Try invalid config

.woodpecker/.cdh.yml

@@ -0,0 +1,34 @@
+# ----------------------------------------------
+# -- Check da helm pipeline
+# ----------------------------------------------
+when:
+  - event: cron
+    cron: nightly
+steps:
+  check badhouseplants:
+    image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable
+    secrets:
+      - sops_age_key
+    environment:
+      RUST_LOG: info
+    commands:
+      - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html
+  notification:
+    image: deblan/woodpecker-email
+    settings:
+      from: woody@badhouseplants.net
+      host: badhouseplants.net
+      skip_verify: true
+      no_starttls: false
+      username:
+        from_secret: smtp_username
+      password:
+        from_secret: smtp_password
+      recipients:
+        - allanger@badhouseplants.net
+      subject: CDH result
+      target: main
+      recipients_only: true
+      attachment: result.html
+    when:
+      - status: [success, failure]

.woodpecker/.helmfile.yml

@@ -0,0 +1,29 @@
+when:
+  event: push
+matrix:
+  ENVIRONMENT:
+    - badhouseplants
+    - etersoft
+steps:
+  diff:
+    image: ghcr.io/helmfile/helmfile:canary
+    secrets: [sops_age_key, kubeconfig_content]
+    when:
+      - branch:
+          exclude:
+            - main
+    commands:
+      - mkdir $HOME/.kube
+      - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
+    - helmfile -e $ENVIRONMENT diff --suppress-secrets
+  apply:
+    image: ghcr.io/helmfile/helmfile:canary
+    secrets: [sops_age_key, kubeconfig_content]
+    when:
+      - branch:
+          include:
+            - main
+    commands:
+      - mkdir $HOME/.kube
+      - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
+      - helmfile -e $ENVIRONMENT apply

badhouseplants/helmfile.yaml

@@ -48,17 +48,17 @@ releases:
     createNamespace: true
 
   - <<: *loki
-    installed: false
+    installed: true
     namespace: monitoring-system
     createNamespace: false
 
   - <<: *promtail
-    installed: false
+    installed: true
     namespace: monitoring-system
     createNamespace: false
 
   - <<: *bitwarden
-    installed: true
+    installed: false
     namespace: bitwarden-application
     createNamespace: true
 
@@ -83,7 +83,7 @@ releases:
     createNamespace: true
 
   - <<: *mysql
-    installed: true
+    installed: false
     namespace: database-service
     createNamespace: true
 
@@ -95,7 +95,17 @@ releases:
   - <<: *istio-gateway-resources
     installed: true
     namespace: istio-system
-    createNamespace: false}
+    createNamespace: false
+
+  - <<: *vaultwarden
+    createNamespace: true
+    installed: true
+    namespace: vaultwarden-application
+
+  - <<: *woodpecker-ci
+    installed: true
+    namespace: woodpecker-ci
+    createNamespace: true
 
 bases:
   - ../environments.yaml

badhouseplants/values/secrets.vaultwarden.yaml

@@ -0,0 +1,27 @@
+vaultwarden:
+    smtp:
+        username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str]
+        password:
+            value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str]
+    adminToken:
+        value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo
+            WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3
+            dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a
+            U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT
+            HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-10-20T07:01:25Z"
+    mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

badhouseplants/values/secrets.woodpecker-agent.yaml

@@ -0,0 +1,23 @@
+env:
+    WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str]
+    WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1
+            RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz
+            ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0
+            SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY
+            870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-10-05T08:06:51Z"
+    mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.0

badhouseplants/values/secrets.woodpecker-ci.yaml

@@ -0,0 +1,27 @@
+server:
+    env:
+        WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str]
+        WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str]
+agent:
+    env:
+        WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5
+            QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn
+            bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4
+            WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8
+            ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-11-18T17:43:53Z"
+    mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

badhouseplants/values/values.db-instances.yaml

@@ -18,7 +18,7 @@ dbinstances:
       Namespace: database-service
     engine: postgres
     generic:
-      host: postgres16-postgresql
+      host: postgres16-postgresql.database-service.svc.cluster.local
       port: 5432
   mysql:
     monitoring:

badhouseplants/values/values.gitea.yaml

@@ -43,7 +43,7 @@ resources:
 
 persistence:
   enabled: true
-  size: 8Gi
+  size: 10Gi
   accessModes:
     - ReadWriteOnce
 
@@ -108,6 +108,11 @@ gitea:
       SMTP_ADDR: badhouseplants.net
       SMTP_PORT: 587
       USER: overlord@badhouseplants.net
+    indexer:
+      REPO_INDEXER_ENABLED: true
+      REPO_INDEXER_PATH: indexers/repos.bleve
+      MAX_FILE_SIZE: 1048576
+      REPO_INDEXER_EXCLUDE: resources/bin/**
 service:
   ssh:
     type: ClusterIP

badhouseplants/values/values.istio-gateway-resources.yaml

@@ -1,3 +1,22 @@
+certificate:
+  enabled: true
+  certificate: 
+    - name: nrodionov-wildcard
+      secretName: nrodionov-wildcard-tls
+      issuer:
+        kind: ClusterIssuer
+        name: badhouseplants-issuer
+      dnsNames:
+        - nrodionov.info
+        - "*.nrodionov.info"
+    - name: badhouseplants-wildcard
+      secretName: badhouseplants-wildcard-tls
+      issuer:
+        kind: ClusterIssuer
+        name: badhouseplants-issuer
+      dnsNames:
+        - badhouseplants.net
+        - "*.badhouseplants.net"
 istio-gateway:
   enabled: true
   gateways:
@@ -32,7 +51,7 @@ istio-gateway:
             number: 80
             protocol: HTTP2
           tls:
-            httpsRedirect: false
+            httpsRedirect: true
         - hosts:
           - nrodionov.info
           - dev.nrodionov.info

badhouseplants/values/values.loki.yaml

@@ -1,11 +1,22 @@
 ---
 singleBinary:
   replicas: 1
+  persistence:
+    size: 5Gi
 loki:
   auth_enabled: false
   commonConfig:
     replication_factor: 1
+  storage:
+    type: 'filesystem'
+monitoring:
+  selfMonitoring:
+    enabled: false
+  lokiCanary:
+    enabled: false
+test:
+  enabled: false
 compactor:
   retention_enabled: true
 limits_config:
-  retention_period: 2d
+  retention_period: 14d

badhouseplants/values/values.minio.yaml

@@ -64,11 +64,6 @@ buckets:
   - name: allanger-music
     policy: download
     purge: false
-    versioning: false
-  - name: badhouseplants-brew
-    policy: download
-    purge: false
-    versioning: false
 metrics:
   serviceMonitor:
     enabled: false

badhouseplants/values/values.prometheus.yaml

@@ -64,7 +64,8 @@ defaultRules:
 prometheus:
   prometheusSpec:
     enableAdminAPI: true
-    retentionSize: 10GB
+    retentionSize: 7GB
+    retention: 20d
     podMonitorNamespaceSelector:
       any: true
     podMonitorSelector: {}
@@ -83,7 +84,7 @@ prometheus:
           accessModes: ["ReadWriteOnce"]
           resources:
             requests:
-              storage: 10Gi
+              storage: 12Gi
 
 grafana:
   persistence:

badhouseplants/values/values.promtail.yaml

@@ -3,3 +3,9 @@ config:
   clients:
     #    - url: http://loki.monitoring-system:3100
     - url: http://loki-gateway/loki/api/v1/push
+  snippets:
+    pipelineStages:
+      - match:
+          pipeline_name: "drop-all"
+          selector: '{namespace!~"mail-service|woodpecker"}'
+          action: drop

badhouseplants/values/values.vaultwarden.yaml

@@ -0,0 +1,63 @@
+---
+# ------------------------------------------
+# -- Istio extenstion. Just because I'm
+# --  not using ingress nginx
+# ------------------------------------------
+istio:
+  enabled: true
+  istio:
+    - name: vaultwarden-http
+      kind: http
+      gateway: istio-system/badhouseplants-net
+      hostname: vault.badhouseplants.net
+      service: vaultwarden
+      port: 8080
+# ------------------------------------------
+# -- Database extension is used to manage
+# --  database with db-operator
+# ------------------------------------------
+ext-database:
+  enabled: true
+  name: vaultwarden-postgres16
+  instance: postgres16
+service: 
+  port: 8080
+vaultwarden:
+  smtp:
+    host: badhouseplants.net
+    security: "starttls"
+    port: 587
+    from: vaultwarden@badhouseplants.net
+    fromName: Vault Warden
+    authMechanism: "Plain"
+    acceptInvalidHostnames: "false"
+    acceptInvalidCerts: "false"
+    debug: false
+  domain: https://vault.badhouseplants.net
+  websocket:
+    enabled: true
+    address: "0.0.0.0"
+    port: 3012
+  rocket:
+    port: "8080"
+    workers: "10"
+  webVaultEnabled: "true"
+  signupsAllowed: false
+  invitationsAllowed: true
+  signupDomains: "https://vault.badhouseplants.com"
+  signupsVerify: "true"
+  showPassHint: "false"
+  database:
+    existingSecret: vaultwarden-postgres16-creds
+    existingSecretKey: CONNECTION_STRING
+    connectionRetries: 15
+    maxConnections: 10
+  storage:
+    enabled: false
+    size: 1Gi
+    class: default
+    dataDir: /data
+  logging:
+    enabled: false
+    logfile: "/data/vaultwarden.log"
+    loglevel: "warn"

badhouseplants/values/values.woodpecker-ci.yaml

@@ -0,0 +1,55 @@
+# ------------------------------------------
+# -- Istio extenstion. Just because I'm
+# --  not using ingress nginx
+# ------------------------------------------
+istio:
+  enabled: true
+  istio:
+    - name: woodpecker-server-http
+      gateway: istio-system/badhouseplants-net
+      kind: http
+      hostname: ci.badhouseplants.net
+      service: woodpecker-ci-server
+      port: 80
+ext-database:
+  enabled: true
+  name: woodpecker-postgres16
+  instance: postgres16
+  credentials:
+    WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
+server:
+  enabled: true
+  env:
+    WOODPECKER_GITEA: true
+    WOODPECKER_GITEA_URL: https://git.badhouseplants.net
+    WOODPECKER_DATABASE_DRIVER: postgres
+    WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634
+    WOODPECKER_OPEN: true
+    WOODPECKER_ADMIN: "woodpecker,allanger"
+    WOODPECKER_HOST: "https://ci.badhouseplants.net"
+    WOODPECKER_ESCALATE: true
+    WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
+    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
+  extraSecretNamesForEnvFrom: 
+    - woodpecker-postgres16-creds
+agent:
+  image:
+    # -- The image registry
+    registry: git.badhouseplants.net
+    # -- The image repository
+    repository: allanger/woodpecker-agent
+    # -- The pull policy for the image
+    pullPolicy: Always
+    # -- Overrides the image tag whose default is the chart appVersion.
+    tag: dev
+  enabled: true
+  extraSecretNamesForEnvFrom: []
+  env:
+    WOODPECKER_SERVER: woodpecker-ci-server:9000
+    WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
+    WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
+    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
+  serviceAccount:
+    create: true
+  rbac:
+    create: true

common/values.database.yaml

@@ -14,3 +14,12 @@ ext-database:
           backup:
             enable: false
             cron: 0 0 * * *
+          {{- if .Values.credentials }}
+          credentials:
+            templates:
+              {{- range $key, $value := .Values.credentials }}
+              - name: {{ $key }}
+                template: {{ $value }}
+                secret: true
+              {{- end }}
+          {{- end }}

etersoft/values/secrets.minio.yaml

@@ -9,8 +9,8 @@ users:
 oidc:
     enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool]
     configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str]
-    clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str]
-    clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str]
+    clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str]
+    clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str]
     claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str]
     redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str]
     comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str]
@@ -31,8 +31,8 @@ sops:
             UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6
             vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-03-26T11:56:18Z"
-    mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str]
+    lastmodified: "2023-11-04T19:00:41Z"
+    mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.1

etersoft/values/values.minio.yaml

@@ -73,6 +73,8 @@ policies:
         - 'arn:aws:s3:::longhorn'
         - 'arn:aws:s3:::restic/*'
         - 'arn:aws:s3:::restic'
+        - 'arn:aws:s3:::etcd/*'
+        - 'arn:aws:s3:::etcd'
       actions:
         - "s3:DeleteObject"
         - "s3:GetObject"
@@ -87,6 +89,10 @@ buckets:
     policy: none
     purge: false
     versioning: false
+  - name: etcd
+    policy: none
+    versioning: false
+    purge: false
 metrics:
   serviceMonitor:
     enabled: false

etersoft/values/values.openvpn.yaml

@@ -14,6 +14,8 @@ istio:
       service: openvpn
       port: 1194
 
+image:
+  tag: v2.6.5-xor-4.0.0beta08
 storage:
   class: microk8s-hostpath
   size: 5Gi

manifests/badhouseplants/namespace-creator-binding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: namespace-manager
+subjects:
+  - kind: User
+    name: badhousplants
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: namespace-manager
+  apiGroup: rbac.authorization.k8s.io

manifests/badhouseplants/namespace-creator-role.yaml

@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: namespace-manager
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "watch", "list", "create", "delete"]

releases.yaml

@@ -102,26 +102,26 @@ templates:
   metallb: &metallb
     name: metallb
     chart: metallb/metallb
-    version: 0.13.11
+    version: 0.13.12
 
   cert-manager: &cert-manager
     name: cert-manager
     chart: jetstack/cert-manager
-    version: 1.13.1
+    version: 1.13.3
     set:
       - name: installCRDs
         value: true
   longhorn: &longhorn
     name: longhorn
     chart: longhorn/longhorn
-    version: 1.5.1
+    version: 1.5.3
     inherit:
       - template: default-env-values
 
   argocd: &argocd
     name: argocd
     chart: argo/argo-cd
-    version: 5.46.8
+    version: 5.51.6
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -134,7 +134,7 @@ templates:
   prometheus: &prometheus
     name: prometheus
     chart: prometheus-community/kube-prometheus-stack
-    version: 51.6.1
+    version: 55.3.1
     inherit:
       - template: monitoring-common
       - template: default-env-values
@@ -145,7 +145,7 @@ templates:
   loki: &loki
     name: loki
     chart: grafana/loki
-    version: 5.29.0
+    version: 5.41.1
     inherit:
       - template: monitoring-common
       - template: default-env-values
@@ -153,7 +153,7 @@ templates:
   promtail: &promtail
     name: promtail
     chart: grafana/promtail
-    version: 6.15.2
+    version: 6.15.3
     inherit:
       - template: monitoring-common
       - template: default-env-values
@@ -163,7 +163,7 @@ templates:
   istio-common:
     labels:
       bundle: istio
-    version: 1.19.3
+    version: 1.20.1
 
   istio-base: &istio-base
     name: istio-base
@@ -185,6 +185,7 @@ templates:
     version: 2.0.0
     inherit:
       - template: ext-istio-gateway
+      - template: ext-certificate
       - template: default-env-values
 
   istiod: &istiod
@@ -200,7 +201,7 @@ templates:
   openvpn: &openvpn
     name: openvpn
     chart: allanger-gitea/openvpn
-    version: 1.0.6
+    version: 1.0.7
     inherit:
       - template: default-env-values
       - template: ext-istio-resource
@@ -223,16 +224,26 @@ templates:
   drone-runner-docker: &drone-runner-docker
     name: drone-runner-docker
     chart: drone/drone-runner-docker
-    version: 0.6.1
+    version: 0.6.2
     inherit:
       - template: default-env-values
       - template: default-env-secrets
       - template: drone-common
 
+  woodpecker-ci: &woodpecker-ci
+    name: woodpecker-ci
+    chart: woodpecker/woodpecker
+    version: 1.0.1
+    inherit:
+      - template: ext-database
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: ext-istio-resource
+
   nrodionov: &nrodionov
     name: nrodionov
     chart: bitnami/wordpress
-    version: 18.0.4
+    version: 18.1.24
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -251,7 +262,7 @@ templates:
   minecraft: &minecraft
     name: minecraft
     chart: minecraft-server-charts/minecraft
-    version: 4.11.0
+    version: 4.12.0
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -260,7 +271,7 @@ templates:
   gitea: &gitea
     name: gitea
     chart: gitea/gitea
-    version: 9.5.0
+    version: 9.6.1
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -270,23 +281,13 @@ templates:
   funkwhale: &funkwhale
     name: funkwhale
     chart: ananace-charts/funkwhale
-    version: 2.0.3
+    version: 2.0.5
     inherit:
       - template: default-env-values
       - template: default-env-secrets
       - template: ext-istio-resource
       - template: ext-database
 
-  mailu: &mailu
-    name: mailu
-    chart: mailu/mailu
-    version: 1.2.0
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
-      - template: ext-istio-resource
-      - template: ext-certificate
-
   bitwarden: &bitwarden
     name: bitwarden
     chart: bitwarden/vaultwarden
@@ -299,7 +300,7 @@ templates:
   redis: &redis
     name: redis
     chart: bitnami/redis
-    version: 18.1.5
+    version: 18.5.0
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -307,7 +308,7 @@ templates:
   postgres16: &postgres16
     name: postgres16
     chart: bitnami/postgresql
-    version: 13.1.4
+    version: 13.2.24
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -315,12 +316,12 @@ templates:
   db-operator: &db-operator
     name: db-operator
     chart: db-operator/db-operator
-    version: 1.11.1
+    version: 1.14.1
 
   db-instances: &db-instances
     name: db-instances
     chart: db-operator/db-instances
-    version: 1.4.2
+    version: 2.1.1
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -328,7 +329,7 @@ templates:
   mysql: &mysql
     name: mysql
     chart: bitnami/mysql
-    version: 9.12.5
+    version: 9.14.4
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -336,9 +337,18 @@ templates:
   docker-mailserver: &docker-mailserver
     name: docker-mailserver
     chart: allanger-gitea/docker-mailserver
-    version: 2.1.3
+    version: 2.2.0
     inherit:
       - template: default-env-values
       - template: ext-istio-gateway
       - template: ext-istio-resource
 
+  vaultwarden: &vaultwarden
+    name: vaultwarden
+    chart: badhouseplants/vaultwarden
+    version: 1.0.0
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: ext-istio-resource
+      - template: ext-database

repositories.yaml

@@ -36,3 +36,7 @@ repositories:
     url: https://db-operator.github.io/charts
   - name: allanger-gitea
     url: https://git.badhouseplants.net/api/packages/allanger/helm
+  - name: badhouseplants
+    url: https://badhouseplants.github.io/helm-charts/
+  - name: woodpecker
+    url: https://woodpecker-ci.org