Break kustomization

badhouseplants/helmfile.yaml

@@ -3,12 +3,12 @@
 
 releases:
   - <<: *istio-base
-    installed: false
+    installed: true
     namespace: istio-system
     createNamespace: false
   
   - <<: *istiod
-    installed: false
+    installed: true
     namespace: istio-system
     createNamespace: false
   - <<: *namespaces
@@ -29,7 +29,7 @@ releases:
 
   - <<: *argocd
     installed: true
-    namespace: platform
+    namespace: argo-system
     createNamespace: false
 
   - <<: *nrodionov
@@ -82,7 +82,7 @@ releases:
 
   - <<: *woodpecker-ci
     installed: true
-    namespace: platform
+    namespace: woodpecker-ci
     createNamespace: true
 
   - <<: *vaultwarden

badhouseplants/values/secrets.authentik.yaml

@@ -1,24 +0,0 @@
-authentik:
-    email:
-        password: ENC[AES256_GCM,data:j5JFI7KqO2dOjl0xi4KhvnF04tc=,iv:/YH+XId24X69lRXrp73ZhKGOcuEtXn/ZvqlJwMTgdRk=,tag:YBh/slhCstFpXxE4y05Viw==,type:str]
-    secret_key: ENC[AES256_GCM,data:zbs2HX75h3rITd/JRPVa60AhrWgDp/syWFttnadRyDJFFM4/6YFOUhJNcGGQis6Tz5Q=,iv:1iYOTqBU3WHNPBa5TpSwi6+h6IT8Joc6Z4c2UKY7xQ8=,tag:DcRfBP69i17zKFobMA3WFQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGK0hPSEY4d3N4QS9aM0h3
-            NXRYZ1BMdXozVzdJWmlzWnIySXBwcHVrVUhrClgvRENGTHdJMnVsTjdSN2NseUtT
-            cjJ0emRObHdXTUhDejhhVEI1U0xvNlkKLS0tIHh2NGhzbGZDMm9ObDVxN1NYYS9u
-            WlhXbFVQbFZUNFlGWEhoVktxUXRuZUUKJNSS+vhG5McKrxvqCIT9dGivcReZOud7
-            HEReDoZcf0+7c4JgnrcT0AvvTR5fHPnfveTkwHym3LHMYbZnIPueig==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-30T18:36:34Z"
-    mac: ENC[AES256_GCM,data:djXTiatawc1OuJ5VqfbR8wS2xKrvVZigGLyQa7tx6/zbgcP2yLQJvcYeZj6zHhQasFzaiNbD05Qz+9Td0ysxZuAnajQ+CaulnIOhy/FhaiiQFtqFTR7xEsFIiUBxTPEJkhVNlKTxzjJ1AX2dagiov75otC6jbueQqYTXaGGcdko=,iv:oWbWTUqlM1zQ7zfC5FZkNJJ8RxvM9+fvTWobgJCmLQE=,tag:7Jb9XBBq1OI0ghqOqxiJJA==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1

badhouseplants/values/values.authentik.yaml

@@ -13,20 +13,12 @@ ext-database:
     password: "{{ .Password }}"
     database: "{{ .Database }}"
 authentik:
-  email:
-    host: email.badhouseplants.net
-    port: 587
-    username: bot@badhouseplants.net
-    use_tls: false
-    use_ssl: false
-    timeout: 30
-    from: bot@badhouseplants.net
   postgresql:
     host: file:///postgres-creds/host
     user: file:///postgres-creds/username
     password: file:///postgres-creds/password
     name: file:///postgres-creds/database
-  secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
+  secret_key: "TKSzEEQnu$^GKtHDMSVb!&Z8f5EuwTxC&^EZXeRKXWf%Vk53w5"
   # This sends anonymous usage-data, stack traces on errors and
   # performance data to authentik.error-reporting.a7k.io, and is fully opt-in
   error_reporting:

badhouseplants/values/values.namespaces.yaml

@@ -1,10 +1,19 @@
 namespaces:
   - name: longhorn-system
   - name: minio-service
+  - name: argo-system
   - name: nrodionov-application
+  - name: minecraft-application
+    annotations:
+      badohouseplants.net/git-repo: |
+        https://git.badhouseplants.net/badhouseplants/minecraft-helmfile
+      badhouseplants.net/ci: |
+        https://ci.badhouseplants.net/repos/15
+  - name: gitea-service
   - name: funkwhale-application
   - name: database-service
   - name: vaultwarden-application
+  - name: woodpecker-ci
   - name: openvpn-service
   - name: badhouseplants-main
     labels:
@@ -14,5 +23,5 @@ namespaces:
   - name: databases
   - name: applications
   - name: development
-  - name: platform
+  - name: devops
   - name: games

badhouseplants/values/values.roles.yaml

@@ -6,14 +6,4 @@ roles:
       - apiGroups: ["*"]
         resources: ["*"]
         verbs: ["*"]
-        namespace:
+        namespace: ["minecraft-application"]
-          - minecraft-application
-  - name: minecraft-admin
-    namespace: games
-    kind: Role
-    rules:
-      - apiGroups: ["*"]
-        resources: ["*"]
-        verbs: ["*"]
-        namespace:
-          - games

badhouseplants/values/values.traefik.yaml

@@ -4,9 +4,6 @@ service:
   spec:
     externalTrafficPolicy: Local
 ports:
-  web:
-    redirectTo:
-      port: websecure
   ssh:
     port: 22
     expose:

badhouseplants/values/values.woodpecker-ci.yaml

@@ -2,6 +2,15 @@
 # -- Istio extenstion. Just because I'm
 # --  not using ingress nginx
 # ------------------------------------------
+istio:
+  enabled: true
+  istio:
+    - name: woodpecker-server-http
+      gateway: istio-system/badhouseplants-net
+      kind: http
+      hostname: ci.badhouseplants.net
+      service: woodpecker-ci-server
+      port: 80
 ext-database:
   enabled: true
   name: woodpecker-postgres16
@@ -26,6 +35,11 @@ server:
       - secretName: woodpecker-tls-secret
         hosts:
           - ci.badhouseplants.net
+  #image:
+  #  registry: git.badhouseplants.net
+  #  repository: allanger/woodpecker-server
+  #  pullPolicy: Always
+  #  tag: icon
   enabled: true
   env:
     WOODPECKER_GITEA: true
@@ -36,16 +50,21 @@ server:
     WOODPECKER_ADMIN: "woodpecker,allanger"
     WOODPECKER_HOST: "https://ci.badhouseplants.net"
     WOODPECKER_ESCALATE: true
-    WOODPECKER_BACKEND_K8S_NAMESPACE: platform
+    WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
   extraSecretNamesForEnvFrom:
     - woodpecker-postgres16-creds
 agent:
+  #image:
+  #  registry: git.badhouseplants.net
+  #  repository: allanger/woodpecker-agent
+  #  pullPolicy: Always
+  #  tag: dev
   enabled: true
   extraSecretNamesForEnvFrom: []
   env:
     WOODPECKER_SERVER: woodpecker-ci-server:9000
     WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
-    WOODPECKER_BACKEND_K8S_NAMESPACE: platform
+    WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
     WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
   serviceAccount:
     create: true

etersoft/helmfile.yaml

@@ -8,17 +8,17 @@ releases:
     createNamespace: false
   
   - <<: *istio-base
-    installed: false
+    installed: true
     namespace: istio-system
     createNamespace: false
   
   - <<: *istio-gateway
-    installed: false
+    installed: true
     namespace: istio-system
     createNamespace: false
 
   - <<: *istiod
-    installed: false
+    installed: true
     namespace: istio-system
     createNamespace: false
 

manifests/debug/istio/httpbin.yaml

@@ -1,97 +1,3 @@
----
+#!/usr/bin/sh
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    kubernetes.io/metadata.name: debug
-  name: debug
----
-# httpbin.yaml
-#apiVersion: networking.istio.io/v1alpha3
-#kind: VirtualService
-#metadata:
-#  name: httpbin
-#  namespace: debug
-#spec:
-#  hosts:
-#    - "httpbin.badhouseplants.net"
-#  gateways:
-#    - istio-system/badhouseplants-net
-#  http:
-#    - route:
-#        - destination:
-#            port:
-#              number: 8000
-#            host: httpbin
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: httpbin
-  namespace: debug
-spec:
-  rules:
-    - host: "httpbin.badhouseplants.net"
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: httpbin
-                port:
-                  number: 8000
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: httpbin
-  namespace: debug
-  labels:
-    app: httpbin
-spec:
-  ports:
-    - name: http
-      port: 8000
-  selector:
-    app: httpbin
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: httpbin
-  namespace: debug
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: httpbin
-      version: v1
-  template:
-    metadata:
-      labels:
-        app: httpbin
-        version: v1
-    spec:
-      containers:
-        - image: docker.io/citizenstig/httpbin
-          imagePullPolicy: IfNotPresent
-          name: httpbin
-          ports:
-            - containerPort: 8000
 
----
+echo "funny failure"
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: ubuntu
-  namespace: argo-system
-spec:
-  project: default
-  source:
-    repoURL: git@git.badhouseplants.net:badhouseplants/k8s-cluster-config.git
-    targetRevision: try-argo-and-flux
-    path: manifests/debug/ubuntu
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: default

releases.yaml

@@ -145,9 +145,9 @@ templates:
   cert-manager: &cert-manager
     name: cert-manager
     chart: jetstack/cert-manager
-    version: 1.15.1
+    version: 1.15.0
     set:
-      - name: crds.enabled
+      - name: installCRDs
         value: true
   longhorn: &longhorn
     name: longhorn
@@ -159,7 +159,7 @@ templates:
   argocd: &argocd
     name: argocd
     chart: argo/argo-cd
-    version: 7.3.3
+    version: 7.1.3
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -199,7 +199,7 @@ templates:
   istio-common:
     labels:
       bundle: istio
-    version: 1.22.2
+    version: 1.22.0
 
   istio-base: &istio-base
     name: istio-base
@@ -265,7 +265,7 @@ templates:
   nrodionov: &nrodionov
     name: nrodionov
     chart: bitnami/wordpress
-    version: 22.4.16
+    version: 22.4.10
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -336,12 +336,12 @@ templates:
   db-operator: &db-operator
     name: db-operator
     chart: db-operator/db-operator
-    version: 1.27.1
+    version: 1.25.0
 
   db-instances: &db-instances
     name: db-instances
     chart: db-operator/db-instances
-    version: 2.3.4
+    version: 2.3.1
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -349,7 +349,7 @@ templates:
   mysql: &mysql
     name: mysql
     chart: bitnami/mysql
-    version: 11.1.4
+    version: 11.1.2
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -465,5 +465,4 @@ templates:
     createNamespace: false
     inherit:
       - template: default-env-values
-      - template: default-env-secrets
       - template: ext-database

scripts/migrate_postgres.sh

@@ -5,18 +5,18 @@ export PGDATABASE=$OLD_PGDATABASE
 export PGPORT=$OLD_PGPORT
 export PGUSER=$OLD_PGUSER
 DUMP_FILE=/tmp/$PGDATABASE.dump
-#pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
+pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
-#
+
-#export PGHOST=$NEW_PGHOST
+export PGHOST=$NEW_PGHOST
-#export PGPASSWORD=$NEW_PGPASSWORD
+export PGPASSWORD=$NEW_PGPASSWORD
-#export PGDATABASE=$NEW_PGDATABASE
+export PGDATABASE=$NEW_PGDATABASE
-#export PGPORT=$NEW_PGPORT
+export PGPORT=$NEW_PGPORT
-#export PGUSER=$NEW_PGUSER
+export PGUSER=$NEW_PGUSER
-#pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
+pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
-#
+
-#psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
+psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
-#psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
+psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
-#psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
+psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
 
 rm -f /tmp/output