badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:rook-ceph-arm
Branches Tags
badhouseplants:main badhouseplants:renovate/configure badhouseplants:try-argo-and-flux badhouseplants:fail-kust badhouseplants:add-dependencies badhouseplants:refactor-helmfiles badhouseplants:rook-ceph-arm badhouseplants:invalid.config badhouseplants:try-elementor badhouseplants:prepare-arm-cluster badhouseplants:try-tekton badhouseplants:fix-check-da-helm badhouseplants:try-arm badhouseplants:upgrading-openvpn
..
compare: badhouseplants:try-argo-and-flux
Branches Tags
badhouseplants:renovate/configure badhouseplants:try-argo-and-flux badhouseplants:fail-kust badhouseplants:main badhouseplants:add-dependencies badhouseplants:refactor-helmfiles badhouseplants:rook-ceph-arm badhouseplants:invalid.config badhouseplants:try-elementor badhouseplants:prepare-arm-cluster badhouseplants:try-tekton badhouseplants:fix-check-da-helm badhouseplants:try-arm badhouseplants:upgrading-openvpn

56 Commits
rook-ceph- ... try-argo-a

Author SHA1 Message Date
Nikolai Rodionov
06c11576f5 More changes 2024-07-05 10:08:57 +02:00
Nikolai Rodionov
60e57f3b45 A lot of changes that are hard to track 2024-07-05 09:20:55 +02:00
Nikolai Rodionov
14dbe234ea Cleanup namespaces 2024-06-22 13:28:53 +02:00
Nikolai Rodionov
697e5f3746 Add a storage to the vaultwarden test 2024-06-21 17:23:33 +02:00
Nikolai Rodionov
d6d93998cb Update traefik 2024-06-15 20:45:50 +02:00
Nikolai Rodionov
6c83d67c9c Huge upgraqde to everything 2024-06-15 12:20:06 +02:00
Nikolai Rodionov
10d7936625 Update releases 2024-05-18 15:36:38 +02:00
Nikolai Rodionov
21f198b0fa Increase Gitea disk 2024-05-13 11:39:57 +02:00
Nikolai Rodionov
5d4eae3152 Some updates to the config 2024-05-11 20:52:58 +02:00
Nikolai Rodionov
262417f1cf A lot of updates and disable loki 2024-04-20 13:51:38 +02:00
Nikolai Rodionov
ff0f34551a Update charts 2024-04-01 11:31:15 +02:00
Nikolai Rodionov
bcab058394 Init helmule config 2024-03-26 22:25:21 +01:00
Nikolai Rodionov
c4dd8bd6e4 Install zot 2024-03-26 21:48:31 +01:00
Nikolai Rodionov
ba7a32a17f Instll zot 2024-03-24 13:44:22 +01:00
Nikolai Rodionov
a47775d835 Update charts 2024-03-24 13:42:13 +01:00
Nikolai Rodionov
8a85d32722 Update releases 2024-03-22 11:16:58 +01:00
Nikolai Rodionov
2211d9b388 Update charts 2024-03-11 11:16:03 +01:00
Nikolai Rodionov
97117aa3f2 Update dbinstances 2024-02-29 16:04:12 +01:00
Nikolai Rodionov
630819f887 Fix ArgoCD oauth 2024-02-23 00:47:38 +01:00
Nikolai Rodionov
773b70bb3a Udpate values 2024-02-22 22:15:27 +01:00
Nikolai Rodionov
e255ee4e99 Remove minecraft from the repo 2024-02-21 00:50:11 +01:00
Nikolai Rodionov
9b8c729d65 Update sops file 2024-02-21 00:36:23 +01:00
Nikolai Rodionov
c5ade9c28b Update longhorn and openvpn 2024-02-21 00:08:14 +01:00
Nikolai Rodionov
b93d4e0b2b Update bunch of releases 2024-02-21 00:03:04 +01:00
Nikolai Rodionov
cc1cf4e650 Update cilium 2024-02-20 23:48:21 +01:00
Nikolai Rodionov
3c8f6a243c Update istio bundle 2024-02-20 23:44:23 +01:00
Nikolai Rodionov
5b478e594e Cleanup the backup cluster 2024-02-20 23:44:08 +01:00
Nikolai Rodionov
fbf483cfc0 Update openvpn 2024-02-20 16:26:35 +01:00
Nikolai Rodionov
a20017c9b7 Start setting up shadowsocks 2024-02-20 15:44:31 +01:00
Nikolai Rodionov
a6b30b3337 Cleanup db-operator 2024-02-17 02:20:54 +01:00
Nikolai Rodionov
4d5ee1f6c5 Update db-operator 2024-02-16 15:51:18 +01:00
Nikolai Rodionov
21ff595d40 Some small chagnes 2024-02-16 15:47:14 +01:00
Nikolai Rodionov
d67cf1a273 Add new ns 2024-02-13 15:49:31 +01:00
Nikolai Rodionov
99972808b7 Increase limits 2024-02-11 09:00:05 +01:00
Nikolai Rodionov
1cb2c5f259 Increase limits 2024-02-11 08:57:07 +01:00
Nikolai Rodionov
f4c9224ae6 Enable limits and store minecraft logs 2024-02-11 08:39:37 +01:00
Nikolai Rodionov
fb6a016b66 Revert "[Minecraft] Password plugin update" 
This reverts commit 0591ae21ce.
 2024-02-10 22:00:32 +01:00
Roman
0591ae21ce [Minecraft] Password plugin update 2024-02-10 23:46:29 +03:00
Nikolai Rodionov
b1f183d712 Updates after the disaster recovery 2024-02-10 19:12:55 +01:00
Nikolai Rodionov
9c7e44e757 Sync after the disaster recovery 2024-02-04 09:31:09 +01:00
Nikolai Rodionov
9cf8656ba5 Fix the cluster 2024-01-26 16:53:34 +01:00
Nikolai Rodionov
896e939c2d Fix the gitea-allanger repo 2024-01-22 08:49:03 +01:00
Nikolai Rodionov
25ea4c4254 Fix the push workflow 2024-01-22 08:36:36 +01:00
Nikolai Rodionov
a95c4a9406 Update the email workflow 2024-01-22 08:35:56 +01:00
Nikolai Rodionov
0f533964ea Some updates 2024-01-20 11:57:09 +01:00
Nikolai Rodionov
238231bdc8 Update release 2024-01-11 04:37:37 +01:00
Nikolai Rodionov
2c33823d90 Use longhorn for vaultwarden 2024-01-06 21:50:12 +01:00
Nikolai Rodionov
5b7fd5117e Install Tandoor 2024-01-06 21:16:12 +01:00
Nikolai Rodionov
5236fd1cd7 Update releases 2024-01-06 06:29:15 +01:00
Nikolai Rodionov
dd6db7b7cd Update releases 2024-01-06 05:03:34 +01:00
Nikolai Rodionov
aa101786e0 Enable storage for Vaultwarden 2024-01-04 11:19:28 +01:00
Nikolai Rodionov
18b8a3ec56 Upgrade db-operator 2024-01-03 21:01:47 +01:00
Nikolai Rodionov
41ff1dadbf Upgrade vaultwarden 2024-01-03 14:55:12 +01:00
Nikolai Rodionov
af37b8011b Update db-oeprator version 2024-01-03 11:11:24 +01:00
Nikolai Rodionov
106c701ce1 Fix etersoft cluster's config 2024-01-01 13:56:35 +01:00
Nikolai Rodionov
afed983626 Update OpenVPN 2024-01-01 13:50:42 +01:00
136 changed files with 3294 additions and 1202 deletions
Expand all files Collapse all files

14
.woodpecker/.cdh.yml
View File

@ -16,19 +16,15 @@ steps:
notification: notification:
image: deblan/woodpecker-email image: deblan/woodpecker-email
settings: settings:
from: woody@badhouseplants.net dsn:
host: badhouseplants.net from_secret: smtp_dsn
skip_verify: true from:
no_starttls: false address: woody@badhouseplants.net
username: name: Woody Woodpecker
from_secret: smtp_username
password:
from_secret: smtp_password
recipients: recipients:
- allanger@badhouseplants.net - allanger@badhouseplants.net
subject: CDH result subject: CDH result
target: main target: main
recipients_only: true
attachment: result.html attachment: result.html
when: when:
- status: [success, failure] - status: [success, failure]

15
.woodpecker/.helmfile.yml
View File

@ -1,11 +1,25 @@
when: when:
event: push event: push
.k8s-limits: &k8s-limits
backend_options:
kubernetes:
resources:
requests:
memory: 1024Mi
cpu: 1000m
limits:
memory: 1512Mi
cpu: 1500m
matrix: matrix:
ENVIRONMENT: ENVIRONMENT:
- badhouseplants - badhouseplants
- etersoft - etersoft
steps: steps:
diff: diff:
<<: *k8s-limits
image: ghcr.io/helmfile/helmfile:canary image: ghcr.io/helmfile/helmfile:canary
secrets: [sops_age_key, kubeconfig_content] secrets: [sops_age_key, kubeconfig_content]
when: when:
@ -17,6 +31,7 @@ steps:
- echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
- helmfile -e $ENVIRONMENT diff --suppress-secrets - helmfile -e $ENVIRONMENT diff --suppress-secrets
apply: apply:
<<: *k8s-limits
image: ghcr.io/helmfile/helmfile:canary image: ghcr.io/helmfile/helmfile:canary
secrets: [sops_age_key, kubeconfig_content] secrets: [sops_age_key, kubeconfig_content]
when: when:

4
Makefile
View File

@ -1,4 +0,0 @@
create_crb:
kubectl create clusterrolebinding drone-deployer-workaround \
--clusterrole=cluster-admin \
--serviceaccount=drone-service:default

2
README.md
View File

@ -2,4 +2,4 @@
[![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config)
# CRD hooks # CRD hooks
I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will.

105
badhouseplants/helmfile.yaml
View File

@ -2,59 +2,54 @@
{{ readFile "../releases.yaml" }} {{ readFile "../releases.yaml" }}
releases: releases:
- <<: *drone - <<: *istio-base
installed: false
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: false
namespace: istio-system
createNamespace: false
- <<: *namespaces
installed: true installed: true
namespace: drone-service - <<: *roles
createNamespace: true
- <<: *drone-runner-docker
installed: true installed: true
namespace: drone-service - <<: *coredns
createNamespace: true
- <<: *longhorn
installed: true installed: true
namespace: longhorn-system - <<: *cilium
createNamespace: true installed: true
- <<: *authentik
- <<: *local-path-provisioner
- <<: *mailu
- <<: *zot
installed: true
- <<: *keel
- <<: *traefik
- <<: *argocd - <<: *argocd
installed: true installed: true
namespace: argo-system namespace: platform
createNamespace: true createNamespace: false
- <<: *nrodionov - <<: *nrodionov
installed: true installed: true
namespace: nrodionov-application namespace: nrodionov-application
createNamespace: true createNamespace: false
- <<: *minecraft
installed: true
namespace: minecraft-application
createNamespace: true
- <<: *gitea - <<: *gitea
installed: true installed: true
namespace: gitea-service namespace: applications
createNamespace: true createNamespace: false
- <<: *funkwhale - <<: *funkwhale
installed: true installed: true
namespace: funkwhale-application namespace: funkwhale-application
createNamespace: true createNamespace: false
- <<: *prometheus - <<: *bitwarden
installed: true installed: false
namespace: monitoring-system namespace: bitwarden-application
createNamespace: true
- <<: *loki
installed: true
namespace: monitoring-system
createNamespace: true
- <<: *promtail
installed: true
namespace: monitoring-system
createNamespace: true createNamespace: true
- <<: *redis - <<: *redis
@ -67,6 +62,9 @@ releases:
namespace: database-service namespace: database-service
createNamespace: true createNamespace: true
- <<: *postgres16-gitea
namespace: databases
createNamespace: false
- <<: *db-operator - <<: *db-operator
installed: true installed: true
namespace: database-service namespace: database-service
@ -77,35 +75,40 @@ releases:
namespace: database-service namespace: database-service
createNamespace: true createNamespace: true
- <<: *docker-mailserver - <<: *mysql
installed: true installed: false
namespace: mail-service namespace: database-service
createNamespace: true createNamespace: true
- <<: *istio-gateway-resources - <<: *woodpecker-ci
installed: true installed: true
namespace: istio-system namespace: platform
createNamespace: true createNamespace: true
- <<: *vaultwarden - <<: *vaultwarden
createNamespace: true createNamespace: true
installed: true installed: true
namespace: vaultwarden-application namespace: vaultwarden-application
- <<: *woodpecker-ci - <<: *vaultwardentest
createNamespace: false
installed: true installed: true
namespace: woodpecker-ci namespace: applications
- <<: *openvpn-xor
installed: true
namespace: openvpn-service
createNamespace: false
- <<: *docker-mailserver
installed: false
namespace: applications
createNamespace: true createNamespace: true
- <<: *rook-ceph - <<: *longhorn
installed: true installed: true
namespace: rook-ceph namespace: longhorn-system
createNamespace: true createNamespace: false
- <<: *rook-ceph-cluster
installed: true
namespace: rook-ceph-cluster
createNamespace: true
bases: bases:
- ../environments.yaml - ../environments.yaml

23
badhouseplants/values/secrets.argocd.yaml
View File

@ -1,10 +1,9 @@
server:
config:
dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str]
configs: configs:
cm:
dex.config: ENC[AES256_GCM,data:LCLzkdGS1CqPGPCpkf/Zqqk046aUlc1fiptooZnHN6qlJaSa18O2I6/t2sCZ+4V/5nkX5jX8EYpQ+S5gzqwnVdCfmgLNZMXHMM6MtRRvlX3sBxygT8KfQQN/aPb2A/n/sebDYV5P5ykzNAzbGLjJ5fc6Nz/QJTaPIBvHrez5VQZY3NBkP4fXb8gRYD3yw9mA4V0wXlW2sDlPmvnGMcj/RTvJGWhbtX/pWMSaLHBPoAR7wp/sTUDzkcRSvfANimzyXe8B5Zz+Xgo4bUV9T8lr5+rdxAYOlP0deg2lBR7mXr86JqVhLZp2Y8v6DNO3MgBmXzpbkIhg8hc7Tbe6I5+mqIZpIc7YPFJM7DhOB+QFAa3WHhcdwGcIkcECNipMcYDu0KBA1CSLlyVgsQLHPTubEp/8/0kC9HkZt+63dIlmR4IEnGVmUPMYmwym5Palsl3BN1LrTsA4WRIJwG4Ac4jUNCZiNF8rQu7CPa9a/mf+6NdVSJ/L9Gt1THnkzbN8xGK0CyEHWmrJ1drzC61SCfXIHxWMQn9NOegOtBkqjo6AE8KdmBmpqYqZW70t9iWFUN/wjfgwmNSM+JgUOE0s8A0B7oP+YS2gqQvbCmcP5CoPhtFwV4oNj+ZY+0dRjMF0EIh3pTsZUJhMuOK7W/fV3DpNGf7mT0WcrHd3nsgvbu+sijuM9I7ljvBGYJegvva8YP1g6OjJLckvC/nFt8Acfsqb6TaJhsEvpEQgg84Mn9vniW5zNhpIitkQVZ/DjZ0+cw5B8hWWZ65w66Xu0H4IR0RjEyuC8rDjEvdvBlKC22HiBoJvfASBlBrokIxj6YTp6je+xo7FOctmZfMOqm/yeydHJlR3z6NAY1tTnvn8VzLtXqFjwwC8wIoC944HnpZniXc1OAuIH1InIlSm9UC8eP29szuWufwPdInX2W3lE4bcJlmDMk1XxhA3dgh+HBNtZlSOuoG6ZkW/TinWHTx1GWqZ9nXNYbCptBdwCljc2TAmZzW37ZfovnYin5vaPUZQEX4Zq5fuF3YHHediwiVDbLAV2E+P0h2L4qWLFSEDzTXuI+/jsLN2a9TbuDEGBMZ5LL9tk+7A026Hw7yqkNiCjh7sIQ4OmQaIjPAeuKAUBY4jLomLCQOQfDdBbB7XLtpOJPwnM2EW1QVCPKC+WDHG+cv6ha4a4L0zsbS6VJvngfl2YKtZJrzrorBtH/enQuE/PPEal4eBrZ6DDuh0VKmnQbu4mdnrHc+06mMdBEEft3k+D5IoFUgEROoWFQ3DeY11gYCXzt0XMxYBs31S4jdbRmIe7kXsZmtZZPk=,iv:FwR1dU7UqgS9aqpNej3SbBnpAR5bqTwqxrn8SaowZrE=,tag:DlPZlqrfUKfpCZMz4/r1MQ==,type:str]
credentialTemplates: credentialTemplates:
ssh-creds: ssh-creds:
sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] sshPrivateKey: ENC[AES256_GCM,data:eC93yjQa8Id4Ub69bS5P3MlLKKgt9ZJCIT4vEIsW8yBrq+zvhGmf/sNBL/wmX+mSdxgGpbEuC75Oo0pHZMx7NFgifOIAqbdeSMBj4mw3pJqK4GLPxbEQ4sn07cs/AR1/pvbzPO18cwzrTEgKQdat2RGqJJWNmw/YcWQ9uUGYGyYIK81Mbz28QaeK9SaMAYRPB0Awh/liMVL1oOm1dTsn5BAUvEA7Co0NIcK0CkemKeBUq+WGJDKfmiApa6sWek1F4UB7wbhUR9el2zd2P0TPnuO4HO+B6tRSupQ7honmWFRKkRuC/og6xklTU1W9V/6sRAgG/raHlNwcmWozLrf3TGYSuYWWKQjabvQ9DiKsqcMyMmpisd3H9zkI+GQE0d2ORGTInf8KU6iLaLAzNeO6k1OVkrIw0EMN0fP6hN3bHT7aCHLZwFYkJoWLlRo15MNxNvaut2uCrbt9bN/vlmELLMgUX+7p+xtFhmRngZ8dZ1jO2Geqv3osCPOgspvqOOhvRwomfWxyzonpZTVe6JdH6VO7SV40G0vycMPK4WoqTcoLF845DV0TtdaSdyNea9FK6VDfj7+B2251Sqohs7eu1LlWKvO/58isZvLcCnn2HsTbcvnyJQBnTlwrpmB5U7T1rMINs8qer73eo/GpxoSMuYCcJpjdQCdcADgpIqCN9nWj6A2iidk5QqaHaXGUnV5TsNOmu65/DBgCU7WVqRIiUFC3nPzeALgBscmMCrqYJFB8UushleJsvq9yj9xXlhbYFCp2kmx0kMQG7R8dr0pjDePeVYnqjd8kxaVsQNfsHLohoxIjAHFfekDSnApQju07jPHngODe1SDqc5pxXJ1b1Nonefz80ZZhfFXcCEoUb3Njgr2OIftaeBP0EbOa28OheFxXIPm63d5WsolDPpfX2TiiQfFhxpcAzzHXSdweJfUAjes5AARCoJ0HD66qMkZ8QfbTHJQgBTOH6fqdlJJv2OdaTMhsEA9YZEF9xKdczME1qrCgNJvQdGYid7+uSzHIZyU/c4gxW7BZJdtVZzE0my2DgVYpvj3yhSz94wAUUMUOW1lJLde4zbXpgy+WY2WS4dhlvN9tBBRUgnvrBLizJCXUB75DqABYdkmyjx6STWZB42f2r2o5FasvDcjpsTjgjlujN/eTYTllRTAHlzBIE3BNsl/8w3S82eJX0VqqLvvSokRWplbPsTeoaChNhJdlbLDqVUprRLkU7C6zg7EvFYxiKnZ3KsbtL/0cLbWps7B0Oz9W9Kz2QXK7DYQy5PFovRJvrspdqPI4R4FhtggXvy8Cvj3cb6FS1h8y9d+Uf9JYGB+FvXvcr2b+ZWCEKINvArJ7Aeg7Thd5/9ptTaAxXzUG6QEWajigA5jYahDPSAEv3nLnaTS/YOCstR/uhsyTvi2ggrP2S7LN/l8Sbw1pFVdH+E1JcrVE+MP8+KQtkXLB4ggfVYC6w3OG0zNjOYsy402bLjsdz8SDgXJAedb3B097ODkHt/ZFkH70C3MOTWFrREAnQ3W2TlffJtMYfwG+6uenxu5mQ49kXQIu5qN4NzVKYuK+ly/KWAlC53ldxOeS17EjcKdqptpPadJsysm/jwX/9BFbalYcKSRgHb04pFsaL+AtSEGneqjPQBs2Z1ab7IAwEfw67aR9x7+m8FKmtkpaBzATWyf2OL0aL6dYCZ8B/Fagr9tUXWNsROBeChhiBXp+S/1JK4rsIdUEM2UleIJSjNooSJBHsz24NddfhgeTczawCSeL81OkQy1Qav770IDdFI3kNx2nKsg9d+0si+00e9JczvyaWuwgd4nJdtLevcY87/m0qgpedmyz4GPhOydvY3/07J7NWJ7vGLUqBVsbGqLqqdnXZM0z2DLYrCtwmpv0HuLZbljwsbVm2nQHvhjHrxD43MW1DN22zpAWq08hed+z1E9hBXlo/MCsltXkdW93rb440Zu4HTsPET5P1ZO+gNNIqb0oDMMLj/9WKLUospTR0S73xhRUx8CQF+PP6MP0EO0KeCoz26rY342YPkohAjKWCBhqo/6YkyQMv8VhAfF7QU74AG0F3oyPU1mMnOWavdB27nxFbsBfyVV0ccbmba2+huQmv3Hur+wEjAzHlHdESEbYQLk7efbIzh8zjiHiFHuCY1yvWoiSv0mqipTdqL1bN1yDckidSkZCzny2+PmB3rYdKiyBBmNBWwhFAAWO7EHx1N4D7tZg88pDEZNKQuUsoL1Fi5L+LQX5Y0Wm85v5R/w4OV0QSfkaU4Y1WhVAGlFjjJeDWm6f9jekYAhEL2R9bNcGOS4x17mhp735H9Ukr5lC6Iqa3r+TMaSfHdqPGqXeqpDFsBcja2LyafpiuH5fYOMiQqjRWPy1/1ASWTL/9osN+ZSD9z5cJ+qBDO15VG4DBeRAVU8415wnQf67FM8PD8HbNzdV1wAHY/wNMKbonFoLm9zn3fRDNIeb9HMynXK8i0cxlogRh4OSnysPLawJzmJyBxsiuBoUzw5dMpfrp79UOTmuRutDvtgKkQyR6Ko6qmAPUYnTLvrTSWY9uH7VLXpgwBfKZ+++Tdfo1p+cl1TObBYX4NYywFLy0HO2+I7YRse7MyrVEzEn/vE03E6rWmY/oTuNBREsH9vuJl9rPdiP9KEVL6uoRvsC2wQ6e5ar0TcUyMr96s3MtNTR9ZgXuKqoZrs38+4DTpV0rUhdVXtGKLE+OUH3+yVD+AcCFZ0/CuUz1FDlRdYCrPRD+cWlxKVCrS4aNV1KmdNl5DBE/G4gdf9u4MQoiTItJ6tX22eugJ6/EY366HR+vvh3u5NjhW8uG0KHMtjzSV75uxNC/1v5qeh90oaL+bKKgHBKHbs8zQX4o8Vf6m6zjQOCnPSyWFLVrQciXCDqjVafdI/SLCNxDKfTe0ZQLVzkNcjNK3S7H63E5jq5swPKB8npoZ3atscHgaa46wQgo4QumZdczDxzB/aMmTPpOB4cHydwTSy91Iv6QqjuWxaUdqCNrzMquo5HPKB5IdcsTpeW7iO403Qr/xhB3/eNPWU6LfjWN+hjnTdwt//8B6mOIYSuXY/OguR1XzabcxhqV9XDzuS6qE0iX0+FrZjuoBIdbZGs7hmDtG12/OITOciqcfeVU208SNx5/ROTiJx6XBrIcPdTsKAR2TIq6JG9P35cme9kSuEnJFjBDmvlD267arJ+LV+3MUZmt1qZriRfP4tmdlmkQ59s8QfZVW/L7s5DSWUFgXCpNn6Lazdejj3Ywun1bo62tM3DHcSUdDh3kfskiHEJ1lAuEZtFDJ8EPLMQ1eocowaKAiUJwod8ROih6G6S1qEifOCB1ns67CpQ/flfn3fBKtGiYvKb0993i5PLYuM5Aqs/9vo6QgKc8LHQuKLbNREs/Lvae6jLtzanNjSFIdITOAr1Ktlhp0ZzhnD/tvgkBex3Kx7u7Izlz90nvpG0hw8siXuRNfQTu6zyN+CmxXTS3SJPlQ==,iv:Azu/spL2e3S8phNkdvub23q5EGC32VLNtkbLHfzFRJ8=,tag:YyaUvje5hIf+GqCmjPubfQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,14 +13,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbTJ4Q2lkWnp2Um5ZYjVZ
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF SjRmU1g2SVd6NCtMZEkyL2hHemlBSGhlMGh3ClVUckVtM3dlYU1IYXNSdVV2Ymd2
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 U0FSQlJvUkthclRFWnB4ck9FY0lKdVEKLS0tIGZQT1c5VTZEWExGZ3duZEI3cExC
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf RDA2Rzl4eG5UdVNKRFpFMThtNnl2aE0K7IaaTNZIGTTdck/xPGGYYdZTZBEzGZ3U
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== iAZLLL+Aons4oSO2NRL7P/Bxx9n6eyXQsYVzo+FkM/Wzz3ReiKaVjA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-04T16:16:37Z" lastmodified: "2024-06-27T15:57:41Z"
mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] mac: ENC[AES256_GCM,data:OlIN1jNrcc3MWjaeD4IWUYJi+PA+RDf+KgD3XnttSPPqXX7iBwV0tSpoZ4tXsJSfAGzXTauOC3goFWH/uPHDJVyxFt0SrB0+sW4/YN7MPPzxmYo63XkEgA/3fmMSpZkUEitTwZOUGhSVWgHwBXJ6UGGZ0yRqb47w8VlVlbOt6zg=,iv:eZWX5LFA5E0aGCkTuwUbC5hWrzE9LW2ejR7amXsIAEo=,tag:xcUwqLpeS0wtrWmw+D2oWQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1

24
badhouseplants/values/secrets.authentik.yaml Normal file
View File

@ -0,0 +1,24 @@
authentik:
email:
password: ENC[AES256_GCM,data:j5JFI7KqO2dOjl0xi4KhvnF04tc=,iv:/YH+XId24X69lRXrp73ZhKGOcuEtXn/ZvqlJwMTgdRk=,tag:YBh/slhCstFpXxE4y05Viw==,type:str]
secret_key: ENC[AES256_GCM,data:zbs2HX75h3rITd/JRPVa60AhrWgDp/syWFttnadRyDJFFM4/6YFOUhJNcGGQis6Tz5Q=,iv:1iYOTqBU3WHNPBa5TpSwi6+h6IT8Joc6Z4c2UKY7xQ8=,tag:DcRfBP69i17zKFobMA3WFQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGK0hPSEY4d3N4QS9aM0h3
NXRYZ1BMdXozVzdJWmlzWnIySXBwcHVrVUhrClgvRENGTHdJMnVsTjdSN2NseUtT
cjJ0emRObHdXTUhDejhhVEI1U0xvNlkKLS0tIHh2NGhzbGZDMm9ObDVxN1NYYS9u
WlhXbFVQbFZUNFlGWEhoVktxUXRuZUUKJNSS+vhG5McKrxvqCIT9dGivcReZOud7
HEReDoZcf0+7c4JgnrcT0AvvTR5fHPnfveTkwHym3LHMYbZnIPueig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-30T18:36:34Z"
mac: ENC[AES256_GCM,data:djXTiatawc1OuJ5VqfbR8wS2xKrvVZigGLyQa7tx6/zbgcP2yLQJvcYeZj6zHhQasFzaiNbD05Qz+9Td0ysxZuAnajQ+CaulnIOhy/FhaiiQFtqFTR7xEsFIiUBxTPEJkhVNlKTxzjJ1AX2dagiov75otC6jbueQqYTXaGGcdko=,iv:oWbWTUqlM1zQ7zfC5FZkNJJ8RxvM9+fvTWobgJCmLQE=,tag:7Jb9XBBq1OI0ghqOqxiJJA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

24
badhouseplants/values/secrets.chartmuseum.yaml Normal file
View File

@ -0,0 +1,24 @@
env:
secret:
BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str]
BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2
OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl
a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY
TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg
H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-27T08:47:35Z"
mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

30
badhouseplants/values/secrets.db-instances.yaml
View File

@ -1,16 +1,12 @@
dbinstances: dbinstances:
postgres: postgres16-gitea:
secrets: secrets:
adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] adminUser: ENC[AES256_GCM,data:vMINVc9s2Es=,iv:Ry5so0+WPntFh6c3nMojw5b4vONdq+Ys5F7256psGaw=,tag:YbWaWwZ5SiYMOSXQ9n9t8A==,type:str]
adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] adminPassword: ENC[AES256_GCM,data:xqlIJgMylef69LEC1M8s16UPCnaPlZuokO+rBPWC11ruBEkBD2FHOEvkCMsGcnPldmQ=,iv:WBO4LFIFGU8q9rWxFYdUac650QxOfmOT0b0PmOsdVZU=,tag:QpFfVINvBkrWW0+pPyj6Og==,type:str]
postgres16: postgres16:
secrets: secrets:
adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] adminUser: ENC[AES256_GCM,data:NsrkusJt+1c=,iv:MA8vXZRhOeO8XilEgpwiqvoJbNjghTcl4CJmHE5mjR0=,tag:awYDx0rT2HCIm6zDvG5L4w==,type:str]
adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] adminPassword: ENC[AES256_GCM,data:cgEW0YTi5MRgGEVAfCvRjPmzLtzy,iv:I7+VS6pZGUrd9To8+eX7EoIoQg099kaYeWXMXKfkS50=,tag:n9LgvnvSa3JjyB+gwT3lQw==,type:str]
mysql:
secrets:
adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str]
adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -20,14 +16,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSG10ditaUG8rTlhaVUhs
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi cXJHQ2JXaW9IalZHN21ZZGQrZzZ1T1FOWlRRCkZOc2JmNDh5M3YzSXNTa3R2U2hj
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns ckVRVklsRlh1RlFES3JDdjBPSkxVN2sKLS0tIHVzL2VQbnFnUklyamNvN1VmUW5W
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 d0xSNVM5OWxzbW9YRUE1ZEhZZ3dtR1EKI01GcMKUlu6mU237nGipXghGB/sduRjn
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== AKpwYgh9IN55ZrDRUsZOHBkded5IlQAwcmbJIjxJi1Ce5XMSQnKF4Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-04T02:28:20Z" lastmodified: "2024-06-28T15:55:32Z"
mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] mac: ENC[AES256_GCM,data:reAQfZlF8N/0BiMFe0ayCzNmHTpPECKSdpTKACA4MFbCu7BHoPJjnn+rOwvonIGoZE2BVQx4pyKjWSLkRyog9EBg2/5VMh+jm5VjgrK5ztbK1RpSQV5pnQaQXDgT7VFAx1WYpg+gfgO2JxA5vHgvRlarjzPp0AJdoo3MmvCoHBg=,iv:S2f8fqMGq76dsGUK4fYLTWcFdv2mMq580Lih79Rfc68=,tag:fOvKeOl/sMFb9bQhHy/GeA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.0 version: 3.8.1

22
badhouseplants/values/secrets.funkwhale.yaml
View File

@ -1,10 +1,10 @@
djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str]
postgresql: postgresql:
auth: auth:
password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str]
redis: redis:
auth: auth:
password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,14 +14,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty
TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG
VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y
dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC
GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-04T18:47:37Z" lastmodified: "2024-02-09T09:33:11Z"
mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.0 version: 3.8.1

36
badhouseplants/values/secrets.gitea.yaml
View File

@ -1,23 +1,23 @@
gitea: gitea:
admin: admin:
username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] username: ENC[AES256_GCM,data:rcTmdLge12Q=,iv:NI5oBD3KpfrHmqy4YAfjf2Zw+NJxhqXnFlxy+Ht+TIg=,tag:i58IbKkc/RKQdsESQToCHg==,type:str]
password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] password: ENC[AES256_GCM,data:RJ4jO8+d5zR4s/7QNzw3IdEZw6Q=,iv:e/Uuth+rdWYLxQhdDaKiLV9eGyDh3c2o6ObHsnUT6FQ=,tag:cE/ZNadxTTRt/XW9oYMfaQ==,type:str]
config: config:
mailer: mailer:
PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] PASSWD: ENC[AES256_GCM,data:vxpdjf8RmLzi9sfAAl6rWXR9B+A=,iv:n+Yc4d8NJBHx26PSXoI/LMFXlXzWalNuRmNKeV3bPB0=,tag:KTpMNFB8DKneRhWdlG8pEw==,type:str]
database: database:
PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] PASSWD: ENC[AES256_GCM,data:Lfhx3j4Q1i9srZ8yQ9PwuOCQz/0q2qo=,iv:MW6XyuG4L/2KjuK5glWMF9nYBlbsAHn0NJqlR0le+Lk=,tag:N3ZBuovYISutMY8SIfvwbg==,type:str]
session: session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] PROVIDER_CONFIG: ENC[AES256_GCM,data:oocuP9ddSMRKvsdWKsuc++yNwyy2g4jxhfYSHmXFlE8DB4YN2hcnR8cADunwjr+dmdbUsuazzasCGVJNTn590ftZ4+8T0lDOZlHeQb9MbAXfu6u3J0hw7sKSuzqgDMmFyFP4etfflqzl6nvJjGp8xPv0ZHTaYk8lZSh357VjSg==,iv:/zCwb49eglEN9z5ui61njFHNwliSjgEx8Jf4Nea0rp0=,tag:t3O7Mib4WzdLFWEpDWdJfA==,type:str]
cache: cache:
HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] HOST: ENC[AES256_GCM,data:h8WMw/IcWae/rfVv2UeCOSavjmq2P+kiGRA59SGRiSowFnqh57FIoVxLFIiqfsOqt5GrJh5H9WKAawDPsEBRhCdy0ciB0O5t/t7aBWZ4+YV5noWQTvfQB39vqAp3EXGhYAo5qsdEk8x0shFs3LbO0nnrFYggmZbHErsiHsnv1g==,iv:tIm03iYdmwWOQpIOMfUuF+GeAGbtrVgxStn0fzN2TE4=,tag:xo5hB0u/ybwoR38pK5BMqg==,type:str]
queue: queue:
CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] CONN_STR: ENC[AES256_GCM,data:dZNUXJYpGAD9AyFoK9q4r1sawQTJN4Jd8pRn4ArWzgWZlPIqtqsIZyuS/v+JTzLf3ovjEQoBtm1lSBoXrtkWfeny5KmCoWZRvT6/SmBgpO0RjkdSEGwo9GTnWbcgK0uzjg2hQojUKBLkIsxSv9h/ZEGUQ5dSd8Hb+y09hvcGVw==,iv:b0SuaiixzJ719GOShswZqj5qgaHqtjyeKAGbxlo155w=,tag:e5hmBEvZEQ3WTALHkoVUSA==,type:str]
oauth: oauth:
- name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] - name: ENC[AES256_GCM,data:Zm+sSCp0,iv:aZfvNxE0Y6urfByvpM+oA2CH+zZfFaaRL2KPVu11FQQ=,tag:uRArqbkp7SIebztUS+nDxA==,type:str]
provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] provider: ENC[AES256_GCM,data:EI+yEwyd,iv:QqZObgWEUiXvdMn0VCm/lpzReTIeucWhh5aB8yQ2JeQ=,tag:hD72fCo7+h3LNIlQ3NAcJg==,type:str]
key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] key: ENC[AES256_GCM,data:gM8p5PONOwdM9g+ZvM9INkJY3NI=,iv:ibQyiXIuXPJTmixintxbc/BsMID1vh28QNvdsDbI5Fw=,tag:KGB/MDQRXdAiJ1wauyRs5g==,type:str]
secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] secret: ENC[AES256_GCM,data:Rmgl2K4n1TM1jd25bOM0VmjaM45kHlH9AHMbHCl/zQX7x8BwHG+Jkw==,iv:D9KHktqo7FQJ+tlJLAVlOuceGNKU3eAFSQv8fj8WKWE=,tag:NfTNy8fX3vsF/OgZVQnt+A==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -27,14 +27,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5oQmlrdFVQd1VNaHBM
QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu dDlkYWVZR3dQRkxOYlhHek9PRmZZNm1pVXdzCjgvVkpOUnhNZll2QXNiY1Jyenhn
LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 Uk9XSWtiK3FWSzJ0NHV5c3lCdDN1VEkKLS0tIEY2dTNNQS84M2xFeUZETCsxT0Vr
Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN Z1NYdXFpdXlBSzNIeXEzYlNJZXRkZ2sKr5Wifcy7HNLYwhD8rPkHKwsaTZXDm9sn
WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== gJnlmBIzz73oHB0Tw07YiRWkZd3JNgFCuWm03x+F72Yk4QAvUq/q3w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-15T09:58:05Z" lastmodified: "2024-06-28T16:06:23Z"
mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] mac: ENC[AES256_GCM,data:RKe1RMx1A9k2/41QOoQn+TK0dCmSZ0h9jBlkqOWT5lPLzWHJudv7BpZOTgBcHEExmNLYgFJvevUDpwC04ZMrvZ5VCPnlLZbEGzutpYi3/Ieu3Yc/XeWGYUW++yErzzHSP47IA+NxHba2MiBIOWW7txkm+3oUeMbKLLQ5ILvAQyY=,iv:HYpyrOMaa5VrQd/ZtOk47wJoOHjZmMqqazJZ0hQ5wp0=,tag:VNKstOYqHUzpNme3yBtUkQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

38
badhouseplants/values/secrets.mailu.yaml
View File

@ -1,21 +1,21 @@
secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str] secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str]
initialAccount: initialAccount:
enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool] enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool]
username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str]
domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str]
password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str] password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str]
postgresql: postgresql:
auth: auth:
password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str]
postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str] postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str]
secretKeys: secretKeys:
adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str] adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str]
replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str] replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str]
userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str] userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str]
global: global:
database: database:
roundcube: roundcube:
password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str] password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -25,14 +25,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS
YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu
b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj
RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i
QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-28T08:37:51Z" lastmodified: "2024-02-04T09:30:41Z"
mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str] mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1

28
badhouseplants/values/secrets.minecraft.yaml
View File

@ -1,28 +0,0 @@
minecraftServer:
rcon:
password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str]
mcbackup:
resticEnvs:
RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-15T15:32:19Z"
mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

24
badhouseplants/values/secrets.postgres16-gitea.yaml Normal file
View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:4hWLoVdIKbRllUcRcLrnTmn49sZTfT8WJVf7np+eycp1tvPuxvr+1LuZUSFsmBH1l5Q=,iv:5TyazJWw5AeaUPq2uBLu6h5GjGIZzUDosaclTk+0Sp8=,tag:07IYy3U+ZFd3PZ41fN9Wug==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cUM5SnJIZGVXSXJsSkRS
dDZsWWJmODMxQ0JYQUVVNEJ0djhtWjdTNXg4ClYzZ2JFeXZicHRobUt0NHJDcXBn
NkZ2Q2JpaXIzdEUwODlLbUdwaUJiRkUKLS0tIFhMbnFRaHgxTXhXM3lLUEpRb3hS
aHltWVpVMUZQMUxNZlVFb1JEbFdKcVUK1dMISCWCZo+XJTp3ECToue5Q3I9lfGoT
yxVkq+M3UZUkAkJ/dMZBOCqAuaSdCCa1NqN6J3IlFaxGLasEDffHaA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-28T15:56:26Z"
mac: ENC[AES256_GCM,data:EyeLowunCJcO8Gzd314Gjc434g170R56OyGNG4iywfoaCsY6Kd5EJm7PeEPKsLx+f4M5vfxSD+pkJUABa1MALXgveHZXdiINg1MgpcOw02r2lYIN21ywSz/UJKxz0xZsWaJTnCkVfG2aHmOEFAlcm8wtalctzSeI0qB5RvSkJ8U=,iv:K5SEFucGJPPhl5vWIEjc7Ptx3sv44aXw/2PDMKv6H4s=,tag:LZm7C1M6bB++YUbqC3YYPg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

22
badhouseplants/values/secrets.tandoor.yaml Normal file
View File

@ -0,0 +1,22 @@
env:
SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB
d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV
YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM
NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz
qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-06T15:16:21Z"
mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

20
badhouseplants/values/secrets.vaultwarden.yaml
View File

@ -1,10 +1,10 @@
vaultwarden: vaultwarden:
smtp: smtp:
username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str]
password: password:
value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str] value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str]
adminToken: adminToken:
value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,14 +14,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-25T19:33:37Z" lastmodified: "2024-01-30T18:44:39Z"
mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str] mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

27
badhouseplants/values/secrets.vaultwardentest.yaml Normal file
View File

@ -0,0 +1,27 @@
vaultwarden:
smtp:
username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str]
password:
value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str]
adminToken:
value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-06T15:15:43Z"
mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

23
badhouseplants/values/secrets.zot.yaml Normal file
View File

@ -0,0 +1,23 @@
configFiles:
config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str]
authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0
NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du
RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB
M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp
VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-05T17:37:17Z"
mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

61
badhouseplants/values/values.argocd.yaml
View File

@ -1,18 +1,4 @@
--- ---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: argocd-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: argo.badhouseplants.net
service: argocd-server
port: 80
controller: controller:
resources: resources:
limits: limits:
@ -48,32 +34,35 @@ dex:
enabled: false enabled: false
serviceMonitor: serviceMonitor:
enabled: false enabled: false
redis: redis:
metrics: metrics:
enabled: false enabled: false
serviceMonitor: serviceMonitor:
enabled: false enabled: false
global:
domain: argo.badhouseplants.net
server: server:
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
ingressClassName: traefik
tls: true
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: false enabled: false
rbacConfig:
policy.default: role:readonly
scopes: "[email, group]"
policy.csv: |
g, allanger@zohomail.com, role:admin
g, rodion.n.rodionov@gmail.com, role:admin
p, drone, applications, *, badhouseplants/*,allow
config:
exec.enabled: "true"
url: https://argo.badhouseplants.net
kustomize.buildOptions: "--enable-alpha-plugins"
accounts.drone: apiKey, login
accounts.drone.enabled: "true"
extraArgs: extraArgs:
- --insecure - --insecure
servicePort:
servicePortHttp: 80
servicePortHttps: 80
repoServer: repoServer:
metrics: metrics:
@ -85,6 +74,22 @@ repoServer:
- name: regcred - name: regcred
configs: configs:
params:
server.insecure: true
rbac:
policy.default: role:readonly
scopes: "[email, group]"
policy.csv: |
g, allanger@zohomail.com, role:admin
g, allanger@badhouseplants.net, role:admin
g, rodion.n.rodionov@gmail.com, role:admin
p, drone, applications, *, badhouseplants/*,allow
cm:
exec.enabled: "true"
url: https://argo.badhouseplants.net
kustomize.buildOptions: "--enable-alpha-plugins"
accounts.drone: apiKey, login
accounts.drone.enabled: "true"
credentialTemplates: credentialTemplates:
ssh-creds: ssh-creds:
url: git@github.com url: git@github.com

64
badhouseplants/values/values.authentik.yaml Normal file
View File

@ -0,0 +1,64 @@
---
# ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true
name: authentik-postgres16
instance: postgres16
credentials:
host: "{{ .Hostname }}"
username: "{{ .Username }}"
password: "{{ .Password }}"
database: "{{ .Database }}"
authentik:
email:
host: email.badhouseplants.net
port: 587
username: bot@badhouseplants.net
use_tls: false
use_ssl: false
timeout: 30
from: bot@badhouseplants.net
postgresql:
host: file:///postgres-creds/host
user: file:///postgres-creds/username
password: file:///postgres-creds/password
name: file:///postgres-creds/database
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
# This sends anonymous usage-data, stack traces on errors and
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
error_reporting:
enabled: false
redis:
enabled: true
server:
ingress:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
enabled: true
hosts:
- authentik.badhouseplants.net
tls:
- secretName: authentik-tls-secret
hosts:
- authentik.badhouseplants.net
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
readOnly: true
worker:
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
readOnly: true

19
badhouseplants/values/values.chartmuseum.yaml Normal file
View File

@ -0,0 +1,19 @@
istio:
enabled: true
istio:
- name: chartmuseum
kind: http
gateway: istio-system/badhouseplants-net
hostname: helm.badhouseplants.net
service: chartmuseum
port: 8080
env:
open:
AUTH_ANONYMOUS_GET: true
DISABLE_API: false
CORS_ALLOWORIGIN: "*"
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 2Gi
path: /storage

10
badhouseplants/values/values.cilium.yaml Normal file
View File

@ -0,0 +1,10 @@
operator:
replicas: 1
endpointRoutes:
# -- Enable use of per endpoint routes instead of routing via
# the cilium_host interface.
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]

32
badhouseplants/values/values.coredns.yaml Normal file
View File

@ -0,0 +1,32 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

18
badhouseplants/values/values.db-instances.yaml
View File

@ -1,14 +1,14 @@
--- ---
dbinstances: dbinstances:
postgres: postgres16-gitea:
monitoring: monitoring:
enabled: false enabled: false
adminSecretRef: adminSecretRef:
Name: postgres-secret Name: postgres16-gitea-secret
Namespace: database-service Namespace: databases
engine: postgres engine: postgres
generic: generic:
host: postgres-postgresql host: postgres16-gitea-postgresql.databases.svc.cluster.local
port: 5432 port: 5432
postgres16: postgres16:
monitoring: monitoring:
@ -20,13 +20,3 @@ dbinstances:
generic: generic:
host: postgres16-postgresql.database-service.svc.cluster.local host: postgres16-postgresql.database-service.svc.cluster.local
port: 5432 port: 5432
mysql:
monitoring:
enabled: false
adminSecretRef:
Name: mysql-secret
Namespace: database-service
engine: mysql
generic:
host: mysql
port: 3306

126
badhouseplants/values/values.docker-mailserver.yaml
View File

@ -1,125 +1,67 @@
istio-gateway: traefik:
enabled: true enabled: true
gateways: tcpRoutes:
- name: badhouseplants-email - name: docker-mailserver-smtp
servers:
- hosts:
- "*"
port:
name: smtp
number: 25
protocol: TCP
- hosts:
- "*"
port:
name: pop3
number: 110
protocol: TCP
- hosts:
- "*"
port:
name: imap
number: 143
protocol: TCP
- hosts:
- "*"
port:
name: smtps
number: 465
protocol: TCP
- hosts:
- "*"
port:
name: submission
number: 587
protocol: TCP
- hosts:
- "*"
port:
name: imaps
number: 993
protocol: TCP
- hosts:
- "*"
port:
name: pop3s
number: 995
protocol: TCP
istio:
enabled: true
istio:
- name: docker-mailserver-smpt
kind: tcp
gateway: badhouseplants-email
service: docker-mailserver service: docker-mailserver
hostname: badhouseplants.net match: HostSNI(`*`)
port_match: 25 entrypoint: smtp
port: 25 port: 25
- name: docker-mailserver-smpts - name: docker-mailserver-smtps
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
port_match: 465
hostname: badhouseplants.net
service: docker-mailserver service: docker-mailserver
entrypoint: smtps
port: 465 port: 465
- name: docker-mailserver-smpt-startls - name: docker-mailserver-smpt-startls
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
hostname: badhouseplants.net
port_match: 587
service: docker-mailserver service: docker-mailserver
entrypoint: smtp-startls
port: 587 port: 587
- name: docker-mailserver-imap - name: docker-mailserver-imap
kind: tcp match: HostSNI(`*`)
hostname: badhouseplants.net
gateway: badhouseplants-email
port_match: 143
service: docker-mailserver service: docker-mailserver
entrypoint: imap
port: 143 port: 143
- name: docker-mailserver-imaps - name: docker-mailserver-imaps
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
hostname: badhouseplants.net
port_match: 993
service: docker-mailserver service: docker-mailserver
entrypoint: imaps
port: 993 port: 993
- name: docker-mailserver-pop3 - name: docker-mailserver-pop3
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
port_match: 110
hostname: badhouseplants.net
service: docker-mailserver service: docker-mailserver
entrypoint: pop3
port: 110 port: 110
- name: docker-mailserver-pop3s - name: docker-mailserver-pop3s
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
port_match: 993
hostname: badhouseplants.net
service: docker-mailserver service: docker-mailserver
entrypoint: pop3s
port: 993 port: 993
- name: docker-mailserver-rainloop
kind: http
gateway: istio-system/badhouseplants-net
hostname: mail.badhouseplants.net
service: docker-mailserver-rainloop
port: 80
rainloop: rainloop:
enabled: true enabled: true
ingress: ingress:
enabled: false enabled: true
hosts:
- mail.badhouseplants.net
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls:
- secretName: mail-tls-secret
hosts:
- mail.badhouseplants.net
demoMode: demoMode:
enabled: false enabled: false
domains: domains:
- badhouseplants.net - badhouseplants.net
- mail.badhouseplants.net - mail.badhouseplants.net
ssl: ssl:
issuer: useExisting: true
name: badhouseplants-issuer existingName: mail-tls-secret
kind: ClusterIssuer
dnsname: badhouseplants.net
dns01provider: cloudflare
useExisting: false
pod: pod:
dockermailserver: dockermailserver:
enable_fail2ban: "0" enable_fail2ban: "0"

20
badhouseplants/values/values.funkwhale.yaml
View File

@ -30,6 +30,23 @@ celery:
requests: requests:
cpu: 10m cpu: 10m
memory: 75Mi memory: 75Mi
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
host: funkwhale.badhouseplants.net
protocol: http
tls:
- secretName: funkwhale-tls-secret
hosts:
- funkwhale.badhouseplants.net
extraEnv: extraEnv:
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
FUNKWHALE_PROTOCOL: https FUNKWHALE_PROTOCOL: https
@ -39,8 +56,7 @@ persistence:
size: 10Gi size: 10Gi
s3: s3:
enabled: false enabled: false
ingress:
enabled: false
postgresql: postgresql:
enabled: false enabled: false
host: postgres16-postgresql.database-service.svc.cluster.local host: postgres16-postgresql.database-service.svc.cluster.local

81
badhouseplants/values/values.gitea.yaml
View File

@ -1,23 +1,11 @@
--- ---
# ------------------------------------------ traefik:
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true enabled: true
istio: tcpRoutes:
- name: gitea-http
kind: http
gateway: istio-system/badhouseplants-net
hostname: git.badhouseplants.net
service: gitea-http
port: 3000
- name: gitea-ssh - name: gitea-ssh
kind: tcp
gateway: istio-system/badhouseplants-ssh
hostname: "*"
port_match: 22
service: gitea-ssh service: gitea-ssh
match: HostSNI(`*`)
entrypoint: ssh
port: 22 port: 22
# ------------------------------------------ # ------------------------------------------
# -- Database extension is used to manage # -- Database extension is used to manage
@ -26,29 +14,46 @@ istio:
ext-database: ext-database:
enabled: true enabled: true
name: gitea-postgres16 name: gitea-postgres16
instance: postgres16 instance: postgres16-gitea
# ------------------------------------------ # ------------------------------------------
# -- Kubernetes related values # -- Kubernetes related values
# ------------------------------------------ # ------------------------------------------
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- host: git.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls-secret
hosts:
- git.badhouseplants.net
replicaCount: 1 replicaCount: 1
clusterDomain: cluster.local clusterDomain: cluster.local
resources: resources:
limits: limits:
cpu: 300m cpu: 512m
memory: 512Mi memory: 1024Mi
requests: requests:
cpu: 50m cpu: 512m
memory: 128Mi memory: 256Mi
persistence: persistence:
enabled: true enabled: true
size: 10Gi size: 15Gi
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
ingress:
enabled: false
# ------------------------------------------ # ------------------------------------------
# -- Main Gitea settings # -- Main Gitea settings
# ------------------------------------------ # ------------------------------------------
@ -61,9 +66,9 @@ gitea:
config: config:
database: database:
DB_TYPE: postgres DB_TYPE: postgres
HOST: postgres16-postgresql.database-service.svc.cluster.local HOST: postgres16-gitea-postgresql.databases.svc.cluster.local
NAME: gitea-service-gitea-postgres16 NAME: applications-gitea-postgres16
USER: gitea-service-gitea-postgres16 USER: applications-gitea-postgres16
APP_NAME: Bad Houseplants Gitea APP_NAME: Bad Houseplants Gitea
ui: ui:
meta: meta:
@ -109,10 +114,12 @@ gitea:
SMTP_PORT: 587 SMTP_PORT: 587
USER: overlord@badhouseplants.net USER: overlord@badhouseplants.net
indexer: indexer:
REPO_INDEXER_ENABLED: true REPO_INDEXER_ENABLED: false
REPO_INDEXER_PATH: indexers/repos.bleve REPO_INDEXER_PATH: indexers/repos.bleve
MAX_FILE_SIZE: 1048576 MAX_FILE_SIZE: 1048576
REPO_INDEXER_EXCLUDE: resources/bin/** REPO_INDEXER_EXCLUDE: resources/bin/**
picture:
ENABLE_FEDERATED_AVATAR: false
service: service:
ssh: ssh:
type: ClusterIP type: ClusterIP
@ -125,3 +132,21 @@ postgresql-ha:
enabled: false enabled: false
redis-cluster: redis-cluster:
enabled: false enabled: false
extraDeploy:
- |
{{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ include "gitea.fullname" . }}-ssh
spec:
entryPoints:
- git-ssh
routes:
- match: HostSNI(`git.badhouseplants.net`)
services:
- name: "{{ include "gitea.fullname" . }}-ssh"
port: 22
nativeLB: true
{{- end }}

12
badhouseplants/values/values.istio-gateway-resources.yaml
View File

@ -22,6 +22,16 @@ istio-gateway:
gateways: gateways:
- name: badhouseplants-net - name: badhouseplants-net
servers: servers:
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: grpc-web
number: 8080
protocol: HTTPS
tls:
credentialName: badhouseplants-wildcard-tls
mode: SIMPLE
- hosts: - hosts:
- badhouseplants.net - badhouseplants.net
- '*.badhouseplants.net' - '*.badhouseplants.net'
@ -76,7 +86,7 @@ istio-gateway:
- '*' - '*'
port: port:
name: ssh name: ssh
number: 2022 number: 22
protocol: TCP protocol: TCP
- name: badhouseplants-minecraft - name: badhouseplants-minecraft
servers: servers:

11
badhouseplants/values/values.istio-ingressgateway.yaml
View File

@ -1,18 +1,27 @@
service: service:
type: LoadBalancer type: LoadBalancer
externalTrafficPolicy: Local
ports: ports:
- name: shadowsocks
port: 8388
protocol: TCP
targetPort: 8388
- name: minecraft - name: minecraft
port: 25565 port: 25565
protocol: TCP protocol: TCP
targetPort: 25565 targetPort: 25565
- name: ssh-gitea - name: ssh-gitea
port: 2222 port: 22
protocol: TCP protocol: TCP
targetPort: 22 targetPort: 22
- name: http2 - name: http2
port: 80 port: 80
protocol: TCP protocol: TCP
targetPort: 80 targetPort: 80
- name: grpc-web
port: 8080
protocol: TCP
targetPort: 8080
- name: https - name: https
port: 443 port: 443
protocol: TCP protocol: TCP

2
badhouseplants/values/values.istiod.yaml
View File

@ -8,7 +8,7 @@ global:
proxy: proxy:
resources: resources:
requests: requests:
cpu: 100m cpu: 20m
memory: 128Mi memory: 128Mi
limits: limits:
memory: 128Mi memory: 128Mi

3
badhouseplants/values/values.local-path-provisioner.yaml Normal file
View File

@ -0,0 +1,3 @@
storageClass:
create: true
defaultClass: false

93
badhouseplants/values/values.loki.yaml
View File

@ -1,22 +1,99 @@
--- ---
singleBinary: global:
replicas: 1 dnsService: "coredns"
persistence:
size: 5Gi
loki: loki:
auth_enabled: false auth_enabled: false
commonConfig: commonConfig:
replication_factor: 1 replication_factor: 1
storage: storage:
type: 'filesystem' type: 'filesystem'
commonConfig:
replication_factor: 1
schemaConfig:
configs:
- from: 2024-04-01
store: tsdb
object_store: s3
schema: v13
index:
prefix: loki_index_
period: 24h
ingester:
chunk_encoding: snappy
tracing:
enabled: true
querier:
# Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing
max_concurrent: 2
compactor:
retention_enabled: true
limits_config:
retention_period: 14d
monitoring: monitoring:
selfMonitoring: selfMonitoring:
enabled: false enabled: false
lokiCanary: lokiCanary:
enabled: false enabled: false
test:
#gateway:
# ingress:
# enabled: true
# hosts:
# - host: FIXME
# paths:
# - path: /
# pathType: Prefix
deploymentMode: SingleBinary
singleBinary:
persistence:
size: 5Gi
replicas: 1
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 0.5
memory: 512Mi
extraEnv:
# Keep a little bit lower than memory limits
- name: GOMEMLIMIT
value: 3750MiB
chunksCache:
# default is 500MB, with limited memory keep this smaller
writebackSizeLimit: 10MB
minio:
enabled: false enabled: false
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor: compactor:
retention_enabled: true replicas: 0
limits_config: indexGateway:
retention_period: 14d replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0

7
badhouseplants/values/values.longhorn.yaml
View File

@ -1,13 +1,14 @@
defaultSettings: defaultSettings:
backupTarget: s3://longhorn@us-east1/backupstore backupTarget: s3://longhorn@us-east1/backupstore
backupTargetCredentialSecret: aws-secret backupTargetCredentialSecret: aws-secret
guaranteedEngineManagerCPU: 6 guaranteedEngineManagerCPU: 6
guaranteedReplicaManagerCPU: 6 guaranteedReplicaManagerCPU: 6
storageOverProvisioningPercentage: 300 storageOverProvisioningPercentage: 300
storageMinimalAvailablePercentage: 5 storageMinimalAvailablePercentage: 5
defaultDataPath: /media-longhorn storageReservedPercentageForDefaultDisk: 1
defaultDataPath: /media/longhorn
csi: csi:
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet kubeletRootDir: /var/lib/kubelet/
persistence: persistence:
defaultClassReplicaCount: 1 defaultClassReplicaCount: 1
enablePSP: false enablePSP: false

207
badhouseplants/values/values.mailu.yaml
View File

@ -1,95 +1,96 @@
---
certificate: # ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true enabled: true
certificate: name: mailu-postgres16
- name: mailu instance: postgres16
secretName: mailu-certificate extraDatabase:
issuer: enabled: true
kind: ClusterIssuer name: roundcube-postgres16
name: badhouseplants-issuer instance: postgres16
dnsNames:
- badhouseplants.net
- "email.badhouseplants.net"
# ------------------------------------------ # ------------------------------------------
# -- Istio extenstion. Just because I'm # -- Istio extenstion. Just because I'm
# -- not using ingress nginx # -- not using ingress nginx
# ------------------------------------------ # ------------------------------------------
istio: traefik:
enabled: true enabled: true
istio: tcpRoutes:
- name: mailu-web - name: mailu-smtp
kind: http service: mailu-front
gateway: badhouseplants-net match: HostSNI(`*`)
hostname: email.badhouseplants.net entrypoint: smtp
service: mailu-fr ont port: 25
port: 80 - name: mailu-smtps
# - name: mailu-smpt match: HostSNI(`*`)
# kind: tcp service: mailu-front
# gateway: badhouseplants-mail entrypoint: smtps
# service: mailu-front port: 465
# hostname: email.badhousplants.net - name: mailu-smpt-startls
# port_match: 25 match: HostSNI(`*`)
# port: 25 service: mailu-front
# - name: mailu-smpts entrypoint: smtp-startls
# kind: tcp port: 587
# gateway: badhouseplants-mail - name: mailu-imap
# port_match: 465 match: HostSNI(`*`)
# hostname: email.badhousplants.net service: mailu-front
# service: mailu-front entrypoint: imap
# port: 465 port: 143
# - name: mailu-smpt-startls - name: mailu-imaps
# kind: tcp match: HostSNI(`*`)
# gateway: badhouseplants-mail service: mailu-front
# hostname: email.badhousplants.net entrypoint: imaps
# port_match: 587 port: 993
# service: mailu-front - name: mailu-pop3
# port: 587 match: HostSNI(`*`)
# - name: mailu-imap service: mailu-front
# kind: tcp entrypoint: pop3
# hostname: email.badhousplants.net port: 110
# gateway: badhouseplants-mail - name: mailu-pop3s
# port_match: 143 match: HostSNI(`*`)
# service: mailu-front service: mailu-front
# port: 143 entrypoint: pop3s
# - name: mailu-imaps port: 993
# kind: tcp subnet: 10.244.0.0/16
# gateway: badhouseplants-mail
# hostname: email.badhousplants.net
# port_match: 993
# service: mailu-front
# port: 993
# - name: mailu-pop3
# kind: tcp
# gateway: badhouseplants-mail
# port_match: 110
# hostname: email.badhousplants.net
# service: mailu-front
# port: 110
# - name: mailu-pop3s
# kind: tcp
# gateway: badhouseplants-mail
# port_match: 993
# hostname: email.badhousplants.net
# service: mailu-front
# port: 993
subnet: 10.1.0.0/16
sessionCookieSecure: true sessionCookieSecure: true
hostnames: hostnames:
- post.badhouseplants.net - email.badhouseplants.net
extraTls:
- hosts:
- badhouseplants.net
secretName: mailu-root-domain
domain: badhouseplants.net domain: badhouseplants.net
persistence: persistence:
single_pvc: false single_pvc: false
limits: limits:
messageRatelimit: messageRatelimit:
value: "10/day" value: "100/day"
tls: tls:
outboundLevel: secure outboundLevel: secure
ingress: ingress:
enabled: false enabled: true
tls: false ingressClassName: traefik
tls: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
tlsFlavorOverride: mail tlsFlavorOverride: mail
selfSigned: false # realIpFrom: traefik.kube-system.svc.cluster.local
existingSecret: mailu-certificate # realIpHeader: "X-Real-IP"
front:
hostPort:
enabled: false
extraEnvVars:
- name: PROXY_PROTOCOL
value: "mail"
- name: REAL_IP_FROM
value: "10.244.0.0/16,10.43.0.0/16"
admin: admin:
resources: resources:
requests: requests:
@ -97,7 +98,15 @@ admin:
cpu: 70m cpu: 70m
limits: limits:
memory: 700Mi memory: 700Mi
cpu: 400m cpu: 600m
startupProbe:
enabled: true
failureThreshold: 10
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
persistence: persistence:
size: 1Gi size: 1Gi
redis: redis:
@ -107,9 +116,10 @@ redis:
cpu: 70m cpu: 70m
limits: limits:
memory: 200Mi memory: 200Mi
cpu: 200m cpu: 200m
persistence: master:
size: 1Gi persistence:
enabled: false
postfix: postfix:
resources: resources:
requests: requests:
@ -117,7 +127,7 @@ postfix:
cpu: 200m cpu: 200m
limits: limits:
memory: 1024Mi memory: 1024Mi
cpu: 200m cpu: 200m
persistence: persistence:
size: 1Gi size: 1Gi
dovecot: dovecot:
@ -128,7 +138,7 @@ dovecot:
cpu: 70m cpu: 70m
limits: limits:
memory: 400Mi memory: 400Mi
cpu: 300m cpu: 300m
persistence: persistence:
size: 1Gi size: 1Gi
roundcube: roundcube:
@ -138,26 +148,24 @@ roundcube:
cpu: 70m cpu: 70m
limits: limits:
memory: 200Mi memory: 200Mi
cpu: 200m cpu: 200m
persistence: persistence:
size: 1Gi size: 1Gi
mysql: mysql:
enabled: false enabled: false
postgresql: postgresql:
enabled: false
## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically.
externalDatabase:
## @param externalDatabase.enabled Set to true to use an external database
enabled: true enabled: true
auth: type: postgresql
enablePostgresUser: true existingSecret: mailu-postgres16-creds
username: mailu existingSecretDatabaseKey: POSTGRES_DB
database: mailu existingSecretUsernameKey: POSTGRES_USER
persistence: existingSecretPasswordKey: POSTGRES_PASSWORD
enabled: false host: postgres16-postgresql.database-service.svc.cluster.local
storageClass: "" port: 5432
accessMode: ReadWriteOnce
size: 2Gi
front:
logLevel: DEBUG
hostPort:
enabled: true
rspamd: rspamd:
resources: resources:
requests: requests:
@ -166,7 +174,7 @@ rspamd:
limits: limits:
memory: 500Mi memory: 500Mi
cpu: 400m cpu: 400m
startupProbe: startupProbe:
periodSeconds: 30 periodSeconds: 30
failureThreshold: 900 failureThreshold: 900
timeoutSeconds: 20 timeoutSeconds: 20
@ -179,3 +187,10 @@ webmail:
accessModes: [ReadWriteOnce] accessModes: [ReadWriteOnce]
claimNameOverride: "" claimNameOverride: ""
annotations: {} annotations: {}
global:
database:
roundcube:
database: applications-roundcube-postgres16
username: applications-roundcube-postgres16
existingSecret: roundcube-postgres16-creds
existingSecretPasswordKey: POSTGRES_PASSWORD

5
badhouseplants/values/values.metallb-resources.yaml Normal file
View File

@ -0,0 +1,5 @@
metallb:
enabled: true
ippools:
- name: fuji
addresses: 195.201.249.91-195.201.249.91

180
badhouseplants/values/values.minecraft.yaml
View File

@ -1,180 +0,0 @@
---
# --------------------------------------------------
# -- Extensions values
# --------------------------------------------------
service-account:
enabled: true
resources:
- name: minecraft-exporter
label:
app: minecraft-minecraft-metrics
endpoints:
port: metrics
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: minecraft-tcp
gateway: istio-system/badhouseplants-minecraft
kind: tcp
port_match: 25565
hostname: "*"
service: minecraft-minecraft
port: 25565
# --------------------------------------------------
# -- Main values
# --------------------------------------------------
image:
tag: java17-graalvm-ce
pullPolicy: Always
resources:
requests:
memory: 3Gi
cpu: 256m
limits:
memory: 3Gi
lifecycle:
postStart:
- bash
- -c
- for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345
readinessProbe:
command:
- mc-health
periodSeconds: 20
failureThreshold: 50
timeoutSeconds: 10
livenessProbe:
timeoutSeconds: 10
minecraftServer:
overrideServerProperties: true
eula: "TRUE"
onlineMode: false
difficulty: hard
hardcore: true
version: 1.20.1
maxWorldSize: 90000
type: "PAPER"
paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar
gameMode: survival
pvp: true
rcon:
enabled: true
withGeneratedPassword: false
port: 25575
serviceType: ClusterIP
extraPorts:
- name: metrics
containerPort: 9225
protocol: TCP
service:
enabled: true
embedded: false
labels:
exporter: minecraft
type: ClusterIP
port: 9925
ingress:
enabled: false
persistence:
dataDir:
enabled: true
Size: 15Gi
mcbackup:
enabled: false
backupInterval: 2h
pauseIfNoPlayers: "false"
pruneBackupsDays: 2
rconRetries: 5
rconRetryInterval: 10s
excludes: "*.jar,cache,logs"
backupMethod: restic
resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft
resticAdditionalTags: "mc_backups"
pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2"
resources:
requests:
memory: 512Mi
cpu: 100m
persistence:
backupDir:
enabled: false
# ---------------------------------------------
# -- Install Plugins
# ---------------------------------------------
initContainers:
- name: 0-install-prometheus-exporter
image: alpine/curl
command:
- curl
- -L
- "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar"
- -o
- /data/plugins/prometheus-exporter.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
- name: 0-install-password-plugin
image: alpine/curl
command:
- curl
- -L
- "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar"
- -o
- /data/plugins/PasswordProtect.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
- name: 0-install-gravity-control-plugin
image: alpine/curl
command:
- curl
- -L
- https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar
- -o
- /data/plugins/GravityControl-1.3.0.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
- name: 0-install-fast-minecart-plugin
image: alpine/curl
command:
- curl
- -L
- https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar
- -o
- /data/plugins/FastMinecarts.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
- name: 1-add-plugins-to-minecraft
image: alpine/curl
command:
- sh
- -c
- cp -r /in /out/plugins
volumeMounts:
- name: plugins
mountPath: /in
readOnly: false
- name: datadir
mountPath: /out
extraVolumes:
- volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
volumes:
- name: plugins
emptyDir:
sizeLimit: 500Mi

35
badhouseplants/values/values.minio.yaml
View File

@ -19,6 +19,41 @@ istio:
service: minio service: minio
port: 9000 port: 9000
ingress:
enabled: true
ingressClassName: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- s3.badhouseplants.net
tls:
- secretName: s3-tls-secret
hosts:
- s3.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- minio.badhouseplants.net
tls:
- secretName: minio-tls-secret
hosts:
- minio.badhouseplants.net
rootUser: 'overlord' rootUser: 'overlord'
replicas: 1 replicas: 1
mode: standalone mode: standalone

29
badhouseplants/values/values.namespaces.yaml
View File

@ -1,11 +1,18 @@
--- namespaces:
ns: - name: longhorn-system
- name: monitoring-system - name: minio-service
templates: - name: nrodionov-application
- | - name: funkwhale-application
{{ range .Values.ns }} - name: database-service
apiVersion: v1 - name: vaultwarden-application
kind: Namespace - name: openvpn-service
metadata: - name: badhouseplants-main
name: {{ .name }} labels:
{{ end }} istio-injection: enabled
- name: badhouseplants-preview
- name: kube-services
- name: databases
- name: applications
- name: development
- name: platform
- name: games

15
badhouseplants/values/values.nrodionov.yaml
View File

@ -17,7 +17,20 @@ ext-database:
enabled: true enabled: true
name: nrodionov-mysql name: nrodionov-mysql
instance: mysql instance: mysql
ingress:
enabled: true
pathType: ImplementationSpecific
hostname: dev.nrodionov.info
path: /
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls: true
tlsWwwPrefix: false
selfSigned: false
wordpressBlogName: Николай Николаевич Родионов wordpressBlogName: Николай Николаевич Родионов
wordpressUsername: admin wordpressUsername: admin
wordpressFirstName: Nikolai wordpressFirstName: Nikolai

34
badhouseplants/values/values.openvpn.yaml → badhouseplants/values/values.openvpn-xor.yaml
View File

@ -3,26 +3,34 @@
# -- Istio extenstion. Just because I'm # -- Istio extenstion. Just because I'm
# -- not using ingress nginx # -- not using ingress nginx
# ------------------------------------------ # ------------------------------------------
istio: # istio:
enabled: true # enabled: true
istio: # istio:
- name: openvpn-tcp # - name: openvpn-tcp-xor
gateway: istio-system/badhouseplants-vpn # gateway: istio-system/badhouseplants-vpn
kind: tcp # kind: tcp
port_match: 1194 # port_match: 1194
hostname: "*" # hostname: "*"
service: openvpn # service: openvpn-xor
port: 1194 # port: 1194
# ------------------------------------------ # ------------------------------------------
image: traefik:
tag: v2.6.5-xor-4.0.0beta08 enabled: true
tcpRoutes:
- name: openvpn-xor
service: openvpn-xor
match: HostSNI(`*`)
entrypoint: openvpn
port: 1194
storage: storage:
class: longhorn class: longhorn
size: 512Mi size: 512Mi
openvpn: openvpn:
proto: tcp proto: tcp
host: 195.201.250.50 host: 195.201.249.91
easyrsa: easyrsa:
cn: Bad Houseplants cn: Bad Houseplants
country: Germany country: Germany

35
badhouseplants/values/values.postgres16-gitea.yaml Normal file
View File

@ -0,0 +1,35 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false
primary:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 256Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

25
badhouseplants/values/values.postgres16.yaml
View File

@ -8,3 +8,28 @@ persistence:
metrics: metrics:
enabled: false enabled: false
primary:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 512m
ephemeral-storage: 50Mi
memory: 128Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

1
badhouseplants/values/values.prometheus.yaml
View File

@ -87,6 +87,7 @@ prometheus:
storage: 12Gi storage: 12Gi
grafana: grafana:
assertNoLeakedSecrets: false
persistence: persistence:
enabled: true enabled: true
size: 2Gi size: 2Gi

2
badhouseplants/values/values.promtail.yaml
View File

@ -7,5 +7,5 @@ config:
pipelineStages: pipelineStages:
- match: - match:
pipeline_name: "drop-all" pipeline_name: "drop-all"
selector: '{namespace!~"mail-service|woodpecker"}' selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}'
action: drop action: drop

19
badhouseplants/values/values.roles.yaml Normal file
View File

@ -0,0 +1,19 @@
roles:
- name: minecraft-admin
namespace: minecraft-application
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace:
- minecraft-application
- name: minecraft-admin
namespace: games
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace:
- games

96
badhouseplants/values/values.rook-ceph-cluster.yaml
View File

@ -1,96 +0,0 @@
cephFileSystems:
- name: ceph-filesystem
spec:
metadataPool:
replicated:
size: 3
dataPools:
- failureDomain: host
replicated:
size: 3
name: data0
metadataServer:
activeCount: 1
activeStandby: true
resources:
limits:
cpu: "200m"
memory: "256Mi"
requests:
cpu: "50m"
memory: "128Mi"
priorityClassName: system-cluster-critical
storageClass:
enabled: true
isDefault: false
name: ceph-filesystem
pool: data0
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: "Immediate"
mountOptions: []
parameters:
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/fstype: ext4
cephObjectStores: []
# - name: ceph-objectstore
# spec:
# metadataPool:
# failureDomain: host
# replicated:
# size: 3
# dataPool:
# failureDomain: host
# erasureCoded:
# dataChunks: 2
# codingChunks: 1
# preservePoolsOnDelete: true
# gateway:
# port: 80
# resources:
# limits:
# cpu: "150m"
# memory: "256Mi"
# requests:
# cpu: "50m"
# memory: "128Mi"
# instances: 1
# priorityClassName: system-cluster-critical
# storageClass:
# enabled: true
# name: ceph-bucket
# reclaimPolicy: Delete
# volumeBindingMode: "Immediate"
# parameters:
# region: us-east-1
# ingress:
# enabled: false
cephClusterSpec:
resources:
mgr:
limits:
cpu: "200m"
memory: "512Mi"
requests:
cpu: "100m"
memory: "128Mi"
mon:
limits:
cpu: "200m"
memory: "512Mi"
requests:
cpu: "100m"
memory: "128Mi"
osd:
limits:
cpu: "200m"
memory: "2Gi"
requests:
cpu: "100m"
memory: "256Mi"

215
badhouseplants/values/values.rook-ceph.yaml
View File

@ -1,215 +0,0 @@
---
csi:
csiRBDProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-resizer
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-snapshotter
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-rbdplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-omap-generator
resource:
requests:
memory: 12Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 500m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI RBD plugin resource requirement list
# @default -- see values.yaml
csiRBDPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-rbdplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI CephFS provisioner resource requirement list
# @default -- see values.yaml
csiCephFSProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-resizer
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-snapshotter
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-cephfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI CephFS plugin resource requirement list
# @default -- see values.yaml
csiCephFSPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-cephfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI NFS provisioner resource requirement list
# @default -- see values.yaml
csiNFSProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-nfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI NFS plugin resource requirement list
# @default -- see values.yaml
csiNFSPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-nfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m

55
badhouseplants/values/values.tandoor.yaml Normal file
View File

@ -0,0 +1,55 @@
istio:
enabled: true
istio:
- name: tandoor-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: tandoor.badhouseplants.net
service: tandoor
port: 8080
ext-database:
enabled: true
name: tandoor-postgres16
instance: postgres16
credentials:
POSTGRES_HOST: |-
"{{ .Hostname }}"
POSTGRES_PORT: |-
"{{ .Port }}"
envFrom:
- secretRef:
name: tandoor-postgres16-creds
env:
TZ: UTC
DB_ENGINE: django.db.backends.postgresql
EMAIL_HOST: badhouseplants.net
EMAIL_PORT: 587
EMAIL_HOST_USER: overlord@badhouseplants.net
EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g
EMAIL_USE_TLS: 1
EMAIL_USE_SSL: 0
DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net
persistence:
config:
enabled: true
retain: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 1Gi
media:
enabled: true
mountPath: /opt/recipes/mediafiles
retain: true
storageClass: longhorn
accessMode: ReadWriteOnce
size: 1Gi
static:
enabled: true
type: emptyDir
mountPath: /opt/recipes/staticfiles
django-js-reverse:
enabled: true
type: emptyDir
mountPath: /opt/recipes/cookbook/static/django_js_reverse

81
badhouseplants/values/values.traefik.yaml Normal file
View File

@ -0,0 +1,81 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
service:
spec:
externalTrafficPolicy: Local
ports:
web:
redirectTo:
port: websecure
ssh:
port: 22
expose:
default: true
exposedPort: 22
protocol: TCP
openvpn:
port: 1194
expose:
default: true
exposedPort: 1194
protocol: TCP
valve-server:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: UDP
valve-rcon:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: TCP
smtp:
port: 25
protocol: TCP
exposedPort: 25
expose:
default: true
smtps:
port: 465
protocol: TCP
exposedPort: 465
expose:
default: true
smtp-startls:
port: 587
protocol: TCP
exposedPort: 587
expose:
default: true
imap:
port: 143
protocol: TCP
exposedPort: 143
expose:
default: true
imaps:
port: 993
protocol: TCP
exposedPort: 993
expose:
default: true
pop3:
port: 110
protocol: TCP
exposedPort: 110
expose:
default: true
pop3s:
port: 995
protocol: TCP
exposedPort: 995
expose:
default: true
minecraft:
port: 25565
protocol: TCP
exposedPort: 25565
expose:
default: true

24
badhouseplants/values/values.vaultwarden.yaml
View File

@ -20,7 +20,7 @@ ext-database:
enabled: true enabled: true
name: vaultwarden-postgres16 name: vaultwarden-postgres16
instance: postgres16 instance: postgres16
service: service:
port: 8080 port: 8080
vaultwarden: vaultwarden:
smtp: smtp:
@ -53,11 +53,29 @@ vaultwarden:
connectionRetries: 15 connectionRetries: 15
maxConnections: 10 maxConnections: 10
storage: storage:
enabled: false enabled: true
size: 1Gi size: 1Gi
class: default class: longhorn
dataDir: /data dataDir: /data
logging: logging:
enabled: false enabled: false
logfile: "/data/vaultwarden.log" logfile: "/data/vaultwarden.log"
loglevel: "warn" loglevel: "warn"
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vault.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vault-tls-secret
hosts:
- vault.badhouseplants.net

59
badhouseplants/values/values.vaultwardentest.yaml Normal file
View File

@ -0,0 +1,59 @@
service:
port: 8080
vaultwarden:
smtp:
host: mail.badhouseplants.net
security: "starttls"
port: 587
from: vaulttest@badhouseplants.net
fromName: Vault Warden
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
domain: https://vaulttest.badhouseplants.net
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
rocket:
port: "8080"
workers: "10"
webVaultEnabled: "true"
signupsAllowed: true
invitationsAllowed: true
signupDomains: "test.test"
signupsVerify: false
showPassHint: true
# database:
# existingSecret: vaultwarden-postgres16-creds
# existingSecretKey: CONNECTION_STRING
# connectionRetries: 15
# maxConnections: 10
storage:
enabled: true
size: 512Mi
class: longhorn
dataDir: /data
logging:
enabled: false
logfile: "/data/vaultwarden.log"
loglevel: "warn"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vaulttest.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vault-tls-secret
hosts:
- vaulttest.badhouseplants.net

45
badhouseplants/values/values.woodpecker-ci.yaml
View File

@ -2,15 +2,6 @@
# -- Istio extenstion. Just because I'm # -- Istio extenstion. Just because I'm
# -- not using ingress nginx # -- not using ingress nginx
# ------------------------------------------ # ------------------------------------------
istio:
enabled: true
istio:
- name: woodpecker-server-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: ci.badhouseplants.net
service: woodpecker-ci-server
port: 80
ext-database: ext-database:
enabled: true enabled: true
name: woodpecker-postgres16 name: woodpecker-postgres16
@ -18,11 +9,23 @@ ext-database:
credentials: credentials:
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
server: server:
#image: ingress:
# registry: git.badhouseplants.net enabled: true
# repository: allanger/woodpecker-server annotations:
# pullPolicy: Always kubernetes.io/ingress.class: traefik
# tag: icon kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
hosts:
- host: ci.badhouseplants.net
paths:
- path: /
tls:
- secretName: woodpecker-tls-secret
hosts:
- ci.badhouseplants.net
enabled: true enabled: true
env: env:
WOODPECKER_GITEA: true WOODPECKER_GITEA: true
@ -33,23 +36,17 @@ server:
WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_ADMIN: "woodpecker,allanger"
WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_HOST: "https://ci.badhouseplants.net"
WOODPECKER_ESCALATE: true WOODPECKER_ESCALATE: true
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_NAMESPACE: platform
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath extraSecretNamesForEnvFrom:
extraSecretNamesForEnvFrom:
- woodpecker-postgres16-creds - woodpecker-postgres16-creds
agent: agent:
image:
registry: git.badhouseplants.net
repository: allanger/woodpecker-agent
pullPolicy: Always
tag: dev
enabled: true enabled: true
extraSecretNamesForEnvFrom: [] extraSecretNamesForEnvFrom: []
env: env:
WOODPECKER_SERVER: woodpecker-ci-server:9000 WOODPECKER_SERVER: woodpecker-ci-server:9000
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_NAMESPACE: platform
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
serviceAccount: serviceAccount:
create: true create: true
rbac: rbac:

48
badhouseplants/values/values.zot.yaml Normal file
View File

@ -0,0 +1,48 @@
ingress:
enabled: true
className: ~
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: ImplementationSpecific
hosts:
- host: registry.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot-secret-tls
hosts:
- registry.badhouseplants.net
strategy:
type: Recreate
service:
type: ClusterIP
persistence: true
pvc:
create: true
accessMode: "ReadWriteOnce"
storage: 5Gi
storageClassName: longhorn
mountConfig: true
mountSecret: true
#configFiles:
# ui.json: |-
# {
# "log": {
# "level": "info"
# },
# "extensions": {
# "search": {
# "cve": {
# "updateInterval": "2h"
# }
# },
# "ui": {
# "enable": true
# }
# }
# }

23
charts/namespaces/chart/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
charts/namespaces/chart/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: namespaces
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

43
charts/namespaces/chart/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "namespaces.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "namespaces.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "namespaces.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "namespaces.labels" -}}
helm.sh/chart: {{ include "namespaces.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

19
charts/namespaces/chart/templates/namespaces.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.namespaces }}
{{- range $ns := .Values.namespaces }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ $ns.name }}
labels:
{{- include "namespaces.labels" $ | nindent 4 }}
{{- with $ns.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/resource-policy": keep
{{- with $ns.annotations}}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

20
charts/namespaces/chart/values.yaml Normal file
View File

@ -0,0 +1,20 @@
namespaces:
- name: giantswarm-flux
labels:
name: giantswarm-flux
- name: giantswarm
labels:
name: giantswarm
- name: monitoring
labels:
name: monitoring
- name: org-giantswarm
labels:
name: org-giantswarm
- name: flux-system
labels:
name: flux-system
- name: flux-giantswarm
labels:
name: flux-giantswarm
- name: policy-exception

6
charts/namespaces/kustomize/flux-system.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

6
charts/namespaces/kustomize/giantswarm-flux.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

6
charts/namespaces/kustomize/giantswarm.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

5
charts/namespaces/kustomize/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

6
charts/namespaces/kustomize/monitoring.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

6
charts/namespaces/kustomize/org-giantswarm.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

23
charts/roles/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/roles/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: roles
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

43
charts/roles/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "roles.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "roles.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "roles.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "roles.labels" -}}
helm.sh/chart: {{ include "roles.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

23
charts/roles/templates/namespaces.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.roles }}
{{- range $roles := .Values.roles }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $roles.kind }}
metadata:
name: {{ $roles.name }}
namespace: {{ $roles.namespace }}
labels:
{{- include "roles.labels" $ | nindent 4 }}
{{- with $roles.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $roles.annotations}}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
{{- with $roles.rules }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

9
charts/roles/values.yaml Normal file
View File

@ -0,0 +1,9 @@
roles:
- name: minecraft-admin
namespace: minecraft-application
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["minecraft-application"]

23
charts/root/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/root/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

62
charts/root/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

25
charts/root/templates/root.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

25
charts/root/templates/self.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml Normal file
View File

@ -0,0 +1,5 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

27
common/values.database.yaml
View File

@ -10,7 +10,7 @@ ext-database:
spec: spec:
secretName: "{{ .Values.name }}-creds" secretName: "{{ .Values.name }}-creds"
instance: "{{ .Values.instance }}" instance: "{{ .Values.instance }}"
deletionProtected: false deletionProtected: true
backup: backup:
enable: false enable: false
cron: 0 0 * * * cron: 0 0 * * *
@ -18,8 +18,33 @@ ext-database:
credentials: credentials:
templates: templates:
{{- range $key, $value := .Values.credentials }} {{- range $key, $value := .Values.credentials }}
- name: {{ $key }}
template: {{ $value | quote }}
secret: true
{{- end }}
{{- end }}
- |
{{- if (.Values.extraDatabase).enabled }}
---
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
name: "{{ .Values.extraDatabase.name }}"
spec:
secretName: "{{ .Values.extraDatabase.name }}-creds"
instance: "{{ .Values.extraDatabase.instance }}"
deletionProtected: true
backup:
enable: false
cron: 0 0 * * *
{{- if .Values.extraDatabase.credentials }}
credentials:
templates:
{{- range $key, $value := .Values.extraDatabase.credentials }}
- name: {{ $key }} - name: {{ $key }}
template: {{ $value }} template: {{ $value }}
secret: true secret: true
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}

14
common/values.metallb.yaml Normal file
View File

@ -0,0 +1,14 @@
---
metallb:
templates:
- |
{{ range .Values.ippools }}
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ .name }}
spec:
addresses:
- {{ .addresses }}
{{ end }}

20
common/values.tcp-route.yaml Normal file
View File

@ -0,0 +1,20 @@
---
traefik:
templates:
- |
{{ range .Values.tcpRoutes }}
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ .name }}
spec:
entryPoints:
- {{ .entrypoint }}
routes:
- match: {{ .match }}
services:
- name: {{ .service }}
nativeLB: true
port: {{ .port }}
{{- end }}

13
common/values.tcproute.yaml Normal file
View File

@ -0,0 +1,13 @@
---
tcproute:
templates:
- |
---
{{ range .Values.routes }}
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ printf "%s-%s" .Release.Name .name }}
spec:
{{ tpl (.routes | toYaml | indent 2 | toString) $ }}
{{ end }}

27
crd.yaml Normal file
View File

@ -0,0 +1,27 @@
templates:
# ---------------------------
# -- Hooks
# ---------------------------
crd-management-hook:
hooks:
- events: ["preapply"]
showlogs: true
command: "sh"
args:
- -c
- |
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|| true
- events: ["prepare"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
- events: ["postuninstall"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"

7
docs/restic.md
View File

@ -1,7 +0,0 @@
# Restic
We are using restic for backing up the Minecraft server
## How to restore
TODO: Describe the restoration process

2
environments.yaml
View File

@ -1,5 +1,5 @@
environments: environments:
badhouseplants: badhouseplants:
kubeContext: badhouseplants-arm kubeContext: badhouseplants
etersoft: etersoft:
kubeContext: etersoft kubeContext: etersoft

22
etersoft/helmfile.yaml
View File

@ -1,4 +1,26 @@
--- ---
{{ readFile "../releases.yaml" }}
releases:
- <<: *openvpn
installed: true
namespace: openvpn-service
createNamespace: false
- <<: *istio-base
installed: false
namespace: istio-system
createNamespace: false
- <<: *istio-gateway
installed: false
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: false
namespace: istio-system
createNamespace: false
bases: bases:
- ../environments.yaml - ../environments.yaml

48
etersoft/values/secrets.minio.yaml
View File

@ -1,21 +1,21 @@
rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str]
users: users:
- accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str]
secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str]
policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str]
- accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str]
secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str]
policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str]
oidc: #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment]
enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment]
configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment]
clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str] #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment]
clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str] #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment]
claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment]
redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment]
comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment]
claimPrefix: "" #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment]
scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -25,14 +25,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6
QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U
R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX
UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg
vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-04T19:00:41Z" lastmodified: "2024-02-04T08:44:29Z"
mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str] mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

24
etersoft/values/secrets.postgres16.yaml Normal file
View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-04T02:27:48Z"
mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

13
etersoft/values/values.longhorn.yaml Normal file
View File

@ -0,0 +1,13 @@
defaultSettings:
backupTarget: s3://longhorn@us-east1/backupstore
backupTargetCredentialSecret: aws-secret
guaranteedEngineManagerCPU: 6
guaranteedReplicaManagerCPU: 6
storageOverProvisioningPercentage: 300
storageMinimalAvailablePercentage: 5
defaultDataPath: /media-longhorn
csi:
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
persistence:
defaultClassReplicaCount: 1
enablePSP: false

5
etersoft/values/values.metallb-resources.yaml Normal file
View File

@ -0,0 +1,5 @@
metallb:
enabled: true
ippools:
- name: etersoft
addresses: 91.232.225.63-91.232.225.63

14
etersoft/values/values.minio.yaml
View File

@ -18,6 +18,16 @@ istio:
hostname: s3.e.badhouseplants.net hostname: s3.e.badhouseplants.net
service: minio service: minio
port: 9000 port: 9000
image:
repository: quay.io/minio/minio
tag: RELEASE.2024-01-11T07-46-16Z-cpuv1
pullPolicy: IfNotPresent
mcImage:
repository: quay.io/minio/mc
tag: RELEASE.2024-01-11T05-49-32Z-cpuv1
pullPolicy: IfNotPresent
rootUser: 'overlord' rootUser: 'overlord'
replicas: 1 replicas: 1
mode: standalone mode: standalone
@ -85,6 +95,10 @@ buckets:
policy: none policy: none
purge: false purge: false
versioning: false versioning: false
- name: velero-test
policy: none
purge: false
versioning: false
- name: restic - name: restic
policy: none policy: none
purge: false purge: false

10
etersoft/values/values.postgres16.yaml Normal file
View File

@ -0,0 +1,10 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false

56
extensions.yaml Normal file
View File

@ -0,0 +1,56 @@
templates:
# ----------------------------
# -- Extensions
# ----------------------------
ext-istio-gateway:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio-gateway
values:
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
ext-istio-resource:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio
values:
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
ext-certificate:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: certificate
values:
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
ext-metallb:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: metallb
values:
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
service-monitor:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: service-monitor
values:
- '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
namespace:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ns
inherit:
- template: default-common-values
- template: default-env-values
ext-database:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'

41
helmfile.yaml
View File

@ -9,47 +9,32 @@ releases:
- <<: *metrics-server - <<: *metrics-server
installed: true installed: true
namespace: kube-system namespace: kube-system
createNamespace: true createNamespace: false
- <<: *istio-base
installed: true
namespace: istio-system
createNamespace: true
- <<: *istio-gateway
installed: true
namespace: istio-system
createNamespace: true
- <<: *istiod
installed: true
namespace: istio-system
createNamespace: true
- <<: *cert-manager - <<: *cert-manager
installed: true installed: true
namespace: cert-manager namespace: kube-system
createNamespace: true createNamespace: false
- <<: *minio - <<: *minio
installed: true installed: true
namespace: minio-service namespace: minio-service
createNamespace: true createNamespace: false
- <<: *openvpn
installed: true
namespace: openvpn-service
createNamespace: true
- <<: *metallb - <<: *metallb
installed: true installed: true
namespace: metallb-system namespace: kube-system
createNamespace: true createNamespace: false
- <<: *reflector - <<: *reflector
installed: true installed: true
namespace: reflector-system namespace: kube-system
createNamespace: true createNamespace: false
- <<: *metallb-resources
installed: true
namespace: kube-system
createNamespace: false
helmfiles: helmfiles:
- path: {{.Environment.Name }}/helmfile.yaml - path: {{.Environment.Name }}/helmfile.yaml

235
helmule/helmule.yaml Normal file
View File

@ -0,0 +1,235 @@
charts:
- repository: metrics-server
name: metrics-server
mirrors:
- custom-commands
- repository: metallb
name: metallb
mirrors:
- custom-commands
- repository: bedag
name: raw
mirrors:
- custom-commands
- repository: jetstack
name: cert-manager
mirrors:
- custom-commands
- repository: longhorn
name: longhorn
mirrors:
- custom-commands
- repository: argo
name: argo-cd
mirrors:
- custom-commands
- repository: prometheus-community
name: kube-prometheus-stack
mirrors:
- custom-commands
- repository: grafana
name: loki
mirrors:
- custom-commands
- repository: grafana
name: promtail
mirrors:
- custom-commands
- repository: istio
name: base
mirrors:
- custom-commands
- repository: istio
name: gateway
mirrors:
- custom-commands
- repository: istio
name: istiod
mirrors:
- custom-commands
- repository: allanger-gitea
name: openvpn-xor
mirrors:
- custom-commands
- repository: allanger-gitea
name: openvpn
mirrors:
- custom-commands
- repository: drone
name: drone
mirrors:
- custom-commands
- repository: drone
name: drone-runner-docker
mirrors:
- custom-commands
- repository: woodpecker
name: woodpecker
mirrors:
- custom-commands
- repository: bitnami
name: wordpress
mirrors:
- custom-commands
- repository: minio
name: minio
mirrors:
- custom-commands
- repository: gitea
name: gitea
mirrors:
- custom-commands
- repository: ananace-charts
name: funkwhale
mirrors:
- custom-commands
- repository: bitwarden
name: vaultwarden
mirrors:
- custom-commands
- repository: bitnami
name: redis
mirrors:
- custom-commands
- repository: bitnami
name: postgresql
mirrors:
- custom-commands
- repository: db-operator
name: db-operator
mirrors:
- custom-commands
- repository: db-operator
name: db-instances
mirrors:
- custom-commands
- repository: bitnami
name: mysql
mirrors:
- custom-commands
- repository: allanger-gitea
name: docker-mailserver
mirrors:
- custom-commands
- repository: allanger-gitea
name: vaultwarden
mirrors:
- custom-commands
- repository: emberstack
name: reflector
mirrors:
- custom-commands
- repository: mailu
name: mailu
mirrors:
- custom-commands
- repository: gabe565
name: tandoor
mirrors:
- custom-commands
- repository: coredns
name: coredns
mirrors:
- custom-commands
- repository: cilium
name: cilium
mirrors:
- custom-commands
- repository: zot
name: zot
mirrors:
- custom-commands
mirrors:
- name: custom-commands
custom_command:
package:
- helm package -d package .
upload:
- helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants
- rm -rf ./package
repositories:
- name: metrics-server
helm:
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
helm:
url: https://charts.jetstack.io
- name: istio
helm:
url: https://istio-release.storage.googleapis.com/charts
- name: drone
helm:
url: https://charts.drone.io
- name: bitnami
helm:
url: https://charts.bitnami.com/bitnami
- name: minio
helm:
url: https://charts.min.io/
- name: longhorn
helm:
url: https://charts.longhorn.io
- name: gitea
helm:
url: https://dl.gitea.io/charts/
- name: ananace-charts
helm:
url: https://ananace.gitlab.io/charts
- name: argo
helm:
url: https://argoproj.github.io/argo-helm
- name: bedag
helm:
url: https://bedag.github.io/helm-charts/
- name: metallb
helm:
url: https://metallb.github.io/metallb
- name: prometheus-community
helm:
url: https://prometheus-community.github.io/helm-charts
- name: grafana
helm:
url: https://grafana.github.io/helm-charts
- name: bitwarden
helm:
url: https://constin.github.io/vaultwarden-helm/
- name: db-operator
helm:
url: https://db-operator.github.io/charts
- name: allanger-gitea
helm:
url: https://git.badhouseplants.net/api/packages/allanger/helm
- name: badhouseplants
helm:
url: https://badhouseplants.github.io/helm-charts/
- name: woodpecker
helm:
url: https://woodpecker-ci.org
- name: firefly-iii
helm:
url: https://firefly-iii.github.io/kubernetes/
- name: emberstack
helm:
url: https://emberstack.github.io/helm-charts
- name: gabe565
helm:
url: https://charts.gabe565.com
- name: mailu
helm:
url: https://mailu.github.io/helm-charts/
- name: coredns
helm:
url: https://coredns.github.io/helm
- name: cilium
helm:
url: https://helm.cilium.io/
- name: phybros-helm-charts
helm:
url: https://phybros.github.io/helm-charts
- name: nextcloud
helm:
url: https://nextcloud.github.io/helm/
- name: zot
helm:
url: https://zotregistry.dev/helm-charts/

14
manifests/argo-apps/app.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vaultflux
namespace: argo-system
spec:
project: default
source:
repoURL: git@git.badhouseplants.net:badhouseplants/k8s-cluster-config.git
targetRevision: try-argo-and-flux
path: manifests/debug/istio
destination:
server: https://kubernetes.default.svc
namespace: default

2
manifests/badhouseplants-ip.yaml
View File

@ -7,4 +7,4 @@ metadata:
namespace: metallb-system namespace: metallb-system
spec: spec:
addresses: addresses:
- 195.201.250.50-195.201.250.50 - 195.201.249.91-195.201.249.91

12
manifests/badhouseplants/namespace-creator-binding.yaml
View File

@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: namespace-manager
subjects:
- kind: User
name: badhousplants
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: namespace-manager
apiGroup: rbac.authorization.k8s.io

8
manifests/badhouseplants/namespace-creator-role.yaml
View File

@ -1,8 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: namespace-manager
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "watch", "list", "create", "delete"]

97
manifests/debug/istio/httpbin.yaml Normal file
View File

@ -0,0 +1,97 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
kubernetes.io/metadata.name: debug
name: debug
---
# httpbin.yaml
#apiVersion: networking.istio.io/v1alpha3
#kind: VirtualService
#metadata:
# name: httpbin
# namespace: debug
#spec:
# hosts:
# - "httpbin.badhouseplants.net"
# gateways:
# - istio-system/badhouseplants-net
# http:
# - route:
# - destination:
# port:
# number: 8000
# host: httpbin
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpbin
namespace: debug
spec:
rules:
- host: "httpbin.badhouseplants.net"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpbin
port:
number: 8000
---
apiVersion: v1
kind: Service
metadata:
name: httpbin
namespace: debug
labels:
app: httpbin
spec:
ports:
- name: http
port: 8000
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
namespace: debug
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
version: v1
template:
metadata:
labels:
app: httpbin
version: v1
spec:
containers:
- image: docker.io/citizenstig/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 8000
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ubuntu
namespace: argo-system
spec:
project: default
source:
repoURL: git@git.badhouseplants.net:badhouseplants/k8s-cluster-config.git
targetRevision: try-argo-and-flux
path: manifests/debug/ubuntu
destination:
server: https://kubernetes.default.svc
namespace: default

19
manifests/debug/metallb/deployment.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80

11
manifests/debug/metallb/service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
type: LoadBalancer

11
manifests/debug/ubuntu/ubuntu.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Pod
metadata:
name: ubuntu
spec:
containers:
- name: ubuntu
image: ubuntu
command:
- sleep
- infinity

Some files were not shown because too many files have changed in this diff Show More