WIP: nothing's going on

.woodpecker/.cdh.yml

@@ -13,7 +13,6 @@ steps:
       RUST_LOG: info
     commands:
       - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html
-
   notification:
     image: deblan/woodpecker-email
     settings:

.woodpecker/.helmfile.yml

@@ -16,22 +16,6 @@ steps:
       - mkdir $HOME/.kube
       - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
       - helmfile -e $ENVIRONMENT diff --suppress-secrets
-
-  notification:
-    image: deblan/woodpecker-email
-    settings:
-      from: woody@badhouseplants.net
-      host: badhouseplants.net
-      username:
-        from_secret: smtp_username
-      password:
-        from_secret: smtp_password
-      recipients:
-        - allanger@badhouseplants.net
-      subject: CDH result
-      target: main
-    when:
-      - status: [success, failure]
   apply:
     image: ghcr.io/helmfile/helmfile:canary
     secrets: [sops_age_key, kubeconfig_content]

badhouseplants/helmfile.yaml

@@ -27,11 +27,6 @@ releases:
     namespace: nrodionov-application
     createNamespace: false
 
-  - <<: *elementor
-    installed: true
-    namespace: elementor-application
-    createNamespace: false
-
   - <<: *minecraft
     installed: true
     namespace: minecraft-application

badhouseplants/values/secrets.elementor.yaml

@@ -1,28 +0,0 @@
-wordpressPassword: ENC[AES256_GCM,data:WVNPgi7QCoCeYqpWETnZWtxnT5dl7Ffzlg==,iv:1nhk8JDEfBSXQwEVUgimsYvv1iyTS2YgALW3Pr2R3Jc=,tag:Xy9BtSWl4V7pyJelZyZN1g==,type:str]
-wordpressEmail: ENC[AES256_GCM,data:BXVBeqlUsBS3iLB1LlaZmEVBbCifjSjOiEg=,iv:hbkrawGiZCFka0zuK0mPSLpR6JMgP87pEZIGhAXB1dg=,tag:sWzT00jZZ3mnCPQR85ncEA==,type:str]
-mariadb:
-    auth:
-        rootPassword: ENC[AES256_GCM,data:BT0YXF8MxiapCyJ4sZ0LwAAfLYzImtfPfw==,iv:W5l1TA6FJXZ9iNTWXKP5wsyB75hG+R0WrCM/QdJ4gxo=,tag:qPg5hBfY7gsAbIFVgUilYQ==,type:str]
-        database: ENC[AES256_GCM,data:EB/3kKgiTLOWORXhgRpZKYA=,iv:XZXr0vPl0idWYewicpNB+P4CypF3HqndH0uDsx8ZMFY=,tag:2X6rZ3Rw8uCnM+c/I+1Jew==,type:str]
-        username: ENC[AES256_GCM,data:41CY65J+EfKW0oiq,iv:VGs3Ka3u1KjFI7ZK6WXvus/DNbQkNAHModJcvnAkQ14=,tag:VNDVXpixML+bTc9RZ7IGCg==,type:str]
-        password: ENC[AES256_GCM,data:Kg417xg8acWSAyMgKyRNzpQ4y5Ow+kLr4A==,iv:L2vr8DtMx6mYPMAStdUooVSVhKKv8YLB3rCsNwzE4f0=,tag:I/j1EAgc65qzHrCUABcDeg==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0U2QxWDMwMkxxdG1QK0No
-            VU1sejBKellnSGFpSXpVRTE0clcvS0Q0NXpVCnFXRlpsVXQ0V2NlYk1nUjlUY1Fj
-            NEJVYkVxalEvdDliSGY3c2dqRmQ4ZWcKLS0tIERYd0laME1iR203SFRPWTlPaCtB
-            T0dvMXp6NkwwTkRKcFpYMHlJVGFKejAKIy1VdB7mSXLkHZywSc1c+VUgtc0mrUrD
-            oStf0xCbfZvKx0XhA+u7R0jM5rM6CfvQr4yYTpW2fDszsS9yKjH33A==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-13T20:16:19Z"
-    mac: ENC[AES256_GCM,data:vQZxLR2SCEJd29DC9OuSeoblM4vgELPEAVG/1fxpchKzlh2QpKdyz51Art0ATsKcoHM8RjKztMxne5LN2VciFAdvfn3fa4/itG1oK/b8FM0PQkcLJAxtZFeZLfTtW9NCPfTorcEIcA+3PUwSjW1dO6BaeEFxpA9dSceOJd6dXd8=,iv:DzpEwuTFtdzjEh0T1x7W70nluLM1XH8gabLeulgow7g=,tag:9ak6El1tY8W8X//gC0Gbqw==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1

badhouseplants/values/secrets.vaultwarden.yaml

@@ -2,7 +2,7 @@ vaultwarden:
     smtp:
         username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str]
         password:
-            value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str]
+            value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str]
     adminToken:
         value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str]
 sops:
@@ -20,8 +20,8 @@ sops:
             U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT
             HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-20T07:01:25Z"
+    lastmodified: "2023-12-25T19:33:37Z"
-    mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str]
+    mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

badhouseplants/values/values.elementor.yaml

@@ -1,59 +0,0 @@
----
-# ------------------------------------------
-# -- Istio extenstion. Just because I'm
-# --  not using ingress nginx
-# ------------------------------------------
-istio:
-  enabled: true
-  istio:
-    - name: elementor-http
-      gateway: istio-system/badhouseplants-net
-      kind: http
-      hostname: elementor.badhouseplants.net
-      service: elementor-wordpress
-      port: 8080
-
-ext-database:
-  enabled: true
-  name: nrodionov-mysql
-  instance: mysql
-wordpressPlugins:
-  - elementor
-wordpressBlogName: Elementor
-wordpressUsername: admin
-wordpressFirstName: Nikolai
-wordpressLastName: Rodionov
-wordpressTablePrefix: wp_
-wordpressScheme: http
-existingWordPressConfigurationSecret: ""
-resources:
-  requests:
-    memory: 300Mi
-    cpu: 10m
-service:
-  type: ClusterIP
-  ports:
-    http: 8080
-    https: 8443
-
-persistence:
-  enabled: true
-  storageClass: ""
-  accessModes:
-    - ReadWriteOnce
-  accessMode: ReadWriteOnce
-  size: 2Gi
-  dataSource: {}
-  existingClaim: ""
-  selector: {}
-
-mariadb:
-  enabled: true
-  primary:
-    persistence:
-      enabled: true
-      storageClass: ""
-      accessModes:
-        - ReadWriteOnce
-      size: 3Gi
-  

badhouseplants/values/values.redis.yaml

@@ -1,6 +1,10 @@
 metrics:
   enabled: false
 
+secretAnnotations:
+  reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
+  reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
+  reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application"
 architecture: standalone
 master:
   persistence:

badhouseplants/values/values.woodpecker-ci.yaml

@@ -18,6 +18,11 @@ ext-database:
   credentials:
     WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
 server:
+  #image:
+  #  registry: git.badhouseplants.net
+  #  repository: allanger/woodpecker-server
+  #  pullPolicy: Always
+  #  tag: icon
   enabled: true
   env:
     WOODPECKER_GITEA: true
@@ -34,13 +39,9 @@ server:
     - woodpecker-postgres16-creds
 agent:
   image: 
-    # -- The image registry
     registry: git.badhouseplants.net
-    # -- The image repository
     repository: allanger/woodpecker-agent
-    # -- The pull policy for the image
     pullPolicy: Always
-    # -- Overrides the image tag whose default is the chart appVersion.
     tag: dev
   enabled: true
   extraSecretNamesForEnvFrom: []

helmfile.yaml

@@ -8,13 +8,9 @@ bases:
 releases:
   - <<: *metrics-server
     installed: true
-    namespace: kube-system
-    createNamespace: false
 
   - <<: *istio-base
     installed: true
-    namespace: istio-system
-    createNamespace: false
   
   - <<: *istio-gateway
     installed: true
@@ -28,8 +24,6 @@ releases:
 
   - <<: *cert-manager
     installed: true
-    namespace: cert-manager
-    createNamespace: false
 
   - <<: *minio
     installed: true
@@ -43,7 +37,10 @@ releases:
   
   - <<: *metallb
     installed: true
-    namespace: metallb-system
+
+  - <<: *reflector
+    installed: true
+    namespace: reflector-system
     createNamespace: true
 
 helmfiles:

releases.yaml

@@ -96,6 +96,8 @@ templates:
     name: metrics-server
     chart: metrics-server/metrics-server
     version: 3.11.0
+    namespace: kube-system
+    createNamespace: true
     values:
       - common/values.{{ .Release.Name }}.yaml
 
@@ -103,14 +105,19 @@ templates:
     name: metallb
     chart: metallb/metallb
     version: 0.13.12
+    namespace: metallb-system
+    createNamespace: true
 
   cert-manager: &cert-manager
     name: cert-manager
     chart: jetstack/cert-manager
     version: 1.13.3
+    namespace: cert-manager
+    createNamespace: true
     set:
       - name: installCRDs
         value: true
+
   longhorn: &longhorn
     name: longhorn
     chart: longhorn/longhorn
@@ -126,7 +133,9 @@ templates:
       - template: default-env-values
       - template: default-env-secrets
       - template: ext-istio-resource
-
+  # -------------------------------------------------------------------
+  # -- Monitoring
+  # -------------------------------------------------------------------
   monitoring-common:
     labels:
       bundle: monitoring
@@ -161,9 +170,11 @@ templates:
   # -- Istio
   # ----------------------------
   istio-common:
+    version: 1.20.1
     labels:
       bundle: istio
-    version: 1.20.1
+    namespace: istio-system
+    createNamespace: true
 
   istio-base: &istio-base
     name: istio-base
@@ -175,6 +186,8 @@ templates:
   istio-gateway: &istio-gateway
     name: istio-ingressgateway
     chart: istio/gateway
+    needs:
+      - istio-system/istio-base
     inherit:
       - template: istio-common
       - template: default-env-values
@@ -191,6 +204,8 @@ templates:
   istiod: &istiod
     name: istiod
     chart: istio/istiod
+    needs:
+      - istio-system/istio-base
     inherit:
       - template: istio-common
       - template: default-env-values
@@ -250,16 +265,6 @@ templates:
       - template: ext-istio-resource
       - template: ext-database
 
-  elementor: &elementor
-    name: elementor
-    chart: bitnami/wordpress
-    version: 18.1.24
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets
-      - template: ext-istio-resource
-      - template: ext-database
-
   minio: &minio
     name: minio
     chart: minio/minio
@@ -362,3 +367,8 @@ templates:
       - template: default-env-secrets
       - template: ext-istio-resource
       - template: ext-database
+
+  reflector: &reflector
+    name: reflector
+    chart: emberstack/reflector
+    version: 7.1.216

repositories.yaml

@@ -1,4 +1,3 @@
----
 repositories:
   - name: metrics-server
     url: https://kubernetes-sigs.github.io/metrics-server/
@@ -40,3 +39,7 @@ repositories:
     url: https://badhouseplants.github.io/helm-charts/
   - name: woodpecker
     url: https://woodpecker-ci.org
+  - name: firefly-iii
+    url: https://firefly-iii.github.io/kubernetes/
+  - name: emberstack
+    url: https://emberstack.github.io/helm-charts