badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

Compare commits

merge into: badhouseplants:try-arm
Branches Tags
badhouseplants:main badhouseplants:renovate/configure badhouseplants:try-argo-and-flux badhouseplants:fail-kust badhouseplants:add-dependencies badhouseplants:refactor-helmfiles badhouseplants:rook-ceph-arm badhouseplants:invalid.config badhouseplants:try-elementor badhouseplants:prepare-arm-cluster badhouseplants:try-tekton badhouseplants:fix-check-da-helm badhouseplants:try-arm badhouseplants:upgrading-openvpn
...
pull from: badhouseplants:prepare-arm-cluster
Branches Tags
badhouseplants:renovate/configure badhouseplants:try-argo-and-flux badhouseplants:fail-kust badhouseplants:main badhouseplants:add-dependencies badhouseplants:refactor-helmfiles badhouseplants:rook-ceph-arm badhouseplants:invalid.config badhouseplants:try-elementor badhouseplants:prepare-arm-cluster badhouseplants:try-tekton badhouseplants:fix-check-da-helm badhouseplants:try-arm badhouseplants:upgrading-openvpn

45 Commits
try-arm ... prepare-ar

Author SHA1 Message Date
Nikolai Rodionov
3463f91c77 Some changes for ARM 2023-11-05 16:16:24 +01:00
Nikolai Rodionov
70101a1c3f Prepare the arm cluster 2023-10-18 16:51:42 +02:00
Nikolai Rodionov
63df23af17 Start managing gateways with helmfile 2023-10-17 14:56:57 +02:00
Nikolai Rodionov
250ee3ef26 Add some smtp settings 2023-10-15 17:21:49 +02:00
Nikolai Rodionov
212930ec1a Install email server 2023-10-14 16:24:13 +02:00
Nikolai Rodionov
54a7dad780 Update releases and increase Gitea storage 2023-10-14 07:41:40 +02:00
Nikolai Rodionov
ccaba4e70d Some updated to minecraft 2023-10-11 19:22:39 +02:00
Nikolai Rodionov
89df5ff10c chore: Update Istio 2023-10-11 07:58:37 +02:00
Nikolai Rodionov
eaf3f3988d Update Prometheus 2023-10-10 18:23:26 +02:00
Nikolai Rodionov
546d887d98 chore: Update outdated charts 2023-10-10 15:14:28 +02:00
RNRod
35eae889b2 Delete old postgres 
Issue: #116
 2023-10-04 21:35:19 +02:00
RNRod
bf6685ce6d Migrate funkwhale to postgres 16 
Issue: #116
 2023-10-04 21:31:06 +02:00
RNRod
0c7fbbd079 Migrate gitea to postgres 16 
Issue: #116
 2023-10-04 21:30:41 +02:00
RNRod
548700c1dd Add a script for postgres migration 
Issue: #116
 2023-10-04 21:28:48 +02:00
Nikolai Rodionov
b495f09261 chore: Install postgres 16 2023-10-04 04:34:39 +02:00
Nikolai Rodionov
b2e58102ce upgrade some releases 2023-10-03 10:53:34 +02:00
Nikolai Rodionov
4843cdbedb chore: Upgrade releases 2023-09-26 06:48:37 +02:00
Nikolai Rodionov
357dba4476 Disable backups for minecraft 2023-09-23 16:51:07 +02:00
Nikolai Rodionov
4739b983bc Upgrade db-operator 2023-09-23 15:30:12 +02:00
Nikolai Rodionov
a941f7df16 Remove drone runner from the etersoft cluster 2023-09-22 10:29:40 +02:00
Nikolai Rodionov
63968337e2 add telegram notifications for outdated charts 2023-09-20 21:52:07 +02:00
Nikolai Rodionov
8cfd4bf88d Use another redis db for funkwhale 2023-09-14 10:28:18 +02:00
Nikolai Rodionov
1d5e6f6d93 chore: Upgrade releases 2023-09-12 10:39:42 +02:00
Nikolai Rodionov
af236d75a1 chore: Update MetalLB 2023-09-09 05:06:14 +02:00
Nikolai Rodionov
b149d953f3 chore: Some updates that are not critical 2023-09-09 00:39:02 +02:00
Nikolai Rodionov
2cae97fccb chore: Update drone 2023-09-09 00:08:38 +02:00
Nikolai Rodionov
a68bf4502a Update minecraft config and Paper 2023-09-07 00:31:47 +02:00
Nikolai Rodionov
39893c3390 chore: Fix gitea version 2023-09-03 11:15:21 +02:00
Nikolai Rodionov
1c50200fa2 chore: Upgrade releases 2023-09-03 11:13:25 +02:00
Nikolai Rodionov
0d4f0c1053 Update backup setup 2023-08-24 21:35:08 +02:00
Nikolai Rodionov
2d8bb5ff39 Downgrade openvpn 2023-08-24 21:34:15 +02:00
Nikolai Rodionov
6aaeb5db0d Add 'faster minecarts' to Minecraft again 2023-08-22 23:51:31 +02:00
Nikolai Rodionov
162b2dd602 Add 'faster minecarts' to Minecraft 2023-08-22 23:46:39 +02:00
Nikolai Rodionov
8183029ebd Update outdated releases 2023-08-19 09:15:58 +02:00
Nikolai Rodionov
bb6617b58c Update OpenVPN 2023-08-19 09:14:35 +02:00
Nikolai Rodionov
39160f7e66 Update db-operator chart to 1.10.0 2023-08-17 11:10:47 +02:00
Nikolai Rodionov
e3760ca400 Migrate to the new openvpn setup 2023-08-16 20:55:56 +02:00
Nikolai Rodionov
15bbc19939 minecraft: Override server properties 2023-08-15 17:41:10 +02:00
Nikolai Rodionov
5ac35a5a60 Fix the name of restic repo 2023-08-15 17:27:55 +02:00
Nikolai Rodionov
12c1a0ca31 Enable default secrets for minecraft 2023-08-15 17:25:31 +02:00
Nikolai Rodionov
b755239823 Enable restic backups for minecraft 2023-08-15 15:40:59 +02:00
Nikolai Rodionov
ced4bcd4c5 Add new bucket to minio and setup rcon 2023-08-15 14:53:20 +02:00
RNRod
e3848a49cc install gravity control plugin for minecraft server 2023-08-14 18:42:56 +02:00
Nikolai Rodionov
3643ea788b chore: Upgrade outdated releases 2023-08-14 11:31:49 +02:00
Nikolai Rodionov
77429c2c36 Setup a new XOR patched VPN 2023-08-09 21:15:25 +02:00
44 changed files with 845 additions and 184 deletions
Expand all files Collapse all files

14
.drone.yml
View File

@ -105,4 +105,16 @@ steps:
SOPS_AGE_KEY:
from_secret: SOPS_AGE_KEY
commands:
- cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o
- echo "Hey, bud, some helm releases are outdated:" > message_file.tpl
- cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl
- name: Send telegram notification
when:
status:
- failure
image: appleboy/drone-telegram
settings:
token:
from_secret: TELEGRAM_TOKEN
to: 131601077
message_file: message_file.tpl

1
Makefile
View File

@ -2,3 +2,4 @@ create_crb:
kubectl create clusterrolebinding drone-deployer-workaround \
--clusterrole=cluster-admin \
--serviceaccount=drone-service:default

34
badhouseplants/helmfile.yaml
View File

@ -5,37 +5,42 @@ releases:
- <<: *drone
installed: true
namespace: drone-service
createNamespace: false
createNamespace: true
- <<: *drone-runner-docker
installed: true
namespace: drone-service
createNamespace: true
- <<: *longhorn
installed: true
installed: false
namespace: longhorn-system
createNamespace: false
createNamespace: true
- <<: *argocd
installed: true
namespace: argo-system
createNamespace: false
createNamespace: true
- <<: *nrodionov
installed: true
namespace: nrodionov-application
createNamespace: false
createNamespace: true
- <<: *minecraft
installed: true
namespace: minecraft-application
createNamespace: false
createNamespace: true
- <<: *gitea
installed: true
namespace: gitea-service
createNamespace: false
createNamespace: true
- <<: *funkwhale
installed: true
namespace: funkwhale-application
createNamespace: false
createNamespace: true
- <<: *prometheus
installed: true
@ -45,12 +50,12 @@ releases:
- <<: *loki
installed: false
namespace: monitoring-system
createNamespace: false
createNamespace: true
- <<: *promtail
installed: false
namespace: monitoring-system
createNamespace: false
createNamespace: true
- <<: *bitwarden
installed: true
@ -62,7 +67,7 @@ releases:
namespace: database-service
createNamespace: true
- <<: *postgres
- <<: *postgres16
installed: true
namespace: database-service
createNamespace: true
@ -82,10 +87,13 @@ releases:
namespace: database-service
createNamespace: true
- <<: *docker-mailserver
installed: true
namespace: mail-service
createNamespace: true
bases:
- ../environments.yaml
- ../repositories.yaml
#helmfiles:
# - namespaces.yaml

8
badhouseplants/values/secrets.bitwarden.yaml
View File

@ -1,5 +1,7 @@
env:
ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str]
smtp:
password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -15,8 +17,8 @@ sops:
dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1
amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-16T18:40:43Z"
mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str]
lastmodified: "2023-10-15T12:20:48Z"
mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1

10
badhouseplants/values/secrets.db-instances.yaml
View File

@ -3,6 +3,10 @@ dbinstances:
secrets:
adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str]
adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str]
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str]
adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str]
mysql:
secrets:
adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str]
@ -22,8 +26,8 @@ sops:
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-30T15:07:28Z"
mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str]
lastmodified: "2023-10-04T02:28:20Z"
mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.0

8
badhouseplants/values/secrets.funkwhale.yaml
View File

@ -1,7 +1,7 @@
djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str]
postgresql:
auth:
password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str]
password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str]
redis:
auth:
password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str]
@ -20,8 +20,8 @@ sops:
dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA
GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-29T20:22:20Z"
mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str]
lastmodified: "2023-10-04T18:47:37Z"
mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.0

10
badhouseplants/values/secrets.gitea.yaml
View File

@ -4,9 +4,9 @@ gitea:
password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str]
config:
mailer:
ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool]
PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str]
database:
PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str]
PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str]
session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str]
cache:
@ -33,8 +33,8 @@ sops:
Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-29T20:30:31Z"
mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str]
lastmodified: "2023-10-15T09:58:05Z"
mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1

28
badhouseplants/values/secrets.minecraft.yaml Normal file
View File

@ -0,0 +1,28 @@
minecraftServer:
rcon:
password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str]
mcbackup:
resticEnvs:
RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-15T15:32:19Z"
mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

24
badhouseplants/values/secrets.postgres16.yaml Normal file
View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-04T02:27:48Z"
mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

2
badhouseplants/values/values.argocd.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: argocd-http
gateway: badhouseplants-net
gateway: istio-system/badhouseplants-net
kind: http
hostname: argo.badhouseplants.net
service: argocd-server

23
badhouseplants/values/values.bitwarden.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: bitwarden-http
gateway: badhouseplants-net
gateway: istio-system/badhouseplants-net
kind: http
hostname: bitwarden.badhouseplants.net
service: bitwarden-vaultwarden
@ -17,17 +17,8 @@ istio:
pathType: Prefix
env:
SIGNUPS_ALLOWED: false
DOMAIN: "https://bitwarden.badhouseplants.net"
# YUBICO_CLIENT_ID
# YUBICO_SECRET_KEY
# DATA_FOLDER
# DATABASE_URL
# ATTACHMENTS_FOLDER
# ICON_CACHE_FOLDER
# ROCKET_LIMITS
# ROCKET_WORKERS
WEB_VAULT_ENABLED: true
persistence:
@ -35,3 +26,15 @@ persistence:
accessMode: ReadWriteOnce
size: 800Mi
storageClass: longhorn
smtp:
host: badhouseplants.net
security: "starttls"
port: 587
from: bitwarden@badhouseplants.net
fromName: bitwarden
username:
value: overlord@badhouseplants.net
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"

10
badhouseplants/values/values.db-instances.yaml
View File

@ -10,6 +10,16 @@ dbinstances:
generic:
host: postgres-postgresql
port: 5432
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: database-service
engine: postgres
generic:
host: postgres16-postgresql
port: 5432
mysql:
monitoring:
enabled: false

129
badhouseplants/values/values.docker-mailserver.yaml Normal file
View File

@ -0,0 +1,129 @@
istio-gateway:
enabled: true
gateways:
- name: badhouseplants-email
servers:
- hosts:
- "*"
port:
name: smtp
number: 25
protocol: TCP
- hosts:
- "*"
port:
name: pop3
number: 110
protocol: TCP
- hosts:
- "*"
port:
name: imap
number: 143
protocol: TCP
- hosts:
- "*"
port:
name: smtps
number: 465
protocol: TCP
- hosts:
- "*"
port:
name: submission
number: 587
protocol: TCP
- hosts:
- "*"
port:
name: imaps
number: 993
protocol: TCP
- hosts:
- "*"
port:
name: pop3s
number: 995
protocol: TCP
istio:
enabled: true
istio:
- name: docker-mailserver-smpt
kind: tcp
gateway: badhouseplants-email
service: docker-mailserver
hostname: badhouseplants.net
port_match: 25
port: 25
- name: docker-mailserver-smpts
kind: tcp
gateway: badhouseplants-email
port_match: 465
hostname: badhouseplants.net
service: docker-mailserver
port: 465
- name: docker-mailserver-smpt-startls
kind: tcp
gateway: badhouseplants-email
hostname: badhouseplants.net
port_match: 587
service: docker-mailserver
port: 587
- name: docker-mailserver-imap
kind: tcp
hostname: badhouseplants.net
gateway: badhouseplants-email
port_match: 143
service: docker-mailserver
port: 143
- name: docker-mailserver-imaps
kind: tcp
gateway: badhouseplants-email
hostname: badhouseplants.net
port_match: 993
service: docker-mailserver
port: 993
- name: docker-mailserver-pop3
kind: tcp
gateway: badhouseplants-email
port_match: 110
hostname: badhouseplants.net
service: docker-mailserver
port: 110
- name: docker-mailserver-pop3s
kind: tcp
gateway: badhouseplants-email
port_match: 993
hostname: badhouseplants.net
service: docker-mailserver
port: 993
- name: docker-mailserver-rainloop
kind: http
gateway: istio-system/badhouseplants-net
hostname: mail.badhouseplants.net
service: docker-mailserver-rainloop
port: 80
rainloop:
enabled: true
ingress:
enabled: false
demoMode:
enabled: false
domains:
- badhouseplants.net
- mail.badhouseplants.net
ssl:
issuer:
name: badhouseplants-issuer
kind: ClusterIssuer
dnsname: badhouseplants.net
dns01provider: cloudflare
useExisting: false
pod:
dockermailserver:
enable_fail2ban: "0"
ssl_type: manual
service:
type: ClusterIP
spfTestsDisabled: true

2
badhouseplants/values/values.drone.yaml
View File

@ -6,7 +6,7 @@ istio:
enabled: true
istio:
- name: drone-http
gateway: badhouseplants-net
gateway: istio-system/badhouseplants-net
kind: http
hostname: drone.badhouseplants.net
service: drone

13
badhouseplants/values/values.funkwhale.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: funkwhale-http
gateway: badhouseplants-net
gateway: istio-system/badhouseplants-net
kind: http
hostname: funkwhale.badhouseplants.net
service: funkwhale
@ -15,8 +15,8 @@ istio:
ext-database:
enabled: true
name: funkwhale-postgres
instance: postgres
name: funkwhale-postgres16
instance: postgres16
replicaCount: 1
celery:
@ -43,13 +43,14 @@ ingress:
enabled: false
postgresql:
enabled: false
host: postgres-postgresql.database-service.svc.cluster.local
host: postgres16-postgresql.database-service.svc.cluster.local
auth:
username: funkwhale-application-funkwhale-postgres
database: funkwhale-application-funkwhale-postgres
username: funkwhale-application-funkwhale-postgres16
database: funkwhale-application-funkwhale-postgres16
redis:
enabled: false
host: redis-master.database-service.svc.cluster.local
auth:
enabled: true
database: 3

23
badhouseplants/values/values.gitea.yaml
View File

@ -8,13 +8,13 @@ istio:
istio:
- name: gitea-http
kind: http
gateway: badhouseplants-net
gateway: istio-system/badhouseplants-net
hostname: git.badhouseplants.net
service: gitea-http
port: 3000
- name: gitea-ssh
kind: tcp
gateway: badhouseplants-ssh
gateway: istio-system/badhouseplants-ssh
hostname: "*"
port_match: 22
service: gitea-ssh
@ -25,8 +25,8 @@ istio:
# ------------------------------------------
ext-database:
enabled: true
name: gitea-postgres
instance: postgres
name: gitea-postgres16
instance: postgres16
# ------------------------------------------
# -- Kubernetes related values
# ------------------------------------------
@ -43,7 +43,7 @@ resources:
persistence:
enabled: true
size: 6Gi
size: 8Gi
accessModes:
- ReadWriteOnce
@ -61,9 +61,9 @@ gitea:
config:
database:
DB_TYPE: postgres
HOST: postgres-postgresql.database-service.svc.cluster.local
NAME: gitea-service-gitea-postgres
USER: gitea-service-gitea-postgres
HOST: postgres16-postgresql.database-service.svc.cluster.local
NAME: gitea-service-gitea-postgres16
USER: gitea-service-gitea-postgres16
APP_NAME: Bad Houseplants Gitea
ui:
meta:
@ -101,6 +101,13 @@ gitea:
ADAPTER: redis
queue:
TYPE: redis
mailer:
ENABLED: true
FROM: gitea@badhouseplants.net
PROTOCOL: smtp+startls
SMTP_ADDR: badhouseplants.net
SMTP_PORT: 587
USER: overlord@badhouseplants.net
service:
ssh:
type: ClusterIP

69
badhouseplants/values/values.istio-gateway-resources.yaml Normal file
View File

@ -0,0 +1,69 @@
istio-gateway:
enabled: true
gateways:
- name: badhouseplants-net
servers:
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: true
- hosts:
- badhouseplants.net
- '*.badhouseplants.net'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: badhouseplants-wildcard-tls
mode: SIMPLE
- name: nrodionov-info
servers:
- hosts:
- nrodionov.info
- dev.nrodionov.info
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: false
- hosts:
- nrodionov.info
- dev.nrodionov.info
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: nrodionov-wildcard-tls
mode: SIMPLE
- name: badhouseplants-vpn
servers:
- hosts:
- '*'
port:
name: tcp
number: 1194
protocol: TCP
- name: badhouseplants-ssh
servers:
- hosts:
- '*'
port:
name: ssh
number: 22
protocol: TCP
- name: badhouseplants-minecraft
servers:
- hosts:
- '*'
port:
name: minecraft
number: 25565
protocol: TCP

1
badhouseplants/values/values.istio-ingressgateway.yaml
View File

@ -1,4 +1,3 @@
---
service:
type: LoadBalancer
ports:

6
badhouseplants/values/values.longhorn.yaml
View File

@ -5,9 +5,9 @@ defaultSettings:
guaranteedReplicaManagerCPU: 6
storageOverProvisioningPercentage: 300
storageMinimalAvailablePercentage: 5
defaultDataPath: /media-longhorn
defaultDataPath: /media/longhorn
csi:
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
kubeletRootDir: /var/lib/kubelet
persistence:
defaultClassReplicaCount: 1
defaultClassReplicaCount: 3
enablePSP: false

2
badhouseplants/values/values.mailu.yaml
View File

@ -21,7 +21,7 @@ istio:
kind: http
gateway: badhouseplants-net
hostname: email.badhouseplants.net
service: mailu-front
service: mailu-fr ont
port: 80
# - name: mailu-smpt
# kind: tcp

4
badhouseplants/values/values.metallb-resources.yaml Normal file
View File

@ -0,0 +1,4 @@
ext-ipaddresspool:
enabled: true
name: badhouseplants-addresspool
addresses: 195.201.250.50-195.201.250.50

79
badhouseplants/values/values.minecraft.yaml
View File

@ -18,7 +18,7 @@ istio:
enabled: true
istio:
- name: minecraft-tcp
gateway: badhouseplants-minecraft
gateway: istio-system/badhouseplants-minecraft
kind: tcp
port_match: 25565
hostname: "*"
@ -30,10 +30,11 @@ istio:
image:
tag: java17-graalvm-ce
pullPolicy: Always
resources:
requests:
memory: 512Mi
cpu: 50m
memory: 3Gi
cpu: 256m
limits:
memory: 3Gi
@ -42,6 +43,7 @@ lifecycle:
- bash
- -c
- for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345
readinessProbe:
command:
- mc-health
@ -50,7 +52,9 @@ readinessProbe:
timeoutSeconds: 10
livenessProbe:
timeoutSeconds: 10
minecraftServer:
overrideServerProperties: true
eula: "TRUE"
onlineMode: false
difficulty: hard
@ -58,10 +62,14 @@ minecraftServer:
version: 1.20.1
maxWorldSize: 90000
type: "PAPER"
paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar
paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar
gameMode: survival
pvp: true
memory: 2512M
rcon:
enabled: true
withGeneratedPassword: false
port: 25575
serviceType: ClusterIP
extraPorts:
- name: metrics
containerPort: 9225
@ -79,8 +87,30 @@ persistence:
dataDir:
enabled: true
Size: 15Gi
mcbackup:
enabled: false
backupInterval: 2h
pauseIfNoPlayers: "false"
pruneBackupsDays: 2
rconRetries: 5
rconRetryInterval: 10s
excludes: "*.jar,cache,logs"
backupMethod: restic
resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft
resticAdditionalTags: "mc_backups"
pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2"
resources:
requests:
memory: 512Mi
cpu: 100m
persistence:
backupDir:
enabled: false
# ---------------------------------------------
# -- Install Plugins
# ---------------------------------------------
initContainers:
- name: install-prometheus-exporter
- name: 0-install-prometheus-exporter
image: alpine/curl
command:
- curl
@ -92,7 +122,7 @@ initContainers:
- name: plugins
mountPath: /data/plugins
readOnly: false
- name: install-password-plugin
- name: 0-install-password-plugin
image: alpine/curl
command:
- curl
@ -104,6 +134,41 @@ initContainers:
- name: plugins
mountPath: /data/plugins
readOnly: false
- name: 0-install-gravity-control-plugin
image: alpine/curl
command:
- curl
- -L
- https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar
- -o
- /data/plugins/GravityControl-1.3.0.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
- name: 0-install-fast-minecart-plugin
image: alpine/curl
command:
- curl
- -L
- https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar
- -o
- /data/plugins/FastMinecarts.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
- name: 1-add-plugins-to-minecraft
image: alpine/curl
command:
- sh
- -c
- cp -r /in /out/plugins
volumeMounts:
- name: plugins
mountPath: /in
readOnly: false
- name: datadir
mountPath: /out
extraVolumes:
- volumeMounts:
- name: plugins

4
badhouseplants/values/values.minio.yaml
View File

@ -7,13 +7,13 @@ istio:
enabled: true
istio:
- name: minio-http
gateway: badhouseplants-net
gateway: istio-system/badhouseplants-net
kind: http
hostname: minio.badhouseplants.net
service: minio-console
port: 9001
- name: s3-http
gateway: badhouseplants-net
gateway: istio-system/badhouseplants-net
kind: http
hostname: s3.badhouseplants.net
service: minio

1
badhouseplants/values/values.mysql.yaml
View File

@ -4,4 +4,3 @@ primary:
auth:
createDatabase: false

2
badhouseplants/values/values.nrodionov.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: nrodionov-http
gateway: nrodionov-info
gateway: istio-system/nrodionov-info
kind: http
hostname: dev.nrodionov.info
service: nrodionov-wordpress

20
badhouseplants/values/values.openvpn.yaml
View File

@ -7,16 +7,30 @@ istio:
enabled: true
istio:
- name: openvpn-tcp
gateway: badhouseplants-vpn
gateway: istio-system/badhouseplants-vpn
kind: tcp
port_match: 1194
hostname: "*"
service: openvpn
port: 1194
# ------------------------------------------
image:
tag: v2.6.5-xor-4.0.0beta08
storage:
class: default
size: 512Mi
storageClassName: longhorn
openvpn:
server: "tcp://195.201.250.50:1194"
proto: tcp
host: 195.201.250.50
easyrsa:
cn: Bad Houseplants
country: Germany
province: NRW
city: Duesseldorf
org: Bad Houseplants
email: allanger@zohomail.com
service:
type: ClusterIP
port: 1194

10
badhouseplants/values/values.postgres16.yaml Normal file
View File

@ -0,0 +1,10 @@
architecture: standalone
auth:
database: postgres
persistence:
size: 1Gi
metrics:
enabled: false

2
badhouseplants/values/values.prometheus.yaml
View File

@ -7,7 +7,7 @@ istio:
enabled: true
istio:
- name: grafana-https
gateway: badhouseplants-net
gateway: istio-system/badhouseplants-net
kind: http
hostname: "grafana.badhouseplants.net"
service: prometheus-grafana

144
badhouseplants/values/values.rook-ceph-cluster.yaml Normal file
View File

@ -0,0 +1,144 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- Namespace of the main rook operator
operatorNamespace: rook-ceph
# -- The metadata.name of the CephCluster CR
# @default -- The same as the namespace
clusterName:
# -- Optional override of the target kubernetes version
kubeVersion:
# -- Cluster ceph.conf override
configOverride:
# configOverride: |
# [global]
# mon_allow_pool_delete = true
# osd_pool_default_size = 3
# osd_pool_default_min_size = 2
# Installs a debugging toolbox deployment
toolbox:
# -- Enable Ceph debugging pod deployment. See [toolbox](../Troubleshooting/ceph-toolbox.md)
enabled: false
# -- Toolbox image, defaults to the image used by the Ceph cluster
image: #quay.io/ceph/ceph:v17.2.6
# -- Toolbox tolerations
tolerations: []
# -- Toolbox affinity
affinity: {}
# -- Toolbox container security context
containerSecurityContext:
runAsNonRoot: true
runAsUser: 2016
runAsGroup: 2016
capabilities:
drop: ["ALL"]
# -- Toolbox resources
resources:
limits:
cpu: "500m"
memory: "1Gi"
requests:
cpu: "100m"
memory: "128Mi"
# -- Set the priority class for the toolbox if desired
priorityClassName:
monitoring:
# -- Enable Prometheus integration, will also create necessary RBAC rules to allow Operator to create ServiceMonitors.
# Monitoring requires Prometheus to be pre-installed
enabled: false
# -- Whether to create the Prometheus rules for Ceph alerts
createPrometheusRules: false
# -- The namespace in which to create the prometheus rules, if different from the rook cluster namespace.
# If you have multiple rook-ceph clusters in the same k8s cluster, choose the same namespace (ideally, namespace with prometheus
# deployed) to set rulesNamespaceOverride for all the clusters. Otherwise, you will get duplicate alerts with multiple alert definitions.
rulesNamespaceOverride:
# Monitoring settings for external clusters:
# externalMgrEndpoints: <list of endpoints>
# externalMgrPrometheusPort: <port>
# allow adding custom labels and annotations to the prometheus rule
prometheusRule:
# -- Labels applied to PrometheusRule
labels: {}
# -- Annotations applied to PrometheusRule
annotations: {}
# -- Create & use PSP resources. Set this to the same value as the rook-ceph chart.
pspEnable: false
# imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts.
# imagePullSecrets:
# - name: my-registry-secret
# All values below are taken from the CephCluster CRD
# -- Cluster configuration.
# @default -- See [below](#ceph-cluster-spec)
cephClusterSpec:
resources:
mgr:
limits:
memory: "1Gi"
requests:
cpu: "200m"
memory: "512Mi"
mon:
limits:
memory: "2Gi"
requests:
cpu: "250m"
memory: "1Gi"
osd:
requests:
cpu: "200m"
memory: "4Gi"
prepareosd:
# limits: It is not recommended to set limits on the OSD prepare job
# since it's a one-time burst for memory that must be allowed to
# complete without an OOM kill. Note however that if a k8s
# limitRange guardrail is defined external to Rook, the lack of
# a limit here may result in a sync failure, in which case a
# limit should be added. 1200Mi may suffice for up to 15Ti
# OSDs ; for larger devices 2Gi may be required.
# cf. https://github.com/rook/rook/pull/11103
requests:
cpu: "500m"
memory: "50Mi"
mgr-sidecar:
limits:
cpu: "500m"
memory: "100Mi"
requests:
cpu: "100m"
memory: "40Mi"
crashcollector:
limits:
cpu: "500m"
memory: "60Mi"
requests:
cpu: "100m"
memory: "60Mi"
logcollector:
limits:
cpu: "500m"
memory: "1Gi"
requests:
cpu: "100m"
memory: "100Mi"
cleanup:
limits:
cpu: "500m"
memory: "1Gi"
requests:
cpu: "500m"
memory: "100Mi"
exporter:
limits:
cpu: "250m"
memory: "128Mi"
requests:
cpu: "50m"
memory: "50Mi"

14
common/values.ipaddresspool.yaml Normal file
View File

@ -0,0 +1,14 @@
---
ext-ipaddresspool:
templates:
- |
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: "{{ .Values.name }}"
spec:
addresses:
- "{{ .Values.addresses }}"
autoAssign: true
avoidBuggyIPs: false

16
common/values.istio-gateway.yaml Normal file
View File

@ -0,0 +1,16 @@
---
istio-gateway:
templates:
- |
{{ range .Values.gateways }}
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: {{ .name }}
spec:
selector:
istio: ingressgateway
servers:
{{ toYaml .servers | indent 4 }}
{{ end }}

2
common/values.istio.yaml
View File

@ -10,7 +10,7 @@ istio:
name: {{ .name }}
spec:
gateways:
- "istio-system/{{ .gateway }}"
- "{{ .gateway }}"
hosts:
- {{ .hostname | quote }}
{{- if eq .kind "http" }}

7
docs/restic.md Normal file
View File

@ -0,0 +1,7 @@
# Restic
We are using restic for backing up the Minecraft server
## How to restore
TODO: Describe the restoration process

2
environments.yaml
View File

@ -1,5 +1,5 @@
environments:
badhouseplants:
kubeContext: badhouseplants
kubeContext: badhouseplants-arm
etersoft:
kubeContext: etersoft

5
etersoft/helmfile.yaml
View File

@ -0,0 +1,5 @@
---
bases:
- ../environments.yaml
- ../repositories.yaml

22
etersoft/values/secrets.drone-runner-docker.yaml
View File

@ -1,22 +0,0 @@
env:
DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5
Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi
aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ
em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh
DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-21T09:27:21Z"
mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

16
etersoft/values/values.drone-runner-docker.yaml
View File

@ -1,16 +0,0 @@
---
env:
DRONE_RPC_HOST: drone.badhouseplants.net
DRONE_RPC_PROTO: https
DRONE_NAMESPACE_DEFAULT: drone-service
rbac:
buildNamespaces:
- drone-service
dind:
resources:
limits:
cpu: 2000m
memory: 2024Mi
requests:
cpu: 100m
memory: 512Mi

4
etersoft/values/values.metallb-resources.yaml Normal file
View File

@ -0,0 +1,4 @@
ext-ipaddresspool:
enabled: true
name: etersoft-addresspool
addresses: 91.232.225.63-91.232.225.63

6
etersoft/values/values.minio.yaml
View File

@ -71,6 +71,8 @@ policies:
- resources:
- 'arn:aws:s3:::longhorn/*'
- 'arn:aws:s3:::longhorn'
- 'arn:aws:s3:::restic/*'
- 'arn:aws:s3:::restic'
actions:
- "s3:DeleteObject"
- "s3:GetObject"
@ -81,6 +83,10 @@ buckets:
policy: none
purge: false
versioning: false
- name: restic
policy: none
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false

4
etersoft/values/values.openvpn.yaml
View File

@ -14,7 +14,9 @@ istio:
service: openvpn
port: 1194
storageClassName: microk8s-hostpath
storage:
class: microk8s-hostpath
size: 5Gi
openvpn:
server: "tcp://91.232.225.63:1194"
service:

27
helmfile.yaml
View File

@ -7,50 +7,53 @@ bases:
releases:
- <<: *metrics-server
installed: true
installed: false
namespace: kube-system
createNamespace: false
createNamespace: true
- <<: *istio-base
installed: true
namespace: istio-system
createNamespace: false
createNamespace: true
- <<: *istio-gateway
installed: true
namespace: istio-system
createNamespace: false
createNamespace: true
- <<: *istio-gateway-resources
installed: true
namespace: istio-system
createNamespace: true
- <<: *istiod
installed: true
namespace: istio-system
createNamespace: false
createNamespace: true
- <<: *cert-manager
installed: true
namespace: cert-manager
createNamespace: false
createNamespace: true
- <<: *minio
installed: true
namespace: minio-service
createNamespace: false
createNamespace: true
- <<: *openvpn
installed: true
namespace: openvpn-service
createNamespace: false
createNamespace: true
- <<: *metallb
installed: true
namespace: metallb-system
createNamespace: true
- <<: *drone-runner-docker
- <<: *metallb-resources
installed: true
namespace: drone-service
createNamespace: false
namespace: metallb-system
helmfiles:
- path: {{.Environment.Name }}/helmfile.yaml

174
releases.yaml
View File

@ -41,6 +41,14 @@ templates:
# ----------------------------
# -- Extensions
# ----------------------------
ext-istio-gateway:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio-gateway
values:
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
ext-istio-resource:
dependencies:
- chart: bedag/raw
@ -79,41 +87,122 @@ templates:
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'
# ----------------------------
ext-ipaddresspool:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ext-ipaddresspool
values:
- '{{ requiredEnv "PWD" }}/common/values.ipaddresspool.yaml'
# -------------------------------------------------------------------
# -- Releases
# ----------------------------
# -------------------------------------------------------------------
# -- System
# ----------------------------
# -- This is what has to be installed first. Without those releases
# -- cluster can't function
# -------------------------------------------------------------------
common-system:
labels:
layer: system
metrics-server: &metrics-server
name: metrics-server
chart: metrics-server/metrics-server
version: 3.11.0
inherit:
- template: common-system
values:
- common/values.{{ .Release.Name }}.yaml
metallb: &metallb
name: metallb
chart: metallb/metallb
version: 0.13.10
version: 0.13.11
inherit:
- template: common-system
metallb-resources: &metallb-resources
name: metallb-resources
chart: bedag/raw
version: 2.0.0
needs:
- metallb
inherit:
- template: default-env-values
- template: ext-ipaddresspool
- template: common-system
cert-manager: &cert-manager
name: cert-manager
chart: jetstack/cert-manager
version: 1.12.3
version: 1.13.1
inherit:
- template: common-system
set:
- name: installCRDs
value: true
longhorn: &longhorn
name: longhorn
chart: longhorn/longhorn
version: 1.5.1
inherit:
- template: default-env-values
- template: common-system
# ----------------------------
# -- Istio
# ----------------------------
common-istio:
labels:
bundle: istio
version: 1.19.3
inherit:
- template: common-system
istio-base: &istio-base
name: istio-base
chart: istio/base
inherit:
- template: crd-management-hook
- template: common-istio
istio-gateway: &istio-gateway
name: istio-ingressgateway
chart: istio/gateway
needs:
- istio-base
- metallb-system/metallb-resources
inherit:
- template: common-istio
- template: default-env-values
istiod: &istiod
name: istiod
chart: istio/istiod
needs:
- istio-base
inherit:
- template: common-istio
- template: default-env-values
istio-gateway-resources: &istio-gateway-resources
name: istio-gateway-resources
chart: bedag/raw
version: 2.0.0
needs:
- istio-base
inherit:
- template: ext-istio-gateway
- template: default-env-values
- template: common-system
argocd: &argocd
name: argocd
chart: argo/argo-cd
version: 5.42.2
version: 5.46.8
inherit:
- template: default-env-values
- template: default-env-secrets
@ -126,7 +215,7 @@ templates:
prometheus: &prometheus
name: prometheus
chart: prometheus-community/kube-prometheus-stack
version: 48.3.1
version: 51.6.1
inherit:
- template: monitoring-common
- template: default-env-values
@ -137,7 +226,7 @@ templates:
loki: &loki
name: loki
chart: grafana/loki
version: 5.10.0
version: 5.29.0
inherit:
- template: monitoring-common
- template: default-env-values
@ -145,46 +234,18 @@ templates:
promtail: &promtail
name: promtail
chart: grafana/promtail
version: 6.14.1
version: 6.15.2
inherit:
- template: monitoring-common
- template: default-env-values
# ----------------------------
# -- Istio
# ----------------------------
istio-common:
labels:
bundle: istio
version: 1.18.2
istio-base: &istio-base
name: istio-base
chart: istio/base
inherit:
- template: crd-management-hook
- template: istio-common
istio-gateway: &istio-gateway
name: istio-ingressgateway
chart: istio/gateway
inherit:
- template: istio-common
- template: default-env-values
istiod: &istiod
name: istiod
chart: istio/istiod
inherit:
- template: istio-common
- template: default-env-values
# ----------------------------
# -- Applications
# ----------------------------
openvpn: &openvpn
name: openvpn
chart: allanger-charts/openvpn
version: 1.0.3
chart: allanger-gitea/openvpn
version: 1.0.6
inherit:
- template: default-env-values
- template: ext-istio-resource
@ -197,7 +258,7 @@ templates:
drone: &drone
name: drone
chart: drone/drone
version: 0.6.4
version: 0.6.5
inherit:
- template: default-env-values
- template: default-env-secrets
@ -216,7 +277,7 @@ templates:
nrodionov: &nrodionov
name: nrodionov
chart: bitnami/wordpress
version: 17.0.4
version: 18.0.4
inherit:
- template: default-env-values
- template: default-env-secrets
@ -226,7 +287,7 @@ templates:
minio: &minio
name: minio
chart: minio/minio
version: 5.0.13
version: 5.0.14
inherit:
- template: default-env-values
- template: default-env-secrets
@ -235,15 +296,16 @@ templates:
minecraft: &minecraft
name: minecraft
chart: minecraft-server-charts/minecraft
version: 4.9.3
version: 4.11.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-istio-resource
gitea: &gitea
name: gitea
chart: gitea/gitea
version: 9.1.0
version: 9.5.0
inherit:
- template: default-env-values
- template: default-env-secrets
@ -253,7 +315,7 @@ templates:
funkwhale: &funkwhale
name: funkwhale
chart: ananace-charts/funkwhale
version: 2.0.1
version: 2.0.3
inherit:
- template: default-env-values
- template: default-env-secrets
@ -282,15 +344,15 @@ templates:
redis: &redis
name: redis
chart: bitnami/redis
version: 17.14.6
version: 18.1.5
inherit:
- template: default-env-values
- template: default-env-secrets
postgres: &postgres
name: postgres
postgres16: &postgres16
name: postgres16
chart: bitnami/postgresql
version: 12.8.0
version: 13.1.4
inherit:
- template: default-env-values
- template: default-env-secrets
@ -298,7 +360,7 @@ templates:
db-operator: &db-operator
name: db-operator
chart: db-operator/db-operator
version: 1.9.1
version: 1.11.1
db-instances: &db-instances
name: db-instances
@ -311,7 +373,17 @@ templates:
mysql: &mysql
name: mysql
chart: bitnami/mysql
version: 9.10.10
version: 9.12.5
inherit:
- template: default-env-values
- template: default-env-secrets
docker-mailserver: &docker-mailserver
name: docker-mailserver
chart: allanger-gitea/docker-mailserver
version: 2.1.3
inherit:
- template: default-env-values
- template: ext-istio-gateway
- template: ext-istio-resource

2
repositories.yaml
View File

@ -2,8 +2,6 @@
repositories:
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: allanger-charts
url: https://allanger.github.io/allanger-charts
- name: jetstack
url: https://charts.jetstack.io
- name: istio

39
scripts/migrate_postgres.sh Normal file
View File

@ -0,0 +1,39 @@
#!/bin/bash
export PGHOST=$OLD_PGHOST
export PGPASSWORD=$OLD_PGPASSWORD
export PGDATABASE=$OLD_PGDATABASE
DUMP_FILE=/tmp/$PGDATABASE.dump
pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
export PGHOST=$NEW_PGHOST
export PGPASSWORD=$NEW_PGPASSWORD
export PGDATABASE=$NEW_PGDATABASE
pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
rm -f /tmp/output
psql -c "\
SELECT format(\
'ALTER TABLE %I.%I.%I OWNER TO %I;',\
table_catalog,\
table_schema,\
table_name,\
'${PGDATABASE}')\
FROM information_schema.tables \
WHERE table_schema='public'" | grep ALTER > /tmp/output
psql -c "\
SELECT format(\
'ALTER SEQUENCE %I.%I.%I OWNER TO %I;',\
sequence_catalog,\
sequence_schema,\
sequence_name,\
'${PGDATABASE}')\
FROM information_schema.sequences \
WHERE sequence_schema='public'" | grep ALTER >> /tmp/output
psql -c "$(cat /tmp/output)"