WIP: Chenge openvpn port

.drone.yml

@@ -105,16 +105,4 @@ steps:
       SOPS_AGE_KEY:
         from_secret: SOPS_AGE_KEY
     commands:
-      - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl
+      - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o
-      - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl
-
-  - name: Send telegram notification
-    when:
-      status:
-        - failure
-    image: appleboy/drone-telegram
-    settings:
-      token:
-        from_secret: TELEGRAM_TOKEN
-      to: 131601077
-      message_file: message_file.tpl

Makefile

@@ -2,4 +2,3 @@ create_crb:
 	kubectl create clusterrolebinding drone-deployer-workaround \
 		--clusterrole=cluster-admin  \
   	--serviceaccount=drone-service:default
-

badhouseplants/helmfile.yaml

@@ -5,42 +5,37 @@ releases:
   - <<: *drone
     installed: true
     namespace: drone-service
-    createNamespace: true
+    createNamespace: false
-
+  
-  - <<: *drone-runner-docker
-    installed: true
-    namespace: drone-service
-    createNamespace: true
-
   - <<: *longhorn
-    installed: false
+    installed: true
     namespace: longhorn-system
-    createNamespace: true
+    createNamespace: false
 
   - <<: *argocd
     installed: true
     namespace: argo-system
-    createNamespace: true
+    createNamespace: false
 
   - <<: *nrodionov
     installed: true
     namespace: nrodionov-application
-    createNamespace: true
+    createNamespace: false
 
   - <<: *minecraft
     installed: true
     namespace: minecraft-application
-    createNamespace: true
+    createNamespace: false
 
   - <<: *gitea
     installed: true
     namespace: gitea-service
-    createNamespace: true
+    createNamespace: false
 
   - <<: *funkwhale
     installed: true
     namespace: funkwhale-application
-    createNamespace: true
+    createNamespace: false
 
   - <<: *prometheus
     installed: true
@@ -50,12 +45,12 @@ releases:
   - <<: *loki
     installed: false
     namespace: monitoring-system
-    createNamespace: true
+    createNamespace: false
 
   - <<: *promtail
     installed: false
     namespace: monitoring-system
-    createNamespace: true
+    createNamespace: false
 
   - <<: *bitwarden
     installed: true
@@ -67,7 +62,7 @@ releases:
     namespace: database-service
     createNamespace: true
 
-  - <<: *postgres16
+  - <<: *postgres
     installed: true
     namespace: database-service
     createNamespace: true
@@ -87,13 +82,10 @@ releases:
     namespace: database-service
     createNamespace: true
 
-  - <<: *docker-mailserver
-    installed: true
-    namespace: mail-service
-    createNamespace: true
-
 
 bases:
   - ../environments.yaml
   - ../repositories.yaml
 
+    #helmfiles:
+    #  - namespaces.yaml

badhouseplants/values/secrets.bitwarden.yaml

@@ -1,7 +1,5 @@
 env:
     ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str]
-smtp:
-    password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -17,8 +15,8 @@ sops:
             dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1
             amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-15T12:20:48Z"
+    lastmodified: "2023-07-16T18:40:43Z"
-    mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str]
+    mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.7.3

badhouseplants/values/secrets.db-instances.yaml

@@ -3,10 +3,6 @@ dbinstances:
         secrets:
             adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str]
             adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str]
-    postgres16:
-        secrets:
-            adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str]
-            adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str]
     mysql:
         secrets:
             adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str]
@@ -26,8 +22,8 @@ sops:
             Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
             OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-04T02:28:20Z"
+    lastmodified: "2023-07-30T15:07:28Z"
-    mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str]
+    mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.0
+    version: 3.7.3

badhouseplants/values/secrets.funkwhale.yaml

@@ -1,7 +1,7 @@
 djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str]
 postgresql:
     auth:
-        password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str]
+        password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str]
 redis:
     auth:
         password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str]
@@ -20,8 +20,8 @@ sops:
             dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA
             GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-04T18:47:37Z"
+    lastmodified: "2023-07-29T20:22:20Z"
-    mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str]
+    mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.0
+    version: 3.7.3

badhouseplants/values/secrets.gitea.yaml

@@ -4,9 +4,9 @@ gitea:
         password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str]
     config:
         mailer:
-            PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str]
+            ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool]
         database:
-            PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str]
+            PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str]
         session:
             PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str]
         cache:
@@ -33,8 +33,8 @@ sops:
             Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
             WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-15T09:58:05Z"
+    lastmodified: "2023-07-29T20:30:31Z"
-    mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str]
+    mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.7.3

badhouseplants/values/secrets.minecraft.yaml

@@ -1,28 +0,0 @@
-minecraftServer:
-    rcon:
-        password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str]
-mcbackup:
-    resticEnvs:
-        RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str]
-        AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str]
-        AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
-            MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
-            cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
-            MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
-            pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-15T15:32:19Z"
-    mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.7.3

badhouseplants/values/secrets.postgres16.yaml

@@ -1,24 +0,0 @@
-global:
-    postgresql:
-        auth:
-            postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
-            VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
-            bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
-            Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
-            OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-04T02:27:48Z"
-    mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.8.0

badhouseplants/values/values.argocd.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: argocd-http
-      gateway: istio-system/badhouseplants-net
+      gateway: badhouseplants-net
       kind: http
       hostname: argo.badhouseplants.net
       service: argocd-server

badhouseplants/values/values.bitwarden.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: bitwarden-http
-      gateway: istio-system/badhouseplants-net
+      gateway: badhouseplants-net
       kind: http
       hostname: bitwarden.badhouseplants.net
       service: bitwarden-vaultwarden
@@ -17,24 +17,21 @@ istio:
   pathType: Prefix
 
 env:
+
   SIGNUPS_ALLOWED: false
   DOMAIN: "https://bitwarden.badhouseplants.net"
+  # YUBICO_CLIENT_ID
+  # YUBICO_SECRET_KEY
+  # DATA_FOLDER
+  # DATABASE_URL
+  # ATTACHMENTS_FOLDER
+  # ICON_CACHE_FOLDER
+  # ROCKET_LIMITS
+  # ROCKET_WORKERS
   WEB_VAULT_ENABLED: true
 
 persistence:
   enabled: true
   accessMode: ReadWriteOnce
   size: 800Mi
-  storageClass: longhorn
+  storageClass: longhorn
-
-smtp:
-  host: badhouseplants.net
-  security: "starttls"
-  port: 587
-  from: bitwarden@badhouseplants.net
-  fromName: bitwarden
-  username:
-    value: overlord@badhouseplants.net
-  authMechanism: "Plain"
-  acceptInvalidHostnames: "false"
-  acceptInvalidCerts: "false"

badhouseplants/values/values.db-instances.yaml

@@ -10,16 +10,6 @@ dbinstances:
     generic:
       host: postgres-postgresql
       port: 5432
-  postgres16:
-    monitoring:
-      enabled: false
-    adminSecretRef:
-      Name: postgres16-secret
-      Namespace: database-service
-    engine: postgres
-    generic:
-      host: postgres16-postgresql
-      port: 5432
   mysql:
     monitoring:
       enabled: false

badhouseplants/values/values.docker-mailserver.yaml

@@ -1,129 +0,0 @@
-istio-gateway:
-  enabled: true
-  gateways:
-    - name: badhouseplants-email
-      servers:
-        - hosts:
-            - "*"
-          port:
-            name: smtp
-            number: 25
-            protocol: TCP
-        - hosts:
-            - "*"
-          port:
-            name: pop3
-            number: 110
-            protocol: TCP
-        - hosts:
-            - "*"
-          port:
-            name: imap
-            number: 143
-            protocol: TCP
-        - hosts:
-            - "*"
-          port:
-            name: smtps
-            number: 465
-            protocol: TCP
-        - hosts:
-            - "*"
-          port:
-            name: submission
-            number: 587
-            protocol: TCP
-        - hosts:
-            - "*"
-          port:
-            name: imaps
-            number: 993
-            protocol: TCP
-        - hosts:
-            - "*"
-          port:
-            name: pop3s
-            number: 995
-            protocol: TCP
-istio:
-  enabled: true
-  istio:
-    - name: docker-mailserver-smpt
-      kind: tcp
-      gateway: badhouseplants-email
-      service: docker-mailserver
-      hostname: badhouseplants.net
-      port_match: 25
-      port: 25
-    - name: docker-mailserver-smpts
-      kind: tcp
-      gateway: badhouseplants-email
-      port_match: 465
-      hostname: badhouseplants.net
-      service: docker-mailserver
-      port: 465
-    - name: docker-mailserver-smpt-startls
-      kind: tcp
-      gateway: badhouseplants-email
-      hostname: badhouseplants.net
-      port_match: 587
-      service: docker-mailserver
-      port: 587
-    - name: docker-mailserver-imap
-      kind: tcp
-      hostname: badhouseplants.net
-      gateway: badhouseplants-email
-      port_match: 143
-      service: docker-mailserver
-      port: 143
-    - name: docker-mailserver-imaps
-      kind: tcp
-      gateway: badhouseplants-email
-      hostname: badhouseplants.net
-      port_match: 993
-      service: docker-mailserver
-      port: 993
-    - name: docker-mailserver-pop3
-      kind: tcp
-      gateway: badhouseplants-email
-      port_match: 110
-      hostname: badhouseplants.net
-      service: docker-mailserver
-      port: 110
-    - name: docker-mailserver-pop3s
-      kind: tcp
-      gateway: badhouseplants-email
-      port_match: 993
-      hostname: badhouseplants.net
-      service: docker-mailserver
-      port: 993
-    - name: docker-mailserver-rainloop
-      kind: http
-      gateway: istio-system/badhouseplants-net
-      hostname: mail.badhouseplants.net
-      service: docker-mailserver-rainloop
-      port: 80
-
-rainloop:
-  enabled: true
-  ingress:
-    enabled: false
-demoMode:
-  enabled: false
-domains:
-  - badhouseplants.net
-  - mail.badhouseplants.net
-ssl:
-  issuer:
-    name: badhouseplants-issuer
-    kind: ClusterIssuer
-  dnsname: badhouseplants.net
-  dns01provider: cloudflare
-  useExisting: false
-pod:
-  dockermailserver:
-    enable_fail2ban: "0"
-    ssl_type: manual
-service:
-  type: ClusterIP
-spfTestsDisabled: true

badhouseplants/values/values.drone.yaml

@@ -6,7 +6,7 @@ istio:
   enabled: true
   istio:
     - name: drone-http
-      gateway: istio-system/badhouseplants-net
+      gateway: badhouseplants-net
       kind: http
       hostname: drone.badhouseplants.net
       service: drone

badhouseplants/values/values.funkwhale.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: funkwhale-http
-      gateway: istio-system/badhouseplants-net
+      gateway: badhouseplants-net
       kind: http
       hostname: funkwhale.badhouseplants.net
       service: funkwhale
@@ -15,8 +15,8 @@ istio:
 
 ext-database:
   enabled: true
-  name: funkwhale-postgres16
+  name: funkwhale-postgres
-  instance: postgres16
+  instance: postgres
 
 replicaCount: 1
 celery:
@@ -43,14 +43,13 @@ ingress:
   enabled: false
 postgresql:
   enabled: false
-  host: postgres16-postgresql.database-service.svc.cluster.local
+  host: postgres-postgresql.database-service.svc.cluster.local
   auth:
-    username: funkwhale-application-funkwhale-postgres16
+    username: funkwhale-application-funkwhale-postgres
-    database: funkwhale-application-funkwhale-postgres16
+    database: funkwhale-application-funkwhale-postgres
 
 redis:
   enabled: false
   host: redis-master.database-service.svc.cluster.local
   auth:
     enabled: true
-  database: 3

badhouseplants/values/values.gitea.yaml

@@ -8,13 +8,13 @@ istio:
   istio:
     - name: gitea-http
       kind: http
-      gateway: istio-system/badhouseplants-net
+      gateway: badhouseplants-net
       hostname: git.badhouseplants.net
       service: gitea-http
       port: 3000
     - name: gitea-ssh
       kind: tcp
-      gateway: istio-system/badhouseplants-ssh
+      gateway: badhouseplants-ssh
       hostname: "*"
       port_match: 22
       service: gitea-ssh
@@ -25,8 +25,8 @@ istio:
 # ------------------------------------------
 ext-database:
   enabled: true
-  name: gitea-postgres16
+  name: gitea-postgres
-  instance: postgres16
+  instance: postgres
 # ------------------------------------------
 # -- Kubernetes related values
 # ------------------------------------------
@@ -43,7 +43,7 @@ resources:
 
 persistence:
   enabled: true
-  size: 8Gi
+  size: 6Gi
   accessModes:
     - ReadWriteOnce
 
@@ -61,9 +61,9 @@ gitea:
   config:
     database:
       DB_TYPE: postgres
-      HOST: postgres16-postgresql.database-service.svc.cluster.local
+      HOST: postgres-postgresql.database-service.svc.cluster.local
-      NAME: gitea-service-gitea-postgres16
+      NAME: gitea-service-gitea-postgres
-      USER: gitea-service-gitea-postgres16
+      USER: gitea-service-gitea-postgres
     APP_NAME: Bad Houseplants Gitea
     ui:
       meta:
@@ -101,13 +101,6 @@ gitea:
       ADAPTER: redis
     queue:
       TYPE: redis
-    mailer:
-      ENABLED: true
-      FROM: gitea@badhouseplants.net
-      PROTOCOL: smtp+startls
-      SMTP_ADDR: badhouseplants.net
-      SMTP_PORT: 587
-      USER: overlord@badhouseplants.net
 service:
   ssh:
     type: ClusterIP
@@ -119,4 +112,4 @@ service:
 postgresql-ha:
   enabled: false
 redis-cluster:
-  enabled: false
+  enabled: false

badhouseplants/values/values.istio-gateway-resources.yaml

@@ -1,69 +0,0 @@
-istio-gateway:
-  enabled: true
-  gateways:
-    - name: badhouseplants-net
-      servers:
-        - hosts:
-          - badhouseplants.net
-          - '*.badhouseplants.net'
-          port:
-            name: http
-            number: 80
-            protocol: HTTP2
-          tls:
-            httpsRedirect: true
-        - hosts:
-          - badhouseplants.net
-          - '*.badhouseplants.net'
-          port:
-            name: https
-            number: 443
-            protocol: HTTPS
-          tls:
-            credentialName: badhouseplants-wildcard-tls
-            mode: SIMPLE
-    - name: nrodionov-info
-      servers:
-        - hosts:
-          - nrodionov.info
-          - dev.nrodionov.info
-          port:
-            name: http
-            number: 80
-            protocol: HTTP2
-          tls:
-            httpsRedirect: false
-        - hosts:
-          - nrodionov.info
-          - dev.nrodionov.info
-          port:
-            name: https
-            number: 443
-            protocol: HTTPS
-          tls:
-            credentialName: nrodionov-wildcard-tls
-            mode: SIMPLE
-    - name: badhouseplants-vpn
-      servers:
-        - hosts:
-          - '*'
-          port:
-            name: tcp
-            number: 1194
-            protocol: TCP
-    - name: badhouseplants-ssh
-      servers:
-        - hosts:
-          - '*'
-          port:
-            name: ssh
-            number: 22
-            protocol: TCP
-    - name: badhouseplants-minecraft
-      servers:
-        - hosts:
-          - '*'
-          port:
-            name: minecraft
-            number: 25565
-            protocol: TCP

badhouseplants/values/values.istio-ingressgateway.yaml

@@ -1,3 +1,4 @@
+---
 service:
   type: LoadBalancer
   ports:
@@ -21,6 +22,10 @@ service:
       port: 1194
       protocol: TCP
       targetPort: 1194
+    - name: ovpn2
+      port: 1195
+      protocol: TCP
+      targetPort: 1195
     # -----------
     # -- Email
     # -----------

badhouseplants/values/values.longhorn.yaml

@@ -5,9 +5,9 @@ defaultSettings:
   guaranteedReplicaManagerCPU: 6
   storageOverProvisioningPercentage: 300
   storageMinimalAvailablePercentage: 5
-  defaultDataPath: /media/longhorn
+  defaultDataPath: /media-longhorn
 csi:
-  kubeletRootDir: /var/lib/kubelet
+  kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
 persistence:
-  defaultClassReplicaCount: 3
+  defaultClassReplicaCount: 1
 enablePSP: false

badhouseplants/values/values.mailu.yaml

@@ -21,7 +21,7 @@ istio:
       kind: http
       gateway: badhouseplants-net
       hostname: email.badhouseplants.net
-      service: mailu-fr ont
+      service: mailu-front
       port: 80
     # - name: mailu-smpt
       # kind: tcp

badhouseplants/values/values.metallb-resources.yaml

@@ -1,4 +0,0 @@
-ext-ipaddresspool:
-  enabled: true
-  name: badhouseplants-addresspool
-  addresses: 195.201.250.50-195.201.250.50

badhouseplants/values/values.minecraft.yaml

@@ -18,7 +18,7 @@ istio:
   enabled: true
   istio:
     - name: minecraft-tcp
-      gateway: istio-system/badhouseplants-minecraft
+      gateway: badhouseplants-minecraft
       kind: tcp
       port_match: 25565
       hostname: "*"
@@ -30,11 +30,10 @@ istio:
 image:
   tag: java17-graalvm-ce
   pullPolicy: Always
-
 resources:
   requests:
-    memory: 3Gi
+    memory: 512Mi
-    cpu: 256m
+    cpu: 50m
   limits:
     memory: 3Gi
 
@@ -43,7 +42,6 @@ lifecycle:
     - bash
     - -c
     - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345
-
 readinessProbe:
   command:
     - mc-health
@@ -52,9 +50,7 @@ readinessProbe:
   timeoutSeconds: 10
 livenessProbe:
   timeoutSeconds: 10
-
 minecraftServer:
-  overrideServerProperties: true
   eula: "TRUE"
   onlineMode: false
   difficulty: hard
@@ -62,14 +58,10 @@ minecraftServer:
   version: 1.20.1
   maxWorldSize: 90000
   type: "PAPER"
-  paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar
+  paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar
   gameMode: survival
   pvp: true
-  rcon:
+  memory: 2512M
-    enabled: true
-    withGeneratedPassword: false
-    port: 25575
-    serviceType: ClusterIP
   extraPorts:
     - name: metrics
       containerPort: 9225
@@ -87,30 +79,8 @@ persistence:
   dataDir:
     enabled: true
     Size: 15Gi
-mcbackup:
-  enabled: false
-  backupInterval: 2h
-  pauseIfNoPlayers: "false"
-  pruneBackupsDays: 2
-  rconRetries: 5
-  rconRetryInterval: 10s
-  excludes: "*.jar,cache,logs"
-  backupMethod: restic
-  resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft
-  resticAdditionalTags: "mc_backups"
-  pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2"
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 100m
-  persistence:
-    backupDir:
-      enabled: false
-# ---------------------------------------------
-# -- Install Plugins
-# ---------------------------------------------
 initContainers:
-  - name: 0-install-prometheus-exporter
+  - name: install-prometheus-exporter
     image: alpine/curl
     command:
       - curl
@@ -122,7 +92,7 @@ initContainers:
       - name: plugins
         mountPath: /data/plugins
         readOnly: false
-  - name: 0-install-password-plugin
+  - name: install-password-plugin
     image: alpine/curl
     command:
       - curl
@@ -134,41 +104,6 @@ initContainers:
       - name: plugins
         mountPath: /data/plugins
         readOnly: false
-  - name: 0-install-gravity-control-plugin
-    image: alpine/curl
-    command:
-      - curl
-      - -L
-      - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar
-      - -o
-      - /data/plugins/GravityControl-1.3.0.jar
-    volumeMounts:
-      - name: plugins
-        mountPath: /data/plugins
-        readOnly: false
-  - name: 0-install-fast-minecart-plugin
-    image: alpine/curl
-    command:
-      - curl
-      - -L
-      - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar
-      - -o
-      - /data/plugins/FastMinecarts.jar
-    volumeMounts:
-      - name: plugins
-        mountPath: /data/plugins
-  - name: 1-add-plugins-to-minecraft
-    image: alpine/curl
-    command:
-      - sh 
-      - -c 
-      - cp -r /in /out/plugins
-    volumeMounts:
-      - name: plugins
-        mountPath: /in
-        readOnly: false
-      - name: datadir
-        mountPath: /out
 extraVolumes:
   - volumeMounts:
       - name: plugins

badhouseplants/values/values.minio.yaml

@@ -7,13 +7,13 @@ istio:
   enabled: true
   istio:
     - name: minio-http
-      gateway: istio-system/badhouseplants-net
+      gateway: badhouseplants-net
       kind: http
       hostname: minio.badhouseplants.net
       service: minio-console
       port: 9001
     - name: s3-http
-      gateway: istio-system/badhouseplants-net
+      gateway: badhouseplants-net
       kind: http
       hostname: s3.badhouseplants.net
       service: minio

badhouseplants/values/values.mysql.yaml

@@ -4,3 +4,4 @@ primary:
 
 auth:
   createDatabase: false
+  

badhouseplants/values/values.nrodionov.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: nrodionov-http
-      gateway: istio-system/nrodionov-info
+      gateway: nrodionov-info
       kind: http
       hostname: dev.nrodionov.info
       service: nrodionov-wordpress

badhouseplants/values/values.openvpn.yaml

@@ -7,30 +7,16 @@ istio:
   enabled: true
   istio:
     - name: openvpn-tcp
-      gateway: istio-system/badhouseplants-vpn
+      gateway: badhouseplants-vpn
       kind: tcp
-      port_match: 1194
+      port_match: 1195
       hostname: "*"
       service: openvpn
       port: 1194
-# ------------------------------------------
-image:
-  tag: v2.6.5-xor-4.0.0beta08
-storage:
-  class: default
-  size: 512Mi
 
+storageClassName: longhorn
 openvpn:
-  proto: tcp
+  server: "tcp://195.201.250.50:1195"
-  host: 195.201.250.50
-easyrsa:
-  cn: Bad Houseplants
-  country: Germany
-  province: NRW
-  city: Duesseldorf
-  org: Bad Houseplants
-  email: allanger@zohomail.com
-
 service:
   type: ClusterIP
   port: 1194

badhouseplants/values/values.postgres16.yaml

@@ -1,10 +0,0 @@
-architecture: standalone
-
-auth:
-  database: postgres
-
-persistence:
-  size: 1Gi
-
-metrics:
-  enabled: false

badhouseplants/values/values.prometheus.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: grafana-https
-      gateway: istio-system/badhouseplants-net
+      gateway: badhouseplants-net
       kind: http
       hostname: "grafana.badhouseplants.net"
       service: prometheus-grafana

badhouseplants/values/values.rook-ceph-cluster.yaml

@@ -1,144 +0,0 @@
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# -- Namespace of the main rook operator
-operatorNamespace: rook-ceph
-
-# -- The metadata.name of the CephCluster CR
-# @default -- The same as the namespace
-clusterName:
-
-# -- Optional override of the target kubernetes version
-kubeVersion:
-
-# -- Cluster ceph.conf override
-configOverride:
-# configOverride: |
-#   [global]
-#   mon_allow_pool_delete = true
-#   osd_pool_default_size = 3
-#   osd_pool_default_min_size = 2
-
-# Installs a debugging toolbox deployment
-toolbox:
-  # -- Enable Ceph debugging pod deployment. See [toolbox](../Troubleshooting/ceph-toolbox.md)
-  enabled: false
-  # -- Toolbox image, defaults to the image used by the Ceph cluster
-  image: #quay.io/ceph/ceph:v17.2.6
-  # -- Toolbox tolerations
-  tolerations: []
-  # -- Toolbox affinity
-  affinity: {}
-  # -- Toolbox container security context
-  containerSecurityContext:
-    runAsNonRoot: true
-    runAsUser: 2016
-    runAsGroup: 2016
-    capabilities:
-      drop: ["ALL"]
-  # -- Toolbox resources
-  resources:
-    limits:
-      cpu: "500m"
-      memory: "1Gi"
-    requests:
-      cpu: "100m"
-      memory: "128Mi"
-  # -- Set the priority class for the toolbox if desired
-  priorityClassName:
-
-monitoring:
-  # -- Enable Prometheus integration, will also create necessary RBAC rules to allow Operator to create ServiceMonitors.
-  # Monitoring requires Prometheus to be pre-installed
-  enabled: false
-  # -- Whether to create the Prometheus rules for Ceph alerts
-  createPrometheusRules: false
-  # -- The namespace in which to create the prometheus rules, if different from the rook cluster namespace.
-  # If you have multiple rook-ceph clusters in the same k8s cluster, choose the same namespace (ideally, namespace with prometheus
-  # deployed) to set rulesNamespaceOverride for all the clusters. Otherwise, you will get duplicate alerts with multiple alert definitions.
-  rulesNamespaceOverride:
-  # Monitoring settings for external clusters:
-  # externalMgrEndpoints: <list of endpoints>
-  # externalMgrPrometheusPort: <port>
-  # allow adding custom labels and annotations to the prometheus rule
-  prometheusRule:
-    # -- Labels applied to PrometheusRule
-    labels: {}
-    # -- Annotations applied to PrometheusRule
-    annotations: {}
-
-# -- Create & use PSP resources. Set this to the same value as the rook-ceph chart.
-pspEnable: false
-
-# imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts.
-# imagePullSecrets:
-# - name: my-registry-secret
-
-# All values below are taken from the CephCluster CRD
-# -- Cluster configuration.
-# @default -- See [below](#ceph-cluster-spec)
-cephClusterSpec:
-  resources:
-    mgr:
-      limits:
-        memory: "1Gi"
-      requests:
-        cpu: "200m"
-        memory: "512Mi"
-    mon:
-      limits:
-        memory: "2Gi"
-      requests:
-        cpu: "250m"
-        memory: "1Gi"
-    osd:
-      requests:
-        cpu: "200m"
-        memory: "4Gi"
-    prepareosd:
-      # limits: It is not recommended to set limits on the OSD prepare job
-      #         since it's a one-time burst for memory that must be allowed to
-      #         complete without an OOM kill.  Note however that if a k8s
-      #         limitRange guardrail is defined external to Rook, the lack of
-      #         a limit here may result in a sync failure, in which case a
-      #         limit should be added.  1200Mi may suffice for up to 15Ti
-      #         OSDs ; for larger devices 2Gi may be required.
-      #         cf. https://github.com/rook/rook/pull/11103
-      requests:
-        cpu: "500m"
-        memory: "50Mi"
-    mgr-sidecar:
-      limits:
-        cpu: "500m"
-        memory: "100Mi"
-      requests:
-        cpu: "100m"
-        memory: "40Mi"
-    crashcollector:
-      limits:
-        cpu: "500m"
-        memory: "60Mi"
-      requests:
-        cpu: "100m"
-        memory: "60Mi"
-    logcollector:
-      limits:
-        cpu: "500m"
-        memory: "1Gi"
-      requests:
-        cpu: "100m"
-        memory: "100Mi"
-    cleanup:
-      limits:
-        cpu: "500m"
-        memory: "1Gi"
-      requests:
-        cpu: "500m"
-        memory: "100Mi"
-    exporter:
-      limits:
-        cpu: "250m"
-        memory: "128Mi"
-      requests:
-        cpu: "50m"
-        memory: "50Mi"

common/values.ipaddresspool.yaml

@@ -1,14 +0,0 @@
----
-ext-ipaddresspool:
-  templates:
-    - |
-        ---
-        apiVersion: metallb.io/v1beta1
-        kind: IPAddressPool
-        metadata:
-          name: "{{ .Values.name }}"
-        spec:
-          addresses:
-            - "{{ .Values.addresses }}"
-          autoAssign: true
-          avoidBuggyIPs: false

common/values.istio-gateway.yaml

@@ -1,16 +0,0 @@
----
-istio-gateway:
-  templates:
-    - |
-        {{ range .Values.gateways }}
-        ---
-        apiVersion: networking.istio.io/v1beta1
-        kind: Gateway
-        metadata:
-          name: {{ .name }}
-        spec:
-          selector: 
-            istio: ingressgateway
-          servers:
-        {{ toYaml .servers | indent 4 }}
-        {{ end }}

common/values.istio.yaml

@@ -10,7 +10,7 @@ istio:
           name: {{ .name }}
         spec:
           gateways:
-          - "{{ .gateway }}"
+          - "istio-system/{{ .gateway }}"
           hosts:
           -  {{ .hostname | quote }}
           {{- if eq  .kind "http" }}

docs/restic.md

@@ -1,7 +0,0 @@
-# Restic
-
-We are using restic for backing up the Minecraft server
-
-## How to restore
-
-TODO: Describe the restoration process

environments.yaml

@@ -1,5 +1,5 @@
 environments:
   badhouseplants:
-    kubeContext: badhouseplants-arm
+    kubeContext: badhouseplants
   etersoft:
     kubeContext: etersoft

etersoft/helmfile.yaml

@@ -1,5 +0,0 @@
----
-
-bases:
-  - ../environments.yaml
-  - ../repositories.yaml

etersoft/values/secrets.drone-runner-docker.yaml

@@ -0,0 +1,22 @@
+env:
+    DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5
+            Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi
+            aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ
+            em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh
+            DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-05-21T09:27:21Z"
+    mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

etersoft/values/values.drone-runner-docker.yaml

@@ -0,0 +1,16 @@
+---
+env:
+  DRONE_RPC_HOST: drone.badhouseplants.net
+  DRONE_RPC_PROTO: https
+  DRONE_NAMESPACE_DEFAULT: drone-service
+rbac:
+  buildNamespaces:
+    - drone-service
+dind:
+  resources:
+    limits:
+      cpu: 2000m
+      memory: 2024Mi
+    requests:
+      cpu: 100m
+      memory: 512Mi

etersoft/values/values.metallb-resources.yaml

@@ -1,4 +0,0 @@
-ext-ipaddresspool:
-  enabled: true
-  name: etersoft-addresspool
-  addresses: 91.232.225.63-91.232.225.63

etersoft/values/values.minio.yaml

@@ -71,8 +71,6 @@ policies:
     - resources:
         - 'arn:aws:s3:::longhorn/*'
         - 'arn:aws:s3:::longhorn'
-        - 'arn:aws:s3:::restic/*'
-        - 'arn:aws:s3:::restic'
       actions:
         - "s3:DeleteObject"
         - "s3:GetObject"
@@ -83,10 +81,6 @@ buckets:
     policy: none
     purge: false
     versioning: false
-  - name: restic
-    policy: none
-    purge: false
-    versioning: false
 metrics:
   serviceMonitor:
     enabled: false

etersoft/values/values.openvpn.yaml

@@ -14,9 +14,7 @@ istio:
       service: openvpn
       port: 1194
 
-storage:
+storageClassName: microk8s-hostpath
-  class: microk8s-hostpath
-  size: 5Gi
 openvpn:
   server: "tcp://91.232.225.63:1194"
 service:

helmfile.yaml

@@ -7,53 +7,50 @@ bases:
 
 releases:
   - <<: *metrics-server
-    installed: false
+    installed: true
     namespace: kube-system
-    createNamespace: true
+    createNamespace: false
 
   - <<: *istio-base
     installed: true
     namespace: istio-system
-    createNamespace: true
+    createNamespace: false
   
   - <<: *istio-gateway
     installed: true
     namespace: istio-system
-    createNamespace: true
+    createNamespace: false
-
-  - <<: *istio-gateway-resources
-    installed: true
-    namespace: istio-system
-    createNamespace: true
 
   - <<: *istiod
     installed: true
     namespace: istio-system
-    createNamespace: true
+    createNamespace: false
 
   - <<: *cert-manager
     installed: true
     namespace: cert-manager
-    createNamespace: true
+    createNamespace: false
 
   - <<: *minio
     installed: true
     namespace: minio-service
-    createNamespace: true
+    createNamespace: false
 
   - <<: *openvpn
     installed: true
     namespace: openvpn-service
-    createNamespace: true
+    createNamespace: false
   
   - <<: *metallb
     installed: true
     namespace: metallb-system
     createNamespace: true
 
-  - <<: *metallb-resources
+  - <<: *drone-runner-docker
     installed: true
-    namespace: metallb-system
+    namespace: drone-service
+    createNamespace: false
+
 
 helmfiles:
   - path: {{.Environment.Name }}/helmfile.yaml

releases.yaml

@@ -41,14 +41,6 @@ templates:
   # ----------------------------
   # -- Extensions
   # ----------------------------
-  ext-istio-gateway:
-    dependencies:
-      - chart: bedag/raw
-        version: 2.0.0
-        alias: istio-gateway
-    values:
-      - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
-
   ext-istio-resource:
     dependencies:
       - chart: bedag/raw
@@ -87,122 +79,41 @@ templates:
       alias: ext-database
     values:
       - '{{ requiredEnv "PWD" }}/common/values.database.yaml'
-
+  # ----------------------------
-  ext-ipaddresspool:
-    dependencies:
-    - chart: bedag/raw
-      version: 2.0.0
-      alias: ext-ipaddresspool
-    values:
-      - '{{ requiredEnv "PWD" }}/common/values.ipaddresspool.yaml'
-
-  # -------------------------------------------------------------------
   # -- Releases
-  # -------------------------------------------------------------------
+  # ----------------------------
   # -- System
-  # -- This is what has to be installed first. Without those releases
+  # ----------------------------
-  # --  cluster can't function
-  # -------------------------------------------------------------------
-  common-system:
-    labels:
-      layer: system
-
   metrics-server: &metrics-server
     name: metrics-server
     chart: metrics-server/metrics-server
     version: 3.11.0
-    inherit:
-      - template: common-system
     values:
       - common/values.{{ .Release.Name }}.yaml
 
   metallb: &metallb
     name: metallb
     chart: metallb/metallb
-    version: 0.13.11
+    version: 0.13.10
-    inherit:
-      - template: common-system
-
-  metallb-resources: &metallb-resources
-    name: metallb-resources
-    chart: bedag/raw
-    version: 2.0.0
-    needs: 
-      - metallb
-    inherit: 
-      - template: default-env-values
-      - template: ext-ipaddresspool
-      - template: common-system
 
   cert-manager: &cert-manager
     name: cert-manager
     chart: jetstack/cert-manager
-    version: 1.13.1
+    version: 1.12.3
-    inherit: 
-      - template: common-system
     set:
       - name: installCRDs
         value: true
-  
   longhorn: &longhorn
     name: longhorn
     chart: longhorn/longhorn
     version: 1.5.1
     inherit:
       - template: default-env-values
-      - template: common-system
-
-  # ----------------------------
-  # -- Istio
-  # ----------------------------
-  common-istio:
-    labels:
-      bundle: istio
-    version: 1.19.3
-    inherit: 
-      - template: common-system
-
-  istio-base: &istio-base
-    name: istio-base
-    chart: istio/base
-    inherit:
-      - template: crd-management-hook
-      - template: common-istio
-
-  istio-gateway: &istio-gateway
-    name: istio-ingressgateway
-    chart: istio/gateway
-    needs:
-      - istio-base
-      - metallb-system/metallb-resources
-    inherit:
-      - template: common-istio
-      - template: default-env-values
-
-  istiod: &istiod
-    name: istiod
-    chart: istio/istiod
-    needs:
-      - istio-base
-    inherit:
-      - template: common-istio
-      - template: default-env-values
-
-  istio-gateway-resources: &istio-gateway-resources
-    name: istio-gateway-resources
-    chart: bedag/raw
-    version: 2.0.0
-    needs:
-      - istio-base
-    inherit:
-      - template: ext-istio-gateway
-      - template: default-env-values
-      - template: common-system
 
   argocd: &argocd
     name: argocd
     chart: argo/argo-cd
-    version: 5.46.8
+    version: 5.42.2
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -215,7 +126,7 @@ templates:
   prometheus: &prometheus
     name: prometheus
     chart: prometheus-community/kube-prometheus-stack
-    version: 51.6.1
+    version: 48.3.1
     inherit:
       - template: monitoring-common
       - template: default-env-values
@@ -226,7 +137,7 @@ templates:
   loki: &loki
     name: loki
     chart: grafana/loki
-    version: 5.29.0
+    version: 5.10.0
     inherit:
       - template: monitoring-common
       - template: default-env-values
@@ -234,18 +145,46 @@ templates:
   promtail: &promtail
     name: promtail
     chart: grafana/promtail
-    version: 6.15.2
+    version: 6.14.1
     inherit:
       - template: monitoring-common
       - template: default-env-values
+  # ----------------------------
+  # -- Istio
+  # ----------------------------
+  istio-common:
+    labels:
+      bundle: istio
+    version: 1.18.2
+
+  istio-base: &istio-base
+    name: istio-base
+    chart: istio/base
+    inherit:
+      - template: crd-management-hook
+      - template: istio-common
+
+  istio-gateway: &istio-gateway
+    name: istio-ingressgateway
+    chart: istio/gateway
+    inherit:
+      - template: istio-common
+      - template: default-env-values
+
+  istiod: &istiod
+    name: istiod
+    chart: istio/istiod
+    inherit:
+      - template: istio-common
+      - template: default-env-values
 
   # ----------------------------
   # -- Applications
   # ----------------------------
   openvpn: &openvpn
     name: openvpn
-    chart: allanger-gitea/openvpn
+    chart: allanger-charts/openvpn
-    version: 1.0.6
+    version: 1.0.3
     inherit:
       - template: default-env-values
       - template: ext-istio-resource
@@ -258,7 +197,7 @@ templates:
   drone: &drone
     name: drone
     chart: drone/drone
-    version: 0.6.5
+    version: 0.6.4
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -277,7 +216,7 @@ templates:
   nrodionov: &nrodionov
     name: nrodionov
     chart: bitnami/wordpress
-    version: 18.0.4
+    version: 17.0.4
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -287,7 +226,7 @@ templates:
   minio: &minio
     name: minio
     chart: minio/minio
-    version: 5.0.14
+    version: 5.0.13
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -296,16 +235,15 @@ templates:
   minecraft: &minecraft
     name: minecraft
     chart: minecraft-server-charts/minecraft
-    version: 4.11.0
+    version: 4.9.3
     inherit:
       - template: default-env-values
-      - template: default-env-secrets
       - template: ext-istio-resource
 
   gitea: &gitea
     name: gitea
     chart: gitea/gitea
-    version: 9.5.0
+    version: 9.1.0
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -315,7 +253,7 @@ templates:
   funkwhale: &funkwhale
     name: funkwhale
     chart: ananace-charts/funkwhale
-    version: 2.0.3
+    version: 2.0.1
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -344,15 +282,15 @@ templates:
   redis: &redis
     name: redis
     chart: bitnami/redis
-    version: 18.1.5
+    version: 17.14.6
     inherit:
       - template: default-env-values
       - template: default-env-secrets
 
-  postgres16: &postgres16
+  postgres: &postgres
-    name: postgres16
+    name: postgres
     chart: bitnami/postgresql
-    version: 13.1.4
+    version: 12.8.0
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -360,7 +298,7 @@ templates:
   db-operator: &db-operator
     name: db-operator
     chart: db-operator/db-operator
-    version: 1.11.1
+    version: 1.9.1
 
   db-instances: &db-instances
     name: db-instances
@@ -373,17 +311,7 @@ templates:
   mysql: &mysql
     name: mysql
     chart: bitnami/mysql
-    version: 9.12.5
+    version: 9.10.10
     inherit:
       - template: default-env-values
       - template: default-env-secrets
-
-  docker-mailserver: &docker-mailserver
-    name: docker-mailserver
-    chart: allanger-gitea/docker-mailserver
-    version: 2.1.3
-    inherit:
-      - template: default-env-values
-      - template: ext-istio-gateway
-      - template: ext-istio-resource
-

repositories.yaml

@@ -2,6 +2,8 @@
 repositories:
   - name: metrics-server
     url: https://kubernetes-sigs.github.io/metrics-server/
+  - name: allanger-charts
+    url: https://allanger.github.io/allanger-charts
   - name: jetstack
     url: https://charts.jetstack.io
   - name: istio

scripts/migrate_postgres.sh

@@ -1,39 +0,0 @@
-#!/bin/bash
-export PGHOST=$OLD_PGHOST
-export PGPASSWORD=$OLD_PGPASSWORD
-export PGDATABASE=$OLD_PGDATABASE
-DUMP_FILE=/tmp/$PGDATABASE.dump
-pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
-
-export PGHOST=$NEW_PGHOST
-export PGPASSWORD=$NEW_PGPASSWORD
-export PGDATABASE=$NEW_PGDATABASE
-pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
-
-psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
-psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
-psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
-
-rm -f /tmp/output
-
-psql -c "\
-SELECT format(\
-  'ALTER TABLE %I.%I.%I OWNER TO %I;',\
-  table_catalog,\
-  table_schema,\
-  table_name,\
-  '${PGDATABASE}')\
-FROM information_schema.tables \
-WHERE table_schema='public'" | grep ALTER > /tmp/output
-
-psql -c "\
-SELECT format(\
-  'ALTER SEQUENCE %I.%I.%I OWNER TO %I;',\
-  sequence_catalog,\
-  sequence_schema,\
-  sequence_name,\
-  '${PGDATABASE}')\
-FROM information_schema.sequences \
-WHERE sequence_schema='public'" | grep ALTER >> /tmp/output
-
-psql -c "$(cat /tmp/output)"