -99,10 +107,9 @@ redis:
cpu: 70m
limits:
memory: 200Mi
cpu: 200m
master:
persistence:
enabled: false
cpu: 200m
persistence:
size: 1Gi
postfix:
resources:
requests:
@ -110,7 +117,7 @@ postfix:
cpu: 200m
limits:
memory: 1024Mi
cpu: 200m
cpu: 200m
persistence:
size: 1Gi
dovecot:
@ -121,7 +128,7 @@ dovecot:
cpu: 70m
limits:
memory: 400Mi
cpu: 300m
cpu: 300m
persistence:
size: 1Gi
roundcube:
@ -131,24 +138,26 @@ roundcube:
cpu: 70m
limits:
memory: 200Mi
cpu: 200m
cpu: 200m
persistence:
size: 1Gi
mysql:
enabled: false
postgresql:
enabled: false
## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically.
externalDatabase:
## @param externalDatabase.enabled Set to true to use an external database
enabled: true
type: postgresql
existingSecret: mailu-postgres16-creds
existingSecretDatabaseKey: POSTGRES_DB
existingSecretUsernameKey: POSTGRES_USER
existingSecretPasswordKey: POSTGRES_PASSWORD
host: postgres16-postgresql.database-service.svc.cluster.local
port: 5432
auth:
enablePostgresUser: true
username: mailu
database: mailu
persistence:
enabled: false
storageClass: ""
accessMode: ReadWriteOnce
size: 2Gi
front:
logLevel: DEBUG
hostPort:
enabled: true
rspamd:
resources:
requests:
@ -157,7 +166,7 @@ rspamd:
limits:
memory: 500Mi
cpu: 400m
startupProbe:
startupProbe:
periodSeconds: 30
failureThreshold: 900
timeoutSeconds: 20
@ -170,10 +179,3 @@ webmail:
accessModes: [ReadWriteOnce]
claimNameOverride: ""
annotations: {}
global:
database:
roundcube:
database: applications-roundcube-postgres16
username: applications-roundcube-postgres16
existingSecret: roundcube-postgres16-creds
existingSecretPasswordKey: POSTGRES_PASSWORD

5
badhouseplants/values/values.metallb-resources.yaml
View File

@ -1,5 +0,0 @@
metallb:
enabled: true
ippools:
- name: fuji
addresses: 195.201.249.91-195.201.249.91

115
badhouseplants/values/values.minecraft.yaml Normal file
View File

@ -0,0 +1,115 @@
---
# --------------------------------------------------
# -- Extensions values
# --------------------------------------------------
service-account:
enabled: true
resources:
- name: minecraft-exporter
label:
app: minecraft-minecraft-metrics
endpoints:
port: metrics
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: minecraft-tcp
gateway: badhouseplants-minecraft
kind: tcp
port_match: 25565
hostname: "*"
service: minecraft-minecraft
port: 25565
# --------------------------------------------------
# -- Main values
# --------------------------------------------------
image:
tag: java17-graalvm-ce
pullPolicy: Always
resources:
requests:
memory: 512Mi
cpu: 50m
limits:
memory: 3Gi
lifecycle:
postStart:
- bash
- -c
- for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345
readinessProbe:
command:
- mc-health
periodSeconds: 20
failureThreshold: 50
timeoutSeconds: 10
livenessProbe:
timeoutSeconds: 10
minecraftServer:
eula: "TRUE"
onlineMode: false
difficulty: hard
hardcore: true
version: 1.20.1
maxWorldSize: 90000
type: "PAPER"
paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar
gameMode: survival
pvp: true
memory: 2512M
extraPorts:
- name: metrics
containerPort: 9225
protocol: TCP
service:
enabled: true
embedded: false
labels:
exporter: minecraft
type: ClusterIP
port: 9925
ingress:
enabled: false
persistence:
dataDir:
enabled: true
Size: 15Gi
initContainers:
- name: install-prometheus-exporter
image: alpine/curl
command:
- curl
- -L
- "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar"
- -o
- /data/plugins/prometheus-exporter.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
- name: install-password-plugin
image: alpine/curl
command:
- curl
- -L
- "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar"
- -o
- /data/plugins/PasswordProtect.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
extraVolumes:
- volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
volumes:
- name: plugins
emptyDir:
sizeLimit: 500Mi

42
badhouseplants/values/values.minio.yaml
View File

@ -7,51 +7,18 @@ istio:
enabled: true
istio:
- name: minio-http
gateway: istio-system/badhouseplants-net
gateway: badhouseplants-net
kind: http
hostname: minio.badhouseplants.net
service: minio-console
port: 9001
- name: s3-http
gateway: istio-system/badhouseplants-net
gateway: badhouseplants-net
kind: http
hostname: s3.badhouseplants.net
service: minio
port: 9000
ingress:
enabled: true
ingressClassName: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
path: /
hosts:
- s3.badhouseplants.net
tls:
- secretName: s3-tls-secret
hosts:
- s3.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
path: /
hosts:
- minio.badhouseplants.net
tls:
- secretName: minio-tls-secret
hosts:
- minio.badhouseplants.net
rootUser: 'overlord'
replicas: 1
mode: standalone
@ -97,6 +64,11 @@ buckets:
- name: allanger-music
policy: download
purge: false
versioning: false
- name: badhouseplants-brew
policy: download
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false

1
badhouseplants/values/values.mysql.yaml
View File

@ -4,3 +4,4 @@ primary:
auth:
createDatabase: false

34
badhouseplants/values/values.namespaces.yaml
View File

@ -1,23 +1,11 @@
namespaces:
- name: longhorn-system
- name: minio-service
- name: argo-system
- name: nrodionov-application
- name: minecraft-application
annotations:
badohouseplants.net/git-repo: |
https://git.badhouseplants.net/badhouseplants/minecraft-helmfile
badhouseplants.net/ci: |
https://ci.badhouseplants.net/repos/15
- name: gitea-service
- name: funkwhale-application
- name: database-service
- name: mail-service
- name: vaultwarden-application
- name: woodpecker-ci
- name: openvpn-service
- name: badhouseplants-main
labels:
istio-injection: enabled
- name: badhouseplants-preview
- name: kube-services
---
ns:
- name: monitoring-system
templates:
- |
{{ range .Values.ns }}
apiVersion: v1
kind: Namespace
metadata:
name: {{ .name }}
{{ end }}

17
badhouseplants/values/values.nrodionov.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: nrodionov-http
gateway: istio-system/nrodionov-info
gateway: nrodionov-info
kind: http
hostname: dev.nrodionov.info
service: nrodionov-wordpress
@ -17,20 +17,7 @@ ext-database:
enabled: true
name: nrodionov-mysql
instance: mysql
ingress:
enabled: true
pathType: ImplementationSpecific
hostname: dev.nrodionov.info
path: /
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls: true
tlsWwwPrefix: false
selfSigned: false
wordpressBlogName: Николай Николаевич Родионов
wordpressUsername: admin
wordpressFirstName: Nikolai

46
badhouseplants/values/values.openvpn-xor.yaml
View File

@ -1,46 +0,0 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
# istio:
# enabled: true
# istio:
# - name: openvpn-tcp-xor
# gateway: istio-system/badhouseplants-vpn
# kind: tcp
# port_match: 1194
# hostname: "*"
# service: openvpn-xor
# port: 1194
# ------------------------------------------
traefik:
enabled: true
tcpRoutes:
- name: openvpn-xor
service: openvpn-xor
match: HostSNI(`*`)
entrypoint: openvpn
port: 1194
storage:
class: longhorn
size: 512Mi
openvpn:
proto: tcp
host: 195.201.249.91
easyrsa:
cn: Bad Houseplants
country: Germany
province: NRW
city: Duesseldorf
org: Bad Houseplants
email: allanger@zohomail.com
service:
type: ClusterIP
port: 1194
targetPort: 1194
protocol: TCP

24
badhouseplants/values/values.openvpn.yaml Normal file
View File

@ -0,0 +1,24 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: openvpn-tcp
gateway: badhouseplants-vpn
kind: tcp
port_match: 1195
hostname: "*"
service: openvpn
port: 1194
storageClassName: longhorn
openvpn:
server: "tcp://195.201.250.50:1195"
service:
type: ClusterIP
port: 1194
targetPort: 1194
protocol: TCP

27
badhouseplants/values/values.postgres16.yaml
View File

@ -1,27 +0,0 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false
primary:
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

8
badhouseplants/values/values.prometheus.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: grafana-https
gateway: istio-system/badhouseplants-net
gateway: badhouseplants-net
kind: http
hostname: "grafana.badhouseplants.net"
service: prometheus-grafana
@ -64,8 +64,7 @@ defaultRules:
prometheus:
prometheusSpec:
enableAdminAPI: true
retentionSize: 7GB
retention: 20d
retentionSize: 10GB
podMonitorNamespaceSelector:
any: true
podMonitorSelector: {}
@ -84,10 +83,9 @@ prometheus:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 12Gi
storage: 10Gi
grafana:
assertNoLeakedSecrets: false
persistence:
enabled: true
size: 2Gi

6
badhouseplants/values/values.promtail.yaml
View File

@ -3,9 +3,3 @@ config:
clients:
# - url: http://loki.monitoring-system:3100
- url: http://loki-gateway/loki/api/v1/push
snippets:
pipelineStages:
- match:
pipeline_name: "drop-all"
selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}'
action: drop

6
badhouseplants/values/values.redis.yaml
View File

@ -1,11 +1,7 @@
metrics:
enabled: false
secretAnnotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application"
architecture: standalone
master:
persistence:
enabled: false
enabled: false

9
badhouseplants/values/values.roles.yaml
View File

@ -1,9 +0,0 @@
roles:
- name: minecraft-admin
namespace: minecraft-application
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["minecraft-application"]

55
badhouseplants/values/values.tandoor.yaml
View File

@ -1,55 +0,0 @@
istio:
enabled: true
istio:
- name: tandoor-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: tandoor.badhouseplants.net
service: tandoor
port: 8080
ext-database:
enabled: true
name: tandoor-postgres16
instance: postgres16
credentials:
POSTGRES_HOST: |-
"{{ .Hostname }}"
POSTGRES_PORT: |-
"{{ .Port }}"
envFrom:
- secretRef:
name: tandoor-postgres16-creds
env:
TZ: UTC
DB_ENGINE: django.db.backends.postgresql
EMAIL_HOST: badhouseplants.net
EMAIL_PORT: 587
EMAIL_HOST_USER: overlord@badhouseplants.net
EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g
EMAIL_USE_TLS: 1
EMAIL_USE_SSL: 0
DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net
persistence:
config:
enabled: true
retain: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 1Gi
media:
enabled: true
mountPath: /opt/recipes/mediafiles
retain: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 1Gi
static:
enabled: true
type: emptyDir
mountPath: /opt/recipes/staticfiles
django-js-reverse:
enabled: true
type: emptyDir
mountPath: /opt/recipes/cookbook/static/django_js_reverse

78
badhouseplants/values/values.traefik.yaml
View File

@ -1,78 +0,0 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
service:
spec:
externalTrafficPolicy: Local
ports:
git-ssh:
port: 22
expose:
default: true
exposedPort: 22
protocol: TCP
openvpn:
port: 1194
expose:
default: true
exposedPort: 1194
protocol: TCP
valve-server:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: UDP
valve-rcon:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: TCP
smtp:
port: 25
protocol: TCP
exposedPort: 25
expose:
default: true
smtps:
port: 465
protocol: TCP
exposedPort: 465
expose:
default: true
smtp-startls:
port: 587
protocol: TCP
exposedPort: 587
expose:
default: true
imap:
port: 143
protocol: TCP
exposedPort: 143
expose:
default: true
imaps:
port: 993
protocol: TCP
exposedPort: 993
expose:
default: true
pop3:
port: 110
protocol: TCP
exposedPort: 110
expose:
default: true
pop3s:
port: 995
protocol: TCP
exposedPort: 995
expose:
default: true
minecraft:
port: 25565
protocol: TCP
exposedPort: 25565
expose:
default: true

80
badhouseplants/values/values.vaultwarden.yaml
View File

@ -1,80 +0,0 @@
---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: vaultwarden-http
kind: http
gateway: istio-system/badhouseplants-net
hostname: vault.badhouseplants.net
service: vaultwarden
port: 8080
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: vaultwarden-postgres16
instance: postgres16
service:
port: 8080
vaultwarden:
smtp:
host: badhouseplants.net
security: "starttls"
port: 587
from: vaultwarden@badhouseplants.net
fromName: Vault Warden
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
domain: https://vault.badhouseplants.net
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
rocket:
port: "8080"
workers: "10"
webVaultEnabled: "true"
signupsAllowed: false
invitationsAllowed: true
signupDomains: "https://vault.badhouseplants.com"
signupsVerify: "true"
showPassHint: "false"
database:
existingSecret: vaultwarden-postgres16-creds
existingSecretKey: CONNECTION_STRING
connectionRetries: 15
maxConnections: 10
storage:
enabled: true
size: 1Gi
class: longhorn
dataDir: /data
logging:
enabled: false
logfile: "/data/vaultwarden.log"
loglevel: "warn"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vault.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vault-tls-secret
hosts:
- vault.badhouseplants.net

58
badhouseplants/values/values.vaultwardentest.yaml
View File

@ -1,58 +0,0 @@
service:
port: 8080
vaultwarden:
smtp:
host: mail.badhouseplants.net
security: "starttls"
port: 587
from: vaulttest@badhouseplants.net
fromName: Vault Warden
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
domain: https://vaulttest.badhouseplants.net
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
rocket:
port: "8080"
workers: "10"
webVaultEnabled: "true"
signupsAllowed: true
invitationsAllowed: true
signupDomains: "https://vaulttest.badhouseplants.net"
signupsVerify: false
showPassHint: true
# database:
# existingSecret: vaultwarden-postgres16-creds
# existingSecretKey: CONNECTION_STRING
# connectionRetries: 15
# maxConnections: 10
storage:
enabled: true
size: 512Mi
class: longhorn
dataDir: /data
logging:
enabled: false
logfile: "/data/vaultwarden.log"
loglevel: "warn"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vaulttest.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vault-tls-secret
hosts:
- vaulttest.badhouseplants.net

71
badhouseplants/values/values.woodpecker-ci.yaml
View File

@ -1,71 +0,0 @@
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: woodpecker-server-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: ci.badhouseplants.net
service: woodpecker-ci-server
port: 80
ext-database:
enabled: true
name: woodpecker-postgres16
instance: postgres16
credentials:
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
server:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: ci.badhouseplants.net
paths:
- path: /
tls:
- secretName: woodpecker-tls-secret
hosts:
- ci.badhouseplants.net
#image:
# registry: git.badhouseplants.net
# repository: allanger/woodpecker-server
# pullPolicy: Always
# tag: icon
enabled: true
env:
WOODPECKER_GITEA: true
WOODPECKER_GITEA_URL: https://git.badhouseplants.net
WOODPECKER_DATABASE_DRIVER: postgres
WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634
WOODPECKER_OPEN: true
WOODPECKER_ADMIN: "woodpecker,allanger"
WOODPECKER_HOST: "https://ci.badhouseplants.net"
WOODPECKER_ESCALATE: true
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
extraSecretNamesForEnvFrom:
- woodpecker-postgres16-creds
agent:
#image:
# registry: git.badhouseplants.net
# repository: allanger/woodpecker-agent
# pullPolicy: Always
# tag: dev
enabled: true
extraSecretNamesForEnvFrom: []
env:
WOODPECKER_SERVER: woodpecker-ci-server:9000
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
serviceAccount:
create: true
rbac:
create: true

47
badhouseplants/values/values.zot.yaml
View File

@ -1,47 +0,0 @@
ingress:
enabled: true
className: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: ImplementationSpecific
hosts:
- host: registry.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot-secret-tls
hosts:
- registry.badhouseplants.net
strategy:
type: Recreate
service:
type: ClusterIP
persistence: true
pvc:
create: true
accessMode: "ReadWriteOnce"
storage: 5Gi
storageClassName: longhorn
mountConfig: true
mountSecret: true
#configFiles:
# ui.json: |-
# {
# "log": {
# "level": "info"
# },
# "extensions": {
# "search": {
# "cve": {
# "updateInterval": "2h"
# }
# },
# "ui": {
# "enable": true
# }
# }
# }

23
charts/namespaces/chart/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
charts/namespaces/chart/Chart.yaml
View File

@ -1,24 +0,0 @@
apiVersion: v2
name: namespaces
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

43
charts/namespaces/chart/templates/_helpers.tpl
View File

@ -1,43 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "namespaces.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "namespaces.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "namespaces.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "namespaces.labels" -}}
helm.sh/chart: {{ include "namespaces.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

19
charts/namespaces/chart/templates/namespaces.yaml
View File

@ -1,19 +0,0 @@
{{- if .Values.namespaces }}
{{- range $ns := .Values.namespaces }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ $ns.name }}
labels:
{{- include "namespaces.labels" $ | nindent 4 }}
{{- with $ns.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/resource-policy": keep
{{- with $ns.annotations}}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

20
charts/namespaces/chart/values.yaml
View File

@ -1,20 +0,0 @@
namespaces:
- name: giantswarm-flux
labels:
name: giantswarm-flux
- name: giantswarm
labels:
name: giantswarm
- name: monitoring
labels:
name: monitoring
- name: org-giantswarm
labels:
name: org-giantswarm
- name: flux-system
labels:
name: flux-system
- name: flux-giantswarm
labels:
name: flux-giantswarm
- name: policy-exception

6
charts/namespaces/kustomize/flux-system.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

6
charts/namespaces/kustomize/giantswarm-flux.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

6
charts/namespaces/kustomize/giantswarm.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

5
charts/namespaces/kustomize/kustomization.yaml
View File

@ -1,5 +0,0 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

6
charts/namespaces/kustomize/monitoring.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

6
charts/namespaces/kustomize/org-giantswarm.yml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

23
charts/roles/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/roles/Chart.yaml
View File

@ -1,6 +0,0 @@
apiVersion: v2
name: roles
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

43
charts/roles/templates/_helpers.tpl
View File

@ -1,43 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "roles.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "roles.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "roles.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "roles.labels" -}}
helm.sh/chart: {{ include "roles.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

23
charts/roles/templates/namespaces.yaml
View File

@ -1,23 +0,0 @@
{{- if .Values.roles }}
{{- range $roles := .Values.roles }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $roles.kind }}
metadata:
name: {{ $roles.name }}
namespace: {{ $roles.namespace }}
labels:
{{- include "roles.labels" $ | nindent 4 }}
{{- with $roles.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $roles.annotations}}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
{{- with $roles.rules }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

9
charts/roles/values.yaml
View File

@ -1,9 +0,0 @@
roles:
- name: minecraft-admin
namespace: minecraft-application
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["minecraft-application"]

23
charts/root/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/root/Chart.yaml
View File

@ -1,6 +0,0 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

62
charts/root/templates/_helpers.tpl
View File

@ -1,62 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

25
charts/root/templates/root.yaml
View File

@ -1,25 +0,0 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

25
charts/root/templates/self.yaml
View File

@ -1,25 +0,0 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml
View File

@ -1,5 +0,0 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

36
common/values.database.yaml
View File

@ -10,41 +10,7 @@ ext-database:
spec:
secretName: "{{ .Values.name }}-creds"
instance: "{{ .Values.instance }}"
deletionProtected: true
deletionProtected: false
backup:
enable: false
cron: 0 0 * * *
{{- if .Values.credentials }}
credentials:
templates:
{{- range $key, $value := .Values.credentials }}
- name: {{ $key }}
template: {{ $value }}
secret: true
{{- end }}
{{- end }}
- |
{{- if (.Values.extraDatabase).enabled }}
---
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
name: "{{ .Values.extraDatabase.name }}"
spec:
secretName: "{{ .Values.extraDatabase.name }}-creds"
instance: "{{ .Values.extraDatabase.instance }}"
deletionProtected: true
backup:
enable: false
cron: 0 0 * * *
{{- if .Values.extraDatabase.credentials }}
credentials:
templates:
{{- range $key, $value := .Values.extraDatabase.credentials }}
- name: {{ $key }}
template: {{ $value }}
secret: true
{{- end }}
{{- end }}
{{- end }}

16
common/values.istio-gateway.yaml
View File

@ -1,16 +0,0 @@
---
istio-gateway:
templates:
- |
{{ range .Values.gateways }}
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: {{ .name }}
spec:
selector:
istio: ingressgateway
servers:
{{ toYaml .servers | indent 4 }}
{{ end }}

2
common/values.istio.yaml
View File

@ -10,7 +10,7 @@ istio:
name: {{ .name }}
spec:
gateways:
- "{{ .gateway }}"
- "istio-system/{{ .gateway }}"
hosts:
- {{ .hostname | quote }}
{{- if eq .kind "http" }}

14
common/values.metallb.yaml
View File

@ -1,14 +0,0 @@
---
metallb:
templates:
- |
{{ range .Values.ippools }}
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ .name }}
spec:
addresses:
- {{ .addresses }}
{{ end }}

20
common/values.tcp-route.yaml
View File

@ -1,20 +0,0 @@
---
traefik:
templates:
- |
{{ range .Values.tcpRoutes }}
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ .name }}
spec:
entryPoints:
- {{ .entrypoint }}
routes:
- match: {{ .match }}
services:
- name: {{ .service }}
nativeLB: true
port: {{ .port }}
{{- end }}

13
common/values.tcproute.yaml
View File

@ -1,13 +0,0 @@
---
tcproute:
templates:
- |
---
{{ range .Values.routes }}
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ printf "%s-%s" .Release.Name .name }}
spec:
{{ tpl (.routes | toYaml | indent 2 | toString) $ }}
{{ end }}

27
crd.yaml
View File

@ -1,27 +0,0 @@
templates:
# ---------------------------
# -- Hooks
# ---------------------------
crd-management-hook:
hooks:
- events: ["preapply"]
showlogs: true
command: "sh"
args:
- -c
- |
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|| true
- events: ["prepare"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
- events: ["postuninstall"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"

27
etersoft/helmfile.yaml
View File

@ -1,27 +0,0 @@
---
{{ readFile "../releases.yaml" }}
releases:
- <<: *openvpn
installed: true
namespace: openvpn-service
createNamespace: false
- <<: *istio-base
installed: true
namespace: istio-system
createNamespace: false
- <<: *istio-gateway
installed: true
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: true
namespace: istio-system
createNamespace: false
bases:
- ../environments.yaml
- ../repositories.yaml

22
etersoft/values/secrets.drone-runner-docker.yaml Normal file
View File

@ -0,0 +1,22 @@
env:
DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5
Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi
aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ
em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh
DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-21T09:27:21Z"
mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

50
etersoft/values/secrets.minio.yaml
View File

@ -1,21 +1,21 @@
rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str]
rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str]
secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str]
policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str]
- accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str]
secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str]
policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str]
#ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment]
#ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment]
#ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment]
#ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment]
#ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment]
#ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment]
#ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment]
#ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment]
#ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment]
#ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment]
- accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str]
secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str]
policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str]
- accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str]
secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str]
policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool]
configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str]
clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str]
clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str]
claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str]
redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str]
comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str]
sops:
kms: []
gcp_kms: []
@ -25,14 +25,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6
MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U
SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX
ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg
mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz
QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I
R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa
UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6
vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-04T08:44:29Z"
mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str]
lastmodified: "2023-03-26T11:56:18Z"
mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.7.3

24
etersoft/values/secrets.postgres16.yaml
View File

@ -1,24 +0,0 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-04T02:27:48Z"
mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

16
etersoft/values/values.drone-runner-docker.yaml Normal file
View File

@ -0,0 +1,16 @@
---
env:
DRONE_RPC_HOST: drone.badhouseplants.net
DRONE_RPC_PROTO: https
DRONE_NAMESPACE_DEFAULT: drone-service
rbac:
buildNamespaces:
- drone-service
dind:
resources:
limits:
cpu: 2000m
memory: 2024Mi
requests:
cpu: 100m
memory: 512Mi

13
etersoft/values/values.longhorn.yaml
View File

@ -1,13 +0,0 @@
defaultSettings:
backupTarget: s3://longhorn@us-east1/backupstore
backupTargetCredentialSecret: aws-secret
guaranteedEngineManagerCPU: 6
guaranteedReplicaManagerCPU: 6
storageOverProvisioningPercentage: 300
storageMinimalAvailablePercentage: 5
defaultDataPath: /media-longhorn
csi:
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
persistence:
defaultClassReplicaCount: 1
enablePSP: false

5
etersoft/values/values.metallb-resources.yaml
View File

@ -1,5 +0,0 @@
metallb:
enabled: true
ippools:
- name: etersoft
addresses: 91.232.225.63-91.232.225.63

26
etersoft/values/values.minio.yaml
View File

@ -18,16 +18,6 @@ istio:
hostname: s3.e.badhouseplants.net
service: minio
port: 9000
image:
repository: quay.io/minio/minio
tag: RELEASE.2024-01-11T07-46-16Z-cpuv1
pullPolicy: IfNotPresent
mcImage:
repository: quay.io/minio/mc
tag: RELEASE.2024-01-11T05-49-32Z-cpuv1
pullPolicy: IfNotPresent
rootUser: 'overlord'
replicas: 1
mode: standalone
@ -81,10 +71,6 @@ policies:
- resources:
- 'arn:aws:s3:::longhorn/*'
- 'arn:aws:s3:::longhorn'
- 'arn:aws:s3:::restic/*'
- 'arn:aws:s3:::restic'
- 'arn:aws:s3:::etcd/*'
- 'arn:aws:s3:::etcd'
actions:
- "s3:DeleteObject"
- "s3:GetObject"
@ -95,18 +81,6 @@ buckets:
policy: none
purge: false
versioning: false
- name: velero-test
policy: none
purge: false
versioning: false
- name: restic
policy: none
purge: false
versioning: false
- name: etcd
policy: none
versioning: false
purge: false
metrics:
serviceMonitor:
enabled: false

6
etersoft/values/values.openvpn.yaml
View File

@ -14,11 +14,7 @@ istio:
service: openvpn
port: 1194
image:
tag: v2.6.5-xor-4.0.0beta08
storage:
class: microk8s-hostpath
size: 5Gi
storageClassName: microk8s-hostpath
openvpn:
server: "tcp://91.232.225.63:1194"
service:

10
etersoft/values/values.postgres16.yaml
View File

@ -1,10 +0,0 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false

56
extensions.yaml
View File

@ -1,56 +0,0 @@
templates:
# ----------------------------
# -- Extensions
# ----------------------------
ext-istio-gateway:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio-gateway
values:
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
ext-istio-resource:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio
values:
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
ext-certificate:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: certificate
values:
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
ext-metallb:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: metallb
values:
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
service-monitor:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: service-monitor
values:
- '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
namespace:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ns
inherit:
- template: default-common-values
- template: default-env-values
ext-database:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'

38
helmfile.yaml
View File

@ -11,9 +11,24 @@ releases:
namespace: kube-system
createNamespace: false
- <<: *istio-base
installed: true
namespace: istio-system
createNamespace: false
- <<: *istio-gateway
installed: true
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: true
namespace: istio-system
createNamespace: false
- <<: *cert-manager
installed: true
namespace: kube-system
namespace: cert-manager
createNamespace: false
- <<: *minio
@ -21,20 +36,21 @@ releases:
namespace: minio-service
createNamespace: false
- <<: *openvpn
installed: true
namespace: openvpn-service
createNamespace: false
- <<: *metallb
installed: true
namespace: kube-system
namespace: metallb-system
createNamespace: true
- <<: *drone-runner-docker
installed: true
namespace: drone-service
createNamespace: false
- <<: *reflector
installed: true
namespace: kube-system
createNamespace: false
- <<: *metallb-resources
installed: true
namespace: kube-system
createNamespace: false
helmfiles:
- path: {{.Environment.Name }}/helmfile.yaml

235
helmule/helmule.yaml
View File

@ -1,235 +0,0 @@
charts:
- repository: metrics-server
name: metrics-server
mirrors:
- custom-commands
- repository: metallb
name: metallb
mirrors:
- custom-commands
- repository: bedag
name: raw
mirrors:
- custom-commands
- repository: jetstack
name: cert-manager
mirrors:
- custom-commands
- repository: longhorn
name: longhorn
mirrors:
- custom-commands
- repository: argo
name: argo-cd
mirrors:
- custom-commands
- repository: prometheus-community
name: kube-prometheus-stack
mirrors:
- custom-commands
- repository: grafana
name: loki
mirrors:
- custom-commands
- repository: grafana
name: promtail
mirrors:
- custom-commands
- repository: istio
name: base
mirrors:
- custom-commands
- repository: istio
name: gateway
mirrors:
- custom-commands
- repository: istio
name: istiod
mirrors:
- custom-commands
- repository: allanger-gitea
name: openvpn-xor
mirrors:
- custom-commands
- repository: allanger-gitea
name: openvpn
mirrors:
- custom-commands
- repository: drone
name: drone
mirrors:
- custom-commands
- repository: drone
name: drone-runner-docker
mirrors:
- custom-commands
- repository: woodpecker
name: woodpecker
mirrors:
- custom-commands
- repository: bitnami
name: wordpress
mirrors:
- custom-commands
- repository: minio
name: minio
mirrors:
- custom-commands
- repository: gitea
name: gitea
mirrors:
- custom-commands
- repository: ananace-charts
name: funkwhale
mirrors:
- custom-commands
- repository: bitwarden
name: vaultwarden
mirrors:
- custom-commands
- repository: bitnami
name: redis
mirrors:
- custom-commands
- repository: bitnami
name: postgresql
mirrors:
- custom-commands
- repository: db-operator
name: db-operator
mirrors:
- custom-commands
- repository: db-operator
name: db-instances
mirrors:
- custom-commands
- repository: bitnami
name: mysql
mirrors:
- custom-commands
- repository: allanger-gitea
name: docker-mailserver
mirrors:
- custom-commands
- repository: allanger-gitea
name: vaultwarden
mirrors:
- custom-commands
- repository: emberstack
name: reflector
mirrors:
- custom-commands
- repository: mailu
name: mailu
mirrors:
- custom-commands
- repository: gabe565
name: tandoor
mirrors:
- custom-commands
- repository: coredns
name: coredns
mirrors:
- custom-commands
- repository: cilium
name: cilium
mirrors:
- custom-commands
- repository: zot
name: zot
mirrors:
- custom-commands
mirrors:
- name: custom-commands
custom_command:
package:
- helm package -d package .
upload:
- helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants
- rm -rf ./package
repositories:
- name: metrics-server
helm:
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
helm:
url: https://charts.jetstack.io
- name: istio
helm:
url: https://istio-release.storage.googleapis.com/charts
- name: drone
helm:
url: https://charts.drone.io
- name: bitnami
helm:
url: https://charts.bitnami.com/bitnami
- name: minio
helm:
url: https://charts.min.io/
- name: longhorn
helm:
url: https://charts.longhorn.io
- name: gitea
helm:
url: https://dl.gitea.io/charts/
- name: ananace-charts
helm:
url: https://ananace.gitlab.io/charts
- name: argo
helm:
url: https://argoproj.github.io/argo-helm
- name: bedag
helm:
url: https://bedag.github.io/helm-charts/
- name: metallb
helm:
url: https://metallb.github.io/metallb
- name: prometheus-community
helm:
url: https://prometheus-community.github.io/helm-charts
- name: grafana
helm:
url: https://grafana.github.io/helm-charts
- name: bitwarden
helm:
url: https://constin.github.io/vaultwarden-helm/
- name: db-operator
helm:
url: https://db-operator.github.io/charts
- name: allanger-gitea
helm:
url: https://git.badhouseplants.net/api/packages/allanger/helm
- name: badhouseplants
helm:
url: https://badhouseplants.github.io/helm-charts/
- name: woodpecker
helm:
url: https://woodpecker-ci.org
- name: firefly-iii
helm:
url: https://firefly-iii.github.io/kubernetes/
- name: emberstack
helm:
url: https://emberstack.github.io/helm-charts
- name: gabe565
helm:
url: https://charts.gabe565.com
- name: mailu
helm:
url: https://mailu.github.io/helm-charts/
- name: coredns
helm:
url: https://coredns.github.io/helm
- name: cilium
helm:
url: https://helm.cilium.io/
- name: phybros-helm-charts
helm:
url: https://phybros.github.io/helm-charts
- name: nextcloud
helm:
url: https://nextcloud.github.io/helm/
- name: zot
helm:
url: https://zotregistry.dev/helm-charts/

2
manifests/badhouseplants-ip.yaml
View File

@ -7,4 +7,4 @@ metadata:
namespace: metallb-system
spec:
addresses:
- 195.201.249.91-195.201.249.91
- 195.201.250.50-195.201.250.50

81
manifests/debug/istio/httpbin.yaml
View File

@ -1,81 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
kubernetes.io/metadata.name: debug
name: debug
---
# httpbin.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: httpbin
namespace: debug
spec:
hosts:
- "httpbin.badhouseplants.net"
gateways:
- istio-system/badhouseplants-net
http:
- route:
- destination:
port:
number: 8000
host: httpbin
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpbin
namespace: debug
spec:
rules:
- host: "httpbin.badhouseplants.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpbin
port:
number: 8000
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
namespace: debug
labels:
app: httpbin
spec:
ports:
- name: http
port: 8000
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
namespace: debug
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
containers:
- image: docker.io/citizenstig/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 8000

Some files were not shown because too many files have changed in this diff Show More